I added GitHub repo trust scoring to my MCP server — behavioral signals, not README claims

The problem with "just check the README" When your AI agent recommends an npm package, it's reasoning over documentation, descriptions, and repository metadata. All of that can be written by anyone in 10 minutes. What the README can't tell you: Whether this project was actually being maintained last month Whether it has one committer or thirty Whether releases are versioned and consistent Behavioral commitment is different. A maintainer who's shipped 40 releases over 6 years and merged 200 PRs last month is demonstrating real investment — not claims. What I shipped today I added lookup_github_repo to the Proof of Commitment MCP server. It's a behavioral trust score (0–100) for any public GitHub repository. Zero install. Works now: { "mcpServers": { "proof-of-commitment": { "type": "streamable-http", "url": "https://poc-backend.amdal-dev.workers.dev/mcp" } } } Then ask Claude or Cursor: "What's the commitment score for vercel/next.js?" "Is facebook/react actively maintained?" "Vet this