yaver_ask_user

Ask the human running this Yaver task a single structured question (Claude-Code-style: short 'header' chip + 2-4 'choices', optional multi-select, free-text 'Other' is always offered by the surface). The question is delivered to whichever Yaver surface the user is on (mobile app, web dashboard, C...

Server Yaver yaver-cli
Category Destructive
Risk class Critical
Parameters 91 required

What yaver_ask_user does on Yaver

AI agents call yaver_ask_user to permanently remove resources in Yaver — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.

ParameterTypeRequiredDescription
kind string How to render the input on the user's surface. 'text' = free-form text input (default). 'choice' = pick from the choices array (the surface ALWAYS also offers a
step string F3 handoff step type — drives how the surface renders the card (e.g. two_factor => OTP keypad, payment_confirm => approve/deny, captcha => tap-on-image). Omit f
multi boolean kind=choice only. true = the user may select multiple options; the answer comes back as the picked labels joined by '; '. Default false (single pick).
header string Optional short tag (≤12 chars, e.g. 'Auth method', 'DB', 'Deploy target') rendered as a chip above the prompt — the Claude-Code AskUserQuestion style. Omit for
prompt string Yes The question to show the user. Be specific and brief — the user is on a phone or laptop and may have walked away. Include the consequence of each option if aski
choices array Required when kind=choice. Each entry is one option label. Keep to 2-4 short, mutually-exclusive options (a free-text 'Other…' is appended automatically). Put y
screenshot string F3 handoff: base64 PNG of the relevant page region (e.g. from browser_screenshot) to show ABOVE the prompt so the human sees exactly what they're acting on — th
vault_hint string When asking for a credential, set to the vault entry name you'd ideally read instead. The mobile/web sheet renders a 'Use stored value' shortcut so the user doe
timeout_sec integer Seconds to wait for an answer before the tool returns {cancelled:true}. Default 300, max 1800.

Parameters from the server's own tool schema.

Why yaver_ask_user needs a policy

An AI agent that decides to call yaver_ask_user doesn't hesitate, doesn't double-check, and doesn't stop at one. Whatever it removes from Yaver is gone — there is no undo for destructive operations.

Questions about yaver_ask_user

What does the yaver_ask_user tool do? +

Ask the human running this Yaver task a single structured question (Claude-Code-style: short 'header' chip + 2-4 'choices', optional multi-select, free-text 'Other' is always offered by the surface). The question is delivered to whichever Yaver surface the user is on (mobile app, web dashboard, CLI); the answer string is returned as the tool result. Blocks until answered or until the timeout (default 5 min, max 30). DEFAULT TO NOT CALLING THIS. Asking is the slow path — the user is on a phone and may have walked away, so an unanswered question stalls the whole run until it times out. Before calling, you must have already: (1) checked the project files / git log / vault for the answer, and (2) confirmed no sensible default exists. Only ask for genuinely irreversible actions, value judgements, or production / billing / customer-visible state. For everything else pick the most reasonable default, state the assumption in one line, and proceed — a reversible wrong guess is cheaper than a stalled run. Result on timeout / cancel: {cancelled:true} — handle it by taking the safest default and continuing, never by re-asking. Requires the agent to be running inside a Yaver task (YAVER_TASK_ID env var must be set by the spawning daemon). It is categorised as a Destructive tool in the Yaver MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.

What parameters does yaver_ask_user accept? +

yaver_ask_user accepts 9 parameters: kind, step, multi, header, prompt, choices, screenshot, vault_hint, timeout_sec. Required: prompt. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on yaver_ask_user? +

Register the Yaver MCP server in PolicyLayer and add a rule for yaver_ask_user: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Yaver. Nothing to install.

What risk level is yaver_ask_user? +

yaver_ask_user is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.

Can I rate-limit yaver_ask_user? +

Yes. Add a rate_limit block to the yaver_ask_user rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block yaver_ask_user completely? +

Set action: deny in the PolicyLayer policy for yaver_ask_user. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides yaver_ask_user? +

yaver_ask_user is provided by the Yaver MCP server (yaver-cli). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.