← back to gallery

WebMCP Radar

First public registry of websites that have shipped WebMCP discovery endpoints.

dev-toolswebmcpmcpregistrychromediscoveryagentic-web
Open product ↗

webmcp-radar

The first public registry of WebMCP-enabled websites.

WebMCP entered a Chrome 149 origin trial on May 19, 2026 at Google I/O.
It lets any website expose structured tools to in-browser AI agents
via the W3C Web Machine Learning Community Group spec. Microsoft shipped
Edge 147 support back in March. The W3C draft explicitly flags one thing
as unsolved: discovery. There is no agent-readable directory of
WebMCP-enabled sites.

webmcp-radar fills that gap. It continuously probes candidate domains
for the discovery endpoint, parses each manifest, tracks adoption over
time, and surfaces a public leaderboard at /webmcp-radar/.

Live data sources

Everything shown in the UI comes from a real HTTP fetch. No mocks, no
seeded entries, no Math.random().

| Source | URL | Frequency |
|---|---|---|
| WebMCP probe | https://<domain>/.well-known/webmcp (with /.well-known/mcp and homepage script-tag fallbacks) | per-domain on every scan |
| Curated seed list | seed-domains.json (~80 well-known dev / AI / web-infra domains) | every 6h + once at boot |
| Hacker News | https://hacker-news.firebaseio.com/v0/topstories.json → top 50 stories | every 2h + 90s after boot |
| GitHub trending | https://github.com/trending?since=daily → READMEs → domains | every 12h |
| Live refresh | re-checks every site already marked live | every 30 min |
| User submissions | POST /api/submit | synchronous |

Per-domain politeness: at most 1 outbound request per 10 seconds.

Endpoints

All routes are mounted under BASE_PATH (default /webmcp-radar). Every
endpoint is public — no auth, no API key, no admin pass.

GET  /webmcp-radar/                    SPA dashboard
GET  /webmcp-radar/health              health check (auth-free, 200 OK)
GET  /webmcp-radar/api/stats           counts + last scan time
GET  /webmcp-radar/api/sites           list, supports ?status= ?sort= ?limit= ?offset=
GET  /webmcp-radar/api/sites/:domain   detail + manifest + history
GET  /webmcp-radar/api/changes         recent manifest change events
GET  /webmcp-radar/api/sources         per-source breakdown
GET  /webmcp-radar/api/scan-runs       recent cron runs with timing
POST /webmcp-radar/api/submit          submit a URL for immediate scan

Submissions are IP rate-limited (10/min, in-memory).

Discovery method

For each candidate domain we try, in order:

  1. GET /.well-known/webmcp — parse JSON, count tools / functions / actions / capabilities.
  2. GET /.well-known/mcp — same parse, SEP-1960 fallback for server-style MCP.
  3. GET / (HTML, 256KB cap) — regex for <script src="…webmcp…">, <meta name="webmcp">, or inline window.webmcp references.

Result lands in the sites table with discovery_method recorded.

Stack

Run locally

cp .env.example .env
npm install
npm start
# open http://localhost:4881/webmcp-radar/

Set DISABLE_CRON=true to skip background scans (useful for tests).

Deploy

DEPLOY_MANIFEST.json is the source of truth for the RNDLAB
orchestrator. It declares the port, the systemd unit name, the nginx
upstream and route, and the showcase metadata that lands on holyai.me.
Drop a line into cowork-deploy-bridge/queue.jsonl and the Mac watcher
picks it up.

License

MIT.