Enterprise DNA
M MCP Servers Developer low

Rul1an/assay

by Various

Policy-as-code for MCP agents: deny risky tool calls before they run, prove what ran with verifiable evidence, and enforce egress in the kernel (eBPF/LSM, Linux). Deterministic, of

R

MCP

Rul1an/assay

Added 15 June 2026

#agent-security #ai-agents #ai-security #ci #cyclonedx #ebpf #evidence-bundles #github-actions

Overview

Rul1an/assay is a Rust-based policy engine that enforces tool call policies for MCP agents at the kernel level using eBPF or LSM on Linux. It blocks risky tool calls before execution, provides verifiable evidence of agent actions, and enforces egress controls. The system is deterministic and offline-first with bounded claims.

Best for

Best for
Developers building secure MCP agents with deterministic policy enforcement

Use cases

  • Block unauthorized tool calls in MCP agents
  • Generate verifiable audit logs of agent actions
  • Enforce network egress policies at the kernel level

How to use

Install

cargo install assay-cli

Tools exposed

  • assay-cli

Tested with

Cursor, Claude Code, Codex

Example client config

version: "2.0"\nname: "my-policy"\ntools:\n  allow: ["read_file", "list_dir"]\n  deny: ["exec", "shell", "write_file"]\nschemas:\n  read_file:\n    type: object\n    properties:\n      path: { type: string, pattern: "^/app/.*" }\n    required: ["path"]

Notes

Rul1an/assay is a Rust-based policy engine that enforces tool call policies for MCP agents at the kernel level using eBPF or LSM on Linux. It blocks risky tool calls before execution, provides verifiable evidence of agent actions, and enforces egress controls. The system is deterministic and offline-first with bounded claims.

7 stars on GitHub. Last updated 2026-06-15. Licensed MIT.

Use cases

  • Block unauthorized tool calls in MCP agents
  • Generate verifiable audit logs of agent actions
  • Enforce network egress policies at the kernel level

Pros

  • Deterministic enforcement without runtime dependencies
  • Kernel-level egress control via eBPF or LSM
  • Bounded claims provide verifiable evidence of agent behavior

Cons

  • Linux-only due to eBPF or LSM dependency
  • Very early stage with only 7 GitHub stars
  • Narrow scope limited to MCP agent tool call enforcement

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.

Pros

  • Deterministic enforcement without runtime dependencies
  • Kernel-level egress control via eBPF or LSM
  • Bounded claims provide verifiable evidence of agent behavior

Cons

  • Linux-only due to eBPF or LSM dependency
  • Very early stage with only 7 GitHub stars
  • Narrow scope limited to MCP agent tool call enforcement
Free 27-page guide

Get the free Developer’s Field Guide

A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.

Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.

No spam. Unsubscribe any time.

Running a business, not writing the code? See the MCP servers picked for operators, and get your first one wired up with us.

Operator picks