ConfigCat MCP Policy

GET STARTED

Download this policy scaffold and add your rules. Intercept enforces them on every tool call before it reaches ConfigCat.

terminal

# Download policy scaffold


curl -o configcat.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/configcat.yaml

# Run with Intercept


intercept --policy configcat.yaml -- npx -y @@configcat/mcp-server

Server documentation: https://github.com/configcat/mcp-server

READ TOOLS

33

list-organizations List all organizations

list-organization-members List organization members

list-pending-invitations List pending invitations

list-pending-invitations-org List org pending invitations

list-product-members List product members

list-permission-groups List permission groups

get-permission-group Get permission group details

list-products List all products

get-product Get specific product details

get-product-preferences Get product preferences

list-configs List configs for a product

get-config Get specific config details

list-environments List environments for a product

get-environment Get specific environment details

list-segments List user segments

get-segment Get specific segment details

get-sdk-keys Get SDK keys for config/environment

list-webhooks List webhooks

get-webhook Get webhook details

get-webhook-signing-keys List webhook signing keys

list-integrations List integrations

get-integration Get integration details

get-code-references Get code references

list-auditlogs Get product audit logs

list-organization-auditlogs Get organization audit logs

list-staleflags Get stale feature flags report

list-settings List feature flags for a config

get-setting Get specific feature flag details

list-settings-by-tag Get feature flags by tag

get-tag Get specific tag details

get-setting-value Get feature flag value

get-setting-values Get multiple setting values

WRITE TOOLS

26

invite-member Invite a new member

update-member-permissions Update the permissions of a member

create-permission-group Create a new permission group

update-permission-group Update permission group

update-product Update existing product

update-product-preferences Update product preferences

create-product Create a new product

create-config Create a new config

update-config Update existing config

create-environment Create a new environment

update-environment Update existing environment

create-segment Create a new segment

update-segment Update existing segment

replace-webhook Replace webhook configuration

update-webhook Update existing webhook

create-webhook Create a new webhook

create-integration Create a new integration

update-integration Update existing integration

create-setting Create a new feature flag

replace-setting Replace feature flag configuration

update-setting Update existing feature flag

create-tag Create a new tag

update-tag Update existing tag

update-setting-value Update feature flag value

replace-setting-value Replace feature flag value

update-sdk-documentation Get SDK documentation and code examples

DESTRUCTIVE TOOLS

12

delete-organization-member Remove organization member

delete-product-member Remove product member

delete-invitation Cancel invitation

delete-permission-group Delete permission group

delete-product Delete a product

delete-config Delete a config

delete-environment Delete an environment

delete-segment Delete a segment

delete-webhook Delete a webhook

delete-integration Delete an integration

delete-setting Delete a feature flag

delete-tag Delete a tag

OTHER TOOLS

1

post-setting-values Update multiple setting values

POLICY YAML

This scaffold lists every tool with empty rules. Add conditions — rate limits, argument validation, deny rules — then deploy with Intercept.

configcat.yaml

version: "1"
description: "Policy for @configcat/mcp-server"
default: "allow"
tools:
    list-organizations:
        rules: []
    list-organization-members:
        rules: []
    list-pending-invitations:
        rules: []
    list-pending-invitations-org:
        rules: []
    list-product-members:
        rules: []
    list-permission-groups:
        rules: []
    get-permission-group:
        rules: []
    list-products:
        rules: []
    get-product:
        rules: []
    get-product-preferences:
        rules: []
    list-configs:
        rules: []
    get-config:
        rules: []
    list-environments:
        rules: []
    get-environment:
        rules: []
    list-segments:
        rules: []
    get-segment:
        rules: []
    get-sdk-keys:
        rules: []
    list-webhooks:
        rules: []
    get-webhook:
        rules: []
    get-webhook-signing-keys:
        rules: []
    list-integrations:
        rules: []
    get-integration:
        rules: []
    get-code-references:
        rules: []
    list-auditlogs:
        rules: []
    list-organization-auditlogs:
        rules: []
    list-staleflags:
        rules: []
    list-settings:
        rules: []
    get-setting:
        rules: []
    list-tags:
        rules: []
    list-settings-by-tag:
        rules: []
    get-tag:
        rules: []
    get-setting-value:
        rules: []
    get-setting-values:
        rules: []
    invite-member:
        rules: []
    update-member-permissions:
        rules: []
    create-permission-group:
        rules: []
    update-permission-group:
        rules: []
    update-product:
        rules: []
    update-product-preferences:
        rules: []
    create-product:
        rules: []
    create-config:
        rules: []
    update-config:
        rules: []
    create-environment:
        rules: []
    update-environment:
        rules: []
    create-segment:
        rules: []
    update-segment:
        rules: []
    replace-webhook:
        rules: []
    update-webhook:
        rules: []
    create-webhook:
        rules: []
    create-integration:
        rules: []
    update-integration:
        rules: []
    create-setting:
        rules: []
    replace-setting:
        rules: []
    update-setting:
        rules: []
    create-tag:
        rules: []
    update-tag:
        rules: []
    update-setting-value:
        rules: []
    replace-setting-value:
        rules: []
    update-sdk-documentation:
        rules: []
    delete-organization-member:
        rules: []
    delete-product-member:
        rules: []
    delete-invitation:
        rules: []
    delete-permission-group:
        rules: []
    delete-product:
        rules: []
    delete-config:
        rules: []
    delete-environment:
        rules: []
    delete-segment:
        rules: []
    delete-webhook:
        rules: []
    delete-integration:
        rules: []
    delete-setting:
        rules: []
    delete-tag:
        rules: []
    post-setting-values:
        rules: []

FREQUENTLY ASKED QUESTIONS

What tools does the ConfigCat MCP server expose?

The ConfigCat MCP Server exposes 72 tools across 4 categories: Read, Write, Destructive, Other. Each tool can be individually controlled with Intercept policies.

How do I enforce policies on ConfigCat?

Download the policy scaffold, add rules (rate limits, argument validation, deny rules), then run Intercept as a proxy in front of the ConfigCat MCP server. Every tool call is evaluated against your YAML policy before execution.

Is the ConfigCat policy free to use?

Yes. All Intercept policies are open source under the Apache 2.0 licence. Download, modify, and deploy without restrictions.

ENFORCE POLICIES ON CONFIGCAT

Open source. One binary. Zero dependencies.

VIEW ON GITHUB Browse all policies →