Armature enforces access control through the MCP endpoint using the same four roles as the dashboard:Documentation Index
Fetch the complete documentation index at: https://docs.armature.tech/llms.txt
Use this file to discover all available pages before exploring further.
viewer, editor, admin, and owner. When you create an API key, it is frozen to the issuing user’s current role. That role determines, for every MCP request the key makes, which tools the agent can call, which resources it can read, and which operations it can perform. There is no way to escalate privileges through the MCP API—if the agent needs broader access, you create a key under a user who holds the appropriate role.
Permission matrix
The table below lists every MCP surface and which roles can access it.| Surface | viewer | editor | admin | owner |
|---|---|---|---|---|
| Read tools, resources, and prompts | yes | yes | yes | yes |
compare_runs | yes | yes | yes | yes |
| Coverage report resource | yes | yes | yes | yes |
| Proposal resource | yes | yes | yes | yes |
propose_workflow_patch | yes | yes | yes | yes |
draft_regression_workflow_from_run | yes | yes | yes | yes |
apply_workflow_change | no | yes | yes | yes |
run_workflow_now | no | yes | yes | yes |
sync_mcp_server_capabilities | no | no | yes | yes |
Viewer-role agents can read all data, compare runs, propose workflow patches, and draft regression workflows—but they cannot apply changes or dispatch live runs. This makes viewer keys appropriate for agents that investigate and recommend, while humans or editor-level agents handle execution.
Role behavior in detail
Viewer agents have full read access across every tool, resource, and prompt. They can propose patches and draft regression workflows, giving them the ability to prepare changes for human review. They cannot apply those changes or trigger workflow runs, so they cannot affect your production test state. Editor agents can do everything a viewer can, plus apply staged workflow changes and dispatch manual runs viarun_workflow_now. Use editor keys for agents that are trusted to act on their own proposals after validation.
Admin agents can do everything an editor can, plus explicitly sync a target MCP server’s tool catalog using sync_mcp_server_capabilities. Capability sync reaches out to the target MCP server, so it is appropriately restricted to admin and above.
Owner agents have the same effective permissions as admin through the MCP API.
Implicit capability sync
During proposal validation, Armature may run an implicit capability sync against the target MCP server to check whether the tools referenced in the patch still exist. This system-mediated sync runs under the same five-minute cooldown as an explicit sync, is recorded in the audit log, and only callstools/list on the target server. It may run even when the requesting agent holds a viewer role, because it is initiated by Armature’s validation logic rather than by a direct tool call from the agent.
If the implicit sync fails, proposal validation continues against the last known catalog and returns a warning such as catalog_stale_sync_failed in the response. The proposal is not blocked.