How do I install Oakallow?

Oakallow is a remote plugin. You do not need to install anything locally. Add the server URL to your AI app's MCP configuration and you are ready to go.

What AI apps work with Oakallow?

Oakallow uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Oakallow MCP Server

by Oakallow

Developer ToolsLow Risk10.0MCP RegistryRemote

Free

Server data from the Official MCP Registry

Runtime permission, approval, and audit layer for AI agent tool execution.

About

Runtime permission, approval, and audit layer for AI agent tool execution.

Remote endpoints: streamable-http: https://api.oakallow.io/mcp

Security Report

10.0

Low Risk10.0Low Risk

Valid MCP server (1 strong, 1 medium validity signals). No known CVEs in dependencies. Imported from the Official MCP Registry.

Endpoint verified · Requires authentication · 1 issue found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

How to Connect

Remote Plugin

No local installation needed. Your AI client connects to the remote endpoint directly.

Add this to your MCP configuration to connect:

{
  "mcpServers": {
    "io-github-oakallow-oakallow": {
      "url": "https://api.oakallow.io/mcp"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

Oakallow MCP Server

Runtime permission, approval, and audit governance for AI agent tool execution.

Oakallow is a hosted remote MCP server. It sits between an agent and the actions it wants to take, so that a specific action can be checked, gated behind human approval when it is risky, authorized with a single-use signed token, and recorded in an immutable audit log — at the moment of execution.

Website: https://oakallow.com
MCP endpoint: https://api.oakallow.io/mcp (Streamable HTTP)
OAuth 2.1 compliance: https://oakallow.com/docs/oauth
MCP protocol details: https://oakallow.com/docs/mcp

What this connector is for

Oakallow injects a governance checkpoint into a workflow that may also use other connectors. An agent does its investigative work (for example, looking up an account through another connector), forms a recommendation, and calls Oakallow to request approval for the action. A human approver then decides in the Oakallow dashboard or mobile app, under enforced multi-factor authentication.

The connector is a requester and pass-through, not a decider:

It can list your tools, check permissions, request approvals, and mint run tokens once an action is approved.
It cannot approve or deny on a human's behalf. Decisions happen on a separate, MFA-bound surface (the dashboard), never over the connector.

Standard tools

Tool	Purpose	Reads only
`list_my_tools`	Enumerate the tools available to the signed-in user in their org	yes
`check_permission`	Ask whether a given tool call would be allowed, require approval, or be blocked	yes*
`list_pending_approvals`	List approval requests still awaiting a human decision	yes
`check_approval_status`	Poll a pending approval request by reference number	yes

* check_permission returns a read-only verdict, but checking an unregistered tool has a side effect by design: Oakallow auto-creates a gated draft entry for that tool (with conservative, fail-closed defaults) so the eventual call is governed and the owner can triage it from the dashboard. A requires_approval verdict also creates an approval request. This is intentional — an unknown tool is never silently trusted.

Connecting

Add https://api.oakallow.io/mcp as a custom connector in your MCP client (Claude, Claude Desktop, Cowork, ChatGPT, or any Streamable HTTP MCP host). You will be redirected to sign in to Oakallow and approve the requested scopes:

mcp:read — list tools, view pending approvals, check permissions, read activity.
mcp:write — create approval requests and mint run tokens.

See examples/ for a Claude Desktop config and an OAuth flow walkthrough.

How a governed call works

The agent calls Oakallow with its credential.
Oakallow resolves the permission rule for the specific tool, tenant, and resource.
If the action is allowed, Oakallow mints a single-use, HMAC-signed run token.
If approval is required, an approval request is created and a human is notified. The agent's call is held until the request is decided or expires.
The agent uses the run token to perform the action; Oakallow writes an immutable audit row capturing the outcome.

Oakallow lives outside the execution path. It governs and records what was reported; it does not run your tools or receive your tool parameters beyond a PII-scrubbed reason.

License

See LICENSE.

Changelog

See CHANGELOG.md.

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Oakallow MCP Server

About

Security Report

Findings (1)

Permissions Required

How to Connect

Documentation

Oakallow MCP Server

What this connector is for

Standard tools

Connecting

How a governed call works

License

Changelog

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent