EziBreezy MCP gives AI agents a controlled way to inspect and help with your social media workspace, from drafts and schedules to approvals, inbox threads, media, and reports, while keeping high-risk actions behind permissions and confirmations.
Connect Claude Code, Codex, Cursor, or another MCP-compatible client. The agent can ask EziBreezy for the context it needs: which workspaces exist, which accounts are connected, what drafts are waiting for review, what is scheduled this week, which inbox threads need attention, or how a recent campaign performed.
When work moves from inspection to action, MCP uses explicit scopes. mcp:read exposes read-only tools. mcp:write allows selected draft, schedule, notes, and media actions. mcp:dangerous is reserved for externally visible or destructive actions like publish now, inbox replies, deletes, retries, and sending client review batches.
MCP is most useful when an agent needs product context before it can help. Instead of copying screenshots into a chat, you can ask an agent to list drafts waiting for review, compare scheduled posts by platform, check which media assets are available, summarize inbox backlog, or pull analytics for the last 30 days.
Actions land back in the same surfaces your team already uses: the Composer, Calendar, Board, Media Room, Approvals, and Inbox.
mcp:read
List workspaces, integrations, content, history, approvals, client review batches, taxonomy, hashtags, media, grid items, analytics, and inbox work.
mcp:write
Create draft content, schedule an existing post, update internal notes, and handle the two-step media upload flow. Editor or admin role required.
mcp:dangerous
Publish now, reply or moderate inbox messages, change read state, retry failed work, delete failed messages, archive, restore, delete, retry content, and send review batches.
Exact action + target
Dangerous calls require exact text such as publish_now:<contentId> or inbox_reply:<threadId>. Missing or wrong text fails before the action runs.
Browser approval or API key
Browser-approved MCP uses OAuth with PKCE, 6-hour access tokens, and 90-day rotating refresh tokens. API keys remain available for headless setups.
Workspace checks
Read tools require workspace access. Write and dangerous tools require editor or admin access. Organization-scoped grants still check the workspace on every call.
A hosted Model Context Protocol server at the EziBreezy API endpoint. MCP clients receive typed tools for workspace-aware social media work instead of scraping the UI or guessing from pasted context.
The backend registers 48 tools today: 32 read tools, 5 write tools, and 11 high-risk tools. The tool list changes with the scopes and policies approved for that connection.
Workspaces, integrations, platform capabilities and options, drafts and scheduled content, content history, approval history, client review batches, taxonomy, hashtag groups, media, media folders, media tags, grid items, analytics, demographics, integration health, inbox threads, inbox messages, and inbox stats.
With mcp:write, an editor or admin can create a draft, schedule existing content, update internal notes, initialize a media upload, and complete a media upload. These actions do not bypass the product's normal validation.
mcp:dangerous exposes publish_now, reply_to_inbox_thread, moderate_inbox_message, set_inbox_thread_read_state, retry_inbox_message, delete_failed_inbox_message, archive_content, restore_content, delete_content, retry_content, and send_client_review_batch.
Each dangerous action requires an exact confirmationText value based on the action and target ID. Server-side dangerous auto-confirm exists only when explicitly enabled by policy for named actions.
Preferred setup is browser approval from the MCP client. The frontend authorization page validates PKCE S256, shows requested scopes, lets the user choose organization context when needed, and issues a scoped MCP token after approval.
Browser-approved MCP grants are tied to an organization context. Individual tool calls still pass a workspace ID, and the backend checks that the user can access that workspace before reading or mutating anything.
OAuth access tokens last 6 hours. Refresh tokens rotate and last up to 90 days. Approved clients appear in MCP Connections, where access can be revoked immediately.
MCP tool calls are logged with the tool name, user, credential type, client, scopes, organization, workspace, targets, confirmation mode, duration, and outcome so support and engineering can trace behavior.
The MCP controller is throttled at 60 requests per minute and guarded by the same allowed-origin rules as the API. Downstream publishing and inbox actions still inherit provider limits and validation.
Read tools cover history and client review batch detail on Agency or higher plans. Sending an existing client review batch is possible only as a dangerous, confirmation-required action.
Agents can read summaries, aggregate performance, post analytics, demographics, and health. MCP v1 does not generate PDF analytics reports; use the app, API, or CLI for that workflow.
MCP reads and guarded inbox actions follow the Social Inbox surface: Instagram, Facebook, and Threads are the active connected inbox platforms today, with platform rules deciding what replies or moderation are available.
It does not manage boost ads, create approval requests, decide approvals, add approval comments, create client review batches, add inbox notes, bulk mark all inbox threads read, reorder or promote grid items, run broad media mutations, or override platform API limits.
Use the API for service integrations, custom dashboards, CI jobs, and full endpoint coverage beyond the curated MCP tool list.
Use @ezibreezy/cli for terminal work, scripts, cron jobs, JSON output, and workflows that are not exposed through MCP.
Drafts created by an agent become normal EziBreezy content, ready for editing, preview, approval, scheduling, or publishing.
Scheduled content created or inspected through MCP appears on the same calendar your team uses for date-first planning.
Agents can summarize inbox backlog and, with dangerous scope plus confirmation, help reply, moderate, retry, or mark a thread read.
Use MCP for quick analytics reads, then use the reporting surface when you need a client-ready PDF workflow.
MCP is not a separate automation island. It reads from and writes into the same product surfaces your team already uses, so agent help stays visible in the normal workflow.
EziBreezy MCP is a controlled AI-agent interface for your EziBreezy workspace. It lets MCP-compatible tools inspect social media drafts, schedules, integrations, media, approvals, analytics, inbox threads, tags, hashtags, and grid-planner items, with selected write actions gated by scopes, roles, and confirmations.
An MCP server exposes product actions as typed tools that an AI client can call after authorization. In EziBreezy, those tools sit on top of the real publishing, inbox, media, approvals, analytics, and workspace systems instead of giving an agent a separate sandbox.
EziBreezy provides setup copy for Claude Code, Codex, and Cursor or other JSON-configured MCP clients. Browser-approved MCP has been validated in the product guidance with Codex and Claude Code, and any compliant HTTP MCP client can connect if it supports the required authentication flow.
With mcp:read, an agent can list workspaces, integrations, integration capabilities and options, content, content counts, content history, approval history, client review batches, taxonomy, hashtag groups, media, media folders and tags, grid items, analytics summaries, post analytics, demographics, integration health, inbox threads, inbox messages, and inbox stats.
Yes, when the connection has mcp:write and the user has editor or admin access. MCP can create draft content and schedule an existing item for a specific timestamp. Drafts and scheduled posts appear in the Composer and Calendar.
Yes, but only through the high-risk publish_now tool. The connection must include mcp:dangerous, the user must have editor or admin access, and the call must include exact confirmation text such as publish_now:<contentId> unless a server-side dangerous auto-confirm policy has explicitly allowed that action.
Yes, with safeguards. Read tools can list inbox threads, messages, and stats. Reply, moderation, retry, delete-failed, and read-state changes are high-risk tools under mcp:dangerous and require exact confirmation text before they run. The same platform caveats as the Social Inbox still apply.
Yes. Dangerous tools are not exposed unless the connection has mcp:dangerous, workspace roles still apply, and each high-risk call requires exact confirmation text tied to the action and target ID. Tool allowlists and denylists can also hide specific tools globally or for an organization.
High-risk tools require a confirmationText value that exactly matches the server's expected action and target, such as inbox_reply:<threadId>, delete_content:<contentId>, or client_review_send:<batchId>. If the text is missing or wrong, the tool returns a confirmation-required error with the expected text.
Yes. Every workspace-scoped tool checks access before it reads or writes. Read tools require workspace access; write and dangerous tools require editor or admin roles. Viewer access can inspect allowed data but cannot create, schedule, publish, reply, delete, or moderate through MCP.
Yes, mostly as a read and send surface. MCP can read content history, approval history, open client review batches, and batch details on Agency or higher workspaces. It can send an existing client review batch as a dangerous, confirmation-required action, but it does not create reviews, make decisions, comment, override, cancel, or reopen approval flows yet.
MCP can read analytics summaries, aggregate metrics, post analytics, audience demographics, and integration health. It does not generate PDF analytics reports in MCP v1; use the app, API, or CLI for report generation where that workflow is available.
No. MCP is the agent-friendly surface: typed tools, OAuth scopes, and confirmations for AI clients. The REST API remains better for software integrations, servers, CI jobs, custom dashboards, and full endpoint coverage.
No. MCP is for AI tools such as Claude, Codex, and Cursor. The CLI is for humans, shell scripts, cron jobs, and CI.
MCP v1 does not expose every EziBreezy action. It does not generate PDF reports, manage boost ads, run broad media mutations, create or decide approvals, create client review batches, add inbox notes, bulk mark all inbox threads read, reorder or promote grid items, or bypass platform/API constraints. Publishing and inbox behavior still depends on the connected platform's API.