Rulesets
A ruleset is a named collection of tool mode settings. It defines which tools are enabled, which require approval, and which are disabled across your servers.
MCPFirewall ships with a Default ruleset that applies everywhere unless overridden. You can create as many additional rulesets as you need.
Rulesets are visible in Advanced Mode. In Simple Mode, tool modes are managed directly per server.
Create a ruleset
Section titled “Create a ruleset”On the Rulesets page, click Create in the left panel and give it a name (like “Production”, “Side Projects”, or “Strict”).
From the CLI:
mcpfw ruleset create "production"Configure tool modes
Section titled “Configure tool modes”Select a ruleset to see its servers in the right panel.
Server-level mode sets the baseline for all tools on a server:
- Full Access: tools use their individual modes
- Read-Write: read and write tools allowed, admin tools disabled
- Read-Only: only read tools allowed
- No Access: all tools disabled
Per-tool overrides let you set a specific mode for individual tools. Expand a server to see its tool list and set each one to Enabled, Requires Approval, or Disabled.
Tool-level overrides always take precedence over the server-level mode.
Bulk mode applies one mode to every tool on a server at once. Useful as a starting point that you then refine per tool.
How rulesets are resolved
Section titled “How rulesets are resolved”When a tool call arrives, the gateway picks the active ruleset in this order:
- Project scope: if the working directory (or a parent) has a
.mcpfw/rulesetfile, that ruleset wins. This is a longest-prefix match. - Client default: if no project match, the default ruleset assigned to the AI client applies.
- Global default: the system-wide default ruleset.
First match wins. This means you can have strict rules for production code and relaxed rules for a personal project, and the right one activates automatically based on where the AI is working.
Assign to a project
Section titled “Assign to a project”From the MCP Hub, click a project and select a ruleset. Or from the CLI:
mcpfw ruleset apply "production" --dir ~/projects/myappThis creates a .mcpfw/ruleset file in the directory. Any AI session in that directory (or below) uses this ruleset.
Clone, export, import
Section titled “Clone, export, import”Clone a ruleset from the overflow menu to create a variation.
Export and import via the CLI for sharing across machines:
mcpfw ruleset export "production" > production.jsoncat production.json | mcpfw ruleset importCommon patterns
Section titled “Common patterns”Trust but verify: set all servers to Full Access, override destructive tools (delete, write, execute) to Requires Approval. Speed with a safety net.
Strict review: set all servers to Requires Approval, override read-only tools to Enabled. Every write operation needs your sign-off.
Sandbox: set all servers to No Access, then selectively enable only the tools you need. Good for untrusted MCP servers.