@lucern/mcp 0.3.0-alpha.17 → 0.3.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -6,24 +6,21 @@ Standalone MCP server for Lucern's reasoning runtime.
6
6
 
7
7
  - Distribution target: private/internal registry
8
8
  - License: UNLICENSED
9
- - Expected auth: a Lucern local profile from `lucern auth login`, or `LUCERN_API_KEY`
9
+ - Expected auth: `LUCERN_API_KEY` machine credential
10
10
  - Canonical hosted/remote auth: service principal bearer token (`lk_...` / `lsk_...`)
11
11
  - Compatibility auth: tenant API key (`luc_...` / `stk_...`)
12
12
 
13
13
  ## Run
14
14
 
15
15
  ```bash
16
- lucern auth login
17
- npx @lucern/mcp
16
+ npx @lucern/mcp --api-key lk_... --base-url https://your-lucern-host
18
17
  ```
19
18
 
20
19
  Env vars:
21
20
 
22
- - `LUCERN_API_KEY` (machine auth)
23
- - `LUCERN_USER_TOKEN` or `LUCERN_SESSION_TOKEN` (user auth)
21
+ - `LUCERN_API_KEY` (required)
24
22
  - `LUCERN_BASE_URL` (optional)
25
- - `LUCERN_PROFILE` (optional)
26
- - `LUCERN_TOPIC_ID` (optional)
23
+ - `LUCERN_PROJECT_ID` (optional)
27
24
  - `LUCERN_MCP_TRANSPORT` (`stdio` or `http`, default: `stdio`)
28
25
  - `LUCERN_MCP_HOST` (HTTP only, default: `127.0.0.1`)
29
26
  - `LUCERN_MCP_PORT` (HTTP only, default: `8080`)
@@ -53,10 +50,6 @@ Auth behavior:
53
50
  - If `--api-key` is provided, the server uses that credential for all upstream Lucern API calls.
54
51
  - Otherwise (default), the server accepts inbound `Authorization: Bearer lk_/lsk_...` service principal tokens plus `x-lucern-key` or `Authorization: Bearer luc_/stk_...` tenant API keys and forwards them upstream.
55
52
  - If `--server-auth-token` is provided, incoming requests must include `Authorization: Bearer <token>` or `x-lucern-mcp-token: <token>`.
56
- - MCP does not fetch Master Control deploy keys or run its own Permit checks.
57
- It is a client of the same `api.lucern.ai` gateway as the CLI and SDK. The
58
- gateway resolves the caller, tenant, workspace, and deployment through Master
59
- Control, then enforces Permit before executing generated surface calls.
60
53
 
61
54
  Canonical hosted endpoint:
62
55
 
@@ -85,8 +78,7 @@ This package is the **external package MCP** surface (`packages/mcp`) intended f
85
78
 
86
79
  It is intentionally separate from the **internal Convex MCP** runtime under `convex/mcp/*` used by StackOS internals.
87
80
 
88
- See `docs/reference/mcp-event-packages.md` for package-boundary details and
89
- `docs/reference/mcp.md` for the generated callable MCP inventory.
81
+ See `docs/lucern-replatform/api/mcp-surface-separation.md` for boundary details.
90
82
 
91
83
  ## Claude Code config
92
84
 
@@ -97,17 +89,15 @@ See `docs/reference/mcp-event-packages.md` for package-boundary details and
97
89
  "command": "npx",
98
90
  "args": ["@lucern/mcp"],
99
91
  "env": {
100
- "LUCERN_PROFILE": "default"
92
+ "LUCERN_API_KEY": "lk_...",
93
+ "LUCERN_BASE_URL": "https://your-lucern-host",
94
+ "LUCERN_PROJECT_ID": "project_123"
101
95
  }
102
96
  }
103
97
  }
104
98
  }
105
99
  ```
106
100
 
107
- Run `lucern auth login` first. The MCP process loads `~/.lucern/profiles.json`
108
- and `~/.lucern/credentials`, so CLI and MCP share the same user-level auth
109
- without copying tokens into every client config.
110
-
111
101
  ## Exports
112
102
 
113
103
  - `createLucernStandaloneMcpServer`
package/bin/lucern-mcp.js CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- import { runLucernMcpCli } from "../dist/cli.js";
2
+ import { runLucernMcpCli } from "../dist/lib/platform/mcp/cli.js";
3
3
 
4
4
  runLucernMcpCli().catch((error) => {
5
5
  console.error(
package/dist/gateway.d.ts CHANGED
@@ -1,6 +1,4 @@
1
1
  import { GatewayAuthContext } from '@lucern/contracts';
2
- import { ConvexHttpClient } from 'convex/browser';
3
- import { Permit } from 'permitio';
4
2
 
5
3
  declare function handleBeliefCreate(args: {
6
4
  authContext: GatewayAuthContext;
@@ -326,33 +324,6 @@ declare function handleGraphNeighborhood(args: {
326
324
  maxDepth?: number;
327
325
  };
328
326
  }): Promise<Response>;
329
- declare function handleGraphNodeList(args: {
330
- authContext: GatewayAuthContext;
331
- correlationId: string;
332
- policyTraceId: string;
333
- query: {
334
- nodeId?: string;
335
- globalId?: string;
336
- topicId?: string;
337
- projectId?: string;
338
- nodeType?: string;
339
- limit?: number;
340
- };
341
- }): Promise<Response>;
342
- declare function handleGraphEdgeList(args: {
343
- authContext: GatewayAuthContext;
344
- correlationId: string;
345
- policyTraceId: string;
346
- query: {
347
- edgeId?: string;
348
- topicId?: string;
349
- projectId?: string;
350
- fromNodeId?: string;
351
- toNodeId?: string;
352
- edgeType?: string;
353
- limit?: number;
354
- };
355
- }): Promise<Response>;
356
327
  declare function handleGraphTraverse(args: {
357
328
  authContext: GatewayAuthContext;
358
329
  correlationId: string;
@@ -395,101 +366,6 @@ declare function handleGraphFalsify(args: {
395
366
  body: unknown;
396
367
  }): Promise<Response>;
397
368
 
398
- type QueryRecord = Record<string, unknown>;
399
- declare function handleGraphAnalysisSave(args: {
400
- authContext: GatewayAuthContext;
401
- correlationId: string;
402
- policyTraceId: string;
403
- body: unknown;
404
- }): Promise<Response>;
405
- declare function handleGraphAnalysisList(args: {
406
- authContext: GatewayAuthContext;
407
- correlationId: string;
408
- policyTraceId: string;
409
- query: QueryRecord;
410
- }): Promise<Response>;
411
- declare function handleGraphAnalysisLatest(args: {
412
- authContext: GatewayAuthContext;
413
- correlationId: string;
414
- policyTraceId: string;
415
- query: QueryRecord;
416
- }): Promise<Response>;
417
- declare function handleGraphAnalysisSaveSuggestions(args: {
418
- authContext: GatewayAuthContext;
419
- correlationId: string;
420
- policyTraceId: string;
421
- body: unknown;
422
- }): Promise<Response>;
423
- declare function handleGraphAnalysisListSuggestions(args: {
424
- authContext: GatewayAuthContext;
425
- correlationId: string;
426
- policyTraceId: string;
427
- query: QueryRecord;
428
- }): Promise<Response>;
429
- declare function handleGraphAnalysisListChanges(args: {
430
- authContext: GatewayAuthContext;
431
- correlationId: string;
432
- policyTraceId: string;
433
- query: QueryRecord;
434
- }): Promise<Response>;
435
- declare function handleGraphAnalysisUpdateSuggestion(args: {
436
- authContext: GatewayAuthContext;
437
- correlationId: string;
438
- policyTraceId: string;
439
- suggestionId: string;
440
- body: unknown;
441
- }): Promise<Response>;
442
- declare function handleGraphAnalysisCompute(args: {
443
- authContext: GatewayAuthContext;
444
- correlationId: string;
445
- policyTraceId: string;
446
- body: unknown;
447
- }): Promise<Response>;
448
- declare function handleGraphRecommendationsList(args: {
449
- authContext: GatewayAuthContext;
450
- correlationId: string;
451
- policyTraceId: string;
452
- query: QueryRecord;
453
- }): Promise<Response>;
454
- declare function handleGraphRecommendationGet(args: {
455
- authContext: GatewayAuthContext;
456
- correlationId: string;
457
- policyTraceId: string;
458
- recommendationId: string;
459
- }): Promise<Response>;
460
- declare function handleGraphRecommendationStatus(args: {
461
- authContext: GatewayAuthContext;
462
- correlationId: string;
463
- policyTraceId: string;
464
- recommendationId: string;
465
- body: unknown;
466
- }): Promise<Response>;
467
- declare function handleOrgGraphSearch(args: {
468
- authContext: GatewayAuthContext;
469
- correlationId: string;
470
- policyTraceId: string;
471
- body: unknown;
472
- }): Promise<Response>;
473
- declare function handleOrgGraphNodeGet(args: {
474
- authContext: GatewayAuthContext;
475
- correlationId: string;
476
- policyTraceId: string;
477
- nodeId: string;
478
- query: QueryRecord;
479
- }): Promise<Response>;
480
- declare function handleOrgGraphByProvenance(args: {
481
- authContext: GatewayAuthContext;
482
- correlationId: string;
483
- policyTraceId: string;
484
- query: QueryRecord;
485
- }): Promise<Response>;
486
- declare function handleOrgGraphPublished(args: {
487
- authContext: GatewayAuthContext;
488
- correlationId: string;
489
- policyTraceId: string;
490
- query: QueryRecord;
491
- }): Promise<Response>;
492
-
493
369
  declare function handleIdentityWhoami(args: {
494
370
  authContext: GatewayAuthContext;
495
371
  correlationId: string;
@@ -526,33 +402,6 @@ declare function handleOntologyMatch(args: {
526
402
  body: unknown;
527
403
  }): Promise<Response>;
528
404
 
529
- type PermitWebhookEnv = Record<string, string | undefined>;
530
- type PermitProjectionClient = Pick<ConvexHttpClient, "action">;
531
- declare function isPermitWebhookAuthorized(args: {
532
- headers: Headers;
533
- env?: PermitWebhookEnv;
534
- }): boolean;
535
- declare function extractPermitWebhookTenantKeys(body: unknown): string[];
536
- declare function hasPermitWebhookTenantScope(body: unknown): boolean;
537
- declare function handlePermitProjectionWebhook(args: {
538
- request: Request;
539
- body: unknown;
540
- correlationId: string;
541
- policyTraceId: string;
542
- convexClient?: PermitProjectionClient;
543
- }): Promise<Response>;
544
-
545
- type ClerkWebhookClient = Pick<ConvexHttpClient, "query" | "mutation">;
546
- declare const __testOnly: {
547
- setPermitClientFactory(factory: (() => Permit) | null): void;
548
- };
549
- declare function handleClerkWebhook(args: {
550
- request: Request;
551
- correlationId: string;
552
- policyTraceId: string;
553
- convexClient?: ClerkWebhookClient;
554
- }): Promise<Response>;
555
-
556
405
  declare function handleQuestionCreate(args: {
557
406
  authContext: GatewayAuthContext;
558
407
  correlationId: string;
@@ -930,4 +779,4 @@ declare function handleWorktreeBulkCreate(args: {
930
779
  body: unknown;
931
780
  }): Promise<Response>;
932
781
 
933
- export { __testOnly, extractPermitWebhookTenantKeys, handleBeliefArchive, handleBeliefBatchUpdateCriticality, handleBeliefBisect, handleBeliefConfidenceHistory, handleBeliefCreate, handleBeliefCreateContract, handleBeliefFork, handleBeliefGet, handleBeliefLineage, handleBeliefLink, handleBeliefList, handleBeliefReassignTopic, handleBeliefRefine, handleBeliefRelationships, handleBeliefUnlinkEvidence, handleBeliefUpdateConfidence, handleBeliefUpdateCriticality, handleBeliefUpdateRationale, handleBeliefUpdateStatus, handleClerkWebhook, handleContradictionFlag, handleContradictionGet, handleContradictionList, handleEdgeBatchCreate, handleEdgeCreate, handleEdgeDelete, handleEdgeList, handleEdgeRemove, handleEdgeTraverse, handleEdgeUpdate, handleEdgesRemoveBetween, handleEventsList, handleEventsReplay, handleEvidenceClassify, handleEvidenceClassifyBatch, handleEvidenceCreate, handleEvidenceFlagIncorrect, handleEvidenceGet, handleEvidenceLink, handleEvidenceList, handleEvidenceRemove, handleEvidenceSearch, handleEvidenceUpdate, handleEvidenceUpdateStatus, handleEvidenceUpdateVerificationStatus, handleGraphAnalysisCompute, handleGraphAnalysisLatest, handleGraphAnalysisList, handleGraphAnalysisListChanges, handleGraphAnalysisListSuggestions, handleGraphAnalysisSave, handleGraphAnalysisSaveSuggestions, handleGraphAnalysisUpdateSuggestion, handleGraphAnalyze, handleGraphBias, handleGraphEdgeList, handleGraphFalsify, handleGraphGaps, handleGraphNeighborhood, handleGraphNodeList, handleGraphRecommendationGet, handleGraphRecommendationStatus, handleGraphRecommendationsList, handleGraphTraverse, handleIdentityWhoami, handleOntologyBind, handleOntologyGet, handleOntologyList, handleOntologyMatch, handleOrgGraphByProvenance, handleOrgGraphNodeGet, handleOrgGraphPublished, handleOrgGraphSearch, handlePermitProjectionWebhook, handleQuestionAdd, handleQuestionAdvanceToConviction, handleQuestionAnswer, handleQuestionArchive, handleQuestionBatchCreate, handleQuestionCreate, handleQuestionDelete, handleQuestionFinalizeConviction, handleQuestionGet, handleQuestionGetAnswer, handleQuestionList, handleQuestionRefine, handleQuestionUpdate, handleQuestionUpdateConviction, handleQuestionUpdatePriority, handleQuestionUpdateStatus, handleSearchResources, handleSourceGet, handleSourceUpsert, handleTaskComplete, handleTaskCreate, handleTaskList, handleTaskUpdate, handleTopicBulkCreate, handleTopicCoverage, handleTopicCreate, handleTopicGet, handleTopicList, handleTopicRemove, handleTopicTree, handleTopicUpdate, handleWebhookCreate, handleWebhookDelete, handleWebhookDeliveries, handleWebhookGet, handleWebhookHealth, handleWebhookList, handleWebhookTest, handleWebhookUpdate, handleWorktreeActivate, handleWorktreeAdvancePhase, handleWorktreeBulkCreate, handleWorktreeComplete, handleWorktreeCreate, handleWorktreeList, handleWorktreeListAll, handleWorktreeListCampaigns, handleWorktreeMerge, handleWorktreePatchState, handleWorktreeSetPhase, handleWorktreeUpdate, handleWorktreeUpdateTargets, hasPermitWebhookTenantScope, isPermitWebhookAuthorized };
782
+ export { handleBeliefArchive, handleBeliefBatchUpdateCriticality, handleBeliefBisect, handleBeliefConfidenceHistory, handleBeliefCreate, handleBeliefCreateContract, handleBeliefFork, handleBeliefGet, handleBeliefLineage, handleBeliefLink, handleBeliefList, handleBeliefReassignTopic, handleBeliefRefine, handleBeliefRelationships, handleBeliefUnlinkEvidence, handleBeliefUpdateConfidence, handleBeliefUpdateCriticality, handleBeliefUpdateRationale, handleBeliefUpdateStatus, handleContradictionFlag, handleContradictionGet, handleContradictionList, handleEdgeBatchCreate, handleEdgeCreate, handleEdgeDelete, handleEdgeList, handleEdgeRemove, handleEdgeTraverse, handleEdgeUpdate, handleEdgesRemoveBetween, handleEventsList, handleEventsReplay, handleEvidenceClassify, handleEvidenceClassifyBatch, handleEvidenceCreate, handleEvidenceFlagIncorrect, handleEvidenceGet, handleEvidenceLink, handleEvidenceList, handleEvidenceRemove, handleEvidenceSearch, handleEvidenceUpdate, handleEvidenceUpdateStatus, handleEvidenceUpdateVerificationStatus, handleGraphAnalyze, handleGraphBias, handleGraphFalsify, handleGraphGaps, handleGraphNeighborhood, handleGraphTraverse, handleIdentityWhoami, handleOntologyBind, handleOntologyGet, handleOntologyList, handleOntologyMatch, handleQuestionAdd, handleQuestionAdvanceToConviction, handleQuestionAnswer, handleQuestionArchive, handleQuestionBatchCreate, handleQuestionCreate, handleQuestionDelete, handleQuestionFinalizeConviction, handleQuestionGet, handleQuestionGetAnswer, handleQuestionList, handleQuestionRefine, handleQuestionUpdate, handleQuestionUpdateConviction, handleQuestionUpdatePriority, handleQuestionUpdateStatus, handleSearchResources, handleSourceGet, handleSourceUpsert, handleTaskComplete, handleTaskCreate, handleTaskList, handleTaskUpdate, handleTopicBulkCreate, handleTopicCoverage, handleTopicCreate, handleTopicGet, handleTopicList, handleTopicRemove, handleTopicTree, handleTopicUpdate, handleWebhookCreate, handleWebhookDelete, handleWebhookDeliveries, handleWebhookGet, handleWebhookHealth, handleWebhookList, handleWebhookTest, handleWebhookUpdate, handleWorktreeActivate, handleWorktreeAdvancePhase, handleWorktreeBulkCreate, handleWorktreeComplete, handleWorktreeCreate, handleWorktreeList, handleWorktreeListAll, handleWorktreeListCampaigns, handleWorktreeMerge, handleWorktreePatchState, handleWorktreeSetPhase, handleWorktreeUpdate, handleWorktreeUpdateTargets };