`.well-known/mcp` directory #1147

jspahrsummers · 2024-12-11T11:03:22Z

jspahrsummers
Dec 11, 2024
Maintainer

As we think more about supporting remote MCP servers, there's been some discussion around using a Well-known URI (RFC 8615) for server discovery. This could enable automatic discovery and verification of MCP servers, similar to how sitemap.xml works for search engines.

The idea would be to establish a directory, /.well-known/mcp/, allowing for future extensibility. We could then include a servers.json file that might look something like:

{
  "version": "1.0",
  "servers": [
    {
      "name": "primary",
      "description": "Main API server for example.com",
      "endpoint": "https://mcp.example.com/v1",
      "capabilities": ["resources", "tools"]
    }
  ]
}

This is just a strawman to get the discussion started—there are likely many other approaches worth considering.

Potential Benefits

Automatic Discovery: Clients could discover MCP servers when users reference a domain
Trust Verification: Domains could prove ownership of their MCP servers
Seamless Integration: Could enable UX flows like "example.com has MCP capabilities available. Would you like to enable them?"

Areas for Discussion

Directory Structure

What files should be included?
What formats make the most sense?
How much flexibility should we allow?

Security

What verification mechanisms are needed?
What user consent flows make sense?

Implementation

How would clients discover and validate servers?
What would the integration flow look like?
How should versioning work?

Open to all feedback what this could look like and whether it would be valuable for the MCP ecosystem!

Scope

jspahrsummers · 2024-12-13T16:11:42Z

jspahrsummers
Dec 13, 2024
Maintainer Author

Possibly related: #69

0 replies

dsp-ant · 2024-12-17T15:25:08Z

dsp-ant
Dec 17, 2024
Maintainer

One additional use case for .well-known/ is the ability to indicate if the server is stateless or stateful. My general idea (and I'll post this in #102) is that remote MCP is initiated as always stateless unless a .well-known url will indicate it is stateful

0 replies

kurtseifried · 2024-12-31T04:46:37Z

kurtseifried
Dec 31, 2024

Just a note: this would also be useful for prompt MCP's related to a site (not just tools provided by API), e.g. for a research paper site that allows comments and has a prompt MCP that serves something like:

This environment provides access to a website containing research papers and technical resources. When interacting with the website's features:

Research Papers:
- Papers can be downloaded by users with appropriate access
- If a user asks about specific papers, guide them to download the content and share it directly in the conversation for analysis
- You can describe available papers and recommend relevant ones based on user interests

Community Engagement and Comments:
- The website features a commenting system for discussion of papers and topics
- Both human and AI-generated comments are allowed
- All AI-generated content must be clearly marked as such
- When generating comments, you must:
  1. Begin with "[AI-Generated Comment]" or similar clear marker
  2. Be transparent about being an AI assistant
  3. Maintain high quality and relevance in responses

When helping users with comments:
- Always include appropriate AI disclosure markers
- Encourage transparency about AI assistance
- Maintain professional and constructive tone
- Focus on adding value to the discussion

You can:
- Generate comments when requested
- Help users understand papers and technical concepts
- Guide them in finding relevant resources
- Provide technical analysis and insights

Required Comment Format:
- Start with "[AI-Generated Comment]"
- Include relevant technical details
- Maintain clarity and professionalism
- End with an AI attribution if appropriate

You should not:
- Generate comments without proper AI disclosure
- Remove or hide AI attribution markers
- Present AI-generated content as human-generated

0 replies

tadasant · 2024-12-31T15:35:05Z

tadasant
Dec 31, 2024
Collaborator

I'll throw in another use case that might be enabled by this effort: signaling to clients what it "costs" to use the server's data or capabilities. For example, some options could be:

This server is entirely free to use, no payment or attribution of any sort required
This server is only available to paid subscribers of XYZ service
This server grants access for a micropayment of $0.001 per query
This server is free to access, but your response to your user must include a citation or attribution in the form "Brand XYZ contributed to the above response - read the source document here"

In the current web, Google Search rewards services and publishers with traffic, and then the "cost" layer comes after (payment walls, display ads, affiliate links). As fewer humans and more LLM workflows/agents are the ones doing the "web browsing" and interfacing with MCP servers instead of websites, the payment walls & ads-supported models break if everything has to be simply "free" (see: the ongoing web scraping battles / data-for-cash deals between large publishers and the big LLM providers). So figuring out how to signal "cost" enables a whole class of non-free (higher quality) service/data/info providers to be discovered in the MCP ecosystem.

