What is an Enum Constraint?
Restricting a tool call argument to a predefined set of allowed values. Enum constraints enforce closed vocabularies — for example, currency must be one of GBP, USD, or EUR — ensuring agents cannot use arbitrary or unexpected values.
WHY IT MATTERS
Many tool call arguments have a finite set of valid values. A currency field should be an ISO currency code. A region field should be one of your deployed regions. An action type should be one of a known set. Enum constraints codify these restrictions in the policy layer rather than relying on the downstream server to reject invalid values.
Enforcing enums at the proxy level provides defence in depth. Even if the MCP server accepts invalid values (perhaps due to a bug or permissive schema), the policy layer catches them first. This is critical for agents that hallucinate plausible-looking but invalid values — a common failure mode in LLM-driven tool calling.
Enum constraints are also self-documenting. By listing the allowed values in the YAML policy, operators create a human-readable specification of what agents are permitted to do. This makes policy review straightforward and reduces ambiguity about what constitutes a valid tool call.
HOW POLICYLAYER USES THIS
Intercept supports enum constraints in YAML policies via an allowed_values list on any argument. At evaluation time, Intercept checks whether the argument's value is present in the list. If not, the call is denied with a clear message stating which value was provided and which values are allowed. Enum checks are case-sensitive by default.