Quick actions reference

Analytics

growth-suite.nav.*growth-suite.lane.*.opengrowth-suite.lists.*

App API

Route-only

MCP target

planned: atlas_modules_listplanned: atlas_modules_open

Validation

Navigation-only action; no mutable payload.

Growth Hub is a cross-module command center. It must route users into CRM, Contract Hub, Document Sign, or PDF Studio without owning their records.

Analytics

growth-suite.subnav.growth-governance

App API

/growth-suite/governance

MCP target

planned: atlas_growth_suite_governance_summary

Validation

Read-only aggregate response; no raw customer notes, PDF text, or provider payloads.

Used to explain RBAC, delegated access, audit, and evidence posture across modules.

Analytics

growth-hub.action-catalog.searchgrowth-hub.action-catalog.category.*

App API

/docs/actions/growth-suite/governance

MCP target

planned: atlas_growth_hub_actions_listplanned: atlas_growth_hub_actions_describe

Validation

Catalog-only action; no mutable payload.Every listed hub action must include UI control, validation, API route or navigation boundary, and MCP tool metadata.

Makes Growth Hub operable as a command center: users can search dashboard, module launcher, lists, governance, analytics, and optional handoff actions without guessing which module owns the work.

Analytics

growth-suite.summary.*growth-suite.objects.searchgrowth-suite.evidence.export

App API

/growth-suite/summary/growth-suite/objects/search/growth-suite/evidence/export.jsonl

MCP target

atlas_growth_suite_summaryplanned: atlas_growth_suite_objects_search

Validation

Read-only aggregate posture for summary calls.Object search results are tenant-scoped and snippet-bounded.Evidence export emits retained aggregate proof, not raw provider payloads.

Closes the Growth Hub command-center readback routes that operators use to inspect summary posture, searchable CRM/PDF/signing objects, and retained evidence bundles.

Analytics

growth-suite.actions.*growth-suite.next-best-action.*

App API

/growth-suite/actions/agreements/{id}/remind-signers/growth-suite/actions/at-risk-accounts/{id}/recover/growth-suite/actions/pdf/{id}/review-risk/growth-suite/actions/stale-deals/{id}/rescue

MCP target

atlas_crm_at_risk_accounts_recoveratlas_crm_stale_deals_rescueplanned: atlas_growth_suite_guided_actions_run

Validation

Target record must exist in the active tenant.Every mutating action is explicit, bounded, and evidence-stamped.Signer reminders and recovery actions cannot expose provider secrets or raw PDF text.

Groups the cross-module next-best-action endpoints for stale deals, at-risk accounts, signer reminders, and PDF risk review so action docs track the live controls instead of leaving route drift hidden.

Analytics

growth-suite.crm.create-account.*

App API

/growth-suite/crm/accounts

MCP target

atlas_crm_accounts_create

Validation

Required bounded account name.Tenant-scoped write authorization.

Creates a native Atlas account record without requiring Salesforce or HubSpot.

Analytics

growth-suite.crm.create-deal.*

App API

/growth-suite/crm/deals

MCP target

atlas_crm_deals_create

Validation

Required CRM account id.Required bounded deal name.Required non-negative money draft converted to integer cents.Required after-now expected-close ISO instant.

Deal creation is intentionally customer-scoped. PDF, signing, and contract links stay optional.

Analytics

growth-suite.crm.create-activity.*growth-suite.crm.activity.*

App API

/growth-suite/crm/activities

MCP target

atlas_create_crm_activity

Validation

Required activity subject.At least one valid CRM account or deal reference.Bounded text payload.

Activity logs attach to CRM context only and do not create PDF/signing side effects.

Analytics

growth-suite.crm.import.*growth-suite.crm.duplicate-governance.*

App API

/growth-suite/crm/imports/dry-run/growth-suite/crm/imports/commit/growth-suite/crm/imports/:id/rollback/growth-suite/crm/duplicates/*

MCP target

atlas_crm_imports_dry_runatlas_crm_imports_commitatlas_crm_import_review_items_decideatlas_crm_imports_rollback_previewatlas_crm_imports_rollbackatlas_crm_duplicates_merge_previewatlas_crm_duplicates_mergeatlas_crm_duplicates_bulk_merge_previewatlas_crm_duplicates_bulk_merge

Validation

Dry-run before mutation.Expected fingerprint/package hash on commit or merge.Idempotent import and rollback behavior.

Bulk CRM changes must keep conflict review and rollback visible before destructive decisions.

Analytics

sales-crm.action-catalog.searchsales-crm.action-catalog.category.*

App API

/growth-suite/crm/*

MCP target

planned: atlas_crm_actions_listplanned: atlas_crm_actions_describe

Validation

Catalog-only action; no mutable payload.Every listed CRM action must include UI control, validation, API route or navigation boundary, and MCP tool metadata.

Makes Sales CRM operable as a standalone workspace: users can search account, contact, deal, activity, forecast, import, merge, rollback, and optional handoff actions without knowing the page layout.

Analytics

sales.forecast.v2.*growth-suite.crm.forecast-v2.*

App API

/v1/sales/forecast/v2

MCP target

planned: atlas_sales_forecast_v2_run

Validation

Forecast inputs are tenant-scoped aggregate pipeline records.Money values are integer cents.Scenario output is evidence-stamped and deterministic under fixtures.

Maps the v2 sales forecast endpoint that supports the CRM forecast command center.

Analytics

growth-suite.contracts.packet-builder.*growth-suite.contracts.header.*

App API

/growth-suite/contracts/*

MCP target

planned: atlas_contracts_packets_createplanned: atlas_contracts_packets_update

Validation

Date-only fields use Atlas date picker payloads.Money and packet metadata use bounded schemas.High-risk actions require RBAC and audit reason.

Contract Hub can reference CRM, signing, and PDF records, but contract lifecycle is standalone.

Analytics

contract-hub.action-catalog.searchcontract-hub.action-catalog.category.*

App API

/growth-suite/contracts/*/growth-suite/approvals/*

MCP target

planned: atlas_contracts_actions_listplanned: atlas_contracts_actions_describe

Validation

Catalog-only action; no mutable payload.Every listed contract action must include UI control, validation, API route or navigation boundary, and MCP tool metadata.

Makes Contract Hub operable as a standalone lifecycle workspace: users can search packets, renewals, approvals, obligations, redlines, remediation, evidence, and optional handoffs without depending on CRM navigation.

Analytics

growth-suite.agreements.create-envelope.*growth-suite.agreements.routing*

App API

/growth-suite/agreements/envelopes/*

MCP target

planned: atlas_sign_envelopes_createplanned: atlas_sign_envelopes_send

Validation

Required envelope title and signer email.Opaque signing tokens only.Provider-backed send remains disabled until credentials and scopes are configured.

Document Sign owns signer routing and audit evidence, not PDF editing.

Analytics

document-sign.action-catalog.searchdocument-sign.action-catalog.category.*

App API

/growth-suite/agreements/*

MCP target

planned: atlas_sign_actions_listplanned: atlas_sign_actions_describe

Validation

Catalog-only action; no mutable payload.Every listed signing action must include UI control, validation, API route or navigation boundary, and MCP tool metadata.

Makes Document Sign operable as a standalone signing workspace: users can search envelopes, recipients, sessions, templates, fields, lifecycle, evidence, and optional handoffs without using Sales CRM.

Analytics

growth-suite.signing.public.*document-sign.public-ceremony.*

App API

/growth-suite/signing/*

MCP target

planned: atlas_signing_public_ceremony_status

Validation

Opaque token only; no tenant ids in the public route.Sign/decline mutations require ceremony state validation.Certificate downloads return evidence artifacts only after authorization checks.

Maps the public signing token route family, including ceremony reads, sign/decline decisions, and completion certificate download.

Analytics

growth-suite.pdf.create-document.*growth-suite.pdf.upload-source.*

App API

/growth-suite/pdf/documents/growth-suite/pdf/documents/:id/upload-ticket

MCP target

planned: atlas_pdf_documents_createplanned: atlas_pdf_documents_upload_source

Validation

Required bounded PDF name.Whole-number page count only.PDF upload must be non-empty and type-checked.CRM/deal/envelope ids stay null unless the user explicitly chooses them.

This is the key standalone PDF boundary: no customer, deal, contract, or signing context is required.

Analytics

growth-suite.pdf.queue-*growth-suite.pdf.run-operation

App API

/growth-suite/pdf/operations/growth-suite/pdf/operations/queue

MCP target

atlas_pdf_operations_createatlas_pdf_operations_queue

Validation

Operation-specific payload schema.Source readiness checks before mutation.Unsafe permanent redaction fails closed.Returns operation ids/status and artifact metadata, not raw PDF bytes.

Covers organize, edit, annotate, OCR, extract, redact, protect, compare, convert, compress, sign, and export workflows.

Analytics

pdf-studio.tool-catalog.searchpdf-studio.tool-catalog.category.*

App API

/growth-suite/pdf/documents/*/growth-suite/pdf/operations/*

MCP target

planned: atlas_pdf_tools_listplanned: atlas_pdf_tools_describe

Validation

Catalog-only action; no mutable payload.Every listed PDF tool must include UI control, validation, API route, and MCP tool metadata.

Makes PDF Studio operable like a standalone PDF website: users can search for merge, split, OCR, redact, forms, stamps, compression, export, and evidence without knowing where Atlas placed the button.

Analytics

growth-suite.pdf.preview-sourcegrowth-suite.pdf.comments.*growth-suite.pdf.download-*

App API

/growth-suite/pdf/documents/:id/source/growth-suite/pdf/operations/:id/artifact

MCP target

planned: atlas_pdf_documents_previewplanned: atlas_pdf_comments_createplanned: atlas_pdf_artifacts_download

Validation

Artifact access is authenticated.Comments are bounded text.Download posture returns authorized artifacts and hash/evidence metadata.

Export remains file-first; optional signing/contract/CRM handoff is an explicit navigation decision.

Analytics

growth-suite.pdf.stamp-assets.*growth-suite.pdf.stamp-templates.*

App API

/growth-suite/pdf/stamp-assets/*/growth-suite/pdf/stamp-templates/*/growth-suite/pdf/stamp-annotations/*

MCP target

planned: atlas_pdf_stamp_assets_manageplanned: atlas_pdf_stamp_templates_manage

Validation

Uploads use signed tickets and finalized metadata.Archive/restore operations are reversible and audit-stamped.Bulk annotation removal requires preview before mutation.

Covers the PDF Studio stamp-library route family: upload tickets, versions, thumbnails, archive/restore, template CRUD, and bulk annotation cleanup.

Analytics

growth-suite.pdf.security-readiness.*growth-suite.pdf.redaction-readiness.*

App API

/growth-suite/pdf/redaction/readiness/growth-suite/pdf/security/readiness/growth-suite/provider-webhooks/pdf/operations/*

MCP target

atlas_pdf_security_readinessatlas_pdf_redaction_readiness

Validation

Readiness responses are aggregate and omit raw PDF bytes.Provider callbacks are operation-scoped and secret-verified.Sanitizer results persist evidence posture without leaking source contents.

Keeps PDF security and redaction readiness routes visible in the action registry while treating provider callback execution as a guarded integration boundary.

Analytics

hr.payroll.run.*hr.payroll.payslip.*

App API

/v1/hr/payroll/*

MCP target

planned: atlas_hr_payroll_runs_listplanned: atlas_hr_payroll_payslips_emit

Validation

Tenant-scoped payroll authorization with HR/Finance role check.Monetary amounts persisted as integer cents.Payslip artifacts are evidence-stamped before release.

Covers payroll run lifecycle (draft, calc, approve, post) and individual payslip read/release endpoints under /v1/hr/payroll.

Analytics

hr.hiring.requisition.*hr.hiring.candidate.*hr.hiring.offer.*

App API

/v1/hr/hiring/*

MCP target

planned: atlas_hr_hiring_requisitions_listplanned: atlas_hr_hiring_offers_send

Validation

Bounded text on candidate fields.Tenant-scoped recruiter authorization.Offer ISO instants validated as after-now.

Hiring controllers under /v1/hr/hiring cover requisitions, candidates, stages, interviews, and offers across the recruitment lifecycle.

Analytics

hr.employees.*

App API

/v1/hr/employees/*

MCP target

planned: atlas_hr_employees_listplanned: atlas_hr_employees_get

Validation

Tenant-scoped HR authorization.PII redaction respects viewer role.Bounded employee profile fields.

Directory endpoints under /v1/hr/employees cover read, search, profile updates, and lifecycle status changes for staff records.

Analytics

hr.leave.request.*hr.leave.approve.*

App API

/v1/hr/leave/*

MCP target

planned: atlas_hr_leave_requests_createplanned: atlas_hr_leave_requests_approve

Validation

ISO date range with after-now semantics.Tenant-scoped leave policy authorization.Balance enforcement prevents negative accruals.

Leave endpoints under /v1/hr/leave cover request submission, approval, balance lookup, and audit-trail surfaces.

Analytics

hr.performance.cycle.*hr.performance.review.*

App API

/v1/hr/performance/*

MCP target

planned: atlas_hr_performance_cycles_listplanned: atlas_hr_performance_reviews_submit

Validation

Tenant-scoped manager authorization.Bounded narrative fields.Visibility rules respect reviewer/employee scopes.

Performance endpoints under /v1/hr/performance cover review cycles, peer feedback, manager comments, and calibration steps.

Analytics

hr.reimbursements.submit.*hr.reimbursements.approve.*

App API

/v1/hr/reimbursements/*

MCP target

planned: atlas_hr_reimbursements_createplanned: atlas_hr_reimbursements_approve

Validation

Monetary amounts persisted as integer cents.Tenant-scoped approver authorization.Receipt attachments validated and virus-scanned.

Reimbursement endpoints under /v1/hr/reimbursements cover submission, receipt upload, approver workflow, and payout linkage.

Analytics

hr.tickets.*

App API

/v1/hr/tickets/*

MCP target

planned: atlas_hr_tickets_createplanned: atlas_hr_tickets_reply

Validation

Tenant-scoped HR helpdesk authorization.Bounded subject/body text.Status transitions respect ticket state machine.

HR Helpdesk endpoints under /v1/hr/tickets cover ticket creation, replies, status updates, and admin assignment.

Analytics

hr.admin.policies.*hr.admin.config.*

App API

/v1/hr/admin/*

MCP target

planned: atlas_hr_admin_policies_listplanned: atlas_hr_admin_policies_update

Validation

Tenant-scoped HR admin role enforcement.Policy text bounded and audit-stamped.Config changes emit evidence rows.

HR admin endpoints under /v1/hr/admin cover policy CRUD, working-hour rules, leave catalog, and other tenant-wide HR config.

Analytics

projects.*projects.board.*

App API

/v1/projects/*/projects/{id}/*/projects/{projectId}/*

MCP target

planned: atlas_projects_listplanned: atlas_projects_getplanned: atlas_projects_update

Validation

Tenant-scoped project authorization.Bounded project metadata fields.Status transitions audit-logged.

Projects controllers under /v1/projects (and legacy /projects) cover project CRUD, plan/board reads, status changes, member assignment, and document linkage.

Analytics

tasks.*tasks.auto-schedule.*

App API

/v1/tasks/*/tasks/{id}/*/tasks/{taskId}/*/tasks/auto-schedule/*

MCP target

planned: atlas_tasks_createplanned: atlas_tasks_updateplanned: atlas_tasks_schedule

Validation

Tenant-scoped task authorization.Due dates validated as ISO instants.Dependency cycles rejected at write time.

Task endpoints under /v1/tasks, /tasks/{id}, /tasks/{taskId}, and /tasks/auto-schedule cover the full task lifecycle including dependencies and planner.

Analytics

crm.accounts.*crm.deals.*crm.contacts.*

App API

/v1/crm/*

MCP target

planned: atlas_crm_accounts_listplanned: atlas_crm_deals_listplanned: atlas_crm_contacts_list

Validation

Tenant-scoped CRM authorization.Monetary fields persisted as integer cents.Bounded text fields on accounts/deals/contacts.

CRM endpoints under /v1/crm cover the core accounts/deals/contacts/activities CRUD that powers Sales CRM and Growth Hub flows.

Analytics

contracts.*

App API

/v1/contracts/*

MCP target

planned: atlas_contracts_listplanned: atlas_contracts_getplanned: atlas_contracts_update

Validation

Tenant-scoped contract authorization.Monetary clauses persisted as integer cents.Effective/expiry ISO instants validated.

Contracts endpoints under /v1/contracts cover the native Contract Hub surface: contract CRUD, clauses, parties, evidence, and lifecycle transitions.

Analytics

integrations.*

App API

/v1/integrations/*/v1/connectors/*

MCP target

atlas_connectors_listatlas_connectors_oauth_startatlas_connectors_events_listatlas_connectors_testatlas_connectors_disconnectatlas_connectors_linear_teams_listatlas_connectors_linear_issues_listatlas_connectors_linear_issues_createatlas_connectors_linear_issues_updateatlas_connectors_linear_issue_comment_createatlas_connectors_linear_webhooks_createatlas_connectors_microsoft365_mail_inbox_listatlas_connectors_microsoft365_mail_sendatlas_connectors_microsoft365_mail_subscriptions_createatlas_connectors_microsoft365_mail_subscriptions_readbackatlas_connectors_microsoft365_teams_listatlas_connectors_microsoft365_team_channels_listatlas_connectors_microsoft365_team_channel_messages_sendatlas_connectors_microsoft365_chat_messages_sendplanned: atlas_integrations_listplanned: atlas_connectors_installplanned: atlas_connectors_credentials_save

Validation

Tenant-scoped admin authorization for install/remove.OAuth state cookie validated.Webhook payloads HMAC-verified.

Integrations and connector endpoints under /v1/integrations and /v1/connectors cover the full third-party connector lifecycle (install, configure, sync, remove), with live MCP readback/OAuth-start coverage, admin-gated connection-targeted test/disconnect tools, and Linear/Microsoft 365 provider actions. Secret-bearing credential save remains REST-only until the MCP secret-input policy is formalized.

Analytics

me.*profile.me.*

App API

/v1/me/*/profile/me/*

MCP target

planned: atlas_me_getplanned: atlas_me_update

Validation

Caller-scoped authorization (no tenant impersonation).Bounded profile fields.Preference toggles audit-logged.

Self-service endpoints under /v1/me and /profile/me cover the signed-in user’s profile, preferences, sessions, and identity-affecting reads.

Analytics

admin.*

App API

/v1/admin/*/v1/account/*/v1/settings/*

MCP target

planned: atlas_admin_settings_getplanned: atlas_admin_settings_update

Validation

Tenant-scoped admin role enforcement.Settings writes emit audit evidence.Bounded config fields.

Tenant admin endpoints under /v1/admin, /v1/account, and /v1/settings cover settings, account profile, billing-adjacent reads, and audit history.

Analytics

meetings.*

App API

/meetings/{id}/*

MCP target

planned: atlas_meetings_listplanned: atlas_meetings_get

Validation

Tenant-scoped meeting authorization.ISO instants validated for scheduling.Transcript redaction respects viewer role.

Meeting endpoints under /meetings/{id} cover the meeting lifecycle: details, participants, recordings, and transcripts.

Analytics

wiki.pages.*

App API

/wiki/pages/*

MCP target

planned: atlas_wiki_pages_listplanned: atlas_wiki_pages_get

Validation

Tenant-scoped wiki space authorization.Bounded title/body fields.Version history immutable.

Wiki endpoints under /wiki/pages cover page CRUD, hierarchy moves, version snapshots, and collaborative cursors.

Analytics

blog.posts.*

App API

/blog/posts/*

MCP target

planned: atlas_blog_posts_listplanned: atlas_blog_posts_publish

Validation

Tenant-scoped blog author authorization.Bounded title/body fields.Publish ISO instants validated.

Blog endpoints under /blog/posts cover post drafts, publishing, scheduling, and revision history for tenant-owned content.

Analytics

goals.*

App API

/goals/goals/{id}/goals/{id}/rollup

MCP target

atlas_goals_listatlas_goals_getatlas_get_goal_rollupplanned: atlas_goals_check_in

Validation

Tenant-scoped goal authorization.Bounded title/description fields.Progress percentages clamped to 0-100.

Goals endpoints under /goals/{id} cover goal lifecycle, key-result updates, check-ins, and reporting rollups.

Analytics

marketplace.*

App API

/v1/marketplace/*

MCP target

planned: atlas_marketplace_apps_listplanned: atlas_marketplace_apps_install

Validation

Tenant-scoped admin authorization for install.App manifest signature verified.OAuth scope changes audit-logged.

Marketplace endpoints under /v1/marketplace cover app directory listing, app detail, install, and lifecycle audit hooks.

Analytics

compliance.*

App API

/v1/compliance/*/v1/privacy/*

MCP target

planned: atlas_compliance_posture_getplanned: atlas_compliance_audits_list

Validation

Read-only aggregate response; no raw PII.Tenant-scoped compliance role enforcement.Evidence references hashed.

Compliance endpoints under /v1/compliance and /v1/privacy cover posture summaries, audit history, DSAR workflow, and evidence reads.

Analytics

webhooks.*

App API

/v1/webhooks/*/v2/webhooks/*

MCP target

planned: atlas_webhooks_listplanned: atlas_webhooks_deliveries_replay

Validation

Tenant-scoped webhook authorization.HMAC signing key rotated on rotate request.Delivery retries bounded with backoff.

Webhook endpoints under /v1/webhooks and /v2/webhooks cover endpoint registration, delivery log, signing key rotation, and replay actions.

Analytics

access.*custom-roles.*

App API

/v1/access/*/custom-roles/growth-suite/*

MCP target

atlas_access_get_snapshotatlas_access_get_catalogatlas_access_list_auditatlas_access_enable_moduleatlas_access_disable_moduleatlas_access_invite_memberatlas_access_revoke_inviteatlas_access_accept_inviteatlas_access_update_member_roleatlas_access_grant_member_permissionsatlas_access_revoke_member_grantatlas_access_remove_memberatlas_access_change_suiteatlas_access_provision_workspace

Validation

Tenant-scoped admin role enforcement.Role mutations emit audit evidence.Wildcard grants rejected on the wire.

Access endpoints under /v1/access and /custom-roles cover access snapshots, module enablement, invites, member roles, grants, suite changes, provisioning, custom-role authoring, and access review reporting.

Analytics

ai.*ai-providers.*

App API

/v1/ai/*/v1/ai-providers/*

MCP target

planned: atlas_ai_providers_listplanned: atlas_ai_runs_describe

Validation

Tenant-scoped admin role for provider config.Secrets never returned in clear text.Run logs PII-redacted by default.

AI platform endpoints under /v1/ai and /v1/ai-providers cover provider registry, model catalog, run history, and prompt template administration.

Analytics

ai-observability.*ai-providers.observability.*

App API

/v1/ai-observability/*

MCP target

planned: atlas_ai_observability_readback

Validation

Trace payloads are redacted before UI readback.Provider summaries are aggregate-only.No prompts, provider keys, or raw model responses are returned.

Closes the AI observability route family for provider status, aggregate summaries, and trace readback.

Analytics

oauth.*

App API

/v2/oauth/*

MCP target

planned: atlas_oauth_apps_listplanned: atlas_oauth_grants_revoke

Validation

Strict OAuth 2.1/2.0 conformance.Refresh-token rotation with replay detection.Scope grants emit consent evidence.

OAuth platform endpoints under /v2/oauth cover authorization, token, refresh, revoke, introspect, and discovery for tenant-managed apps.

Analytics

scim.*

App API

/scim/v2/*

MCP target

planned: atlas_scim_users_listplanned: atlas_scim_groups_list

Validation

SCIM token authorization with tenant binding.Provisioning ops audit-logged.PATCH operations validated against schema.

SCIM endpoints under /scim/v2 implement RFC 7644 user/group provisioning, group membership patches, and audit reads for enterprise IdPs.

Analytics

connectors.*

App API

/v1/connectors/*

MCP target

atlas_connectors_listatlas_connectors_oauth_startatlas_connectors_events_listatlas_connectors_testatlas_connectors_disconnectatlas_connectors_linear_teams_listatlas_connectors_linear_issues_listatlas_connectors_linear_issues_createatlas_connectors_linear_issues_updateatlas_connectors_linear_issue_comment_createatlas_connectors_linear_webhooks_createatlas_connectors_microsoft365_mail_inbox_listatlas_connectors_microsoft365_mail_sendatlas_connectors_microsoft365_mail_subscriptions_createatlas_connectors_microsoft365_mail_subscriptions_readbackatlas_connectors_microsoft365_teams_listatlas_connectors_microsoft365_team_channels_listatlas_connectors_microsoft365_team_channel_messages_sendatlas_connectors_microsoft365_chat_messages_sendplanned: atlas_connectors_statusplanned: atlas_connectors_credentials_save

Validation

Tenant-scoped admin authorization.OAuth refresh tokens encrypted at rest.Status pings rate-limited.

Legacy connector endpoints under /v1/connectors cover install/uninstall, status pings, config reads, and now live MCP-backed catalog/OAuth-start/event readback, connection-targeted test/disconnect, plus Linear and Microsoft 365 provider operations.

Analytics

privacy.*

App API

/v1/privacy/*

MCP target

atlas_route_get_v1_privacy_policyplanned: atlas_privacy_dsar_listplanned: atlas_privacy_consent_log

Validation

Tenant-scoped privacy officer authorization.DSAR fulfilment emits cryptographic evidence.Consent records immutable.

Privacy endpoints under /v1/privacy cover data-subject access requests, consent log reads, retention policy queries, and right-to-erasure workflows.

Analytics

automations.*

App API

/automations/scripts/*

MCP target

atlas_script_automations_listatlas_script_automations_createatlas_script_automations_getatlas_script_automations_updateatlas_script_automations_deactivateatlas_script_automations_runatlas_script_automations_list_runs

Validation

Tenant-scoped admin authorization for write.Script source bounded and sandboxed.Run logs PII-redacted.

Automation script endpoints under /automations/scripts cover script CRUD, manual triggers, run history, and trigger schedules.

Analytics

reports.*status.*

App API

/v1/report-deliveries/*/v1/status/*/v1/email/*

MCP target

planned: atlas_reports_deliveries_listatlas_status_summary

Validation

Tenant-scoped reporting role enforcement.Email delivery webhook signatures verified.Status reads are aggregate-only.

Reporting endpoints under /v1/report-deliveries, /v1/status, and /v1/email cover scheduled report fan-out, status posture, and email delivery telemetry.

Analytics

agent-governance.*

App API

/agent-governance/approvals/*

MCP target

planned: atlas_agent_governance_approvals_listplanned: atlas_agent_governance_approve

Validation

Tenant-scoped agent governance authorization.Approval transitions audit-logged.Policy diff persisted with evidence stamp.

Agent governance endpoints under /agent-governance/approvals cover approval queue management, policy edits, and audit reads for agent decisions.

Analytics

appointments.*

App API

/appointments/{id}/*

MCP target

atlas_list_appointmentsatlas_reschedule_appointment

Validation

Tenant-scoped appointment authorization.ISO instant validation for booking.Conflict checks against owner availability.

Appointment endpoints under /appointments/{id} cover appointment booking, reschedule, cancel, and confirmation flows.

Analytics

appointments.*booking.appointments.*

App API

/v1/appointments/v1/appointments/*

MCP target

atlas_list_appointmentsatlas_get_appointmentatlas_update_appointmentatlas_reschedule_appointmentatlas_cancel_appointmentatlas_send_appointment_reminderatlas_mark_appointment_no_show

Validation

Appointment reads are tenant-scoped.Reschedule/reminder/no-show mutations validate state transitions.Calendar side effects stay queued and evidence-tracked.

Captures the v1 appointment lifecycle route family used by the booking and scheduling surfaces.

Analytics

data-residency.*

App API

/v1/data-residency/*

MCP target

atlas_route_get_v1_data_residencyatlas_route_get_v1_data_residency_regionsatlas_data_residency_get_policyatlas_data_residency_list_auditplanned: atlas_data_residency_set

Validation

Super-admin or tenant-admin role enforcement.Region changes emit evidence chain.Cross-region writes blocked unless explicitly allowed.

Data residency endpoints under /v1/data-residency cover tenant region pinning, residency posture, and migration evidence reads.

Analytics

esign.*

App API

/v1/esign/*

MCP target

planned: atlas_esign_envelopes_listplanned: atlas_esign_envelopes_send

Validation

Tenant-scoped esign authorization.Envelope payload size bounded.Signer verification respects identity policy.

eSign endpoints under /v1/esign cover envelope CRUD, signer order, status updates, evidence reads, and webhook callbacks for the Document Sign module.

Analytics

hr.ops.*

App API

/v1/hr/onboarding/*/v1/hr/policies/*/v1/hr/probations/*/v1/hr/role-changes/*/v1/hr/attendance/*/v1/hr/departments/*/v1/hr/holidays/*/v1/hr/letters/*/v1/hr/locations/*/v1/hr/perf/*/v1/hr/reports/*/v1/hr/statutory/*/v1/hr/exit-interviews/*/v1/hr/documents/*/v1/hr/emergency-contacts/*/v1/hr/employment-records/*/v1/hr/org-chart/*

MCP target

planned: atlas_hr_ops_listplanned: atlas_hr_ops_describe

Validation

Tenant-scoped HR authorization across all ops modules.Sensitive HR documents gated by role policy.Statutory data exports audit-logged.

HR operational endpoints cover onboarding workflows, policies, probations, role changes, attendance, holidays, letters, departments, locations, performance reviews, statutory reports, exit interviews, documents, emergency contacts, employment records, and org chart reads.

Analytics

auth.*

App API

/auth/*/v1/auth/*/v1/oauth/*

MCP target

planned: atlas_auth_statusplanned: atlas_auth_logout

Validation

Anti-brute-force rate limiting.CSRF tokens on state-changing routes.OAuth callback state cookies validated.

Auth endpoints under /auth, /v1/auth, and /v1/oauth cover login, signup, password reset, OAuth providers, SSO callbacks, and session bootstrap.

Analytics

notifications.*

App API

/notifications/*/notification-preferences/*/notification-prefs/*/push/*/v1/push/*

MCP target

atlas_notifications_listatlas_notifications_digestatlas_notifications_snooze_presetsatlas_notifications_preferences_getatlas_notifications_preferences_updateatlas_notifications_mark_readatlas_notifications_mark_unreadatlas_notifications_archiveatlas_notifications_unarchiveatlas_notifications_snoozeatlas_notifications_mark_all_readatlas_notifications_archive_all_readatlas_route_get_push_vapid_public_keyatlas_route_get_v1_push_vapid_public_key

Validation

Caller-scoped feed reads.Preference toggles audit-logged.Push subscription tokens validated and rotated.

Notification endpoints under /notifications, /notification-preferences, /notification-prefs, /push and /v1/push cover the in-app feed, preference toggles, and push notification subscription lifecycle.

Analytics

calendar.*

App API

/calendar/*/calendar-grid-preferences/*/availability/*/auto-schedule/*

MCP target

atlas_get_calendar_grid_preferencesatlas_upsert_calendar_grid_preferencesplanned: atlas_calendar_events_listplanned: atlas_calendar_event_create

Validation

Tenant-scoped calendar authorization.ISO instant validation for events.Conflicts surfaced against owner availability.

Calendar endpoints under /calendar, /calendar-grid-preferences, /availability, and /auto-schedule cover the unified calendar view, event CRUD, grid preferences, availability windows, and auto-schedule planner.

Analytics

search.*

App API

/search/*/v1/search/*/v1/unified-search/*/v1/cross-tool-search/*/frecency/*/saved-views/*/task-saved-filters/*

MCP target

atlas_list_saved_viewsatlas_create_saved_viewatlas_update_saved_viewatlas_delete_saved_viewatlas_set_saved_view_sharedplanned: atlas_search_query

Validation

Tenant-scoped search indexes.Filter expressions parsed safely.Cross-tool joins respect per-module ACLs.

Search endpoints under /search, /v1/search, /v1/unified-search, /v1/cross-tool-search, /frecency, /saved-views, and /task-saved-filters cover unified search, frecency ranking, saved views, and per-module filter persistence.

Analytics

onboarding.*

App API

/onboarding/*

MCP target

planned: atlas_onboarding_getplanned: atlas_onboarding_complete

Validation

Caller-scoped checklist reads.Tenant bootstrap operations idempotent.Initial admin role assignment audit-logged.

Onboarding endpoints under /onboarding cover the new-user wizard, tenant bootstrap, initial admin assignment, and checklist progression reads.

Analytics

presence.*

App API

/presence/*/live/*/sync/*/share/*

MCP target

planned: atlas_presence_subscribe

Validation

Caller-scoped presence channels.Tokens for live/share endpoints time-bound.Sync deltas size-bounded.

Presence endpoints under /presence, /live, /sync, and /share cover realtime presence broadcast, live cursors, sync channel reads, and ephemeral share links.

Analytics

feedback.*

App API

/v1/feedback/*/inspiration/*/morning-briefing/*/digest/*/focus-coaching/*

MCP target

planned: atlas_feedback_submit

Validation

Bounded feedback payload size.PII scrubbed from analytics fanout.Caller-scoped briefing reads.

Feedback and personalization endpoints under /v1/feedback, /inspiration, /morning-briefing, /digest, and /focus-coaching cover user feedback submission, daily inspiration, briefings, digests, and focus coaching prompts.

Analytics

billing.*

App API

/v1/billing/*/v1/rate-limit-tiers/*

MCP target

planned: atlas_billing_summary

Validation

Tenant-admin authorization.Monetary fields stored as integer cents.Plan changes audit-logged.

Billing endpoints under /v1/billing and /v1/rate-limit-tiers cover plan subscription, invoice reads, and rate-limit tier overrides.

Analytics

observability.*

App API

/health/*/ready/*/metrics/*/observability/*/v1/health/*/.well-known/*

MCP target

atlas_health_check

Validation

Unauthenticated probes return minimal payloads.Metrics scopes restricted to internal callers.Well-known endpoints exclude tenant-scoped data.

Observability endpoints under /health, /ready, /metrics, /observability, /v1/health, and /.well-known cover health probes, readiness gates, Prometheus metrics, and well-known discovery documents.

Analytics

public.*

App API

/public/*/public-blog/*/public-shares/*

MCP target

atlas_public_blog_list_postsatlas_public_blog_json_feedatlas_public_blog_rss_feedatlas_public_blog_sitemapplanned: atlas_public_share_get

Validation

No tenant identifiers leaked in payloads.Share tokens HMAC-verified and revocable.Public pages rate-limited per IP.

Public endpoints under /public, /public-blog, and /public-shares cover marketing pages, public blog reads, and unauthenticated share token lookups for documents, dashboards, and previews.

Analytics

time-tracking.*

App API

/time-entries/*/workload/*/focus-sessions/*

MCP target

atlas_time_entries_listatlas_time_entries_get_runningatlas_time_entries_start_timeratlas_time_entries_stop_timeratlas_time_entries_createatlas_time_entries_updateatlas_time_entries_deleteatlas_time_entries_request_approvalatlas_time_entries_daily_totalsatlas_time_entries_project_totalsatlas_time_entries_export_csvatlas_workload_computeatlas_workload_list_overallocationsatlas_workload_list_day_tasksatlas_workload_list_capacityatlas_workload_upsert_capacityatlas_list_focus_sessionsatlas_create_focus_sessionatlas_delete_focus_session

Validation

Tenant-scoped time entry authorization.Duration validated against ISO instants.Workload aggregates bounded per user/day.

Time tracking endpoints under /time-entries, /workload, and /focus-sessions cover time entry CRUD, workload allocations, and focus session reads tied to the planner.

Analytics

time-approvals.*time-tracking.approvals.*

App API

/time-approvals/time-approvals/*/time-entries/*/request-approval

MCP target

atlas_time_entries_request_approvalatlas_time_approvals_listatlas_time_approvals_getatlas_time_approvals_decide

Validation

Reviewer authorization enforced per approval.Decision comments are bounded text.Approval decisions are immutable evidence once posted.

Covers manager-facing time approval reads and approve/reject decisions.

Analytics

forms.*

App API

/forms/*/field-policies/*/custom-attributes/*/formula-fields/*/labels/*

MCP target

atlas_route_get_forms_public_by_slugplanned: atlas_forms_listplanned: atlas_forms_submit

Validation

Tenant-scoped form authorization.Custom field validation rules enforced server-side.Formula expressions sandboxed.

Forms engine endpoints under /forms, /field-policies, /custom-attributes, /formula-fields, and /labels cover form CRUD, submission, field policy management, custom attributes, formula fields, and labels across modules.

Analytics

booking.*

App API

/booking-pages/*/booking-meeting-types/*/booking-webhooks/*/booking-blackouts/*/booking-page-hosts/*/booking-questions/*/booking-analytics/*/scheduling-rules/*

MCP target

atlas_list_booking_blackoutsatlas_create_booking_blackoutatlas_update_booking_blackoutatlas_delete_booking_blackoutatlas_route_get_booking_pages_public_by_slugatlas_route_get_booking_pages_public_by_slug_slotsplanned: atlas_booking_pages_listplanned: atlas_booking_pages_book

Validation

Tenant-scoped booking authorization.Booking time-window validation against host availability.Webhook secrets HMAC-verified on outbound deliveries.

Booking engine endpoints under /booking-pages, /booking-meeting-types, /booking-webhooks, /booking-blackouts, /booking-page-hosts, /booking-questions, /booking-analytics, and /scheduling-rules cover booking page CRUD, meeting types, blackout windows, webhook fan-out, host configuration, intake questions, analytics, and scheduling rules.

Analytics

booking.public.meeting-types.*booking.public.questions.*

App API

/public-booking-meeting-types/*/public-booking-questions/*

MCP target

atlas_route_get_public_booking_meeting_types_by_slugatlas_route_get_public_booking_questions_by_slugplanned: atlas_booking_public_metadata_get

Validation

Public reads are cacheable and slug-scoped.No tenant-private attendee data is returned.Question definitions are bounded before rendering.

Covers unauthenticated booking metadata reads used by public booking pages before an appointment is created.

Analytics

release-notes.*

App API

/release-notes/*

MCP target

atlas_route_get_release_notesatlas_route_get_release_notes_adminatlas_route_get_release_notes_feed_jsonatlas_route_get_release_notes_latest_for_meatlas_route_post_release_notesatlas_route_patch_release_notes_by_idatlas_route_delete_release_notes_by_idatlas_route_post_release_notes_by_id_publishatlas_route_post_release_notes_by_id_dismiss

Validation

Read-only across tenants.Authoring restricted to platform admins.Bounded markdown payload size.

Release notes endpoints under /release-notes cover the public changelog, in-app release notes panel, and admin authoring surface.

Analytics

changelog.public.*release-notes.rss.*

App API

/v1/changelog/v1/changelog/*

MCP target

atlas_list_changelogatlas_changelog_rss_feed

Validation

Published-only reads on public routes.RSS output is cacheable and secret-free.Slug detail reads do not expose draft metadata.

Covers the public changelog list, slug detail, and RSS feed routes added for customer-facing release notes.

Analytics

workspaces.*

App API

/workspaces/*/v1/workspaces/*/teams/*/tenants/*/v1/tenant/*/v1/tenants/*/v1/tenant-branding/*

MCP target

atlas_workspaces_listatlas_workspaces_createatlas_workspaces_mineatlas_get_tenant_brandingatlas_update_tenant_brandingatlas_get_tenant_workspace_brandingatlas_update_tenant_workspace_brandingplanned: atlas_workspaces_switch

Validation

Tenant-scoped workspace authorization.Branding assets size-bounded.Cross-tenant joins forbidden.

Workspace endpoints under /workspaces, /v1/workspaces, /teams, /tenants, /v1/tenant, /v1/tenants, and /v1/tenant-branding cover workspace CRUD, team admin, tenant settings, and branding management.

Analytics

profile-platform.*

App API

/profile/*/me/*/user-theme/*/habits/*/daily-notes/*/journal-reviews/*

MCP target

atlas_get_user_themeatlas_upsert_user_themeplanned: atlas_profile_getplanned: atlas_profile_update

Validation

Caller-scoped reads.Bounded profile fields.Theme tokens validated against design system.

Profile and personal endpoints under /profile, /me, /user-theme, /habits, /daily-notes, and /journal-reviews cover the signed-in user profile, theme preferences, habits tracker, daily notes, and journal reviews.

Analytics

sso.*

App API

/v1/sso/*

MCP target

planned: atlas_sso_config_get

Validation

Tenant-admin authorization.SAML metadata signature verified.Just-in-time provisioning audit-logged.

SSO endpoints under /v1/sso cover SAML/OIDC configuration, IdP metadata upload, JIT provisioning, and SSO callback handling.

Analytics

two-factor.*

App API

/v1/two-factor/*

MCP target

planned: atlas_two_factor_status

Validation

Caller-scoped reads.TOTP secret never logged.Recovery code regeneration audit-logged.

Two-factor endpoints under /v1/two-factor cover TOTP enrollment, challenge verification, and recovery code management for end users.

Analytics

sessions.*

App API

/v1/sessions/*

MCP target

planned: atlas_sessions_listplanned: atlas_sessions_revoke

Validation

Caller-scoped reads.Session revoke audit-logged.Stale sessions garbage-collected on schedule.

Session endpoints under /v1/sessions cover active session listing, single-session revoke, and bulk revoke flows tied to the security console.

Analytics

pats.*

App API

/v1/pats/*/v1/access-tokens/*

MCP target

atlas_list_patsatlas_create_patatlas_rotate_patatlas_revoke_patatlas_list_access_tokensatlas_create_access_tokenatlas_rotate_access_tokenatlas_revoke_access_token

Validation

Caller-scoped reads.Token plaintext returned only on creation or rotation.Scope restrictions enforced server-side.

Token endpoints under /v1/pats and /v1/access-tokens cover personal access token creation, rotation, revoke, scope edit, and listing.

Analytics

audit.*

App API

/v1/audit-log/*/audit-events/*/activity-feed/*

MCP target

planned: atlas_audit_log_query

Validation

Tenant-admin authorization for raw audit reads.Time-range bounded queries.Audit events immutable; no DELETE handler.

Audit endpoints under /v1/audit-log, /audit-events, and /activity-feed cover audit log search, activity feed reads, and exportable audit event streams for compliance reviews.

Analytics

analytics.*

App API

/v1/analytics/*/v1/email-ab-tests/*

MCP target

planned: atlas_analytics_query

Validation

Tenant-scoped analytics queries.PII never returned in raw form.A/B test allocation deterministic and audit-logged.

Analytics endpoints under /v1/analytics and /v1/email-ab-tests cover aggregate analytics queries, dashboards, and A/B test allocation/reads.

Analytics

reports.*

App API

/v1/reports/*/v1/email-templates/*/v1/seo/*/v1/themes/*

MCP target

atlas_docs_public_seo_configplanned: atlas_reports_render

Validation

Tenant-scoped reporting authorization.Email template variables sanitized.SEO settings validated against domain ownership.

Reports and editorial endpoints under /v1/reports, /v1/email-templates, /v1/seo, and /v1/themes cover scheduled reports, email template authoring, SEO admin, and theme management.

Analytics

public-dashboards.*reports.public-share.*

App API

/v1/public-dashboards/v1/public-dashboards/*

MCP target

planned: atlas_public_dashboards_listplanned: atlas_public_dashboards_revoke

Validation

Share tokens are opaque.Public dashboards expose configured aggregate data only.Revocation is immediate and audit-stamped.

Covers public dashboard listing, creation, and token revocation for shareable reporting surfaces.

Analytics

webhooks.*

App API

/v1/webhook-endpoints/*/v1/webhook-deliveries/*/v1/watch/*

MCP target

planned: atlas_webhook_endpoints_listplanned: atlas_webhook_deliveries_replay

Validation

Tenant-admin authorization for endpoint changes.Webhook secrets returned only on creation/rotation.Delivery payloads HMAC-signed.

Webhook endpoints under /v1/webhook-endpoints, /v1/webhook-deliveries, and /v1/watch cover webhook configuration, delivery log inspection, and watch subscriptions used by external integrators.

Analytics

integrations-extra.*

App API

/integrations/*/inbound-email/*/v1/slack/*/v1/ai-models/*/v1/voice/*

MCP target

planned: atlas_integrations_extra_list

Validation

Tenant-admin authorization for install/remove.Inbound email DKIM verification enforced.AI model selection respects governance policy.

Integration extras under /integrations, /inbound-email, /v1/slack, /v1/ai-models, and /v1/voice cover inbound email parsing, Slack admin, AI model selection, and voice transcription endpoints.

Analytics

tasks-extra.*

App API

/tasks/*/task-templates/*/task-relations/*/template-library/*/templates/*/comments/*

MCP target

planned: atlas_tasks_templates_listplanned: atlas_tasks_relations_list

Validation

Tenant-scoped task authorization.Templates bounded in size and field count.Relation cycles rejected at write time.

Task platform extras under /tasks, /task-templates, /task-relations, /template-library, /templates, and /comments cover task templates, relations between tasks, the cross-module template library, and comments across resources.

Analytics

bulk.tasks.*bulk.labels.*bulk.comments.*

App API

/v1/bulk/*

MCP target

planned: atlas_bulk_tasks_updateplanned: atlas_bulk_labels_apply

Validation

Bulk targets are capped and tenant-scoped.Mutation payloads are operation-specific and idempotent.Bulk comments are bounded and audit-visible.

Maps the shared bulk operation endpoints that power multi-select task, label, and comment workflows.

Analytics

focus-coaching.*my-work.focus-coaching.*

App API

/v1/focus-coaching/*

MCP target

atlas_focus_coaching_suggestions

Validation

Suggestions are caller-scoped.Response text is bounded and deterministic under fixtures.No raw calendar/provider payloads are exposed.

Maps the focus coaching suggestion endpoint used by My Work and planning guidance surfaces.

Analytics

task-types.*settings.task-types.*

App API

/v1/task-types/v1/task-types/*/v1/projects/*/task-types/v1/projects/*/task-types/*

MCP target

atlas_task_types_listatlas_task_types_getatlas_project_task_types_listatlas_project_task_types_getatlas_project_task_types_get_by_id

Validation

Catalog reads are tenant-scoped.Type keys are normalized before lookup.Task-type metadata is bounded and safe for command palette indexing.

Covers global and project-scoped task type catalog/list/key/id readback endpoints.

Analytics

projects-extra.*

App API

/projects/*/project-risks/*/v1/project-risks/*/project-milestones/*/project-status-updates/*/project-dependencies/*/v1/project-dependencies/*/project-stakeholders/*/initiatives/*/portfolios/*/cycles/*/board-columns/*

MCP target

planned: atlas_projects_risks_listplanned: atlas_projects_milestones_list

Validation

Tenant-scoped project authorization.Risk and milestone payloads bounded.Dependency cycles rejected.

Project platform extras under /projects, /project-risks, /v1/project-risks, /project-milestones, /project-status-updates, /project-dependencies, /v1/project-dependencies, /project-stakeholders, /initiatives, /portfolios, /cycles, and /board-columns cover risks, milestones, status updates, dependencies, stakeholders, initiatives, portfolios, cycles, and board column configuration.

Analytics

goals.*

App API

/goals/*

MCP target

atlas_goals_listatlas_goals_getplanned: atlas_goals_create

Validation

Tenant-scoped goal authorization.Goal target metrics validated.Progress updates audit-logged.

Goals platform endpoints under /goals cover the full goal catalog: CRUD, progress updates, alignment with cycles, and team scoping.

Analytics

meetings.*

App API

/meetings/*/v1/meetings/*/v1/meeting-insights/*/v1/video-attachments/*

MCP target

planned: atlas_meetings_listplanned: atlas_meetings_summarize

Validation

Tenant-scoped meeting authorization.Recording access gated by participant ACL.AI summaries flagged as machine-generated.

Meetings endpoints under /meetings, /v1/meetings, /v1/meeting-insights, and /v1/video-attachments cover meeting CRUD, AI-powered insights, transcripts, and video attachment uploads.

Analytics

wiki.*

App API

/v1/wiki/*/v1/wiki-presence/*/v1/wiki-collab/*

MCP target

atlas_list_wiki_pagesatlas_get_wiki_pageatlas_create_wiki_pageatlas_update_wiki_pageatlas_delete_wiki_pageatlas_publish_wiki_pageatlas_post_wiki_commentatlas_set_wiki_tagsatlas_search_wikiatlas_get_wiki_graph

Validation

Tenant-scoped wiki authorization.Realtime collab payloads HMAC-signed.Bounded page size.

Wiki platform endpoints under /v1/wiki, /v1/wiki-presence, and /v1/wiki-collab cover wiki page CRUD, realtime presence, and collaborative edit broadcast.

Analytics

blog.*

App API

/blog/*

MCP target

planned: atlas_blog_posts_list

Validation

Tenant-scoped authoring authorization.Published reads cacheable; drafts caller-scoped.Bounded post body size.

Blog endpoints under /blog cover internal blog post authoring, publishing, and reads across the tenant.

Analytics

automations.*

App API

/automations/*

MCP target

atlas_automations_listatlas_automations_createatlas_automations_getatlas_automations_updateatlas_automations_deleteatlas_automations_enableatlas_automations_disableatlas_automations_list_runsatlas_list_workflow_templatesatlas_install_workflow_templateatlas_script_automations_listatlas_script_automations_createatlas_script_automations_getatlas_script_automations_updateatlas_script_automations_deactivateatlas_script_automations_runatlas_script_automations_list_runs

Validation

Tenant-admin authorization to author scripts.Scripts sandboxed and runtime-bounded.Run history audit-logged.

Automations platform endpoints under /automations cover script authoring, trigger configuration, run history, and operational reads for the no-code automation surface.

Analytics

custom-roles.*

App API

/custom-roles/*

MCP target

planned: atlas_custom_roles_list

Validation

Tenant-admin authorization.Role definitions validated against permission schema.Assignment changes audit-logged.

Custom roles endpoints under /custom-roles cover role definition CRUD, permission scoping, and assignment management across modules.

Analytics

undo.*

App API

/undo-entries/*/v1/trash/*/quick-links/*/v1/shortcuts/*

MCP target

atlas_list_quick_linksatlas_create_quick_linkatlas_update_quick_linkatlas_delete_quick_linkatlas_list_trashatlas_restore_trash_itematlas_purge_trash_itemplanned: atlas_undo_history

Validation

Caller-scoped reads.Undo windows time-bounded.Trash retention enforced per tenant policy.

Undo and recovery endpoints under /undo-entries, /v1/trash, /quick-links, and /v1/shortcuts cover undo stack reads, trash recovery, quick links, and keyboard shortcut definitions.

Analytics

inbox.*

App API

/today-scheduler-drift-feed/*/scheduler-drift-mute-state/*/appointments/*

MCP target

atlas_get_scheduler_drift_mute_stateatlas_upsert_scheduler_drift_mute_stateatlas_reset_scheduler_drift_mute_stateplanned: atlas_scheduler_drift_feed

Validation

Caller-scoped feed reads.Mute windows time-bounded.Bounded payload size on feed fetch.

Inbox and scheduler drift endpoints under /today-scheduler-drift-feed, /scheduler-drift-mute-state, and /appointments cover the today drift feed, mute state controls, and appointment notifications shown on the planner.

Analytics

pdf-platform.*

App API

/v1/pdf/*/v1/pdf-studio/*/v1/pdf-secure/*/v1/pdf-convert/*/v1/pdf-ocr/*

MCP target

planned: atlas_pdf_platform_status

Validation

Tenant-scoped pdf authorization.OCR jobs runtime-bounded.Secure shares HMAC-signed and revocable.

PDF platform endpoints under /v1/pdf, /v1/pdf-studio, /v1/pdf-secure, /v1/pdf-convert, and /v1/pdf-ocr cover PDF tooling APIs, secure share links, conversion pipelines, and OCR job orchestration.

Analytics

docs-platform.*

App API

/v1/docs/*/v1/postman-environment.json/v1/postman.json

MCP target

atlas_docs_api_reference_htmlatlas_docs_postman_collectionatlas_docs_postman_environment

Validation

No tenant-scoped data in generated docs.Generated artifacts cacheable.Postman environment templates exclude live secrets.

Docs platform endpoints under /v1/docs, /v1/postman-environment.json, and /v1/postman.json cover generated documentation portals, Postman environment exports, and OpenAPI reference artifacts.

Analytics

extension-errors.*

App API

/v1/extension-errors/*

MCP target

planned: atlas_extension_errors_list

Validation

Caller-scoped error submission.Bounded error payload size.Sensitive headers stripped.

Extension error endpoints under /v1/extension-errors cover browser extension crash and exception ingest, replay, and internal review for extension stability monitoring.