What is a Per-User Rate Limit?
Rate limits scoped to individual users or agent identities rather than applied globally. Ensures one agent cannot consume another's quota, enabling fair resource allocation in multi-tenant MCP deployments.
WHY IT MATTERS
In any shared system, a global rate limit creates a tragedy of the commons. If five agents share a global limit of 100 calls per minute, one aggressive agent can consume all 100 — starving the other four. Per-user rate limiting solves this by giving each agent its own quota.
Identity-scoped limits are essential in production MCP deployments. A team might run multiple agents against the same MCP server — a coding assistant, a monitoring bot, and a deployment agent. Each has different throughput needs and risk profiles. Per-user limits let operators tailor quotas to each agent's role.
Per-user limits also improve security posture. If an agent's credentials are compromised, the attacker's blast radius is bounded by that agent's individual quota rather than the global capacity of the system. This containment is critical when MCP servers wrap sensitive infrastructure.
HOW POLICYLAYER USES THIS
Intercept identifies agents by their connection identity and applies rate limits per user or per agent as defined in the YAML policy. Each identity gets its own counter, ensuring isolation between agents. This prevents a noisy neighbour from impacting other agents sharing the same Intercept proxy instance.