Skip to content

Trailgenic/exmxc-workers

Repository files navigation

exmxc Workers

Cloudflare Worker implementation for the mcp.exmxc.ai executable intelligence node. The service is both:

  1. an agent-discoverable REST/JSON intelligence API, and
  2. a spec-compatible MCP JSON-RPC 2.0 server at POST /mcp.

The code keeps the ES-module Worker entrypoint (export default { fetch(request, env) }) and stores no secrets in source.

Canonical identity and build

  • Entity: exmxc
  • Domain: https://exmxc.ai
  • Founder: Mike Ye
  • Worker host: https://mcp.exmxc.ai
  • Build version: 2.1.0
  • Stable build date / last_updated: 2026-06-10

lib/registry.js is the single source of truth for entity metadata, build metadata, dataset registrations, callable data tools, content links, and federated registries.

Discovery endpoints

Canonical MCP discovery is served from https://mcp.exmxc.ai/.well-known/mcp.json; the apex https://exmxc.ai/.well-known/mcp.json is intentionally not served because the apex is Webflow on a DNS-only record. The transport endpoint is https://mcp.exmxc.ai/mcp.

  • GET / — REST/MCP discovery document
  • GET /.well-known/mcp.json — MCP discovery pointer
  • GET /capabilities.json — generated capability inventory
  • GET /.well-known/tool-registry.json — generated tool registry
  • GET /.well-known/openapi.json — OpenAPI document with servers: [{ url: "https://mcp.exmxc.ai" }]
  • GET /.well-known/manifest.json — generated manifest
  • GET /.well-known/ai-plugin.json — plugin manifest pointing at the OpenAPI document
  • GET /health — operational health check; uptime is not asserted in the payload and is observed through Cloudflare observability

All JSON responses use shared CORS headers. OPTIONS returns 204 with Access-Control-Allow-Methods: GET, POST, OPTIONS and Access-Control-Allow-Headers: content-type, mcp-protocol-version.

MCP JSON-RPC transport

POST /mcp accepts one JSON-RPC 2.0 request per HTTP request and returns an application/json response for synchronous tools. GET /mcp returns 405 with Allow: POST.

Supported methods:

  • initialize
  • notifications/initialized
  • ping
  • tools/list
  • tools/call

Example initialize request:

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "initialize",
  "params": { "protocolVersion": "2025-06-18" }
}

Example tool call:

{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "tools/call",
  "params": {
    "name": "ex.speg.get",
    "arguments": { "ticker": "NVDA" }
  }
}

tools/list, /capabilities.json, and /.well-known/tool-registry.json are generated from the same DATA_TOOLS registry so tool IDs and counts stay consistent.

Tool inventory

Callable JSON tools from DATA_TOOLS:

  • ex.entities.get
  • ex.speg.get
  • ex.datasets.index.get
  • ex.ai_power_index.get
  • ex.four_forces.get
  • ex.entity_in_a_box.get
  • ex.ai_power.analysis.top
  • ex.eei.audit.run

Content links from CONTENT_LINKS:

  • ex.framework.gethttps://exmxc.ai/frameworks
  • ex.signal.gethttps://exmxc.ai/signal-briefs
  • ex.lexicon.gethttps://exmxc.ai/lexicon
  • ex.capital.gethttps://exmxc.ai/capital
  • ex.doctrine.gethttps://exmxc.ai/leadership-doctrine
  • ex.about.gethttps://exmxc.ai/about-us
  • ex.audit.pagehttps://www.exmxc.ai/audit

REST data endpoints

Bundled datasets are imported directly into the Worker. Dataset updates require a Worker deploy.

  • GET /entities
    • Source: data/entities.json
    • Filters: industry, entity_type, posture, capability
    • Canonical entity-name field: company
  • GET /speg
    • Source: data/speg_index.json
    • Filters: sector, scarcity_layer, ticker
  • GET /datasets
    • Generated dataset index
  • GET /datasets/ai_power_index
    • Source: data/ai_power_index_dataset_v1.json
  • GET /datasets/ai_power_index/schema
    • Source: schema/ai_power_index.schema.json
  • GET /datasets/four_forces
    • Source: data/four_forces_dataset_v1.json
  • GET /datasets/entity_in_a_box_v1
    • Source: data/entity_in_a_box_v1.json
  • GET /datasets/entity_in_a_box
    • Compatibility alias for /datasets/entity_in_a_box_v1
  • GET /analysis/ai_power/top?limit=10
    • Top AI Power Index records sorted by ai_power_index
  • GET /audit/run?url=https://exmxc.ai
    • Live Entity Engineering Index audit for a public URL
  • GET /schema
    • Source: schema/schema.json
  • GET /definitions
    • Source: schema/definitions.json
  • GET /index
    • Source: index.json, with total_entities computed dynamically from the bundled entities length

Dataset examples

Entity record example using canonical company:

{
  "company": "BlackRock",
  "industry": "Financial",
  "entity_type": "Public Company",
  "posture": "Open",
  "capability": "High",
  "ecc": 86
}

sPEG record example using the row-level date field:

{
  "entity_id": "nvidia",
  "company": "NVIDIA",
  "ticker": "NVDA",
  "sector": "AI Semiconductor",
  "scarcity_layer": "Compute",
  "date": "2026-02-13",
  "price_usd": 182.78,
  "speg": 0.63
}

AI Power Index record shape:

{
  "entity_name": "NVIDIA",
  "compute_exposure": 10,
  "interface_exposure": 9,
  "alignment_exposure": 7,
  "energy_exposure": 8,
  "ai_power_index": 8.6
}

AI jobs signal endpoint

GET /api/ai-jobs-signal remains an experimental ADS endpoint backed by Anthropic for synthetic posting generation. Benchmark and signal responses include:

  • data_provenance: "synthetic-llm-generated"
  • disclaimer: "Postings are model-generated illustrations for ADS analysis, not scraped or verified labor-market data."

Required Worker secret

The ADS signal route requires an Anthropic Worker secret binding:

wrangler secret put ANTHROPIC_API_KEY

Do not place ANTHROPIC_API_KEY in wrangler.jsonc, source files, or documentation beyond the binding name.

Wrangler configuration

The active deployed Worker config is:

  • wrangler.jsonc — main mcp.exmxc.ai/* Worker with observability enabled

The legacy workers/root-discovery/wrangler.jsonc remains in the repo for reference only. Its apex exmxc.ai/.well-known/* route is intentionally abandoned because the apex is Webflow on a DNS-only record and canonical discovery is served by mcp.exmxc.ai.

Deployment

Deploys are automatic on every push to main through .github/workflows/deploy.yml; no manual wrangler deploy is required for normal releases. The workflow also supports workflow_dispatch for an explicit redeploy.

The deploy job deploys the canonical exmxc-workers Worker from wrangler.jsonc. The abandoned exmxc-root-discovery Worker is not deployed by CI because apex discovery is intentionally not served; canonical discovery lives on mcp.exmxc.ai.

After deployment completes, the verify live job waits for edge propagation and runs:

node scripts/live-acceptance.mjs

The live acceptance harness checks the production origins, including POST /mcp, canonical REST/MCP discovery on mcp.exmxc.ai, tool inventory consistency, dataset/schema endpoints, CORS, and health semantics. Apex discovery is probed for information only and never fails CI. The workflow fails if the canonical live result does not pass these checks.

One-time GitHub Actions secret setup is required in repo Settings → Secrets and variables → Actions:

  • CLOUDFLARE_API_TOKEN — scoped Cloudflare API token for deploying Workers and routes
  • CLOUDFLARE_ACCOUNT_IDaeb064fbc195ef8f54ebce0f51897a63

Do not commit the Cloudflare API token or any other secret value to source.

Registry submission packet

The registry/ directory contains a generated MCP registry submission packet for external discovery directories. Regenerate it whenever lib/registry.js changes:

node scripts/build-registry-packet.mjs

The generator imports the canonical entity, build, transport, and DATA_TOOLS definitions from lib/registry.js, then rewrites:

  • registry/packet.json
  • registry/server.json
  • registry/SUBMISSION.md

This keeps registry submission metadata aligned with the live MCP tool inventory.

Repository structure

worker.js                         Main Cloudflare Worker
lib/http.js                       Shared JSON/CORS response helpers
lib/registry.js                   Single source of truth for metadata, datasets, tools, links, federation
lib/queries.js                    Shared REST + MCP query implementations
lib/ads-classifier.js             ADS classification helper
lib/ads-taxonomy.js               ADS taxonomy definitions
data/*.json                       Bundled datasets
schema/schema.json                Entity dataset schema with canonical company field
schema/definitions.json           Semantic definitions
schema/ai_power_index.schema.json AI Power Index JSON Schema
index.json                        Static entity dataset index baseline
scripts/live-acceptance.mjs        Live deploy acceptance harness
scripts/build-registry-packet.mjs   Registry packet generator
registry/                           Generated MCP registry submission packet
workers/root-discovery/worker.js  Unused root .well-known MCP pointer Worker reference

MCP modernization notes (v2.3.0)

exmxc exposes a REST/JSON intelligence API plus an MCP server using Streamable HTTP on Cloudflare Workers. Tool and resource inventories are generated from lib/registry.js; public REST aliases and bundled dataset payloads are preserved.

ADS signal route

GET /api/ai-jobs-signal without signal parameters returns the deterministic public benchmark. Paid signal generation uses POST /api/ai-jobs-signal and requires Authorization: Bearer <ADS_SIGNAL_KEY>. The Cloudflare deployment should add a rate rule on this path as defense in depth.

Audit route

/audit/run and the ex.eei.audit.run tool remain public but validate targets before contacting the upstream audit service. The upstream service at exmxc-audit.vercel.app must independently enforce DNS-resolution and redirect checks against private, loopback, link-local, and reserved ranges; that external security dependency is not satisfied by this repository alone. Conservative Cloudflare rate limiting should be applied to /audit/run and audit calls arriving via /mcp as deployment configuration.

Structured content compatibility

Successful tool calls keep content[0].text as the JSON serialization of the complete handler result. structuredContent is only emitted for protocol-valid object results; top-level array results remain text-only to avoid introducing an unapproved wrapper.

About

Cloudflare Worker for exmxc.ai MCP endpoints (.well-known registry + transparency page)

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors