# Secure Defaults
SolonGate ships with secure defaults that prevent accidental exposure. New tools start with no permissions, write and execute require explicit enablement, and unsafe configurations trigger warnings before they can take effect.
Core Principles
Default-Deny
All tool execution denied by default. Explicit allow rules required for every action.
Read-Only Start
New tools start with READ-only permissions. WRITE and EXECUTE require manual enablement.
Unsafe Warnings
Dangerous configurations are flagged with CRITICAL or WARNING alerts before taking effect.
Permission Model
Permissions are always evaluated independently. Having READ does not imply WRITE or EXECUTE.
READView resources, list tools, read prompts. Safe by default.WRITEModify resources, create or update data. Requires explicit enablement.EXECUTERun tools, execute commands. Most restrictive — requires careful review.1import { NO_PERMISSIONS, READ_ONLY, Permission } from '@solongate/core';23// Default for new tools: no permissions at all4console.log(NO_PERMISSIONS.size); // 056// Maximum safe default: read-only7console.log(READ_ONLY.has(Permission.READ)); // true8console.log(READ_ONLY.has(Permission.WRITE)); // false9console.log(READ_ONLY.has(Permission.EXECUTE)); // false1011// Both are immutable (frozen)12// NO_PERMISSIONS.add('WRITE') // TypeError: Cannot add property1314// Permissions are independent - READ does NOT imply WRITE15import { hasPermission, hasAllPermissions } from '@solongate/core';1617hasPermission(READ_ONLY, Permission.READ); // true18hasPermission(READ_ONLY, Permission.WRITE); // false19hasAllPermissions(READ_ONLY, [Permission.READ, Permission.WRITE]); // false
Security Warnings
SolonGate analyzes policy configurations and flags unsafe patterns before they can cause harm. Use analyzeSecurityWarnings() to audit any policy set.
WILDCARD_ALLOWWildcard ALLOW rules grant permission to ALL tools, bypassing the default-deny model.
ALLOW_UNTRUSTEDALLOW rules targeting UNTRUSTED requests let unverified LLM requests execute tools.
ALLOW_EXECUTEEXECUTE permission allows tools to perform arbitrary actions. Ensure this is intentional and scoped.
DISABLED_VALIDATIONDisabling schema validation removes input sanitization protections.
1import { analyzeSecurityWarnings } from '@solongate/policy-engine';23const warnings = analyzeSecurityWarnings(policySet);45for (const warning of warnings) {6 console.log(`[${warning.level}] ${warning.code}`);7 console.log(` ${warning.message}`);8 console.log(` Fix: ${warning.recommendation}`);9}1011// Example output:12// [CRITICAL] WILDCARD_ALLOW13// Wildcard ALLOW rules grant permission to ALL tools.14// Fix: Replace wildcard ALLOW rules with specific tool patterns.15// [CRITICAL] ALLOW_UNTRUSTED16// Rule "rule-1" allows execution for UNTRUSTED requests.17// Fix: Set minimumTrustLevel to VERIFIED or higher for ALLOW rules.
MCP Permission Mapping
MCP protocol methods are automatically mapped to SolonGate permission types.
| MCP Method | Permission | Reason |
|---|---|---|
| resources/* | READ | Resource access is read-only |
| prompts/* | READ | Prompt retrieval is read-only |
| tools/list | READ | Listing tools is read-only |
| tools/call | EXECUTE | Calling a tool requires execute permission |
| unknown | EXECUTE | Unknown methods default to most restrictive |