0 replies

kurtseifried · 2025-01-03T03:15:05Z

kurtseifried
Jan 3, 2025

FYI, someone else has come up with a proposal for "/llms.txt" (not in .well-known) at https://llmstxt.org/

1 reply

gregnr Jan 3, 2025

That one may eventually switch to .well-known: AnswerDotAI/llms-txt#2

tadasant · 2025-01-21T23:14:14Z

tadasant
Jan 21, 2025
Collaborator

Some thoughts on pushing this discussion forward --

Do we need a whole .well-known directory, or is a single file enough?

The starting proposal is:

The idea would be to establish a directory, /.well-known/mcp/, allowing for future extensibility. We could then include a servers.json file that might look something like...

The .well-known spec itself does allow for directories, but most of the registered URI's in .well-known are just single files rather than directories.

I'm not against using a directory if we can foresee a need for it. But I would bias towards keeping this integration with .well-known as simple (and optional) as possible, while putting more fine-grained complexity in some place like the InitializeResult that a client would have access to on initiating the connection with the server.

Who is the intended "user" of this file/directory?

The obvious answer here might be "MCP Clients," but an alternative idea would be: "MCP server directory web crawlers".

Drawing from the sitemap.xml analogy: search engines like Google collect and process sitemaps from websites completely separately from the experience of actually surfacing search results to users. They use sitemap.xml (when available -- it's optional) as a kind of guidebook for their crawlers. And after discovering the website's pages, they apply their own proprietary logic as to whether to crawl them, and ultimately whether to index and rank them in search results. Details like "page title", "page description", contents of a page are not in sitemap.xml -- the crawler needs to go and make a GET request to the URL as part of its crawling process to get that information.

If we peg "MCP Clients" as the users of this .well-known file, then we have to rely on them to properly make discovery and comparison/ranking decisions on the fly. It would be the equivalent of Google trying to do its whole discover/crawl/index/rank process the moment somebody enters a query into google.com. And it would have other problems, e.g. the fact that relying on self-owned domains to facilitate the best MCP servers likely won't be practical for some time -- most MCP servers today are by third-party devs that would never get discovered by an MCP Client running a search for "find me MCP servers available on github.com" because all the GitHub MCP servers are made by third parties.

If we peg "MCP server directory web crawlers" as the users instead, I could see it playing out like this:

.well-known/mcp.json remains quite simple. The goal is to inform web crawlers "this server endpoint exists + here is some high level info to help you make the decision as to whether you want to connect to it and explore its capabilities further"
You create a free market competition for building the best "Google Search" of the MCP era. One of the most common things I've seen people build, again and again, in these first few months is an "MCP server directory" (I am involved in one of them myself). There's clearly an appetite for building solutions in this space, many different ways of doing it, and maybe in the end you won't have a single monopolistic "Google" and rather different "MCP server search" tools where the creators are choosing to serve different kinds of MCP clients or human end-users. Even today, what with Google Search's relative dominance, so many internet users would rather go to Reddit or other information sources to search for varied kinds of information.
You avoid the idea of anyone having to manage a "centralized directory" -- it's all decentralized, published on server authors' own domains. The server authors can then choose to go submit their mcp.json URL's to the most popular MCP server directories (like website owners submit sitemap.xml to Google), or they can passively wait for the directories' crawlers to discover them. Then it's the directories' jobs to assess whether these are quality MCP servers worth driving traffic to.

If the idea of building .well-known for third party directories instead of MCP clients directly appeals, the first step could look like this (just iterating on the original proposal) --

Establish a file, /.well-known/mcp.json:

{
  "version": "1.0",
  "servers": [
    {
      "name": "primary",
      "description": "Main API server for example.com",
      "endpoint": "https://mcp.example.com/v1",
    }
  ]
}

I'm omitting capabilities intentionally, as that to me feels more like a server implementation detail than a data point worth using at the server discovery level.

I think that alone could be enough for an initial version. It would accomplish:

Clear, decentralized, scalable solution for "how to publish your MCP server" (i.e. put up this file and submit it to third party directories XYZ) as SSE grows in popularity
Watch how MCP Clients or MCP Server directories interact with these files (particularly what the ecosystem chooses to publish and consume from the description field); augment the JSON to serve one or both of them with the other ideas in this thread like statefulness, more structured context, costs/auth requirements as appropriate

3 replies

jspahrsummers Jan 22, 2025
Maintainer Author

I like the idea of decentralized discovery of MCP services. Just with regard to this question:

Who is the intended "user" of this file/directory?

I think both of the users (clients and server directories) you mentioned are totally valid. One argument in favor of using a directory here is that different files could actually cater to different audiences.

