Leave a state. You will no longer receive messages or see members. This cannot be undone — you
AI agents call state_leave to permanently remove resources in Networkselfmd — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.
Although the tool does not delete data from external systems, it irreversibly severs the user's membership and access to a shared state in a decentralized P2P group. The user loses all ability to receive future messages and interact with that group, and this state change cannot be reversed by the tool itself (re-joining would require re-discovery or re-invitation). The 'cannot be undone' language is definitive.
From the tool's definition 'Leave a state. You will no longer receive messages or see members. This cannot be undone' — the explicit statement that the action cannot be undone, combined with permanent removal of access to group state and communications, indicates an irreversible…
Attacks that exploit this kind of access
Leave a state. You will no longer receive messages or see members. This cannot be undone — you. It is categorised as a Destructive tool in the Networkselfmd MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Register the Networkselfmd MCP server in PolicyLayer and add a rule for state_leave: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Networkselfmd. Nothing to install.
state_leave is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the state_leave rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for state_leave. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
state_leave is provided by the Networkselfmd MCP server (selfmd/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →