XGR MCP Gateway

80 tools. 6 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

6 can modify or destroy data
74 read-only
80 tools total

Community server · catalogue entry verified 02/07/2026

How to control XGR MCP Gateway ↓

What XGR MCP Gateway exposes to your agents

Read (74) Write / Execute (5) Destructive / Financial (1)
Critical Risk

The most dangerous XGR MCP Gateway tools

6 of XGR MCP Gateway's 80 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control XGR MCP Gateway

PolicyLayer is an MCP gateway — it sits between your AI agents and XGR MCP Gateway, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "cancel_xdala_bundle_deploy_handoff": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "cancel_operation_handoff": {
    "limits": [
      {
        "counter": "cancel_operation_handoff_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "estimate_xdala_rule_gas": {
    "limits": [
      {
        "counter": "estimate_xdala_rule_gas_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register XGR MCP Gateway — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON XGR MCP GATEWAY →

Instant setup, no code required.

All 80 XGR MCP Gateway tools

READ 74 tools
Read estimate_xdala_rule_gas Use this to estimate XDaLa/XRC-137 rule gas. Returns validation gas, branch gas, grant fees and worst-case tot Read find_latest_xdala_session Use this when the user asks for the latest XDaLa session but does not provide owner and sessionId. This read-o Read find_reusable_xrc137_rules Read-only metadata-assisted search for existing owner XRC-137 contracts that could be reused instead of redepl Read find_startable_xdala_workflows Read-only discovery of deployed XRC-729 workflows that a given address can start as owner, executor, or wildca Read get_account_live_state Use this for live EVM account state. Returns balance, nonce and contract code for an address. Read get_account_transactions Read-only chain-wide Explorer DB transaction lookup for one account as sender, recipient, or both. Use this in Read get_block_transactions Read-only list of transactions in a specific indexed block, latest indexed block, or latest indexed block minu Read get_chain_status Use this for live XGRChain status. Returns chain id, latest block number and gas price from JSON-RPC. Read get_latest_block Use this when the user asks for the latest EVM block details from XGRChain. Read get_latest_session_payload Use this when the user asks for the payload of the latest XDaLa session. This read-only tool resolves the late Read get_operation_status Return the current status of an operation handoff. Use this after the user opens the operation page and signs Read get_recent_value_transfers Read-only shortcut for recent native XGR value transfers from the Explorer transaction index. Native value tra Read get_recent_xdala_sessions Use this to list recent indexed XDaLa sessions from the read-only Explorer database, especially when the user Read get_session_receipt_logs Use this to inspect what an XDaLa session actually did. Returns decoded engine receipt data such as input payl Read get_session_status_live Use this to check live session status from XGR RPC. Returns xgr_sessionAlive for a session owner and session i Read get_session_transactions Use this to list the blockchain transactions belonging to an XDaLa session. This returns the timeline of trans Read get_sessions_overview Use this for high-level indexed XDaLa session analytics from the Explorer API. Read get_transaction_evidence Use this when the user asks what happened in a specific transaction. Combines indexed Explorer transaction dat Read get_transaction_receipt Use this for receipt logs, status and gas usage of a transaction. Prefers Explorer decoded receipt data. Read get_transaction_stats Read-only compact chain transaction statistics from the Explorer transaction index, with optional block or blo Read get_unused_xrc137_rules Read-only list of owner XRC-137 rules with no observed tx_receipts engine_rule_contract usage. Read get_xdala_active_sessions_timeseries Use this when the user asks for active/concurrent XDaLa sessions over time. Read get_xdala_authoring_rules Use this before creating, modifying or reviewing XRC/XDaLa artifacts. Read get_xdala_bundle_deploy_handoff Return stored metadata, bundle JSON, and any recorded deployed result/artifact for an XDaLa bundle deploy hand Read get_xdala_bundle_deploy_result Return the stored XDaLa bundle deploy result, canonical deployed artifact, and audit events for a handoff hand Read get_xdala_payload_field_value_stats Use this when the user asks which values occurred for a specific payload field, for example “which DocumentTyp Read get_xdala_payload_key_stats Use this when the user asks which payload fields/keys occurred, how often payload fields appeared, or which pa Read get_xdala_payload_term_stats Use this when the user asks for payload terms, payload words, payload Begriff statistics, or a statistic over Read get_xdala_process_mermaid Render an XDaLa XRC-729 process graph from runtime, bundle, or bundle handoff data as Mermaid flowchart text. Read get_xdala_session_detail Use this when the user asks for details, timeline, steps, payloads, or evidence for a concrete XDaLa session w Read get_xdala_session_start_handoff Read stored xDaLa session start handoff metadata, canonical request, authority, derived sessionOwnership role Read get_xdala_session_start_result Return terminal xDaLa session start result, lean result summary, and audit events. Read-only preparation/resul Read get_xdala_session_stats Use this when the user asks for aggregate XDaLa session statistics, for example “statistics for the last 2 wee Read get_xdala_session_timeseries Use this when the user asks for XDaLa sessions over time, for example “sessions per day”, “daily sessions last Read get_xdala_step_stats Use this when the user asks for step-level XDaLa statistics, for example “how many steps were valid”, “invalid Read get_xgr_circulating_supply Use this to retrieve circulating supply information exposed by xgr_getCirculatingSupply. Read get_xgr_core_addresses Use this to retrieve XGR core protocol addresses exposed by the xgr_getCoreAddrs RPC method. Read get_xgr_doc Retrieve canonical Markdown documentation for an XGR/XDaLa topic. Read get_xgr_multibundle_reference Retrieve canonical xgr-multi-bundle@1 Markdown documentation. Read get_xgr_multibundle_schema Retrieve canonical XGR MultiBundle schema. Read get_xgr_session_start_schema Retrieve canonical Workbench xgr-session-start@1 handoff schema. Read get_xgr_standard_example Retrieve a concrete JSON example for XRC-137 or XRC-729. Read get_xgr_standard_reference Use this before drafting XRC-137 or XRC-729 artifacts. Read get_xgr_standard_schema Retrieve machine-readable JSON schema for XGR standards. Read get_xrc_contract Read-only lookup of one indexed XRC contract by address. Read get_xrc_contract_events Read-only list of all indexed XRC events for one contract. Read get_xrc_failure_stats Read-only invalid/failure statistics associated with an XRC-137 rule or XRC-729 OSTC/process filters. Read get_xrc_owner_summary Compact read-only summary of XRC-137/XRC-729 assets and recent XRC events for an owner. Read get_xrc_usage Read-only usage statistics from Explorer PGRO tx_receipts for XRC-137 rules or XRC-729 OSTC/process filters. Read get_xrc729_authority Read-only authority lookup for one XRC-729 orchestration contract. Reads owner()/getOwner() and getExecutorLis Read get_xrc729_ostc_state Read-only list of indexed OSTC state entries for an XRC-729 contract. Read list_recent_operations List recent offchain operation handoffs. Secrets and browser execution tokens are never returned by this tool. Read list_wakeup_targets_by_address Use this to list WAITING XDaLa runtime steps that the given wallet or Safe address is allowed to wake via RPC. Read list_xdala_session_ids Use this when the user asks for session IDs. Always returns session IDs grouped by owner because session IDs a Read list_xdala_session_owners Use this when the user asks which owners had XDaLa sessions, asks for the owner list, or when aggregate result Read list_xdala_sessions Use this when the user asks to list XDaLa sessions, enumerate recent sessions, or discover owner/sessionId pai Read list_xgr_docs List canonical Markdown documentation topics served by the MCP knowledge base. Read list_xgr_standard_examples List available example artifacts for a standard. Read list_xgr_standards List agent-readable XGR and XDaLa standards available in the MCP knowledge base. Read list_xrc_contracts Read-only list of indexed XRC-137/XRC-729 contracts globally or filtered by owner/type. Read list_xrc_events Read-only list of XRC events globally or by owner, contract, type/action, tx hash, or block range. Read list_xrc_process_sessions Read-only list of sessions associated with an XRC-729 OSTC id/hash. Read read_xrc137_rule_json Read-only eth_call to XRC137.getRule(), returning the runtime rule JSON string. Read read_xrc729_ostc_json Read-only eth_call to XRC729.getOSTC(ostcId), returning the runtime OSTC JSON string. Read resolve_wakeup_payload_schema Use this to resolve payload fields for one currently WAITING wake-up target. It reads XRC-729.getOSTC(step -> Read resolve_xrc729_process_graph Resolve deployed XRC-729 OSTC runtime JSON and linked indexed XRC-137 rule contracts without mutating chain st Read search_transactions Read-only chain-wide Explorer DB transaction search. Use for general transaction, native XGR value, from/to ad Read validate_xdala_blueprint Validate XRC-729 OSTC plus per-step XRC-137 payload-flow consistency. Read validate_xdala_bundle Alias for validate_xgr_multibundle. Read validate_xdala_rules Validate rule expressions against available placeholder fields. Read validate_xgr_multibundle Validate canonical deployable xgr-multi-bundle@1. Read validate_xgr_session_start Validate legacy low-level session-start payload only. Read validate_xgr_session_start_handoff Validate a canonical Workbench xgr-session-start@1 request. Read validate_xrc137_authoring Validate a drafted XRC-137 authoring object.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about XGR MCP Gateway

Can an AI agent delete data through the XGR MCP Gateway MCP server? +

Yes. The XGR MCP Gateway server exposes 1 destructive tools including cancel_xdala_bundle_deploy_handoff. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through XGR MCP Gateway? +

The XGR MCP Gateway server has 5 write tools including cancel_operation_handoff, cancel_xdala_session_start_handoff, create_operation_handoff. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach XGR MCP Gateway.

How many tools does the XGR MCP Gateway MCP server expose? +

80 tools across 3 categories: Destructive, Read, Write. 74 are read-only. 6 can modify, create, or delete data.

How do I enforce a policy on XGR MCP Gateway? +

Register the XGR MCP Gateway MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every XGR MCP Gateway tool call.

Deterministic rules across all 80 XGR MCP Gateway tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

80 XGR MCP Gateway tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.