Mycase

112 tools. 66 can modify or destroy data without limits.

19 destructive tools with no built-in limits. Policy required.

Last updated:

66 can modify or destroy data
46 read-only
112 tools total

Community server · catalogue entry verified 03/07/2026

How to control Mycase ↓

What Mycase exposes to your agents

Read (46) Write / Execute (47) Destructive / Financial (19)
Critical Risk

The most dangerous Mycase tools

66 of Mycase's 112 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Mycase

PolicyLayer is an MCP gateway — it sits between your AI agents and Mycase, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default
{
  "record_invoice_payment": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
{
  "delete_call": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "add_client_to_case": {
    "limits": [
      {
        "counter": "add_client_to_case_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "get_case": {
    "limits": [
      {
        "counter": "get_case_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Mycase — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MYCASE →

Instant setup, no code required.

All 112 Mycase tools

WRITE 47 tools
Write add_client_to_case Add a client to a case with an optional role. Write add_client_to_company Associate a client with a company. Write add_company_to_case Add a company to a case with an optional role. Write add_staff_to_case Associate a staff member with a case. Write add_staff_to_event Add a staff member to a calendar event. Write assign_task_to_staff Assign a task to a staff member. Write create_call Log a call. called_at: ISO 8601. call_type: inbound | outbound. call_for_staff_id: staff member the call is fo Write create_case Create a case. case_stage: must match an existing stage name. status: open | closed. Write create_case_message_thread Create a message thread on a case. client_ids/staff_ids: comma-separated IDs. Write create_case_note Create a note on a case. All three fields (note body, subject, date ISO 8601) are required. Write create_case_stage Create a new case stage. Write create_case_subfolder Create a subfolder within a case. path: relative path, e.g. 'Contracts/2026'. Write create_client Create a new client. Write create_client_note Create a note on a client. All three fields (note body, subject, date ISO 8601) are required. Write create_company Create a new company. Write create_company_note Create a note on a company. All three fields (note body, subject, date ISO 8601) are required. Write create_custom_field Create a custom field. parent_type: Case|Client|Lead. field_type: text|date|list|checkbox|number. list_options Write create_custom_field_option Add an option to a list-type custom field. Write create_event Create a calendar event. start/end: ISO 8601. staff_id is required. location_id: ID of a Location record. Write create_expense Create an expense entry. cost is per-unit cost. entry_date: YYYY-MM-DD. Write create_lead Create a new lead. Write create_location Create a new location. Write create_message_thread Create a message thread. client_ids/staff_ids: comma-separated IDs. Write create_people_group Create a new people group. Write create_practice_area Create a new practice area. Write create_referral_source Create a new referral source. Write create_task Create a task. priority: Low | Medium | High. due_date: YYYY-MM-DD. staff_id is required. Write create_time_entry Create a time entry. entry_date: YYYY-MM-DD. rate: dollars/hr. hours: decimal hours worked. Write create_webhook_subscription Create a webhook. model: resource type (case|client|company|event|lead|message). actions: comma-separated list Write post_message Post a message to an existing message thread. Write update_call Update a call log entry. resolved: 'true' or 'false' to set resolved status. Write update_case Update a case's name, status, description, or stage. Write update_case_stage Rename a case stage. Write update_client Update a client's details. Write update_company Update a company's details. Write update_custom_field_option Update an existing option on a list-type custom field. Write update_document Update a document's filename or description. Write update_event Update a calendar event. Write update_lead Update a lead. status: new | contacted | qualified | converted | closed. Write update_location Update a location's name. Write update_note Update a note's body text, subject, or date. date: ISO 8601. Write update_people_group Rename a people group. Write update_practice_area Rename a practice area. Write update_task Update a task. completed: 'true' or 'false' to set completion status. priority: Low | Medium | High. Write upload_case_document Upload a document directly to a case. Write upload_document Upload a new document. path is the file storage path/URL. Write upload_document_version Initiate a new version upload for an existing document. Returns upload instructions.
READ 46 tools
Read get_case Get a case by ID. Read get_case_folder Get the root document folder for a case. Read get_client Get a client by ID. Read get_company Get a company by ID. Read get_custom_field Get a custom field by ID. Read get_document Get document metadata by ID. Read get_document_data Get the download URL or data for a document's latest version. Read get_document_version_data Get the download URL or data for a specific document version. Read get_expense Get a specific expense entry by ID. Read get_firm Get this firm's profile and settings. Read get_lead Get a lead by ID. Read get_note Get a note by ID. Read get_staff_member Get a staff member by ID. Read get_time_entry Get a specific time entry by ID. Read list_all_document_versions List all document versions across the firm. Read list_calls List calls in the firm's call log. updated_after: ISO 8601. Read list_case_documents List all documents for a case. Read list_case_notes List all notes for a case. Read list_case_roles List all case roles (e.g. plaintiff, defendant, attorney). Read list_case_stages List all case stages configured in this firm. Read list_cases List cases. status: open | closed. Read list_cases_for_client List all cases associated with a client. Read list_client_message_threads List all message threads for a client. Read list_client_notes List all notes for a client. Read list_clients List clients. Filter by email, first_name, last_name, cell_phone_number, or updated_after (ISO 8601). Read list_companies List companies. Filter by name, email, or updated_after (ISO 8601). Read list_custom_field_options List all options for a list-type custom field. Read list_custom_fields List all custom fields configured in this firm. Read list_document_versions List all versions of a document. Read list_documents List documents, optionally filtered by case. Read list_events List calendar events. start_date/end_date: YYYY-MM-DD. Read list_expenses List expense entries. updated_after: ISO 8601 datetime to filter by last update. Read list_folder_documents List documents inside a specific folder. Read list_folder_subfolders List subfolders inside a specific folder. Read list_invoice_payments List invoice payments. status: pending|success|failure|error|timeout. payable_id: filter by invoice ID. Read list_invoices List invoices. status: draft | sent | paid | overdue. Read list_leads List leads. status: new | contacted | qualified | converted | closed. Read list_locations List all locations (courthouses, offices, etc.) in this firm. Read list_people_groups List all people groups (contact categories) in this firm. Read list_practice_areas List all practice areas defined in this firm. Read list_referral_sources List all referral sources configured in this firm. Read list_staff List all staff members in this firm. Read list_tasks List tasks. updated_after: ISO 8601 datetime to filter recently changed tasks. Read list_time_entries List time entries. updated_after: ISO 8601 datetime to filter by last update. Read list_webhook_subscriptions List all active webhook subscriptions for this firm. Read who_am_i Get the currently authenticated staff member's profile.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Mycase

Can an AI agent move money through the Mycase MCP server? +

Yes. The Mycase server exposes 1 financial tools including record_invoice_payment. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

Can an AI agent delete data through the Mycase MCP server? +

Yes. The Mycase server exposes 18 destructive tools including delete_call, delete_case, delete_case_stage. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Mycase? +

The Mycase server has 47 write tools including add_client_to_case, add_client_to_company, add_company_to_case. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Mycase.

How many tools does the Mycase MCP server expose? +

112 tools across 3 categories: Destructive, Read, Write. 46 are read-only. 66 can modify, create, or delete data.

How do I enforce a policy on Mycase? +

Register the Mycase MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Mycase tool call.

Deterministic rules across all 112 Mycase tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

112 Mycase tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.