Is DealSync compatible with Claude for Legal and Claude Cowork?

Yes. Our MCP server speaks the standard Anthropic Model Context Protocol over Streamable HTTP, with per-tool scopes and the Anthropic-spec tool safety annotations (readOnlyHint, destructiveHint, idempotentHint, openWorldHint) on every endpoint. Any Claude session, Claude Desktop install, Claude for Legal connector, or Claude Cowork agent can connect by minting an API key. Anthropic Connectors Directory submission is in progress.

What's the difference between a document MCP server and a workflow MCP server?

A document MCP exposes file search and retrieval. The agent reads. A workflow MCP exposes deal state, portfolio analytics, and write tools that change state. The agent acts. Most legal MCPs shipped this year are document MCPs sitting on top of a DMS or contract repository. DealSync ships a workflow MCP because the platform underneath is transactional, not a file store, and is built to sit alongside the DMS the firm already runs.

Why does it matter whether an MCP server is read-only?

Read-only servers can help an agent find a document. Write-capable servers let the agent finish the work. The M&A partner doesn't want to be told where the regulatory filing is; they want the agent to flag the three deals with covenant headroom below 10 per cent and surface the next action on each.

How does DealSync handle idempotency on write tools?

Every write tool accepts an idempotencyKey. The platform stores a 24-hour entry mapping the key plus a hash of the request body to the original response. The same key plus the same arguments returns the cached response. The same key plus different arguments returns a 409 conflict so an agent retrying after a network blip never double-resolves a clause.

Is DealSync in the Anthropic Connectors Directory?

Not yet. Tool safety annotations shipped on every endpoint on 2 June 2026, which clears the first of three Directory blockers. OAuth 2.1 with PKCE per the November 2025 MCP specification is in progress. We will update once the listing lands. Until then, our server is fully protocol-compatible and any Claude session can connect with an API key.

Why most legal MCP servers are read-only (and what changes when one isn't)

When Anthropic shipped Claude Cowork in April and Claude for Legal in May 2026, the legal industry got a working answer to “what does an AI agent at work look like.” Freshfields, Quinn Emanuel, Holland & Knight, and Crosby Legal were named in industry coverage as live users running Claude on real matters. Legal became the top power-user job function inside Cowork inside two months.

The race to be useful to those firms is now a connector race. In May 2026 alone, iManage, NetDocuments, Ironclad, Thomson Reuters CoCounsel, and Harvey all shipped MCP servers. Anthropic launched 20+ connectors and 12 practice-area plugins covering M&A, IP, Privacy, Litigation, and more. Pick any vendor with a logo in the legal tech aisle and they have either announced an MCP integration or are scrambling to.

There is a question hiding underneath that race. Most of those servers expose reads. DMS servers return documents the partner can already see. Ironclad’s MCP says explicitly that it never creates, edits, or deletes data. Harvey exposes legal Q&A and Vault analysis. Thomson Reuters surfaces Westlaw and Practical Law search.

That is useful. Reading documents faster is a real upgrade on the workflow lawyers run today. But it is the answer to the wrong question. The question that lands on the M&A partner running 15 simultaneous deals is not “find me a document.” It is “what is the next thing I need to act on, across the whole book?”

DealSync’s MCP server is the only one in this category built to answer that second question, because it sits on top of a transactional deal platform, not a document store.

What you can ask vs. what you can do

Here is the difference, made concrete.

An agent connected to a DMS MCP can answer:

“Find me the SPA on Project Atlas.”
“Show me every NDA we have with this counterparty.”
“Summarise the indemnity clause across these five contracts.”

An agent connected to DealSync’s MCP can answer all of those AND, depending on which side of the practice you sit:

VC rounds.

“Across our three live Series B rounds, which is closest to slipping its long-stop?”
“What was the average liquidation preference on our last ten closed Series B rounds with this lead?”
“Transfer possession of the draft SHA back to investor counsel and tell me what changed since they last had it.”
“Drive open redline 0x8b2c on Project Helix to APPROVE in the agent lane and notify the partner to promote it.”

M&A book.

“Across my 15 live deals, which have less than 10 per cent covenant headroom this month?”
“Order my open regulatory filings by long-stop minus expected-decision date.”
“Which earn-outs hit measurement-end inside the next 90 days?”
“Benchmark W&I cap as a percentage of EV across UK SaaS deals on the book.”

The first list is read. The second set is reads that need a transactional platform to compute, plus writes that need a transactional platform to execute.

What changes when an agent can write

Writing on a live deal looks the same as reading from the outside. The agent sends a request, the platform sends a response. Underneath, an agent that can resolve a redline or hand a draft back to the other firm has to be held to five guarantees a read-only server never has to think about:

No accidental duplicates. If the agent’s connection drops mid-action and it tries again, the platform recognises it as the same request and returns the original result instead of doing the work twice. The associate never wakes up to a redline that has been approved, un-approved, and re-approved while they slept.
A safety cap on how fast the agent can act. An agent stuck in a loop could otherwise fire hundreds of writes a minute. We cap reads and writes separately, per firm, so one agent going haywire cannot lock the rest of the firm out of the system.
An audit trail that distinguishes agent from human. Every action is tagged with where it came from: the web app, the agent, an API, or the platform itself. When a partner reviews yesterday’s activity, “what did the agent do, and what did my team do” is one filter, not a forensic exercise.
Hard walls between firms. If an agent ever asks about a document or deal that belongs to a different firm, the platform behaves as if it does not exist. It never even hints that it is there. We test this on every tool, every release.
A one-click undo on any change. Every write creates a version checkpoint automatically. If the agent’s change at 2 a.m. is wrong, the partner restores the prior state in a single click the next morning. No backup restore, no platform-team ticket, no “we will get back to you tomorrow.”

