// SECURE INDIGO
View full policy →

Indigo: 14 unrestricted tools

The Indigo MCP server exposes tools that can move money, delete data, or destroy resources. Without policy enforcement, an autonomous agent has unrestricted access to every one of them.

2 move money
3 delete data
9 modify data
// DANGEROUS TOOLS
Write / Execute (9) Destructive / Financial (5)
// WHAT CAN GO WRONG

Financial operations (deposit_cdp, withdraw_cdp) can move real money. An agent caught in a loop could drain accounts before anyone notices.

Destructive tools (adjust_staking_position, annul_sp_request, cancel_rob) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (adjust_rob, close_cdp, close_sp_account) modify state. Without rate limits, an agent can make hundreds of changes in seconds -- faster than any human can review or revert.

// TOOLS THAT NEED LIMITS

These Indigo tools can modify, create, or destroy resources. Without a policy, your agent has unrestricted access to all of them.

adjust_rob Adjust ADA amount in an ROB position (positive to increase, negative to decrease). Optionally update the max price. Returns an unsigned transaction (CBOR hex) for client-side signing. Write
close_cdp Close a CDP and reclaim collateral — builds an unsigned transaction (CBOR hex) for client-side signing Write
close_sp_account Close a stability pool account and withdraw all deposited iAssets. Returns an unsigned transaction (CBOR hex) for client-side signing. Write
close_staking_position Close an INDY staking position and unstake all INDY. Returns an unsigned transaction (CBOR hex) for client-side signing. Write
create_sp_account Create a new stability pool account by depositing iAssets. Returns an unsigned transaction (CBOR hex) for client-side signing. Write
merge_cdps Merge multiple CDPs into one — builds an unsigned transaction (CBOR hex) for client-side signing Write
open_cdp Open a new CDP position — builds an unsigned transaction (CBOR hex) for client-side signing Write
open_rob Open a new ROB (Redemption Order Book) position with ADA and a max price limit. Returns an unsigned transaction (CBOR hex) for client-side signing. Write
open_staking_position Stake INDY tokens by creating a new staking position. Returns an unsigned transaction (CBOR hex) for client-side signing. Write
deposit_cdp Deposit additional collateral into a CDP — builds an unsigned transaction (CBOR hex) for client-side signing Financial
withdraw_cdp Withdraw collateral from a CDP — builds an unsigned transaction (CBOR hex) for client-side signing Financial
adjust_staking_position Adjust an existing INDY staking position (add or remove INDY). Returns an unsigned transaction (CBOR hex) for client-side signing. Destructive
annul_sp_request Cancel a pending stability pool request. Returns an unsigned transaction (CBOR hex) for client-side signing. Destructive
cancel_rob Cancel an existing ROB position. Returns an unsigned transaction (CBOR hex) for client-side signing. Destructive
// RECOMMENDED RULES

These rules are based on the tool categories exposed by the Indigo MCP server. Adjust the limits to match your use case.

Block financial tools by default 
deposit_cdp:
    rules:
      - action: deny
        on_deny: "Financial operations require approval"

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations 
adjust_staking_position:
    rules:
      - action: deny
        on_deny: "Destructive operations blocked by policy"

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations 
adjust_rob:
    rules:
      - name: "write-rate-limit"
        rate_limit: 30/hour
        on_deny: "Write rate limit reached"

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations 
adjust_sp_account:
    rules:
      - action: allow
        rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// FULL POLICY

This is the complete policy file for Indigo. It lists every tool with suggested default rules. Download it, adjust the limits, and run with Intercept.

io-github-indigoprotocol-indigo-mcp.yaml 
version: "1"
default: "deny"

tools:
  adjust_staking_position:
    rules:
      - action: deny
        on_deny: "Destructive operation blocked by policy"
  annul_sp_request:
    rules:
      - action: deny
        on_deny: "Destructive operation blocked by policy"
  cancel_rob:
    rules:
      - action: deny
        on_deny: "Destructive operation blocked by policy"
  deposit_cdp:
    rules:
      - action: deny
        on_deny: "Financial operation requires approval"
  withdraw_cdp:
    rules:
      - action: deny
        on_deny: "Financial operation requires approval"
  adjust_sp_account:
    rules:
      - action: allow
        rate_limit: 60/minute
  analyze_cdp_health:
    rules:
      - action: allow
        rate_limit: 60/minute
  burn_cdp:
    rules:
      - action: allow
        rate_limit: 60/minute
  claim_rob:
    rules:
      - action: allow
        rate_limit: 60/minute
  distribute_staking_rewards:
    rules:
      - action: allow
        rate_limit: 60/minute
  freeze_cdp:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_ada_price:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_all_cdps:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_apr_by_key:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_apr_rewards:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_asset:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_asset_price:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_assets:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_blockfrost_balances:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_cdps_by_address:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_cdps_by_owner:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_collector_utxos:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_dex_yields:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_indy_price:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_iris_liquidity_pools:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_order_book:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_polls:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_protocol_params:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_protocol_stats:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_redemption_orders:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_redemption_queue:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_sp_account_by_owner:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_stability_pool_accounts:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_stability_pools:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_staking_info:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_staking_position_by_address:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_staking_positions:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_staking_positions_by_owner:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_steelswap_estimate:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_steelswap_tokens:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_temperature_checks:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_tvl:
    rules:
      - action: allow
        rate_limit: 60/minute
  leverage_cdp:
    rules:
      - action: allow
        rate_limit: 60/minute
  liquidate_cdp:
    rules:
      - action: allow
        rate_limit: 60/minute
  mint_cdp:
    rules:
      - action: allow
        rate_limit: 60/minute
  process_sp_request:
    rules:
      - action: allow
        rate_limit: 60/minute
  redeem_cdp:
    rules:
      - action: allow
        rate_limit: 60/minute
  redeem_rob:
    rules:
      - action: allow
        rate_limit: 60/minute
  retrieve_from_ipfs:
    rules:
      - action: allow
        rate_limit: 60/minute
  store_on_ipfs:
    rules:
      - action: allow
        rate_limit: 60/minute
  adjust_rob:
    rules:
      - action: allow
        rate_limit: 30/hour
  close_cdp:
    rules:
      - action: allow
        rate_limit: 30/hour
  close_sp_account:
    rules:
      - action: allow
        rate_limit: 30/hour
  close_staking_position:
    rules:
      - action: allow
        rate_limit: 30/hour
  create_sp_account:
    rules:
      - action: allow
        rate_limit: 30/hour
  merge_cdps:
    rules:
      - action: allow
        rate_limit: 30/hour
  open_cdp:
    rules:
      - action: allow
        rate_limit: 30/hour
  open_rob:
    rules:
      - action: allow
        rate_limit: 30/hour
  open_staking_position:
    rules:
      - action: allow
        rate_limit: 30/hour
// ENFORCE IT

Two commands. Under two minutes.

01

Download the policy

curl -o io-github-indigoprotocol-indigo-mcp.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/io-github-indigoprotocol-indigo-mcp.yaml
02

Run Intercept in front of the server

intercept -c io-github-indigoprotocol-indigo-mcp.yaml -- npx -y @@indigoprotocol/indigo-mcp

Works with any MCP client:

Claude Code Cursor Claude Desktop Windsurf

Every tool call is now checked against your policy before it reaches Indigo. Denied calls are blocked and logged. Allowed calls pass through with no latency impact.

Enforce policies on Indigo

Open source. One binary. Zero dependencies.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.