Is Lucairn Sdks free?

Yes, Lucairn Sdks is free to use.

How do I install Lucairn Sdks?

Lucairn Sdks is a local plugin. Install it using npm package: @lucairn/mcp-server and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Lucairn Sdks need?

Lucairn Sdks requires the following credentials or environment variables: LUCAIRN_API_KEY, ANTHROPIC_API_KEY, OPENAI_API_KEY, LUCAIRN_BASE_URL, LUCAIRN_TRANSPORT. You can find setup instructions on the server detail page.

What AI apps work with Lucairn Sdks?

Lucairn Sdks uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Lucairn Sdks MCP Server

by Declade

Developer ToolsModerate5.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

Pseudonymizes PII before your LLM and returns a cryptographically signed receipt per response.

About

Pseudonymizes PII before your LLM and returns a cryptographically signed receipt per response.

Security Report

5.2

Moderate5.2Moderate Risk

This is a well-engineered privacy-gateway MCP server with strong cryptographic practices and appropriate security controls. The codebase demonstrates careful handling of sensitive operations (certificate verification, API key forwarding), proper input validation, and comprehensive test coverage. Minor code quality observations around error handling breadth do not materially impact security. Supply chain analysis found 6 known vulnerabilities in dependencies (1 critical, 2 high severity). Package verification found 1 issue.

5 files analyzed · 10 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

What You'll Need

Set these up before or after installing:

Lucairn gateway API key (lcr_live_*). Issued at https://lucairn.eu/account/keys. Free tier requires BYOK upstream LLM keys (ANTHROPIC_API_KEY or OPENAI_API_KEY).Required

Environment variable: LUCAIRN_API_KEY

Upstream Anthropic API key. Used when the requested model is claude-* / anthropic-*. Required if you call Claude models on the free tier (BYOK).Required

Environment variable: ANTHROPIC_API_KEY

Upstream OpenAI API key. Used when the requested model is gpt-* / openai-* / o1-* / o3-* / o4-*. Required if you call OpenAI models on the free tier (BYOK).Required

Environment variable: OPENAI_API_KEY

Override the gateway URL. Defaults to https://gateway.lucairn.eu (production). Set this to point at a self-hosted Lucairn deployment.Optional

Environment variable: LUCAIRN_BASE_URL

Transport mode for the MCP server. One of 'direct-http' (default; v1.1+ behavior) or 'stdio-bridge' (v1.2+ opt-in).Optional

Environment variable: LUCAIRN_TRANSPORT

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-declade-lucairn-mcp-server": {
      "env": {
        "OPENAI_API_KEY": "your-openai-api-key-here",
        "LUCAIRN_API_KEY": "your-lucairn-api-key-here",
        "LUCAIRN_BASE_URL": "your-lucairn-base-url-here",
        "ANTHROPIC_API_KEY": "your-anthropic-api-key-here",
        "LUCAIRN_TRANSPORT": "your-lucairn-transport-here"
      },
      "args": [
        "-y",
        "@lucairn/mcp-server"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

Lucairn SDKs

Official client libraries for Lucairn — an EU-based privacy-preserving AI gateway. Lucairn sits between your application (or AI agent) and the upstream LLM provider you choose, removes personal data from prompts before the model ever sees them, and returns a signed Lucairn Certificate proving what was redacted, when, and by which sanitizer layer.

This monorepo hosts four packages at parity:

@lucairn/mcp-server — Model Context Protocol server (one-line npx install for Claude Desktop, Cursor, Cline, Continue, …)
@lucairn/sdk — TypeScript / Node SDK
lucairn — Python SDK
github.com/declade/lucairn-sdks/go — Go SDK

Quick start (MCP)

For most agent use cases, the fastest path is the MCP server. No build step, no install — npx runs it on demand:

npx -y @lucairn/mcp-server

Add it to your MCP client config (Claude Desktop's claude_desktop_config.json, Cursor's mcp.json, Cline's cline_mcp_settings.json, Continue, etc.):

{
  "mcpServers": {
    "lucairn": {
      "command": "npx",
      "args": ["-y", "@lucairn/mcp-server"],
      "env": {
        "LUCAIRN_API_KEY": "<your_lucairn_api_key>",
        "ANTHROPIC_API_KEY": "<optional_byok_anthropic_key>",
        "OPENAI_API_KEY": "<optional_byok_openai_key>"
      }
    }
  }
}

Restart your client. The chat_via_lucairn tool becomes available immediately. See mcp-server/README.md for full details.

