Gold Rush Methodology

Directories list MCPs. Gold Rush records what happened to them. This page explains what SaSame's Gold Rush measures and — just as importantly — what it does not. It is the methodology link referenced by gold_rush_report and the Visibility Report.

This is a measurement record, not a security audit, endorsement, safety certification, legal identity verification, or quality recommendation.

What is measured

SignalMeaning
ReachabilityDoes the MCP endpoint answer at all.
CallabilityDo initialize and tools/list respond.
Schema validityDoes tools/list parse; how many tools are declared.
Tool-surface readabilityAre tools described and annotated (a factual completeness count).
Claim statusIs an owner proof present — a proof_code at a well-known path or metadata field. Proves control of the endpoint, not identity or KYC.
Longitudinal signalGrade-over-time from repeated observation. The method is repeated measurement; the exact weighting is proprietary.

What is NOT measured

Security, safety, malware, code quality, correctness of tool outputs, vendor trustworthiness, revenue, adoption, or ranking. A server can be reachable and schema-valid and still return harmful outputs — measurement of reachability says nothing about whether it is safe or useful.

Claim status

observed (SaSame saw the endpoint) → claimed (an owner placed a proof) → owner-verified (SaSame read the proof back). A claim proves endpoint control only.

Runtime health

Reachability and schema shape at check time. Never a security verdict.

Receipts

A Gold Rush receipt anchors a measurement record on an append-only hash chain and is offline-verifiable. SaSame is non-custodial: a receipt is not a fiscal invoice, a payment, or a guarantee.

Data boundary

Public outputs are public_safe: no raw IP, raw user-agent, prompts, raw tool inputs/outputs, secrets, tokens, or contact data. Owner/operator detail stays out of public tools.