RosettaHub MCP — Tool Catalog¶

Total: 170 tools across 2 servers.

Auto-generated from com.rosettahub.sdk.mcp.docs.McpDocsGenerator. Edits to this file will be overwritten on the next build. See MCP Servers overview for installation and usage.

Generated 2026-05-16.

rosetta-cloud-mcp¶

Launch: rh-mcp-cloud.bat

Deployable RosettaHub infrastructure — formations, machines, containers, engines, key sets, volumes, storage, k8s, certificates, marketplace, account inventory, cloud catalog.

76 tools.

FormationTools¶

`list_formations`¶

List RosettaHub formations. Filterable by common fields plus formation-specific (formationUid, category, spot, machineImageUid, keySetUid, ...).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`formationUid`	string		Exact formation uid
`formationType`	string
`category`	string (`machine`\|`docker-machine`\|`vlab`\|`hpc`\|`bigdata`)
`spot`	boolean
`machineImageUid`	string
`keySetUid`	string
`official`	boolean
`managed`	boolean

`count_formations`¶

Count RosettaHub formations matching a filter.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`formationUid`	string		Exact formation uid
`formationType`	string
`category`	string (`machine`\|`docker-machine`\|`vlab`\|`hpc`\|`bigdata`)
`spot`	boolean
`machineImageUid`	string
`keySetUid`	string
`official`	boolean
`managed`	boolean

`get_formation`¶

Get a single formation by uid.

Property	Type	Required	Default	Description
`formationUid`	string	✓

`launch_formation`¶

Launch a formation. Returns one or more MachineInstanceRequest entries.

Property	Type	Required	Description
`formationUid`	string	✓
`label`	string	✓
`keySetUid`	string
`workingVolumeUid`	string
`workingDirectory`	string
`parameters`	object		Map of name -> value

`stop_formation`¶

Stop running machine instances of a formation.

Property	Type	Required	Default	Description
`formationUid`	string	✓
`force`	boolean		`false`

`reboot_formation`¶

Reboot running machine instances of a formation.

Property	Type	Required	Default
`formationUid`	string	✓
`force`	boolean		`false`
`parameters`	object

MachineTools¶

`list_machine_instances`¶

List the user's machine instances. Filterable + paginated.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

`count_machine_instances`¶

Count the user's machine instances (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

`get_machine_instance`¶

Get a single machine instance by uid.

Property	Type	Required	Default	Description
`machineInstanceUid`	string	✓

`start_machine_instances`¶

Start one or more stopped machine instances.

Property	Type	Required	Default	Description
`machineInstanceUids`	array<string>	✓

`stop_machine_instances`¶

Stop one or more machine instances.

Property	Type	Required	Default
`machineInstanceUids`	array<string>	✓
`force`	boolean		`false`
`hibernate`	boolean		`false`

`reboot_machine_instances`¶

Reboot one or more machine instances.

Property	Type	Required	Default	Description
`machineInstanceUids`	array<string>	✓
`force`	boolean		`false`

ContainerTools¶

`get_container`¶

Get full container info by uid.

Property	Type	Required	Default	Description
`containerUid`	string	✓

`get_container_state`¶

Get the runtime state of a container by uid (e.g. running, stopped).

Property	Type	Required	Default	Description
`containerUid`	string	✓

`list_containers_for_machine`¶

List containers running on a specific machine instance.

Property	Type	Required	Default	Description
`machineInstanceUid`	string	✓

`list_container_images`¶

List container images — Docker images registered with RosettaHub. Filterable by common fields plus containerImageUid, containerImageName, containerRepositoryUid, platform.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`containerImageUid`	string
`containerImageName`	string		Image name (e.g. ubuntu, python:3.11)
`containerRepositoryUid`	string		Restrict to images in a specific repository
`platform`	string		Platform (linux/amd64, linux/arm64, ...)

`list_container_repositories`¶

List container repositories — registries holding container images (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

`reboot_containers`¶

Reboot one or more containers.

Property	Type	Required	Default	Description
`containerUids`	array<string>	✓
`refreshConfig`	boolean		`false`

`recreate_containers`¶

Recreate containers from a given image, in a target state.

Property	Type	Required	Default
`containerUids`	array<string>	✓
`containerImageName`	string	✓
`containerState`	string	✓
`refreshConfig`	boolean		`false`

`commit_container`¶

Commit a running container to a new container image (Docker docker commit equivalent). Returns the new ContainerImageInfo.

Property	Type	Required	Description
`containerUid`	string	✓
`containerImageName`	string	✓	Name of the new image to create
`label`	string	✓

EngineTools¶

`list_engines`¶

List the user's running compute engines. Filterable by common fields plus engineUid, engineStatus, poolUid, formationUid.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`engineUid`	string		Exact engine uid
`engineLabel`	string
`engineStatus`	string		Filter by engine status (e.g. running, stopped)
`poolUid`	string		Engines belonging to this pool
`formationUid`	string		Engines launched from this formation

`list_engine_pools`¶

List the user's engine pools. Filterable by common fields plus enginePoolUid, exclusive.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`enginePoolUid`	string
`exclusive`	boolean

ImageTools¶

`list_machine_images`¶

List machine images (AMIs / VM templates). Filterable by common fields plus machineImageUid, imageId, os, osVersion, arch64bit, keySetUid, releaseLabel, managed, proxyImage, cloudProductId, hasCloudProductCode.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`machineImageUid`	string
`imageId`	string		Cloud-side image id (e.g. AMI ami-xxx)
`os`	string		Operating system (e.g. ubuntu, windows, amazon-linux)
`osVersion`	string
`arch64bit`	boolean
`keySetUid`	string
`releaseLabel`	string
`managed`	boolean
`proxyImage`	boolean
`cloudProductId`	string
`hasCloudProductCode`	boolean
`includeCapacities`	boolean	`false`
`includeAdhocClouds`	boolean	`false`

KeySetTools¶

`list_key_sets`¶

List key sets — RosettaHub credential bundles used to launch formations. Filterable by common fields plus keySetUid, iamUserName.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`keySetUid`	string
`iamUserName`	string		IAM user the key set is bound to
`includeCapacities`	boolean	`true`	Include capacity info per key set (heavier response)

`regenerate_keyset_vpc`¶

Regenerate the VPC that backs a single key set. Use this when the VPC is misconfigured or has drifted from RosettaHub's expected layout. The operation is asynchronous and will briefly disrupt traffic to artifacts on that key set.

Property	Type	Required	Default	Description
`keySetUid`	string	✓		Key set uid whose VPC should be regenerated

KeyPairTools¶

`list_key_pairs`¶

List SSH/cloud key pairs. Filterable by common fields plus keyPairUid, keyName, keySetUid.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`keyPairUid`	string
`keyName`	string		Cloud-side key pair name
`keySetUid`	string		Restrict to key pairs in this key set

ObjectStorageTools¶

`list_object_storages`¶

List object storages (cloud-managed storage definitions). Filterable by common fields plus objectStorageUid, keySetUid, bucketName.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`objectStorageUid`	string
`keySetUid`	string
`bucketName`	string		Cloud-side bucket name

FileStorageTools¶

`list_file_storages`¶

List file storages — NAS / EFS-equivalents. Filterable by common fields plus fileStorageUid, fileSystemId, keySetUid.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`fileStorageUid`	string
`fileSystemId`	string		Cloud-side file system id (e.g. EFS fs-xxx)
`keySetUid`	string

`list_ftp_storages`¶

List FTP/SFTP storages. Filterable by common fields plus ftpStorageUid.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`ftpStorageUid`	string
`includeKeys`	boolean	`false`	Include credential keys (sensitive)

SnapshotVolumeTools¶

`list_block_storages`¶

List block storage volumes (EBS-equivalents). Filterable by common fields plus blockStorageUid, volumeId, keySetUid, availabilityZone, instanceId.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`blockStorageUid`	string
`volumeId`	string		Cloud-side volume id (e.g. EBS vol-xxx)
`keySetUid`	string
`availabilityZone`	string
`instanceId`	string		Cloud-side instance id the volume is attached to

`list_block_snapshots`¶

List block storage snapshots. Filterable by common fields plus blockSnapshotUid, snapshotId, volumeId.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`blockSnapshotUid`	string
`snapshotId`	string		Cloud-side snapshot id (e.g. EBS snap-xxx)
`volumeId`	string		Source volume id

K8sTools¶

`list_kubernetes_clusters`¶

List Kubernetes clusters (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

StartupScriptsTools¶

`list_startup_scripts`¶

List startup scripts (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

CertificatesTools¶

`list_ssl_certificates`¶

List SSL certificates (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

`list_domains`¶

List managed domains (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

`list_ip_addresses`¶

List elastic / static IP addresses (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

`list_encryption_keys`¶

List encryption keys / KMS-equivalents (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

DeleteTool¶

`rosetta_delete`¶

Delete RosettaHub resources. Single tool that dispatches to the right platform method based on the component argument. Irreversible. AUTHORIZATION: most components require you to OWN the artifact — the platform rejects deletes of artifacts owned by another user. Filter your list_* calls with include=private (the default) to see only what you own. Exceptions to ownership: organization, classroom use admin-delete and require admin/CPoc role on the org (orgs/classrooms have no per-user owner); project requires SU role; cloud_account_pool, iam_user, iam_role, email_template are typically managed at the institution level and require the corresponding admin role. CASCADE WARNING: deleting a key_set cascade-deletes every artifact created under it (formations, machine images, block storages/snapshots, file storages, object storages, key pairs, ...). Call list_keyset_dependents first to preview the blast radius.

Property	Type	Required	Default	Description
`component`	string (`block_snapshot`\|`block_storage`\|`container`\|`container_image`\|`container_repository`\|`domain`\|`encryption_key`\|`engine_pool`\|`file_storage`\|`formation`\|`formation_instance`\|`ftp_storage`\|`ip_address`\|`key_pair`\|`key_set`\|`kubernetes_cluster`\|`machine_image`\|`machine_instance`\|`object_storage`\|`ssl_certificate`\|`startup_script`)	✓
`targets`	array<string>	✓		Resource identifiers. Most components use uids; formation_instance: each entry is a formationUid (delete its machine instances).
`options`	object			Per-component flags. machine_image: deleteCloudImages, deleteAssociatedFormations. container_image: deleteDefaultFormation (default true). key_set: deleteVpc, deleteIam. key_pair / object_storage / file_storage / container_repository / ip_address / encryption_key / block_snapshot: destroy. block_storage: deleteCloudVolumes. kubernetes_cluster: destroy (default true). machine_instance: shutdown (default true).
`confirm`	boolean		`false`	REQUIRED true for HIGH-RISK destructive ops: component=key_set (cascade), component=organization\|classroom\|project (admin-level destruction), or any component with options.destroy=true / options.deleteCloudVolumes=true / options.deleteCloudImages=true (cloud-side delete is irreversible). The tool refuses to execute these without explicit confirm=true.

ShareTool¶

`rosetta_share`¶

Share / unshare a RosettaHub resource. Single tool that dispatches to the right shareXxx platform method based on component. Pass replace=true with empty sharedWith to fully unshare; with a smaller list to remove specific principals. AUTHORIZATION: you can only share artifacts you OWN — the platform rejects share calls on artifacts owned by another user. Exceptions: cloud_account sharing requires admin/CPoc role on the account; email_template typically requires institution-admin role; cloud_custodian_policy can be shared by anyone. Filter your list_* calls with include=private (the default) to see only the artifacts you can share.

Property	Type	Required	Default	Description
`component`	string (`block_snapshot`\|`block_storage`\|`container_image`\|`container_repository`\|`domain`\|`encryption_key`\|`engine`\|`engine_pool`\|`file_storage`\|`formation`\|`ftp_storage`\|`ip_address`\|`key_set`\|`kubernetes_cluster`\|`machine_image`\|`object_storage`\|`ssl_certificate`\|`startup_script`)	✓
`target`	string	✓		Resource uid to share
`sharedWith`	array<object>	✓		Array of sharing-info objects. Common fields: tenant (login or group name), tenantType (1=user, 2=group), expiryTime (epoch ms or ISO-8601). Per-component extras: formation -> keySetAccessAllowed, shareMachineImage, shareStorage, cloningAllowed, allowEngineSharing, maxConcurrentInstances, maxLaunchCount. machine_image / container_image -> cloningAllowed. Other components inherit base CloudArtifactSharingInfo fields.
`replace`	boolean		`false`	true: sharedWith becomes the complete sharing list (empty list = unshare all). false: entries are added to the existing sharing.

SetTool¶

`rosetta_set`¶

Set a property on RosettaHub resources. Single parametric setter — dispatches to the right platform method based on (component, property). Valid (component:property) pairs on this server: formation:availability_zone, formation:key_set, formation:ssl_certificate, ip_address:default, key_set:default, object_storage:default, ssl_certificate:main. Per-pair argument shapes: formation:availability_zone/key_set/ssl_certificate -> targets=[formationUid], value=string. key_set:default / ssl_certificate:main / ip_address:default / object_storage:default -> targets=[uid], value omitted. cloud_account:enabled/blocked/quarantined -> targets=[cloudAccountUids], value=bool, options.sendEmail (default true). cloud_account:budget -> targets=[cloudAccountUids], value=number, options.earlyExpiryFirst (default true). org:registration_allowed -> targets=[organizationName], value=bool. org:whitelisted_domains -> targets=[organizationName], value=string[]. org:default_perspective -> targets=[organizationName], value=goldenPerspectiveId, options.priorityIndex (default 0). org:default_formations -> targets=[organizationName], value=formationUids[]. registration:discarded/duplicate/email_verified -> targets=[userLogins], value=bool. iam_user:signin_url -> targets=[iamUserUid], value=string. ssl_certificate:institution_main -> targets=[sslCertificateUid], value omitted. user:email -> targets=[userLogin], value=string.

Property	Type	Required	Description
`component`	string (`formation`\|`ip_address`\|`key_set`\|`object_storage`\|`ssl_certificate`)	✓
`property`	string (`availability_zone`\|`default`\|`key_set`\|`main`\|`ssl_certificate`)	✓
`targets`	array<string>	✓	uids, names, or logins per (component, property) — see tool description
`value`	object		Property value. Type varies per (component, property).
`options`	object		Extra flags (e.g. sendEmail, priorityIndex, earlyExpiryFirst).

CloneTool¶

`rosetta_clone`¶

Clone a RosettaHub resource. Single tool that dispatches to the right cloneXxx platform method based on component. Returns the new resource uid (where the platform exposes it).

Property	Type	Required	Description
`component`	string (`block_snapshot`\|`container_image`\|`engine_pool`\|`formation`\|`machine_image`\|`object_storage`)	✓
`source`	string	✓	Source resource uid to clone from
`options`	object		Per-component flags. All except federated_bucket: label (string, optional). formation: deepCloning, encrypt, encryptionKeyUid, isSpot, isPool, keySetUid. machine_image: keySetUid (required), deepCloning, encrypt, encryptionKeyUid. object_storage: keySetUid (required), deepCloning. block_snapshot: keySetUid (required), deepCloning, encrypt, encryptionKeyUid. container_image / engine_pool / cloud_account_pool: label only. cloud_custodian_policy / scope: label, description. federated_bucket: destinationBucketUid (required, replaces label).

CreateTool¶

`rosetta_create`¶

Create a RosettaHub resource. Single tool that dispatches to the right newXxx platform method based on component. Returns the new resource uid (or info object) where the platform exposes it. Formation creates are NOT covered — use rosetta_clone + rosetta_update instead, or rosetta_raw_call with the specific newXxxFormation operation.

Property	Type	Required	Default	Description
`component`	string (`block_snapshot`\|`block_storage`\|`container_image`\|`container_repository`\|`domain`\|`encryption_key`\|`engine_pool`\|`file_storage`\|`ftp_storage`\|`ip_address`\|`key_pair`\|`key_set`\|`kubernetes_cluster`\|`object_storage`\|`ssl_certificate`\|`startup_script`)	✓
`params`	object	✓		Per-component params. Required fields per component: key_pair: keySetUid, keyPairName. block_snapshot: keySetUid, volumeId, label (+ description). domain: domainName, keySetUid, label (+ dnsChallengeDelaySec, subdomainIncludes/Excludes[], description). encryption_key: keySetUid, label (+ keySpec, keyUsage, description). ip_address: keySetUid, label (+ autocreateNetworkInterface, usePrivateSubnet, availabilityZone, description). ftp_storage: host, ftpLogin, ftpPassword, label (+ port=21, ftpFolder, ftps, description, rights=rw, check=true). engine_pool: label (+ description, exclusive, perspectiveId, containerIndex, proxyManaged). kubernetes_cluster: kubernetesVersion, keySetUid, label (+ autoCreateDrivers=true, description). container_repository: containerRepositoryName, label (+ registryId, registryUserName, registryPassword, containerRepositoryRoles[], isPublic, imageTagMutable=true, scanOnPush, encrypt, description). ssl_certificate: domainUid, label (+ subdomainNames[], keySize=2048, description). email_template: label (+ subject, body, responses[], description). group: groupName, label (+ description). topup: cloudId, label (+ topupDurationDays=30, topupValue, topupPrice). portfolio: label (+ description, autoAddArtifacts, portfolioType — integer enum: 0 = default/generic portfolio, 1 = cloud_custodian / compliance-standard portfolio that rosetta_execute_compliance kind=compliance_standard can run; pass 1 to create a compliance standard). cloud_account_pool: label (+ description). iam_user: cloudAccountUid, iamUserName, label (+ signinUrl, userPolicy, description, defaultRegion). iam_role: cloudAccountUid, iamRoleName, label (+ trustPolicy, rolePolicy, description). iam_role_for_service: cloudAccountUid, iamRoleName, serviceName, label (+ rolePolicy, description) — service-bound role; trust policy is generated from serviceName. Mirrors the frontend's CreateFederatedRole dialog. rate_task: label, methodName (+ args (json string), rateValue=1, rateUnit=hours, taskGroup). api_key: label (+ timeoutMinutes, methodNameFilters[], methodTagFilters[], description). key_set: accountNumber, label (+ many optional: iamUserName, accessKeyId, secretAccessKey, deriveKeys, roleName, description, main, cloudId, regionId, cloudDriverUid, vpcId, placementGroupName, sslCertificateUid, projectId, capacities[], spotCapacities[], defaultCapacity, machineNumberMax, expiryTime (ISO-8601 or epoch ms)). block_storage: keySetUid, label (+ availabilityZone, size, volumeType, iops, encrypt, encryptionKeyUid, snapshotId, folderPath, defaultMountPoint, description). file_storage: keySetUid, label (+ storageType, storageCapacity, folderPath, defaultMountPoint, description, encrypt, encryptionKeyUid). object_storage: keySetUid, label (+ bucketName, description, syncMode, syncOptions[], cloudSyncMode, cloudSyncOptions[], accessRights, folderPath, defaultMountPoint, deepShare). startup_script: label (+ process, commands[], envVars[{name,value}], description, detach, tty, privileged). cron_task: label, methodName (+ regionId, artifactUid, args (json string), cron fields default , schedulerType, schedulerPriority, schedulerTimeZoneId=UTC, taskGroup). container_image: containerImageName, label (+ repositoryUid, localContainerImageId, size, virtualSize, disableContentTrust, platform, apps[], appSettings[], envVars[], ports[], volumes[], command[], options[], inlineDockerFile, dockerFileUrl, dockerFilePath, dockerFileVolumeUid, recreateOnReboot, inlineScripts[], startupScriptUids[], networkMode, createDefaultFormation, defaultCapacityId, defaultCategory, description). cloud_custodian_policy: resource, label (+ mode (object), filters[] (objects), actions[] (objects), vars[{name,value}], cloudId, singleRegion, targetRegion, description, defaultContext (object)). Note: organization_rule has 18+ typed args; reachable via rosetta_raw_call.

UpdateTool¶

`rosetta_update`¶

Update a RosettaHub resource. Single tool that dispatches to the right updateXxx platform method based on component. Updates require OWNERSHIP — shared/public artifacts cannot be updated by recipients. The artifact_ components work cross-resource (any artifact uid). For formation_ components: call get_formation first to see current values and the _class field, then call rosetta_update with only the fields you want to change (server merges your params over the existing formation by default; pass merge=false for full overwrite).

Property	Type	Required	Default	Description
`component`	string (`artifact_css`\|`artifact_customize`\|`artifact_description`\|`artifact_icon`\|`artifact_label`\|`block_storage`\|`container_properties`\|`container_repository`\|`formation_cf`\|`formation_cf_basic`\|`formation_emr`\|`formation_hpc`\|`formation_machine`\|`formation_machine_launch_options`\|`formation_machine_pool`\|`formation_spark`\|`formation_spot_emr`\|`formation_spot_hpc`\|`formation_spot_machine`\|`formation_spot_machine_pool`\|`formation_spot_machine_pool_attributes`\|`formation_spot_virtuallab`\|`formation_terraform`\|`formation_virtuallab`\|`formation_virtuallab_basic`\|`image`)	✓
`target`	string	✓		Resource uid to update
`params`	object			Per-component params. artifact_label / artifact_description / artifact_css / artifact_icon: target=, params={label\|description\|css\|icon: string}. artifact_customize: target=, params={label, description, icon, css, svg} — set all customization fields at once (uses customizeArtifactNoPng). block_storage: target=, params={volumeId, folderPath, defaultMountPoint}. container_repository: target=, params={} (refresh). image: target=, params={capacities: [t3.micro, ...] (capacity-id strings), ports: [22, 443, ...], osUserName, osUserPassword, cloudImageId, rootVolumeSizeGb (int), deepShare (bool)} — mirrors the frontend ConfigureImage dialog. formation_machine_launch_options: target=, params={machineLaunchOptions: } — mirrors ConfigureMachineLaunchOptions. Fetch the formation first; full overwrite. container_properties: target=, params={containerProperties: , reboot: bool} — mirrors ConfigureContainer. cloud_custodian_policy: target=, params={originalPolicy: yaml/json string}. FORMATION UPDATE COMPONENTS — pick the one matching `_class` from get_formation. These are positional-arg overwrites, not partial patches: get_formation first, copy ALL current values, override only the fields you want to change, send back. formation_cf_basic: target=, params={templateLink, templateContent, inputVariables: {name:value, ...}, outputVariables: {name:value, ...}} — light-weight CF update (template + variables only). Common fields available on all full formation update components: keySetUid, availabilityZone, sslCertificateUid, keyPairUid, ipAddressUid, kubernetesClusterUid, kubernetesNodeGroupName, machineImageUid, acceleratorId, acceleratorCount (int), instancesCountMin (int), instancesCountMax (int), instancesCountDesired (int), retryOnFailureCount (int), retryOnFailureDelayMinutes (number). formation_machine (MachineFormationInfo): + capacityId. formation_machine_pool (MachinePoolFormationInfo): + capacityId, minVcpus, maxVcpus, minMemoryMb, maxMemoryMb (int). formation_spot_machine (SpotMachineFormationInfo): + capacityId, spotPrice (number), validFrom (ISO-8601 or epoch ms), validUntil (same), fallbackToOnDemand (bool), snapshotOnTermination (bool). formation_spot_machine_pool (SpotMachinePoolFormationInfo): + capacityId, minVcpus, maxVcpus, minMemoryMb, maxMemoryMb (int), spotPrice (number), validFrom, validUntil, snapshotOnTermination (bool). formation_spot_machine_pool_attributes: + attributes: — alternate update form that takes a typed attributes object instead of individual fields. formation_cf (CFFormationInfo, full): + proxyCapacityId, templateMachineImageUid, templateLink, templateContent, inputVariables/outputVariables/postCreationOutputTemplateVariables (KV maps), controlInstanceApps (string[]), controlInstanceAppSettings (string), exportedKeys (string[]), controlInstanceSshPort (int), controlInstanceSshUserName, controlInstanceOsName, clusterLogicalName (string), waitForCluster, usePrivateIps, sharedCluster, addSshUsers (bool). formation_terraform (TerraformFormationInfo): same shape as formation_cf. formation_emr (EmrClusterFormationInfo): + masterCapacityId, slaveCapacityId, clusterSize (int), proxyCapacityId, releaseLabel, applications (string[]), clusterSettings (string), autoscalingEnabled (bool), initialClusterSize (int). formation_spot_emr (SpotEmrClusterFormationInfo): emr fields + proxySpotBidPrice, masterSpotBidPrice, slaveSpotBidPrice (number), snapshotOnTermination (bool). formation_hpc (HpcClusterFormationInfo): emr fields + scheduler (string), clusterConfig (string), managedNetwork, managedStorage, managedMaster, managedSlaves, managedImage (bool), clusterOs (string), masterRootVolumeSize, slaveRootVolumeSize (int), masterRootVolumeType, slaveRootVolumeType (string), proxyInPrivateSubnet, masterInPrivateSubnet, slavesInPrivateSubnet (bool). formation_spot_hpc (SpotHpcClusterFormationInfo): hpc fields + proxySpotBidPrice, masterSpotBidPrice, slaveSpotBidPrice (number), snapshotOnTermination (bool). formation_spark (SparkClusterFormationInfo): + masterCapacityId, slaveCapacityId, clusterSize (int). formation_virtuallab (VirtualLabFormationInfo): + proxyCapacityId, virtualLabMachineImageUid, virtualLabCapacityId, proxyInPrivateSubnet, virtualLabInPrivateSubnet (bool), virtualLabRootVolumeSizeGb (int), remoteApp, remoteAppDir, remoteAppArgs (string). formation_spot_virtuallab (SpotVirtualLabFormationInfo): virtuallab fields + proxySpotBidPrice, virtualLabSpotBidPrice (number), validFrom, validUntil, persistent (bool), launchGroup (string), blockDurationMinutes (int), availabilityZoneGroup (string), fallbackToOnDemand (bool), snapshotOnTermination (bool). formation_virtuallab_basic: target=, params={virtualLabMachineImageUid, virtualLabCapacityId, virtualLabRootVolumeSizeGb (int)} — light-weight VirtualLab update.
`merge`	boolean		`true`	When true (default), the server fetches the existing artifact and deep-merges your params on top before calling the update — so you only need to send the fields you want to change. Set false to force a full overwrite (useful for clearing fields to null). Merge is supported for: all formation_* components (except formation_spot_machine_pool_attributes), formation_machine_launch_options (nested), and image. Other components are always full overwrites.

KeysetDependentsTool¶

`list_keyset_dependents`¶

List all artifacts attached to a key set (formations, machine images, block storages, block snapshots, file storages, object storages). USE THIS BEFORE deleting a key set — rosetta_delete component=key_set cascades and irreversibly destroys every dependent artifact.

Property	Type	Required	Default	Description
`keySetUid`	string	✓		Key set uid
`maxItemsPerKind`	integer		`50`

RetrieveTool¶

`rosetta_retrieve`¶

Pull existing cloud-side resources into RosettaHub by inspecting the cloud account behind the given key set. Use after a key set is created to import already-existing AWS / Azure / GCP artifacts (volumes, snapshots, NAS mounts, S3 buckets, KMS keys, IPs, key pairs, AMIs, Route53 domains, EC2 instances). Returns the platform's list of imported uids where available (currently only private_engine).

Property	Type	Required	Default	Description
`component`	string (`block_snapshot`\|`block_storage`\|`domain`\|`encryption_key`\|`file_storage`\|`ip_address`\|`key_pair`\|`machine_image`\|`object_storage`\|`private_engine`)	✓
`keySetUid`	string	✓		Key set whose underlying cloud account is inspected

CdnTool¶

`rosetta_cdn`¶

Manage CDN hosting on an object storage. Actions: set (initial setup with folderName + allowPattern[] + denyPattern[]); update (modify config: cdnConfigDomainName + folderName + allowPattern[] + denyPattern[]); enable (activate hosting on a domain); disable (deactivate); delete (tear down hosting — irreversible).

Property	Type	Required	Default	Description
`action`	string (`set`\|`update`\|`enable`\|`disable`\|`delete`)	✓
`objectStorageUid`	string	✓
`folderName`	string			For set / update
`allowPattern`	array<string>			For set / update
`denyPattern`	array<string>			For set / update
`cdnConfigDomainName`	string			For update
`domainName`	string			For enable / disable / delete
`confirm`	boolean		`false`	REQUIRED true for action=delete

AwsConsoleTool¶

`rosetta_aws_console`¶

Get a temporary AWS console URL (or full STS session) for an IAM user or cloud account. Modes: iam_user_url / iam_user_session — federated IAM user (target=iamUserUid); cloud_account_url_self / cloud_account_session_self — your own cloud account (target=cloudAccountUid); cloud_account_url_su / cloud_account_session_su — federated child user's cloud account, su scope (target=userCloudAccountUid, requires rh-su-* role); cloud_account_url_admin / cloud_account_session_admin — admin role on a federated child user's cloud account (target=userCloudAccountUid, requires rh-allowadminsts; matches AdminGoToAwsConsole). URL modes return {url}. Session modes return the full StsSessionInfo (access key id, secret, session token, expiration). All credentials are temporary and expire after durationSeconds.

Property	Type	Required	Default	Description
`mode`	string (`iam_user_url`\|`iam_user_session`\|`cloud_account_url_self`\|`cloud_account_session_self`\|`cloud_account_url_su`\|`cloud_account_session_su`\|`cloud_account_url_admin`\|`cloud_account_session_admin`)	✓
`target`	string	✓		For iam_user_ modes: iamUserUid. For cloud_account_ modes: cloudAccountUid (self) or userCloudAccountUid (su / admin).
`durationSeconds`	integer		`3600`	STS session duration in seconds (default 1h).

AccountInventoryTool¶

`list_account_inventory`¶

Single-call inventory of one cloud account: returns exact counts for every RosettaCloud artifact kind (formations, machine instances/images, key sets/pairs, block storages/snapshots, file/object storages, engines/engine pools, kubernetes clusters, ssl certificates, startup scripts, container images/repositories) filtered by cloudAccountUid. Pass expand=[kinds] to inline the full lists for chosen kinds. USE THIS as the first call when answering 'what do I have in my account?' or 'list resources for account X' — it replaces ~15 separate list_* calls.

Property	Type	Required	Default	Description
`cloudAccountUid`	string	✓		Federated cloud account uid to scope the inventory to
`expand`	array<string>			Resource kinds to inline as full lists. Omitted kinds appear in counts only.
`maxItemsPerKind`	integer		`50`	Per-kind truncation when expanded. Counts are always exact.

CloudCatalogTools¶

`list_clouds`¶

Catalog of clouds available to this platform (aws, azure, gcp, ...). Use to discover valid cloudId values before constructing filters.

No arguments.

`get_cloud`¶

Get one cloud catalog entry by cloudId.

Property	Type	Required	Default	Description
`cloudId`	string	✓		Cloud id (e.g. aws)

`list_regions`¶

List regions available on a given cloud. Use to discover valid regionId values for a chosen cloud.

Property	Type	Required	Default	Description
`cloudId`	string	✓		Cloud id whose regions to list

`get_region`¶

Get a single region catalog entry by (cloudId, regionId).

Property	Type	Required	Default	Description
`cloudId`	string	✓
`regionId`	string	✓

`list_capacities`¶

List instance-type capacities (vCPU/memory/family/price) available on a cloud/region. Use to discover valid capacityId values before launching a formation or machine.

Property	Type	Description
`cloudId`	string	Cloud id (optional — null returns capacities across all clouds)
`regionId`	string	Region id (optional)
`os`	string	Operating system filter (optional, e.g. linux/windows)
`preInstalledSoftware`	string	Pre-installed software filter (optional)

`list_cloud_disk_types`¶

List block storage disk types (gp3 / io2 / standard / ...) supported on a given cloud, including their IOPS bounds. Use when sizing a block volume.

Property	Type	Required	Default	Description
`cloudId`	string	✓		Cloud id whose disk types to list

`list_emr_capacities`¶

List EMR-compatible capacity ids (AWS EMR cluster instance types). Useful for sizing bigdata formations.

No arguments.

EngineConnectionTools¶

`get_formation_connection_urls`¶

Return a list of browser-openable connection URLs (notebook / terminal / RDP / ...) for a running formation. The user can click these to access the formation's UI.

Property	Type	Required	Default	Description
`formationUid`	string	✓		Formation uid whose connection URLs to fetch
`perspectiveId`	string			Perspective id (UI flavor — e.g. notebook, terminal). Optional.
`fullScreen`	boolean		`false`	Request a full-screen URL when available

`get_container_engine_urls`¶

Return a list of browser-openable engine URLs for a running container (Jupyter / RStudio / shell / ...). The user can click these to access the container's UI.

Property	Type	Required	Default	Description
`containerUid`	string	✓
`perspectiveId`	string			Perspective id. Optional.
`fullScreen`	boolean		`false`

`get_machine_instance_engine_urls`¶

Return a list of browser-openable engine URLs for a running machine instance (Jupyter / RDP / SSH-via-browser / ...). The user can click these to access the machine.

Property	Type	Required	Default	Description
`machineInstanceUid`	string	✓
`perspectiveId`	string			Perspective id. Optional.
`fullScreen`	boolean		`false`

`new_engine_session_info`¶

Create or attach to an engine session and return its info (engineUid + label + connection details). Lower-level than get_*_engine_urls — used when you already know the engineUid.

Property	Type	Required	Default	Description
`engineUid`	string	✓		Engine uid to attach to
`engineSessionUid`	string			Optional existing engine session uid; new session is created if omitted
`options`	array<string>			Engine-specific option strings
`connectionTimeout`	integer		`0`	Connection timeout (seconds). 0 = engine default.
`socketTimeout`	integer		`0`	Socket timeout (seconds). 0 = engine default.

`borrow_engine`¶

Borrow an engine from a pool — returns an EngineInfo (uid + label) for an engine the caller can now use. Pair every successful borrow with a return_engine call when done so the pool isn't drained.

Property	Type	Required	Default	Description
`enginePoolName`	string	✓		Name of the engine pool to borrow from
`lockIt`	boolean		`false`	Lock the borrowed engine for exclusive use (others can't borrow it until returned)
`options`	array<string>			Engine-specific option strings
`connectionTimeout`	integer		`0`
`socketTimeout`	integer		`0`

`return_engine`¶

Return a previously-borrowed engine to its pool, freeing it for the next borrower. Call this after every successful borrow_engine.

Property	Type	Required	Default	Description
`engineUid`	string	✓		Engine uid to return to its pool
`connectionTimeout`	integer		`0`
`socketTimeout`	integer		`0`

`reset_engine_pool`¶

Reset an entire engine pool — terminates all engines in the pool and discards their state. Use when the pool is wedged. Disruptive: any in-flight work on engines from this pool is lost.

Property	Type	Required	Default	Description
`enginePoolUid`	string	✓		Engine pool uid to reset

MarketplaceTools¶

`list_marketplaces`¶

List all marketplaces visible to the current user (private + shared). Use the returned marketplaceId values to scope product / publish operations.

No arguments.

`get_marketplace`¶

Get detailed info for one marketplace (subdomain, label, description, owner).

Property	Type	Required	Default	Description
`marketplaceId`	string	✓

`create_marketplace`¶

Create a new marketplace under a subdomain. Returns the new marketplace uid.

Property	Type	Required	Description
`mkpSubdomain`	string	✓	Subdomain the marketplace is served from (must be unique)
`label`	string	✓
`description`	string

`delete_marketplaces`¶

Delete one or more marketplaces. Irreversible; all products inside go with them.

Property	Type	Required	Default	Description
`marketplaceIds`	array<string>	✓

`share_marketplace`¶

Share a marketplace. Currently exposes only the (replace) flag; richer sharedWith targeting is available via rosetta_share component=marketplace if/when added.

Property	Type	Required	Default	Description
`marketplaceId`	string	✓
`replace`	boolean		`false`	Replace existing sharing list with the new one (vs additive)

`list_products`¶

List products across the marketplaces visible to the current user.

No arguments.

`list_product_categories`¶

List product categories defined within a marketplace. Use the returned categoryIds when publishing artifacts.

Property	Type	Required	Default	Description
`marketplaceId`	string	✓

`delete_products`¶

Delete one or more products from a marketplace. Irreversible.

Property	Type	Required	Default	Description
`marketplaceId`	string	✓
`productIds`	array<string>	✓

`publish_artifacts`¶

Publish (give-away) one or more artifacts as a marketplace product. No price — for monetized listings use sell_artifacts. Returns the new product uid.

Property	Type	Required	Default	Description
`marketplaceId`	string	✓
`artifactUids`	array<string>	✓		Artifact uids to publish together as one product
`productName`	string	✓
`productDescription`	string
`productSpec`	string
`productImgDataUri`	string			data: URI of the product image
`quantity`	integer		`0`	Total quantity available (0 = unlimited)
`accessDurationMinutes`	integer		`0`	Per-purchase access duration. 0 = permanent.
`quantityMaxPerUser`	integer		`0`	Cap per user. 0 = unlimited.
`categories`	array<string>
`productRoles`	array<string>
`productGroups`	array<string>
`productOrganizations`	array<string>
`immediateSharing`	boolean		`false`
`autoActivation`	boolean		`false`

`sell_artifacts`¶

List one or more artifacts for sale on a marketplace at a specified price. Use publish_artifacts for free listings.

Property	Type	Required	Default	Description
`marketplaceId`	string	✓
`artifactUids`	array<string>	✓
`productName`	string	✓
`productDescription`	string
`productSpec`	string
`productImgDataUri`	string
`priceExTax`	number	✓		Price excluding tax (in the marketplace's currency)
`priceIncTax`	number	✓		Price including tax
`quantity`	integer		`0`
`accessDurationMinutes`	integer		`0`
`quantityMaxPerCustomer`	integer		`0`
`categories`	array<string>
`productRoles`	array<string>
`productGroups`	array<string>
`productOrganizations`	array<string>
`immediateSharing`	boolean		`false`
`autoActivation`	boolean		`false`

`publish_token`¶

Publish a deployment token as a free marketplace product.

Property	Type	Required	Default
`tokenUid`	string	✓
`categories`	array<string>
`productRoles`	array<string>
`productGroups`	array<string>
`productOrganizations`	array<string>
`quantityMaxPerUser`	integer		`0`

`sell_token`¶

List a deployment token for sale on a marketplace at a specified price.

Property	Type	Required	Default
`tokenUid`	string	✓
`priceExTax`	number	✓
`priceIncTax`	number	✓
`categories`	array<string>
`productRoles`	array<string>
`productGroups`	array<string>
`productOrganizations`	array<string>
`quantityMaxPerCustomer`	integer		`0`

RawCallTool¶

`rosetta_raw_call`¶

Reflective escape hatch: invoke any PlatformServicesInterface @WebMethod by operationName. Use list_rosetta_operations to discover names. Mutating ops (void return) require allowMutating=true.

Property	Type	Required	Default	Description
`operation`	string	✓		@WebMethod operationName, e.g. getFormations, getMachineInstance
`args`	array	✓		Positional arguments in declaration order (use null for sessionUid)
`allowMutating`	boolean		`false`	Required true to invoke methods with void return type

`list_rosetta_operations`¶

List PlatformServicesInterface @WebMethod operationNames callable via rosetta_raw_call. Returns each operation's parameter types and return type.

Property	Type	Required	Default	Description
`filter`	string			Substring filter on operation name (case-insensitive)

rosetta-ops-mcp¶

Launch: rh-mcp-ops.bat

Governance and identity — federated cloud accounts, IAM, organizations, projects, classrooms, portfolios, budgets, top-ups, owned tokens, compliance, federation admin, sessions, scopes, bookmarks, role assignment.

94 tools.

CloudAccountTools¶

`list_cloud_accounts`¶

List federated cloud accounts. CPoc by default; pass my=true for the user's own accounts. Filterable by common fields plus account-specific (rootCloudAccountUid, regType, email, organizationName, enabled, quarantined, blocked, ...). Pass includeResources=true for per-account resource counts (slow). To answer 'what resources do I have in account X' use list_account_inventory on rh-mcp-cloud instead — one call instead of fifteen.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`rootCloudAccountUid`	string
`cloudAccountPoolUid`	string
`regType`	string		Registration type
`email`	string
`firstName`	string
`lastName`	string
`organizationName`	string
`groupName`	string
`enabled`	boolean
`quarantined`	boolean
`blocked`	boolean
`includeOps`	boolean	`false`
`includeIncomplete`	boolean	`false`
`includeResources`	boolean	`false`	Include resource counts (slow)
`my`	boolean	`false`	Use the user's own accounts (otherwise CPoc-scoped)

`has_cloud_accounts`¶

Boolean check: does the current user have any federated cloud accounts? Cheap pre-flight for flows that need at least one account.

No arguments.

`get_default_cloud_account_uid`¶

Return the uid of the current user's default federated cloud account (the one used when no cloudAccountUid is supplied to other tools).

No arguments.

`set_default_cloud_account`¶

Set the current user's default federated cloud account. Subsequent tools that omit cloudAccountUid will use this account.

Property	Type	Required	Default	Description
`cloudAccountUid`	string	✓		Federated cloud account uid to make the new default

`get_cloud_account_console_url`¶

Get a pre-signed cloud console URL for a federated cloud account (AWS / Azure / GCP). The user can open the returned URL in a browser to access the underlying cloud console for that account.

Property	Type	Required	Default	Description
`cloudAccountUid`	string	✓		Federated cloud account uid
`durationSeconds`	integer		`3600`	Console session lifetime (seconds). Default 3600 (1h).

`get_cloud_account_sts_session`¶

Get temporary STS credentials (access key id, secret access key, session token, expiration) for a federated cloud account. The returned credentials can drive cloud SDKs/CLI calls outside RosettaHub.

Property	Type	Required	Default	Description
`cloudAccountUid`	string	✓		Federated cloud account uid
`durationSeconds`	integer		`3600`	STS session lifetime (seconds). Default 3600 (1h).

`list_cloud_account_actions`¶

List the catalog of cloud-account action templates (lifecycle / governance actions that can be applied to federated cloud accounts). Useful for discovering valid action ids before invoking other tooling.

Property	Type	Description
`cloudAccountActionId`	string	Exact action id
`label`	string
`description`	string

`get_cloud_costs_by_service`¶

Get cloud costs broken down by service for a root cloud account (CPoc).

Property	Type	Required	Description
`rootCloudAccountUid`	string	✓
`month`	integer		Defaults to current month
`year`	integer		Defaults to current year

`refresh_compute_info`¶

Trigger an immediate refresh of compute info for the user's own federated cloud account. Returns when the refresh request has been accepted (the refresh itself is asynchronous).

Property	Type	Required	Default	Description
`cloudAccountUid`	string	✓		Federated cloud account uid to refresh

`cpoc_refresh_compute_info`¶

CPoC admin: trigger an immediate refresh of compute info for selected user cloud accounts under a root. Pass userCloudAccountUids to scope; omit for all children of the root. Refresh is asynchronous; the call returns once accepted.

Property	Type	Required	Default	Description
`rootCloudAccountUid`	string	✓		Root (CPoC) cloud account uid
`userCloudAccountUids`	array<string>			User cloud account uids under the root to refresh. Omit/empty to refresh all.

`cpoc_refresh_institution_compute_info`¶

CPoC admin: trigger an immediate refresh of compute info across the entire institution under a root cloud account. Refresh is asynchronous.

Property	Type	Required	Default	Description
`rootCloudAccountUid`	string	✓		Root (CPoC) cloud account uid

`cpoc_refresh_organization_compute_info`¶

CPoC admin: trigger an immediate refresh of compute info for one organization under a root cloud account. Refresh is asynchronous.

Property	Type	Required	Default	Description
`rootCloudAccountUid`	string	✓		Root (CPoC) cloud account uid
`organizationName`	string	✓		Organization name to scope the refresh to

`cpoc_refresh_billing_info`¶

CPoC admin: trigger an immediate refresh of billing info for a root cloud account. Optional resetAll/regenerateAllReports flags drive deeper reprocessing — both are slow and expensive, default false. Refresh is asynchronous.

Property	Type	Required	Default	Description
`rootCloudAccountUid`	string	✓		Root (CPoC) cloud account uid
`resetAll`	boolean		`false`	Reset all billing state before refresh
`regenerateAllReports`	boolean		`false`	Regenerate every historical report (expensive)

`cpoc_set_enabled`¶

CPoC admin: enable or disable one or more federated cloud accounts. Disabled accounts cannot launch new resources but existing ones keep running. Optionally email the affected users.

Property	Type	Required	Default	Description
`cloudAccountUids`	array<string>	✓		Cloud account uids to update
`enabled`	boolean	✓		Target enabled state
`sendEmail`	boolean		`false`	Notify the affected users by email

`cpoc_set_blocked`¶

CPoC admin: block or unblock one or more federated cloud accounts. Blocking is a harder freeze than disabling — it stops running resources. Optionally email the affected users.

Property	Type	Required	Default	Description
`cloudAccountUids`	array<string>	✓		Cloud account uids to update
`blocked`	boolean	✓		Target blocked state
`sendEmail`	boolean		`false`	Notify the affected users by email

CloudAccountPoolsTools¶

`list_cloud_account_pools`¶

List federated cloud account pools (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

IamTools¶

`list_iam_users`¶

List federated IAM users. Filterable by common fields plus iamUserUid, iamUserName.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`iamUserUid`	string
`iamUserName`	string

`list_iam_roles`¶

List federated IAM roles. Filterable by iamRoleUid, roleName, label, custom.

Property	Type	Default	Description
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id
`accountNumber`	string
`cloudAccountUid`	string
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`iamRoleUid`	string
`roleName`	string
`label`	string
`custom`	boolean

UsersTools¶

`list_users`¶

List federated users (CPoc). Filterable by login, email, name, organizationName, groupName, regType.

Property	Type	Default	Description
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id
`accountNumber`	string
`cloudAccountUid`	string
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`login`	string
`email`	string
`firstName`	string
`lastName`	string
`organizationName`	string
`groupName`	string
`regType`	string
`includeSelf`	boolean	`false`
`includeFunctional`	boolean	`false`
`includeOps`	boolean	`false`
`includeSuborgs`	boolean	`false`
`includeRoles`	boolean	`false`

GroupsTools¶

`list_user_groups`¶

List user groups (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

OrganizationsTools¶

`list_organizations`¶

List federated organizations (CPoc). Filterable by common fields plus organizationUid, name, parentOrganizationName, institutionId, subdomain, rootCloudAccountUid, registrationType, isEducateInstitution.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`organizationUid`	string
`name`	string		Organization / project / classroom name
`parentOrganizationName`	string
`institutionId`	string
`institutionDescription`	string
`institutionCpocLogin`	string
`subdomain`	string
`rootCloudAccountUid`	string
`registrationType`	integer
`isEducateInstitution`	boolean
`includeResources`	boolean	`false`
`includeSuborgs`	boolean	`false`
`includeRoles`	boolean	`false`

`list_organization_rules`¶

List federated organization rules (CPoc). Filterable by common fields plus organizationRuleUid, organizationName, rootCloudAccountUid, institutionId, ruleTemplateUid.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`organizationRuleUid`	string
`organizationName`	string
`rootCloudAccountUid`	string
`institutionId`	string
`ruleTemplateUid`	string

ProjectsTools¶

`list_projects`¶

List federated projects (CPoc). FederatedProjectFilters inherits org-level fields, so filterable by common fields plus organizationUid, name, parentOrganizationName, institutionId, subdomain, rootCloudAccountUid, registrationType, isEducateInstitution.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`organizationUid`	string
`name`	string		Organization / project / classroom name
`parentOrganizationName`	string
`institutionId`	string
`institutionDescription`	string
`institutionCpocLogin`	string
`subdomain`	string
`rootCloudAccountUid`	string
`registrationType`	integer
`isEducateInstitution`	boolean
`includeResources`	boolean	`false`
`includeRoles`	boolean	`false`

ClassroomsTools¶

`list_classrooms`¶

List federated classrooms (CPoc). FederatedClassroomFilters inherits org-level fields, so filterable by common fields plus organizationUid, name, parentOrganizationName, institutionId, subdomain, rootCloudAccountUid, registrationType, isEducateInstitution.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`organizationUid`	string
`name`	string		Organization / project / classroom name
`parentOrganizationName`	string
`institutionId`	string
`institutionDescription`	string
`institutionCpocLogin`	string
`subdomain`	string
`rootCloudAccountUid`	string
`registrationType`	integer
`isEducateInstitution`	boolean
`includeResources`	boolean	`false`
`includeRoles`	boolean	`false`

PortfoliosTools¶

`list_portfolios`¶

List portfolios visible to the user (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

`list_managed_portfolios`¶

List portfolios the user manages (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

`list_portfolio_artifacts`¶

List the artifacts attached to one portfolio. Default slim=true returns a compact projection that stays well under MCP's 1 MB response cap and is enough to confirm membership / count / browse by label. Pass slim=false only when you specifically need full artifact bodies and the portfolio is small.

Property	Type	Required	Default	Description
`portfolioUid`	string	✓		Portfolio uid whose artifacts to list
`slim`	boolean		`true`	Return only {uid, label, artifactType, owner, creationTime} per artifact. With slim=false, full artifact bodies are returned — risks blowing past MCP's 1 MB response cap for portfolios with many heavy artifacts (e.g. a compliance_standard portfolio holding ~170 CloudCustodianPolicyInfo entries each carrying its YAML body).
`maxItems`	integer		`50`
`cursor`	integer		`0`

`add_artifacts_to_portfolio`¶

Attach one or more artifacts (typically Cloud Custodian policy uids) to a portfolio. For a compliance_standard portfolio (portfolioType=1), this is how you populate it with the policies that rosetta_execute_compliance kind=compliance_standard will then run.

Property	Type	Required	Default	Description
`portfolioUid`	string	✓		Target portfolio uid (e.g. a compliance_standard portfolio created with portfolioType=1)
`artifactUids`	array<string>	✓		Uids of artifacts to attach (e.g. cloud-custodian policy uids from list_cloud_custodian_policies)

`remove_artifacts_from_portfolio`¶

Detach one or more artifacts from a portfolio. The artifacts themselves aren't deleted — only the portfolio membership is removed.

Property	Type	Required	Default	Description
`portfolioUid`	string	✓
`artifactUids`	array<string>	✓

BudgetsTools¶

`list_budget_transfers`¶

List federated budget transfers. Filterable by transferUid, fromLogin, toLogin, rootCloudAccountUid, organizationName, groupName.

Property	Type	Default	Description
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id
`accountNumber`	string
`cloudAccountUid`	string
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`transferUid`	string
`fromLogin`	string
`toLogin`	string
`rootCloudAccountUid`	string
`organizationName`	string
`groupName`	string

TopupsTools¶

`list_topups`¶

List topups (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

OwnedTokensTools¶

`list_owned_tokens`¶

List launch tokens owned by the user (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

ComplianceTools¶

`list_cloud_custodian_policies`¶

List Cloud Custodian compliance policies. Beyond the common label/owner/description filters, supports policy-specific filters: complianceStandard (e.g. HIPAA), policyType, resource (e.g. aws.ec2), severity, mode. Always prefer these server-side filters over paginating + filtering client-side — the platform has hundreds of policies.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`cloudCustodianPolicyUid`	string		Exact policy uid
`complianceStandard`	string		Filter by compliance standard tag (e.g. HIPAA, PCI-DSS, SOC2, GDPR). Server-side substring match against the policy's complianceStandards metadata — use this instead of paginating all policies and filtering client-side.
`policyType`	string		Policy type (e.g. cloud_custodian)
`resource`	string		Cloud Custodian resource type the policy targets (e.g. aws.ec2, aws.s3, azure.vm)
`severity`	integer		Severity filter (lower = more severe in most schemas)
`mode`	string		Execution mode (e.g. pull, periodic, cloudtrail)

ScheduledTasksTools¶

`list_cron_tasks`¶

List federated cron-scheduled tasks (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

`list_rate_tasks`¶

List federated rate-scheduled tasks (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

EmailTemplatesTools¶

`list_email_templates`¶

List email templates (filterable).

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`

FederatedImageTools¶

`list_federated_images`¶

List federated images replicated across the user's federation. Filterable by common fields plus imageUid, amiId, imageType.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`imageUid`	string
`amiId`	string		Cloud-side image id (e.g. AMI ami-xxx)
`imageType`	string		Image type / category

BucketTools¶

`list_federated_buckets`¶

List federated buckets visible to the user. Filterable by common fields plus bucketUid, bucketName, folderPath.

Property	Type	Default	Description
`filter`	string		Substring match against label/owner/description (orLogic). Use specific fields for exact matches.
`owner`	string
`label`	string
`description`	string
`cloud`	string		Cloud id (aws, azure, gcp)
`region`	string		Region id (e.g. us-east-1)
`accountNumber`	string
`cloudAccountUid`	string
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`
`includeCustomization`	boolean	`false`	Include customization metadata in results. Default false matches the CLI; setting true together with include=private currently triggers a server-side NPE.
`limit`	integer		Server-side limit hint (0 = unlimited)
`maxItems`	integer	`50`
`cursor`	integer	`0`
`bucketUid`	string
`bucketName`	string		Cloud-side bucket name
`folderPath`	string

FederationAdminTools¶

`regenerate_rosettahub_artifacts`¶

Regenerate RosettaHub-managed infrastructure artifacts (IAM roles/policies, key sets, default VPC config, supporting buckets, ...) across the listed federated cloud accounts. Use after policy drift or to recover from a botched manual edit. Async.

Property	Type	Required	Default	Description
`cloudAccountUids`	array<string>	✓		Federated cloud account uids to operate on

`cpoc_regenerate_rosettahub_artifacts`¶

CPoC admin: regenerate RosettaHub-managed infrastructure artifacts across the supplied child cloud accounts (IAM roles, key sets, default VPC config, supporting buckets, ...). Use after policy drift or institutional reset. Async.

Property	Type	Required	Default	Description
`cloudAccountUids`	array<string>	✓		Federated cloud account uids to operate on

`regenerate_vpc`¶

Regenerate the default RosettaHub VPC for each listed federated cloud account. Use when a VPC has drifted from the expected layout or has been corrupted by manual changes. Async; existing workloads on that VPC will be briefly disrupted.

Property	Type	Required	Default	Description
`cloudAccountUids`	array<string>	✓		Federated cloud account uids to operate on

`cpoc_regenerate_vpc`¶

CPoC admin: regenerate the key-set VPC for each supplied child cloud account. Use to recover from per-tenant VPC drift across an institution. Async.

Property	Type	Required	Default	Description
`userCloudAccountUids`	array<string>	✓		Federated cloud account uids to operate on

`reset_all_keys`¶

Reset all IAM access keys across the listed federated cloud accounts. Use after a credential leak / suspected compromise — every key set under each account is rotated. Async, irreversible.

Property	Type	Required	Default	Description
`cloudAccountUids`	array<string>	✓		Federated cloud account uids to operate on

SessionTools¶

`get_current_user`¶

Return the logged-in user's profile (login/screen name, email, first/last name, institution id, roles). USE THIS whenever a tool needs the caller's identity — e.g. to filter list_* results by owner.

No arguments.

`get_rights`¶

Return the list of right-ids the current user effectively has on this platform. Cheap pre-check for 'can I do X?' before invoking a write tool.

No arguments.

`get_platform_settings`¶

Return platform-wide configuration the caller sees (defaults like cloudId/regionId, limits, feature toggles). Useful when constructing tool arguments that would otherwise need to be guessed.

No arguments.

`list_api_keys`¶

List API keys owned by the current user. The returned objects include the key prefix/label/description/expiration but not the secret material — only newly-minted keys (from create_api_key) include the full secret.

No arguments.

`create_api_key`¶

Create a new API key for the current user. The response includes the FULL secret material — this is the only time the secret is visible. Store it carefully; subsequent list_api_keys calls only return the prefix.

Property	Type	Required	Default	Description
`label`	string	✓		Human label for the key
`description`	string
`timeoutMinutes`	integer		`0`	Inactivity timeout. 0 = no timeout (key never expires from inactivity).

`delete_api_keys`¶

Delete one or more API keys owned by the current user, identified by their prefixes. Irreversible — affected keys stop authenticating immediately.

Property	Type	Required	Default	Description
`apiKeyPrefixes`	array<string>	✓		Key prefixes (as returned by list_api_keys) to delete

`set_session_cloud_filter`¶

Pin the current session to one cloud. Subsequent list_ / get_ tools will automatically scope to that cloud unless they explicitly pass their own cloud filter. Pass an empty cloudIdFilter to clear.

Property	Type	Required	Default	Description
`cloudIdFilter`	string			Cloud id (e.g. 'aws') to scope every subsequent list_* call. Pass empty string or null to clear.

`set_session_region_filter`¶

Pin the current session to one region. Subsequent list_ / get_ tools will automatically scope to that region unless they pass their own region filter. Pass an empty regionIdFilter to clear.

Property	Type	Required	Default	Description
`regionIdFilter`	string			Region id (e.g. 'us-east-1') to scope every subsequent list_* call. Pass empty string or null to clear.

`set_session_cloud_account_filter`¶

Pin the current session to one federated cloud account. Subsequent list_ / get_ tools will automatically scope to that account unless they pass their own cloudAccountUid. Pass an empty value to clear.

Property	Type	Required	Default	Description
`cloudAccountUidFilter`	string			Federated cloud account uid to scope every subsequent list_* call. Pass empty string or null to clear.

`sync_session_cloud_and_region_filters`¶

Reconcile the session-level cloud/region filters with the default cloud account: if a default account is set, copies its cloud id and region id into the session filters. Useful after switching the default account.

No arguments.

`set_session_time_zone`¶

Set the IANA time zone for the current session. Affects how timestamps are formatted in subsequent responses.

Property	Type	Required	Default	Description
`timeZoneId`	string	✓		IANA time zone id (e.g. 'Europe/Paris', 'UTC')

ScopeTools¶

`list_scopes`¶

List quota scopes. A scope is a named bundle of limits (formation/keyset/storage quotas, max hourly cost, etc.) that role assignments inherit. Optionally filter to scopes attached to one role.

Property	Type	Required	Default	Description
`roleName`	string			Optional role name filter — return only scopes attached to this role

`get_scope`¶

Get one quota scope by uid, including all its limit fields.

Property	Type	Required	Default	Description
`scopeUid`	string	✓		Scope uid

`create_scope`¶

Create a new quota scope. Pass the label and any quota fields to set; omitted fields keep platform defaults. The returned object includes the assigned scopeUid.

Property	Type	Required	Description
`label`	string	✓	Human label for the scope
`description`	string
`roleName`	string		Role the scope is attached to (optional on update)
`formationQuota`	integer
`imageQuota`	integer
`keySetQuota`	integer
`objectStorageQuota`	integer
`blockStorageQuota`	integer
`projectQuota`	integer
`groupQuota`	integer
`engineSessionQuota`	integer
`containerImageQuota`	integer
`containerRepositoryQuota`	integer
`cronTaskQuota`	integer
`apiKeysQuota`	integer
`maximumHourlyCost`	number
`maximumComputeInstances`	integer
`maximumBlockStorageSize`	integer
`maximumObjectStorageSize`	integer

`update_scope`¶

Update a quota scope's limit fields. Only fields supplied in the request are changed; omitted fields keep their current values.

Property	Type	Required	Description
`scopeUid`	string	✓	Scope uid to update
`roleName`	string		Role the scope is attached to (optional on update)
`formationQuota`	integer
`imageQuota`	integer
`keySetQuota`	integer
`objectStorageQuota`	integer
`blockStorageQuota`	integer
`projectQuota`	integer
`groupQuota`	integer
`engineSessionQuota`	integer
`containerImageQuota`	integer
`containerRepositoryQuota`	integer
`cronTaskQuota`	integer
`apiKeysQuota`	integer
`maximumHourlyCost`	number
`maximumComputeInstances`	integer
`maximumBlockStorageSize`	integer
`maximumObjectStorageSize`	integer

`delete_scopes`¶

Delete one or more quota scopes. Irreversible; role assignments referencing a deleted scope will fall back to platform defaults.

Property	Type	Required	Default	Description
`scopeUids`	array<string>	✓		Scope uids to delete

`clone_scope`¶

Duplicate an existing quota scope under a new label, preserving all quota / limit values.

Property	Type	Required	Description
`scopeUid`	string	✓	Source scope uid to clone
`label`	string	✓	Label for the new scope
`description`	string

BookmarkTools¶

`list_bookmark_folders`¶

List the names of all bookmark folders the current user has created.

No arguments.

`list_bookmarked_artifacts`¶

List the artifacts the current user has bookmarked. Optionally restrict to a specific folder.

Property	Type	Required	Default	Description
`folder`	string			Folder name to scope the listing to (optional — omit for all bookmarks)

`list_artifact_bookmark_folders`¶

Return the names of all bookmark folders that contain the given artifact uid.

Property	Type	Required	Default	Description
`artifactUid`	string	✓		Artifact uid to query

`add_artifact_to_bookmarks`¶

Add an artifact to a bookmark folder. Creates the folder if it doesn't exist yet.

Property	Type	Required	Default	Description
`folder`	string	✓		Folder name (created on demand if it doesn't exist)
`artifactUid`	string	✓		Artifact uid to bookmark

`remove_artifact_from_bookmarks`¶

Remove an artifact from a bookmark folder. The artifact itself is not affected.

Property	Type	Required	Default	Description
`folder`	string	✓		Folder name to remove the artifact from
`artifactUid`	string	✓		Artifact uid to remove

`remove_bookmark_folder`¶

Delete an entire bookmark folder (and all its bookmark entries). The bookmarked artifacts themselves are not affected.

Property	Type	Required	Default	Description
`folder`	string	✓		Folder name to delete

ViewTools¶

`list_golden_views`¶

List golden views — saved filter / column / display configurations the user has pinned in the RosettaConsole UI for a specific artifact list. Filter by viewType to see only views for one kind of artifact (e.g. viewType=formation).

Property	Type	Default	Description
`goldenViewId`	string		Exact id (optional)
`viewType`	string		e.g. formation, machine, image (optional)
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`

`create_golden_view`¶

Create a new golden view. viewContent is an opaque UI-managed string — the typical workflow is to capture it from the RosettaConsole frontend; programmatic construction is rarely useful.

Property	Type	Required	Description
`label`	string	✓
`description`	string
`viewType`	string	✓	The artifact kind this view applies to (e.g. formation, machine_instance, machine_image)
`viewContent`	string	✓	Opaque JSON / serialized configuration that the RosettaConsole UI understands
`viewArtifactUid`	string		Optional uid scoping the view to a specific artifact
`viewEvents`	array<string>		Optional list of UI event hooks this view subscribes to

`update_golden_view`¶

Update a golden view's viewType / viewContent / viewEvents. The label and description aren't editable through this call — recreate the view if you need to change them.

Property	Type	Required
`goldenViewId`	string	✓
`viewType`	string
`viewContent`	string
`viewEvents`	array<string>

`share_golden_view`¶

Share a golden view. Exposes the replace flag only; richer sharedWith targeting belongs to rosetta_share component=golden_view if/when added.

Property	Type	Required	Default	Description
`goldenViewId`	string	✓
`replace`	boolean		`false`	Replace the existing sharing list with the new one (vs additive)

`delete_golden_views`¶

Delete one or more golden views. Irreversible.

Property	Type	Required	Default	Description
`goldenViewIds`	array<string>	✓

PerspectiveTools¶

`list_platform_perspectives`¶

List the user's platform perspectives — the layouts available in the RosettaConsole perspective switcher (top-level UI arrangement).

Property	Type	Default	Description
`goldenPerspectiveId`	string		Exact id (optional)
`label`	string		Exact label match (optional)
`includeLayout`	boolean	`false`	Include the (often large) goldenLayout payload in results
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`

`list_engine_perspectives`¶

List the user's engine perspectives — per-engine UI layouts shown inside engine sessions (Jupyter / RStudio / shell).

Property	Type	Default	Description
`goldenPerspectiveId`	string		Exact id (optional)
`label`	string		Exact label match (optional)
`includeLayout`	boolean	`false`	Include the (often large) goldenLayout payload in results
`include`	string (`private`\|`shared`\|`public`\|`all`)	`private`

`create_platform_perspective_from_settings`¶

Snapshot the current user's RosettaConsole UI settings (sidebar / filter-bar state, sync mode, view mode, layout) as a new platform perspective. The user typically prepares the desired arrangement in the UI first, then calls this to save it.

Property	Type	Required	Default	Description
`label`	string	✓
`description`	string
`perspectiveIndex`	integer		`0`	Slot index in the perspective switcher

`update_platform_perspective_from_settings`¶

Capture the user's current RosettaConsole UI state into their currently-active platform perspective (overwrites it). Takes no arguments — operates on the active perspective. Pair with list_platform_perspectives if you want to confirm which one is being overwritten.

No arguments.

`set_active_engine_perspective`¶

Set the currently-active engine perspective on one running engine. Subsequent connections to that engine will use the chosen layout.

Property	Type	Required	Default	Description
`engineUid`	string	✓		Engine to switch the UI of
`goldenPerspectiveId`	string	✓		Engine perspective to make active on this engine

`share_perspective`¶

Share a platform or engine golden perspective. Exposes the replace flag only; richer sharedWith targeting belongs to rosetta_share component=golden_perspective if/when added.

Property	Type	Required	Default	Description
`goldenPerspectiveId`	string	✓		Perspective uid (platform or engine — same share endpoint)
`replace`	boolean		`false`	Replace the existing sharing list (vs additive)

`delete_platform_perspectives`¶

Delete one or more platform perspectives. Irreversible.

Property	Type	Required	Default	Description
`goldenPerspectiveIds`	array<string>	✓

`delete_engine_perspectives`¶

Delete one or more engine perspectives. Irreversible.

Property	Type	Required	Default	Description
`goldenPerspectiveIds`	array<string>	✓

DeleteTool¶

`rosetta_delete`¶

Delete RosettaHub resources. Single tool that dispatches to the right platform method based on the component argument. Irreversible. AUTHORIZATION: most components require you to OWN the artifact — the platform rejects deletes of artifacts owned by another user. Filter your list_* calls with include=private (the default) to see only what you own. Exceptions to ownership: organization, classroom use admin-delete and require admin/CPoc role on the org (orgs/classrooms have no per-user owner); project requires SU role; cloud_account_pool, iam_user, iam_role, email_template are typically managed at the institution level and require the corresponding admin role. CASCADE WARNING: deleting a key_set cascade-deletes every artifact created under it (formations, machine images, block storages/snapshots, file storages, object storages, key pairs, ...). Call list_keyset_dependents first to preview the blast radius.

Property	Type	Required	Default	Description
`component`	string (`classroom`\|`cloud_account_pool`\|`cloud_custodian_policy`\|`email_template`\|`federated_bucket`\|`federated_image`\|`iam_role`\|`iam_user`\|`organization`\|`organization_rule`\|`portfolio`\|`project`\|`scheduled_task`\|`token`\|`topup`\|`user_group`)	✓
`targets`	array<string>	✓		Resource identifiers. Most components use uids; classroom, organization, project, user_group use names. formation_instance: each entry is a formationUid (delete its machine instances).
`options`	object			Per-component flags. machine_image: deleteCloudImages, deleteAssociatedFormations. container_image: deleteDefaultFormation (default true). key_set: deleteVpc, deleteIam. key_pair / object_storage / file_storage / container_repository / ip_address / encryption_key / block_snapshot: destroy. block_storage: deleteCloudVolumes. kubernetes_cluster: destroy (default true). machine_instance: shutdown (default true).
`confirm`	boolean		`false`	REQUIRED true for HIGH-RISK destructive ops: component=key_set (cascade), component=organization\|classroom\|project (admin-level destruction), or any component with options.destroy=true / options.deleteCloudVolumes=true / options.deleteCloudImages=true (cloud-side delete is irreversible). The tool refuses to execute these without explicit confirm=true.

ShareTool¶

`rosetta_share`¶

Share / unshare a RosettaHub resource. Single tool that dispatches to the right shareXxx platform method based on component. Pass replace=true with empty sharedWith to fully unshare; with a smaller list to remove specific principals. AUTHORIZATION: you can only share artifacts you OWN — the platform rejects share calls on artifacts owned by another user. Exceptions: cloud_account sharing requires admin/CPoc role on the account; email_template typically requires institution-admin role; cloud_custodian_policy can be shared by anyone. Filter your list_* calls with include=private (the default) to see only the artifacts you can share.

Property	Type	Required	Default	Description
`component`	string (`cloud_account`\|`cloud_account_pool`\|`cloud_custodian_policy`\|`email_template`\|`federated_bucket`\|`federated_image`\|`iam_user`\|`portfolio`)	✓
`target`	string	✓		Resource uid to share
`sharedWith`	array<object>	✓		Array of sharing-info objects. Common fields: tenant (login or group name), tenantType (1=user, 2=group), expiryTime (epoch ms or ISO-8601). Per-component extras: formation -> keySetAccessAllowed, shareMachineImage, shareStorage, cloningAllowed, allowEngineSharing, maxConcurrentInstances, maxLaunchCount. machine_image / container_image -> cloningAllowed. Other components inherit base CloudArtifactSharingInfo fields.
`replace`	boolean		`false`	true: sharedWith becomes the complete sharing list (empty list = unshare all). false: entries are added to the existing sharing.

SetTool¶

`rosetta_set`¶

Set a property on RosettaHub resources. Single parametric setter — dispatches to the right platform method based on (component, property). Valid (component:property) pairs on this server: cloud_account:blocked, cloud_account:budget, cloud_account:enabled, cloud_account:quarantined, iam_user:signin_url, org:default_formations, org:default_perspective, org:registration_allowed, org:whitelisted_domains, registration:discarded, registration:duplicate, registration:email_verified, ssl_certificate:institution_main, user:email. Per-pair argument shapes: formation:availability_zone/key_set/ssl_certificate -> targets=[formationUid], value=string. key_set:default / ssl_certificate:main / ip_address:default / object_storage:default -> targets=[uid], value omitted. cloud_account:enabled/blocked/quarantined -> targets=[cloudAccountUids], value=bool, options.sendEmail (default true). cloud_account:budget -> targets=[cloudAccountUids], value=number, options.earlyExpiryFirst (default true). org:registration_allowed -> targets=[organizationName], value=bool. org:whitelisted_domains -> targets=[organizationName], value=string[]. org:default_perspective -> targets=[organizationName], value=goldenPerspectiveId, options.priorityIndex (default 0). org:default_formations -> targets=[organizationName], value=formationUids[]. registration:discarded/duplicate/email_verified -> targets=[userLogins], value=bool. iam_user:signin_url -> targets=[iamUserUid], value=string. ssl_certificate:institution_main -> targets=[sslCertificateUid], value omitted. user:email -> targets=[userLogin], value=string.

