Supports adversarial code verification and dependency analysis for C++ systems to identify security, correctness, and performance issues.
Enables adversarial verification of CSS files to ensure maintainability and structural integrity within web applications.
Analyzes JavaScript and TSX code through a multi-round Verifier-Critic debate loop to uncover semantic bugs and security vulnerabilities.
Performs adversarial verification on PHP scripts, using AST-based analysis to evaluate code correctness and security requirements.
Facilitates deep semantic analysis of Python codebases through dialectical reasoning to identify reliability and edge-case issues.
Provides adversarial verification for Ruby applications, analyzing code intent and potential logic contradictions.
Offers specialized adversarial verification for Rust systems, focusing on correctness and safety through tree-sitter-powered dependency mapping.
Performs rigorous adversarial verification of TypeScript codebases, identifying security vulnerabilities and calculating ripple effects of changes.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Elenchus MCP ServerPerform a Verifier-Critic debate to uncover security flaws in this code."
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Elenchus MCP Server
English | 한국어
Adversarial Code Verification System using Verifier↔Critic Debate Loop
Elenchus (ἔλεγχος): Socrates' method of refutation through systematic questioning - exposing contradictions to reach truth.
Table of Contents
Overview
Elenchus is a Model Context Protocol (MCP) server that implements adversarial code verification. Unlike simple linting or static analysis, Elenchus orchestrates a debate between Verifier and Critic agents to systematically uncover issues through dialectical reasoning.
Why Adversarial Verification?
Traditional Approach | Elenchus Approach |
Single-pass analysis | Multi-round debate |
Checklist-based | Intent-based semantic analysis |
Fixed rules | Adaptive convergence |
Silent on clean code | Explicit negative assertions |
The Verifier↔Critic Loop
Key Features
🔄 Adversarial Debate System
Verifier: Finds issues with evidence
Critic: Challenges findings, validates claims
Role Enforcement: Strict alternation with compliance scoring
📊 Intent-Based Convergence
Semantic understanding instead of keyword matching
5 category coverage (Security, Correctness, Reliability, Maintainability, Performance)
Edge case documentation requirements
Negative assertions for clean code
🧠 LLM-Based Evaluation (Optional)
Convergence Assessment: LLM judges verification quality (vs rigid boolean checks)
Severity Classification: Context-aware impact analysis
Edge Case Validation: Verifies actual analysis, not just keyword presence
False Positive Detection: Evidence-based issue validation
🔍 Automatic Impact Analysis
Multi-language dependency graph (15 languages via tree-sitter)
Ripple effect prediction
Cascade depth calculation
Risk level assessment
🌐 Multi-Language Support
Dependency analysis powered by tree-sitter AST parsing:
Category | Languages |
Web | TypeScript, TSX, JavaScript, CSS |
Systems | Rust, Go, C, C++ |
Enterprise | Java, C# |
Scripting | Python, Ruby, PHP, Bash, PowerShell |
💾 Session Management
Checkpoint/rollback support
Global session storage
Audit trail preservation
⚡ Token Optimization (Optional)
Differential analysis (verify only changed code)
Response caching
Selective chunking
Tiered verification pipeline
Quick Start
Add to your MCP client configuration:
Then use naturally with your AI assistant:
See Installation for client-specific setup instructions.
Installation
Supported Clients
Client | Status | Notes |
Claude Desktop | ✅ Supported | macOS, Windows |
Claude Code | ✅ Supported | CLI tool |
VS Code (Copilot) | ✅ Supported | Requires v1.102+ |
Cursor | ✅ Supported | 40 tool limit applies |
Other MCP Clients | ✅ Compatible | Any stdio-based client |
Claude Desktop
Add to your Claude Desktop configuration file:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
Claude Code
Add to your Claude Code settings (.mcp.json or ~/.claude/settings.json):
VS Code (GitHub Copilot)
Add to .vscode/mcp.json:
Cursor
Go to Settings > MCP > Add new global MCP Server:
Usage
Simply describe what you want to verify:
Your AI assistant will automatically use Elenchus tools.
For structured workflows, see MCP Prompts.
MCP Tools Reference
Session Lifecycle
elenchus_start_session
Initialize a new verification session.
Inputs:
target(string, required): Target path to verify (file or directory)requirements(string, required): Verification requirements/focus areasworkingDir(string, required): Working directory for relative pathsmaxRounds(number, optional): Maximum rounds before stopping (default: 10)verificationMode(object, optional): Mode configurationmode:"standard"|"fast-track"|"single-pass"skipCriticForCleanCode: boolean
differentialConfig(object, optional): Verify only changed filescacheConfig(object, optional): Cache previous verificationschunkingConfig(object, optional): Split large files into chunkspipelineConfig(object, optional): Tiered verificationllmEvalConfig(object, optional): LLM-based evaluation settingsenabled: boolean - Enable LLM evaluationconvergenceEval: boolean - Use LLM for convergence qualityseverityEval: boolean - Use LLM for severity classificationedgeCaseEval: boolean - Use LLM for edge case validationfalsePositiveEval: boolean - Use LLM for false positive detection
Returns: Session ID and initial context including files collected, dependency graph stats, and role configuration.
Example:
elenchus_get_context
Get current session context including files, issues, and proactive guidance.
Inputs:
sessionId(string, required): The session ID
Returns: Files, issues summary, focus areas, unreviewed files, recommendations.
elenchus_submit_round
Submit a Verifier or Critic round.
Inputs:
sessionId(string, required): The session IDrole("verifier"|"critic", required): Role for this roundoutput(string, required): Full agent analysis outputissuesRaised(Issue[], optional): New issues (Verifier role)issuesResolved(string[], optional): Resolved issue IDs (Critic role)
Issue Schema:
Returns: Round number, convergence status, mediator interventions, role compliance score.
elenchus_end_session
End session with final verdict.
