Manage Digital Product Passports — create, read, and run lifecycle actions. IMPORTANT: create consumes a DPP slot on the account's plan and IS BILLABLE. Creating a passport beyond the included quota incurs a per-passport overage charge; if over quota the tool returns a 402-style message — only re...
AI agents use tracepass_passports to commit financial operations through Tracepass — usually the final step of a payment, billing, or trading workflow. A call moves real money.
| Parameter | Type | Required | Description |
|---|---|---|---|
args | object | — | Arguments for the chosen action; required fields depend on `action` (see each action above). |
action | string | Yes | Which passport operation to run. Reads: list | get | get_by_serial | compliance | get_qr. Lifecycle: create (BILLABLE) | suspend (reversible) | archive (IRREVER |
Parameters from the server's own tool schema.
The tool can commit financial obligations by creating billable DPP slots and triggering overage charges beyond a plan's quota. It also includes an irreversible 'archive' action. Financial risk is the highest severity category and takes precedence over the destructive archive action, making this a critical-severity Financial tool.
From the tool's definition 'create' consumes a DPP slot on the account's plan and IS BILLABLE... incurs a per-passport overage charge; if over quota the tool returns a 402-style message — only re-run with args.confirmOverage=true after the user explicitly agrees to the charge
Risk signalsHigh parameter count (14 properties)
Attacks that exploit this kind of access
Manage Digital Product Passports — create, read, and run lifecycle actions. IMPORTANT: create consumes a DPP slot on the account's plan and IS BILLABLE. Creating a passport beyond the included quota incurs a per-passport overage charge; if over quota the tool returns a 402-style message — only re-run with args.confirmOverage=true after the user explicitly agrees to the charge. archive is IRREVERSIBLE (the public QR permanently 404s); prefer suspend when a change might be undone. Actions (pass via action, with args): - list — args: { page?, limit? (≤100), productId?, status?, search? }. status ∈ draft|in_review|approved|published|suspended|expired|archived. Read-only. - get — args: { id, format? (summary|full), lang? }. Read-only. - get_by_serial — args: { serial, format?, lang?, gtin? }. Read-only. Addresses the passport by your own serial. A serial is unique only WITHIN a GTIN — if the same serial exists under two GTINs in your account the call returns 409 ambiguous_serial; pass gtin (or use the by-id action) to resolve exactly. - compliance — args: { id }. Read-only. Returns a three-tier compliance verdict (compliant | compliant_with_warnings | incomplete) with regulation-cited findings — use to gap-check a passport against the rules for its category, fix the cited fields/parties, then re-check. - create — args: { productId, gtin, serialNumber, confirmOverage? }. BILLABLE. - suspend — args: { id }. Reversible — public QR shows 'suspended'. - suspend_by_serial — args: { serial, gtin? }. Same as suspend, addressed by your serial. 409 ambiguous_serial if the serial isn't unique in your account — pass gtin. - archive — args: { id }. IRREVERSIBLE — confirm with the user first. - archive_by_serial — args: { serial, gtin? }. IRREVERSIBLE, addressed by your serial — confirm first. 409 ambiguous_serial if the serial isn't unique — pass gtin. - get_qr — args: { id, format? (svg|png) }. Read-only. It is categorised as a Financial tool in the Tracepass MCP Server, which means it involves financial transactions. Block by default and require explicit approval.
tracepass_passports accepts 2 parameters: args, action. Required: action. The full parameter table on this page comes from the server's own tool schema.
Register the Tracepass MCP server in PolicyLayer and add a rule for tracepass_passports: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Tracepass. Nothing to install.
tracepass_passports is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the tracepass_passports rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for tracepass_passports. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
tracepass_passports is provided by the Tracepass MCP server (https://ai.tracepass.eu/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →