Mcp-Omega-Brain

Ecosystem Canon

Omega Brain MCP is the governing cognitive substrate of the VERITAS & Sovereign Ecosystem (Omega Universe). Where other memory layers persist context, Omega Brain enforces it: every execution path passes through the Cortex approval gate, every state transition is sealed to a tamper-proof SHA-3-256 audit ledger, and every artifact claim must survive a 10-gate deterministic build pipeline before a verdict is issued. It does not make trust decisions on behalf of the operator — it enforces the constraints the operator has declared, cryptographically and without exception. In the Omega Universe, Omega Brain MCP is the control plane: the point where agent autonomy ends and declared policy begins.

SYSTEM INVARIANT: VERITAS Build does not determine whether code is 'good.' VERITAS Build determines whether code survives disciplined attempts to break it under explicitly declared primitives, constraints, test regimes, boundaries, cost models, evidence, and policy.

Table of Contents

• Overview

• Features

• Architecture

• Requirements

• Installation

• Quickstart

• Configuration

• Integrations

• Usage Examples

• Tools Reference

• Resources

• CLAEG State Machine

• Troubleshooting

• Security & Sovereignty

• Threat Model

• Roadmap

• Omega Universe

• License

Overview

What It Is

Omega Brain MCP is a self-contained Model Context Protocol (MCP) server that runs as a local process alongside any MCP-compatible AI client. It exposes 26 tools and 9 resources covering four governance domains:

• Cross-session episodic memory — SQLite vault with full-text search, persisted across all restarts

• 10-gate VERITAS build pipeline — deterministic artifact evaluation from INTAKE through TRACE/SEAL

• Cryptographic S.E.A.L. audit ledger — append-only SHA-3-256 hash chain; every operation is sealed

• Cortex approval gate — Tri-Node similarity gate that enforces declared baseline policy on every tool call

Two Python files. One pip dependency. Zero external services.

Compatible clients: Claude Desktop, VS Code Copilot, Cursor, Windsurf, AutoGen, LangChain, CrewAI, LlamaIndex, and any MCP-compliant host.

What It Is Not

• Not a cloud service. No network egress, no API keys, no telemetry. All data remains on the operator's machine under ~/.omega-brain/ (or OMEGA_BRAIN_DATA_DIR).

• Not a language model. Omega Brain does not generate text. It governs, routes, stores, and audits agent operations.

• Not a policy authority. VERITAS gates enforce what the operator declares. The system cannot determine correctness beyond what its evidence and constraints describe.

• Not a firewall or OS-level isolation layer. See the Threat Model for explicit out-of-scope boundaries.

Features

Cross-Session Episodic Memory

• Vault (SQLite + FTS5) — sessions, entries, and events persist across restarts; auto-loaded at startup via omega://session/preload

• Semantic RAG provenance — 3-tier embedding engine: sentence-transformers → fastembed ONNX → TF-IDF n-gram; always available with no GPU requirement

• Sealed handoff — SHA-256 signed cross-session memory file; auto-loaded on restart, auto-written on task seal

10-Gate VERITAS Build Pipeline

Full deterministic evaluation pipeline: INTAKE → TYPE → DEPENDENCY → EVIDENCE → MATH → COST → INCENTIVE → SECURITY → ADVERSARY → TRACE/SEAL

Every gate returns a structured verdict (PASS, MODEL_BOUND, INCONCLUSIVE, or VIOLATION). The pipeline seals the final result as a cryptographically identified record. Fail-fast on VIOLATION by default.

Cryptographic Audit Ledger (S.E.A.L.)

• Append-only SHA-3-256 hash chain

• Every Cortex check, ingest, session log, gate run, and execution is automatically sealed

• Chain integrity is verifiable at any point; any tampered entry breaks the chain

• Persisted to omega_ledger.json under the data directory

Cortex Approval Gate

• Tri-Node similarity gate evaluates every tool call against the operator-declared baseline prompt

• Hard-block window < 0.45 — execution is refused; event sealed to ledger

• Steer window 0.45–0.65 — arguments are corrected toward baseline alignment before execution

• Blocks NAFE drift (narrative rescue, moral override, authority drift, intent inference) before execution

• CLAEG state machine governs terminal states: STABLE_CONTINUATION, ISOLATED_CONTAINMENT, TERMINAL_SHUTDOWN; absence of allowed transition is prohibition

Operational Characteristics

• Two transports — stdio (default, MCP standard) and SSE (HTTP streaming for web clients)

• Docker-ready — single Dockerfile, non-root user, unbuffered I/O

• Single dependency — mcp>=1.0.0; optional fastembed or sentence-transformers for higher-quality embeddings

• Fully local — no cloud, no API keys, no external server required

Architecture

┌─────────────────────────────────────────────────────────────────┐
│                        MCP CLIENT                               │
│   (Claude Desktop / VS Code Copilot / Cursor / AutoGen / ...)   │
└───────────────────────────┬─────────────────────────────────────┘
                            │  MCP stdio / SSE (JSON-RPC 2.0)
                            ▼
┌─────────────────────────────────────────────────────────────────┐
│                   OMEGA BRAIN MCP SERVER                        │
│               omega_brain_mcp_standalone.py                     │
│                                                                 │
│  ┌──────────────────────────┐  ┌──────────────────────────────┐ │
│  │       BRAIN CORE         │  │      VERITAS BUILD GATES     │ │
│  │                          │  │                              │ │
│  │  Cortex Approval Gate    │  │  10-Gate Pipeline            │ │
│  │  (Tri-Node, steer/block) │  │  INTAKE → TYPE → DEPENDENCY  │ │
│  │                          │  │  → EVIDENCE → MATH → COST    │ │
│  │  RAG Provenance Store    │  │  → INCENTIVE → SECURITY      │ │
│  │  (3-tier embeddings)     │  │  → ADVERSARY → TRACE/SEAL    │ │
│  │                          │  │                              │ │
│  │  S.E.A.L. Audit Ledger   │  │  Evidence Engine             │ │
│  │  (SHA-3-256 hash chain)  │  │  (Quality(e), MIS_GREEDY)    │ │
│  │                          │  │                              │ │
│  │  Sealed Handoff          │  │  CLAEG State Machine         │ │
│  │  (SHA-256 cross-session) │  │  NAFE Scanner                │ │
│  └──────────┬───────────────┘  └────────────────┬─────────────┘ │
└─────────────│──────────────────────────────────│───────────────┘
              │                                  │
              ▼  SQLite                          ▼  Pure Python
    ┌─────────────────────┐           ┌─────────────────────────┐
    │   ~/.omega-brain/   │           │  veritas_build_gates.py │
    │   omega_vault.db    │           │  (stateless, no I/O,    │
    │   omega_ledger.json │           │   reproducible verdicts)│
    │   omega_handoff.json│           └─────────────────────────┘
    └─────────────────────┘

Component Roles

🏛️ Protocol Standard: The omega-brain-mcp is the official execution engine for the VERITAS Ω-CODE v2.0 specification. The structural gates here enforce the deterministic claims that power veritas-vault session capture, AEGIS remediation, and Sovereign artifacts.

Verdict System

Requirements

Embedding engine auto-selection: The server probes for sentence-transformers first, then fastembed, then falls back to built-in TF-IDF n-gram. You always get semantic search — richer models improve recall quality.

Installation

From PyPI

pip install omega-brain-mcp

From Source

git clone https://github.com/VrtxOmega/omega-brain-mcp.git
cd omega-brain-mcp
pip install mcp
# Optional: better embeddings
pip install fastembed                       # recommended — fast ONNX, no GPU
pip install sentence-transformers numpy     # best quality, larger download

Docker

docker build -t omega-brain-mcp .
docker run --rm -i omega-brain-mcp                              # stdio mode (MCP standard)
docker run --rm -p 8055:8055 omega-brain-mcp --sse --port 8055  # SSE mode

Run Tests

pip install pytest pytest-asyncio pytest-cov
PYTHONUTF8=1 OMEGA_BRAIN_DATA_DIR=/tmp/omega-test pytest tests/ -v --tb=short

Quickstart

1 — Verify the server starts

python omega_brain_mcp_standalone.py --help

2 — Run in stdio mode (default)

The server reads JSON-RPC 2.0 messages from stdin and writes responses to stdout. MCP clients manage this process automatically via the config below.

python omega_brain_mcp_standalone.py

3 — Run in SSE mode (HTTP streaming)

python omega_brain_mcp_standalone.py --sse --port 8055
# GET  http://localhost:8055/sse      — event stream
# POST http://localhost:8055/messages — send tool calls

4 — Test a tool call manually (stdio)

echo '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"omega_brain_status","arguments":{}}}' \
  | python omega_brain_mcp_standalone.py

5 — Configure your MCP client (see Configuration)

Configuration

Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "omega-brain": {
      "command": "python",
      "args": ["/absolute/path/to/omega_brain_mcp_standalone.py"],
      "env": { "PYTHONUTF8": "1" }
    }
  }
}

VS Code / GitHub Copilot

Add to .vscode/mcp.json in your workspace (or user settings):

{
  "servers": {
    "omega-brain": {
      "type": "stdio",
      "command": "python",
      "args": ["/absolute/path/to/omega_brain_mcp_standalone.py"],
      "env": { "PYTHONUTF8": "1" }
    }
  }
}

Cursor

In Cursor Settings → MCP → Add Server:

{
  "mcpServers": {
    "omega-brain": {
      "command": "python",
      "args": ["/absolute/path/to/omega_brain_mcp_standalone.py"],
      "env": { "PYTHONUTF8": "1" }
    }
  }
}

Windsurf / Cascade

In ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "omega-brain": {
      "command": "python",
      "args": ["/absolute/path/to/omega_brain_mcp_standalone.py"],
      "env": { "PYTHONUTF8": "1" }
    }
  }
}

SSE / HTTP Client

{
  "mcpServers": {
    "omega-brain": {
      "type": "sse",
      "url": "http://localhost:8055/sse"
    }
  }
}

Environment Variables

Integrations

Omega Brain MCP integrates with any MCP-compatible client using standard JSON-RPC 2.0 over stdio or SSE. For framework-specific integration patterns (LangChain, CrewAI, AutoGen, LlamaIndex) see INTEGRATIONS.md and the examples/ directory.

Recommended Integration Pattern

For production use, keep one persistent server process across all calls. This avoids the 2–3s cold-start cost of loading the embedding model and SQLite on every call.

from omega_client import OmegaBrainClient

client = OmegaBrainClient()  # starts server subprocess once

# Governance-first: always run a Cortex check before executing
check = client.call("omega_cortex_check", {
    "tool": "omega_rag_query",
    "args": {"query": "sensitive project data"},
    "baseline_prompt": "You are a data analysis agent. Only access approved datasets."
})
# {"approved": true, "similarity": 0.71, "verdict": "APPROVED", "node_votes": [1, 1, 1]}

# Memory retrieval
result = client.call("omega_rag_query", {"query": "VERITAS evidence thresholds", "top_k": 5})

# Run VERITAS build gate pipeline
verdict = client.call("veritas_run_pipeline", {"claim": {...}, "regime": "baseline"})

# Session persistence — always seal before terminating
client.call("omega_seal_task", {})
client.close()

Quick-Reference Pattern Table

Usage Examples

All examples use JSON-RPC 2.0. In practice, your MCP client sends these automatically when you invoke a tool. The shell one-liner form is useful for testing.

Check server health

echo '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"omega_brain_status","arguments":{}}}' \
  | python omega_brain_mcp_standalone.py

Response (abbreviated):

{
  "result": {
    "content": [{
      "type": "text",
      "text": "{\"vault_sessions\": 3, \"vault_entries\": 42, \"rag_fragments\": 18, \"ledger_entries\": 127, \"embedding_engine\": \"fastembed\", \"omega_status\": \"OK\"}"
    }]
  }
}

Cortex approval check

{
  "jsonrpc": "2.0", "id": 4,
  "method": "tools/call",
  "params": {
    "name": "omega_cortex_check",
    "arguments": {
      "tool": "omega_rag_query",
      "args": {"query": "sensitive user data"},
      "baseline_prompt": "You are a data analysis agent. Only access approved datasets."
    }
  }
}

Response:

{"approved": true, "similarity": 0.71, "verdict": "APPROVED", "node_votes": [1, 1, 1]}

Run the full VERITAS pipeline

{
  "jsonrpc": "2.0", "id": 5,
  "method": "tools/call",
  "params": {
    "name": "veritas_run_pipeline",
    "arguments": {
      "claim": {
        "claim_id": "claim-001",
        "artifact_type": "function",
        "description": "Validates user authentication tokens",
        "primitives": ["jwt", "hmac-sha256"],
        "evidence": [
          {
            "id": "e1", "type": "test_suite",
            "provenance": 0.9, "repeatability": 0.95,
            "freshness": 0.85, "env_match": 1.0
          }
        ],
        "constraints": [{"op": "lte", "left": "latency_ms", "right": 50}],
        "cost": {"cpu_p95": 0.3, "memory_gb_p95": 0.1},
        "security": {"sast_findings": [], "secrets_found": false}
      },
      "regime": "baseline"
    }
  }
}

Response:

{
  "verdict": "PASS",
  "gates_passed": 10,
  "seal_hash": "a3f9c2...",
  "pipeline_ms": 12,
  "omega_status": "OK"
}

NAFE scan (detect AI narrative failures)

{
  "jsonrpc": "2.0", "id": 6,
  "method": "tools/call",
  "params": {
    "name": "veritas_nafe_scan",
    "arguments": {
      "text": "Although the tests failed, the developer clearly intended the function to work correctly, so we can assume it passes."
    }
  }
}

Response:

{
  "nafe_detected": true,
  "signatures": ["NARRATIVE_RESCUE", "INTENT_INFERENCE"],
  "seal_hash": "b7d1e4...",
  "omega_status": "NAFE_VIOLATION"
}

Tools Reference (26 Tools)

Brain Core (12)

Build Gates (15)

Resources (9)

CLAEG State Machine

INIT → { STABLE_CONTINUATION | ISOLATED_CONTAINMENT | TERMINAL_SHUTDOWN }
STABLE_CONTINUATION → { STABLE_CONTINUATION | ISOLATED_CONTAINMENT | TERMINAL_SHUTDOWN }
ISOLATED_CONTAINMENT → { STABLE_CONTINUATION | TERMINAL_SHUTDOWN }
TERMINAL_SHUTDOWN → {} (absorbing)

Invariant: Absence of an allowed transition is treated as prohibition. TERMINAL_SHUTDOWN is absorbing — there are no exit transitions.

File Structure

omega-brain-mcp/
├── omega_brain_mcp_standalone.py   # MCP server — Brain Core + tool dispatch (~1430 lines)
├── veritas_build_gates.py          # Gate engine — pure deterministic logic (~1430 lines)
├── omega_client.py                 # Python client helper (persistent process)
├── requirements.txt                # mcp>=1.0.0
├── pyproject.toml                  # Package config + optional deps
├── Dockerfile                      # Non-root, unbuffered, stdio + SSE
├── INTEGRATIONS.md                 # LangChain, CrewAI, AutoGen, LlamaIndex guides
├── SECURITY.md                     # Vulnerability reporting policy
├── CHANGELOG.md                    # Release history
├── docs/
│   └── integration.md              # Detailed integration reference
├── examples/
│   ├── langchain_quickstart.py
│   ├── crewai_quickstart.py
│   ├── autogen_quickstart.py
│   └── llamaindex_quickstart.py
└── tests/
    ├── test_build_gates.py         # Gate pipeline tests
    ├── test_veritas.py             # VERITAS scoring tests
    ├── test_seal.py                # SEAL chain integrity tests
    ├── test_handoff.py             # Handoff seal/context tests
    ├── test_cortex.py              # Cortex approval tests
    └── test_vault.py               # Vault persistence tests

Troubleshooting

Server does not start / ModuleNotFoundError: mcp

pip install mcp

UnicodeDecodeError on Windows

Set the environment variable before running:

set PYTHONUTF8=1
python omega_brain_mcp_standalone.py

Or add "env": { "PYTHONUTF8": "1" } to your MCP client config.

Client shows "Server disconnected" immediately

1. Confirm the path in your client config is absolute (e.g., C:\Users\you\omega-brain-mcp\omega_brain_mcp_standalone.py), not relative.

2. Run the server manually in a terminal to see startup errors: python /path/to/omega_brain_mcp_standalone.py

3. Check Python version: python --version must be 3.11+.

Embeddings are slow / low quality

Install a better embedding backend:

pip install fastembed          # fast, no GPU, ~30MB download — recommended
# or
pip install sentence-transformers numpy   # highest quality

The server auto-selects the best available engine at startup and logs which tier is active.

NAFE_VIOLATION returned unexpectedly

The NAFE scanner detected a narrative failure pattern (rescue framing, intent inference, moral override, or authority drift) in the text passed to veritas_nafe_scan. Review the signatures field in the response for the specific pattern detected, then revise the input text to state facts without narrative interpretation.

Vault / ledger corruption

Delete the data directory and restart to rebuild from scratch (all persisted memory will be lost):

rm -rf ~/.omega-brain/
python omega_brain_mcp_standalone.py

To use a separate data directory per project:

OMEGA_BRAIN_DATA_DIR=/path/to/project-brain python omega_brain_mcp_standalone.py

SSE mode: Connection refused on port 8055

Ensure the server is running with --sse --port 8055 and that the port is not blocked by a firewall. Check with:

curl -N http://localhost:8055/sse

Security & Sovereignty

• All data is local. The vault, S.E.A.L. ledger, RAG store, and handoff file are stored in ~/.omega-brain/ (or OMEGA_BRAIN_DATA_DIR). No data is transmitted to any external service.

• No API keys required. The server requires only a local Python installation and the mcp package.

• Cryptographic integrity. The S.E.A.L. ledger uses SHA-3-256 hash chaining; any tampering with a past entry breaks the chain. Handoff files are SHA-256 sealed.

• Cortex blocks drift. The Cortex gate hard-blocks tool calls with similarity below 0.45 to the declared baseline prompt, preventing prompt injection from steering the agent off its declared mission.

• NAFE guardrails. The NAFE scanner detects and seals AI narrative failures — including attempts to override constraints via ethical framing or authority assertions — before they propagate.

• Non-root Docker. The provided Dockerfile runs as a non-root omega user.

• VERITAS gates are stateless and deterministic. veritas_build_gates.py has no network calls, no file I/O, and no side effects. All verdicts are reproducible given the same input.

• Sensitive data handling. Do not ingest secrets, credentials, or PII into the RAG store or vault. The vault is unencrypted SQLite on disk; protect it with OS-level file permissions.

For vulnerability reporting, see SECURITY.md.

Threat Model

In Scope

Out of Scope

The following threats are not addressed by Omega Brain MCP:

• Compromised host or operating system — if the process environment is controlled by an adversary, no application-layer protection is sufficient

• Stolen or leaked vault encryption keys — the vault is unencrypted SQLite; OS-level access controls are the operator's responsibility

• Malicious administrator — an operator with filesystem access can modify or delete the data directory directly

• Supply-chain compromise of mcp or Python itself — dependency integrity verification is the operator's responsibility; use lock files and hash verification

• Network-level attacks — SSE mode exposes an HTTP endpoint; TLS termination and network access control are the operator's responsibility

• Model-level jailbreaks — Cortex gates on declared tool calls; it does not govern the language model's internal reasoning or responses

Trust Boundaries

  [ MCP Client / AI Agent ]
           │
           │  Trust: MCP client is the operator's declared agent.
           │         Baseline prompt defines the trust contract.
           ▼
  [ Omega Brain MCP Server ]  ← Enforcement boundary
           │
           │  Trust: Local filesystem is operator-controlled.
           │         No external services are contacted.
           ▼
  [ ~/.omega-brain/ (vault, ledger, handoff) ]

The Cortex gate is the primary trust enforcement point. All tool calls cross this boundary. The VERITAS pipeline enforces evidence-based policy on artifact claims. The S.E.A.L. ledger provides a tamper-evident record of all crossings.

Roadmap

Community contributions are welcome. See CONTRIBUTING.md for invariants that must not be broken.

Omega Universe

Omega Brain MCP is the governance control plane of the VERITAS & Sovereign Ecosystem. The following repositories form the broader Omega Universe:

📖 Read the master narrative: Why Sovereign AI?

🌐 VERITAS Omega Ecosystem

This project is part of the VERITAS Omega Universe — a sovereign AI infrastructure stack.

• VERITAS-Omega-CODE — Deterministic verification spec (10-gate pipeline)

• Gravity-Omega — Desktop AI operator platform

• Ollama-Omega — Ollama MCP bridge for any IDE

• OmegaWallet — Desktop Ethereum wallet (renderer-cannot-sign)

• veritas-vault — Local-first AI knowledge engine

• sovereign-arcade — 8-game arcade with VERITAS design system

• SSWP — Deterministic build attestation protocol

License

MIT — see LICENSE for full text.