The Quickbooks MCP server exposes tools that can move money, delete data, or destroy resources. Without policy enforcement, an autonomous agent has unrestricted access to every one of them.
Financial operations (create_deposit, edit_deposit) can move real money. An agent caught in a loop could drain accounts before anyone notices.
Destructive tools (delete_entity) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.
Write operations (create_bill, create_customer, create_expense) modify state. Without rate limits, an agent can make hundreds of changes in seconds -- faster than any human can review or revert.
These Quickbooks tools can modify, create, or destroy resources. Without a policy, your agent has unrestricted access to all of them.
create_bill Create a vendor bill. Accepts vendor/account/department names (will lookup IDs automatically). Note: DepartmentRef is header-level only — for multi-department splits, create separate bills (one per department). Returns bill details and a link to view in QuickBooks. Write create_customer Create a customer or sub-customer. Accepts name parts, contact info, addresses, and hierarchy settings. Use parent_ref to create sub-customers or jobs. Returns customer details and a link to view in QuickBooks. Write create_expense Create an expense (Purchase). Accepts account/department/vendor names (will lookup IDs automatically). Covers Cash, Check, and Credit Card payment types. Note: PaymentType cannot be changed after creation. DepartmentRef is header-level only. Returns expense details and a link to view in QuickBooks. Write create_invoice Create an invoice. Accepts item/customer/department names (will lookup IDs automatically). Either customer_name or customer_id is REQUIRED — invoices must have a customer. Lines use SalesItemLineDetail (product/service references, not accounts). Returns invoice details and a link to view in QuickBooks. Write create_journal_entry Create a journal entry. Accepts account/department names (will lookup IDs automatically). Validates debits=credits before creating. Returns entry details and a link to view in QuickBooks. Write create_sales_receipt Create a sales receipt. Accepts item/customer/department names (will lookup IDs automatically). Lines reference items (products/services) not accounts. Returns receipt details and a link to view in QuickBooks. Write create_vendor_credit Create a vendor credit. Accepts vendor/account/department names (will lookup IDs automatically). Lines represent credit amounts applied to expense accounts. Returns credit details and a link to view in QuickBooks. Write edit_bill Modify an existing bill. Can update vendor, date, due date, memo, and/or lines. For lines: provide line_id to update existing line, omit to add new line, set delete=true to remove. Note: DepartmentRef is header-level only — lines do not support department. Write edit_customer Modify an existing customer. Can update name, contact info, addresses, notes, taxable status, active status, hierarchy (parent/sub-customer), delivery method, and payment terms. Set active=false to deactivate (QuickBooks equivalent of delete). Write edit_expense Modify an existing expense (Purchase). Can update date, memo, payment account, and/or lines. Note: PaymentType (Cash/Check/CreditCard) cannot be changed after creation. Write edit_invoice Modify an existing invoice. Can update date, due date, memo, customer, department, terms, email, online payment settings, and/or lines. For lines: provide line_id to update existing line, omit line_id to add new line (requires item_name), set delete=true to remove. Write edit_journal_entry Modify an existing journal entry. Can update date, memo, doc_number, and/or lines. For lines: provide line_id to update existing line, omit line_id to add new line, set delete=true to remove a line. Validates debits=credits before saving. Write edit_sales_receipt Modify an existing sales receipt. Can update date, memo, deposit account, department, and/or lines. For lines: provide line_id to update existing line, omit line_id to add new line (requires item_name), set delete=true to remove. Write edit_vendor_credit Modify an existing vendor credit. Can update vendor, date, memo, ref number, and/or lines. For lines: provide line_id to update existing line, omit line_id to add new line (requires amount and account_name), set delete=true to remove. Note: DepartmentRef is header-level only — lines do not support department. Write create_deposit Create a bank deposit. Accepts account/department/vendor names (will lookup IDs automatically). Lines represent the sources of the deposit — amounts can be positive (income) or negative (fees, deductions). QuickBooks computes the total from line amounts. Returns deposit details and a link to view in QuickBooks. Financial edit_deposit Modify an existing deposit. Can update date, memo, deposit account, department, and/or lines. CRITICAL for line changes: The QB Deposit API does NOT replace lines - it merges them. Lines WITH line_id update existing lines. Lines WITHOUT line_id are ADDED as new. Lines NOT included are KEPT unchanged. To 'delete' a line, you must include ALL existing lines with their line_ids and set unwanted lines to amount: 0. Line amounts must sum to the original deposit total (use expected_total to override for corrupted deposits). Financial delete_entity Permanently delete a QuickBooks transaction. Supports journal entries, bills, invoices, deposits, sales receipts, expenses, and vendor credits. Uses a two-step flow: first call previews what will be deleted, second call with confirm=true executes the deletion. Note: Customers cannot be deleted — use edit_customer with active=false to deactivate instead. Destructive These rules are based on the tool categories exposed by the Quickbooks MCP server. Adjust the limits to match your use case.
create_deposit:
rules:
- action: deny
on_deny: "Financial operations require approval" Financial tools should be explicitly enabled per use case, not open by default.
delete_entity:
rules:
- action: deny
on_deny: "Destructive operations blocked by policy" Destructive tools should never be available to autonomous agents without human approval.
create_bill:
rules:
- name: "write-rate-limit"
rate_limit: 30/hour
on_deny: "Write rate limit reached" Prevents bulk unintended modifications from agents caught in loops.
account_period_summary:
rules:
- action: allow
rate_limit: 60/minute Controls API costs and prevents retry loops from exhausting upstream rate limits.
This is the complete policy file for Quickbooks. It lists every tool with suggested default rules. Download it, adjust the limits, and run with Intercept.
version: "1" default: "deny" tools: delete_entity: rules: - action: deny on_deny: "Destructive operation blocked by policy" create_deposit: rules: - action: deny on_deny: "Financial operation requires approval" edit_deposit: rules: - action: deny on_deny: "Financial operation requires approval" account_period_summary: rules: - action: allow rate_limit: 60/minute get_balance_sheet: rules: - action: allow rate_limit: 60/minute get_bill: rules: - action: allow rate_limit: 60/minute get_company_info: rules: - action: allow rate_limit: 60/minute get_customer: rules: - action: allow rate_limit: 60/minute get_deposit: rules: - action: allow rate_limit: 60/minute get_expense: rules: - action: allow rate_limit: 60/minute get_invoice: rules: - action: allow rate_limit: 60/minute get_journal_entry: rules: - action: allow rate_limit: 60/minute get_profit_loss: rules: - action: allow rate_limit: 60/minute get_sales_receipt: rules: - action: allow rate_limit: 60/minute get_trial_balance: rules: - action: allow rate_limit: 60/minute get_vendor_credit: rules: - action: allow rate_limit: 60/minute list_accounts: rules: - action: allow rate_limit: 60/minute qbo_authenticate: rules: - action: allow rate_limit: 60/minute query: rules: - action: allow rate_limit: 60/minute query_account_transactions: rules: - action: allow rate_limit: 60/minute create_bill: rules: - action: allow rate_limit: 30/hour create_customer: rules: - action: allow rate_limit: 30/hour create_expense: rules: - action: allow rate_limit: 30/hour create_invoice: rules: - action: allow rate_limit: 30/hour create_journal_entry: rules: - action: allow rate_limit: 30/hour create_sales_receipt: rules: - action: allow rate_limit: 30/hour create_vendor_credit: rules: - action: allow rate_limit: 30/hour edit_bill: rules: - action: allow rate_limit: 30/hour edit_customer: rules: - action: allow rate_limit: 30/hour edit_expense: rules: - action: allow rate_limit: 30/hour edit_invoice: rules: - action: allow rate_limit: 30/hour edit_journal_entry: rules: - action: allow rate_limit: 30/hour edit_sales_receipt: rules: - action: allow rate_limit: 30/hour edit_vendor_credit: rules: - action: allow rate_limit: 30/hour
Download the policy
curl -o io-github-nyxtoolsdev-quickbooks-mcp-server.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/io-github-nyxtoolsdev-quickbooks-mcp-server.yaml
Run Intercept in front of the server
intercept -c io-github-nyxtoolsdev-quickbooks-mcp-server.yaml -- npx -y @quickbooks-mcp
Works with any MCP client:
Every tool call is now checked against your policy before it reaches Quickbooks. Denied calls are blocked and logged. Allowed calls pass through with no latency impact.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept