# Rail — Full MCP Tool Reference # https://rail.aiops.services/llms-full.txt This document provides complete parameter schemas and example calls for every Rail MCP tool. It is intended for AI assistants that need exact call signatures. Base URL: https://rail.aiops.services/mcp Transport: HTTP (Streamable HTTP, MCP 2025-03-26 spec) Auth: X-Rail-Key: --- ## Tool: declare_task Declare a scoped task manifest. Call this first to open a session and define which paths and actions the agent is allowed to perform. Parameters: task_id string required Unique identifier for this task description string required Human-readable description of the task allowed_paths string[] required List of file/resource paths the agent may touch ttl_seconds integer optional Session TTL (default 3600) Returns: session_id string Opaque session token; pass to all subsequent calls expires_at string ISO-8601 expiry timestamp Example: { "tool": "declare_task", "arguments": { "task_id": "refactor-api-001", "description": "Refactor the payments API module", "allowed_paths": ["/src/payments/**", "/tests/payments/**"], "ttl_seconds": 7200 } } --- ## Tool: check_scope Verify whether a proposed path/action is within the declared scope, passes constitutional constraints, and does not trigger path-traversal protection. Parameters: session_id string required Session token from declare_task path string required Absolute or relative path to check action string required Intended action: read | write | delete | execute Returns: allowed boolean true if the action is permitted reason string Explanation (present when allowed=false) confidence integer 0-100 confidence score Example: { "tool": "check_scope", "arguments": { "session_id": "sess_abc123", "path": "/src/payments/processor.ts", "action": "write" } } --- ## Tool: take_snapshot Save the current content of a file to R2 before making changes. Creates an immutable, timestamped record that can be restored later. Parameters: session_id string required Session token path string required Path of the file to snapshot content string required Full file content to save Returns: snapshot_id string Unique snapshot identifier saved_at string ISO-8601 timestamp --- ## Tool: list_snapshots List all snapshots taken within the current session. Parameters: session_id string required Session token Returns: snapshots array [{snapshot_id, path, saved_at, size_bytes}] --- ## Tool: restore_snapshot Retrieve a previously saved snapshot. Returns the raw file content so the agent (or a human operator) can write it back to disk. Parameters: session_id string required Session token snapshot_id string required Snapshot to restore Returns: path string Original file path content string Full file content at snapshot time --- ## Tool: close_session Close the session, flush KV cache entries, and mark the audit record as complete. Call this after the task is finished or on error. Parameters: session_id string required Session token outcome string required success | failure | partial Returns: closed_at string ISO-8601 timestamp audit_url string URL to the immutable audit log entry --- ## Tool: list_pending_approvals List all actions that are in defer mode awaiting human approval. Parameters: session_id string optional Filter by session (omit for all sessions) Returns: approvals array [{approval_id, session_id, action_summary, requested_at}] --- ## Tool: approve_action Approve or deny a pending deferred action. Parameters: approval_id string required ID from list_pending_approvals decision string required approve | deny reason string optional Human note recorded in audit log Returns: processed_at string ISO-8601 timestamp outcome string approved | denied --- ## Tool: register_webhook Register an HMAC-SHA256 signed webhook endpoint to receive real-time event notifications (scope violations, approval requests, session close events). Parameters: url string required HTTPS endpoint to deliver events to events string[] required Event types: scope_violation | approval_requested | session_closed secret string required Secret used to generate X-Rail-Signature header Returns: webhook_id string Unique webhook identifier registered_at string ISO-8601 timestamp --- ## Tool: list_webhooks List all registered webhook endpoints for the account. Parameters: (none) Returns: webhooks array [{webhook_id, url, events, registered_at, last_delivery_at}] --- ## Tool: register_baseline Register or update a deploy baseline for a project. Each baseline file can be protected as constitutional, integrity, or content-check. Parameters: project_id string required Project identifier registered_by string optional Operator or agent name files array required [{path, sha256, protection, required_patterns[]}] Returns: status string registered project_id string Project identifier file_count integer Number of files stored in the baseline registered_at string ISO-8601 timestamp Example: { "tool": "register_baseline", "arguments": { "project_id": "rail-aiops", "registered_by": "release-bot", "files": [ { "path": "/_worker.js", "sha256": "9f4d...", "protection": "constitutional" }, { "path": "/dashboard/index.html", "sha256": "c8ab...", "protection": "content-check", "required_patterns": ["AIOps Rail", "tools/list"] } ] } } --- ## Tool: validate_deploy Compare a proposed deployment payload against the registered baseline and block constitutional, integrity, and content-check violations before release. Parameters: project_id string required Project identifier session_id string optional Related session token or deploy run ID agent_info object optional Agent metadata recorded in validation log files array required [{path, sha256, content}] Returns: status string DEPLOY_ALLOWED | DEPLOY_BLOCKED violations array Validation errors (empty when allowed) summary object High-level validation summary Example: { "tool": "validate_deploy", "arguments": { "project_id": "rail-aiops", "session_id": "sess_deploy_001", "agent_info": { "name": "release-bot", "version": "4.1.0" }, "files": [ { "path": "/_worker.js", "sha256": "9f4d...", "content": "export default { fetch() {} }" } ] } } --- ## Tool: list_baselines List registered deploy baselines. Optionally filter by project_id. Parameters: project_id string optional Filter by project identifier Returns: baselines array [{project_id, registered_at, registered_by, files[]}] Example: { "tool": "list_baselines", "arguments": { "project_id": "rail-aiops" } } --- ## Pricing Free tier: 50 calls/month Pro tier: 10,000 calls/month — $29/month Enterprise: Unlimited calls — contact sales ## Support Docs: https://rail.aiops.services/llms.txt MCP cfg: https://rail.aiops.services/mcp-config Health: https://rail.aiops.services/health