# Posview

Plan, preview, draft, and request human-reviewed social post changes in Posview workspaces.

App profile:
- Name: Posview
- Version: 2026-06-07
- Connector description: Plan, preview, draft, and request human-reviewed changes for social media posts in Posview workspaces.
- Value proposition: Safely connect ChatGPT / OpenAI Apps to a Posview workspace so AI can read social post context, create drafts, store proposals, and create confirmation requests without bypassing approval, scheduling, or publishing gates.
- Target users: social media operators, agency teams, brand managers, in-house marketing teams
- Initial submission profile: json_mcp_tools_only | The initial public submission uses OAuth-enabled MCP JSON tools only; no ChatGPT Apps SDK iframe component is enabled.
- Requested OAuth scopes: agent:read agent:draft agent:schedule:prepare agent:confirm:create
- Human review boundary: AI creates drafts, directly updates explicitly selected unapproved drafts, creates proposals and pending confirmation requests, and can move unapproved drafts to reversible trash. Approval, scheduling execution, publishing, permanent deletion, posted/approved content changes or deletion, billing changes, and member removal require Posview permissions and human confirmation.
- Direct actions not exposed to AI: approve posts, schedule posts, publish posts, permanently delete posts, delete posted or approved posts, delete workspaces, change billing, remove members

Primary use cases:
- Read workspace context and posting constraints.
- Search posts and read preview-safe post details.
- Create new draft posts.
- Directly update explicitly selected unapproved draft content or draft schedule candidates.
- Move explicitly selected unapproved drafts to the reversible trash.
- Store caption or schedule proposals for existing posts.
- Create confirmation requests that a Posview user approves or rejects.

Posview is an AI-ready social media operations workspace for teams.
It is designed to be the source of truth for social media drafts, previews,
review, approval, scheduling preparation, and publishing status.

Resolve relative URLs against the origin that served this file.

Primary product path:
/

API schema for AI agents and GPT Actions:
/openapi.json

MCP tools catalog:
/mcp-tools.json

MCP Streamable HTTP endpoint:
/api/mcp

ChatGPT connector metadata:
/ai-connector.json

Public discovery files:
/robots.txt
/sitemap.xml

Human-readable official app AI connection guide:
/en/apps/ai-agents

Japanese official app AI connection guide:
/jp/apps/ai-agents

Support:
/support

English support:
/en/support

Japanese support:
/jp/support

Important behavior:
- Posview stores the canonical post, platform captions, media references,
  preview state, approval state, and publishing jobs.
- AI agents may read workspace context and posts when authorized.
- AI agents may create draft posts and proposals for human review.
- AI agents must not directly approve, schedule, publish, delete workspaces,
  change billing, remove members, or expose OAuth tokens.
- Publishing requests must go through Posview permissions, Publish Add-on
  gates, SNS connection checks, approval state, audit logs, and human
  confirmation.

Current Agent API:
- Agent API v1 is for approved publishing execution and result reporting.
- Agent API v2 is for reading context, reading posts, creating new draft
  posts, storing pending post proposals, and creating human confirmation
  requests.
- Posview MCP exposes the same safe v2 surface over Streamable HTTP for
  MCP-capable clients. It accepts Posview AI OAuth access tokens and existing
  approved Agent API key bearer authentication through the same scope checks.

Supported AI-facing Agent API v2 endpoints:
- GET /api/agent/v2/capabilities -> capabilities | read | scopes: none | output: AgentApiCapabilities
- GET /api/agent/v2/workspace/context -> workspace.getContext | read | scopes: agent:read | output: #/components/schemas/WorkspaceContextResponse
- GET /api/agent/v2/posts -> post.search | read | scopes: agent:read | output: #/components/schemas/PostSearchResponse
- GET /api/agent/v2/posts/{postId} -> post.get | read | scopes: agent:read | output: #/components/schemas/PostDetailResponse
- GET /api/agent/v2/posts/{postId}/preview -> post.preview.get | read | scopes: agent:read | output: #/components/schemas/PostPreviewResponse
- POST /api/agent/v2/posts/draft -> post.draft.create | draft_create | scopes: agent:draft | output: #/components/schemas/CreateDraftResponse
- POST /api/agent/v2/posts/{postId}/proposals -> post.proposal.create | proposal | scopes: agent:draft agent:schedule:prepare | output: #/components/schemas/CreateProposalResponse
- POST /api/agent/v2/posts/{postId}/confirmation-requests -> confirmationRequest.create | confirmation_request | scopes: agent:confirm:create | output: #/components/schemas/CreateConfirmationResponse

Authentication:
For ChatGPT / OpenAI Apps, use the Posview OAuth flow exposed by
/.well-known/oauth-protected-resource and
/.well-known/oauth-authorization-server.
Existing approved advanced clients may use a pre-issued AI Agent API key
as an Authorization bearer token. Normal ChatGPT users should not copy API
keys; they should connect Posview through OAuth.

Runtime availability:
- AI OAuth and Agent API access is rechecked on every token exchange and runtime request. Posview blocks AI access for Free workspaces, global or workspace emergency mode, closed workspaces, inactive grants or memberships, unavailable connected editors, and insufficient OAuth scopes.
- Allowed plans: pro, agency
- Rechecked on: OAuth authorization code exchange, OAuth refresh token rotation, Agent API bearer authentication, MCP bearer authentication, MCP runtime tool calls
- oauth_plan_required -> The workspace effective plan is Free. Recovery: Move the workspace to Pro or Agency, then reconnect or retry the AI app.
- emergency_mode -> Global or workspace emergency mode is active. Recovery: Resolve emergency mode in Posview before retrying the AI operation.
- workspace_closed -> The workspace is closed or scheduled for deletion. Recovery: Use an active workspace or reopen the workspace before connecting AI clients.
- oauth_grant_inactive -> The OAuth grant, OAuth client, workspace membership, or connected editor is no longer active. Recovery: Reconnect Posview from the AI client and confirm the workspace membership is active.
- insufficient_scope -> The OAuth access token is missing the scope required by a tool. Recovery: Re-authorize Posview with the required scope, then retry the same operation.

Data minimization:
- Return only the workspace, post, platform, preview-safe, draft, proposal, and confirmation fields needed for the requested action.
- Do not return credentials, OAuth tokens, API keys, preview passcodes, payment identifiers, MFA secrets, or unrelated workspace data.
- Use stable post/workspace identifiers only when the AI client needs them for the next authorized Agent API or MCP call.
- Never send these to the AI client: SNS OAuth tokens, Agent API keys, preview passcodes, Stripe billing secrets, other workspaces
- AI-facing response field denylist: accessToken, refreshToken, tokenHash, apiKey, secret, password, mfaSecret, totpSecret, passcode, previewPasscode, billingAccountId, stripeCustomerId, stripeSubscriptionId, paymentMethodId, cardNumber, cvv, ssn, taxId, medicalRecord

Log retention:
- External Agent API and MCP tool prompt/response transcripts are not exposed to service admins as raw transcript logs. Posview retains the minimal connection, token hash, attribution, operation, post history, and audit records needed for revoke, security, usage, and workspace audit flows.
- Raw prompt/response transcripts visible to service admins: false
- Retained audit records: OAuth grant status, refresh token hashes, connected editor attribution, OAuth client attribution, Agent API/MCP operation metadata, post history and audit summaries for write-side actions

Retention and deletion:
- AI connector data retention is scoped to the minimum records needed for revoke, security, usage, and workspace audit flows. Posview does not keep a separate AI-owned copy of workspace content; post, draft, proposal, and confirmation data remain governed by the normal workspace, post, account deletion, and legal retention processes.
- tool_payloads_and_raw_transcripts -> Raw AI prompt/response transcripts and transient tool payloads | retained: No Service Admin raw prompt/response transcript view for external Agent API / MCP tool activity, No repository-stored ChatGPT screenshot or transcript evidence | deletion: Do not treat raw AI transcripts as a retained Posview admin log. External review evidence is kept outside the repository and removed or redacted through the approved evidence process.
- oauth_grants_and_refresh_hashes -> AI OAuth grants, grant status, and refresh token hashes | retained: OAuth grant status, refresh token hashes, connected editor attribution, OAuth client attribution | deletion: Deactivate or revoke the grant, invalidate token hashes, reject stale access, and retain only token-free audit summaries when needed for security or legal obligations.
- operation_metadata_audit -> Agent API / MCP operation metadata and audit summaries | retained: tool name or action id, timestamp and status, workspace and actor attribution, post history and audit summaries for write-side actions | deletion: Delete or anonymize records that are no longer needed, while preserving legally required, security-critical, or aggregated audit records without credential material.
- workspace_content_drafts_proposals_confirmations -> Workspace posts, drafts, proposals, and confirmation requests | retained: canonical workspace posts, draft posts created by authorized AI calls, pending proposals, pending confirmation requests | deletion: Use the normal Posview workspace/post deletion and anonymization flows. The AI connector does not keep a separate workspace-content copy outside those records.
- reviewer_credentials_external_evidence -> OpenAI review credentials and ChatGPT screenshot evidence | retained: no review account credentials in generated packets, no OAuth tokens, OTP codes, preview passcodes, or SNS provider tokens in repository evidence, external screenshots or notes only in the approved evidence location | deletion: Keep credentials in the approved secure channel only, rotate or revoke review access after review, and redact or remove external screenshots according to the approved evidence process.

Apps SDK component CSP:
- Component UI enabled: false | submission profile: json_tools_only
- Component origin: https://posview.app | connectDomains: https://posview.app | resourceDomains: https://posview.app | frameDomains: none
- openExternal redirect domains: https://posview.app

