End-to-end deploy: generate strategy → train → deploy live. One of prompt (free-form NL), preset (curated winning strategy), or community_id (copy a published community strategy) is required. If more than one is passed, precedence is community_id > preset > prompt. Args: prompt: Natural-language ...
Risk signalsAccepts URL/endpoint input (webhook_url) · Bulk/mass operation — affects multiple targets
Part of the Quantifyme server.
Free to start. No card required.
AI agents invoke one_shot to trigger processes or run actions in Quantifyme. Execute operations can have side effects beyond the immediate call -- triggering builds, sending notifications, or starting workflows. Rate limits and argument validation are essential to prevent runaway execution.
one_shot can trigger processes with real-world consequences. An uncontrolled agent might start dozens of builds, send mass notifications, or kick off expensive compute jobs. PolicyLayer enforces rate limits and validates arguments to keep execution within safe bounds.
Execute tools trigger processes. Rate-limit and validate arguments to prevent unintended side effects.
{
"version": "1",
"default": "deny",
"tools": {
"one_shot": {
"limits": [
{
"counter": "one_shot_rate",
"window": "minute",
"max": 10,
"scope": "grant"
}
]
}
}
}See the full Quantifyme policy for all 11 tools.
These attack patterns abuse exactly the kind of access one_shot gives an agent. Each links to the full case and the policy that stops it:
Other execute tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.
End-to-end deploy: generate strategy → train → deploy live. One of prompt (free-form NL), preset (curated winning strategy), or community_id (copy a published community strategy) is required. If more than one is passed, precedence is community_id > preset > prompt. Args: prompt: Natural-language strategy description (e.g. "Buy when RSI < 30, sell > 70"). symbol: Currency pair to backtest on. One of: EURUSD, USDJPY, GBPUSD, USDCHF, USDCAD, AUDUSD, NZDUSD. Default EURUSD. timeframe: Candle granularity. One of: 1min, 5min, 15min, 1h. Default 15min. claude_model: Which Claude variant to use for code generation. "sonnet" (default — best quality, 1/day free) or "haiku" (faster, 3/day free). Ignored when preset is set (no generation needed). preset: Curated winning-strategy slug. Skips Claude generation entirely — deploys a pre-saved strategy known to backtest well on the chosen symbol. Available slugs: ema_cross_fast, momentum, scalper_stack, sma_only, trend_ema, volatility, bb_squeeze, all_mix, pivot_kid_ema. Not every slug exists for every symbol — call list_models afterwards to confirm what deployed. community_id: Copy-trade a published community strategy. Pass the id of an entry from browse_community. Loads that exact strategy code, skips Claude generation, then trains + deploys it. symbol/timeframe still apply to the backtest+deploy. webhook_url: Optional webhook to receive live signals. telegram_chat_id: Optional Telegram chat ID for signal delivery. Returns IMMEDIATELY (the deploy runs in the background so the live card can stream progress) with: - job_token (str): pass to get_deploy_result to fetch the final result. - poll_url (str): the card polls this for live progress; you can ignore it. - pending (bool): always true here — the deploy is still running. - symbol, timeframe (str). Call this EXACTLY ONCE per request. Pass the user's words as prompt; do not pre-pick presets/community strategies — the server routes (vague → a proven community strategy, specific rules → a fresh generation). NEXT STEP (always): call get_deploy_result(job_token) ONCE — it blocks until the deploy finishes and returns the out-of-sample stats + stem + source/author as TEXT so you can summarize. The live card already shows the chart, so you do NOT need get_model_chart. If source='community', tell the user it used a pre-existing strategy by @author and offer to generate a custom one.. It is categorised as a Execute tool in the Quantifyme MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Register the Quantifyme MCP server in PolicyLayer and add a rule for one_shot: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Quantifyme. Nothing to install.
one_shot is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the one_shot rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for one_shot. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
one_shot is provided by the Quantifyme MCP server (https://mcp.quantifyme.ai/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 11 Quantifyme tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.