MCP permissions

When you generate an access token for MCP use, you can scope its permissions to limit what a connected agent can do.

Available permission scopes

ScopeWhat it allows
read:testsList and read test definitions
write:testsCreate and modify test definitions
run:testsTrigger test runs
read:issuesRead issues and their evidence
write:issuesUpdate issue status (push, resolve, dismiss)
read:projectsList projects and workspaces
Caution

The write:tests scope allows the agent to create and modify test definitions. Only grant this if you trust the agent to author tests autonomously.

General coding assistant (verify fixes, not author tests):

read:tests, run:tests, read:issues

Autonomous QA agent (full authoring loop):

read:tests, write:tests, run:tests, read:issues, write:issues, read:projects

Revoking access

Tokens can be revoked at any time from Settings → Access tokens. Revocation takes effect immediately — any in-flight MCP calls will return a 401 Unauthorized error.