Platform actions for Trace AI

Trace AI can perform read and write operations on your tenant data through MCP tools registered in mcp_resources. Tools use the same tenant and user context as the console UI.

Activation

There is no global “platform actions” feature flag. Each tool is enabled individually via mcp_resources.is_active. Disable a tool by setting is_active = 0 on its row.

Skills + tools workflow

See Platform skills quick reference for the full skill → tool map.

  1. Load the platform-actions skill (load_platform_skill) for orchestration guidance.
  2. For writes, call describe_* tools first to learn accepted fields.
  3. Call list_* / get_* read tools to gather ids and current state.
  4. Use request_human_input (confirm) before destructive or high-risk actions when appropriate.
  5. Call the write or execute tool with a minimal payload.

Read tools (Phase 1)

ToolPurpose
list_entities, get_entityEntity catalog
list_products, get_productProducts
list_contracts, get_contractContracts
list_processes, get_processProcess definitions
list_integrations, get_integrationIntegrations (no secrets in list)
list_webapps, get_webappWebApps
query_datapoolDatapool rows by schema
query_monitor_logsProcess/integration execution logs
list_notificationsUser notifications
read_todo_listTenant chat TODO list

Describe tools

ToolPurpose
describe_entityEntity create/update field contract
describe_productProduct create/update contract
describe_contractContract create/update contract
describe_processExecute requirements, triggers, executable_by_ai_agents
describe_tenant_integrationIntegration operations and payload shapes

Write tools (Phase 2)

ToolNotes
create_entity, update_entity, delete_entityDelete archives (status=archived)
create_product, update_product, delete_productDelete sets status=DELETED
create_contract, update_contract, delete_contractHard delete on contract row
execute_processRequires Executable by AI Agents on the process
run_process_triggerFire trigger; same opt-in gate as execute_process
test_integrationConfiguration validation (same as UI test)
execute_tenant_integrationRequires Executable by AI Agents on the integration
create_integration, update_integration, delete_integrationIntegration CRUD
create_datapool_schema, update_datapool_schemaDatapool schema management
insert_datapool_rows, update_datapool_rows, delete_datapool_rowsDatapool row CRUD
create_entity_relationship, delete_entity_relationshipEntity linkage graph

Builder tools (Phase 3)

ToolNotes
create_process, update_process, retire_processProcess definitions; retire_process sets inactive + <retired> name prefix
create_process_step, update_process_step, delete_process_stepStep CRUD with compile validation on code snippets
create_process_trigger, update_process_trigger, delete_process_triggerTrigger management
create_webapp, update_webapp, create_webapp_version, publish_webapp, unpublish_webapp, delete_webappWebApp lifecycle and page_content

Platform admin tools (Phase 4)

ToolNotes
create_platform, update_platform, update_platform_strategyBusiness platform CRUD; strategy uses section prefixes from platform strategy config
upload_document, move_document, create_document_reviewTenant document filesystem + review workflow
mark_notification_read, delete_notificationScoped to current user notifications
upload_platform_file, delete_platform_filePlatform-scoped file namespace (content_base64 for uploads)

Opt-in flags

ResourceUI settingMCP gate
Integration executeIntegration → Executable by AI Agentsexecute_tenant_integration
Process executeProcess edit → Executable by AI Agentsexecute_process, run_process_trigger

Default for both flags is off.

Human in the loop

Destructive writes and execute_process should be preceded by request_human_input with kind: confirm in production workflows. The agent receives an explicit approved/denied result in the tool loop.

Related