Enforce policies on every tool call to the Printr MCP Server. 23 tools with suggested default rules ready to customise.
Last updated:
This policy includes sensible default rules. Download it, adjust the limits to match your use case, and run with Intercept.
# Download policy with default rules
curl -o io-github-printrfi-printr.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/io-github-printrfi-printr.yaml # Run with Intercept
intercept --policy io-github-printrfi-printr.yaml -- npx -y @@printr/mcp Server documentation: https://github.com/PrintrFi/printr-mcp
This policy includes suggested default rules for common use cases. Adjust rate limits, add argument validation, or remove rules you don't need.
version: "1" description: "Policy for @printr/mcp" # Set to "deny" to reject tool calls not listed below default: "allow" tools: # -- Financial Tools ---------------------------------------- # printr_transfer: Transfer native tokens (ETH, SOL, BNB, etc.) to another address. Uses the active wallet from printr_wallet_unlock if no private_key is provided. printr_transfer: rules: - action: deny on_deny: "Financial operation requires approval" # -- Destructive Tools ---------------------------------------- # printr_wallet_bulk_remove: Remove multiple wallets from the local keystore at once. Does not affect active wallets for the current session. printr_wallet_bulk_remove: rules: - action: deny on_deny: "Destructive operation blocked by policy" # printr_wallet_remove: Remove a wallet from the local keystore. Does not affect the active wallet for the current session. printr_wallet_remove: rules: - action: deny on_deny: "Destructive operation blocked by policy" # -- Execute Tools ---------------------------------------- # printr_drain_deployment_wallet: Drain remaining funds from a deployment wallet back to the treasury. NOTE: drain runs automatically inside printr_launch_token — only call this tool manually to recover a stuck wallet (e.g. after a crash or if printr_launch_token was not called). Automatically calculates gas fees and drains the maximum possible amount. Can recover wallets after MCP restart using persisted state and PRINTR_DEPLOYMENT_PASSWORD. printr_drain_deployment_wallet: rules: - action: allow rate_limit: 10/hour validate: required_args: true # printr_fund_deployment_wallet: Create a fresh deployment wallet and fund it from the treasury wallet. Uses the SVM_WALLET_PRIVATE_KEY or EVM_WALLET_PRIVATE_KEY environment variable as the funding source. The new wallet is set as the active wallet for signing. Use this before printr_launch_token to deploy tokens without exposing the treasury. Requires PRINTR_DEPLOYMENT_PASSWORD to be set for wallet encryption. printr_fund_deployment_wallet: rules: - action: allow rate_limit: 10/hour validate: required_args: true # printr_launch_token: Create a token and sign it in one call — collapses printr_create_token + printr_sign_and_submit_evm/svm or printr_open_web_signer into a single round-trip. Supply image (base64) or image_path (auto-compressed). If neither is provided and OPENROUTER_API_KEY is set, an image is auto-generated. With private_key: token is created and submitted on-chain immediately. Without private_key: token is created and a browser signing URL is returned. After submission, present the trade page URL: https://app.printr.money/trade/{token_id}. printr_launch_token: rules: - action: allow rate_limit: 10/hour validate: required_args: true # printr_wallet_new: Generate a new wallet keypair for the given chain, encrypt it with a password, and save it to the local keystore (~/.printr/wallets.json). Returns the new address and wallet ID. The wallet is immediately set as the active wallet for its chain type. Fund the address with native tokens before signing transactions. printr_wallet_new: rules: - action: allow rate_limit: 10/hour validate: required_args: true # -- Write Tools ---------------------------------------- # printr_create_token: Create a new token on Printr. Returns an UNSIGNED transaction payload that must be signed by the creator's wallet and submitted on-chain. The payload will be EVM calldata or Solana instructions depending on the home chain. You need separate wallet infrastructure to sign and submit the transaction. Use printr_quote first to estimate costs. Supply image (base64) or image_path (local file path — auto-compressed). If neither is provided and OPENROUTER_API_KEY is set, an image is generated from the token name, symbol, and description. The response includes a token_id (telecoin ID, hex) which can be used to construct the trade page URL: https://app.printr.money/trade/{token_id}. Present this URL to the user after the transaction is confirmed. printr_create_token: rules: - action: allow rate_limit: 30/hour # printr_open_web_signer: Starts an ephemeral local signing session and returns a deep link to the Printr web app where the user can sign the transaction using their browser wallet (MetaMask / Phantom). Call this after printr_create_token when the user wants to sign via browser rather than providing a raw private key. Present the returned URL to the user and ask them to open it. After the user confirms they have signed, proceed to poll printr_get_deployments. printr_open_web_signer: rules: - action: allow rate_limit: 30/hour # printr_set_treasury_wallet: Set a keystore wallet as the treasury wallet for funding deployment wallets. Once set, printr_fund_deployment_wallet and printr_drain_deployment_wallet will use this wallet instead of requiring environment variables. The treasury wallet persists for the session (until the MCP server restarts). Use printr_wallet_new or printr_wallet_import to add wallets first. printr_set_treasury_wallet: rules: - action: allow rate_limit: 30/hour # printr_sign_and_submit_evm: Sign and submit an EVM transaction payload returned by printr_create_token. If no private_key is provided, the user will be prompted to select or provision a wallet. Returns the transaction hash and receipt once confirmed. After successful confirmation, present the trade page URL to the user: https://app.printr.money/trade/{token_id} using the token_id from the prior printr_create_token call. printr_sign_and_submit_evm: rules: - action: allow rate_limit: 30/hour # printr_sign_and_submit_svm: Sign and submit a Solana transaction payload returned by printr_create_token. If no private_key is provided, the user will be prompted to select or provision a wallet. Returns the transaction signature once confirmed. After successful confirmation, present the trade page URL to the user: https://app.printr.money/trade/{token_id} using the token_id from the prior printr_create_token call. printr_sign_and_submit_svm: rules: - action: allow rate_limit: 30/hour # printr_wallet_import: Import an existing private key as the active wallet for its chain. Optionally encrypt and save it to the local keystore by providing a label and password. The wallet is set active immediately. printr_wallet_import: rules: - action: allow rate_limit: 30/hour # printr_wallet_unlock: Decrypt a stored keystore wallet with its password and set it as the active wallet for its chain type. Once unlocked, signing tools use it automatically for the rest of the session (until the MCP server restarts). printr_wallet_unlock: rules: - action: allow rate_limit: 30/hour # -- Read Tools ---------------------------------------- # printr_claim_fees: Claim accumulated creator fees for a token on a specific chain. First use printr_get_creator_fees to check available fees, then call this to claim. Uses the treasury wallet to sign and submit the claim transaction. Returns the transaction hash/signature on success. printr_claim_fees: rules: - action: allow rate_limit: 60/minute # printr_get_balance: Get the native token balance of a wallet address. Supports EVM chains (ETH, BNB, AVAX, etc.) and Solana. Use this to check if a wallet has sufficient funds before creating or trading tokens. printr_get_balance: rules: - action: allow rate_limit: 60/minute # printr_get_creator_fees: Check accumulated creator fees for a token across all deployed chains. Returns fee amounts and whether they can be claimed. Use printr_claim_fees to claim the fees to the treasury. printr_get_creator_fees: rules: - action: allow rate_limit: 60/minute # printr_get_deployments: Check the deployment status of a Printr token across all its target chains. Returns per-chain status (pending, deploying, live, failed), contract addresses, transaction hashes, graduation progress, and cross-chain message details. Use this to monitor a token after creation. printr_get_deployments: rules: - action: allow rate_limit: 60/minute # printr_get_token: Get details about a Printr token by its telecoin ID or CAIP-10 contract address. Returns name, symbol, description, image, creator addresses, deployed chains, bonding curve properties, and external links. printr_get_token: rules: - action: allow rate_limit: 60/minute # printr_get_token_balance: Get the balance of an ERC-20 or SPL token for a wallet address. Use this to check token holdings before trading or transferring. printr_get_token_balance: rules: - action: allow rate_limit: 60/minute # printr_quote: Get a cost estimate for creating a token on Printr. Returns itemized costs per chain, total cost in USD and native tokens, and the number of tokens from the initial buy. Use this before printr_create_token to understand costs. printr_quote: rules: - action: allow rate_limit: 60/minute # printr_supported_chains: List all blockchain networks supported by Printr MCP. Returns chain IDs, names, native token info, and RPC availability. printr_supported_chains: rules: - action: allow rate_limit: 60/minute # printr_wallet_list: List wallets saved in the local keystore (~/.printr/wallets.json). Private keys are never returned. printr_wallet_list: rules: - action: allow rate_limit: 60/minute
Yes. The Printr server exposes 1 financial tools including printr_transfer. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. Intercept lets you block financial tools by default or set per-tool rate limits.
Yes. The Printr server exposes 2 destructive tools including printr_wallet_bulk_remove, printr_wallet_remove. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.
The Printr server has 7 write tools including printr_create_token, printr_open_web_signer, printr_set_treasury_wallet. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.
23 tools across 5 categories: Destructive, Execute, Financial, Read, Write. 9 are read-only. 14 can modify, create, or delete data.
One line change. Instead of running the Printr server directly, prefix it with Intercept: intercept -c io-github-printrfi-printr.yaml -- npx -y @@printr/mcp. Download a pre-built policy from policylayer.com/policies/io-github-printrfi-printr and adjust the limits to match your use case.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept