Mission MCP for LLMs · Technical reference

Install, verify, and call the gate.

Concrete API reference for builders integrating Mission with Claude, ChatGPT/OpenAI, coding agents, browser agents, and future LLM clients. Claude is the first packaged setup path; the underlying Trust Graduation contract is model-agnostic. For the protocol's design philosophy and trust model, see builders.html. For the full open specification, see Trust Graduation Protocol v0.1.

1. Install

Mission's current Claude route ships two install modes via a single npm package. OpenAI/ChatGPT uses the hosted app/MCP surface; other LLM clients can use the same MCP/API and Trust Graduation contract as support lands.

Claude Desktop — remote bridge (default)

npx -y @gomission/mcp install-claude

Writes mcpServers.gomission in Claude Desktop's config pointing at mcp-remote, which bridges stdio to the hosted MCP at https://claude.gomission.io/mcp/. OAuth opens in your browser on first use.

Claude Desktop — local stub

npx -y @gomission/mcp install-claude --local

Runs a packaged zero-dependency stdio MCP server locally. Exposes the four Trust Graduation primitives and writes receipts to ~/.gomission-mcp/receipts/ (or your existing Mission workspace if MISSION_WORKSPACE is set).

claude.ai — Custom Connectors UI

The Claude Desktop config file does not honor remote MCP URLs directly. On claude.ai (the web app), add Mission via Settings → Connectors → Add custom connector with URL https://claude.gomission.io/mcp/.

Server key. The install uses mcpServers.gomission instead of mcpServers.mission so the full Mission product's own installer (mission mcp install-claude) can coexist with this one.

2. Tell Claude to use Mission (required)

Installing Mission makes the gate available. Claude does not call it by default. You must give Claude the routing instruction once per profile (or once per conversation) for the gate to actually fire.

Paste this instruction into Claude Desktop's Settings → Profile → Personal preferences, into a Claude Project's instructions, or at the top of any Mission session:

Mission is my permission layer. Before any external action
(send email, post publicly, schedule, spend, publish, modify
external records), call the request_approval tool with
action_class and a one-line summary, then call
mission_check_approval until decision=approved. Do not act
until approved. If denied, stop and tell me. If unsure which
action_class applies, call mission_classify first.

The same string is returned by mission_status in the agent_instructions field — agents that call mission_status at session start can self-bootstrap by following those instructions for the rest of the session.

Why this is needed

MCP servers are tools, not policies. Mission exposes request_approval as an available tool; Claude has no built-in mapping that says "this tool call is consequential, route it through Mission first." The instruction is the manual wire that creates the mapping for the rest of the session.

Test it after install

Ask Claude:

send an email to me at <your@address> saying hello from Mission

You should see Claude call mission.request_approval first, return an approval ceremony block with a receipt_id and an approve_url, then wait. Click the URL, approve in the browser, and Claude's next mission_check_approval call returns decision: "approved" and the agent resumes.

If the email goes out without the ceremony, the instruction was not applied — re-add it to the Profile or the conversation and restart.

2. Verify

npx -y @gomission/mcp verify

Reads Claude Desktop's config, classifies the gomission entry, and probes the remote endpoint with a real initialize + tools/list round-trip. Confirms the four ceremony primitives are exposed.

Exit code	Meaning
`0`	Healthy. Mode classified, probe ok if applicable.
`2`	Not installed. Config file or entry missing.
`3`	Misconfigured. Entry uses an unsupported shape (e.g. raw `url` field).
`4`	Probe failed. Endpoint did not respond correctly.

Add --json for machine-readable output, --no-probe to skip the round-trip.

3. Remote MCP tools

The hosted MCP at https://claude.gomission.io/mcp/ exposes 16 tools. Twelve are read-only data tools; four are Trust Graduation primitives.

