> For the complete documentation index, see [llms.txt](https://docs.bluerock.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.bluerock.io/bluerock-secure-mcp/understanding-mcp-policies.md).
# Understanding MCP Policies
### Overview
BlueRock Secure MCP Server enforces runtime security controls through configurable MCP Protection Policies.
Policies are evaluated at runtime for both MCP client requests and MCP server responses. They operate as an enforcement layer and do not require infrastructure redeployment.
When remediation is enabled (`remediate: true`), the MCP client or server program execution is terminated upon a policy violation. When remediation is disabled (`remediate: false`), BlueRock Secure MCP Server operates in observe mode and logs policy violations while allowing execution to continue.
MCP policies can be applied to MCP servers implemented in:
• Python MCP servers\
• JavaScript / TypeScript MCP servers
Policies regulate:
* MCP client-server connections
* Transport protocols (HTTP, SSE, stdio)
* Authentication requirements
* Tool execution behavior
* Resource access controls
* Prompt invocation restrictions
* Pattern-based detection in arguments and responses
***
### Policy Categories
MCP policies are logically grouped based on the type of control they enforce.
#### 1. Connection Control Policies
Control how MCP clients connect to MCP servers.
Capabilities include:
* Restricting stdio, HTTP, or SSE transports
* Enforcing authentication for HTTP/SSE connections
* Configuring exception lists for specific MCP server programs or URLs
***
#### 2. Tool Execution Policies
Control how MCP clients invoke tools exposed by MCP servers.
Capabilities include:
* Restricting execution of specific tools
* Detecting forbidden patterns in tool arguments
* Inspecting tool responses for unsafe content
***
#### 3. Resource Access Policies
Control access to MCP-exposed resources.
Capabilities include:
* Denying specific resource URIs
* Applying server-specific resource rules
***
#### 4. Prompt Execution Policies
Control prompt execution behavior within MCP interactions.
Capabilities include:
* Denying specific prompts from specific MCP server
* Detecting unsafe prompt arguments
* Inspecting prompt responses for restricted patterns
***
#### 5. Built-in MCP request/response message audit policies
Provide predefined detection for common risky patterns such as:
* Dangerous shell commands
* Privilege escalation attempts
* Sensitive file paths
* Suspicious network commands
* Potential data exfiltration behavior
These apply across tool calls, prompt execution, and resource interactions.
***
## MCP Protection Policies – Use Cases
This section demonstrates runtime enforcement behavior for MCP client-server interactions in 26.08.0 Release.
#### Prerequisites:
This section assumes the following setup is completed:
• Create an MCP project directory\
• Create a Python virtual environment\
• Create FastMCP client and FastMCP server programs\
• Install the fastmcp package\
• Install the bluepython package\
• Load the bluepython package before executing the client or server program
***
## MCP Connection Control
***
### Deny Client Connection to stdio Server
#### Policy Configuration
{% tabs %}
{% tab title="Python" %}
```shellscript
"stdio": {
"deny_stdio": true,
"exception_list": []
},
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
"stdio": {
"deny_stdio": true,
"exception_list": []
},
```
{% endtab %}
{% endtabs %}
#### Running MCP Client with MCP stdio Server
{% tabs %}
{% tab title="Python" %}
```shellscript
python mcp_client.py --mcp_server mcp_fileserver_stdio.py tools --list
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
node --import bluejs tests/mcp_client.js \
--mcp_server tests/mcp_fileserver_stdio.js \
tools --list
```
{% endtab %}
{% endtabs %}
#### Expected Behavior
| Policy Configuration | Result |
| -------------------- | ----------------------------------------------------------------- |
| remediate: false | Connection allowed, violation logged (WARN) |
| remediate: true | Connection blocked, violation logged as ERROR, program terminated |
#### OTEL Violation (Observe)
{% tabs %}
{% tab title="Python" %}
{% code expandable="true" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: deny_stdio | Type: MCP stdio server not allowed | Description: Command python mcp_fileserver_stdio.py is not permitted | Location: message.command message.args | Detected Content: python mcp_fileserver_stdio.py",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endcode %}
{% endtab %}
{% tab title="JS/TS" %}
{% code expandable="true" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: deny_stdio | Type: MCP stdio server not allowed | Description: Command python mcp_fileserver_stdio.py is not permitted | Location: message.command message.args | Detected Content: python mcp_fileserver_stdio.py",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endcode %}
{% endtab %}
{% endtabs %}
#### OTEL Violation (Enforce)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: deny_stdio | Type: MCP stdio server not allowed | Description: Command python mcp_fileserver_stdio.py is not permitted | Location: message.command message.args | Detected Content: python mcp_fileserver_stdio.py",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic Python sensor",
"remediation_kind": "block",
"sensor_id": 8961,
"source_event_id": 1,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: deny_stdio | Command node --import bluejs tests/mcp_fileserver_stdio.js is not permitted",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-8-12",
"origin": "acoustic JavaScript sensor",
"remediation_kind": "block",
"sensor_id": 5717,
"source_event_id": 2,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% endtabs %}
***
### Deny stdio with Exception
#### Policy Configuration
{% tabs %}
{% tab title="Python" %}
```shellscript
"stdio": {
"deny_stdio": true,
"exception_list": [{"command": "python", "args": "mcp_fileserver_stdio.py"}]
},
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
"stdio": {
"deny_stdio": true,
"exception_list": [
{
"command": "node",
"args": "--import bluejs tests/mcp_fileserver_stdio.js"
}
]
},
```
{% endtab %}
{% endtabs %}
#### Running MCP Client with MCP stdio Server
{% tabs %}
{% tab title="Python" %}
```shellscript
python mcp_client.py --mcp_server mcp_fileserver_stdio.py tools --list
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
node --import bluejs tests/mcp_client.js \
--mcp_server tests/mcp_fileserver_stdio.js \
tools --list
```
{% endtab %}
{% endtabs %}
#### Expected Behavior
Matching command in exception list is allowed.\
No policy violation event is generated.\
A source event for the stdio connection is emitted.
**Source Event**
{% code expandable="true" %}
```shellscript
{
"body": {
"context": {
"process": {
"pid": 57817
}
},
"entity_id": "ced0a915-a2a0-4e0c-b7eb-29c2497209e7",
"server": {
"args": [
"--import",
"bluejs",
"tests/mcp_fileserver_stdio.js"
],
"command": "node",
"type": "stdio"
}
},
"severity_number": 9,
"severity_text": "INFO",
"attributes": {
"domain": "gyro",
"event_name": "js_mcp_client_connect",
"hostid": "ip-172-31-8-12",
"origin": "bluejs",
"sensor_id": 5717,
"source_event_id": 2,
"type": "event"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endcode %}
***
### Deny Client Connection to HTTP Server
#### Policy Configuration
{% tabs %}
{% tab title="Python" %}
```shellscript
"http_servers": {
"deny_http": true,
"deny_sse": false,
"exception_list": [],
"force_authentication": false
},
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
"http_servers": {
"deny_http": true,
"deny_sse": false,
"exception_list": [],
"force_authentication": false
},
```
{% endtab %}
{% endtabs %}
#### **Running MCP Client with MCP HTTP Server**
{% tabs %}
{% tab title="Python" %}
```shellscript
python mcp_client.py --mcp_server http://0.0.0.0:8001/mcp --mcp_auth_token dev-token tools --list
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
node --import bluejs tests/mcp_client.js \
--mcp_server http://0.0.0.0:8001/mcp \
--mcp_auth_token dev-token \
tools --list
```
{% endtab %}
{% endtabs %}
#### Expected Behavior
| Mode | Result |
| ---------------- | -------------------------------- |
| remediate: false | Connection succeeds, WARN logged |
| remediate: true | Connection blocked |
#### OTEL Violation (Observe)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_allowed_http_servers | Type: HTTP (no ssl/tls) connections not allowed | Description: HTTP server URL 'http://127.0.0.1:8001/mcp' is not permitted | Location: message.url | Detected Content: http://127.0.0.1:8001/mcp",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro"
"type": "log"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_allowed_http_servers | Type: HTTP (no ssl/tls) connections not allowed | Description: HTTP server URL 'http://127.0.0.1:8001/mcp' is not permitted | Location: message.url | Detected Content: http://127.0.0.1:8001/mcp",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro"
"type": "log"
}
}
```
{% endtab %}
{% endtabs %}
#### OTEL Violation (Enforce)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_allowed_http_servers | Type: HTTP (no ssl/tls) connections not allowed | Description: HTTP server URL 'http://127.0.0.1:8001/mcp' is not permitted | Location: message.url | Detected Content: http://127.0.0.1:8001/mcp",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic Python sensor",
"remediation_kind": "block",
"sensor_id": 2692,
"source_event_id": 1,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_allowed_http_servers | Type: HTTP (no ssl/tls) connections not allowed | Description: HTTP server URL 'http://127.0.0.1:8001/mcp' is not permitted | Location: message.url | Detected Content: http://127.0.0.1:8001/mcp",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic JavaScript sensor",
"remediation_kind": "block",
"sensor_id": 2692,
"source_event_id": 1,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% endtabs %}
***
### Deny HTTP Server with Exception
#### Policy Configuration
{% tabs %}
{% tab title="Python" %}
```shellscript
"http_servers": {
"deny_http": true,
"deny_sse": false,
"exception_list": [" http://0.0.0.0:8001/mcp"],
"force_authentication": false
},
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
"http_servers": {
"deny_http": true,
"deny_sse": false,
"exception_list": [
"http://0.0.0.0:8001/mcp"
],
"force_authentication": false
},
```
{% endtab %}
{% endtabs %}
#### Running MCP Client with MCP HTTP Server
{% tabs %}
{% tab title="Python" %}
```shellscript
python mcp_client.py --mcp_server http://0.0.0.0:8001/mcp --mcp_auth_token dev-token tools --list
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
node --import bluejs tests/mcp_client.js \
--mcp_server http://0.0.0.0:8001/mcp \
--mcp_auth_token dev-token \
tools --list
```
{% endtab %}
{% endtabs %}
#### Expected Behavior
HTTP connections blocked by default.\
URL in exception list is allowed. No violation event generated.
**Example Source Event**
{% code expandable="true" %}
```shellscript
{
"body": {
"context": {
"process": {
"pid": 58843
}
},
"entity_id": "8ec00313-5e83-4d60-be2f-f90297f0f451",
"server": {
"auth": true,
"type": "http",
"url": "http://127.0.0.1:8001/mcp"
}
},
"severity_number": 9,
"severity_text": "INFO",
"attributes": {
"domain": "gyro",
"event_name": "js_mcp_client_connect",
"hostid": "ip-172-31-8-12",
"origin": "bluejs",
"sensor_id": 5722,
"source_event_id": 2,
"type": "event"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
```
{% endcode %}
***
### Deny any mcp server connection without authentication
#### **Policy Configuration**
{% tabs %}
{% tab title="Python" %}
```shellscript
"http_servers": {
"deny_http": false,
"deny_sse": false,
"exception_list": [],
"force_authentication": true
},
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
"http_servers": {
"deny_http": false,
"deny_sse": false,
"exception_list": [],
"force_authentication": true
},
```
{% endtab %}
{% endtabs %}
#### Running MCP Client with MCP HTTP Server
{% tabs %}
{% tab title="Python" %}
```shellscript
python mcp_client.py --mcp_server http://0.0.0.0:8001/mcp tools --list
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
node --import bluejs tests/mcp_client.js \
--mcp_server http://0.0.0.0:8001/mcp \
tools --list
```
{% endtab %}
{% endtabs %}
#### Expected Behavior
| Mode | Result |
| ---------------- | ----------------------------------------------- |
| remediate: false | Unauthenticated connection allowed, WARN logged |
| remediate: true | Unauthenticated connection blocked |
#### OTEL Violation (Observe)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_allowed_http_servers | Type: Unauthenticated HTTP request are not permited | Description: Unauthenticated HTTP request to http://127.0.0.1:8001/mcp | Location: message.url | Detected Content: http://127.0.0.1:8001/mcp",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_allowed_http_servers | Type: Unauthenticated HTTP request are not permited | Description: Unauthenticated HTTP request to http://127.0.0.1:8001/mcp | Location: message.url | Detected Content: http://127.0.0.1:8001/mcp",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% endtabs %}
#### OTEL Violation (Enforce)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_allowed_http_servers | Type: Unauthenticated HTTP request not permitted | Description: Unauthenticated HTTP request to http://127.0.0.1:8001/mcp | Location: message.url | Detected Content: http://127.0.0.1:8001/mcp"
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic Python sensor",
"remediation_kind": "block",
"sensor_id": 2692,
"source_event_id": 1,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_allowed_http_servers | Type: HTTP (no ssl/tls) connections not allowed | Description: HTTP server URL 'http://127.0.0.1:8001/mcp' is not permitted | Location: message.url | Detected Content: http://127.0.0.1:8001/mcp",
"origin": "acoustic JavaScript sensor",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-8-12",
"remediation_kind": "block",
"sensor_id": 5722,
"source_event_id": 2,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% endtabs %}
***
## MCP Tool Execution Control
***
### Tool Overwrite - Denied tools are excluded from the tool/list
#### Policy Configuration
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"server": {
"enable": true,
"remediate": true,
"tools": {"FileServer": {"deny_list": ["remove_file"]}},
"prompts": {},
"resources": {}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"server": {
"enable": true,
"remediate": true,
"tools": { "FileServer": { "deny_list": ["remove_file"] }},
"prompts": {},
"resources": {}
}
```
{% endtab %}
{% endtabs %}
#### Running MCP Client with MCP HTTP Server
{% tabs %}
{% tab title="Python" %}
```shellscript
python mcp_client.py --mcp_server http://0.0.0.0:8001/mcp --mcp_auth_token dev-token tools --list
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
node --import bluejs tests/mcp_client.js \
--mcp_server http://0.0.0.0:8001/mcp \
--mcp_auth_token dev-token \
tools --list
```
{% endtab %}
{% endtabs %}
#### Expected Behavior
| Mode | Result |
| ---------------- | ---------------------------------------- |
| remediate: false | Tool is listed and violation logged |
| remediate: true | Tool is excluded from the list of tools. |
#### OTEL Violation (Observe)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Tools stripped from tool discovery result from server 'FileServer'. Blocked tools: remove_file",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Tools stripped from tool discovery result from server 'FileServer'. Blocked tools: remove_file",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% endtabs %}
#### OTEL Violation (Enforce)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_patterns_in_tools_resp | Type: pattern detection | Description: Tools stripped from tool discovery result from server 'FileServer' due to forbidden patterns | Location: tools.response | Detected Content: N/A"
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic Python sensor",
