Discover MCP server card [warning]! No MCP server card was found at current, transitional, or linked discovery paths.INFODiscover MCP server card candidateCount=5INFOBuild MCP server-card candidate list currentPath="/.well-known/mcp-server-card" transitionalPaths=["/.well-known/mcp/server-card.json","/.well-known/mcp/server-cards.json","/mcp.json","/.well-known/mcp.json"] linkedPaths=[]PASSCheck whether page claims MCP support actual=false expected="true only when HTML or Link headers mention MCP" textMatches=[] headerLinkCount=0INFOTrying to fetch /.well-known/mcp-server-card url="https://wraps.dev/.well-known/mcp-server-card" source="current"FAIL/.well-known/mcp-server-card did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"INFOTrying to fetch /.well-known/mcp/server-card.json url="https://wraps.dev/.well-known/mcp/server-card.json" source="transitional"FAIL/.well-known/mcp/server-card.json did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"INFOTrying to fetch /.well-known/mcp/server-cards.json url="https://wraps.dev/.well-known/mcp/server-cards.json" source="transitional"FAIL/.well-known/mcp/server-cards.json did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"INFOTrying to fetch /mcp.json url="https://wraps.dev/mcp.json" source="transitional"FAIL/mcp.json did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"INFOTrying to fetch /.well-known/mcp.json url="https://wraps.dev/.well-known/mcp.json" source="transitional"FAIL/.well-known/mcp.json did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"WARNNo MCP server card was found reason="No MCP server card was found at current, transitional, or linked discovery paths."

Classify AI crawler rules [fail]! No explicit User-agent rules were found for major AI crawler tokens.INFOClassify AI crawler rulesINFOParsing User-agent groups and Allow/Disallow records for known AI crawler tokens evaluatedPath="/"INFOEvaluating exact User-agent matches before wildcard fallback exactAiPolicyCount=0 totalCrawlerTokens=18FAILNo explicit AI crawler User-agent groups were found examplesExpected=["GPTBot","OAI-SearchBot","ClaudeBot","Google-Extended","CCBot"]FAILCompare explicit AI crawler coverage actual=0 expected="> 0 explicit non-search AI crawler policies" missingTokens=["GPTBot","OAI-SearchBot","ChatGPT-User","ClaudeBot","Claude-SearchBot","Claude-User","Google-Extended","Applebot-Extended","Amazonbot","Amzn-SearchBot","Amzn-User","PerplexityBot"]INFOResolved effective root-path policy for crawler tokens blocked=0 allowed=21 unspecified=0

Markdown representation [fail]! No usable Markdown representation was found through negotiation, advertised alternates, or conservative .md mirror checks.INFOMarkdown representationFAILCheck usable Markdown representation was selected actual={"source":"negotiated","url":"https://wraps.dev/","statusCode":200,"contentType":"text/markdown; charset=utf-8","mediaType":"text/markdown","vary":"Accept","requireVaryAccept":true,"contentTypeStatus":"pass","cacheStatus":"pass","bodyStatus":"fail","pass":false,"quality":{"valid":false,"formatStatus":"fail","dialect":"mdx-like","hasHeading":true,"headingCount":4,"wordCount":199,"features":{"markdownLinks":8,"referenceLinks":0,"listItems":8,"tables":1,"taskListItems":0,"fencedCodeBlocks":3,"yamlFrontmatter":false,"jsonLdFencedBlocks":0,"admonitions":0,"strikethrough":0,"autolinks":0,"rawHtmlTags":2,"jsxOrMdxSignals":1},"issues":["mdx-jsx-source-leakage"],"excerpt":"# Wraps\n\n> Deploy email, SMS, and CDN infrastructure to your AWS account with one command.\n> Modern DX. AWS economics. Full ownership.\n\nWraps is a CLI and TypeScript SDK that deploys production-ready AWS infrastructure (SES, Lambda, DynamoD","issue":"Markdown response appears to expose MDX/JSX source rather than rendered agent-facing Markdown."}} expected="negotiated, advertised alternate, or conventional mirror" selected={"source":"negotiated","url":"https://wraps.dev/","statusCode":200,"contentType":"text/markdown; charset=utf-8","mediaType":"text/markdown","vary":"Accept","requireVaryAccept":true,"contentTypeStatus":"pass","cacheStatus":"pass","bodyStatus":"fail","pass":false,"quality":{"valid":false,"formatStatus":"fail","dialect":"mdx-like","hasHeading":true,"headingCount":4,"wordCount":199,"features":{"markdownLinks":8,"referenceLinks":0,"listItems":8,"tables":1,"taskListItems":0,"fencedCodeBlocks":3,"yamlFrontmatter":false,"jsonLdFencedBlocks":0,"admonitions":0,"strikethrough":0,"autolinks":0,"rawHtmlTags":2,"jsxOrMdxSignals":1},"issues":["mdx-jsx-source-leakage"],"excerpt":"# Wraps\n\n> Deploy email, SMS, and CDN infrastructure to your AWS account with one command.\n> Modern DX. AWS economics. Full ownership.\n\nWraps is a CLI and TypeScript SDK that deploys production-ready AWS infrastructure (SES, Lambda, DynamoD","issue":"Markdown response appears to expose MDX/JSX source rather than rendered agent-facing Markdown."}} candidatesChecked=2FAILMarkdown representation failed issue="No usable Markdown representation was found through negotiation, advertised alternates, or conservative .md mirror checks."Same-URL negotiation [fail]! Same-URL Accept: text/markdown did not return a valid Markdown representation.INFOSame-URL negotiationFAILCheck negotiated Markdown response actual={"statusCode":200,"mediaType":"text/markdown","vary":"Accept"} expected="HTTP 2xx text/markdown with Vary: Accept" url="https://wraps.dev/" statusCode=200 mediaType="text/markdown" vary="Accept"FAILSame-URL negotiation failed issue="Same-URL Accept: text/markdown did not return a valid Markdown representation."Markdown format validation [fail]! Markdown response appears to expose MDX/JSX source rather than rendered agent-facing Markdown.INFOMarkdown format validationFAILCheck Markdown body quality actual={"valid":false,"wordCount":199,"headingCount":4,"dialect":"mdx-like"} expected="valid Markdown with substantive text and headings" valid=false dialect="mdx-like" wordCount=199 headingCount=4FAILMarkdown format validation failed issue="Markdown response appears to expose MDX/JSX source rather than rendered agent-facing Markdown."Advertised Markdown alternate [warning]! No Link or HTML rel=alternate text/markdown URL was advertised.INFOAdvertised Markdown alternateWARNCheck advertised Markdown alternate candidates actual=0 expected="> 0 when HTML advertises a Markdown alternate" advertisedUrls=[] candidateCount=0WARNAdvertised Markdown alternate has a warning issue="No Link or HTML rel=alternate text/markdown URL was advertised."Conventional .md mirror [fail]! Conventional .md mirror candidates did not return valid Markdown.INFOConventional .md mirrorFAILCheck conventional Markdown mirror candidates actual=1 expected="> 0 when a conventional mirror is discoverable" conventionalUrls=["https://wraps.dev/index.html.md"] candidateCount=1FAILConventional .md mirror failed issue="Conventional .md mirror candidates did not return valid Markdown."

Discover Agent Skills index [warning]! Agent Skills index was found only at the legacy /.well-known/skills/index.json path.INFODiscover Agent Skills indexINFOTry Agent Skills index paths in priority order paths=["/.well-known/agent-skills/index.json","/.well-known/skills/index.json"]WARNAgent Skills index candidate was not usable path="/.well-known/agent-skills/index.json" url="https://wraps.dev/.well-known/agent-skills/index.json" statusCode=404PASSFetched Agent Skills index candidate path="/.well-known/skills/index.json" url="https://wraps.dev/.well-known/skills/index.json" statusCode=200 contentType="application/json" bytes=1699 selected="selected"WARNAgent Skills index was found only at the legacy /.well-known/skills/index.json path.Validate discovery index schema [fail]! Agent Skills index must use $schema https://schemas.agentskills.io/discovery/0.2.0/schema.json.INFOValidate discovery index schemaINFOParse Agent Skills index JSON validJson=true contentTypeCompatible=trueFAILCompare $schema URI expected="https://schemas.agentskills.io/discovery/0.2.0/schema.json"FAILCompare top-level schema issue count actual=1 expected=0FAILCompare unknown top-level field count actual=0 expected=0FAILAgent Skills index must use $schema https://schemas.agentskills.io/discovery/0.2.0/schema.json.Validate skill entries [fail]! One or more Agent Skills entries have invalid required fields.INFOValidate skill entriesFAILCompare advertised skill count actual=8 expected="> 0"FAILCompare valid skill entry count actual=0 expected="same as advertised skill count"FAILInvalid skill entry skill={"index":0,"valid":false,"name":"aws-ses-best-practices","type":"","description":"Email deliverability, warming, compliance, and operational guidelines for AWS Simple Email Service.","url":"","digest":"","resolvedUrl":"https://wraps.dev/.well-known/skills/index.json","originClass":"same-origin","missing":["type","url","digest"],"invalid":[],"warnings":[]}FAILInvalid skill entry skill={"index":1,"valid":false,"name":"email-content-guide","type":"","description":"Best practices for email content that avoids spam filters. Apply these rules when writing email copy, building templates, or debugging spam placement issues.","url":"","digest":"","resolvedUrl":"https://wraps.dev/.well-known/skills/index.json","originClass":"same-origin","missing":["type","url","digest"],"invalid":[],"warnings":[]}FAILInvalid skill entry skill={"index":2,"valid":false,"name":"ses-troubleshoot","type":"","description":"Interactive SES deliverability troubleshooting. Diagnoses bounces, spam placement, send failures, account health, and complaint issues with targeted AWS CLI commands and ordered remediation steps.","url":"","digest":"","resolvedUrl":"https://wraps.dev/.well-known/skills/index.json","originClass":"same-origin","missing":["type","url","digest"],"invalid":[],"warnings":["description should explain when to use the skill"]}FAILInvalid skill entry skill={"index":3,"valid":false,"name":"wraps-cli","type":"","description":"CLI that deploys SES, DynamoDB, Lambda, and IAM resources to your AWS account with automatic DKIM, SPF, DMARC configuration.","url":"","digest":"","resolvedUrl":"https://wraps.dev/.well-known/skills/index.json","originClass":"same-origin","missing":["type","url","digest"],"invalid":[],"warnings":[]}FAILInvalid skill entry skill={"index":4,"valid":false,"name":"wraps-email","type":"","description":"TypeScript SDK for AWS SES with automatic credential resolution, React.email support, and template management.","url":"","digest":"","resolvedUrl":"https://wraps.dev/.well-known/skills/index.json","originClass":"same-origin","missing":["type","url","digest"],"invalid":[],"warnings":[]}FAILInvalid skill entry skill={"index":5,"valid":false,"name":"wraps-quickstart","type":"","description":"Get started with Wraps email infrastructure. Guides through deploying infrastructure, verifying a domain, installing the SDK, and sending the first email. Adapts to project framework and hosting provider.","url":"","digest":"","resolvedUrl":"https://wraps.dev/.well-known/skills/index.json","originClass":"same-origin","missing":["type","url","digest"],"invalid":[],"warnings":[]}FAILInvalid skill entry skill={"index":6,"valid":false,"name":"wraps-sms","type":"","description":"TypeScript SDK for AWS End User Messaging (Pinpoint SMS) with opt-out management, batch sending, and E.164 validation.","url":"","digest":"","resolvedUrl":"https://wraps.dev/.well-known/skills/index.json","originClass":"same-origin","missing":["type","url","digest"],"invalid":[],"warnings":[]}FAILInvalid skill entry skill={"index":7,"valid":false,"name":"wraps-workflows","type":"","description":"Build email and SMS automation workflows using the @wraps.dev/client TypeScript DSL. Covers triggers, steps, branching, cascades, and the full defineWorkflow API.","url":"","digest":"","resolvedUrl":"https://wraps.dev/.well-known/skills/index.json","originClass":"same-origin","missing":["type","url","digest"],"invalid":[],"warnings":["description should explain when to use the skill"]}FAILOne or more Agent Skills entries have invalid required fields.Verify advertised artifacts [warning]! No valid skill artifacts were available to verify.INFOVerify advertised artifactsWARNCompare artifact fetch count actual=0 expected="> 0"WARNNo valid skill artifacts were available to verify.Validate skill content [warning]INFOValidate skill contentWARNAgent Skills step completed with warningsReview skill artifact security [warning]INFOReview skill artifact securityWARNCompare security finding count actual=0 expected=0WARNAgent Skills step completed with warnings

Warn when auth surface lacks Auth.md [warning]! The site appears to support login, signup, account access, or credentials but does not publish /auth.md.INFOWarn when auth surface lacks Auth.mdWARNThe site appears to support login, signup, account access, or credentials but does not publish /auth.md.

