Metadata-Version: 2.4
Name: aten-thoth-mcp-proxy
Version: 0.1.0
Summary: Thoth governance proxy for Claude Desktop / MCP servers
Author: Aten Engineering
Author-email: engineering@aten.security
Requires-Python: >=3.12,<3.15
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Requires-Dist: anyio (>=4.0)
Requires-Dist: httpx (>=0.27)
Project-URL: Documentation, https://docs.aten.security/thoth/mcp-proxy
Project-URL: Homepage, https://aten.security/thoth
Description-Content-Type: text/markdown

# aten-thoth-mcp-proxy

Thoth governance sidecar for Claude Desktop and MCP servers. Intercepts every
`tools/call` and enforces HIPAA/SOC2 policy before the upstream MCP server executes.

## Install

```bash
pip install aten-thoth-mcp-proxy
thoth --version
```

## Usage

### Wrap a single MCP server

```bash
thoth run \
  --agent-id gdrive \
  --tenant-id your-org \
  --enforcement-mode progressive \
  --api-key "$THOTH_API_KEY" \
  -- npx -y @modelcontextprotocol/server-gdrive
```

### Wrap your entire Claude Desktop config (idempotent)

```bash
thoth wrap-config \
  --tenant-id your-org \
  --api-key "$THOTH_API_KEY" \
  --enforcement-mode progressive \
  --output ~/Library/Application\ Support/Claude/claude_desktop_config.json \
  ~/Library/Application\ Support/Claude/claude_desktop_config.json
```

### Show governance state

```bash
thoth status
```

## Environment variables

| Variable | Description |
|---|---|
| `THOTH_API_KEY` | API key from your Thoth dashboard |
| `THOTH_ENFORCER_URL` | Override enforcer URL (default: Thoth cloud) |
| `THOTH_USER_ID` | Per-user identifier for audit trail (email or LDAP uid) |

## Session intent (HIPAA minimum-necessary)

```bash
thoth run \
  --agent-id phi-boundary \
  --tenant-id your-org \
  --session-intent phi_eligibility_check \
  --enforcement-mode block \
  --api-key "$THOTH_API_KEY" \
  -- npx -y @mcp/server-phi-boundary
```

## Enterprise fleet deployment

See [Enterprise Fleet Deployment](https://docs.aten.security/thoth/mcp/fleet-deployment)
for Jamf + Intune deployment guides.

## Why the proxy is open source

The proxy is intentionally open source. Security and compliance buyers — the exact people
deploying this — need to audit what runs on their employees' machines. An opaque binary
raises questions; readable source closes them.

The moat is not here. The proxy is ~250 lines that intercept a JSON-RPC call and POST to an
enforcer. Anyone can write this. What competitors cannot replicate is the enforcer logic, the
MOSES behavioral baselines, the compliance packs, and the session telemetry that compounds
with every governed customer. All of that is server-side and never ships in this package.

## Stable public API

The following are part of the stable public API surface as of v0.1.0. Breaking changes require
a major version bump and a migration guide:

| Interface | Stable |
|---|---|
| `thoth run` CLI flags | ✅ |
| `thoth wrap-config` CLI flags and `intent_map.json` schema | ✅ |
| `thoth status` output format | ✅ |
| `--session-intent` flag name and string values | ✅ |
| `THOTH_API_KEY`, `THOTH_ENFORCER_URL`, `THOTH_USER_ID` env vars | ✅ |
| JSON-RPC error codes `-32001` (BLOCK) and `-32002` (STEP_UP) | ✅ |

The `session_intent` string values (e.g. `phi_eligibility_check`, `calendar_management`) are
defined by the enforcer's compliance packs, not this package. New intent values are additive
and non-breaking; removing or renaming an existing value is a breaking change on the enforcer side.

## License

Apache 2.0

