Skip to main content
Version: MVP

MCP export boundary

3 min readReferenceUpdated 2026-05-23

What you'll find here

The rule for which Craik surfaces can be exported as MCP tools. Stable, documented metadata and workflow surfaces can be exported. Unstable internals, raw store internals, and secret-bearing operations cannot.

Contract-first exports.

Exported tools wrap stable runtime contracts and documented command behavior — never private Python objects or database tables.

Export criteria

A surface is exportable when every condition holds.

  1. It has a stable contract and documented compatibility expectations.
  2. It does not expose raw secrets, tokens, credentials, signatures, or unredacted payloads.
  3. It does not expose internal storage layouts, private state machines, or unstable implementation details.
  4. It uses explicit capability grants for capability-bearing tools.
  5. It records receipts for side-effect capabilities (file writes · shell · network · memory writes · review comments).
  6. It returns redacted metadata rather than ambient runtime authority.

Experimental surfaces require compatibility review before export. Internal surfaces are blocked until promoted to a stable contract.

Chosen boundary

Allowed

  • Read-only project, case file, handoff, receipt, and work-graph inspection
  • Provider selection metadata that omits secret values
  • Policy preview and validation results
  • Documented runner or gateway status summaries

Blocked

  • Raw secret reads or secret-file browsing
  • Direct local-store table access
  • Write / shell / network / memory-write / review-comment tools without matching grants and receipts
  • Experimental sandbox or provider internals without compatibility review

Compatibility expectations

Names, inputs, outputs, and error reasons are compatibility surface.

Changes should be additive where possible. Removing a field, changing a status value, or exposing a previously redacted field requires review and documentation updates.

Decision
Meaning
Required action
review_required
non-exportable
Treat as non-exportable until a human or release process promotes the surface.
blocked
unsupported
Requires a boundary change before export.

The craik.runtime.mcp_export helper records the decision status, reason, and required controls for a candidate surface. The v0.12.0 craik.runtime.sandbox.mcp_compat helper applies those decisions to the MCP compatibility manifest and JSON-RPC smoke handler. It does not grant runtime authority by itself; tool calls still pass through operator auth, policy gates, and receipt requirements.

What's next

ReferenceMCP clientClient-side provider and tool routing.GuideMCP ecosystem compatibilityHow to compose Craik with the wider MCP ecosystem.ReferenceEnvironment receiptsThe audit trail an exported tool produces.