Confluent Kafka MCP Policy

GET STARTED

Download this policy scaffold and add your rules. Intercept enforces them on every tool call before it reaches Confluent Kafka.

terminal

# Download policy scaffold


curl -o confluent-kafka.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/confluent-kafka.yaml

# Run with Intercept


intercept --policy confluent-kafka.yaml -- npx -y @@confluentinc/mcp-confluent

Server documentation: https://github.com/confluentinc/mcp-confluent

READ TOOLS

28

list-topics List all topics in the Kafka cluster

search-topics-by-tag List all topics with the specified tag

search-topics-by-name List all topics matching the specified name

get-topic-config Retrieve configuration details for a specific Kafka topic

list-clusters Get all clusters in the Confluent Cloud environment

list-environments Get all environments in Confluent Cloud

read-environment Get details of a specific environment by ID

list-schemas List all schemas in the Schema Registry

list-connectors Retrieve a list of active connectors

read-connector Get information about a connector

consume-messages Consume messages from one or more Kafka topics

list-flink-statements Retrieve a list of all Flink statements

read-flink-statement Read a Flink statement and its results

list-flink-catalogs List all catalogs in the Flink environment

list-flink-databases List all databases in a Flink catalog

list-flink-tables List all tables in a Flink database

describe-flink-table Get full schema details for a Flink table

get-flink-table-info Get table metadata via INFORMATION_SCHEMA

get-flink-statement-exceptions Retrieve recent exceptions for a Flink statement

get-flink-statement-profile Get Query Profiler data with metrics and issue detection

check-flink-statement-health Perform aggregate health check for a Flink statement

detect-flink-statement-issues Detect issues for a Flink statement

list-tableflow-regions List all tableflow regions

list-tableflow-topics List all tableflow topics

read-tableflow-topic Read a tableflow topic

list-tableflow-catalog-integrations List all catalog integrations

read-tableflow-catalog-integration Read a catalog integration

WRITE TOOLS

11

create-topics Create one or more Kafka topics

produce-message Produce records to a Kafka topic

create-connector Create a new connector

create-flink-statement Create a Flink statement

create-topic-tags Create new tag definitions in Confluent Cloud

add-tags-to-topic Assign existing tags to Kafka topics

alter-topic-config Alter topic configuration in Confluent Cloud

create-tableflow-topic Create a tableflow topic

update-tableflow-topic Update a tableflow topic

create-tableflow-catalog-integration Create a catalog integration

update-tableflow-catalog-integration Update a catalog integration

DESTRUCTIVE TOOLS

7

delete-topics Delete topics with the given names

delete-connector Delete an existing connector

delete-flink-statements Delete a Flink statement

delete-tag Delete a tag definition from Confluent Cloud

remove-tag-from-entity Remove tag from an entity in Confluent Cloud

delete-tableflow-topic Delete a tableflow topic

delete-tableflow-catalog-integration Delete a tableflow catalog integration

POLICY YAML

This scaffold lists every tool with empty rules. Add conditions — rate limits, argument validation, deny rules — then deploy with Intercept.

confluent-kafka.yaml

version: "1"
description: "Policy for @confluentinc/mcp-confluent"
default: "allow"
tools:
    list-topics:
        rules: []
    search-topics-by-tag:
        rules: []
    search-topics-by-name:
        rules: []
    get-topic-config:
        rules: []
    list-tags:
        rules: []
    list-clusters:
        rules: []
    list-environments:
        rules: []
    read-environment:
        rules: []
    list-schemas:
        rules: []
    list-connectors:
        rules: []
    read-connector:
        rules: []
    consume-messages:
        rules: []
    list-flink-statements:
        rules: []
    read-flink-statement:
        rules: []
    list-flink-catalogs:
        rules: []
    list-flink-databases:
        rules: []
    list-flink-tables:
        rules: []
    describe-flink-table:
        rules: []
    get-flink-table-info:
        rules: []
    get-flink-statement-exceptions:
        rules: []
    get-flink-statement-profile:
        rules: []
    check-flink-statement-health:
        rules: []
    detect-flink-statement-issues:
        rules: []
    list-tableflow-regions:
        rules: []
    list-tableflow-topics:
        rules: []
    read-tableflow-topic:
        rules: []
    list-tableflow-catalog-integrations:
        rules: []
    read-tableflow-catalog-integration:
        rules: []
    create-topics:
        rules: []
    produce-message:
        rules: []
    create-connector:
        rules: []
    create-flink-statement:
        rules: []
    create-topic-tags:
        rules: []
    add-tags-to-topic:
        rules: []
    alter-topic-config:
        rules: []
    create-tableflow-topic:
        rules: []
    update-tableflow-topic:
        rules: []
    create-tableflow-catalog-integration:
        rules: []
    update-tableflow-catalog-integration:
        rules: []
    delete-topics:
        rules: []
    delete-connector:
        rules: []
    delete-flink-statements:
        rules: []
    delete-tag:
        rules: []
    remove-tag-from-entity:
        rules: []
    delete-tableflow-topic:
        rules: []
    delete-tableflow-catalog-integration:
        rules: []

FREQUENTLY ASKED QUESTIONS

What tools does the Confluent Kafka MCP server expose?

The Confluent Kafka MCP Server exposes 46 tools across 3 categories: Read, Write, Destructive. Each tool can be individually controlled with Intercept policies.

How do I enforce policies on Confluent Kafka?

Download the policy scaffold, add rules (rate limits, argument validation, deny rules), then run Intercept as a proxy in front of the Confluent Kafka MCP server. Every tool call is evaluated against your YAML policy before execution.

Is the Confluent Kafka policy free to use?

Yes. All Intercept policies are open source under the Apache 2.0 licence. Download, modify, and deploy without restrictions.

ENFORCE POLICIES ON CONFLUENT KAFKA

Open source. One binary. Zero dependencies.

VIEW ON GITHUB Browse all policies →