Tools & MCP

Your business objects, as governed tools for any AI.

Most companies wire AI to their data with handwritten glue that bypasses every control they have. ObjectOS generates the tools from metadata instead: whatever your model — Claude, Cursor, or something fully local — it works through the same permissions, approvals, and audit as your people.

ObjectOS product surface connecting business data, applications, and AI agents
AI Writes metadata Objects, permissions, workflows, tools
Human Reviews diff Business authority, data access, approvals
Runtime Enforces policy UI, APIs, audit, MCP, actions
Auto-wired
Query, schema, and action tools register themselves from your objects
Any client
Claude, Cursor, local models, or your own agent runtime
User-scoped
Row and field rules enforced on every tool call

Connect in minutes

Point any MCP client at your runtime.

One entry in your client configuration connects the model to your governed objects. From there, every query and action is checked against the signed-in user’s permissions.

// Any MCP client configuration
{
  "mcpServers": {
    "objectstack": {
      "command": "npx",
      "args": [
        "@objectstack/mcp",
        "--url", "https://runtime.your-company.com"
      ]
    }
  }
}

What the AI gets

Tools that already know your business

Because tools derive from the same metadata that defines the application, the AI sees real objects, real relationships, and real actions — not a raw database dump.

Query business objects

Search, filter, and traverse relationships over customers, orders, cases — whatever your definitions model — with the schema as context.

Run exposed actions

Actions that metadata explicitly exposes become callable tools: assign a case, start a flow, generate a summary — nothing implicit.

Inspect the schema

Agents can read object and field definitions to plan work, scoped to what the signed-in user is allowed to see.

Same rules as people

A tool call is just another governed request

The MCP server sits inside the runtime, not beside it — so there is no side door. Every call goes through the same enforcement path as a click in the UI.

Signed-in identity

Tool calls carry the user’s identity. Row-level and field-level rules apply exactly as they would in a screen or API request.

Approval-gated writes

Actions that require sign-off queue for approval when called by an AI, the same as when called by a person.

Every call audited

Tool invocations land in the audit log with who, what, and when — appearing in the audit viewer beside human activity, with the same filters and the same old → new diffs.

Decision surface

What changes, who reviews it, what runs

Tool callWhat the AI sendsWhat the runtime checks
Query recordsFilters over business objectsRow and field rules for the signed-in user
Run an actionA named action with parametersPermission, approval requirement, parameter validation
Inspect schemaA metadata readOnly objects and fields the user may see
Update a recordField changes on one recordField-level rights, validations, audit entry

FAQ

Questions this page should answer

Is the MCP server in the open-source edition?

Yes — it is the core of the open-source AI story. @objectstack/mcp ships with the platform, so you can connect Claude, Cursor, or a fully local model to your governed objects without a cloud subscription.

Do we have to expose everything to the AI?

No. Business objects are bridged automatically while system objects stay excluded by default, actions become tools only when metadata exposes them, and every call is still filtered by the caller’s row- and field-level permissions.

Next pages

Keep building the evaluation packet.