Documentation

Open App

Core Concepts

Agents

How PIILOT treats agents as controlled automation workers.

In PIILOT, agents are controlled workers that can help create, inspect, validate, and operate automations. The Agent Control surface exposes a PIILOT MCP server so external MCP-capable tools can interact with PIILOT through scoped clients.

The current control plane uses bearer-token MCP clients, exposes registered tool capabilities, and records recent MCP tool calls as a compact audit trail. Risky or sensitive actions are designed to route through approval controls instead of running blindly.

Agent control plane
flowchart TD
  A[External MCP client]
  A --> B[PIILOT MCP endpoint]
  B --> C[Bearer token check]
  C --> D[Scoped capability registry]
  D --> E[Workspace tool request]
  E --> F{Risky action?}
  F -- Yes --> G[Approval flow]
  F -- No --> H[Execute tool]
  G --> H
  H --> I[Tool result]
  I --> J[Compact audit trail]

Agent safeguards

  • MCP clients are scoped and token-based.
  • Tokens are shown once when created and can be revoked.
  • The exposed capability list comes from the live MCP server registry.
  • Recent calls show tool name, status, risk level, summary, errors, and timing metadata.
  • Large payloads are intentionally not stored in the compact call list.