Apply batch operations to multiple pattern instances in a Workflow Engine v2 session. For pattern-based workflows (like error-to-errorinfo-migration), this allows efficient bulk operations: - apply_fixes: Apply auto-fixes to matching instances - skip_instances: Mark instances as skipped - flag_fo...
AI agents invoke workflow_batch to trigger actions in Bc Code Intelligence. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
This tool executes bulk automated changes across multiple code instances in a workflow session. It applies auto-fixes at scale, which can modify many files or patterns simultaneously. While it has a dry_run safety mechanism, the actual execution path triggers broad code transformations whose effects depend on the session state and pattern matches.
From the tool's definition 'Apply batch operations to multiple pattern instances', 'apply_fixes: Apply auto-fixes to matching instances', 'Use confirmation_token from dry_run to execute the operation'
Documented attack patterns abuse exactly the kind of access workflow_batch gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Bc Code Intelligence, and nothing reaches the server without passing your rules. This is the rule we recommend for workflow_batch:
{
"version": "1",
"default": "deny",
"tools": {
"workflow_batch": {
"limits": [
{
"counter": "workflow_batch_rate",
"window": "minute",
"max": 10,
"scope": "grant"
}
]
}
}
}workflow_batch stays usable, but rate-capped — a runaway agent can't fire it dozens of times a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Apply batch operations to multiple pattern instances in a Workflow Engine v2 session. For pattern-based workflows (like error-to-errorinfo-migration), this allows efficient bulk operations: - apply_fixes: Apply auto-fixes to matching instances - skip_instances: Mark instances as skipped - flag_for_review: Mark instances for manual review - group_by_type: Get instances grouped by type Use dry_run=true (default) to preview changes before applying. Use confirmation_token from dry_run to execute the operation. It is categorised as a Execute tool in the Bc Code Intelligence MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Register the Bc Code Intelligence MCP server in PolicyLayer and add a rule for workflow_batch: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Bc Code Intelligence. Nothing to install.
workflow_batch is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the workflow_batch rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for workflow_batch. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
workflow_batch is provided by the Bc Code Intelligence MCP server (jeremyvyska/bc-code-intelligence-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Start from Bc Code Intelligence, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.
Free to start. No card required.
27 Bc Code Intelligence tools catalogued and risk-classified — across an index of 43,000+ MCP servers.