CORSO MCP Server

Production-ready Model Context Protocol (MCP) server with Trinity V7.0 AI integration

Overview

CORSO MCP Server is a high-performance, security-first implementation of the Model Context Protocol specification, enabling Claude Code and other AI tools to execute programmatic tool calls with enterprise-grade security and intelligent routing.

Key Features:

• 🔒 7-Layer Binary Protection - Ed25519 signatures, AES-256-GCM encryption, anti-debugging
• 🧠 Trinity V7.0 Architecture - 3-layer AI routing (RUACH → IESOUS → ADONAI)
• 🚀 High Performance - <200ms tool execution, 85%+ token reduction
• 🔍 Advanced Tool Search - Regex and BM25 search per Anthropic spec
• 🌐 Multi-Platform - Linux, macOS (x64/ARM64), Windows

Installation

Prerequisites

• Rust 1.75+ (for building from source)
• Environment variable: CORSO_PUBLIC_KEY_HEX (required for binary protection)

From Source

# Clone the repository
git clone https://github.com/theLightArchitect/corso.git
cd corso

# Set required environment variable
export CORSO_PUBLIC_KEY_HEX="your_public_key_hex"

# Build release binary
cargo build --release

# Binary location: target/release/corso

Verify Installation

./target/release/corso --version
# Expected output: corso 2.0.0

Quick Start

1. Configure Environment

Create a .env file or export environment variables:

# Required: Binary protection key
export CORSO_PUBLIC_KEY_HEX="your_public_key_hex"

# Optional: Trinity gateway configuration
export TRINITY_GATEWAY_URL="http://localhost:1524"
export RUACH_PORT=1524
export IESOUS_PORT=3038
export ADONAI_PORT=3037

2. Start MCP Server

The CORSO MCP Server communicates via stdio (standard input/output) as per MCP specification:

./target/release/corso

The server will:

• Initialize binary protection layers
• Register 18 tools across 8 domains
• Listen for JSON-RPC 2.0 requests on stdin
• Output responses to stdout

3. Connect from Claude Code

Configure ~/.claude/mcp.json to add CORSO MCP Server:

{
  "mcpServers": {
    "corso": {
      "command": "/path/to/corso/target/release/corso",
      "env": {
        "CORSO_PUBLIC_KEY_HEX": "your_public_key_hex",
        "TRINITY_GATEWAY_URL": "http://localhost:1524"
      }
    }
  }
}

Restart Claude Code, and CORSO tools will be available.

Architecture

Trinity V7.0 - 3-Layer AI Routing

┌─────────────────────────────────────────┐
│  RUACH (Port 1524)                      │
│  Layer 1: Complexity Classification     │
└──────────────┬──────────────────────────┘
               │
               ▼
┌─────────────────────────────────────────┐
│  IESOUS (Port 3038)                     │
│  Layer 2: Orchestration & Code Gen      │
└──────────────┬──────────────────────────┘
               │
               ▼
┌─────────────────────────────────────────┐
│  ADONAI (Port 3037)                     │
│  Layer 3: CORSO Protocol Validation     │
└─────────────────────────────────────────┘

CORSO Protocol: 7 pillars, 49 rules for code quality, security, performance, testing, and DevOps.

Tools

CORSO MCP Server provides 18 tools across 8 domains:

Core Tools (Always Available)

• corso_classify - Complexity classification via RUACH
• corso_orchestrate - Code generation via IESOUS
• corso_validate - CORSO Protocol validation via ADONAI

Security (ELIJAH/MICHAEL)

• corso_security_scan - Vulnerability scanning (4,997 patterns)
• corso_threat_model - Attack surface analysis

Research (MELCHIZEDEK/GABRIEL)

• corso_research - Knowledge retrieval with Neo4j graph

Performance (DANIEL)

• corso_performance_analyze - Bottleneck identification
• corso_metrics - Runtime performance metrics

Infrastructure (MOSES/RAPHAEL)

• corso_deploy - Deployment orchestration
• corso_infrastructure_audit - Infrastructure analysis

Code & Architecture (URIEL)

• corso_architecture_design - System design patterns
• corso_code_review - Code quality review

Testing (JOSHUA)

• corso_test_generate - Test generation (90%+ coverage)

Utilities

• corso_health_check - Trinity gateway health
• corso_version - Version information
• corso_help - Interactive help

Configuration

Binary Protection

CORSO uses 7-layer defense:

1. Ed25519 Signatures - Verify binary integrity
2. AES-256-GCM Encryption - Protect sensitive sections
3. Anti-Debugging - Detect debugger attachment
4. Anti-Tampering - Hash verification at runtime
5. Obfuscation - Code flow obfuscation
6. Sandbox Detection - Detect VM/sandbox environments
7. Time-Lock - Expiration after specified time

Required environment variable:

export CORSO_PUBLIC_KEY_HEX="<64-character-hex-string>"

Trinity Gateway (Optional)

If running Trinity agents locally:

# Start Trinity gateway
cd crates/trinity
RUST_LOG=info cargo run --release --bin ruach &

# Configure MCP server to use gateway
export TRINITY_GATEWAY_URL="http://localhost:1524"

Tool Search

CORSO supports Anthropic's advanced tool search (spec: advanced-tool-use-2025-11-20):

Regex Search

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tool_search_tool_regex_20251119",
  "params": {
    "pattern": "security.*scan",
    "max_results": 5
  }
}

BM25 Semantic Search

{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "tool_search_tool_bm25_20251119",
  "params": {
    "query": "find security vulnerabilities in code",
    "max_results": 5
  }
}

Benefits: 85%+ token reduction, 60% latency reduction vs. listing all tools upfront.

Development

Build from Source

# Clone repository
git clone https://github.com/theLightArchitect/corso.git
cd corso

# Install dependencies (Rust 1.75+)
rustup update stable

# Run tests
cargo test --workspace --all-features

# Run clippy (linter)
cargo clippy --all-targets --all-features -- -D warnings

# Format code
cargo fmt --all

# Build release binary
cargo build --release

Quality Gates

Before committing:

cargo fmt && \
cargo clippy --all-targets --all-features -- -D warnings && \
cargo test --all-features --workspace

Project Structure

crates/
├── core/              # Core types, errors, tool trait
├── protocol/          # MCP JSON-RPC protocol
├── container/         # PyO3 sandbox runtime
├── trinity/           # Trinity V7.0 HTTP clients
├── trinity-gateway/   # Trinity gateway integration
├── security/          # SERAPHIM/CHERUBIM/ELIJAH
├── registry/          # DashMap tool registry
├── tools/             # Tool implementations
├── thinking/          # 0V3RTH1NK protocol
├── sandbox-bridge/    # Sandbox bridge
├── mcp_server/        # Main binary (entry point)
└── binary-protection/ # 7-layer defense system

CI/CD

GitHub Actions workflows for multi-platform builds:

• CI: Quality gates (fmt, clippy, tests) on every push
• Release: Multi-platform binaries (Linux, macOS x64/ARM64, Windows)
• Security Scan: Semgrep vulnerability scanning

See .github/workflows/ for configuration.

Performance

Benchmarks (measured on Apple M1 Pro):

• Tool search (regex): <10ms for 100 tools
• Tool search (BM25): <50ms for 100 tools
• Tool execution: <200ms average
• Binary startup: <100ms cold start
• Token reduction: 85%+ vs. standard MCP
• Memory footprint: <50MB resident

Security

Security-first design:

• ✅ Binary protection with Ed25519 + AES-256-GCM
• ✅ Input sanitization via SERAPHIM (regex-based)
• ✅ CORSO Protocol enforcement (SEC pillar: 7 rules)
• ✅ Vulnerability scanning (4,997 patterns via ELIJAH)
• ✅ Threat modeling before deployment
• ✅ Mandatory security validation before commits

Reporting vulnerabilities: [email protected]

License

Private License - Proprietary to CORSO Platform

Copyright © 2025 K.F. Tan, The Light Architect. All rights reserved.

Links

• GitHub: https://github.com/theLightArchitect/corso
• Issues: https://github.com/theLightArchitect/corso/issues
• MCP Specification: https://modelcontextprotocol.io
• Anthropic API: https://docs.anthropic.com

Support

For questions, bug reports, or feature requests:

1. Check existing GitHub Issues
2. Open a new issue with detailed description
3. Contact: [email protected]

Scripture: "His compassions fail not. They are new every morning: great is thy faithfulness." - Lamentations 3:22-23 (KJV)