Skip to content
← All docsMCP server

Verify inside your agent

A local MCP server exposing norma_check and norma_fix to an AI coding agent.

Experimental. The MCP server is built but not published, and should not be exposed more widely until the live accuracy eval is green, since it hands the judge to any agent that connects.

Norma ships a local MCP server so an AI coding agent can verify its own output against the spec and pull a repair prompt without a human in the loop. It exposes two tools, norma_check and norma_fix, that map to the CLI commands of the same name.

It is a thin adapter over the same library the CLI uses, so scoring, extraction, and the secret exclude list are identical, and your code never leaves the machine. The server uses your own API key from the environment and only ever reads the filesystem; it does not modify files, it returns the fix for the agent to apply.

Register it

Build the CLI once (cd cli && npm install && npm run build, Node 18+), then point any MCP-capable client (Claude Code, Cursor, Windsurf) at the built norma-mcp file:

{
  "mcpServers": {
    "norma": {
      "command": "node",
      "args": ["/absolute/path/to/norma/cli/dist/mcp/server.js"],
      "env": { "ANTHROPIC_API_KEY": "sk-ant-..." }
    }
  }
}

After a client restart, norma_check and norma_fix appear in the client's tool list.

Both tools take the same optional inputs as the CLI: path (defaults to the working directory), spec, pr, threshold, model, provider, and report (upload this run to the dashboard; defaults to on when NORMA_API_KEY is set).

Two kinds of keys

Norma touches two unrelated credentials, and the server warns at startup when it sees one in the other's place. A model provider key (ANTHROPIC_API_KEY, OPENAI_API_KEY, ...) pays for the judge's model calls and is required. A Norma dashboard key (sk-norma-..., created in the dashboard under API keys) only uploads reports and is optional. Both live in the client's env block, never in tool-call arguments, so they cannot leak into agent transcripts.

Send reports to your dashboard

Create a key in the dashboard, add it as NORMA_API_KEY next to your model key, and every run's report lands in your dashboard, grouped by repository — the same pipeline as the CLI's --report:

{
  "mcpServers": {
    "norma": {
      "command": "node",
      "args": ["/absolute/path/to/norma/cli/dist/mcp/server.js"],
      "env": {
        "ANTHROPIC_API_KEY": "sk-ant-...",
        "NORMA_API_KEY": "sk-norma-..."
      }
    }
  }
}

Once the key is in the env block, upload is on by default for every run. Only the report document plus identity fields (repo slug, git ref, project name) is uploaded — never source code. An upload failure is reported in the tool result but never invalidates the verification itself. Pass report: false in a tool call to keep a run local.

CLIRemediationConfiguration
Did the build keep its promises?

AI can write the code.
Who verifies the intent?

Run your first Norma check $ norma check