security · content · governance · runtime

How Strata works.

Four phases of trust infrastructure: server scoring, content validation, the governance layer, and runtime intelligence that monitors your agents as they operate.

Security Scoring

How Strata scores 2,179 MCP servers.

Every server in the directory passes through a six-stage security pipeline before it's trusted.

STEP 01

Source Collection

Strata crawls 22 AI ecosystems continuously — GitHub repositories, npm packages, official ecosystem directories, and community submissions. Every MCP server reference is captured regardless of popularity.

STEP 02

Static Analysis

Source code, README files, and manifests are analyzed for capability signals. Seven capability flags are extracted. The security_score (0–100) is computed from GitHub health signals: stars, commit recency, release history, license, archived status.

shell_exec → can spawn shell processes dynamic_eval → can execute arbitrary code fs_write → can write to the filesystem arbitrary_sql → can run raw SQL queries net_egress → makes outbound network requests secret_read → reads environment variables or credentials process_spawn → spawns child processes

STEP 03

Injection Scanning

Every tool description in every server is scanned for prompt injection — hidden instructions designed to manipulate agent behavior. Three layers run in sequence. A score of 6/10 or above quarantines the server permanently.

Layer 1 Regex patterns for known injection signatures Layer 2 Claude Haiku semantic analysis Layer 3 Claude Sonnet extended thinking for borderline cases Score ≥ 6/10 → quarantined, never surfaces in results

STEP 04

Live Endpoint Probing

For servers with hosted endpoints, Strata sends a real MCP initialize handshake and tools/list request. This confirms the server is actually running, detects drift between declared and observed tools, and feeds latency and schema validation data into the runtime_score.

STEP 05

Per-Tool Scoring

Individual tools within each server are scored separately. A server where 1 of 12 tools has shell_exec gets different treatment than one where every tool is dangerous. dangerousToolCount is tracked and exposed in the API alongside the server-level scores.

STEP 06

Published to Directory

The final scores are published. Servers are searchable by risk level, capability flags, ecosystem, and use case via the REST API and native MCP server.

security_score → repo health (0–100) runtime_score → behavioral trust (0–100) capability_flags → what tools can actually do is_quarantined → injection or malicious content detected

Content Intelligence

How Strata validates ecosystem information.

Best practices, news, and integrations pass through a separate validation pipeline before reaching your agent.

STEP 01

Source Collection

Strata monitors four types of sources per ecosystem, continuously pulling content from across the AI developer community.

RSS feeds → official blogs and changelogs Reddit → community posts (score ≥ 10 only) GitHub → official release notes and changelogs Community → developer submissions

STEP 02

Recency Filter

Items older than 7 days are discarded immediately. GitHub releases are limited to the 5 most recent per repo. Only fresh content proceeds.

STEP 03

Deduplication

Each item is checked against all previously seen source URLs. Already-seen items are discarded instantly — no redundant processing, no repeated content.

If source_url exists in database → discard If source_url is new → continue to validation

STEP 04

AI Validation

Each surviving item is evaluated against four criteria. Items that fail any criterion are rejected.

Ecosystem relevance

Directly relevant to developers using this ecosystem — not passing mentions or tangential content.

Accuracy

Not misleading, outdated, or contradicted by official sources.

Developer utility

Useful to someone building a production AI application — not consumer-facing or promotional.

Substance

Sufficient detail to be actionable — not one-line posts or link-only content.

High confidence

published automatically

Medium confidence

flagged for review

Low confidence

rejected

STEP 05

Near-Duplicate Removal

After individual validation, surviving items are reviewed as a batch. When multiple items cover the same story, only the highest-quality version is kept.

Input: 3 items covering the same SDK release Output: 1 item — the most complete version retained

STEP 06

Community Submissions

Developers can submit integrations, best practices, and tips directly. Every submission passes through the same AI validation pipeline — high-confidence items publish automatically, others are reviewed manually.

Phase 3 — Live

Policy, compliance, and threat monitoring.

Beyond scoring — Strata enforces rules, generates tamper-evident audit evidence, and alerts you when connected servers change risk profile.

Policy Engine

Define rules that govern what your agents are allowed to do. "No shell_exec in production." Enforced at the Strata layer before any tool call executes.

Compliance Reporting

One-click SOC 2 and ISO 27001 audit evidence packages generated from the Agent Activity Ledger. Tamper-evident with HMAC signature verification.

Real-Time Threat Feed

A Postgres trigger fires when servers change risk profile — quarantine added, dangerous capabilities gained, security score drops. Push alerts before your agents are affected.

Phase 4 — Live

Runtime intelligence.

Beyond static scoring — Strata monitors your agents in real time, maps your dependencies, and breaks circuits before damage occurs.

Circuit Breaker & Rollback

When a connected server crosses a critical risk threshold — quarantined, injection detected, score collapse — Strata automatically trips a circuit breaker. Agents continue in degraded-safe mode. No human intervention required. Per-profile bypass available for reviewed exceptions.

MCP Server Dependency Graph

Visual map of every MCP server your agents depend on. Risk scores, capability flags, circuit breaker status, and data lineage flows in one view. Nodes sorted by risk — critical servers surface first. Enriched with live threat feed data and policy status.

Behavioral Anomaly Detection

30-day rolling baselines per agent. Three detectors: volume spikes (5× baseline), high-risk server surges (3× baseline), net-egress floods (3× baseline, escalates to critical off-hours). Hourly analysis. 6-hour dedup window. Requires 7 days history and 50 calls minimum — no false positives on new accounts.

Not a firehose.

On a typical day, Strata processes hundreds of items per ecosystem and publishes the top 20–30%. 2,179 MCP servers scored across 22 ecosystems. What reaches your agent has earned its place.

See the API →