Skip to main content

Tools Reference

Complete list of all MCP tools exposed by the SOAT server, grouped by module. Each tool name maps directly to the MCP tools/call method name.

Actors

See Actors module docs for permissions and data model.

ToolDescription
list-actorsReturns all actors the caller has access to. If projectId is provided, returns only actors in that project. project keys are scoped to a single project automatically. JWT users without projectId receive actors across all their accessible projects.
create-actorCreates a new actor. project keys automatically infer the project from the key's scope; JWT callers must supply projectId.
get-actorReturns an actor by its ID
delete-actorDeletes an actor by its ID
update-actorUpdates an actor's properties
get-actor-tagsReturns all tags attached to the actor
replace-actor-tagsReplaces all tags on the actor with the provided tags (not merged)
merge-actor-tagsMerges provided tags with existing tags (existing tags are preserved unless overridden)

Agents

See Agents module docs for permissions and data model.

ToolDescription
create-agentCreates a new agent bound to an AI provider.
list-agentsReturns all agents in the project.
get-agentReturns a single agent by ID.
update-agentUpdates an existing agent. Identical to PATCH — both perform partial updates.
patch-agentPartially updates an existing agent. Identical to PUT — both perform partial updates.
delete-agentDeletes an agent by ID. Fails with 409 if the agent has dependent generations or traces, unless force=true is passed, in which case those generations and traces are deleted along with the agent.
create-agent-generationSends messages to the agent, resolves its tools, and runs the AI model loop. Supports streaming via stream: true. Client tools pause the generation and return requires_action.
submit-agent-tool-outputsResumes a generation that was paused due to client tool calls. Provide tool outputs for each pending tool call.

AI Providers

See AI Providers module docs for permissions and data model.

ToolDescription
list-ai-providersReturns a list of AI provider configurations for a project
create-ai-providerCreates a new LLM provider configuration
get-ai-providerReturns a specific AI provider configuration
update-ai-providerUpdates an AI provider configuration
delete-ai-providerDeletes an AI provider configuration
get-ai-provider-pricesReturns the per-provider price overrides for this AI provider instance. An override prices this specific provider (e.g. an enterprise-negotiated rate or a gateway with markup) and wins over the global default at cost time. Authorized by the caller's access to the provider's project — so, unlike the global price book, a project's own overrides are visible here.
update-ai-provider-pricesUpserts price overrides for this AI provider instance, keyed on (model, effective_from). The provider slug is taken from the AI provider itself, so only the model, rates, and effective_from are supplied. Authorized by the caller's access to the provider's project. effective_from must be in the future — past prices are immutable, so ship corrections as new future-dated rows.

API Keys

See API Keys module docs for permissions and data model.

ToolDescription
list-api-keysLists API keys accessible to the caller. - JWT admin: returns all API keys. - JWT regular user: returns only the user's own API keys. - API key: returns only API keys scoped to the key's project.
create-api-keyCreates a new API key for the authenticated user. - project_id is required: every key is scoped to exactly one project. - If policy_ids is provided, the key's effective permissions are the intersection of the user's policies and the key's policies. - Otherwise the key inherits the user's permissions, confined to the key's project.
get-api-keyReturns details of an API key. Only the owner or an admin can access it.
update-api-keyUpdates an API key's name, project scope, or policies. The project scope can be changed to another project but never cleared. Only the owner or an admin can update it.
delete-api-keyDeletes an API key. Only the owner or an admin can delete it.

Chats

See Chats module docs for permissions and data model.

ToolDescription
create-chatCreates a new chat resource bound to an AI provider.
list-chatsReturns all chats in the project.
get-chatReturns a single chat by ID.
delete-chatDeletes a chat by ID.
create-chat-completion-for-chatRuns a completion using the AI provider and settings stored in the chat. Pass stream: true for SSE streaming. A system message in messages overrides the chat's stored system message for this call only. Messages may use documentId instead of content.
create-chat-completionOpenAI Chat Completions-compatible endpoint. Mirrors OpenAI's POST /v1/chat/completions path so an OpenAI SDK can target it by base URL alone. Resolves the AI provider from ai_provider_id, decrypts its secret, and calls the appropriate Vercel AI SDK provider. ai_provider_id is required — there is no server-side model fallback.

