Connect
Optimize
Secure
The #1 agentic semantic tool search: 91.6% first-try accuracy on S1 Search Bench • Explore Tool Discovery →
Connect your AI agent to StackOne's SpotDraft MCP server and give it 60 MCP tools out of the box. Auth, tool execution, and security all managed.
Coverage
Create, read, update, and delete across SpotDraft — and extend your agent's capabilities with custom actions.
Authentication
Per-user OAuth in one call. Your SpotDraft MCP server gets session-scoped tokens with zero credentials stored on your infra.
Agent Auth →Security
Every SpotDraft tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.
Prompt Injection Defense →Performance
Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every SpotDraft call.
Tools Discovery →A SpotDraft MCP server lets AI agents read and write SpotDraft data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's SpotDraft MCP server ships with 60 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, observability, and agent execution runtime. Connect it from MCP clients like Claude Desktop, Claude Code, Cursor, Goose, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.
Every action from SpotDraft's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.
Create a new contract from a template with specified data and counterparties.
Retrieve a paginated list of contracts in the workspace.
Download the contract file by composite ID.
Get Counterparty.
Update Counterparty.
Create Counterparty Contact.
List Counterparty Contacts.
Update Counterparty Contact.
Delete Counterparty Contact.
Create Obligation.
List Obligations.
Get Obligation.
Update Obligation.
Delete Obligation.
Create legal intake.
List legal intakes.
Retrieve a specific legal intake by its ID.
Update legal intake.
Delete legal intake.
Generate a download link for a contract file.
Send a contract to its counterparties via email.
Upload an existing contract document for review in SpotDraft.
Upload an existing contract document for signing in SpotDraft.
Upload an already-executed contract document to SpotDraft.
Create a relation between two contracts.
Create a review request for a contract.
Create Counter Party.
Create and Invite User.
Create Entity.
Create and Send adhoc Approvals.
Add Comment to Contract Activity Log.
Get the current status of a contract by its composite ID.
Retrieve the text content of a contract.
List contracts associated with a given external metadata ID.
Get contracts related to a specific contract.
Get questionnaire responses for a contract.
Get the list of users authorized to access a contract.
List Counterparties.
Get User List.
Get Contract Type List.
List Contract Type Entities.
Get Template List.
Get Template Details.
Get Template Metadata.
Get Organization Entities.
Get Webhook secret.
Get Contract Approvals.
Get Comments in Contract Activity Log.
Get Contract Recipients.
Get Recipient Link.
Update the data fields of an existing contract.
Update the business user assigned to a contract.
Update an existing contract template.
Remove Webhook.
Void a contract by its composite ID.
Mark a contract as ready for execution.
Resend the signing email to a contract signatory.
Generate a preview of a contract from a template.
Setup Webhook.
Invite Users & Roles.
One endpoint. Any framework. Your agent is talking to SpotDraft in under 10 lines of code.
Agent Frameworks
{
"mcpServers": {
"stackone": {
"command": "npx",
"args": [
"-y",
"mcp-remote@latest",
"https://api.stackone.com/mcp?x-account-id=<account_id>",
"--header",
"Authorization: Basic <YOUR_BASE64_TOKEN>"
]
}
}
}Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.
11 min
Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.
10 min
MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.
12 min
MCP vs A2A: what each protocol standardizes, how they differ, their shared security risks including indirect prompt injection, and when to use one, both, or a hybrid architecture.
12 min
MCP wraps APIs, it doesn't replace them. After building 200+ connectors that serve both, here's when each approach wins.
14 min read
origin_owner_id.All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.