OpenAI Workspace Agents

Add STACK to your ChatGPT Workspace Agents builder as a custom MCP connector. STACK speaks OAuth 2.1 with PKCE and Dynamic Client Registration, which is what the Workspace Agents builder requires — no API key copy-paste; users approve scopes in their browser.

For the broader why-this-matters framing — what STACK adds on top of Workspace Agents, when it's the right call, what it unlocks for cross-runtime fleets — read /with/openai-workspace-agents. This page is the technical guide.

1. Prerequisites

• A ChatGPT Workspace plan (Business, Enterprise, Edu, or Teachers). Workspace Agents is not on Plus or Pro consumer tiers.
• A STACK operator account. Sign up at https://getstack.run (free tier, no credit card).
• At least one upstream service connected on the STACK side (Slack, GitHub, Stripe, etc.) at https://getstack.run/services. The agent will reach these through STACK once approved.

2. Add STACK as a custom MCP connector

In the ChatGPT Workspace Agents builder, add a custom MCP server with the URL below.

https://mcp.getstack.run/mcp

ChatGPT discovers STACK's OAuth metadata at /.well-known/oauth-authorization-server, registers itself as an OAuth client via /oauth/register (Dynamic Client Registration, RFC 7591), and redirects the user to getstack.run to approve the requested scopes.

3. Approve scopes

STACK asks the user to approve the subset of scopes the agent needs. Each scope maps to a specific capability:

• passports:read / passports:write — issue, refresh, revoke agent passports.
• agents:read / agents:write — register agents, manage allowed skills.
• services:read / services:write / services:connect — connect upstream services and read service metadata.
• credentials:read / credentials:write — read or rotate stored credentials (admin scope only).
• proxy:read / proxy:write — route outbound calls through the credential-injecting proxy.
• audit:read — read the per-tenant hash-chained audit log.
• identity:read / identity:write — manage L1/L2 identity verification claims.
• skills:read / skills:write / skills:invoke / skills:publish — browse and invoke published skills, or publish your own.

Scopes are narrow-only down the delegation chain: a sub-agent inherits a subset of the parent's scopes, never a superset. Approve only what the agent actually needs.

4. Usage in the agent

Once connected, the workspace agent can call STACK tools the same way it calls any other connector. The most-used ones:

• stack_register_agent — register a new agent under your operator.
• stack_issue_passport — mint a short-lived passport for a specific intent.
• stack_proxy_request — make an authenticated call through the credential-injecting proxy.
• stack_invoke_skill — run a published skill in a sealed sandbox.
• stack_list_services — see which upstream services are connected.
• stack_create_dropoff / stack_collect — schema-validated agent-to-agent hand-off.

The full tool reference lives at /docs/mcp-tools.

5. Revocation

Workspace admins can revoke any time. STACK's sub-60-second global cutoff propagates across every connected service: new requests blocked immediately, in-flight requests fail mid-call, cascade to delegated children. Revoke from the STACK dashboard at getstack.run/team or programmatically via POST /v1/passports/revoke.

Next

• Concepts: passports — what passports are and how scope narrows down a delegation chain.
• Concepts: detectors — the runtime detectors that fire at the proxy boundary.
• API: proxy — the per-call request shape.
• API: audit — exporting the hash-chained audit log to your SIEM.