Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.qwedai.com/llms.txt

Use this file to discover all available pages before exploring further.

Model Context Protocol (MCP) Server for QWED Verification PyPI version Tests License QWED-MCP brings deterministic verification to Claude Desktop, VS Code, and any MCP-compatible AI assistant. Instead of trusting LLMs to compute correctly, QWED-MCP provides a sandboxed Python execution environment with access to all QWED SDK verification libraries. Use QWED-MCP when you need MCP security, tool call verification, skill supply chain protection, and deterministic enforcement around Model Context Protocol actions.

Why QWED-MCP?

The problem

LLMs are unreliable for:
  • Mathematical calculations - They approximate, don’t compute
  • Logical reasoning - They guess patterns, don’t prove
  • Code security - They miss edge cases, don’t analyze
  • SQL queries - They don’t validate, just generate

The solution

QWED-MCP exposes deterministic verification to AI assistants through a single execute_python_code tool. The LLM writes a Python script that imports the appropriate QWED SDK, and the MCP server runs it in a sandboxed subprocess.
Without QWED-MCPWith QWED-MCP
LLM-only math → ~95% correctQWED-MCP executes Python via qwed_new math engine → 100% correct
LLM-only SQL → unverified for injectionScript uses qwed_new SQL analyzer → injection detected
LLM-only reasoning → unverifiedZ3 solver executed via SDK → formally proven
LLM-only code → unverified for safetyAST check script executed → security checked

How it works

┌─────────────────────────────────────────────────────────────┐
│                    Your AI Application                       │
│  ┌─────────────────┐        ┌─────────────────────────────┐ │
│  │  Claude Desktop │        │        VS Code + Copilot    │ │
│  │  or any MCP     │        │        or any MCP Client    │ │
│  │  compatible     │        │                             │ │
│  └────────┬────────┘        └──────────────┬──────────────┘ │
└───────────┼─────────────────────────────────┼───────────────┘
            │                                 │
            │         MCP Protocol            │
            │       (JSON-RPC over stdio)     │
            ▼                                 ▼
┌──────────────────────────────────────────────────────────────┐
│                     QWED-MCP Server (v0.2.0)                 │
├──────────────────────────────────────────────────────────────┤
│                                                              │
│  ┌────────────────────────────────────────────────────────┐  │
│  │          RiskBasedExecutionGateway                     │  │
│  │  └─► Policy lookup → Argument validation →            │  │
│  │      Code safety (AST) → Admin policy enforcement     │  │
│  ├────────────────────────────────────────────────────────┤  │
│  │              execute_python_code                       │  │
│  │  ├─► Synchronous Execution (30s timeout)               │  │
│  │  └─► Background Execution (background=true)            │  │
│  │       └─► Async Job Queue (up to 5 concurrent)         │  │
│  │           └─► Native QWED library execution            │  │
│  │               ├── qwed_new (math, logic, code, SQL)    │  │
│  │               ├── qwed_legal (deadlines, citations,..) │  │
│  │               ├── qwed_finance (banking, ISO 20022)    │  │
│  │               └── qwed_ucp (commerce verification)     │  │
│  ├────────────────────────────────────────────────────────┤  │
│  │              verification_status                       │  │
│  │  └─► Poll background job results by job_id             │  │
│  └────────────────────────────────────────────────────────┘  │
│                                                              │
└──────────────────────────────────────────────────────────────┘

Available tools

ToolDescriptionUse case
execute_python_codeSubprocess executionThe primary entry point for all QWED capabilities. Executes dynamically generated Python code with access to all QWED SDK libraries. Supports optional background=true for async execution.
verification_statusJob status pollingCheck the status and results of background verification jobs dispatched via execute_python_code with background=true.
All tool calls pass through the RiskBasedExecutionGateway before dispatch. The gateway validates arguments, runs code safety analysis, and enforces admin policy. The gateway blocks unknown tools by default.
In v0.1.x, QWED-MCP exposed individual tools like verify_math, verify_logic, verify_code, and verify_sql. These were consolidated into execute_python_code in v0.2.0 to solve context bloat (RFC-9728 compatibility). See migration guide.

Installation

pip install qwed-mcp

From source

git clone https://github.com/QWED-AI/qwed-mcp.git
cd qwed-mcp
pip install -e .

Verify installation

qwed-mcp --version
# qwed-mcp 0.2.0

Quick start

Claude Desktop setup

  1. Find your config file:
    • Windows: %APPDATA%\Claude\claude_desktop_config.json
    • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
    • Linux: ~/.config/Claude/claude_desktop_config.json
  2. Add QWED-MCP server:
{
  "mcpServers": {
    "qwed-verification": {
      "command": "qwed-mcp",
      "env": {
        "QWED_MCP_TRUSTED_CODE_EXECUTION": "true"
      }
    }
  }
}
  1. Restart Claude Desktop
  2. Test it! Ask Claude:
    “Write a Python script that verifies a $10,000 investment at 7.5% for 5 years using the compound interest formula, and run it using execute_python_code.”

VS Code setup

  1. Install MCP extension (if not already)
  2. Add to settings.json:
{
  "mcp.servers": {
    "qwed-verification": {
      "command": "qwed-mcp",
      "env": {
        "QWED_MCP_TRUSTED_CODE_EXECUTION": "true"
      }
    }
  }
}
  1. Restart VS Code

Python client

You can also use QWED-MCP programmatically: 
import asyncio
from mcp import ClientSession, StdioServerParameters
from mcp.client.stdio import stdio_client

async def main():
    server_params = StdioServerParameters(
        command="qwed-mcp",
        env={"QWED_MCP_TRUSTED_CODE_EXECUTION": "true"}
    )
    
    async with stdio_client(server_params) as (read, write):
        async with ClientSession(read, write) as session:
            await session.initialize()
            
            # List available tools
            tools = await session.list_tools()
            print(f"Available tools: {[t.name for t in tools.tools]}")
            # Output: Available tools: ['execute_python_code', 'verification_status']
            
            # Run a verification script
            result = await session.call_tool(
                "execute_python_code",
                arguments={
                    "code": (
                        "from sympy import symbols, diff\n"
                        "x = symbols('x')\n"
                        "print(f'd/dx(x^3) = {diff(x**3, x)}')"
                    )
                }
            )
            print(result)

asyncio.run(main())

Configuration

Environment variables

VariableDescriptionDefault
QWED_MCP_TRUSTED_CODE_EXECUTIONEnable execute_python_code tool (true/false)false
QWED_LOG_LEVELLogging level (DEBUG, INFO, WARNING, ERROR)INFO
QWED_TIMEOUTSynchronous tool execution timeout in seconds30
QWED_MCP_BACKGROUND_TIMEOUTBackground worker timeout in seconds for jobs dispatched with background=true. Clamped to a hard ceiling of 600. Non-numeric or non-positive values fall back to the default120
QWED_SKILL_MANIFESTPath to a skill manifest JSON file. When set, the server validates the manifest at startup using SkillProvenanceGuard and refuses to start if verification failsNot set
Set QWED_MCP_TRUSTED_CODE_EXECUTION to true to enable code execution. The executed code runs with server privileges — ensure inputs are from trusted sources.

Example with environment variables

Windows (PowerShell): 
$env:QWED_MCP_TRUSTED_CODE_EXECUTION = "true"
$env:QWED_LOG_LEVEL = "DEBUG"
qwed-mcp
macOS/Linux: 
QWED_MCP_TRUSTED_CODE_EXECUTION=true QWED_LOG_LEVEL=DEBUG qwed-mcp

Use cases

1. Financial calculations

Verify that AI-generated financial calculations are correct: 
User: Calculate compound interest for $10,000 at 5% for 3 years

Claude: Let me verify this calculation.
        [Calls execute_python_code with a script using Decimal math]
        
        STDOUT: Future value = $11576.25
        ✅ Verified using deterministic decimal arithmetic.

2. Research validation

Ensure scientific claims are logically valid: 
User: If all mammals are warm-blooded, and dolphins are mammals,
      are dolphins warm-blooded?

Claude: [Calls execute_python_code with a Z3 solver script]
        
        STDOUT: The conclusion logically follows from the premises.
        ✅ Verified via Z3 SMT solver.

3. Secure coding

Check AI-generated code for security issues: 
User: Write a function to execute user commands

Claude: def run_command(cmd):
            os.system(cmd)
        
        [Calls execute_python_code with a CodeGuard script]
        
        STDOUT: Verified: False
          - Dangerous pattern: os.system
        
        ⚠️ Security issue detected. Here's a safer alternative...

4. SQL security

Prevent SQL injection in generated queries: 
User: Generate a query to find user "admin' OR '1'='1"

Claude: [Calls execute_python_code with a SQLGuard script]
        
        STDOUT: Verified: False
          - SQL injection pattern detected
        
        ❌ Injection detected. Use parameterized queries instead.