Skip to content

microsoft/policy-mcp

BranchesTags

Repository files navigation

A specification for MCP Policy Files

This repository defines a specification for a policy format to be used by another application to enforce permission controls on Model Context Protocol (MCP) servers. It is written in YAML format. The policies control various aspects of a runtime environment, including:

  • Storage Permissions: Controlling access (read, write) to specific file system URIs.
  • Network Permissions: Restricting network access to specific hosts, host patterns, or CIDR blocks.
  • Environment Variables: Defining which environment variables are allowed to be accessed.
  • Docker Runtime Configuration: Specifying security-related settings for Docker containers, such as privilege levels and Linux capabilities.

This repository does not include any third-party code

Policy Structure

Basic YAML format:

version: "1.0"
description: "My policy"
permissions:
  storage:
    allow:
    - uri: "fs://work/agent/**"
      access: ["read", "write"]
  network:
    allow:
    - host: "api.example.com"

Storage Permissions

storage:
  allow:
    - uri: "fs://work/agent/**"
      access: ["read", "write"]
    - uri: "fs://work/temp/*"
      access: ["read"]

Network Permissions

network:
  allow:
    - host: "api.service.com"
    - host: "*.internal.com"
    - cidr: "10.0.0.0/8"

Using Default HTTP Domains

You can use a predefined set of commonly needed HTTP domains using the defaults keyword:

network:
  allow:
    - defaults: true
    - host: "internal.mycompany.com"

The defaults include commonly accessed domains for:

  • Package Registries: npm, PyPI, RubyGems, Crates.io, NuGet, Maven
  • Version Control: GitHub, GitLab, Bitbucket
  • Cloud Services: AWS, Google Cloud, Azure, Cloudflare
  • Container Registries: Docker Hub, Quay, GitHub Container Registry, Google Container Registry
  • AI/ML APIs: OpenAI, Anthropic, Cohere
  • CDNs: jsDelivr, UNPKG, Cloudflare CDN, Fastly
  • Documentation: docs.rs, Read the Docs
  • CI/CD: CircleCI, Travis CI

For a complete list of included domains, see DEFAULTS.md.

This provides a secure baseline for common development and API access scenarios while still allowing you to add specific hosts as needed.

Environment Variables

environment:
  allow:
    - key: "PATH"
    - key: "HOME"

Docker Runtime

runtime:
  docker:
    security:
      privileged: false
      capabilities:
        drop: ["ALL"]
        add: ["NET_BIND_SERVICE"]

Contributing

Please see CONTRIBUTING.md for more information on how to contribute to this project.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

About

A specification for a policy format for MCP servers

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •