Turn an objective, roadmap, launch, or feature plan into executable workstreams, milestones, and tasks. Also known as: scaffold project, create roadmap, generate execution plan. Minimum required input: title. Conditionally required: • workspace_id — REQUIRED unless the MCP session already carries...
AI agents invoke scaffold_initiative to trigger actions in OrgX. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
| Parameter | Type | Required | Description |
|---|---|---|---|
mode | string | — | Optional stage. draft validates without writes; scaffold creates records without launching agents; launch creates records and starts agents. Defaults to launch |
title | string | — | Initiative title |
context | array | — | Optional context attachments (pointers, not payloads). |
summary | string | — | Initiative summary |
user_id | string | — | Deprecated alias for owner_id; prefer owner_id for new calls |
_context | object | — | Client context for conversation tracking (strongly recommended for cross-client continuity) |
goal_ids | array | — | Optional objective UUIDs for the initiative. OrgX stores workspace objectives in goal_ids; provide at least one to avoid objective-invariant failures. |
owner_id | string | — | Optional owner user ID for the scaffolded initiative; defaults to the authenticated user when omitted |
concurrency | number | — | Parallel creation concurrency (default 8) |
description | string | — | Initiative description |
workstreams | array | — | Nested workstreams. Include domain, dependencies, and estimate fields when possible. If omitted, the scaffold builder auto-fills subtasks/dependencies and OrgX |
workspace_id | string | — | Workspace/command center UUID to scope the initiative hierarchy. Required unless the MCP session already has workspace context; resolve with list_entities type= |
Parameters from the server's own tool schema.
scaffold_initiative triggers real processes with real consequences. An agent gone sideways doesn't fire it once — it starts dozens of builds, sends mass notifications, or burns through compute before anyone looks up.
Risk signalsHigh parameter count (88 properties)
Documented attack patterns abuse exactly the kind of access scaffold_initiative gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and OrgX, and nothing reaches the server without passing your rules. This is the rule we recommend for scaffold_initiative:
{
"version": "1",
"default": "deny",
"tools": {
"scaffold_initiative": {
"limits": [
{
"counter": "scaffold_initiative_rate",
"window": "minute",
"max": 10,
"scope": "grant"
}
]
}
}
}scaffold_initiative stays usable, but rate-capped — a runaway agent can't fire it dozens of times a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Turn an objective, roadmap, launch, or feature plan into executable workstreams, milestones, and tasks. Also known as: scaffold project, create roadmap, generate execution plan. Minimum required input: title. Conditionally required: • workspace_id — REQUIRED unless the MCP session already carries workspace context (resolve via list_entities type=command_center or get_org_snapshot). • objective_ids (or goal_ids) — REQUIRED only when workspace policy enforces a primary objective. objective_ids is the preferred alias; goal_ids carries the same content for API compatibility. Per-nested-entity rules (when workstreams[]/milestones[]/tasks[] are provided): • Each workstream MUST have either "title" or "name" set (they are aliases — provide one). • Each milestone MUST have "title" set. • Each task MUST have "title" set. • All other workstream/milestone/task fields are optional and can be omitted — the scaffold builder auto-fills defaults for missing domain/duration/owner/agent/budget. • "ref" is a client-side label used inside this single call (in depends_on and ref_map). It is not persisted as an ID. Agent-safe aliases that are accepted and normalized server-side: task priority "urgent" → "high"; task/milestone status "active" → "in_progress". USE WHEN: user wants to plan a new initiative from scratch. NEXT: use mode="launch" to create and start agents (default), mode="scaffold" to create without launching, or mode="draft" to validate the plan without writes. DO NOT USE: for adding a single task to an existing initiative — use create_entity instead. It is categorised as a Execute tool in the OrgX MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
scaffold_initiative accepts 12 parameters: mode, title, context, summary, user_id, _context, goal_ids, owner_id, concurrency, description, workstreams, workspace_id. The full parameter table on this page comes from the server's own tool schema.
Register the OrgX MCP server in PolicyLayer and add a rule for scaffold_initiative: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches OrgX. Nothing to install.
scaffold_initiative is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the scaffold_initiative rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for scaffold_initiative. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
scaffold_initiative is provided by the OrgX MCP server (useorgx/orgx-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 29 OrgX tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
29 OrgX tools catalogued and risk-classified — across an index of 42,500+ MCP servers.