Auth & local state

The Asomium MCP server is stateless across runs — every credential is read fresh from your macOS Keychain, and the small amount of state the server does keep (tracking, snapshots, counters) lives in plain JSON files under ~/Library/Application Support/ReleaseKit/.

Credentials flow

When the MCP server starts up, it does two things:

1. Reads the handoff file at ~/Library/Application Support/ReleaseKit/com.mariopek.releasekit/mcp-handoff.json to learn which workspace it should authenticate as. The Mac app writes this file the first time you enable MCP access in Settings → AI Integration.
2. Reads the ASC API key from the per-workspace Keychain entry pointed to by the handoff. Both the GUI and the MCP process share the same Keychain entry — they run as the same user, so plain POSIX file permissions are enough; no entitlement gymnastics required.

For one-off CLI invocations (testing locally, scripted runs without the Mac app open), env vars override the handoff path:

• ASOMIUM_ASC_KEY_ID
• ASOMIUM_ASC_ISSUER_ID
• ASOMIUM_ASC_KEY_PEM (inline) or ASOMIUM_ASC_KEY_PEM_PATH (file path)

AsoAI credentials

There is nothing to configure for AsoAI on the MCP side. When an MCP tool call needs to run a translation, audit, keyword suggestion or revenue analysis, the server signs an HMAC token against the same shared secret embedded in the Mac app and routes the request through our Cloudflare Worker, which forwards to OpenRouter on our account. Your Lemon Squeezy license key (read from Keychain, same slot the Mac app uses) gates the proxy — no separate AI key, no per-call billing on your side, no env var to set.

Nothing goes anywhere else

• The AI client (Claude, Cursor, etc.) never sees your ASC .p8 key — only the structured JSON results of MCP tool calls.
• The MCP process never writes credentials to disk; it reads them fresh from Keychain each session.
• Network traffic from the MCP server hits exactly two destinations: Apple (App Store Connect API + iTunes Search) and the AsoAI proxy on Cloudflare (translate_field, audit, expand, discover, revenue analysis). The Mac app also pings Lemon Squeezy to validate your license; that’s app-side, not MCP-side.

MCP-owned on-disk state

The server keeps these files under ~/Library/Application Support/ReleaseKit/com.mariopek.releasekit/:

File	What it stores	Written by
mcp-handoff.json	Active workspace identifier	Mac app
mcp-build-configs.json	Per-app Xcode project / scheme / platform for build_and_ship	Mac app (mirrored from BuildConfigStore)
keyword-tracking.json	Tracked keywords + rank-snapshot history	MCP (track_keyword, refresh_tracked_ranks)
snapshots/<bundleId>/*.json	Saved metadata snapshots for diff_metadata	MCP (snapshot_metadata)
usage-counter.json	Current-month translate-call counter	MCP (translate_field increments)

All files use 0600 POSIX permissions — readable only by your user account. The Mac app and MCP server both run as you, so no shared group or App Group is needed.

Concurrency

The MCP server doesn’t lock the Keychain or these JSON files — Mac OS serialises access at the filesystem layer, and the JSON writes are atomic (Data.write(options: [.atomic])). The Mac app polls ASC every 30 seconds, so any change made through MCP appears in the GUI on the next poll without manual refresh.

Multiple machines

Each machine has its own Asomium install with its own Keychain entries and its own local JSON files. Subscription state is tied to your Lemon Squeezy license key, not a cross-device identity — to move to a new Mac, sign out on the old one (frees the license seat via /v1/licenses/deactivate) and paste the same key into the new Mac’s Settings → Subscription tab. Per-machine state — tracked keywords, saved snapshots, build configs — stays local. If you want any of that to sync, file an issue.

Disconnecting

To revoke MCP access without uninstalling:

1. Open Asomium → Settings → AI Integration.
2. Click Disconnect — the handoff file is deleted; MCP can no longer authenticate as your workspace.
3. Reconnect at any time to re-enable.