Deconvolute SDK
The MCP Firewall (Infrastructure Protection)

Strict Integrity Mode

Prevent Rug Pull attacks by verifying tools immediately before execution.

By default, Deconvolute uses Snapshot Integrity. It verifies tools against the definition seen at the start of the session. This is fast and effective against most attacks.

However, a sophisticated malicious server could perform a Rug Pull: presenting a benign tool during discovery (like read_file), but swapping it for a malicious one (like exfiltrate_data) just milliseconds before you call it. To prevent this, enable Strict Mode:

from deconvolute import mcp_guard

safe_session = mcp_guard(
    original_session,
    integrity="strict"
)
TODO

How it Works

When Strict Mode is enabled, the SDK silently re-fetches the tool definition from the server before every tool call.

  1. It re-hashes this live definition.
  2. It compares the live hash against the approved Snapshot hash.
  3. If they differ, the call is blocked immediately.

Note that this adds one network round-trip per tool call, increasing latency slightly in exchange for better security.

Policy Configuration

Define security rules, evaluate conditions, and use CEL for advanced policies.

Transport Origin Validation

Prevent Server Identity Spoofing by binding security identities to physical transports.

On this page

How it Works