Open source MCP control plane

Arc Relay sits between your MCP clients and servers. It handles auth, enforces policy, rate limits, intercepts tool calls, and archives everything - without modifying your MCP servers.

View on GitHub Request Demo

MIT License GitHub Stars: --

What Arc Relay does

Authentication

SSO, API keys, and per-user identity for every MCP connection.

User management

Map MCP sessions to real users. Know who ran what tool.

Policy engine

Define what tools users can call, with what arguments, how often.

Rate limiting

Per-user, per-tool, per-server rate limits. Prevent runaway agents.

Interception

Inspect and transform tool calls in flight. Block, modify, or enrich.

Archiving

Every tool call archived with full context - user, args, result, timing.

Architecture

MCP Client (Claude, Cursor, etc.)

↓

Arc Relay

[Auth → Policy → Rate Limit → Intercept → Archive]

↓

MCP Server (your tools)

Quickstart

Docker

docker run -d \
  --name arc-relay \
  -p 3100:3100 \
  -v ./config.yaml:/etc/arc-relay/config.yaml \
  commacompliance/arc-relay:latest

config.yaml

# Minimal Arc Relay configuration
listen: ":3100"

servers:
  - name: my-mcp-server
    url: http://localhost:8080

policies:
  - name: default
    allow_all: true
    archive: true

# Optional: connect to Comma Compliance Arc for hosted archiving
# archive:
#   endpoint: https://arc.commacompliance.ai
#   api_key: your-key

Works standalone. Optional hosted archive.

Arc Relay works out of the box with local file-based archiving. Connect to Comma Compliance Arc for encrypted cloud archiving with search, legal hold, and export.

Try Arc Relay

Open source, MIT licensed. Run it locally in 2 minutes.

View on GitHub Request Demo