πMCP Tools (28)
The 28 tools available to AI agents (read 12 / write 13 / approval 3) and how strict mode works.
The 28 tools available to AI agents via the MCP server, split into three namespaces: read / write / approval β enabling dashboard-equivalent configuration changes. The default transport is stdio (HTTP + Bearer also available).Breakdown (read 12 / write 13 / approval 3 = 28 total)
read
| Tool | What it does | Implementation |
|---|---|---|
read_list_clients | List accessible clients | backend/mcp/tools/clients.py |
read_get_client_overview | A client's basic settings + integration policy + protection_enabled | backend/mcp/tools/clients.py |
read_list_whitelist | List whitelist (allowed numbers) | backend/mcp/tools/whitelist.py |
read_list_blocklist | List blocklist (blocked numbers) | backend/mcp/tools/blocklist.py |
read_list_auth_keywords | List auth keywords | backend/mcp/tools/auth_keywords.py |
read_list_dictionary | List the STT correction dictionary | backend/mcp/tools/dictionary.py |
read_get_engine_config | Verdict engine config (thresholds, keyword weights) | backend/mcp/tools/engine_config.py |
read_list_categories | List global spam categories | backend/mcp/tools/categories.py |
read_list_client_category_configs | List per-client category overrides | backend/mcp/tools/categories.py |
read_list_pending_approvals | List pending change approvals | backend/mcp/tools/approvals.py |
read_get_change_approval | A change approval's detail (with diff) | backend/mcp/tools/approvals.py |
read_list_integration_audit | List integration audit events | backend/mcp/tools/audit.py |
write
| Tool | What it does | Implementation |
|---|---|---|
write_add_whitelist_entry | Add a whitelist entry (loosening; approval required under strict) | backend/mcp/tools/whitelist.py |
write_remove_whitelist_entry | Remove a whitelist entry | backend/mcp/tools/whitelist.py |
write_add_blocklist_entry | Add a blocklist entry | backend/mcp/tools/blocklist.py |
write_remove_blocklist_entry | Remove a blocklist entry (loosening; approval required under strict) | backend/mcp/tools/blocklist.py |
write_add_auth_keyword | Add an auth keyword (loosening; approval required under strict) | backend/mcp/tools/auth_keywords.py |
write_remove_auth_keyword | Remove an auth keyword | backend/mcp/tools/auth_keywords.py |
write_add_dictionary_entry | Add a dictionary entry | backend/mcp/tools/dictionary.py |
write_remove_dictionary_entry | Remove a dictionary entry | backend/mcp/tools/dictionary.py |
write_update_engine_config | Update engine config (threshold-lowering patches are loosening; approval required under strict) | backend/mcp/tools/engine_config.py |
write_set_client_category_override | Set a per-client category override (allowing is loosening) | backend/mcp/tools/categories.py |
write_remove_client_category_override | Remove a per-client category override | backend/mcp/tools/categories.py |
write_set_protection_enabled | Toggle protection on/off (turning off is loosening; approval required under strict) | backend/mcp/tools/clients.py |
write_update_client_overview | Update a client's integration policy etc. (approval required under strict) | backend/mcp/tools/clients.py |
approval
| Tool | What it does | Implementation |
|---|---|---|
approval_propose_change | Propose a change (the re-entry point for writes 409'd under strict) | backend/mcp/tools/approvals.py |
approval_approve_change | Approve a proposal (done by an operator other than the proposer) | backend/mcp/tools/approvals.py |
approval_apply_change | Apply an approved proposal (CAS prevents double application) | backend/mcp/tools/approvals.py |
Strict mode (enforced two-person approval)
Strict mode (clients.strict_approval_mode, per client) is OFF by default. While off, writes pass through (legacy behavior). For a client with it ON, only loosening two-person-approval changes are rejected by the backend with a 409, making the three steps mandatory: propose β approval (by an operator other than the proposer) β apply. The MCP layer converts the 409 into "the next action to take + a ready-made propose payload", so an AI agent can call approval_propose_change directly.βΉοΈThe gist
Off by default. For a client with it ON, loosening changes require the three steps: propose β approval (by a different operator) β apply. Every write is tracked by the AuditLogger, so even with strict mode off, who changed what and when remains auditable after the fact.