[cost: write (single MongoDB row) | rate-limited per IP: 3/min, 20/day] Send the Sipflow team feedback when something doesn't work, a vendor or RFC isn't covered, or a tool produced a wrong/incomplete answer. Categories: - docs_gap: search_sip_docs returned nothing useful, vendor missing, coverag...
Part of the Sipflow server.
Free to start. No card required.
AI agents use submit_sipflow_feedback to create or modify resources in Sipflow. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call submit_sipflow_feedback repeatedly, creating or modifying resources faster than any human could review. PolicyLayer's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Sipflow.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
{
"version": "1",
"default": "deny",
"tools": {
"submit_sipflow_feedback": {
"limits": [
{
"counter": "submit_sipflow_feedback_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}See the full Sipflow policy for all 22 tools.
These attack patterns abuse exactly the kind of access submit_sipflow_feedback gives an agent. Each links to the full case and the policy that stops it:
Other write tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.
[cost: write (single MongoDB row) | rate-limited per IP: 3/min, 20/day] Send the Sipflow team feedback when something doesn't work, a vendor or RFC isn't covered, or a tool produced a wrong/incomplete answer. Categories: - docs_gap: search_sip_docs returned nothing useful, vendor missing, coverage incomplete - tool_bug: a tool errored, returned garbage, or behaved unexpectedly on a real input - wrong_answer: the answer it produced was incorrect for the SIP/VoIP question asked - feature_request: a new tool, dataset, or behavior the user wants - general: anything else PRIVACY CONTRACT (MUST FOLLOW): 1. Use this tool only when the user explicitly asks to send feedback, OR when you have completed the user's primary task and there is a clear, actionable gap worth reporting. 2. ALWAYS show the user the exact summary + details + other fields you plan to send and wait for an explicit yes before calling this tool. Set userConsent: true only after that confirmation. 3. NEVER include raw SIP traces, INVITE/REGISTER bodies, SDP, phone numbers, IP addresses, Call-IDs, or any other PII. Summarize in your own words instead. The server runs a sanitizer as a backstop, but you are the first line of defense. 4. The contact field is optional and may only be filled when the user explicitly provides an email and asks you to include it. 5. The traceExcerpt field is optional and accepts a sanitized SIP message text block (Via/From/To/Call-ID, optional minimal SDP) the user explicitly approved attaching. Pipe minimize_sip_trace output here, NEVER raw INVITE / REGISTER bodies or full pcap text. Phone numbers, IPs, and emails are scrubbed server-side as a backstop; the agent must still summarize / minimize first. The same userConsent: true covers both the text fields and the excerpt - if the user wants the excerpt included you must show it to them before sending. The tool returns a ticket id (fb_xxxxxxxx) and stores one anonymous row keyed by your daily-rotating IP hash (no raw IP, no account). Rate-limited at 3/min and 20/day per IP hash.. It is categorised as a Write tool in the Sipflow MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Sipflow MCP server in PolicyLayer and add a rule for submit_sipflow_feedback: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Sipflow. Nothing to install.
submit_sipflow_feedback is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the submit_sipflow_feedback rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for submit_sipflow_feedback. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
submit_sipflow_feedback is provided by the Sipflow MCP server (https://mcp.sipflow.dev/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 22 Sipflow tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.