PolicyLayer Intercept — open-source policy enforcement proxy for MCP

[s-a-m-a-i]

We built Intercept, an open-source transparent proxy that enforces YAML policies on every MCP tool call before it reaches upstream.

The problem it solves: when you connect an agent to an MCP server, the agent gets access to every tool with no limits. There's no way to say "read-only" or "max 5 issues per hour" or "no repo deletions" at the protocol level.

Intercept sits between the agent and the server. You write a policy file:

delete_repository:
  rules:
    - name: "block repo deletion"
      action: "deny"
      on_deny: "Repo deletion not permitted via AI agents"

create_issue:
  rules:
    - name: "hourly issue limit"
      rate_limit: 5/hour
      on_deny: "Hourly limit of 5 new issues reached"

Then run:

intercept -c policy.yaml -- npx -y @modelcontextprotocol/server-github

Your agent connects to Intercept like any MCP server. Intercept proxies everything through the policy engine. Denied calls never reach GitHub.

Enforcement is at the transport layer — below the model. The agent can't see it or reason around it.

Works with this server and any other MCP server. Open source, MIT licensed.

• GitHub: https://github.com/policylayer/intercept
• Site: https://intercept.policylayer.com

Would love feedback from anyone running github-mcp-server in production. What policies would be most useful?