MCP safety modes¶

The Amperity MCP server gates write operations behind a per-session safety mode. The safety mode controls if tools that create, update, or delete data can run on production tenants. Safety modes are scoped to the calling user’s session. A user’s safety mode setting does not affect another user’s safety mode setting.

Note

The safety mode model may change during beta as Amperity moves toward more granular access controls. The agent can call the safety_set_mode tool to change the current session’s mode. Treat the safety mode as a guardrail and not as a permission boundary. Pair safety mode with the access controls on the underlying Amperity tenant.

Available modes¶

The default safety mode for new sessions is strict, which restricts write operations to sandbox tenants. Safety mode must be switched to allow write operations to a production tenant.

Safety mode has the following options:

Mode	Production tenant	Sandbox tenant
strict (default)	Write operations are blocked. Read operations are allowed.	Read and write operations are allowed. Use strict for exploring the tool surface or testing prompts. The MCP server allows read and write operations to sandboxes, which allows meaningful work to occur within a sandbox and prevents write operations to the production tenant.
confirm	Write operations require an explicit confirm: true argument from the agent. Use confirm for routine work against production tenants. Each write operation requires the agent to pass confirm: true, which surfaces the change for human review.	Read and write operations are allowed.
unrestricted	All operations are allowed without explicit confirmation. Caution Use unrestricted only for scripted, audited automations or in contexts where you accept full responsibility for the outcome of write operations.	Read and write operations are allowed.

Mode

Production tenant

Sandbox tenant

strict (default)

Write operations are blocked. Read operations are allowed.

Read and write operations are allowed.

Use strict for exploring the tool surface or testing prompts. The MCP server allows read and write operations to sandboxes, which allows meaningful work to occur within a sandbox and prevents write operations to the production tenant.

confirm

Write operations require an explicit confirm: true argument from the agent.

Use confirm for routine work against production tenants. Each write operation requires the agent to pass confirm: true, which surfaces the change for human review.

Read and write operations are allowed.

unrestricted

All operations are allowed without explicit confirmation.

Caution

Use unrestricted only for scripted, audited automations or in contexts where you accept full responsibility for the outcome of write operations.

Read and write operations are allowed.

Set the safety mode¶

The MCP server exposes tools to read and update the safety mode for the current session. Ask your agent to set the safety mode with the following statement:

Set the Amperity safety mode to <mode>.

For example:

Set the Amperity safety mode to confirm.

The agent calls the safety_set_mode tool, after which the setting updates immediately and persists for the remainder of the session unless changed. You can read the current mode with safety_get_mode.

“confirm: true” may be required¶

Some tools in the MCP server, such as scheduling a campaign, running a courier group, or running an orchestration group, always require confirmation regardless of the session safety mode. This is because these actions send data to downstream systems that exist outside of Amperity.

Note

The campaign_schedule, courier_group_run, and orchestration_group_run tools always require safety mode to be set to unrestricted and always require confirm: true. If either are missing the tool is not allowed to run.

Tool descriptions returned by tools/list indicate when explicit confirmation is required.

Choose topic collections

MCP safety modes¶

Available modes¶

Set the safety mode¶

“confirm: true” may be required¶