// GLOSSARY -- MCP & TOOL INFRASTRUCTURE

What is an MCP Tool?

2 min read Updated

An MCP tool is an executable capability exposed by an MCP server, described with a name, description, and JSON Schema parameters, that AI agents can discover and invoke through the Model Context Protocol.

WHY IT MATTERS

MCP tools are the action primitives of the protocol. They represent things an agent can do — execute a shell command, query a database, create a file, send an API request. Each tool has a schema describing its inputs and expected outputs.

What makes MCP tools powerful is standardisation. A tool defined once on an MCP server is automatically available to any compatible agent. The agent's LLM sees the tool's name, description, and parameters — enough to decide when and how to use it.

Tool design matters enormously. Well-designed tools have clear names, comprehensive descriptions (the LLM reads these to decide when to use the tool), strict input validation, and informative error messages. But even well-designed tools can be misused — which is why tool-level policy enforcement matters.

HOW POLICYLAYER USES THIS

Intercept enforces policies at the individual tool level. YAML policies specify which tools are allowed or denied, with optional argument constraints. For example, you can allow the execute_sql tool but deny DROP statements, or allow write_file only to specific directories. Each tool call is evaluated against the policy before reaching the server.

FREQUENTLY ASKED QUESTIONS

Can I allow some tools but deny others with Intercept?
Yes. Intercept policies operate at the tool level. You can allow read_file but deny execute_command, or allow both with different argument constraints. Policies are defined per-tool in YAML.
How does Intercept handle tool argument validation?
Intercept policies can define constraints on tool arguments — regex patterns, allowed values, numeric ranges. If an argument violates a constraint, the call is denied before reaching the server.
Can MCP tools have side effects?
Yes, and they often do — that is the point. A file-write tool modifies the filesystem. A shell-execute tool runs commands. This is precisely why policy enforcement on tool calls is critical — side effects need governance.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.