However, that could also just be some big JSON file that contains everything needed for either. Not sure yet.

olaservo Jan 22, 2025
Collaborator

Catering to different audiences seems like something that should exist outside of this proposal entirely, i.e. this file should just give the client or crawler all the information and then let it decide how to use it. In other words, the single json doesn't appear to prescribe any specific value or usefulness to a given user, it just shares all the facts in a neutral way.

jspahrsummers Jan 22, 2025
Maintainer Author

For the information above, definitely agreed. Not sure if there would be more audience-specific information we'd want to add in the future, though.

Anyway, it seems like a small enough risk that a single file probably makes sense!

reustle · 2025-02-20T05:00:29Z

reustle
Feb 20, 2025

Has the team considered using something like OAuth device flow? I think that, along with a standard token auth option, would be pretty flexible.

OAuth Device Authorization Grant (RFC 8628)
The user is given a link and/or QR code via the MCP client, and asked to enter a code and log in via their browser. This would let the MCP client start receiving replies from the remote MCP server. (reference)

Standard Token Based Auth
Let me build a library of API keys within my MCP client and associate them with domain(s). i.e.

[
  {
    "domains": ["*.airtable.com","airtable.com"],
    "token": "my-secret-key"
  },{
    "domains": ["*.github.com","github.com"],
    "token": "another-secret-key"
  }
]

0 replies

gbmarc1 · 2025-02-21T22:14:06Z

gbmarc1
Feb 21, 2025

Have we thought of aligning with W3C discovery RFC?
The example of a DID document seems to me very similar to what was proposed above.

{
    "@context":[
        "https://www.w3.org/ns/did/v1",
        "https://www.w3.org/2022/wot/discovery-did"
    ],
    ...
    "service": [{
        "id": "did:example:wotdiscoveryexample#td",
        "type": "WotThing",
        "serviceEndpoint":
            "https://wot.example.com/.well-known/wot"
    }]
    ...
}

0 replies

reustle · 2025-02-22T16:57:12Z

reustle
Feb 22, 2025

From the MCP workshop at the AI Engineer conf in NYC. Oauth2 support (and an official registry) was also confirmed.

0 replies

gbmarc1 · 2025-02-24T14:34:49Z

gbmarc1
Feb 24, 2025

I have a question regarding "local" servers, such as the GitHub MCP server. Would it be possible to discover such MCP servers through a .well-known registration?

While dynamic discovery of these servers could be useful, it raises security concerns about executing unknown code locally. However, the .well-known mechanism could serve as an approved list of MCP servers, whether they are remote or local.

What are your thoughts on this?

0 replies

TylerBarnes · 2025-03-05T17:49:05Z

TylerBarnes
Mar 5, 2025

Hey everyone! 👋

We've been following these discussions closely and have been thinking a lot about how we, as an agent framework (Mastra), would want to interact with MCP servers. We've also had some great conversations with folks in the community about this over the past week.

We built a POC that explores what all this might look like from our perspective. The question we asked ourselves was: "As an agent framework, how could we build an abstraction that would simplify interacting with MCP servers for our users?"

You can check out our exploration here: mastra/explorations/mcp-registry-client

A few things we've learned:

The .well-known/mcp.json approach is great for discovery, but we think it could be even more powerful if it included official server schema utils that clients can use to build UIs and validate input configurations. This would make it much easier for frameworks to integrate MCP servers.
We prototyped a RegistryClient that can:
- Discover servers from a .well-known/mcp.json endpoint
- List and search available servers
- Get detailed server definitions with schemas
- Validate input configurations against those schemas
We also built a ServerDefinition class that handles introspection, validation, and serialization/deserialization of server definitions. We think something in this direction would be helpful for our users.

Here's a quick example of what we have in the link above:

const registry = new RegistryClient({
  url: "https://example-tools.com/.well-known/mcp.json",
})

const directory = await registry.connect()
const allServers = await registry.listServers()
const stripeServer = await registry.getServerDefinition({ id: "stripe" })

// The server definition includes schemas that can be used to build UIs
const userInput = await userlandexample.buildServerUI(stripeServer.schemas)
const validConfig = stripeServer.parseConfig(userInput)

We have some examples showing how this could be used in practice, including a TUI for discovering and configuring servers interactively.

We wanted to share our perspective as a downstream MCP consumer and show how we're thinking about integrating once this all comes out. We're excited about these discussions and where MCP is heading!

3 replies

gbmarc1 Mar 5, 2025

@TylerBarnes I was also working on a very similar proposition based on the registry proposition in this discussion.

There it is my proposition:

MCP Discovery Process

This RFC defines how MCP Clients discover and connect to MCP Servers, inspired by the Web of Things (WoT) discovery standard.

Core Entities

Host: End-user of the MCP system
MCP Client: Application that connects to MCP servers
MCP Registry: Directory service listing available MCP servers
MCP Server:
- Local: Runs on user's machine
- Remote: Runs on remote infrastructure

Discovery Flow

Initial Configuration
- User configures two types of discovery channels in the MCP client:
  - Direct connections to Remote MCP Servers.**
  - MCP Registry connections

User Experience:

mcpClient = McpClient(
	discovery_channels = [
            "my-server-url.com",
            "my-registry-url.com"
        ]
)
print(mcpClient.list_tools())  # list tools for all server discovered in registry + tools in “my-server-url.com”

** I am not sure if individual servers should go in there or we should do something like this

mcpClient = McpClient(
	discovery_channels = [
            "my-registry-url.com"
        ]
        servers: ["my-server-url.com", LocalServer()]
)

Authentication Bootstrap - Registry
- For each discovery channel, the MCP Client:
  1. Fetches authentication configuration from /.well-known/mcp.json (either server of registry)
  2. Prompts user for required authentication (OAuth flow, Bearer token, etc.)
  3. Stores the authentication credentials securely
Registry-Based Discovery
- When connected to an MCP Registry:
  1. Client retrieves list of available MCP servers
  2. Client performs authentication for each listed server
  3. Each successful server connection is treated identically to a direct server discovery channel
Bootstrapping
4.1 Authentication Bootstrap (Remote MCP server). Same as section 2
4.2 Installation Bootstrap (Local MCP server)
Download/install package from a package registry.
See mcp.json
Server Resource Discovery
Note: this is not done at initialization of the client; but, the client would expose some list_tools methods that will iteratively fetch the tools/prompts/resources from all servers.
- For each MCP (Local or Remote) server (whether direct or via registry):
  - Client discovers available resources
  - Client discovers available prompts
  - Client discovers available tools
  - All discovered capabilities are stored locally in the client

Security Considerations

Authentication Reuse

When multiple MCP Servers share authentication mechanisms:
- The client should attempt to reuse existing credentials
- The registry could potentially store and securely transmit credentials to clients
- Implementation must follow security best practices for credential handling

Registry Filtering

Users can configure filters when setting up registry discovery channels
Filters allow selective discovery of MCP servers based on criteria
Reduces unnecessary authentication attempts and resource usage

Security Bootstrapping

The .well-known/mcp.json endpoint provides initial security configuration
Supports multiple authentication methods:
- OAuth flows
- Bearer tokens
- Other standard authentication mechanisms
See Security Schemes Documentation for detailed implementation guidelines

sequenceDiagram
    actor Host
    participant Client as MCP Client
    participant Registry as MCP Registry
    participant PkgRegistry as Package Registry<br/>(npm/pypi)
    participant LocalServer as Local MCP Server
    participant RemoteServer as Remote MCP Server

    %% Initial setup of discovery channels
    Host->>Client: Configure discovery channels<br/>(Registry + Direct Server)

    rect rgb(204, 255, 204)
    Note right of Client: MCP Registry Discovery Channel Flow
    Client->>Registry: GET .well-known/mcp.json
    Registry-->>Client: Auth mechanism details
    Client->>Host: Request auth input (OAuth/Bearer)
    Host-->>Client: Provide credentials
    Client->>Registry: Authenticate
    Registry-->>Client: Auth success + token

    Client->>Registry: List available MCP servers
    Registry-->>Client: List of MCP servers
    end

    loop For each MCP server (direct or from registry)
        alt Local MCP Server
            rect rgb(204, 255, 204)
            Note right of Client: Installation Bootstrapping
            Client->>PkgRegistry: Download MCP server package
            PkgRegistry-->>Client: Package contents
            end

            alt Installation successful
                Client->>LocalServer: List resources
                LocalServer-->>Client: Available resources
                Client->>LocalServer: List prompts
                LocalServer-->>Client: Available prompts
                Client->>LocalServer: List tools
                LocalServer-->>Client: Available tools
                Note over Client: Store server capabilities
            end
        else Remote MCP Server
            rect rgb(204, 255, 204)
            Note right of Client: Security Bootstrapping
            Client->>RemoteServer: GET .well-known/mcp.json
            RemoteServer-->>Client: Auth mechanism details
            Client->>Host: Request auth input (OAuth/Bearer)
            Host-->>Client: Provide credentials
            Client->>RemoteServer: Authenticate
            RemoteServer-->>Client: Auth success + token
            end

            alt Authentication successful
                Client->>RemoteServer: List resources
                RemoteServer-->>Client: Available resources
                Client->>RemoteServer: List prompts
                RemoteServer-->>Client: Available prompts
                Client->>RemoteServer: List tools
                RemoteServer-->>Client: Available tools
                Note over Client: Store server capabilities
            end
        end
    end

alickreborn0 Apr 12, 2025

I like this idea, as it takes into account both enterprise and consumer scenarios.

