Cloud Tool Manage Tool
tool_manageRegister, configure, and control MCP servers and built-in tools for AI agents. Supports CRUD, activation, deactivation, and remote probing.
Instructions
LLM tool management — registers MCP servers (stdio, HTTP, bridge) and built-in tools (bash, filesystem, browser, SSH) that agents can call at inference time. Tool execution may have any side effect declared by the underlying tool; the platform constrains bash/filesystem/SSH only via the agent's bash_policy. Tool credentials are encrypted at rest with the team's per-tenant key.
When to use: connect a new external MCP server (e.g. GitHub, Slack, Notion) so agents can call its tools, toggle a tool's availability without deleting it, or test a remote MCP server's reachability before wiring it to an agent. Do NOT use to invoke tools — agents call them automatically based on attached configuration.
CRUD actions:
list (read) — optional: type (mcp_stdio|mcp_http|mcp_bridge|built_in), status, limit (default 50).
get (read) — tool_id (UUID). Metadata only; credentials redacted in response.
create (write) — name, type, config (type-specific JSON: command for stdio, url+headers for http, kind for built_in).
update (write) — tool_id + any creatable field. Re-encrypts credentials if provided.
delete (DESTRUCTIVE) — tool_id. Soft-deletes; agents lose access on next ResolveAgentTools call (cached up to 5 minutes).
activate / deactivate (write) — tool_id. Flips active flag without deletion; affects all agents that reference the tool.
Discovery (cloud restricts these to safe operations):
probe_remote (read — calls the remote URL, no registration) — url. Sends an MCP
initializerequest; returns server name, version, declared capabilities.
Cloud note: discover_mcp and import_mcp (which auto-register all tools from a remote server) are NOT available in cloud — they require explicit per-tool review under cloud's security policy. Use probe_remote then create per tool instead.
Errors: 401, 403, 404, 422 (config validation), 429, 503 (remote MCP server unreachable for probe_remote).
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| action | Yes | Action to perform: list, get, create, update, delete, activate, deactivate, probe_remote | |
| deadline_ms | No | Optional: max wall-clock time (ms) the tool may spend. If exceeded during the call, returns a DEADLINE_EXCEEDED error. Minimum 100 ms. Leave unset for no deadline. | |
| status | No | Filter by status: active, disabled | |
| platform_only | No | If true, return only platform-level tools (shared across all teams) | |
| limit | No | Max results to return (default 10, max 100) | |
| tool_id | Yes | The tool UUID | |
| name | Yes | Tool name | |
| description | No | Tool description | |
| type | No | Tool type: mcp_stdio, mcp_http, mcp_bridge, built_in (default: mcp_stdio) | mcp_stdio |
| transport_config | No | Transport configuration (command, args, env for stdio; url, headers for http) | |
| risk_level | No | Risk classification: safe, read, write, destructive | |
| credential_id | No | UUID of a linked Credential to use for this tool (optional; preferred over inline api_key) | |
| network_policy | No | JSON string defining egress rules for Docker sandbox (built_in bash only). Example: {"rules":[{"protocol":"tcp","host":"api.example.com","port":443}],"default_action":"deny"} | |
| clear_credential_id | No | Set true to remove the linked credential from this tool | |
| credential_overrides | No | Key-value pairs of environment variable overrides (e.g. API keys). Values are stored encrypted. |