Critical-risk tools in Huly
73 of the 470 tools in Huly are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
cancel_approval_requestDestructiveCancel an active approval Request created by the current Huly user. This is the safe removal-from-workflow operation; hard delete is intentionally not exposed.
-
cancel_executionDestructiveIdempotently cancel one Huly Process execution by execution ID. Active executions are marked cancelled; already-cancelled executions succeed with cancelled=false; completed exec...
-
delete_activity_replyDestructiveDelete a generic activity reply.
-
delete_associationDestructiveIdempotently delete one Huly association definition only when no concrete relations reference it. If relations exist, delete_relation must clean them up first; deleting an alrea...
-
delete_attachmentDestructivePermanently delete an attachment. This action cannot be undone.
-
delete_board_cardDestructivePermanently delete an already archived board card using Huly removeCollection. Active cards are rejected; call archive_board_card first.
-
delete_board_labelDestructiveDelete one board label definition by TagElement _id or exact title. This removes the label definition, not a board card.
-
delete_cardDestructivePermanently delete a Huly card. This action cannot be undone.
-
delete_channelDestructivePermanently delete a Huly channel. This action cannot be undone. For reversible channel lifecycle changes, use archive_channel and unarchive_channel instead.
-
delete_channel_messageDestructivePermanently delete a channel message. This action cannot be undone.
-
delete_chat_message_attachmentDestructiveDelete one file attached directly to a Huly channel message, direct-message message, or thread reply. The attachmentId must belong to the resolved target.
-
delete_commentDestructiveDelete a comment from a Huly issue. This action cannot be undone.
-
delete_componentDestructivePermanently delete a Huly component. This action cannot be undone.
-
delete_dm_messageDestructivePermanently delete a direct-message message. The
-
delete_documentDestructivePermanently delete a Huly document. This action cannot be undone.
-
delete_drawingDestructiveDelete a drawing. This action cannot be undone.
-
delete_driveDestructivePermanently delete an empty Huly Drive space. The Drive must contain no files or folders; non-empty Drives fail with child count and item summaries. This is permanent deletion, ...
-
delete_drive_file_commentDestructivePermanently delete a comment from a Drive file resolved by filePath or fileId. Provide only one locator. This deletes the comment, not the file.
-
delete_drive_itemDestructivePermanently delete a Drive item, meaning a file or folder. Files are deleted with their version records. Folders must be empty; non-empty folders fail with child count and child...
-
delete_eventDestructivePermanently delete a calendar event. This action cannot be undone.
-
delete_inventory_categoryDestructiveDelete an empty inventory category by ID or exact name. Refuses categories that still contain child categories or products; this action does not cascade.
-
delete_inventory_productDestructiveDelete an inventory product by ID or exact name. Refuses products with variants, photos, attachments, or comments; this action does not cascade.
-
delete_inventory_product_attachmentDestructivePermanently delete a file attached directly to an inventory product. The attachmentId must belong to the resolved product.
-
delete_inventory_product_commentDestructivePermanently delete a comment attached directly to an inventory product. The commentId must belong to the resolved product.
-
delete_inventory_product_photoDestructivePermanently delete a photo attached directly to an inventory product. The photoId must belong to the resolved product.
-
delete_inventory_variantDestructiveDelete one inventory variant/SKU by ID, exact variant name, or exact SKU. This action does not delete its product.
-
delete_issueDestructivePermanently delete a Huly issue. This action cannot be undone.
-
delete_issue_templateDestructivePermanently delete a Huly issue template. This action cannot be undone.
-
delete_labelDestructivePermanently delete a label/tag definition. Accepts label ID or title. This action cannot be undone.
-
delete_milestoneDestructivePermanently delete a Huly milestone. This action cannot be undone.
-
delete_notificationDestructivePermanently delete a notification. This action cannot be undone.
-
delete_organizationDestructivePermanently delete an organization identified by ID or exact name when that name is unique. Use with care - this cannot be undone. Useful for cleaning up duplicate organizations...
-
delete_personDestructivePermanently delete a person from Huly. This action cannot be undone.
-
delete_projectDestructivePermanently delete a Huly project. All issues, milestones, and components in this project will be orphaned. This action cannot be undone.
-
delete_recruiting_applicantDestructiveDelete an applicant with Huly removeCollection. applicant accepts raw _id, APP-<number>, or number; vacancy/candidate can disambiguate APP numbers.
-
delete_recruiting_attachmentDestructiveDelete one file attached directly to a Recruiting vacancy, candidate, applicant, or opinion. The attachmentId must belong to the resolved target.
-
delete_recruiting_commentDestructiveDelete one comment attached directly to a Recruiting vacancy, candidate, applicant, review, or opinion. The commentId must belong to the resolved target.
-
delete_recruiting_opinionDestructiveDelete a Recruiting opinion with Huly removeCollection. opinion accepts raw _id, OPE-<number>, or number; review can disambiguate.
-
delete_recruiting_reviewDestructiveDelete a Recruiting review with Huly removeCollection. review accepts raw _id, RVE-<number>, number, or exact title; candidate/application can disambiguate.
-
delete_related_issue_space_targetDestructiveDelete the spaceRule that chooses the default destination project for related issues from one space. This only deletes spaceRule targets; classRule deletion is intentionally uns...
-
delete_relationDestructiveIdempotently delete one concrete relation by relation ID or by exact association/source/target triple. Triple endpoint locators support raw, issue, document, and card. Triple de...
-
delete_scheduleDestructiveDelete a calendar schedule by scheduleId.
-
delete_tagDestructiveDelete a generic Huly tag definition by ID or exact title, resolved within targetClass. This deletes the tag definition, not only one object
-
delete_tag_categoryDestructivePermanently delete a tag/label category. Accepts category ID or label name. Labels in this category will be orphaned (not deleted). This action cannot be undone.
-
delete_teamspaceDestructivePermanently delete a Huly document teamspace. This action cannot be undone.
-
delete_test_caseDestructivePermanently delete a test case. Accepts test case ID or name. This action cannot be undone.
-
delete_test_planDestructivePermanently delete a test plan. This does not delete associated test runs. Cannot be undone.
-
delete_test_resultDestructivePermanently delete a test result. Cannot be undone.
-
delete_test_runDestructivePermanently delete a test run. This does not delete associated test results. Cannot be undone.
-
delete_test_suiteDestructivePermanently delete a test suite. Accepts suite ID or name. This action cannot be undone.
-
delete_thread_replyDestructivePermanently delete a thread reply. This action cannot be undone.
-
delete_todoDestructiveDelete a Planner ToDo. This is destructive; deleting the last open issue ToDo can cause Huly classic issue status automation.
-
delete_workspaceDestructivePermanently delete the current workspace. This action cannot be undone. Use with extreme caution.
-
preview_deletionDestructivePreview the impact of deleting a Huly entity before actually deleting it. Shows affected sub-entities, relations, and warnings. Supports issues, projects, components, and milest...
-
remove_board_card_labelDestructiveDetach a board label from one board card. Returns detached=false when the label exists but is not attached to that card.
-
remove_channel_membersDestructiveIdempotently remove members from a non-archived Huly channel. Members accept account UUID, exact email, or exact person display name. Refuses removals that would leave the chann...
-
remove_drive_membersDestructiveIdempotently remove members from an existing Drive. Members accept account UUIDs, exact emails, or exact person names and resolve to Huly account UUIDs before replacing the Driv...
-
remove_issue_labelDestructiveRemove a tag/label from a Huly issue. Detaches the label reference; does not delete the label definition.
-
remove_issue_relationDestructiveRemove a relation between two issues. Mirrors add_issue_relation:
-
remove_object_collaboratorDestructiveUnsubscribe a workspace member from object notifications by removing its collaborator row. Member can be an account UUID, exact employee/person name, or email. Idempotent when a...
-
remove_organization_channelDestructiveRemove one contact channel from an organization identified by ID or exact unique name. Identify the channel with exactly one locator: channelId, or provider plus value. Returns ...
-
remove_organization_memberDestructiveUnlink a person from an organization
-
remove_person_channelDestructiveRemove one contact channel from a person. Person accepts person ID, exact email, or exact display name. Identify the channel with exactly one locator: channelId, or provider plu...
-
remove_reactionDestructiveRemove an emoji reaction from an activity message.
-
remove_recruiting_candidate_skillDestructiveDetach a Recruiting skill from a candidate by skill title or tag ID. Idempotent when the skill is absent.
-
remove_recruiting_related_issueDestructiveIdempotently remove a Huly Related Issues entry (
-
remove_space_membersDestructiveIdempotently remove members from an existing Huly space. Members accept account UUID, exact email, or exact person display name and resolve to Huly account UUIDs before replacin...
-
remove_space_role_membersDestructiveIdempotently remove members from one role on a typed Huly space while preserving all other role assignments. Role accepts a raw role _id or exact role name from the space
-
remove_template_childDestructiveRemove a child (sub-task) template from an issue template by its child ID. Get child IDs from get_issue_template response.
-
remove_test_plan_itemDestructiveRemove a test case from a test plan by item ID. Get item IDs from get_test_plan.
-
unsave_attachmentDestructiveRemove an attachment from saved/bookmarks.
-
unsave_messageDestructiveRemove an activity message from saved/bookmarks.
-
unschedule_todoDestructiveRemove ToDo work slots. Pass either workSlotId to remove one slot, locator with scope=all, or locator with scope=future and optional from.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.