Skip to content

Add Arbitus - Security proxy for MCP servers#122

Open
nfvelten wants to merge 1 commit intoPuliczek:mainfrom
nfvelten:add-arbitus
Open

Add Arbitus - Security proxy for MCP servers#122
nfvelten wants to merge 1 commit intoPuliczek:mainfrom
nfvelten:add-arbitus

Conversation

@nfvelten
Copy link
Copy Markdown

@nfvelten nfvelten commented Apr 8, 2026

Added Arbitus - Security proxy for MCP servers

Description

Arbitus is a security proxy that sits between AI agents (Cursor, Claude, Windsurf, etc.) and MCP servers. It enforces per-agent policies before any tool call reaches the upstream server.

Key Features

  • Per-agent auth β€” API key, JWT/OIDC, or mTLS
  • tools/list filtering β€” Agents only see tools they're allowed to call
  • Rate limiting β€” Sliding window, per-tool, per-IP
  • Human-in-the-Loop (HITL) β€” Approval workflow for sensitive operations
  • Shadow mode β€” Dry-run operations without forwarding
  • Payload filtering β€” Encoding-aware (Base64, URL, Unicode)
  • OPA/Rego policies β€” Custom policy evaluation
  • Schema validation β€” Validate args against inputSchema
  • Audit logging β€” SQLite, webhook, OpenLineage, CloudEvents
  • Circuit breaker β€” Upstream failure isolation
  • Both transports β€” HTTP+SSE and stdio
  • Written in Rust β€” Sub-millisecond overhead

Checklist

  • Project is related to MCP security
  • Link works
  • Added to the TOP of the appropriate section
  • Format follows the existing style

Repository Stats

  • ⭐ Stars: New project (launching now)
  • πŸ“ License: MIT
  • βœ… Tests: 446 unit tests passing
  • πŸ“– Documentation: 6 comprehensive docs
  • πŸ—οΈ Governance: GOVERNANCE.md, CONTRIBUTING.md, SECURITY.md, CODE_OF_CONDUCT.md

@nfvelten
Add Arbitus - Security proxy for MCP servers
f3cbae2 
Arbitus is a security proxy that sits between AI agents and MCP servers.
It enforces per-agent policies before any tool call reaches the upstream.

Key features:
- Per-agent auth (API key, JWT/OIDC, mTLS)
- Rate limiting (sliding window, per-tool, per-IP)
- Payload filtering (encoding-aware: Base64, URL, Unicode)
- Human-in-the-Loop (HITL) approval workflow
- Shadow mode for dry-run operations
- OPA/Rego policy engine
- Schema validation against inputSchema
- Audit logging (SQLite, webhook, OpenLineage, CloudEvents)
- Circuit breaker for upstream failures
- Both HTTP+SSE and stdio transports
- Written in Rust, sub-millisecond overhead
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nfvelten