Zone 6

MCP Gateway

Sandboxed execution for Model Context Protocol tools. Bidirectional firewall inspects every request and response.

Full architecture Security
Z0 Auth Gateway Z1 API Router Z2 Session Manager Z3 Memory Engine Z4 Compute Sandbox Z5 Integration Layer Z6 MCP Gateway Z7 Security Policy Engine

Overview

The MCP Gateway provides a safe integration point for external AI tools via the Model Context Protocol. Every MCP request and response passes through a bidirectional firewall that inspects content, validates permissions, and logs interactions. MCP tools run in isolated containers with no direct vault access. LLM allowlisting is enforced per user, per project, and per delivery interface — giving organizations granular control over which AI models can interact with their institutional memory.

Key capabilities

Sandboxed Execution

MCP tools run in isolated containers with no direct access to the vault or internal zones.

Bidirectional Firewall

Both requests to and responses from MCP tools are inspected for policy violations and data leakage.

LLM Allowlisting

Per-user, per-project, and per-interface control over which AI models can be used.

Tool Allowlisting

Only approved MCP tools can be invoked, configurable per workspace and per role.

Content Inspection

All content flowing through the MCP Gateway is classified and checked against active security policies.

Provenance Tracking

Every AI interaction is tagged with user, role, model, timestamp, and audit trail metadata.

Security implications

How Zone 6 enforces bRRAIn's zero-trust security model:

  • MCP tools have no direct vault access — all data flows through the security policy engine
  • Bidirectional firewall inspects both requests and responses for policy violations
  • LLM allowlisting prevents unauthorized AI models from accessing institutional memory
  • Tool allowlisting ensures only approved tools can be invoked per workspace and role
  • Complete provenance tracking enables audit reconstruction of all AI interactions
Every zone enforces its own security boundary. No zone trusts another implicitly.

How it connects

Zone 6 manages external AI tool integration, with all operations inspected by Zone 7 before data reaches the vault.

Zone 5 — Integration Layer Zone 6 MCP Gateway Zone 7 — Security Policy Engine Zone 7 — Security Policy Engine inspects all zone transitions

Related certifications

bRRAIn professionals who interact with Zone 6:

Security Controller

Configures MCP security policies, manages LLM allowlists, and audits AI tool interactions.

See Zone 6 in action

Request a demo to see how bRRAIn's zero-trust architecture protects your institutional memory.

Request a demo Explore architecture