Command Inbox
Reference

Corsair MCP tools

Agent tool definitions, approval flow, and execution model

Source: src/lib/agent/mcp-tools.ts, src/lib/agent/action-tools.ts, @corsair-dev/mcp.

The agent embeds Corsair MCP tools in-process — no standalone MCP HTTP server required for in-app chat. A separate stdio MCP server (mcp-server.ts) is available for Cursor.

buildAgentMcpTools

function buildAgentMcpTools(
  tenant: ReturnType<CorsairInstance["withTenant"]>,
  userId: string,
  userEmail: string
): ToolSet

Called per request in POST /api/agent/chat with the authenticated user's Corsair tenant.

Tool layers

1. Typed workflow tools (writes + inbox reads)

Defined in src/lib/agent/action-tools.ts. Write tools use needsApproval: true and rich preview cards in agent-tool-approval.tsx.

ToolApprovalPurpose
send_emailYesSend mail with optional attachments
schedule_sendYesQueue mail for later
create_calendar_inviteYesEvent + Google Meet
reschedule_calendar_eventYesMove event by id
cancel_calendar_eventYesDelete event by id
stage_thread_attachmentNoStage inbound attachment for send
search_threadsNoGmail query + optional lane filter
list_calendar_eventsNoEvents in date range

2. Corsair discovery tools (read-only)

From buildCorsairToolDefs() with an explicit allowlist (corsair-tool-allowlist.ts):

ToolPurpose
list_operationsDiscover Gmail/Calendar API paths
get_schemaInspect schema for a path from list_operations

Not exposed: run_script, corsair_setup — writes use typed tools above.

Execution flow

  1. User sends message → POST /api/agent/chat
  2. createInboxAgentStream() runs streamText with merged tools
  3. Agent may call discovery tools and read-only workflow tools freely
  4. On send_email, create_calendar_invite, etc. → stream pauses for approval
  5. User approves → execute() runs against Corsair tenant
  6. Stream continues with tool result

Error handling

If Corsair returns isError: true, toolResultToOutput throws with the text content — surfaced via agentStreamErrorHandler.

System prompt

src/lib/agent/system-prompt.ts instructs the model to prefer typed tools for writes and search_threads / list_calendar_events for reads.

Security model

PropertyValue
Tenant isolationTools scoped to userId tenant only
CredentialsUser's OAuth tokens via Corsair
Approval gateTyped write tools require explicit user consent
Timeout60s max duration on chat route

Example agent prompt

Send a calendar invite to friend@corsair.dev at 9 AM next Thursday
and email him saying I look forward to it.

Expected tool sequence:

  1. create_calendar_invite (approval)
  2. send_email (approval)

Scripts and CLI

npm/bun scripts and utility commands

On this page

buildAgentMcpToolsTool layers1. Typed workflow tools (writes + inbox reads)2. Corsair discovery tools (read-only)Execution flowError handlingSystem promptSecurity modelExample agent promptRelated