3 tools. 1 can modify or destroy data without limits.
1 destructive tool with no built-in limits. Policy required.
Last updated:
Destructive tools (fit_messages) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.
fit_messages:
rules:
- action: deny Destructive tools should never be available to autonomous agents without human approval.
count_tokens:
rules:
- rate_limit: 60/minute Controls API costs and prevents retry loops from exhausting upstream rate limits.
Yes. The Agentfit server exposes 1 destructive tools including fit_messages. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.
3 tools across 2 categories: Destructive, Read. 2 are read-only. 1 can modify, create, or delete data.
One line change. Instead of running the Agentfit server directly, prefix it with Intercept: intercept -c io-github-mukundakatta-agentfit.yaml -- npx -y @@mukundakatta/agentfit-mcp. Download a pre-built policy from policylayer.com/policies/io-github-mukundakatta-agentfit and adjust the limits to match your use case.
Starter policies available for each. Same risk classification, same one-command setup.
Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.