tracepass_passports

Manage Digital Product Passports — create, read, and run lifecycle actions. IMPORTANT: create consumes a DPP slot on the account's plan and IS BILLABLE. Creating a passport beyond the included quota incurs a per-passport overage charge; if over quota the tool returns a 402-style message — only re...

Server Tracepass https://ai.tracepass.eu/mcp
Category Financial
Risk class Critical
Parameters 21 required

What tracepass_passports does on Tracepass

AI agents use tracepass_passports to commit financial operations through Tracepass — usually the final step of a payment, billing, or trading workflow. A call moves real money.

ParameterTypeRequiredDescription
args object Arguments for the chosen action; required fields depend on `action` (see each action above).
action string Yes Which passport operation to run. Reads: list | get | get_by_serial | compliance | get_qr. Lifecycle: create (BILLABLE) | suspend (reversible) | archive (IRREVER

Parameters from the server's own tool schema.

Why tracepass_passports needs a policy

The tool can commit financial obligations by creating billable DPP slots and triggering overage charges beyond a plan's quota. It also includes an irreversible 'archive' action. Financial risk is the highest severity category and takes precedence over the destructive archive action, making this a critical-severity Financial tool.

From the tool's definition 'create' consumes a DPP slot on the account's plan and IS BILLABLE... incurs a per-passport overage charge; if over quota the tool returns a 402-style message — only re-run with args.confirmOverage=true after the user explicitly agrees to the charge

Risk signalsHigh parameter count (14 properties)

Questions about tracepass_passports

What does the tracepass_passports tool do? +

Manage Digital Product Passports — create, read, and run lifecycle actions. IMPORTANT: create consumes a DPP slot on the account's plan and IS BILLABLE. Creating a passport beyond the included quota incurs a per-passport overage charge; if over quota the tool returns a 402-style message — only re-run with args.confirmOverage=true after the user explicitly agrees to the charge. archive is IRREVERSIBLE (the public QR permanently 404s); prefer suspend when a change might be undone. Actions (pass via action, with args): - list — args: { page?, limit? (≤100), productId?, status?, search? }. status ∈ draft|in_review|approved|published|suspended|expired|archived. Read-only. - get — args: { id, format? (summary|full), lang? }. Read-only. - get_by_serial — args: { serial, format?, lang?, gtin? }. Read-only. Addresses the passport by your own serial. A serial is unique only WITHIN a GTIN — if the same serial exists under two GTINs in your account the call returns 409 ambiguous_serial; pass gtin (or use the by-id action) to resolve exactly. - compliance — args: { id }. Read-only. Returns a three-tier compliance verdict (compliant | compliant_with_warnings | incomplete) with regulation-cited findings — use to gap-check a passport against the rules for its category, fix the cited fields/parties, then re-check. - create — args: { productId, gtin, serialNumber, confirmOverage? }. BILLABLE. - suspend — args: { id }. Reversible — public QR shows 'suspended'. - suspend_by_serial — args: { serial, gtin? }. Same as suspend, addressed by your serial. 409 ambiguous_serial if the serial isn't unique in your account — pass gtin. - archive — args: { id }. IRREVERSIBLE — confirm with the user first. - archive_by_serial — args: { serial, gtin? }. IRREVERSIBLE, addressed by your serial — confirm first. 409 ambiguous_serial if the serial isn't unique — pass gtin. - get_qr — args: { id, format? (svg|png) }. Read-only. It is categorised as a Financial tool in the Tracepass MCP Server, which means it involves financial transactions. Block by default and require explicit approval.

What parameters does tracepass_passports accept? +

tracepass_passports accepts 2 parameters: args, action. Required: action. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on tracepass_passports? +

Register the Tracepass MCP server in PolicyLayer and add a rule for tracepass_passports: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Tracepass. Nothing to install.

What risk level is tracepass_passports? +

tracepass_passports is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.

Can I rate-limit tracepass_passports? +

Yes. Add a rate_limit block to the tracepass_passports rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block tracepass_passports completely? +

Set action: deny in the PolicyLayer policy for tracepass_passports. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides tracepass_passports? +

tracepass_passports is provided by the Tracepass MCP server (https://ai.tracepass.eu/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.