ARCANE World-Sense โ MCP Trust Artifacts
This repository is the verifiable public surface of the ARCANE World-Sense MCP server:
https://mcp.arcaneforecasting.com/mcp โ a no-auth, read-only, streamable-HTTP MCP
server that hands an agent structured, pre-published readings of ARCANE's current
geopolitical-risk picture.
The sensing engine that computes those readings stays private. What is published here is
only the surface a cautious consumer needs to audit one question:
If I wire this MCP server into my agent, can it take actions, exfiltrate anything, or
prompt-inject my model?
The short answer is no โ and these files are the source you can check it against.
Audit, don't reuse
These are trust artifacts, published so you can read them โ not a framework to fork.
Read them, compare them against the live server's behavior, and decide for yourself. If you
want the data, call the MCP server; you do not need to run any of this code.
Start with SECURITY.md โ it walks the safety argument end to end.
What ARCANE does โ and does not โ claim
ARCANE NOTICES the present. It reports what the world is doing right now, and how fresh
and how sure each reading is. It does not act, predict, or advise, and it never tells
your agent what to do. Every payload carries an in-band as_of timestamp, a stale flag,
and a fixed NOTICE-not-advice note; treat any absent field as "not available," never as zero.
File map โ what each file is, and what it proves
| File | What it is | What it proves |
|---|
worker.js | The entire Cloudflare Worker request path. | A read-only facade: every tool reads one pub_* value from a single public KV namespace and returns it verbatim โ no code execution, no outbound fetch, no access to your systems. Also shows the kill switch, the Cache-API-fronted read path, and the rate-limit posture. |
wrangler.toml | The Worker's deployment config. | The binding structure: the Worker binds only the public KV namespace, so it physically cannot address ARCANE's private data. Account and namespace identifiers are redacted to placeholders; no secret is present. |
snapshot_public.py | The projection layer that builds the public pub_* values. | The allow-list projection (only named fields are copied forward), the fail-closed leak guard (any forbidden field, phrase, or excluded source blocks the whole publish), and the instruction-injection neutralizer that scrubs third-party free text. |
snapshot_public_text.py | The capability statement and per-stream notes served in-band. | Exactly the human-readable copy the server hands back โ what it serves, what it never serves, and each stream's validation caveats. |
SECURITY.md | The security & safety writeup. | The full argument, plus what the server logs and how to verify the limits yourself. |
LICENSE | MIT. | โ |
Honest limits of this repo
Be clear on what this repo does and does not let you verify:
worker.js is the externally verifiable part. It is the actual request path. Anyone
can hit the live endpoint and compare behavior against this source; there is no in-band
deployment fingerprint, but the code is short enough to read and diff against in full.
snapshot_public.py documents intent, not the live request path. It runs in ARCANE's
private publishing pipeline, not in the Worker you call. It shows you the discipline
with which public payloads are built โ allow-list, leak guard, neutralizer โ but you are
trusting that the deployed pipeline matches this source. We say so plainly rather than
overstate it.
- Deployed โ published. In both cases you are trusting that the running system matches
this code. The surface is deliberately small so that trust is cheap to check.
More
- Live project: https://arcaneforecasting.com
- Found a concern โ a field that shouldn't be served, a neutralizer bypass? Open an issue or
reach the maintainer via the site. Responsible disclosure appreciated.