VellaVeto — blocks unsafe MCP tool calls by default
Fail-closed MCP gateway with formal verification and MCPSEC benchmark suite.
Fail-closed authorization gateway for agentic RAG — capability-label pushdown, deny-aware barriers, per-turn agent-context revalidation.
Solves the O(N) permission filter problem by pushing capability labels directly into the vector index.
AI engineers building RAG systems for enterprise or multi-tenant environments
SpiceDB · OpenFGA · Permit.io
Fail-closed MCP gateway with formal verification and MCPSEC benchmark suite.
OPA/Rego policy engine for AI agents when LiteLLM and Helicone already exist.
Fail-closed execution guard with signed proofs—but risk scoring lacks published methodology or benchmarks.
Enterprise auth for MCP when the protocol itself has no security layer built in.
Turns every agent run into a verifiable artifact you can inspect offline, replay deterministically, and promote into a CI gate with one command. The combo of signed packs (Ed25519 + SHA-256), structural pack diffs, and a 'regress bootstrap' that produces JUnit fixtures is a pragmatic approach to taming tool-call side effects without replacing your agents. The repo ships demos, docs, and install scripts so this feels like a usable infra tool rather than a paper design.
Seven-dimension security scoring catches fail-open errors before your MCP gateway hits production.