Arcane MCP Policy -- 180 Tools

// TOOL MAP

Read (101) Write / Execute (58) Destructive / Financial (21)

// WHAT CAN GO WRONG

✕

Destructive tools (arcane_apikey_delete, arcane_container_delete, arcane_environment_delete) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

✕

Write operations (arcane_apikey_create, arcane_auth_login, arcane_container_create) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

✕

Execute tools (arcane_build_get, arcane_build_image, arcane_build_list) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

// RECOMMENDED RULES

Deny destructive operations

arcane_apikey_delete:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

arcane_apikey_create:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

arcane_apikey_list:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 180 ARCANE TOOLS

EXECUTE 19 tools

Execute arcane_build_get Execute arcane_build_image Execute arcane_build_list Execute arcane_build_workspace_browse Execute arcane_build_workspace_get_content Execute arcane_build_workspace_upload Execute arcane_container_restart Execute arcane_container_start Execute arcane_container_stop Execute arcane_gitops_sync Execute arcane_job_run Execute arcane_project_build Execute arcane_project_restart Execute arcane_project_up Execute arcane_swarm_scale_service Execute arcane_system_containers_start_all Execute arcane_system_containers_start_stopped Execute arcane_system_containers_stop_all Execute arcane_updater_run

WRITE 39 tools

READ 101 tools

// FAQ

Can an AI agent delete data through the Arcane MCP server? +

Yes. The Arcane server exposes 21 destructive tools including arcane_apikey_delete, arcane_container_delete, arcane_environment_delete. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Arcane? +

The Arcane server has 39 write tools including arcane_apikey_create, arcane_auth_login, arcane_container_create. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Arcane MCP server expose? +

180 tools across 4 categories: Destructive, Execute, Read, Write. 101 are read-only. 79 can modify, create, or delete data.

How do I add Intercept to my Arcane setup? +

One line change. Instead of running the Arcane server directly, prefix it with Intercept: intercept -c arcane.yaml -- npx -y @@randomsynergy/arcane-mcp-server. Download a pre-built policy from policylayer.com/policies/arcane and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Arcane

Other MCP servers with similar tools.

Let agents act without letting them run wild.