Flex Gateway Agent Policies
Policies enforce rules when Flex Gateway processes requests, enabling you to secure and govern your server instances. Flex Gateway includes A2A and MCP specific policies that provide enhanced security and control over agent interactions.
To apply a policy, see Applying Policies for Managed Flex Gateways and Connected Mode.
Flex Gateway MCP and A2A server instances also support other Flex Gateway policies to protect server instances through rate limiting, authentication, authorization, threat protection, monitoring, and logging. For more information about MuleSoft-provided policies, see the Inbound Policies Directory and Outbound Policies Directory.
To extend existing functionality or define new functionality, create custom policies based on your specific business requirements. For information about creating custom policies, see Flex Gateway Policy Development Kit (PDK) Overview.
| All agent policies are inbound policies and are not supported as automated policies. |
SSE Policies
Both A2A and MCP support the following policies for Server-Sent Events (SSE) streaming:
| Policy | Summary |
|---|---|
Logs every SSE event while streaming |
A2A Policies
| Policy | Summary |
|---|---|
Rewrites the Agent Card URL to match the server instance public URL |
|
Detects personally identifiable information (PII) in requests sent to the agent |
|
Decorates prompts with context information |
|
Validates agent requests to ensure they conform to the A2A specification |
MCP Policies
| Policy | Summary |
|---|---|
Controls access to tools, resources, and prompts based on user information such as Tiers, IP, Headers, or Claims |
|
Validates MCP requests to ensure they conform to the MCP specification |
|
Adds MCP support to a Flex Gateway MCP server instance. This policy is required for your MCP server instance to function properly. |