devnomad-byte Apr 13, 2025

https://github.com/orgs/modelcontextprotocol/discussions/159#discussioncomment-12624829
It's a really good idea. We've all thought of it together

McSpidey · 2025-03-26T12:14:17Z

McSpidey
Mar 26, 2025

I've been working on the MCP service discovery issue too since I learned about the protocol and created a POC for a DNS TXT pointer based system that checks for _mcp.domain.com for the tool server address.

Here's my POC DNS record:
"v=mcp1 url=https://mcpi.mcpintegrate.com/mcpi/discover"

And here where I'm writing up my ideas https://mcpintegrate.com with code here https://github.com/McSpidey/mcpi
Am glad to have found this discussion and others looking seriously at it. and happy to contribute/colab.

0 replies

arthurcolle · 2025-03-26T23:52:42Z

arthurcolle
Mar 26, 2025

This is what killed ChatGPT Plugins - be careful!

2 replies

arivero Jun 12, 2025

I am curious about this point.

afourney Jun 12, 2025

Yes. Please elaborate.

guilt · 2025-03-29T20:19:17Z

guilt
Mar 29, 2025

One of the things about having complex hosted infrastructure is that it adds more steps and often requires auth / rate limiting at a certain scale. It may make sense to make more plugins / MCPs run as local processes on the users' computer than requiring external hosting. Would prefer having a mechanism that allows discovering services from public GitHub repos as well as hosted services.

2 replies

dendik Mar 31, 2025

The usecases for mcp sourcecode registry / search and mcp deployed instance announcement / search are very different:

mcp sourcecode registry / search:

target users: those who are willing to develop (nowadays this includes developers and vibe coders)
technology adoption: already widely adopted within target audience
responsibility for the server: third party
discussion: https://github.com/orgs/modelcontextprotocol/discussions/159 and many more threads

mcp deployed instance announcement / search:

target users: any user of AI devices after the tech is widely adopted
technology adoption: not started
responsibility for the server: the same as provider of the service which MCP mirrors
discussion: https://github.com/orgs/modelcontextprotocol/discussions/84 (this thread)
for big companies it will be very cheap and very useful to provide such MCP instances, and this is the first thing that the target users want to have

So, as you see, you are just looking for a very different usecase. Please refer to the other thread.

guilt Apr 21, 2025

When having Third party hosted servers, unless it's paired with an auth strategy (or someone has infinite hosting capability), it may not scale.
When a local implementation is run with local creds, it allows people to access fully local data, without having to develop an enhanced auth strategy; It also allows excellent use of local compute and allows people to run such servers on mobile devices.
People have already solved the problem of running a GitHub repository as a MCP server (containerized), so I do not see a net negative here.

I also believe that asking for adding the same mechanism on Git repos does not negatively impact the suggested discovery mechanism. This exact mechanism can work on a GitHub repo, by allowing people to look at:
curl https://raw.githubusercontent.com/USER/repo/refs/heads/main/.well-known/mcp.json.

What needs to be expanded in the spec is how people can connect to locally runnable services/tools, which is orthogonal to the discovery mechanism itself.

I also think that this thread is focussed on one of the solutions for the problem well discussed in /modelcontextprotocol/discussions/159. I definitely see value in the generic approach of that thread.

devnomad-byte · 2025-03-31T06:47:11Z

devnomad-byte
Mar 31, 2025

bro, look at my design
https://github.com/orgs/modelcontextprotocol/discussions/159#discussioncomment-12624829

0 replies

cndu · 2025-04-10T03:53:14Z

cndu
Apr 10, 2025

FYI：Agent2Agent Protocol (A2A) https://google.github.io/A2A/#/documentation?id=agent-card

0 replies

tadasant · 2025-05-06T19:10:58Z

tadasant
May 6, 2025
Collaborator

FYI: Some of the .well-known discussion here has been intertwined with the discussion on the concept of a centralized registry, which is now under development here.

FWIW: I think this notion of a decentralized .well-known mechanism for server discovery should still exist, and may become a more prominent server discovery entrypoint than the centralized registry in the long term, especially as remote servers grow in popularity.

