// GLOSSARY -- POLICY ENFORCEMENT

What is a Policy Action (Allow/Deny/Log)?

3 min read Updated

Policy actions are the three possible outcomes of policy evaluation in Intercept: allow (the tool call proceeds to the MCP server), deny (the tool call is blocked and an error returned), or log (the tool call proceeds but is recorded for audit).

WHY IT MATTERS

The three-action model — allow, deny, log — is deliberately minimal. More complex action systems (transform, redirect, queue) introduce ambiguity and make policies harder to reason about. When you read a policy rule, the action tells you exactly what happens: the call goes through, the call is blocked, or the call goes through and is recorded. There is no hidden behaviour.

The deny action is the foundation of security. When a tool call is denied, Intercept returns a structured error to the MCP client without forwarding anything to the server. The agent receives a clear message explaining why the call was blocked, which well-designed agents can use to adjust their approach. The tool call never executes — there is no partial execution or rollback to manage.

The log action serves a distinct purpose from allow. Both permit the tool call, but log explicitly marks it for audit attention. This is valuable during policy development ("I want to see what this tool does before I decide whether to restrict it"), for compliance ("record every financial transaction"), and for anomaly detection ("flag unusual but permitted operations"). Log actions feed into the audit trail without affecting agent behaviour.

The allow action is the simplest — the tool call passes through to the MCP server unchanged. In a deny-by-default configuration, explicit allow rules define the positive space of what agents are permitted to do, making the policy a whitelist rather than a blocklist.

HOW POLICYLAYER USES THIS

Intercept applies exactly one action per tool call, determined by the first matching rule in priority order. Deny actions return a structured MCP error response with a configurable message explaining the denial reason. Log actions forward the call to the server and write a structured log entry with full call details, matched rule, and timestamp. Allow actions forward the call silently. All three actions record a decision in the audit log for traceability — the difference is whether the call proceeds and whether it is flagged for attention.

FREQUENTLY ASKED QUESTIONS

Can I customise the error message when a tool call is denied?
Yes. Each deny rule can include a custom message that is returned to the MCP client. This helps agents understand why a call was blocked and adjust their behaviour — for example, 'Amount exceeds policy limit of 1000. Reduce the amount and retry.'
What is the difference between log and allow?
Both allow the tool call to proceed, but log explicitly flags the call in the audit trail for review. Use log when you want visibility into specific operations without blocking them — compliance recording, anomaly detection, or policy development.
Can a single tool call trigger multiple actions?
No. Intercept applies the action from the first matching rule only. If you need both logging and enforcement, use the audit trail (which records all decisions) combined with specific deny rules for restricted operations.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.