"remediation_kind": "block",
"sensor_id": 9873,
"source_event_id": 6,
"type": "remediation"
},
"scope": {
"name": "bluerock"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_patterns_in_tools_resp | Type: pattern detection | Description: Tools stripped from tool discovery result from server 'FileServer' due to forbidden patterns | Location: tools.response | Detected Content: N/A"
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic JavaScript sensor",
"remediation_kind": "block",
"sensor_id": 2692,
"source_event_id": 1,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% endtabs %}
***
### Deny Specific Tool from Specific MCP Server
#### Policy Configuration
{% tabs %}
{% tab title="Python" %}
```shellscript
"server": {
"enable": true,
"remediate": true,
"tools": {"FileServer": {"deny_list": ["remove_file"]}},
"prompts": {},
"resources": {}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
"server": {
"enable": true,
"remediate": true,
"tools": {"FileServer": {"deny_list": ["remove_file"]}},
"prompts": {},
"resources": {}
}
```
{% endtab %}
{% endtabs %}
#### Running MCP Client with MCP HTTP Server
{% tabs %}
{% tab title="Python" %}
```shellscript
python mcp_client.py --mcp_server http://0.0.0.0:8001/mcp --mcp_auth_token dev-token tools --tool_cmd remove_file --tool_args '{"filename" : "testfile.tmp"}'
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
node --import bluejs tests/mcp_client.js \
--mcp_server http://0.0.0.0:8001/mcp \
--mcp_auth_token dev-token \
tools --tool_cmd remove_file --tool_args '{"filename" : "testfile.tmp"}'
```
{% endtab %}
{% endtabs %}
#### Expected Behavior
| Mode | Result |
| ---------------- | ------------------------------- |
| remediate: false | Tool executes, violation logged |
| remediate: true | Tool call blocked |
#### OTEL Violation (Observe)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_client_request_allowed | Type: Client Tools Request Denied | Description: Tool requested is not allowed | Location: message.params.name | Detected Content: Server: '\"FileServer\"', Tool: '\"list_files\"'",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_client_request_allowed | Type: Client Tools Request Denied | Description: Tool requested is not allowed | Location: message.params.name | Detected Content: Server: '\"FileServer\"', Tool: '\"list_files\"'",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% endtabs %}
#### **OTEL Violation (Enforce)**
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_client_request_allowed | Type: Client Tools Request Denied | Description: Tool requested is not allowed | Location: message.params.name | Detected Content: Server: '\"FileServer\"', Tool: '\"list_files\"'",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic Python sensor",
"remediation_kind": "block",
"sensor_id": 9197,
"source_event_id": 10,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_client_request_allowed | Type: Client Tools Request Denied | Description: Tool requested is not allowed | Location: message.params.name | Detected Content: Server: '\"FileServer\"', Tool: '\"list_files\"'",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic JavaScript sensor",
"remediation_kind": "block",
"sensor_id": 9197,
"source_event_id": 10,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% endtabs %}
***
### Tool Argument Pattern Detection
#### Policy Configuration
{% tabs %}
{% tab title="Python" %}
```shellscript
"forbidden_tool_argument_patterns": [
"\\b(?:ls|cat|grep|ps|rm|mv|cp|chmod|chown)\\b"
]
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
"forbidden_tool_argument_patterns": [
"\\b(?:ls|cat|grep|ps|rm|mv|cp|chmod|chown)\\b"
]
```
{% endtab %}
{% endtabs %}
#### Running MCP Client with MCP HTTP Server
{% tabs %}
{% tab title="Python" %}
```shellscript
python mcp_client.py \
--mcp_server http://0.0.0.0:8001/mcp \
--mcp_auth_token dev-token \
tools \
--tool_cmd read_file \
--tool_args '{"filename":"test_script.bash"}'
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
node --import bluejs tests/mcp_client.js \
--mcp_server http://0.0.0.0:8001/mcp \
--mcp_auth_token dev-token \
tools \
--tool_cmd read_file \
--tool_args '{"filename":"test_script.bash"}'
```
{% endtab %}
{% endtabs %}
If the tool argument contains commands matching the built-in forbidden patterns (for example `cat`, `rm`, `grep`, etc.), the request triggers the built-in MCP audit policy.
#### Expected Behavior
| Mode | Result |
| ---------------- | -------------------------- |
| remediate: false | Tool executes, WARN logged |
| remediate: true | Tool blocked |
#### OTEL Violation (Observe)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_patterns_in_tools_arguments | Type: pattern detection | Description: \\b(?:ls|cat|grep|ps|rm|mv|cp|chmod|chown)\\b: '\"cat\" (0..3)' | Location: arguments.command | Detected Content: cat test_script.bash",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_patterns_in_tools_arguments | Type: pattern detection | Description: \\b(?:ls|cat|grep|ps|rm|mv|cp|chmod|chown)\\b: '\"cat\" (0..3)' | Location: arguments.command | Detected Content: cat test_script.bash",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% endtabs %}
#### **OTEL Violation (Enforce)**
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_patterns_in_tools_arguments | Type: pattern detection | Description: \\b(?:ls|cat|grep|ps|rm|mv|cp|chmod|chown)\\b: '\"cat\" (0..3)' | Location: arguments.command | Detected Content: cat test_script.bash",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic Python sensor",
"remediation_kind": "block",
"sensor_id": 7345,
"source_event_id": 16,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_patterns_in_tools_arguments | Type: pattern detection | Description: \\b(?:ls|cat|grep|ps|rm|mv|cp|chmod|chown)\\b: '\"cat\" (0..3)' | Location: arguments.command | Detected Content: cat test_script.bash",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-8-12",
"origin": "acoustic JavaScript sensor",
"remediation_kind": "block",
"sensor_id": 5722,
"source_event_id": 2,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% endtabs %}
***
### Tool Response Pattern Detection
#### Policy Configuration
{% tabs %}
{% tab title="Python" %}
```shellscript
"forbidden_tool_response_patterns": [ "\\b(?:bash|sh|curl|wget|nc)\\b"]
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
"forbidden_tool_response_patterns": [ "\\b(?:bash|sh|curl|wget|nc)\\b"]
```
{% endtab %}
{% endtabs %}
#### Running MCP Client with MCP HTTP Server
{% tabs %}
{% tab title="Python" %}
{% code expandable="true" %}
```shellscript
python mcp_client.py --mcp_server http://0.0.0.0:8001/mcp --mcp_auth_token dev-token tools --tool_cmd read_file --tool_args '{"filename":"unsafetext.txt"}'
```
{% endcode %}
{% endtab %}
{% tab title="JS/TS" %}
{% code expandable="true" %}
```shellscript
node --import bluejs tests/mcp_client.js --mcp_server http://0.0.0.0:8001/mcp --mcp_auth_token dev-token tools --tool_cmd read_file --tool_args '{"filename":"unsafetext.txt"}'
```
{% endcode %}
{% endtab %}
{% endtabs %}
#### **Expected Behavior**
If tool output contains forbidden patterns:
| Mode | Result |
| ---------------- | ---------------------------------- |
| remediate: false | Response allowed, violation logged |
| remediate: true | Response blocked |
#### OTEL Violation (Observe)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_patterns_in_tool_resp | Type: pattern detection | Description: \\b(?:curl|wget|ssh|scp|rsync|nc|netcat)\\b: '\"nc\" (0..2)' | Location: content[0].[\"text\"] | Detected Content: nc -lnvp 1234\n",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_patterns_in_tool_resp | Type: pattern detection | Description: \\b(?:curl|wget|ssh|scp|rsync|nc|netcat)\\b: '\"nc\" (0..2)' | Location: content[0].[\"text\"] | Detected Content: nc -lnvp 1234\n",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% endtabs %}
#### OTEL Violation (Enforce)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_patterns_in_tools_arguments | Type: pattern detection | Description: \\b(?:ls|cat|grep|ps|rm|mv|cp|chmod|chown)\\b: '\"cat\" (0..3)' | Location: arguments.command | Detected Content: cat test_script.bash",
"origin": "acoustic Python sensor",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic Python sensor",
"remediation_kind": "block",
"sensor_id": 9874,
"source_event_id": 6,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_patterns_in_tools_arguments | Type: pattern detection | Description: \\b(?:ls|cat|grep|ps|rm|mv|cp|chmod|chown)\\b: '\"cat\" (0..3)' | Location: arguments.command | Detected Content: cat test_script.bash",
"origin": "acoustic JavaScript sensor",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic JavaScript sensor",
"remediation_kind": "block",
"sensor_id": 9874,
"source_event_id": 6,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% endtabs %}
***
## MCP Resource Access Control
***
### Deny Specific Resource
#### Policy Configuration
{% tabs %}
{% tab title="Python" %}
```shellscript
"server": {
"enable": true,
"remediate": true,
"tools": {},
"prompts": {},
"resources": {"FileServer": {"deny_list": ["config://app-settings"]}}
},
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
"server": {
"enable": true,
"remediate": true,
"tools": {},
"prompts": {},
"resources": {
"FileServer": {
"deny_list": ["config://app-settings"]
}
}
},
```
{% endtab %}
{% endtabs %}
#### Running MCP Client with MCP HTTP Server
Run the MCP client with a resource URI that matches the `deny_list`.
{% tabs %}
{% tab title="Python" %}
```shellscript
python mcp_client.py --mcp_server http://0.0.0.0:8001/mcp --mcp_auth_token dev-token resources --resource_uri config://app-settings
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
node --import bluejs tests/mcp_client.js \
--mcp_server http://0.0.0.0:8001/mcp \
--mcp_auth_token dev-token \
resources \
--resource_uri config://app-settings
```
{% endtab %}
{% endtabs %}
#### Expected Behavior
| Mode | Result |
| ---------------- | ---------------------------------- |
| remediate: false | Resource allowed, violation logged |
| remediate: true | Resource access denied |
#### OTEL Violation (Observe)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_server_request_allowed | Type: Server Resources Request Denied | Description: Resource requested is not allowed | Location: message.params.uri | Detected Content: Server: '\"FileServer\"', Resource: '\"config://app-settings\"'",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_server_request_allowed | Type: Server Resources Request Denied | Description: Resource requested is not allowed | Location: message.params.uri | Detected Content: Server: '\"FileServer\"', Resource: '\"config://app-settings\"'",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% endtabs %}
#### OTEL Violation (Enforce)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_server_request_allowed | Type: Server Resources Request Denied | Description: Resource requested is not allowed | Location: message.params.uri | Detected Content: Server: '\"FileServer\"', Resource: '\"config://app-settings\"'",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic Python sensor",
"remediation_kind": "block",
"sensor_id": 7345,
"source_event_id": 11,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_patterns_in_tool_resp | Type: pattern detection | Description: \\b(?:curl|wget|ssh|scp|rsync|nc|netcat)\\b: '\"nc\" (0..2)' | Location: content[0].[\"text\"] | Detected Content: nc -lnvp 1234\n",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic JavaScript sensor",
"remediation_kind": "block",
"sensor_id": 9873,
"source_event_id": 6,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
```
{% endtab %}
{% endtabs %}
***
## MCP Prompt Execution Control
***
### Deny Specific Prompt
#### Policy Configuration
{% tabs %}
{% tab title="Python" %}
```shellscript
"server": {
"enable": true,
"remediate": true,
"tools": {},
"prompts": {"FileServer": {"deny_list": ["useful_helper_prompt"]}},
"resources": {}
},
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
"server": {
"enable": true,
"remediate": true,
"tools": {],
"prompts": {"FileServer": {"deny_list": ["useful_helper_prompt"]}},
"resources": {}
},
```
{% endtab %}
{% endtabs %}
#### Running MCP Client with MCP HTTP Server
{% tabs %}
{% tab title="Python" %}
```shellscript
python mcp_client.py --mcp_server http://0.0.0.0:8001/mcp --mcp_auth_token dev-token prompts --prompt_name useful_helper_prompt --prompt_args '{"lang": "java"}'
```
{% endtab %}
{% tab title="JS/TS " %}
```shellscript
node --import bluejs tests/mcp_client.js \
--mcp_server http://0.0.0.0:8001/mcp \
--mcp_auth_token dev-token \
prompts \
--prompt_name useful_helper_prompt \
--prompt_args '{"lang":"java"}'
```
{% endtab %}
{% endtabs %}
#### Expected Behavior
| Mode | Result |
| ---------------- | ------------------------------------------------------------------------ |
| remediate: false | Prompt execution proceeds, but a violation event is generated. |
| remediate: true | Prompt invocation is blocked and the MCP client execution is terminated. |
#### OTEL Violation (Observe)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_server_request_allowed | Type: Server Prompts Request Denied | Description: Prompt requested is not allowed | Location: message.params.name | Detected Content: Server: '\"FileServer\"', Prompt: '\"useful_helper_prompt\"'",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_server_request_allowed | Type: Server Prompts Request Denied | Description: Prompt requested is not allowed | Location: message.params.name | Detected Content: Server: '\"FileServer\"', Prompt: '\"useful_helper_prompt\"'",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% endtabs %}
#### OTEL Violation (Enforce)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_server_request_allowed | Type: Server Resources Request Denied | Description: Resource requested is not allowed | Location: message.params.uri | Detected Content: Server: '\"FileServer\"', Resource: '\"config://app-settings\"'",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic Python sensor",
"remediation_kind": "block",
"sensor_id": 7345,
"source_event_id": 16,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_server_request_allowed | Type: Server Prompts Request Denied | Description: Prompt requested is not allowed | Location: message.params.name | Detected Content: Server: '\"FileServer\"', Prompt: '\"useful_helper_prompt\"'",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-8-12",
"origin": "acoustic JavaScript sensor",
"remediation_kind": "block",
"sensor_id": 5722,
"source_event_id": 2,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% endtabs %}
***
### Prompt Argument Pattern Detection
#### Policy Configuration
{% tabs %}
{% tab title="Python" %}
```shellscript
"forbidden_prompt_arg_patterns": [
"\\b(?:bash|sh|curl|wget|nc|sudo)\\b"
]
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
"forbidden_prompt_arg_patterns": [
"\\b(?:bash|sh|curl|wget|nc|sudo)\\b"
]
```
{% endtab %}
{% endtabs %}
#### Running MCP Client with MCP HTTP Server
{% tabs %}
{% tab title="Python" %}
```shellscript
python mcp_client.py --mcp_server http://0.0.0.0:8001/mcp --mcp_auth_token dev-token prompts --prompt_name useful_helper_prompt --prompt_args '{"lang": "bash"}'
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
node --import bluejs tests/mcp_client.js \
--mcp_server http://0.0.0.0:8001/mcp \
--mcp_auth_token dev-token \
prompts \
--prompt_name useful_helper_prompt \
--prompt_args '{"lang":"bash"}'
```
{% endtab %}
{% endtabs %}
#### Expected Behavior
| Mode | Result |
| ---------------- | ------------------------------------------------------------------------ |
| remediate: false | Prompt execution proceeds, but a violation event is generated. |
| remediate: true | Prompt invocation is blocked and the MCP client execution is terminated. |
#### OTEL Violation (Observe)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_patterns_in_prompt_arguments | Type: pattern detection | Description: \\b(?:bash|sh|zsh|fish|csh|tcsh)\\b: '\"bash\" (0..4)' | Location: arguments.lang | Detected Content: bash",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_patterns_in_prompt_arguments | Type: pattern detection | Description: \\b(?:bash|sh|zsh|fish|csh|tcsh)\\b: '\"bash\" (0..4)' | Location: arguments.lang | Detected Content: bash",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% endtabs %}
#### OTEL Violation (Enforce)
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_patterns_in_prompt_arguments | Type: pattern detection | Description: \\b(?:bash|sh|zsh|fish|csh|tcsh)\\b: '\"bash\" (0..4)' | Location: arguments.lang | Detected Content: bash",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic Python sensor",
"remediation_kind": "block",
"sensor_id": 9858,
"source_event_id": 8,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_patterns_in_prompt_arguments | Prompt invocation blocked due to forbidden content: bash",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-8-12",
"origin": "acoustic JavaScript sensor",
"remediation_kind": "block",
"sensor_id": 5722,
"source_event_id": 2,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endtab %}
{% endtabs %}
***
### Prompt Response Pattern Detection
#### Policy Configuration
{% tabs %}
{% tab title="Python" %}
```shellscript
"forbidden_prompt_response_patterns": [ "\\b(?:curl|wget|nc|ssh)\\b"]
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
"forbidden_prompt_response_patterns": [ "\\b(?:curl|wget|nc|ssh)\\b"]
```
{% endtab %}
{% endtabs %}
#### Running MCP Client with MCP HTTP Server
{% tabs %}
{% tab title="Python" %}
{% code expandable="true" %}
```shellscript
python mcp_client.py --mcp_server http://0.0.0.0:8001/mcp --mcp_auth_token dev-token prompts --prompt_name useful_helper_prompt --prompt_args '{ "lang": "java" }'
```
{% endcode %}
{% endtab %}
{% tab title="JS/TS" %}
{% code expandable="true" %}
```shellscript
node --import bluejs tests/mcp_client.js --mcp_server http://0.0.0.0:8001/mcp --mcp_auth_token dev-token prompts --prompt_name useful_helper_prompt --prompt_args '{ "lang": "java" }'
```
{% endcode %}
{% endtab %}
{% endtabs %}
#### Expected Behavior
If response contains `nc`, `curl`, etc:
| Mode | Result |
| ---------------- | ---------------------------------- |
| remediate: false | Response allowed, violation logged |
| remediate: true | Response blocked |
#### OTEL Violation (Observe)
{% tabs %}
{% tab title="Python" %}
{% code expandable="true" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_patterns_in_prompt_resp | Type: pattern detection | Description: \\b(?:curl|wget|ssh|scp|rsync|nc|netcat)\\b: '\"nc\" (76..78)' | Location: messages[0].[\"content\", \"text\"] | Detected Content: You are an expert in java. create or update file using java code that uses nc.",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endcode %}
