Quickbooks MCP Policy

version: "1"
description: "Policy for quickbooks-mcp"
# Set to "deny" to reject tool calls not listed below
default: "allow"

tools:
    # -- Financial Tools ----------------------------------------
    # create_deposit: Create a bank deposit. Accepts account/department/vendor names (will lookup IDs automatically). Lines represent the sources of the deposit — amounts can be positive (income) or negative (fees, deductions). QuickBooks computes the total from line amounts. Returns deposit details and a link to view in QuickBooks.
    create_deposit:
        rules:
          - action: deny
            on_deny: "Financial operation requires approval"
    # edit_deposit: Modify an existing deposit. Can update date, memo, deposit account, department, and/or lines. CRITICAL for line changes: The QB Deposit API does NOT replace lines - it merges them. Lines WITH line_id update existing lines. Lines WITHOUT line_id are ADDED as new. Lines NOT included are KEPT unchanged. To 'delete' a line, you must include ALL existing lines with their line_ids and set unwanted lines to amount: 0. Line amounts must sum to the original deposit total (use expected_total to override for corrupted deposits).
    edit_deposit:
        rules:
          - action: deny
            on_deny: "Financial operation requires approval"

    # -- Destructive Tools ----------------------------------------
    # delete_entity: Permanently delete a QuickBooks transaction. Supports journal entries, bills, invoices, deposits, sales receipts, expenses, and vendor credits. Uses a two-step flow: first call previews what will be deleted, second call with confirm=true executes the deletion. Note: Customers cannot be deleted — use edit_customer with active=false to deactivate instead.
    delete_entity:
        rules:
          - action: deny
            on_deny: "Destructive operation blocked by policy"

    # -- Write Tools ----------------------------------------
    # create_bill: Create a vendor bill. Accepts vendor/account/department names (will lookup IDs automatically). Note: DepartmentRef is header-level only — for multi-department splits, create separate bills (one per department). Returns bill details and a link to view in QuickBooks.
    create_bill:
        rules:
          - action: allow
            rate_limit: 30/hour
    # create_customer: Create a customer or sub-customer. Accepts name parts, contact info, addresses, and hierarchy settings. Use parent_ref to create sub-customers or jobs. Returns customer details and a link to view in QuickBooks.
    create_customer:
        rules:
          - action: allow
            rate_limit: 30/hour
    # create_expense: Create an expense (Purchase). Accepts account/department/vendor names (will lookup IDs automatically). Covers Cash, Check, and Credit Card payment types. Note: PaymentType cannot be changed after creation. DepartmentRef is header-level only. Returns expense details and a link to view in QuickBooks.
    create_expense:
        rules:
          - action: allow
            rate_limit: 30/hour
    # create_invoice: Create an invoice. Accepts item/customer/department names (will lookup IDs automatically). Either customer_name or customer_id is REQUIRED — invoices must have a customer. Lines use SalesItemLineDetail (product/service references, not accounts). Returns invoice details and a link to view in QuickBooks.
    create_invoice:
        rules:
          - action: allow
            rate_limit: 30/hour
    # create_journal_entry: Create a journal entry. Accepts account/department names (will lookup IDs automatically). Validates debits=credits before creating. Returns entry details and a link to view in QuickBooks.
    create_journal_entry:
        rules:
          - action: allow
            rate_limit: 30/hour
    # create_sales_receipt: Create a sales receipt. Accepts item/customer/department names (will lookup IDs automatically). Lines reference items (products/services) not accounts. Returns receipt details and a link to view in QuickBooks.
    create_sales_receipt:
        rules:
          - action: allow
            rate_limit: 30/hour
    # create_vendor_credit: Create a vendor credit. Accepts vendor/account/department names (will lookup IDs automatically). Lines represent credit amounts applied to expense accounts. Returns credit details and a link to view in QuickBooks.
    create_vendor_credit:
        rules:
          - action: allow
            rate_limit: 30/hour
    # edit_bill: Modify an existing bill. Can update vendor, date, due date, memo, and/or lines. For lines: provide line_id to update existing line, omit to add new line, set delete=true to remove. Note: DepartmentRef is header-level only — lines do not support department.
    edit_bill:
        rules:
          - action: allow
            rate_limit: 30/hour
    # edit_customer: Modify an existing customer. Can update name, contact info, addresses, notes, taxable status, active status, hierarchy (parent/sub-customer), delivery method, and payment terms. Set active=false to deactivate (QuickBooks equivalent of delete).
    edit_customer:
        rules:
          - action: allow
            rate_limit: 30/hour
    # edit_expense: Modify an existing expense (Purchase). Can update date, memo, payment account, and/or lines. Note: PaymentType (Cash/Check/CreditCard) cannot be changed after creation.
    edit_expense:
        rules:
          - action: allow
            rate_limit: 30/hour
    # edit_invoice: Modify an existing invoice. Can update date, due date, memo, customer, department, terms, email, online payment settings, and/or lines. For lines: provide line_id to update existing line, omit line_id to add new line (requires item_name), set delete=true to remove.
    edit_invoice:
        rules:
          - action: allow
            rate_limit: 30/hour
    # edit_journal_entry: Modify an existing journal entry. Can update date, memo, doc_number, and/or lines. For lines: provide line_id to update existing line, omit line_id to add new line, set delete=true to remove a line. Validates debits=credits before saving.
    edit_journal_entry:
        rules:
          - action: allow
            rate_limit: 30/hour
    # edit_sales_receipt: Modify an existing sales receipt. Can update date, memo, deposit account, department, and/or lines. For lines: provide line_id to update existing line, omit line_id to add new line (requires item_name), set delete=true to remove.
    edit_sales_receipt:
        rules:
          - action: allow
            rate_limit: 30/hour
    # edit_vendor_credit: Modify an existing vendor credit. Can update vendor, date, memo, ref number, and/or lines. For lines: provide line_id to update existing line, omit line_id to add new line (requires amount and account_name), set delete=true to remove. Note: DepartmentRef is header-level only — lines do not support department.
    edit_vendor_credit:
        rules:
          - action: allow
            rate_limit: 30/hour

