Deconvolute SDK
The MCP Firewall (Infrastructure Protection)

Observability & Auditing

Keep a record of every tool discovery and execution event.

You can enable local audit logging to track exactly how your policy is being enforced. This is useful for debugging policy rules, maintaining a compliance paper trail, and analyzing potential attack attempts.

Enable auditing by passing an audit_log path to the guard function.

from deconvolute import mcp_guard

safe_session = mcp_guard(
    original_session,
    audit_log="./logs/mcp_audit.jsonl"
)
// TODO

Log Format

The logger writes JSONL (JSON Lines) events for two types of activities:

  1. Discovery Events: Logged when the session initializes. Records which tools were found on the server, which were allowed by your policy, and which were hidden or blocked.
  2. Access Events: Logged every time a tool is called. Records the tool name, the security verdict (SAFE or UNSAFE), and the specific reason for the verdict (e.g. policy violation, integrity check failure).

Transport Origin Validation

Prevent Server Identity Spoofing by binding security identities to physical transports.

Content Scanners

Protect your data and model behavior with deterministic content validation.

On this page

Log Format