Acts as a transparent proxy for the GitHub MCP server, intercepting, evaluating, and auditing tool calls against security policies.
Supports dispatching security alerts and tool execution audit logs to Opsgenie for incident management.
Enables routing of high-priority security alerts and tool call escalation requests to PagerDuty.
Intercepts and evaluates PayPal API calls against built-in rules, flagging payment operations for manual approval.
Integrates with Slack to route security alerts, policy violation notifications, and audit trail updates.
Provides a secure gateway for Stripe toolkits, intercepting payment-related API calls for policy enforcement and approval workflows.
Routes security alerts and audit notifications to Telegram to keep users informed of agent activities.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@sovr-mcp-proxyCheck the audit log for any blocked tool calls and policy violations"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
sovr-mcp-proxy
Transparent MCP Proxy — The Execution Firewall for AI Agents.
sovr-mcp-proxy is a superset of sovr-mcp-server. It includes all MCP Server capabilities plus a transparent proxy layer that intercepts, evaluates, and audits every agent→tool call against configurable policy rules before forwarding to downstream MCP servers.
Architecture
Key Differences: Proxy vs Server
Feature | sovr-mcp-proxy | sovr-mcp-server |
286 Native Tools | ✅ | ✅ |
1630 SDK Routes | ✅ | ✅ |
Transparent Proxy Mode | ✅ | ❌ |
Downstream Server Interception | ✅ | ❌ |
Spawn/Discover/Intercept/Forward | ✅ | ❌ |
Multi-server Routing | ✅ | ❌ |
Anti-loop Protection | ✅ | N/A |
Hop Counter | ✅ | N/A |
Quick Start
Install
Claude Desktop Configuration
Proxy Configuration (proxy.json)
Every tool call to stripe or github is intercepted by SOVR's gate-check layer before forwarding.
How It Works
Spawn — On startup, sovr-mcp-proxy spawns all downstream MCP servers as child processes
Discover — Enumerates tools from each downstream server via
tools/listIntercept — When the AI agent calls any tool, the proxy evaluates it against policy rules
Gate-Check — Applies permit/deny/escalate verdict based on rules
Forward — Approved calls are forwarded to the downstream server; denied calls return an error
Security Features
HTTPS Enforcement
All non-localhost connections are validated for HTTPS. HTTP connections to external hosts are rejected.
Fail-Close / Fail-Local Degradation
Default (fail-close): If SOVR Cloud is unreachable, all gated operations are denied
Configurable (fail-local): Set
SOVR_FAIL_MODE=fail-localto fall back to 20 built-in local rules
Three-State Degradation
Mode | Behavior | Use Case |
| Enforce all deny/escalate verdicts | Production |
| Log violations but allow execution | Emergency availability rescue |
| Return verdict without executing | Dry-run / testing |
Anti-Loop Protection
Hop counter prevents infinite proxy chains (default max: 3 hops)
Re-entry guard detects circular tool call patterns
Data Redaction
Sensitive fields (password, secret, token, key, authorization, cookie, ssn, credit_card) are automatically redacted in all logs and audit entries.
Unified Alert Dispatcher
Configurable alert routing to Webhook, Slack, PagerDuty, or OpsGenie (replaces hardcoded Telegram).
Built-in Rules (Free Tier)
Rule | Effect | Description |
Destructive Commands | DENY | Blocks |
DDL Operations | DENY | Blocks |
Privilege Escalation | ESCALATE | Flags |
Payment APIs | ESCALATE | Flags Stripe, PayPal calls for approval |
Deployment Ops | ESCALATE | Flags deploy/publish/release for approval |
Environment Variables
Variable | Required | Description |
| No | Connect to SOVR Cloud for expanded tools and persistent audit |
| No | Path to proxy configuration JSON |
| No | Path to custom rules JSON file |
| No |
|
| No |
|
| No | Max proxy hop count before loop detection (default: 3) |
| No | Tenant identifier for multi-tenant deployments |
| No | Actor identifier for audit trail |
| No | Session identifier for trace correlation |
| No | Custom Cloud endpoint (advanced) |
Tier Comparison
Free | Personal | Starter | Pro | Enterprise | |
Tools | 8 | 23 | 48 | 98 | 274 |
Built-in Rules | 5 | 15+ | 15+ | 15+ | 15+ |
Custom Rules | 3 | Unlimited | Unlimited | Unlimited | Unlimited |
Proxy Downstream | 1 server | Unlimited | Unlimited | Unlimited | Unlimited |
Permit/Receipt | Local only | Cloud | Cloud | Cloud | Cloud |
Audit Trail | In-memory | Persistent | Persistent | Persistent | Persistent |
Approval Workflow | — | Basic | Full | Full | Full + SLA |
Free tier works offline with zero configuration. Upgrade at sovr.inc/pricing.
Related Packages
sovr-mcp-server— MCP Server mode only (no proxy capabilities)
License
BSL-1.1 — Code is source-available. Free for non-commercial use. Commercial use requires a license from SOVR AI.
After the Change Date (February 18, 2030), this software converts to Apache-2.0.
SOVR — Eyes on AI. sovr.inc