// GLOSSARY -- POLICY ENFORCEMENT

What is a Policy Violation?

2 min read Updated

When an AI agent attempts a tool call that violates a YAML-defined policy — calling a denied tool, passing disallowed arguments, or exceeding rate limits. Violations are blocked by Intercept before reaching the MCP server, logged with full context, and can trigger alerts.

WHY IT MATTERS

Policy violations are the system working as intended — a control catching an unauthorised tool call before it executes. They are signals, not failures.

Violations can indicate: normal operation (agent hitting legitimate rate limits), misconfiguration (policies too restrictive for the task), bugs (agent constructing wrong tool calls), or attacks (prompt injection attempting to invoke dangerous tools).

How you respond to violations matters. A few violations from hitting rate limits? Adjust policies. An agent repeatedly trying to invoke a denied tool? Investigate immediately — it could be a prompt injection attempt or a malfunctioning agent loop.

HOW POLICYLAYER USES THIS

Intercept blocks and logs every policy violation with full context — the attempted tool call, which policy rule was violated, the tool arguments, and the timestamp. Violations are returned to the client as structured error responses, enabling the agent to understand why a call was denied and adjust its behaviour.

FREQUENTLY ASKED QUESTIONS

Are all violations bad?
No — some are normal operation. An agent hitting a rate limit is not concerning. An agent repeatedly attempting to call a denied tool like execute_command after being blocked is very concerning and warrants investigation.
What information is logged for each violation?
Intercept logs the tool name, arguments, the specific policy rule that was violated, the timestamp, and the deny decision. This provides full context for audit and debugging.
How does the agent know a call was denied?
Intercept returns a structured error response to the MCP client indicating the call was denied by policy. Well-behaved agents use this feedback to adjust their approach rather than retrying the same denied call.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.