Guard, estimate, classify, spawn, or hand off specialist agent work. Inputs: spawn from task REQUIRES task_id; ad-hoc spawn REQUIRES title+instructions and should include agent_type. handoff REQUIRES task_id+agent_type. guard REQUIRES agent_type. classify REQUIRES title OR task_id. action="estima...
AI agents use orgx_spawn to create or update resources in OrgX — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your OrgX environment.
| Parameter | Type | Required | Description |
|---|---|---|---|
model | string | — | Optional exact model identifier when the user explicitly selects one. Otherwise OrgX resolves the model from task, tier, provider, policy, and budget. |
title | string | — | Task title. REQUIRED for ad-hoc spawn (action=spawn without task_id) or action=classify without task_id. Used as the human-readable label of the spawned task. |
action | string | — | Spawn operation. Defaults to "spawn". Use estimate for pre-spawn cost/routing context without dispatching work. See top-level description for per-action require |
task_id | string | — | Existing task UUID. REQUIRED for action=handoff. REQUIRED for action=spawn when spawning work for an already-created task. Either task_id or title (with instruc |
_context | object | — | Client context for conversation tracking (strongly recommended for cross-client continuity) |
provider | string | — | Optional provider preference. Use auto unless the user asks for a specific provider or a cost comparison selects one. |
agent_type | string | — | Target agent type/domain (e.g. "engineering", "marketing", "design"). REQUIRED for action=guard or action=handoff. Strongly recommended for action=spawn so the |
model_tier | string | — | Optional model tier override. Omit to let OrgX auto-route from task complexity. Legacy local/sonnet/opus are accepted for older clients. |
session_id | string | — | Optional bootstrap/session identifier returned by orgx_bootstrap. |
budget_mode | string | — | Optional budget posture override. Use cheapest_valid for controlled validation runs while reliability is being proven. |
instructions | string | — | Delegation instructions for the agent. REQUIRED for action=spawn when spawning ad-hoc (without task_id). Used to override the task description for action=handof |
max_cost_usd | number | — | Optional per-task hard cost ceiling in USD. If the estimate exceeds this, OrgX should block, downgrade, or request approval before dispatch. |
Parameters from the server's own tool schema.
An AI agent can call orgx_spawn faster than any human can review — one bad instruction and it creates or modifies resources in OrgX by the hundred, each call as confident as the last.
Risk signalsHigh parameter count (31 properties)
Documented attack patterns abuse exactly the kind of access orgx_spawn gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and OrgX, and nothing reaches the server without passing your rules. This is the rule we recommend for orgx_spawn:
{
"version": "1",
"default": "deny",
"tools": {
"orgx_spawn": {
"limits": [
{
"counter": "orgx_spawn_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}orgx_spawn stays usable, but capped — an agent stuck in a loop can't make hundreds of changes a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Guard, estimate, classify, spawn, or hand off specialist agent work. Inputs: spawn from task REQUIRES task_id; ad-hoc spawn REQUIRES title+instructions and should include agent_type. handoff REQUIRES task_id+agent_type. guard REQUIRES agent_type. classify REQUIRES title OR task_id. action="estimate" returns candidate routes and cost context without dispatching work. Routing: omit model_tier/provider/model for OrgX auto-routing from task complexity and workspace policy. Set model_tier, provider, model, budget_mode, or max_cost_usd only when the user, policy, or validation plan constrains routing. Use model_tier="standard" plus budget_mode="cheapest_valid" for controlled reliability canaries before escalating. USE WHEN: delegating work to an OrgX agent, handing off an existing task, or checking routing/cost before delegation. NEXT: monitor via orgx_inspect/orgx_search, then orgx_submit_receipt with artifact, quality, cost, and model proof. DO NOT USE WHEN: only creating a task row; use orgx_write. It is categorised as a Write tool in the OrgX MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
orgx_spawn accepts 12 parameters: model, title, action, task_id, _context, provider, agent_type, model_tier, session_id, budget_mode, instructions, max_cost_usd. The full parameter table on this page comes from the server's own tool schema.
Register the OrgX MCP server in PolicyLayer and add a rule for orgx_spawn: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches OrgX. Nothing to install.
orgx_spawn is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the orgx_spawn rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for orgx_spawn. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
orgx_spawn is provided by the OrgX MCP server (useorgx/orgx-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 29 OrgX tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
29 OrgX tools catalogued and risk-classified — across an index of 42,500+ MCP servers.