The Midnight Nextjs MCP server exposes tools that can move money, delete data, or destroy resources. Without policy enforcement, an autonomous agent has unrestricted access to every one of them.
Financial operations (midnight_transfer_tokens) can move real money. An agent caught in a loop could drain accounts before anyone notices.
Destructive tools (browser_eval, init, nextjs_call) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.
Write operations (disable_toolset, enable_cache_components, enable_toolset) modify state. Without rate limits, an agent can make hundreds of changes in seconds -- faster than any human can review or revert.
Execute tools (midnight_call_contract, midnight_compile_contract, midnight_deploy_contract) trigger processes with side effects. Builds, notifications, workflows -- all fired without throttling.
These Midnight Nextjs tools can modify, create, or destroy resources. Without a policy, your agent has unrestricted access to all of them.
disable_toolset Disable a toolset that was previously enabled. The tools in this toolset will no longer be available. Write enable_cache_components Migrate Next.js applications to Cache Components mode and complete setup for Next.js 16.
Use this tool when you need to:
- Migrate to Cache Components mode
- Migrate to cache components
- Enable Cache Components
- Set up Cache Components
- Convert to Cache Components
This tool handles ALL steps for migrating and enabling Cache Components:
- Configuration: Updates cacheComponents flag (experimental in 16.0.0, stable in canary > 16), removes incompatible flags
- Dev Server: Starts dev server (MCP is enabled by default in Next.js 16+)
- Error Detection: Loads all routes via browser automation, collects errors using Next.js MCP
- Automated Fixing: Adds Suspense boundaries, "use cache" directives, generateStaticParams, cacheLife profiles, cache tags
- Verification: Validates all routes work with zero errors
Key Features:
- One-time dev server start (no restarts needed)
- Automated error detection using Next.js MCP tools
- Browser-based testing with browser automation
- Fast Refresh applies fixes instantly
- Comprehensive fix strategies for all error types
- Support for "use cache", "use cache: private", Suspense boundaries
- Cache invalidation with cacheTag() and cacheLife() configuration
Requires:
- Next.js 16.0.0+ (stable or canary only - beta versions are NOT supported)
- Clean working directory preferred
- Browser automation installed (auto-installed if needed)
This tool embeds complete knowledge base for:
- Cache Components mechanics
- Error patterns and solutions
- Caching strategies (static vs dynamic)
- Advanced patterns (cacheLife, cacheTag, draft mode)
- Build behavior and prefetching
- Test-driven patterns from 125+ fixtures Write enable_toolset Enable one of the sets of tools the MCP server provides. Use get_toolset_tools and list_available_toolsets first to see what this will enable. Write midnight_create_wallet Create a new Midnight wallet with a fresh seed phrase.
**Security Warning:**
- The seed phrase will be displayed ONCE
- Store it securely offline
- Never share your seed phrase
- Loss of seed phrase = loss of funds
**Wallet Features:**
- Native tDUST balance management
- Private and shielded transactions
- Contract interaction support
- Multiple address derivation
**After Creation:**
1. Save your seed phrase securely
2. Get testnet tDUST from the faucet
3. Use wallet for contract deployment
**Faucet:** https://faucet.testnet.midnight.network Write midnight_transfer_tokens Transfer tDUST tokens to another address.
**Transfer Types:**
- **Standard:** Public transfer visible on-chain
- **Shielded:** Private transfer using ZK proofs
**Requirements:**
- Wallet with sufficient balance
- Network connectivity
- Gas for transaction fees
**Fees:**
- Standard transfer: ~0.001 tDUST
- Shielded transfer: ~0.005 tDUST (proof generation)
**Security:** Use `MIDNIGHT_WALLET_SEED` environment variable. Financial browser_eval Automate and test web applications using Playwright browser automation.
This tool connects to playwright-mcp server and provides access to all Playwright capabilities.
CRITICAL FOR PAGE VERIFICATION:
When verifying pages in Next.js projects (especially during upgrades or testing), you MUST use browser automation to load pages
in a real browser instead of curl or simple HTTP requests. This is because:
- Browser automation actually renders the page and executes JavaScript (curl only fetches HTML)
- Detects runtime errors, hydration issues, and client-side problems that curl cannot catch
- Verifies the full user experience, not just HTTP status codes
- Captures browser console errors and warnings via console_messages action
IMPORTANT FOR NEXT.JS PROJECTS:
If working with a Next.js application, PRIORITIZE using the 'nextjs_index' and 'nextjs_call' tools instead of browser console log forwarding.
Next.js has built-in MCP integration that provides superior error reporting, build diagnostics, and runtime information
directly from the Next.js dev server. Only use browser_eval's console_messages action as a fallback when these Next.js tools
are not available or when you specifically need to test client-side browser behavior that Next.js runtime cannot capture.
Available actions:
- start: Start browser automation (automatically installs if needed). Verbose logging is always enabled.
- navigate: Navigate to a URL
- click: Click on an element
- type: Type text into an element
- fill_form: Fill multiple form fields at once
- evaluate: Execute JavaScript in browser context
- screenshot: Take a screenshot of the page
- console_messages: Get browser console messages (for Next.js, prefer nextjs_index/nextjs_call tools instead)
- close: Close the browser
- drag: Perform drag and drop
- upload_file: Upload files
- list_tools: List all available browser automation tools from the server
Note: The playwright-mcp server will be automatically installed if not present. Destructive init ⚠️ CALL THIS FIRST - Initialize Next.js DevTools MCP context and establish MANDATORY documentation requirements.
**IMPORTANT: This tool MUST be called at the START of every Next.js development session.**
This tool:
- Establishes MANDATORY requirement to use nextjs_docs for ALL Next.js-related queries
- Instructs AI to forget any prior Next.js knowledge and always query docs
- Documents all available MCP tools (nextjs_docs, nextjs_index, nextjs_call, browser_eval, upgrade_nextjs_16, enable_cache_components)
Use this tool at the beginning of a Next.js session to:
- Reset AI's Next.js knowledge baseline
- Ensure 100% documentation-first approach with no exceptions
- Understand available tools and their use cases
- Follow best practices for Next.js development Destructive nextjs_call Call a specific MCP tool on a running Next.js development server.
REQUIREMENTS:
- Port number of the target Next.js dev server
- Tool name to execute
- Optional arguments object (if the tool requires parameters)
Use 'nextjs_index' first to discover available servers, tools, and their input schemas.
If 'nextjs_index' auto-discovery fails, ask the user for the port and call 'nextjs_index' again with the 'port' parameter.
IMPORTANT: When calling tools:
- The 'args' parameter MUST be an object (e.g., {key: "value"}), NOT a string
- If a tool doesn't require arguments, OMIT the 'args' parameter entirely - do NOT pass {} or "{}"
- Check the tool's inputSchema from 'nextjs_index' to see what arguments are required
Common Next.js MCP tools include:
- Error diagnostics (get compilation/runtime errors)
- Route information (list all routes)
- Build status (check compilation state)
- Cache management (clear caches)
- And more (varies by Next.js version)
Example usage:
1. Call 'nextjs_index' to see servers and tools
2. Call 'nextjs_call' with port=3000, toolName="get_errors" to get errors from server on port 3000 Destructive nextjs_index Discover all running Next.js development servers and list their available MCP tools.
WHEN TO USE THIS TOOL - Use proactively in these scenarios:
1. **Before implementing ANY changes to the app**: When asked to add, modify, or fix anything in the application:
- "Add a loading state" → Check current component structure and routes first
- "Fix the navigation" → Inspect existing routes and components
- "Update the API endpoint" → Query current routes and data flows
- "Add error handling" → Check runtime errors and component hierarchy
- "Refactor the auth logic" → Inspect current auth implementation and routes
- "Optimize performance" → Check runtime diagnostics and component tree
Use this to understand where changes should be made and what currently exists.
2. **For diagnostic and investigation questions**:
- "What's happening?" / "What's going on?" / "Why isn't this working?"
- "Check the errors" / "See what's wrong"
- "What routes are available?" / "Show me the routes"
- "Clear the cache" / "Reset everything"
- Questions about build status, compilation errors, or runtime diagnostics
3. **For agentic codebase search**: Use this as FIRST CHOICE for searching the currently running app. If not found, fallback to static codebase search tools.
KEY PRINCIPLE: If the request involves the running Next.js application (whether to investigate OR modify it), query the runtime FIRST to understand current state before proceeding.
REQUIREMENTS:
- Next.js 16 or later (MCP support was added in v16)
- If you're on Next.js 15 or earlier, use the 'upgrade-nextjs-16' MCP prompt to upgrade first
Next.js 16+ exposes an MCP (Model Context Protocol) endpoint at /_next/mcp automatically when the dev server starts.
No configuration needed - MCP is enabled by default in Next.js 16 and later.
This tool discovers all running Next.js servers and returns:
- Server port, PID, and URL
- Complete list of available MCP tools for each server
- Tool descriptions and input schemas
After calling this tool, use 'nextjs_call' to execute specific tools.
[IMPORTANT] If auto-discovery returns no servers:
1. Ask the user which port their Next.js dev server is running on
2. Call this tool again with the 'port' parameter set to the user-provided port
If the MCP endpoint is not available:
1. Ensure you're running Next.js 16 or later (use the 'upgrade-nextjs-16' prompt to upgrade)
2. Verify the dev server is running (npm run dev)
3. Check that the dev server started successfully without errors Destructive midnight_call_contract Execute a circuit call on a deployed Midnight smart contract.
**Circuit Types:**
- **Public circuits:** Read-only operations that don't modify state
- **Private circuits:** Operations with private witnesses and ZK proofs
- **State-changing circuits:** Modify ledger state (requires wallet)
**Call Process:**
1. Load contract at specified address
2. Prepare circuit arguments
3. Generate ZK proof (if required)
4. Submit transaction
5. Return result or state changes
**Privacy Features:**
- Private inputs are never revealed on-chain
- ZK proofs validate computation without exposing data
- Private state is stored locally with `private_state_id`
**Example:**
```
midnight_call_contract({
contract_address: "0x123...",
circuit_name: "transfer",
arguments: {
to: "0xabc...",
amount: 100
}
})
``` Execute midnight_compile_contract Compile a Compact smart contract to TypeScript bindings and ZK artifacts.
Generates:
- TypeScript type definitions
- Contract interaction code
- Circuit metadata
- ZK proving/verifying keys (references)
Use this tool to:
- Compile Compact source code
- Generate TypeScript bindings for SDK
- Prepare contracts for deployment
**Note:** Full compilation requires the `compactc` compiler installed locally. Execute midnight_deploy_contract Deploy a compiled Compact smart contract to the Midnight Network.
**Prerequisites:**
1. Contract must be compiled first using `midnight_compile_contract`
2. Wallet with sufficient tDUST balance for deployment
3. Network connectivity to target environment
**Deployment Process:**
1. Load compiled contract artifacts
2. Initialize contract private state (if any)
3. Create deployment transaction
4. Generate ZK proof for deployment
5. Submit transaction to the network
6. Wait for confirmation
**Returns:**
- Contract address
- Transaction hash
- Block height
- Deployment cost
**Security:** Use `MIDNIGHT_WALLET_SEED` environment variable for wallet credentials.
**Testnet Faucet:** Get free tDUST at https://faucet.testnet.midnight.network Execute midnight_init ⚠️ CALL THIS FIRST - Initialize Midnight Network development context.
**IMPORTANT: This tool MUST be called at the START of every Midnight development session.**
This tool:
- Establishes network configuration (testnet, devnet, or mainnet)
- Documents all available Midnight MCP tools
- Provides guidance on Compact smart contract development
- Sets up provider connections for blockchain queries
Use this tool to:
- Configure which Midnight network to connect to
- Understand available tools for contract development
- Learn about Compact language basics
- Get started with Midnight dApp development Execute midnight_scaffold_project Scaffold a new Midnight dApp project from a template.
