UCP Check

Methodology

Validated against the published UCP spec, version 2026-04-08.

We don't just check your manifest's shape, we validate your agentic endpoints to confirm they actually exist and respond.

  1. 1

    Discovery

    We fetch the URL you provide, parse the response as JSON, and confirm it looks like a UCP profile. If we can't reach or parse it, the check stops here and tells you why.

  2. 2

    Schema validation

    We validate the manifest against the vendored UCP schema, surfacing every structural error – missing required fields, wrong types, and malformed values – with the exact path that failed.

  3. 3

    Capabilities

    We walk each declared capability, enforce UCP's reverse-domain naming and check namespace authority – a capability named under a domain must point its spec URL back to that same authority.

  4. 4

    Endpoint probes

    For each declared service we probe the live endpoint – a fetch-only HEAD or OPTIONS request for REST, a JSON-RPC `initialize` handshake for MCP transports – to confirm the URL is real and answering, not just present in the file.

  5. 5

    Hygiene

    We check transport-level basics such as serving discovery over HTTPS, so the surface an agent reads is delivered with integrity.

How our UCP validation works

We check a brand's published surface against the UCP specification. But the phase most validators skip is the one that matters most in practice.

A manifest can be perfectly well-formed and still point at endpoints that 404, time out, or were never deployed. This is why we don't stop at the manifest's shape – we query the endpoints it declares to confirm they exist and respond, in a safe and transparent way that doesn't cause any actual action or compute overhead.

UCP is transport-agnostic, so the probe adapts: REST services get a side-effect-free HEAD or OPTIONS request against the spec-defined operation paths, and MCP services get a real JSON-RPC initialize handshake. The result tells you not just "your file is valid" but "an agent that reads your file can actually reach you."

What we intentionally don't check

This is a conformance and reachability check, not an end-to-end purchase test. We confirm your endpoints are present and responsive; we do not place test orders, exercise full checkout or payment flows, or verify the business correctness of the data behind each endpoint.

Endpoints that require authentication are reported as reachable rather than fully exercised.