What it does

Each request through any Lucairn SDK follows the same pipeline:

PII detection runs on every user message in three layers:
- Layer 1 — Known-entity matching (your tenant's named entities)
- Layer 2 — Presidio NER (names, emails, IBANs, addresses, phone numbers, customer IDs, …)
- Layer 3 — GPU-hosted custom-trained PII shield (Enterprise tier only, optionally trained on your domain corpus)
Detected PII is replaced with placeholders ([PERSON_1], [EMAIL_2], [IBAN_3], …) before the request reaches the upstream LLM.
The selected upstream model sees only the sanitized text. It never receives raw personal data.
The response is returned with a signed compliance certificate (Ed25519 witness signature + RFC 3161 timestamp + Sigstore Rekor inclusion proof).
Response handling depends on tier:
- Developer (free) — placeholders are returned verbatim. Useful for testing the redaction surface.
- Pro / Enterprise — placeholders are re-linked back to the originals on the gateway before the response reaches your application.

For Lucairn-hosted Developer-tier callers, on-gateway pseudonymization happens before your LLM sees the request. Enterprise self-host deployments can run the entire stack inside the customer environment, in which case no raw identity data leaves that environment at all.

Provider routing

The gateway picks the upstream provider from the model parameter you send:

Model prefix	Upstream provider	BYOK env var
`claude-`, `anthropic-`	Anthropic	`ANTHROPIC_API_KEY`
`gpt-`, `openai-`, `o1-`, `o3-`, `o4-*`	OpenAI	`OPENAI_API_KEY`

Cross-provider BYOK shipped in @lucairn/mcp-server@1.1.0 — set one or both keys in the same MCP config and the server forwards the matching one as X-Upstream-Key per request, so your provider account is billed directly.

Per-language SDKs

Language	Package	Version	README
MCP server	`@lucairn/mcp-server`	1.2.7	mcp-server/README.md
TypeScript	`@lucairn/sdk`	1.1.1	ts/README.md
Python	`lucairn`	1.1.1	python/README.md
Go	`github.com/declade/lucairn-sdks/go`	v1.1.1	go/README.md

All SDKs are at parity at the observable level. Cross-language byte-equivalence is locked via shared Go-assembler-generated fixtures, so a certificate signed via one SDK verifies identically via the other two.

Get an API key

Pro adds response re-linking, programmatic certificate JSON access, audit-event export, and higher quota. Enterprise adds self-host, BYOK with provider-side billing isolation, and the optional custom-trained PII shield (priced per scope).

See https://lucairn.eu/pricing for the full tier comparison.

Verify a response

Every response through any SDK gets a signed Lucairn certificate. Two surfaces:

HTML summary — DPO-friendly, available on every tier including Developer (free). Use getCertificateSummary (TS) / get_certificate_summary (Python) / GetCertificateSummary (Go), or paste the certificate URL into https://lucairn.eu/verify.
JSON certificate + local Ed25519 verify — Pro tier and above. Use getCertificate + verifyCertificate (and language equivalents). The verifier is in-tree — see ts/src/verify-certificate/, python/src/lucairn/verify_certificate/, and the internal/verify package under go/.

External RFC 3161 + Sigstore Rekor anchor verification is currently surfaced as pass-through metadata; full external anchor verification lands in a follow-up release.

Status

Production packages are versioned independently and tagged per the table above. Cross-language byte-equivalence is locked via shared fixtures. Follow CHANGELOG.md for release notes.

Contributing

See CONTRIBUTING.md. Security reports: SECURITY.md.

License

MIT — see LICENSE.

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Lucairn Sdks MCP Server

About

Security Report

Findings (10)Action required

Permissions Required

What You'll Need

How to Install

Documentation

Lucairn SDKs

Quick start (MCP)

What it does

Provider routing

Per-language SDKs

Get an API key

Verify a response

Status

Links

Contributing

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript