Review the complete action
Configure the client to prompt before MCP tool calls.search is read-oriented. execute can contain reads, writes, or several helper calls.
Before you approve an execute call:
- Read the complete async function.
- Confirm the intended store and organization.
- Identify every helper that can write.
- Check the matching
searchresult’s planning metadata. - Confirm the verification step and any rollback hint.
Match approval to the highest risk
The catalog classifies each operation as:readfor identity, store, analytics, and connected-platform reads;draft_writefor supported creation, clone, synchronization, and configuration actions;spend_affectingfor actions that can change delivery or budget behavior;destructivefor deletion.
none, required_before_write, or required_before_spend.
Use the strongest value returned by any helper as the minimum review level for the entire execution.
Run one focused action
- Use
searchimmediately before an unfamiliar operation. - Prefer one business action per
executecall. - Do not place credentials inside
code; Bily helpers already use the connection’s authentication. - Return only the fields needed for the task.
- Do not attempt arbitrary network requests; direct outbound network access is unavailable.
- Break long analyses into smaller calls. Each execution must stay within its 20-second runtime.
Confirm every write
After an approved write, call the appropriate read helper. Return both the action result and the observed state. Do not report success from the action request alone when the catalog provides a verification step. If verification disagrees with the requested change:- Stop additional writes.
- Report the action and verification results separately.
- Follow a catalog rollback hint only after you receive another explicit approval.
Keep credentials out of the workflow
- Prefer Bily Connect so no long-lived key appears in client configuration.
- Create fallback keys only for clients that need them.
- Select the intended store before creating a fallback key.
- Use a descriptive name and expiration.
- Never paste a key into a prompt, execution function, log, issue, or repository.
- Revoke a key immediately if it may have been exposed.