Documentation Index
Fetch the complete documentation index at: https://quintsecurity.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
policy.proto
Hierarchical policy configuration: PolicyConfig → ServerPolicy → ToolRule. Supports glob wildcards for flexible server and tool matching.
PolicyConfig
Top-level configuration for the Quint proxy.
ServerPolicy
Per-MCP-server access control rules.
message ServerPolicy {
string server = 1; // Server wildcard (e.g., "github-*")
Action default_action = 2; // ALLOW or DENY by default
repeated ToolRule tools = 3; // Per-tool rules
}
message ToolRule {
string tool = 1; // Tool wildcard (e.g., "create_*")
Action action = 2; // ALLOW or DENY
}
ScoringPolicy
Risk scoring engine policies — maps directly to the infra API’s policy schema.
message ScoringPolicy {
repeated string sensitive_fields = 1;
repeated string allowed_tools = 2;
repeated string blocked_actions = 3;
repeated string allowed_action_patterns = 4; // Glob patterns
repeated string blocked_action_patterns = 5; // Override allowed
repeated DataClassification sensitive_classifications = 6;
string custom_rules = 7; // JSON-encoded
}
Policy Hierarchy
PolicyConfig
├── ServerPolicy ("github-*")
│ ├── default_action: ALLOW
│ ├── ToolRule ("create_*") → DENY
│ └── ToolRule ("list_*") → ALLOW
├── ServerPolicy ("slack-*")
│ ├── default_action: ALLOW
│ └── ToolRule ("send_message") → ALLOW
└── ScoringPolicy
├── blocked_action_patterns: ["data:field:pii_sensitive.*"]
└── sensitive_classifications: [PII_SENSITIVE, FINANCIAL]
* matches any single segment- Server/tool names are matched against the pattern
blocked_action_patterns takes precedence over allowed_action_patterns
