A policy enforcement layer for MCP tool execution using Rego

Regentix, a policy enforcement gateway for LLM tool execution, uses Rego-based governance to intercept and validate MCP requests from clients like Claude Desktop before execution. The system combines a Rust proxy, a Python AI backend with a fine-tuned Qwen2.5-Coder model, and an Angular dashboard to generate and enforce deny-by-default policies, blocking unauthorized actions such as restricted Git repository access.

Policy-driven MCP proxy for secure LLM tool execution using Rego-based governance with local AI-generated rules ⚠️ Warning This project is in early development and is not production-ready. It may contain bugs, incomplete features, or breaking changes. Use at your own risk. Video Demo regentix demo-2.mp4 Regentix is a security and governance system that sits between LLM clients like Claude Desktop and MCP Model Context Protocol servers. It acts as a policy enforcement gateway , ensuring that every tool execution request generated by an LLM is validated against Rego-based policies Regorus engine before being executed. The system combines: - MCP proxy enforcement Rust - AI-driven policy generation Python - Rego policy engine Regorus - Web UI for rule creation Angular LLM-generated intent should never directly become execution. Every action must pass through a governance layer. - 🔐 Rego-based policy enforcement via Regorus - 🤖 AI-generated policies using fine-tuned Qwen2.5-Coder-1.5B-Instruct - 🧠 Synthetic dataset generation via Google Gemini - 🚪 MCP proxy integration with Claude Desktop - 🧾 Fine-grained access control e.g. Git repository restrictions - 🌐 Web dashboard for policy generation Angular UI - ⚙️ Multi-language architecture Rust + Python + Angular - 🛡️ Deny-by-default execution model ┌──────────────────────┐ │ Claude Desktop │ │ MCP Client │ └─────────┬────────────┘ │ MCP Tool Call ▼ ┌──────────────────────────────┐ │ Regentix MCP Proxy Rust │ │ - STDIO MCP Server │ │ - Enforcement layer │ └─────────┬────────────────────┘ │ │ Policy evaluation ▼ ┌──────────────────────────────────────┐ │ Regorus Policy Engine Rego │ │ - Allow / Deny decisions │ └─────────┬────────────────────────────┘ │ ┌─────────┴─────────┐ │ │ │ ALLOW │ DENY ▼ ▼ ┌────────────────┐ ┌────────────────────┐ │ MCP Servers │ │ Blocked Execution │ │ Git, FS, etc │ │ Request rejected │ └────────────────┘ └────────────────────┘ ┌──────────────────────────────────────┐ │ Python AI Backend │ │ - Fine-tuned Qwen2.5-Coder │ │ - Generates Rego policies │ │ - Uses Gemini synthetic dataset │ └─────────┬────────────────────────────┘ │ │ policy generation API ▼ ┌──────────────────────────────────────┐ │ Angular Web Dashboard │ │ - UI for policy creation │ │ - Sends requests to backend │ └──────────────────────────────────────┘ - Claude Desktop sends MCP tool request - Rust MCP Proxy intercepts request - Regorus evaluates Rego policies - Decision: - Allow → forward to MCP server - Deny → block execution - Python backend generates policies via AI - Angular UI manages rule creation - Base model: Qwen2.5-Coder-1.5B-Instruct - Dataset: synthetic data generated via Google Gemini - Output: Rego policies compatible with Regorus Capabilities: - Natural language → policy generation - Policy refinement - Rule validation - Block GitHub repository access via MCP Git server - Restrict filesystem operations - Prevent destructive tool actions - Role-based execution control | Layer | Technology | |---|---| | MCP Proxy | Rust | | Policy Engine | Regorus | | Backend | Python | | Frontend | Angular | | Model | Qwen2.5-Coder | | Dataset | Gemini | Alternative compiling: ./deploy build rust.sh ./deploy release rust.sh chmod +x deploy build rust.sh deploy release rust.sh cd model ai/ python -m venv venv source venv/bin/activate pip install -r requirements.txt cd model ai/rego-finetuning ./start.sh cd model ai/ python start server.py cd regentix frontend npm install npm start Open: http://localhost:4200/ http://localhost:4200/ { { "mcpServers": { "regentix": { "command": "", "args": } } In this file add the mcp server for example: { "server name":"filesystem", "command":"npx", "args": "-y", "@modelcontextprotocol/server-filesystem", "" , "env":{} }, { "server name": "commands", "command": "npx", "args": "-y", "mcp-server-fetch-typescript" , "env": {} }, { "server name": "github", "command": "npx", "args": "-y", "@modelcontextprotocol/server-github" , "env": {} } - Deny-by-default execution - All MCP calls intercepted - Rego policy validation required - Explicit allow only This project was built with extensive assistance from generative AI models. Used for: - code generation - architecture design - Rust learning LLM intent ≠ execution All actions must be governed - Improved Rego rule synthesis - HTTP transport support not only STDIN MCP - LLM-agnostic integration layer OPA / Regorus / Qwen / Gemini / Claude MCP / Rust / Python / Angular