{"slug": "a-policy-enforcement-layer-for-mcp-tool-execution-using-rego", "title": "A policy enforcement layer for MCP tool execution using Rego", "summary": "Regentix, a policy enforcement gateway for LLM tool execution, uses Rego-based governance to intercept and validate MCP requests from clients like Claude Desktop before execution. The system combines a Rust proxy, a Python AI backend with a fine-tuned Qwen2.5-Coder model, and an Angular dashboard to generate and enforce deny-by-default policies, blocking unauthorized actions such as restricted Git repository access.", "body_md": "Policy-driven MCP proxy for secure LLM tool execution using Rego-based governance with local AI-generated rules\n\n⚠️ Warning\n\nThis project is in early development and is not production-ready. It may contain bugs, incomplete features, or breaking changes. Use at your own risk.\n\nVideo Demo\n\n## regentix_demo-2.mp4\n\n**Regentix** is a security and governance system that sits between LLM clients (like Claude Desktop) and MCP (Model Context Protocol) servers.\n\nIt acts as a **policy enforcement gateway**, ensuring that every tool execution request generated by an LLM is validated against **Rego-based policies (Regorus engine)** before being executed.\n\nThe system combines:\n\n- MCP proxy enforcement (Rust)\n- AI-driven policy generation (Python)\n- Rego policy engine (Regorus)\n- Web UI for rule creation (Angular)\n\nLLM-generated intent should never directly become execution.\n\nEvery action must pass through a governance layer.\n\n- 🔐 Rego-based policy enforcement via\n**Regorus** - 🤖 AI-generated policies using fine-tuned\n**Qwen2.5-Coder-1.5B-Instruct** - 🧠 Synthetic dataset generation via\n**Google Gemini** - 🚪 MCP proxy integration with\n**Claude Desktop** - 🧾 Fine-grained access control (e.g. Git repository restrictions)\n- 🌐 Web dashboard for policy generation (Angular UI)\n- ⚙️ Multi-language architecture (Rust + Python + Angular)\n- 🛡️ Deny-by-default execution model\n\n```\n                    ┌──────────────────────┐\n                    │   Claude Desktop     │\n                    │   (MCP Client)       │\n                    └─────────┬────────────┘\n                              │ MCP Tool Call\n                              ▼\n              ┌──────────────────────────────┐\n              │   Regentix MCP Proxy (Rust)  │\n              │   - STDIO MCP Server         │\n              │   - Enforcement layer        │\n              └─────────┬────────────────────┘\n                        │\n                        │ Policy evaluation\n                        ▼\n        ┌──────────────────────────────────────┐\n        │   Regorus Policy Engine (Rego)       │\n        │   - Allow / Deny decisions           │\n        └─────────┬────────────────────────────┘\n                  │\n        ┌─────────┴─────────┐\n        │                   │\n        │ ALLOW             │ DENY\n        ▼                   ▼\n┌────────────────┐   ┌────────────────────┐\n│ MCP Servers    │   │ Blocked Execution  │\n│ (Git, FS, etc) │   │ Request rejected   │\n└────────────────┘   └────────────────────┘\n\n        ┌──────────────────────────────────────┐\n        │ Python AI Backend                    │\n        │ - Fine-tuned Qwen2.5-Coder          │\n        │ - Generates Rego policies           │\n        │ - Uses Gemini synthetic dataset      │\n        └─────────┬────────────────────────────┘\n                  │\n                  │ policy generation API\n                  ▼\n        ┌──────────────────────────────────────┐\n        │ Angular Web Dashboard                │\n        │ - UI for policy creation             │\n        │ - Sends requests to backend          │\n        └──────────────────────────────────────┘\n```\n\n- Claude Desktop sends MCP tool request\n- Rust MCP Proxy intercepts request\n- Regorus evaluates Rego policies\n- Decision:\n- Allow → forward to MCP server\n- Deny → block execution\n\n- Python backend generates policies via AI\n- Angular UI manages rule creation\n\n- Base model: Qwen2.5-Coder-1.5B-Instruct\n- Dataset: synthetic data generated via Google Gemini\n- Output: Rego policies compatible with Regorus\n\nCapabilities:\n\n- Natural language → policy generation\n- Policy refinement\n- Rule validation\n\n- Block GitHub repository access via MCP Git server\n- Restrict filesystem operations\n- Prevent destructive tool actions\n- Role-based execution control\n\n| Layer | Technology |\n|---|---|\n| MCP Proxy | Rust |\n| Policy Engine | Regorus |\n| Backend | Python |\n| Frontend | Angular |\n| Model | Qwen2.5-Coder |\n| Dataset | Gemini |\n\nAlternative compiling: ./deploy_build_rust.sh ./deploy_release_rust.sh\n\nchmod +x deploy_build_rust.sh deploy_release_rust.sh\n\ncd model_ai/ python -m venv venv source venv/bin/activate pip install -r requirements.txt\n\ncd model_ai/rego-finetuning ./start.sh\n\ncd model_ai/ python start_server.py\n\ncd regentix_frontend npm install npm start\n\nOpen:\n[http://localhost:4200/](http://localhost:4200/)\n\n{ { \"mcpServers\": { \"regentix\": { \"command\": \"\", \"args\": [] } }\n\nIn this file add the mcp server for example: [\n\n```\n{\n\"server_name\":\"filesystem\",\n\"command\":\"npx\",\n\"args\": [\"-y\", \"@modelcontextprotocol/server-filesystem\", \"\"],\n\"env\":{}\n},\n{\n\"server_name\": \"commands\",\n\"command\": \"npx\",\n\"args\": [\"-y\", \"mcp-server-fetch-typescript\"],\n\"env\": {}\n},\n{\n\"server_name\": \"github\",\n\"command\": \"npx\",\n\"args\": [\n  \"-y\",\n    \"@modelcontextprotocol/server-github\"],\n\"env\": {}\n}\n```\n\n]\n\n- Deny-by-default execution\n- All MCP calls intercepted\n- Rego policy validation required\n- Explicit allow only\n\nThis project was built with extensive assistance from generative AI models. Used for:\n\n- code generation\n- architecture design\n- Rust learning\n\nLLM intent ≠ execution\n\nAll actions must be governed\n\n- Improved Rego rule synthesis\n- HTTP transport support (not only STDIN MCP)\n- LLM-agnostic integration layer\n\nOPA / Regorus / Qwen / Gemini / Claude MCP / Rust / Python / Angular", "url": "https://wpnews.pro/news/a-policy-enforcement-layer-for-mcp-tool-execution-using-rego", "canonical_source": "https://github.com/marvior/regentix", "published_at": "2026-06-14 07:55:43+00:00", "updated_at": "2026-06-14 08:00:40.712588+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy", "ai-tools", "ai-infrastructure", "developer-tools"], "entities": ["Regentix", "Regorus", "Qwen2.5-Coder", "Google Gemini", "Claude Desktop", "MCP", "Angular", "Rust"], "alternates": {"html": "https://wpnews.pro/news/a-policy-enforcement-layer-for-mcp-tool-execution-using-rego", "markdown": "https://wpnews.pro/news/a-policy-enforcement-layer-for-mcp-tool-execution-using-rego.md", "text": "https://wpnews.pro/news/a-policy-enforcement-layer-for-mcp-tool-execution-using-rego.txt", "jsonld": "https://wpnews.pro/news/a-policy-enforcement-layer-for-mcp-tool-execution-using-rego.jsonld"}}