Lockstep

43 tools. 29 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated:

29 can modify or destroy data
14 read-only
43 tools total

Community server · catalogue entry verified 30/06/2026

How to control Lockstep ↓

What Lockstep exposes to your agents

Read (14) Write / Execute (25) Destructive / Financial (4)
Critical Risk

The most dangerous Lockstep tools

29 of Lockstep's 43 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Lockstep

PolicyLayer is an MCP gateway — it sits between your AI agents and Lockstep, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "discussion_cleanup": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "artifact_write": {
    "limits": [
      {
        "counter": "artifact_write_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "artifact_read": {
    "limits": [
      {
        "counter": "artifact_read_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Lockstep — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON LOCKSTEP →

Instant setup, no code required.

All 43 Lockstep tools

WRITE 20 tools
Write artifact_write Write an artifact file Write coordination_init Initialize coordination session. Call this first to set up your role (planner or implementer). Returns guidanc Write discussion_archive Archive a resolved discussion. Archived discussions can be deleted later. Write discussion_reply Reply to an existing discussion thread. Write discussion_resolve Resolve a discussion with a final decision. Creates an auditable record of the decision. Write discussion_start Start a new discussion thread. Use this when you need input from other agents or want to discuss an architectu Write file_write Write a file Write lock_acquire Acquire a named lock Write lock_release Release a lock Write log_append Append a log entry Write note_append Append a note Write project_context_set Store project context (description, goals, tech stack, acceptance criteria, tests, implementation plan). Calle Write project_status_set Set the project status. Use Write task_approve PLANNER ONLY: Approve a task that is in review status, marking it done Write task_approve_batch PLANNER ONLY: Approve multiple tasks at once. More efficient than approving one by one. Write task_claim Claim a task and set status to in_progress Write task_create Create a task. Complexity determines review requirements: simple=no review, medium=verify on completion, compl Write task_request_changes PLANNER ONLY: Request changes on a task in review, sending it back to in_progress Write task_submit_for_review Submit a completed task for planner review (required for complex/critical tasks, recommended for medium) Write task_update Update a task

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Lockstep

Can an AI agent delete data through the Lockstep MCP server? +

Yes. The Lockstep server exposes 4 destructive tools including discussion_cleanup, implementer_reset, session_reset. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Lockstep? +

The Lockstep server has 20 write tools including artifact_write, coordination_init, discussion_archive. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Lockstep.

How many tools does the Lockstep MCP server expose? +

43 tools across 4 categories: Destructive, Execute, Read, Write. 14 are read-only. 29 can modify, create, or delete data.

How do I enforce a policy on Lockstep? +

Register the Lockstep MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Lockstep tool call.

Deterministic rules across all 43 Lockstep tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

43 Lockstep tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.