// GLOSSARY -- POLICY ENFORCEMENT

What is a Tool-Level Policy?

2 min read Updated

A tool-level policy targets a specific MCP tool (e.g. create_payment_intent on the Stripe server) rather than an entire server, providing the most granular level of policy enforcement available in Intercept.

WHY IT MATTERS

MCP servers expose multiple tools, each with different risk profiles. A GitHub server exposes both list_repos (read-only, low risk) and delete_repo (destructive, high risk). A server-level policy that allows or denies the entire server is too blunt. Tool-level policies let you make precise decisions: allow listing, deny deletion, log creation.

This granularity maps to how organisations actually think about permissions. A junior developer might be allowed to read files but not deploy. A billing agent might create invoices but not issue refunds above a threshold. Tool-level policies express these nuanced permissions declaratively, without requiring changes to the MCP server or the agent's code.

Tool-level policies can include argument conditions for even finer control. Rather than simply allowing or denying create_charge, you can allow it only when amount < 1000 and currency == "GBP". This layering of tool selection and argument constraints creates a powerful and readable policy language that scales from simple use cases to complex enterprise requirements.

HOW POLICYLAYER USES THIS

In Intercept, tool-level policies are defined as rules within a policy file that specify a tool name or pattern. They take precedence over server-level defaults through the policy inheritance mechanism. Tool-level rules support exact tool name matching, glob patterns (e.g. read_*), and can include any number of argument conditions. When multiple tool-level rules could match, policy priority determines which one applies.

FREQUENTLY ASKED QUESTIONS

How do tool-level policies interact with server-level policies?
Tool-level policies override server-level defaults. If the server-level policy denies all tools by default, a tool-level allow rule creates an exception for that specific tool. This inheritance model lets you set safe defaults and explicitly open access where needed.
Can I target multiple tools with one rule?
Yes, using glob patterns. A rule targeting 'list_*' applies to all tools starting with 'list_'. For more complex groupings, define multiple rules or use server-level defaults with specific tool-level overrides.
What is the most secure approach for tool-level policies?
Deny all tools at the server level, then explicitly allow only the tools your agent needs with tool-level rules. This whitelist approach ensures new tools added to an MCP server are blocked by default until explicitly reviewed and permitted.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.