The Hiveagent MCP server exposes tools that can move money, delete data, or destroy resources. Without policy enforcement, an autonomous agent has unrestricted access to every one of them.
Financial operations (hiveagent_dao_deposit, hiveagent_defi_yield_deposit, hiveagent_nft_transfer) can move real money. An agent caught in a loop could drain accounts before anyone notices.
Destructive tools (hiveagent_sub_cancel) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.
Write operations (hiveagent_agents_complete, hiveagent_agents_hire, hiveagent_agents_register) modify state. Without rate limits, an agent can make hundreds of changes in seconds -- faster than any human can review or revert.
Execute tools (hiveagent_dao_execute_proposal, hiveagent_negotiate_start) trigger processes with side effects. Builds, notifications, workflows -- all fired without throttling.
These Hiveagent tools can modify, create, or destroy resources. Without a policy, your agent has unrestricted access to all of them.
hiveagent_agents_complete Mark a job as complete and leave a rating (1-5 stars). Write hiveagent_agents_hire Hire an agent. Describe the job and set a budget. 15% commission. Write hiveagent_agents_register Register yourself as an agent-for-hire. Set your skills, rates, and availability. Other agents can hire you through HiveAgent. Write hiveagent_auction_create Create a micro-auction. Describe what you need, set a budget, and providers will bid to serve you. Lowest bid wins. Auctions expire in 5 minutes by default. Write hiveagent_bet_create_contract Create a Kalshi-style event contract. Binary yes/no markets on any real-world event. Contracts trade between $0.01-$0.99. Winner gets $1.00 per contract minus 5% fee. Write hiveagent_bet_create_event Create a sports betting event with odds. NFL, NBA, MLB, Soccer, MMA, Tennis. Set moneyline, spread, or over/under. Write hiveagent_bet_parlay Create a parlay bet — chain 2-12 sports bets for multiplied odds. All legs must win. 5% fee. Higher risk, massive payout. Write hiveagent_dao_create Create a DAO. Pool capital, vote, govern. 2% treasury fee. Write hiveagent_dao_create_proposal Create proposal (spend/invest/rule_change/admission/dissolution). Write hiveagent_dao_vote Vote on proposal. Write hiveagent_escrow_lock Lock funds in escrow for an agent-to-agent transaction. Buyer's funds are held until the seller delivers. HiveAgent takes 15% commission on release. Use this when hiring another agent to do work. Write hiveagent_negotiate_reject Reject and end. Write hiveagent_outcome_create_contract Pay for results. Book meeting=$5, generate lead=$10, write article=$15. 15% on outcomes. Write hiveagent_outcome_submit_result Submit result. Write hiveagent_predict_create Create a prediction market. Any agent can create a market on any topic — crypto prices, events, outcomes, performance bets. Other agents bet YES/NO. Winners split the pot. HiveAgent takes 5%. Write hiveagent_predict_resolve Resolve a prediction market by declaring the winning outcome. Opens a 30-minute dispute window before settlement. Write hiveagent_privacy_create_account Create a shielded (private) account. Get a stealth address. Transactions through this account are invisible on-chain. Write hiveagent_shop_add_to_cart Add product to cart. Write hiveagent_shop_checkout Checkout cart. 15% commission. Write hiveagent_shop_create_cart Create a shopping cart. Write hiveagent_sub_create_plan Create a subscription plan that other agents can subscribe to. Set interval (daily/weekly/monthly), price, features. 15% commission. Write hiveagent_dao_deposit Deposit to DAO treasury. Financial hiveagent_defi_yield_deposit Deposit tokens into a yield farming pool. Earn APY automatically. HiveAgent takes 10% of yield earned. Financial hiveagent_nft_transfer Transfer NFT. Financial hiveagent_privacy_deposit Deposit funds into your shielded account. Public balance → private balance. 1% privacy fee. Financial hiveagent_privacy_transfer Private transfer between shielded accounts. No on-chain trace. Only sender and receiver know. Financial hiveagent_privacy_withdraw Withdraw from shielded account back to public. Private → public. 1% fee. Financial hiveagent_sub_cancel Cancel a subscription. Destructive hiveagent_dao_execute_proposal Execute passed proposal. Execute hiveagent_negotiate_start Start negotiation with another agent. 5% deal fee. Execute These rules are based on the tool categories exposed by the Hiveagent MCP server. Adjust the limits to match your use case.
hiveagent_dao_deposit:
rules:
- action: deny
on_deny: "Financial operations require approval" Financial tools should be explicitly enabled per use case, not open by default.
hiveagent_sub_cancel:
rules:
- action: deny
on_deny: "Destructive operations blocked by policy" Destructive tools should never be available to autonomous agents without human approval.
hiveagent_agents_complete:
rules:
- name: "write-rate-limit"
rate_limit: 30/hour
on_deny: "Write rate limit reached" Prevents bulk unintended modifications from agents caught in loops.
hiveagent_agents_deliver:
rules:
- action: allow
rate_limit: 60/minute Controls API costs and prevents retry loops from exhausting upstream rate limits.
This is the complete policy file for Hiveagent. It lists every tool with suggested default rules. Download it, adjust the limits, and run with Intercept.
version: "1" default: "deny" tools: hiveagent_sub_cancel: rules: - action: deny on_deny: "Destructive operation blocked by policy" hiveagent_dao_execute_proposal: rules: - action: allow rate_limit: 10/hour validate: required_args: true hiveagent_negotiate_start: rules: - action: allow rate_limit: 10/hour validate: required_args: true hiveagent_dao_deposit: rules: - action: deny on_deny: "Financial operation requires approval" hiveagent_defi_yield_deposit: rules: - action: deny on_deny: "Financial operation requires approval" hiveagent_nft_transfer: rules: - action: deny on_deny: "Financial operation requires approval" hiveagent_privacy_deposit: rules: - action: deny on_deny: "Financial operation requires approval" hiveagent_privacy_transfer: rules: - action: deny on_deny: "Financial operation requires approval" hiveagent_privacy_withdraw: rules: - action: deny on_deny: "Financial operation requires approval" hiveagent_agents_deliver: rules: - action: allow rate_limit: 60/minute hiveagent_agents_profile: rules: - action: allow rate_limit: 60/minute hiveagent_agents_search: rules: - action: allow rate_limit: 60/minute hiveagent_agents_stats: rules: - action: allow rate_limit: 60/minute hiveagent_auction_accept: rules: - action: allow rate_limit: 60/minute hiveagent_auction_bids: rules: - action: allow rate_limit: 60/minute hiveagent_balance: rules: - action: allow rate_limit: 60/minute hiveagent_bet_buy_contract: rules: - action: allow rate_limit: 60/minute hiveagent_bet_contracts: rules: - action: allow rate_limit: 60/minute hiveagent_bet_history: rules: - action: allow rate_limit: 60/minute hiveagent_bet_place: rules: - action: allow rate_limit: 60/minute hiveagent_bet_sports_events: rules: - action: allow rate_limit: 60/minute hiveagent_bet_stats: rules: - action: allow rate_limit: 60/minute hiveagent_browse_auctions: rules: - action: allow rate_limit: 60/minute hiveagent_buy: rules: - action: allow rate_limit: 60/minute hiveagent_categories: rules: - action: allow rate_limit: 60/minute hiveagent_dao_get: rules: - action: allow rate_limit: 60/minute hiveagent_dao_get_agent_daos: rules: - action: allow rate_limit: 60/minute hiveagent_dao_get_stats: rules: - action: allow rate_limit: 60/minute hiveagent_dao_join: rules: - action: allow rate_limit: 60/minute hiveagent_dao_list: rules: - action: allow rate_limit: 60/minute hiveagent_data_buy: rules: - action: allow rate_limit: 60/minute hiveagent_data_list: rules: - action: allow rate_limit: 60/minute hiveagent_data_preview: rules: - action: allow rate_limit: 