Policy-driven MCP proxy for secure LLM tool execution using Rego-based governance with local AI-generated rules
⚠️ Warning
This project is in early development and is not production-ready. It may contain bugs, incomplete features, or breaking changes. Use at your own risk.
Video Demo
regentix_demo-2.mp4
📌 Overview
Regentix is a security and governance system that sits between LLM clients (like Claude Desktop) and MCP (Model Context Protocol) servers.
It acts as a policy enforcement gateway, ensuring that every tool execution request generated by an LLM is validated against Rego-based policies (Regorus engine) before being executed.
The system combines:
- MCP proxy enforcement (Rust)
- AI-driven policy generation (Python)
- Rego policy engine (Regorus)
- Web UI for rule creation (Angular)
🧠 Core Idea
LLM-generated intent should never directly become execution.
Every action must pass through a governance layer.
🚪 Key Features
- 🔐 Rego-based policy enforcement via Regorus
- 🤖 AI-generated policies using fine-tuned Qwen2.5-Coder-1.5B-Instruct
- 🧠 Synthetic dataset generation via Google Gemini
- 🚪 MCP proxy integration with Claude Desktop
- 🧾 Fine-grained access control (e.g. Git repository restrictions)
- 🌐 Web dashboard for policy generation (Angular UI)
- ⚙️ Multi-language architecture (Rust + Python + Angular)
- 🛡️ Deny-by-default execution model
🏗️ Architecture
┌──────────────────────┐
│ Claude Desktop │
│ (MCP Client) │
└─────────┬────────────┘
│ MCP Tool Call
▼
┌──────────────────────────────┐
│ Regentix MCP Proxy (Rust) │
│ - STDIO MCP Server │
│ - Enforcement layer │
└─────────┬────────────────────┘
│
│ Policy evaluation
▼
┌──────────────────────────────────────┐
│ Regorus Policy Engine (Rego) │
│ - Allow / Deny decisions │
└─────────┬────────────────────────────┘
│
┌─────────┴─────────┐
│ │
│ ALLOW │ DENY
▼ ▼
┌────────────────┐ ┌────────────────────┐
│ MCP Servers │ │ Blocked Execution │
│ (Git, FS, etc) │ │ Request rejected │
└────────────────┘ └────────────────────┘
┌──────────────────────────────────────┐
│ Python AI Backend │
│ - Fine-tuned Qwen2.5-Coder │
│ - Generates Rego policies │
│ - Uses Gemini synthetic dataset │
└─────────┬────────────────────────────┘
│
│ policy generation API
▼
┌──────────────────────────────────────┐
│ Angular Web Dashboard │
│ - UI for policy creation │
│ - Sends requests to backend │
└──────────────────────────────────────┘
🔄 Request Flow
- Claude Desktop sends MCP tool request
- Rust MCP Proxy intercepts request
- Regorus evaluates Rego policies
- Decision:
- Allow → forward to MCP server
- Deny → block execution
- Python backend generates policies via AI
- Angular UI manages rule creation
🧠 AI Policy Generation
- Base model: Qwen2.5-Coder-1.5B-Instruct
- Dataset: synthetic data generated via Google Gemini
- Output: Rego policies compatible with Regorus
Capabilities:
- Natural language → policy generation
- Policy refinement
- Rule validation
🚫 Example Use Cases
- Block GitHub repository access via MCP Git server
- Restrict filesystem operations
- Prevent destructive tool actions
- Role-based execution control
🛠️ Tech Stack
| Layer | Technology |
|---|---|
| MCP Proxy | Rust |
| Policy Engine | Regorus |
| Backend | Python |
| Frontend | Angular |
| Model | Qwen2.5-Coder |
| Dataset | Gemini |
🚀 Getting Started
Rust Compiling
Alternative compiling: ./deploy_build_rust.sh ./deploy_release_rust.sh
chmod +x deploy_build_rust.sh deploy_release_rust.sh
Python Backend
cd model_ai/ python -m venv venv source venv/bin/activate pip install -r requirements.txt
Fine tuning model
for the fune tuning I've used the M4 Air
cd model_ai/rego-finetuning ./start.sh
Start Python Backend
cd model_ai/ python start_server.py
Frontend
cd regentix_frontend npm install npm start
Open: http://localhost:4200/
🔌 Claude Desktop Config
{ { "mcpServers": { "regentix": { "command": "", "args": [] } }
🔌 Config.json
In this file add the mcp server for example: [
{
"server_name":"filesystem",
"command":"npx",
"args": ["-y", "@modelcontextprotocol/server-filesystem", ""],
"env":{}
},
{
"server_name": "commands",
"command": "npx",
"args": ["-y", "mcp-server-fetch-typescript"],
"env": {}
},
{
"server_name": "github",
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-github"],
"env": {}
}
]
🔐 Security Model
- Deny-by-default execution
- All MCP calls intercepted
- Rego policy validation required
- Explicit allow only
🧪 AI-Assisted Development
This project was built with extensive assistance from generative AI models. Used for:
- code generation
- architecture design
- Rust learning
🧠 Philosophy
LLM intent ≠ execution
All actions must be governed
📌 Future Work
- Improved Rego rule synthesis
- HTTP transport support (not only STDIN MCP)
- LLM-agnostic integration layer
🤝 Acknowledgements
OPA / Regorus / Qwen / Gemini / Claude MCP / Rust / Python / Angular




















