Kong + Apigee + Okta โ for MCP. Secure, govern, observe, and route Model Context Protocol traffic at enterprise scale.
Organizations are deploying hundreds of MCP servers exposing Jira, ServiceNow, databases, and internal APIs to LLMs โ with no mature governance layer in between. Aegis is the missing control plane that secures this boundary.
Every inbound MCP JSON-RPC operation flows through a stateless, fail-closed middleware pipeline prior to downstream execution.
Aegis parses raw MCP JSON-RPC messages and governs every primitive in both directions, keeping compliance transparent and runtime latency low.
Governs all MCP primitives (Tools, Resources, Prompts, Sampling, Roots, Elicitation) across stdio, HTTP, SSE, and WebSockets transports.
Fine-grained, argument-level policy-as-code evaluations (e.g. limiting SQL tools to SELECT statements) in under 5ms, fail-closed by default.
Append-only, hash-chained logs with per-tenant retention and SIEM export (Splunk, AWS Security Lake) to verify regulatory compliance.
Centralized OIDC, OAuth2, and SAML integration (Okta, Entra ID, Auth0) with OAuth On-Behalf-Of flow mapping for downstream calls.
Polly integration for timeouts, retries, and circuit breakers, paired with Redis-backed sliding-window rate limiting per tool/user.
Pins schemas and description hashes at registration, periodically validating downstream endpoints to block unapproved API drift.
Define structured security boundaries. Secure argument values, operations, and identities in a declarative language.
// Limit SQL tool operations to SELECT statements for developer roles
permit(
principal in Role::"Developer",
action == Action::"tools/call",
resource == Server::"sql-prod"
)
when {
context.primitive == "tool" &&
context.target == "sql.query" &&
context.arguments.sql.matches("(?i)^\\s*SELECT\\s")
};
// Fail-closed platform invariant: deny finance tools to external principals
forbid(
principal,
action,
resource == Server::"finance-restricted"
)
when {
principal.is_external == true
};
policy:
evaluator: cedar
failMode: closed
deny:
tools:
- "finance.wire_transfer"
allow:
tools:
- "jira.search"
- "sql.query"
constraints:
sql.query:
operations: [ SELECT ]
transforms:
jira.search:
redact: [ "$.response.assignee.email" ]
This repository currently holds the detailed product, architecture, and deployment specifications. Follow the recommended build milestones in the product requirements to Scaffolding, Core proxy pipeline, Auth, Cedar engine integration, and OTel diagnostics.
View Build Roadmap