# Akashi - Verify an MCP server is alive and conformant, keyless

> Go CLI and GitHub Action that probes a Model Context Protocol (MCP) server with only public, unauthenticated signals - the MCP registry, the GitHub API, npm, PyPI, Docker Hub, and a capability-only MCP `initialize` handshake - and reports whether it is healthy, degraded, or dead. Emits an embeddable verified-on-date badge for the healthy ones.

**Trust pledge:** Zero keys. Akashi never authenticates to a probed server and never runs one of its tools. Any GitHub token is used only against the public GitHub API to raise the rate limit, never sent to a probed server.

- HTML page: https://roninforge.org/akashi
- Source: https://github.com/RoninForge/akashi
- License: MIT

## Why "Akashi"

Akashi (証) means proof or certificate in Japanese. Akashi's job is to produce a dated, checkable proof that an MCP server is alive and conformant - the verified-on-date badge you stamp on a README.

## Install

    curl -fsSL https://roninforge.org/akashi/install.sh | sh

Or with Go:

    go install github.com/RoninForge/akashi/cmd/akashi@latest

The release artifact is a single statically-linked Go binary with zero runtime dependencies. Supports macOS arm64/amd64, Linux amd64/arm64, and Windows amd64.

## Quick start

    # A registry server name, a GitHub repo URL, or a remote endpoint URL.
    akashi check io.github.owner/name
    akashi check https://github.com/owner/repo
    akashi check https://mcp.example.com/sse

    # Machine-readable result row for scripts and CI.
    akashi check io.github.owner/name --json

    # A shields.io endpoint badge JSON.
    akashi check io.github.owner/name --badge

## What Akashi checks

Health (can it be installed and reached at all):

- Registry status: the registry has not deprecated or deleted it.
- Repository reachable and fresh: exists (not archived, not 404), last-push age.
- Package published: the npm, PyPI, or Docker Hub entrypoint installs.
- Remote reachable: the hosted endpoint answers, confirmed with an MCP `initialize` handshake.
- At least one live entrypoint: something is actually usable.

Conformance (is it a well-behaved MCP server):

- `server.json` validates against the JSON Schema it declares (invalid downgrades to degraded).
- Speaks MCP `initialize` and negotiates a protocol version.
- `tools/list` resolves over a full MCP session using the official [MCP go-sdk](https://github.com/modelcontextprotocol/go-sdk) client. Runs no tool; informational (never downgrades, since valid servers may advertise no tools).
- Echoes the JSON-RPC request id (not an HTML page impersonating a server with a 200).
- Declares a license.

An auth-gated remote (a 401 to `initialize`) is treated as alive, not broken. Akashi never supplies credentials to reach past it.

## Verdicts

- healthy: at least one live entrypoint and nothing broken. The only verdict that earns a green verified badge.
- degraded: usable, but something is broken - a 404 repo link while the package installs, a stale-over-a-year repo, a deprecated registry entry, or an endpoint that answers HTTP but is not a real MCP server.
- dead: registry-deleted, or every probed entrypoint is broken.
- unknown: only entrypoints that cannot be probed without a key were declared.

## Exit codes

- 0: healthy
- 1: degraded, dead, or unknown (a real health finding)
- 2: invocation error (bad target, or the registry lookup itself failed)

## GitHub Action

Fail CI when a server you depend on is not healthy:

    - uses: RoninForge/akashi@v0
      with:
        server: io.github.owner/name
        # allow-degraded: true   # optional: only dead/unknown fails

## Frequently asked questions

**Is akashi really keyless?** Yes. It reads only public endpoints and never authenticates to a probed server. Any GitHub token it finds is used only against the public GitHub API, exactly as running `gh` would.

**Does akashi run the server's tools?** No. The only request it sends to a server is `initialize`, which negotiates capabilities and runs nothing.

**How is it distributed?** A single static Go binary via `curl | sh` or `go install`, plus a GitHub Action. MIT licensed.

## Related

Akashi is part of RoninForge (https://roninforge.org). Sibling tools: Hanko (https://roninforge.org/hanko), a Claude Code plugin manifest validator, and Tsuba (https://roninforge.org/tsuba), a plugin scaffolder.
