Back to Browse
Free
Server data from the Official MCP Registry
Read & write your Heuresis idea graph and run TRIZ/C-K/ASIT operators from your AI assistant.
About
Read & write your Heuresis idea graph and run TRIZ/C-K/ASIT operators from your AI assistant.
Security Report
4.8
Use Caution4.8High RiskThis MCP server is well-designed with strong security fundamentals: authentication is properly implemented via Supabase's device flow, credentials are stored securely in the filesystem with restricted permissions, and the RLS (Row-Level Security) database layer enforces access control. Code quality is good with proper input validation via Zod schemas, no dangerous patterns detected, and appropriate error handling. Permissions (network_http, env_vars, file read/write) align with the server's purpose. Minor findings include incomplete code truncation in the analysis and a best-effort provenance logging pattern that silently fails, but these do not affect core security. Supply chain analysis found 2 known vulnerabilities in dependencies (0 critical, 2 high severity). Package verification found 1 issue (1 critical, 0 high severity).
3 files analyzed · 6 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-toremlabs-heuresis": {
"args": [
"-y",
"@heuresis/mcp"
],
"command": "npx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
@heuresis/mcp
A Model Context Protocol (MCP) server that exposes a Heuresis workspace to any MCP-capable client (Claude Desktop, Claude Code, Cursor, Windsurf, custom agents). The server logs into the user's Heuresis account, talks to the same Supabase project the webapp talks to, and respects the same RLS. Webapp and MCP are two front-ends to one cloud workspace.
Current version: 1.0.0-rc.9.
Install
npm install -g @heuresis/mcp
# or on demand without installing:
npx -y @heuresis/mcp
Quickstart
1. Link this machine to your Heuresis account
npx -y @heuresis/mcp login
The CLI prints a device code and a one-click URL of the form
https://heuresis.app/device?code=XXXX-XXXX. Open it in your browser,
sign in if you aren't already, and confirm the device. The CLI polls
in the background and writes credentials to
~/.heuresis/credentials.json (chmod 600 on POSIX) the moment you
confirm. Subsequent runs of the MCP are silent.
The login flow rides three Supabase Edge Functions:
mcp-device-start, mcp-device-grant, and mcp-device-poll.
To unlink a machine: npx @heuresis/mcp logout, or open
Settings ▸ Connected devices in the webapp to revoke remotely.
npx @heuresis/mcp whoami confirms which account a machine is
currently linked to.
2. Point your MCP client at it
Claude Desktop. Edit
~/Library/Application Support/Claude/claude_desktop_config.json on
macOS, or %APPDATA%/Claude/claude_desktop_config.json on Windows:
{
"mcpServers": {
"heuresis": { "command": "npx", "args": ["-y", "@heuresis/mcp"] }
}
}
Claude Code / Cursor / Windsurf. Drop a .mcp.json in the
workspace root:
{
"mcpServers": {
"heuresis": { "command": "npx", "args": ["-y", "@heuresis/mcp"] }
}
}
Restart the client. The Heuresis tools appear in the tool menu.
3. CLI subcommands
npx @heuresis/mcp whoami # show the linked account + device
npx @heuresis/mcp logout # delete the credentials file
npx @heuresis/mcp --help # all options
npx @heuresis/mcp --no-realtime # boot once with live sync turned off (persisted)
npx @heuresis/mcp --realtime # re-enable live sync
Live sync
When the MCP boots in cloud mode it subscribes to the workspace over
Supabase Realtime and notifies the client whenever a nodes, edges,
projects, or ideas row changes. Edits made in the webapp show up
in the agent's view without a manual refresh, and writes from one
MCP-connected client reach any other connected client the same way.
Pass --no-realtime to disable the subscription (useful if the
chatter is noisy or the client logs every notification). The
preference is saved to ~/.heuresis/config.json so the flag only
needs to be passed once.
Tools
34 tools total: 31 data tools against the cloud workspace, plus 3 operator tools that drive the same ideation operators the webapp uses.
Reads (10). get_workspace_summary, list_projects,
get_project_graph, list_concepts, list_edges, get_subtree,
get_concept, search_concepts, find_concepts,
list_recent_decisions. Most agent sessions start with
get_workspace_summary or list_projects.
Writes (21). Concepts: add_concept, update_concept,
bulk_add_concepts, set_parent, validate_concept, set_standing,
archive_concept, unarchive_concept, star_concept,
remove_concept. Edges: link_concepts, add_kref. Ideas:
create_idea, rename_idea, recolor_idea, set_idea_members,
add_to_idea, delete_idea. Projects: create_project,
update_project, delete_project. Every write stamps a row in
public.provenance with origin='mcp' so the webapp's session log
shows which surface made the change.
Operator runs (3). run_operator (generate candidates with
Branch / Matrix / ASIT / TRIZ / Combine / Free / Contradiction),
run_operator_and_commit (same, plus commit the result in one
round-trip), and expand_concept (recursive Branch, capped at depth ×
breadth ≤ 60).
Tool input shapes mirror their counterparts in the webapp's
src/agent/tools.ts, so an agent that uses both surfaces sees a
uniform contract.
Wave-shipping: find_in_files (in-browser embedding search) is in the
webapp but not yet on the MCP.
Legacy snapshot mode (deprecated)
The original read-only snapshot reader still works as a fallback while
users migrate to cloud auth. With no ~/.heuresis/credentials.json
and the HEURESIS_SNAPSHOT env var set, the server reads a JSON
export from disk and exposes the original read-only tool set
(get_workspace_summary, list_projects, search_concepts,
get_concept, get_subtree, get_project_graph,
list_recent_decisions).
export HEURESIS_SNAPSHOT="/absolute/path/to/your-export.json"
npx @heuresis/mcp
This path is deprecated and will be removed in a later release. It is here so existing setups keep working through the migration to cloud auth.
License
AGPL-3.0-or-later.
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Git
Freeby Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
80.0K
Stars
4
Installs
6.5
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
486
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
65
Installs
10.0
Security
4.6
Local