> ## Documentation Index > Fetch the complete documentation index at: https://conductorone-docs-mcp-bridge-private-server.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Update > Update the tenant's AI governance settings. Requires update_mask listing which fields to apply (e.g. require_tool_approval, default_tool_classification, audit_verbosity, auto_discovery_enabled, discovery_interval, prefer_code_mode_over_direct_tools, surface_requestable_tools, allowed_client_types, default_client_lifecycle). Only masked fields change. Returns the updated settings. ## OpenAPI ````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples post /api/v1/settings/ai-governance openapi: 3.1.0 info: description: The C1 API is a HTTP API for managing C1 resources. title: C1 API version: 0.1.0-alpha servers: - description: The C1 API server for the current tenant. url: https://{tenantDomain}.conductor.one variables: tenantDomain: default: example description: The domain of the tenant to use for this request. security: - bearerAuth: [] oauth: [] paths: /api/v1/settings/ai-governance: post: tags: - AI Governance Settings summary: Update description: |- Update the tenant's AI governance settings. Requires update_mask listing which fields to apply (e.g. require_tool_approval, default_tool_classification, audit_verbosity, auto_discovery_enabled, discovery_interval, prefer_code_mode_over_direct_tools, surface_requestable_tools, allowed_client_types, default_client_lifecycle). Only masked fields change. Returns the updated settings. operationId: c1.api.ai_governance.v1.AIGovernanceSettingsService.Update requestBody: content: application/json: schema: $ref: >- #/components/schemas/c1.api.ai_governance.v1.UpdateAIGovernanceSettingsRequest responses: '200': content: application/json: schema: $ref: >- #/components/schemas/c1.api.ai_governance.v1.UpdateAIGovernanceSettingsResponse description: Successful response x-codeSamples: - lang: typescript label: Typescript (SDK) source: >- import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript"; const conductoroneSDKTypescript = new ConductoroneSDKTypescript({ security: { bearerAuth: "", oauth: "", }, }); async function run() { const result = await conductoroneSDKTypescript.aiGovernanceSettings.update(); console.log(result); } run(); components: schemas: c1.api.ai_governance.v1.UpdateAIGovernanceSettingsRequest: description: The UpdateAIGovernanceSettingsRequest message. properties: aiGovernanceSettings: oneOf: - $ref: >- #/components/schemas/c1.api.ai_governance.v1.AIGovernanceSettings - type: 'null' updateMask: type: - string - 'null' title: Update Ai Governance Settings Request type: object x-speakeasy-name-override: UpdateAIGovernanceSettingsRequest c1.api.ai_governance.v1.UpdateAIGovernanceSettingsResponse: description: The UpdateAIGovernanceSettingsResponse message. properties: aiGovernanceSettings: oneOf: - $ref: >- #/components/schemas/c1.api.ai_governance.v1.AIGovernanceSettings - type: 'null' title: Update Ai Governance Settings Response type: object x-speakeasy-name-override: UpdateAIGovernanceSettingsResponse c1.api.ai_governance.v1.AIGovernanceSettings: description: The AIGovernanceSettings message. properties: allowedClientTypes: description: Empty list means all types are allowed. items: enum: - MCP_CLIENT_TYPE_UNSPECIFIED - MCP_CLIENT_TYPE_PERSONAL - MCP_CLIENT_TYPE_SHARED - MCP_CLIENT_TYPE_SERVICE - MCP_CLIENT_TYPE_EPHEMERAL type: string x-speakeasy-unknown-values: allow type: - array - 'null' auditVerbosity: description: The auditVerbosity field. enum: - AUDIT_VERBOSITY_UNSPECIFIED - AUDIT_VERBOSITY_MINIMAL - AUDIT_VERBOSITY_STANDARD - AUDIT_VERBOSITY_FULL type: - string - 'null' x-speakeasy-unknown-values: allow autoDiscoveryEnabled: description: The autoDiscoveryEnabled field. type: - boolean - 'null' createdAt: format: date-time type: - string - 'null' defaultClientLifecycle: oneOf: - $ref: >- #/components/schemas/c1.api.ai_governance.v1.MCPClientLifecycleConfig - type: 'null' defaultToolClassification: description: The defaultToolClassification field. enum: - TOOL_CLASSIFICATION_UNSPECIFIED - TOOL_CLASSIFICATION_READ - TOOL_CLASSIFICATION_WRITE - TOOL_CLASSIFICATION_DESTRUCTIVE - TOOL_CLASSIFICATION_SENSITIVE - TOOL_CLASSIFICATION_DANGEROUS type: - string - 'null' x-speakeasy-unknown-values: allow discoveryInterval: format: duration type: - string - 'null' enabled: deprecated: true description: 'Deprecated: use SystemManagementConfig.mcp_traffic_shutoff instead.' type: - boolean - 'null' preferCodeModeOverDirectTools: description: >- When true, the MCP server hides direct tool listings from capable clients whenever the code-mode entrypoints (describe + execute) are registered, so agents discover and invoke MCP tools through TypeScript code mode instead of direct tool calls. A small allowlist of high-traffic direct tools remains exposed. Incapable clients (e.g. SERVICE, EPHEMERAL) see the normal tool set regardless. Defaults to false. type: - boolean - 'null' requireToolApproval: description: The requireToolApproval field. type: - boolean - 'null' surfaceRequestableTools: description: |- When true, MCP discovery surfaces tools the caller could request (no active grant, but reachable through a request catalog) alongside granted tools — both on the classic tools/list path and inside the code-mode describe entrypoint. Invoking such a tool opens (or reuses) an access-request ticket and returns a request_created envelope instead of executing. Defaults to false. type: - boolean - 'null' updatedAt: format: date-time type: - string - 'null' title: Ai Governance Settings type: object x-speakeasy-name-override: AIGovernanceSettings c1.api.ai_governance.v1.MCPClientLifecycleConfig: description: The MCPClientLifecycleConfig message. properties: inactivityCloseAfter: format: duration type: - string - 'null' inactivityHideAfter: format: duration type: - string - 'null' retentionDeleteAfter: format: duration type: - string - 'null' title: Mcp Client Lifecycle Config type: object x-speakeasy-name-override: MCPClientLifecycleConfig securitySchemes: bearerAuth: scheme: bearer type: http oauth: description: >- This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187) function. flows: clientCredentials: scopes: {} tokenUrl: /auth/v1/token type: oauth2 ````