C10:OS local mcp
C10:PUBLISHER // specification

Perplexity Local MCP Bridge.

Design choice locked: C10 integrates with Perplexity through a local MCP bridge. Perplexity can pull sanitized C10 context for Deep Research, and reviewed reports can return to C10 through explicit confirmation-gated write tools.

Decision

// local first

Credentials stay
on the Mac.

The bridge has two sides: a read-only MCP path from Perplexity into sanitized C10 context, and an explicit write-back path from Perplexity into a C10 research inbox.

Remote C10 APIs and remote MCP are deferred. They are useful for multi-device access, but they create a larger network attack surface. The local MCP design keeps raw state and credentials inside the local C10 boundary.

Markdown source is available for upload, review, and implementation planning.

Architecture

// read · review · write

// flow

Perplexity Mac App ↓ MCP tool calls C10 Local MCP Server ↓ allowlisted readers / explicit writers ~/.C10/ ├─ docs + sanitized context ├─ c10 CLI ├─ registries ├─ WHY chain └─ _INBOX_/perplexity/

// boundary

The local MCP server is the trust boundary. It exposes named tools, not a raw filesystem. It redacts secrets, denies sensitive paths, logs each call, and writes only after confirmation.

Perplexity gets enough context to research C10 accurately. It does not become a credential holder.

Tool Surface

// minimum viable bridge
READdefault

Context tools

c10_overview, c10_search, c10_read_doc, c10_services, c10_halls, c10_recent_why, c10_bj_search.
WRITEconfirmed

Report capture

c10_save_research_report, c10_capture_research_finding, and c10_create_bj_from_report. Each requires a WHY.
DENYhard stop

Secret boundary

No .env, tokens, keys, cookies, raw DB dumps, private reports, SSH keys, certificates, browser profiles, or unrestricted paths.
LOGaudit

Traceability

Every tool call is logged. Write-back produces a durable markdown artifact and appends or queues a WHY entry.

Implementation Phases

// build order
01

Read-only local MCP

Implement allowlisted C10 docs, overview, services, halls, search, redaction tests, and request logging.

02

Write-back inbox

Add report save with explicit confirmation, required WHY, markdown front matter, and `_INBOX_/perplexity/` storage.

03

Finding capture and bj0 promotion

Add finding capture, bj0 creation, classification hooks, and duplicate detection.

04

Remote review later

Re-evaluate remote MCP or Cloudflare Access API only after the local MCP loop proves useful.

Acceptance

// done means
  • ContextPerplexity can answer C10 architecture questions using local C10 context.
  • SecretsPerplexity cannot read .env, denied secret files, raw databases, or arbitrary paths.
  • Write-backPerplexity can save a reviewed report only after confirmation and only with a WHY.
  • ArtifactsSaved reports include title, timestamp, source URLs, tags, and WHY.
  • AuditEvery MCP tool call is logged, and redaction tests cover common secret formats.