OppBox ships a hosted MCP server. Point Claude · or any MCP client · at it, sign in once, and your agent can read your deals, signals, threads and meetings, and prepare email for your review. The writes are few, guarded, and reversible.
"What's ghosted, what's due, what moved while I was off?" One question in Claude Desktop replaces the first 40 minutes of triage.
Brief + meeting history + last thread, fetched and synthesised before you join. ask_deal_meetings answers questions across every call on the deal.
The agent drafts revival emails for every ghosted deal · into your drafts folder, or scheduled with a cancellation window. You stay the sender of record.
query_oppbox reasons over deals, signals and threads and answers with the evidence it used · "which deals over $50k have no economic buyer?"
Everything is scoped to your workspace by the token. Reads are plain; writes are deliberately boring.
| Email · read | |
| list_threads | Inbox and label listings, deal-matched where a match exists |
| get_thread | Full thread with messages and deal context |
| search_threads | Provider-grade search across the inbox |
| list_labels · list_thread_attachments | Labels and attachments, enumerated |
| Pipeline · read | |
| list_deals · get_deal | Open opportunities with stage, value, contacts and activity |
| get_signals | The 14 computed signals for any deal, with their working |
| list_view | Ghosted, Stage, Today and Action-needed · the app's views, as data |
| get_deal_meetings · ask_deal_meetings | Meetings and calls on a deal · listed, or questioned in natural language |
| stats | Workspace-level pipeline stats |
| Intelligence · read | |
| generate_brief | The same Brief Me the app runs · state of play, risk, next step |
| query_oppbox | Natural-language questions over deals, signals and threads · answers with evidence |
| Workspace · read | |
| list_scheduled_sends · list_snippets · get_signature · list_workspace_members | The rep's own sending setup and team roster |
| Writes · guarded | |
| create_or_update_draft | Prepares or updates a draft · never sends; you review it in your email client |
| schedule_send | Queues a message for a future time · recipients are restricted to people already on the thread or in the deal's CRM contacts, and it's cancellable until release |
| cancel_scheduled_send | The undo for the above |
| set_signature | Updates your own signature |
We assume the agent might be confused, compromised or prompt-injected · and designed the write surface so it still can't hurt you.
Agents authenticate through the same WorkOS sign-in as the app · discovery, dynamic client registration and PKCE, per the MCP spec. No API keys to mint, leak or rotate. Access tokens live one hour; refresh tokens rotate.
Every call is resolved to your workspace and isolated there · the same forced row-level security that protects the app protects the MCP surface. Tokens carry no Salesforce org id and no email-provider credentials.
Anything that could eventually send is constrained to recipients already known to the workspace · thread participants, deal contacts, teammates. A hijacked agent cannot schedule email to an attacker's address.
Writes are audit-logged, all calls are rate-limited, and prompt-injection heuristics watch tool traffic. Instant-send doesn't exist: the strongest write is a scheduled send with an undo.
Claude Code, Claude Desktop, Codex · anything that speaks MCP's Streamable HTTP transport with OAuth discovery connects without configuration.
Claude Code
First tool use opens the browser for consent · then you're in.
Any other client
MCP access is part of the Core plan.
Start free, connect your stack, then add one line to your MCP client.