Model Context Protocol
Write MCP servers. Audit MCP servers. Be an MCP server. Three capabilities. One language.
The agent lifecycle
Write an MCP server in .kern. Guards, tools, resources, prompts — all declarative. Compiles to a production MCP server with security built in.
mcp name=FileTools version=1.0
tool name=readFile
description text="Read a file"
param name=path type=string
guard type=pathContainment
param=path allowlist=/data
handler <<<
const content = await
fs.readFile(params.path, 'utf-8');
return { content: [{
type: "text", text: content
}] };
>>>MCP server docs →12 security rules mapped to the OWASP MCP Top 10. Catches command injection, tool poisoning, path traversal, secrets leaks, and more.
$ kern review-mcp src/server.ts ! MCP01 command-injection User param flows to exec() server.ts:24 ! MCP03 tool-description-poisoning Hidden instruction in description server.ts:8 ~ MCP06 missing-input-validation Tool param used without validation server.ts:31 \u2713 3 findings (2 errors, 1 warning)MCP security rules →
@kernlang/mcp-server gives any AI agent the ability to write, compile, review, and self-correct .kern code. 11 tools. 3 resources. 1 prompt.
// Agent self-correction loop
1. schema → "what can I write?"
2. write .kern → generate code
3. compile-json → "did I get it right?"
4. if errors:
read diagnostics
fix and goto 3
5. done — zero human interventionSetup guide →MCP tools
compile targets
security rules
review rules
11 tools, 3 resources, and a system prompt — everything an agent needs to write production code.
compileCompile .kern to any of 12 targets. Returns generated code.
compile-jsonCompile with structured JSON diagnostics — line, col, suggestion. For self-correction loops.
schemaFull language schema as JSON. Node types, props, children, shorthands.
review98 static analysis rules on TypeScript/JavaScript. Taint tracking, OWASP.
review-kernLint .kern source for structural issues and pattern violations.
review-mcp-serverScan MCP server code. 12 rules mapped to OWASP MCP Top 10.
parseParse .kern to IR. Debugging and structure inspection.
decompileIR back to readable .kern text.
validateSyntax check without compilation.
list-targetsAll 12 compile targets with descriptions.
list-nodesBrowse node types by category with props and children.
Plus 3 resources (kern://spec, kern://examples/{category}, kern://targets) and a write-kern system prompt.
One line. Your agent can now write, compile, and review KERN code.
{
"mcpServers": {
"kern": {
"command": "npx",
"args": ["@kernlang/mcp-server"]
}
}
}{
"mcpServers": {
"kern": {
"command": "npx",
"args": ["@kernlang/mcp-server"]
}
}
}claude mcp add kern -- npx @kernlang/mcp-server{
"kern": {
"command": "npx",
"args": ["@kernlang/mcp-server"]
}
}KERN runs an MCP server on this site. Point any MCP client at it — no install required.
https://kernlang.dev/api/mcpStreamable HTTP transport. Compatible with any MCP client that supports remote servers.
Scan MCP servers for vulnerabilities directly in the editor. 12 rules mapped to OWASP MCP Top 10 — inline diagnostics, no setup.
ext install kernlang.kern-mcp-securityMCP is how AI agents discover and use tools. KERN is the first language where the language itself is an MCP tool.
Agents discover KERN through MCP. No npm install needed for the hosted endpoint. Copy one URL, paste into your client.
compile-json returns structured diagnostics. Agents fix their own mistakes in a loop — no human intervention.
MCP servers compiled from .kern include guards. MCP servers reviewed by kern catch OWASP Top 10. Both sides covered.
One MCP server. 12 targets. 98 review rules. Your agent writes better code.