Request a signed URL to upload a datasheet PDF for a component whose datasheet we don't have. Use this when search_parts / get_part_details / prefetch_datasheets return datasheet_status='no_source' (and a retry didn't help) or 'unsupported'. Free — the upload fee is only charged on confirm_datash...
Part of the Sheetsdata Mcp server.
Free to start. No card required.
AI agents use request_datasheet_upload to create or modify resources in Sheetsdata Mcp. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call request_datasheet_upload repeatedly, creating or modifying resources faster than any human could review. PolicyLayer's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Sheetsdata Mcp.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
{
"version": "1",
"default": "deny",
"tools": {
"request_datasheet_upload": {
"limits": [
{
"counter": "request_datasheet_upload_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}See the full Sheetsdata Mcp policy for all 12 tools.
These attack patterns abuse exactly the kind of access request_datasheet_upload gives an agent. Each links to the full case and the policy that stops it:
Other write tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.
Request a signed URL to upload a datasheet PDF for a component whose datasheet we don't have. Use this when search_parts / get_part_details / prefetch_datasheets return datasheet_status='no_source' (and a retry didn't help) or 'unsupported'. Free — the upload fee is only charged on confirm_datasheet_upload after we validate the file. Flow (3 steps): 1. Call request_datasheet_upload with the MPN, the file's SHA-256, and its byte size. You get back an upload_url, upload_method ('PUT'), upload_headers, and an opaque upload_token. 2. Upload the PDF directly to the returned URL with curl: curl -X PUT -H 'Content-Type: application/pdf' --data-binary @file.pdf "$UPLOAD_URL" (add any headers from upload_headers). 3. Call confirm_datasheet_upload with the upload_token. Server verifies the bytes, re-hashes, checks for the MPN on the first page, charges the upload fee (50¢), and queues extraction. Returns document_id + status='pending'. Validation rules (checked at confirm time, refunded on failure): - File must be a valid PDF (magic bytes + parseable). - Actual SHA-256 must match expected_sha256. - Actual byte size must match size_bytes (±0). - MPN or its core stem must appear in the first page text (catches wrong-file uploads). Scanned image-only PDFs will fail this check — upload a text-based PDF. - Max 50MB per file. No dev-kit manuals / BOB schematics / app-notes as datasheets — use the matching MPN's actual datasheet. Uploaded datasheets are scoped to your organization (private). They satisfy read_datasheet, search_datasheets, check_design_fit, and analyze_image for your org's tokens only. Tokens expire after 15 minutes. If upload fails or times out, just call request_datasheet_upload again.. It is categorised as a Write tool in the Sheetsdata Mcp MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Sheetsdata MCP server in PolicyLayer and add a rule for request_datasheet_upload: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Sheetsdata Mcp. Nothing to install.
request_datasheet_upload is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the request_datasheet_upload rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for request_datasheet_upload. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
request_datasheet_upload is provided by the Sheetsdata MCP server (@sheetsdata/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 12 Sheetsdata Mcp tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.