Tool	Purpose	Side effects
`mission_today`	Daily 3 things, draft queue count, voice confidence, recommended next action.	none
`mission_search`	Search prepared Mission context across tasks, loops, drafts, receipts, rules.	none
`mission_fetch`	Fetch a specific Mission object by reference.	none
`mission_open_loops`	Open loops awaiting follow-through.	none
`mission_draft_queue`	Drafts and approval packets awaiting review.	none
`mission_proof_loop`	The current Gmail proof loop.	none
`mission_voice_profile`	Operator voice profile for draft generation.	none
`mission_receipts`	Recent receipts.	none
`mission_learning_status`	Trust learning evidence and status.	none
`mission_market_radar`	Market signals tracked by Mission.	none
`mission_prepare_approval_packet`	Prepare a local approval packet for review.	local prepare
`mission_prepare_market_countermove`	Prepare a local countermove proposal.	local prepare
`mission_status`	Gate status, version, action classes, wedge.	none
`request_approval`	Hold a consequential action and return the ceremony.	ephemeral receipt
`log_action`	Log a safe internal action. Returns a receipt id.	ephemeral receipt
`get_receipt`	Fetch a receipt by id (ephemeral on the hosted MCP).	none

Receipts on the hosted MCP are ephemeral. They are returned in the response but not persisted. For persistent receipts, install local mode or run the full Mission product.

4. Ceremony primitives

Four MCP tools surface the Trust Graduation gate. Call mission_status once per session to introduce the permission layer to the user. Call request_approval before any consequential action.

mission_status

// request
{ "name": "mission_status", "arguments": {} }

// response (excerpt)
{
  "ok": true,
  "server": "gomission.io/mcp/ (remote demo)",
  "version": "0.1.0-demo",
  "mission_ceremony": "Mission gate active. Read-only by protocol: nothing sends, posts, schedules, or spends without explicit approval.",
  "action_classes": ["draft.compose", "email.send.external", "social.post.public", "payment.initiate", ...],
  "wedge": "Any LLM can do more for you once Mission decides what it is allowed to do.",
  "no_execution": true,
  "approval_required_for_actions": true
}

request_approval

// request
{
  "name": "request_approval",
  "arguments": {
    "action_class": "email.send.external",
    "summary": "Reply to Sandro about pilot fit",
    "evidence": "Inbound on 2026-06-12 asking about onboarding"
  }
}

// response (excerpt)
{
  "ok": true,
  "decision": "approval_required",
  "action_class": "email.send.external",
  "summary": "Reply to Sandro about pilot fit",
  "receipt_id": "gm-mqawqzu6-05bc46",
  "status": "pending_approval",
  "mission_ceremony": "Mission is holding this action until you approve.\nAction class: email.send.external. Summary: Reply to Sandro about pilot fit.\nWhy: Trust Graduation gates this class until evidence and approval lift it.\nReceipt id: gm-mqawqzu6-05bc46. Approve in Mission Control or reply: \"approve gm-mqawqzu6-05bc46\"."
}

log_action and get_receipt

// log a safe internal action
{ "name": "log_action", "arguments": { "action_class": "draft.compose", "summary": "Drafted reply to Sandro" } }
// returns receipt_id

// look it up later
{ "name": "get_receipt", "arguments": { "receipt_id": "gm-..." } }

5. OAuth scopes

The hosted MCP exposes standard OAuth metadata at /.well-known/oauth-authorization-server. Five read scopes are advertised.

Scope	Grants
`read_today`	Daily prepared context.
`read_drafts`	Local drafts and approval packets.
`read_receipts`	Receipts.
`read_voice_profile`	Voice profile.
`read_research`	Research and learning status.

Demo OAuth. The hosted MCP issues a shared demo token via an auto-approve consent page. Do not point it at real workspace data. For production-grade auth, install local mode.

6. Trust Graduation reference wrapper

To implement the gate in your own agent runtime (not via the Mission MCP), use the reference wrapper package.

npm install @gomission/trust-graduation

The package exposes the v0.1 contract:

import { createTrustEngine, filesystemStorage } from "@gomission/trust-graduation";

const trust = createTrustEngine({
  storage: filesystemStorage({ dir: ".trust-graduation" }),
});

trust.recordEvidence({ action_class, label, date, meta });
trust.posterior(action_class);        // { mean, ci_low, ci_high, samples, ... }
trust.tier(action_class);             // "gated" | "supervised" | "auto_capped" | "review"
trust.graduationReady(action_class);  // boolean
trust.requiresReview(action_class);   // boolean
trust.gate(action_class);             // { tier, decision, post }

Zero dependencies. Beta(2, 2) prior, weighted label updates, 95% credible interval via bisection on the regularized incomplete beta. Memory or filesystem storage; bring your own backend with { append, all, forClass }.

7. Canonical action classes

v0.1 SHOULD use dot-notation lowercase identifiers. Internal classes can graduate from gated through evidence. External-effect classes never auto-promote past gated — they always require explicit principal approval.

Action class	Type	Description
`draft.compose`	internal	Compose a draft for outbound message.
`draft.response`	internal	Compose a reply draft.
`email.send.internal`	internal	Send to an established recipient.
`email.send.external`	external	Send to a non-established recipient.
`calendar.create`	internal	Create or modify a calendar event.
`social.post.public`	external	Publish to a public social channel.
`payment.initiate`	external	Initiate a payment.
`proposal.submit`	external	Submit a proposal to an external party.

Implementations MAY add classes provided they use the same evidence + posterior contract.

8. Canonical labels & weights

All recorded decisions normalize to one of eight labels before computing weight.

Normalized label	Weight	Quality
`sent`	+1.00	strong
`approved`	+0.85	strong
`minor_edit`	+0.35	partial
`edited`	-0.15	ambiguous
`heavy_rewrite`	-0.55	partial
`held`	0.00	neutral
`rejected`	-1.00	strong
`dropped`	-1.00	strong

Labels matching the trust-violation pattern carry weight -1 and force the action class into review until the principal clears it.

9. Wrap a Claude API tool call

Combine the Anthropic SDK with the reference wrapper. Gate before the tool runs; record evidence after the principal decides.

import Anthropic from "@anthropic-ai/sdk";
import { createTrustEngine, filesystemStorage } from "@gomission/trust-graduation";

const anthropic = new Anthropic();
const trust = createTrustEngine({
  storage: filesystemStorage({ dir: ".trust-graduation" }),
});

const today = () => new Date().toISOString().slice(0, 10);

async function sendEmail(args) {
  // your real send implementation
  return { delivered: true, to: args.to };
}

async function handleToolUse(toolName, args) {
  const actionClass = mapToolToActionClass(toolName, args);  // e.g. "email.send.external"
  const decision = trust.gate(actionClass);

  if (decision.decision === "approval_required") {
    return {
      type: "tool_result",
      is_error: true,
      content: [{ type: "text", text:
        `Mission is holding this action until you approve.\n` +
        `Action class: ${actionClass}. Tier: ${decision.tier}. ` +
        `Surface this to the principal and resume only after they approve.` }],
    };
  }

  const result = await sendEmail(args);
  trust.recordEvidence({ action_class: actionClass, label: "sent", date: today() });
  return { type: "tool_result", content: [{ type: "text", text: JSON.stringify(result) }] };
}

10. Wrap an OpenAI function call

import OpenAI from "openai";
import { createTrustEngine } from "@gomission/trust-graduation";

const openai = new OpenAI();
const trust = createTrustEngine();
const today = () => new Date().toISOString().slice(0, 10);

async function runWithGate(actionClass, fn, args) {
  const decision = trust.gate(actionClass);
  if (decision.decision === "approval_required") {
    return { role: "tool", content: JSON.stringify({
      status: "approval_required",
      action_class: actionClass,
      tier: decision.tier,
      ceremony: `Mission is holding ${actionClass} until you approve.`,
    }) };
  }
  const result = await fn(args);
  trust.recordEvidence({ action_class: actionClass, label: "sent", date: today() });
  return { role: "tool", content: JSON.stringify({ status: "executed", result }) };
}

11. Troubleshooting

Claude does not call any Mission tools after install

Restart Claude Desktop completely after install (Quit, not just close window).
Run npx -y @gomission/mcp verify — confirms config presence and probes the endpoint.
On macOS, MCP server logs live at ~/Library/Logs/Claude/mcp-server-gomission.log.

verify reports mode "remote-url"

Your config was written by a pre-0.1.2 install that used {url: ...}, which Claude Desktop does not honor. Run npx -y @gomission/mcp install-claude to overwrite with the working mcp-remote bridge.

OAuth window opens but never returns

The first install of mcp-remote downloads a small package. Slow networks may exceed Claude Desktop's startup timeout. Run npx -y mcp-remote https://claude.gomission.io/mcp/ once in a terminal to warm the cache, then restart Claude Desktop.

Tools list returns 12 instead of 16

You are connected to https://gomission.io/mcp/ (the OpenAI app endpoint) instead of https://claude.gomission.io/mcp/. Reinstall with install-claude --remote in 0.1.2 or later.