Generate an ACP (Agent Commerce Protocol) bearer token for an app so external AI agents can create checkout sessions and pay via Shared Payment Tokens. Requires the app to have Stripe Connect active with charges enabled. Returns the bearer token and the ACP checkout base URL. The token should be ...
AI agents invoke dev_enable_acp to trigger actions in Tru. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
| Parameter | Type | Required | Description |
|---|---|---|---|
service_name | string | — | The service_name of the app. If omitted, uses the app from ~/.tru/config.json. |
Parameters from the server's own tool schema.
This tool generates a bearer token that enables external AI agents to create checkout sessions and process payments via Stripe Connect. While the tool itself is a token generation/configuration action (Execute), it directly enables financial transactions by external agents.
From the tool's definition Generate an ACP (Agent Commerce Protocol) bearer token... so external AI agents can create checkout sessions and pay via Shared Payment Tokens. Requires the app to have Stripe Connect active with charges enabled.
Attacks that exploit this kind of access
Generate an ACP (Agent Commerce Protocol) bearer token for an app so external AI agents can create checkout sessions and pay via Shared Payment Tokens. Requires the app to have Stripe Connect active with charges enabled. Returns the bearer token and the ACP checkout base URL. The token should be shared with agent platforms (OpenAI, Anthropic, etc.) during ACP onboarding. It is categorised as a Execute tool in the Tru MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
dev_enable_acp accepts 1 parameter: service_name. The full parameter table on this page comes from the server's own tool schema.
Register the Tru MCP server in PolicyLayer and add a rule for dev_enable_acp: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Tru. Nothing to install.
dev_enable_acp is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the dev_enable_acp rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for dev_enable_acp. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
dev_enable_acp is provided by the Tru MCP server (tru-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →