Products · AgentFirewall MCP
AgentFirewall MCP
Hosted policy checks before agent tool calls execute
Route-level hosted access for teams that need AgentFirewall policy checks without buying the full catalog first.
Category
Agent Security
Access model
Hosted on Monarchic-managed infrastructure
Best for
Teams letting agents call tools, APIs, terminals, or internal MCPs.
What you get
- Single hosted MCP route access
- Policy preflight, prompt scanning, redaction review, and provenance verification
- Priced from light control-plane telemetry
- Prices reflect the 2026-07-06 production cost/performance packet: always-on AWS baseline, hosted Lambda latency buckets, and route-cost variance. Usage tiers stay primary; single-MCP subscriptions are narrow route access products.
What it does
Policy-check agent actions before they reach risky tools.
Outcomes
- Block prompt-injection-shaped tool calls before execution
- Require explicit authority for read, write, execute, and admin actions
- Redact sensitive prompt material and verify provenance claims
Primary workflows
Tool-call preflight Prompt scanning Redaction review Provenance verification
Proof boundary
Strict MCP input schemas and policy tests cover each public firewall tool.
How it fits in
AgentFirewall MCP runs as a hosted MCP route under api.monarchic.io/mcp/agentfirewall . Issue scoped API keys from the dashboard and point any MCP-aware agent client at the route when launch access opens.