Skip to content

tinyinternetclub/consentry

Repository files navigation

Consentry

Consentry is a local policy layer for AI tool use.

It sits between your assistant and the tools it wants to call, checks each request against your rules, and then either lets it through, blocks it, or asks you first. The goal is simple: make agent actions visible and keep the risky stuff from happening quietly.

Full documentation lives at tinyinternetclub.com/docs/consentry.

What it does

  • Wraps local MCP servers so tool calls can be checked before they run
  • Hooks Claude Code remote connectors before they hit Gmail, Slack, Notion, and similar services
  • Stores activity locally in SQLite under ~/.consentry/
  • Gives you a dashboard for approvals, policy, and recent activity
  • Starts with practical defaults instead of making you design a policy from scratch

Out of the box, the general shape is:

  • Reads are usually fine
  • Writes and deletes usually ask first
  • Obviously dangerous actions can be blocked outright

You can tighten or loosen that however you want.

How it works

Without Consentry:

assistant -> tool

With Consentry:

assistant -> consentry -> policy check -> allow / ask first / block

There are two interception paths:

  • Local MCP servers go through the proxy path
  • Claude Code remote connectors go through the hook path

If you use both, you can enable both.

What it does not cover

Consentry does not intercept every possible agent surface.

  • Local MCP protection is the reliable path for Claude Desktop, OpenClaw, PicoClaw, ZeroClaw, and Claude Code local MCP
  • Remote connector pre-execution interception is currently a Claude Code-specific path
  • OpenClaw, PicoClaw, and ZeroClaw now have an in-progress remote MCP reverse-proxy path for HTTP/SSE connectors, but only the proxy itself has been real-proven so far, not full end-to-end agent runs
  • Claude Desktop installed extensions are not a reliable pre-execution enforcement surface
  • Claude chat / claude.ai connector calls cannot be intercepted before they run

If a tool path is not routed through the proxy or the Claude Code hook, Consentry should not be treated as the thing enforcing it.

For the latest state of the reverse-proxy work and real testing, see docs/remote-proxy-real-testing.md.

A quick look

The dashboard shows what Consentry found, what is protected, and what needs your attention.

Consentry dashboard servers view

Approvals and policy changes happen in the same place, so you do not have to piece things together from chat history.

Consentry dashboard policy view

Install

Requirements:

  • Node.js 20+
  • macOS or Linux
  • Claude Desktop, OpenClaw, PicoClaw, or ZeroClaw for local MCP protection, and/or Claude Code for remote connector protection

From source:

git clone https://github.com/tinyinternetclub/consentry.git
cd consentry
npm install
npm run build
npm link

Verify:

consentry --help

Get started

If you want the easiest path, use the dashboard:

# terminal 1
consentry serve

# terminal 2
cd dashboard
npm install
npm run dev

Then open http://localhost:5173.

From there you can:

  • detect supported local MCP clients
  • install the Claude Code hook
  • pick a starting policy
  • review and respond to approval requests

If you prefer to set things up manually:

  • Local MCP servers in Claude Desktop, OpenClaw, PicoClaw, or ZeroClaw: consentry init
  • Claude Code remote connectors: install the PreToolUse hook

The short version of support is:

  • Claude Desktop, OpenClaw, PicoClaw, and ZeroClaw are covered through the local proxy path
  • Claude Code can use both the local proxy path and the remote-connector hook path
  • The hook path is Claude Code-specific

Where to go next

Releases

No releases published

Packages

 
 
 

Contributors