Deconvolute SDK
The MCP Firewall (Infrastructure Protection)

Observability & Auditing

Keep a record of every tool discovery and execution event.

Deconvolute automatically records security telemetry, tool discoveries, and agent execution events to a zero-configuration SQLite database (deconvolute_state.db), created in your OS's standard user cache directory.

Automatic Local Telemetry

The firewall buffers telemetry in the background without blocking your AI workflows, using an internal audit_queue table as a transactional outbox for all security events.

The Event Lifecycle

When the firewall detects a noteworthy action, for example a new tool discovery or a blocked execution attempt, it writes a JSON payload to the audit_queue with a status of PENDING.

Locally, events remain queryable for forensic analysis. A native database trigger prunes the oldest records once the table reaches 10,000 rows, keeping the storage footprint predictable.

If remote synchronization is enabled, a lightweight background worker transmits PENDING events to the remote platform in small batches using event-driven signaling, then marks them COMPLETED.

Environment Variables

You can control the internal caching and synchronization behavior using the following environment variables:

  • DECONVOLUTE_CACHE_DIR: Overrides the default database directory location. This is useful for isolated testing or containerized environments.
  • DECONVOLUTE_API_KEY: Activates background synchronization of local audit events for centralized monitoring.

Transport Origin Validation

Prevent Server Identity Spoofing by binding security identities to physical transports.

Content Scanners

Protect your data and model behavior with deterministic content validation.

On this page

Automatic Local TelemetryThe Event LifecycleEnvironment Variables