wasm-mcp

Model Context Protocol server for the
WebAssembly core specification.
SHA-pinned, read-only, deterministic — safe to host as a public
unauthenticated endpoint.

Not affiliated with, endorsed by, or sponsored by the W3C
WebAssembly Community Group or Working Group.

What it gives you

spec_version — the pinned upstream commit and package version.
instruction_get — opcode bytes, category, introducing version,
stack type signature, validation + execution prose anchors / URLs,
and trap conditions (traps + can_trap), by mnemonic (i32.add)
or binary opcode (0x6a).
instruction_list — enumerate, filterable by category (numeric,
vector, reference, parametric, variable, table, memory, control,
ref, i31, struct, array, extern), introducing version, or prefix.
instruction_search — ranked free-text search across mnemonics,
categories, and opcodes.
type_get — value types (number / vector / reference) and type
forms (functype, limits, memtype, …) with defining prose.
section_get — one spec clause by id / anchor (structure,
validation, execution, binary, text), with prose, cross-references,
SpecTec formal-rule references, and the rendered URL.
section_list — navigate the clause tree by area or anchor prefix.
spec_search — full-text search across anchors, titles, and prose.
proposal_list — WebAssembly proposals and their phases (from the
pinned WebAssembly/proposals repo), filterable by status, phase,
champion, or affected spec.

section_get, section_list, and spec_search take a spec
argument covering all three specs in the WebAssembly/spec repo:
core (default), js-api (the JavaScript embedding API), and
web-api (Web-platform integration). The instruction and type tools
are core-only.

Contract

Every tool is:

Read-only. No state mutation, no writes outside an optional
local cache.
Deterministic. Same input → same output, over the pinned spec
commit recorded in vendor/PINNED.txt.
No execution. Never compiles, validates-by-running,
instantiates, or runs any WebAssembly or arbitrary code. Validation
and reduction rules are returned as data.
No auth, no secrets, no PII. Usable anonymously.
No network at request time. All spec data is fetched and
indexed at build time and baked into the package.

Install (stdio, local)

npx wasm-mcp

Wire into Claude Code by adding to your project's .mcp.json:

{
  "mcpServers": {
    "wasm": {
      "type": "stdio",
      "command": "npx",
      "args": ["wasm-mcp"]
    }
  }
}

Hosted Worker

The Cloudflare Worker in worker/ exposes the same tool
surface as the stdio package over streamable HTTP at a single
unauthenticated endpoint, rate-limited per source IP (30 req / 60 s):

https://wasm-mcp.chicoxyzzy.workers.dev/mcp

GET /health reports status and the pinned SHAs; GET /privacy
states the anonymous, no-storage posture. All spec data is bundled
into the Worker, so it does pure in-memory lookups — no storage, no
network at request time.

Releases & data refresh

The pinned commits live in vendor/PINNED.txt
and are reported by spec_version. A scheduled GitHub Actions
workflow (refresh.yml) SHA-diffs
the upstream repos daily; when a pin moves it re-pins, bumps the patch
version, and tags a release, which publishes the npm package
(release.yml) and redeploys the
Worker (deploy-worker.yml).

Maintainers:

npm publish uses Trusted Publishing
(OIDC) — no NPM_TOKEN. Configure it once on npmjs.com (wasm-mcp →
Settings → Trusted Publisher → GitHub Actions: org xyzzylabs, repo
wasm-mcp, workflow release.yml).
Worker deploy needs CLOUDFLARE_API_TOKEN + CLOUDFLARE_ACCOUNT_ID,
stored as environment secrets on the cloudflare GitHub
Environment (not repo-wide) with a main + v* deployment rule —
see Securing the deploy credentials.
For the refresh workflow's tag push to trigger release + deploy,
add a WORKFLOW_PAT PAT (contents: write + workflows) —
without it, refresh still re-pins and tags, but you run release /
deploy manually. (Same secret name tc39-mcp uses, so one PAT — or an
xyzzylabs org secret — can serve both repos.)

License

MIT — see LICENSE.