Policy-driven MCP proxy for secure LLM tool execution using Rego-based governance with local AI-generated rules
β οΈ Warning
This project is in early development and is not production-ready. It may contain bugs, incomplete features, or breaking changes. Use at your own risk.
Video Demo
regentix_demo-2.mp4 #
Regentix is a security and governance system that sits between LLM clients (like Claude Desktop) and MCP (Model Context Protocol) servers.
It acts as a policy enforcement gateway, ensuring that every tool execution request generated by an LLM is validated against Rego-based policies (Regorus engine) before being executed.
The system combines:
- MCP proxy enforcement (Rust)
- AI-driven policy generation (Python)
- Rego policy engine (Regorus)
- Web UI for rule creation (Angular)
LLM-generated intent should never directly become execution.
Every action must pass through a governance layer.
- π Rego-based policy enforcement via Regorus - π€ AI-generated policies using fine-tuned Qwen2.5-Coder-1.5B-Instruct - π§ Synthetic dataset generation via Google Gemini - πͺ MCP proxy integration with Claude Desktop - π§Ύ Fine-grained access control (e.g. Git repository restrictions)
- π Web dashboard for policy generation (Angular UI)
- βοΈ Multi-language architecture (Rust + Python + Angular)
- π‘οΈ Deny-by-default execution model
ββββββββββββββββββββββββ
β Claude Desktop β
β (MCP Client) β
βββββββββββ¬βββββββββββββ
β MCP Tool Call
βΌ
ββββββββββββββββββββββββββββββββ
β Regentix MCP Proxy (Rust) β
β - STDIO MCP Server β
β - Enforcement layer β
βββββββββββ¬βββββββββββββββββββββ
β
β Policy evaluation
βΌ
ββββββββββββββββββββββββββββββββββββββββ
β Regorus Policy Engine (Rego) β
β - Allow / Deny decisions β
βββββββββββ¬βββββββββββββββββββββββββββββ
β
βββββββββββ΄ββββββββββ
β β
β ALLOW β DENY
βΌ βΌ
ββββββββββββββββββ ββββββββββββββββββββββ
β MCP Servers β β Blocked Execution β
β (Git, FS, etc) β β Request rejected β
ββββββββββββββββββ ββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββββ
β Python AI Backend β
β - Fine-tuned Qwen2.5-Coder β
β - Generates Rego policies β
β - Uses Gemini synthetic dataset β
βββββββββββ¬βββββββββββββββββββββββββββββ
β
β policy generation API
βΌ
ββββββββββββββββββββββββββββββββββββββββ
β Angular Web Dashboard β
β - UI for policy creation β
β - Sends requests to backend β
ββββββββββββββββββββββββββββββββββββββββ
-
Claude Desktop sends MCP tool request
-
Rust MCP Proxy intercepts request
-
Regorus evaluates Rego policies
-
Decision:
-
Allow β forward to MCP server
-
Deny β block execution
-
Python backend generates policies via AI
-
Angular UI manages rule creation
-
Base model: Qwen2.5-Coder-1.5B-Instruct
-
Dataset: synthetic data generated via Google Gemini
-
Output: Rego policies compatible with Regorus
Capabilities:
-
Natural language β policy generation
-
Policy refinement
-
Rule validation
-
Block GitHub repository access via MCP Git server
-
Restrict filesystem operations
-
Prevent destructive tool actions
-
Role-based execution control
| Layer | Technology |
|---|---|
| MCP Proxy | Rust |
| Policy Engine | Regorus |
| Backend | Python |
| Frontend | Angular |
| Model | Qwen2.5-Coder |
| Dataset | Gemini |
Alternative compiling: ./deploy_build_rust.sh ./deploy_release_rust.sh
chmod +x deploy_build_rust.sh deploy_release_rust.sh
cd model_ai/ python -m venv venv source venv/bin/activate pip install -r requirements.txt
cd model_ai/rego-finetuning ./start.sh
cd model_ai/ python start_server.py
cd regentix_frontend npm install npm start
Open: http://localhost:4200/
{ { "mcpServers": { "regentix": { "command": "", "args": [] } }
In this file add the mcp server for example: [
{
"server_name":"filesystem",
"command":"npx",
"args": ["-y", "@modelcontextprotocol/server-filesystem", ""],
"env":{}
},
{
"server_name": "commands",
"command": "npx",
"args": ["-y", "mcp-server-fetch-typescript"],
"env": {}
},
{
"server_name": "github",
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-github"],
"env": {}
}
]
- Deny-by-default execution
- All MCP calls intercepted
- Rego policy validation required
- Explicit allow only
This project was built with extensive assistance from generative AI models. Used for:
- code generation
- architecture design
- Rust learning
LLM intent β execution
All actions must be governed
- Improved Rego rule synthesis
- HTTP transport support (not only STDIN MCP)
- LLM-agnostic integration layer
OPA / Regorus / Qwen / Gemini / Claude MCP / Rust / Python / Angular