Agentic Access (MCP)

Mirox lets an external AI agent operate the platform on your behalf — under your exact permissions — through the Model Context Protocol (MCP). The platform runs an MCP server that exposes its capabilities as agent tools, so any MCP-compatible client can read your data, manage your plants, and run operations the same way you would in the interface or with the REST API, never exceeding what your own access allows.

Concept

MCP (Model Context Protocol) is an open standard that lets an AI agent discover and call the functions a system makes available. Mirox publishes its capabilities as a catalog of MCP tools — each tool is one well-defined operation, such as listing your plants, reading a metric, or proposing a change to a plant's details.

An agent connects to the Mirox MCP endpoint, sees the tools it is allowed to use, and calls them to get work done. Because every tool runs through the same access checks and the same business logic as the interface and the REST API, the agent sees exactly what you would see and can do exactly what you can do — no more.

Note: the agent's token and your underlying role decide which tools succeed — the agent can never reach beyond your own access.

Two Halves of the Mirox AI Surface

This page covers programmatic, agentic control via MCP. For the in-platform conversational experience — the chat assistant and the guided wizards you start from the interface — see the AI Assistant & Wizards. The two share the same underlying tools; this page is about driving them from your own external agent.

What You Can Do

Through MCP tools, an agent can work across the platform much as you do by hand:

  • Read your estate — list and inspect your portfolios, plants, plant events, and tickets.
  • Query performance data — pull time-series metrics and run MiroxQL queries for the plants you can access.
  • Manage plants — propose creating a new plant or updating its basics, dates, address, business details, components, contacts, and performance-ratio values.
  • Handle operations — open and list tickets, review a plant's direct-VPN connection state, and propose a safe configuration fix.
  • Work with documents — search, read, and attach files in document storage, and read the product documentation.

Write operations follow a propose-then-apply pattern: the agent proposes a change and the result is presented for review and acceptance, rather than being written blindly. This keeps you the decision-maker even when an agent is doing the preparation.

Coverage Mirrors the REST API

The tool catalog is curated and expanding — Mirox adds tools as capabilities are made agent-ready, rather than auto-generating one per endpoint. To keep coverage broad in the meantime, the catalog also includes a read-only fallback that lets an agent discover and call the platform's REST endpoints (GET only) within your permissions, so an agent is not limited to only the curated tools for reading data.

Connecting an AI Agent

Connecting any MCP-compatible client takes two steps.

  1. Create a scoped API token. In your profile, create an API token and choose the permission group that matches the job — Full Access for an agent that needs to operate the platform, or a narrower group (Reporting, Timeseries Database) for read-only work. The full token value is shown only once, so store it securely. See the API tokens usage guide for the step-by-step flow.

  2. Point your MCP client at the Mirox MCP endpoint and authenticate with that token. Mirox uses the same scoped API tokens as the REST API: the client sends the token in the standard Authorization: Bearer <api_token> header. Once connected, your client lists the available tools and can begin calling them.

Tokens Are Created in a Logged-In Session

You can create, rotate, and revoke API tokens only from an active browser login — one token can never mint another. Treat an agent's token like any other credential: give it the narrowest permission group that still works, set an expiry, and revoke it the moment it is no longer needed.

Permissions & Control

An agent acting through MCP is bound by exactly the same controls as you are — there is no special agent privilege. Three things, together, decide what any tool call may do:

  • The API token's permission group. A token scoped to Reporting or Timeseries Database can only do read/export work; only a Full Access token lets an agent operate the platform. The group can only ever narrow access, never widen it.
  • Your underlying role. The token always acts as you. Whatever an Operator, Technical Manager, Asset Manager, Asset Manager (Technical), Asset Manager (Commercial), Admin, Moderator, Member, or External user can reach is the ceiling for the agent — on a per-plant and per-portfolio basis, with cooperations honored exactly as elsewhere.
  • The full permission model. Every tool call passes through the same layered checks as a normal request — token scope, platform standing, your organization role, and the per-plant job check — so access is decided the same way it is across the whole permission system.

Two platform guarantees apply to everything an agent does:

  • No secrets to the agent. MCP tools never expose VPN keys, certificates, pre-shared keys, tokens, or any other credential. An agent can propose a direct-VPN fix, for example, without ever seeing the underlying keys.
  • Everything is audited. Each tool call is attributed to you and recorded, exactly like any other access to your account, so agentic activity stays accountable and reviewable.

Chat Assistant vs. Agentic MCP

The in-platform chat assistant and wizards are the built-in AI surface you use from the interface; they call these same tools internally on your behalf, and an organization can add its own upstream MCP servers to enrich the assistant. Agentic MCP, documented here, is the external surface: you bring your own MCP-compatible agent and connect it with an API token. Both run under your permissions; the difference is who drives — the platform's own assistant, or an agent you operate.

  • AI Assistant & Wizards — the built-in chat assistant and guided wizards that use these same tools from inside the platform
  • API Tokens — the scoped, revocable credentials an agent authenticates with
  • Permission System — the layered access model and permission groups that bound everything an agent can do
  • Audit Logging — where agentic activity is recorded alongside other access to your account
  • API Tokens Usage Guide — step-by-step token creation for connecting an agent
MIT Licensed | Copyright 2026 Mirox Verwaltungs GmbH