Deconvolute SDK
The MCP Firewall (Infrastructure Protection)

Transport Origin Validation

Prevent Server Identity Spoofing by binding security identities to physical transports.

In standard MCP, server identity is self-attested. During initialization, the server tells the client its name. If an attacker redirects your agent into connecting to a malicious server, that server can simply hardcode its initialization response to match a highly trusted entity in your policy.yaml (like secure_local_db).

To mitigate this Server Identity Spoofing, Deconvolute provides Strict Origin Validation. This decouples the security identity from the self-reported metadata and binds it directly to the verifiable physical transport layer.

Transport Definitions

You can define strict transport requirements in your policy.yaml using a discriminated union for either stdio or sse connections.

version: "2.0"
default_action: block
servers:
  # Strictly bound to its local execution origin
  secure_local_db:
    transport:
      type: "stdio"
      command: "node"
      args: ["build/index.js"]
    tools:
      - name: "query_db"
        action: allow

  # Strictly bound to its verified network endpoint
  secure_remote_agent:
    transport:
      type: "sse"
      url: "https://api.trusted-ai-backend.com/v1/sse"
    tools:
      - name: "trigger_workflow"
        action: allow

Secure Context Managers

Instead of managing the raw MCP transport and wrapping the session manually with mcp_guard(), you can use the dedicated secure wrappers. These abstract the boilerplate and capture the transport metadata securely.

  from mcp import StdioServerParameters
  from deconvolute.core.api import secure_stdio_session
  from deconvolute.errors import TransportSpoofingError

  params = StdioServerParameters(command="node", args=["build/index.js"])

  try:
      # Deconvolute intercepts the transport parameters and validates them against the policy
      async with secure_stdio_session(
        params, 
        policy_path="policy.yaml", 
        integrity="strict"
        ) as session:
          await session.initialize()
          await session.list_tools()
          # ... execution
  except TransportSpoofingError as e:
      print(f"Infrastructure Attack Prevented: {e}")

typescript // TODO

If the server is lying about its transport origin, Deconvolute fails closed by raising a TransportSpoofingError before yielding the session context. This prevents your application from accidentally utilizing a malicious connection.

Strict Integrity Mode

Prevent Rug Pull attacks by verifying tools immediately before execution.

Observability & Auditing

Keep a record of every tool discovery and execution event.

On this page

Transport DefinitionsSecure Context Managers