Detect protected-resource applicability [warning]! Generic authentication signals were found, but no OAuth Protected Resource metadata signal was detected.INFODetect protected-resource applicabilityINFOInspecting auth headers, MCP/OAuth claims, and protected-resource hints applies=false requiresAuthorizationServers=false signalsCount=0 genericAuthSignalsCount=2 checkedCount=1WARNCheck protected-resource metadata applicability actual=false expected="true when RFC 9728 metadata exists or support is claimed" checked=[{"url":"https://wraps.dev/.well-known/oauth-protected-resource","path":"/.well-known/oauth-protected-resource","source":"root-well-known","resourceIdentifier":"https://wraps.dev","statusCode":404,"contentType":"text/html; charset=utf-8","length":19708}]WARNDetect protected-resource applicability completed with warnings issue="Generic authentication signals were found, but no OAuth Protected Resource metadata signal was detected."

Discover RSL declarations [warning]! No RSL declarations were found.INFODiscover RSL declarationsINFOChecking robots.txt License records, HTTP Link rel=license headers, HTML license links, and inline RSL XML robotsFound=trueSKIPCount discovered RSL declarations actual=0 expected=">= 1 when RSL licensing terms are published" sources={}WARNNo RSL declarations were found on any supported discovery surface.

Fetch /.well-known/tdmrep.json [warning]! No TDMRep declaration was found at /.well-known/tdmrep.json.INFOFetch /.well-known/tdmrep.jsonINFORequesting origin-level TDMRep declaration at /.well-known/tdmrep.jsonWARNCompare TDMRep file response actual=404 expected="2xx with JSON array when origin-level TDMRep is published" contentType="text/html; charset=utf-8" length=19708WARNNo TDMRep declaration was found at /.well-known/tdmrep.json. 

Discover OpenAPI document [warning]! The site appears to publish or document a public API, but no OpenAPI or Swagger document was found.INFODiscover OpenAPI document status="warning"INFOBuild OpenAPI candidate list conventionalPaths=19 candidateCount=19 sources={"conventional-path":19}INFOFetch OpenAPI candidate path="/openapi.json" source="conventional-path" statusCode=404 contentType="text/html; charset=utf-8"INFOFetch OpenAPI candidate path="/openapi.yaml" source="conventional-path" statusCode=404 contentType="text/html; charset=utf-8"INFOFetch OpenAPI candidate path="/swagger.json" source="conventional-path" statusCode=404 contentType="text/html; charset=utf-8"INFOFetch OpenAPI candidate path="/swagger.yaml" source="conventional-path" statusCode=404 contentType="text/html; charset=utf-8"INFOFetch OpenAPI candidate path="/api/openapi.json" source="conventional-path" statusCode=404 contentType="text/html; charset=utf-8"INFOFetch OpenAPI candidate path="/api/openapi.yaml" source="conventional-path" statusCode=404 contentType="text/html; charset=utf-8"INFOFetch OpenAPI candidate path="/api/swagger.json" source="conventional-path" statusCode=404 contentType="text/html; charset=utf-8"INFOFetch OpenAPI candidate path="/api/swagger.yaml" source="conventional-path" statusCode=404 contentType="text/html; charset=utf-8"INFOFetch OpenAPI candidate path="/docs/openapi.json" source="conventional-path" statusCode=404 contentType="text/html; charset=utf-8"INFOFetch OpenAPI candidate path="/docs/openapi.yaml" source="conventional-path" statusCode=404 contentType="text/html; charset=utf-8"INFOFetch OpenAPI candidate path="/api-docs" source="conventional-path" statusCode=404 contentType="text/html; charset=utf-8"INFOFetch OpenAPI candidate path="/v3/api-docs" source="conventional-path" statusCode=404 contentType="text/html; charset=utf-8"WARNSelect a usable OpenAPI candidate actual="none" expected="same-origin candidate with a parseable OpenAPI or Swagger document"WARNThe site appears to publish or document a public API, but no OpenAPI or Swagger document was found.

Detect WebMCP runtime API [warning]! WebMCP-like strings were found, but rendered browser evidence did not confirm a usable runtime API.INFODetect WebMCP runtime API status="warning"INFOProbe rendered browser for WebMCP runtime objects WARNCheck current W3C runtime API actual="not detected" expected="document.modelContext/registerTool available"WARNWebMCP-like strings were found, but rendered browser evidence did not confirm a usable runtime API.Probe WebMCP operability [warning]! Static WebMCP runtime strings were found, but rendered browser probing did not confirm a runtime API.INFOProbe WebMCP operability status="warning"INFORun safe WebMCP operability checks safeProbeOnly=trueWARNCheck usable WebMCP evidence actual=0 expected="at least 1 usable runtime, declarative, annotation, or static manifest signal"WARNWebMCP operability warning warning="Static WebMCP runtime strings were found, but rendered browser probing did not confirm a runtime API."WARNWebMCP operability warning warning="Conventional WebMCP manifest paths were checked but did not return a valid manifest."WARNStatic WebMCP runtime strings were found, but rendered browser probing did not confirm a runtime API.Validate declarative WebMCP form tools [informational]! No W3C-style declarative WebMCP form attributes were found.INFOValidate declarative WebMCP form tools status="informational"INFOInspect visible forms and controls for current declarative WebMCP attributes annotatedElements=0 formsWithAttributes=0 controlsWithAttributes=0SKIPValidate declarative WebMCP attribute quality actual=0 expected=0INFONo W3C-style declarative WebMCP form attributes were found. status="informational"Validate MCP-aware HTML annotations [informational]! No data-mcp-tool or hyphenated WebMCP compatibility annotations were found.INFOValidate MCP-aware HTML annotations status="informational"INFOInspect HTML for MCP compatibility annotations compatibilityAttributeCount=0 dataMcpToolCount=0 examples=[]SKIPValidate compatibility annotation quality actual=0 expected=0INFONo data-mcp-tool or hyphenated WebMCP compatibility annotations were found. status="informational"Validate static WebMCP JSON compatibility [warning]! No static WebMCP JSON manifest or WMCP interaction graph was found.INFOValidate static WebMCP JSON compatibility status="warning"INFODiscover static WebMCP manifest candidates conventionalPaths=["/.well-known/webmcp.json","/webmcp.json"] checkedCount=2 profileCounts={}INFOWebMCP manifest candidate checked source="path" path="/.well-known/webmcp.json" url="https://wraps.dev/.well-known/webmcp.json" statusCode=404 contentType="text/html; charset=utf-8"INFOWebMCP manifest candidate checked source="path" path="/webmcp.json" url="https://wraps.dev/webmcp.json" statusCode=404 contentType="text/html; charset=utf-8"WARNValidate discovered static WebMCP metadata actual={"validManifestCount":0,"invalidManifestCount":0,"toolCount":0,"wmcpActionCount":0} expected="at least 1 valid tools[] manifest or WMCP graph when static metadata is present"WARNNo static WebMCP JSON manifest or WMCP interaction graph was found.

Find enforcing CSP delivery [fail]! Applicable HTML response is missing an enforcing Content-Security-Policy header.INFOFind enforcing CSP deliveryINFORead CSP delivery headers enforcingHeader="missing" reportOnlyHeader="missing" metaPolicyCount=0 legacyHeadersPresent=[]FAILRequire enforcing Content-Security-Policy header actual="missing" expected="present" issue="Applicable HTML response is missing an enforcing Content-Security-Policy header."FAILApplicable HTML response is missing an enforcing Content-Security-Policy header.

Validate metadata profile [fail]! OAuth/OIDC discovery metadata did not match the expected profile. missing: response_types_supported.INFOValidate metadata profileINFOParsing and validating OAuth/OIDC metadata profile valid=false compatibleContentType=true profile="oauth-authorization-server" issue="OAuth/OIDC discovery metadata did not match the expected profile. missing: response_types_supported." missingCount=1 warningsCount=6 endpointIssuesCount=0 issuer="https://api.wraps.dev" tokenEndpoint="https://app.wraps.dev/api/auth/device/token"PASSCheck metadata profile was recognized actual="oauth-authorization-server" expected="oauth-authorization-server, oidc, or hybrid"FAILCheck required metadata fields are present actual=1 expected=0 missing=["response_types_supported"]WARNCheck OAuth metadata is fully usable by browser and agent clients actual="6 client-usage warning(s)" expected="no CORS, endpoint, or compatibility warnings" warnings=["jwks_uri is omitted; this can be valid for pure OAuth metadata but limits signed-token/OIDC verification.","scopes_supported is omitted; clients may need additional documentation to request correct scopes.","PKCE code_challenge_methods_supported is omitted.","response_modes_supported is omitted.","revocation_endpoint is omitted.","introspection_endpoint is omitted."]WARNOAuth metadata client-usage warning warning="jwks_uri is omitted; this can be valid for pure OAuth metadata but limits signed-token/OIDC verification."WARNOAuth metadata client-usage warning warning="scopes_supported is omitted; clients may need additional documentation to request correct scopes."WARNOAuth metadata client-usage warning warning="PKCE code_challenge_methods_supported is omitted."WARNOAuth metadata client-usage warning warning="response_modes_supported is omitted."WARNOAuth metadata client-usage warning warning="revocation_endpoint is omitted."WARNOAuth metadata client-usage warning warning="introspection_endpoint is omitted."FAILValidate metadata profile failed issue="OAuth/OIDC discovery metadata did not match the expected profile. missing: response_types_supported."

