// MCP TOOL REFERENCE
Medium Risk

acc_create_rfi

Create a new Request For Information (RFI) in an ACC project via the APS Construction RFIs API. RFI is created in 'draft' status — the project workflow owner typically transitions it to 'submitted'. When to use: The user needs a formal question-of-record to the design or GC team — e.g. 'raise an ...

Part of the ACC MCP server.

acc_create_rfi can modify ACC MCP data, with no limits today. PolicyLayer puts allow, deny, and rate-limit rules on every call. Live in minutes.

SECURE ACC MCP →

Free to start. No card required.

WHEN AGENTS USE THIS TOOL

AI agents use acc_create_rfi to create or modify resources in ACC MCP. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.

Without a policy, an AI agent could call acc_create_rfi repeatedly, creating or modifying resources faster than any human could review. PolicyLayer's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach ACC MCP.

RECOMMENDED POLICY

Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.

policy.json 
{
  "version": "1",
  "default": "deny",
  "tools": {
    "acc_create_rfi": {
      "limits": [
        {
          "counter": "acc_create_rfi_rate",
          "window": "minute",
          "max": 30,
          "scope": "grant"
        }
      ]
    }
  }
}

See the full ACC MCP policy for all 9 tools.

Get this rule live on your own ACC MCP server in minutes. PolicyLayer enforces it on every call, before it runs.

ENFORCE ON MY ACC MCP →

MORE ACC MCP TOOLS

Execute acc_project_summary Write acc_create_issue Write acc_update_issue Write acc_upload_file Read acc_list_issues Read acc_list_projects Read acc_list_rfis Read acc_search_documents

View all 9 tools →

WHAT CAN GO WRONG

These attack patterns abuse exactly the kind of access acc_create_rfi gives an agent. Each links to the full case and the policy that stops it:

Browse the full MCP Attack Database →

Every attack above starts with a tool call. PolicyLayer checks each one against your policy first, so acc_create_rfi only ever does what you allow.

SECURE ACC MCP →

OTHER WRITE TOOLS

Other write tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.

Firecrawl Web Scraping Server firecrawl_generate_llmstxt AbraFlexi contact_create AbraFlexi contact_update AbraFlexi evidence_create AbraFlexi evidence_update AbraFlexi invoice_issued_update

RELATED READING

FAQ

What does the acc_create_rfi tool do? +

Create a new Request For Information (RFI) in an ACC project via the APS Construction RFIs API. RFI is created in 'draft' status — the project workflow owner typically transitions it to 'submitted'. When to use: The user needs a formal question-of-record to the design or GC team — e.g. 'raise an RFI asking for clarification on the Level 2 beam schedule'. RFIs are the auditable channel for clarifications; issues are for field observations. When NOT to use: Do not use for informal observations (use acc_create_issue) or to answer an existing RFI (not supported here). APS scopes: data:read data:write account:read. Rate limits: APS default ~50 req/min per endpoint per app. RFIs share the Construction API umbrella with issues (~100 req/min combined). Errors: 401 (APS token expired — refresh); 403 (user lacks RFI create permission on project); 404 (project_id not found — verify 'b.' prefix and hub membership); 422 (validation — subject/question missing or priority enum invalid); 429 (rate limit — back off 60s); 5xx (ACC upstream — retry with jitter, check for duplicate before retrying). Side effects: Creates a persistent RFI record. NOT idempotent — retry on 5xx risks duplicates; dedupe by subject before retrying.. It is categorised as a Write tool in the ACC MCP MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

How do I enforce a policy on acc_create_rfi? +

Register the ACC MCP server in PolicyLayer and add a rule for acc_create_rfi: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches ACC MCP. Nothing to install.

What risk level is acc_create_rfi? +

acc_create_rfi is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit acc_create_rfi? +

Yes. Add a rate_limit block to the acc_create_rfi rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block acc_create_rfi completely? +

Set action: deny in the PolicyLayer policy for acc_create_rfi. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides acc_create_rfi? +

acc_create_rfi is provided by the ACC MCP server (https://acc-mcp.itmartin24.workers.dev/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every ACC MCP tool call.

Deterministic rules across all 9 ACC MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE ACC MCP →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.