deconvolute.core.firewall

MCPFirewall Objects

class MCPFirewall()

The Core Enforcement Engine for MCP.

It acts as a stateful mediator between the Application and the MCP Server.

1. Filters tool discovery based on Policy (Authorization).
2. Snapshots allowed tools into the Registry (Integrity).
3. Guards tool execution against Policy and Registry state (Enforcement).

__init__

def __init__(policy: SecurityPolicy) -> None

Arguments:

• policy - The loaded and validated SecurityPolicy object.

set_server

def set_server(server_name: str,
               transport_origin: TransportOrigin | None = None) -> None

Dynamically configures the firewall by compiling rules for the given server and optionally validating the transport origin to prevent spoofing.

check_tool_list

def check_tool_list(tools: list[ToolInterface]) -> list[ToolInterface]

Discovery Phase: Filters available tools against the policy.

• Tools matching ALLOW/WARN are registered (snapshotted) and returned.
• Tools matching BLOCK are dropped (invisible to the agent).

Arguments:

• tools - List of raw tool dictionaries from the MCP server.

Returns:

List of allowed tool dictionaries.

check_tool_call

def check_tool_call(
        tool_name: str,
        args: dict[str, Any],
        current_tool_def: ToolInterface | None = None) -> SecurityResult

Execution Phase: Validates a tool call before it hits the server.

Checks:

1. Integrity: Is the tool in the Registry? (Prevents Shadowing/Hallucinations)

• If current_tool_def is provided (Strict Mode), verifies it hasn't changed.

2. Policy: Is this specific call allowed?

Arguments:

• tool_name - The name of the tool call to validate.
• args - The arguments provided to the tool call.
• current_tool_def - Optional current definition of the tool (for Strict Mode).

Returns:

SecurityResult:

• UNSAFE: If blocked by policy or integrity check.
• CLEAN: If allowed.
• WARNING: If allowed but flagged for audit.