mastyf.ai is an open-source security proxy for AI assistants that use the Model Context Protocol (MCP). It intercepts tool calls from AI clients like Claude, Cursor, and Cline, enforcing customizable YAML policies to block dangerous actions such as file access, shell commands, and data exfiltration. Key features include:
- Policy Proxy: Intercepts JSON-RPC calls and applies rules before forwarding to upstream MCP servers.
- Attack Blocking: Pre-built regex patterns for injection, path traversal, secrets, and Unicode tricks.
- Cost Tracking: Estimates token usage and dollar costs per call with budget alerts.
- Live Audit Log: All decisions stored in SQLite with a web dashboard for review.
- Security Swarm: Automated red-team agents that test policies in CI and at runtime.
- Threat Lab: Local LLM (Ollama) proposes new attack patterns and rule ideas for human review.
- Auto Threat Research: Background loop that converts blocked events into adversarial test fixtures.
- Agentic AI: Optional modules for threat prediction, policy generation, supply chain checks, compliance mapping, and more.
- Cloud Console: Public website for npm MCP package trust scores and badges.
Use cases include securing AI tool usage in development, preventing data leaks, enforcing compliance, and continuously improving security posture through automated testing.
