MCP permissions
When you generate an access token for MCP use, you can scope its permissions to limit what a connected agent can do.
Available permission scopes
| Scope | What it allows |
|---|---|
read:tests | List and read test definitions |
write:tests | Create and modify test definitions |
run:tests | Trigger test runs |
read:issues | Read issues and their evidence |
write:issues | Update issue status (push, resolve, dismiss) |
read:projects | List projects and workspaces |
Caution
The write:tests scope allows the agent to create and modify test definitions. Only grant this if you trust the agent to author tests autonomously.
Recommended scopes by use case
General coding assistant (verify fixes, not author tests):
read:tests, run:tests, read:issuesAutonomous QA agent (full authoring loop):
read:tests, write:tests, run:tests, read:issues, write:issues, read:projectsRevoking access
Tokens can be revoked at any time from Settings → Access tokens. Revocation takes effect immediately — any in-flight MCP calls will return a 401 Unauthorized error.