Manage billing, plans, usage, and spending caps for the Butterbase platform account. This is a platform-scoped tool — it operates on the authenticated account, not on a specific app. Actions: - "status": Get current plan, usage summary, and spending cap in one call - "portal": Generate a Stripe b...
Part of the Mcp server.
Free to start. No card required.
AI agents use manage_billing to create or modify resources in Mcp. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call manage_billing repeatedly, creating or modifying resources faster than any human could review. PolicyLayer's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Mcp.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
{
"version": "1",
"default": "deny",
"tools": {
"manage_billing": {
"limits": [
{
"counter": "manage_billing_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}See the full Mcp policy for all 47 tools.
These attack patterns abuse exactly the kind of access manage_billing gives an agent. Each links to the full case and the policy that stops it:
Other write tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.
Manage billing, plans, usage, and spending caps for the Butterbase platform account. This is a platform-scoped tool — it operates on the authenticated account, not on a specific app. Actions: - "status": Get current plan, usage summary, and spending cap in one call - "portal": Generate a Stripe billing portal URL for payment method / invoice management - "topup": Add credit to the account balance (prepaid top-up) - "cap_get": Retrieve the current monthly spending cap - "cap_raise": Raise the monthly spending cap by a given amount - "plans": List all available subscription plans with pricing - "usage": Query detailed metered usage for a date range and optional meter type Parameters by action: status: { action: "status" } portal: { action: "portal" } topup: { action: "topup", amount: <number in USD cents> } cap_get: { action: "cap_get" } cap_raise: { action: "cap_raise", raise_by: <number in USD cents> } plans: { action: "plans" } usage: { action: "usage", start_date?: "YYYY-MM-DD", end_date?: "YYYY-MM-DD", meter?: "compute" | "storage" | ... } Examples: Check current plan and balance: Input: { action: "status" } Output: { plan: "pro", balance_cents: 5000, spending_cap_cents: 20000, usage: { ... } } Open billing portal: Input: { action: "portal" } Output: { url: "https://billing.stripe.com/session/..." } Top up $25: Input: { action: "topup", amount: 2500 } Output: { success: true, new_balance_cents: 7500 } Get current spending cap: Input: { action: "cap_get" } Output: { spending_cap_cents: 20000 } Raise spending cap by $50: Input: { action: "cap_raise", raise_by: 5000 } Output: { spending_cap_cents: 25000 } List available plans: Input: { action: "plans" } Output: [{ id: "free", name: "Free", ... }, { id: "pro", name: "Pro", ... }] Query compute usage for April 2025: Input: { action: "usage", start_date: "2025-04-01", end_date: "2025-04-30", meter: "compute" } Output: { usage: [{ date: "2025-04-01", value: 1234 }, ...] } Common errors: - AUTH_INSUFFICIENT_PERMISSIONS: Must be authenticated as the account owner - INSUFFICIENT_BALANCE: Account balance too low for top-up operation - INVALID_AMOUNT: amount / raise_by must be a positive integer (cents). It is categorised as a Write tool in the Mcp MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the MCP server in PolicyLayer and add a rule for manage_billing: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Mcp. Nothing to install.
manage_billing is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the manage_billing rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for manage_billing. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
manage_billing is provided by the MCP server (@butterbase/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 47 Mcp tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.