{ "company": "MintMCP", "slug": "mintmcp", "website": "https://www.mintmcp.com", "audit_date": "2026-04-09", "overall_score": 45, "tier": "Human-Dependent", "tier_as_published": "Human-Dependent", "pillars": { "P1": { "name": "Signal Architecture", "score": 10, "max": 25 }, "P2": { "name": "Clarity Stack", "score": 9, "max": 25 }, "P3": { "name": "Trust Envelope", "score": 14, "max": 20 }, "P4": { "name": "Velocity Triggers", "score": 2, "max": 10 }, "P5": { "name": "Gravity Design", "score": 10, "max": 20 } }, "criteria": [ { "id": "P1-A", "pillar": "P1", "name": "Structured Data", "score": 1, "max": 5, "evidence": "No schema.org Organization, Product, or Offer markup detected on mintmcp.com. Standard enterprise B2B site with no structured data signals for machine buyers." }, { "id": "P1-B", "pillar": "P1", "name": "Machine-Readable Pricing", "score": 0, "max": 5, "evidence": "No public pricing whatsoever. All pricing gated behind a custom quote request form and sales consultation. An AI agent cannot evaluate cost from any public page." }, { "id": "P1-C", "pillar": "P1", "name": "llms.txt / Agent Layer", "score": 3, "max": 5, "evidence": "/llms.txt confirmed present at mintmcp.com/llms.txt. Content provides a clear structured description of MintMCP's purpose (\"enterprise MCP gateway that adds authentication, authorization, policy enforcement, observability, and audit logging to AI-to-data/tool connections\"), capabilities, and deployment options. Exists and is useful \u2014 but lacks structured links, capability listings, or agent-facing metadata beyond a prose description." }, { "id": "P1-D", "pillar": "P1", "name": "API / MCP Availability", "score": 3, "max": 5, "evidence": "MintMCP hosts and brokers 10,000+ MCP servers and generates OpenAPI specs for ChatGPT Custom Actions compatibility. Supports JSON-RPC protocol. OAuth 2.0/2.1 with PKCE documented for enterprise. However, no public REST API spec or MCP server for MintMCP itself is published \u2014 the product requires enterprise onboarding to access." }, { "id": "P1-E", "pillar": "P1", "name": "Discoverability (GEO)", "score": 3, "max": 5, "evidence": "Confirmed /llms.txt. Active blog targeting specific integration keywords (MCP for PostgreSQL, Jira, Confluence, etc.). Appears in multiple AI agent infrastructure search queries. Solid SEO-quality content with some GEO intent." }, { "id": "P2-A", "pillar": "P2", "name": "Offer Completeness", "score": 1, "max": 5, "evidence": "\"What\" (MCP gateway with auth, logging, governance) is clearly described. \"Who\" (enterprise teams) is clear. \"How Much\" is entirely absent \u2014 no pricing visible anywhere. An agent cannot evaluate the full offer without human-mediated sales contact." }, { "id": "P2-B", "pillar": "P2", "name": "Scope & Limits", "score": 2, "max": 5, "evidence": "Role-based access control, connection pooling, circuit breakers, and query result caching with configurable TTLs are mentioned in technical documentation. But specific rate limits, connection caps, or throughput boundaries are not published." }, { "id": "P2-C", "pillar": "P2", "name": "Substitution Rules", "score": 2, "max": 5, "evidence": "Circuit breakers for graceful service degradation documented in enterprise deployment guide. Request queuing for traffic spikes mentioned. Some fallback logic is stated \u2014 better than most, but not in a structured, machine-readable format." }, { "id": "P2-D", "pillar": "P2", "name": "Conditional Logic", "score": 1, "max": 5, "evidence": "All pricing and access conditions hidden behind sales contact. Four team-size segments disclosed (1\u201350, 51\u20131K, 1K\u201310K, 10K+ users) but no conditions, terms, or access rules associated with these. Contact sales or enterprise@mintmcp.com required." }, { "id": "P2-E", "pillar": "P2", "name": "Semantic Precision", "score": 3, "max": 5, "evidence": "Technical documentation is substantively precise: OAuth 2.1 with PKCE, SAML/SSO, JSON-RPC, SOC 2 Type II, response latency monitoring, audit log format with user attribution. Specific protocol and compliance terminology used accurately throughout." }, { "id": "P3-A", "pillar": "P3", "name": "Verifiable Performance", "score": 3, "max": 5, "evidence": "SOC 2 Type II certification verified (the highest level \u2014 ongoing audits, not a one-time assessment). Named enterprise customers: Coursera, Harvey AI, Flux AI, AC Transit. Self-reported claims only on uptime/performance \u2014 no public status page or third-party uptime dashboard found." }, { "id": "P3-B", "pillar": "P3", "name": "Scoped Permissions", "score": 4, "max": 5, "evidence": "Role-based access control is a core product feature (\"Sales teams see CRM tools, engineers see code tools\"). SSO-based credential management scopes access by user type. Policy enforcement at the gateway level. Agent-scoped permissions with action-bounded controls are the explicit value proposition." }, { "id": "P3-C", "pillar": "P3", "name": "Audit Trail", "score": 4, "max": 5, "evidence": "Complete audit trails for every tool call are a core product feature. Centralized logging with user attribution documented. Captures file operations, command execution, and tool invocations in real-time. The product exists to make agent actions auditable \u2014 this is the strongest pillar score." }, { "id": "P3-D", "pillar": "P3", "name": "Behavioral Consistency", "score": 3, "max": 5, "evidence": "SOC 2 Type II implies ongoing, audited consistency. Enterprise SLAs mentioned (\"high availability \u2014 enterprise SLAs\") but specific SLA terms not published. No versioned terms or explicit notice periods found. The product's governance positioning implies stability commitment." }, { "id": "P4-A", "pillar": "P4", "name": "Friction-Free Activation", "score": 1, "max": 5, "evidence": "No self-serve tier, no public API key, no free trial that is agent-accessible. Getting started requires scheduling a consultation or emailing enterprise@mintmcp.com. A sales call is required before any access. Maximum friction for an autonomous agent buyer." }, { "id": "P4-B", "pillar": "P4", "name": "Agent Decision Signals", "score": 1, "max": 5, "evidence": "No free tier, no programmatic trial signal, no agent-legible \"when to act\" indicator. The only signals available are the existence of a pricing page (team size segmentation) and a free trial form \u2014 both require human action to proceed." }, { "id": "P5-A", "pillar": "P5", "name": "Integration Depth", "score": 4, "max": 5, "evidence": "10,000+ MCP servers accessible through the gateway. Deep integration with enterprise data systems (Snowflake, BigQuery, Google Drive, Salesforce, Slack, etc.). Role-based tool access creates organizational-level lock-in. Replacing MintMCP means re-establishing all server connections, auth configs, and access policies across every AI tool in the organization. High switching cost." }, { "id": "P5-B", "pillar": "P5", "name": "Agent Memory Layer", "score": 3, "max": 5, "evidence": "Comprehensive audit logs create a rich historical record of agent behavior. Real-time agent monitoring feeds behavioral data back into the system. Account-level history is maintained. Not quite a queryable agent memory API, but audit trail data is structurally close to one." }, { "id": "P5-C", "pillar": "P5", "name": "Programmatic Renewal", "score": 1, "max": 5, "evidence": "Enterprise licensing model. No programmatic renewal API or agent-accessible subscription management found. Renewal is human-managed via sales relationship." }, { "id": "P5-D", "pillar": "P5", "name": "Compounding Value Signal", "score": 2, "max": 5, "evidence": "The audit trail and agent behavior data compounds over time \u2014 more usage means richer governance history, better anomaly detection, and stronger compliance posture. But no agent-readable signal of this compounding value is exposed (no API endpoint to query \"your security posture improvement score\" or similar)." } ], "strongest_signals": [ { "title": "Audit Trail (P3-C: 4/5)", "detail": "\u2014 Every agent tool call is logged with full attribution. This is rare and genuinely agent-native: a governance product that captures exactly what autonomous agents do, making it one of the few products on the market that has built its audit infrastructure around agent behavior from day one." }, { "title": "Scoped Permissions (P3-B: 4/5)", "detail": "\u2014 Role-based access control that limits tool visibility by agent type is a sophisticated agent-native trust mechanism. The ability to scope what an AI agent can see and do at the gateway level is a strong differentiator." }, { "title": "Integration Depth (P5-A: 4/5)", "detail": "\u2014 Access to 10,000+ MCP servers through a single gateway with centralized auth creates very high switching costs and deep organizational gravity. Once adopted at enterprise scale, MintMCP becomes load-bearing infrastructure." }, { "title": "llms.txt Present (P1-C: 3/5)", "detail": "\u2014 One of relatively few enterprise B2B SaaS tools with a confirmed /llms.txt, signaling at least baseline agent-readiness awareness." } ], "critical_gaps": [ { "title": "Zero Pricing Transparency (P1-B: 0/5)", "detail": "\u2014 No public pricing anywhere. An AI agent \u2014 or any buyer \u2014 cannot evaluate cost without initiating a human sales process. This is the single biggest barrier to being discovered, evaluated, and selected by AI agent buyers." }, { "title": "Maximum Activation Friction (P4-A: 1/5)", "detail": "\u2014 No self-serve option, no free tier, no trial accessible without human contact. An AI agent cannot autonomously activate MintMCP. For a product built to serve AI agents, requiring a sales call to get started is a fundamental contradiction." }, { "title": "No Schema.org Markup (P1-A: 1/5)", "detail": "\u2014 No structured data for machine buyers to parse. Combined with no public pricing, MintMCP is entirely invisible to AI agents trying to evaluate and compare governance tools." }, { "title": "No Public SLA Terms (P3-D partial)", "detail": "\u2014 \"Enterprise SLAs\" promised but terms not published. An autonomous agent cannot make a reliability-based decision without machine-readable SLA parameters." } ], "priority_actions": [ { "action": "Publish a transparent starter/trial tier", "points_gain": 5, "pillar": "P4", "effort": "Med" }, { "action": "Enhance /llms.txt with structured capability index", "points_gain": 2, "pillar": "P1", "effort": "Low" }, { "action": "Add schema.org markup for Organization and Product", "points_gain": 3, "pillar": "P1", "effort": "Low" }, { "action": "Publish a machine-readable SLA document", "points_gain": 2, "pillar": "P3", "effort": "Low" } ], "executive_summary": "MintMCP scores 45/100 \u2014 Human-Dependent \u2014 a telling result for a product whose entire value proposition is enabling AI agents to work safely. Its Trust Envelope (14/20) is the strongest on record in this audit series: the audit trail and scoped permission model are genuinely agent-native capabilities built into the product's core. However, MintMCP is nearly inaccessible to the AI buyers it serves \u2014 zero public pricing (0/5), no self-serve activation (1/5), and no schema.org markup mean an AI agent cannot discover, evaluate, or activate MintMCP without a human sales intermediary. The top priority is clear: create a self-serve entry path and publish at least a pricing range. MintMCP has the right product architecture for the agent economy \u2014 it just hasn't yet extended that machine-readability to its own offer infrastructure.", "rubric_version": "v1-2026-04 (20 criteria, 100 raw points; P3-E Agent Registration added to rubric v2 in 2026-06, not scored in this audit)", "framework": "Agent Native Offers \u2014 The Agent Sale framework", "source_file": "2026-04-09 \u2014 MintMCP \u2014 Agent Native Offer Audit.md", "rank": 25 }