inherence-proxy sits in front of your local MCP servers. Every tool call your agent attempts gets evaluated against the six-rule catastrophe shield — financial drain, credential access, identity escalation, mass destruction, lateral pivot, exfiltration. Allow or deny in milliseconds. Free for personal use.
uv tool install inherence-proxy
inherence-proxy init claude-desktopTransfers above your thresholds, velocity-aware across hour/day/week windows.
.env, AWS/GCP/Azure creds, SSH keys, Keychain, npmrc/pypirc, AI-provider keys.
Password resets, MFA changes, admin grants, owner-of-record changes.
rm -rf, DROP TABLE, bulk deletes, destructive shell commands.
Cloud-metadata endpoints, K8s management ports, /etc/, anything escape-shaped.
Sensitive-read followed by outbound POST/curl within the same session.
The proxy contains no policy logic. All decisions are made hosted-side at mcp.inherencelabs.com. If you don't trust hosted, run your own gate — the proxy talks to whatever endpoint you point it at. Each rule is tunable from app.inherencelabs.com. Custom policies are available on the paid tier.
Works with Claude Desktop, Cursor, Continue, Cline, and any MCP-aware client.
Install → Start a paid pilot