Private Beta — Contact us to get set up.
The difference from internal
With internal MCP servers, you control the code. You trust it. The identity exchange gives the server a scoped token, and you’re confident it will use that token appropriately. External servers are different. You don’t control the code or deployment. You don’t know what the server does with the data it receives. Additional safeguards apply.How it works
Users connect external services through OAuth. They see a consent screen, authorize access, and the Tool Hub stores the token. When the user calls an external tool, the Hub uses that token. But it also inspects the request and response—guardrails run on external tool calls to catch prompt injection, PII leakage, and policy violations.What you get
User-consented access. Users explicitly authorize each external service. They see what permissions they’re granting. Admin visibility. You can require admin approval before users connect external services. No shadow IT—you know what’s connected. Content inspection. External tool calls flow through guardrails. Arguments are scanned before sending; responses are scanned before returning. See Trust Boundaries for how Char treats external tools differently.See also
Trust Boundaries
How Char classifies internal vs external tools