One proxy between your agent and everything it can break.
or
Enforce policies on agents powered by
Open source · Apache 2.0 · Single Go binary · Pre-built policies for 100+ servers
The agent auto-approved a batch of refunds. No per-transaction cap. No daily limit. Finance found out on Monday.
A reporting agent exported the full users table to a public S3 bucket. Names, emails, payment methods. Front-page news.
A cleanup agent decided idle instances were unused. They were the primary API cluster. 23 minutes of downtime.
An agent updated the A record. Customer traffic redirected to an unknown IP. SOC found out from Twitter.
A CI agent toggled repository visibility to fix a permissions issue. Source code, API keys, and internal docs exposed to the internet.
A migration agent dropped the users collection to "start fresh." No snapshot. No confirmation step. Recovery took 3 days.
Every one of these is preventable with Intercept.
Prompts are probabilistic. Enforcement must be deterministic.
Every tool call flows through Intercept. If it breaks a rule, it never executes.
Wrap any MCP server. Same tools, same schemas, complete control.
01 / Scan
Connect to any MCP server and generate a policy scaffold. Every tool listed, parameters documented.
intercept scan -o policy.yaml \
-- npx -y server-github02 / Edit
Add rules to the generated YAML. Rate limits, spend caps, unconditional blocks. Every tool is already listed — just add your conditions.
delete_repository:
rules:
- name: "block deletion"
action: "deny"
on_deny: "Not permitted"03 / Run
Launch the proxy. It wraps the upstream server and enforces your policy on every tool call.
intercept -c policy.yaml \
-- npx -y server-githubYour agent needs these tools. You need limits.
Cap every charge at $500. Cap daily spend at $10K. Block refunds over $100.
Block repo deletion. Rate-limit PRs to 3/hour. Hide 50 irrelevant tools from context.
Lock all calls to us-east-1. Block instance termination. Restrict to approved instance types.
Block collection drops. Rate-limit writes to 100/hour. Default deny everything, allowlist reads.
eq neq lt lte gt gte in not_in regex contains exists args.metadata.key Nested path access
state.tool.counter Stateful counters
"*" Wildcard matching
Pre-built policy files listing every tool, categorised. Copy one, add your rules, run.
100+ servers. Thousands of tools. All open source.
Browse all policies on GitHubIf the proxy can't evaluate a call, the call is denied. Safety is the default, not the exception.
Edit policies live. Valid changes swap in instantly, invalid ones are rejected. Counters persist across reloads.
Policy checks run in-process before forwarding. No network round-trips, no added latency to your agent.
Every decision logged as structured JSONL. Tool name, result, matched rule. Arguments hashed so logs stay safe to share.
SQLite out of the box for rate limits and counters. Switch to Redis when you need shared state across instances.
One Go binary. No runtime, no dependencies, no sidecar. Install and run in seconds on any platform.
Open source. One binary. Zero dependencies.
or
Have a question or want to learn more? Send us a message.
✓ MESSAGE SENT!
We'll get back to you soon.