{% endtab %}
{% tab title="JS/TS" %}
{% code expandable="true" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_patterns_in_prompt_resp | Type: pattern detection | Description: \\b(?:curl|wget|ssh|scp|rsync|nc|netcat)\\b: '\"nc\" (76..78)' | Location: messages[0].[\"content\", \"text\"] | Detected Content: You are an expert in java. create or update file using java code that uses nc.",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endcode %}
{% endtab %}
{% endtabs %}
#### OTEL Violation (Enforce)
{% tabs %}
{% tab title="Python" %}
{% code expandable="true" %}
```shellscript
Please remove existing and add:
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_patterns_in_prompt_resp | Type: pattern detection | Description: \\b(?:curl|wget|ssh|scp|rsync|nc|netcat)\\b: '\"nc\" (53..55)' | Location: messages[0].[\"content\", \"text\"] | Detected Content: You are an expert in java. write java code that uses nc.",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic Python sensor",
"remediation_kind": "block",
"sensor_id": 9859,
"source_event_id": 8,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endcode %}
{% endtab %}
{% tab title="JS/TS" %}
{% code expandable="true" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 17,
"severity_text": "ERROR",
"attributes": {
"description": "Policy: check_patterns_in_prompt_resp | Type: pattern detection | Description: \\b(?:curl|wget|ssh|scp|rsync|nc|netcat)\\b: '\"nc\" (53..55)' | Location: messages[0].[\"content\", \"text\"] | Detected Content: You are an expert in java. write java code that uses nc.",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"hostid": "ip-172-31-22-6",
"origin": "acoustic JavaScript sensor",
"remediation_kind": "block",
"sensor_id": 9859,
"source_event_id": 8,
"type": "remediation"
},
"scope": {
"name": "bluerockd"
},
"resource": {
"service.name": "bluerock"
}
}
```
{% endcode %}
{% endtab %}
{% endtabs %}
***
### Message Size Violation
#### **Policy Configuration**
{% tabs %}
{% tab title="Python" %}
```shellscript
"message_threshold": {
"enable": true,
"remediate": true,
"threshold": 256
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
"message_threshold": {
"enable": true,
"remediate": true,
"threshold": 256
}
```
{% endtab %}
{% endtabs %}
***
#### **Running MCP Client with MCP HTTP Server**
{% tabs %}
{% tab title="Python" %}
```shellscript
python mcp_client.py \
--mcp_server http://0.0.0.0:8001/mcp \
--mcp_auth_token dev-token \
tools \
--tool_cmd write_file \
--tool_args '{"filename":"test.txt","content":""}'
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
node --import bluejs tests/mcp_client.js \
--mcp_server http://0.0.0.0:8001/mcp \
--mcp_auth_token dev-token \
tools \
--tool_cmd write_file \
--tool_args '{"filename":"test.txt","content":""}'
```
{% endtab %}
{% endtabs %}
***
#### **Expected Behavior**
| Mode | Behavior |
| ---------------- | ----------------------------------------- |
| remediate: false | Request proceeds; violation logged (WARN) |
| remediate: true | Request proceeds; violation logged (WARN) |
#### **OTEL Violation (Observe)**
{% tabs %}
{% tab title="Python" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_message_size | Type: Message size limit exceeded | Description: Message size of 272 bytes exceeds threshold of 256 bytes, sent by the Client | Location: message | Detected Content: N/A",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% tab title="JS/TS" %}
```shellscript
{
"body": "mcp_policy_violation",
"severity_number": 13,
"severity_text": "WARN",
"attributes": {
"description": "Policy: check_message_size | Type: Message size limit exceeded | Description: Message size of 272 bytes exceeds threshold of 256 bytes, sent by the Client | Location: message | Detected Content: N/A",
"domain": "gyro",
"event_name": "mcp_policy_violation",
"origin": "uc-gyro",
"type": "log"
}
}
```
{% endtab %}
{% endtabs %}
***
## Summary
| Mode | Behavior |
| ---------------- | ------------------------------------------- |
| remediate: false | Observe mode – Action allowed, WARN logged |
| remediate: true | Enforce mode – Action blocked, ERROR logged |
All violations are emitted as OTEL events and sent to external collector such as AWS CloudWatch based on the configurations.
* `event_name: mcp_policy_violation`
* `severity_text: WARN or ERROR`
* `type:`
* `"log" (observe events)`
* `"remediation" (enforce events)`
* `remediation_kind: "block" (enforce mode only)`
***
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.bluerock.io/bluerock-secure-mcp/understanding-mcp-policies.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.