{"name":"pabloMCP","description":"Secure MCP capability layer for pairing any agent to a user's encrypted workspace vault and tools.","docs":{"llms_txt":"https://pablomcp.com/llms.txt","llms_full_txt":"https://pablomcp.com/llms-full.txt","pairing_walkthrough":"https://pablomcp.com/agent","dashboard":"https://pablomcp.com/admin"},"transports":{"mcp_streamable_http":"https://pablomcp.com/mcp","rest_json":"https://pablomcp.com/tools"},"capabilities":{"tool_count":203,"tools_by_class":{"READ":113,"DRAFT":3,"COMMIT":80,"DANGEROUS":7},"tools_preview_url":"https://pablomcp.com/tools","tools_list_unauth":true,"schema_endpoint":"https://pablomcp.com/mcp (POST {\"jsonrpc\":\"2.0\",\"method\":\"tools/list\",\"id\":1})","note":"Tool counts describe the server registry, identical for every workspace. Connector tools only function when the relevant credentials are present in the caller's vault."},"vault":{"description":"Per-workspace encrypted credential store. Secrets are AES-256-GCM at rest with a per-workspace data key — secrets never cross workspace boundaries. Connector tools read credentials from the vault first, falling back to the deployment env only for shared bootstrap variables.","addressing":"(project, name) where project is a free-form namespace and name is uppercase env-style.","tools":{"set":"vault_set (COMMIT) — store/update a credential under (project, name).","get":"vault_get (READ) — fetch the decrypted value; every fetch is audit-logged.","list":"vault_list (READ) — list {project, name, updated_at}; values never returned here.","delete":"vault_delete (DANGEROUS) — irreversible; consumers start failing immediately."}},"auth_model":{"first_pairing":["Call auth_pairing_start with the human's email and your agent name.","Ask the human for the emailed pairing code and current TOTP code.","Call auth_pairing_complete to receive your named bearer agent key."],"returning_agent":["Use Authorization: Bearer <agent_key>.","If TOTP_REQUIRED is returned, ask the human for their current TOTP code and call auth_handshake."],"approvals":"If approval_required is returned, show it to the human in the current conversation and call approval_respond."},"onboarding_tools":["auth_pairing_start","auth_pairing_status","auth_pairing_complete","auth_handshake","workspace_status"],"security":{"account_identity":"email","human_presence":"TOTP","durable_agent_identity":"named revocable bearer key","session_idle_timeout_minutes":60,"vault_encryption":"per-workspace envelope encryption"}}