Scopes and access control.
Bridge Town's MCP server uses token-based access tied to your account. When you first connect, OAuth asks you to approve a set of permissions. This page explains what those permissions cover.
What scopes does Bridge Town request?
Bridge Town uses a single-workspace token tied to your Bridge Town account. The token carries the same role as the user who created it (Owner, Editor, or Viewer).
| Permission area | What the agent can do |
|---|---|
| Projects | Create, list, read, and delete projects in your workspace |
| Models | Create, read, update, patch, and delete model files within projects |
| Branches | Create branches, compare branches, view version history |
| Runs | Execute models in the sandboxed runner; read run output and logs |
| Snapshots | List and read data snapshots attached to a project |
| Dashboards | Generate HTML dashboards from run output |
| Data sources | Read connected data sources (Google Sheets, CSV uploads) |
| Collaborators | Read collaborator list (read-only; cannot modify members) |
Agents connecting with an Owner token can also manage API tokens and team membership. Most day-to-day use requires only an Editor token.
How to limit what your agent can do.
Bridge Town does not support per-tool scope restrictions. The token carries the same role as the user who created it. To limit what an agent can do, create a separate Bridge Town user with the appropriate role (Viewer or Editor) and generate a token for that user from app.bridgetown.builders/connect.
Token management.
- Tokens are created per-user and revocable at any time from the Bridge Town dashboard or the authenticated token REST API.
- OAuth refresh tokens are stored encrypted; Bridge Town never writes the plaintext token to disk.
- Tokens do not expire by default; set
expires_inat creation time for time-bounded automation.