zephyr_create_test_case_steps

// WHEN AI AGENTS USE THIS TOOL

AI agents use zephyr_create_test_case_steps to create or modify resources in SmartBear MCP. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.

// WHY ENFORCE A POLICY ON ZEPHYR_CREATE_TEST_CASE_STEPS

Without a policy, an AI agent could call zephyr_create_test_case_steps repeatedly, creating or modifying resources faster than any human could review. Intercept's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach SmartBear MCP.

// RECOMMENDED POLICY

Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.

smartbear-mcp.yaml

tools:
  zephyr_create_test_case_steps:
    rules:
      - action: allow
        rate_limit:
          max: 30
          window: 60

See the full SmartBear MCP policy for all 243 tools.

// DETAILS

Tool Name zephyr_create_test_case_steps

Category Write

MCP Server SmartBear MCP MCP Server

Risk Level Medium

// MORE SMARTBEAR MCP TOOLS

Destructive collaborator_delete_collaborator_remote_system_configuration Destructive contract-testing_admin_delete_role Destructive contract-testing_admin_delete_team Destructive contract-testing_admin_delete_user Destructive contract-testing_admin_remove_role_from_user Destructive contract-testing_admin_remove_user_from_team Destructive contract-testing_admin_reset_roles Destructive contract-testing_delete_all_integrations

View all 243 tools →

// WHAT CAN GO WRONG

Agents calling write-class tools like zephyr_create_test_case_steps have been implicated in these attack patterns. Read the full case and prevention policy for each:

Browse the full MCP Attack Database →

// OTHER WRITE TOOLS ACROSS MCP SERVERS

Other tools in the Write risk category across the catalogue. The same policy patterns (rate-limit, validate) apply to each.

Firecrawl Web Scraping Server firecrawl_generate_llmstxt AbraFlexi contact_create AbraFlexi contact_update AbraFlexi evidence_create AbraFlexi evidence_update AbraFlexi invoice_issued_update

// RELATED READING

// FAQ

What does the zephyr_create_test_case_steps tool do? +

Create steps for a Test Case in Zephyr. Supports inline step definitions or delegating execution to another test case (also known as 'call to test' via UI). Requires a mode: `APPEND` adds steps to the end of the existing list, `OVERWRITE` deletes all existing steps and replaces them with the provided ones. Always ask the user to choose between OVERWRITE or APPEND before calling this tool. **Examples:** 1. To the Test Case SA-T1, add steps that will test a login page. ```json { "testCaseKey": "SA-T1", "mode": "APPEND", "items": [ { "inline": { "description": "Navigate to the login page", "expectedResult": "Login page is displayed" } }, { "inline": { "description": "Enter valid credentials and click Submit", "expectedResult": "User is redirected to the dashboard" } } ] } ``` Expected Output: The ID of the Test Steps resource and the API self URL to fetch it 2. To the Test Case MM2-T15, replace all existing steps with new ones that test the settings page for an Admin user. ```json { "testCaseKey": "MM2-T15", "mode": "OVERWRITE", "items": [ { "inline": { "description": "Open the settings page", "testData": "User role: Admin", "expectedResult": "Settings page is accessible" } }, { "inline": { "description": "Change the notification preference", "testData": "Preference: Email only", "expectedResult": "Notification preference is updated successfully" } } ] } ``` Expected Output: The ID of the Test Steps resource and the API self URL to fetch it 3. To the Test Case SA-T1, add a step that reuses the steps from the Test Case PRJ-T42 ```json { "testCaseKey": "SA-T1", "mode": "APPEND", "items": [ { "testCase": { "testCaseKey": "PRJ-T42" } } ] } ``` Expected Output: The ID of the Test Steps resource and the API self URL to fetch it. It is categorised as a Write tool in the SmartBear MCP MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

How do I enforce a policy on zephyr_create_test_case_steps? +

Add a rule in your Intercept YAML policy under the tools section for zephyr_create_test_case_steps. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the SmartBear MCP MCP server.

What risk level is zephyr_create_test_case_steps? +

zephyr_create_test_case_steps is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit zephyr_create_test_case_steps? +

Yes. Add a rate_limit block to the zephyr_create_test_case_steps rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block zephyr_create_test_case_steps completely? +

Set action: deny in the Intercept policy for zephyr_create_test_case_steps. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides zephyr_create_test_case_steps? +

zephyr_create_test_case_steps is provided by the SmartBear MCP MCP server (@smartbear/mcp). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Let agents act without letting them run wild.