GS1 EPCIS 2.0 supply-chain events. export is included on Starter plans and up; capture, capture_job, and query require the paid EPCIS add-on (those actions return a 403-style message without it). Actions (pass via action, with args): - export — args: { id }. Export a passport's events as an EPCIS...
AI agents use tracepass_epcis to create or update resources in Tracepass — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Tracepass environment.
| Parameter | Type | Required | Description |
|---|---|---|---|
args | object | — | Arguments for the chosen action; required fields depend on `action`. |
action | string | Yes | EPCIS 2.0: export a passport's events (export | export_by_serial), capture new events, poll a capture job, or query events. |
Parameters from the server's own tool schema.
An AI agent can call tracepass_epcis faster than any human can review — one bad instruction and it creates or modifies resources in Tracepass by the hundred, each call as confident as the last.
Attacks that exploit this kind of access
GS1 EPCIS 2.0 supply-chain events. export is included on Starter plans and up; capture, capture_job, and query require the paid EPCIS add-on (those actions return a 403-style message without it). Actions (pass via action, with args): - export — args: { id }. Export a passport's events as an EPCIS 2.0 JSON-LD document. Read-only. - export_by_serial — args: { serial, gtin? }. Same as export, addressed by your own serial. A serial is unique only WITHIN a GTIN — if it isn't unique in your account the call returns 409 ambiguous_serial; pass gtin (or use export by id). Read-only. - capture — args: { events }. events is an EPCISDocument, a single event, or an array of events (JSON-LD). Returns a 202 with a captureJobId. - capture_job — args: { jobId }. Poll an async capture job. Read-only. - query — args: { params? }. params is a key/value map of standard EPCIS query parameters (EQ_bizStep, GE_eventTime, MATCH_epc, …). Read-only. It is categorised as a Write tool in the Tracepass MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
tracepass_epcis accepts 2 parameters: args, action. Required: action. The full parameter table on this page comes from the server's own tool schema.
Register the Tracepass MCP server in PolicyLayer and add a rule for tracepass_epcis: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Tracepass. Nothing to install.
tracepass_epcis is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the tracepass_epcis rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for tracepass_epcis. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
tracepass_epcis is provided by the Tracepass MCP server (https://ai.tracepass.eu/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →