Skip to content
Jetrepo
Esc
navigateopen⌘Jpreview
On this page

MCP tools and safety

Use 18 management tools with exact permissions, Draft-first writes, concurrency checks, and scoped execution.

Tool listing is not execution authorization. Every call rechecks the target Backend and resource scopes against live effective access.

Tool permissions

All permissions in a row are required unless the row says “transition-specific.”

Tool Permission expression
whoami None
list_types, describe_type backend.read + model.read + content.read
search_entries, get_entry, search_assets, get_asset content.read
list_vocabularies vocabulary.read
search_terms, get_term term.read
create_entry content.create
update_entry content.read + content.update
change_status content.read + the transition-specific content.update, content.publish, or content.unpublish
list_releases release.read
create_release release.create
add_to_release release.update + content.read + content.update
validate_release release.update + content.read
schedule_release release.update

Scope dimensions follow each PermissionKey. Backend pinning and target scope are checked even after a tool was listed. schedule_release is listed with release.update, then execution also checks content.read for every target item.

Safe write sequence

  1. Call whoami, list_types, and describe_type.
  2. Read the current entry and version.
  3. Validate keys and values against the described model.
  4. Call create_entry to create a Draft, or update_entry with expectedVersion.
  5. On conflict, reread and decide whether to retry; never overwrite blindly.
  6. Reread the Draft before any explicit change_status call.

change_status alone changes lifecycle. schedule_release stores a proposal for human activation; it does not schedule or execute the Release by itself.

Boundaries

The MCP surface does not provide entry deletion, upload, schema mutation, Component-field writes, semantic search, automatic Release activation, a generic dry-run flag, or rate metering. Component fields can be read but are not writable.

Management execution carries agent attribution and delegated user identity when available. Do not use that statement as a substitute for verifying the activity record required by your own workflow.

Was this page helpful?