crosscheck-cli

The Crosscheck multi-LLM orchestration Model Context Protocol (MCP) server, packaged as a single-machine-activatable CLI. Runs on your laptop, fans structured patterns (confer, debate, audit, plan, panel_pick, …) across multiple LLM providers using your own API keys, and emits signed, content-free telemetry so your dashboard at https://crosscheckagent.com/account can show usage. No Python required — the engine (crosscheck-mcp) is pure TypeScript.

Install (Claude Code in VS Code — recommended)

In the Claude Code chat, just say:

Install Crosscheck

Claude Code will run the one-liner below for you. Or run it yourself in any terminal:

npx -y crosscheck-cli@latest install

That single command:

1. Activates this machine — opens your browser to sign in, accept the agreement, and subscribe (device-authorization flow, like gh auth login). No tokens to copy and paste.
2. Sets up your provider keys — Anthropic, OpenAI, Google (Gemini), xAI (Grok). Browser, terminal, or import from your environment. Keys are stored in your OS keychain and never sent to Crosscheck.
3. Registers the MCP server with Claude Code at user scope (claude mcp add, with a ~/.claude.json fallback) — available in every workspace.

Then reconnect MCP servers in Claude Code (or restart it) and ask it to "use crosscheck to confer on …".

Requires Node 20+.

Commands

crosscheck install                     # set everything up (run this first)
crosscheck activate                    # (re)authorize this machine via the browser
crosscheck keys setup                  # interactive wizard for all provider keys
crosscheck keys add <provider> [--paste]   # add one key (browser by default; --paste for CI)
crosscheck keys list                   # list stored provider key names (not values)
crosscheck keys remove <provider>      # remove a key
crosscheck heartbeat                   # check license status against the server
crosscheck serve                       # start the MCP server (stdio) — Claude Code runs this
crosscheck deactivate                  # wipe local credentials

Providers: anthropic, openai, gemini, grok (also groq, deepseek, mistral).

What we never see

The Crosscheck server never receives the content of your prompts/responses or your upstream LLM API keys.

What the server does see (and shows on your dashboard):

• Token counts per call
• Estimated cost (re-computed server-side from a public price table)
• Provider, model id, pattern name
• Latency, success/error status

Telemetry events are HMAC-signed with a per-seat key derived at activation time. Any event carrying a prompt, messages, content, input, text, completion, response, or output field is rejected at the server boundary.

Architecture

Customer machine                         crosscheckagent.com
─────────────────                        ─────────────────────────────
crosscheck CLI          <-- HTTPS -->    /api/crosscheck/cli/device-code
  OS keychain                            /api/crosscheck/cli/token
    upstream LLM keys                    /api/crosscheck/heartbeat
    Ed25519 JWT                          /api/crosscheck/telemetry
    seat HMAC key
  └─ spawns crosscheck-mcp (stdio)  ← the TypeScript engine (npm dependency)

The CLI:

1. Activates against the server (browser device-auth → Ed25519 JWT + per-seat HMAC key, stored in the OS keychain).
2. Stores upstream LLM keys in the OS keychain (Keychain / Credential Manager / libsecret).
3. Heartbeats every 24h; refreshes the JWT and honors revocation.
4. Signs and POSTs content-free telemetry on each LLM call.
5. Spawns crosscheck-mcp locally, injecting your keys as env vars, and lets the MCP client talk to it over stdio.

License

See LICENSE.md and the canonical EULA at https://crosscheckagent.com/legal/eula.