MCP Tools Reference

STACK exposes 77 MCP tools across the full platform surface. Every tool name is authoritative; the live input schema is discoverable at runtime via the standard MCP tools/listrequest. This page lists the complete tool surface organized by domain, plus worked examples for the most common flows.

Connect

STACK's MCP server speaks Streamable HTTP. Add it to any MCP-speaking client:

bash
claude mcp add stack \
  --transport http \
  https://mcp.getstack.run/mcp \
  --header "Authorization: Bearer sk_live_..."

Live schema discovery

For parameter shapes, return values, and descriptions, query the server directly. The MCP handshake returns every tool's JSON-schema input definition, so your client (or the LLM driving it) always has the current ground truth even as new tools land.

json
// MCP JSON-RPC request
{ "jsonrpc": "2.0", "id": 1, "method": "tools/list" }

// Response (abridged) - one entry per tool
{
  "tools": [
    {
      "name": "stack_issue_passport",
      "description": "Issue a signed JWT passport for an agent session. Default 15 min TTL, max 1 hour.",
      "inputSchema": {
        "type": "object",
        "properties": {
          "agent_id": { "type": "string" },
          "intent":    { "type": "object" },
          "scopes":    { "type": "array" },
          "ttl_seconds": { "type": "number" }
        },
        "required": ["agent_id"]
      }
    }
    // …
  ]
}

Treat the server's tools/list as the single source of truth for schemas. This page's catalog names are stable, but parameters evolve and the MCP client will always see the live shape.

Common flows

Copy-pasteable invocations for the handful of flows that cover most integrations. Every example assumes the MCP server has already been connected with a valid operator or team member API key.

Issue a passport with declared intent

Mint a short-lived scoped credential for a mission. Declaringintent is required for enforced and logged agents; omitting it throws ACCOUNTABILITY_REQUIRED.

json
{
  "method": "tools/call",
  "params": {
    "name": "stack_issue_passport",
    "arguments": {
      "agent_id": "agt_support_bot",
      "intent": {
        "summary": "Answer one customer ticket and post a resolution",
        "services": ["slack", "github"],
        "estimated_duration_seconds": 900,
        "will_delegate": false
      },
      "ttl_seconds": 900
    }
  }
}

Grant a service with a named intent

Use an intent shortcut instead of hand-authoring constraints. The server expands the intent to the equivalent constraint array at grant time.

json
{
  "method": "tools/call",
  "params": {
    "name": "stack_grant_agent_access",
    "arguments": {
      "agent_id": "agt_support_bot",
      "service_connection_id": "scon_slack_prod",
      "scopes": ["chat:write"],
      "intents": [
        { "name": "slack.post_to_channel",
          "params": { "channel": ["C0123", "C0456"] } }
      ]
    }
  }
}

Catalog: call stack_list_intents or read/docs/concepts/intents.

Proxy an outbound HTTP call

Every outbound call during a mission routes through stack_proxy_requestwith the passport's X-Passport-Token. The proxy verifies, enforces scope + constraints, injects the credential, and returns the upstream response.

json
{
  "method": "tools/call",
  "params": {
    "name": "stack_proxy_request",
    "arguments": {
      "passport_token": "eyJhbGciOi...",
      "service": "slack",
      "method": "POST",
      "url": "https://slack.com/api/chat.postMessage",
      "body": { "channel": "C0123", "text": "Ticket #1234 resolved" }
    }
  }
}

Submit a checkpoint (enforced mode)

json
{
  "method": "tools/call",
  "params": {
    "name": "stack_checkpoint",
    "arguments": {
      "jti": "pp_8f3a",
      "services_used": ["slack", "github"],
      "actions_count": 7,
      "summary": "Replied to ticket #1234; opened PR #502"
    }
  }
}

Check out and trigger review

json
{
  "method": "tools/call",
  "params": {
    "name": "stack_checkout",
    "arguments": {
      "jti": "pp_8f3a",
      "services_used": ["slack", "github"],
      "actions_count": 12,
      "summary": "Resolution delivered to customer; PR merged"
    }
  }
}

Revoke a passport and cascade

Single-passport revoke kills the jti plus every live delegated child (breadth-first viaparent_passport_id) and publishes an event onstack:revoked.

json
{
  "method": "tools/call",
  "params": {
    "name": "stack_revoke_passport",
    "arguments": { "jti": "pp_8f3a", "reason": "Rotation" }
  }
}

Invoke a skill

json
{
  "method": "tools/call",
  "params": {
    "name": "stack_invoke_skill",
    "arguments": {
      "skill_id": "skl_refund_calculator",
      "passport_id": "pp_8f3a",
      "input": { "order_id": "ord_123", "customer_tier": "gold" }
    }
  }
}

Sealed skills return synchronously. Open skills return apending status; pollstack_check_invocation until completed.

Deposit and collect a drop-off

json
// Producer
{ "method": "tools/call", "params": { "name": "stack_create_dropoff",
  "arguments": {
    "from_agent_id": "agt_producer", "to_agent_id": "agt_consumer",
    "schema": { "type": "object", "required": ["summary"] },
    "ttl_seconds": 1800
  }}}

{ "method": "tools/call", "params": { "name": "stack_deposit",
  "arguments": { "dropoff_id": "dof_abc", "payload": { "summary": "…" } }}}

// Consumer
{ "method": "tools/call", "params": { "name": "stack_collect",
  "arguments": { "dropoff_id": "dof_abc" }}}

Full tool catalog

Every tool shipped, grouped by domain. Names are stable; calltools/list for the live schema.

Agents

stack_register_agentRegister a new agent with STACK. Returns agent ID and status.
stack_list_agentsList all registered agents for your account.
stack_allow_skillAdd a skill to an agent's allowed_skills list (idempotent). Enforced when agent.skill_access_mode is "custom".
stack_disallow_skillRemove a skill from an agent's allowed_skills list (idempotent).

Services & Credentials

stack_connect_serviceConnect an external service (Slack, GitHub, Notion, etc.) via OAuth.
stack_list_servicesList all available services that can be connected.
stack_grant_agent_accessGrant an agent access to a connected service with specific scopes. Supports baseline constraints and named intents for parameter-level ceilings.
stack_list_intentsList available named intents (e.g. "slack.post_to_channel") that expand to parameter-level constraints in grants and passports.
stack_revoke_agent_accessRevoke all service access for an agent.
stack_get_agent_permissionsGet all service permissions granted to an agent.
stack_get_credentialRetrieve a decrypted credential for a connected service at runtime.
stack_list_credential_templatesList available credential templates for manual service connections.
stack_verify_connectionVerify a service connection is healthy by testing its credentials.

Passports

stack_issue_passportIssue a signed JWT passport for an agent session. Default 15 min TTL, max 1 hour.
stack_verify_passportVerify a passport token is valid, not expired, and not revoked.
stack_refresh_passportRefresh a passport before or after expiry (within 24h). Preserves session and delegation chain.
stack_list_active_passportsList all active (non-expired, non-revoked) passports. Filter by agent or session.
stack_revoke_passportRevoke a specific passport by JTI. Takes effect within 60 seconds.
stack_revoke_agent_passportsRevoke ALL active passports for a specific agent.
stack_revoke_sessionRevoke an entire session chain -- root passport and all delegated passports.
stack_revoke_all_passportsEMERGENCY: Revoke ALL active passports across all agents. Requires confirm: true.

Accountability

stack_checkpointSubmit a progress checkpoint during an active mission. Reports services used and actions taken.
stack_checkoutSubmit final report and check out from a mission. Triggers the review engine.
stack_get_passport_reportGet full accountability report: intent, checkpoints, checkout, and review decision.
stack_list_pending_reviewsList flagged or blocked passport checkouts pending operator review.
stack_decide_reviewApprove or block a flagged passport checkout. Can block agent from future passports.

Drop-offs

stack_create_dropoffCreate a point-to-point drop-off between two agents with schema validation and TTL.
stack_depositDeposit a package into a drop-off. Validates against declared schema, encrypts at rest.
stack_collectCollect a package from a drop-off. Decrypts and returns data, then deletes from storage.
stack_get_dropoff_statusGet current status of a drop-off (created, deposited, collected, expired, failed).
stack_list_dropoffsList all drop-offs for your account, ordered by creation date.
stack_expire_dropoffManually expire a drop-off and permanently delete its package.

Skills

stack_publish_skillPublish a skill to the marketplace. Supports open, sealed, and source execution modes.
stack_browse_skillsBrowse the skills marketplace with filters for trust level, tags, and search.
stack_get_skillGet details of a specific skill including input/output schemas.
stack_invoke_skillInvoke a skill with input data. Paid skills debit the caller's STACK wallet. Poll stack_check_invocation for result.
stack_check_invocationCheck invocation status. Returns decrypted output when completed.
stack_list_pending_invocationsList pending invocations for skills you provide. Poll this for work.
stack_complete_invocationComplete a skill invocation by submitting schema-validated, encrypted output.
stack_check_trust_levelCheck if your trust level meets a skill's requirements. Returns upgrade guidance.
stack_list_favorite_skillsList your saved/favorite skills for quick access.
stack_post_skill_requestPost a request for a skill capability you need. Other operators can discover it and build matching skills.
stack_list_skill_requestsBrowse open skill requests from other operators.
stack_find_matching_skillsFind skills that match a specific skill request.
stack_suggest_skill_compositionGet suggestions for combining multiple skills to fulfill a complex request. Returns chain suggestions.

Team

stack_invite_memberInvite a team member by email with a role and optional connection restrictions.
stack_list_membersList all team members and their statuses.
stack_revoke_memberRevoke a team member, disabling their API key.
stack_update_memberUpdate a member's role or allowed connections.

Identity Settings

stack_get_identity_settingsGet identity security settings: claim TTL, inheritance mode, auto-revoke.
stack_update_identity_settingsUpdate identity settings -- claim TTL capping, inheritance mode, auto-revoke on expiry.

Proxy

stack_proxy_requestSend a request through STACK's credential proxy. Agent never sees the secret. Studio/Enterprise only. Threads approval_id when the passport is enforced.
stack_proxy_usageCheck monthly proxy usage and remaining quota.

Intents

stack_simulate_intentDry-run an Intent against a passport. Returns allowed + denial_reasons + diagnostics. Emits a signed intent_simulation claim.
stack_submit_intentSubmit an Intent for operator approval. Required before enforced-mode producer calls. Returns approval_id; pair with stack_get_intent_approval to poll.
stack_get_intent_approvalFetch an intent approval row by id. Returns terminal status (pending|approved|rejected|expired|consumed). Poll after stack_submit_intent.

Content Scan

stack_scanScan retrieved content (email/document/webpage/API response) for prompt-injection markers BEFORE feeding to the LLM. Two-layer detector: L1 regex catalog + L2 encoding-aware normalization (base64/URL/hex/leetspeak/homoglyphs/zero-width/ROT13/reverse). Returns verdict + match details.
stack_scan_usageCheck monthly /v1/scan usage and remaining quota.

Security Events

stack_list_security_eventsList unresolved security events (credential misuse, delegation violations, etc.).
stack_resolve_security_eventMark a security event as reviewed and resolved.

Detector Customization

stack_list_detector_configsList every per-detector customization this operator has set. Empty list means defaults.
stack_get_detector_configGet a single detector's config. 404 means defaults.
stack_upsert_detector_configCustomize a detector for your traffic — custom regex, whitelist suppression, severity overrides, master switch. Studio+.
stack_reset_detector_configReset a detector to built-in defaults — deletes the customization row. Studio+.

Audit

stack_audit_listTail recent audit log entries — newest-first. Filter by agent_id or passport_jti; pass since (epoch ms) for incremental polling. Cascade revokes show as one passport.revoke + one passport.revoke_cascade per child.
stack_audit_chain_headReturn the latest entry hash + total entry count. Anchor externally to prove later that no row was rewritten.
stack_audit_verify_chainWalk the chain and verify cryptographic integrity. Reports first_break with reason on failure.

Notifications

stack_add_delivery_methodAdd a notification delivery method (email, SMS, or webhook).
stack_list_delivery_methodsList all configured notification delivery methods.
stack_delete_delivery_methodDelete a delivery method. Cascades to associated rules.
stack_send_verification_codeSend a verification code to a pending delivery method.
stack_verify_delivery_methodVerify a delivery method with a 6-digit code.
stack_test_delivery_methodSend a test notification to a verified delivery method.
stack_create_notification_ruleCreate a rule targeting delivery methods for specific event types and severities.
stack_list_notification_rulesList all notification rules with their associated delivery methods.
stack_update_notification_ruleUpdate a notification rule -- change delivery methods, events, or severity.
stack_delete_notification_ruleDelete a notification rule.

Related

  • /docs/concepts/passports - what a passport carries and how it verifies
  • /docs/concepts/intents - named permission shortcuts used in grant and issue
  • /docs/concepts/constraints - parameter-level scope enforced at the proxy
  • /docs/concepts/revocation - single/bulk revoke and cascade behavior
  • /docs/api/audit - audit export, chain-head, verify-chain
  • /docs/api/billing - wallet, tier, overage
stack | docs