Validate a file in a provisioning repository at a given branch or commit by dry-run applying it. Returns whether the file would be accepted (valid)\, what resource action would result (create/update)\, the target resource type\, and any structured validation errors. Use to confirm a draft dashboa...
AI agents call validate_provisioning_file to retrieve information from Mcp Grafana Npx without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
ref | string | — | Branch or commit SHA. Defaults to the repository's main branch. |
path | string | Yes | File path within the repository (e.g. 'folder/dashboard.json'). |
repo | string | Yes | Provisioning repository slug. Get one from list_provisioning_repositories. |
namespace | string | — | Kubernetes-style namespace to read the repository from. Defaults to 'default'. |
Parameters from the server's own tool schema.
This tool only reads and validates provisioning files without side effects. It performs a dry-run simulation to report what would happen (create/update action, resource type, validation errors) but does not actually create, modify, or delete any resources. The output is informational only, making it a Read operation with minimal blast radius if misused by an AI agent.
From the tool's definition Tool performs validation via 'dry-run applying it' and 'Returns whether the file would be accepted' — it simulates application without making actual changes.
Risk signalsAccepts file system path (path)
Attacks that exploit this kind of access
Validate a file in a provisioning repository at a given branch or commit by dry-run applying it. Returns whether the file would be accepted (valid)\, what resource action would result (create/update)\, the target resource type\, and any structured validation errors. Use to confirm a draft dashboard or other resource will be accepted before merging or applying a PR — this is the same validation surface that Grafana's PR commenter reports. It is categorised as a Read tool in the Mcp Grafana Npx MCP Server, which means it retrieves data without modifying state.
validate_provisioning_file accepts 4 parameters: ref, path, repo, namespace. Required: path, repo. The full parameter table on this page comes from the server's own tool schema.
Register the Mcp Grafana Npx MCP server in PolicyLayer and add a rule for validate_provisioning_file: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Mcp Grafana Npx. Nothing to install.
validate_provisioning_file is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the validate_provisioning_file rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for validate_provisioning_file. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
validate_provisioning_file is provided by the Mcp Grafana Npx MCP server (mcp-grafana-npx). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →