Waydock is a secure context layer for your work. You connect your accounts once, and everything they hold becomes a single, governed context that any AI agent, or Waydock's own assistant, can read and act on inside guardrails you control.
This page explains the ideas the rest of the docs build on.
For agents: the MCP endpoint is
https://waydock.ai/api/mcp/stream. Start with the Quickstart and the Tool reference.
The problem it solves
Pointing an AI agent at your work usually means one of two bad options: paste your inbox into a chat box (no scoping, no audit, no way to revoke), or grant every agent a broad connection to every provider (many grants, many ways to leak, no single off switch).
Waydock replaces both with one scoped, audited bridge. You give Waydock access to your accounts; Waydock gives your agent a narrow, revocable key. Read-only by default, every action logged, every source disconnectable in one click.
Unified context, not a single inbox
The core idea is unification. Most tools that expose an AI connection expose one source (mail, or a single app). Waydock brings your mail, calendar, meetings, tasks, and chats into one context so an agent can reason across them: the email thread next to the meeting transcript next to the Linear ticket.
Everything Waydock syncs becomes a card, a common unit with a shared shape (source, type, title, summary, status). Cards flow into your daily surfaces (Today, Follow-ups, Meetings, Tasks) and are what agents read.
Two ways to use it
- Bring your own agent (MCP). If you use Claude, Cursor, ChatGPT, or your own code, connect it over the Model Context Protocol with a scoped key. See the Quickstart.
- Mira, the in-app assistant. Non-technical users get the same capability without setting up a client. Mira is a chat rail inside the app that runs the same tool registry and the same guardrails as the MCP server.
Because both run the same tools, the behaviour you build against over MCP matches what in-app users experience.
Organizations, members, and isolation
Every account starts as a personal organization. A personal org can convert to a team (a one-way, owner-gated action). Teams have three roles: owner, admin, and member.
Isolation is enforced at the database with Postgres row-level security, keyed on both organization and user. One member cannot read another member's mail, meetings, tasks, or chats, even inside the same org. This is structural, not application logic. See Security.
Permissions: scopes, keys, and presets
Agent access is granted through per-user MCP keys. Each key carries an explicit set of scopes, namespaced read:* and write:*. New keys are read-only by default; a write scope implies its read parent.
Two presets make the common cases easy:
- Read & email myself (free default): read everything, and only ever email your own inboxes.
- Full access (Pro): read and act, with sending to other people kept as a separate, explicit opt-in.
Sending mail or Teams messages to third parties is wildcard-proof: it can never be bundled into a preset and must be granted as a literal scope. Full detail on the Tool reference.
Security by design
Waydock is built for the defining risk of this category: an agent being manipulated by content it reads (the prompt-injection class of attack).
- Provenance gating. Once an agent's turn reads untrusted external content (an email body, a transcript), its send and delete tools switch off for the rest of that turn. A message in your inbox cannot instruct your agent to send your data.
- Approval cards. Send, delete, and external-share actions pause for a human click.
- The outbound-email contract. Every send routes through one chokepoint: an allowlist, fixed caps, thread-only replies, and a global kill switch.
- One audit log. The app and the agent endpoint write to the same place. Revoke a key once and both stop in the same moment.
- No AI middlemen. Model calls go direct to the provider. No gateways or proxies over your data.
Read the full model on the Security page.
What it costs
Waydock is free to start and read-only on every plan. Pro unlocks write actions (behind approval cards), faster sync, longer audit retention, and full Mira. Pro is billed per active member with a 14-day trial. See Pricing for live numbers.
| Free | Pro | |
|---|---|---|
| Scoped keys | 3, read-only | 5, with write scopes |
| Agent calls / day | 500 | 100,000 |
| Sync | Hourly | Every 5 minutes |
| Audit retention | 7 days | 365 days |
| Mira | 3 turns / day | Full |
Where to go next
- Quickstart to connect an agent in about five minutes
- Integrations for what you can connect and how data flows in
- Tool reference for every tool and scope
- Recipes for ready-to-run agent workflows
- Security for the trust model