// DANGEROUS TOOLS

Write / Execute (14) Destructive / Financial (6)

// WHAT CAN GO WRONG

✕

Financial operations (deposit_trx, enable_auto_deposit, pay_invoice) can move real money. An agent caught in a loop could drain accounts before anyone notices.

✕

Write operations (approve_trc20, convert_address, create_account) modify state. Without rate limits, an agent can make hundreds of changes in seconds -- faster than any human can review or revert.

✕

Execute tools (call_contract, compile_policy, execute_intent) trigger processes with side effects. Builds, notifications, workflows -- all fired without throttling.

// TOOLS THAT NEED LIMITS

These MERX - TRON Resource Exchange tools can modify, create, or destroy resources. Without a policy, your agent has unrestricted access to all of them.

approve_trc20 Approve TRC-20 spending allowance. Signs and broadcasts on-chain. Requires TRON_PRIVATE_KEY. Write

convert_address Convert TRON address between base58 (T...) and hex (41...) formats. No auth required. Write

create_account Create a new Merx account, generate an API key, and get deposit info. No auth needed. Write

create_monitor Create a persistent monitor (delegation expiry, balance, price alert). Auth required. Write

create_order Buy energy or bandwidth on Merx. Routed to cheapest provider. Auth required. Write

create_paid_order Create a zero-registration order via x402 pay-per-use. Requires TRON_PRIVATE_KEY. Write

create_standing_order Create a server-side standing order with trigger-based automation. Auth required. Write

login Log in to an existing Merx account. No MERX_API_KEY needed. Write

set_api_key Set your Merx API key for this session. Unlocks all authenticated tools (trading, balance, orders). Use this if you already have an API key. Write

set_private_key Set your TRON private key for this session. Address is derived automatically. Enables write tools: transfer_trx, transfer_trc20, approve_trc20, execute_swap, deposit_trx. Key stays local - never sent to Merx servers. Write

deposit_trx Deposit TRX to your Merx account. Requires MERX_API_KEY + TRON_PRIVATE_KEY. Financial

enable_auto_deposit Configure automatic top-up when balance drops below a threshold. Session-only. Financial

pay_invoice Pay an x402 invoice by sending TRX and verifying payment. Financial

transfer_trc20 Transfer TRC-20 tokens with automatic energy optimization. Signs and broadcasts on-chain. Requires TRON_PRIVATE_KEY. Financial

transfer_trx Send TRX to an address. Checks bandwidth, buys via Merx if needed. Signs and broadcasts on-chain. Requires TRON_PRIVATE_KEY. Financial

withdraw Withdraw TRX or USDT from your Merx account to an external TRON address. Requires MERX_API_KEY. Financial

call_contract Execute a state-changing smart contract function. Estimates resources, buys via Merx if needed. Requires TRON_PRIVATE_KEY and TRON_ADDRESS. Execute

compile_policy Convert a natural language energy management policy into MERX automation. Creates standing orders and monitors based on your instructions. Examples: - "Keep 500k energy on my wallet, buy when price is below 55 SUN, max 200 TRX/week" - "Buy energy every day at 6 AM UTC, 1 million units, for 24 hours" - "Alert me when my energy drops below 100k" Returns a preview of what will be created. Set apply=true to execute. Execute

execute_intent Execute a multi-step operation (transfer, swap, buy resources, etc). Validates and simulates all steps with resource cost estimates. Auth required. Execute

execute_swap Execute a token swap on SunSwap V2. Requires TRON_PRIVATE_KEY. Execute

// RECOMMENDED RULES

These rules are based on the tool categories exposed by the MERX - TRON Resource Exchange MCP server. Adjust the limits to match your use case.

Block financial tools by default

deposit_trx:
    rules:
      - action: deny
        on_deny: "Financial operations require approval"

Financial tools should be explicitly enabled per use case, not open by default.

Rate limit write operations

approve_trc20:
    rules:
      - name: "write-rate-limit"
        rate_limit: 30/hour
        on_deny: "Write rate limit reached"

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

analyze_prices:
    rules:
      - action: allow
        rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// FULL POLICY

This is the complete policy file for MERX - TRON Resource Exchange. It lists every tool with suggested default rules. Download it, adjust the limits, and run with Intercept.

merx-tron-resource-exchange.yaml

version: "1"
default: "deny"

tools:
  call_contract:
    rules:
      - action: allow
        rate_limit: 10/hour
        validate:
          required_args: true
  compile_policy:
    rules:
      - action: allow
        rate_limit: 10/hour
        validate:
          required_args: true
  execute_intent:
    rules:
      - action: allow
        rate_limit: 10/hour
        validate:
          required_args: true
  execute_swap:
    rules:
      - action: allow
        rate_limit: 10/hour
        validate:
          required_args: true
  deposit_trx:
    rules:
      - action: deny
        on_deny: "Financial operation requires approval"
  enable_auto_deposit:
    rules:
      - action: deny
        on_deny: "Financial operation requires approval"
  pay_invoice:
    rules:
      - action: deny
        on_deny: "Financial operation requires approval"
  transfer_trc20:
    rules:
      - action: deny
        on_deny: "Financial operation requires approval"
  transfer_trx:
    rules:
      - action: deny
        on_deny: "Financial operation requires approval"
  withdraw:
    rules:
      - action: deny
        on_deny: "Financial operation requires approval"
  analyze_prices:
    rules:
      - action: allow
        rate_limit: 60/minute
  calculate_savings:
    rules:
      - action: allow
        rate_limit: 60/minute
  check_address_resources:
    rules:
      - action: allow
        rate_limit: 60/minute
  compare_providers:
    rules:
      - action: allow
        rate_limit: 60/minute
  ensure_resources:
    rules:
      - action: allow
        rate_limit: 60/minute
  estimate_contract_call:
    rules:
      - action: allow
        rate_limit: 60/minute
  estimate_transaction_cost:
    rules:
      - action: allow
        rate_limit: 60/minute
  explain_concept:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_account_info:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_balance:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_best_price:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_block:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_chain_parameters:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_deposit_info:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_order:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_price_history:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_prices:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_swap_quote:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_token_info:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_token_price:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_transaction:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_transaction_history:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_trc20_balance:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_trx_balance:
    rules:
      - action: allow
        rate_limit: 60/minute
  get_trx_price:
    rules:
      - action: allow
        rate_limit: 60/minute
  list_monitors:
    rules:
      - action: allow
        rate_limit: 60/minute
  list_orders:
    rules:
      - action: allow
        rate_limit: 60/minute
  list_providers:
    rules:
      - action: allow
        rate_limit: 60/minute
  list_standing_orders:
    rules:
      - action: allow
        rate_limit: 60/minute
  read_contract:
    rules:
      - action: allow
        rate_limit: 60/minute
  search_transaction_history:
    rules:
      - action: allow
        rate_limit: 60/minute
  simulate:
    rules:
      - action: allow
        rate_limit: 60/minute
  suggest_duration:
    rules:
      - action: allow
        rate_limit: 60/minute
  validate_address:
    rules:
      - action: allow
        rate_limit: 60/minute
  approve_trc20:
    rules:
      - action: allow
        rate_limit: 30/hour
  convert_address:
    rules:
      - action: allow
        rate_limit: 30/hour
  create_account:
    rules:
      - action: allow
        rate_limit: 30/hour
  create_monitor:
    rules:
      - action: allow
        rate_limit: 30/hour
  create_order:
    rules:
      - action: allow
        rate_limit: 30/hour
  create_paid_order:
    rules:
      - action: allow
        rate_limit: 30/hour
  create_standing_order:
    rules:
      - action: allow
        rate_limit: 30/hour
  login:
    rules:
      - action: allow
        rate_limit: 30/hour
  set_api_key:
    rules:
      - action: allow
        rate_limit: 30/hour
  set_private_key:
    rules:
      - action: allow
        rate_limit: 30/hour

// ENFORCE IT

Two commands. Under two minutes.

01

Download the policy

curl -o merx-tron-resource-exchange.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/merx-tron-resource-exchange.yaml

02

Run Intercept in front of the server

intercept -c merx-tron-resource-exchange.yaml -- npx -y @merx-mcp

Works with any MCP client:

Claude Code Cursor Claude Desktop Windsurf

Every tool call is now checked against your policy before it reaches MERX - TRON Resource Exchange. Denied calls are blocked and logged. Allowed calls pass through with no latency impact.

Enforce policies on MERX - TRON Resource Exchange

Open source. One binary. Zero dependencies.

npx -y @policylayer/intercept

github.com/policylayer/intercept →

MERX - TRON Resource Exchange: 20 unrestricted tools

Two commands. Under two minutes.

Enforce policies on MERX - TRON Resource Exchange