IndexFoundry MCP

46 tools. 19 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated:

19 can modify or destroy data
27 read-only
46 tools total

Community server · catalogue entry verified 28/06/2026

How to control IndexFoundry MCP ↓

What IndexFoundry MCP exposes to your agents

Read (27) Write / Execute (16) Destructive / Financial (3)
Critical Risk

The most dangerous IndexFoundry MCP tools

19 of IndexFoundry MCP's 46 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control IndexFoundry MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and IndexFoundry MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "indexfoundry_project_delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "indexfoundry_connect_url": {
    "limits": [
      {
        "counter": "indexfoundry_connect_url_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "get_chunk": {
    "limits": [
      {
        "counter": "get_chunk_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register IndexFoundry MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON INDEXFOUNDRY →

Instant setup, no code required.

All 46 IndexFoundry MCP tools

READ 27 tools
Read get_chunk Retrieve a specific chunk by its ID. Use this to get full context for a search result. Read indexfoundry_classify_query 🔍 Classify a query to determine if RAG retrieval is needed and what type of query it is. Returns query type ( Read indexfoundry_connect_folder Load files from a local folder using glob patterns. Validates file sizes and content types. Read indexfoundry_connect_pdf Fetch a PDF file from URL or local path with specialized validation and metadata extraction. Read indexfoundry_debug_query 🔍 Debug retrieval queries with pipeline tracing, similarity scores, and expected/actual comparison. Diagnose Read indexfoundry_extract_document Generic document extractor for markdown, plain text, CSV, and JSON files. Normalizes encoding and line endings Read indexfoundry_extract_html Extract text and structure from HTML content. Preserves headings, tables, and semantic markup. Outputs clean t Read indexfoundry_extract_pdf Extract text from PDF files, producing page-by-page JSONL output. Handles multi-column layouts and embedded fo Read indexfoundry_extract_tables 📊 Extract and linearize tables from markdown, HTML, or CSV content. Produces structured table data, linearize Read indexfoundry_get_server_info ℹ️ Get IndexFoundry server installation information. WHAT THIS RETURNS: - server_base_dir: Where IndexFoundry Read indexfoundry_librarian_assess 📊 [LIBRARIAN PROTOCOL] Assess retrieval quality after a query. THE LIBRARIAN PROTOCOL: After running project Read indexfoundry_librarian_audit 📚 [LIBRARIAN PROTOCOL] Audit project state for health and readiness. THE LIBRARIAN PROTOCOL: The Librarian i Read indexfoundry_normalize_chunk Split extracted text into semantic chunks. Supports strategies: recursive (default), hierarchical (parent-chil Read indexfoundry_project_build_status 📊 Get build status and checkpoint information for a project. USE WHEN: You need to check if a build is in pr Read indexfoundry_project_get 📖 Get detailed information about a specific project. USE WHEN: You need to check project status, sources, or Read indexfoundry_project_list 📋 List all IndexFoundry projects. 📁 STORAGE LOCATION: All projects are stored in: {indexfoundry-install-pat Read indexfoundry_project_query 🔍 Search a project Read indexfoundry_project_serve_status 📊 Get status of running project servers. USE WHEN: You need to check if a server is running or find its endp Read indexfoundry_run_diff Compare two runs: configuration differences, source changes, chunk deltas, and timing comparisons. Read indexfoundry_run_list List all runs with optional filtering by status, date range, and sorting options. Read indexfoundry_run_status Get detailed status of a run including phase completion, timing, errors, and artifact counts. Read indexfoundry_serve_openapi Generate an OpenAPI 3.1 specification for the index API. Configurable endpoints: search_semantic, search_hybri Read indexfoundry_serve_query Query a running search server directly (without HTTP). Supports semantic, keyword, and hybrid search modes. Read indexfoundry_serve_status Get status of running search servers. Shows endpoint, uptime, request count, and loaded vector/chunk counts. Read list_sources List all indexed sources with their URIs and status Read search D&D 5e rules and World Read stats Get index statistics including chunk count, vector count, and source count

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about IndexFoundry MCP

Can an AI agent delete data through the IndexFoundry MCP server? +

Yes. The IndexFoundry MCP server exposes 3 destructive tools including indexfoundry_project_delete, indexfoundry_project_remove_source, indexfoundry_run_cleanup. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through IndexFoundry MCP? +

The IndexFoundry MCP server has 8 write tools including indexfoundry_connect_url, indexfoundry_index_build_profile, indexfoundry_index_upsert. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach IndexFoundry MCP.

How many tools does the IndexFoundry MCP server expose? +

46 tools across 4 categories: Destructive, Execute, Read, Write. 27 are read-only. 19 can modify, create, or delete data.

How do I enforce a policy on IndexFoundry MCP? +

Register the IndexFoundry MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every IndexFoundry MCP tool call.

Deterministic rules across all 46 IndexFoundry MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

46 IndexFoundry MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.