suggest_rule

Create a new app rule in your tru wallet. Use this after manually approving a charge to set up auto-approval for future similar charges. Supports spending limits (auto-approve up to $X per period), action permissions (allow/deny specific actions), and escalation thresholds (ask before charges abo...

Server Tru tru-mcp
Category Write
Risk class Medium
Parameters 92 required

What suggest_rule does on Tru

AI agents use suggest_rule to create or update resources in Tru — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Tru environment.

ParameterTypeRequiredDescription
label string Yes Human-readable name for this rule (e.g. 'Auto-approve small purchases')
app_id string Limit rule to a specific app (omit for global rule)
rule_type string Yes Type of rule: 'spending_limit' for auto-approve up to an amount, 'action_permission' to allow/deny specific actions, 'escalation' to require approval above a th
action_name string For action_permission: the action to allow/deny
action_allowed boolean For action_permission: true to allow, false to deny
spending_period string For spending_limit: time period for the limit
escalation_action string For escalation: 'ask' to prompt user, 'deny' to block
spending_limit_cents integer For spending_limit: max amount in cents per period (e.g. 5000 for $50)
escalation_threshold_cents integer For escalation: amount in cents above which to escalate

Parameters from the server's own tool schema.

Why suggest_rule needs a policy

This tool creates or modifies rules that govern financial authorization and spending limits. While it doesn't directly move money, it configures automated decision-making for future financial transactions ('auto-approve up to $X per period').

From the tool's definition 'Create a new app rule in your tru wallet' — this creates a configuration object that modifies approval behavior for future charges. The tool establishes new rules that alter how payments are automatically processed.

Questions about suggest_rule

What does the suggest_rule tool do? +

Create a new app rule in your tru wallet. Use this after manually approving a charge to set up auto-approval for future similar charges. Supports spending limits (auto-approve up to $X per period), action permissions (allow/deny specific actions), and escalation thresholds (ask before charges above $X). Requires login first (use the login tool). It is categorised as a Write tool in the Tru MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

What parameters does suggest_rule accept? +

suggest_rule accepts 9 parameters: label, app_id, rule_type, action_name, action_allowed, spending_period, escalation_action, spending_limit_cents, escalation_threshold_cents. Required: label, rule_type. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on suggest_rule? +

Register the Tru MCP server in PolicyLayer and add a rule for suggest_rule: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Tru. Nothing to install.

What risk level is suggest_rule? +

suggest_rule is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit suggest_rule? +

Yes. Add a rate_limit block to the suggest_rule rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block suggest_rule completely? +

Set action: deny in the PolicyLayer policy for suggest_rule. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides suggest_rule? +

suggest_rule is provided by the Tru MCP server (tru-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.