Trust/Security/Allowlisting

Deterministic Allowlisting

Your CISO needs to control which MCP servers your AI agents can reach. Allowlist mode enforces that perimeter — deterministically, at the network layer, before any unapproved skill can execute.

Configure your allowlist Create account

What your CISO requires before any MCP deploymentEnterprise security policies increasingly mandate a pre-approved capability registry before AI agents are permitted to act on internal systems. Without it, any model can call any tool — including ones your security team has not reviewed. Allowlist mode closes that gap.

Operating Modes

Mode	Behavior	Best for	State
disabled	No filter. All skills callable.	Default. Dev/test environments.	open
allowlist	Only explicitly listed slugs and/or sectors are callable. All others blocked.	Highest-security deployments. CISO-mandated perimeters.	allowlist
blocklist	All skills callable except listed slugs.	Targeted exclusions with an otherwise open perimeter.	blocklist

Enforcement Order (every tools/call)

01

Token auth

Bearer token validated + revocation-checked. Request rejected before any check if invalid.

02

Allowlist gatethis feature

User's allowlist config loaded (60s in-process LRU). Slug matched against allowed_slugs / allowed_sectors / blocked_slugs. Denied requests return JSON-RPC -32000 and are logged as permission_denied.

03

Prompt Shield scan

String arguments scanned for injection patterns. Blocked if any critical pattern or aggregate score ≥ 0.8.

04

Execution / passthrough

First-party skills resolved from SKILL.md vault. External origins proxied under trust-state gate.

What a blocked call looks like

// JSON-RPC response when allowlist blocks a call
{
"jsonrpc": "2.0",
"id": 1,
"error": {
"code": −32000,
"message": "Request blocked by allowlist: allowlist_blocked"
}
}
// HTTP 403 · outcome=permission_denied logged in mcp_invocation_log

Compliance Relevance

SOC 2 Type II

Allowlist mode provides a documented, auditable record of which AI capabilities are approved for use. Satisfies CC6.1 (logical access control) and CC7.2 (monitoring) when combined with invocation logs.

ISO 27001

Supports A.9 Access Control by restricting which AI tools can be invoked and providing a deny-by-default mode consistent with least-privilege principles.

NIST AI RMF

Addresses GOVERN 1.7 and MANAGE 2.2: organizations should control which AI capabilities are deployed in production and continuously monitor their use.

Enterprise AI Policy

Many Fortune-500 AI policies require a pre-approved tool registry before any LLM agent can act on internal systems. Allowlist mode enforces that registry programmatically.

Ready to enforce your perimeter?

Configure your allowlist in the SkiLodge. Combined with Prompt Shield, it forms the full Zero-Trust Gateway your security team needs.

Configure allowlist Prompt Shield docs