MCP Server Policies
MCP server governance is configured at registration time via the Agent Registry API.
Configuring Governance
Set governance fields when registering or updating an MCP server:
curl -X POST https://pilot.owkai.app/api/registry/mcp-servers \
-H "X-API-Key: your_api_key" \
-H "Content-Type: application/json" \
-d '{
"server_name": "my-mcp-server",
"governance_enabled": true,
"auto_approve_tools": ["safe_lookup"],
"blocked_tools": ["dangerous_tool"],
"tool_risk_overrides": {
"execute_trade": 85
}
}'
Governance Fields
| Field | Type | Description |
|---|---|---|
| governance_enabled | boolean | Enable/disable governance for this server |
| auto_approve_tools | string[] | Tools that auto-approve below risk threshold |
| blocked_tools | string[] | Tools permanently blocked regardless of risk |
| tool_risk_overrides | object | Custom risk scores per tool name (0-100) |
Layer 13 Enforcement
When an SDK caller submits an action with mcp_server_name, ASCEND enforces:
| Condition | Result |
|---|---|
| Server not registered | HTTP 403 denied |
| Server deactivated | HTTP 403 denied |
| Tool in blocked_tools | HTTP 403 denied |
| Server active, tool allowed | Governance applied |
The response includes an mcp_governance block with server_registered, server_active, and enforcement fields.
SDK Usage
result = client.evaluate_action(
action_type="tool_call",
resource="crm_system",
mcp_server_name="my-mcp-server",
wait_for_decision=False
)
print(result.mcp_governance["server_registered"])
See Server Registration for setup and MCP Overview for the full API reference.