Architecture Principles
How Deconvolute uses Snapshot and Seal, deterministic detection, and defense in depth.
Architecture Principles
Deconvolute solves infrastructure and content vulnerabilities through a layered architectural approach.
Snapshot and Seal
The MCP Firewall is built on a "Snapshot and Seal" architecture to prevent mid-session tampering and unauthorized tool execution.
1. Discovery Phase (The Snapshot)
When your application lists available tools from an MCP server, the Firewall intercepts the tool list. It checks each tool against your policy (deconvolute_policy.yaml). For approved tools only, it registers the tool definition (Snapshot) in the ephemeral MCPSessionRegistry.
2. Execution Phase (The Seal)
When your application calls a tool, the Firewall intercepts the execution request. It verifies the tool exists in the MCPSessionRegistry. If the tool is not found, or if the tool definition has been modified in any way, the hash verification fails and the call is blocked immediately.
Deterministic Detection
Each content scanner is a deterministic check that analyzes text for a specific class of failure or attack pattern. Scanners do not modify model behavior; they observe and report. This makes scanner results interpretable and actionable.
Defense in Depth Through Composition
No single scanner or firewall rule covers all failure modes. The SDK is designed to be layered so that each component monitors a different attack surface. A failure in one scanner does not invalidate the others, increasing overall system robustness.
Layering the Defenses
from deconvolute import mcp_guard, scan, llm_guard
# 1. Secure the MCP infrastructure
safe_mcp = mcp_guard(mcp_session)
# 2. Scan RAG documents before adding to vector DB
doc_result = scan(retrieved_document)
if not doc_result.safe:
handle_poisoned_content(doc_result)
# 3. Wrap the LLM client to detect output violations
safe_llm = llm_guard(openai_client)TODO