SpecLock - AI Constraint Engine

AI Constraint Engine with AI Patch Firewall. 42 MCP tools. Patch Gateway (ALLOW/WARN/BLOCK verdicts), diff-native review (10 scored signals, hard escalation rules), Spec Compiler, Code Graph, Typed constraints, Python SDK, ROS2. Works with Claude Code, Cursor, Windsurf, Cline, Bolt.new, Lovable. 1073 tests. Free and open source. By Sandeep Roy.

→ sgroy10/speclock· 3.8K installs· listed on smithery

Install from

Smithery Glama Smithery

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 10 credentials: ANTHROPIC_API_KEY, GEMINI_API_KEY, GOOGLE_API_KEY, OPENAI_API_KEY, SPECLOCK_API_KEY, SPECLOCK_AUDIT_SECRET, SPECLOCK_ENCRYPTION_KEY, SPECLOCK_LICENSE_KEY, SPECLOCK_LLM_KEY, SPECLOCK_SSO_CLIENT_SECRET

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

🔐 secretANTHROPIC_API_KEY

🔐 secretGEMINI_API_KEY

🔐 secretGOOGLE_API_KEY

🔐 secretOPENAI_API_KEY

configPORT

🔐 secretSPECLOCK_API_KEY

🔐 secretSPECLOCK_AUDIT_SECRET

configSPECLOCK_CLI_NO_AUTORUN

configSPECLOCK_CORS_ORIGINS

🔐 secretSPECLOCK_ENCRYPTION_KEY

🔐 secretSPECLOCK_LICENSE_KEY

🔐 secretSPECLOCK_LLM_KEY

configSPECLOCK_LLM_PROVIDER

configSPECLOCK_NO_PROXY

configSPECLOCK_PROJECT_ROOT

configSPECLOCK_PROXY_URL

configSPECLOCK_RATE_LIMIT

configSPECLOCK_SSO_CLIENT_ID

🔐 secretSPECLOCK_SSO_CLIENT_SECRET

configSPECLOCK_SSO_ISSUER

configSPECLOCK_SSO_REDIRECT_URI

configSPECLOCK_STRICT

configSPECLOCK_TELEMETRY

configSPECLOCK_TELEMETRY_ENDPOINT

configSPECLOCK_VERBOSE

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 6 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/sgroy10-speclock-35bwua)](https://m8ven.ai/mcp/sgroy10-speclock-35bwua)

commit: 9e87622fc6495c7854c35d05213cb454426e7d75

code hash: dab5c0ccb6c95fe15aa51bffb4ad2472e48710e33db4075be95c5efb035d1b89

verified: 4/11/2026, 1:30:59 PM

view raw JSON →