How do I install Intercept?

Install Intercept with a single command: npx mdskills install policylayer/intercept. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Intercept?

Intercept works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Gemini Cli, Amp, Roo Code, Goose. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to MCP servers

Intercept

Name: Intercept: AI Agent Skill
Rating: 8.7 (1 reviews)
Author: policylayer

Verified

MCP ServerGit & Version ControlIntermediate

The firewall for AI agents. Open-source policy enforcement for MCP. Website: policylayer.com Intercept is a deterministic enforcement proxy for the Model Context Protocol (MCP). It sits between an AI agent and an MCP server, evaluating every tools/call request against YAML-defined policies. Violating calls are blocked at the transport layer before reaching the upstream server. MCP gives AI agents

by @policylayer0Updated 3/10/2026

Add this skill

npx mdskills install policylayer/intercept

Fork & Edit

Skill Advisor8.7

Comprehensive policy enforcement proxy with excellent documentation and practical examples

+Provides critical security layer for MCP with clear, actionable policy examples
+Includes ready-made scaffolds for 43 popular servers and hot-reload capability
+Well-documented setup with multiple transport modes and state backends
-Lacks explicit guidance on securing policy files containing sensitive rules

SKILL.md

Edit in Browser

1# Intercept
2 
3[![npm version](https://img.shields.io/npm/v/@policylayer/intercept.svg)](https://www.npmjs.com/package/@policylayer/intercept) [![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/PolicyLayer/Intercept/blob/main/LICENSE) [![GitHub last commit](https://img.shields.io/github/last-commit/PolicyLayer/Intercept.svg)](https://github.com/PolicyLayer/Intercept/commits/main) [![Node.js](https://img.shields.io/badge/node-%3E%3D18-brightgreen.svg)](https://nodejs.org/)
4 
5**The firewall for AI agents. Open-source policy enforcement for MCP.**
6 
7Website: [policylayer.com](https://policylayer.com)
8 
9Intercept is a deterministic enforcement proxy for the Model Context Protocol (MCP). It sits between an AI agent and an MCP server, evaluating every `tools/call` request against YAML-defined policies. Violating calls are blocked at the transport layer before reaching the upstream server.
10 
11```
12┌──────────┐       ┌───────────┐       ┌────────────┐
13│ LLM/AI   │──────>│ Intercept │──────>│ MCP Server │
14│ Client   │<──────│  (proxy)  │<──────│ (upstream) │
15└──────────┘       └───────────┘       └────────────┘
16                        │
17                   ┌────┴────┐
18                   │ Policy  │
19                   │ Engine  │
20                   └────┬────┘
21                   ┌────┴────┐
22                   │ State   │
23                   │ Store   │
24                   └─────────┘
25```
26 
27## Why
28 
29MCP gives AI agents access to every tool on a server with no access control. There are no rate limits, no spending caps, and no audit trail out of the box. Prompt-based guardrails live inside the model context and can be bypassed — the agent can rewrite, ignore, or reason around them. Intercept enforces policy at the transport layer, below the model. The agent never sees the rules and cannot circumvent them.
30 
31## What it does
32 
33- **Block tool calls** — deny dangerous tools unconditionally (e.g. `delete_repository`)
34- **Validate arguments** — enforce constraints on tool arguments (`amount <= 500`, `currency in [usd, eur]`)
35- **Rate limit** — cap calls per minute, hour, or day with `rate_limit: 5/hour` shorthand
36- **Track spend** — stateful counters with dynamic increments (e.g. sum `args.amount` across calls)
37- **Hide tools** — strip tools from `tools/list` so the agent never sees them, saving context window tokens
38- **Default deny** — allowlist mode where only explicitly listed tools are permitted
39- **Hot reload** — edit the policy file while running; changes apply immediately without restart
40- **Validate policies** — `intercept validate -c policy.yaml` catches errors before deployment
41 
42## Install
43 
44**npx:**
45 
46```sh
47npx -y @policylayer/intercept -c policy.yaml --upstream https://mcp.stripe.com --header "Authorization: Bearer sk_live_..."
48```
49 
50**npm:**
51 
52```sh
53npm install -g @policylayer/intercept
54```
55 
56**Go:**
57 
58```sh
59go install github.com/policylayer/intercept@latest
60```
61 
62**Pre-built binaries:**
63 
64Download from [GitHub Releases](https://github.com/policylayer/intercept/releases) and place the binary on your PATH.
65 
66## Quick start
67 
68**1. Generate a policy scaffold from a running MCP server:**
69 
70```sh
71intercept scan -o policy.yaml -- npx -y @modelcontextprotocol/server-stripe
72```
73 
74This connects to the server, discovers all available tools, and writes a commented YAML file listing each tool with its parameters.
75 
76**2. Edit the policy to add rules:**
77 
78```yaml
79version: "1"
80description: "Stripe MCP server policies"
81 
82hide:
83  - delete_customer
84  - delete_product
85  - delete_invoice
86 
87tools:
88  create_charge:
89    rules:
90      - name: "max single charge"
91        conditions:
92          - path: "args.amount"
93            op: "lte"
94            value: 50000
95        on_deny: "Single charge cannot exceed $500.00"
96 
97      - name: "daily spend cap"
98        conditions:
99          - path: "state.create_charge.daily_spend"
100            op: "lte"
101            value: 1000000
102        on_deny: "Daily spending cap of $10,000.00 reached"
103        state:
104          counter: "daily_spend"
105          window: "day"
106          increment_from: "args.amount"
107 
108      - name: "allowed currencies"
109        conditions:
110          - path: "args.currency"
111            op: "in"
112            value: ["usd", "eur"]
113        on_deny: "Only USD and EUR charges are permitted"
114 
115  create_refund:
116    rules:
117      - name: "refund limit"
118        rate_limit: 10/day
119        on_deny: "Daily refund limit (10) reached"
120```
121 
122**3. Run the proxy:**
123 
124```sh
125intercept -c policy.yaml --upstream https://mcp.stripe.com --header "Authorization: Bearer sk_live_..."
126```
127 
128Intercept proxies all MCP traffic and enforces your policy on every tool call. Hidden tools are stripped from the agent's view entirely.
129 
130## Example policies
131 
132The `policies/` directory contains ready-made policy scaffolds for 43 popular MCP servers including GitHub, Stripe, AWS, Notion, Slack, and more. Each file lists every tool with its description, grouped by category (Read, Write, Execute, Financial, Destructive).
133 
134Copy one as a starting point:
135 
136```sh
137cp policies/stripe.yaml policy.yaml
138# edit to add your rules, then:
139intercept -c policy.yaml --upstream https://mcp.stripe.com
140```
141 
142Browse all policies → [policies/](policies/)
143 
144## MCP client integration
145 
146To use Intercept with Claude Code (or any MCP client that reads `.mcp.json`), point the server command at Intercept:
147 
148```json
149{
150  "mcpServers": {
151    "github": {
152      "command": "intercept",
153      "args": [
154        "-c", "/path/to/policy.yaml",
155        "--",
156        "npx", "-y", "@modelcontextprotocol/server-github"
157      ],
158      "env": {
159        "GITHUB_PERSONAL_ACCESS_TOKEN": "..."
160      }
161    }
162  }
163}
164```
165 
166For remote HTTP servers, use `--upstream` instead of a command:
167 
168```json
169{
170  "mcpServers": {
171    "stripe": {
172      "command": "intercept",
173      "args": [
174        "-c", "/path/to/policy.yaml",
175        "--upstream", "https://mcp.stripe.com",
176        "--header", "Authorization: Bearer tok"
177      ]
178    }
179  }
180}
181```
182 
183## State backends
184 
185Rate limits and counters persist across restarts. SQLite is the default (zero config). Redis is supported for multi-instance deployments:
186 
187```sh
188intercept -c policy.yaml --state-dsn redis://localhost:6379 --upstream https://mcp.stripe.com
189```
190 
191## Documentation
192 
193- [CLI reference](USAGE.md): all commands, flags, transport modes, state backends, event logging
194- [Policy reference](POLICY.md): YAML format, conditions, operators, stateful counters, examples
195- [Example policies](policies/): ready-made scaffolds for 43 MCP servers
196 
197## Contributing
198 
199Contributions welcome — open an issue to discuss what you'd like to change.
200 
201## License
202 
203[Apache 2.0](LICENSE)
204

Full transparency — inspect the skill content before installing.