Behavry Proxy (OSS)

Feature row 57 — Sprint OSS-Proxy (Partial)

Phase 1 ships today: the standalone proxy with the 9-step enforcement pipeline. Phase 2 (full test matrix + CI), Phase 3 (TUI polish), and Phase 4 (release engineering, packaging) are in progress.

What this is

Behavry Proxy is the inline MCP governance proxy from the commercial Behavry platform, extracted into a standalone open-source project. It's Apache 2.0 licensed and published separately from this repo. Use it when you want the proxy enforcement layer — policy, DLP, behavioral monitoring, audit logging — without running the full Behavry control plane.

Typical uses:

A security-conscious team that wants per-tool-call policy enforcement on Claude Code / Cursor without signing up for SaaS
Embedding MCP governance in an existing internal platform
A starting point for contributing back features that later land in the commercial product

Architecture

One binary, one config file. The proxy sits between an MCP client and any number of MCP servers:

MCP client (Claude Code / Cursor / ...) → behavry-proxy → MCP server(s)

On every tool call, the proxy runs a 9-step enforcement pipeline — the same pipeline the commercial product uses, stripped of the tenant / billing / enterprise features:

Parse incoming MCP request
Identify agent + session from headers or config
Classify the tool via the built-in catalog
Evaluate OPA policy (local OPA sidecar or embedded rego via a Go bridge)
Scan for DLP patterns
Scan for prompt injection
Rate-limit if configured
Forward or deny
Audit to a local log

Each step is optional and configurable — you can run the proxy in lightweight mode (just log everything) or in hard-block mode.

Config

# behavry-proxy.yaml
listen: 0.0.0.0:8080
servers:
  filesystem:
    command: ["npx", "-y", "@modelcontextprotocol/server-filesystem", "/workspace"]
  github:
    url: https://github-mcp.example/mcp

policy:
  mode: enforce        # report-only | enforce
  rego: ./policies/

dlp:
  enabled: true
  patterns_file: ./dlp.yaml

audit:
  sink: file
  path: ./audit.log

What's in Phase 1 (today)

The 9-step pipeline
OPA REST client + bundled default policies
DLP scanner (port of the Python module)
Injection scanner (BIS port)
JSON audit log sink
Configurable rate limiting

What's Phase 2 / 3 / 4 (in progress)

Full test matrix across MCP client types
Continuous integration publishing signed binaries
Interactive TUI for live policy tuning
Homebrew / apt / deb / rpm packaging
Windows support beyond WSL

Source and downloads

Repo: github.com/behavry/behavry-proxy
Releases: signed binaries for macOS (arm64 + x86_64) and Linux (arm64 + x86_64)
License: Apache 2.0

Relationship to the commercial product

Behavry Proxy is a subset of the commercial proxy. Everything in the OSS version also exists in the commercial product. Features that need a backend (multi-tenant, SIEM fan-out, compliance modules, dashboards) are not part of the OSS project — by design.

If you want the SaaS experience with dashboards, use the commercial product. If you want just the enforcement layer on your laptop or inside your own platform, use the OSS proxy.

Context Audit CLI — OSS companion tool
Deployment Models — where the commercial product fits

What this is​

Architecture​

Config​

What's in Phase 1 (today)​

What's Phase 2 / 3 / 4 (in progress)​

Source and downloads​

Relationship to the commercial product​

Related​