KeypostKeypost

Keypost Policy Model

How policy enforcement works at runtime for MCP pipelines.

What "policy" means in Keypost

A policy is a rule evaluated at runtime in the request path between an agent and an upstream MCP server. Policies are enforced, not advisory. Every request is evaluated before a tool executes.

Teams define enforceable boundaries - what agents can do, under what conditions, with what limits - without modifying agent code or upstream servers.

Where policies run

Keypost sits between an agent and the upstream MCP server. All tool calls flow through Keypost, where policies are evaluated before the request is forwarded.

Agent → Keypost → MCP server
         ↑
     Policy engine

Because enforcement happens at the network boundary, policies cannot be bypassed by agent behavior, prompt changes, or SDK inconsistencies.

Policy evaluation pipeline

Policies are evaluated in a fixed, deterministic order. The first policy to deny a request terminates evaluation. Errors fail closed by default.

  • Access control (allow/deny, environment, identity)
  • Constraints (parameter validation, schedules, geo rules)
  • Rate and cost controls (throttles, quotas, budgets)
  • Safety and compliance (DLP checks, field redaction, approvals, auditing)
  • Reliability controls (timeouts, caching, fallback behavior)

This layered approach ensures predictable outcomes and clear failure semantics.

Composability by design

Keypost policies are intentionally small and composable. Most real-world deployments combine three to six policies rather than relying on a single complex rule.

For example, a production MCP pipeline might combine:

  • Deny destructive tools in production
  • Restrict file system paths and parameters
  • Rate-limit expensive tools
  • Enforce per-environment cost budgets
  • Redact sensitive fields (passwords, tokens) from audit logs
  • Require full audit logging for all tool calls

Failure modes and guarantees

  • Fail-closed by default
  • Deterministic policy evaluation
  • No silent bypass or partial enforcement
  • Every decision is logged and auditable

These guarantees are critical for running agents safely in production environments.

Policy enforcement vs. policy in code

Agent-side checks and prompt-based safeguards are fragile. Keypost enforces policy at the network boundary, ensuring consistent behavior across agents, teams, and environments.

Complete policy schema

This page describes how policies are evaluated. For all supported policy types and configuration options, see the policy documentation.