Conduit

Safety & Approvals

Conduit includes multiple safety layers for MCP operations, ensuring that AI agents cannot access sensitive data or abuse connection resources without oversight. The centerpiece is the Tool Call Approval System, which gates every MCP tool invocation behind explicit user approval.

Tool Call Approval System

Every MCP tool call requires your explicit approval before it executes. This applies universally across all execution paths: Conduit's built-in AI chat, Claude Code, and Codex agents. The approval system is enabled by default for maximum security.

Approval Dialog

When an AI agent calls an MCP tool, Conduit displays a modal dialog showing:

  • The tool name in monospace font.
  • A color-coded category badge indicating the tool's type — read (blue), execute (orange), write (purple), navigate (cyan), credential (red), or connection (green).
  • A description of what the tool does.
  • A collapsible arguments preview showing the JSON-formatted parameters the agent is passing to the tool.

You can Approve or Deny each request. The calling agent blocks until you respond.

Always Allow

Each approval dialog includes an Always allow checkbox. When checked and the request is approved, that specific tool is added to your always-allowed list and will skip the approval prompt in future calls. This lets you build a trusted set of tools over time without being prompted repeatedly for tools you use regularly.

Sensitive Argument Masking

Arguments containing sensitive data — passwords, private keys, and TOTP secrets — are automatically masked as ******** in the approval dialog. The actual values are never displayed in the UI, even in the collapsible argument preview.

Credential Tool Warnings

Tools in the credential category display a special warning banner in the approval dialog, alerting you that approving the request will give the AI agent access to secrets stored in the credential. This provides an additional visual cue for the most sensitive operations.

Queue Management

When multiple tool calls arrive in quick succession, Conduit queues them and displays a “1 of N” counter in the dialog header. Approvals are processed one at a time so you can review each request individually.

Auto-Deny Timeout

If an approval prompt goes unanswered for 120 seconds, Conduit automatically denies the request. This prevents unattended prompts from blocking agent workflows indefinitely.

Disabling approvals

You can disable the approval system entirely from Settings > AI > Tool Approvals. When disabled, all MCP tools execute without prompting. This is convenient for trusted environments but removes the safety gate — use with caution.

Managing Always-Allowed Tools

The always-allowed list is managed in Settings > AI > Tool Approvals. The settings panel shows:

  • A master toggle to enable or disable the approval system globally.
  • A grouped list of always-allowed tools organized by category, each with its color-coded badge.
  • Individual remove buttons (visible on hover) to revoke trust for specific tools.
  • A Remove All button to clear the entire always-allowed list at once.

Always-allowed preferences persist across app restarts and are stored in your local settings file.

Secret Redaction

Read tools (EntryInfo and DocumentRead) automatically mask vault fields marked as !!secret!!, replacing their values with [REDACTED]. This prevents AI agents from inadvertently exposing visually-masked secrets through their output.

Write-Tool Guidelines

Three MCP tools can write data to your vault: EntryUpdateNotes, DocumentCreate, and DocumentUpdate. Each tool's description includes explicit instructions requiring the AI agent to show you the proposed content and receive your approval before calling the tool.

The auto-generated CLAUDE.md and AGENTS.md files include a dedicated write-tool guidelines section that reinforces this pattern for all supported agents.

Rate Limiting

Every MCP tool is rate-limited using a token bucket algorithm. Each tool has its own bucket, preventing any single tool from being called faster than its configured threshold. If an agent exceeds the rate limit, the tool returns an error with a retry-after hint so the agent can back off and retry.

Audit Logging

All MCP tool invocations are logged with:

  • Timestamp
  • Tool name
  • Parameters
  • Result status

Audit logs provide a full record of what AI agents have done with your connections, making it straightforward to review activity and identify unexpected behavior.

Review your logs

Review audit logs periodically to understand how AI agents are interacting with your connections.

Tier Gating

MCP access requires a Pro or Team tier subscription. If mcp_enabled is false on your tier, tools like ConnectionOpen will return a blocked error with a message indicating the required tier. Free tier users cannot use MCP operations.

Standalone Fallback

The MCP server continues operating if the main Conduit app disconnects temporarily. It will attempt to reconnect to the app automatically and resume normal operation once the connection is re-established. This ensures that brief app restarts or UI reloads do not interrupt active agent workflows.

Tool ReferenceOrganization