Run forensic windows analysis (AACE RP 29R-03 §3.3, MIP 3.3 Observational / Dynamic / Contemporaneous As-Is) across multiple Primavera P6 XER snapshots and return the full analysis dict. This is the headline forensic tool — it computes per-window completion shifts, per-window slip registers (per-...
Part of the Cpp Cpm Engine server.
Free to start. No card required.
AI agents invoke forensic_windows_analysis to trigger processes or run actions in Cpp Cpm Engine. Execute operations can have side effects beyond the immediate call -- triggering builds, sending notifications, or starting workflows. Rate limits and argument validation are essential to prevent runaway execution.
forensic_windows_analysis can trigger processes with real-world consequences. An uncontrolled agent might start dozens of builds, send mass notifications, or kick off expensive compute jobs. PolicyLayer enforces rate limits and validates arguments to keep execution within safe bounds.
Execute tools trigger processes. Rate-limit and validate arguments to prevent unintended side effects.
{
"version": "1",
"default": "deny",
"tools": {
"forensic_windows_analysis": {
"limits": [
{
"counter": "forensic_windows_analysis_rate",
"window": "minute",
"max": 10,
"scope": "grant"
}
]
}
}
}See the full Cpp Cpm Engine policy for all 12 tools.
These attack patterns abuse exactly the kind of access forensic_windows_analysis gives an agent. Each links to the full case and the policy that stops it:
Other execute tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.
Run forensic windows analysis (AACE RP 29R-03 §3.3, MIP 3.3 Observational / Dynamic / Contemporaneous As-Is) across multiple Primavera P6 XER snapshots and return the full analysis dict. This is the headline forensic tool — it computes per-window completion shifts, per-window slip registers (per-activity slip with critical/non-critical flag), per-window duration growth on critical-path activities, per-window per-party attribution (Owner / Contractor / Concurrent / Force Majeure / Unattributed), and cumulative project drift from baseline. The attribution math satisfies the AACE 29R-03 §4.1 conservation rule (per-party day buckets sum to project drift within ±1 day, no cascade-double- counting). Use this tool for the full multi-window forensic claim. If you already have a windows result and only want the per-window × per-party grid view, call concurrent_delay_matrix instead. Args: schedules: list of dicts in chronological order. Minimum 2 entries (baseline + at least one update). Each dict must contain label (str) and EXACTLY ONE of: - xer_path — server-side filesystem path, OR - xer_content — full XER text content. Use xer_content when calling a hosted MCP server from a remote client whose XER lives locally. project_name: optional override; auto-picked from XER if "". baseline_idx: which entry in schedules is the contract baseline (default 0 = first one). entitlement_milestone: optional task_code (e.g. "Ready for Takeover") — recorded on the result, not used for math. output_dir: optional dir for HTML dashboard / DOCX report. If "", a tempdir is used and dropped after — the dashboard / report paths in the response will point to the temp location (caller responsible for moving them). Returns: { "analysis": full dict from run_windows() with keys: "windows", "cumulative", "baseline_label", "data_dates", "attribution_summary", "mcpm_attribution", ..., "dashboard": path to HTML dashboard (server-side), "report": path to DOCX executive report (server-side), "baseline_stability": {"worst_severity", "has_block", ...} } On failure: {"error": "..."} with no schedules processed.. It is categorised as a Execute tool in the Cpp Cpm Engine MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Register the Cpp Cpm Engine MCP server in PolicyLayer and add a rule for forensic_windows_analysis: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Cpp Cpm Engine. Nothing to install.
forensic_windows_analysis is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the forensic_windows_analysis rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for forensic_windows_analysis. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
forensic_windows_analysis is provided by the Cpp Cpm Engine MCP server (https://mcp.criticalpathpartners.ca/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 12 Cpp Cpm Engine tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.