From f3cbae204a2a1013cca92fa1f7394159e7bb7b1a Mon Sep 17 00:00:00 2001
From: Nicholas Velten <nikvelten@gmail.com>
Date: Wed, 8 Apr 2026 09:42:09 -0300
Subject: [PATCH] Add Arbitus - Security proxy for MCP servers

Arbitus is a security proxy that sits between AI agents and MCP servers.
It enforces per-agent policies before any tool call reaches the upstream.

Key features:
- Per-agent auth (API key, JWT/OIDC, mTLS)
- Rate limiting (sliding window, per-tool, per-IP)
- Payload filtering (encoding-aware: Base64, URL, Unicode)
- Human-in-the-Loop (HITL) approval workflow
- Shadow mode for dry-run operations
- OPA/Rego policy engine
- Schema validation against inputSchema
- Audit logging (SQLite, webhook, OpenLineage, CloudEvents)
- Circuit breaker for upstream failures
- Both HTTP+SSE and stdio transports
- Written in Rust, sub-millisecond overhead
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 7d03ece..3ecd104 100644
--- a/README.md
+++ b/README.md
@@ -129,6 +129,7 @@ Official Security Considerations from the [Official MCP Specification Rev: 2025-
 
 ## 🧑‍🚀 Tools and code
 
+- [Arbitus](https://github.com/arbitusgateway/arbitus) - Security proxy for MCP servers. Per-agent auth (API key, JWT/OIDC, mTLS), rate limiting, payload filtering, HITL approval workflow, OPA/Rego policies, audit logging, circuit breaker, shadow mode. Rust-based, sub-millisecond overhead.
 - [MCP Audit Extension - Audit and log all GitHub Copilot MCP tool calls in VSCode with ease](https://github.com/Agentity-com/mcp-audit-extension)
 - [Secure MCP - Security auditing tool to detect MCP vulnerabilities and misconfigurations by makalin](https://github.com/makalin/SecureMCP)
 - [mcp-context-protector - Security wrapper for MCP servers by trailofbits](https://github.com/trailofbits/mcp-context-protector)