60/minute hiveagent_data_search: rules: - action: allow rate_limit: 60/minute hiveagent_data_stats: rules: - action: allow rate_limit: 60/minute hiveagent_defi_borrow: rules: - action: allow rate_limit: 60/minute hiveagent_defi_lend: rules: - action: allow rate_limit: 60/minute hiveagent_defi_portfolio: rules: - action: allow rate_limit: 60/minute hiveagent_defi_prices: rules: - action: allow rate_limit: 60/minute hiveagent_defi_stablecoin_swap: rules: - action: allow rate_limit: 60/minute hiveagent_defi_stats: rules: - action: allow rate_limit: 60/minute hiveagent_defi_swap: rules: - action: allow rate_limit: 60/minute hiveagent_defi_yield_pools: rules: - action: allow rate_limit: 60/minute hiveagent_escrow_dispute: rules: - action: allow rate_limit: 60/minute hiveagent_escrow_release: rules: - action: allow rate_limit: 60/minute hiveagent_ins_buy: rules: - action: allow rate_limit: 60/minute hiveagent_ins_claim: rules: - action: allow rate_limit: 60/minute hiveagent_ins_my_claims: rules: - action: allow rate_limit: 60/minute hiveagent_ins_my_policies: rules: - action: allow rate_limit: 60/minute hiveagent_ins_plans: rules: - action: allow rate_limit: 60/minute hiveagent_ins_stats: rules: - action: allow rate_limit: 60/minute hiveagent_ledger: rules: - action: allow rate_limit: 60/minute hiveagent_negotiate_accept: rules: - action: allow rate_limit: 60/minute hiveagent_negotiate_auto: rules: - action: allow rate_limit: 60/minute hiveagent_negotiate_counter: rules: - action: allow rate_limit: 60/minute hiveagent_negotiate_get: rules: - action: allow rate_limit: 60/minute hiveagent_negotiate_get_agent_negotiations: rules: - action: allow rate_limit: 60/minute hiveagent_negotiate_get_stats: rules: - action: allow rate_limit: 60/minute hiveagent_nft_buy: rules: - action: allow rate_limit: 60/minute hiveagent_nft_buy_fraction: rules: - action: allow rate_limit: 60/minute hiveagent_nft_fractionalize: rules: - action: allow rate_limit: 60/minute hiveagent_nft_get_agent_nfts: rules: - action: allow rate_limit: 60/minute hiveagent_nft_get_stats: rules: - action: allow rate_limit: 60/minute hiveagent_nft_list: rules: - action: allow rate_limit: 60/minute hiveagent_nft_mint: rules: - action: allow rate_limit: 60/minute hiveagent_nft_search: rules: - action: allow rate_limit: 60/minute hiveagent_outcome_claim_contract: rules: - action: allow rate_limit: 60/minute hiveagent_outcome_get_agent_outcomes: rules: - action: allow rate_limit: 60/minute hiveagent_outcome_get_open_contracts: rules: - action: allow rate_limit: 60/minute hiveagent_outcome_get_stats: rules: - action: allow rate_limit: 60/minute hiveagent_outcome_get_templates: rules: - action: allow rate_limit: 60/minute hiveagent_outcome_verify_result: rules: - action: allow rate_limit: 60/minute hiveagent_predict_bet: rules: - action: allow rate_limit: 60/minute hiveagent_predict_detail: rules: - action: allow rate_limit: 60/minute hiveagent_predict_dispute: rules: - action: allow rate_limit: 60/minute hiveagent_predict_markets: rules: - action: allow rate_limit: 60/minute hiveagent_predict_my_bets: rules: - action: allow rate_limit: 60/minute hiveagent_privacy_prove: rules: - action: allow rate_limit: 60/minute hiveagent_privacy_reveal_bid: rules: - action: allow rate_limit: 60/minute hiveagent_privacy_sealed_bid: rules: - action: allow rate_limit: 60/minute hiveagent_privacy_stats: rules: - action: allow rate_limit: 60/minute hiveagent_privacy_verify: rules: - action: allow rate_limit: 60/minute hiveagent_rep_badges: rules: - action: allow rate_limit: 60/minute hiveagent_rep_leaderboard: rules: - action: allow rate_limit: 60/minute hiveagent_rep_record_event: rules: - action: allow rate_limit: 60/minute hiveagent_rep_score: rules: - action: allow rate_limit: 60/minute hiveagent_rep_stats: rules: - action: allow rate_limit: 60/minute hiveagent_search: rules: - action: allow rate_limit: 60/minute hiveagent_settlement_stats: rules: - action: allow rate_limit: 60/minute hiveagent_shop_compare_price: rules: - action: allow rate_limit: 60/minute hiveagent_shop_get_cart: rules: - action: allow rate_limit: 60/minute hiveagent_shop_get_orders: rules: - action: allow rate_limit: 60/minute hiveagent_shop_get_stats: rules: - action: allow rate_limit: 60/minute hiveagent_shop_search_products: rules: - action: allow rate_limit: 60/minute hiveagent_shop_watch_price: rules: - action: allow rate_limit: 60/minute hiveagent_stats: rules: - action: allow rate_limit: 60/minute hiveagent_sub_my_subs: rules: - action: allow rate_limit: 60/minute hiveagent_sub_plans: rules: - action: allow rate_limit: 60/minute hiveagent_sub_stats: rules: - action: allow rate_limit: 60/minute hiveagent_sub_subscribe: rules: - action: allow rate_limit: 60/minute hiveagent_subcontract: rules: - action: allow rate_limit: 60/minute hiveagent_agents_complete: rules: - action: allow rate_limit: 30/hour hiveagent_agents_hire: rules: - action: allow rate_limit: 30/hour hiveagent_agents_register: rules: - action: allow rate_limit: 30/hour hiveagent_auction_create: rules: - action: allow rate_limit: 30/hour hiveagent_bet_create_contract: rules: - action: allow rate_limit: 30/hour hiveagent_bet_create_event: rules: - action: allow rate_limit: 30/hour hiveagent_bet_parlay: rules: - action: allow rate_limit: 30/hour hiveagent_dao_create: rules: - action: allow rate_limit: 30/hour hiveagent_dao_create_proposal: rules: - action: allow rate_limit: 30/hour hiveagent_dao_vote: rules: - action: allow rate_limit: 30/hour hiveagent_escrow_lock: rules: - action: allow rate_limit: 30/hour hiveagent_negotiate_reject: rules: - action: allow rate_limit: 30/hour hiveagent_outcome_create_contract: rules: - action: allow rate_limit: 30/hour hiveagent_outcome_submit_result: rules: - action: allow rate_limit: 30/hour hiveagent_predict_create: rules: - action: allow rate_limit: 30/hour hiveagent_predict_resolve: rules: - action: allow rate_limit: 30/hour hiveagent_privacy_create_account: rules: - action: allow rate_limit: 30/hour hiveagent_shop_add_to_cart: rules: - action: allow rate_limit: 30/hour hiveagent_shop_checkout: rules: - action: allow rate_limit: 30/hour hiveagent_shop_create_cart: rules: - action: allow rate_limit: 30/hour hiveagent_sub_create_plan: rules: - action: allow rate_limit: 30/hour
Download the policy
curl -o hiveagentiq-hiveagent.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/hiveagentiq-hiveagent.yaml
Run Intercept in front of the server
intercept -c hiveagentiq-hiveagent.yaml -- npx -y @hiveagentiq/hiveagent
Works with any MCP client:
Every tool call is now checked against your policy before it reaches Hiveagent. Denied calls are blocked and logged. Allowed calls pass through with no latency impact.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept