Login

u/rayen_ba

▲ 2 r/AI_Agents

GetMCP: Zero Trust for AI agents

Just shipped v0.1.0 of something I've been building. Sharing because I haven't seen anyone solve this end-to-end as a self-hostable thing.

The problem. AI agents (Claude, ChatGPT, Cursor, in-house bots) are starting to make real calls into production APIs. Most companies are handing them a single long-lived API key and praying. There's no per-request audit, no per-agent revocation, no policy layer, no human-in-the-loop for sensitive mutations.

What GetMCP does:
- Generates two MCP servers from any OpenAPI spec: Internal (full surface) and External (scoped/customer-safe). LLM-classified, human-overridable per endpoint.
- Runs as a streaming proxy in front of them : auth, agent identity (revocable in 5s), 5 rule types (allowlist / block / audit / rate-limit / Slack approval).
- Tamper-evident audit log, every call writes one row to a per-org sha256 hash chain. GET /audit/verify walks it end-to-end. Property-tested with 200 random inserts + 50 random tampers, all detected.
- Slack approvals with HMAC-signed callbacks and an idempotent state machine.

Stack: NestJS + Postgres + React. Apache 2.0. Single bash command to bootstrap (./deploy/scripts/bootstrap.sh) generates secrets, brings up Postgres + API + dashboard, seeds a demo org. Helm chart included for k8s. No telemetry, no phone-home, no license server.

Looking for honest feedback especially from anyone who's tried to safely expose APIs to AI agents in their homelab or at work. What did I miss? Where's the ergonomics broken? PRs welcome.

reddit.com
u/rayen_ba — 6 days ago
▲ 6 r/u_rayen_ba+2 crossposts

GetMCP: Zero Trust for AI agents

Just shipped v0.1.0 of something I've been building. Sharing because I haven't seen anyone solve this end-to-end as a self-hostable thing.

The problem. AI agents (Claude, ChatGPT, Cursor, in-house bots) are starting to make real calls into production APIs. Most companies are handing them a single long-lived API key and praying. There's no per-request audit, no per-agent revocation, no policy layer, no human-in-the-loop for sensitive mutations.

What GetMCP does:
- Generates two MCP servers from any OpenAPI spec: Internal (full surface) and External (scoped/customer-safe). LLM-classified, human-overridable per endpoint.
- Runs as a streaming proxy in front of them : auth, agent identity (revocable in 5s), 5 rule types (allowlist / block / audit / rate-limit / Slack approval).
- Tamper-evident audit log, every call writes one row to a per-org sha256 hash chain. GET /audit/verify walks it end-to-end. Property-tested with 200 random inserts + 50 random tampers, all detected.
- Slack approvals with HMAC-signed callbacks and an idempotent state machine.

Stack: NestJS + Postgres + React. Apache 2.0. Single bash command to bootstrap (./deploy/scripts/bootstrap.sh) generates secrets, brings up Postgres + API + dashboard, seeds a demo org. Helm chart included for k8s. No telemetry, no phone-home, no license server.

Repo: https://github.com/Rayenbabdallah/GetMCP

Looking for honest feedback especially from anyone who's tried to safely expose APIs to AI agents in their homelab or at work. What did I miss? Where's the ergonomics broken? PRs welcome.

u/rayen_ba — 6 days ago