// SECURE ABRAFLEXI
View full policy →

AbraFlexi: 14 unrestricted tools

The AbraFlexi MCP server exposes tools that can move money, delete data, or destroy resources. Without policy enforcement, an autonomous agent has unrestricted access to every one of them.

2 move money
4 delete data
8 modify data
// DANGEROUS TOOLS
Write / Execute (8) Destructive / Financial (6)
// WHAT CAN GO WRONG

Financial operations (bank_transaction_create, invoice_issued_create) can move real money. An agent caught in a loop could drain accounts before anyone notices.

Destructive tools (contact_delete, evidence_delete, invoice_issued_delete) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (contact_create, contact_update, evidence_create) modify state. Without rate limits, an agent can make hundreds of changes in seconds -- faster than any human can review or revert.

// TOOLS THAT NEED LIMITS

These AbraFlexi tools can modify, create, or destroy resources. Without a policy, your agent has unrestricted access to all of them.

contact_create Create new contact records Write
contact_update Update existing contact records Write
evidence_create Create a record in any evidence type Write
evidence_update Update a record in any evidence type Write
invoice_issued_update Update existing issued invoices Write
invoice_received_create Create new received invoice records Write
product_create Create new products in the price list Write
product_update Update existing product details Write
bank_transaction_create Create new bank transaction records Financial
invoice_issued_create Create and issue new invoices Financial
contact_delete Delete contact records permanently Destructive
evidence_delete Delete a record from any evidence type Destructive
invoice_issued_delete Delete issued invoices permanently Destructive
product_delete Delete products from the price list Destructive
// RECOMMENDED RULES

These rules are based on the tool categories exposed by the AbraFlexi MCP server. Adjust the limits to match your use case.

Block financial tools by default 
bank_transaction_create:
    rules:
      - action: deny
        on_deny: "Financial operations require approval"

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations 
contact_delete:
    rules:
      - action: deny
        on_deny: "Destructive operations blocked by policy"

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations 
contact_create:
    rules:
      - name: "write-rate-limit"
        rate_limit: 30/hour
        on_deny: "Write rate limit reached"

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations 
bank_transaction_get:
    rules:
      - action: allow
        rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// FULL POLICY

This is the complete policy file for AbraFlexi. It lists every tool with suggested default rules. Download it, adjust the limits, and run with Intercept.

abraflexi.yaml 
version: "1"
default: "deny"

tools:
  contact_delete:
    rules:
      - action: deny
        on_deny: "Destructive operation blocked by policy"
  evidence_delete:
    rules:
      - action: deny
        on_deny: "Destructive operation blocked by policy"
  invoice_issued_delete:
    rules:
      - action: deny
        on_deny: "Destructive operation blocked by policy"
  product_delete:
    rules:
      - action: deny
        on_deny: "Destructive operation blocked by policy"
  bank_transaction_create:
    rules:
      - action: deny
        on_deny: "Financial operation requires approval"
  invoice_issued_create:
    rules:
      - action: deny
        on_deny: "Financial operation requires approval"
  bank_transaction_get:
    rules:
      - action: allow
        rate_limit: 60/minute
  contact_get:
    rules:
      - action: allow
        rate_limit: 60/minute
  evidence_get:
    rules:
      - action: allow
        rate_limit: 60/minute
  evidence_list:
    rules:
      - action: allow
        rate_limit: 60/minute
  invoice_issued_get:
    rules:
      - action: allow
        rate_limit: 60/minute
  invoice_received_get:
    rules:
      - action: allow
        rate_limit: 60/minute
  product_get:
    rules:
      - action: allow
        rate_limit: 60/minute
  contact_create:
    rules:
      - action: allow
        rate_limit: 30/hour
  contact_update:
    rules:
      - action: allow
        rate_limit: 30/hour
  evidence_create:
    rules:
      - action: allow
        rate_limit: 30/hour
  evidence_update:
    rules:
      - action: allow
        rate_limit: 30/hour
  invoice_issued_update:
    rules:
      - action: allow
        rate_limit: 30/hour
  invoice_received_create:
    rules:
      - action: allow
        rate_limit: 30/hour
  product_create:
    rules:
      - action: allow
        rate_limit: 30/hour
  product_update:
    rules:
      - action: allow
        rate_limit: 30/hour
// ENFORCE IT

Two commands. Under two minutes.

01

Download the policy

curl -o abraflexi.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/abraflexi.yaml
02

Run Intercept in front of the server

intercept -c abraflexi.yaml -- npx -y @abraflexi-mcp-server

Works with any MCP client:

Claude Code Cursor Claude Desktop Windsurf

Every tool call is now checked against your policy before it reaches AbraFlexi. Denied calls are blocked and logged. Allowed calls pass through with no latency impact.

Enforce policies on AbraFlexi

Open source. One binary. Zero dependencies.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.