72
/ 100
25 days ago
smithery

SpecLock - AI Constraint Engine

AI Constraint Engine with AI Patch Firewall. 42 MCP tools. Patch Gateway (ALLOW/WARN/BLOCK verdicts), diff-native review (10 scored signals, hard escalation rules), Spec Compiler, Code Graph, Typed constraints, Python SDK, ROS2. Works with Claude Code, Cursor, Windsurf, Cline, Bolt.new, Lovable. 1073 tests. Free and open source. By Sandeep Roy.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 10 credentials: ANTHROPIC_API_KEY, GEMINI_API_KEY, GOOGLE_API_KEY, OPENAI_API_KEY, SPECLOCK_API_KEY, SPECLOCK_AUDIT_SECRET, SPECLOCK_ENCRYPTION_KEY, SPECLOCK_LICENSE_KEY, SPECLOCK_LLM_KEY, SPECLOCK_SSO_CLIENT_SECRET
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretANTHROPIC_API_KEY
🔐 secretGEMINI_API_KEYGoogle Gemini API key for hybrid conflict detection
🔐 secretGOOGLE_API_KEY
🔐 secretOPENAI_API_KEY
configPORT
🔐 secretSPECLOCK_API_KEYAPI key for authenticated access
configSPECLOCK_API_URL
🔐 secretSPECLOCK_AUDIT_SECRET
configSPECLOCK_CLI_NO_AUTORUN
configSPECLOCK_CORS_ORIGINS
🔐 secretSPECLOCK_ENCRYPTION_KEYexport ="your-secret"
🔐 secretSPECLOCK_LICENSE_KEY
🔐 secretSPECLOCK_LLM_KEYYour own LLM API key (Gemini/OpenAI/Anthropic)
configSPECLOCK_LLM_PROVIDER
configSPECLOCK_NO_PROXYfalse Set true for heuristic-only mode (~250ms). Skips the Gemini proxy (~2s)
configSPECLOCK_PROJECT_ROOT
configSPECLOCK_PROXY_URL
configSPECLOCK_PUBLIC_URL
configSPECLOCK_RATE_LIMIT
configSPECLOCK_SAVES_DIR
configSPECLOCK_SSO_CLIENT_ID
🔐 secretSPECLOCK_SSO_CLIENT_SECRET
configSPECLOCK_SSO_ISSUER
configSPECLOCK_SSO_REDIRECT_URI
configSPECLOCK_STRICTDefault WARN mode — no more false-positive blocks. Loud warnings instead. Opt in to strict with --strict or =1.
configSPECLOCK_TELEMETRYfalse Opt-in anonymous usage analytics
configSPECLOCK_TELEMETRY_ENDPOINT
configSPECLOCK_VERBOSE
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 7 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/sgroy10-speclock-35bwua)](https://m8ven.ai/mcp/sgroy10-speclock-35bwua)
commit: c92306a8c34f25da70034432909efe943f302319
code hash: 3cd8ee5871cf6abeba388aa28cd7b7578e3fd0d80d48d72dd7359d22a6a4681a
verified: 6/9/2026, 10:26:41 AM
view raw JSON →
SpecLock - AI Constraint Engine · M8ven Trust Score | M8ven