Agent Governance for MCP Systems
Policy enforcement, smart approvals, and audit trails for AI agents
Agent → Policy Gateway → MCP Tools
The Agentic Governance Gap
Traditional network controls lack visibility into agent-level operations
The "Black Box" Problem
Standard WAFs cannot parse MCP JSON-RPC. You don't know if an agent is deleting a file or just reading it.
Indirect Prompt Injection
A malicious email or PDF can hijack your agent and force it to execute unauthorized tools.
Permissions Sprawl
Agents often have "Superuser" access. Once inside, they can do anything the API allows.
How It Works: ACE
Policy enforcement, tool masking, and human oversight in a single gateway
ANALYZE (Context & Session)
Evaluate session context and risk signals before execution. Policy rules run on every tool call.
CONSTRAIN (Dynamic Masking)
Agents see only tools they need for the current task. Limit exposure, reduce attack surface.
ESCALATE (Human-in-the-Loop)
Route high-risk actions to your existing approval workflow. Don't block valid work — approve it intelligently.
Built for Restricted Environments
Deep packet inspection, audit evidence, and on-prem deployment
What It Does
MCP Deep Inspection
Inspect MCP JSON-RPC requests and tool-call payloads in-line. Enforce allow/deny/step-up policies and capture evidence.
Policy-as-Code
Versioned, reviewable policies (Git-friendly) for tool access, environments, and approval rules.
Audit Evidence
Structured audit trails for incident response and compliance reviews (exportable JSON).
How It Runs
On-Prem / Air-Gapped
Designed for restricted networks with no required outbound connectivity.
Packaging
Delivered as a Dockerized gateway. Built on .NET for performance and native .NET ecosystem compatibility.
Current deployment model: Central MCP Gateway (inline). Distributed enforcement is roadmap.
Policy-as-Code Examples
Allow read-only filesystem access, block writes to protected paths
{
"name": "restrict_filesystem_writes",
"effect": "Deny",
"resources": {
"tools": ["filesystem.*"]
},
"conditions": "resource.toolName.startsWith('write') || resource.path.contains('/etc/') || resource.path.contains('/config/')"
}What You Get
Clear value for every stakeholder in your organization
For CISO
- Reduce agent risk with policy enforcement
- Complete audit trail for compliance
For CTO
- Ship agents with built-in guardrails
- Policy-as-code for version control
For DevOps
- Single gateway for all agent traffic
- Smart escalation reduces approval fatigue
For Engineers
- Ship agents faster with built-in safety
- Clear feedback on blocked actions
Example Scenarios
Rogue MCP Server
Allowlist trusted servers, quarantine unknown ones. Block unauthorized tool invocations in real-time.
Prompt Injection
Malicious input hijacks agent. Policy rules block unauthorized tool sequences and escalate for review.
High-Impact Tools
Delete, deploy, payment operations require human approval with full audit trail and step-up verification.
Shaping the Standard for Agent Governance
We are accepting 3 Enterprise Partners for Q2 Pilots
What is it?
A guided PoC where we deploy Castling to secure your specific agentic workflow. Work directly with our engineering team to build policies tailored to your use case.
Who is this for?
Teams running MCP agents in production (or near-prod) who need auditability, compliance, or are handling sensitive data with AI agents.
Included
- Deployment support & integration guidance
- Custom policy authoring for your workflow
- Direct R&D channel with the founding team
Request Pilot Access
Tell us about your agentic workflow