When an MCP client (Cowork, Claude Desktop, ChatGPT, any compatible agent) calls check_permission for a tool name oakallow doesn't recognize for your org, we auto-register it for you. The new tool lands as a draft with default_permission=requires_approval, and you triage it from the dashboard's Tools page under Recently Discovered.
Your agent doesn't have to wait for you. The check_permission call comes back immediately with requires_approval, your agent's tool dispatch creates an approval request, and you handle the actual decision when the notification reaches you. The catalog grows as your agent works, nothing executes without your sign-off.
- Auto-discovered tools come in with conservative annotation defaults — destructive=true, idempotent=false, open-world=true, read-only=false. The semantics of an unknown tool are unknown, so oakallow plants the cautious reading. You adjust them when you review the tool. Until you do, the dashboard shows a needs annotations chip.
- Auto-discovery is MCP-only. The REST permissions check endpoint does NOT auto-create. REST callers manage their catalog explicitly through POST /v1/tools.
- Rate limits prevent runaway. Defaults are 50 auto-creates per hour and 500 lifetime per org, both configurable. When a cap is hit, the verdict is still requires_approval (so the call stays gated) but no new row is added until you triage existing discoveries.
- A tool.auto_created webhook fires on every successful auto-create so you can pipe discovery events to Slack, PagerDuty, or any custom destination.
This is what makes oakallow + Cowork (or any MCP agent) work without pre-registering anything. Connect once, run your agent, triage what shows up.