Deconvolute SDK
The MCP Firewall (Infrastructure Protection)

Policy Configuration

Define security rules, evaluate conditions, and use CEL for advanced policies.

Policy Configuration

Deconvolute uses a strict policy-as-code approach to govern tool execution. Security rules in the deconvolute_policy.yaml file are enforced using a First Match Wins strategy. Rules are evaluated in order from top to bottom. The first rule that matches the tool name (and its condition, if present) determines the final action.

Note

Currently, only policy version: "2.0" is supported.

The Override Pattern

Because of the First Match Wins strategy, you can create specific exceptions at the top of your policy and general fallback rules at the bottom.

version: "2.0"
default_action: block

servers:
  filesystem:
    tools:
      # 1. Specific restriction (Checked First)
      - name: "unsafe_tool"
        action: "block"
      
      # 2. General fallback (Checked Second)
      - name: "*"
        action: "allow"

If your default_action is block, explicit block rules are technically redundant. However, explicit blocks are highly recommended for clarity and safety. They document exactly why a tool is forbidden and protect the system in case the default action is changed to allow in the future.

Advanced Conditions (CEL)

While basic configurations can rely on allow or block actions based purely on a tool's name, Deconvolute utilizes the Common Expression Language (CEL) for evaluating advanced, cross-variable security policies. CEL provides a memory-safe and deterministic execution environment, making it an industry standard for strict compliance and zero-trust security.

Advanced users can define a condition string to inspect the runtime arguments passed to the tool before execution is permitted.

The Evaluation Context

Every condition is evaluated against the specific arguments provided by the AI agent to the tool. These arguments are exposed in the policy under the args variable.

If a tool expects {"filepath": "/tmp/test.txt", "force": true}, you can access these values in your policy using args.filepath and args.force.

Supported Operators

CEL syntax is highly intuitive and uses standard programmatic operators:

Comparisons: ==, !=, <, >, <=, >=

Logical: && (and), || (or), ! (not)

Membership: in (e.g. args.role in ["admin", "user"])

Common Macros & Functions

CEL provides powerful built-in macros for robust string matching and data validation:

  • startsWith(string): args.path.startsWith("/public/")
  • endsWith(string): args.filename.endsWith(".csv")
  • contains(string): args.query.contains("SELECT")
  • matches(regex): args.email.matches("^[a-zA-Z0-9]+@company\\.com$")
  • size(): args.data.size() < 500

Example Usage

Here is how you can implement a fine-grained condition to restrict a tool based on its arguments:

tools:
  - name: "execute_script"
    action: block
    condition: 'args.script_name == "rm" || args.force_delete == true'
    reason: "Prevent forceful deletions or execution of rm command"

Basic Usage & Strict Integrity

Learn how to wrap your MCP sessions and prevent rug pull attacks.

Strict Integrity Mode

Prevent Rug Pull attacks by verifying tools immediately before execution.

On this page

Policy ConfigurationThe Override PatternAdvanced Conditions (CEL)The Evaluation ContextSupported OperatorsCommon Macros & FunctionsExample Usage