Try JFrog
Guides
Contact SupportTry JFrog
  1. MCP REGISTRY

Configure Tool Policies

Govern specific tool access within your approved MCP servers.

While approving an MCP server brings it into your secure network, Tool Policies dictate exactly what that server is permitted to do.

Because MCP tools are highly dynamic and lack unified static identifiers, the JFrog MCP Registry uses regular expression (regex) based allow and deny lists. This approach gives DevOps and Security teams surgical control over agent execution, for example, allowing an agent to use read_database while strictly blocking delete_table within the exact same server.

Tool Policy Capabilities

  • Granular Governance: Define exactly which tools within an approved MCP server an AI agent can invoke.
  • Flexible Matching: Use Regex patterns to manage tools.
  • Zero Trust vs. Open Access: Choose between an "Allow List" or a "Deny List" strategy for each server.
  • Dynamic Revocation: Admins can update policies or restrict servers at any time via Registry. Changes sync dynamically to the developer's local Agent Guard, immediately revoking or granting access.

Edit Policies for an Allowed Server

Target Persona: Project Admin.

  1. Navigate to the project on your Registry page.
  2. Select the required MCP Server.
  3. Select the project for which you want to change the policy.
  4. On the MCP Server Info tab, click Edit.
  5. Select the required tool access configuration:
    • Allow all tools: Automatically approves all current tools and any tools added to this server in future updates.
    • Select tools manually: Opens the tool policy configuration, where you can define granular allow or deny rules:
      • Allow List: Specify which tools are allowed. All tools not specifically selected are BLOCKED.
      • Deny List: Specify which tools are blocked. All tools not specifically blocked are ALLOWED.
  6. Click Next. This takes you to the environment variables and runtime arguments configuration.
  7. Click Next, and then Save Configuration.

Pattern Matching: Static Text and Regex

When configuring tool policies, you apply name patterns to intercept tool execution requests:

  • Static Text: Type the exact name of a tool (for example, get_weather) for a precise match.

  • Regex Patterns: Enter regular expressions to match groups of tools dynamically, based on naming patterns. This future-proofs your policies against minor tool updates.

    • Example (Allow List): Entering ^get_.* permits get_user and get_logs, but implicitly blocks anything that doesn't start with get_ (like delete_user).
    • Example (Deny List): Entering .*delete.* blocks delete_table, user_delete, and delete_file, while allowing all other operations.
📘

Security Note: Safe regex engine (RE2)

To protect your Agent Guard and infrastructure from Regular Expression Denial of Service (ReDoS) attacks, the JFrog MCP Registry uses the RE2 regex engine (the same engine used in Go). It supports most standard Perl/PCRE syntax but strictly prohibits features that cause exponential runtime, such as backtracking, lookaround assertions, and backreferences.

For supported syntax, see the Google RE2 Syntax Reference.

Frequently Asked Questions

This section provides answers to frequently asked questions.

FAQs
Q: How do I allow only specific tools in an MCP server?

A: In Edit Policies for an Allowed Server, select Select tools manually, and then configure an Allow List with the exact tool names or regex patterns you want to allow. For details, see Edit Policies for an Allowed Server.

Q: What is the difference between an Allow List and a Deny List?

A: An Allow List permits only the tools you specify and blocks all others. A Deny List blocks only the tools you specify and allows all others by default.

Q: What regex engine does JFrog MCP Registry use for tool policies?

A: JFrog MCP Registry uses RE2 for regex evaluation, which blocks high-risk regex features that can cause exponential runtime behavior. For details, see Pattern Matching: Static Text and Regex.

Related Topics