Smart deployment with validation, optional snapshot, and auto-monitoring. RECOMMENDED: This is the preferred method for deploying scenarios as it includes validation, error checking, and monitoring guidance. NO FILE UPLOAD REQUIRED: This tool automatically generates the configuration from the sce...
AI agents invoke smart_deploy to trigger actions in Ludus FastMCP. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
This tool orchestrates deployment workflows on cyber range environments, executing scenario configurations and infrastructure changes. While it includes safety features (validation, monitoring), it fundamentally triggers external operations whose effects depend on arguments (scenario parameters, auto_snapshot, auto_validate flags).
From the tool's definition 'Smart deployment with validation, optional snapshot, and auto-monitoring' - deploys scenarios and generates configuration, which triggers external operations on the cyber range environment.
Risk signalsAdmin/system-level operation
Documented attack patterns abuse exactly the kind of access smart_deploy gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Ludus FastMCP, and nothing reaches the server without passing your rules. This is the rule we recommend for smart_deploy:
{
"version": "1",
"default": "deny",
"tools": {
"smart_deploy": {
"limits": [
{
"counter": "smart_deploy_rate",
"window": "minute",
"max": 10,
"scope": "grant"
}
]
}
}
}smart_deploy stays usable, but rate-capped — a runaway agent can't fire it dozens of times a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Smart deployment with validation, optional snapshot, and auto-monitoring. RECOMMENDED: This is the preferred method for deploying scenarios as it includes validation, error checking, and monitoring guidance. NO FILE UPLOAD REQUIRED: This tool automatically generates the configuration from the scenario parameters. You do NOT need to provide a config file. Workflow: 1. Validates the scenario configuration (if auto_validate=True) 2. Creates snapshot if requested (if auto_snapshot=True) 3. Generates and sets the configuration in Ludus 4. Verifies the configuration was set correctly 5. Starts the deployment 6. Provides monitoring guidance and commands When to use: - Use smart_deploy() for most deployments (recommended) - Use deploy_scenario() if you need more control or don't want validation - Use deploy_range() only if you have a custom configuration dict Args: scenario_key: Scenario to deploy (e.g., 'redteam-lab-lite') siem_type: SIEM type to include (wazuh, splunk, elastic, security-onion, none) auto_validate: Validate configuration before deploying (default: True) auto_snapshot: Create snapshot before deployment (default: False) auto_monitor: Enable auto-monitoring after deployment (default: True) user_id: Optional user ID (admin only) Returns: Smart deployment result with monitoring guidance and status Example: # Recommended: Use smart_deploy for automated deployments smart_deploy( scenario_key='redteam-lab-lite', siem_type='none', auto_validate=True, auto_monitor=True ). It is categorised as a Execute tool in the Ludus FastMCP MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Register the Ludus Fast MCP server in PolicyLayer and add a rule for smart_deploy: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Ludus FastMCP. Nothing to install.
smart_deploy is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the smart_deploy rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for smart_deploy. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
smart_deploy is provided by the Ludus Fast MCP server (tjnull/ludus-fastmcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 201 Ludus FastMCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
201 Ludus FastMCP tools catalogued and risk-classified — across an index of 42,500+ MCP servers.