The Behavioral Firewall
Enforcement that evaluates an agent action at the boundary, before it reaches Git, shell, MCP, a database, or a deploy.
What it is
A behavioral firewall governs what an agent does, not what it generated. It intercepts a proposed action in the local runtime, evaluates policy against the agent's authorization, and applies a decision before the action crosses the boundary (ADR-RGOV-011). Acting before the action reaches Git, shell, MCP, a database, or a deploy is the only enforcement an auditor or incident responder will credit — post-hoc detection is not enforcement.
From permission to correction
Authorization decides permission with three effects: allow, deny, and require_approval (escalate to a human). Protect extends that with corrective effects — rewrite, redact, read_only, quarantine, and terminate — so the firewall can do more than block: it can narrow an action down to something safe. Quarantine, rewrite, and terminate are the corrective actions most tools lack.
The MCP boundary is untrusted by default
Model Context Protocol lets agents reach external tools, databases, and internal services, but its own guarantees are weak: authorization is optional, credentials are often inherited from the environment, and many servers ship without authentication. DeepSweep treats the MCP boundary as untrusted and applies its own trust model — tool risk classification, a historical trust score, and an enforcement decision — independent of whatever the MCP server does or does not enforce (ADR-RGOV-006).
Build order, stated plainly
Enforcement is decided but deliberately sequenced: Protect is not implemented before Review, Identity, and Authorization exist, because you cannot enforce a boundary you have not yet authorized (ADR-RGOV-011). Today the firewall's shape is fixed in the contracts and the review surfaces the gaps it will close. We say what is shipped and what is sequenced — no overstatement.
Website install extension Agent Environment Review findings upgrade
Govern your own environment
Install the extension, run an Agent Environment Review, and act on the findings — upgrade when you want unlimited reviews.