Tru

35 tools. 25 can modify or destroy data without limits.

7 destructive tools with no built-in limits. Policy required.

Last updated:

25 can modify or destroy data
10 read-only
35 tools total

Verified server · catalogue entry verified 05/07/2026 · full schemas captured for 28 of 35 tools

How to control Tru ↓

What Tru exposes to your agents

Read (10) Write / Execute (18) Destructive / Financial (7)

What Tru costs in tokens

6,418 tokens of tool definitions, loaded on every request
3.2% of a 200k context window
540 heaviest tool: request_payment
Critical Risk

The most dangerous Tru tools

25 of Tru's 35 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Tru

PolicyLayer is an MCP gateway — it sits between your AI agents and Tru, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default
{
  "cancel_subscription": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Rate limit write operations
{
  "block_sender": {
    "limits": [
      {
        "counter": "block_sender_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "browse_apps": {
    "limits": [
      {
        "counter": "browse_apps_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Tru — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON TRU →

Instant setup, no code required.

All 35 Tru tools

WRITE 16 tools
Write block_sender Block a sender from sending you payment requests. Blocked senders cannot create charges for your account. Requ Write dev_configure_login Generate an OAuth authorization URL for a tru-integrated app. Given a service_name, looks up the app and retur Write dev_configure_products [Developer tool] Sync products from the app's Stripe account and configure which ones agents can discover and Write dev_configure_webhook Configure webhook delivery for the developer's app. Webhooks notify your app about subscription lifecycle even Write dev_connect_stripe Connect a developer's Stripe account to their tru app via Stripe Connect OAuth. Works with the app's API key — Write dev_provision_user Provision a tru user on a third-party app. The app must have a provision_url configured. tru sends the user's Write dev_register_app [Developer tool] Register a new app on the tru platform. This tool handles authentication and registration in Write dev_rotate_secret Rotate the app secret for your tru app. Use this if your secret has been leaked or you need a fresh one. The o Write dev_send_setup_report Send a setup summary email to the developer after completing the tru setup flow. Includes app details, API key Write dev_set_provision_url Register the app's provision endpoint URL with tru. tru POSTs { email, name, tru_user_id, purchases } to this Write dev_submit_friction_log Submit a friction log after completing setup to help improve the tru service. Include what worked well, what w Write dev_update_app Update app settings on tru. Use this to set support_email, website, description, display_name, or auto_upgrade Write logout Log out of tru. Clears stored credentials so you can log in as a different user. Write report_spam Report a charge as spam or unwanted. This flags the charge for review and may affect the sender's trust level. Write suggest_rule Create a new app rule in your tru wallet. Use this after manually approving a charge to set up auto-approval f Write unblock_sender Unblock a previously blocked sender, allowing them to send you payment requests again. Requires login first.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Tru

Can an AI agent move money through the Tru MCP server? +

Yes. The Tru server exposes 7 financial tools including cancel_subscription, get_card, refund_charge. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

How do I prevent bulk modifications through Tru? +

The Tru server has 16 write tools including block_sender, dev_configure_login, dev_configure_products. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Tru.

How many tools does the Tru MCP server expose? +

35 tools across 4 categories: Destructive, Financial, Read, Write. 10 are read-only. 25 can modify, create, or delete data.

How do I enforce a policy on Tru? +

Register the Tru MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Tru tool call.

Deterministic rules across all 35 Tru tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

35 Tru tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.