Scopes
When you add Engram as an MCP Connector, the client receives an OAuth access token. The token carries a scope that determines what the client may do against your vault.
What the token currently grants
Section titled “What the token currently grants”Engram’s MCP endpoint today ships a single monolithic scope: mcp.
A token with the mcp scope grants the client the full MCP tool
surface against your vault: read notes, search semantically, write
notes, edit folders, attach files. The grant is “the same things you
can do as the logged-in user” — bounded by your own account, not
sharded into permissions.
Granular scopes are planned
Section titled “Granular scopes are planned”Splitting mcp into per-action scopes (notes:read,
notes:search, notes:write, notes:delete, folders:write,
metadata:read) is on the roadmap. Once shipped, the Connector
flow will let you grant the minimum permissions an agent needs
(“read + search but never write”) rather than the all-or-nothing
grant today.
If granular permissions matter to you right now, the workaround is don’t connect agents you don’t trust to write your vault — there is currently no in-protocol way to restrict the grant once issued.
Auditing and revoking access
Section titled “Auditing and revoking access”Your Engram account → API Keys lists every active OAuth client + API key. Revoking there invalidates the token server-side; the client loses access immediately.
Scope grammar (for SDK builders)
Section titled “Scope grammar (for SDK builders)”The endpoint advertises its supported scopes via
/.well-known/oauth-authorization-server. SDK builders should read
that metadata rather than hardcoding scope strings — the granular
split will surface there first.