Property	Type	Required	Description
`component`	string (`cloud_account`\|`iam_user`\|`org`\|`registration`\|`ssl_certificate`\|`user`)	✓
`property`	string (`blocked`\|`budget`\|`default_formations`\|`default_perspective`\|`discarded`\|`duplicate`\|`email`\|`email_verified`\|`enabled`\|`institution_main`\|`quarantined`\|`registration_allowed`\|`signin_url`\|`whitelisted_domains`)	✓
`targets`	array<string>	✓	uids, names, or logins per (component, property) — see tool description
`value`	object		Property value. Type varies per (component, property).
`options`	object		Extra flags (e.g. sendEmail, priorityIndex, earlyExpiryFirst).

CloneTool¶

`rosetta_clone`¶

Clone a RosettaHub resource. Single tool that dispatches to the right cloneXxx platform method based on component. Returns the new resource uid (where the platform exposes it).

Property	Type	Required	Description
`component`	string (`cloud_account_pool`\|`cloud_custodian_policy`\|`federated_bucket`\|`scope`)	✓
`source`	string	✓	Source resource uid to clone from
`options`	object		Per-component flags. All except federated_bucket: label (string, optional). formation: deepCloning, encrypt, encryptionKeyUid, isSpot, isPool, keySetUid. machine_image: keySetUid (required), deepCloning, encrypt, encryptionKeyUid. object_storage: keySetUid (required), deepCloning. block_snapshot: keySetUid (required), deepCloning, encrypt, encryptionKeyUid. container_image / engine_pool / cloud_account_pool: label only. cloud_custodian_policy / scope: label, description. federated_bucket: destinationBucketUid (required, replaces label).

CreateTool¶

`rosetta_create`¶

Create a RosettaHub resource. Single tool that dispatches to the right newXxx platform method based on component. Returns the new resource uid (or info object) where the platform exposes it. Formation creates are NOT covered — use rosetta_clone + rosetta_update instead, or rosetta_raw_call with the specific newXxxFormation operation.

Property	Type	Required	Default	Description
`component`	string (`api_key`\|`cloud_account_pool`\|`cloud_custodian_policy`\|`cron_task`\|`email_template`\|`group`\|`iam_role`\|`iam_role_for_service`\|`iam_user`\|`portfolio`\|`rate_task`\|`topup`)	✓
`params`	object	✓		Per-component params. Required fields per component: key_pair: keySetUid, keyPairName. block_snapshot: keySetUid, volumeId, label (+ description). domain: domainName, keySetUid, label (+ dnsChallengeDelaySec, subdomainIncludes/Excludes[], description). encryption_key: keySetUid, label (+ keySpec, keyUsage, description). ip_address: keySetUid, label (+ autocreateNetworkInterface, usePrivateSubnet, availabilityZone, description). ftp_storage: host, ftpLogin, ftpPassword, label (+ port=21, ftpFolder, ftps, description, rights=rw, check=true). engine_pool: label (+ description, exclusive, perspectiveId, containerIndex, proxyManaged). kubernetes_cluster: kubernetesVersion, keySetUid, label (+ autoCreateDrivers=true, description). container_repository: containerRepositoryName, label (+ registryId, registryUserName, registryPassword, containerRepositoryRoles[], isPublic, imageTagMutable=true, scanOnPush, encrypt, description). ssl_certificate: domainUid, label (+ subdomainNames[], keySize=2048, description). email_template: label (+ subject, body, responses[], description). group: groupName, label (+ description). topup: cloudId, label (+ topupDurationDays=30, topupValue, topupPrice). portfolio: label (+ description, autoAddArtifacts, portfolioType — integer enum: 0 = default/generic portfolio, 1 = cloud_custodian / compliance-standard portfolio that rosetta_execute_compliance kind=compliance_standard can run; pass 1 to create a compliance standard). cloud_account_pool: label (+ description). iam_user: cloudAccountUid, iamUserName, label (+ signinUrl, userPolicy, description, defaultRegion). iam_role: cloudAccountUid, iamRoleName, label (+ trustPolicy, rolePolicy, description). iam_role_for_service: cloudAccountUid, iamRoleName, serviceName, label (+ rolePolicy, description) — service-bound role; trust policy is generated from serviceName. Mirrors the frontend's CreateFederatedRole dialog. rate_task: label, methodName (+ args (json string), rateValue=1, rateUnit=hours, taskGroup). api_key: label (+ timeoutMinutes, methodNameFilters[], methodTagFilters[], description). key_set: accountNumber, label (+ many optional: iamUserName, accessKeyId, secretAccessKey, deriveKeys, roleName, description, main, cloudId, regionId, cloudDriverUid, vpcId, placementGroupName, sslCertificateUid, projectId, capacities[], spotCapacities[], defaultCapacity, machineNumberMax, expiryTime (ISO-8601 or epoch ms)). block_storage: keySetUid, label (+ availabilityZone, size, volumeType, iops, encrypt, encryptionKeyUid, snapshotId, folderPath, defaultMountPoint, description). file_storage: keySetUid, label (+ storageType, storageCapacity, folderPath, defaultMountPoint, description, encrypt, encryptionKeyUid). object_storage: keySetUid, label (+ bucketName, description, syncMode, syncOptions[], cloudSyncMode, cloudSyncOptions[], accessRights, folderPath, defaultMountPoint, deepShare). startup_script: label (+ process, commands[], envVars[{name,value}], description, detach, tty, privileged). cron_task: label, methodName (+ regionId, artifactUid, args (json string), cron fields default , schedulerType, schedulerPriority, schedulerTimeZoneId=UTC, taskGroup). container_image: containerImageName, label (+ repositoryUid, localContainerImageId, size, virtualSize, disableContentTrust, platform, apps[], appSettings[], envVars[], ports[], volumes[], command[], options[], inlineDockerFile, dockerFileUrl, dockerFilePath, dockerFileVolumeUid, recreateOnReboot, inlineScripts[], startupScriptUids[], networkMode, createDefaultFormation, defaultCapacityId, defaultCategory, description). cloud_custodian_policy: resource, label (+ mode (object), filters[] (objects), actions[] (objects), vars[{name,value}], cloudId, singleRegion, targetRegion, description, defaultContext (object)). Note: organization_rule has 18+ typed args; reachable via rosetta_raw_call.

UpdateTool¶

`rosetta_update`¶

Update a RosettaHub resource. Single tool that dispatches to the right updateXxx platform method based on component. Updates require OWNERSHIP — shared/public artifacts cannot be updated by recipients. The artifact_ components work cross-resource (any artifact uid). For formation_ components: call get_formation first to see current values and the _class field, then call rosetta_update with only the fields you want to change (server merges your params over the existing formation by default; pass merge=false for full overwrite).

Property	Type	Required	Default	Description
`component`	string (`artifact_css`\|`artifact_customize`\|`artifact_description`\|`artifact_icon`\|`artifact_label`\|`cloud_custodian_policy`)	✓
`target`	string	✓		Resource uid to update
`params`	object			Per-component params. artifact_label / artifact_description / artifact_css / artifact_icon: target=, params={label\|description\|css\|icon: string}. artifact_customize: target=, params={label, description, icon, css, svg} — set all customization fields at once (uses customizeArtifactNoPng). block_storage: target=, params={volumeId, folderPath, defaultMountPoint}. container_repository: target=, params={} (refresh). image: target=, params={capacities: [t3.micro, ...] (capacity-id strings), ports: [22, 443, ...], osUserName, osUserPassword, cloudImageId, rootVolumeSizeGb (int), deepShare (bool)} — mirrors the frontend ConfigureImage dialog. formation_machine_launch_options: target=, params={machineLaunchOptions: } — mirrors ConfigureMachineLaunchOptions. Fetch the formation first; full overwrite. container_properties: target=, params={containerProperties: , reboot: bool} — mirrors ConfigureContainer. cloud_custodian_policy: target=, params={originalPolicy: yaml/json string}. FORMATION UPDATE COMPONENTS — pick the one matching `_class` from get_formation. These are positional-arg overwrites, not partial patches: get_formation first, copy ALL current values, override only the fields you want to change, send back. formation_cf_basic: target=, params={templateLink, templateContent, inputVariables: {name:value, ...}, outputVariables: {name:value, ...}} — light-weight CF update (template + variables only). Common fields available on all full formation update components: keySetUid, availabilityZone, sslCertificateUid, keyPairUid, ipAddressUid, kubernetesClusterUid, kubernetesNodeGroupName, machineImageUid, acceleratorId, acceleratorCount (int), instancesCountMin (int), instancesCountMax (int), instancesCountDesired (int), retryOnFailureCount (int), retryOnFailureDelayMinutes (number). formation_machine (MachineFormationInfo): + capacityId. formation_machine_pool (MachinePoolFormationInfo): + capacityId, minVcpus, maxVcpus, minMemoryMb, maxMemoryMb (int). formation_spot_machine (SpotMachineFormationInfo): + capacityId, spotPrice (number), validFrom (ISO-8601 or epoch ms), validUntil (same), fallbackToOnDemand (bool), snapshotOnTermination (bool). formation_spot_machine_pool (SpotMachinePoolFormationInfo): + capacityId, minVcpus, maxVcpus, minMemoryMb, maxMemoryMb (int), spotPrice (number), validFrom, validUntil, snapshotOnTermination (bool). formation_spot_machine_pool_attributes: + attributes: — alternate update form that takes a typed attributes object instead of individual fields. formation_cf (CFFormationInfo, full): + proxyCapacityId, templateMachineImageUid, templateLink, templateContent, inputVariables/outputVariables/postCreationOutputTemplateVariables (KV maps), controlInstanceApps (string[]), controlInstanceAppSettings (string), exportedKeys (string[]), controlInstanceSshPort (int), controlInstanceSshUserName, controlInstanceOsName, clusterLogicalName (string), waitForCluster, usePrivateIps, sharedCluster, addSshUsers (bool). formation_terraform (TerraformFormationInfo): same shape as formation_cf. formation_emr (EmrClusterFormationInfo): + masterCapacityId, slaveCapacityId, clusterSize (int), proxyCapacityId, releaseLabel, applications (string[]), clusterSettings (string), autoscalingEnabled (bool), initialClusterSize (int). formation_spot_emr (SpotEmrClusterFormationInfo): emr fields + proxySpotBidPrice, masterSpotBidPrice, slaveSpotBidPrice (number), snapshotOnTermination (bool). formation_hpc (HpcClusterFormationInfo): emr fields + scheduler (string), clusterConfig (string), managedNetwork, managedStorage, managedMaster, managedSlaves, managedImage (bool), clusterOs (string), masterRootVolumeSize, slaveRootVolumeSize (int), masterRootVolumeType, slaveRootVolumeType (string), proxyInPrivateSubnet, masterInPrivateSubnet, slavesInPrivateSubnet (bool). formation_spot_hpc (SpotHpcClusterFormationInfo): hpc fields + proxySpotBidPrice, masterSpotBidPrice, slaveSpotBidPrice (number), snapshotOnTermination (bool). formation_spark (SparkClusterFormationInfo): + masterCapacityId, slaveCapacityId, clusterSize (int). formation_virtuallab (VirtualLabFormationInfo): + proxyCapacityId, virtualLabMachineImageUid, virtualLabCapacityId, proxyInPrivateSubnet, virtualLabInPrivateSubnet (bool), virtualLabRootVolumeSizeGb (int), remoteApp, remoteAppDir, remoteAppArgs (string). formation_spot_virtuallab (SpotVirtualLabFormationInfo): virtuallab fields + proxySpotBidPrice, virtualLabSpotBidPrice (number), validFrom, validUntil, persistent (bool), launchGroup (string), blockDurationMinutes (int), availabilityZoneGroup (string), fallbackToOnDemand (bool), snapshotOnTermination (bool). formation_virtuallab_basic: target=, params={virtualLabMachineImageUid, virtualLabCapacityId, virtualLabRootVolumeSizeGb (int)} — light-weight VirtualLab update.
`merge`	boolean		`true`	When true (default), the server fetches the existing artifact and deep-merges your params on top before calling the update — so you only need to send the fields you want to change. Set false to force a full overwrite (useful for clearing fields to null). Merge is supported for: all formation_* components (except formation_spot_machine_pool_attributes), formation_machine_launch_options (nested), and image. Other components are always full overwrites.

BulkActionTool¶

`rosetta_bulk_action`¶

Bulk operations on multiple cloud accounts (or a whole organization). Mirrors the frontend's BulkActionEndpoint. Actions: cleanup_all (delete cloud-side resources, optionally also their RosettaHub artifacts), stop_all, terminate_all, detect_idle (records idle resources without acting), manage_idle (acts on idle resources per actionConfigsJson). Plus two organization-wide variants: detect_idle_for_organization / manage_idle_for_organization. Scope: owned invokes the user's non-prefixed platform method (works on accounts you own); federated invokes the cpoc/su admin variant (requires CPoc / SU role on the target cloud accounts).

Property	Type	Required	Default	Description
`action`	string (`cleanup_all`\|`stop_all`\|`terminate_all`\|`detect_idle`\|`manage_idle`\|`detect_idle_for_organization`\|`manage_idle_for_organization`)	✓
`scope`	string (`owned`\|`federated`)		`owned`	`owned`: act on the user's accounts (no admin role required). `federated`: cpoc/su admin variant. Required `federated` for *_for_organization actions.
`targets`	array<string>			Cloud account uids. Ignored for *_for_organization actions (use options.organizationName instead).
`regions`	array<string>			Optional region filter (e.g. ["us-east-1","eu-west-1"])
`services`	array<string>			Optional service filter (e.g. ["ec2","rds","s3"])
`options`	object			Per-action extras: cleanup_all -> deleteRosettaHubArtifacts (bool, default false). detect_idle / manage_idle -> actionConfigsJson (string). manage_idle / manage_idle_for_organization -> preserveData (bool, default false). *_for_organization -> organizationName (required), rootCloudAccountUid (required).
`confirm`	boolean		`false`	REQUIRED true for HIGH-RISK destructive ops (cleanup_all, terminate_all, manage_idle, manage_idle_for_organization). These delete or terminate cloud-side resources irreversibly. The tool refuses to execute them without explicit confirm=true.

ExecuteComplianceTool¶

`rosetta_execute_compliance`¶

Execute Cloud Custodian policies or compliance-standard portfolios against a set of cloud accounts. kind=custodian_policy: runs policies in policyUids against cloudAccountUids in regionIds. kind=compliance_standard: runs the portfolios in portfolioUids (each portfolio bundles many policies) against cloudAccountUids in regionIds. scope=owned uses the user's own accounts (no admin role); scope=federated uses the cpoc admin variant (requires CPoc role). Pass dryRun=true to preview what would happen without applying actions — STRONGLY RECOMMENDED for first run.

Property	Type	Required	Default	Description
`kind`	string (`custodian_policy`\|`compliance_standard`)	✓
`scope`	string (`owned`\|`federated`)		`owned`
`cloudAccountUids`	array<string>	✓
`policyUids`	array<string>			Required when kind=custodian_policy
`portfolioUids`	array<string>			Required when kind=compliance_standard
`regionIds`	array<string>
`dryRun`	boolean		`true`	true: preview only (no actions applied); false: actually run
`context`	object			Optional CloudCustodianContext (default null)

AssignRolesTool¶

`rosetta_assign_roles`¶

Assign or unassign roles for users, organizations/classrooms, or projects. target=users → cpocAssignRolesToUsers / cpocUnassignRolesFromUsers (names = userLogins). target=organizations → cpocAssignRolesToOrganizations / cpocUnassignRolesFromOrganizations (names = organization/classroom names; the frontend uses this for both orgType=0 and orgType=2). target=projects → suAssignRolesToProjects / suUnassignRolesFromProjects (names = project names; frontend orgType=1). Use get_user_assignable_roles to discover which role names the caller is permitted to pass. users/organizations require a CPoc role (rh-cpoc-, rh-admin- or rh-su-); projects require rh-admin or rh-su-.

Property	Type	Required	Default	Description
`target`	string (`users`\|`organizations`\|`projects`)	✓
`op`	string (`assign`\|`unassign`)	✓
`names`	array<string>	✓		User logins (target=users), organization/classroom names (target=organizations), or project names (target=projects)
`roleNames`	array<string>	✓
`replace`	boolean		`false`	For op=assign: replace existing roles instead of merging. Ignored for op=unassign.
`rolePrefixes`	array<string>			Optional role-name prefixes the assign call also clears before applying roleNames (matches the frontend's filter list, e.g. rhaws-, rhregion-aws-, rhcapa-aws-, rh-hide-, rh-show-, rhsubs-, rhs-, rhcc-, rhpexec-). Ignored for op=unassign.

`get_user_assignable_roles`¶

Return the list of role names the current user is permitted to assign to others. Call this first before rosetta_assign_roles to discover the valid roleNames — the frontend's role picker is populated from this exact list.

No arguments.

`get_role_descriptions`¶

Return human-readable RoleInfo (roleId, label, description) for one or more role names. Useful for showing the user what each role grants before calling rosetta_assign_roles.

Property	Type	Required	Default	Description
`roleNames`	array<string>	✓		Role names to describe (typically a subset of get_user_assignable_roles)

`get_assigned_roles`¶

Return the roles attached to one user / organization / project / classroom, split into 'directly attached' (ownRoles) and 'inherited' (via parent org / group). Mirrors the breakdown the frontend's role picker uses — call this before rosetta_assign_roles to see what's already there and decide whether to merge or replace. target=users (name = userLogin) → cpocGetFederatedUsers(includeRoles=true). target=organizations (name = organization name) → cpocGetFederatedOrganizations(includeRoles=true). target=projects (name = project name) → cpocGetFederatedProjects(includeRoles=true). target=classrooms (name = classroom name) → cpocGetFederatedClassrooms(includeRoles=true). Output: { ownRoles, inheritedRoles, allRoles[, assignableRoles] }. assignableRoles is the catalog of roles that container can grant to its members and is present only for organizations / projects / classrooms.

Property	Type	Required	Default	Description
`target`	string (`users`\|`organizations`\|`projects`\|`classrooms`)	✓
`name`	string	✓		User login (target=users) or organization/project/classroom name otherwise

AssignManagersTool¶

`rosetta_assign_managers`¶

Assign or unassign managers (CPoc / Admin / Superuser) on an organization, classroom or project. Mirrors the frontend's AssignManagers dialog. scope=organization covers both organizations and classrooms (use the organization name or classroom name as name). scope=project uses the project name. Required role: rh-admin / rh-admin- / rh-su- (organization scope) or rh-su-* (project scope, and SU role on org scope).

Property	Type	Required	Default	Description
`scope`	string (`organization`\|`project`)	✓
`role`	string (`cpoc`\|`admin`\|`su`)	✓
`op`	string (`assign`\|`unassign`)	✓
`name`	string	✓		Organization name (scope=organization, also used for classrooms) or project name (scope=project).
`logins`	array<string>	✓		User logins to assign or unassign.
`replace`	boolean		`false`	For op=assign: replace existing managers of this role on the target instead of merging. The frontend uses replace=true; default here is false to be safer.

RawCallTool¶

`rosetta_raw_call`¶

Reflective escape hatch: invoke any PlatformServicesInterface @WebMethod by operationName. Use list_rosetta_operations to discover names. Mutating ops (void return) require allowMutating=true.

Property	Type	Required	Default	Description
`operation`	string	✓		@WebMethod operationName, e.g. getFormations, getMachineInstance
`args`	array	✓		Positional arguments in declaration order (use null for sessionUid)
`allowMutating`	boolean		`false`	Required true to invoke methods with void return type

`list_rosetta_operations`¶

List PlatformServicesInterface @WebMethod operationNames callable via rosetta_raw_call. Returns each operation's parameter types and return type.

Property	Type	Required	Default	Description
`filter`	string			Substring filter on operation name (case-insensitive)

RosettaHub MCP — Tool Catalog¶

rosetta-cloud-mcp¶

FormationTools¶

list_formations¶

count_formations¶

get_formation¶

launch_formation¶

stop_formation¶

reboot_formation¶

MachineTools¶

list_machine_instances¶

count_machine_instances¶

get_machine_instance¶

start_machine_instances¶

stop_machine_instances¶

reboot_machine_instances¶

ContainerTools¶

get_container¶

get_container_state¶

list_containers_for_machine¶

list_container_images¶

list_container_repositories¶

reboot_containers¶

recreate_containers¶

commit_container¶

EngineTools¶

list_engines¶

list_engine_pools¶

ImageTools¶

list_machine_images¶

KeySetTools¶

list_key_sets¶

regenerate_keyset_vpc¶

KeyPairTools¶

list_key_pairs¶

ObjectStorageTools¶

list_object_storages¶

FileStorageTools¶

list_file_storages¶

list_ftp_storages¶

SnapshotVolumeTools¶

list_block_storages¶

list_block_snapshots¶

K8sTools¶

list_kubernetes_clusters¶

StartupScriptsTools¶

list_startup_scripts¶

CertificatesTools¶

list_ssl_certificates¶

list_domains¶

list_ip_addresses¶

list_encryption_keys¶

DeleteTool¶

rosetta_delete¶

ShareTool¶

rosetta_share¶

SetTool¶

rosetta_set¶

CloneTool¶

rosetta_clone¶

CreateTool¶

rosetta_create¶

UpdateTool¶

rosetta_update¶

KeysetDependentsTool¶

list_keyset_dependents¶

RetrieveTool¶

rosetta_retrieve¶

CdnTool¶

rosetta_cdn¶

AwsConsoleTool¶

rosetta_aws_console¶

AccountInventoryTool¶

list_account_inventory¶

CloudCatalogTools¶

list_clouds¶

get_cloud¶

list_regions¶

get_region¶

list_capacities¶

`list_formations`¶

`count_formations`¶

`get_formation`¶

`launch_formation`¶

`stop_formation`¶

`reboot_formation`¶

`list_machine_instances`¶

`count_machine_instances`¶

`get_machine_instance`¶

`start_machine_instances`¶

`stop_machine_instances`¶

`reboot_machine_instances`¶

`get_container`¶

`get_container_state`¶

`list_containers_for_machine`¶

`list_container_images`¶

`list_container_repositories`¶

`reboot_containers`¶

`recreate_containers`¶

`commit_container`¶

`list_engines`¶

`list_engine_pools`¶

`list_machine_images`¶

`list_key_sets`¶

`regenerate_keyset_vpc`¶

`list_key_pairs`¶

`list_object_storages`¶

`list_file_storages`¶

`list_ftp_storages`¶

`list_block_storages`¶

`list_block_snapshots`¶

`list_kubernetes_clusters`¶

`list_startup_scripts`¶

`list_ssl_certificates`¶

`list_domains`¶

`list_ip_addresses`¶

`list_encryption_keys`¶

`rosetta_delete`¶

`rosetta_share`¶

`rosetta_set`¶

`rosetta_clone`¶

`rosetta_create`¶

`rosetta_update`¶

`list_keyset_dependents`¶

`rosetta_retrieve`¶

`rosetta_cdn`¶

`rosetta_aws_console`¶

`list_account_inventory`¶

`list_clouds`¶

`get_cloud`¶

`list_regions`¶

`get_region`¶

`list_capacities`¶

`list_cloud_disk_types`¶

`list_emr_capacities`¶

`get_formation_connection_urls`¶

`get_container_engine_urls`¶

`get_machine_instance_engine_urls`¶

`new_engine_session_info`¶

`borrow_engine`¶

`return_engine`¶

`reset_engine_pool`¶

`list_marketplaces`¶

`get_marketplace`¶

`create_marketplace`¶

`delete_marketplaces`¶

`share_marketplace`¶

`list_products`¶

`list_product_categories`¶

`delete_products`¶

`publish_artifacts`¶

`sell_artifacts`¶

`publish_token`¶

`sell_token`¶

`rosetta_raw_call`¶

`list_rosetta_operations`¶

`list_cloud_accounts`¶

`has_cloud_accounts`¶

`get_default_cloud_account_uid`¶

`set_default_cloud_account`¶