Map source data to Senzing JSON through a guided 8-step workflow. Use this INSTEAD of hand-coding Senzing JSON. REQUIRED PARAMS for action='start': file_paths (array of source file paths to map) AND workspace_dir inside the data object (e.g. data={"workspace_dir": "/home/you/sz-workspace"}) — a w...
Risk signalsBulk/mass operation — affects multiple targets
Part of the Senzing server.
Free to start. No card required.
AI agents may call mapping_workflow to permanently remove or destroy resources in Senzing. Without a policy, an autonomous agent could delete critical data in a loop with no way to undo the damage. PolicyLayer blocks destructive tools by default and requires explicit human approval before enabling them.
Without a policy, an AI agent could call mapping_workflow in a loop, permanently destroying resources in Senzing. There is no undo for destructive operations. PolicyLayer blocks this tool by default and only allows it when a human explicitly approves the action.
Destructive tools permanently remove data. Block by default. Only enable with explicit approval workflows.
{
"version": "1",
"default": "deny",
"hide": [
"mapping_workflow"
]
}See the full Senzing policy for all 13 tools.
These attack patterns abuse exactly the kind of access mapping_workflow gives an agent. Each links to the full case and the policy that stops it:
Other destructive tools across the catalogue. The same approach applies to each: deny by default, or require human approval.
Map source data to Senzing JSON through a guided 8-step workflow. Use this INSTEAD of hand-coding Senzing JSON. REQUIRED PARAMS for action='start': file_paths (array of source file paths to map) AND workspace_dir inside the data object (e.g. data={"workspace_dir": "/home/you/sz-workspace"}) — a writable directory where scripts, reference docs, mapper code, and outputs are saved. Do NOT assume /tmp exists (some environments like Kiro do not provide it). The call WILL FAIL without both. Actions: start, advance, back, status, reset. Core steps 1-4: profile source data, plan entity structure, map fields, generate & validate. Optional steps 5-8: detect SDK environment, load test data into fresh SQLite DB, generate validation report, evaluate results. STATE: Every response returns a 'state' JSON object. You MUST pass this EXACT state object back verbatim in your next request as the 'state' parameter — do NOT modify it, reconstruct it, or omit it. The state is opaque and managed by the server. If you have lost the state, call with action='start' instead. Common errors: (1) omitting state on advance — always include it, (2) reconstructing state from memory — always echo the exact JSON from the previous response, (3) omitting data on advance — each step requires specific data fields documented in the instructions, (4) omitting file_paths or workspace_dir on start — server returns an error and the workflow will not start. Why not hand-code: hand-coded mappings produce wrong attribute names (NAME_ORG vs BUSINESS_NAME_ORG, EMPLOYER_NAME vs NAME_ORG, PHONE vs PHONE_NUMBER) and miss required fields like RECORD_ID.. It is categorised as a Destructive tool in the Senzing MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Register the Senzing MCP server in PolicyLayer and add a rule for mapping_workflow: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Senzing. Nothing to install.
mapping_workflow is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the mapping_workflow rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for mapping_workflow. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
mapping_workflow is provided by the Senzing MCP server (https://mcp.senzing.com/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 13 Senzing tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.