# Waydock: full site content for LLMs > Concatenated markdown for every public Waydock page. Canonical HTML lives at > https://waydock.ai. For programmatic access, prefer the MCP server (https://waydock.ai/api/mcp/stream) > over scraping; see https://waydock.ai/auth.md. A shorter summary is at https://waydock.ai/llms.txt. --- # Waydock: one secure workspace for humans and agents > Connect your mail, meetings, calendar, and tasks once, then read your whole day in a single prioritized deck. Plug Claude, ChatGPT, Cursor, or any MCP client into the same data, scoped to exactly what you allow. Your data, your agent, your rules. Waydock is a productivity web app and a secure context layer for AI agents. It unifies the tools you already use, ranks what needs your attention, and exposes that same context to AI assistants through a hosted Model Context Protocol (MCP) server, without handing a model broad, unscoped access to your inbox. ## What you can do - Connect Gmail, Outlook, Google Calendar, Jira, Linear, Fireflies, Fathom, Pocket, Microsoft Teams, Klaviyo, and Whoop. - Read one prioritized view instead of checking six apps; reply, snooze, delegate, complete, or skip each item. - Let AI draft replies, prepare meeting notes, and surface follow-ups using your real context. - Connect any MCP-compatible agent to act on that context under scopes you choose, with a per-key audit log. ## Why it is secure - **Scoped access, not blanket access.** Every MCP API key is issued per user with an explicit scope set. Outbound email send is wildcard-proof: a key cannot send unless its scopes contain the literal `write:mail.send`. - **One chokepoint for outbound mail.** Every send path obeys the same server-side rules: a recipient allowlist, fixed daily and per-recipient caps, a new-recipient cooldown, reply-only-to-thread restrictions, and a kill switch. See the [security page](/security). - **Direct to the model provider.** AI calls go straight to Anthropic, with no AI gateways or inference middlemen between your email and the model. Fewer hops over your data. - **Provenance and prompt-injection defenses.** Outbound content is scrubbed of invisible/steganographic characters, and connected-source content is gated so hidden instructions can't quietly drive an action. ## For AI agents If you are an AI agent, prefer the MCP endpoint over scraping HTML: - MCP endpoint: `https://waydock.ai/api/mcp/stream` (Streamable HTTP) - MCP manifest: [/api/mcp/manifest](/api/mcp/manifest) lists tools, scopes, transport, and version - MCP Server Card: [/.well-known/mcp/server-card.json](/.well-known/mcp/server-card.json) - API catalog: [/.well-known/api-catalog](/.well-known/api-catalog) - Authentication: see [/auth.md](/auth.md) for the per-user bearer API keys issued from /settings/account/mcp - Full text for LLMs: [/llms.txt](/llms.txt) and [/llms-full.txt](/llms-full.txt) ## Key pages - Landing: - Security: - Privacy: - Terms: - Contact: ## Pricing Free to start. No credit card required to connect a Google account and issue your first scoped key. ## What Waydock is not - Not a CRM. - Not a shared inbox or team triage tool. - Not an email client replacement; it sits alongside Gmail and Outlook. - Not a meeting recorder; it ingests transcripts from Fireflies and Fathom. --- # Security: safety contract for outbound email _Last updated: July 7, 2026_ Waydock connects AI agents to your inbox. The biggest risk that creates is an agent sending mail it shouldn't, whether because of prompt injection hidden in an incoming email, a misconfigured automation, or a stolen API key. This page documents every gate in front of an outbound send. None of it is aspirational: it is how the product behaves today, enforced server-side, on every send path. ## Six rules every outbound email obeys 1. **Never send to an unlisted address.** You maintain an explicit recipient allowlist in Settings → Outbound email allowlist. If a recipient isn't on the list, the send fails closed. No AI override, no "trusted sender" bypass. 2. **New recipients have a 60-second cooldown.** Adding an address blocks sends to it for one minute, so you can see the addition land in your alert webhook and revoke before mail leaves. 3. **Send caps are bounded by the server.** By default, 500 sends per rolling 24h across all recipients and 20 per rolling 24h to any single address. You can tune these, but the server clamps every value to a hard ceiling it enforces in code (2000 per day, 100 per recipient) that no setting, session, or prompt can exceed. 4. **Replies can only land in their own thread.** The recipient list is restricted to the intersection of the original thread's participants and your allowlist. "Reply" can't be used as cover to email someone new. 5. **One kill switch turns everything off.** Flip "Allow outbound sending" off and no mail leaves from any path, whether cron, agent, or automation. It is checked at the moment of send, so it kills in-flight intent too. 6. **Subject and body are scrubbed of invisible characters.** Zero-width spaces, bidi-override marks, and the U+E0000 tag block (a steganographic channel for hidden instructions) are stripped before the send reaches the provider. ## One chokepoint, every path The morning-brief cron, the MCP send tool, and any future automation all route through a single function that applies the six rules in order and writes a log row before calling Gmail or Microsoft Graph. The write-ahead prevents two concurrent sends from both passing the cap check. ## Scopes that protect against over-grant Waydock uses narrow OAuth scopes, never broad "modify mail" permissions. Sending goes through the dedicated `gmail.send` or `Mail.Send` scope rather than a catch-all grant, and you can switch off drafting or sending for any connected account from Settings at any time. For automation, MCP API keys are wildcard-proof for send: a key cannot send unless its scope list contains the literal `write:mail.send`. The "Full access" preset deliberately does not grant send; it is a separate opt-in. Any key can be revoked with one click, and you can revoke mailbox access entirely from Google or Microsoft. ## Real-time visibility Every outbound API call Waydock makes on your behalf is captured by the outbound audit layer. You can wire it to a webhook (Slack, Discord, Telegram, or raw HTTPS) in Settings → Webhooks, so you see what your account did within seconds. Each send also writes a durable in-app log recording recipient, provider, source (cron, MCP tool, user action), and a hash of the subject. We hash subjects so the audit surface doesn't leak content. ## HTML sends are an explicit per-recipient opt-in Mail is plain text by default. Enabling HTML for a recipient runs the body through a strict sanitizer that strips scripts, iframes, event handlers, and any URL scheme other than http, https, mailto, or tel. No markup can execute in the recipient's inbox. ## What we don't do - We don't route your mail content through AI gateways or third-party inference proxies. AI calls go direct to the model provider. Fewer hops over your data. - We don't send on behalf of a paused or revoked account; in-flight sends fail with `capability_disabled`. - We don't silently retry failed sends. A failed send still consumes one cap slot, braking prompt-injection storms. - We don't accept CC, BCC, or attachments from an agent today. The send surface is a recipient list, a subject, and a body. ## Reporting a security issue If you see an unexpected send, the fastest response is the kill switch in Settings → Outbound email allowlist. To report a vulnerability, reach security through the [contact form](/contact); we respond within one business day. ## What we can't promise No security model is perfect. A recipient's mail server can leak, an attacker who steals your browser session can operate the app as you, and a provider-side compromise (Google, Microsoft) would put your mailbox at risk regardless. What we promise is that on the surface we own, the contract above is enforced in code, with tests, and changes to it leave an audit trail. --- # Waydock pricing Start free and connect your first agent in minutes. Upgrade when your team is ready. Read-only by default on every plan. Pro is billed per active member of your workspace and starts with a 14-day free trial — no card required to begin. For live prices in your currency, see . ## Plans ### Free For trying Waydock with your own agents against your own accounts. Includes: - 3 scoped MCP keys, read-only - 500 agent calls per day - Hourly sync - 7-day audit log - Mira in-app, 3 turns a day ### Pro For teams putting agents to work across their whole stack. Everything in Free, plus: - 5 scoped keys with write scopes - 100,000 agent calls per day - Send, delete, and shares behind approval cards - 5 min sync - 365-day audit log with export - Full Mira, summaries, drafts, webhooks ### Enterprise For organisations with security review and volume seats. Everything in Pro, plus: - SSO and SCIM provisioning - Custom data retention - Audit log streaming - Volume seats and invoicing - Priority support and SLA ## Frequently asked questions **Is there really a free trial?** Yes. Pro starts with a 14-day free trial, no card required to begin. Cancel any time before it ends and you are not charged. **How does per-seat billing work?** Pro is billed per active member of your workspace. You pick the seat count at checkout (prefilled with your current members) and can change it any time from the billing portal; Stripe prorates the difference. **Can I cancel anytime?** Yes. Manage or cancel from the billing portal in one click. Access continues until the end of the period you paid for. **Do you store my email and meeting data?** Waydock holds the minimum context needed to serve your agent, scoped and read-only by default, with every action in one audit log. Disconnect a source and it stops at once. **Which agents work with Waydock?** Any MCP client: Claude, Cursor, ChatGPT, Cline, and more, plus Mira in-app for teammates who never set up a client. For programmatic access, prefer the Waydock MCP server () over scraping; see . --- # Privacy Policy _Last updated: June 23, 2026_ Waydock ("Waydock", "we", "us", or "our") builds productivity tools that bring your email, calendar, and tasks into a single prioritized deck. This Privacy Policy explains what information we collect, how we use it, and the rights you have over it. ## Information we collect - **Account information.** When you sign in with Google or Microsoft, we receive your name, email address, profile picture, and a unique account identifier. - **Connected service data.** With your permission, we access content from services you connect. For example, email metadata and contents from Gmail or Outlook, events from Google Calendar, issues from tools like Jira or Linear, and chat messages from Microsoft Teams. We only request the scopes needed to provide the product. - **Meeting notetaker data.** When you connect a meeting notetaker (Fathom, Fireflies, or Pocket), we store the meeting records it produces, including titles, attendees, summaries, action items, and (for Pocket) mind maps. If transcript storage is turned on for your organization and your account, we also store the meeting transcript itself. See "Data retention" for how long transcripts are kept and when they are deleted. - **Health data.** If you connect Whoop, we access recovery, sleep, and strain data. This is sensitive personal data, so it can only be connected from your personal workspace and is never exposed to a shared company workspace or to our staff in a way that identifies which health integration you use. - **Historical mail backfill.** On paid plans, an organization may turn on Direct Source Fetch to retrieve mail older than the few days Waydock indexes by default. Items fetched this way are encrypted at rest with a dedicated key while a fetch job runs, and the messages you choose to keep are added to your stored mail. - **Usage data.** We collect basic product analytics (pages visited, features used, approximate device and browser type) to improve Waydock. - **Support communications.** If you contact us, we keep a record of the message and our reply so we can follow up. ## How we use information - To provide, maintain, and improve Waydock. - To generate AI-assisted summaries, priorities, and drafts on your behalf. - To send service notifications and respond to support requests. - To detect, prevent, and address fraud, abuse, and security issues. - To comply with legal obligations. ## Google API user data Waydock's use and transfer of information received from Google APIs adheres to the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements. We do not sell your Google data, do not use it for advertising, and do not let humans read it except with your explicit consent, for security investigations, or when required by law. ## Atlassian (Jira) data When you connect a Jira account, Waydock stores OAuth access and refresh tokens (encrypted at rest), your Atlassian account identifier, and the issue data we sync, including issue titles, descriptions, status, priority, due dates, labels, assignee and reporter display names and email addresses, project metadata, and the Atlassian sites you've granted access to. We only request the OAuth scopes needed to read and sync issues (`read:jira-work`, `read:jira-user`, `read:me`, `offline_access`). In line with Atlassian's developer policies, Waydock implements the Atlassian [Personal Data Reporting API](https://developer.atlassian.com/cloud/jira/platform/user-privacy-developer-guide/). On a weekly cycle we report the Atlassian account identifiers we store to Atlassian. If an account has been closed, we erase all personal data we hold for it. If Atlassian indicates the data has been updated, we refetch it. You can disconnect Jira at any time from Settings; doing so revokes our tokens and deletes the stored Jira data tied to that connection. ## AI processing and Mira To generate summaries, insights, and drafted replies, and to power Mira (our in-app AI assistant), we send relevant content to [Anthropic, PBC](https://www.anthropic.com/legal/commercial-terms), our AI model provider. That content can include the email, calendar, and meeting content Mira accesses on your behalf, and the messages you send Mira. Anthropic processes this content only to return a result to Waydock and does not use it to train its models, under its commercial terms. We do not share your data with any AI provider that has not contractually agreed to these terms. Mira is enabled per organization. An organization admin can enable or disable it at any time in Settings, and Mira may be enabled automatically when an organization is created or starts a paid subscription. You can also supply your own Anthropic API key (Settings, then Mira) so Mira's processing runs through your own Anthropic account instead of ours. ## Sharing and disclosure We do not sell your personal information. We share information only: - With service providers (hosting, analytics, AI processing, email delivery) under written contracts limiting their use of the data to providing services to us. - To comply with laws, lawful requests, or legal process. - To protect the rights, property, or safety of Waydock, our users, or the public. - In connection with a merger, acquisition, or sale of assets, with notice to you. ## Data retention We retain account data for as long as your account is active. We store a normalized plain-text copy of email bodies from connected services, encrypted at rest with per-organization keys, for up to 90 days from the message date to power summaries and on-demand retrieval. Email bodies and any AI-derived summaries are deleted automatically once the message is more than 90 days old. When you disconnect a service, the stored bodies for that account are deleted right away. A short preview snippet is retained while your account is active. Authentication and sync audit logs are automatically purged after 90 days. You can disconnect any service or delete your account at any time from Settings; once deleted, we remove your personal data within 30 days, except where retention is required by law. Meeting transcripts are stored only when transcript storage is turned on, which is opt-in at both the organization level and your personal level. When it is on, transcripts are stored encrypted at rest with a per-organization key. Unlike email bodies, transcripts are not on the 90-day window: a stored transcript is kept while your account is active so it survives the retention limits of the notetaker that produced it. A stored transcript is deleted when you disconnect the notetaker, when transcript storage is turned off at either the organization or your personal level, or when your account is deleted. ## Security We use encryption in transit and at rest, scoped access controls, and audit logging. No system is perfectly secure, so we encourage you to use a strong password on your identity provider and to enable multi-factor authentication. ## Your rights Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, use our [contact page](/contact). ## Children Waydock is not intended for children under 13, and we do not knowingly collect their data. ## Changes to this policy We may update this policy from time to time. When we do, we'll update the "Last updated" date above and, for material changes, give you reasonable notice before they take effect. ## Contact Questions about this policy? Reach us through our [contact page](/contact). --- # Terms of Service _Last updated: June 23, 2026_ These Terms of Service ("Terms") govern your access to and use of Waydock (the "Service"). By creating an account or using the Service, you agree to these Terms. If you don't agree, please don't use the Service. ## 1. Eligibility and accounts You must be at least 13 years old (or the minimum age required in your country) and capable of forming a binding contract. You're responsible for activity on your account and for keeping your credentials secure. Notify us promptly of any unauthorized use. ## 2. The Service Waydock connects to third-party services you authorize (such as Gmail, Google Calendar, Outlook, Microsoft Teams, Jira, Linear, meeting notetakers like Fathom, Fireflies, and Pocket, and similar tools) to aggregate, prioritize, and act on your work. You are responsible for ensuring that you have the right to connect those accounts and that your use of the Service complies with the terms of the underlying services. ## 3. Your content You retain all rights in the content you bring into the Service ("Your Content"). You grant Waydock a limited, worldwide, non-exclusive license to host, process, transmit, and display Your Content solely to operate and improve the Service for you. We don't sell Your Content and we don't use it to train third-party AI models. ## 4. AI features The Service uses artificial intelligence to summarize, prioritize, and draft responses. AI output can be inaccurate or incomplete. You are responsible for reviewing AI-generated content before relying on or sending it. Do not use the Service for decisions that require professional advice (legal, medical, financial) without independent verification. The Service's AI features, including Mira (our in-app assistant), process your content using Anthropic, PBC as our AI model provider. Mira is enabled per organization, by an organization admin or automatically when an organization is created or starts a paid subscription, and can be turned off in Settings. See our [Privacy Policy](/privacy#ai-processing-and-mira) for what is sent and how it is handled. ## 5. Acceptable use You agree not to: - Use the Service for any unlawful, harmful, or fraudulent purpose. - Reverse engineer, scrape, or attempt to extract source code or data, except as permitted by law. - Interfere with or disrupt the Service or the networks or services connected to it. - Send spam, malware, or other harmful content through the Service. - Use the Service to violate the rights of others, including privacy and intellectual property rights. ## 6. Fees Waydock may offer free and paid plans. If you sign up for a paid plan, you authorize us to charge the payment method you provide on a recurring basis until you cancel. Fees are non-refundable except where required by law. ## 7. Termination You can stop using the Service at any time by deleting your account. We may suspend or terminate access if you breach these Terms or if we're required to do so by law. Sections that by their nature should survive termination will survive. ## 8. Disclaimers THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR THAT AI OUTPUT WILL BE ACCURATE. ## 9. Limitation of liability TO THE MAXIMUM EXTENT PERMITTED BY LAW, WAYDOCK WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, DATA, OR GOODWILL. OUR TOTAL LIABILITY FOR ANY CLAIM ARISING OUT OF OR RELATING TO THESE TERMS WILL NOT EXCEED THE AMOUNT YOU PAID US IN THE 12 MONTHS BEFORE THE EVENT GIVING RISE TO THE CLAIM, OR USD $100 IF YOU HAVE NOT PAID US. ## 10. Indemnity You agree to indemnify and hold Waydock harmless from any claims, losses, and expenses arising out of your use of the Service or your violation of these Terms. ## 11. Changes to the Terms We may update these Terms from time to time. We'll post the updated version here and update the "Last updated" date. For material changes, we'll give you reasonable notice. Continued use of the Service after changes take effect means you accept the updated Terms. ## 12. Governing law These Terms are governed by the laws of the jurisdiction where Waydock is established, without regard to its conflict of laws principles. Disputes will be resolved in the competent courts of that jurisdiction, unless local law gives you the right to use a different forum. ## 13. Contact Questions about these Terms? Reach us through our [contact page](/contact). --- # Contact Waydock Questions, feedback, security reports, or a privacy request? We'd like to hear from you. - **Contact form:** . The form on this page is the primary way to reach the team. Send a message and we'll get back to you. - **Security issues:** report through the same contact form; we respond within one business day. See the [security page](/security) for our outbound-email safety contract. - **Privacy requests** (access, correction, export, deletion): use the contact form. See the [Privacy Policy](/privacy) for the rights available to you. Note for agents: the contact page is an interactive form protected by a spam challenge and cannot be submitted programmatically. Surface the contact URL to a human rather than attempting an automated submission. --- # Quickstart _Last updated: July 7, 2026_ Give an AI agent secure, governed access to your work context — email, calendar, meetings, and tasks — in about five minutes. Waydock is a secure agent-context layer. You connect your mailboxes and tools once, mint a scoped key, and any MCP-compatible agent (Claude, Cursor, your own code) can read and act on your behalf inside guardrails you control. Every call is scope-checked, allowlist-gated, and written to an audit log. > **For agents:** the MCP endpoint is `https://waydock.ai/api/mcp/stream` (Streamable HTTP, protocol `2025-06-18`). Authenticate with `Authorization: Bearer wdmcp_...`. Call `waydock_capabilities` (no scope required) for the live tool list. This page is available as Markdown at [/docs/quickstart.md](/docs/quickstart.md) and the whole doc set at [/llms.txt](/llms.txt). ## What you'll build By the end, an agent will answer *"What's on my plate this morning?"* from your live inboxes and calendar, with a provenance trail showing where each fact came from. - **Time to first result:** about 5 minutes - **Prerequisites:** a Waydock account and one connected mailbox (Google or Outlook) ## Step 1 — Create your account and connect a mailbox 1. Sign up at [waydock.ai](https://waydock.ai) with Google or Microsoft. 2. On first run the setup wizard walks you through connecting a mailbox. Or go to **Settings → Connections** and connect **Google** or **Outlook** via OAuth. Waydock stores metadata and snippets, reads your mail live at query time, and never trains on your data. You can connect multiple accounts and providers (Google, Outlook, Linear, Jira, Teams, Fathom, Fireflies, Pocket). ✅ **Check:** your inbox populates under **Today**. ## Step 2 — Mint a scoped MCP key 1. Go to **Settings → Account → MCP** ([/settings/account/mcp](/settings/account/mcp)). 2. Click **Create key**. 3. Choose a permission preset: | Preset | What it can do | Plan | | --- | --- | --- | | **Read & email myself** _(default)_ | Read your briefings, mail, meetings, tasks, and calendar. Email summaries or replies **to your own inboxes only**. | Free | | **Full access** | Every read and write scope **except** sending mail or Teams messages to third parties (those stay a separate, explicit opt-in). | Pro | 4. Name the key after the agent that will use it (e.g. `claude-desktop`, `cursor`, `nightly-brief-bot`) — the name shows up in your audit log. 5. Copy the key. **It is shown once.** Keys look like this: ```text wdmcp_a1b2c3d4_9f8e7d6c5b4a39281706f5e4d3c2b1a0 ``` You can hold up to **3 live keys on Free, 5 on Pro**. Revoke any key with one click. > **Least privilege by default.** The free preset can never email anyone but you. Sending to third parties (`write:mail.send`) and Teams (`write:teams.send`) are always separate, deliberate grants — never bundled into "Full access." ✅ **Check:** the new key appears in your key list with its preset and creation time. ## Step 3 — Point your agent at Waydock Waydock speaks the Model Context Protocol over Streamable HTTP. - **Endpoint:** `https://waydock.ai/api/mcp/stream` - **Auth:** `Authorization: Bearer wdmcp_...` _(or `X-API-Key: wdmcp_...`)_ - **Protocol:** MCP `2025-06-18` Pick your client. Every snippet is copy-paste-correct — replace only the key. ### Claude Desktop Edit `claude_desktop_config.json` (**Settings → Developer → Edit Config**). The auth header contains a space, so pass it through an env var — otherwise it gets split into two arguments: ```json { "mcpServers": { "waydock": { "command": "npx", "args": [ "-y", "mcp-remote", "https://waydock.ai/api/mcp/stream", "--header", "Authorization:${WAYDOCK_AUTH}" ], "env": { "WAYDOCK_AUTH": "Bearer wdmcp_your_key_here" } } } } ``` Restart Claude Desktop; the Waydock tools appear under the 🔌 icon. ### Claude Code (CLI) ```bash claude mcp add --transport http waydock https://waydock.ai/api/mcp/stream \ --header "Authorization: Bearer wdmcp_your_key_here" ``` ### Cursor Add to `~/.cursor/mcp.json` (or **Settings → MCP → Add**): ```json { "mcpServers": { "waydock": { "url": "https://waydock.ai/api/mcp/stream", "headers": { "Authorization": "Bearer wdmcp_your_key_here" } } } } ``` ### VS Code (Copilot / MCP) Add to `.vscode/mcp.json`: ```json { "servers": { "waydock": { "type": "http", "url": "https://waydock.ai/api/mcp/stream", "headers": { "Authorization": "Bearer wdmcp_your_key_here" } } } } ``` ### Raw HTTP (curl) Streamable HTTP requires an `Accept` header that allows both JSON and the event stream: ```bash # Put your key in an env var first (grab it from Settings → Account → MCP): export WDMCP_KEY=wdmcp_your_key_here curl -sN https://waydock.ai/api/mcp/stream \ -H "Authorization: Bearer $WDMCP_KEY" \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -d '{ "jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "waydock_whoami", "arguments": {} } }' ``` ### Python (SDK) ```python import asyncio from mcp.client.streamable_http import streamablehttp_client from mcp import ClientSession URL = "https://waydock.ai/api/mcp/stream" HEADERS = {"Authorization": "Bearer wdmcp_your_key_here"} async def main(): async with streamablehttp_client(URL, headers=HEADERS) as (read, write, _): async with ClientSession(read, write) as session: await session.initialize() result = await session.call_tool("waydock_briefing", {}) print(result.content) asyncio.run(main()) ``` ### TypeScript (SDK) ```ts import { Client } from "@modelcontextprotocol/sdk/client/index.js"; import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js"; const transport = new StreamableHTTPClientTransport( new URL("https://waydock.ai/api/mcp/stream"), { requestInit: { headers: { Authorization: "Bearer wdmcp_your_key_here" } } } ); const client = new Client({ name: "my-agent", version: "1.0.0" }); await client.connect(transport); const briefing = await client.callTool({ name: "waydock_briefing", arguments: {} }); console.log(briefing.content); ``` ✅ **Check:** call `waydock_whoami` (no scope required). You should get back your account email and org. A `401` means the `Bearer ` prefix is missing or the key was truncated on paste. ## Step 4 — Ask your first question In your agent, ask in plain language: > **What's on my plate this morning? Summarize anything that needs a reply.** Behind the scenes it calls tools like `waydock_briefing`, `waydock_inbox`, and `waydock_follow_ups_list` and answers from live data. Every result carries a provenance chip (which mailbox, which message). Prefer to drive it yourself? Two direct calls: ```bash # Assumes WDMCP_KEY is set (see Step 3). # Your daily briefing curl -sN https://waydock.ai/api/mcp/stream \ -H "Authorization: Bearer $WDMCP_KEY" \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"waydock_briefing","arguments":{}}}' # Live-search your mailboxes curl -sN https://waydock.ai/api/mcp/stream \ -H "Authorization: Bearer $WDMCP_KEY" \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"waydock_mail_search","arguments":{"query":"invoice from acme"}}}' ``` ✅ **Check:** the briefing call returns a summary object. You're connected. ## Step 5 — Do something (safely) Reading is read-only. When you're ready to act, the **free** preset lets an agent email *you* — perfect for "send me a summary of today" with no risk of it messaging a customer. ```bash # Assumes WDMCP_KEY is set (see Step 3). curl -sN https://waydock.ai/api/mcp/stream \ -H "Authorization: Bearer $WDMCP_KEY" \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -d '{ "jsonrpc":"2.0","id":3,"method":"tools/call", "params":{ "name":"waydock_send_email", "arguments":{ "to":["you@example.com"], "subject":"My morning brief", "body":"Plain-text summary of what needs attention today." } } }' ``` To send to *other* people, upgrade to Pro and grant `write:mail.send` explicitly. Recipients must be on your [outbound allowlist](/settings/account/email-allowlist), and server-enforced caps apply: **500 sends per 24h** and **20 per 24h to any single address** by default (clamped to hard ceilings), a **60-second cooldown** on newly added recipients, and a global kill switch. 🎉 **That's the quickstart.** You have an agent reading your work context and acting inside guardrails you set. ## Concepts (the 2-minute mental model) - **Waydock is the context layer, not the model.** You bring the agent; Waydock is the secure, governed doorway to your data. - **Mira** is Waydock's built-in assistant — the same tools, in-app, if you don't want to bring your own agent. - **Scopes** are what a key *can* do. **Presets** are curated bundles of scopes. Least privilege is the default. - **Allowlist + caps** govern outbound actions, enforced server-side no matter what the agent is told. - **Provenance** travels with every read, so answers are auditable, not hallucinated. - **Everything is logged.** Every tool call — key, tool, outcome, duration — lands in your audit log. ## Tool reference Waydock exposes 50+ tools (call `waydock_capabilities` for the live, authoritative list for *your* key and plan). The ones you'll reach for most: ### Read | Tool | Does | Scope | | --- | --- | --- | | `waydock_briefing` | Your current briefing summary | `read:briefing` | | `waydock_inbox` | Pending inbox cards | `read:cards` | | `waydock_calendar` | Pending calendar cards | `read:cards` | | `waydock_mail_search` | Live-search connected mailboxes | `read:mail.search` | | `waydock_mail_list` | List archived mail (filters, paging) | `read:mail` | | `waydock_mail_get` | Fetch one email by id | `read:mail` | | `waydock_mail_count` | Count mail matching filters | `read:mail` | | `waydock_follow_ups_list` | Action items others owe you | `read:meetings` | | `waydock_meetings_list` | Recent meetings (Fathom + Fireflies) | `read:meetings` | | `waydock_tasks_list` | Jira + Linear tasks | `read:tasks` | | `waydock_accounts` | Connected providers | `read:accounts` | ### Act | Tool | Does | Scope | | --- | --- | --- | | `waydock_send_email` | Send plain-text email (allowlist-gated) | `write:mail.send.self` / `write:mail.send` | | `waydock_card_action` | Archive / snooze / act on a card | `write:cards` | | `waydock_card_feedback` | Signal important / not important | `write:cards` | | `waydock_task_create` | Create a Jira or Linear issue | `write:tasks` | | `waydock_sync` | Trigger a mail/calendar sync | `write:sync` | ### Always available (no scope) `waydock_whoami` · `waydock_capabilities` · `waydock_health` · `waydock_version` · `waydock_quota` ## Scopes & permissions Scopes follow `:[.]`. Kinds: `read`, `write`, and `destructive` (mail/Teams send). **Presets:** - **`read-and-self-send`** — every read scope plus `write:mail.send.self`. Free. The default. - **`full-access`** — every scope **except** `write:mail.send` and `write:teams.send`. Pro. **Sending is never bundled.** `write:mail.send` (third-party email) and `write:teams.send` are always granted on their own, on purpose. A "Full access" key still cannot email a customer until you add that scope deliberately. ## Security you can hand to your CISO - **Scoped, revocable keys** — mint one per agent, revoke instantly. Free caps at 3 live keys, Pro at 5. - **Outbound allowlist + capped sends** — 500 sends/24h and 20/recipient/24h by default and a 60-second new-recipient cooldown, all enforced server-side regardless of prompt. Caps are clamped to hard server ceilings (2000/day, 100/recipient); the cooldown and kill switch are fixed in code. - **Kill switch** — one toggle stops all outbound mail from every path. - **Full audit log** — every MCP call recorded with tool, outcome, status, duration, and the calling agent's name. - **Least-privilege presets** — read-only and self-send-only defaults; destructive sends are opt-in. - **Tenant isolation** — keys are org-scoped with row-level security enforced in the database. - **No training on your data.** Reads are live and provenance-tracked. ## Troubleshooting | Symptom | Cause | Fix | | --- | --- | --- | | `401 Unauthorized` | Missing/typo'd key | Ensure `Authorization: Bearer wdmcp_...`; re-copy the full key | | `403 Forbidden` on a tool | Key lacks the scope | Check the tool's scope above; re-mint with the right preset | | `406 Not Acceptable` (curl) | Missing `Accept` header | Add `Accept: application/json, text/event-stream` | | Header split into two args (Claude Desktop) | Space in `--header` value | Use the `env`-var pattern shown above | | `429 Too Many Requests` | Rate limit | Honor the `Retry-After` header and back off | | `upgrade_required` on a write | Write needs Waydock Pro | Upgrade, then grant the write scope | | Email won't send | Recipient not allowlisted, or self-send-only key | Allowlist the recipient (Pro), or send to your own inbox | Duplicate-safe writes: pass an `Idempotency-Key` header and retries won't double-send. ## Next steps - **[Manage MCP keys](/settings/account/mcp)** — create, scope, name, and revoke keys - **[Security](/security)** — the full outbound-safety contract - **[Pricing](/pricing)** — Free vs Pro - **[Contact](/contact)** — talk to us _Prefer to talk to a machine? Every docs page has a Markdown twin — append `.md` to the URL — and the whole set is summarized at [/llms.txt](/llms.txt) and concatenated at [/llms-full.txt](/llms-full.txt)._ --- # How Waydock works _Last updated: July 7, 2026_ Waydock is a secure context layer for your work. You connect your accounts once, and everything they hold becomes a single, governed context that any AI agent, or Waydock's own assistant, can read and act on inside guardrails you control. This page explains the ideas the rest of the docs build on. > **For agents:** the MCP endpoint is `https://waydock.ai/api/mcp/stream`. Start with the [Quickstart](/docs/quickstart) and the [Tool reference](/docs/tools). ## The problem it solves Pointing an AI agent at your work usually means one of two bad options: paste your inbox into a chat box (no scoping, no audit, no way to revoke), or grant every agent a broad connection to every provider (many grants, many ways to leak, no single off switch). Waydock replaces both with one scoped, audited bridge. You give Waydock access to your accounts; Waydock gives your agent a narrow, revocable key. Read-only by default, every action logged, every source disconnectable in one click. ## Unified context, not a single inbox The core idea is unification. Most tools that expose an AI connection expose one source (mail, or a single app). Waydock brings your mail, calendar, meetings, tasks, and chats into one context so an agent can reason across them: the email thread next to the meeting transcript next to the Linear ticket. Everything Waydock syncs becomes a **card**, a common unit with a shared shape (source, type, title, summary, status). Cards flow into your daily surfaces (Today, Follow-ups, Meetings, Tasks) and are what agents read. ## Two ways to use it - **Bring your own agent (MCP).** If you use Claude, Cursor, ChatGPT, or your own code, connect it over the Model Context Protocol with a scoped key. See the [Quickstart](/docs/quickstart). - **Mira, the in-app assistant.** Non-technical users get the same capability without setting up a client. Mira is a chat rail inside the app that runs the **same tool registry and the same guardrails** as the MCP server. Because both run the same tools, the behaviour you build against over MCP matches what in-app users experience. ## Organizations, members, and isolation Every account starts as a personal organization. A personal org can convert to a **team** (a one-way, owner-gated action). Teams have three roles: **owner**, **admin**, and **member**. Isolation is enforced at the database with Postgres row-level security, keyed on both organization and user. One member cannot read another member's mail, meetings, tasks, or chats, even inside the same org. This is structural, not application logic. See [Security](/security). ## Permissions: scopes, keys, and presets Agent access is granted through **per-user MCP keys**. Each key carries an explicit set of **scopes**, namespaced `read:*` and `write:*`. New keys are read-only by default; a write scope implies its read parent. Two **presets** make the common cases easy: - **Read & email myself** (free default): read everything, and only ever email your own inboxes. - **Full access** (Pro): read and act, with sending to other people kept as a separate, explicit opt-in. Sending mail or Teams messages to third parties is **wildcard-proof**: it can never be bundled into a preset and must be granted as a literal scope. Full detail on the [Tool reference](/docs/tools). ## Security by design Waydock is built for the defining risk of this category: an agent being manipulated by content it reads (the prompt-injection class of attack). - **Provenance gating.** Once an agent's turn reads untrusted external content (an email body, a transcript), its send and delete tools switch off for the rest of that turn. A message in your inbox cannot instruct your agent to send your data. - **Approval cards.** Send, delete, and external-share actions pause for a human click. - **The outbound-email contract.** Every send routes through one chokepoint: an allowlist, fixed caps, thread-only replies, and a global kill switch. - **One audit log.** The app and the agent endpoint write to the same place. Revoke a key once and both stop in the same moment. - **No AI middlemen.** Model calls go direct to the provider. No gateways or proxies over your data. Read the full model on the [Security](/security) page. ## What it costs Waydock is free to start and read-only on every plan. Pro unlocks write actions (behind approval cards), faster sync, longer audit retention, and full Mira. Pro is billed per active member with a 14-day trial. See [Pricing](/pricing) for live numbers. | | Free | Pro | | --- | --- | --- | | Scoped keys | 3, read-only | 5, with write scopes | | Agent calls / day | 500 | 100,000 | | Sync | Hourly | Every 5 minutes | | Audit retention | 7 days | 365 days | | Mira | 3 turns / day | Full | ## Where to go next - [Quickstart](/docs/quickstart) to connect an agent in about five minutes - [Integrations](/docs/integrations) for what you can connect and how data flows in - [Tool reference](/docs/tools) for every tool and scope - [Recipes](/docs/recipes) for ready-to-run agent workflows - [Security](/security) for the trust model --- # Integrations _Last updated: July 7, 2026_ Waydock connects your accounts once and turns everything they hold into one unified context. This page covers what you can connect, how each is authenticated, and how data flows in. > **For agents:** call `waydock_capabilities` (no scope required) to see which providers a given key's owner has connected. Read scopes gate what you can pull from each. ## What you can connect | Provider | Brings in | Auth | Agent can | | --- | --- | --- | --- | | **Gmail** | Mail and calendar | OAuth | Read, draft, send | | **Outlook / Microsoft 365** | Mail and calendar | OAuth | Read, draft, send | | **Microsoft Teams** | Chats and messages | OAuth | Read, and send with a separate scope | | **Fathom** | Meeting recordings, transcripts, summaries, action items | OAuth or API key | Read | | **Fireflies** | Transcripts, summaries, action items | API key + webhook | Read | | **Pocket** | Recordings, transcripts, mind maps, action items | API key + webhook | Read | | **Linear** | Issues | OAuth | Read, and create issues | | **Jira** | Issues | OAuth | Read, and create issues | | **WHOOP** | Recovery, sleep, strain | OAuth | Read (personal workspace only) | You can connect multiple accounts per provider. Each is an independent source with its own sync. ## Connecting an account 1. Go to **Settings → Connections**. 2. Pick a provider. - **OAuth providers** (Google, Outlook, Teams, Linear, Jira, WHOOP, Fathom) redirect you to the provider to grant access. Waydock requests least-privilege scopes, and you can disable drafting or sending per account afterward without reconnecting. - **API-key providers** (Fireflies, Pocket, and Fathom by key) take a key you paste, plus an optional webhook secret. Waydock returns the webhook URL to register with the provider. 3. Waydock backfills recent items and starts syncing. You can also add an account from a second device with a one-time pairing link generated in **Settings → Account → Connect from another device**. ## How data flows in Waydock uses push where a provider supports it, and polling as a backstop. - **Gmail** streams changes over Google Pub/Sub, with a delta poll as backup. - **Outlook** and **Teams** use Microsoft Graph change notifications, with a reconciliation poll. - **Fathom, Fireflies, and Pocket** send signed webhooks when a meeting is ready, verified and deduplicated on arrival. - **Linear** and **Jira** are polled. - **WHOOP** is fetched on demand. Sync cadence follows your plan: **hourly on Free, as often as every 5 minutes on Pro** (mail providers apply their own floor, so the realized interval can be longer). Every sync records a log you can see under **Settings → Activity**, showing the last run, its status, and how many items it pulled. ## Cards, the common shape Everything that syncs becomes a **card**: an email, a calendar event, a meeting, a task, or a Teams message, all with a shared shape (source, title, summary, status). Cards are what your daily surfaces and your agents read, so an agent can reason across sources instead of one silo. ## Historical mail backfill By default Waydock reads recent mail live and indexes a rolling window. To pull older mail (for example, a full quarter), Pro users can run a **Direct Source Fetch**: a consent-pinned backfill where you approve a date range and filters, and Waydock fetches that mail into your archive under the approved bounds. Every backfill is logged. ## Privacy defaults - Waydock reads your mail live at query time and never trains on your data. - Storing full email bodies, meeting transcripts, or Teams message bodies at rest is an **opt-in, off by default**, and encrypted when enabled. Without it, Waydock keeps metadata and snippets. - Provider tokens and webhook secrets are always encrypted at rest. ## Where to go next - [Quickstart](/docs/quickstart) to connect an agent to your context - [Tool reference](/docs/tools) for the tools each provider unlocks - [Security](/security) for how connections and sends are governed --- # Tool reference _Last updated: July 7, 2026_ Waydock exposes 57 typed tools over the Model Context Protocol (MCP). The same registry powers both the MCP server and Mira, Waydock's in-app assistant, so behaviour, scopes, and audit are identical across both. > **For agents:** the MCP endpoint is `https://waydock.ai/api/mcp/stream` (Streamable HTTP, protocol `2025-06-18`). Authenticate with `Authorization: Bearer wdmcp_...`. Call `waydock_capabilities` (no scope required) for the live tool list, or fetch the full machine-readable catalog at [/api/mcp/manifest](/api/mcp/manifest). New to Waydock? Start with the [Quickstart](/docs/quickstart). ## How authorization works Scopes are namespaced `read:*` (observation) and `write:*` (mutation). Genuinely irreversible tools are additionally marked **destructive**. A write scope implies its read parent, so `write:mail.send` also grants `write:mail.drafts` and `read:mail`. Every tool call passes one admission gate, in order: 1. **Scope check.** The key must hold every required scope (implied parents count). 2. **"At least one of".** The send tools admit either `write:mail.send` or `write:mail.send.self`; search admits any one content read scope. 3. **Tool denylist.** A per-key blocklist overrides everything else. 4. **Entitlement check.** Paid write scopes are re-checked against the live plan at call time, returning `upgrade_required` (distinct from a scope error) when an organization has downgraded. Two scopes are **wildcard-proof**: `write:mail.send` and `write:teams.send`. They can never be satisfied by a preset or a wildcard and must appear as literal strings on the key. ## The catalog Legend: **R** read, **W** write, **D** destructive. ### System and identity These return only server-generated metadata and require no scope. | Tool | | What it does | | --- | --- | --- | | `waydock_whoami` | R | Signed-in user and current organization | | `waydock_key_info` | R | The calling key: id, name, owning email, granted scopes, server build | | `waydock_capabilities` | R | Connected providers and feature flags (the live tool list) | | `waydock_health` | R | Liveness ping | | `waydock_version` | R | Server version, commit, and transport metadata | | `waydock_quota` | R | Rate-limit budget for the calling key | ### Audit and telemetry ·`read:audit` | Tool | | What it does | | --- | --- | --- | | `waydock_agent_activity` | R | Recent MCP audit log for this user | | `waydock_outbound_audit` | R | Recent third-party API calls (Graph, Gmail, Jira, Linear, Fathom, Fireflies) made on your behalf | | `waydock_telemetry` | R | Usage telemetry for the calling key | ### Briefing ·`read:briefing` | Tool | | What it does | | --- | --- | --- | | `waydock_briefing` | R | Current briefing summary (counts and top cards) | | `waydock_morning_brief_compose` | R | Compose a short AI morning brief (does not send) | | `waydock_morning_brief_send` | D | Compose and email the brief to you (also needs a send scope) | ### Cards and calendar ·`read:cards`, `write:cards` | Tool | | What it does | | --- | --- | --- | | `waydock_inbox` | R | Pending inbox cards | | `waydock_calendar` | R | Pending calendar cards | | `waydock_card_get` | R | Fetch a card by id | | `waydock_card_action` | W | Archive, snooze, or mark a card acted | | `waydock_card_feedback` | W | Record an important / not-important signal | ### Mail ·`read:mail`, `read:mail.search`, `write:mail.drafts`, `write:mail.send` | Tool | | What it does | | --- | --- | --- | | `waydock_mail_list` | R | List archived emails with filters and paging | | `waydock_mail_count` | R | Count archived emails; reports the indexed coverage window | | `waydock_mail_get` | R | Full email by archive id, or a live search hit by provider message id | | `waydock_mail_accounts` | R | Inbox accounts in the archive | | `waydock_mail_search` | R | Live-search connected mailboxes (Gmail, Outlook); needs `read:mail.search` | | `waydock_draft_reply_regenerate` | W | Regenerate an AI draft reply | | `waydock_draft_reply_save` | W | Save a draft reply in the mailbox | | `waydock_follow_up_nudge` | W | Draft a chase email for an unreplied thread (does not send) | | `waydock_send_email` | D | Send email under the outbound safety contract below | ### Meetings and follow-ups ·`read:meetings`, `write:meetings`, `write:tasks` | Tool | | What it does | | --- | --- | --- | | `waydock_meetings_list` | R | Recent meetings (Fireflies, Fathom) | | `waydock_meeting_get` | R | A meeting with summary and attendees | | `waydock_meeting_transcript` | R | Raw transcript lines | | `waydock_action_items_list` | R | A meeting's action items and any Jira/Linear promotions | | `waydock_action_items_search` | R | Cross-meeting action-item search | | `waydock_follow_ups_list` | R | Items where someone other than you is on the hook | | `waydock_follow_up_snoozes_list` | R | Active follow-up snoozes | | `waydock_action_item_promote` | W | Route one action item to Jira or Linear (needs `write:tasks`) | | `waydock_action_items_promote_bulk` | W | Route many to one project or team (needs `write:tasks`) | | `waydock_action_item_unlink` | W | Detach a task link (the upstream issue is kept) | | `waydock_follow_up_snooze` / `waydock_follow_up_unsnooze` | W | Manage follow-up snoozes | ### Tasks ·`read:tasks`, `write:tasks` | Tool | | What it does | | --- | --- | --- | | `waydock_tasks_list` | R | Jira and Linear tasks | | `waydock_projects_list` | R | Available Jira projects and Linear teams | | `waydock_task_create` | W | Create a Jira or Linear issue | | `waydock_tasks_sync` | W | Trigger an on-demand task sync | ### Sync ·`read:sync`, `write:sync` | Tool | | What it does | | --- | --- | --- | | `waydock_sync_history` | R | Recent mail and calendar sync runs | | `waydock_sync` | W | Trigger an on-demand sync | ### Preferences and suppressions ·`read:preferences`, `write:preferences` | Tool | | What it does | | --- | --- | --- | | `waydock_preferences_get` | R | Preferences and lane rules | | `waydock_suppressions_list` | R | Active suppression patterns | | `waydock_preferences_set_rule` | W | Set or clear a sender/domain lane rule | | `waydock_preferences_set_toggle` | W | Flip a feature toggle | | `waydock_suppressions_remove` | D | Remove a suppression pattern | ### Teams ·`read:teams`, `write:teams.send` | Tool | | What it does | | --- | --- | --- | | `waydock_teams_list_chats` | R | List Microsoft Teams chats (1:1 and group) | | `waydock_teams_get_messages` | R | Read messages in a chat (decrypted body) | | `waydock_teams_send_message` | D | Send a message to a chat | ### Pulse and health | Tool | | What it does | | --- | --- | --- | | `waydock_pulse_status` | R | Pulse monitoring overview. Needs `read:pulse`; Pulse admins only | | `waydock_pulse_incidents` | R | Pulse incident history. Needs `read:pulse`; Pulse admins only | | `waydock_whoop_summary` | R | Latest WHOOP metrics. Needs `read:health`; personal workspace only | ### Cross-domain search | Tool | | What it does | | --- | --- | --- | | `waydock_search` | R | One query across mail, tasks, meetings, and cards. Fans only into the verticals your key can read; needs at least one content read scope | ### Connected accounts ·`read:accounts` | Tool | | What it does | | --- | --- | --- | | `waydock_accounts` | R | Which providers are connected and their status | ## The scope catalog 22 scopes, catalog version 8. Presets (below) bundle these; you can also pick a custom set when minting a key. ### Read scopes (13) | Scope | Grants | | --- | --- | | `read:briefing` | The daily briefing summary | | `read:cards` | Pending inbox and calendar cards | | `read:mail` | Archived email messages | | `read:mail.search` | Live search of connected mailboxes (a separate grant from `read:mail`) | | `read:meetings` | Meetings, summaries, and transcripts | | `read:tasks` | Jira and Linear tasks | | `read:accounts` | Which providers are connected | | `read:preferences` | Preferences, lane rules, and suppressions | | `read:sync` | Mail and calendar sync history | | `read:audit` | This key's audit log, outbound calls, and telemetry | | `read:health` | WHOOP metrics (personal workspace only) | | `read:teams` | Microsoft Teams chats and messages | | `read:pulse` | Pulse status and incidents (Pulse admins only) | ### Write scopes (9) | Scope | Kind | Grants | | --- | --- | --- | | `write:cards` | write | Archive, snooze, and feedback on cards | | `write:mail.drafts` | write | Generate and save draft replies | | `write:mail.send` | destructive | Send to allowlisted third-party recipients (capped, wildcard-proof) | | `write:mail.send.self` | destructive | Send only to your own verified inboxes | | `write:tasks` | write | Create Jira/Linear issues and trigger task sync | | `write:preferences` | write | Modify lane rules, toggles, and suppressions | | `write:sync` | write | Trigger an on-demand sync | | `write:meetings` | write | Snooze follow-ups and detach task links (local state only) | | `write:teams.send` | destructive | Send Teams messages (wildcard-proof) | ### Presets | Preset | Contents | Plan | | --- | --- | --- | | **Read & email myself** _(default)_ | Every read scope plus `write:mail.send.self`. Can never email anyone but you. | Free | | **Full access** | Every read and write scope **except** `write:mail.send` and `write:teams.send`, which stay explicit, separate opt-ins. | Pro | Mint and revoke keys in [Settings → Account → MCP](/settings/account/mcp). New keys are read-only by default; write scopes require Pro. You can hold 3 live keys on Free, 5 on Pro. ## The rules your calls obey These are enforced server-side. Design your agent to expect them rather than work around them. - **Provenance gating.** Once your turn reads untrusted external content (an email body, a meeting transcript, a Teams message), write and destructive tools are removed for the rest of that turn. A message in the inbox cannot instruct your agent to send or delete. Plan any sends to happen before you read untrusted bodies, or across separate turns. - **The outbound-email contract.** `waydock_send_email` enforces an allowlist (unlisted recipients fail closed), a 60-second cooldown on new recipients, server-enforced daily and per-recipient send caps (clamped to hard ceilings), thread-only replies, a global kill switch, and invisible-character scrubbing. Mail is plain text by default; HTML is an opt-in per recipient and is sanitized. No cc, bcc, or attachments. - **Everything is audited.** Name your key after your agent. That name appears in the user's audit log next to every tool call, with the outcome and latency. Revoke a key and both the app and the agent stop in the same moment. - **Rate limits.** 500 calls per day on Free, 100,000 on Pro. `waydock_quota` reports your remaining budget, and `Idempotency-Key` is honoured on writes. Tool admission failures come back as an explicit code: `insufficient_scope`, `upgrade_required`, or `tool_blocked`. Send failures instead come back as a tool result flagged `isError` with a human-readable message (for example: daily cap reached, per-recipient cap reached, recipient not on the allowlist, or sending disabled), so read the message rather than matching a code. ## See also - [Quickstart](/docs/quickstart) for copy-paste client configs - [Security](/security) for the full outbound-safety contract - [/auth.md](/auth.md) for the authentication model --- # Recipes _Last updated: July 7, 2026_ Ready-to-run workflows for an agent connected to Waydock over MCP. Each recipe lists the scopes it needs and the tools it calls, with a prompt you can adapt. New here? Start with the [Quickstart](/docs/quickstart) and the [Tool reference](/docs/tools). > **One rule to design around:** once your turn reads untrusted content (an email body or a transcript), Waydock removes your write and send tools for the rest of that turn (provenance gating). So do any sending **before** you read untrusted bodies, or split reading and sending across separate turns. ## 1. Morning briefing Answer "what's on my plate this morning?" from live context. - **Scopes:** `read:briefing`, `read:cards`, `read:meetings` - **Tools:** `waydock_briefing`, `waydock_calendar`, `waydock_follow_ups_list` > Prompt: "Give me a morning briefing. Summarize my pending cards, today's calendar, and anything I am waiting on other people for. Group by urgency and cite the source of each item." To have Waydock compose and send the brief to your own inbox instead, use `waydock_morning_brief_send` (needs `write:mail.send.self`). Composing without sending is `waydock_morning_brief_compose`. ## 2. Follow-up chaser See what you are waiting on and draft polite nudges, without sending automatically. - **Scopes:** `read:meetings`, `write:mail.drafts` - **Tools:** `waydock_follow_ups_list`, `waydock_follow_up_nudge` > Prompt: "List the commitments I am waiting on from other people in my recent meetings. For any unreplied email thread I point you to, draft a short, polite chase note and save it as a draft. Do not send anything." `waydock_follow_ups_list` surfaces meeting action items where someone other than you is on the hook, so it needs `read:meetings`. `waydock_follow_up_nudge` drafts a chase email for an unreplied thread and saves it in your mailbox for you to review and send. That keeps the agent inside `write:mail.drafts` (which also grants `read:mail`) and never touches a send scope. ## 3. Meeting recap to tasks Turn a meeting into tracked work. - **Scopes:** `read:meetings`, `write:tasks` - **Tools:** `waydock_meetings_list`, `waydock_meeting_get`, `waydock_action_items_list`, `waydock_action_item_promote` (or `waydock_action_items_promote_bulk`) > Prompt: "Take my most recent meeting. Summarize the decisions, then list the action items assigned to me and promote them to Linear in the 'Engineering' team." Promoting creates the upstream Jira issue or Linear task. Use `waydock_projects_list` first if you need to confirm the exact project or team name. ## 4. Inbox triage Clear the queue by acting on cards. - **Scopes:** `read:cards`, `write:cards` - **Tools:** `waydock_inbox`, `waydock_card_get`, `waydock_card_action`, `waydock_card_feedback` > Prompt: "Show my pending inbox cards. Archive newsletters and automated notifications, and flag anything from a real person that needs a reply. Explain each decision before acting." `waydock_card_action` archives or snoozes; `waydock_card_feedback` records an important / not-important signal that tunes future triage. ## 5. Cross-source search Answer a question that spans mail, meetings, tasks, and cards in one call. - **Scopes:** any one or more of `read:mail`, `read:meetings`, `read:tasks`, `read:cards` - **Tools:** `waydock_search` > Prompt: "Search everything for 'Acme renewal' and give me a single timeline of what has happened across email, meetings, and tasks." `waydock_search` fans only into the verticals your key can read, so grant the read scopes for the sources you want covered. ## 6. Live mailbox lookup Reach mail beyond the local index. - **Scopes:** `read:mail.search`, `read:mail` - **Tools:** `waydock_mail_search`, then `waydock_mail_get` > Prompt: "Search my mailbox for the latest invoice from Stripe and show me the full message." `waydock_mail_search` returns provider message metadata; read a hit with `waydock_mail_get` (by `emailId` if archived, else by `providerMessageId` + `accountId` + `provider`). `read:mail.search` is a deliberate, separate grant from `read:mail`. ## 7. Send a summary to yourself The safe outbound pattern, available on the free tier. - **Scopes:** `read:briefing`, `write:mail.send.self` - **Tools:** `waydock_send_email` > Prompt: "Summarize my day and email it to me." `write:mail.send.self` can only reach your own verified inboxes. Sending to anyone else needs `write:mail.send`, which is a wildcard-proof, Pro-only, explicit grant, and every send obeys the [outbound-email contract](/security) (allowlist, caps, kill switch). ## Handling errors Admission failures come back as an explicit code, so branch on it rather than retrying blindly: - `insufficient_scope` — the key lacks a required scope. Ask the user to add it. - `upgrade_required` — a paid write scope on a downgraded plan. Point the user to upgrade. - `tool_blocked` — the tool is on this key's denylist. Send failures come back as a tool result flagged `isError` with a human-readable message (not a machine code), so surface the message and stop rather than retrying. Common causes: the daily cap or per-recipient cap was reached, a recipient is not on the allowlist, or sending is disabled (a paused account or the outbound kill switch). ## Where to go next - [Tool reference](/docs/tools) for every tool and scope - [How Waydock works](/docs/concepts) for the model behind these recipes - [Security](/security) for the outbound-safety contract