CraftedTrustHow CraftedTrust turns evidence into buyer-readable trust.
CraftedTrust uses one evidence model across AI Governance, MCP Trust, Runtime Gateway, and Touchstone. MCP Trust is the public scoring and certification layer inside that broader platform.
Where these standards apply
The platform shares one evidence model, but MCP Trust is the public surface with the most visible scoring logic.
Inventory, review state, and evidence requirements
The platform uses structured evidence so teams can see what exists, what has been reviewed, and what still needs proof.
12 public categories with scan-depth context
The public MCP score stays simple on purpose: 12 weighted categories, 63 underlying checks, and explicit scan-depth labels.
Runtime evidence where risk justifies it
Runtime controls do not replace the public trust model. They add live evidence when a deployment needs stronger assurances.
Research, advisories, and control mappings
Touchstone explains why a finding matters and how it maps into broader governance and control conversations.
The 12 public MCP Trust score categories
These are the only categories used in the public MCP Trust score.
Identity & Auth
10 points. Auth requirements, documented auth flow, and obvious credential-handling risk.
Permission Scope
8 points. Whether the server asks for more power than it appears to need.
Transport Security
8 points. HTTPS, TLS posture, and basic transport-layer safety signals.
Network Behavior
10 points. Observed outbound behavior, undeclared connections, and suspicious network activity.
Protocol Compliance
8 points. MCP compatibility, capability negotiation, and basic protocol correctness.
Declaration Accuracy
8 points. Whether declared tools and resources match what is actually exposed.
Tool Integrity
10 points. Prompt-injection risk, tool tampering patterns, and risky hidden behavior.
Input Validation
8 points. Input constraints, schema quality, and common injection resistance signals.
Supply Chain
8 points. Dependency risk, package provenance, and known vulnerability exposure.
Code Transparency
6 points. Source availability, repository health, and basic documentation quality.
Publisher Trust
8 points. Verified publisher signals, review history, and public accountability.
Data Protection
8 points. Exposure of credentials, sensitive data, and avoidable data-handling risk.
How the 63 checks feed the 12 categories
Touchstone organizes its deeper checks into 9 research domains. Those domains do not replace the public MCP score. They feed it.
| Research domain | Checks | Feeds these public categories |
|---|---|---|
| Authentication | 9 | Identity & Auth, Permission Scope |
| Tool Security | 10 | Declaration Accuracy, Tool Integrity |
| Input Validation | 9 | Input Validation, Data Protection |
| Data Security | 6 | Data Protection, Network Behavior |
| Supply Chain | 8 | Supply Chain, Code Transparency, Publisher Trust |
| Infrastructure | 8 | Transport Security, Network Behavior, Protocol Compliance |
| Runtime Behavior | 5 | Tool Integrity, Network Behavior, Protocol Compliance |
| A2A Agent Cards | 5 | Declaration Accuracy, Protocol Compliance |
| Fairness & Bias | 3 | Data Protection, Publisher Trust |
Not every check carries the same weight, and not every scan runs every check. That is why CraftedTrust separates the public score categories from the underlying research domains and then shows scan depth and confidence separately.
Emerging standards direction
AIUC-1 is pushing toward technical, protocol-aware controls, while ISO 42001 remains governance and management-system oriented.
Technical controls are moving closer to MCP, A2A, identity, and monitoring
The Apr 15, 2026 AIUC-1 update emphasized approved interfaces, stronger authentication and transport, tool-call validation and logging, third-party access monitoring, and verifiable agent identities. That is a more protocol-aware direction than checklist-only governance.
Governance documentation still matters
ISO 42001 remains valuable because it is built around governance, ownership, policy, and management-system discipline. It helps show organizational due diligence even when it does not prescribe the technical testing detail that agentic systems increasingly need.
CraftedTrust is the evidence layer between the two
Scan depth and confidence
The same MCP server can have a strong or weak evidence base depending on how much was actually observed.
Metadata only
Basic listing information is present, but package or live behavior has not been fully verified yet. Lowest confidence.
Package verified
Package and source metadata were reviewed. Useful for supply-chain evidence, but still lighter than a live scan.
Live endpoint reached
CraftedTrust successfully contacted the live server and recorded behavior. This is stronger evidence for buyer review.
Manual review performed
A deeper publisher review or certification pass exists. This adds the strongest public confidence signal.
Letter grades stay fixed
- A: 90-100
- B: 75-89
- C: 60-74
- D: 40-59
- F: 0-39
Support material, not a second score
CoSAI, OWASP MCP and agentic AI guidance, and selected buyer-diligence mappings help translate findings. They do not replace the core 12-category MCP Trust score model.