    # -- Read Tools ----------------------------------------
    # account_period_summary: Get a period summary for an account: opening balance, total debits/credits, closing balance, and transaction count. Uses the General Ledger report. Supports department filtering.
    account_period_summary:
        rules:
          - action: allow
            rate_limit: 60/minute
    # get_balance_sheet: Get a Balance Sheet report. Can be broken down by department/location.
    get_balance_sheet:
        rules:
          - action: allow
            rate_limit: 60/minute
    # get_bill: Fetch a single bill by ID with full details including SyncToken (needed for edits). Returns vendor, date, due date, amount, AP account, line details.
    get_bill:
        rules:
          - action: allow
            rate_limit: 60/minute
    # get_company_info: Get information about the connected QuickBooks company.
    get_company_info:
        rules:
          - action: allow
            rate_limit: 60/minute
    # get_customer: Fetch a single customer by ID with full details including SyncToken (needed for edits). Returns name, contact info, addresses, balance, hierarchy (parent/sub-customer), and active status.
    get_customer:
        rules:
          - action: allow
            rate_limit: 60/minute
    # get_deposit: Fetch a single deposit by ID with full details including SyncToken (needed for edits). Returns deposit account, date, memo, and line details showing source accounts and amounts.
    get_deposit:
        rules:
          - action: allow
            rate_limit: 60/minute
    # get_expense: Fetch a single expense (Purchase) by ID with full details including SyncToken. Covers Expenses, Checks, and Credit Card charges. Returns payment type, account, date, amount, line details.
    get_expense:
        rules:
          - action: allow
            rate_limit: 60/minute
    # get_invoice: Fetch a single invoice by ID with full details including SyncToken (needed for edits). Returns customer, date, due date, balance, department, line details with items/qty/price.
    get_invoice:
        rules:
          - action: allow
            rate_limit: 60/minute
    # get_journal_entry: Fetch a single journal entry by ID with full details including SyncToken (needed for edits). Returns formatted summary and writes full object to temp file.
    get_journal_entry:
        rules:
          - action: allow
            rate_limit: 60/minute
    # get_profit_loss: Get a Profit and Loss (Income Statement) report. Can be broken down by department/location.
    get_profit_loss:
        rules:
          - action: allow
            rate_limit: 60/minute
    # get_sales_receipt: Fetch a single sales receipt by ID with full details including SyncToken (needed for edits). Returns customer, date, deposit account, department, line details with items/qty/price.
    get_sales_receipt:
        rules:
          - action: allow
            rate_limit: 60/minute
    # get_trial_balance: Get a Trial Balance report. Useful for month-end close and reconciliation. Note: Trial Balance does not support department/location breakdown in QuickBooks Online.
    get_trial_balance:
        rules:
          - action: allow
            rate_limit: 60/minute
    # get_vendor_credit: Fetch a single vendor credit by ID with full details including SyncToken (needed for edits). Returns vendor, date, memo, ref number, AP account, and line details showing expense accounts and amounts.
    get_vendor_credit:
        rules:
          - action: allow
            rate_limit: 60/minute
    # list_accounts: List all accounts in the chart of accounts. Returns AcctNum (the user-facing account number), Name, AccountType, AccountSubType, and CurrentBalance. Use AcctNum to reference accounts in other queries or operations.
    list_accounts:
        rules:
          - action: allow
            rate_limit: 60/minute
    # qbo_authenticate: Authenticate with QuickBooks using OAuth (local credential mode only). Step 1: Call with no arguments to get the authorization URL. Step 2: After authorizing in browser, call with authorization_code and realm_id from the callback URL. This tool only works when QBO_CREDENTIAL_MODE is 'local' (the default).
    qbo_authenticate:
        rules:
          - action: allow
            rate_limit: 60/minute
    # query: Execute a QuickBooks query using SQL-like syntax. Supports querying any entity type (Customer, Vendor, Invoice, Bill, Account, Item, Department, etc.). Results are written to a file to preserve context. Defaults to MAXRESULTS 1000 if not specified. Examples: 'SELECT * FROM Customer', 'SELECT * FROM SalesReceipt WHERE TxnDate >= \'2025-11-01\' AND TxnDate <= \'2025-11-30\''
    query:
        rules:
          - action: allow
            rate_limit: 60/minute
    # query_account_transactions: Query all transactions affecting a specific account. Searches across JournalEntry, Purchase, Deposit, SalesReceipt, Bill, Invoice, and Payment. Returns consolidated list with date, type, amount (debit/credit), and description. Useful for investigating account balance discrepancies.
    query_account_transactions:
        rules:
          - action: allow
            rate_limit: 60/minute