# A policy enforcement layer for MCP tool execution using Rego

> Source: <https://github.com/marvior/regentix>
> Published: 2026-06-14 07:55:43+00:00

Policy-driven MCP proxy for secure LLM tool execution using Rego-based governance with local AI-generated rules

⚠️ Warning

This project is in early development and is not production-ready. It may contain bugs, incomplete features, or breaking changes. Use at your own risk.

Video Demo

## regentix_demo-2.mp4

**Regentix** is a security and governance system that sits between LLM clients (like Claude Desktop) and MCP (Model Context Protocol) servers.

It acts as a **policy enforcement gateway**, ensuring that every tool execution request generated by an LLM is validated against **Rego-based policies (Regorus engine)** before being executed.

The system combines:

- MCP proxy enforcement (Rust)
- AI-driven policy generation (Python)
- Rego policy engine (Regorus)
- Web UI for rule creation (Angular)

LLM-generated intent should never directly become execution.

Every action must pass through a governance layer.

- 🔐 Rego-based policy enforcement via
**Regorus** - 🤖 AI-generated policies using fine-tuned
**Qwen2.5-Coder-1.5B-Instruct** - 🧠 Synthetic dataset generation via
**Google Gemini** - 🚪 MCP proxy integration with
**Claude Desktop** - 🧾 Fine-grained access control (e.g. Git repository restrictions)
- 🌐 Web dashboard for policy generation (Angular UI)
- ⚙️ Multi-language architecture (Rust + Python + Angular)
- 🛡️ Deny-by-default execution model

```
                    ┌──────────────────────┐
                    │   Claude Desktop     │
                    │   (MCP Client)       │
                    └─────────┬────────────┘
                              │ MCP Tool Call
                              ▼
              ┌──────────────────────────────┐
              │   Regentix MCP Proxy (Rust)  │
              │   - STDIO MCP Server         │
              │   - Enforcement layer        │
              └─────────┬────────────────────┘
                        │
                        │ Policy evaluation
                        ▼
        ┌──────────────────────────────────────┐
        │   Regorus Policy Engine (Rego)       │
        │   - Allow / Deny decisions           │
        └─────────┬────────────────────────────┘
                  │
        ┌─────────┴─────────┐
        │                   │
        │ ALLOW             │ DENY
        ▼                   ▼
┌────────────────┐   ┌────────────────────┐
│ MCP Servers    │   │ Blocked Execution  │
│ (Git, FS, etc) │   │ Request rejected   │
└────────────────┘   └────────────────────┘

        ┌──────────────────────────────────────┐
        │ Python AI Backend                    │
        │ - Fine-tuned Qwen2.5-Coder          │
        │ - Generates Rego policies           │
        │ - Uses Gemini synthetic dataset      │
        └─────────┬────────────────────────────┘
                  │
                  │ policy generation API
                  ▼
        ┌──────────────────────────────────────┐
        │ Angular Web Dashboard                │
        │ - UI for policy creation             │
        │ - Sends requests to backend          │
        └──────────────────────────────────────┘
```

- Claude Desktop sends MCP tool request
- Rust MCP Proxy intercepts request
- Regorus evaluates Rego policies
- Decision:
- Allow → forward to MCP server
- Deny → block execution

- Python backend generates policies via AI
- Angular UI manages rule creation

- Base model: Qwen2.5-Coder-1.5B-Instruct
- Dataset: synthetic data generated via Google Gemini
- Output: Rego policies compatible with Regorus

Capabilities:

- Natural language → policy generation
- Policy refinement
- Rule validation

- Block GitHub repository access via MCP Git server
- Restrict filesystem operations
- Prevent destructive tool actions
- Role-based execution control

| Layer | Technology |
|---|---|
| MCP Proxy | Rust |
| Policy Engine | Regorus |
| Backend | Python |
| Frontend | Angular |
| Model | Qwen2.5-Coder |
| Dataset | Gemini |

Alternative compiling: ./deploy_build_rust.sh ./deploy_release_rust.sh

chmod +x deploy_build_rust.sh deploy_release_rust.sh

cd model_ai/ python -m venv venv source venv/bin/activate pip install -r requirements.txt

cd model_ai/rego-finetuning ./start.sh

cd model_ai/ python start_server.py

cd regentix_frontend npm install npm start

Open:
[http://localhost:4200/](http://localhost:4200/)

{ { "mcpServers": { "regentix": { "command": "", "args": [] } }

In this file add the mcp server for example: [

```
{
"server_name":"filesystem",
"command":"npx",
"args": ["-y", "@modelcontextprotocol/server-filesystem", ""],
"env":{}
},
{
"server_name": "commands",
"command": "npx",
"args": ["-y", "mcp-server-fetch-typescript"],
"env": {}
},
{
"server_name": "github",
"command": "npx",
"args": [
  "-y",
    "@modelcontextprotocol/server-github"],
"env": {}
}
```

]

- Deny-by-default execution
- All MCP calls intercepted
- Rego policy validation required
- Explicit allow only

This project was built with extensive assistance from generative AI models. Used for:

- code generation
- architecture design
- Rust learning

LLM intent ≠ execution

All actions must be governed

- Improved Rego rule synthesis
- HTTP transport support (not only STDIN MCP)
- LLM-agnostic integration layer

OPA / Regorus / Qwen / Gemini / Claude MCP / Rust / Python / Angular