Testing
Test MCP endpoints before production
A preflight checklist for generated MCP endpoints: initialize, tools/list, schema validation, auth failure, safe execution, and logging.
Steps
Initialize the endpoint
Start with the protocol handshake. If initialize fails, do not debug individual tools yet.
curl -sS -X POST https://astrail.dev/api/mcp/SERVER_ID \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{}}'Inspect the visible tools
tools/list should show only the tools your public policy allows. Check names, descriptions, input schemas, and auth annotations.
curl -sS -X POST https://astrail.dev/api/mcp/SERVER_ID \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":2,"method":"tools/list","params":{}}'Send a known-bad argument
A production MCP endpoint should reject invalid input before making an upstream call. This catches loose JSON schema mapping and unclear required fields.
curl -sS -X POST https://astrail.dev/api/mcp/SERVER_ID \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 3,
"method": "tools/call",
"params": { "name": "get_pet_by_id", "arguments": { "petId": "" } }
}'Run one read-only happy path
Pick a GET route with deterministic output. The first production smoke should prove end-to-end execution without modifying upstream state.
Review runtime evidence
Check trace id, upstream status, latency, execution mode, and redaction. The goal is not just a green response; it is a debuggable response.
Production checks
FAQ
What is the minimum MCP smoke test?
Run initialize, tools/list, one invalid tools/call, one auth failure, and one read-only happy path.
Should smoke tests call destructive endpoints?
Only in a staging environment with test data. Production launch checks should prefer read-only paths unless you have explicit rollback behavior.