Current MCP tools (Registry-derived):
- posview_get_workspace_context -> workspace.getContext | Read only | read_only | OAuth scopes: agent:read | output: #/components/schemas/WorkspaceContextResponse | structured root: root
  Tool description: Use this when ChatGPT needs plan, AI availability, connected platforms, and publishing constraints for the authenticated Posview workspace. Do not use to read member lists, billing account ids, OAuth tokens, or workspace secrets.
  Guardrail: Does not change workspace state.
- posview_search_posts -> post.search | Read only | read_only | OAuth scopes: agent:read | output: #/components/schemas/PostSearchResponse | structured root: posts
  Tool description: Use this when ChatGPT needs to find draft or reviewable posts before choosing one for a read, draft, proposal, or confirmation workflow. Do not use to search other workspaces, deleted posts, billing data, or provider credentials.
  Guardrail: Does not change workspace state.
- posview_get_post -> post.get | Read only | read_only | OAuth scopes: agent:read | output: #/components/schemas/PostDetailResponse | structured root: post
  Tool description: Use this when ChatGPT needs the selected post's planning content, platform captions, schedule, media summary, and review state. Do not use to approve, schedule, publish, delete, or read secrets.
  Guardrail: Does not change workspace state.
- posview_get_post_preview -> post.preview.get | Read only | read_only | OAuth scopes: agent:read | output: #/components/schemas/PostPreviewResponse | structured root: preview
  Tool description: Use this when ChatGPT needs to check whether a selected post has a safe preview URL or preview availability status. Do not use to reveal preview passcodes, storage secrets, provider secrets, or share preview URLs unless the user asks.
  Guardrail: Does not change workspace state.
- posview_create_draft_post -> post.draft.create | Draft only | draft_only | OAuth scopes: agent:read agent:draft | output: #/components/schemas/CreateDraftResponse | structured root: post
  Tool description: Use this when ChatGPT should create one new draft-only Posview post with optional platform captions, schedules, or explicit same-workspace media-copy references for human review. If the user asks for multiple new drafts, use posview_create_draft_posts instead of calling this tool repeatedly. This creates a new draft record, so do not retry automatically unless the user asks. Do not use to approve, schedule directly, publish, delete, upload new media, expose media storage keys, or create provider-side jobs.
  Guardrail: Creates draft posts only; it does not approve, schedule, or publish.
- posview_create_draft_posts -> post.draft.batchCreate | Draft only | draft_only | OAuth scopes: agent:read agent:draft | output: #/components/schemas/CreateDraftsResponse | structured root: drafts
  Tool description: Use this when ChatGPT should create multiple new draft-only Posview posts for human review in one user-approved batch, including repeated weekly drafts or explicit same-workspace media-copy references. Put every requested draft in the drafts array instead of calling posview_create_draft_post repeatedly. This creates one draft record per item, so do not retry automatically unless the user asks. Do not use to approve, schedule directly, publish, delete, upload new media, expose media storage keys, or create provider-side jobs.
  Guardrail: Creates draft posts only; it does not approve, schedule, or publish.
- posview_update_draft_posts -> post.draft.update | Draft update only | draft_update_only | OAuth scopes: agent:read agent:draft | output: #/components/schemas/UpdateDraftPostsResponse | structured root: updatedPosts
  Tool description: Use this when ChatGPT should directly update one or more explicitly selected unapproved draft-only Posview posts after the user asks to edit the draft itself. When the user asks to edit multiple drafts, include every selected draft in one updates array instead of calling per post. This changes Posview draft records and records reversible before/after edit history, so do not retry automatically unless the user asks. Do not use to update approved, posted, deleted, or inaccessible content, approve, schedule directly, publish, delete, create provider-side jobs, change billing, manage members, or expose secrets.
  Guardrail: Directly updates explicitly requested unapproved drafts only and records reversible history; it does not approve, schedule, or publish.
- posview_move_draft_posts_to_trash -> post.draft.trash | Reversible draft trash | draft_trash_only | OAuth scopes: agent:read agent:draft | output: #/components/schemas/MoveDraftPostsToTrashResponse | structured root: movedPosts
  Tool description: Use this when ChatGPT should move one or more explicitly selected unapproved draft-only Posview posts to the reversible Posview trash after the user asks for cleanup. When the user names multiple drafts, include all selected ids in one postIds array instead of calling per post. This soft-deletes draft records only, so do not retry automatically unless the user asks. Do not use to permanently delete, trash posted or approved content, delete provider-side posts or media, approve, schedule, publish, change billing, manage members, or expose media storage keys.
  Guardrail: Moves explicitly requested unapproved drafts to the reversible trash only.
- posview_create_post_proposal -> post.proposal.create | Proposal only | proposal_only | OAuth scopes: agent:draft agent:schedule:prepare | output: #/components/schemas/CreateProposalResponse | structured root: proposal
  Tool description: Use this when ChatGPT should save a separate pending caption or schedule proposal for a selected post without applying it. This creates a new proposal record, so do not retry automatically unless the user asks. Do not use to directly edit, approve, schedule, publish, delete, or create provider-side jobs.
  Guardrail: Stores a human-review proposal without directly changing the post.
- posview_create_post_proposals -> post.proposal.batchCreate | Proposal only | proposal_only | OAuth scopes: agent:draft agent:schedule:prepare | output: #/components/schemas/CreateProposalsResponse | structured root: proposals
  Tool description: Use this when ChatGPT should save separate pending caption or schedule proposals for multiple selected posts in one batch without applying them. Put every selected post proposal in one proposals array instead of calling posview_create_post_proposal repeatedly. This creates one proposal record per item, so do not retry automatically unless the user asks. Do not use to directly edit, approve, schedule, publish, delete, create provider-side jobs, change billing, manage members, or expose secrets.
  Guardrail: Stores a human-review proposal without directly changing the post.
- posview_create_confirmation_request -> confirmationRequest.create | Pending confirmation | pending_confirmation_only | OAuth scopes: agent:confirm:create agent:draft agent:schedule:prepare | output: #/components/schemas/CreateConfirmationResponse | structured root: confirmationRequest
  Tool description: Use this when ChatGPT should leave a pending confirmation request for a human Posview user to review. This creates a new pending confirmation record, so do not retry automatically unless the user asks. Do not use to apply the request, approve, schedule directly, publish, delete, change billing, or manage members.
  Guardrail: Leaves a pending request for a Posview user to approve or reject.
- posview_create_confirmation_requests -> confirmationRequest.batchCreate | Pending confirmation | pending_confirmation_only | OAuth scopes: agent:confirm:create agent:draft agent:schedule:prepare | output: #/components/schemas/CreateConfirmationRequestsResponse | structured root: confirmationRequests
  Tool description: Use this when ChatGPT should leave pending confirmation requests for multiple selected Posview posts for human Posview users to review in one user-approved batch. Put every selected confirmation request in one requests array instead of calling posview_create_confirmation_request repeatedly. This creates one pending confirmation record per item, so do not retry automatically unless the user asks. Do not use to apply requests, approve, schedule directly, publish, delete, create provider-side jobs, change billing, manage members, or expose secrets.
  Guardrail: Leaves a pending request for a Posview user to approve or reject.

Error handling for AI clients:
- missing_bearer_token -> Authentication required | hint: Posview requires an Authorization bearer token for AI agent requests. | docs: /en/apps/ai-agents
  Recovery: Connect Posview through OAuth in ChatGPT/OpenAI Apps. Existing approved Agent API key clients should use their pre-issued bearer credential.
- invalid_access_token -> Access token is invalid or expired | hint: The AI client is using a token Posview cannot verify. | docs: /en/apps/ai-agents
  Recovery: Reconnect Posview from the AI client or refresh the OAuth access token before retrying.
- oauth_grant_inactive -> AI app connection is inactive | hint: The Posview OAuth grant, client, or workspace membership is no longer active. | docs: /en/apps/ai-agents
  Recovery: Open Posview Connected AI Apps, reconnect the app, and confirm the workspace membership is active.
- oauth_grant_expired -> AI app connection expired | hint: The Posview OAuth grant has expired. | docs: /en/apps/ai-agents
  Recovery: Reconnect Posview from ChatGPT/OpenAI Apps so a new grant can be issued.
- insufficient_scope -> Additional permission required | hint: Additional Posview OAuth scope is required for this tool. | docs: /en/apps/ai-agents
  Recovery: Ask the user to reconnect or re-authorize Posview with the required scope, then retry the same operation.
  Required scopes example: agent:draft
- oauth_plan_required -> Paid plan required | hint: AI OAuth access is available for Pro and Agency workspaces. | docs: /en/apps/ai-agents
  Recovery: Open Posview billing settings, move the workspace to Pro or Agency, then reconnect the AI app.
- plan_limit_exceeded -> Plan limit reached | hint: The workspace has reached a Posview plan limit for this operation. | docs: /en/apps/ai-agents
  Recovery: Open Posview billing or reduce workspace usage, then retry after the limit is available.
- emergency_mode -> Workspace access paused | hint: AI OAuth access is disabled while Posview emergency mode is active. | docs: /en/apps/ai-agents
  Recovery: Resolve emergency mode in Posview before retrying the AI operation.
- workspace_closed -> Workspace is closed | hint: AI OAuth access is disabled for closed workspaces. | docs: /en/apps/ai-agents
  Recovery: Use an active Posview workspace or reopen the workspace before connecting AI clients.
- editor_unavailable -> Connected user unavailable | hint: The Posview user connected to this AI app cannot currently use AI OAuth. | docs: /en/apps/ai-agents
  Recovery: Reconnect Posview with an active workspace Owner, Admin, or Editor account.
- platform_not_allowed -> Platform is outside the connection scope | hint: The connected AI credential is not allowed to use the requested SNS platform. | docs: /en/apps/ai-agents
  Recovery: Choose an allowed platform or reconnect Posview with the platform included in the connection scope.
- rate_limited -> Too many requests | hint: The AI client is sending requests faster than Posview allows. | docs: /en/apps/ai-agents
  Recovery: Wait briefly, reduce repeated tool calls, and retry with the same authorization.
- bad_request -> Request format needs adjustment | hint: The request body or parameters did not match the Posview tool schema. | docs: /en/apps/ai-agents
  Recovery: Review the tool schema, keep only supported fields, and retry with corrected arguments.
- internal_error -> Posview could not complete the request | hint: Posview hit an internal error while handling the AI request. | docs: /en/support
  Recovery: Retry after a short delay. If it repeats, contact Posview support with the tool name and timestamp.

Safety:
Treat Posview as the source of truth. Create drafts, proposals, or pending
confirmation requests first and ask a human to apply them in Posview.
Preview passcodes are never returned through Agent API or MCP. Do not share
preview URLs unless the user explicitly asks.