Supports adversarial code verification and dependency analysis for C++ systems to identify security, correctness, and performance issues.
Enables adversarial verification of CSS files to ensure maintainability and structural integrity within web applications.
Analyzes JavaScript and TSX code through a multi-round Verifier-Critic debate loop to uncover semantic bugs and security vulnerabilities.
Performs adversarial verification on PHP scripts, using AST-based analysis to evaluate code correctness and security requirements.
Facilitates deep semantic analysis of Python codebases through dialectical reasoning to identify reliability and edge-case issues.
Provides adversarial verification for Ruby applications, analyzing code intent and potential logic contradictions.
Offers specialized adversarial verification for Rust systems, focusing on correctness and safety through tree-sitter-powered dependency mapping.
Performs rigorous adversarial verification of TypeScript codebases, identifying security vulnerabilities and calculating ripple effects of changes.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Elenchus MCP ServerPerform a Verifier-Critic debate to uncover security flaws in this code."
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Elenchus MCP Server
English | 한국어
Adversarial Code Verification System using Verifier↔Critic Debate Loop
Elenchus (ἔλεγχος): Socrates' method of refutation through systematic questioning - exposing contradictions to reach truth.
Table of Contents
Overview
Elenchus is a Model Context Protocol (MCP) server that implements adversarial code verification. Unlike simple linting or static analysis, Elenchus orchestrates a debate between Verifier and Critic agents to systematically uncover issues through dialectical reasoning.
Why Adversarial Verification?
Traditional Approach | Elenchus Approach |
Single-pass analysis | Multi-round debate |
Checklist-based | Intent-based semantic analysis |
Fixed rules | Adaptive convergence |
Silent on clean code | Explicit negative assertions |
The Verifier↔Critic Loop
┌──────────────────────────────────────────────────────────────┐
│ VERIFICATION LOOP │
├──────────────────────────────────────────────────────────────┤
│ Round 1: Verifier → Examines code, RAISES issues │
│ Round 2: Critic → Challenges issues (VALID/INVALID/PARTIAL)│
│ Round 3: Verifier → Defends, resolves, or finds new issues │
│ Round 4: Critic → Re-evaluates, checks coverage │
│ ...continues until convergence... │
│ Final: Verdict (PASS / FAIL / CONDITIONAL) │
└──────────────────────────────────────────────────────────────┘Key Features
🔄 Adversarial Debate System
Verifier: Finds issues with evidence
Critic: Challenges findings, validates claims
Role Enforcement: Strict alternation with compliance scoring
📊 Intent-Based Convergence
Semantic understanding instead of keyword matching
5 category coverage (Security, Correctness, Reliability, Maintainability, Performance)
Edge case documentation requirements
Negative assertions for clean code
🧠 LLM-Based Evaluation (Optional)
Convergence Assessment: LLM judges verification quality (vs rigid boolean checks)
Severity Classification: Context-aware impact analysis
Edge Case Validation: Verifies actual analysis, not just keyword presence
False Positive Detection: Evidence-based issue validation
🔍 Automatic Impact Analysis
Multi-language dependency graph (15 languages via tree-sitter)
Ripple effect prediction
Cascade depth calculation
Risk level assessment
🌐 Multi-Language Support
Dependency analysis powered by tree-sitter AST parsing:
Category | Languages |
Web | TypeScript, TSX, JavaScript, CSS |
Systems | Rust, Go, C, C++ |
Enterprise | Java, C# |
Scripting | Python, Ruby, PHP, Bash, PowerShell |
💾 Session Management
Checkpoint/rollback support
Global session storage
Audit trail preservation
⚡ Token Optimization (Optional)
Differential analysis (verify only changed code)
Response caching
Selective chunking
Tiered verification pipeline
Quick Start
Add to your MCP client configuration:
{
"mcpServers": {
"elenchus": {
"command": "npx",
"args": ["-y", "@jhlee0409/elenchus-mcp"]
}
}
}Then use naturally with your AI assistant:
"Please verify src/auth for security issues"See Installation for client-specific setup instructions.
Installation
Supported Clients
Client | Status | Notes |
Claude Desktop | ✅ Supported | macOS, Windows |
Claude Code | ✅ Supported | CLI tool |
VS Code (Copilot) | ✅ Supported | Requires v1.102+ |
Cursor | ✅ Supported | 40 tool limit applies |
Other MCP Clients | ✅ Compatible | Any stdio-based client |
Claude Desktop
Add to your Claude Desktop configuration file:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"elenchus": {
"command": "npx",
"args": ["-y", "@jhlee0409/elenchus-mcp"]
}
}
}Claude Code
Add to your Claude Code settings (.mcp.json or ~/.claude/settings.json):
{
"mcpServers": {
"elenchus": {
"command": "npx",
"args": ["-y", "@jhlee0409/elenchus-mcp"]
}
}
}VS Code (GitHub Copilot)
Add to .vscode/mcp.json:
{
"mcp": {
"servers": {
"elenchus": {
"command": "npx",
"args": ["-y", "@jhlee0409/elenchus-mcp"]
}
}
}
}Cursor
Go to Settings > MCP > Add new global MCP Server:
{
"mcpServers": {
"elenchus": {
"command": "npx",
"args": ["-y", "@jhlee0409/elenchus-mcp"]
}
}
}Usage
Simply describe what you want to verify:
"Verify src/auth for security vulnerabilities"
"Check the payment module for edge cases"
"Review src/api for correctness and reliability issues"Your AI assistant will automatically use Elenchus tools.
For structured workflows, see MCP Prompts.
MCP Tools Reference
Session Lifecycle
elenchus_start_session
Initialize a new verification session.
Inputs:
target(string, required): Target path to verify (file or directory)requirements(string, required): Verification requirements/focus areasworkingDir(string, required): Working directory for relative pathsmaxRounds(number, optional): Maximum rounds before stopping (default: 10)verificationMode(object, optional): Mode configurationmode:"standard"|"fast-track"|"single-pass"skipCriticForCleanCode: boolean
differentialConfig(object, optional): Verify only changed filescacheConfig(object, optional): Cache previous verificationschunkingConfig(object, optional): Split large files into chunkspipelineConfig(object, optional): Tiered verificationllmEvalConfig(object, optional): LLM-based evaluation settingsenabled: boolean - Enable LLM evaluationconvergenceEval: boolean - Use LLM for convergence qualityseverityEval: boolean - Use LLM for severity classificationedgeCaseEval: boolean - Use LLM for edge case validationfalsePositiveEval: boolean - Use LLM for false positive detection
Returns: Session ID and initial context including files collected, dependency graph stats, and role configuration.
Example:
elenchus_start_session({
target: "src/auth",
requirements: "Security audit for authentication",
workingDir: "/path/to/project",
verificationMode: { mode: "fast-track" }
})elenchus_get_context
Get current session context including files, issues, and proactive guidance.
Inputs:
sessionId(string, required): The session ID
Returns: Files, issues summary, focus areas, unreviewed files, recommendations.
elenchus_submit_round
Submit a Verifier or Critic round.
Inputs:
sessionId(string, required): The session IDrole("verifier"|"critic", required): Role for this roundoutput(string, required): Full agent analysis outputissuesRaised(Issue[], optional): New issues (Verifier role)issuesResolved(string[], optional): Resolved issue IDs (Critic role)
Issue Schema:
{
id: string,
category: "SECURITY" | "CORRECTNESS" | "RELIABILITY" | "MAINTAINABILITY" | "PERFORMANCE",
severity: "CRITICAL" | "HIGH" | "MEDIUM" | "LOW",
summary: string,
location: string, // "file:line" format
description: string,
evidence: string // Code snippet or proof
}Returns: Round number, convergence status, mediator interventions, role compliance score.
elenchus_end_session
End session with final verdict.
Inputs:
sessionId(string, required): The session IDverdict("PASS"|"FAIL"|"CONDITIONAL", required): Final verdict
Returns: Session summary including total rounds, issues by category and severity.
elenchus_get_issues
Query issues with optional filtering.
Inputs:
sessionId(string, required): The session IDstatus("all"|"unresolved"|"critical", optional): Filter by status
Returns: Array of issues matching the filter.
Additional Tools (31 more)
Beyond the core tools above, Elenchus provides 31 additional tools for advanced workflows:
Category | Tools |
LLM Evaluation |
|
State Management |
|
Analysis |
|
Role Enforcement |
|
Re-verification |
|
Differential |
|
Cache |
|
Pipeline |
|
Safeguards |
|
Optimization |
|
Dynamic Roles |
|
All tools are auto-discovered by MCP clients. Use MCP Inspector (
npm run inspector) for detailed schemas.
