Agents

MCP usage

Register Horato as an MCP server and expose resource-safe tools to agent runtimes.

MCP tools use the same action model as REST. Read tools are safe by default; write tools should be approval-gated when they affect external users or provider state.

Tool model

Tools are thin bindings over Horato resources. The tool catalog should include the input schema, capability requirement, approval policy, and output shape.

  • `email.search` reads messages and threads.
  • `calendar.availability` reads free/busy and booking availability.
  • `booking.create` creates or holds a booking.
  • `email.send` requires approval before sending externally visible mail.

Server configuration

Set the API key and base URL in the MCP server environment.

MCP server environmentbash
HORATO_API_KEY=hr_live_...
HORATO_API_BASE_URL=https://api.hora.to
Agent configjson
{
  "mcpServers": {
    "horato": {
      "command": "npx",
      "args": ["@horato/mcp"],
      "env": {
        "HORATO_API_KEY": "hr_live_..."
      }
    }
  }
}

Approval policy

Require approval for operations that send messages, create bookings, modify events, delete data, rotate keys, replay deliveries, or start data export jobs.

Approval-gated writetypescript
tools.register("email.send", {
  requiresApproval: true,
  inputSchema: sendEmailSchema,
  handler: horato.mcp.email.send
});

Run history

Every agent run should be visible through `/v1/mcp/runs` and linked to approvals, provider operations, and webhook events. Use run replay for repair workflows after a transient provider failure.