Set the Cumulocity tenant for this CLI session, or pass tenantUrl: null to clear the active tenant. The tenantUrl must match one returned by the status tool. The selection is persisted across sessions so you only need to call this once (or when switching tenants). Clearing falls back to bundled-o...
AI agents use set-active-tenant to create or update resources in Mc8yp — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Mc8yp environment.
This is a Write operation because it creates or modifies configuration data (the active tenant setting) in a reversible manner. It is not Destructive because clearing the tenant does not irrevocably delete data—the tenant still exists and can be re-selected.
From the tool's definition The tool 'set-active-tenant' modifies session state by selecting or clearing the active Cumulocity tenant. The description states 'The selection is persisted across sessions', indicating persistent state modification.
Attacks that exploit this kind of access
Set the Cumulocity tenant for this CLI session, or pass tenantUrl: null to clear the active tenant. The tenantUrl must match one returned by the status tool. The selection is persisted across sessions so you only need to call this once (or when switching tenants). Clearing falls back to bundled-only browsing — query still works but execute is unavailable until a tenant is set again. It is categorised as a Write tool in the Mc8yp MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Mc8yp MCP server in PolicyLayer and add a rule for set-active-tenant: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Mc8yp. Nothing to install.
set-active-tenant is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the set-active-tenant rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for set-active-tenant. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
set-active-tenant is provided by the Mc8yp MCP server (schplitt/mc8yp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
set-active-tenant is one line of Mc8yp's registry record.
The record carries the whole server: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.
Teams ship this data inside their own products. See what a licence covers →