Try JFrog
Guides
Contact SupportTry JFrog
Start typing to search…
  1. MCP REGISTRY

Configure Tool Policies

Govern specific tool access within your approved MCP servers.

While approving an MCP server brings it into your secure network, Tool Policies dictate exactly what that server is permitted to do.

Because MCP tools are highly dynamic and lack unified static identifiers, the JFrog MCP Registry uses Regex-based Allow and Deny lists. This gives DevOps and Security teams surgical control over agent execution, for example, allowing an agent to use read_database while strictly blocking delete_table within the exact same server.

Tool Policy Capabilities

  • Granular Governance: Define exactly which tools within an approved MCP server an AI agent can invoke.
  • Flexible Matching: Use Regex patterns to manage tools.
  • Zero Trust vs. Open Access: Choose between an "Allow List" or a "Deny List" strategy for each server.
  • Dynamic Revocation: Admins can update policies or restrict servers at any time via Registry. Changes sync dynamically to the developer's local Gateway, immediately revoking or granting access.

Edit Policies for an Allowed Server

Target Persona: Project Admin.

  1. Navigate to the project on your Registry page.
  2. Click the Policy icon next to a specific server.
  3. Select one of the following tool access strategies:
    • Allow all tools: Automatically approves all current tools and any tools added to this server in future updates.
    • Select tools manually: Opens the tool policy configuration, where you can define granular allow or deny rules:
      • Allow List: Specify which tools are allowed. All tools not specifically selected are BLOCKED.
      • Deny List: Specify which tools are blocked. All tools not specifically blocked are ALLOWED.

Pattern Matching: Static Text and Regex

When configuring tool policies, you apply name patterns to intercept tool execution requests:

  • Static Text: Type the exact name of a tool (for example, get_weather) for a precise match.

  • Regex Patterns: Enter regular expressions to match groups of tools dynamically, based on naming patterns. This future-proofs your policies against minor tool updates.

    • Example (Allow List): Entering ^get_.* permits get_user and get_logs, but implicitly blocks anything that doesn't start with get_ (like delete_user).
    • Example (Deny List): Entering .*delete.* blocks delete_table, user_delete, and delete_file, while allowing all other operations.
📘

Security note: Safe regex engine (RE2)

To protect your gateway and infrastructure from Regular Expression Denial of Service (ReDoS) attacks, the JFrog MCP Registry uses the RE2 regex engine (the same engine used in Go). It supports most standard Perl/PCRE syntax but strictly prohibits features that cause exponential runtime, such as backtracking, lookaround assertions, and backreferences.

For supported syntax, see the Google RE2 Syntax Reference.

Updated 2 days ago