test/live separation, and data isolation apply identically; connecting over MCP never grants access you don’t already have through the API.
How it works
- Auth: OAuth 2.1, handled automatically by your client on first connect — you sign in to Artu in your browser; there’s no API key to paste. See Connecting.
- Scope by URL: the compliance scope is bound to the connection URL path. See Connecting.
- Your permissions apply: every call is governed by your organization’s existing permissions and the selected environment — listing clients needs
clients:read, saving needsclients:edit, and so on. Your data stays isolated to your organization.
Read tools and action tools
The server exposes two kinds of tools:- Read tools — an unrestricted surface for listing and fetching clients, transactions, alerts, workflows, reports, documents, and evidence. Available on every connection.
- Action tools — a small, task-oriented set of mutations (create/update records, transition alert status, run/cancel workflows, attach files). Action tools exist only on scoped connections; unscoped connections are read-only.
Safety model
- No deletes, no batch. The mutating surface is deliberately narrow.
- Explicit annotations. Every tool advertises MCP annotations (
readOnlyHint,destructiveHint,idempotentHint) so MCP clients can reason about side effects and prompt for confirmation before mutating calls. - Your permissions, in every environment.
liveandtestare both gated by your organization’s permissions — a call you’re not allowed to make fails with a clear “you don’t have edit access” message.