Use Case · Dify

Your Dify app can read and write to any connected tool. Civic decides which.

Dify makes it easy to build AI apps with drag-and-drop. Civic makes sure those apps can't write, delete, or send without your permission.

Start building See how it works

use case / dify

The Dify app sent 300 emails to customers. The prompt said "draft," not "send."

Just imagine, one day…

You build a Dify app that drafts customer follow-up emails based on CRM data. It reads customer records, generates personalized messages, and saves them as drafts for review. The email tool in Dify has both draft and send capabilities.

A team member tweaks the prompt to say “send follow-ups to customers who haven't responded.” The Dify app interprets this literally. It reads the CRM, generates 300 emails, and sends all of them. No drafts. No review. 300 customers receive AI-generated emails that reference internal notes and deal stages.

The difference between "draft" and "send" in a prompt is one word. In production, it's 300 emails.

Without enforced permissions, the difference between draft and send is just a prompt word.

It does things you did not intend

A prompt change turned "draft emails" into "send 300 emails." The email tool had send permissions. The Dify app used them.

You cannot prove what happened

Who changed the prompt? When did the app switch from draft to send? No log of prompt history or permission checks. You're reading sent folders.

You cannot stop it fast enough

300 emails sent in under a minute. Email is instant and irreversible. Customers are already replying by the time you notice.

It gets confused and you never know

The prompt said "send." The email tool can send. The Dify app did exactly what it was told. The mistake was having send permissions in the first place.

Your Dify app calls Civic. Civic enforces draft-only email access.

Connectivity

One MCP endpoint for CRM, email, and customer tools. Your Dify app connects to everything through Civic. No direct API keys in the Dify config.

Guardrails

Read CRM data, generate email drafts. No sending. No matter what the prompt says, Civic blocks send calls at the tool level.

Auditability

Every CRM read, every email draft, every blocked send logged. See what the app tried to do before any email leaves your system.

Revocation

Revoke any connection and the Dify app loses access to all tools instantly. No stale tokens in the Dify workspace.

Connect Dify through Civic in three steps

Dify Agent

Add CRM and email.

Email: draft-only. Block send.

CRM: read-only.

Done. 2 tools connected:

✓ CRM — read-only

✓ Email — draft only (no send)

Your MCP URL is ready to copy.

Read the docs

The same scenario. Different outcomes.

Without Civic, a prompt change sends 300 emails. With Civic, sends are blocked regardless of the prompt.

$ dify app: send follow-ups

[dify] reading CRM — 300 customers

[dify] generating emails...

[email:send] 300 emails sent

[customer] ✘ "What is this email?"

$ # 300 unsolicited emails. references internal data.

$ dify app: send follow-ups

[dify] reading CRM via Civic — 300 customers

[dify] generating emails...

[dify] requesting email send...

[nexus] ✘ BLOCKED — email send denied

[nexus] 300 drafts saved for review

$ # emails drafted. none sent. review first.

Ship safer with Civic

We'll help you implement authenticated, scoped, and auditable access without slowing down your build.

Start building Read the docs