Global Rules
The mintmcp_global_rules resource manages organization-wide rules and their
automated actions. Rules monitor Agent Monitor traffic for secrets and
prompt injection patterns. When a rule matches, configured actions fire
automatically. For PII detection and redaction, use gateway
middleware with your DLP provider instead.
Configuration as Code is available for enterprise organizations. Reach out to enterprise@mintmcp.com to have it enabled for your org.
This is a singleton resource — exactly one exists per organization. If you delete it from your Terraform state, the configuration resets to defaults (all rules enabled, no actions) rather than being removed.
Example usage
Secret detection with Slack alerts and content blocking
resource "mintmcp_global_rules" "main" {
rule_configs = {
"prxgrule_XXXXXXXXXXXXXXXXXXXX" = {
is_enabled = true
}
}
actions = [
{
enabled = true
category = "secret"
send_slack_message_global = {
channel = "#security-alerts"
short_text = "Secret detected"
body_markdown = "The \"{{rule.name}}\" rule was triggered by {{user.email}}."
}
},
{
enabled = true
category = "secret"
replace_content_block_text = {
text = "This tool use may access a secret. Do not proceed if it is a production secret."
permission = "ask"
}
},
]
}
Multiple categories with different actions
resource "mintmcp_global_rules" "main" {
rule_configs = {
"prxgrule_AAAAAAAAAAAAAAAAAAAA" = {
is_enabled = true
}
"prxgrule_BBBBBBBBBBBBBBBBBBBB" = {
is_enabled = true
}
}
actions = [
# Alert on secrets
{
enabled = true
category = "secret"
send_slack_message_global = {
channel = "#security-alerts"
short_text = "Secret detected"
body_markdown = "Rule **{{rule.name}}** matched. User: {{user.email}}"
}
},
# Block secrets
{
enabled = true
category = "secret"
apply_text_content_policy = {
reason = "Content blocked: potential secret detected"
}
},
# Alert on prompt injection
{
enabled = true
category = "promptInjection"
send_slack_message_global = {
channel = "#security-alerts"
short_text = "Prompt injection attempt"
body_markdown = "Rule **{{rule.name}}** detected a prompt injection pattern."
}
},
]
}
Disable a specific rule
resource "mintmcp_global_rules" "main" {
rule_configs = {
# Explicitly disable a rule that is enabled by default
"prxgrule_XXXXXXXXXXXXXXXXXXXX" = {
is_enabled = false
}
}
}
Argument reference
Top-level arguments
-
rule_configs(Optional) — Map of rule configurations, keyed by global rule ID (prxgrule_...). Each value contains:is_enabled(Required, bool) — Whether the rule is enabled for your organization. Rules not listed in the map use their default (enabled) state.
-
actions(Optional) — List of automated actions. Each action fires when a rule in the specified category matches. Each entry must set exactly one action type block.
Action entry arguments
Every action entry has these common fields:
enabled(Required, bool) — Whether the action is active. Set tofalseto temporarily disable an action without removing it.category(Required, string) — The rule category this action applies to. One of:"secret","promptInjection".
Plus exactly one of the following action type blocks:
send_slack_message_global
Sends a notification to a Slack channel when a rule matches. Requires a Slack integration configured in your MintMCP organization.
channel(Required, string) — Slack channel name. Must start with#.short_text(Required, string) — Short summary shown in the Slack notification preview.body_markdown(Required, string) — Full message body. Supports Liquid template syntax with variables like{{rule.name}}and{{user.email}}.
replace_content_block_text
Replaces matched content with a warning message, optionally prompting the user for approval before proceeding.
text(Required, string) — The replacement text displayed to the user.permission(Optional, string) — Permission mode. Defaults to"deny"."deny"— Blocks execution entirely."ask"— Prompts the user for approval before proceeding.
agent_message(Optional, string) — A separate message shown to the AI agent (if different from the user-facingtext).
apply_text_content_policy
Blocks the content from being processed entirely.
reason(Required, string) — The reason shown to the user when content is blocked.permission(Optional, string) — Currently only"block"is supported (default).
Rule categories
Rules are organized into categories. Each action targets a specific category, so you can configure different responses for different types of detections.
| Category | Description |
|---|---|
secret | Regex-based detection of secrets, API keys, tokens, and credentials in prompts and tool responses. |
promptInjection | Detection of prompt injection patterns in user inputs. |
Finding rule IDs
Each built-in rule has an ID prefixed with prxgrule_. To find your
organization's available rules:
- Open the MintMCP dashboard
- Go to Monitor > Rules
- Each rule card shows its ID
Only rules listed in rule_configs are explicitly managed by Terraform. Any
rule not listed retains its default state (enabled).
Template variables
The body_markdown field in send_slack_message_global actions supports
Liquid template syntax. Available
variables depend on the rule's matcher type:
Common variables (all matcher types)
| Variable | Description |
|---|---|
rule.name | Name of the rule that matched |
rule.matcherType | Type of matcher used (e.g., request/prompt/regex) |
user.email | Email of the user who triggered the rule |
Prompt regex rules
| Variable | Description |
|---|---|
regex | The regex pattern that matched |
Tool use regex rules
| Variable | Description |
|---|---|
source.type | "agent" or "mcp" |
source.displayName | Human-readable name of the tool source |
tool.name | Name of the tool that was called |
tool.input | Full tool input (use {{tool.input | toJson}} to stringify) |
Tool identity allowlist rules
All variables from tool use regex rules, plus:
| Variable | Description |
|---|---|
allowlist.state | "denied" or "uncategorized" |
Use the toJson filter to stringify objects: {{tool.input | toJson}}.
Computed attributes
etag— An opaque version string used for optimistic concurrency control. Terraform uses this internally to detect concurrent modifications.
Import
Import the existing Global Rules configuration using your organization ID:
terraform import mintmcp_global_rules.main org_XXXXXXXXXXXXXXXXXXXX
Or use a declarative import block (Terraform 1.5+):
import {
to = mintmcp_global_rules.main
id = "org_XXXXXXXXXXXXXXXXXXXX"
}
The organization ID must match the organization_id in your provider
configuration.
Constraints
- Each
category+ action type combination must be unique. For example, you cannot have twosend_slack_message_globalactions both targeting thesecretcategory. - Liquid templates in
body_markdownare validated at plan time. Invalid syntax will cause the plan to fail. - Rule IDs that do not exist on the server produce a warning (not an error), so stale references do not block applies.