Plain MCP connector for AI agents

CALL ANY TOOL

Read and upsert customers, threads, tenants, custom fields, and help center articles. Same toolkit, every framework, no auth plumbing.

plainmcp_get_customers

Get customers

Retrieve customer records from Plain with optional filters by email, external ID, or status.

Parameters

Name

Type

Required

Description

email

string

Optional

Customer email filter

external_id

string

Optional

Customer external ID

limit

integer

Optional

Max customers to return

plainmcp_upsert_customer

Upsert customer

plainmcp_upsert_thread_field

Upsert thread field

plainmcp_upsert_tenant

Upsert tenant

plainmcp_upsert_tenant_field

Upsert tenant field

plainmcp_update_thread_title

Update thread title

plainmcp_upsert_help_center_article

Upsert help center article

Build your Agent

Drop the toolkit in, point it at the user, and your agent can read and update Plain customers, threads, and help center content from the first run.

import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["plainmcp"], toolNames: ["plainmcp_get_customers", "plainmcp_upsert_customer", "plainmcp_upsert_thread_field"] },
  pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  schema: z.object({}).passthrough(),
  func: async (args) => {
    const { data } = await sk.tools.executeTool({
      toolName: t.tool.definition.name,
      identifier: "user_123",
      params: args,
    });
    return JSON.stringify(data);
  },
}));

const agent = createReactAgent({ llm, tools: lcTools });

import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["plainmcp"], toolNames: ["plainmcp_get_customers", "plainmcp_upsert_customer", "plainmcp_upsert_thread_field"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  type: "function",
  function: {
    name: t.tool.definition.name,
    description: t.tool.definition.description,
    parameters: t.tool.definition.input_schema,
  },
}));

const resp = await openai.responses.create({
  model: "gpt-4o", input: prompt, tools: llmTools,
});

import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["plainmcp"], toolNames: ["plainmcp_get_customers", "plainmcp_upsert_customer", "plainmcp_upsert_thread_field"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
  model: "claude-sonnet-4-6", max_tokens: 1024,
  tools: llmTools,
  messages: [{ role: "user", content: prompt }],
});

import { Agent } from "@google/adk/agents";
import {
  MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
  connectionParams: new StreamableHTTPConnectionParams({
    url: "https://mcp.scalekit.com/plainmcp",
    headers: { Authorization: `Bearer ${userScopedToken}` },
  }),
});

const agent = new Agent({
  name: "agent", model: "gemini-2.0-flash",
  tools: await toolset.getTools(),
});

Try these prompts

Paste any prompt into your agent to start managing Plain support data from your workflows.

Customer & thread updates

Copy the prompt

Copied

Find all open threads for tenant [name] and set priority to high.

Copy the prompt

Copied

Tag every thread mentioning [keyword] with [tag].

Copy the prompt

Copied

Update customer [email] with company=[name] and plan=[tier].

Help center

Copy the prompt

Copied

Draft a help center article for [topic] and publish it.

Copy the prompt

Copied

Update the [slug] article with a new troubleshooting section.

Copy the prompt

Copied

List all help center articles tagged [category].

SEE HOW AUTH WORKS

Users authorize Plain once. Their credentials stay vaulted, every call is checked, and every action is logged.

1

Authorize

Your user connects

Plain MCP

once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access

Who:

user ‘A’

when:

Once per user

access:

Limited to user

2

Store

Their

Plain MCP

token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection

vault:

encrypted

scope:

per-user

tokens:

auto-refreshed

3

Resolve

When your agent calls a

Plain MCP

tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs

speed:

~40ms

check:

before every call

seen by:

nobody

4

Audit

Every

Plain MCP

tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it

history:

90 days

export:

SIEM-ready

logged:

every call

Test other agents

Same per-user auth pattern across other CRM and support connectors.

No items found.

Why Scalekit

Secure your agent's access. Connectors ship in minutes

Other connector libraries treat auth as a demo afterthought. Scalekit starts with user identity, scope enforcement, and audit.

01.

Shared tokens break per-user analytics

A shared token looks fine in a demo. In production every call looks like a service account. Scalekit resolves the real user credential so attribution, audit, and scope stay accurate.

// shared token
 audit → bot_service_account
 user_filter → broken

 // scalekit
 audit → user_abc
 scope → enforced ✓

02.

Authentication is not authorization

03.

Multi-tenancy is architectural

04.

Plain MCP today. Others tomorrow.

“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”

Venu Madhav Kattagoni

Head of Engineering / Von

FAQs

Frequently Asked Questions

Does the agent act as the user or a shared key?

As the user. Each Plain user authorizes once and Scalekit resolves their credential at request time. All updates are attributed to that user.

Where is the Plain OAuth token stored?

In Scalekit's AES-256 vault, namespaced per tenant. Refresh is automatic. Tokens never appear in prompts or LLM context.

Can I restrict the agent to read-only operations?

Yes. Use listScopedTools to allow get_customers without granting any upsert tools.

What happens when a user revokes Plain access?

The connection is invalidated on the next tool call. Subsequent requests fail closed with a clear error.

Can the agent combine Plain data with other systems in one workflow?

Yes. A single agent can read Plain threads and update records in another connector in the same workflow, each using the same user identity.

Plain MCP

Tools your agent reaches for on Plain MCP, scoped per user.