Boot-time reporter called by the orchestrator at startup. Returns two independent top-level fields that the orchestrator must branch on separately: outdated (array of stale artifact keys) — soft notification. Compares the host's .aide/versions.json against the canonical manifest shipped with this...
Risk signalsBulk/mass operation — affects multiple targets · Admin/system-level operation
Part of the Aidemd Mcp server.
Free to start. No card required.
AI agents invoke aide_info to trigger processes or run actions in Aidemd Mcp. Execute operations can have side effects beyond the immediate call -- triggering builds, sending notifications, or starting workflows. Rate limits and argument validation are essential to prevent runaway execution.
aide_info can trigger processes with real-world consequences. An uncontrolled agent might start dozens of builds, send mass notifications, or kick off expensive compute jobs. PolicyLayer enforces rate limits and validates arguments to keep execution within safe bounds.
Execute tools trigger processes. Rate-limit and validate arguments to prevent unintended side effects.
{
"version": "1",
"default": "deny",
"tools": {
"aide_info": {
"limits": [
{
"counter": "aide_info_rate",
"window": "minute",
"max": 10,
"scope": "grant"
}
]
}
}
}See the full Aidemd Mcp policy for all 9 tools.
These attack patterns abuse exactly the kind of access aide_info gives an agent. Each links to the full case and the policy that stops it:
Other execute tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.
Boot-time reporter called by the orchestrator at startup. Returns two independent top-level fields that the orchestrator must branch on separately: outdated (array of stale artifact keys) — soft notification. Compares the host's .aide/versions.json against the canonical manifest shipped with this npm package. Each element names an artifact key that is behind. An empty array means everything is current. A missing .aide/versions.json (old install predating version tracking) silently collapses to []. Staleness is informational — the orchestrator continues with a heads-up to the user. brain (precondition state) — hard gate. Reports whether the host's brain MCP entry is wired and consistent. Shape: { status, name?, hints }. The orchestrator must halt and direct the user to resolve the issue before continuing if status is not 'ok'. No path validation is performed — the package never stats any directory on disk; state derives entirely from comparing .aide/config/brain.aide against .mcp.json. The four brain.status values: - ok — .aide/config/brain.aide exists and the host's .mcp.json brain entry matches the parsed mcpServerConfig. name is the user-declared descriptive label from brain.aide. The pipeline may proceed. - no-brain-aide — .aide/config/brain.aide is missing or unparseable. No name field. Remediation: run /aide and complete the brain wiring interview. - no-mcp-entry — brain.aide parsed successfully but the host's .mcp.json is absent, malformed, or has no mcpServers.brain key. name is present. Remediation: run npx @aidemd-mcp/server@latest sync. - mcp-drift — brain.aide and .mcp.json both exist but their brain entries disagree on command or args. name is present. Remediation: run npx @aidemd-mcp/server@latest sync. hints is always present on every status — an array of candidate brain root paths the orchestrator can surface during recovery. No parameters needed — uses the server's working directory.. It is categorised as a Execute tool in the Aidemd Mcp MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Register the Aidemd MCP server in PolicyLayer and add a rule for aide_info: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Aidemd Mcp. Nothing to install.
aide_info is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the aide_info rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for aide_info. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
aide_info is provided by the Aidemd MCP server (@aidemd-mcp/server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 9 Aidemd Mcp tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.