Restrictions
Restrictions limit assistant access and support allowlist/blocklist logic:- Connectors: Restrict accessible connectors (e.g., allow only Slack and HubSpot).
- Actions: Block specific operations (e.g., destructive actions like
delete_channel). - Users: Restrict which end-user IDs can access the server (useful for public setups).
Note: When updating, the full
restrictions object replaces the previous configuration.Server Descriptions
description: Context for the server, shown in dashboards and lists. Helps you organize and identify your servers.
Token Settings
tokenExpiresInDays: Set token lifespan (1-365 days). After expiration, the token URL will no longer work.
Response Handling
MCP responses are sized intelligently:- Large datasets: Response includes
needsRefinementwith suggestions to filter, search, or paginate. - Medium datasets (25-50 items): First 25 items returned with
originalCountanddisplayedCount. - Small datasets (less than 25 items): Full response returned.
Pagination and Rate Limits
- List endpoints support
limitandoffset. - Responses include:
total,limit,offset,hasMore. - Default rate limit: 100 requests/min per API key/token (sliding window).
- Exceeding the limit returns HTTP 429.
- Self-hosted servers can override limits via environment variables.
Input Validation
- Server names: 1-100 characters, unique per user.
- Token lifespan: 1-365 days.
- Max request body size: 10 MB.
- Arrays: Max 1,000 items per request or response.