Enforce policies on every tool call to the MERX - TRON Resource Exchange MCP Server. 54 tools with suggested default rules ready to customise.
Last updated:
This policy includes sensible default rules. Download it, adjust the limits to match your use case, and run with Intercept.
# Download policy with default rules
curl -o merx-tron-resource-exchange.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/merx-tron-resource-exchange.yaml # Run with Intercept
intercept --policy merx-tron-resource-exchange.yaml -- npx -y @merx-mcp Server documentation: https://github.com/Hovsteder/merx-mcp
This policy includes suggested default rules for common use cases. Adjust rate limits, add argument validation, or remove rules you don't need.
version: "1" description: "Policy for merx-mcp" # Set to "deny" to reject tool calls not listed below default: "allow" tools: # -- Financial Tools ---------------------------------------- # deposit_trx: Deposit TRX to your Merx account. Requires MERX_API_KEY + TRON_PRIVATE_KEY. deposit_trx: rules: - action: deny on_deny: "Financial operation requires approval" # enable_auto_deposit: Configure automatic top-up when balance drops below a threshold. Session-only. enable_auto_deposit: rules: - action: deny on_deny: "Financial operation requires approval" # pay_invoice: Pay an x402 invoice by sending TRX and verifying payment. pay_invoice: rules: - action: deny on_deny: "Financial operation requires approval" # transfer_trc20: Transfer TRC-20 tokens with automatic energy optimization. Signs and broadcasts on-chain. Requires TRON_PRIVATE_KEY. transfer_trc20: rules: - action: deny on_deny: "Financial operation requires approval" # transfer_trx: Send TRX to an address. Checks bandwidth, buys via Merx if needed. Signs and broadcasts on-chain. Requires TRON_PRIVATE_KEY. transfer_trx: rules: - action: deny on_deny: "Financial operation requires approval" # withdraw: Withdraw TRX or USDT from your Merx account to an external TRON address. Requires MERX_API_KEY. withdraw: rules: - action: deny on_deny: "Financial operation requires approval" # -- Execute Tools ---------------------------------------- # call_contract: Execute a state-changing smart contract function. Estimates resources, buys via Merx if needed. Requires TRON_PRIVATE_KEY and TRON_ADDRESS. call_contract: rules: - action: allow rate_limit: 10/hour validate: required_args: true # compile_policy: Convert a natural language energy management policy into MERX automation. Creates standing orders and monitors based on your instructions. Examples: - "Keep 500k energy on my wallet, buy when price is below 55 SUN, max 200 TRX/week" - "Buy energy every day at 6 AM UTC, 1 million units, for 24 hours" - "Alert me when my energy drops below 100k" Returns a preview of what will be created. Set apply=true to execute. compile_policy: rules: - action: allow rate_limit: 10/hour validate: required_args: true # execute_intent: Execute a multi-step operation (transfer, swap, buy resources, etc). Validates and simulates all steps with resource cost estimates. Auth required. execute_intent: rules: - action: allow rate_limit: 10/hour validate: required_args: true # execute_swap: Execute a token swap on SunSwap V2. Requires TRON_PRIVATE_KEY. execute_swap: rules: - action: allow rate_limit: 10/hour validate: required_args: true # -- Write Tools ---------------------------------------- # approve_trc20: Approve TRC-20 spending allowance. Signs and broadcasts on-chain. Requires TRON_PRIVATE_KEY. approve_trc20: rules: - action: allow rate_limit: 30/hour # convert_address: Convert TRON address between base58 (T...) and hex (41...) formats. No auth required. convert_address: rules: - action: allow rate_limit: 30/hour # create_account: Create a new Merx account, generate an API key, and get deposit info. No auth needed. create_account: rules: - action: allow rate_limit: 30/hour # create_monitor: Create a persistent monitor (delegation expiry, balance, price alert). Auth required. create_monitor: rules: - action: allow rate_limit: 30/hour # create_order: Buy energy or bandwidth on Merx. Routed to cheapest provider. Auth required. create_order: rules: - action: allow rate_limit: 30/hour # create_paid_order: Create a zero-registration order via x402 pay-per-use. Requires TRON_PRIVATE_KEY. create_paid_order: rules: - action: allow rate_limit: 30/hour # create_standing_order: Create a server-side standing order with trigger-based automation. Auth required. create_standing_order: rules: - action: allow rate_limit: 30/hour # login: Log in to an existing Merx account. No MERX_API_KEY needed. login: rules: - action: allow rate_limit: 30/hour # set_api_key: Set your Merx API key for this session. Unlocks all authenticated tools (trading, balance, orders). Use this if you already have an API key. set_api_key: rules: - action: allow rate_limit: 30/hour # set_private_key: Set your TRON private key for this session. Address is derived automatically. Enables write tools: transfer_trx, transfer_trc20, approve_trc20, execute_swap, deposit_trx. Key stays local - never sent to Merx servers. set_private_key: rules: - action: allow rate_limit: 30/hour # -- Read Tools ---------------------------------------- # analyze_prices: Market price analysis with trends and recommendations. No auth required. analyze_prices: rules: - action: allow rate_limit: 60/minute # calculate_savings: Calculate savings from renting energy vs burning TRX. No authentication required. calculate_savings: rules: - action: allow rate_limit: 60/minute # check_address_resources: Check energy, bandwidth, and TRX balance for any TRON address. No auth required. check_address_resources: rules: - action: allow rate_limit: 60/minute # compare_providers: Side-by-side provider comparison with prices and