# PURE MCP SERVER — DRAFT SPEC (B-T64 · Bv7 · 2026-06-12)
_Per the committed integration layer: Cloud Run, scoped tokens, RLS underneath. This draft defines the
tool surface so any MCP-capable client (Claude, Cursor, future lanes) operates PURE the same way._

## Why
Today the lanes drive the backend through Composio SQL + REST. An MCP server makes every operation a
named, scoped, AUDITED tool — no raw SQL in sessions, no anon-key writes from pages at go-live.

## Auth
- Bearer tokens minted per principal (Mike · lane-A · lane-B · verifier), scopes per tool group.
- Every call writes an audit row (`audit_log`: who, tool, args-hash, result, ts) — the Command Center
  audit tab reads this instead of unioning tables.

## Tools (v1)
**board.** `board.list(status?, lane?)` · `board.dispatch(title, type) → {id, model, queue_order}` (runs
the routing table) · `board.claim(id, lane)` (rejects if claimed — THE collision lock) · `board.update
(id, status, notes)` · `board.release(id)`
**memory.** `memory.get(key?)` · `memory.set(key, value, note)` (Mike + lanes; verifier read-only)
**dictionary.** `dict.lookup(term)` · `dict.add(term, definition, section)` — ARE rule enforced server-side
**qa.** `qa.log(lane, target, verdict, notes)` · `qa.latest(target?)`
**verify.** `vc.challenge(tool, method)` · `vc.log(event)` · `vc.history(tool)`
**release.** `release.cut(label)` (snapshots batch manifest) · `release.publish(id)` / `release.unpublish(id)`
/ `release.revert()` — drives Netlify deploy API so publish/unpublish/revert are REAL deploys, not tickets
**wire.** `mail.send(toLane, title, detail)` · `mail.unread(lane)` · `mail.markRead(id)`
**sessions.** `session.register(lane, badge)` · `session.heartbeat(lane)` · `session.close(lane, closeoutRef)`
**connections (phase 2).** `fub.leads(since?)` · `matterport.models()` · `maps.geocode(addr)` ·
`gtmetrix.test(url)` → auto-`qa.log` · `ga.pageviews(path, range)` · `zoho.invoices(range)`

## Routing table (board.dispatch)
| type | model tier | rationale |
|---|---|---|
| data / bulk / cleanup | haiku-class | mechanical, cheapest |
| build / design / research | sonnet-class | balanced cost/quality |
| architecture / legal / merge | opus-class | deep reasoning pays for itself |
Queue order: gates first, then Mike-priority, then FIFO. Cost guardrail: per-day token budget per lane.

## Implementation path
1. Cloud Run service (Node) wrapping supabase-js with service-role key + per-tool RLS-equivalent checks.
2. MCP manifest (tools above) + bearer auth; Composio/Claude connect by URL.
3. Netlify deploy API wiring for release.* (site: acquisto.biz).
4. Retire anon-key writes from pages (vc_events etc.) → MCP endpoints; tighten RLS to read-only.
5. Phase 2: connection tools (FUB, Matterport, Maps, GA, GTmetrix, Zoho) with per-connection scopes.

## Open questions for Mike
- Hosting account for Cloud Run (or prefer Supabase Edge Functions? both fine).
- Netlify API token for real publish/unpublish/revert.
- Per-lane spending caps for the routing table.