@lucern/mcp 0.3.0-alpha.10 → 0.3.0-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -53,6 +53,10 @@ Auth behavior:
53
53
  - If `--api-key` is provided, the server uses that credential for all upstream Lucern API calls.
54
54
  - Otherwise (default), the server accepts inbound `Authorization: Bearer lk_/lsk_...` service principal tokens plus `x-lucern-key` or `Authorization: Bearer luc_/stk_...` tenant API keys and forwards them upstream.
55
55
  - If `--server-auth-token` is provided, incoming requests must include `Authorization: Bearer <token>` or `x-lucern-mcp-token: <token>`.
56
+ - MCP does not fetch Master Control deploy keys or run its own Permit checks.
57
+ It is a client of the same `api.lucern.ai` gateway as the CLI and SDK. The
58
+ gateway resolves the caller, tenant, workspace, and deployment through Master
59
+ Control, then enforces Permit before executing generated surface calls.
56
60
 
57
61
  Canonical hosted endpoint:
58
62