Skip to content

Tools and MCP

Tools are how agents act on your workspace: query data, edit workflows, search the Knowledge Graph, run canvas changes, call external systems, and complete governed procedures. Fontana exposes one unified catalog of built-in capabilities and Model Context Protocol (MCP) integrations. You assign tools per agent in Admin → Agents; the model never receives open-ended access to your estate. Every invocation is audited for compliance review.

MCP

Use MCP to access external data sources, perform financial data lookups, or communicate directly with your firm's tooling.

Built-in tools run server-side inside your workspace (Convex tenant). They do not require an external MCP server. You allowlist them per agent; Fontana executes them on the server and returns results into the same chat thread.

Typical built-in capabilities include:

AreaWhat agents can do
Workflows and dataList resources, query workflow configuration, inspect run datasets, and start workflow runs
Knowledge GraphSearch governed corpora, fetch documents by slug, and manage agent memory where permitted
CanvasQuery and mutate workflow graphs (nodes, edges, ports, and canvas config) through typed canvas tools, often via Skills playbooks
DocumentsCreate, read, update, and rename workflow documents (specs, design notes, reports) tied to a workflow
Chat orchestrationAsk humans structured questions (Human in the Loop), manage task lists, delegate to sub-agents, and hand off threads
Skills runtimeActivate and close skill sessions and fetch bundled skill reference files

Built-in tools are the default surface for day-to-day Flow work. Prefer them when the capability already exists in Fontana so execution stays in-tenant, audited, and aligned with RBAC.

Use MCP when an agent must reach an external system you operate: SaaS APIs, databases, search services, calculators, or firm-specific HTTP tool servers.

In Admin → Tools, you register MCP connections (HTTP or SSE transport), test connectivity, and refresh the discovered tool list. Approved tools appear in the agent catalog under namespaced ids (mcp_<connectionSlug>_<toolName>). You can assign individual tools or a connection wildcard (mcp_<connectionSlug>.*) that expands against the cached snapshot at runtime.

TopicWhat you should know
AuthenticationBearer tokens and OAuth app credentials (including BYOK Client ID/Secret) are stored write-only in Vault and used only during discovery and execution
OAuth providersHosted flows (for example Notion-style MCP URLs) use browser OAuth with PKCE; redirect URIs are shown in the admin UI
DiscoveryTool lists refresh when you test a connection; assign tools only after a successful refresh
TransportRemote HTTP/SSE only; local stdio MCP servers cannot run from Convex actions
GovernanceAgent assignment is the approval boundary in V1; unassigned MCP tools are not callable

Fontana acts as an MCP client: your agents call external tools; Fontana does not expose Flow as an MCP server for third-party clients in this integration path.

Tool governance spans three admin surfaces that work together:

  1. Admin → Tools - register MCP connections, inspect schemas, refresh discovery, and manage credentials
  2. Admin → Agents - allowlist built-in and MCP tools (or wildcards) for each persona
  3. Admin → Skills - optional temporary tool expansion while a skill session is active; see Skills

Skills can union additional tools for the duration of an active playbook without permanently widening an agent’s baseline allowlist.

When agents need to run commands, scripts, or exploratory code safely, OpenSandbox provides isolated execution on the platform cluster. Each workspace reaches OpenSandbox through a single shared MCP connection seeded at deploy time; sandboxes are ephemeral, TTL-bound, and scoped with per-workspace bearer authentication.

Agent (MCP)OpenSandbox platformEphemeral sandbox pod

Exploratory compute stays separated from your tenant data plane while remaining available to allowlisted agents through the same audited tool pipeline as other MCP calls.

Every built-in and MCP tool invocation writes to tool-call audit records with protocol metadata, latency, and outcomes. Operators with appropriate permissions can review agent tool usage in Flow admin surfaces and correlate activity with the immutable audit trail where your deployment enables it. See Observability, Compliance evidence, and Security (OpenSandbox controls in Workspace isolation).

IntegrationConnects agents toConfigure in
Built-in toolsFontana workflows, data, canvas, Knowledge Graph, chat orchestrationAdmin → Agents (+ Skills for temporary expansion)
MCPExternal tool and context servers (HTTP/SSE)Admin → Tools + Admin → Agents
Agent InteropPeer agents on other platforms (A2A, ACP, and related protocols)Admin → Agent Interop

Do not confuse MCP tool servers with peer-agent federation. For delegation and handoff between agents, see Agent Interop.