Skip to content
AM

Pillars, tiers, and tool visibility

MCP discovery is contextual. The Worker filters the canonical catalog for the requested surface, tenant policy, and authenticated principal before returning a manifest or registering tools for a request.

Subscription pillars and AI COO scope

Subscription tiers establish enabled product pillars and an AI COO scope:

TierEnabled product pillarsAI COO scope
Coreportal, accounting, reportingaccounting
Growthportal, accounting, reporting, commerce, cx, dataxfull
Scaleportal, accounting, reporting, commerce, cx, studio, dataxunlimited
Enterpriseportal, accounting, reporting, commerce, cx, studio, dataxunlimited
Practiceportal, accounting, reporting, cxaccounting

datax is a subscription pillar but is not an MCP ToolPillar. The MCP catalog’s tool pillars are accounting, commerce, cx, portal, reporting, and studio.

These gates intersect. For example, Practice includes the CX product pillar, but its accounting AI COO scope limits MCP discovery to accounting, reporting, and portal tools while acting in the practice tenant.

Ordered visibility gates

toolVisibilityDecision applies these checks:

GateWhat must be true
SurfaceThe tool declares the requested public or internal surface
Agent stateThe tenant policy has the AI assistant enabled
Effective tierPublic discovery excludes T4; policy-blocked destructive tools are excluded
AI COO scopeThe tool’s pillar is allowed by accounting, full, or unlimited
PillarThe tenant policy enables the tool’s pillar
FeatureEvery requiredFeatures key is present
GL layerThe tenant GL layer meets minGlLayer
EntitlementEvery requiredEntitlements key is present
RoleAt least one allowedRoles value matches when roles are restricted
PermissionEvery requiredPermissions value is present in policy permissions or principal scopes
PersonaThe canonical tenant persona matches an allowedPersonas value when restricted

The catalog visibility policy has this normalized shape:

interface ToolVisibilityPolicy {
requiredEntitlements: readonly string[];
requiredFeatures: readonly string[];
minGlLayer: 0 | 1 | 2 | 3;
allowedRoles: readonly string[];
requiredPermissions: readonly string[];
allowedPersonas: readonly string[];
}

Empty arrays mean that gate adds no tool-specific restriction. Defaults are normalized when the catalog is built, so every ToolDefinition has a complete policy.

Public and internal surfaces

The public surface excludes destructive T4 tools from discovery. The internal manifest can include T4 definitions, but visibility does not imply immediate execution: curated destructive tools remain hard-blocked and other allowed T4 tools use the destructive pending-action path.

Public requests without X-Tenant-ID receive a restricted bootstrap policy for organization selection. After selecting an organization, clients must send the returned tenant header. Tenant-scoped requests fail closed if policy cannot be verified.

Discovery and execution

/mcp/manifest and MCP tools/list return only the tools visible in the current context. The set can change when the tenant, principal, role, feature set, subscription, or policy changes. Clients should rediscover tools after changing tenant context and should not cache a catalog as a universal contract.

Do not treat hidden UI controls as API authorization. Product APIs enforce their own authorization, while MCP applies the catalog gates above before tool execution.

Example

For a Growth tenant with AI COO enabled, full scope allows non-Studio pillars. A specific CX tool is still omitted unless CX is enabled and all of that tool’s feature, entitlement, GL-layer, role, permission, and persona requirements pass.

For a Scale tenant, unlimited allows all MCP pillars, including Studio. It does not bypass the remaining visibility or approval gates.