The agent protocol

Concept

Greenlight is agent-native. Coding agents register apps, read context, propose changes, and call internal systems entirely through a Model Context Protocol (MCP) interface, paired with a small set of universal Skills bundled in each agent plugin.

There is no human-language workaround. Anything an agent can do, it does through MCP.

MCP is the API

Greenlight exposes its functionality as a fixed catalog of MCP tools. Agents call them by name with structured arguments and get structured responses back. Authorization is bound to the user the agent session is attached to — the agent can never see or do anything that user couldn’t see or do.

The tool catalog covers app lifecycle (registerApp, resource.add, resource.remove), env configuration (env.list, env.set, env.remove, env.pull), context (knowledge.list, knowledge.get, knowledge.search, knowledge.propose), policy (getPolicies), permissions (requestPermissions), pipeline status, and operational utilities. Infra desired state lives in the control plane and is updated through MCP mutators. The full inventory lives in the MCP tools reference.

Skills are universal

Every Greenlight plugin ships with a small library of Skills files. These Skills are identical across every customer install. They teach the agent two things:

• The Greenlight protocol — which MCP tools exist, what they take, how to chain them, how to recover from errors.
• Workflow patterns — the canonical sequences for registering an app, opening a pull request, reading Knowledge, requesting an integration.

Skills do not contain customer-specific content. Everything specific to a particular organization — the design system, integration playbooks, app architecture — flows through Knowledge at runtime, not through baked-in plugin files.

This separation matters: a plugin update doesn’t depend on what any one customer has authored, and customer prose never gets shipped inside a binary plugin package.

One plugin per agent

Greenlight ships a separate plugin for each supported coding agent. They all expose the same MCP catalog and the same Skills body — only the packaging differs.

Agent	Install method
Codex	Marketplace plugin
Claude Code	Marketplace plugin
Cursor	MCP server registration
Copilot	MCP server registration
Gemini	MCP server registration

A plugin’s runtime configuration — the MCP endpoint URL, the plugin version, and a handful of org-specific facts the agent needs before its first MCP call — is delivered per organization. The plugin binary itself stays universal.

The agent’s scope is bounded

A Greenlight agent session is authenticated as a specific user and inherits exactly that user’s RBAC. It cannot escalate. It cannot impersonate. It cannot see apps the bound user doesn’t have access to, propose changes to integrations the user doesn’t own, or call tools the user’s role doesn’t permit.

If the agent runs into something its bound user can’t do, the only path forward is to ask the user to escalate — through the dashboard, the integration permission flow, or a conversation with IT. The agent doesn’t have a side door.

Tip

Universal Skills paired with per-organization Knowledge is what lets the same plugin work cleanly across very different customer environments. The plugin doesn’t need to know what you have until it asks.

Next

Knowledge The customer-specific prose layer Skills point agents to.

MCP tools reference Every tool, its inputs, outputs, and examples.

Install the agent plugin Wire your agent up to a Greenlight install.