AI Assumption Firewall โ MCP server that catches assumptions, checks past decisions, detects contradictions, and gates human approval.
Project description
๐ฅ Kontrol Freek
AI assumption firewall โ an MCP server that catches AI assumptions, verifies them against a project decision log, detects contradictions, scores risk, and gates human approval before the AI proceeds.
What It Does
AI: "I'll use PostgreSQL" (assumption!)
โ
check_assumption("Use PostgreSQL", risk="medium", category="architecture")
โ
Kontrol Freek: Check past decisions โ Contradictions? โ Risk score
โ
โโ Low risk + past approval โ โ
Auto-approve
โโ Medium risk โ ๐ Ask human (Telegram/Slack/Web/Terminal)
โโ Contradiction or critical โ โ Block + notify human
Beyond Existing MCP Servers
| Feature | clarify-mcp | CONTINUITY | mcp-human-loop | VantaGate | Kontrol Freek |
|---|---|---|---|---|---|
| ctx.elicit() support | โ | โ | โ | โ | โ |
| SQLite decision log | โ | โ | โ | โ | โ |
| Risk scoring | โ | โ | โ | โ | โ |
| Semantic similarity | โ | โ | โ | โ | โ |
| Contradiction detection | โ | โ | โ | โ | โ |
| Cryptographic audit | โ | โ | โ | โ | โ |
| Time-based decay | โ | โ | โ | โ | โ |
| Multi-channel | โ | โ | โ | โ | โ |
| Project context analysis | โ | โ | โ | โ | โ |
| Adaptive policy engine | โ | โ | Basic | Static | Adaptive |
Installation
One-Command Setup (Mac / Linux / Windows)
git clone https://github.com/berkbayri/kontrol-freek-mcp.git
cd kontrol-freek-mcp
python install.py
This will:
- Install the Python package
- Generate a
.envwith a random HMAC secret - Register a system service (auto-starts on boot, auto-restarts on crash)
- Configure Claude Code and Claude Desktop
Manual Install
pip install -e ".[full]" # Full: Telegram + Web + Embeddings
# or
pip install -e ".[lite]" # Lite: Telegram + Web (no embeddings)
# or
pip install -e . # Minimal: stdio only
Claude Code Config
The installer uses the Claude Code CLI to register the server globally (works across all projects):
claude mcp add kontrol-freek /path/to/kontrol-freek \
-e KF_HMAC_SECRET=your-secret \
-e KF_DB_PATH=/home/you/.kontrol-freek/decisions.db \
-e KF_AUDIT_PATH=/home/you/.kontrol-freek/audit.jsonl \
-e KF_TELEGRAM_TOKEN=BOT_TOKEN \
-e KF_TELEGRAM_CHAT_ID=CHAT_ID \
--scope user
This writes to ~/.claude.json (the correct global config file). The old ~/.claude/claude_code_config.json path is not read by Claude Code and should not be used.
Claude Desktop Config
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%/Claude/claude_desktop_config.json
{
"mcpServers": {
"kontrol-freek": {
"command": "python",
"args": ["-m", "kontrol_freek_mcp"],
"env": { "KF_HMAC_SECRET": "your-secret" }
}
}
}
HTTP Server Mode (remote access)
kontrol-freek --transport streamable-http --port 8765
{
"mcpServers": {
"kontrol-freek": {
"transport": "streamable-http",
"url": "http://localhost:8765/mcp"
}
}
}
Telegram Bot Setup
- Message @BotFather โ
/newbotโ get token - Add bot to a group or DM it
- Get chat ID:
https://api.telegram.org/bot<TOKEN>/getUpdates - Set in
.env:KF_TELEGRAM_TOKEN=123456:ABC-DEF... KF_TELEGRAM_CHAT_ID=987654321
Bot Commands
/kf approve abc123 โ Approve assumption
/kf reject abc123 Wrong โ Reject with reason
/kf answer abc123 Yes โ Answer a question
/kf stats โ Show statistics
/kf recent โ Recent decisions
How It Works
Decision Flow
AI โ check_assumption(assumption, risk, category)
โ
โโโ Query past decisions (SQLite)
โโโ Compute semantic similarity (TF-IDF or sentence-transformers)
โโโ Contradiction analysis
โโโ Policy engine โ auto_approve / review / block
โ
โโโ auto_approve โ Log, continue
โโโ review โ Ask human โ Wait โ Log
โโโ block โ Notify human โ Wait for approval/rejection โ Log
โ
โโโ ctx.elicit() (native MCP)
โโโ Telegram bot
โโโ Slack webhook
โโโ Web dashboard
โโโ Terminal input (fallback)
Policy Rules
| Condition | Verdict |
|---|---|
| Critical risk | โ Block โ always requires human approval |
| Contradiction with past decision | โ Block |
| security/architecture/deployment category | ๐ Review |
| Low risk + โฅ78% similarity + past approval | โ Auto-approve |
| High risk | ๐ Review |
| Default | ๐ Review |
Time Decay
Older decisions carry less weight:
- 0 days โ 1.0 (fully valid)
- 30 days โ 0.72
- 90 days โ 0.37
- 180 days โ 0.14
This prevents stale approvals from auto-approving new assumptions.
Audit Chain
Every action is logged to an HMAC-SHA256 signed, hash-chained JSONL file:
{"action": "human_approve", "text": "Use PostgreSQL", "detail": "Go ahead",
"decision_id": 42, "ts": "2025-01-15T14:30:00Z", "prev": "a1b2...", "hash": "d4e5..."}
Verify chain integrity:
from kontrol_freek_mcp.audit import AuditTrail
trail = AuditTrail("./audit.jsonl", "your-secret")
valid, count = trail.verify_chain()
print(f"Valid: {valid}, Entries: {count}")
Auto-Start & Crash Recovery
python install.py sets up:
| Platform | Mechanism | Details |
|---|---|---|
| macOS | LaunchAgent | ~/Library/LaunchAgents/com.kontrol-freek.mcp.plist โ runs at login, KeepAlive on crash |
| Linux | systemd user service | ~/.config/systemd/user/kontrol-freek.service โ Restart=on-failure, survives logout via linger |
| Windows | Task Scheduler | schtasks โ runs at logon |
The wrapper script includes exponential backoff crash recovery (5s โ 10s โ 20s โ ..., max 10 restarts).
python install.py --status # Health check
python install.py --uninstall # Clean removal
Project Structure
kontrol-freek-mcp/
โโโ src/kontrol_freek_mcp/
โ โโโ __init__.py # Package
โ โโโ __main__.py # python -m support
โ โโโ server.py # Main MCP server โ 7 tools + 2 resources + 1 prompt
โ โโโ db.py # SQLite decision database
โ โโโ policy.py # Policy engine (risk, decay, rules)
โ โโโ similarity.py # Semantic similarity (embeddings + TF-IDF)
โ โโโ notifier.py # Multi-channel notification routing
โ โโโ audit.py # HMAC-SHA256 hash-chain audit trail
โ โโโ web.py # FastAPI approval dashboard
โ โโโ telegram_bot.py # Telegram bot handler
โโโ tests/test_core.py
โโโ install.py # One-command installer (Mac/Linux/Windows)
โโโ pyproject.toml
โโโ CLAUDE.md
โโโ .env.example
โโโ README.md
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
kontrol_freek_mcp-1.0.0.tar.gz
(23.7 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file kontrol_freek_mcp-1.0.0.tar.gz.
File metadata
- Download URL: kontrol_freek_mcp-1.0.0.tar.gz
- Upload date:
- Size: 23.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d8fca7fda50fc135f11cf0ef99abcd7f4f5cf868009bd6f1261ac8b5cc953fd7
|
|
| MD5 |
aa7440da4f0eb55a3f796e50a82dd029
|
|
| BLAKE2b-256 |
13993f40fd1f0dcc745f644aca671643f9ffa8d4542d72992f24812685e43e7a
|
File details
Details for the file kontrol_freek_mcp-1.0.0-py3-none-any.whl.
File metadata
- Download URL: kontrol_freek_mcp-1.0.0-py3-none-any.whl
- Upload date:
- Size: 22.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
98945c7a2e6f3754f432668cf12805bdb13bf6c10b66abd03dacb18b350b3df8
|
|
| MD5 |
8ba6dc3ae2921224b5379b19e3240eb5
|
|
| BLAKE2b-256 |
11bee8a6e4c86f669b0a6596a4ec2939c01fd0d86b494ede89c45ca11be559e7
|