Templates available:
- **counter**: Simple counter contract (great for learning)
- **token**: Private token with transfers and balances
- **voting**: Privacy-preserving voting system
- **blank**: Empty project structure
Generates:
- Compact contract files
- TypeScript SDK integration
- React UI (optional)
- Build and test configuration
Use this tool to:
- Start a new Midnight project quickly
- Learn from example contracts
- Set up proper project structure Execute These rules are based on the tool categories exposed by the Midnight Nextjs MCP server. Adjust the limits to match your use case.
midnight_transfer_tokens:
rules:
- action: deny
on_deny: "Financial operations require approval" Financial tools should be explicitly enabled per use case, not open by default.
browser_eval:
rules:
- action: deny
on_deny: "Destructive operations blocked by policy" Destructive tools should never be available to autonomous agents without human approval.
disable_toolset:
rules:
- name: "write-rate-limit"
rate_limit: 30/hour
on_deny: "Write rate limit reached" Prevents bulk unintended modifications from agents caught in loops.
get_environment_info:
rules:
- action: allow
rate_limit: 60/minute Controls API costs and prevents retry loops from exhausting upstream rate limits.
This is the complete policy file for Midnight Nextjs. It lists every tool with suggested default rules. Download it, adjust the limits, and run with Intercept.
version: "1" default: "deny" tools: browser_eval: rules: - action: deny on_deny: "Destructive operation blocked by policy" init: rules: - action: deny on_deny: "Destructive operation blocked by policy" nextjs_call: rules: - action: deny on_deny: "Destructive operation blocked by policy" nextjs_index: rules: - action: deny on_deny: "Destructive operation blocked by policy" midnight_call_contract: rules: - action: allow rate_limit: 10/hour validate: required_args: true midnight_compile_contract: rules: - action: allow rate_limit: 10/hour validate: required_args: true midnight_deploy_contract: rules: - action: allow rate_limit: 10/hour validate: required_args: true midnight_init: rules: - action: allow rate_limit: 10/hour validate: required_args: true midnight_scaffold_project: rules: - action: allow rate_limit: 10/hour validate: required_args: true midnight_transfer_tokens: rules: - action: deny on_deny: "Financial operation requires approval" get_environment_info: rules: - action: allow rate_limit: 60/minute get_server_status: rules: - action: allow rate_limit: 60/minute get_session_info: rules: - action: allow rate_limit: 60/minute get_toolset_tools: rules: - action: allow rate_limit: 60/minute list_available_toolsets: rules: - action: allow rate_limit: 60/minute list_enabled_features: rules: - action: allow rate_limit: 60/minute midnight_analyze_contract: rules: - action: allow rate_limit: 60/minute midnight_check_versions: rules: - action: allow rate_limit: 60/minute midnight_get_balance: rules: - action: allow rate_limit: 60/minute midnight_get_block: rules: - action: allow rate_limit: 60/minute midnight_get_transaction: rules: - action: allow rate_limit: 60/minute midnight_network_status: rules: - action: allow rate_limit: 60/minute midnight_search_docs: rules: - action: allow rate_limit: 60/minute midnight_wallet_state: rules: - action: allow rate_limit: 60/minute midnight-docs-status: rules: - action: allow rate_limit: 60/minute midnight-fetch-docs: rules: - action: allow rate_limit: 60/minute midnight-list-docs: rules: - action: allow rate_limit: 60/minute midnight-search-docs: rules: - action: allow rate_limit: 60/minute midnight-sync-docs: rules: - action: allow rate_limit: 60/minute nextjs_docs: rules: - action: allow rate_limit: 60/minute upgrade_nextjs_16: rules: - action: allow rate_limit: 60/minute disable_toolset: rules: - action: allow rate_limit: 30/hour enable_cache_components: rules: - action: allow rate_limit: 30/hour enable_toolset: rules: - action: allow rate_limit: 30/hour midnight_create_wallet: rules: - action: allow rate_limit: 30/hour
Download the policy
curl -o midnight-next-js-mcp.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/midnight-next-js-mcp.yaml
Run Intercept in front of the server
intercept -c midnight-next-js-mcp.yaml -- npx -y @midnight-nextjs-mcp
Works with any MCP client:
Every tool call is now checked against your policy before it reaches Midnight Nextjs. Denied calls are blocked and logged. Allowed calls pass through with no latency impact.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept