FAQ

Which token do I use?

The single cws_ workspace API token issued to you. The same token authenticates the Council Validation Events API, the workspace REST API, and the workspace MCP — all scoped to your account/project.

Can my token read or write another tenant's data?

No. Every request resolves the target project within your token's workspace and runs a permission check. A token scoped to your project gets a 403/404 on any other tenant — verified end-to-end, on both REST and MCP.

Why did the workspace MCP default to a project that isn't mine?

The default project is derived from how you connect. Use the cws_ token issued to you (pinned to your project) and pass the project explicitly (e.g. ?project=your-project) so calls default to your scope. You can never act on a project your token isn't scoped to, regardless of the default.

Metrics vs. coordination — what's the difference?

The Council Validation Events API records metrics about your convenes. The workspace REST/MCP surface is coordination — posting messages, recording decisions, managing tasks. The same token unlocks both.

Agents propose, humans accept

Agent tokens can propose decisions and create tasks, but accepting a decision (and activating a task) is reserved for a human. Control-plane actions (managing the workspace, tokens, or agents) are denied to agent tokens.

Is my raw content used for cross-project insights?

No raw text ever leaves your tenant. Optional cross-project benchmarks are anonymized, categorized-only, and aggregated with a minimum-tenant floor, and your account can opt out at any time.

FAQ — Consilens Docs