Skip to main content

Global Rules

The mintmcp_global_rules resource manages organization-wide rules and their automated actions. Rules monitor Agent Monitor traffic for secrets and prompt injection patterns. When a rule matches, configured actions fire automatically. For PII detection and redaction, use gateway middleware with your DLP provider instead.

info

Configuration as Code is available for enterprise organizations. Reach out to enterprise@mintmcp.com to have it enabled for your org.

This is a singleton resource — exactly one exists per organization. If you delete it from your Terraform state, the configuration resets to defaults (all rules enabled, no actions) rather than being removed.

Example usage

Secret detection with Slack alerts and content blocking

resource "mintmcp_global_rules" "main" {
rule_configs = {
"prxgrule_XXXXXXXXXXXXXXXXXXXX" = {
is_enabled = true
}
}

actions = [
{
enabled = true
category = "secret"
send_slack_message_global = {
channel = "#security-alerts"
short_text = "Secret detected"
body_markdown = "The \"{{rule.name}}\" rule was triggered by {{user.email}}."
}
},
{
enabled = true
category = "secret"
replace_content_block_text = {
text = "This tool use may access a secret. Do not proceed if it is a production secret."
permission = "ask"
}
},
]
}

Multiple categories with different actions

resource "mintmcp_global_rules" "main" {
rule_configs = {
"prxgrule_AAAAAAAAAAAAAAAAAAAA" = {
is_enabled = true
}
"prxgrule_BBBBBBBBBBBBBBBBBBBB" = {
is_enabled = true
}
}

actions = [
# Alert on secrets
{
enabled = true
category = "secret"
send_slack_message_global = {
channel = "#security-alerts"
short_text = "Secret detected"
body_markdown = "Rule **{{rule.name}}** matched. User: {{user.email}}"
}
},
# Block secrets
{
enabled = true
category = "secret"
apply_text_content_policy = {
reason = "Content blocked: potential secret detected"
}
},
# Alert on prompt injection
{
enabled = true
category = "promptInjection"
send_slack_message_global = {
channel = "#security-alerts"
short_text = "Prompt injection attempt"
body_markdown = "Rule **{{rule.name}}** detected a prompt injection pattern."
}
},
]
}

Disable a specific rule

resource "mintmcp_global_rules" "main" {
rule_configs = {
# Explicitly disable a rule that is enabled by default
"prxgrule_XXXXXXXXXXXXXXXXXXXX" = {
is_enabled = false
}
}
}

Argument reference

Top-level arguments

  • rule_configs (Optional) — Map of rule configurations, keyed by global rule ID (prxgrule_...). Each value contains:

    • is_enabled (Required, bool) — Whether the rule is enabled for your organization. Rules not listed in the map use their default (enabled) state.
  • actions (Optional) — List of automated actions. Each action fires when a rule in the specified category matches. Each entry must set exactly one action type block.

Action entry arguments

Every action entry has these common fields:

  • enabled (Required, bool) — Whether the action is active. Set to false to temporarily disable an action without removing it.
  • category (Required, string) — The rule category this action applies to. One of: "secret", "promptInjection".

Plus exactly one of the following action type blocks:

send_slack_message_global

Sends a notification to a Slack channel when a rule matches. Requires a Slack integration configured in your MintMCP organization.

  • channel (Required, string) — Slack channel name. Must start with #.
  • short_text (Required, string) — Short summary shown in the Slack notification preview.
  • body_markdown (Required, string) — Full message body. Supports Liquid template syntax with variables like {{rule.name}} and {{user.email}}.

replace_content_block_text

Replaces matched content with a warning message, optionally prompting the user for approval before proceeding.

  • text (Required, string) — The replacement text displayed to the user.
  • permission (Optional, string) — Permission mode. Defaults to "deny".
    • "deny" — Blocks execution entirely.
    • "ask" — Prompts the user for approval before proceeding.
  • agent_message (Optional, string) — A separate message shown to the AI agent (if different from the user-facing text).

apply_text_content_policy

Blocks the content from being processed entirely.

  • reason (Required, string) — The reason shown to the user when content is blocked.
  • permission (Optional, string) — Currently only "block" is supported (default).

Rule categories

Rules are organized into categories. Each action targets a specific category, so you can configure different responses for different types of detections.

CategoryDescription
secretRegex-based detection of secrets, API keys, tokens, and credentials in prompts and tool responses.
promptInjectionDetection of prompt injection patterns in user inputs.

Finding rule IDs

Each built-in rule has an ID prefixed with prxgrule_. To find your organization's available rules:

  1. Open the MintMCP dashboard
  2. Go to Monitor > Rules
  3. Each rule card shows its ID

Only rules listed in rule_configs are explicitly managed by Terraform. Any rule not listed retains its default state (enabled).

Template variables

The body_markdown field in send_slack_message_global actions supports Liquid template syntax. Available variables depend on the rule's matcher type:

Common variables (all matcher types)

VariableDescription
rule.nameName of the rule that matched
rule.matcherTypeType of matcher used (e.g., request/prompt/regex)
user.emailEmail of the user who triggered the rule

Prompt regex rules

VariableDescription
regexThe regex pattern that matched

Tool use regex rules

VariableDescription
source.type"agent" or "mcp"
source.displayNameHuman-readable name of the tool source
tool.nameName of the tool that was called
tool.inputFull tool input (use {{tool.input | toJson}} to stringify)

Tool identity allowlist rules

All variables from tool use regex rules, plus:

VariableDescription
allowlist.state"denied" or "uncategorized"

Use the toJson filter to stringify objects: {{tool.input | toJson}}.

Computed attributes

  • etag — An opaque version string used for optimistic concurrency control. Terraform uses this internally to detect concurrent modifications.

Import

Import the existing Global Rules configuration using your organization ID:

terraform import mintmcp_global_rules.main org_XXXXXXXXXXXXXXXXXXXX

Or use a declarative import block (Terraform 1.5+):

import {
to = mintmcp_global_rules.main
id = "org_XXXXXXXXXXXXXXXXXXXX"
}

The organization ID must match the organization_id in your provider configuration.

Constraints

  • Each category + action type combination must be unique. For example, you cannot have two send_slack_message_global actions both targeting the secret category.
  • Liquid templates in body_markdown are validated at plan time. Invalid syntax will cause the plan to fail.
  • Rule IDs that do not exist on the server produce a warning (not an error), so stale references do not block applies.