// MCP TOOL REFERENCE
High Risk →

xr_launch_ar_session

Create a shareable WebXR AR passthrough session URL and QR code. On phone or tablet with WebXR AR support, the model is overlaid on the camera feed at the requested scale. When to use: a field user needs to walk the jobsite with a phone and see the model overlaid in-place at 1:1 scale, or drop a ...

Part of the ScanBIM MCP server.

xr_launch_ar_session can trigger actions in ScanBIM MCP, with no limits today. PolicyLayer puts allow, deny, and rate-limit rules on every call. Live in minutes.

SECURE SCANBIM MCP →

Free to start. No card required.

WHEN AGENTS USE THIS TOOL

AI agents invoke xr_launch_ar_session to trigger processes or run actions in ScanBIM MCP. Execute operations can have side effects beyond the immediate call -- triggering builds, sending notifications, or starting workflows. Rate limits and argument validation are essential to prevent runaway execution.

xr_launch_ar_session can trigger processes with real-world consequences. An uncontrolled agent might start dozens of builds, send mass notifications, or kick off expensive compute jobs. PolicyLayer enforces rate limits and validates arguments to keep execution within safe bounds.

RECOMMENDED POLICY

Execute tools trigger processes. Rate-limit and validate arguments to prevent unintended side effects.

policy.json 
{
  "version": "1",
  "default": "deny",
  "tools": {
    "xr_launch_ar_session": {
      "limits": [
        {
          "counter": "xr_launch_ar_session_rate",
          "window": "minute",
          "max": 10,
          "scope": "grant"
        }
      ]
    }
  }
}

See the full ScanBIM MCP policy for all 19 tools.

Get this rule live on your own ScanBIM MCP server in minutes. PolicyLayer enforces it on every call, before it runs.

ENFORCE ON MY SCANBIM MCP →

MORE SCANBIM MCP TOOLS

Execute xr_launch_vr_session Write acc_create_issue Write acc_create_rfi Write acc_project_summary Write lumion_render Write twinmotion_render Write twinmotion_walkthrough Write upload_model

View all 19 tools →

WHAT CAN GO WRONG

These attack patterns abuse exactly the kind of access xr_launch_ar_session gives an agent. Each links to the full case and the policy that stops it:

Browse the full MCP Attack Database →

Every attack above starts with a tool call. PolicyLayer checks each one against your policy first, so xr_launch_ar_session only ever does what you allow.

SECURE SCANBIM MCP →

OTHER EXECUTE TOOLS

Other execute tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.

Atv build_stake_tx Atv build_unstake_tx Acdp start_local Pentagonal pentagonal_audit Pentagonal pentagonal_compile ACR — Agent Composition Records orient_me

RELATED READING

FAQ

What does the xr_launch_ar_session tool do? +

Create a shareable WebXR AR passthrough session URL and QR code. On phone or tablet with WebXR AR support, the model is overlaid on the camera feed at the requested scale. When to use: a field user needs to walk the jobsite with a phone and see the model overlaid in-place at 1:1 scale, or drop a tabletop mini-model on a desk. When NOT to use: the target device is a Meta Quest in VR mode — use xr_launch_vr_session. The device lacks WebXR AR (desktop browser) — use get_viewer_link. APS scopes: viewables:read data:read (enforced at viewer page load, not at tool call). Rate limits: APS default ~50 req/min per app per endpoint; Model Derivative translation jobs ~60 req/min; OSS uploads size-limited per file to 100MB for direct upload, larger via resumable. Errors: 401 APS token expired/invalid — refresh (only at viewer page load); 403 scope or resource permission denied; 404 URN not found — check the ID; 429 rate limited — backoff and retry; 5xx APS upstream outage — retry with jitter. Side effects: NON-IDEMPOTENT. Each call mints a new session_id (ar_<epoch_ms>). Inserts a row into D1 usage_log read by xr_list_sessions. No APS resources are created.. It is categorised as a Execute tool in the ScanBIM MCP MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

How do I enforce a policy on xr_launch_ar_session? +

Register the ScanBIM MCP server in PolicyLayer and add a rule for xr_launch_ar_session: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches ScanBIM MCP. Nothing to install.

What risk level is xr_launch_ar_session? +

xr_launch_ar_session is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit xr_launch_ar_session? +

Yes. Add a rate_limit block to the xr_launch_ar_session rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block xr_launch_ar_session completely? +

Set action: deny in the PolicyLayer policy for xr_launch_ar_session. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides xr_launch_ar_session? +

xr_launch_ar_session is provided by the ScanBIM MCP server (https://scanbim-mcp.itmartin24.workers.dev/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every ScanBIM MCP tool call.

Deterministic rules across all 19 ScanBIM MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE SCANBIM MCP →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.