AgentFence Feature

Decide Which MCP Servers and Tools Are Allowed

MCP security stops a bad call in the moment; MCP governance decides, ahead of time, which servers and tools an agent may use at all - and which need step-up. Together they bound the protocol.

Talk to usFree to start - no card required.
AgentFence · MCP Governance
REGISTERED SERVERS
12
authorized
TOOLS INVENTORIED
84
risk-scored
STEP-UP TOOLS
19
sensitive
crm-server - authorized, read toolsallowed
finance-server - write toolsstep-up
unknown-server - unregistereddenied
delete_all - high riskapproval required
Policy source: mcp_governance.pydeterministic

Illustrative product view

The policy side of MCP

MCP governance is where you decide the rules the gateway later enforces. It handles server authorization (which MCP servers may be reached), tool risk scoring (how dangerous each tool is), data-boundary policy, and which tools require step-up verification. AegisAI’s mcp_governance.py and AgentFence’s MCP firewall implement it deterministically, so the policy is explicit and testable rather than implicit in code.

What MCP governance covers

DimensionWhat it decides
Server authorizationWhich MCP servers agents may reach
Tool risk scoringThe risk tier of each tool by capability
Data boundariesWhich tools may move which data classes
Step-up requirementsWhich sensitive tools require verification
Approval routingWhich tools escalate to a human
The governance dimensions

Scoring tool risk

  • Read tools that stay in-scope are low risk and generally allowed
  • Write tools require step-up before they proceed
  • Tools that touch sensitive data are gated by data-boundary policy
  • Destructive or high-blast tools escalate to human approval

How it connects

MCP governance defines the rules; MCP security enforces them per call; agent governance ties the tools back to a specific accountable agent. All three write their decisions to the tamper-evident ledger, so which servers and tools were authorized - and every call against them - is on the record.

Frequently asked questions

What is MCP governance?

MCP governance is the policy layer for the Model Context Protocol: deciding which servers agents may reach, scoring the risk of each tool, setting data-boundary rules, and marking which tools require step-up or approval. It defines the rules that an MCP gateway then enforces on each call.

How is MCP governance different from MCP security?

Governance is the ahead-of-time policy - authorized servers, tool risk tiers, step-up requirements. Security is the runtime enforcement of that policy on each individual call. You set the rules with governance and the gateway applies them per invocation.

How are MCP tools risk-scored?

Tools are scored by what they can do: reads are low risk, writes require step-up, tools touching sensitive data are gated by data-boundary rules, and destructive or high-impact tools escalate to human approval. The scoring is deterministic, so the same tool always lands in the same tier.

Can I require approval before an agent uses a sensitive tool?

Yes. Governance lets you mark specific tools as requiring step-up verification or human approval, so a sensitive or destructive tool cannot be invoked on the agent’s authority alone - the call is verified or routed to a person first.

Stay in the loop

One practical finance briefing a week - new guides, checklists, and benchmarks.

 

Set the rules for MCP

Authorize servers, score tool risk, and require step-up on the sensitive ones.

Talk to us