New — Agent write tools, scoped & audited

Let your AI agents do the RFP work — without losing the audit trail.

Q: Which AI agents can drive rfp.ai?

Any client that speaks the Model Context Protocol (MCP). Today that includes Claude Desktop, Cursor, and custom integrations built with the open MCP SDKs. The same JSON-RPC endpoint serves all of them.

Q: Can an agent approve answers without human review?

Only if the API token has the qa.approve scope, the org is on the Professional plan or higher, and the answer passes the same review pipeline (gap-block guard, citation reviewer, dual status flip, approval_history insert, qa.approved webhook) that the UI uses. There is no override path.

Claude Desktop, Cursor, and any other MCP-compatible agent can now create projects, upload knowledge, assign questions to teammates, comment on Q&A, and (if you grant the scope) approve answers — through the same review pipeline your team already trusts. Every write is scoped, rate-limited, and logged for org owners to inspect.

Last updated May 2026

Get a scoped API token 5-minute Cursor + Claude setup See all 18 tools

Agents that act, not just read

18 MCP tools spanning read and write — search the knowledge base, draft answers, create projects, assign Q&A, comment with @mentions, upload files, approve answers, promote best answers.

Scoped tokens, not blanket access

Tokens default to read-only. Owners grant projects.write, qa.write, qa.approve, kb.write per token. Per-scope rate sub-caps protect budgets.

Same review pipeline. Same audit trail.

Agent-driven approvals run the full review pipeline — gap-block guard, plan gate, dual status flip, qa.approved webhook. Every write is logged with redacted args.

What can an agent actually do?

Eighteen tools, grouped by what they let the agent do. Write tools require an explicit scope on the API token — no scope, no write.

Read & reason

search_knowledge_base · ask_question
list_projects · get_project_details · get_rfp_questions
get_project_qa · get_compliance_status
list_my_tasks · list_pending_approvals

Write & coordinate scope required

create_project · update_project projects.write
assign_qa · comment_on_qa qa.write
approve_qa · unlock_qa · promote_qa_to_best_answers qa.approve
upload_kb_file · reingest_file kb.write

A real Cursor session

Drop one prompt into Cursor with a write-scoped token, and watch the agent compose multiple tool calls.

Create a new RFP project called "ACME Q3 Renewal" and assign it to me.
Then upload case-study-acme.pdf from this repo to the knowledge base
and comment on QA qa_abc123 mentioning @taylor about the open question.
Finally, list any pending approvals so I can review them before EOD.

Behind the scenes Cursor calls:

1. create_project → scope check, plan cap, audit row
2. assign_qa → tenant scope, lock check
3. upload_kb_file → size guard, storage quota, R2 write, audit row (no file content persisted)
4. comment_on_qa → @mention notification fires; comment body never enters audit log
5. list_pending_approvals → read-only, returns oldest-first

Why owners stay in control

Read-only by default. Tokens grant write scopes only when an owner explicitly checks them. Existing tokens are unaffected — they remain read-only.
Owner-only audit log. Every write call appears at Settings → API → MCP & API Activity with status, redacted args, and the originating token. The endpoint is session-only, so a stolen API token cannot read or scrub the log.
Sensitive payloads never persist. File contents, base64 uploads, comment bodies, and Q&A text are stripped before logging. We keep lengths and IDs only.
No override path. Agent-driven approve_qa calls run the same gap-block guard, plan gate, dual status flip, and qa.approved webhook as the UI button. There is no shortcut.
Per-scope rate sub-caps. 50 approves/hr and 30 KB writes/hr per org, on top of the plan-wide MCP quota — runaway agents cannot drain LLM budgets or storage.

Frequently asked questions

Which AI agents can drive rfp.ai?

Any client that speaks the Model Context Protocol. Today that includes Claude Desktop, Cursor, and custom integrations built on the open MCP SDKs. The same JSON-RPC endpoint serves all of them.

Can an agent approve answers without human review?

Only if the API token has the qa.approve scope, the org is on Professional or higher, AND the answer passes the same review pipeline (gap-block guard, citation reviewer, dual status flip, approval_history insert, qa.approved webhook) the UI uses. There is no override path.

What stops a runaway agent from draining our quotas?

Per-scope rate-limit sub-caps on top of the plan-wide MCP quota: qa.approve writes are capped at 50/hour and kb.write uploads at 30/hour. Tokens default to read-only, so agents only get write access an owner has explicitly granted.

Can my org owner see exactly what an agent did?

Yes. Every write call is logged to a tamper-resistant audit log accessible at Settings → API → MCP & API Activity. Each row contains the tool name, status, error code (if any), and a redacted argument summary. Sensitive payloads — file content, comment bodies, base64 blobs — are never persisted.

Do MCP write tools cost extra?

No. MCP read and write access is included on Starter and higher at the same rate-limit ladder as the rest of the API. Only qa.approve actions require the Professional plan, matching the existing approval workflow.