The policy engine is not yet implemented. This page describes planned functionality. The config stub (policy.enabled) exists but has no effect today.
Overview
Ultra’s policy engine will provide rule-based access control for MCP operations using Open Policy Agent (OPA) with the Rego policy language.
Planned Architecture
The policy engine will be implemented as a pipeline interceptor at PriorityNormal (50), executing after trace setup but before logging and audit:
Request → Trace (0) → Policy (50) → Logging (75) → Audit (75) → Metrics (100)
Planned Capabilities
Define which tools can be called and by whom:
# Example (planned syntax)
package ultra.policy
default allow = false
allow {
input.type == "tool_call"
input.tool_name == "filesystem__read"
startswith(input.tool_params.path, "/tmp/")
}
Parameter Validation
Validate tool arguments before they reach the upstream server:
# Prevent file writes outside allowed directories
deny {
input.type == "tool_call"
input.tool_name == "filesystem__write"
not startswith(input.tool_params.path, "/workspace/")
}
Rate Limiting
Control how frequently tools can be called.
Hub Policy Distribution
Policies defined in Ultra Hub will be distributed to linked gateways, enabling centralized policy management across organizations.
Current Config
The config stub exists but has no effect:
policy:
enabled: false # No effect — engine not implemented
path: "" # Will point to policy files when available
Following Progress
This feature is tracked in our development roadmap. Follow the Ultra GitHub repository for updates.
