Blocker-aware decision layer for AI coding agents, grounded in source-linked, time-sensitive facts.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"pocketlantern": {
"command": "pocketlantern-mcp"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Your AI agent sounds confident. It missed the blockers.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'pocketlantern' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked pocketlantern against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in ai-ml / developer-tools
Persistent memory using a knowledge graph
Read, write, and manage files on the local filesystem
A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.
MCP Security Weekly
Get CVE alerts and security updates for io.github.pocketlantern/pocketlantern and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Your AI agent sounds confident. It missed the blockers.
Prices shift, versions break, licenses change. PocketLantern is a blocker-aware decision layer for AI coding agents, grounded in source-linked, time-sensitive facts.
Ask your AI agent after installing PocketLantern:
"Which auth provider — Clerk, Auth0, or Cognito?"
⚠️ Cognito password hashes are permanently non-exportable
⚠️ Auth0 password export requires support ticket — Free tier excluded
⚠️ Auth0 Rules/Hooks EOL 2026-11-18 — Actions not portable
✅ Clerk has the most flexible migration path
"Should I upgrade to Next.js 16?"
⚠️ Sync API access fully removed — all dynamic calls must be awaited
⚠️ Custom webpack config breaks next build
⚠️ next lint removed — switch to Biome or ESLint CLI
⚠️ Requires Node.js 20.9.0+, TypeScript 5.1.0+, React 19.0+
✅ Plan phased migration — codemod doesn't cover webpack or middleware
"Can I use the OpenAI Realtime API?"
⚠️ gpt-4o-realtime-preview removed 2026-05-07
⚠️ Beta interface (realtime=v1 header) removed same date
⚠️ GA event schema incompatible — 4 event renames
✅ Start on GA from day one — or plan dual-stack migration
Three questions. Three blocker types. Same AI, different facts.

Prerequisites: Node.js >= 22, an MCP client (Claude Code, Cursor, etc.)
npm install -g pocketlantern
In your project directory:
cd your-project
pocketlantern init
init registers the MCP server in ~/.claude.json and adds a one-line rule to your project's CLAUDE.md. Restart Claude Code (Ctrl+C, then run claude again), then ask your first query.
Add to your MCP config (Cursor: ~/.cursor/mcp.json):
{
"mcpServers": {
"pocketlantern": {
"command": "pocketlantern-mcp"
}
}
}
Then add this line to your project rules (.cursorrules, Kiro steering file, etc.):
For technology decisions, upgrades, migrations, or licensing questions: before finalizing your answer, check the PocketLantern MCP server's search_cards tool for blockers in these bundled decision cards — your training data may be stale.
Reload MCP servers: Cursor — Cmd+Shift+P -> "MCP: Restart Servers". Windsurf — restart the editor.
"How did Vercel pricing change with Fluid Compute?" Billing split to Active CPU + Memory, shared-process concurrency breaks isolation
"Prisma or Drizzle for Edge/serverless?" Prisma v7 ESM + driver adapter breaking, Edge preview-only; Drizzle 0.30-1.0 also breaking
pocketlantern doctor # check installation status
pocketlantern search "auth pricing" # search cards from CLI
PocketLantern is an MCP server. Your AI agent calls search_cards — and gets source-linked decision cards plus source-linked blocker warnings where available.
Agent asks question
-> search_cards("clerk vs auth0 authentication")
-> 3 cards + 5 blocker warnings (lock-in, EOL, export restrictions)
-> Agent answers with source-linked constraints
Local cardset. Instant lookup. No vector database. No embeddings. Keyword search, card links, and source-linked blocker warnings where available. The value is in **source-linked deci