Makes ChainGraph tools agent-callable (ChainGraph Standard v0.1 §3.1). Mode 1 — supply pre_computed_artifact (exported from the browser tool): validates §4 schema fields, recomputes execution_hash via SHA-256 over canonical {policy_parameters, output_payload}, returns verified structuredContent. ...
AI agents invoke emit_chaingraph_artifact to trigger actions in Ainumbers Mcp Apps. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
| Parameter | Type | Required | Description |
|---|---|---|---|
compute | string | — | Compute mode (v0.4 Compute Binding). "auto" = server for gpu:false nodes (default); "server" = force server-side; "browser" = always return browser delegation U |
tool_id | string | — | ChainGraph node tool_id (e.g. "art-01-ap2-mandate-chain-validator"). Looked up in chaingraph.json nodes. Required unless pre_computed_artifact is supplied. |
parent_hashes | array | — | execution_hash values from upstream ChainGraph artifacts this call chains from. Placed into artifact.chain.parent_hashes (ChainGraph Standard v0.1 §5 chain bloc |
parent_tool_ids | array | — | tool_ids corresponding to parent_hashes, in the same order. |
policy_parameters | object | — | Input parameters for the tool (mirrors the tool's Policy Mandate input fields). Used for Mode 2 browser prefill and Mode 4 server-side compute. |
pre_computed_artifact | object | — | A full ChainGraph artifact envelope previously exported from the browser tool via "Export Policy Mandate". When supplied, the worker validates §4 required field |
Parameters from the server's own tool schema.
This tool executes computational operations (hash computation, schema validation, artifact generation, browser delegation) and triggers external operations depending on supplied arguments. It spans Write (producing artifacts/envelopes) and Execute (running SHA-256 computations, delegating GPU sims, generating prefill URLs for external browser actions). Per the severity rules, Execute takes precedence over Write.
From the tool's definition 'Makes ChainGraph tools agent-callable', 'recomputes execution_hash via SHA-256 over canonical {policy_parameters, output_payload}', 'returns verified structuredContent', 'artifact template envelope', 'GPU sims always delegate to the browser'
Attacks that exploit this kind of access
Makes ChainGraph tools agent-callable (ChainGraph Standard v0.1 §3.1). Mode 1 — supply pre_computed_artifact (exported from the browser tool): validates §4 schema fields, recomputes execution_hash via SHA-256 over canonical {policy_parameters, output_payload}, returns verified structuredContent. Mode 2 — supply tool_id + policy_parameters: returns an artifact template envelope and browser prefill URL so an agent can hand the user a pre-filled link; GPU sims always delegate to the browser per §9.2. Mode 3 — supply tool_id only: returns node metadata and artifact schema scaffold. Mode 4 (Compute Binding, v0.4) — supply tool_id + policy_parameters + compute:"server" (or compute:"auto" for gpu:false nodes): runs the registered kernel server-side and returns a verified v0.4 artifact with execution_hash + output_payload in one round-trip. No browser required. gpu:true nodes always delegate to browser. readOnlyHint: true. Zero PII, zero payload logging. Pair with verify_execution_hash (independent hash verification) and build_chaingraph (DAG wiring). It is categorised as a Execute tool in the Ainumbers Mcp Apps MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
emit_chaingraph_artifact accepts 6 parameters: compute, tool_id, parent_hashes, parent_tool_ids, policy_parameters, pre_computed_artifact. The full parameter table on this page comes from the server's own tool schema.
Register the Ainumbers Mcp Apps MCP server in PolicyLayer and add a rule for emit_chaingraph_artifact: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Ainumbers Mcp Apps. Nothing to install.
emit_chaingraph_artifact is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the emit_chaingraph_artifact rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for emit_chaingraph_artifact. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
emit_chaingraph_artifact is provided by the Ainumbers Mcp Apps MCP server (postoaklabs/ainumbers-mcp-apps). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →