C10 Perplexity MCP Connector

Draft from Perplexity MCP write-back.

---
title: "C10 Perplexity MCP Connector"
kind: c10-explain
created_at: 2026-06-24T11:36:27.696886+00:00
source: perplexity_mcp_writeback
status: draft_from_perplexity
tags:
  - perplexity
  - mcp
  - c10-explain
  - publisher
  - hub
sources:
  - mcp/perplexity/README.md
  - mcp/perplexity/REMOTE-MCP.md
  - mcp/perplexity/c10_perplexity_mcp/core.py
  - mcp/perplexity/c10_perplexity_mcp/server.py
---

# C10 Perplexity MCP Connector

## Summary

How the C10 Perplexity MCP connector works, what it can read, what it can write back, and how it is secured.

## Content

## What This Connector Does

The C10 Perplexity MCP connector lets Perplexity research with live, local knowledge of C10:OS while keeping C10 data behind two gates: Cloudflare Access and a C10 MCP app token. It is exposed to Perplexity at `https://perplexity.c10-os.com/mcp` using Streamable HTTP.

The connector has two responsibilities:

1. Read bounded, sanitized C10 context so Perplexity can answer questions with C10-local facts.
2. Write selected research outputs back into controlled C10 draft locations, without arbitrary filesystem writes.

## Security Model

The public endpoint is protected by Cloudflare Access service authentication. Behind that, the MCP server requires the C10 MCP app token via `Authorization:  <token>`, `X-API-Key`, or `X-C10-MCP-Token`.

The MCP service runs on the C10 host at `192.168.2.188:8767` and is reached by Cloudflare Tunnel at `perplexity.c10-os.com`. Secrets remain local under `mcp/perplexity/.secrets/` and are excluded from source control.

The connector redacts common token, password, cookie, API key, authorization, and long-secret patterns. It denies direct reads of env files, keys, databases, caches, logs, private folders, `.git`, and binary/archive assets. The only intentional database exception is read-only structured access to the C10 Team Hub SQLite database through safe table allowlists.

## Read Tools

Core C10 read tools:

- `c10_overview`: identity, architecture, docs, and current bridge posture.
- `c10_search`: search allowlisted C10 docs, room context, and room labels.
- `c10_read_doc`: read a stable document ID with bounded output.
- `c10_services`: sanitized service registry summary.
- `c10_halls`: sanitized hall summaries.
- `c10_recent_why`: recent non-sensitive WHY chain entries.
- `c10_bj_search`: search sanitized BJ registry summaries.

Publisher and diagram reads:

- Publisher text assets are indexed from `html/` for `.md`, `.html`, `.txt`, `.json`, and `.css`.
- Visual Planner diagrams are indexed from `__Visual_Planner_Diagrams__/` for the same text-like formats.
- The current index includes 52 readable docs: core docs, 17 Publisher docs, and 25 diagram docs.

Hub read tools:

- `c10_hub_collections`: list safe Hub collections and counts.
- `c10_hub_items`: read safe Hub collection records.
- `c10_hub_search`: search across safe Hub collections.
- `c10_hub_feed`: read Hub feed/posts.
- `c10_hub_tasks`: read Hub tasks, filterable by text, column, and assignee.
- `c10_hub_ideas`: read Hub ideas, filterable by text and column.
- `c10_hub_events`: read the Hub event timeline.

Hub data comes from `.58/.c10/hub.sqlite` in read-only SQLite mode. Safe collections include posts, ideas, tasks, tools, research, learnings, projects, bounties, goals, decisions, meetings, xposts, announcements, competition records, superfix records, agent workbench records, TV records, lounge records, and founder/customer collections. Sensitive/internal tables such as `google_tokens`, vector embedding chunks, and SQLite internals are denied.

## Write-Back Tools

Write-back is controlled and draft-oriented. It does not provide arbitrary filesystem writes.

- `c10_save_publisher_report`: save a Perplexity report into Publisher review paths as Markdown and safe HTML.
- `c10_create_explain`: create a C10 Explain draft in Publisher review paths.
- `c10_capture_spec`: capture a draft specification into the Perplexity specs inbox.
- `c10_save_html_mockup`: save an HTML mockup into a controlled review folder.
- `c10_append_research_note`: append a global or hall-specific research note.
- `c10_add_idea`: add a candidate idea to the C10 ideas inbox.
- `c10_create_vendor_brief`: create a vendor brief and optionally mirror it into the competition inbox.
- `c10_attach_research_to_hall`: attach research to a numbered hall.
- `c10_propose_update`: save a proposed update artifact without modifying the target file.
- `c10_save_prompt_and_result`: archive a prompt, result, and sources for reproducibility.
- `c10_create_mockup_review_packet`: create an HTML mockup review packet.

Write-back locations are constrained to:

- `html/research/`
- `html/explain/`
- `.c10/perplexity/`
- `.<hall>/.c10/perplexity/research/`

## How To Use It In Perplexity

Connector settings:

- MCP server URL: `https://perplexity.c10-os.com/mcp`
- Transport: Streamable HTTP
- Network access: Cloudflare Access
- Authentication: API Key or Bearer token using the C10 MCP app token

A good test prompt:

```text
Use the C10 connector. Read the Hub feed, Hub tasks, Hub ideas, recent Hub events, Publisher docs, and visual planner diagrams. Summarize what is active and separate C10-local facts from your synthesis.
```

A good write-back prompt:

```text
Use the C10 connector to save this report as a C10 Explain draft. Include the prompt, key findings, Hub facts used, web sources, and open questions.
```

## Current Verification

The local and remote MCP protocol checks pass. The public endpoint has been verified through Cloudflare with the full tool catalog. Public checks have successfully called the Hub read tools and a controlled write-back smoke test.

Current tool surface: 25 tools total, including core reads, Hub reads, and controlled write-back tools.

## Operating Notes

The remote server is started from `mcp/perplexity` with:

```bash
C10_MCP_TOKEN="$(cat .secrets/c10_mcp_token)" \
C10_MCP_HOST=192.168.2.188 \
C10_MCP_PORT=8767 \
uv run c10-perplexity-remote-mcp
```

Verification commands:

```bash
just test
just check
just protocol
just remote-check
just remote-protocol
```

Kill switch: stop the local MCP server, remove/rotate the C10 MCP token, or remove the Cloudflare Access service-auth policy.


## Sources

- mcp/perplexity/README.md
- mcp/perplexity/REMOTE-MCP.md
- mcp/perplexity/c10_perplexity_mcp/core.py
- mcp/perplexity/c10_perplexity_mcp/server.py