Read the public drift ledger and dashboard

What you'll have · ~3 min

You can read the public drift ledger and dashboard: what the crawler saw change, how to spot a safety-relevant diff, and what the coverage numbers do (and do not) mean.

The ledger is public proof of the problem the gate solves. mcpindex crawls the public MCP registry every day and records which tool contracts silently change between snapshots. No login, no per-user data, and no server pays to be listed. Here is how to read it.

  1. 01

    Open the drift ledger#

    Start with the headline. The top of the ledger is a running count of how many tools changed their declared contract, across how many total changes (a tool can change more than once), plus how many servers were affected.

    Open the drift ledgerthe big count ('N tools changed their contract'), then Servers affected and Safety-relevant contract changes just below it.

  2. 02

    Read an event row#

    Each row in the Events table is one observed contract change, and it is deliberately fingerprint-only:

    ColumnWhat it means
    Tool fingerprintA content hash of the tool, not its name
    Server fingerprintA content hash of the server (a dash if none was recorded)
    Last seenWhen the crawler last saw this contract
    What changedThe change kinds: a new required param, an annotation flip, a narrowed constraint
    SafetyTagged when the change touched a safety-relevant field

    mcpindex reports that a contract changed without publicly naming a specific server.

  3. 03

    Spot a safety-relevant change#

    The Safety column flags a change that touched a safety-relevant field, an annotation flipping to destructive or a new required parameter, for example. Read it as 'this one deserves a look,' not as a confirmed vulnerability. A dash means the change was not safety-relevant.

  4. 04

    See coverage on the dashboard#

    The dashboard pairs two different populations: opt-in telemetry (installs that chose to send salted-fingerprint signals) and the public-registry crawler ledger. They count different things, so the numbers will not match. Coverage is the network growing, because every covered server is one the gate can warn you about on call 1.

    Open the drift dashboardtwo sections, Opt-in telemetry and Crawler ledger. Telemetry is opt-in and off by default, and coverage is not endorsement.

  5. 05

    What the ledger is not#

    It is a contract-diff, not a safety verdict, and not prevention, that is the in-path gate's job, holding the call. And absence is not a clean bill of health: a private or un-crawled tool never appears here at all.

NextInstall the gate and watch your first HOLD
Questions
Does the mcpindex drift ledger name the servers that changed?
No. Every event is fingerprint-only: a content hash of the tool and (when recorded) the server, never the name. mcpindex reports that a contract changed without publicly naming a specific server.
Is a safety-relevant change in the ledger a confirmed vulnerability?
No. The safety-relevant tag means the change touched a safety-relevant field, like an annotation flip or a new required parameter. It flags a change worth reviewing, not a proven exploit. The ledger is a contract-diff, not a safety verdict.