Discover agents.json [warning]! No Wildcard-style agents.json file was found.INFODiscover agents.jsonINFOTry agents.json discovery paths in priority order paths=["/.well-known/agents.json","/agents.json"]WARNagents.json candidate path did not return a usable contract path="/.well-known/agents.json" statusCode=404 contentType="text/html; charset=utf-8"WARNagents.json candidate path did not return a usable contract path="/agents.json" statusCode=404 contentType="text/html; charset=utf-8"WARNNo agents.json candidate was selectedWARNNo Wildcard-style agents.json file was found.

Query DNS-AID records [warning]! No DNS-AID HTTPS/SVCB records were found under _agents.INFOQuery DNS-AID recordsINFOBuild DNS-AID query names from hostname hostname="wraps.dev" labels=["_index._agents.wraps.dev","_a2a._agents.wraps.dev"] claimedOnPage=falseWARNDNS query returned no DNS-AID answers name="_index._agents.wraps.dev" rrtype="HTTPS" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_index._agents.wraps.dev" rrtype="SVCB" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_index._agents.wraps.dev" rrtype="ANY" resolver="node-resolveAny-fallback" answerCount=0 error="queryAny ETIMEOUT _index._agents.wraps.dev"WARNDNS query returned no DNS-AID answers name="_a2a._agents.wraps.dev" rrtype="HTTPS" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_a2a._agents.wraps.dev" rrtype="SVCB" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_a2a._agents.wraps.dev" rrtype="ANY" resolver="node-resolveAny-fallback" answerCount=0 error="queryAny ETIMEOUT _a2a._agents.wraps.dev"WARNCompare total DNS-AID answer count actual=0 expected="> 0"WARNNo DNS-AID HTTPS/SVCB records were found under _agents.Check DNSSEC authentication evidence [warning]! DNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.INFOCheck DNSSEC authentication evidenceWARNCompare DNSSEC authenticated-data flag actual=false expected=trueWARNCompare visible DNSSEC material actual=false expected=trueWARNResolver did not confirm authenticated DNSSEC data name="_index._agents.wraps.dev" rrtype="HTTPS" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.wraps.dev" rrtype="SVCB" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.wraps.dev" rrtype="ANY" resolver="node-resolveAny-fallback" dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.wraps.dev" rrtype="HTTPS" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.wraps.dev" rrtype="SVCB" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.wraps.dev" rrtype="ANY" resolver="node-resolveAny-fallback" dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.wraps.dev" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.wraps.dev" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="wraps.dev" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNDNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.

WebSite entity [fail]! No WebSite entity was found in Schema.org structured data.INFOWebSite entityINFOLooking for WebSite entity in structured data FAILCheck WebSite entity presence actual=false expected=true fields=[{"name":"WebSite.@type","present":false},{"name":"WebSite.@id","present":false},{"name":"WebSite.name","present":false},{"name":"WebSite.url","present":false},{"name":"WebSite.publisher.@id","present":false},{"name":"WebSite.publisher.name","present":false},{"name":"WebSite.publisher.url","present":false}]FAILWebSite entity is missingIdentity fields [warning]! Missing identity field(s): WebSite.name, WebSite.url.INFOIdentity fieldsINFOChecking Organization and WebSite name/url fields organizationFormat="json-ld"WARNCheck required identity fields actual=2 expected=4 missing=["WebSite.name","WebSite.url"] organizationFields=[{"name":"Organization.@type","present":true,"value":"Organization","format":"json-ld"},{"name":"Organization.@id","present":false,"format":"json-ld"},{"name":"Organization.name","present":true,"value":"Wraps","format":"json-ld"},{"name":"Organization.url","present":true,"value":"https://wraps.dev","format":"json-ld"},{"name":"Organization.logo","present":true,"value":"https://wraps.dev/logo.png","format":"json-ld"},{"name":"Organization.sameAs","present":true,"value":["https://github.com/wraps-team/wraps","https://twitter.com/useWraps"],"format":"json-ld"}] websiteFields=[{"name":"WebSite.@type","present":false},{"name":"WebSite.@id","present":false},{"name":"WebSite.name","present":false},{"name":"WebSite.url","present":false},{"name":"WebSite.publisher.@id","present":false},{"name":"WebSite.publisher.name","present":false},{"name":"WebSite.publisher.url","present":false}]WARNCheck identity URLs match scanned origin actual={"organizationUrlMatchesOrigin":true,"websiteUrlMatchesOrigin":false} expected={"organizationUrlMatchesOrigin":true,"websiteUrlMatchesOrigin":true}WARNIdentity fields are partially complete missing=["WebSite.name","WebSite.url"]WebSite publisher linkage [fail]! WebSite.publisher is missing.INFOWebSite publisher linkageINFOChecking whether WebSite.publisher points to the Organization entity organizationFormat="json-ld"FAILCheck publisher presence actual=false expected=true publisher={"present":false,"matchesOrganization":false} website={} organization={"name":"Wraps","url":"https://wraps.dev"}FAILCheck publisher matches Organization actual=false expected=trueFAILWebSite publisher is missing

Schema.org attribution [warning]! Schema.org attribution is incomplete or relies only on publisher/fallback evidence.INFOSchema.org attributionINFOChecking structured data for author, creator, and publisher contributorsWARNCheck named Schema.org author count actual=0 expected="> 0" authorCount=0 publisherCount=0 namedContributors=0 authors=[] publishers=[] formats=[]WARNSchema.org attribution is incomplete or fallback-only authorCount=0 publisherCount=0 authors=[] publishers=[]Author identity quality [fail]! No named author or publisher identity could be extracted.INFOAuthor identity qualityINFOChecking contributors for stable identity signalsFAILCheck identified contributor count actual=0 expected="> 0" namedContributors=0 identifiedContributors=[] unidentifiedContributors=[]FAILNo named contributor identity could be extracted

Discover A2A Agent Card [warning]! The A2A Agent Card was found at a legacy or fallback path.INFODiscover A2A Agent CardINFOTry A2A discovery paths in priority order paths=["/.well-known/agent-card.json","/.well-known/agent.json","/agent-card.json","/.well-known/a2a/agent-card.json"]WARNA2A candidate path did not return a usable card path="/.well-known/agent-card.json" statusCode=404 contentType="text/html; charset=utf-8"PASSFound an A2A candidate path="/.well-known/agent.json" statusCode=200 contentType="application/json; charset=utf-8" bytes=3108WARNA2A candidate path did not return a usable card path="/agent-card.json" statusCode=404 contentType="text/html; charset=utf-8"WARNA2A candidate path did not return a usable card path="/.well-known/a2a/agent-card.json" statusCode=404 contentType="text/html; charset=utf-8"WARNSelected non-canonical A2A Agent Card path="/.well-known/agent.json" pathClass="legacy-a2a" requestedUrl="https://wraps.dev/.well-known/agent.json"WARNThe A2A Agent Card was found at a legacy or fallback path.Review public-card safety [warning]! The A2A Agent Card security declarations need review.INFOReview public-card safetyWARNCompare public secret findings actual=0 expected=0WARNSecurity declaration needs review warning="security scheme \"bearer\" is declared but not referenced by security requirements"WARNSecurity declaration needs review warning="security scheme \"aws_credentials\" is declared but not referenced by security requirements"WARNThe A2A Agent Card security declarations need review.Probe same-origin A2A endpoint [fail]! The same-origin A2A endpoint did not return a valid A2A Message, Task, or authentication challenge.INFOProbe same-origin A2A endpointINFOProbe same-origin A2A endpoint when scanner policy allows itFAILA2A endpoint probe did not validate url="https://wraps.dev/" statusCode=405FAILThe same-origin A2A endpoint did not return a valid A2A Message, Task, or authentication challenge.

Heading structure [fail]! Headings skip levels or include empty heading elements.INFOHeading structureFAILCheck heading structure evidence actual={"counts":{"h1":1,"visibleH1":1,"headings":33,"emptyHeadings":0},"meaningfulH1":true} expected="semantic HTML evidence for this step"FAILHeading structure failed issue="Headings skip levels or include empty heading elements."Buttons and interactive controls [fail]! 3 button controls are missing accessible names.INFOButtons and interactive controlsFAILCheck buttons and interactive controls evidence actual={"counts":{"buttons":23,"inaccessibleButtons":3},"accessibleButtons":false} expected="links, buttons, and form controls expose accessible names"FAILButtons and interactive controls failed issue="3 button controls are missing accessible names."

