# MCP surface (bluehand.dev v0.1)

**ST:** `[ST:portfolio:docs:mcp]`  
**Runtime:** `surfaces/nexus-core` → `api.bluehand.dev` / `mcp.bluehand.dev`  
**Posture:** **Advisory only** — not execution authority.  
**Canonical state:** Supabase (portfolio). KV/D1 at edge are **cache-only** lineage.

## Capability vocabulary (v0.1)

Portfolio semantics — **not** raw `kv.write` / `d1.query`:

| Capability | Route | Behavior |
|------------|-------|----------|
| `state.observe` | `/mcp/state/observe` | Read-only orientation (stub → Supabase) |
| `state.transition.propose` | `/mcp/state/transition/propose` | Proposal only — **no apply** |
| `issuance.status` | `/mcp/issuance/status` | Issuance queue orientation |
| `capsule.orient` | `/mcp/capsule/orient` | Capsule seam summary |
| `ontology.query` | `/mcp/ontology/query` | Bounded ontology lookup |
| `graph.neighborhood` | `/mcp/graph/neighborhood` | ARP-style neighborhood (read-only) |
| `govern.evaluate` | `/mcp/govern/evaluate` | Advisory rule evaluation |
| `govern.attest` | `/mcp/govern/attest` | Attestation — no authority grant |
| `lineage.append` | `/mcp/execute` | Deploy/audit lineage → KV cache |

**Refused (403):** `govern.authorize`, `kv.write`, `d1.query`, `execute`, `nexus.eval`, `nexus.graph`

Legacy: `GET /mcp/capabilities`, `GET /mcp/events`

## Subdomains (private by default)

| Host | Role |
|------|------|
| `docs.bluehand.dev` | Public builder docs |
| `api.*` / `mcp.*` | Nexus worker (this doc) |
| `gateway.*` | Future API façade (document only) |
| `wyrm.*` | Edge Wyrm registry docs — local `bhrt-wyrm` stdio remains alpha primary |
| `atlas.*`, `state.*`, `ops.*` | Access-gated consoles |

## Wyrm vs edge MCP

| Lane | Where | Authority |
|------|-------|-----------|
| Wyrm alpha | Local `bhrt-wyrm` MCP stdio | Advisory trace only |
| Nexus edge | `api.bluehand.dev` | Governance vocabulary + lineage; **no** lease grant |
| PIM-0 | `pim0.blue-hand.org` | Signed proposals; mTLS + Access |

## Skill packet

Canonical engineering guide: `surfaces/nexus-core/skills/adv-wrangler-api-mcp/SKILL.md` (v0.1)


## Projection and Access (public_safe)

Edge MCP responses are **orientation projections** — not canonical Supabase truth (`projection_not_truth`). All non-`docs.*` hostnames, including `api.bluehand.dev` and `mcp.bluehand.dev`, sit behind **Cloudflare Access** on production; passing Access authenticates reachability only and does **not** grant mutation or execution authority. Operator authority brief: Atlas-CAI `docs/operations/bluehand-dev-access-vpc-authority-v0.md` (private repo — not mirrored on this public site).

## Security

- Cloudflare **Access** on all non-`docs.*` hostnames.
- Rate limits via zone rules when needed.
- Never publish service tokens, operator emails, or raw Cloudflare account/zone IDs in docs.

See also: [Access](./access.md) · [API](./api.md) · [Nexus engineering](../operations/nexus-engineering.md)