0 replies

igrigorik · 2025-05-28T03:03:32Z

igrigorik
May 28, 2025

This should exist. As a concrete example, at Shopify we've just shipped /api/mcp for millions of storefronts, but there is no established contract for how an agent / MCP-client can probe and discover if and where the MCP endpoint is for a given origin. This does not in any way diminish the need and utility of a global registry, but we should not require and rely on a global registry for basic capability discovery.

9 replies

arivero Jun 11, 2025

Indeed it should exist, and good for shopify to take some lead here.

electrocucaracha Jun 11, 2025

@igrigorik can we start a draft with some fields? or start a conversation in discord

johannespn Jun 13, 2025

I also brought a similar discussion to OpenAI on their community platform. I suggested using llms.txt, but .well-known/mcp.json is a more precise approach. There needs to be some standardized way.

Happy to be included if a group around this topic forms :)

electrocucaracha Jun 19, 2025

@igrigorik @dendik @arivero @johannespn I have consolidated some ideas in this document let me know if that makes sense and if you need edit permissions, feel free to share with others as well.

johannespn Jun 20, 2025

@electrocucaracha Thanks for starting this document! I added some comments.

https://github.com/agntcy/identity?tab=readme-ov-file#-architecting-agentic-trust

Their work might be interesting for MCP trust problems too. Maybe we should integrate their Verifiable Credential in the well known file, once it's vetted by this community & production ready

calclavia · 2025-06-15T18:07:58Z

calclavia
Jun 15, 2025

I want to bring this up #138 to the .well-known discussion. At Smithery, many of our servers have required GET parameters for users to configure the behavior of a server upon connection.

Having a standard way to be able to be able to discover these GET paramaeters would be useful. We're already using an internal /.well-known/mcp-config JSON file for several thousand servers, which specifies what the possible GET parameters are. We return 422 when the GET parameters are malformed. (https://github.com/smithery-ai/sdk/blob/main/typescript/sdk/src/shared/config.ts#L136)

Happy to contribute this to the main specification. That way, there's a standard way of defining what GET parameters are possible.

0 replies

olaservo · 2025-06-21T04:29:01Z

olaservo
Jun 21, 2025
Collaborator

Hi everyone, I've created a community working group channel for this topic on the MCP CWG Discord server. This will help us gather implementation experiences and validate proposals with the wider community, complementing the great discussion happening here.

For anyone who isn't already acquainted with the CWG, here's the link to the README which explains more about the working groups and has a link to join the Discord server: https://github.com/modelcontextprotocol-community/working-groups

0 replies

cosbgn · 2025-07-03T09:32:24Z

cosbgn
Jul 3, 2025

My UI looks something like this. It would be great if I could avoid the auth and type field, maybe even the name?
IMO we should have a standard way to hit ${url}/.well-known/mcp.json and get all this info automatically because the end user probably doesn't even know what kind of auth the server uses or if it's http vs sse.

Is there any way I could automatically figure these out?

0 replies

bermandberman · 2025-07-19T17:25:06Z

bermandberman
Jul 19, 2025

This thread is really insightful!

In similar ways to how SEO helps search engines find relevant content for search queries, I see MCP Servers as a way for LLM Clients to find relevant content (context, actions, etc.) for LLM prompts.
I realize that a lot of MCP Server implementations involve directly connecting the MCP Server to the LLM Client (w/ auth in some cases) and from there, the LLM Client can autodetect functionality from a manifest

I'm wondering if MCP Servers could be used as follows, in the future:

For example, let's say you prompt ChatGPT something like:

I'd love to order Dominos Pizza, can you share current promotions in
my area?

and it'd do it's normal thing (surfaces information from the underlying LLM + a web search to pull promotions from local restaurants, etc.) but in addition to that, it also notices that the Dominos Pizza website references an MCP server in it's metadata (meta tag, .well-known, etc.) so it auto discovers it's functionality and notices that it exposes actions that actually place orders, leading to a response like this from ChatGPT:

The Boston, MA location is currently running 2 for 1 large pepperoni
pizza. Would you like to place an order for this deal?

Then ChatGPT continues the conversation with the user, helping them place an order (that is ultimately facilitated through the MCP Server abstraction.)

Is this where things are going? If not, is there another direction that would provide this type of functionality?

1 reply

chipgpt Jul 19, 2025

That is exactly where things are going. You will be able to engage with a service 100% through your LLM (minus maybe the oauth flow to get logged in).

workmatrix · 2025-07-31T17:59:06Z

workmatrix
Jul 31, 2025

Really appreciate all the work here. Especially the example from Shopify, which helps show how this could scale in practice.

To keep things moving, I’m curious what’s holding back adoption from the client side particularly from platforms like OpenAI or Claude. Are there technical constraints, policy questions, or just uncertainty around what to implement?

Whatever structure we land on (single file, directory, auth details, cost metadata), having a minimal, shared version of .well-known/mcp.json that clients can start supporting would be a strong step forward.

Happy to help draft or test a baseline format if that would be useful.

0 replies

patwhite · 2025-08-07T04:46:19Z

patwhite
Aug 7, 2025

I'd like to bring up what I think is potentially a serious issue here - it depends on how exactly this is implemented, but if .well-known becomes a critical part of the MCP initialization process, this is a tight coupling to http as a transport. The current model of all important interactions being messages means that MCP could be adapted to literally any transport, any flavor of http, udp, satellite comms, literally anything. I'm not sure if this is meant as purely discovery and initialization still is message based, but I'd be careful to use this for anything other than establishing the MCP connect url.

1 reply

localden Aug 29, 2025
Maintainer

But realistically, this would really only be useful for HTTP-based remote MCP servers, same as we do with auth and the PRM document at /.well-known/oauth-protected-resource.

nicky-parsons · 2025-09-26T11:44:48Z

nicky-parsons
Sep 26, 2025

Great discussion! I'd like to propose a complementary approach inspired by Apple's Smart App Banners.

When Safari sees <meta name="apple-itunes-app">, it prompts users to install the app.

We could do similar for MCP:

<meta name="mcp" content="server=https://blog.com/mcp/sse, transport=sse, capabilities=search;read;summarize">

Key advantage: LLMs already fetch and parse HTML. When they scrape a page, they'd discover MCP servers with zero additional requests. The client could then prompt: "This site offers enhanced MCP integration - connect for real-time features?"

Why both approaches make sense:

Meta tags for opportunistic discovery ("while you're here, we offer MCP")
.well-known for detailed configuration once you know a server exists

The philosophical distinction matters. .well-known works great for known services (OAuth, Let's Encrypt, WebFinger) where you're fetching expected configuration. But checking every website for /.well-known/mcp means 99.99% return 404s - that's millions of wasted requests!

Meta tags avoid this entirely - they're only parsed if present, no 404s, no extra requests.

ChatGPT and Claude's web tools could be tweaked to identify and surface these tags immediately. Combined with .well-known for richer metadata after discovery, we'd see MCP adoption explode practically overnight. (I'd immediately wire up nike.com to enable a personalized realtime experience where I can provide my zip code and shoe size to get recommendations).

Thoughts?

7 replies

keepthebyte Oct 1, 2025

+1 for an open web+search based discovery. The current POC I'm working on is using a link rel alternative.

<link rel="alternative" type="application/mcp" href="url/to/your/mcp/manifest.json">

This allows the search tool from the LLM to discover the MCP endpoint given that the resource (web page which allows the manual way of doing it) matches the intend of the user - and can then offer to complete the action without having to go visit the website. The link rel as the benefit that it could potentially have multiple on the same page - located in the HTML where the action is for humans when they visit the site.

Screenshot from POC for the chat experience:

nicky-parsons Oct 24, 2025

@keepthebyte when you say POC, is this actually working for you or have u had to build our ur own chat experience to prove this out?

I'm think Atlas (and other AI browsers) should immediately add this or the <meta /> tag and hit the brakes on Computer Use - we don't need cursors moving around web pages arbitrarily trying to make sense of things if we can help it.

AndreaRiboni Oct 24, 2025

@keepthebyte when you say POC, is this actually working for you or have u had to build our ur own chat experience to prove this out?

Not OP but me and a colleague had a very similar idea two weeks ago and just recently stumbled upon this issue.

We have a sample implementation of a LangChain agent that, through a mocked search tool, discovers and then utilizes the remote MCP server.

The way the discovery process has been implemented is through a specific HTTP header which, if present, exposed the MCP server url. It works like the meta tag I guess.

Indeed the approach can be refined but I strongly believe that discovering MCP servers opportunistically and without relying on a centralized registry can empower web-crawling LLM agents via new contextual-capabilities

electrocucaracha Oct 24, 2025

FYI, there is an open SEP related to this idea.

keepthebyte Nov 3, 2025

@keepthebyte when you say POC, is this actually working for you or have u had to build our ur own chat experience to prove this out?

