Security policy template for GitHub MCP server

[L1AD]

We've built an open-source policy template for the GitHub MCP server that lets teams enforce guardrails on every tool call an AI agent can make.

The template covers all 83 tools exposed by your server — categorised into read, write, and destructive operations — with a ready-to-use YAML scaffold for adding rate limits, argument constraints, and access controls.

Example — constraining delete_file:

delete_file:
  rules:
    - name: "block file deletion"
      action: "deny"
      on_deny: "File deletion via agent is not permitted"

What is this?

Intercept is an open-source MCP proxy that sits between AI agents and MCP servers. It evaluates every tools/call request against YAML policies and blocks violations before they reach upstream. No SDK changes, no code modifications — just a proxy layer.

The template

The full policy scaffold for your server is here:
policies/github.yaml

It includes every tool your server exposes, grouped by category, with empty rule slots ready for teams to fill in.

Why this matters

As MCP adoption grows, agents are getting access to powerful tools — creating charges, deleting resources, modifying infrastructure. Without guardrails, a single hallucination or prompt injection can trigger real-world side effects. Policy templates give your users a starting point for safe agent deployments.

Collaboration

We'd love to:

• Get feedback on the template — are the tool categorisations accurate?
• Explore adding a link to the policy template in your docs/README
• Hear about any tool-specific constraints your team recommends

Happy to iterate on this. The template and Intercept are both Apache 2.0.