MCP Resources
Access session data via URI-based resources:
URI Pattern | Description |
| List all active sessions |
| Get specific session details |
Usage:
Read elenchus://sessions/
Read elenchus://sessions/2026-01-17_src-auth_abc123MCP Prompts (Slash Commands)
Prompt Name | Description |
| Run complete Verifier↔Critic loop |
| Create prioritized fix plan |
| Apply fixes with verification |
| Full pipeline until zero issues |
| Adversarial cross-verification |
Invocation format varies by client. Check your MCP client's documentation.
Verification Modes
Three modes for different use cases:
Mode | Min Rounds | Critic Required | Best For |
| 3 | Yes | Thorough verification |
| 1 | Optional | Quick validation |
| 1 | No | Fastest, Verifier-only |
Example:
elenchus_start_session({
target: "src/",
requirements: "Security audit",
workingDir: "/project",
verificationMode: {
mode: "fast-track",
skipCriticForCleanCode: true
}
})Issues transition through states:
RAISED → CHALLENGED → RESOLVED
↓
DISMISSED (false positive)
↓
MERGED (combined)
↓
SPLIT (divided)Issue States
Status | Description |
| Initially discovered by Verifier |
| Under debate between Verifier and Critic |
| Fixed and verified |
| Invalidated as false positive |
| Combined with another issue |
| Divided into multiple issues |
Critic Verdicts
Verdict | Meaning |
| Issue is legitimate |
| False positive |
| Partially valid, needs refinement |
A session converges when ALL criteria are met:
No CRITICAL or HIGH severity unresolved issues
Stable for 2+ rounds (no new issues)
Minimum rounds completed (varies by mode)
All 5 categories examined
No recent issue state transitions
Edge cases documented
Clean areas explicitly stated (negative assertions)
High-risk impacted files reviewed
Category Coverage
All 5 categories must be examined:
SECURITY - Authentication, authorization, injection
CORRECTNESS - Logic errors, type mismatches
RELIABILITY - Error handling, resource management
MAINTAINABILITY - Code structure, documentation
PERFORMANCE - Efficiency, resource usage
Token Optimization
Verify only changed files:
{
differentialConfig: {
enabled: true,
baseRef: "main" // Compare against main branch
}
}Cache previous verification results:
{
cacheConfig: {
enabled: true,
ttlSeconds: 3600 // Cache for 1 hour
}
}Split large files into focused chunks:
{
chunkingConfig: {
enabled: true,
maxChunkSize: 500 // Lines per chunk
}
}Start with quick analysis, escalate if needed:
{
pipelineConfig: {
enabled: true,
startTier: "screen" // screen → focused → exhaustive
}
}Configuration
Environment Variables
Variable | Description | Default |
| Custom storage directory |
|
| XDG base directory (Linux/macOS) | - |
| Windows AppData location | - |
Storage Location
Sessions and data are stored in a client-agnostic location:
~/.elenchus/
├── sessions/ # Verification sessions
├── baselines/ # Differential analysis baselines
├── cache/ # Response cache
└── safeguards/ # Quality safeguards dataPriority Order:
$ELENCHUS_DATA_DIR- Explicit override$XDG_DATA_HOME/elenchus- XDG spec%LOCALAPPDATA%\elenchus- Windows~/.elenchus- Default fallback
Custom Storage
# Set custom location
export ELENCHUS_DATA_DIR=/path/to/custom/storage
# Or use XDG spec
export XDG_DATA_HOME=~/.local/shareSession Cleanup
Sessions are preserved as audit records. Manual cleanup:
rm -rf ~/.elenchus/sessions/*
# Or for specific sessions
rm -rf ~/.elenchus/sessions/2026-01-17_*Architecture
┌─────────────────────────────────────────────────────────────────────┐
│ ELENCHUS MCP SERVER │
├─────────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────────────────────────────────────────────────────┐ │
│ │ MCP PROTOCOL LAYER │ │
│ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────────┐ │ │
│ │ │ Tools │ │Resources │ │ Prompts │ │ Notifications│ │ │
│ │ │ (36) │ │ (URI) │ │ (5) │ │ (optional) │ │ │
│ │ └────┬─────┘ └────┬─────┘ └────┬─────┘ └──────────────┘ │ │
