GuidesPolicy CookbookCommon authorization policy patterns.Policy Cookbook Read-only Browsing { id: 'browse', tool: 'catalog.*', minTrust: 'detected', allowedClasses: [], decision: 'allow' } Verified Checkout { id: 'checkout', tool: 'cart.checkout', minTrust: 'verified', allowedClasses: [], decision: 'allow' } Linked Account Actions { id: 'account', tool: 'account.*', minTrust: 'linked', allowedClasses: [], decision: 'allow' } Internal Agent Allowlist { id: 'internal', tool: 'admin.*', minTrust: 'verified', allowedClasses: ['webmcp'], decision: 'allow' } Tiered Rate Limits { id: 'cart-rate', tool: 'cart.*', minTrust: 'declared', allowedClasses: [], decision: 'allow', rateLimit: { max: 20, windowSeconds: 60 } }PreviousTool managementNextSite memory cookbook