Conversations

See Conversations module docs for permissions and data model.

ToolDescription
list-conversationsReturns all conversations the caller has access to. If projectId is provided, returns only conversations in that project. project keys are scoped to a single project automatically.
create-conversationCreates a new conversation. project keys automatically infer the project from the key's scope; JWT callers must supply projectId.
get-conversationReturns a conversation by its ID
update-conversationUpdates the status of a conversation
delete-conversationDeletes a conversation by its ID
list-conversation-messagesReturns all messages (documents) attached to a conversation, ordered by position
add-conversation-messageCreates a document from the message text and attaches it to the conversation at the given position. If position is omitted, it is appended at the end.
generate-conversation-messageGenerates the next message using the specified actor's linked agent or chat.
On completed, the reply is persisted as a new ConversationMessage authored
by that actor. On requires_action, nothing is persisted; the caller must
submit tool outputs via the Agents module and re-invoke generate.
remove-conversation-messageRemoves a document from a conversation
get-conversation-tagsReturns all tags attached to the conversation
replace-conversation-tagsReplaces all tags on the conversation with the provided tags
merge-conversation-tagsMerges provided tags with existing tags

Discussions

See Discussions module docs for permissions and data model.

ToolDescription
list-discussionsReturns all discussions the caller has access to. If project_id is provided, returns only discussions in that project.
create-discussionCreates a new discussion config. project keys infer the project from the key's scope; JWT callers must supply project_id.
get-discussion-runReturns a single discussion run, including its outcome, transcript conversation, and outcome document.
get-discussionReturns a discussion config with its participants.
update-discussionUpdates a discussion. Providing participants replaces the full set (not merged).
delete-discussionDeletes a discussion config and its participants.
create-discussion-runRuns the discussion synchronously over the given topic and returns the completed run, whose outcome inlines the synthesized text. The run's transcript is persisted as a conversation and the outcome as a document.
list-discussion-runsReturns the run history of a discussion, most recent first.

Documents

See Documents module docs for permissions and data model.

ToolDescription
list-documentsReturns all documents the caller has access to. If projectId is provided, returns only documents in that project. project keys are scoped to a single project automatically. JWT users without projectId receive documents across all their accessible projects.
create-documentCreates a new text document and generates an embedding vector for semantic search. project keys automatically infer the project from the key's scope; JWT callers must supply projectId.
ingest-documentParses an already-uploaded file and creates one Document split into one or
more embedded chunks. The source format is detected from the file's content
type: PDFs are parsed page-by-page; text/plain and text/markdown files
are read as a single source. How the source is chunked is controlled by
chunk_strategy.
get-documentReturns a document with its text content
delete-documentDeletes a document and its underlying file
update-documentUpdates document content, title, path, metadata, or tags. Supplying path moves the document to a new logical path within the project.
get-document-statusReturns a lightweight ingestion status payload for polling — status,
chunk_count, total_pages, and (when failed) error. Unlike
GET /documents/{document_id}, it never returns the assembled chunk
content, so it is cheap to poll on large documents. A document whose
ingestion has stalled (no progress past the configured timeout) is
transitioned to failed with error=INGESTION_TIMEOUT on read.
reingest-documentRe-runs ingestion for an existing document against its already-stored
source file. Existing chunks are discarded and the document is reset to
status=pending before re-processing. Use this to recover a document
stuck in processing/failed or to re-chunk with a different strategy
without re-uploading the file. Async by default (202); pass
?async=false to run synchronously (201).
complete-ingestion-callbackToken-authed callback for a tool converter that deferred conversion by
returning { "status": "pending" } (see the Ingestion Rules module
docs). Not IAM-gated — the external converter is not a SOAT principal,
so it authenticates with the single-use token minted for this
document and ingestion attempt (delivered as callback.token /
embedded in callback.url in the original converter invocation).
Accepted only while the document is still awaiting that exact
attempt; rejected with 409 if the attempt already completed, timed
out, or was superseded by a re-ingest.
get-document-tagsReturns all tags attached to the document
replace-document-tagsReplaces all tags on the document with the provided tags (not merged)
merge-document-tagsMerges provided tags with existing tags (existing tags are preserved unless overridden)

Embeddings

See Embeddings module docs for permissions and data model.

ToolDescription
create-embeddingsGenerates embedding vectors for one or more text inputs using the server's configured embedding model.
Provide input for a single text or inputs for a batch. At least one is required.
Returns embedding when input is used, and embeddings when inputs is used.

Files

See Files module docs for permissions and data model.

ToolDescription
list-filesReturns a list of all stored files
create-fileCreates a new file record in the system
upload-fileUploads a file to the server and stores it in the configured storage directory
upload-file-base64Uploads a file to the server using base64-encoded content
create-presigned-urlCreates a short-lived, single-use presigned upload URL — the local-storage equivalent of an S3 presigned URL. The client then uploads the file content directly to the returned upload_url via POST /api/v1/files/upload/{token}, bypassing MCP payload size limits. When the server is configured with SOAT_BASE_URL, upload_url is a fully-qualified absolute URL so MCP agents and other clients can POST to it without knowing the server base URL in advance.
upload-file-with-tokenUploads file content authorized by a single-use token from POST /api/v1/files/presigned-url. No bearer credential is required — the token is the credential. Accepts either multipart/form-data (field file) or JSON with a base64-encoded content field.
get-fileReturns the data and metadata of a specific file
delete-fileRemoves a file from the system by ID
download-fileStreams the file content to the client
update-file-metadataUpdates the metadata field of a file
download-file-base64Returns the file content encoded as base64
get-file-tagsReturns all tags attached to the file
replace-file-tagsReplaces all tags on the file with the provided tags
merge-file-tagsMerges provided tags with existing tags

Formations

See Formations module docs for permissions and data model.

ToolDescription
validate-formationValidates a formation template without creating any resources. Returns a list of errors and warnings. Accepts the template as a JSON object or as a YAML/JSON string.
plan-formationComputes a diff between the desired template and the current stack state without making any changes. Returns the list of planned actions.
list-formationsReturns all formation stacks for a project
create-formationValidates the template, creates the formation record, then provisions all declared resources in dependency order.
get-formationReturns the formation stack including its current resources.
update-formationApplies a new template to the formation. Resources are created, updated, or deleted to reconcile the current state with the desired state.
delete-formationDeletes the formation stack and all its managed resources in reverse dependency order.
list-formation-eventsReturns all operations (create, update, delete) with their event logs for the formation, ordered chronologically.

Generations

See Generations module docs for permissions and data model.

ToolDescription
list-generationsReturns generations the caller can access, optionally filtered by agent, trace, and status. Replaces the former per-trace generations endpoint (use the trace_id query filter).
get-generationReturns a single generation record by ID, including its status and the structured error payload when the generation failed (e.g. because the upstream AI provider returned an error).

Ingestion Rules

See Ingestion Rules module docs for permissions and data model.

ToolDescription
list-ingestion-rulesReturns the ingestion rules for a project
create-ingestion-ruleCreates a rule mapping a content_type glob to a converter. Exactly one of tool_id or agent_id must be set.
get-ingestion-ruleReturns a specific ingestion rule
update-ingestion-ruleUpdates fields of an ingestion rule
delete-ingestion-ruleDeletes an ingestion rule

Knowledge

See Knowledge module docs for permissions and data model.

ToolDescription
search-knowledgeSearches across documents and memory entries using semantic search, file paths, document IDs, or memory IDs/tags. At least one of query, document_paths, document_ids, memory_ids, or memory_tags must be provided.

Memories

See Memories module docs for permissions and data model.

ToolDescription
list-memoriesReturns a list of memory configurations for a project
create-memoryCreates a new memory configuration in a project
get-memoryReturns a single memory configuration by ID
update-memoryUpdates an existing memory configuration
delete-memoryDeletes a memory configuration

MemoryEntries

See MemoryEntries module docs for permissions and data model.

ToolDescription
list-memory-entriesReturns all entries in a memory container
create-memory-entryCreates a new entry in the specified memory container. Automatically generates an embedding for semantic search.
get-memory-entryReturns a single memory entry by ID
update-memory-entryUpdates an existing memory entry. Regenerates the embedding if content changes.
delete-memory-entryDeletes a memory entry

Orchestrations

See Orchestrations module docs for permissions and data model.

