RoninForge / Akashi

~800 tokens | View as Markdown |

Akashi

v0.1.0

Verify a Model Context Protocol server is alive and conformant. Akashi probes it with only public signals and reports whether it is healthy, degraded, or dead, then hands you an embeddable verified-on-date badge for the healthy ones.

証 (akashi) means proof or certificate. Akashi produces a dated, checkable proof that a server works - not a promise, a receipt.

What it looks like

$ akashi check io.github.owner/name

io.github.owner/name  checked 2026-07-02 UTC, keyless

  PASS  registry status                 active
  PASS  repo reachable                  exists
  PASS  repo freshness                  pushed 3d ago
  PASS  package npm                     published (1.4.0)
  PASS  remote reachable                HTTP 200 via initialize
  PASS  MCP conformance                 initialize handshake ok
  PASS  at least one live entrypoint    3 alive

  OK    healthy

What it does

Resolves any target

Pass an official-registry server name (io.github.owner/name), a GitHub repository URL, or a remote endpoint URL. Akashi figures out what to probe.

Keyless liveness

Repository status via the public GitHub API, package publication on npm, PyPI, and Docker Hub (anonymous), and remote reachability. No account, no key, no traffic to a server you do not trust.

Real conformance

A capability-only MCP initialize handshake confirms the endpoint actually speaks MCP, not just that a port answers. An HTML page returning 200 is caught, not trusted.

One clear verdict

Every signal rolls up to healthy, degraded, dead, or unknown, with the reasons spelled out. The exit code is CI-ready: 0 healthy, 1 not.

Embeddable badge

--badge emits a shields.io endpoint. A healthy server reads verified <date> in green; anything else reads its verdict, so a broken server can never masquerade as verified.

GitHub Action ready

Drop in uses: RoninForge/akashi@v0 to fail a job when a server you depend on goes dead, or to gate your own server's release on a clean bill of health.

What it checks

TierCheckKeyless source
HealthRegistry statusMCP registry (active / deprecated / deleted)
HealthRepository reachable and freshPublic GitHub API (exists / archived / 404, last-push age)
HealthPackage publishednpm, PyPI, Docker Hub (anonymous)
HealthRemote reachableMCP initialize handshake, GET fallback
ConformanceSpeaks MCP initializeCapability negotiation over the declared transport
ConformanceEchoes the JSON-RPC idResponse framing (not an HTML page impersonating a server)
ConformanceLicense presentRepository license API

An auth-gated remote (a 401 to initialize) is treated as alive, not broken. Akashi never supplies credentials to reach past it.

Verdicts

healthy

At least one live entrypoint and nothing broken. This is the only verdict that earns a green verified badge.

degraded

Usable, but something is broken: a 404 repo link while the package installs, a stale-over-a-year repo, a deprecated registry entry, or an endpoint that answers HTTP but is not a real MCP server.

dead

Registry-deleted, or every probed entrypoint is broken. Nothing installs and nothing answers.

unknown

Only entrypoints that cannot be probed without a key were declared. Akashi will not guess.

Commands

CommandPurpose
akashi check <server>Probe one server and print the check table plus an overall verdict.
akashi check <server> --jsonEmit the full result row as JSON for scripts and CI.
akashi check <server> --badgeEmit a shields.io endpoint badge JSON.
akashi versionPrint version, commit, and build date.

GitHub Action

Fail CI when a server you depend on is not healthy, or gate your own server's release on a clean check.

name: MCP health

on: [push]

jobs:
  akashi:
    runs-on: ubuntu-latest
    steps:
      - uses: RoninForge/akashi@v0
        with:
          server: io.github.owner/name

Zero keys, by construction

No secret to a server

Akashi never authenticates to a probed server. A GitHub token, if present, is used only against the public GitHub API to raise the rate limit, exactly as running gh would.

No tool execution

The only request sent to a server is initialize, which negotiates capabilities and runs nothing. Safe against a server you do not trust.

No telemetry

No crash reports, no usage analytics. Source is MIT, 100% Go, a single auditable binary.

Frequently asked questions

What does akashi check? +

Two tiers. Health is whether the server is installable and reachable at all: registry status, repository reachability and freshness, package publication on npm/PyPI/Docker Hub, and remote endpoint reachability. Conformance is whether it is a well-behaved MCP server: a capability-only initialize handshake, a JSON-RPC id echo, and a declared license. It rolls up to a healthy, degraded, dead, or unknown verdict.

Is akashi really keyless? +

Yes. Akashi reads only public endpoints: the MCP registry, the GitHub API, the npm and PyPI registries, Docker Hub's anonymous manifest API, and the server's own remote endpoint. It never authenticates to a probed server. Any GitHub token it finds is used only against the public GitHub API to raise the rate limit, exactly as a human running gh would. No user secret is ever sent to a probed server.

Does akashi run the server's tools? +

No. The only thing it sends to a server is an MCP initialize request, which negotiates protocol capabilities and executes nothing. An auth-gated server (a 401 to initialize) is treated as alive, not broken, and akashi never supplies credentials to reach past it.

What do the verdicts mean? +

Healthy: at least one live entrypoint and nothing broken. Degraded: usable, but something is wrong. Dead: registry-deleted, or every probed entrypoint is broken. Unknown: only entrypoints that cannot be probed without a key were declared. A degraded, dead, deprecated, or unknown server never earns a green verified badge.

How do I install akashi? +

Run curl -fsSL https://roninforge.org/akashi/install.sh | sh. It downloads a single Go binary from GitHub Releases, verifies its checksum, and installs it to /usr/local/bin (or ~/.local/bin as a fallback). Or with Go: go install github.com/RoninForge/akashi/cmd/akashi@latest. Supports macOS and Linux (amd64, arm64) and Windows (amd64).

Why the name Akashi? +

Akashi () means proof or certificate in Japanese. Akashi's job is to produce a dated, checkable proof that an MCP server is alive and conformant - the verified-on-date badge you stamp on a README.

Akashi is part of RoninForge. Siblings: Hanko (validates Claude Code plugin manifests) and Tsuba (scaffolds plugins).