Model Context Protocol
PolicyLayer Intercept — open-source policy enforcement proxy for MCP #694
L1AD
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Pre-submission Checklist
What would you like to share?
We built Intercept, a transparent proxy that enforces YAML policies on every MCP tool call before it reaches the upstream server.
The problem: when you connect an agent to an MCP server, it gets access to every tool with no granular controls. There's no protocol-level way to say "read-only," "max 5 calls per hour," or "block deletions."
Intercept sits between the agent and the server. You write a YAML policy file, and every tool call is evaluated before it's forwarded. If the policy says no, the call never reaches upstream.
What it supports:
Example policy:
Run it:
intercept -c policy.yaml -- npx -y @modelcontextprotocol/server-githubEnforcement is at the transport layer — below the model, invisible to the agent. No agent or server code changes needed. Works with any MCP server. Apache 2.0 licensed.
The main challenge was designing the policy language to be expressive enough for real use cases without becoming a nightmare to configure. We landed on YAML with a "first match wins" rule evaluation — same mental model as firewall rules.
Would love feedback from the MCP community on what policy primitives matter most as agents get more autonomous.
Relevant Links
GitHub repository: https://github.com/policylayer/intercept
Site: https://intercept.policylayer.com/
Policy reference: https://github.com/policylayer/intercept/blob/main/POLICY.md
Usage guide: https://github.com/policylayer/intercept/blob/main/USAGE.md
Beta Was this translation helpful? Give feedback.
All reactions