Navil Policy — MCP Tool Scoping and Cost Optimization

GitHub's MCP server exposes 90+ tools consuming 50,000+ tokens before your agent thinks about your question. At scale, MCP tool definitions can exceed model context limits entirely.

Navil Policy solves this by controlling which tools each agent sees in tools/list responses. A code review agent sees 3 tools instead of 90. That is a 94% reduction in schema tokens — cheaper inference, faster responses, and a smaller attack surface.

When to Use This Skill

• User complains about token costs or context window bloat from MCP
• User has multiple MCP servers and agents are seeing too many tools
• User wants to restrict which tools specific agents can access
• User says "MCP is too expensive" or "my context is full of tool schemas"
• User asks about least privilege, tool scoping, or agent permissions
• User wants to auto-generate policies from observed agent behavior

How Tool Scoping Works

Navil's policy engine sits in the proxy layer (set up by navil-shield). When an agent requests tools/list, Navil filters the response based on the policy file before the agent ever sees it.

This means:

• The agent doesn't know the filtered tools exist — they never enter the context window
• Token savings are immediate — fewer tool schemas = less context consumed
• Security improves — agents can't call tools they can't see
• No code changes — the policy file controls everything

Creating a Policy

Step 1: Check if Navil Shield is Active

navil --version

If navil is not installed, install it first:

pip install navil --break-system-packages 2>/dev/null || pip install navil

If MCP servers are not yet wrapped with navil shim, the policy engine cannot filter tool lists. Recommend installing navil-shield first.

Step 2: Observe Current Tool Usage

To see what tools are currently being exposed to agents:

navil policy check --tool "*" --agent default --action list

Step 3: Generate a Starter Policy

Navil can auto-generate policies by watching how agents actually use tools:

navil policy auto-generate

This creates ~/.navil/policy.auto.yaml based on observed baselines. Review it, then copy rules you want to keep into ~/.navil/policy.yaml.

Step 4: Write Custom Policy

For manual policy creation, create ~/.navil/policy.yaml:

# Example: Scope tools by workflow
scopes:
  code-review:
    allow:
      - get_pull_request
      - list_files
      - create_review_comment
    description: "Code review agent sees only PR-related tools"

  deploy:
    allow:
      - create_deployment
      - get_deployment_status
    description: "Deploy agent sees only deployment tools"

  read-only:
    allow:
      - get_*
      - list_*
      - search_*
    description: "Read-only agents cannot modify anything"

  default:
    allow: "*"
    description: "Backward compatible — unrestricted access"

# Rate limiting per agent
rate_limits:
  default:
    requests_per_minute: 60
  deploy:
    requests_per_minute: 10

Step 5: Apply and Test

navil policy check --tool create_deployment --agent code-review --action call
# Expected: DENIED — code-review scope doesn't include deployment tools

navil policy check --tool get_pull_request --agent code-review --action call
# Expected: ALLOWED

Step 6: Monitor Policy Decisions

View the live decision log to verify policies are working:

navil policy suggest

This shows pending auto-generated rules with confidence scores. Accept the ones that make sense.

Step 7: Rollback if Needed

navil policy rollback

This undoes auto-generated policy changes. Your manually written policy.yaml is never modified by the auto-generator.

Token Savings Calculator

Present this to the user when they ask about cost:

At typical API pricing, scoping a heavy MCP setup saves $50-200/month in token costs alone.

Policy Templates

Navil ships with community templates for common MCP servers. Ask the user which servers they use, then suggest the appropriate template:

• GitHub MCP: Read-only, code-review, full-access scopes
• Filesystem MCP: Read-only, workspace-scoped, full-access scopes
• kubectl MCP: View-only, namespace-scoped, admin scopes

Important Notes

• policy.yaml (manual rules) always takes precedence over policy.auto.yaml (generated rules)
• Policies filter what agents see in tools/list, separate from what they can call
• The default scope with allow: "*" ensures backward compatibility
• Scoped responses are cached with 60s TTL in the Rust proxy — near-zero performance cost

Links

• Policy documentation: https://github.com/navilai/navil#tool-scoping
• Community policy templates: https://github.com/navilai/navil/tree/main/policies
• Token cost guide: https://navil.ai/docs/token-costs