Docs · Quickstart
Quickstart: protect one agent workflow with Ultra13
This quickstart outlines how to protect a single agent workflow with the Context Firewall — from inventorying context sources to enforcing on high-risk sinks. Full SDK, proxy, and MCP-gateway integration snippets are rolling out during early access; this page describes the model and the steps.
By the Ultra13 teamPublished Updated
TL;DR
- Start in monitor mode; enforce once policy is proven.
- Inventory context sources and sinks; label trust classes.
- Inspect tool calls, gate memory writes, and screen egress.
- Turn on enforcement for high-risk sinks first.
Before you start
Have your agent framework, model provider, tools, RAG sources, memory store, data classes, and intended deployment mode to hand. Choose where Ultra13 sits — inline SDK, LLM proxy, or MCP gateway — per security architecture.
The steps
- Define context sources and label them by trust class.
- Define sinks: tool calls, memory writes, exports, browser actions, approvals.
- Add monitor-mode source-to-sink policy.
- Inspect tool calls and gate memory writes.
- Screen egress; review the decision logs.
- Turn on enforcement for high-risk sinks first.