│ └───────┼─────────────┼─────────────┼──────────────────────────┘ │
│ │ │ │ │
│ ┌───────┴─────────────┴─────────────┴──────────────────────────┐ │
│ │ CORE MODULES │ │
│ │ Session Manager │ Context Manager │ Mediator System │ │
│ │ Role Enforcement │ Issue Lifecycle │ Pipeline (Tiered) │ │
│ └───────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────────┐ │
│ │ STORAGE │ │
│ │ ~/.elenchus/ │ │
│ └──────────────────┘ │
└─────────────────────────────────────────────────────────────────────┘Module Responsibilities
Module | Purpose |
Session Manager | Create, persist, and manage verification sessions |
Context Manager | Collect and organize target files and dependencies |
Mediator System | Multi-language dependency graphs (tree-sitter), issue detection, interventions |
Role Enforcement | Ensure Verifier↔Critic alternation, validate compliance |
Issue Lifecycle | Track issue states from RAISED to RESOLVED |
Pipeline | Tiered verification (screen → focused → exhaustive) |
Security
Security Model
Elenchus operates with the following security considerations:
No Code Execution: Elenchus does NOT execute the code it verifies. It performs static analysis only.
Local Storage: All session data is stored locally in
~/.elenchus/. No data is sent to external servers.Path Validation: All file paths are validated to prevent path traversal attacks.
No Secrets in Output: Tool outputs are sanitized to avoid exposing sensitive data.
Permissions
Elenchus requires:
Read access to target files for verification
Write access to
~/.elenchus/for session storage
Reporting Security Issues
Please report security vulnerabilities via GitHub Security Advisories.
Troubleshooting
Common Issues
Symptom: Your MCP client doesn't recognize Elenchus commands or tools.
Solutions:
Verify installation in your client's MCP settings
Restart your MCP client after adding the server
Check config syntax (JSON must be valid)
Ensure Node.js ≥18 is installed:
node --version
Symptom: Error "Session not found: xxx"
Solutions:
List active sessions:
Read elenchus://sessions/Sessions may have been cleaned up - start a new session
Verify session ID is correct (check for typos)
Symptom: Cannot read files or write sessions.
Solutions:
Check file permissions on target directory
Verify write access to
~/.elenchus/:ls -la ~/.elenchus/Try custom storage location:
export ELENCHUS_DATA_DIR=/tmp/elenchus
Symptom: Round rejected due to compliance score.
Solutions:
Check current role requirements:
elenchus_get_role_prompt({ role: "verifier" })Lower minimum compliance score:
elenchus_update_role_config({ sessionId: "...", minComplianceScore: 50, strictMode: false })Ensure role alternation (Verifier → Critic → Verifier)
Debugging
Use MCP Inspector for debugging:
npm run inspector
# or
npx @modelcontextprotocol/inspector node dist/index.jsGetting Help
Issues: GitHub Issues
Discussions: GitHub Discussions
Development
Build Commands
npm run build # Compile TypeScript to dist/
npm run dev # Watch mode with auto-rebuild
npm run start # Run the compiled server
npm run inspector # Launch MCP Inspector for debuggingProject Structure
elenchus-mcp/
├── src/
│ ├── index.ts # Entry point, MCP server setup
│ ├── tools/ # Tool definitions and handlers
│ ├── resources/ # Resource definitions
│ ├── prompts/ # Prompt templates
│ ├── types/ # TypeScript interfaces
│ ├── state/ # Session and context management
│ ├── mediator/ # Multi-language dependency analysis (tree-sitter)
│ ├── roles/ # Role enforcement
│ ├── config/ # Configuration constants
│ ├── cache/ # Response caching
│ ├── chunking/ # Code chunking
│ ├── diff/ # Differential analysis
│ ├── pipeline/ # Tiered verification
│ └── safeguards/ # Quality safeguards
├── dist/ # Compiled output
├── package.json
├── tsconfig.json
└── README.mdContributing
Contributions welcome! Please:
Fork the repository
Create a feature branch
Submit a pull request
License
MIT