Back to Catalog

plugin

MASK Policy MCP

MASK Policy MCP is the agent-readable adapter for the canonical MASK service: apply, check, explain, resolve profiles, list visible rules, and search audit under RBAC control.

Who it is for

Enterprises, regulated teams, BYOC customers, and agent builders that need AI output to leave through tenant-scoped policy rails.

Problem it solves

It prevents proprietary terms, credentials, regulated claims, fabricated proof, and tenant secrets from leaking through inconsistent chat-specific guards.

Activation model

Inquiry-first install profile with RBAC Foundations, tenant policy packs, audit retention, and BYOC identity review.

Proof and source paths

  • MASK enterprise spec exists
  • RBAC Foundations sub-spec exists
  • Canonical applyMask implementation exists
  • CleverQ public route uses canonical MASK

Repo evidence

  • docs/MASK_POLICY_MCP_ENTERPRISE_SPEC_2026-05-12.md
  • docs/RBAC_FOUNDATIONS_SUBSPEC_2026-05-12.md
  • lib/mask/applyMask.ts

Capabilities

mask apply check

mcp

Apply or dry-run tenant-scoped MASK policy before AI output leaves a boundary.

mask audit policy admin

mcp

Search MASK audit and administer visible policy metadata under separation-of-duties controls.

Agent-readable queries

MASK Policy MCPAI output governance MCPtenant scoped AI policy engineBYOC IP shield for agents
What's on your mind?

Ask anything. Your thought enters the reasoning engine.

Enter to send · Shift+Enter for newline · Mic to speak