You can hand an AI assistant the keys to your phone agent — but only the keys you choose. What you are watching below is an AI coding assistant operating your Flowyte voice-agent platform over MCP: it grants itself nothing, it works inside your tenant, and it runs the same operations your dashboard does. The story here is not unsupervised autonomy. It is a scoped key you cut yourself and a human "go" before anything reaches a caller — and everything between those two points is filmed live on the product.
Key Takeaways
- You hand the assistant only the keys you choose: mint a scoped key that reads what it needs to see and writes only what it is here to build, then connect Claude Code — or any MCP client — with one line.
- Give it a plain instruction and, before it builds anything, it looks at what you already have — the calendar you connected, the voices in your catalog, the skills and playbooks that already exist — and reuses instead of duplicating.
- It builds a real agent in your tenant through the same operations the dashboard uses — persona, greeting, a voice from your catalog, a booking skill bound to your calendar, your own knowledge — and it all lands as unpublished changes.
- Going live is never one call for a machine: it compiles a pre-publish report, mints a token that dies in ten minutes, and only publishes after you read the report and say go — change the draft and the token is void.
- Every action ran the same org isolation, scopes, and rate limits your own clicks do, and left the same audit record, attributed by name to the key you minted — a key you can revoke any time, with no back door and no stored credentials.
- Day two, the same gateway reads your operations into the model’s context: conversations by channel, outcome, and sentiment, the org-wide rollup, and the signed receipt trail of a single conversation.
Mint a scoped key, then connect any MCP client
It starts with a key you cut yourself. You mint a scoped key: it can read what it needs to see, and write only what it is here to build. Nothing wider. Then you connect it to Claude Code — or any MCP client — with one line. That is the whole setup. Which means the assistant never has more reach than you granted in the moment you created the key, and the boundary of what it can touch is a decision you made, not a default you inherited.
Ask it in plain language — and it reuses what you have
You give it a plain instruction. Before it builds anything, it looks at what you already have: the calendar you connected, the voices in your catalog, the skills and playbooks that already exist. It reuses instead of duplicating. So it is not dropping a generic template on top of your account and hoping it fits — it is reading your tenant first and building on what is there. Which means the agent you end up with is stitched from your real assets, not a parallel set of near-duplicates you now have to reconcile.
It builds a real agent — as a draft in your tenant
Then it builds. A real agent, in your tenant, through the same operations the dashboard uses. A persona and a greeting. A voice it picked from your catalog. A booking skill bound to your calendar. The clinic's own knowledge, in the demo you are watching. Open the builder and it is all there — as unpublished changes. The banner says it plainly: nothing is live yet. Which means the assistant did the assembly work, but it did it in exactly the place you would have, using exactly the operations you would have used — and it left the result parked as a draft for you to inspect, not pushed out to your number.
Going live is never one call for a machine
Here is the part that matters most. Going live is never one call for a machine. First the assistant compiles a pre-publish report: what this agent will say, what it will never say, every warning. And it mints a token that dies in ten minutes. You read the report. You say go. Only then, with that fresh token, does publish work. Change the draft after the report, and the token is void — you publish what you reviewed, always. Which means there is no path where a machine quietly ships an edit you never saw: the thing you approved and the thing that goes live are guaranteed to be the same thing, or nothing goes live at all.
The audit trail, attributed to the key you minted
Nothing about this route is a side door. Every action the assistant took ran the same checks your own clicks do — org isolation, scopes, rate limits — and left the same audit record, attributed by name to the key you minted. A key you can revoke any time. No back door. No stored credentials. Which means the assistant is not a privileged exception to your security model; it is one more actor inside it, held to the same rules and written into the same log, so you can see precisely what was done, under which key, and pull that key the instant you want it gone.
Day two: your reports come to the model over MCP
And building is only day one. The same gateway reads your operations. Every conversation, with its channel, outcome, and sentiment. The org-wide rollup. Even the signed receipt trail of a single conversation — turn by turn, tool call by tool call, what the caller and the agent actually said — straight into the model's context. Your harness — Hermes, OpenClaw, Claude Code — runs the report you used to build by hand. Which means the same scoped connection that stood the agent up becomes the way you interrogate it in production: you ask your assistant how the line is doing, and it reads the real record rather than guessing.
Full transcript
Full transcript
You can hand an AI assistant the keys to your phone agent — but only the keys you choose. Mint a scoped key: read what it needs to see, write only what it's here to build. Then connect it to Claude Code — or any MCP client — with one line.
Give it a plain instruction. Before it builds anything, it looks at what you already have — the calendar you connected, the voices in your catalog, the skills and playbooks that already exist. It reuses instead of duplicating.
Then it builds — a real agent, in your tenant, through the same operations the dashboard uses. Persona, greeting, a voice it picked from your catalog, a booking skill bound to your calendar, the clinic's own knowledge. Open the builder and it's all there — as unpublished changes. The banner says it plainly: nothing is live yet.
Going live is never one call for a machine. First it compiles a pre-publish report — what this agent will say, what it will never say, every warning — and mints a token that dies in ten minutes. You read the report. You say go. Only then, with that fresh token, does publish work. Change the draft after the report, and the token is void. You publish what you reviewed — always.
Every action it took ran the same checks your own clicks do — org isolation, scopes, rate limits — and left the same audit record, attributed by name to the key you minted. A key you can revoke any time. No back door. No stored credentials.
And building is day one. The same gateway reads your operations: every conversation with its channel, outcome, and sentiment. The org-wide rollup. Even the signed receipt trail of a single conversation — turn by turn, tool call by tool call, what the caller and the agent actually said — straight into the model's context. Your harness — Hermes, OpenClaw, Claude Code — runs the report you used to build by hand.
Any MCP client. Your tenant, your scopes, your audit. Start free.
Common questions
Can an AI assistant safely manage my phone system?
Yes, because it never gets more than you grant. You hand it the keys to your phone agent — but only the keys you choose. You mint a scoped key that reads what it needs to see and writes only what it is here to build, connect any MCP client with one line, and every action it takes runs inside your tenant through the same operations the dashboard uses.
What stops the assistant from taking my agent live on its own?
Going live is never one call for a machine. Before anything publishes, the assistant compiles a pre-publish report — what the agent will say, what it will never say, every warning — and mints a token that dies in ten minutes. Only after you read the report and say go, with that fresh token, does publish work. Change the draft after the report and the token is void, so you always publish exactly what you reviewed.
What can the assistant actually see in my account?
Only what the scoped key allows. Before it builds, it looks at what you already have — the calendar you connected, the voices in your catalog, the skills and playbooks that already exist — so it can reuse instead of duplicating. Day two, the same gateway can read your operations: conversations by channel, outcome, and sentiment, the org-wide rollup, and the signed receipt trail of a single conversation, turn by turn.
Which AI assistants work with this?
Any MCP client. You can connect Claude Code with one line, and the same gateway serves your harness of choice — Hermes, OpenClaw, or Claude Code — reading your reports straight into the model’s context. The connection is your tenant, your scopes, and your audit, whichever client you point at it.
Does this bypass the API or your security rules?
No. It builds a real agent through the same operations the dashboard uses — the same public API surface, described in the guide to the [Flowyte MCP server](/learn/flowyte-mcp-server) and the [public API](/features/api). Every action ran the same checks your own clicks do — org isolation, scopes, rate limits — and left the same audit record, attributed by name to the key you minted. There is no back door and no stored credentials.
Can I revoke access, and what does it cost to start?
You can revoke the key any time — it is a key you minted, with no back door and no stored credentials, so pulling it ends the access. And you can start free: mint a scoped key, connect any MCP client, and build. See [pricing](/pricing) for the usage rates once your agent is live.
Start free — your tenant, your scopes, your audit
You just watched an AI assistant build a working voice agent the safe way: a scoped key you cut yourself, a plain instruction, a draft assembled from what you already have, and a human "go" before a single caller hears it. Any MCP client. Your tenant, your scopes, your audit. If you want the developer path, the same operations are a public API, and the Flowyte MCP server guide walks through the connection end to end. Prefer to build by describing it instead? Do that too.
Let an AI Assistant Build Your Voice Agent
Mint a scoped key, connect Claude Code or any MCP client with one line, and watch it build a real agent in your tenant — live only when you say go. Free credits at signup, no credit card required.
Start Building FreeAbout the Author

Flowyte Team
Product Team
The team behind Flowyte, the AI agent studio for phone and chat. We build the product, run it on our own phone lines, and write these guides from what we ship and test - not from theory.