Check API catalog HEAD Link header [warning]! HEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog".INFOCheck API catalog HEAD Link headerINFOSend HEAD request to API catalog path attempted=true statusCode=200 contentType="application/linkset+json"WARNCompare HEAD Link rel=api-catalog count actual=0 expected="> 0"WARNHEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog". status="warning"Validate API catalog media type [warning]! The API catalog uses application/linkset+json but does not include the recommended RFC 9727 profile parameter.INFOValidate API catalog media typeWARNCompare API catalog media type actual="application/linkset+json" expected="application/linkset+json"WARNCompare RFC 9727 profile parameter actual=false expected=trueWARNThe API catalog uses application/linkset+json but does not include the recommended RFC 9727 profile parameter. status="warning"

Validate CSP frame-ancestors [warning]! Frame protection relies only on X-Frame-Options; CSP frame-ancestors is the modern control.INFOValidate CSP frame-ancestorsINFORead CSP frame-ancestors signals enforcingHeaderPresent=false reportOnlyHeaderPresent=false metaFrameAncestors=false policyCount=0 duplicateDirectives=[]WARNCompare effective frame-ancestors directive actual="missing" expected="valid restrictive enforcing frame-ancestors" issue="Frame protection relies only on X-Frame-Options; CSP frame-ancestors is the modern control."WARNFrame protection relies only on X-Frame-Options; CSP frame-ancestors is the modern control.

Review policy strength [warning]! origin-when-cross-origin can send origin information on HTTPS to HTTP downgrades.INFOReview policy strengthINFOClassify effective referrer policy effectivePolicy="origin-when-cross-origin" classification="weak" strongPolicies=["no-referrer","same-origin","strict-origin","strict-origin-when-cross-origin"] weakPolicies=["no-referrer-when-downgrade","origin","origin-when-cross-origin"] unsafePolicy="unsafe-url"WARNCompare policy privacy strength actual="weak" expected="strong or modern-baseline" issue="origin-when-cross-origin can send origin information on HTTPS to HTTP downgrades."WARNorigin-when-cross-origin can send origin information on HTTPS to HTTP downgrades.Review observed browser responses [warning]! One or more same-origin HTML documents observed by Chrome emitted a weaker Referrer-Policy.INFOReview observed browser responsesINFOSample Chrome-observed same-origin responses observedResponseCount=37 sameOriginCount=35 htmlDocumentCount=1WARNCompare observed Referrer-Policy coverage actual={"missingPolicyCount":0,"unsafeOrInvalidPolicyCount":0,"weakPolicyCount":1,"affected":[{"url":"https://wraps.dev/","status":200,"resourceType":"document","contentType":"text/html; charset=utf-8","referrerPolicy":"origin-when-cross-origin","effectivePolicy":"origin-when-cross-origin","classification":"weak"}]} expected="0 missing, unsafe, invalid, or weak same-origin HTML responses" issue="One or more same-origin HTML documents observed by Chrome emitted a weaker Referrer-Policy."WARNOne or more same-origin HTML documents observed by Chrome emitted a weaker Referrer-Policy.

Page-relevant schema family [fail]! The page has specific visible content intent, but structured data does not include a matching primary schema family.INFOPage-relevant schema familyINFOInferring specific page intent and comparing it with detected Schema.org typesFAILCheck schema types matching specific visible page intent actual=0 expected="> 0" inferredIntents=["software"] expectedTypes=["SoftwareApplication","WebApplication","MobileApplication"] matchingTypes=[] observedTypes=["FAQPage","Organization"]FAILNo primary schema family matches the inferred page intent expectedTypes=["SoftwareApplication","WebApplication","MobileApplication"] primaryTypes=["FAQPage"]

Review subdomain scope [warning]! HSTS is valid, but includeSubDomains is absent.INFOReview subdomain scopeINFOInspect subdomain enforcement scope includeSubDomains=falseWARNCompare includeSubDomains coverage actual="absent" expected="included after subdomains are HTTPS-ready" issue="HSTS is valid, but includeSubDomains is absent."WARNHSTS is valid, but includeSubDomains is absent.

Find advertised IndexNow key location [informational]! No IndexNow key location was advertised in HTML, Link headers, or robots.txt.INFOFind advertised IndexNow key locationINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"WARNNo IndexNow key location was advertised in HTML, Link headers, or robots.txt.Fetch and validate IndexNow key file [informational]! No discoverable IndexNow key file was found.INFOFetch and validate IndexNow key fileINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"INFOFetch each advertised same-origin key file and validate filename/body matchFAILCompare valid IndexNow key file count actual=0 expected="> 0"WARNNo discoverable IndexNow key file was found.