Skip to main content
ThornGuard’s newer platform controls are centered around understanding tool risk, requiring approvals for sensitive actions, and layering tenant-specific redaction rules on top of the built-in DLP engine.
In the live dashboard, these controls appear in the Platform tab when the matching feature flags are enabled. Viewer tokens can inspect safe read-only sections, but owner or admin credentials are required for approval and redaction management.

Tool Inventory

On successful tools/list responses, ThornGuard can persist a catalog of upstream tools per license and upstream origin. Stored data includes:
  • tool name
  • optional title
  • annotation metadata
  • input and output schema hashes
  • upstream target
  • computed risk level
  • first-seen and last-seen timestamps
Risk is derived from both MCP annotations and ThornGuard heuristics. For example:
  • destructiveHint pushes a tool toward high
  • readOnlyHint pushes a tool toward low
  • names like delete, exec, shell, deploy, or publish raise risk

Approval Workflows

Approval profiles let a tenant require explicit approval before ThornGuard will forward certain tools/call requests. Approvals can be triggered by:
  • matched policy context
  • high-risk tools
  • medium-risk tools when configured
When approval is required, ThornGuard creates an approval_requests record and returns a structured error payload containing an approval URL. If the client advertised URL-mode elicitation capability during initialize, ThornGuard can include a URL-mode approval hint in the response.

Approval API

  • GET /api/approval-profiles
  • POST /api/approval-profiles
  • PATCH /api/approval-profiles/:id
  • DELETE /api/approval-profiles/:id
  • GET /api/approval-requests
  • POST /api/approval-requests/:id/approve
  • POST /api/approval-requests/:id/deny

Custom Redaction Rules

Built-in PII and secret detection is always on. Enterprise tenants can add custom regex rules on top. Each custom rule has:
  • a mode: audit or redact
  • a regex pattern
  • an optional replacement
  • an enabled flag
Rules are stored in the redaction_rules table and applied after ThornGuard’s built-in redaction engine.

Redaction API

  • GET /api/redaction-rules
  • POST /api/redaction-rules
  • PATCH /api/redaction-rules/:id
  • DELETE /api/redaction-rules/:id

UI Status

The live backend and the deployed dashboard both support tool inventory, approval workflows, and custom redaction today. The exact sections visible in the UI still depend on feature flags and the current credential’s role.