@lucern/mcp 0.3.0-alpha.1 → 0.3.0-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -6,21 +6,24 @@ Standalone MCP server for Lucern's reasoning runtime.
6
6
 
7
7
  - Distribution target: private/internal registry
8
8
  - License: UNLICENSED
9
- - Expected auth: `LUCERN_API_KEY` machine credential
9
+ - Expected auth: a Lucern local profile from `lucern auth login`, or `LUCERN_API_KEY`
10
10
  - Canonical hosted/remote auth: service principal bearer token (`lk_...` / `lsk_...`)
11
11
  - Compatibility auth: tenant API key (`luc_...` / `stk_...`)
12
12
 
13
13
  ## Run
14
14
 
15
15
  ```bash
16
- npx @lucern/mcp --api-key lk_... --base-url https://your-lucern-host
16
+ lucern auth login
17
+ npx @lucern/mcp
17
18
  ```
18
19
 
19
20
  Env vars:
20
21
 
21
- - `LUCERN_API_KEY` (required)
22
+ - `LUCERN_API_KEY` (machine auth)
23
+ - `LUCERN_USER_TOKEN` or `LUCERN_SESSION_TOKEN` (user auth)
22
24
  - `LUCERN_BASE_URL` (optional)
23
- - `LUCERN_PROJECT_ID` (optional)
25
+ - `LUCERN_PROFILE` (optional)
26
+ - `LUCERN_TOPIC_ID` (optional)
24
27
  - `LUCERN_MCP_TRANSPORT` (`stdio` or `http`, default: `stdio`)
25
28
  - `LUCERN_MCP_HOST` (HTTP only, default: `127.0.0.1`)
26
29
  - `LUCERN_MCP_PORT` (HTTP only, default: `8080`)
@@ -50,6 +53,10 @@ Auth behavior:
50
53
  - If `--api-key` is provided, the server uses that credential for all upstream Lucern API calls.
51
54
  - Otherwise (default), the server accepts inbound `Authorization: Bearer lk_/lsk_...` service principal tokens plus `x-lucern-key` or `Authorization: Bearer luc_/stk_...` tenant API keys and forwards them upstream.
52
55
  - If `--server-auth-token` is provided, incoming requests must include `Authorization: Bearer <token>` or `x-lucern-mcp-token: <token>`.
56
+ - MCP does not fetch Master Control deploy keys or run its own Permit checks.
57
+ It is a client of the same `api.lucern.ai` gateway as the CLI and SDK. The
58
+ gateway resolves the caller, tenant, workspace, and deployment through Master
59
+ Control, then enforces Permit before executing generated surface calls.
53
60
 
54
61
  Canonical hosted endpoint:
55
62
 
@@ -89,15 +96,17 @@ See `docs/lucern-replatform/api/mcp-surface-separation.md` for boundary details.
89
96
  "command": "npx",
90
97
  "args": ["@lucern/mcp"],
91
98
  "env": {
92
- "LUCERN_API_KEY": "lk_...",
93
- "LUCERN_BASE_URL": "https://your-lucern-host",
94
- "LUCERN_PROJECT_ID": "project_123"
99
+ "LUCERN_PROFILE": "default"
95
100
  }
96
101
  }
97
102
  }
98
103
  }
99
104
  ```
100
105
 
106
+ Run `lucern auth login` first. The MCP process loads `~/.lucern/profiles.json`
107
+ and `~/.lucern/credentials`, so CLI and MCP share the same user-level auth
108
+ without copying tokens into every client config.
109
+
101
110
  ## Exports
102
111
 
103
112
  - `createLucernStandaloneMcpServer`
package/bin/lucern-mcp.js CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- import { runLucernMcpCli } from "../dist/lib/platform/mcp/cli.js";
2
+ import { runLucernMcpCli } from "../dist/cli.js";
3
3
 
4
4
  runLucernMcpCli().catch((error) => {
5
5
  console.error(
package/dist/cli.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ declare function runLucernMcpCli(argv?: readonly string[]): Promise<void>;
2
+
3
+ export { runLucernMcpCli };