Arc Relay - Open-source MCP control plane with per-user tool permissions

by
Your MCP server gives every agent access to every tool. The workarounds - enterprise contracts, YAML policy files, PowerShell - they weren't built for mixed teams. Arc Relay is the missing layer: per-user, per-tool access control in a web UI. PII gets stripped before it leaves your environment. Every call is logged. Runs in Docker, starts in one command, no config files required. MIT licensed, built in Go.

Add a comment

Replies

Best
Hey PH! We built Arc Relay because we needed it ourselves. I've been in fintech and compliance since 2008 - been at this since LAN parties and dial-up. I thought I understood how fast software could move. This is the first time I've had to build guardrails before I could build features. Comma Compliance is a remote team - engineers, marketing, sales, ops - all running AI tools connected to real company systems via MCP. The problem: one MCP server, everyone gets everything. Our marketing person uses Webflow MCP constantly. She doesn't need to touch the codebase. Our devs don't need the CRM. Everyone can read Otter meeting notes, but not everyone should be able to edit them. Same problem at home. I run Unraid - home automation, networking, the whole stack. Every agent still wants everything. Every agent that connected got the full tool list with no simple way to scope it. Turns out when you give everyone everything, everyone uses everything. I got so distracted I built a tool to fix it. Arc Relay sits between your AI clients and your MCP servers. Per user, per tool, in a web UI. PII gets stripped before it leaves your environment. Every call is logged. Old habits. Runs in Docker, one command, no config files required. We open-sourced the capture layer for messaging compliance. The control layer felt like it should be no different.  MIT, built in Go  If that's your situation - give it a try. Curious how other teams are handling MCP access control right now, and what integrations matter most. -->