**Scope:** This tool returns **raw, event-level data** (individual events with timestamps). Use **report-tool** when you need aggregated counts, time-series summaries, or analytics over intervals. **Vehicles vs lpr-tool:** **eventType "camera"** returns **footage seekpoints** from that camera's...
High parameter count (19 properties); Bulk/mass operation — affects multiple targets; Admin/system-level operation
Part of the Rhombus Node MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents invoke events-tool to trigger processes or run actions in Rhombus Node. Execute operations can have side effects beyond the immediate call -- triggering builds, sending notifications, or starting workflows. Rate limits and argument validation are essential to prevent runaway execution.
events-tool can trigger processes with real-world consequences. An uncontrolled agent might start dozens of builds, send mass notifications, or kick off expensive compute jobs. Intercept enforces rate limits and validates arguments to keep execution within safe bounds.
Execute tools trigger processes. Rate-limit and validate arguments to prevent unintended side effects.
tools:
events-tool:
rules:
- action: allow
rate_limit:
max: 10
window: 60
validate:
required_args: trueSee the full Rhombus Node policy for all 30 tools.
Agents calling execute-class tools like events-tool have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Execute risk category across the catalogue. The same policy patterns (rate-limit, validate) apply to each.
events-tool is one of the high-risk operations in Rhombus Node. For the full severity-focused view — only the high-risk tools with their recommended policies — see the breakdown for this server, or browse all high-risk tools across every MCP server.
**Scope:** This tool returns **raw, event-level data** (individual events with timestamps). Use **report-tool** when you need aggregated counts, time-series summaries, or analytics over intervals. **Vehicles vs lpr-tool:** **eventType "camera"** returns **footage seekpoints** from that camera's recording timeline—**every activity type** the API returns for the window (human motion, vehicle motion, and others depending on the camera and analytics). Some rows may include plate or vehicle metadata on the seekpoint. **lpr-tool** is still the right choice for **org LPR workflows**: saved vehicles, vehicle labels, fuzzy plate search, and vehicle event APIs—not a replacement for "everything this camera logged on its timeline." This tool has multiple modes, set by "eventType": access-control, brivo-access-control, environmental-gateway, climate-sensor, component-events, camera. Use it when the user asks for specific events (unlocks, badge ins, credentials, arrivals, environmental readings, climate data, camera timeline activity, or other component events). It can return large result sets; keep time ranges narrow. For ranges spanning more than ~24 hours, prefer report-tool for aggregates. For maximum flexibility across event types at a location, use eventType "component-events". --- When eventType is "brivo-access-control": Retrieves badge/credential events from Brivo-integrated doors. Automatically fetches the Brivo integration configuration to determine which locations have Brivo doors mapped. No door UUIDs are required. Use this when the user asks specifically about Brivo events, Brivo badge ins, Brivo access control, or events from Brivo doors. Arguments: * **startTime (string):** Start of the time range (ISO 8601). * **endTime (string):** End of the time range (ISO 8601). Returns: * **integrationEnabled:** Whether the Brivo integration is currently enabled. * **brivoDoorsConfigured:** Number of Brivo doors configured in the integration. * **brivoDoors:** List of Brivo doors with their IDs, names, and associated Rhombus location UUIDs. * **events:** Credential received events from all locations that have Brivo doors configured, sorted newest first. Note: Events are fetched at the location level, so results may include events from all access-controlled doors at locations where Brivo is configured. --- When eventType is "access-control": Retrieves access control events (arrivals, badge ins, credentials, unlocks) for the given door(s). Can return a lot of data—use a narrow time range. Arguments: * **accessControlledDoorUuids (array of strings):** UUIDs of the access-controlled doors. * **startTime (string):** Start of the time range (ISO 8601). * **endTime (string):** End of the time range (ISO 8601). The `credSource` field indicates how the event was triggered: * **REMOTE:** Rhombus Key app remote unlock. * **REMOTE (Admin):** Unlock via Rhombus console or browser/mobile app. * **BLE_WAVE:** User waved hand over the reader. * **NFC:** User tapped badge or phone on the reader. --- Retrieves environmental gateway events (sensor readings, derived values) for a device in a time range. Timestamps are in the **device** timezone, not necessarily UTC. Arguments: * **deviceUuid (string):** UUID of the environmental gateway device. * **startTime (string):** Start of range (ISO 8601). * **endTime (string):** End of range (ISO 8601). --- When eventType is "climate-sensor": Retrieves climate sensor events (temperature, humidity, air quality, etc.) for a sensor in a time range. Timestamps are in the **sensor** timezone, not necessarily UTC. Arguments: * **sensorUuid (string):** UUID of the climate sensor. * **startTime (string):** Start of range (ISO 8601). * **endTime (string):** End of range (ISO 8601). * **limit (number, optional):** Max events to return. Default 1000. --- When eventType is "component-events": Retrieves all component event types for a location in a time range. Most flexible option; filter by event type via componentEventTypes. Timestamps are in the **location** timezone, not necessarily UTC. Arguments: * **locationUuid (string):** UUID of the location. * **componentEventTypes (array, optional):** Event types to include. If empty or omitted, returns all types. * **startTime (string):** Start of range (ISO 8601). * **endTime (string):** End of range (ISO 8601). Valid event types include: * **DoorbellEvent:** Doorbell button press events * **CredentialReceivedEvent:** Badge/credential scans (NFC, BLE_WAVE, REMOTE unlocks) * **DoorStateChangeEvent:** Door state changes (locked/unlocked) * **ButtonEvent:** Generic button press events * **PanicButtonEvent:** Panic/emergency button activations * **DoorReaderStateChangeEvent:** Changes in door reader state * **DoorRelayStateChangeEvent:** Changes in door relay state * **AccessControlUnitTamperEvent:** Tamper detection events * **AccessControlUnitBatteryStateChangeEvent:** Battery state changes * **WaveToUnlockIntentExpiredEvent:** Wave-to-unlock timeout events * **DoorAuthFirstInStateEvent:** First-in authentication state events * **DoorScheduleFirstInStateEvent:** First-in schedule state events * And more (see input schema for full list). --- When eventType is "camera": Retrieves **footage seekpoints** for one camera: **all activity types** returned for the search window (not limited to human motion). Each item includes an **activity** string plus **timestamp**; plate/vehicle/face fields appear when the API provides them. Use **lpr-tool** for org LPR saved vehicles, labels, and dedicated plate search. Arguments: * **cameraUuid (string):** UUID of the camera. * **startTime (string):** Start of range (ISO 8601). * **duration (number):** Search window in seconds. Default 3600 (1 hour). **Output filtering (all tools):** - `includeFields` (string[]): Dot-notation paths to keep in the response (e.g. `"vehicleEvents.vehicleLicensePlate"`). Omit to return all fields. - `filterBy` (array): Predicates to filter array items. Each entry: `{field, op, value}` where op is one of `= != > >= < <= contains`. All conditions are ANDed. Example: `[{field:"vehicleLicensePlate", op:"=", value:"ABC123"}]` WARNING: some tool responses exceed 400k characters — use these params to request only the data you need.. It is categorised as a Execute tool in the Rhombus Node MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Add a rule in your Intercept YAML policy under the tools section for events-tool. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Rhombus Node MCP server.
events-tool is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the events-tool rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for events-tool. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
events-tool is provided by the Rhombus Node MCP server (rhombus-node-mcp). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept