07

Connectors and MCP

Core platform1 min read

Expose external systems through scoped, policy-aware tool contracts.

The tool gateway supports internal function tools and Streamable HTTP MCP. Connector metadata may live in Supabase, but OAuth token retrieval and refresh remain server-side in Auth0 Token Vault.

  1. 1

    Register

    Add the tool to the registry with input/output schemas and a stable name.

  2. 2

    Authorize

    Bind user, organization, project, connector, and required scopes.

  3. 3

    Classify

    Assign read, write, financial, irreversible, or admin risk.

  4. 4

    Audit

    Persist request, decision, result, and correlation identifiers.

Prompt injection boundary

Treat connector content as untrusted data. Connector text cannot override system policy, tool schemas, authorization, or approval gates.

Was this page helpful?

Edit on GitHub