// GLOSSARY -- POLICY ENFORCEMENT

What is a YAML Policy?

2 min read Updated

A YAML policy is a declarative configuration file that defines rules governing what an AI agent can and cannot do with MCP tools, specifying allowed and denied tools with optional argument constraints for a given server.

WHY IT MATTERS

Policy-as-code is a well-established practice in infrastructure (Terraform, Kubernetes admission controllers, OPA/Rego), but AI agent governance has largely relied on system prompts and hope. System prompts are not enforceable — they are suggestions to the model, not hard constraints. A determined or hallucinating agent can ignore them entirely.

YAML policies solve this by moving enforcement out of the model and into infrastructure. A YAML policy is evaluated by Intercept at the proxy layer, meaning it cannot be bypassed by the agent regardless of what the model decides to do. The policy is a hard boundary, not a suggestion.

YAML was chosen deliberately over JSON, Rego, or custom DSLs. It is human-readable, widely understood by developers and operations teams, natively supported by every CI/CD system, and trivially diffable in version control. A security engineer who has never worked with AI agents can read a YAML policy and understand exactly what it permits.

Each policy file targets a specific MCP server and contains a list of rules. Each rule targets a tool (or pattern of tools), specifies conditions on arguments, and declares an action: allow, deny, or log. This structure maps naturally to how teams think about permissions — "allow read operations on the database server, deny writes except to the staging schema."

HOW POLICYLAYER USES THIS

YAML policies are the core configuration primitive in Intercept. Each policy file lives alongside your project configuration, is version-controlled in git, and is loaded by Intercept at startup (and reloaded on change via hot-reload). Intercept parses, validates, and indexes policies for fast lookup during tool call evaluation. The format supports server-level defaults, tool-level overrides, argument conditions with comparison operators, and glob patterns for matching tool names.

FREQUENTLY ASKED QUESTIONS

Why YAML instead of a programming language like Rego?
YAML is readable by anyone on the team — security, compliance, and engineering — without learning a new language. It diffs cleanly in git, integrates with every CI/CD system, and keeps the barrier to writing policies as low as possible.
Can I use one policy file for multiple MCP servers?
Each policy file typically targets a single MCP server for clarity, but you can define global policies that apply across all servers. This keeps files focused and reviewable while still supporting cross-cutting rules.
How do I validate my YAML policies before deploying them?
Intercept includes policy linting that catches syntax errors, unreachable rules, and conflicting conditions. You can also use policy dry-run mode to evaluate policies against real traffic without enforcing them.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.