// SECURE GHOSTQA
View full policy →

GhostQA: 0 unrestricted tools

The GhostQA MCP server is primarily read-only, but rate limits are still recommended to control API costs and prevent retry loops.

// WHAT CAN GO WRONG

Even read-only tools carry cost. An agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up bills.

// RECOMMENDED RULES

These rules are based on the tool categories exposed by the GhostQA MCP server. Adjust the limits to match your use case.

Cap read operations 
Multi-platform:
    rules:
      - action: allow
        rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// FULL POLICY

This is the complete policy file for GhostQA. It lists every tool with suggested default rules. Download it, adjust the limits, and run with Intercept.

ghostqa.yaml 
version: "1"
default: "deny"

tools:
  Multi-platform:
    rules:
      - action: allow
        rate_limit: 60/minute
  Vision-powered:
    rules:
      - action: allow
        rate_limit: 60/minute
  YAML-configured:
    rules:
      - action: allow
        rate_limit: 60/minute
// ENFORCE IT

Two commands. Under two minutes.

01

Download the policy

curl -o ghostqa.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/ghostqa.yaml
02

Run Intercept in front of the server

intercept -c ghostqa.yaml -- npx -y @ghostqa

Works with any MCP client:

Claude Code Cursor Claude Desktop Windsurf

Every tool call is now checked against your policy before it reaches GhostQA. Denied calls are blocked and logged. Allowed calls pass through with no latency impact.

Enforce policies on GhostQA

Open source. One binary. Zero dependencies.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.