// GLOSSARY -- MCP & TOOL INFRASTRUCTURE

What is an MCP Resource?

1 min read Updated

An MCP resource is a read-only data source exposed by an MCP server that provides context to AI agents — such as files, database records, API responses, or configuration — without triggering side effects.

WHY IT MATTERS

While MCP tools are actions (they do things), MCP resources are data (they provide information). Resources give agents context without executing operations — reading a file, viewing a database schema, checking a configuration value.

Resources can be static (a fixed configuration file) or dynamic (current system state, live metrics). They support URI-based addressing and can include metadata about content type and freshness.

Even read-only data can be sensitive. Source code, environment variables, credentials files, customer data — all might be exposed as MCP resources. Access controls on resource reads are just as important as controls on tool calls.

HOW POLICYLAYER USES THIS

Intercept can enforce access controls on MCP resource reads. YAML policies can restrict which resources an agent is permitted to access — for example, allowing reads from config:// URIs but denying access to secrets:// URIs. This prevents agents from accessing sensitive data exposed by the server.

FREQUENTLY ASKED QUESTIONS

How are resources different from tools?
Resources are read-only data that provide context. Tools are executable actions that can have side effects. An agent reads resources for information and calls tools to take action. Intercept can enforce policies on both.
Can resources update in real-time?
Yes. MCP supports resource subscriptions where the server notifies the client when a resource changes. This enables agents to react to real-time data updates.
Why control access to read-only resources?
Read-only does not mean safe. Resources may expose sensitive configuration, credentials, private data, or proprietary code. Intercept policies can restrict resource access by URI pattern, preventing data exfiltration.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.