// GLOSSARY -- POLICY ENFORCEMENT

What is a Per-Tool Rate Limit?

2 min read Updated

A rate limit applied to a specific MCP tool rather than globally across all tools. Allows operators to set different throughput ceilings for different operations — for example, allowing 60 reads per minute but only 2 writes per minute on the same server.

WHY IT MATTERS

Not all tool calls carry the same risk or cost. A read operation is typically cheap, idempotent, and safe. A write operation may be expensive, destructive, or irreversible. Applying the same rate limit to both wastes agent productivity on reads while under-protecting writes.

Per-tool rate limiting lets operators match enforcement to risk. A database MCP server might allow 100 query calls per minute but only 5 execute_statement calls. A GitHub server might allow unlimited get_file calls but restrict create_pull_request to 3 per hour.

This granularity is essential for production deployments where agents interact with multiple tools on the same server. Without per-tool limits, a global rate limit would force operators to choose between being too permissive for dangerous operations or too restrictive for safe ones.

HOW POLICYLAYER USES THIS

Intercept YAML policies support rate limits scoped to individual tools. Each tool-level policy block can specify its own rate limit independently. Intercept tracks counters per tool name, so a call to read_file does not count against the write_file limit. This is configured directly in the YAML policy file with no code changes to the agent or server.

FREQUENTLY ASKED QUESTIONS

Can I have both a global and per-tool rate limit?
Yes. A global limit caps total throughput across all tools, while per-tool limits provide additional granularity. Both are evaluated — whichever is stricter applies.
What if a tool is not listed in the policy?
Unlisted tools fall through to the default policy. In a fail-closed configuration, unlisted tools are denied. In a fail-open configuration, they are allowed without rate limiting.
How do per-tool limits interact with per-user limits?
They stack. An agent must satisfy both the per-tool limit and the per-user limit. If either is exceeded, the call is denied.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.