@nicky-parsons the MCP is real - but needed to write own chat experience and tool calling sequence. Looks like right now - OpenAI choose to follow the 'AppStore' model with approved apps - and not an open web discovery. Not sure what Google is going to do. But I think there is a difference between an approved app from a brand - and a low friction action without having to 'configure' an app.

codemug · 2025-10-30T21:47:15Z

codemug
Oct 30, 2025

Folks, this discussion needs to reach somewhere because MCP server discovery is a well-needed feature for publicly hosted MCP servers protected by OAuth 2.1.

MCP was designed to allow resource and tool discovery by LLMs i.e. the tools/list call would directly return the payload that I can include in the system prompt. With OAuth 2.1, I can't make this call myself at the time of agent initialization/configuration because OAuth 2.1 is meant to allow authorization on behalf of the invoker of my agent, which might not necessarily be me (I may be an agent developer for my org for others to use it). This means that my agent won't even know what functionality it can invoke at the time of initialization. I can't fill the system prompt.

Having a .well-known URI solves this problem, if the returned document contains (and it should contain) the resource and tool definitions of the MCP server, I can just include that in my agent's system prompt without the need to initiate the OAuth2.1 flow.

1 reply

spawar-apex Nov 13, 2025

Folks, this discussion needs to reach somewhere because MCP server discovery is a well-needed feature for publicly hosted MCP servers protected by OAuth 2.1.

MCP was designed to allow resource and tool discovery by LLMs i.e. the tools/list call would directly return the payload that I can include in the system prompt. With OAuth 2.1, I can't make this call myself at the time of agent initialization/configuration because OAuth 2.1 is meant to allow authorization on behalf of the invoker of my agent, which might not necessarily be me (I may be an agent developer for my org for others to use it). This means that my agent won't even know what functionality it can invoke at the time of initialization. I can't fill the system prompt.

Having a .well-known URI solves this problem, if the returned document contains (and it should contain) the resource and tool definitions of the MCP server, I can just include that in my agent's system prompt without the need to initiate the OAuth2.1 flow.

I think having a Oauth2.1 and .well-known serves different purpose. It should be implemented in both perspective than just saying that now we know what MCP server could do so that I'm aware and now I dont need any kind of OAuth mechanism for this.

spawar-apex · 2025-11-13T22:49:51Z

spawar-apex
Nov 13, 2025

Reiterating on this point: #1147 (comment)

Could these .well-known configuration files be utilized by enterprises to discover local MCP servers or servers hosted in remote clouds? I’m relatively new to this topic and might be missing some details. If anyone has experience with a similar use case, I’d really appreciate it if you could share your insights!

0 replies

axi · 2025-11-18T19:52:43Z

axi
Nov 18, 2025

A small summary of the possibilities mentioned in this thread:

/.well-known/mcp/servers.json
/llms.txt
/.well-known/mcp.json
DNS TXT entry for "v=mcp1 url=https://domain.com/discover"
<meta name="mcp" content="server=https://domain.com/mcp/sse, transport=sse, capabilities=search;read;summarize">
<link rel="alternative" type="application/mcp" href="url/to/your/mcp/manifest.json">

It looks like /.well-known/mcp.json has the most occurrences (not a scientific way of settling the debate).

0 replies

.well-known/mcp directory #1147

Uh oh!

Uh oh!

jspahrsummers Dec 11, 2024 Maintainer

Potential Benefits

Areas for Discussion

Directory Structure

Security

Implementation

Scope

Replies: 28 comments · 30 replies

Uh oh!

jspahrsummers Dec 13, 2024 Maintainer Author

Uh oh!

dsp-ant Dec 17, 2024 Maintainer

Uh oh!

Uh oh!

tadasant Dec 31, 2024 Collaborator

Uh oh!

Uh oh!

Uh oh!

tadasant Jan 21, 2025 Collaborator

Do we need a whole .well-known directory, or is a single file enough?

Who is the intended "user" of this file/directory?

Uh oh!

jspahrsummers Jan 22, 2025 Maintainer Author

Uh oh!

olaservo Jan 22, 2025 Collaborator

Uh oh!

jspahrsummers Jan 22, 2025 Maintainer Author

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

MCP Discovery Process

Core Entities

Discovery Flow

Security Considerations

Authentication Reuse

Registry Filtering

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

`.well-known/mcp` directory #1147

jspahrsummers
Dec 11, 2024
Maintainer

Replies: 28 comments 30 replies

jspahrsummers
Dec 13, 2024
Maintainer Author

dsp-ant
Dec 17, 2024
Maintainer

tadasant
Dec 31, 2024
Collaborator

tadasant
Jan 21, 2025
Collaborator

jspahrsummers Jan 22, 2025
Maintainer Author

olaservo Jan 22, 2025
Collaborator

jspahrsummers Jan 22, 2025
Maintainer Author