MCP Server Policy

CONVEX MCP POLICY

Enforce policies on every tool call to the Convex MCP Server. 12 tools listed, categorised, and ready for rules.

get-convex/convex-backend 9 read 3 write 12 tools total

database reactive serverless typescript functions

GET STARTED

Download this policy scaffold and add your rules. Intercept enforces them on every tool call before it reaches Convex.

terminal

# Download policy scaffold


curl -o convex.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/convex.yaml

# Run with Intercept


intercept --policy convex.yaml -- npx -y @get-convex/convex-backend

Server documentation: https://convex.dev

READ TOOLS

status Query available deployments

tables List all tables with declared/inferred schemas

data Paginate through documents in a table

runOneoffQuery Execute sandboxed read-only JS queries

functionSpec Get metadata for all deployed functions

logs Retrieve recent function execution log entries

insights Fetch health insights for the deployment

envList List all environment variables for a deployment

envGet Get a specific environment variable's value

WRITE TOOLS

envSet Set or update an environment variable

DESTRUCTIVE TOOLS

envRemove Remove an environment variable

EXECUTE TOOLS

run Execute a deployed Convex function with provided arguments

POLICY YAML

This scaffold lists every tool with empty rules. Add conditions — rate limits, argument validation, deny rules — then deploy with Intercept.

convex.yaml

version: "1"
description: "Policy for get-convex/convex-backend"
default: "allow"
tools:
    status:
        rules: []
    tables:
        rules: []
    data:
        rules: []
    runOneoffQuery:
        rules: []
    functionSpec:
        rules: []
    logs:
        rules: []
    insights:
        rules: []
    envList:
        rules: []
    envGet:
        rules: []
    envSet:
        rules: []
    run:
        rules: []
    envRemove:
        rules: []

RELATED POLICIES

FREQUENTLY ASKED QUESTIONS

What tools does the Convex MCP server expose?

The Convex MCP Server exposes 12 tools across 4 categories: Read, Write, Execute, Destructive. Each tool can be individually controlled with Intercept policies.

How do I enforce policies on Convex?

Download the policy scaffold, add rules (rate limits, argument validation, deny rules), then run Intercept as a proxy in front of the Convex MCP server. Every tool call is evaluated against your YAML policy before execution.

Is the Convex policy free to use?

Yes. All Intercept policies are open source under the Apache 2.0 licence. Download, modify, and deploy without restrictions.

ENFORCE POLICIES ON CONVEX

Open source. One binary. Zero dependencies.

VIEW ON GITHUB Browse all policies →

CONVEX MCP POLICY

GET STARTED

READ TOOLS

status

tables

data

runOneoffQuery

functionSpec

logs

insights

envList

envGet