Inputs:
sessionId(string, required): The session IDverdict("PASS"|"FAIL"|"CONDITIONAL", required): Final verdict
Returns: Session summary including total rounds, issues by category and severity.
elenchus_get_issues
Query issues with optional filtering.
Inputs:
sessionId(string, required): The session IDstatus("all"|"unresolved"|"critical", optional): Filter by status
Returns: Array of issues matching the filter.
Additional Tools (31 more)
Beyond the core tools above, Elenchus provides 31 additional tools for advanced workflows:
Category | Tools |
LLM Evaluation |
|
State Management |
|
Analysis |
|
Role Enforcement |
|
Re-verification |
|
Differential |
|
Cache |
|
Pipeline |
|
Safeguards |
|
Optimization |
|
Dynamic Roles |
|
All tools are auto-discovered by MCP clients. Use MCP Inspector (
npm run inspector) for detailed schemas.
MCP Resources
Access session data via URI-based resources:
URI Pattern | Description |
| List all active sessions |
| Get specific session details |
Usage:
MCP Prompts (Slash Commands)
Prompt Name | Description |
| Run complete Verifier↔Critic loop |
| Create prioritized fix plan |
| Apply fixes with verification |
| Full pipeline until zero issues |
| Adversarial cross-verification |
Invocation format varies by client. Check your MCP client's documentation.
Verification Modes
Three modes for different use cases:
Mode | Min Rounds | Critic Required | Best For |
| 3 | Yes | Thorough verification |
| 1 | Optional | Quick validation |
| 1 | No | Fastest, Verifier-only |
Example:
Issues transition through states:
Issue States
Status | Description |
| Initially discovered by Verifier |
| Under debate between Verifier and Critic |
| Fixed and verified |
| Invalidated as false positive |
| Combined with another issue |
| Divided into multiple issues |
Critic Verdicts
Verdict | Meaning |
| Issue is legitimate |
| False positive |
| Partially valid, needs refinement |
A session converges when ALL criteria are met:
No CRITICAL or HIGH severity unresolved issues
Stable for 2+ rounds (no new issues)
Minimum rounds completed (varies by mode)
All 5 categories examined
No recent issue state transitions
Edge cases documented
Clean areas explicitly stated (negative assertions)
High-risk impacted files reviewed
Category Coverage
All 5 categories must be examined:
SECURITY - Authentication, authorization, injection
CORRECTNESS - Logic errors, type mismatches
RELIABILITY - Error handling, resource management
MAINTAINABILITY - Code structure, documentation
PERFORMANCE - Efficiency, resource usage
Token Optimization
Verify only changed files:
Cache previous verification results:
Split large files into focused chunks:
Start with quick analysis, escalate if needed:
Configuration
Environment Variables
Variable | Description | Default |
| Custom storage directory |
|
| XDG base directory (Linux/macOS) | - |
| Windows AppData location | - |
Storage Location
Sessions and data are stored in a client-agnostic location:
Priority Order:
$ELENCHUS_DATA_DIR- Explicit override$XDG_DATA_HOME/elenchus- XDG spec%LOCALAPPDATA%\elenchus- Windows~/.elenchus- Default fallback
Custom Storage
Session Cleanup
Sessions are preserved as audit records. Manual cleanup:
Architecture
Module Responsibilities
Module | Purpose |
Session Manager | Create, persist, and manage verification sessions |
Context Manager | Collect and organize target files and dependencies |
Mediator System | Multi-language dependency graphs (tree-sitter), issue detection, interventions |
Role Enforcement | Ensure Verifier↔Critic alternation, validate compliance |
Issue Lifecycle | Track issue states from RAISED to RESOLVED |
Pipeline | Tiered verification (screen → focused → exhaustive) |
Security
Security Model
Elenchus operates with the following security considerations:
No Code Execution: Elenchus does NOT execute the code it verifies. It performs static analysis only.
Local Storage: All session data is stored locally in
~/.elenchus/. No data is sent to external servers.Path Validation: All file paths are validated to prevent path traversal attacks.
No Secrets in Output: Tool outputs are sanitized to avoid exposing sensitive data.
Permissions
Elenchus requires:
Read access to target files for verification
Write access to
~/.elenchus/for session storage
Reporting Security Issues
Please report security vulnerabilities via GitHub Security Advisories.
Troubleshooting
Common Issues
Symptom: Your MCP client doesn't recognize Elenchus commands or tools.
Solutions:
Verify installation in your client's MCP settings
Restart your MCP client after adding the server
Check config syntax (JSON must be valid)
Ensure Node.js ≥18 is installed:
node --version
Symptom: Error "Session not found: xxx"
Solutions:
List active sessions:
Read elenchus://sessions/Sessions may have been cleaned up - start a new session
Verify session ID is correct (check for typos)
Symptom: Cannot read files or write sessions.
Solutions:
Check file permissions on target directory
Verify write access to
~/.elenchus/:ls -la ~/.elenchus/Try custom storage location:
export ELENCHUS_DATA_DIR=/tmp/elenchus
Symptom: Round rejected due to compliance score.
Solutions:
Check current role requirements:
elenchus_get_role_prompt({ role: "verifier" })Lower minimum compliance score:
elenchus_update_role_config({ sessionId: "...", minComplianceScore: 50, strictMode: false })Ensure role alternation (Verifier → Critic → Verifier)
Debugging
Use MCP Inspector for debugging:
Getting Help
Issues: GitHub Issues
Discussions: GitHub Discussions
Development
Build Commands
Project Structure
Contributing
Contributions welcome! Please:
Fork the repository
Create a feature branch
Submit a pull request
License
MIT