Skip to main content
Glama
mastyf-ai

mastyf-ai

Official

The problem

AI agents can read your files, push code, query databases, execute shell commands, and call external APIs. They do it autonomously, at machine speed.

Traditional security controls weren't built for that.

Mastyf.ai acts as a perimeter security layer for AI. It intercepts every tool call, evaluates it against your security policies using multi-agent swarm analysis, and blocks malicious or unauthorized actions before they execute.

Every decision is enforced, logged, and auditable.


Related MCP server: ZugaShield

What it stops

Threat

What it looks like

Prompt injection

Malicious instructions embedded in tool arguments to hijack agent behavior

Path traversal

Attempts to access /etc/passwd, .ssh/id_rsa, .aws/credentials

Secret exfiltration

API keys and tokens leaking through tool arguments

Shell injection

Reverse shells, rm -rf, encoded PowerShell commands

Data exfiltration

Bulk SQL dumps, git push, aws s3 cp, unauthorized file transfers

SSRF

Calls to metadata endpoints, localhost, and private IP ranges

Encoding evasion

Base64 blobs and Unicode homoglyphs used to bypass pattern detection

Cost abuse

Runaway agent loops burning through token budgets

Rug-pull attacks

Tool definitions that silently change mid-session


Quick start

Build from source

Clone the repository and run the setup script.

Requirements:

  • Git

  • Linux (the setup script installs Nix automatically if needed)

git clone https://github.com/mastyf-ai/mastyf.ai.git
cd mastyf.ai
chmod +x setup.sh
./setup.sh

The setup script automatically:

  • Installs Nix (if required)

  • Enables Nix flakes

  • Creates the development environment

  • Installs all project dependencies

  • Rebuilds native packages

  • Builds the entire project

  • Adds a convenient mastyf shell alias

Once installation completes, start the proxy and dashboard:

node dist/cli.js start

Or simply use the alias after opening a new terminal:

mastyf

The dashboard will be available at:


Test the installation

If the dashboard is running, verify the HTTP bridge:

curl -X POST http://localhost:4000/mcp -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","id":"1","method":"tools/list","params":{}}'

Dashboard

Full visibility into every action your AI takes.


Section

What you see

Protection

Block rate, top triggered rules, live threat feed

Activity

Every tool call with full arguments, allow or block status, timestamp

Policy

Live rule editor with hot-reload from YAML

Threat Lab

AI-suggested attack tests, reviewed and approved before anything applies

Cost

Token usage and cost estimates broken down per tool call

Do not expose port 4000 publicly without enabling dashboard auth. The default local dev config has DASHBOARD_AUTH_DISABLED=true.


How enforcement works

Every tool call passes through three layers before it reaches your infrastructure.

Layer 1 - Pattern detection Regex-based scanning for injection, dangerous paths, leaked secrets, shell commands, and encoding tricks. Runs in microseconds with no external dependencies.

Layer 2 - Schema validation Rejects malformed payloads, oversized arguments, and JSON-RPC violations before they reach policy evaluation.

Layer 3 - Semantic review An optional local LLM (Ollama) or cloud model evaluates borderline calls that pass pattern checks. Falls back to heuristics if no model is configured.

Anything that fails is blocked. The tool never runs. Everything is logged.


Policy

Your rules live in default-policy.yaml. You own them. mastyf.ai enforces them.

policy:
  mode: block
  default_action: pass
  unicode_strict: true
  rules:
    - name: block-sensitive-paths
      action: block
      argPatterns:
        - field: path
          patterns: ['^/etc/', '/\.ssh', '/\.aws/credentials']

    - name: rate-limit-tool-calls
      action: block
      maxCallsPerMinute: 120

    - name: block-shell-injection
      action: block
      patterns: ['rm\s+-rf', 'curl\s', 'wget\s', '`[^`]+`']

Roll out safely with three enforcement modes:

Mode

Behavior

When to use

audit

Log everything, block nothing

First week, understand what your AI does

warn

Log and flag, still forwards

Tuning phase before enforcement

block

Stops violations before execution

Production

Pre-built templates for HIPAA, PCI-DSS, GxP, and data residency are in policy-templates/.


Architecture

mastyf.ai runs two coordinated swarms. The CI Swarm attacks your policy before code ships. The Runtime Swarm enforces and learns from every live tool call in production. Four feedback loops connect them so the system gets harder to bypass over time.

flowchart TB

  AI["๐Ÿค– AI Clients\nCursor ยท Claude Desktop ยท Cline"]

  subgraph CI["๐Ÿ”ต CI Swarm (PR + Nightly)"]
    direction LR
    Scout["๐Ÿ” Scout Agent\nSAST, deps, config scan"]
    Corpus["๐Ÿ“‹ Corpus Agent\n228 fixtures eval"]
    Evasion["โšก Evasion Agent\n120+ probes + generate new"]
    Parity["๐Ÿ”„ Parity Agent\nNode vs Python"]
    ProxyA["๐Ÿ–ฅ๏ธ Proxy Agent\nLive stdio MCP tests"]
    Report["๐Ÿ“Š Report Agent\nsecurity-swarm/latest.json"]
    Scout --> Corpus --> Evasion --> Parity --> ProxyA --> Report
  end

  subgraph Runtime["๐ŸŸข Runtime Swarm (Production Proxy)"]
    direction LR
    BG["๐Ÿ›ก๏ธ BlockGuard\nsync policy"]
    IL["๐Ÿ“ˆ InstantLearner\nper-block stats + suggestions"]
    SA["๐Ÿง  SemanticAuditor\nasync LLM, optional"]
    PS["๐Ÿ”— PatternSynthesizer\nbatch suggestions"]
    Cal["โš™๏ธ Calibrator\nlabels + thresholds"]
    BG --> IL --> PS --> Cal
    BG --> SA --> PS
  end

  Tools["๐Ÿ—„๏ธ MCP Tools\nfilesystem ยท GitHub ยท databases ยท APIs"]

  AI -->|"every tool call"| BG
  BG -->|"โœ… allowed"| Tools
  Report -->|"๐Ÿ” Loop A: bypasses to corpus"| Corpus
  Cal -->|"๐Ÿ” Loop B: blocks to rules"| BG
  Cal -->|"๐Ÿ” Loop C: labels to LLM"| SA
  Report -->|"๐Ÿ” Loop D: CI metrics weekly"| Cal

  style CI fill:#EFF6FF,stroke:#3B82F6,stroke-width:2px,color:#1E3A5F
  style Runtime fill:#F0FDF4,stroke:#22C55E,stroke-width:2px,color:#14532D
  style Scout fill:#DBEAFE,stroke:#3B82F6,color:#1E40AF
  style Corpus fill:#DBEAFE,stroke:#3B82F6,color:#1E40AF
  style Evasion fill:#DBEAFE,stroke:#3B82F6,color:#1E40AF
  style Parity fill:#DBEAFE,stroke:#3B82F6,color:#1E40AF
  style ProxyA fill:#DBEAFE,stroke:#3B82F6,color:#1E40AF
  style Report fill:#DBEAFE,stroke:#3B82F6,color:#1E40AF
  style BG fill:#BBF7D0,stroke:#16A34A,color:#14532D
  style IL fill:#BBF7D0,stroke:#16A34A,color:#14532D
  style SA fill:#BBF7D0,stroke:#16A34A,color:#14532D
  style PS fill:#BBF7D0,stroke:#16A34A,color:#14532D
  style Cal fill:#BBF7D0,stroke:#16A34A,color:#14532D
  style AI fill:#FEF3C7,stroke:#F59E0B,stroke-width:2px,color:#78350F
  style Tools fill:#FEF3C7,stroke:#F59E0B,stroke-width:2px,color:#78350F

Canonical gates: 228/228 corpus, 0 bypasses, 100% parity

CI Swarm

Runs on every PR and nightly. Six agents work in sequence, each one hardening what the previous found.

Agent

What it does

Scout

SAST scan, dependency audit, config review

Corpus

Evaluates all 228 attack fixtures against current policy

Evasion

Runs 120+ bypass probes and generates novel ones using an LLM

Parity

Verifies Node and Python implementations produce identical decisions

Proxy

Live stdio MCP session tests against a running proxy instance

Report

Writes security-swarm/latest.json with full results and metrics

Runtime Swarm

Runs inside the production proxy on every tool call.

Component

What it does

BlockGuard

Enforces the active policy synchronously on every call. Fail-closed.

InstantLearner

Tracks per-block statistics and surfaces rule suggestions in real time

SemanticAuditor

Optional async LLM review for calls that clear pattern checks but look suspicious

PatternSynthesizer

Batches suggestions from InstantLearner and SemanticAuditor into candidate rules

Calibrator

Labels candidates, tunes thresholds, and promotes approved rules back into BlockGuard

Feedback loops

Loop

Signal

Effect

A

CI bypass found

Added to corpus, CI now guards against it permanently

B

Runtime block pattern

Synthesized into a new rule, promoted to BlockGuard

C

Calibrator label

Used to fine-tune SemanticAuditor thresholds

D

CI metrics (weekly)

Updates runtime config โ€” keeps CI and production in sync

The proxy supports five transports: stdio, HTTP, SSE, streamable HTTP, and WebSocket.

For enterprise deployments with Redis, Postgres, and Kubernetes see docs/ENTERPRISE_DEPLOYMENT.md.


Threat Lab

Threat Lab watches live traffic and uses a local LLM to propose new attack test cases when it detects suspicious patterns. Nothing is applied automatically. You review and approve every suggestion in the dashboard before it becomes a rule.

Approved discoveries feed back into the CI attack corpus for ongoing regression testing.

ollama serve
ollama pull qwen3:8b

export OLLAMA_BASE_URL=http://127.0.0.1:11434
export MASTYF_AI_LLM_PROVIDER=ollama
export MASTYF_AI_LLM_MODEL=qwen3:8b

pnpm dashboard:proxy

MCP package trust scores

Before installing any MCP server from npm, check its trust score at https://www.mastyf.ai/certified. Scores cover CVE exposure, typo-squat risk, maintainer signals, and known attack patterns. Free, no account required.


Common commands

Command

What it does

node dist/cli.js start

Start proxy and dashboard on port 4000

node dist/cli.js onboard

Wrap your MCP config to route through the proxy

node dist/cli.js doctor

Health check for DB, policy, and environment

node dist/cli.js scan --all

Scan MCP configs for CVEs and injection risks

pnpm test

Run the full test suite

pnpm security-swarm:fast

Quick security regression, 5 to 15 minutes

pnpm security-swarm:analyze

Full adversarial analysis


Troubleshooting

Problem

Fix

Dashboard shows no data

Proxy and dashboard must share the same MASTYF_AI_DB_PATH. Default is ~/.mastyf-ai/history.db

dist/cli.js not found

Run pnpm build

AI still hitting tools directly

Run node dist/cli.js onboard --apply

Ollama warnings at startup

Run ollama serve or remove MASTYF_AI_LLM_PROVIDER from your environment

npm install fails

npm publish is not live yet. Use git clone and pnpm install


Learn more

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/mastyf-ai/mastyf.ai'

If you have feedback or need assistance with the MCP directory API, please join our Discord server