ToolDescription
create-orchestrationCreates a new orchestration workflow definition in the project.
list-orchestrationsReturns orchestrations accessible to the caller.
validate-orchestrationStatically validates an orchestration graph without persisting anything. Checks that every node has its required field, node ids are unique, edges reference existing nodes, the graph is acyclic (unless it contains a loop node), and every input_mapping {"var": "..."} reference resolves to a state key written by an upstream node or seeded by input_schema. Returns blocking errors and non-blocking warnings (e.g. a state key only written on a conditional branch). The same errors checks are enforced on create and update, which fail with 400 when any error is present.
get-orchestrationReturns the orchestration with nodes and edges.
update-orchestrationPartially updates an orchestration definition.
delete-orchestrationDeletes an orchestration definition and all its runs.
start-orchestration-runCreates a new run for the orchestration named by orchestration_id. By default the run executes durably in the background: the response returns immediately with status "running" and progress is observed via get-orchestration-run or run lifecycle webhook events (orchestration_runs.started/awaiting_input/succeeded/failed). Delay and poll waits park the run as "sleeping" and are woken by a background scheduler, surviving restarts. Pass wait=true to block until the run reaches a terminal or awaiting_input state (the legacy synchronous behaviour).
list-orchestration-runsReturns orchestration runs the caller can access, optionally filtered by orchestration.
cancel-orchestration-runCancels a run that has not yet reached a terminal state.
submit-human-inputProvides human input to a run that is awaiting_input at a human node.
resume-orchestration-runResumes an awaiting_input orchestration run from its last checkpoint.
get-orchestration-runReturns the status, state, and artifacts of a specific run.

Policies

See Policies module docs for permissions and data model.

ToolDescription
list-policiesReturns global policies. Requires admin role. Pass user_id to list only the policies attached to that user (replaces the former per-user policies endpoint).
create-policyCreates a new global policy. Requires admin role.
get-policyReturns details of a specific policy. Requires admin role.
update-policyUpdates an existing global policy. Requires admin role.
delete-policyDeletes a global policy. Requires admin role.

Projects

See Projects module docs for permissions and data model.

ToolDescription
list-projectsLists projects accessible to the caller. - JWT admin: returns all projects. - JWT regular user: returns only projects granted by the user's policies. - API key scoped to a project: returns only that project.
create-projectCreates a new project. Requires admin role.
get-projectReturns details of a specific project.
update-projectUpdates a project's name. Requires admin role.
delete-projectDeletes a project. Requires admin role. Fails with 409 if the project has any dependent resources (agents, ai providers, tools, conversations, chats, formations, memories, actors, webhooks, secrets, sessions, files, traces, generations, orchestrations, etc.), unless force=true is passed, in which case those resources are deleted along with the project.
get-project-pricesReturns the project's per-provider-slug price rows — the middle pricing tier that covers every one of the project's instances of a given provider slug. At cost time a per-provider-instance override wins over these, and these win over the global default. Authorized by the caller's access to the project.
update-project-pricesUpserts project + provider-slug price rows, keyed on (provider, model, effective_from). A row covers all of the project's instances of that provider slug. Authorized by the caller's access to the project. effective_from must be in the future — past prices are immutable, so ship corrections as new future-dated rows.

Secrets

See Secrets module docs for permissions and data model.

ToolDescription
list-secretsReturns a list of secrets for a project
create-secretCreates a new encrypted secret in a project
get-secretReturns a specific secret
update-secretUpdates a secret's name and/or value
delete-secretDeletes a secret

Sessions

See Sessions module docs for permissions and data model.

ToolDescription
create-sessionCreates a new session for the specified agent. Internally creates a conversation and two actors (agent + user) so the caller only needs this single call to start interacting with the agent.
list-sessionsReturns sessions the caller can access, optionally filtered by agent, actor and status.
get-sessionReturns details of a single session.
update-sessionUpdates the session name and/or status.
delete-sessionDeletes the session and its underlying conversation and messages. The session's actor is not deleted. Generations and traces produced by the session are not deleted either, since they are not linked to the session or conversation.
add-session-messageSaves a user message to the session. When autoGenerate is enabled on the session and no generation is currently in progress, generation is triggered automatically and the response mirrors GenerateSessionResponse. Otherwise returns the saved user message.
generate-session-responseTriggers the agent to generate a response based on the current conversation. Returns the assistant reply or a requires_action status if the agent needs client tool outputs. Pass ?async=true for a 202 accepted response when you do not need to wait for the result.
submit-session-tool-outputsSubmits client tool outputs for a generation that returned requires_action. The agent continues its loop and returns the final or next requires_action result.
get-session-tagsReturns the session's tags object.
replace-session-tagsReplaces all tags on the session.
merge-session-tagsMerges the provided tags into the session's existing tags.

Tools

See Tools module docs for permissions and data model.

ToolDescription
create-toolCreates a new tool in the project.
list-toolsReturns all tools in the project.
get-toolReturns a single tool by ID.
update-toolUpdates an existing tool.
delete-toolDeletes a tool by ID.
call-toolDirectly invokes a tool and returns its output. Supported for http, soat, mcp, and pipeline tools. client tools cannot be invoked server-side and will return 422. A pipeline tool runs its declared steps in order and returns the mapped output (or the last step's output); action is ignored and input is the pipeline input.
For soat and mcp tools the action field is required and identifies which action (SOAT) or tool name (MCP) to invoke. For http tools action is ignored. When a soat or mcp tool declares an actions allowlist, an action outside it is rejected with 400 VALIDATION_FAILED ("not available on this tool") before any outbound request is made.
preset_parameters stored on the tool are merged with the caller-supplied input before execution; preset keys take lower precedence.

Traces

See Traces module docs for permissions and data model.

ToolDescription
list-tracesReturns a paginated list of execution traces for the project.
get-traceReturns a single trace by ID.
get-trace-treeReturns the full execution tree rooted at the given trace (or its root if the given trace is a child). Each node represents one agent's execution session. The children array contains traces triggered by sub-agent tool calls from that trace.

Triggers

See Triggers module docs for permissions and data model.

ToolDescription
list-triggersLists triggers. Filter by project, starter type, or target type.
create-triggerCreates a new trigger for a project
get-triggerRetrieves the details of a specific trigger
update-triggerUpdates an existing trigger's configuration. The type is immutable.
delete-triggerDeletes a trigger
fire-triggerFires a trigger synchronously and returns the terminal firing record.
get-trigger-secretRetrieves the signing secret for a webhook trigger
rotate-trigger-secretRotates the signing secret for a webhook trigger
list-trigger-firingsLists firings for a trigger (trigger_id is required).
get-trigger-firingRetrieves the details of a specific trigger firing

Usage

See Usage module docs for permissions and data model.

ToolDescription
list-usage-metersReturns the raw usage-meter rows the caller can access, most recent first, optionally filtered by agent and generation. Each row is the per-generation token usage as reported by the provider, for audit and reconciliation.
get-usage-receiptReturns a billing receipt for a completed generation: per-model line items (tokens, the price-book version that priced them, and cost) plus totals.
get-price-bookReturns the global price book — the versioned per-provider/model unit prices used to compute usage cost at write time. Readable by any authenticated user.
upsert-price-bookUpserts price rows keyed on (provider, model, effective_from). Admin only. effective_from must be in the future — past prices are immutable so recorded costs stay explainable; ship corrections as new future-dated rows.

Users

See Users module docs for permissions and data model.

ToolDescription
get-current-userReturns the profile of the currently authenticated user
list-usersReturns a list of all users
create-userCreates a new user in the system
get-userReturns the data of a specific user
delete-userDeletes a specific user
bootstrap-userCreates the first admin user. Returns 409 if any user already exists.
login-userAuthenticates a user and returns a JWT token
attach-user-policiesReplaces the user's policy list with the provided policy IDs. Requires admin role.

Webhooks

See Webhooks module docs for permissions and data model.

ToolDescription
list-webhooksLists webhooks. Use the project_id query parameter to filter by project.
create-webhookCreates a new webhook for a project
get-webhookRetrieves the details of a specific webhook
update-webhookUpdates an existing webhook's configuration
delete-webhookDeletes a webhook and stops all event deliveries
list-webhook-deliveriesLists event deliveries for a webhook (webhook_id is required).
get-webhook-deliveryRetrieves the details of a specific webhook delivery
get-webhook-secretRetrieves the signing secret for the specified webhook
rotate-webhook-secretRotates the secret key for the specified webhook