// MCP TOOL REFERENCE
High Risk →

acc_project_summary

Fetch the full ACC project metadata record (name, type, status, dates, extension attributes) for a single project via APS Data Management. If hub_id is omitted the tool picks the first accessible hub, which may be wrong on multi-hub tenants. When to use: The user asks 'tell me about project X' or...

Part of the ACC MCP server.

acc_project_summary can trigger actions in ACC MCP, with no limits today. PolicyLayer puts allow, deny, and rate-limit rules on every call. Live in minutes.

SECURE ACC MCP →

Free to start. No card required.

WHEN AGENTS USE THIS TOOL

AI agents invoke acc_project_summary to trigger processes or run actions in ACC MCP. Execute operations can have side effects beyond the immediate call -- triggering builds, sending notifications, or starting workflows. Rate limits and argument validation are essential to prevent runaway execution.

acc_project_summary can trigger processes with real-world consequences. An uncontrolled agent might start dozens of builds, send mass notifications, or kick off expensive compute jobs. PolicyLayer enforces rate limits and validates arguments to keep execution within safe bounds.

RECOMMENDED POLICY

Execute tools trigger processes. Rate-limit and validate arguments to prevent unintended side effects.

policy.json 
{
  "version": "1",
  "default": "deny",
  "tools": {
    "acc_project_summary": {
      "limits": [
        {
          "counter": "acc_project_summary_rate",
          "window": "minute",
          "max": 10,
          "scope": "grant"
        }
      ]
    }
  }
}

See the full ACC MCP policy for all 9 tools.

Get this rule live on your own ACC MCP server in minutes. PolicyLayer enforces it on every call, before it runs.

ENFORCE ON MY ACC MCP →

MORE ACC MCP TOOLS

Write acc_create_issue Write acc_create_rfi Write acc_update_issue Write acc_upload_file Read acc_list_issues Read acc_list_projects Read acc_list_rfis Read acc_search_documents

View all 9 tools →

WHAT CAN GO WRONG

These attack patterns abuse exactly the kind of access acc_project_summary gives an agent. Each links to the full case and the policy that stops it:

Browse the full MCP Attack Database →

Every attack above starts with a tool call. PolicyLayer checks each one against your policy first, so acc_project_summary only ever does what you allow.

SECURE ACC MCP →

OTHER EXECUTE TOOLS

Other execute tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.

Atv build_stake_tx Atv build_unstake_tx Acdp start_local Pentagonal pentagonal_audit Pentagonal pentagonal_compile ACR — Agent Composition Records orient_me

RELATED READING

FAQ

What does the acc_project_summary tool do? +

Fetch the full ACC project metadata record (name, type, status, dates, extension attributes) for a single project via APS Data Management. If hub_id is omitted the tool picks the first accessible hub, which may be wrong on multi-hub tenants. When to use: The user asks 'tell me about project X' or an agent needs project metadata (start/end dates, type, Forma/BIM 360 flavor) before deciding which downstream tool to call. When NOT to use: Do not use as a cheap existence check — prefer acc_list_projects which returns hub_id with every project and is one call regardless of tenant size. APS scopes: data:read account:read. Forma / BIM 360 hubs endpoints only require data:read. Rate limits: APS default ~50 req/min per endpoint; BIM 360 hubs endpoints pageable (limit 200). Cache results for the session. Errors: 401 (APS token expired — refresh); 403 (user lacks project view or app not in account); 404 (project not in the chosen hub — supply the correct hub_id, or call acc_list_projects first); 422 (malformed project_id — confirm 'b.' prefix); 429 (rate limit — back off 60s); 5xx (ACC upstream — retry). Side effects: None. Read-only and idempotent.. It is categorised as a Execute tool in the ACC MCP MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

How do I enforce a policy on acc_project_summary? +

Register the ACC MCP server in PolicyLayer and add a rule for acc_project_summary: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches ACC MCP. Nothing to install.

What risk level is acc_project_summary? +

acc_project_summary is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit acc_project_summary? +

Yes. Add a rate_limit block to the acc_project_summary rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block acc_project_summary completely? +

Set action: deny in the PolicyLayer policy for acc_project_summary. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides acc_project_summary? +

acc_project_summary is provided by the ACC MCP server (https://acc-mcp.itmartin24.workers.dev/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every ACC MCP tool call.

Deterministic rules across all 9 ACC MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE ACC MCP →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.