4 tools. 1 can modify or destroy data without limits.
1 destructive tool with no built-in limits. Policy required.
Last updated:
Destructive tools (clear_thoughts) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.
clear_thoughts:
rules:
- action: deny Destructive tools should never be available to autonomous agents without human approval.
get_thought_stats:
rules:
- rate_limit: 60/minute Controls API costs and prevents retry loops from exhausting upstream rate limits.
Yes. The Think Tool Server server exposes 1 destructive tools including clear_thoughts. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.
4 tools across 2 categories: Destructive, Read. 3 are read-only. 1 can modify, create, or delete data.
One line change. Instead of running the Think Tool Server server directly, prefix it with Intercept: intercept -c cgize-claude-mcp-think-tool.yaml -- npx -y @cgize/claude-mcp-think-tool. Download a pre-built policy from policylayer.com/policies/cgize-claude-mcp-think-tool and adjust the limits to match your use case.
Starter policies available for each. Same risk classification, same one-command setup.
Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.