Open source · Apache 2.0

Every tool call, observed and enforced.

Navil sits in front of every MCP server, CLI, and API your agents reach. Policy at install, enforcement at runtime.

Capabilities

Policy enforcement

YAML-defined scoping. Agents see only the tools their policy permits. Reduces attack surface and cuts schema tokens per call.

2.7 µs overhead

Rust data plane. p50 2.7 µs, p99 6.1 µs per message. Measurable, not estimated. Benchmark ships in the repo.

568 detection patterns

36 categories covering prompt injection, supply chain, privilege escalation, RAG poisoning, and agent hijacking. Fed by anonymized signal from every deployment.

MCP server wrapping

navil secure Auto-discovers MCP configs and wraps every server in under 60 seconds. Works with Claude Code, Cursor, Continue, and custom agents.

94% token reduction

Schema scoping means agents see only the tools their policy allows. Average 94% reduction in schema tokens per call. Reduces inference cost on every loop.

Audit logs

Structured logs for every tool call: which agent called which tool, what the policy decision was, what it tried that failed. SOC 2 / HIPAA evidence.

Numbers

2.7µs

Per-call overhead

p99 6.1 µs · Rust data plane · benchmark ships in repo

94%

Schema tokens cut

vs unscoped MCP exposure · reduces inference cost on every loop

568

Detection patterns

across 36 agent-native categories · updated from live network

Why a vendor-neutral layer matters

Anthropic ships governance for Anthropic-hosted agents. Most enterprises run 3+ agent vendors in production — and the security model has to work across all of them, not just one.

Where Navil fits

Navil is not a package scanner, hosted-agent platform, or MCP directory. It sits at the moment an agent tries to call a tool.

Layer	Helps with	Gap
SCA tools	Finds vulnerable packages and dependencies	Does not enforce agent tool calls at runtime
MCP gateways	Connects agents to tools and servers	May not cover local CLIs, custom agents, and cross-client runtime policy
Hosted agent platforms	Governs agents inside one vendor's environment	Does not cover heterogeneous local agents and custom tool surfaces
Navil	Runtime policy, approvals, and audit at the tool-call layer	Works best when paired with clear team policies and least-privilege templates

Layer descriptions reflect what each category most commonly ships. Individual products may extend beyond their layer.

Start in under a minute.

One command installs the proxy and wraps every MCP server your agent uses.

pip install navilSee the source

Layer

Helps with

Gap

SCA tools

Finds vulnerable packages and dependencies

Does not enforce agent tool calls at runtime

MCP gateways

Connects agents to tools and servers

May not cover local CLIs, custom agents, and cross-client runtime policy

Hosted agent platforms

Governs agents inside one vendor's environment

Does not cover heterogeneous local agents and custom tool surfaces

Navil

Runtime policy, approvals, and audit at the tool-call layer

Works best when paired with clear team policies and least-privilege templates