07
Connectors and MCP
Core platform1 min read
Expose external systems through scoped, policy-aware tool contracts.
The tool gateway supports internal function tools and Streamable HTTP MCP. Connector metadata may live in Supabase, but OAuth token retrieval and refresh remain server-side in Auth0 Token Vault.
- 1
Register
Add the tool to the registry with input/output schemas and a stable name.
- 2
Authorize
Bind user, organization, project, connector, and required scopes.
- 3
Classify
Assign read, write, financial, irreversible, or admin risk.
- 4
Audit
Persist request, decision, result, and correlation identifiers.
Prompt injection boundary
Treat connector content as untrusted data. Connector text cannot override system policy, tool schemas, authorization, or approval gates.
Was this page helpful?
Edit on GitHub