Mark a story as verified when the work was completed outside loopctl (e.g. before the project was onboarded). REFUSED for stories that have any loopctl dispatch lineage — non-pending agent_status, assigned_agent_id, implementer_dispatch_id, or verifier_dispatch_id set. Also refused for stories al...
Part of the Loopctl MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents use backfill_story to create or modify resources in Loopctl. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call backfill_story repeatedly, creating or modifying resources faster than any human could review. Intercept's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Loopctl.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
tools:
backfill_story:
rules:
- action: allow
rate_limit:
max: 30
window: 60See the full Loopctl policy for all 49 tools.
Agents calling write-class tools like backfill_story have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Write risk category across the catalogue. The same policy patterns (rate-limit, validate) apply to each.
Mark a story as verified when the work was completed outside loopctl (e.g. before the project was onboarded). REFUSED for stories that have any loopctl dispatch lineage — non-pending agent_status, assigned_agent_id, implementer_dispatch_id, or verifier_dispatch_id set. Also refused for stories already `:verified` (idempotent no-op when the same payload is sent) or `:rejected`. Records a provenance marker in `metadata.backfill` plus an audit event and a `story.backfilled` webhook. REQUIRES `reason`. Strongly recommend passing `evidence_url` (http/https, no credentials in userinfo) and `pr_number`.. It is categorised as a Write tool in the Loopctl MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Add a rule in your Intercept YAML policy under the tools section for backfill_story. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Loopctl MCP server.
backfill_story is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the backfill_story rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for backfill_story. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
backfill_story is provided by the Loopctl MCP server (loopctl-mcp-server). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept