Execute an Octopus REST request (backstop)
executeExecute custom REST API calls to Octopus Deploy endpoints not covered by curated tools, with method-based read/write/delete gating and path validation.
Instructions
Reach Octopus REST endpoints not covered by the curated tools. Use this only after grep_llms_txt has shown you the right method and path.
Method gating is hard-coded server-side, three tiers:
GET → read tier: always allowed (subject to toolset allowlist + sensitive denylist).
POST/PUT/PATCH → write tier: blocked when --read-only is set; requires user confirmation via elicitation otherwise.
DELETE → delete tier: requires --allow-deletes (and is blocked when --read-only is set) AND a stronger user confirmation.
The HTTP method enum is the gate. The tool will not honour any 'isRead' flag the agent invents — the runtime classifies based on the actual method.
Other gates (in order): 0. Path shape: must be '/api' or start with '/api/'. Absolute URLs, '~/api/...', '/octopus/portal/...', query strings, fragments, '..' segments, and percent-encoded slashes are all rejected up front.
Sensitive denylist: API key endpoints and catastrophic deletes (DELETE /api/users/{id}, DELETE /api/spaces/{id}) are always blocked.
Path allowlist — only applied when --toolsets has narrowed the active set. With every toolset enabled (the default, or explicit --toolsets all) any path under /api is reachable subject to the other gates; when toolsets are narrowed, paths only resolve if their owning toolset is enabled so disabling a toolset (e.g. 'certificates') makes its endpoints unreachable even on GET.
Elicitation on every non-GET, with a stronger message for DELETE.
Discover endpoints with grep_llms_txt. Use octopus://api/capabilities to see which toolsets are enabled and whether write/delete modes are on.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| method | Yes | HTTP method. The method itself is the read/write/delete classifier — GET is read-only, POST/PUT/PATCH are blocked when --read-only is set, DELETE additionally requires --allow-deletes. The agent cannot bypass this by lying about intent. | |
| path | Yes | Server-relative path under the Octopus REST API. MUST be exactly '/api' or start with '/api/' — e.g. '/api/spaces/Spaces-1/feeds' or '/api/Spaces-1/projects'. Do NOT pass an absolute URL ('https://octopus.example/api/...'), an SDK-relative path ('~/api/...'), or a host-relative path outside /api ('/octopus/portal/...'); they are all rejected. Query parameters go in `query`, not in this string. Discover valid paths via grep_llms_txt. | |
| query | No | Optional query-string parameters as a flat object. | |
| body | No | Optional request body for POST/PUT/PATCH calls. | |
| asCsv | No | If true, request 'text/csv' for tabular GET responses. The Octopus API honours this for endpoints that support CSV output. | |
| confirm | No | Required only when the MCP client does not support elicitation. Set to true to confirm a non-GET call; otherwise the tool aborts. |