@policylayer/mcp

MCP server for PolicyLayer spending controls. Add policy-governed payments to any AI agent in one config block.

Works with Claude Desktop, Claude Code, Cursor, and any MCP-compatible client.

Quick start

Read-only mode (validate, check budget, view history)

{ "mcpServers": { "policylayer": { "command": "npx", "args": ["-y", "@policylayer/mcp"], "env": { "POLICYLAYER_API_KEY": "pl_live_xxx" } } } }

Execution mode (send transactions)

{ "mcpServers": { "policylayer": { "command": "npx", "args": ["-y", "@policylayer/mcp"], "env": { "POLICYLAYER_API_KEY": "pl_live_xxx", "WALLET_ADAPTER": "viem", "WALLET_PRIVATE_KEY": "0x...", "CHAIN": "base", "RPC_URL": "https://mainnet.base.org" } } } }

Get your API key at app.policylayer.com.

Tools

Tool	Mode	Description
validate_transaction	read-only	Check if a transaction would be allowed. Advisory only, no budget reserved.
check_budget	read-only	View remaining spending capacity across all policies.
list_policies	read-only	List active spending policies for your API key.
transaction_history	read-only	Recent policy decisions for audit and context.
send_transaction	execution	Validate, sign, and broadcast a policy-governed transaction.

validate_transaction

Dry-run policy check. The agent can call this freely without side effects.

> validate_transaction chain="base" asset="usdc" to="0x742d...bD18" amount="100.50"

Transaction would be approved.

Chain: Base
Asset: USDC
Amount: 100.50 USDC
To: 0x742d...bD18

Policy checks: all passed.
Remaining daily budget: 549.50 USDC

Note: This is an advisory check. No budget has been reserved.
Use send_transaction to execute.

send_transaction

Full two-gate flow: validate against policies, sign locally, broadcast to chain.

Your private key never leaves your machine. PolicyLayer only sees the transaction intent, not the key.

> send_transaction chain="base" asset="usdc" to="0x742d...bD18" amount="100.50"

Transaction sent.

Chain: Base
Asset: USDC
To: 0x742d...bD18
Amount: 100.50 USDC
Tx hash: 0xabc123...def456
Block explorer: https://basescan.org/tx/0xabc123...def456

Remaining daily budget: 449.00 USDC

Environment variables

Variable	Required	Description
POLICYLAYER_API_KEY	yes	API key from the PolicyLayer dashboard.
WALLET_ADAPTER	no	viem (default) or ethers.
WALLET_PRIVATE_KEY	no	Enables execution mode.
CHAIN	no	Required with wallet. e.g. base, ethereum.
RPC_URL	no	Required for viem/ethers adapters.
POLICYLAYER_API_URL	no	Override API URL. Defaults to https://api.policylayer.com.

Supported assets

Amounts are human-readable. The server handles conversion to base units.

Asset	Decimals	Native on
ETH	18	Ethereum, Base, Arbitrum, Optimism
USDC	6	Token addresses auto-resolved for Ethereum, Base, Arbitrum, Polygon
USDT	6	Ethereum
DAI	18	Ethereum
WETH	18	Base
MATIC	18	Polygon
SOL	9	Solana

For unlisted tokens, provide the tokenAddress parameter.

How it works

PolicyLayer enforces spending limits on AI agent wallets without custodying private keys.

1. Agent calls a tool (e.g. send_transaction)
2. MCP server converts human amounts to base units, resolves token addresses
3. PolicyLayer API evaluates the transaction against your spending policies
4. If approved, the transaction is signed locally using your wallet adapter
5. Transaction is broadcast to the chain

If the API is unreachable, all transactions are blocked (fail-closed).

Programmatic usage

import { createServer } from '@policylayer/mcp';

const server = createServer({ apiKey: process.env.POLICYLAYER_API_KEY!, apiUrl: 'https://api.policylayer.com', });

Requirements

• Node.js >= 20
• A PolicyLayer account with API key and configured spending policies

Links

• PolicyLayer Dashboard
• Documentation
• GitHub

Licence

MIT