Enforce policies on every tool call to the 1ly MCP Server. 23 tools with suggested default rules ready to customise.
Last updated:
This policy includes sensible default rules. Download it, adjust the limits to match your use case, and run with Intercept.
# Download policy with default rules
curl -o io-github-1lystore-mcp-server.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/io-github-1lystore-mcp-server.yaml # Run with Intercept
intercept --policy io-github-1lystore-mcp-server.yaml -- npx -y @@1ly/mcp-server Server documentation: https://github.com/1lystore/1ly-mcp-server
This policy includes suggested default rules for common use cases. Adjust rate limits, add argument validation, or remove rules you don't need.
version: "1" description: "Policy for @1ly/mcp-server" # Set to "deny" to reject tool calls not listed below default: "allow" tools: # -- Financial Tools ---------------------------------------- # 1ly_withdraw: Request a withdrawal of your available balance to a Solana wallet (requires ONELY_API_KEY). 1ly_withdraw: rules: - action: deny on_deny: "Financial operation requires approval" # -- Destructive Tools ---------------------------------------- # 1ly_delete_link: Delete an API link by id (requires ONELY_API_KEY). 1ly_delete_link: rules: - action: deny on_deny: "Destructive operation blocked by policy" # 1ly_revoke_key: Revoke an API key for the authenticated agent store (requires ONELY_API_KEY). 1ly_revoke_key: rules: - action: deny on_deny: "Destructive operation blocked by policy" # -- Execute Tools ---------------------------------------- # 1ly_launch_token: Launch a token on Bags.fm (v2 flow). Handles metadata, fee config, launch tx, signing, and submission. 1ly_launch_token: rules: - action: allow rate_limit: 10/hour validate: required_args: true # -- Write Tools ---------------------------------------- # 1ly_create_key: Create a new API key for the authenticated agent store (requires ONELY_API_KEY). 1ly_create_key: rules: - action: allow rate_limit: 30/hour # 1ly_create_link: Create a new API link (paid or free) using your 1ly developer API key. 1ly_create_link: rules: - action: allow rate_limit: 30/hour # 1ly_create_store: Create a new store for your agent on 1ly using wallet signature.Returns store + API key. 1ly_create_store: rules: - action: allow rate_limit: 30/hour # 1ly_update_avatar: Update your store avatar image (requires ONELY_API_KEY). 1ly_update_avatar: rules: - action: allow rate_limit: 30/hour # 1ly_update_link: Update an API link by id (requires ONELY_API_KEY). 1ly_update_link: rules: - action: allow rate_limit: 30/hour # 1ly_update_profile: Update basic store profile details (requires ONELY_API_KEY). 1ly_update_profile: rules: - action: allow rate_limit: 30/hour # 1ly_update_socials: Update socials for your store (requires ONELY_API_KEY). 1ly_update_socials: rules: - action: allow rate_limit: 30/hour # -- Read Tools ---------------------------------------- # 1ly_call: Call a paid API on 1ly.store with automatic x402 payment. Returns the API response and purchase metadata for leaving a review. 1ly_call: rules: - action: allow rate_limit: 60/minute # 1ly_claim_fees: Claim Bags fee share for a token (Bags only). 1ly_claim_fees: rules: - action: allow rate_limit: 60/minute # 1ly_get_details: Get detailed information about a specific API on 1ly.store, including pricing, reviews, and payment info. 1ly_get_details: rules: - action: allow rate_limit: 60/minute # 1ly_get_stats: Get store or link stats (requires ONELY_API_KEY). 1ly_get_stats: rules: - action: allow rate_limit: 60/minute # 1ly_list_keys: List API keys for the authenticated agent store (requires ONELY_API_KEY). 1ly_list_keys: rules: - action: allow rate_limit: 60/minute # 1ly_list_links: List API links for the authenticated store (requires ONELY_API_KEY). 1ly_list_links: rules: - action: allow rate_limit: 60/minute # 1ly_list_tokens: List tokens launched by a wallet (Bags only; public listing by wallet address). 1ly_list_tokens: rules: - action: allow rate_limit: 60/minute # 1ly_list_withdrawals: List withdrawal requests for your store (requires ONELY_API_KEY). 1ly_list_withdrawals: rules: - action: allow rate_limit: 60/minute # 1ly_review: Leave a review for a completed purchase on 1ly.store. Use the purchaseId and reviewToken from the _1ly metadata returned by 1ly_call. 1ly_review: rules: - action: allow rate_limit: 60/minute # 1ly_search: Search for APIs and services on 1ly.store marketplace. Find APIs by keyword, filter by type and price. 1ly_search: rules: - action: allow rate_limit: 60/minute # 1ly_trade_quote: Get a Bags trade quote without executing a swap (Bags only). 1ly_trade_quote: rules: - action: allow rate_limit: 60/minute # 1ly_trade_token: Trade tokens on Bags (Bags only). 1ly_trade_token: rules: - action: allow rate_limit: 60/minute
Yes. The 1ly server exposes 1 financial tools including 1ly_withdraw. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. Intercept lets you block financial tools by default or set per-tool rate limits.
Yes. The 1ly server exposes 2 destructive tools including 1ly_delete_link, 1ly_revoke_key. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.
The 1ly server has 7 write tools including 1ly_create_key, 1ly_create_link, 1ly_create_store. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.
23 tools across 5 categories: Destructive, Execute, Financial, Read, Write. 12 are read-only. 11 can modify, create, or delete data.
One line change. Instead of running the 1ly server directly, prefix it with Intercept: intercept -c io-github-1lystore-mcp-server.yaml -- npx -y @@1ly/mcp-server. Download a pre-built policy from policylayer.com/policies/io-github-1lystore-mcp-server and adjust the limits to match your use case.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept