Directories list MCPs. Gold Rush records what happened to them. This page
explains what SaSame's Gold Rush measures and — just as importantly — what it does not. It is the
methodology link referenced by gold_rush_report and the Visibility Report.
| Signal | Meaning |
|---|---|
| Reachability | Does the MCP endpoint answer at all. |
| Callability | Do initialize and tools/list respond. |
| Schema validity | Does tools/list parse; how many tools are declared. |
| Tool-surface readability | Are tools described and annotated (a factual completeness count). |
| Claim status | Is an owner proof present — a proof_code at a well-known path or metadata field. Proves control of the endpoint, not identity or KYC. |
| Longitudinal signal | Grade-over-time from repeated observation. The method is repeated measurement; the exact weighting is proprietary. |
Security, safety, malware, code quality, correctness of tool outputs, vendor trustworthiness, revenue, adoption, or ranking. A server can be reachable and schema-valid and still return harmful outputs — measurement of reachability says nothing about whether it is safe or useful.
observed (SaSame saw the endpoint) → claimed (an owner placed a proof) →
owner-verified (SaSame read the proof back). A claim proves endpoint control only.
Reachability and schema shape at check time. Never a security verdict.
A Gold Rush receipt anchors a measurement record on an append-only hash chain and is offline-verifiable. SaSame is non-custodial: a receipt is not a fiscal invoice, a payment, or a guarantee.
Public outputs are public_safe: no raw IP, raw user-agent, prompts, raw tool
inputs/outputs, secrets, tokens, or contact data. Owner/operator detail stays out of public tools.