πŸ”Œ English documentation
ζ—₯本θͺž β†’

πŸ”ŒMCP Tools (28)

The 28 tools available to AI agents (read 12 / write 13 / approval 3) and how strict mode works.

The 28 tools available to AI agents via the MCP server, split into three namespaces: read / write / approval β€” enabling dashboard-equivalent configuration changes. The default transport is stdio (HTTP + Bearer also available).

Breakdown (read 12 / write 13 / approval 3 = 28 total)

read

ToolWhat it doesImplementation
read_list_clientsList accessible clientsbackend/mcp/tools/clients.py
read_get_client_overviewA client's basic settings + integration policy + protection_enabledbackend/mcp/tools/clients.py
read_list_whitelistList whitelist (allowed numbers)backend/mcp/tools/whitelist.py
read_list_blocklistList blocklist (blocked numbers)backend/mcp/tools/blocklist.py
read_list_auth_keywordsList auth keywordsbackend/mcp/tools/auth_keywords.py
read_list_dictionaryList the STT correction dictionarybackend/mcp/tools/dictionary.py
read_get_engine_configVerdict engine config (thresholds, keyword weights)backend/mcp/tools/engine_config.py
read_list_categoriesList global spam categoriesbackend/mcp/tools/categories.py
read_list_client_category_configsList per-client category overridesbackend/mcp/tools/categories.py
read_list_pending_approvalsList pending change approvalsbackend/mcp/tools/approvals.py
read_get_change_approvalA change approval's detail (with diff)backend/mcp/tools/approvals.py
read_list_integration_auditList integration audit eventsbackend/mcp/tools/audit.py

write

ToolWhat it doesImplementation
write_add_whitelist_entryAdd a whitelist entry (loosening; approval required under strict)backend/mcp/tools/whitelist.py
write_remove_whitelist_entryRemove a whitelist entrybackend/mcp/tools/whitelist.py
write_add_blocklist_entryAdd a blocklist entrybackend/mcp/tools/blocklist.py
write_remove_blocklist_entryRemove a blocklist entry (loosening; approval required under strict)backend/mcp/tools/blocklist.py
write_add_auth_keywordAdd an auth keyword (loosening; approval required under strict)backend/mcp/tools/auth_keywords.py
write_remove_auth_keywordRemove an auth keywordbackend/mcp/tools/auth_keywords.py
write_add_dictionary_entryAdd a dictionary entrybackend/mcp/tools/dictionary.py
write_remove_dictionary_entryRemove a dictionary entrybackend/mcp/tools/dictionary.py
write_update_engine_configUpdate engine config (threshold-lowering patches are loosening; approval required under strict)backend/mcp/tools/engine_config.py
write_set_client_category_overrideSet a per-client category override (allowing is loosening)backend/mcp/tools/categories.py
write_remove_client_category_overrideRemove a per-client category overridebackend/mcp/tools/categories.py
write_set_protection_enabledToggle protection on/off (turning off is loosening; approval required under strict)backend/mcp/tools/clients.py
write_update_client_overviewUpdate a client's integration policy etc. (approval required under strict)backend/mcp/tools/clients.py

approval

ToolWhat it doesImplementation
approval_propose_changePropose a change (the re-entry point for writes 409'd under strict)backend/mcp/tools/approvals.py
approval_approve_changeApprove a proposal (done by an operator other than the proposer)backend/mcp/tools/approvals.py
approval_apply_changeApply an approved proposal (CAS prevents double application)backend/mcp/tools/approvals.py

Strict mode (enforced two-person approval)

Strict mode (clients.strict_approval_mode, per client) is OFF by default. While off, writes pass through (legacy behavior). For a client with it ON, only loosening two-person-approval changes are rejected by the backend with a 409, making the three steps mandatory: propose β†’ approval (by an operator other than the proposer) β†’ apply. The MCP layer converts the 409 into "the next action to take + a ready-made propose payload", so an AI agent can call approval_propose_change directly.
ℹ️The gist

Off by default. For a client with it ON, loosening changes require the three steps: propose β†’ approval (by a different operator) β†’ apply. Every write is tracked by the AuditLogger, so even with strict mode off, who changed what and when remains auditable after the fact.