What scopes does DocJacket's MCP server expose?

DocJacket's current AI Access surface is read-first. Read covers lookup tools such as search transactions, get key dates, list tasks, and triage next actions. Draft and action scopes exist for permission-gated rollout tools; when enabled, writes require confirmation in the assistant chat and are logged in AI Access activity.

Can I limit what an assistant can do after I've consented?

Yes. Inside Claude.ai, ChatGPT, and Codex, each MCP connector lets you toggle individual tools off and set 'Needs approval' on any tool. The settings live in the AI client, not in DocJacket — DocJacket enforces the coarse scope tier (read / draft / actions); the client enforces the per-tool toggle.

Where do I see what an AI assistant has actually called?

DocJacket → Settings → AI Access → Activity Log. Every tool call is logged with the client name, tool name, arguments, outcome, and latency. Filterable by client, tool, or outcome. Use this to audit what your AI assistants have been up to.

Permissions & scopes

DocJacket's MCP server exposes three scope tiers and supports per-tool toggles inside the AI client. The current customer-facing surface is read-first; draft and action tools are enabled only for accounts with those rollout scopes.

The three scopes

Scope	What it covers	Approval flow
`read`	Search, lookup, list — `search_transactions`, `get_transaction`, `get_key_dates`, `get_open_tasks`, `get_contacts`, `list_open_contingencies`, `get_upcoming_key_dates`, `get_next_required_actions`, `mcp_catalog`, `mcp_health_check`	Auto-approved per conversation in most clients
`draft`	Permission-gated rollout tools for preparing messages, suggestions, or summaries	Confirm in chat before each enabled draft call
`actions`	Permission-gated rollout tools for sending communications or creating/updating records	Confirm in chat before each enabled action call

When you connect an assistant, the available scopes depend on the current rollout state for your account. Most users should start with read.

The conversation is the approval gate

When draft or action tools are enabled, supported MCP clients use a confirm-then-execute UX for write tools:

You ask the assistant to do something.
The assistant proposes the action in chat — what tool, what arguments, against what data.
You confirm or redirect.
The assistant fires the tool only after you say yes.

For external AI Access writes, DocJacket's server does not run a second approval queue after chat confirmation. We retired the old sidebar "Pending Review" page in May 2026 — the AI client chat already gates those writes, so a second approval inside DocJacket was duplicate work. This is separate from the in-app Review queue, which still handles DocJacket automation drafts, scheduled sends, recent activity, and pending uploads.

Read the retirement spec for the full rationale.

Per-tool toggles (client-side)

Beyond the three scopes, every AI client lets you toggle individual tools off:

Claude.ai / Claude Desktop: Settings → Connectors → DocJacket → click any tool to toggle. Tools default to Needs approval for the first call; you can switch to auto-allow per-tool.
ChatGPT: Settings → Connectors → DocJacket → toggle individual tools. Same approval-first default.
Codex CLI: Configure per-tool overrides in ~/.codex/connectors.json or use codex policy to set defaults.

DocJacket enforces the scope tier at the server. The per-tool toggle is enforced by the AI client. Both have to allow a tool for it to run.

Read-only by default

The safest pattern — and what we recommend for first-time users — is to consent to read only at the DocJacket consent screen. Your assistant can search, look up, and summarize without ever being able to send an email or create a task.

If your account has draft or action scopes enabled later, you can re-consent or mint a new token with those scopes. You can revoke access any time.

Audit log

Every MCP tool call lands in your Activity Log within seconds:

DocJacket → Settings → AI Access → Activity Log

Each row shows:

The connected client (Claude / ChatGPT / Codex / Cowork / Gemini)
The user who triggered it (you, or any other user in your org)
The tool name (search_transactions, get_transaction, etc.)
The arguments passed
The outcome (success / error)
Latency in milliseconds
A timestamp

Filter by client to see what one AI surface has been doing. Filter by tool to spot unusual activity. The log is per-organization and immutable.

Revoking

Settings → AI Access → Connected Clients (for OAuth) or Personal Access Tokens (for bearer).

Click Revoke on any row. The next tool call from that client returns HTTP 401. The user will either fall back to re-consent (if they want to reconnect) or fail gracefully.

There's no propagation delay. Revocation lands on the next request.

What an assistant cannot do

Even with actions scope granted and a tool toggled on, an assistant cannot:

See data from a different organization than the one you consented for
Change your DocJacket account settings, billing plan, or user permissions
Read other Connectors you've enabled on the assistant (e.g., your Gmail content)
Bypass DocJacket's role-based access (e.g., if you're an org member without Admin rights, the AI inherits your access — not your owner's)

Tenant isolation is enforced at the SQL layer. Every MCP tool call adds WHERE OrganizationId = @TokenOrg to the underlying query. The AI cannot supply the org ID — it comes from the token.

How OAuth works — the underlying protocol and token model
Tool Catalog — the live tool inventory grouped by category
AI Access overview — section index

The three scopes​

The conversation is the approval gate​

Per-tool toggles (client-side)​

Read-only by default​

Audit log​

Revoking​

What an assistant cannot do​

Read more​