Examples & Recipes

Practical guardrail configurations for the five most common use cases. Each recipe is complete — copy the config, pick the right template, and you're done.

Recipe 1: Read-Only Gmail#

Use case: Let an AI assistant read and search your email — summarise threads, find invoices, draft responses for your review — but prevent it from ever sending or deleting anything.

Steps#

  1. Open the App → Tools tab.
  2. Enable: gmail_read_email, gmail_search_emails, gmail_list_labels.
  3. Disable (or leave off): gmail_send_email, gmail_create_draft, gmail_modify_labels, gmail_delete_email.

No guardrail template is needed — disabling the write tools in the Tools tab is sufficient. The disabled tools are removed from the MCP tool list entirely, so the AI client can't even attempt to call them.

Guardrails page showing Gmail read tools enabled and write tools disabled
Read-only Gmail: only the three read tools are toggled on.

Tip

If you also want to prevent the AI from creating drafts for human approval, disable gmail_create_draft as well. If you want it to draft but not send, disable only gmail_send_email.

Recipe 2: Block External Email#

Use case: The AI can compose and send email, but only to addresses within your company domain. Any attempt to email an external address is blocked before the Gmail API is called.

Steps#

  1. Enable gmail_send_email and gmail_create_draft.
  2. Open the Guardrails tab → Add Rule to gmail_send_email.
  3. Select the allow_domains template.
  4. Enter your company domain in the config.
  5. Repeat for gmail_create_draft.
allow_domains config
json
{"domains": ["yourcompany.com"]}

Any tool call where the to, cc, or bcc fields contain an address outside yourcompany.com will be denied with a clear error message returned to the AI client.

Note

To allow a small set of external partners as well, add their domains to the list: {"domains": ["yourcompany.com", "partner.com", "agency.io"]}

Recipe 3: Protect Main Branch#

Use case: An AI coding agent can create pull requests, but it must never target main or production as the base branch. All PRs must go to a feature or staging branch.

Steps#

  1. Enable github_create_pr.
  2. Open the Guardrails tab → Add Rule to github_create_pr.
  3. Select the protect_branches template.
  4. Configure with your protected branch names.
protect_branches config
json
{"branches": ["main", "production", "release"]}

MCPGate checks the base parameter of every github_create_pr call. If it matches any branch in the list, the call is denied. The AI must use a feature branch as the target instead.

Tip

Combine with force_draft: {} to also ensure all AI-created PRs require human review before they can be merged.

Recipe 4: Block Confidential Keywords#

Use case: Prevent the AI from sending emails or Slack messages that contain words indicating sensitive content — catching accidental leaks before they happen.

Steps#

  1. Open the Guardrails tab → Add Rule to gmail_send_email (and any other outbound tools).
  2. Select the keyword_block template.
  3. Configure with your list of sensitive words.
keyword_block config
json
{"keywords": ["confidential", "internal only", "do not share", "private", "attorney-client"]}

The check is case-insensitive and matches substrings. If any keyword appears anywhere in the tool call's string parameters (subject, body, to, etc.), the call is denied.

Warning

Be specific with keywords. Overly broad terms (like "private" in English) may block legitimate messages. Test with the Activity Log to tune the list.

Recipe 5: PII Detection#

Use case:Block any tool call — on any connector — that contains personal identifiable information. This is a compliance safeguard ensuring AI agents don't inadvertently relay personal data through MCPGate.

Steps#

  1. Open the Guardrails tab.
  2. Add a pii_detection rule to each outbound tool you want to protect (or use the account-level global policy for blanket coverage).
  3. Configure the types of PII to detect.
pii_detection config
json
{"types": ["email", "phone_us", "ssn", "creditcard"]}

Available PII detection types:

TypeWhat it detects
emailEmail addresses (e.g. [email protected])
phone_usUS phone numbers in common formats
ssnUS Social Security Numbers (XXX-XX-XXXX)
creditcardCredit card numbers (Luhn-validated)
ip_addressIPv4 and IPv6 addresses

False positives

PII detection uses pattern matching, not AI inference. Strings that look like PII (e.g. a product code that matches a credit card pattern) will trigger the rule. Review the Activity Log for denied calls and adjust the types list if needed.

Combining recipes#

Multiple rules on the same tool are evaluated in order — all must pass for the call to proceed. You can stack, for example, allow_domains + keyword_block + max_recipients on gmail_send_email to get layered protection.

See the Rule Templates reference for the full list of available templates to combine.