03 / Scorecard / Auth & Identity
Stack Auth
F
Headless Index
13/100
denominator 40
JAIRF
N/A
Verified
MAY 21, 2026
Methodology v1 · JAIRF v1.0.0
Powered by JAIRF v1.0.0 by Jentic · open methodology at /the-headless-index/methodology
Editorial verdict
Stack Auth is not built for machine consumption today. The Headless Index thesis-fit score of 13/100 fails the floor checks of the index, and JAIRF is recorded as N/A for this vendor because no public OpenAPI specification was reachable for the open-source scorer. In practice, vendors at this tier are not built for machine consumption today: agents can poke at them, but the dashboard remains the source of truth, and the rest of this verdict explains where Stack Auth lands inside that pattern.
On the API surface, the question is whether the API is the product or a layer beneath the dashboard. On API-first posture, the structured collectors did not surface an OpenAPI spec, GraphQL endpoint, or SDK ecosystem strong enough to score this criterion automatically. Editorial follow-up should confirm whether an API spec exists behind authentication or in unindexed documentation.[1] Schema observability is the related test: can an agent introspect the contract from cold, or does it have to read prose documentation to do so? REST documented at docs.stack-auth.com. Open-source codebase exposes the contract directly.[2]
Driving this product through an agent is not realistic with the current surface: the API exists, but it is not the contract the vendor optimises for. On headless operability: On headless operability, the docs crawl did not produce topic coverage sufficient to score programmatic setup, billing, teams, schema, or CLI workflows. A targeted AI review pass should visit the vendor's docs index and confirm what programmatic surfaces actually exist.[3] On the MCP and agent-integration axis, which is the fastest-moving criterion in the index: No first-party Stack Auth MCP server. The open-source positioning makes downstream integration straightforward.[4] Event posture closes the loop: an agent that cannot react to state changes is reduced to polling. On webhooks and events, the docs crawler did not locate a webhooks reference page or events catalog. Editorial review should confirm whether the vendor publishes events at all, and if so whether signing and replay are documented.
Net assessment: Stack Auth fails the floor checks of the methodology, with MCP posture[5] as the most acute gap. Any agent integration here will be brittle and short-lived until the vendor invests in machine-readable surfaces. Not currently suitable for agent consumption.
Verdict by Headless Index pipeline (auto)
// AI-drafted from the evidence layer. Editorial review pending.
Scores
Scorecard detail
Headless Index · 5 sub-criteria
API-first design intentUnknown
UnknownStack Auth is open-source TypeScript-first auth for Next.js. REST and SDK exposed via @stackframe/stack. The product positions as the developer-friendly Clerk alternative.
signals (4)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- −OpenAPI specNot found across 34 probe paths
- −GraphQL endpointNot discovered (5 probes; project-scoped endpoints require a real project ID)
- −SDKs maintainedNone detected in vendor org
cite (3)
- openapi.probes_tried@2026-05-21
- graphql.probes_tried@2026-05-21
- github.sdks@2026-05-21
Headless operationUnknown
UnknownUsers, teams, permissions, OAuth providers, and email templates are programmable. Self-host (Postgres backend) plus Stack Cloud share the SDK.
signals (9)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- −API operations exposedNo OpenAPI spec; operations count unknown
- ·Docs pages crawled0 pages (crawler: none)
- ·Auth schemes documentedAuth documentation page not reached by crawler
- ·Setup / quickstart docsNot reached by crawler
- ·Billing docsNot reached by crawler
- ·Teams / org docsNot reached by crawler
- ·CLI docsNot reached by crawler
- ·Schema / data model docsNot reached by crawler
cite (8)
- openapi.operations_count@2026-05-21
- docs.pages_crawled@2026-05-21
- docs.pages_crawled@2026-05-21
- docs.topics_found.setup@2026-05-21
- docs.topics_found.billing@2026-05-21
- docs.topics_found.teams@2026-05-21
- docs.topics_found.cli@2026-05-21
- docs.topics_found.schema@2026-05-21
MCP & agent posture0/20
scoredNo first-party Stack Auth MCP server. The open-source positioning makes downstream integration straightforward.
signals (4)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- −Official MCP serverNone found in vendor's GitHub org or the official MCP registry
- −Community MCP serversNone found
- −Agent-friendly SDKsNo TypeScript/JavaScript SDK published (agents commonly run in TS/JS)
cite (3)
- mcp.registry_query@2026-05-21
- mcp.github_search_query@2026-05-21
- github.sdks@2026-05-21
Schema observability5/20
scoredREST documented at docs.stack-auth.com. Open-source codebase exposes the contract directly.
signals (3)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- −OpenAPINot discovered across 34 standard probe paths
- −GraphQL introspectionNo GraphQL endpoint discovered (5 probes; some vendors use project-scoped endpoints that require a real project handle)
cite (2)
- openapi.probes_tried@2026-05-21
- graphql.probes_tried@2026-05-21
Webhooks & eventsUnknown
UnknownUser-lifecycle webhooks with HMAC signing. Catalog matches modern identity.
signals (2)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- ·Webhook docs pageNot reached by crawler within budget (0 pages crawled). Cannot confirm whether vendor offers webhooks.
cite (1)
- docs.pages_crawled@2026-05-21
JAIRF · 6 dimensions
JAIRF · N/A
This vendor does not publish a public OpenAPI specification. JAIRF cannot be computed. The Headless Index score and editorial verdict carry the readiness assessment.
No public OpenAPI specification discovered during collection
Powered by JAIRF v1.0.0 by Jentic
Band rationale:F band triggered: HeadlessIndex=13
04 / Embed
Show Stack Auth's score on your site.
Drop a live badge into your README, footer, or marketing page. It updates automatically when we re-score, and every embed is a dofollow link back here.