Server data from the Official MCP Registry
Fail-closed refund, cancellation, return, and trial checks for 100 US subscription vendors.
Fail-closed refund, cancellation, return, and trial checks for 100 US subscription vendors.
Remote endpoints: streamable-http: https://policy.decide.fyi/api/mcp
Valid MCP server (1 strong, 1 medium validity signals). No known CVEs in dependencies. Imported from the Official MCP Registry.
4 tools verified · Open access · No issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Remote Plugin
No local installation needed. Your AI client connects to the remote endpoint directly.
Add this to your MCP configuration to connect:
{
"mcpServers": {
"io-github-decidefyi-policy-notaries": {
"url": "https://policy.decide.fyi/api/mcp"
}
}
}From the project's GitHub README.
Deterministic Decision API engine powering workflow applications, stable MCP notary remotes, decision memo packets, and execution gates
Positioning: Decide is the API engine and compatibility surface. Krafthaus workflow apps, Policy MCP Notaries, decision memo packets, and execution gates are application surfaces that reuse the same verdict, request ID, and evidence contract.
Binding production verdicts should use a versioned declarative rulebook:
Runtime architecture: see docs/RULEBOOK_RUNTIME_ARCHITECTURE.md.
Machine-readable schema: https://api.decide.fyi/schemas/rulebook-v1.schema.json.
Active runtime manifest: https://api.decide.fyi/manifests/rulebook-runtime-v1.json.
Downstream application binding: decide_application_binding_v1.
The production core is hybrid_declarative_rulebook_with_trusted_adapters:
direct declarative rulebooks are supported, registered first-party trusted
adapters may supply bounded facts, and customer executable rulebooks are
rejected. In both supported binding modes, Rulebook v1 remains the only binding
verdict selector.
{
"mode": "rulebook",
"rulebook": {
"schema_version": "rulebook_v1",
"rulebook_id": "pricing_exception",
"version": "2026-06-11",
"input_schema": {
"required": ["discount_percent"],
"properties": {
"discount_percent": { "type": "number" }
}
},
"rules": [
{
"rule_id": "approve_standard_discount",
"priority": 50,
"condition": {
"field": "discount_percent",
"operator": "lte",
"value": 15
},
"outcome": {
"decision": "yes",
"verdict": "APPROVE",
"action": "approve_discount",
"reason_code": "WITHIN_STANDARD_LIMIT"
}
}
],
"default_outcome": {
"decision": "review",
"verdict": "REVIEW",
"action": "route_to_owner",
"reason_code": "NO_RULE_MATCHED"
}
},
"context": {
"inputs": {
"discount_percent": 10
}
}
}
mode: "rulebook" does not call an LLM. It validates the request rulebook
against the published JSON Schema, hashes the rulebook, evaluates bounded
conditions, and returns yes, no, or review alongside the application
verdict, action, reason code, matched rule, and evaluator_version. Responses
also include rulebook_contract with the enforced schema URL/hash,
runtime_binding with the direct or trusted-adapter binding mode, input_hash,
a SHA-256 hash of the canonical inputs or adapter facts consumed by the
declarative evaluator, plus a rulebook_attestation_v1 bundle hash over the
deterministic execution tuple.
Production deployments can sign that bundle hash with a
rulebook_attestation_signature_v1 Ed25519 envelope; verification keys are
published at /.well-known/rulebook-attestation-keys.json. Set
DECIDE_RULEBOOK_ATTESTATION_SIGNATURE_REQUIRED=true in production to fail
closed instead of returning unsigned Rulebook decisions. Publish retired public
verification keys with DECIDE_RULEBOOK_ATTESTATION_KEY_HISTORY_JSON so older
Decision Records remain verifiable after rotation.
Rulebook requests cannot preload Decide-generated Decision Record material.
Fields such as runtime_binding, trusted_adapter, adapter_facts,
rulebook_attestation, application_verdict, and action are response-only at
the request body, context.inputs, and adapter-facts boundaries; attempts return
RULEBOOK_OUTPUT_MATERIAL_FORBIDDEN.
Legacy single, multi, and runtime requests remain available for
AI-assisted exploration, but they are not binding production verdicts. Those
responses include decision_contract with authority: "advisory_only" and
production_verdict: false, plus production_binding_required: true and the
supported production binding modes; callers that need deterministic execution
must use mode: "rulebook" and capture rulebook_contract, runtime_binding,
and the Rulebook attestation material.
At the public Decision Record boundary, successful evaluations are registered as immutable tenant-scoped snapshots. Historical replay restores the original canonical input and stored rulebook snapshot rather than trusting a caller override or the current application deployment.
Rulebook v1 also supports registered first-party trusted adapters for bounded
fact normalization. Adapter requests pin an exact semantic version and manifest
hash; responses attest the bundled implementation source hash plus canonical
input/output hashes and the enforced execution contract. Each invocation runs
once in an empty-environment worker with hard time/resource limits and denied
common ambient capabilities. The declarative rulebook remains the only binding
verdict selector. See docs/TRUSTED_ADAPTERS_V1.md.
The current reference applications prove both production patterns: Solana Execution Gate, Decision Memo Readiness Gate, and Krafthaus Workflow Readiness Binding use trusted adapters before Rulebook v1, while the Refund, Trial, Cancel, and Return Policy MCP notaries supply normalized facts directly to Rulebook v1 and expose the signed rulebook result through their stable REST and MCP surfaces.
Before evaluator, adapter, or rulebook changes ship, run the local historical replay gate:
npm run rulebook:migration-dry-run -- --json
Use --candidate-rulebook, --candidate-adapter, and
--candidate-evaluator-version to compare proposed migrations against the
golden replay corpus before production routing changes.
For release gates, prefer a rulebook_migration_v1 manifest so candidate
artifacts, expected drift, and approval status are reviewed together:
npm run rulebook:migration-dry-run -- --migration path/to/migration.json --json
The manifest schema is published at
https://api.decide.fyi/schemas/rulebook-migration-v1.schema.json, and the dry
run validates manifests against that closed schema before replay.
After production routing or runtime-contract changes ship, run the production runtime smoke:
npm run smoke:rulebook-runtime
This hits https://api.decide.fyi from outside the runtime and always verifies
the published hybrid_declarative_rulebook_with_trusted_adapters manifest,
closed Rulebook v1 schema, attestation key endpoint, and protected Decision API
edge. Supply DECIDE_RULEBOOK_RUNTIME_SMOKE_API_KEY to also exercise live
declarative evaluation, rejection behavior, and advisory-only legacy metadata.
GitHub Actions runs the public boundary checks as the scheduled/manual
Rulebook Runtime Production Smoke workflow and runs the authenticated checks
when its optional smoke credential is configured.
The legacy single, multi, and runtime modes are AI-assisted surfaces.
They are not the production determinism boundary for loosely defined business
judgment.
Architecture:
Buttons install the canonical four-tool Decide Policy Notaries server. Existing specialist endpoints remain supported for compatibility.
| Server | Domain | Tool | Verdicts |
|---|---|---|---|
| Policy Notaries | policy.decide.fyi | All 4 tools below | Policy-specific verdicts |
| Refund Notary | refund.decide.fyi | refund_eligibility | ALLOWED / DENIED / UNKNOWN |
| Cancel Notary | cancel.decide.fyi | cancellation_penalty | FREE_CANCEL / PENALTY / LOCKED / UNKNOWN |
| Return Notary | return.decide.fyi | return_eligibility | RETURNABLE / EXPIRED / NON_RETURNABLE / UNKNOWN |
| Trial Notary | trial.decide.fyi | trial_terms | TRIAL_AVAILABLE / NO_TRIAL / UNKNOWN |
All servers: 100 vendor identifiers, US region, individual plans, stateless, no auth, 100 req/min. Results fail closed to UNKNOWN when the available facts cannot support an automated verdict.
{
"mcpServers": {
"decide-policy-notaries": { "url": "https://policy.decide.fyi/api/mcp" }
}
}
Existing installations can keep using the specialist remotes. They expose the same tool names and response contracts as the canonical suite:
{
"mcpServers": {
"refund-decide": { "url": "https://refund.decide.fyi/api/mcp" },
"cancel-decide": { "url": "https://cancel.decide.fyi/api/mcp" },
"return-decide": { "url": "https://return.decide.fyi/api/mcp" },
"trial-decide": { "url": "https://trial.decide.fyi/api/mcp" }
}
}
# Refund eligibility
curl -X POST https://refund.decide.fyi/api/v1/refund/eligibility \
-H "Content-Type: application/json" \
-d '{"vendor":"adobe","days_since_purchase":12,"region":"US","plan":"individual","qualifying_conditions_met":true}'
# Cancellation penalty
curl -X POST https://cancel.decide.fyi/api/v1/cancel/penalty \
-H "Content-Type: application/json" \
-d '{"vendor":"adobe","region":"US","plan":"individual","billing_cadence":"annual"}'
# Return eligibility
curl -X POST https://return.decide.fyi/api/v1/return/eligibility \
-H "Content-Type: application/json" \
-d '{"vendor":"adobe","days_since_purchase":12,"region":"US","plan":"individual","qualifying_conditions_met":true}'
# Trial terms
curl -X POST https://trial.decide.fyi/api/v1/trial/terms \
-H "Content-Type: application/json" \
-d '{"vendor":"adobe","region":"US","plan":"individual","offer_confirmed":true,"observed_trial_days":7,"observed_card_required":true,"observed_auto_converts":true}'
Only set evidence fields from facts you have actually verified. A time window alone is not proof that source-specific conditions are satisfied. Approval-dependent policies stay UNKNOWN even when a caller sets qualifying_conditions_met; trial results require a live offer observation.
Start local dev server:
npx vercel dev
In a separate terminal:
# Handler-level smoke checks (no running server required)
npm run smoke
# MCP endpoint checks (requires a running server)
npm run mcp:check
# Self-contained local MCP check; starts/stops vercel dev on localhost:3000
npm run mcp:check:local
# End-to-end workflow fixture (example -> result)
npm run workflow:test
# Production customer-key verification after provisioning a key
DECIDE_SMOKE_API_KEY='<customer-key>' npm run smoke:customer-key
Use workflow endpoints when you want one request to return:
yes | no) from /api/deciderequest_idEndpoints
POST https://refund.decide.fyi/api/v1/workflows/zendesk/refundPOST https://cancel.decide.fyi/api/v1/workflows/zendesk/cancelPOST https://return.decide.fyi/api/v1/workflows/zendesk/returnPOST https://trial.decide.fyi/api/v1/workflows/zendesk/trial{
"ticket_id": "ZD-9001",
"workflow_type": "refund",
"question": "Should this Adobe annual plan refund request proceed under policy?",
"vendor": "adobe",
"region": "US",
"plan": "individual",
"days_since_purchase": 5,
"qualifying_conditions_met": true
}
For refund and return, include days_since_purchase and source-specific condition evidence when requested. Cancellation may require billing_cadence. Trial automation requires offer_confirmed plus the observed duration, card requirement, and auto-conversion status. The workflow escalates instead of approving when required context is absent.
Set decision_override to bypass model classification during fixtures and CI:
{
"decision_override": "yes"
}
{
"ok": true,
"flow": "zendesk_refund_v1",
"ticket_id": "ZD-9001",
"decision": { "c": "yes", "request_id": "req_123" },
"policy": { "verdict": "ALLOWED", "code": "WITHIN_WINDOW" },
"action": {
"type": "approve_refund",
"zendesk_tags": ["decide", "decide_yes", "refund_allowed"]
}
}
Endpoint: POST https://refund.decide.fyi/api/v1/refund/eligibility
MCP Tool: refund_eligibility
Evaluates a refund only when the versioned rule and supplied source-specific facts support automation.
Input: vendor, days_since_purchase, region, plan, and conditionally qualifying_conditions_met
{"refundable":true,"verdict":"ALLOWED","code":"WITHIN_WINDOW","message":"Refund is allowed. Purchase is 12 day(s) old, within 14 day window.","vendor":"adobe","window_days":14,"qualifying_conditions_met":true,"automation_safe":true}
Codes: WITHIN_WINDOW, OUTSIDE_WINDOW, NO_REFUNDS, MISSING_REQUIRED_CONTEXT, UNSUPPORTED_VENDOR
Endpoint: POST https://cancel.decide.fyi/api/v1/cancel/penalty
MCP Tool: cancellation_penalty
Checks cancellation penalties — early termination fees, contract locks, or free cancellation.
Input: vendor, region, plan, and conditionally billing_cadence
{"verdict":"PENALTY","code":"EARLY_TERMINATION_FEE","message":"adobe charges an early termination fee: 50% of remaining months on annual plan.","vendor":"adobe","policy":"etf","billing_cadence":"annual","automation_safe":true}
Codes: NO_PENALTY, EARLY_TERMINATION_FEE, CONTRACT_LOCKED, MISSING_REQUIRED_CONTEXT, UNSUPPORTED_VENDOR
Endpoint: POST https://return.decide.fyi/api/v1/return/eligibility
MCP Tool: return_eligibility
Evaluates whether a subscription purchase can be reversed when the versioned rule and supplied source-specific facts support automation.
Input: vendor, days_since_purchase, region, plan, and conditionally qualifying_conditions_met
{"returnable":true,"verdict":"RETURNABLE","code":"FULL_RETURN","message":"Return is available. Purchase is 5 day(s) old, within 14-day window.","vendor":"adobe","return_type":"full_refund","method":"self_service","qualifying_conditions_met":true,"automation_safe":true}
Codes: FULL_RETURN, PRORATED_RETURN, CREDIT_RETURN, OUTSIDE_WINDOW, NO_RETURNS, MISSING_REQUIRED_CONTEXT, UNSUPPORTED_VENDOR
Endpoint: POST https://trial.decide.fyi/api/v1/trial/terms
MCP Tool: trial_terms
Evaluates availability and terms from a live offer observation. It does not publish static trial availability.
Input: vendor, region, plan, offer_confirmed; when confirmed, also observed_trial_days, observed_card_required, observed_auto_converts
{"verdict":"TRIAL_AVAILABLE","code":"AUTO_CONVERTS","message":"A live 7-day adobe trial offer was confirmed. Credit card required. Auto-converts to paid plan.","vendor":"adobe","trial_days":7,"card_required":true,"auto_converts":true,"offer_confirmed":true,"automation_safe":true}
Codes: AUTO_CONVERTS, NO_AUTO_CONVERT, TRIAL_NOT_AVAILABLE, MISSING_REQUIRED_CONTEXT, UNSUPPORTED_VENDOR
The versioned JSON registries are the canonical vendor catalog. A compact Markdown table is intentionally not duplicated here because policy windows, channels, and approval branches can change independently. Contract tests require the same 100 identifiers in every rule and source registry.
| Family | Rules | Official-source registry | Automation classification |
|---|---|---|---|
| Refund | v1_us_individual.json | policy-sources.json | deterministic, conditional, review_only |
| Cancellation | v1_us_individual_cancel.json | cancel-policy-sources.json | deterministic, conditional, review_only |
| Return/reversal | v1_us_individual_return.json | return-policy-sources.json | deterministic, conditional, review_only |
| Trial | v1_us_individual_trial.json | trial-policy-sources.json | observed live-offer mode |
deterministic: the standard policy is categorical for the supported US individual-plan scope.conditional: automation requires an explicit caller assertion that the source-specific conditions were verified.review_only: the policy depends on approval, channel, commitment, exceptions, or source language that is not categorical enough to automate.observed: the current account or promotion must expose a live offer before trial terms can be returned.Scope: US region, individual plans only.
Each policy family has versioned rules and source metadata for 100 vendor identifiers. The source tracker monitors official vendor documentation and terms of service; it does not automatically promote page text into a verdict.
Daily Policy Check workflow runs every six hours across refund, cancellation, return, and trial sources. Material signals enter a human review queue.npm run audit:policy-freshness reports the age of the last reviewed source set independently from tracker uptime.rules/ linking to official policy pages.GET /api/compliance-export returns a CSV snapshot of tracked sources, hashes, and pending candidate changes (?format=json for machine-readable output).rules_version field for staleness detection.UNKNOWN for reviewChanged:
deterministic, conditional, review_only, and live-offer modes; incomplete or approval-dependent requests fail closed.Added:
policy.decide.fyi/api/mcp server exposing all four Policy Notary tools through one connection.Changed:
Added:
GET /api/compliance-export endpoint for policy monitoring evidence export (CSV default, JSON via ?format=json).Changed:
Changed:
server.json, MCP initialize, and /.well-known/*.Added:
Fixed:
contents:write permission and fixed shell logicAdded:
rules/policy-sources.jsonenum in inputSchema for agent discoverabilityFixed:
ERR_IMPORT_ATTRIBUTE_MISSING crash on Vercel (Node 22 import attributes)Added:
All 4 policy servers are free to use. No authentication. No API keys.
/api/decide requires a trusted proxy or API credential in production. Local and preview deployments can opt into the same boundary with DECIDE_API_AUTH_REQUIRED=1; configuring DECIDE_API_KEY or DECIDE_PROXY_SHARED_TOKEN also enables it.
If you run decide behind the decidesite proxy with dynamic customer keys, also set:
DECIDE_PROXY_SHARED_TOKEN: shared secret required in x-decide-proxy-token header for trusted proxy calls.DECIDE_API_KEY: optional direct backend credential for trusted server-side callers.DECIDE_GEMINI_TIMEOUT_MS: total Gemini model-ladder deadline (defaults to 15 seconds).DECIDE_GEMINI_ATTEMPT_TIMEOUT_MS: per-model attempt deadline (defaults to 5 seconds, bounded by the total deadline).Rate limit: 100 requests/minute per IP.
For first-customer handoff and keyed production verification, see docs/FIRST_CUSTOMER_RUNBOOK.md.
Use POST /api/policy-fetch-hook as a fetch adapter for the daily checker when direct fetches are blocked.
Request body:
{
"url": "https://example.com/policy",
"vendor": "example_vendor",
"policy_type": "refund",
"timeout_ms": 18000
}
Auth:
Authorization: Bearer <POLICY_CHECK_BROWSER_HOOK_TOKEN> or x-hook-token: <token>Server env:
POLICY_CHECK_BROWSER_HOOK_TOKEN (required for endpoint auth)POLICY_FETCH_BROWSERLESS_TOKEN (optional; enables browserless render first)POLICY_FETCH_BROWSERLESS_CONTENT_URL (optional override; default https://chrome.browserless.io/content)POLICY_FETCH_ALLOWED_HOSTS (optional comma-separated host allowlist)Checker (GitHub Actions, repo decide):
POLICY_CHECK_BROWSER_HOOK_URL = deployed endpoint URL (example: https://decide-1.vercel.app/api/policy-fetch-hook)POLICY_CHECK_BROWSER_HOOK_TOKEN = same token as runtime envPOLICY_CHECK_FETCH_LANES_DEFAULT = browser_hook,direct,zendesk_api,mirrorQuestions? support@decide.fyi or @decidefyi on X
Decide is the API engine. Applications prove the primitive.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.