ABS Core v3.5.0

MCP Firewall & Integration

How ABS Core intercepts Model Context Protocol (MCP) tool calls to enforce enterprise governance.

MCP Firewall: Securing the Agent Interface

The Model Context Protocol (MCP) is the emerging standard for agent-to-environment interaction. However, native MCP has no built-in governance layer. ABS Core fills this gap by acting as a Layer 7 Firewall for MCP.

How the MCP Firewall Works

ABS Core intercepts the binary gRPC stream (or JSON-RPC) between an agent and its MCP server. It evaluates tool calls against the WASM Core Engine before they reach the environment.

The Interception Flow

sequenceDiagram
    participant A as Agent (LLM)
    participant G as ABS Governance Gateway
    participant P as Policy Engine (WASM)
    participant S as MCP Server (Environment)

    A->>G: request_tool_execution(call_data)
    G->>P: evaluate_policy(context, tool, args)
    P-->>G: Result (ALLOW | DENY | CHALLENGE)
    
    alt ALLOW
        G->>S: forward_call(data)
        S-->>G: tool_response
        G-->>A: tool_response
    else DENY
        G-->>A: error(Blocked by Policy)
    end

Key Features for Enterprises

1. Granular Tool Permissions

Grant an agent access to list_files but block delete_file or write_file based on the user's IAM role, even if the MCP server itself has broad permissions.

2. Parameter Sanitization & Masking

If an agent attempts to pass sensitive data (PII, secrets) as a tool argument, the ABS Firewall can redact or mask those parameters before they leave the secure enclave.

3. JIT Secret Injection

Instead of providing the agent with an API key for a tool, the ABS Gateway injects the SENTRY_DSN or STRIPE_KEY at the proxy level just as the request is forwarded to the MCP server. The agent never sees the secret.

Implementation Example

To protect a standard MCP-based development environment:

# policy.yaml
mcp_rules:
  - tool: "run_command"
    allow_regex: "^(npm install|pnpm build)$"
    deny_regex: ".*(rm -rf|curl|wget).*"
    risk_level: "high"
  - tool: "read_file"
    mask: ["password", "token", "secret"]

Why This Matters

Without the ABS MCP Firewall, an agent that achieves a "jailbreak" or follows a malicious instruction can execute arbitrary commands on your infrastructure. ABS Core provides the Deterministic Barrier that ensures the agent only does exactly what it is authorized to do.

Nesta página

MCP Firewall: Securing the Agent InterfaceHow the MCP Firewall WorksThe Interception FlowKey Features for Enterprises1. Granular Tool Permissions2. Parameter Sanitization & Masking3. JIT Secret InjectionImplementation ExampleWhy This Matters