Step 2 of 2. Verifies the OTP, issues the first API key (shown once — store immediately), and returns Stripe onboarding URL. Hand the Stripe URL to the human; poll bootstrap_poll until ready. **When to use:** The human pasted the OTP. Call this once with bootstrap_token + otp_code to mint the AP...
Bulk/mass operation — affects multiple targets
Part of the Listbee MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents call bootstrap_verify to retrieve information from Listbee without modifying any data. This is common in research, monitoring, and reporting workflows where the agent needs context before taking action. Because read operations don't change state, they are generally safe to allow without restrictions -- but you may still want rate limits to control API costs.
Even though bootstrap_verify only reads data, uncontrolled read access can leak sensitive information or rack up API costs. An agent caught in a retry loop could make thousands of calls per minute. A rate limit gives you a safety net without blocking legitimate use.
Read-only tools are safe to allow by default. No rate limit needed unless you want to control costs.
tools:
bootstrap_verify:
rules:
- action: allowSee the full Listbee policy for all 2 tools.
Agents calling read-class tools like bootstrap_verify have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Read risk category across the catalogue. The same policy patterns (rate-limit, allow) apply to each.
Step 2 of 2. Verifies the OTP, issues the first API key (shown once — store immediately), and returns Stripe onboarding URL. Hand the Stripe URL to the human; poll bootstrap_poll until ready. **When to use:** The human pasted the OTP. Call this once with bootstrap_token + otp_code to mint the API key. **Tips:** - Store the api_key IMMEDIATELY — it is shown once and cannot be recovered - After receiving the key, restart this MCP session with the key to unlock all tools - After 5 failed OTP attempts the bootstrap_token is invalidated — call bootstrap_start again - Hand the stripe_onboarding_url to the human; poll bootstrap_poll every 30s until ready=true **Note:** This action requires human intervention. You cannot complete it yourself.. It is categorised as a Read tool in the Listbee MCP Server, which means it retrieves data without modifying state.
Add a rule in your Intercept YAML policy under the tools section for bootstrap_verify. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Listbee MCP server.
bootstrap_verify is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the bootstrap_verify rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for bootstrap_verify. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
bootstrap_verify is provided by the Listbee MCP server (listbee-mcp). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept