l0g risk intelligence · english

// mcp

MCP server

l0g exposes its data to AI agents through the Model Context Protocol, read-only. An agent can query Agent Surface, the OpenAPI contract, NDJSON feeds, Risk Diff, Black Box Recorder, claims, the evidence graph, sources, freshness, integrity, changefeed, signal history or full article text without scraping the site. No key, no authentication, no tracking.

Version française →

// why

AI agents increasingly read the web on behalf of humans, and they often do it badly: flattening HTML, losing context and mangling citations. For a site whose value depends on sourcing discipline, that is a risk. l0g publishes clean, attributable machine surfaces so the data can be reused exactly.

The Model Context Protocol extends the site philosophy: static-first, self-hosted, no tracking, no opaque proxy, read-only access and CC BY 4.0 reuse with attribution.

// endpoint

Streamable HTTP transport, request/response JSON mode.

https://l0g.fr/api/mcp

Read-only. The code and deployment procedure are public in the GitHub repository.

// resources

Documents and datasets are exposed as MCP resources. Agents can list resources with resources/list, read them with resources/read, and discover parameterized URIs with resources/templates/list.

URIContent
l0g://agent-manifestAgent Surface manifest
l0g://openapiComplete OpenAPI contract
l0g://freshnessCorpus and signal freshness
l0g://integrityCanonical SHA-256 fingerprints
l0g://changes/latestLatest editorial changes and publications
l0g://risk-diffRisk diff over 1, 7 and 30 days
l0g://black-boxHashed point-in-time risk frames
l0g://signals/currentCurrent signal state
l0g://signals/historyPoint-in-time signal history
l0g://mcp/serverMCP version, active SHA and server capabilities

// resource templates

TemplateContent
l0g://articles/{slug}First article page with metadata, references and text
l0g://articles/{slug}{?section,offset,limit}Targeted article page by section, offset and limit
l0g://articles/{slug}{?cursor}Article continuation through nextCursor
l0g://guides/{slug}First guide page with metadata and text
l0g://guides/{slug}{?section,offset,limit}Targeted guide page by section, offset and limit
l0g://guides/{slug}{?cursor}Guide continuation through nextCursor
l0g://claims/{claim_id}Claim-source relationship
l0g://sources/{source_id}Primary source or cited host
l0g://signals/{instrument}/currentCurrent signal and history
l0g://methodologies/{instrument}Methodology note

Templates enumerate known instances and propose variable completions. The public service is stateless and does not advertise live subscriptions; monitoring goes through l0g://changes/latest or get_changefeed.

// tools

Tools are reserved for operations: search, filtering, diff, replay, history, subgraph extraction or targeted reading. Full-text search remains local and deterministic, with no vector database or external provider. Long articles are paginated with continuation cursors, direct source access and separate references.

ToolArgumentsReturns
get_agent_manifestnoneAgent Surface manifest: capabilities, endpoints, usage rules, proof policies and counters.
get_risk_indicesnoneNormalized risk signals by instrument and 13FLOW confluence synthesis.
get_signal_historykey, limitLevel-change history, current signal state and 13FLOW confluence.
get_risk_diffwindowRisk diff over 1, 7 or 30 days: signals, sources, claims, models, articles and confidence.
get_black_boxdate, limitFramesPoint-in-time replay of hashed risk frames, with explicit refusal for non-replayable dates.
get_openapi_schemamode, pathSummarized, endpoint-targeted or complete OpenAPI contract.
get_ndjson_feedfeed, recordType, limitAllowlisted NDJSON feeds: catalog, claims, evidence graph, changefeed and signal history.
get_freshnesslimitCorpus and signal freshness: observedAt, computedAt, expiration, coverage and policy.
search_contentquery, mode, limitLocal deterministic full-text search on generated HTML, with catalog mode for audit.
get_claimsarticleSlug, kind, query, limitFilterable claim-source relationships with clickable references and dates when detectable.
get_claimclaimIdSingle claim, resource links and parent article.
get_claim_evidenceclaimId, limitPrudent evidence level for one claim. Direct proof only when reviewed by humans.
list_article_claimsarticleSlug, kind, limitClaims for an article, usable as entry points into the evidence graph.
find_claims_by_sourcesourceId, kind, limitClaims linked to a primary source, a name or a cited host.
get_sourcesourceId, limitPrimary source or cited host, with associated claims.
get_evidence_grapharticleSlug, nodeType, limitDirect subgraph: articles → claims → references → sources.
list_sourcesmode, limitInstitutional primary sources and hosts actually cited by claims.
get_integritypathCanonical SHA-256 fingerprints for Agent Surface, JSON and NDJSON surfaces.
verify_artifactpath, sha256Allowlisted artifact verification through the integrity manifest.
get_changefeedcontentType, limitLatest changes with objectId, current version/hash, diff status and semantic change.
get_changescontentType, slug, since, limitChangefeed filtered by type, slug and minimum date.
list_recent_analyseslimitLatest analyses, newest first.
list_guidesnoneReference guides.
search_by_topictopic, limitAnalyses attached to a topic hub.
get_articleslug, offset, cursor, limit, length, sectionPaginated text for an analysis or guide, with nextCursor and separate references.

// connect

Inspect tools with the official inspector:

npx @modelcontextprotocol/inspector

Connect a desktop client through the local bridge:

npx mcp-remote https://l0g.fr/api/mcp

Example compatible-client configuration:

{
  "mcpServers": {
    "l0g": {
      "command": "npx",
      "args": ["mcp-remote", "https://l0g.fr/api/mcp"]
    }
  }
}

Minimal raw JSON-RPC cycle:

curl -s -X POST https://l0g.fr/api/mcp \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/event-stream' \
  -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-11-25","capabilities":{},"clientInfo":{"name":"curl","version":"0.1"}}}'

curl -s -X POST https://l0g.fr/api/mcp \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/event-stream' \
  -d '{"jsonrpc":"2.0","method":"notifications/initialized"}'

curl -s -X POST https://l0g.fr/api/mcp \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/event-stream' \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/list","params":{}}'

// security and design

  • Read-only. No tool writes anything, and article access goes through a slug allowlist, with no arbitrary URL fetch.
  • Not exposed directly. The service listens locally, behind Apache TLS and proxying.
  • Anti-hijacking. Host and Origin validation on each request, against DNS rebinding attacks.
  • Bounded. Per-IP rate limiting, bounded request size and hardened system service.
  • No sensitive data. Everything is public: no key, no authentication and no tracking.

// other machine access

  • Agent Surface: manifest, OpenAPI, claims, evidence graph, integrity, changefeed and NDJSON.
  • Public API: risk indices, canonical Debt Risk snapshot and level-change feed.
  • llms.txt and llms-full.txt: concise map and full corpus.