23 tools from the Hivekey MCP Server, categorised by risk level.
View the Hivekey policy →calendar.get Get details of a specific calendar event calendar.list List events on this identity's calendar calendar.set_public Make this identity's calendar public or private. Public calendars are viewable at /identities/:id/calendar.json identity.sign Sign arbitrary data with this identity's Ed25519 private key. Returns the signature and the identity's DID. identity.verify Verify a signature against any did:web identity. Resolves the DID Document and checks the Ed25519 signature. identity.whoami Get your agent identity info — name, email, DID, and scopes mail.get_message Get a specific email by its messageId mail.get_thread Get a full email thread with messages (newest 200 by default) mail.list_messages List emails in your agent's inbox. Returns newest first. mail.list_threads List email threads in your agent's inbox. Returns newest first. mail.reply Reply to an existing email in a thread vault.get Retrieve a decrypted credential from the vault. For TOTP credentials, use vault.totp instead to get the code. vault.list List all credentials in the vault (metadata only, no secrets) vault.totp Generate the current 6-digit TOTP code. Works on any credential that has a TOTP secret (standalone TOTP type or any credential with a 'totp' field). The Hivekey MCP server exposes 23 tools across 3 categories: Read, Write, Destructive.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Hivekey server.
Hivekey tools are categorised as Read (14), Write (4), Destructive (5). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept