Cat-1 · T274 · AI & Agentic Developer Tooling
v1.0

MCP Tool-Definition Linter & Annotation Designer

Paste a Model Context Protocol tool definition and get a deterministic lint against JSON Schema 2020-12, the current tool-naming guidance, the output-schema convention, and the four behaviour annotations. The Annotation Designer answers four behaviour questions and emits a consistent readOnly / destructive / idempotent / openWorld set — with the standing reminder that annotations are advisory hints, never security controls.

⚠ MCP revises every few months. The rules embedded here reflect the 2025-11-25 stable spec with notes from the 2026-07-28 release candidate (breaking, not final). Re-verify against the live specification at modelcontextprotocol.io before relying on any verdict for a production server.
MCP JSON Schema 2020-12 Zero PII Client-Side · No Network
Scope & reliance — 🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only. This linter checks structure and conformance only; it does not execute your tool or verify runtime behaviour. Embedded spec rules are static reference values that may age — verify against current primary sources. Deterministic logic · no inference · zero PII · CC BY 4.0.
▸ Tool Definition (JSON)
Paste a single MCP tool definition object with name, description, inputSchema, and optionally outputSchema and annotations. A deliberately-flawed example is pre-loaded so you can see findings immediately.
▸ Annotation Designer
Answer four behaviour questions; the tool emits a correct annotations object you can paste into the definition above. Reminder: these are hints — a client must never make a trust or safety decision from a server's annotations.
Does the tool modify any state (write, send, mutate)? No → readOnlyHint: true
Can it delete or overwrite existing data? Only meaningful when not read-only
Are repeated identical calls side-effect-free after the first? Only meaningful when not read-only
Does it reach outside the local/user environment? e.g. the open web, external accounts
Human-readable title (optional) Display label; still advisory, not trusted