machine_onboarding_apply

Configure OpenAI, GitHub, and GitLab onboarding on the local machine or on one or more owned Yaver machines. Stores OpenAI in vault, and for GitHub/GitLab can write clone credentials plus CI/deploy tokens.

Server Yaver yaver-cli
Category Write
Risk class Medium
Parameters 90 required

What machine_onboarding_apply does on Yaver

AI agents use machine_onboarding_apply to create or update resources in Yaver — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Yaver environment.

ParameterTypeRequiredDescription
notes string
device_id string Optional remote device ID
device_ids array Optional list of owned remote device IDs
apply_clone boolean Write clone/pull credentials (default true)
gitlab_host string Defaults to gitlab.com
github_token string
gitlab_token string
apply_ci_token boolean Write CI/deploy vault token (default true)
openai_api_key string

Parameters from the server's own tool schema.

Why machine_onboarding_apply needs a policy

An AI agent can call machine_onboarding_apply faster than any human can review — one bad instruction and it creates or modifies resources in Yaver by the hundred, each call as confident as the last.

Questions about machine_onboarding_apply

What does the machine_onboarding_apply tool do? +

Configure OpenAI, GitHub, and GitLab onboarding on the local machine or on one or more owned Yaver machines. Stores OpenAI in vault, and for GitHub/GitLab can write clone credentials plus CI/deploy tokens. It is categorised as a Write tool in the Yaver MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

What parameters does machine_onboarding_apply accept? +

machine_onboarding_apply accepts 9 parameters: notes, device_id, device_ids, apply_clone, gitlab_host, github_token, gitlab_token, apply_ci_token, openai_api_key. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on machine_onboarding_apply? +

Register the Yaver MCP server in PolicyLayer and add a rule for machine_onboarding_apply: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Yaver. Nothing to install.

What risk level is machine_onboarding_apply? +

machine_onboarding_apply is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit machine_onboarding_apply? +

Yes. Add a rate_limit block to the machine_onboarding_apply rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block machine_onboarding_apply completely? +

Set action: deny in the PolicyLayer policy for machine_onboarding_apply. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides machine_onboarding_apply? +

machine_onboarding_apply is provided by the Yaver MCP server (yaver-cli). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.