Tools and MCP
Tools are how agents act on your workspace: query data, edit workflows, search the Knowledge Graph, run canvas changes, call external systems, and complete governed procedures. Fontana exposes one unified catalog of built-in capabilities and Model Context Protocol (MCP) integrations. You assign tools per agent in Admin → Agents; the model never receives open-ended access to your estate. Every invocation is audited for compliance review.
Use MCP to access external data sources, perform financial data lookups, or communicate directly with your firm's tooling.
Built-in tools
Section titled “Built-in tools”Built-in tools run server-side inside your workspace (Convex tenant). They do not require an external MCP server. You allowlist them per agent; Fontana executes them on the server and returns results into the same chat thread.
Typical built-in capabilities include:
| Area | What agents can do |
|---|---|
| Workflows and data | List resources, query workflow configuration, inspect run datasets, and start workflow runs |
| Knowledge Graph | Search governed corpora, fetch documents by slug, and manage agent memory where permitted |
| Canvas | Query and mutate workflow graphs (nodes, edges, ports, and canvas config) through typed canvas tools, often via Skills playbooks |
| Documents | Create, read, update, and rename workflow documents (specs, design notes, reports) tied to a workflow |
| Chat orchestration | Ask humans structured questions (Human in the Loop), manage task lists, delegate to sub-agents, and hand off threads |
| Skills runtime | Activate and close skill sessions and fetch bundled skill reference files |
Built-in tools are the default surface for day-to-day Flow work. Prefer them when the capability already exists in Fontana so execution stays in-tenant, audited, and aligned with RBAC.
MCP connections
Section titled “MCP connections”Use MCP when an agent must reach an external system you operate: SaaS APIs, databases, search services, calculators, or firm-specific HTTP tool servers.
In Admin → Tools, you register MCP connections (HTTP or SSE transport), test connectivity, and refresh the discovered tool list. Approved tools appear in the agent catalog under namespaced ids (mcp_<connectionSlug>_<toolName>). You can assign individual tools or a connection wildcard (mcp_<connectionSlug>.*) that expands against the cached snapshot at runtime.
| Topic | What you should know |
|---|---|
| Authentication | Bearer tokens and OAuth app credentials (including BYOK Client ID/Secret) are stored write-only in Vault and used only during discovery and execution |
| OAuth providers | Hosted flows (for example Notion-style MCP URLs) use browser OAuth with PKCE; redirect URIs are shown in the admin UI |
| Discovery | Tool lists refresh when you test a connection; assign tools only after a successful refresh |
| Transport | Remote HTTP/SSE only; local stdio MCP servers cannot run from Convex actions |
| Governance | Agent assignment is the approval boundary in V1; unassigned MCP tools are not callable |
Fontana acts as an MCP client: your agents call external tools; Fontana does not expose Flow as an MCP server for third-party clients in this integration path.
Configure tools for agents
Section titled “Configure tools for agents”Tool governance spans three admin surfaces that work together:
- Admin → Tools - register MCP connections, inspect schemas, refresh discovery, and manage credentials
- Admin → Agents - allowlist built-in and MCP tools (or wildcards) for each persona
- Admin → Skills - optional temporary tool expansion while a skill session is active; see Skills
Skills can union additional tools for the duration of an active playbook without permanently widening an agent’s baseline allowlist.
OpenSandbox (isolated code execution)
Section titled “OpenSandbox (isolated code execution)”When agents need to run commands, scripts, or exploratory code safely, OpenSandbox provides isolated execution on the platform cluster. Each workspace reaches OpenSandbox through a single shared MCP connection seeded at deploy time; sandboxes are ephemeral, TTL-bound, and scoped with per-workspace bearer authentication.
Agent (MCP) → OpenSandbox platform → Ephemeral sandbox pod
Exploratory compute stays separated from your tenant data plane while remaining available to allowlisted agents through the same audited tool pipeline as other MCP calls.
Audit and review
Section titled “Audit and review”Every built-in and MCP tool invocation writes to tool-call audit records with protocol metadata, latency, and outcomes. Operators with appropriate permissions can review agent tool usage in Flow admin surfaces and correlate activity with the immutable audit trail where your deployment enables it. See Observability, Compliance evidence, and Security (OpenSandbox controls in Workspace isolation).
Tools, MCP, and Agent Interop
Section titled “Tools, MCP, and Agent Interop”| Integration | Connects agents to | Configure in |
|---|---|---|
| Built-in tools | Fontana workflows, data, canvas, Knowledge Graph, chat orchestration | Admin → Agents (+ Skills for temporary expansion) |
| MCP | External tool and context servers (HTTP/SSE) | Admin → Tools + Admin → Agents |
| Agent Interop | Peer agents on other platforms (A2A, ACP, and related protocols) | Admin → Agent Interop |
Do not confuse MCP tool servers with peer-agent federation. For delegation and handoff between agents, see Agent Interop.