当用户开始新的 Claude 聊天、要求重置当前 MCP 会话状态或想回到干净主线时调用。
AI agents use start_new_session to create or update resources in GitBranchMCP — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your GitBranchMCP environment.
The tool resets session state and returns to a clean mainline, which implies modifying/reinitializing session data rather than a destructive delete. It is likely reversible (prior branches/data are preserved; only the active session context is reset). Description is partially informative but in Chinese, slightly lowering confidence. No code execution, financial action, or irreversible deletion is implied.
From the tool's definition 重置当前 MCP 会话状态 (reset current MCP session state) / 回到干净主线 (return to clean mainline)
Attacks that exploit this kind of access
当用户开始新的 Claude 聊天、要求重置当前 MCP 会话状态或想回到干净主线时调用。. It is categorised as a Write tool in the GitBranchMCP MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the GitBranch MCP server in PolicyLayer and add a rule for start_new_session: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches GitBranchMCP. Nothing to install.
start_new_session is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the start_new_session rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for start_new_session. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
start_new_session is provided by the GitBranch MCP server (lianggaoyuan/gitbranchmcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →