Skip to content

REST API and MCP server

Cortex exposes two surfaces to its consumers. Both provide access to the same domain logic; they differ in protocol, authentication and intended audience.


The REST API is an HTTP/JSON interface for programmatic access: scripts, CI pipelines, custom services, the web UI.

Two authentication methods are supported, checked in order:

  1. Bearer JWT (Supabase) — for human users logged in through the UI. The JWT carries the user’s email and role.
  2. X-API-Key header — for scripts, services and automated access. The API key is set via the CORTEX_API_KEY environment variable.

If neither is provided, the request is rejected with 401.

Route groupPurposeMin role
/api/atomsRead atom cataloguereader
/api/catalogue/blocsRead bloc cataloguereader
/api/profilsRead HYOS profilesreader
/api/blocsWrite blocs (ingestion)producteur
/api/profils/ingestWrite profiles (ingestion)producteur
/api/governance/*Governance rules and audit trailreader (read) / admin (write)
/api/memory/*Per-project memory (read/write)contributor
/api/workspace/*Project, mission, ODM, task lifecyclecontributor
/api/library/*Document librarycontributor
/api/searchFull-text + faceted searchreader
/api/account/*User profile, provider credentialsJWT required
/healthHealth checknone

All responses follow a consistent envelope:

{
"ok": true,
"data": { ... }
}

Or on error:

{
"ok": false,
"error": { "message": "...", "code": "SOME_CODE" }
}

The Model Context Protocol server is designed for LLM clients: Claude.ai, ChatGPT Custom Connectors, Cursor, or any MCP-compatible tool.

The MCP server supports two authentication methods:

  1. OAuth 2.0 — for production LLM clients. The server implements the full OAuth authorization flow with a PostgreSQL-backed provider. Discovery is available at /.well-known/oauth-authorization-server.
  2. X-API-Key header — for local development and testing.

The MCP server uses StreamableHTTP transport (HTTP-based, not SSE). This is the standard MCP transport for server deployments.

All MCP tools are prefixed with hcm_ (the internal engine name). Examples:

MCP toolPurposeMin role
hcm_statusHealth checkreader
hcm_search_atomsSearch atoms by textreader
hcm_get_atomGet one atom by idreader
hcm_get_nodeGet one graph nodereader
hcm_get_edgesGet edges for a nodereader
hcm_contextGet project contextreader
hcm_faceted_searchFaceted catalogue searchreader
hcm_traverseTraverse the graphreader
hcm_subgraphExtract a subgraphreader
hcm_graph_queryRun a SELECT queryreader
hcm_impactImpact analysisreader
hcm_draftDraft workspace artefactcontributor
hcm_depositDeposit memory entrycontributor
hcm_ingest_blocIngest a blocproducteur
hcm_ingest_profilIngest a profileproducteur
hcm_delete_documentDelete a documentcontributor

Every tool call is checked against a minimum role requirement (TOOL_MIN_ROLES) before the handler executes. If the session role is insufficient, the call is rejected. The role hierarchy is: reader < contributor < producteur < admin.

The MCP server’s CORS policy defaults to allowing https://claude.ai and https://chatgpt.com. Override via the MCP_CORS_ORIGINS environment variable (comma-separated list of allowed origins).


ScenarioUse
LLM agent reading profiles at session startMCP server
LLM agent depositing memory after a sessionMCP server
CI pipeline ingesting blocs from a Git repoREST API
Web UI browsing the catalogueREST API
Custom service checking project driftREST API
Claude.ai user exploring the catalogue via tool callsMCP server
Batch script importing 100 profilesREST API
Health monitoringREST API (/health) or MCP server (/health)

Both surfaces are backed by the same domain services. There is no feature available on one surface that is architecturally impossible on the other — the difference is in protocol, authentication method and ergonomics for the consumer.