Model Context Control

Who builds a server
they can't control?

The open governance layer for MCP.

MCP defines how AI systems talk to tools. MCC defines who gets to use MCP — and under what conditions. Policy enforcement, audit logging, rate limiting. Open. Free. Neutral.

→ get started what is MCC?
5,800+ MCP servers — no governance layer
97M+ monthly MCP downloads
compatible — every MCP server, any client
what is MCP

MCP — the protocol MCC sits on top of.

MCP (Model Context Protocol) is the open standard that lets AI clients talk to tools: filesystems, databases, APIs, shells. Think of it as USB-C for AI — one connector, any device. 5,800+ servers. 97M+ monthly downloads. No governance layer. That's where MCC comes in.

modelcontextprotocol.io ↗
CC-BY 4.0
what MCC does

The governance layer
your MCP server is missing.

The MCP ecosystem is growing fast. Most local installations have no governance layer at all. MCC is that layer.

POLICY

Policy enforcement

Define which tools are allowed for which actors under which conditions. JSON-based, hot-reloadable, auditable.

AUDIT

Audit logging

Every MCP call recorded. Timestamp, tool, path, actor, result. SQLite, append-only, immutable. Yours.

RATE

Rate limiting

Prevent runaway agents from overwhelming local resources. Configurable per-tool, per-actor, per-window.

BLOCK

Blocklists

Block dangerous or untrusted tool patterns by name. Sensible defaults. Customizable. Never silent.

ERROR

Transparent errors

Errors are visible, documented, never hidden. A system that shows its failures is the only system you can trust.

AUTH

OAuth integration

GitHub OAuth authentication out of the box. No custom auth server. No black boxes.

why MCC

MCP tells AI how to talk to tools.
MCC decides who's allowed.

The Model Context Protocol (Linux Foundation, open standard · v2025-11-25) solved the communication layer. The governance layer is still missing. That vacuum is MCC's territory.

MCP exposes three primitive types to AI clients: Tools (executable actions), Resources (read-only data), and Prompts (templates). MCC can govern all three — across both transport types: STDIO (local process) and Streamable HTTP (remote/cloud).

MCP — the protocol
Defines tool communication
Server/client transport
Tool schemas & types
Who can call what?
Access control
Audit trail
Rate limiting
MCC — the governance
Sits on top of MCP
Protocol-agnostic
Wraps any MCP server
Policy enforcement ✓
Actor-based ACL ✓
Immutable audit log ✓
Per-tool rate limits ✓
how it works

Three diagrams.
The full picture.

MCC sits between every AI client and every tool call. You define the rules. MCC enforces them. Every access is logged.

01 — The Concept
KI-Client Claude · GPT · etc. request MCC Policy · Audit · Rate you decide ↑ your policy approved ✕ denied Tool / Server Filesystem · Shell · API
02 — Before / After
WITHOUT MCC KI any model uncontrolled Tool full access ✕ no audit log ✕ no policy control ✕ you don't know what happens WITH MCC KI any model MCC Policy-Check + Audit-Log Tool governed ✓ full audit log — immutable, SQLite ✓ policy: you define what's allowed ✓ real-time control over every access
03 — Architecture
CLIENT GATEWAY MCC CORE TOOLS APK Android + WebView Browser MCC_EXTENSIONS UI HTTPS / TLS Internet TLS Cloudflare Tunnel · Reverse Proxy · OAuth ControlAPI Policy · Audit · Auth McpLite basic tools McpExtended full Guardian Policy · Keystore File · Git · Shell SQL · Terminal · Presets
policy

One JSON file.
Full control.

MCC policy is a single JSON file. Human-readable. Version-controllable. Hot-reloadable at runtime. No YAML. No custom DSL. No surprises.

mcc_policy.json
// MCC Policy — minimal example { "allowed_roots": ["C:/workspace", "C:/docs"], "rules": [ { "tool": "read_file", "allow": true, "audit": true }, { "tool": "write_file", "allow": true, "require_confirmation": true }, { "tool": "delete_*", "allow": false, // implicit deny "log_denied": true } ], "blocklist": ["*.env", "*.key", "*.pem"], // always blocked "rate_limit": { "window_seconds": 60, "max_calls": 30 } }
A system that makes its failures visible and correctable is the only system you can trust.
roadmap

What's built.
What's coming.

Policy engine
JSON-based, implicit deny, hot-reload
Audit log
SQLite, append-only, immutable, queryable
Rate limiting + blocklists
Per-tool, per-actor, configurable
CLI tool
mcc validate · mcc status · mcc log
Docker image
Self-hosted deployment, zero dependencies
Integration guides
Common MCP server configurations
MCP Registry integration
Auto-discover registered servers · import server metadata into policy
→ view on GitHub evolution-ki.com OpenDromeda ↗