Common questions and the fixes for the errors people hit most. If your question is not here, the Quickstart, Tool reference, and Security pages go deeper, or reach us through Contact.
Getting started
What is Waydock, in one line? A secure context layer for your work. You connect your accounts once, and any MCP-compatible agent (or Waydock's in-app assistant, Mira) can read and act on that unified context inside guardrails you control. See How Waydock works.
Do I need to be technical to use it? No. Mira, the in-app assistant, gives non-technical users the same capability without setting up an MCP client. Connecting your own agent over MCP is for people who already use Claude, Cursor, ChatGPT, or their own code.
Which agents can connect? Any MCP-compatible client: Claude Desktop, Claude Code, Cursor, VS Code, ChatGPT, or your own code. The Quickstart has copy-paste configs.
What can I connect to Waydock? Gmail, Outlook, Microsoft Teams, the meeting notetakers Fathom, Fireflies, and Pocket, the task tools Linear and Jira, and WHOOP on a personal workspace. See Integrations.
Security & privacy
Does my mail get sent to an AI model? Only what a query needs, and only when you (or an agent you authorized) ask. AI calls go direct to the model provider with no gateways or proxies in between, and Waydock never trains on your data.
How does Waydock stop an agent being tricked by a malicious email? Provenance gating. Once an agent's turn reads untrusted content (an email body, a transcript), its send and delete tools are removed for the rest of that turn. A message in your inbox cannot instruct your agent to send or delete. See Security.
Are my email bodies and transcripts stored? Not by default. Waydock keeps metadata and snippets and reads mail live at query time. Storing full bodies, transcripts, or Teams messages at rest is an opt-in, off by default, and encrypted when enabled.
Can one teammate see another's mail? No. Isolation is enforced at the database with row-level security keyed on both organization and user, so co-members cannot read each other's data even in the same org.
Keys & permissions
How do I connect an agent? Mint a scoped key in Settings → Account → MCP, then paste it into your client's MCP config. See Authentication.
What is the difference between the two presets? Read & email myself (free default) reads everything and can only email your own inboxes. Full access (Pro) adds write actions but still keeps sending to other people as a separate, explicit opt-in.
My agent gets insufficient_scope. Why?
The key does not hold a scope the tool requires. Check the tool's scope on the Tool reference and add it to the key (or use a broader preset). Remember a write scope implies its read parent.
My agent gets upgrade_required on a write tool.
Write scopes need Pro. The key holds the scope but the organization is on Free or has downgraded, so the entitlement check fails at call time. Upgrade in Settings → Billing.
My agent gets tool_blocked.
That tool is on the key's per-key denylist. Remove it from the denylist, or use a different key.
Can I stop a key from doing something specific? Yes. Add a per-key tool denylist, restrict the key to certain IP ranges, or set an expiry. See Authentication.
Sending email
Why can't my agent email someone?
Sending to third parties needs the literal write:mail.send scope (Pro, and wildcard-proof, so no preset grants it), and the recipient must be on your outbound allowlist. A brand-new recipient also has a 60-second cooldown.
My send failed with a message about a cap. Sends are capped: 500 per day and 20 per recipient per day by default, clamped to hard ceilings (2000 per day, 100 per recipient). Wait for the rolling window, or raise the cap within the ceiling in Settings.
How do I stop all outbound mail immediately? Flip Allow outbound sending off in Settings → Outbound email allowlist. It is checked at the moment of send and kills every path (agent, cron, automation).
Can an agent send HTML, attachments, cc, or bcc? HTML is an opt-in per recipient and is sanitized. There is no cc, bcc, or attachment support from an agent today.
Plans & limits
What is free? Reading everything, 3 read-only keys, 500 agent calls a day, hourly sync, a 7-day audit log, and Mira 3 turns a day. See Pricing.
What does Pro add? Write actions behind approval cards, 5 keys with write scopes, 100,000 calls a day, 5-minute sync, a 365-day audit log with export, and full Mira. Pro is billed per active member with a 14-day trial.
How many keys can I have? 3 on Free, 5 on Pro. Revoke any key instantly.
Troubleshooting
A newly connected account shows nothing.
Sync runs on a schedule (hourly on Free, faster on Pro) and backfills on connect. Check Settings → Activity for the last run and any error. You can trigger a sync with the waydock_sync tool or the in-app button.
A meeting or email is missing. Meeting notetakers deliver by webhook, so a meeting appears once its transcript is ready. For older mail beyond the live index, Pro users can run a Direct Source Fetch backfill.
My agent stopped working after I changed plans.
Paid write scopes are checked at call time, so downgrading disables write tools immediately with upgrade_required. Read tools keep working.
A key leaked. What now? Rotate it (new secret, same scopes, old secret dies) or revoke it outright in Settings → Account → MCP. Both take effect immediately across the app and the MCP endpoint.