mcpstandard.dev

mcp discovery standard

Internet-Draft · Individual Submission · March 2026

The "mcp" URI Scheme and MCP Server Discovery Mechanism

draft-serra-mcp-discovery-uri-04 · 99rig · Mumble Group

I-D Exists

-04 Working Draft

This document defines the mcp:// URI scheme, a well-known URI discovery convention, a DNS TXT mechanism, and a security capability negotiation layer — enabling AI agents to autonomously discover MCP servers on any web domain without prior configuration.

Ecosystem Layering

This document defines Layer 2. Each layer is independently deployable.

Layer 0MCP protocol — transport, tool invocation

Layer 1DNS bootstrap — _mcp TXT record

Layer 2Discovery & security negotiation — this document

Layer 3Connection metadata — SEP-1649, SEP-2127

Layer 4Accountability — draft-farley-acta-signed-receipts

1. The mcp:// URI Scheme

A machine-to-machine identifier for publicly reachable MCP servers.

// Syntax (ABNF)
mcp-URI = "mcp://" authority path-abempty [ "?" query ]

// Valid examples
mcp://example.com
mcp://api.example.com/shop
mcp://example.com:8080

2. Operating Modes

Two modes are defined. Operators declare which they support.

base mode

.well-known only. Works on any web server — shared hosting, WordPress, Wix — with zero DNS configuration required.

fast mode

DNS TXT first (_mcp.{host}), then .well-known for metadata enrichment. A single UDP packet in <10ms confirms server existence before incurring TLS overhead. Recommended for operators who control DNS and for crawlers operating at scale.

3. Discovery Sequence

Fast mode starts at Step 1. Base mode starts at Step 2.

DNS TXT Record FAST MODE ONLY

Query _mcp.{host} TXT. If v=mcp1 is present, MCP existence confirmed. Proceed to Step 2 for manifest. If absent, proceed to Step 2 directly.

_mcp.example.com IN TXT "v=mcp1; src=https://example.com/mcp; auth=none"
// registry= for catalogue-backed domains
_mcp.example.com IN TXT "v=mcp1; registry=https://example.com/mcp-registry"

Well-Known URI REQUIRED (both modes)

HTTP GET to the well-known path. 200 + valid manifest = done. 404 or timeout (5s) = proceed to Step 3. When both DNS TXT and .well-known specify endpoints, .well-known takes precedence.

GET https://{host}/.well-known/mcp-server
Accept: application/json

Direct Endpoint LAST RESORT

Attempt MCP handshake at https://{host}/mcp. If it fails, no server found.

4. Security Capability Negotiation

The manifest declares the server's security posture. Clients read and apply it before connecting — no additional round-trip required.

The trust_class field is OPTIONAL. If absent, clients MUST treat it as "public". Each value implies mandatory sub-fields.

publicNo authentication required. Manifest may be cached freely.

sandboxNon-production. Clients SHOULD warn users. expires is REQUIRED.

enterpriseControlled access. auth object REQUIRED with at least one method. Clients MUST NOT connect before resolving auth.

regulatedDeclared regulatory regime. auth + compliance + logging all REQUIRED. compliance.jurisdiction MUST be declared (EU, EEA, UK, or ISO 3166-1).

Authentication methods core vocabulary: none, bearer, mtls, apikey, oauth2. Extensions use x- prefix.

// Example: regulated server in the EU
{
  "trust_class": "regulated",
  "auth": {
    "required": true,
    "methods": ["bearer", "mtls"],
    "endpoint": "https://auth.example.com/token"
  },
  "compliance": {
    "jurisdiction": "EU",
    "frameworks": ["GDPR", "ISO27001"]
  },
  "logging": { "required": true, "retention_days": 90 },
  "cache_ttl": 300
}

5. Manifest Schema

JSON document at /.well-known/mcp-server.

Field	Type	Req	Description
`mcp_version`	string	MUST	MCP spec version
`name`	string	MUST	Human-readable server name
`endpoint`	string	MUST	URL of the MCP endpoint
`transport`	string	MUST	"http" \| "sse"
`description`	string	SHOULD	Natural language description
`auth`	object	SHOULD	Authentication requirements (see §4)
`trust_class`	string	MAY	"public" \| "sandbox" \| "enterprise" \| "regulated"
`compliance`	object	MAY*	REQUIRED when trust_class is "regulated"
`logging`	object	MAY*	REQUIRED when trust_class is "regulated"
`capabilities`	array	SHOULD	["tools", "resources", "prompts"]
`cache_ttl`	integer	MAY	Seconds. REQUIRED when trust_class is "regulated"
`expires`	string	MAY	ISO 8601. REQUIRED when trust_class is "sandbox"
`payment_required`	boolean	MAY	Whether tool calls require payment
`payment_methods`	array	MAY	"x402" \| "stripe" \| "apikey" \| "mpp-tempo"
`categories`	array	MAY	Semantic categories
`languages`	array	MAY	ISO 639-1 codes
`contact`	string	MAY	Contact email or URL
`crawl`	boolean	MAY	false to opt out of indexing

6. Reference Implementation

This domain serves a live manifest conforming to -04:

$ curl -s https://mcpstandard.dev/.well-known/mcp-server | python3 -m json.tool

7. Implement

Server operator (base mode)

# Minimal manifest
mkdir -p .well-known
cat > .well-known/mcp-server <<EOF
{
  "mcp_version": "2025-06-18",
  "name": "My Server",
  "endpoint": "https://my.domain/mcp",
  "transport": "http"
}
EOF

Client developer (fast mode)

# 1. DNS — confirm presence
dig +short TXT _mcp.domain.com
# 2. well-known — get manifest
curl -sf https://domain.com\
  /.well-known/mcp-server
# 3. direct — last resort
curl -X POST https://domain.com/mcp

IETF Datatracker -00 -01 -02 -03 -04 Working Draft GitHub Discussion GitHub Categories Live Manifest