availability. No auth required. compare_providers: rules: - action: allow rate_limit: 60/minute # ensure_resources: Declarative resource provisioning. Checks current resources on target address and purchases only what is missing. Auth required. ensure_resources: rules: - action: allow rate_limit: 60/minute # estimate_contract_call: Estimate energy and bandwidth cost for a smart contract call. Compares rental vs burn cost. No auth required. estimate_contract_call: rules: - action: allow rate_limit: 60/minute # estimate_transaction_cost: Estimate energy and bandwidth cost for a TRON transaction. Compares rental vs burn cost. No auth required. estimate_transaction_cost: rules: - action: allow rate_limit: 60/minute # explain_concept: Explain a TRON or Merx concept. No authentication required. explain_concept: rules: - action: allow rate_limit: 60/minute # get_account_info: Full on-chain account state: TRX balance, energy, bandwidth, creation date. No auth required. get_account_info: rules: - action: allow rate_limit: 60/minute # get_balance: Get your Merx account balance (TRX, USDT, locked). Requires MERX_API_KEY. get_balance: rules: - action: allow rate_limit: 60/minute # get_best_price: Find the cheapest provider for a given resource and amount. No auth required. get_best_price: rules: - action: allow rate_limit: 60/minute # get_block: Get TRON block info by number (or latest if omitted). No auth required. get_block: rules: - action: allow rate_limit: 60/minute # get_chain_parameters: Get TRON network parameters (energy fee, bandwidth cost, etc.) with Merx price comparison. No auth required. get_chain_parameters: rules: - action: allow rate_limit: 60/minute # get_deposit_info: Get your Merx deposit address and memo. Requires MERX_API_KEY. get_deposit_info: rules: - action: allow rate_limit: 60/minute # get_order: Get order details and fill status by ID. Auth required. get_order: rules: - action: allow rate_limit: 60/minute # get_price_history: Historical price snapshots. No auth required. get_price_history: rules: - action: allow rate_limit: 60/minute # get_prices: Get current energy and bandwidth prices from all Merx providers. No auth required. get_prices: rules: - action: allow rate_limit: 60/minute # get_swap_quote: Get a real swap quote from SunSwap V2. No auth required. get_swap_quote: rules: - action: allow rate_limit: 60/minute # get_token_info: Get TRC-20 token metadata: name, symbol, decimals, total supply. No auth required. get_token_info: rules: - action: allow rate_limit: 60/minute # get_token_price: Get token price via SunSwap quote + CoinGecko USD rate. No auth required. get_token_price: rules: - action: allow rate_limit: 60/minute # get_transaction: Look up a transaction by ID on TRON. No auth required. get_transaction: rules: - action: allow rate_limit: 60/minute # get_transaction_history: Get your Merx account transaction history. Requires MERX_API_KEY. get_transaction_history: rules: - action: allow rate_limit: 60/minute # get_trc20_balance: Get TRC-20 token balance for an address. Supports symbol (USDT, USDC) or contract address. No auth required. get_trc20_balance: rules: - action: allow rate_limit: 60/minute # get_trx_balance: Quick TRX balance for a TRON address. No auth required. get_trx_balance: rules: - action: allow rate_limit: 60/minute # get_trx_price: Get current TRX price from CoinGecko. No auth required. get_trx_price: rules: - action: allow rate_limit: 60/minute # list_monitors: List all monitors with optional status filter. Auth required. list_monitors: rules: - action: allow rate_limit: 60/minute # list_orders: List recent orders with optional status filter. Auth required. list_orders: rules: - action: allow rate_limit: 60/minute # list_providers: List all Merx providers with types, durations, and availability. No authentication required. list_providers: rules: - action: allow rate_limit: 60/minute # list_standing_orders: List all standing orders with optional status filter. Auth required. list_standing_orders: rules: - action: allow rate_limit: 60/minute # read_contract: Call a view/pure function on a TRON smart contract. No auth or private key required. read_contract: rules: - action: allow rate_limit: 60/minute # search_transaction_history: Get on-chain transaction history for a TRON address. No auth required. search_transaction_history: rules: - action: allow rate_limit: 60/minute # simulate: Simulate a multi-step operation without executing. Returns resource estimates and costs. simulate: rules: - action: allow rate_limit: 60/minute # suggest_duration: Recommend a rental duration based on your use case. No authentication required. suggest_duration: rules: - action: allow rate_limit: 60/minute # validate_address: Validate a TRON address format and check on-chain status. No auth required. validate_address: rules: - action: allow rate_limit: 60/minute
Yes. The MERX - TRON Resource Exchange server exposes 6 financial tools including deposit_trx, enable_auto_deposit, pay_invoice. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. Intercept lets you block financial tools by default or set per-tool rate limits.
The MERX - TRON Resource Exchange server has 10 write tools including approve_trc20, convert_address, create_account. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.
54 tools across 4 categories: Execute, Financial, Read, Write. 34 are read-only. 20 can modify, create, or delete data.
One line change. Instead of running the MERX - TRON Resource Exchange server directly, prefix it with Intercept: intercept -c merx-tron-resource-exchange.yaml -- npx -y @merx-mcp. Download a pre-built policy from policylayer.com/policies/merx-tron-resource-exchange and adjust the limits to match your use case.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept