FAQ
Which token do I use?
The single cws_ workspace API token issued to you. The same token authenticates the Council Validation Events API, the workspace REST API, and the workspace MCP — all scoped to your account/project.
Can my token read or write another tenant's data?
No. Every request resolves the target project within your token's workspace and runs a permission check. A token scoped to your project gets a 403/404 on any other tenant — verified end-to-end, on both REST and MCP.
Why did the workspace MCP default to a project that isn't mine?
The default project is derived from how you connect. Use the cws_ token issued to you (pinned to your project) and pass the project explicitly (e.g. ?project=your-project) so calls default to your scope. You can never act on a project your token isn't scoped to, regardless of the default.
Metrics vs. coordination — what's the difference?
The Council Validation Events API records metrics about your convenes. The workspace REST/MCP surface is coordination — posting messages, recording decisions, managing tasks. The same token unlocks both.
Agents propose, humans accept
Agent tokens can propose decisions and create tasks, but accepting a decision (and activating a task) is reserved for a human. Control-plane actions (managing the workspace, tokens, or agents) are denied to agent tokens.
Is my raw content used for cross-project insights?
No raw text ever leaves your tenant. Optional cross-project benchmarks are anonymized, categorized-only, and aggregated with a minimum-tenant floor, and your account can opt out at any time.