Delete a previously ingested file or data from the vector database. Use filePath for files ingested via ingest_file, or source for data ingested via ingest_data. Either filePath or source must be provided. Returns deleted (operation succeeded), removedChunks, and existed (whether anything was act...
AI agents call delete_file to permanently remove resources in Mcp Local Rag — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.
This tool irreversibly removes data from the vector database with no undo mechanism. Once deleted, the ingested documents or files are gone from the system. While not as critical as financial operations, data deletion is destructive and warrants high severity. The confidence is high because the description is explicit and unambiguous about the destructive nature of the operation.
From the tool's definition Tool description explicitly states 'Delete a previously ingested file or data from the vector database' and 'Returns deleted (operation succeeded)'. The term 'delete' combined with removal from a database indicates irreversible data removal.
Attacks that exploit this kind of access
Delete a previously ingested file or data from the vector database. Use filePath for files ingested via ingest_file, or source for data ingested via ingest_data. Either filePath or source must be provided. Returns deleted (operation succeeded), removedChunks, and existed (whether anything was actually present). It is categorised as a Destructive tool in the Mcp Local Rag MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Register the Mcp Local Rag MCP server in PolicyLayer and add a rule for delete_file: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Mcp Local Rag. Nothing to install.
delete_file is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the delete_file rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for delete_file. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
delete_file is provided by the Mcp Local Rag MCP server (mcp-local-rag). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →