Kronus Under the Hood: What Sits Between Claude Code and Everyone Else
A technical deep dive into Kronus architecture: the daemon, agent tiers, brain MCP server, scope guard, dashboard, Telegram integration, and the federated Hub marketplace.
You already know what Claude Code can do. You have used it to refactor modules, debug race conditions, scaffold entire applications from a description. It is the best reasoning engine available.
But every session starts from zero. You cannot use it from your phone. Your non-technical co-founder cannot touch it. There is no approval flow when it accesses sensitive files. No cost tracking. No way to coordinate multiple agents on a single task. No persistent knowledge across sessions.
I built Kronus to solve all of that. This post is about how it works under the hood.
Architecture overview
Kronus has five components, each in its own repo:
kronus/ Core: agents, skills, brain MCP, dashboard UI, hub server
kronus-daemon/ Background service: session management, Telegram, scope guard
kronus-website/ Public site
kronus-demo/ Case study: AI video demos
krontent/ Case study: AI content pipelineThe daemon is the runtime. It manages Claude Code sessions, routes Telegram messages, serves the dashboard API, enforces security, and extracts memory. The core repo holds the agent definitions, skill definitions, brain MCP server, dashboard frontend, and hub server.
Everything runs locally. Your machine, your Claude Code subscription, your API key. Kronus never touches the Anthropic API directly. It orchestrates Claude Code processes.
Telegram --> daemon/telegram-router.ts --> daemon/session-manager.ts --> Claude Code
|
persistent-session.ts
|
+------+------+
| |
memory.ts scope-guard.ts
(extract) (approve/deny)
| |
+------+------+
|
system-prompt.ts
(inject memories + MCP context)
Dashboard (api.ts) --> localhost:8420 --> SSE live feedThe daemon
The daemon is a Bun process that stays running in the background. It is the layer between Claude Code and every non-terminal interface.
Session management. One persistent Claude Code session per project. Spawned with claude -p --output-format stream-json --resume. The daemon reads the JSON stream, parses tool calls, intercepts scope violations, and routes responses back to Telegram or the dashboard. Sessions survive daemon restarts. Activity events are persisted to disk.
Telegram routing. Each Telegram group maps to a project directory via projects.json. Messages come in, get routed to the right session, responses go back. Photos, documents, voice messages: all forwarded. Interactive buttons handle approvals, multiple-choice questions, and menu navigation.
Why a separate repo? If Claude Code sessions could modify the daemon's source code, a runaway agent could break the control plane. The daemon repo is isolated by design.
Management is straightforward:
kronus-daemon.sh start # Start
kronus-daemon.sh stop # Stop
kronus-daemon.sh status # Check health
kronus-daemon.sh logs # Tail logsAgent architecture
Kronus generates a custom agent library for each user during onboarding. The agents are organized into four tiers, each routed to the cheapest model that handles the task class.
| Tier | Model | Purpose | Examples |
|---|---|---|---|
| 1 | Opus | Orchestration | planner, team-lead |
| 2 | Sonnet | Context retrieval | memory-retriever, project-summarizer |
| 3 | Sonnet | Specialist work | Tailored to your profession |
| 4 | Sonnet/Haiku | Quick output | Profession-specific quick workflows |
The planner (Opus) decomposes a task into steps, assigns each step to a specialist agent, and defines dependencies. The team-lead (Opus) coordinates parallel execution when multiple agents work simultaneously.
Four pre-configured team compositions:
| Team | Strategy | Members |
|---|---|---|
| engineering | pipeline | planner + ai-engineer + code-reviewer + frontend-dev + backend-infra |
| security | fan-out/fan-in | security-auditor + fuzzing-agent + code-reviewer |
| full-stack | pipeline | planner + frontend-dev + backend-infra + security-auditor |
| business | fan-out/fan-in | proposal-writer + memory-retriever + lead/content skills |
Example: "Build the billing system with Stripe" triggers the engineering team. The planner decomposes it: schema design, API endpoints, webhook handler, test suite, security review. Agents run in parallel where dependencies allow.
Skills: the fast path
Not everything needs a multi-turn agent. Kronus also generates skills: single-command workflows tailored to your profession.
- A developer gets
/test-gen,/quick-review,/dep-check - A marketer gets
/content-calendar,/seo-article,/linkedin-post - A consultant gets
/proposal-draft,/case-study,/meeting-notes
Composite skills chain multiple steps:
/test = test-gen --> test-run
/review = code-reviewer + security-auditor
/audit = security-auditor + dep-check + secret-scan
/plan = planner agent (full task breakdown)The brain: a knowledge graph MCP server
The brain is an MCP server (stdio) that turns a directory of markdown files into a queryable knowledge graph.
Stack: Bun + SQLite + FTS5 + D3.js
How it works:
- Scans all
.mdfiles in~/second-brain/ - Parses frontmatter (YAML), wikilinks (
[[note]]), and inline tags (#tag) - Builds a SQLite knowledge graph at
~/.kronus/brain.sqlite - Starts an MCP server with 13 tools
- Starts a graph visualization UI at
localhost:4242 - Watches for file changes (incremental re-indexing)
13 MCP tools
| Tool | What it does |
|---|---|
brain_search | Full-text search with BM25 scoring, PARA rank boosting, recency boost |
brain_graph | Node + all connections (one hop) |
brain_backlinks | What links TO a note |
brain_outlinks | What a note links TO |
brain_tags | Tag index or notes filtered by tag |
brain_recent | Recently modified notes |
brain_create | Create note with frontmatter, auto-index |
brain_update | Update note content, re-index |
brain_orphans | Disconnected notes (no links in or out) |
brain_clusters | Connected components via union-find |
brain_map | Graph overview with health score |
brain_path | Shortest path between two notes (BFS) |
brain_suggest | Related notes by shared tags and links |
Search ranking
brain_search runs a two-pass pipeline:
- FTS5 BM25 on title and content
- Post-query boosting: PARA type multiplier (Projects 1.3x, Areas 1.1x, Resources 1.0x, Archive 0.7x) + recency multiplier (1.2x for notes modified in last 30 days)
- Input normalization: strips FTS5 special characters so natural language queries never cause parse errors
Graph UI
localhost:4242 renders a force-directed graph (D3.js):
- Nodes colored by PARA type
- Click for detail panel with backlinks and outlinks
- Search and filter by category
- Path finding between notes
- Health score per knowledge area
- Light/dark theme with toggle
Performance
| Operation | Target |
|---|---|
| Initial scan (1,000 notes) | < 10s |
brain_search p95 | < 100ms |
brain_clusters (1,000 nodes) | < 2s |
brain_map p95 | < 500ms |
The brain is what makes sessions context-aware. Before each session, the memory-retriever agent queries the brain for relevant context and injects it into the system prompt. You never re-explain decisions from last week.
Scope guard
Claude Code has broad file system access by default. In a multi-user environment where non-technical users are running sessions from Telegram, that is a problem.
Scope guard intercepts file access at the hook level:
- A
PreToolUsehook fires before Read, Glob, Grep, Edit, and Write tool calls - Checks if the target path is within the project directory
- If outside scope: blocks the call, sends an approval request to Telegram and the dashboard
- Admin taps Approve (once or always) or Deny
- Hook waits up to 120 seconds, then auto-denies
Always-allowed paths: project directory, ~/.claude/, ~/second-brain/ (read-only), /tmp/. Per-project allowlists in .claude/scope-allowlist.json let you pre-approve specific external paths.
Dashboard
The dashboard is a Vite + React + Tailwind app served by the daemon at localhost:8420. Designed for people who never want to see a terminal, but useful for developers too.
Live updates via Server-Sent Events (SSE). The session viewer shows real-time agent activity: which tools are being called, which files are being read, what is being generated. Cost tracking is per-project.
Panels:
- Sessions: live activity feed, tool calls, agent spawns
- Brain: knowledge graph browser, search, PARA filters
- Projects: project list, config, session history
- Security: pending approvals, audit log, allowlist management
- Personas: create, edit, preview AI personalities per project
- Costs: token usage per project, per session
Telegram integration
Telegram is the mobile interface. Not a gimmick. It is chosen because 800M+ people already have it installed, it handles async perfectly, it supports interactive buttons, and it works identically everywhere.
| Command | What it does |
|---|---|
/setup | Register a project in a new group |
/new | Fresh Claude Code session |
/stop | Stop current session |
/resume [id] | Resume a previous session |
/sessions | List active/recent sessions |
/status | Daemon and session health |
/mode [mode] | Set permission mode |
/briefing | Morning briefing across all projects |
/c [message] | Send to Claude (collaborator mode) |
/persona | View/set project persona |
MCP servers: 10 out of the box
| Server | Transport | Purpose |
|---|---|---|
| GitHub | stdio | PRs, issues, repo search |
| Playwright | stdio | Browser automation |
| Brave Search | stdio | Web search |
| Context7 | stdio | Up-to-date library docs |
| Filesystem | stdio | Second brain file access |
| Memory | stdio | Persistent knowledge graph |
| Notion | stdio | Project docs, knowledge base |
| Slack | http | Team messaging |
| Linear | http | Issue tracking |
| Brain | stdio | Knowledge graph |
Hub: the federated marketplace (v6.0)
The Hub is the most architecturally interesting piece. It is a trust and discovery layer, not a compute layer.
What the Hub does:
- App registry (MCP servers, skills, workflows)
- Auth (JWT, instance registration, subscription validation)
- Payments (Stripe Connect, 70/30 revenue split)
- WebSocket relay for cross-instance communication
- MCP gateway (reverse proxy to developer-hosted servers, with auth + metering)
What the Hub does NOT do:
- Run Docker containers
- Execute Claude Code
- Store user data (beyond app manifests)
- Proxy Anthropic API calls
Economics: Federated architecture means the Hub's fixed costs are approximately $50-100/month. No GPU costs. No per-query margin compression. Breakeven at 5-10 Pro subscribers. Compare that to centralized competitors who need hundreds of users to break even.
What this means for Claude Code users
If you already use Claude Code, Kronus adds:
- Memory. Your sessions have context. Decisions from last week, preferences, project state. All auto-extracted and injected.
- Agents. A custom agent library generated for your profession. Decompose, parallelize, and coordinate complex tasks.
- Skills. Single-command workflows tailored to your work.
- Scope guard. File access control with approval flows. Essential for team environments.
- Telegram. Full Claude Code from your phone.
- Dashboard. Visual interface at localhost:8420. Sessions, brain, costs, security.
- Brain. Knowledge graph MCP with 13 tools. Your notes become queryable context.
- Teams. Multiple Kronus instances sharing context through Telegram groups.
- Personalization. Custom agent/skill library generated from your profession and workflow.
All of it open source. MIT license. Running on your machine with your own API key.
Kronus is in private beta. Open source launch coming mid-April.
FAQ
What is the Kronus daemon?
The Kronus daemon is a persistent background process (Bun) that runs on your machine and acts as the orchestration layer between your inputs (dashboard, Telegram) and Claude Code. It manages agent routing, task queuing, memory, and scope enforcement. It runs at localhost:8420.
How does Kronus memory work?
Kronus uses a Brain MCP server to manage persistent memory across sessions. Memory is stored in structured markdown files categorized as user context, project context, feedback, and references. Agents read relevant memory at the start of each task and write new entries when they learn something worth retaining.
What MCP servers does Kronus support?
Kronus ships with 10 built-in MCP integrations: GitHub, Playwright, Brave Search, Context7, Filesystem, Memory (Brain), Notion, Slack, Linear, and Google Drive. During onboarding, the relevant ones are configured automatically based on your tools.
How does Scope Guard work?
Scope Guard is a permission layer that intercepts file access at the hook level. Before any Read, Edit, or Write tool call, it checks if the target path is within the project directory. If outside scope, it blocks the call and sends an approval request to Telegram and the dashboard. The agent waits up to 120 seconds for approval.
What AI models does Kronus use?
Kronus routes tasks across three Claude model tiers: Haiku for fast extraction and formatting, Sonnet for code implementation and content generation, and Opus for complex orchestration (planner and team-lead agents). Routing is automatic based on task type.
Can I create custom agents in Kronus?
Yes. Agents are markdown files with YAML frontmatter specifying name, model tier, system prompt, and tool access. Add custom agents to your project's .claude/agents/ directory. Kronus ships with 10 built-in agents and 19 built-in skills as the baseline.
Is Kronus open source?
Yes. The core framework (agents, skills, brain MCP) and the daemon (session management, Telegram, dashboard) are on GitHub under kronus-tech. MIT license.
What is the Kronus Hub marketplace?
Kronus Hub (coming in v6.0) is a marketplace where users publish and install community-built agents, skills, and MCP integrations. It follows a package-manager model for discovering and sharing AI tools.