Why Ironclad stayed read-only

Of the MCP servers shipped this year by the contract platforms, Ironclad’s is the most explicit about its boundary: it never creates, edits, or deletes data. Read it as a sensible product decision and an honest one. Letting an agent write on a system you built in 2014 means betting your customers’ contracts on a safety story you have to invent on top of an architecture that predates the threat model.

Permissions were designed for human session security, not per-tool scopes. Audit was designed for compliance, not “did this row come from the partner or from the agent.” There is no version checkpoint on every state change because nothing in the original product ever needed one. Retrofitting all of that is the kind of project that gets killed at the third architecture review.

Read-only is the safe shipping choice when you cannot engineer reversibility in. The cost is that the agent never gets to finish the work.

How we made writes safe

Two fears come up every time we walk a partner through this. The agent goes wild. The agent makes a mistake we cannot back out of. Both are answerable in the platform, not in policy.

The agent only does what you grant

Permissions are per tool, per firm. The Series B associate’s connector may carry the scope to resolve redlines on Project Helix and nothing else. There is no superuser key.

A connector trying to call a tool it does not hold the scope for fails closed before any state changes, and the attempt is logged.

Agent writes have their own lane

Every document on DealSync sits in three parallel version tracks:

Internal: your firm’s working drafts.
Official: versions you have exchanged with the counterparty.
Agent: everything the agent has produced.

Agent writes never directly become Internal or Official. A human promotes them across the line. The partner scans a day’s agent output as a self-contained tab, diffs against the prior version, and either promotes it or throws it away.

You can reconstruct any moment

Audit captures every tool call, parameter, and response, for the agent and every human action alongside it.

“What was the state of Project Helix at 6 p.m. yesterday, before the agent touched it?” is one query, not a fortnight of forensics.

What happens when the agent gets it wrong

The agent resolves a redline at 2 a.m. that should not have been resolved. It lands in the agent lane. Nothing has been promoted. Nothing has gone out.

Scope contained the blast radius to one deal, not the book. The partner opens the deal in the morning, sees the bad call in the agent tab against the prior Official version, checks the audit for the prompt that drove it, and rejects it.

The mistake costs a click, not a deal.

Why this is hard to retrofit

Almost every legal product an agent might connect to was designed for a world without agents. The DMS was designed when “search” meant a human at a keyboard. The CLM was designed when “workflow” meant a sequence of human approvals. We built ours this year instead, in the agent era. These primitives, the scoped permissions, the version checkpoint on every write, the audit by channel, were day-one decisions, not migrations.

That is the durable difference. Built for agent workflows from day one. Not “AI native” (which every legal vendor now claims), but specifically: a transactional platform where every write was always going to be agent-callable.

What VC and M&A teams get on day one

The hooks we hear back from VC partners are version-control hooks. By the time a Series B closes there are typically 15 versions of the SHA across two firms’ inboxes. Nobody is sure which is current. DealSync gives both sides a single canonical version, hands the draft back and forth on a bilateral channel, and summarises what changed each time it moves. The agent runs the chase the associate used to.

The hooks we hear back from M&A partners are portfolio hooks. The agent can answer, in one go and across an entire deal book:

which deals are running out of covenant headroom
which earn-outs hit measurement-end inside the next 90 days
where the regulatory long-stop is closest to the expected-decision date
how consideration is split (cash vs. shares vs. earn-out) across the book
which completion mechanics (locked-box vs. completion accounts) are open and overdue
how this round’s W&I cap and retention sit against the rest of the book
which deals have missing or contradictory data the partner would want flagged before sign-off

These are the answers a partner used to chase three associates for. The agent now produces them in a sentence.

Both patterns require a platform that models deal state as a first-class object, not a file. That is what DealSync is.

Connecting Claude

Our MCP server speaks the standard Anthropic spec on Streamable HTTP, with per-tool scopes and tool safety annotations on every endpoint. Any Claude session, Claude Desktop install, Claude for Legal connector, or Claude Cowork agent can mint an API key today and start calling tools. Anthropic Connectors Directory submission is in progress; we will update once the listing lands.

Connecting other agents

MCP is vendor-neutral. Legora is already an open MCP host. A Legora customer can point their agent at DealSync directly today. Harvey’s Connector Library accepts third-party servers via application, and we are working through that pathway. No change to the platform underneath, no second integration to maintain.

If you are running a VC or M&A practice and want to stop chasing associates on Slack to find out what is overdue, email mark@dealsync.uk and we will set up a connector test account on your firm.

mcpmodel-context-protocolclaude-coworkclaude-for-legalanthropicmergers-and-acquisitionsventure-capitalagentic-aiai-safetyhuman-in-the-looplegal-ailegal-techcontract-reviewdue-diligence