1 tools. 1 can modify or destroy data without limits.
1 destructive tool with no built-in limits. Policy required.
Last updated:
Destructive tools (registry) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.
registry:
rules:
- action: deny Destructive tools should never be available to autonomous agents without human approval.
Yes. The Agent Discover server exposes 1 destructive tools including registry. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.
1 tools across 1 categories: Destructive. 0 are read-only. 1 can modify, create, or delete data.
One line change. Instead of running the Agent Discover server directly, prefix it with Intercept: intercept -c agent-discover.yaml -- npx -y @agent-discover. Download a pre-built policy from policylayer.com/policies/agent-discover and adjust the limits to match your use case.
Starter policies available for each. Same risk classification, same one-command setup.
Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.