Loading0%

Connectors: governing what the agent is allowed to touch

Connectors: governing what the agent is allowed to touch — overview

One surface to connect external tools and govern, per tool, what the agent may do with each: explicit, auditable, least-privilege control.

  • connectors
  • permissions
  • least privilege

TL;DR

An agent is only as trustworthy as the tools it can use.

I designed Connectors: one surface to connect external tools and govern, per tool, what the agent may do with each, turning an opaque promise that the agent can do things into explicit, auditable, least-privilege control.

The problem

As the agent gained tools (clouds, observability, source control), there was no single place to see what was connected, whether it was healthy, and what the agent was permitted to do.

Permissions were effectively all-or-nothing (just enabled or disabled), which is both a security exposure and a hard trust blocker.

The insight

A connector is not one switch. It is an identity plus a set of tools, each of which needs its own permission.

Collapsing that to one toggle recreates the all-or-nothing problem.

The solution

  • A gallery of active and suggested connectors.
The gallery: connected tools carry their live health up top, suggested integrations sit below Connecting a tool is a server URL and a token, no OAuth dance
  • A detail page mirroring the integration design language.
A walk through Connectors: from the gallery into a connector and its per-tool permissions
  • The centerpiece tool-permissions card: a three-state control per tool (allow, ask, deny) so the agent can read freely while writes are gated, with icon toggles, a legend, and inline health states (discovering, unreachable).
The three-state control: allow, ask, or deny each tool on its own
  • Identity editing is separated from connection editing because they carry different risk.

Impact

Made agent capability auditable and least-privilege, removing a top objection to letting an agent act.

Reflection

The three-state per-tool permission was the decision that mattered.

The discovering and unreachable states earned as much attention as the happy path, because capability you cannot trust the health of is capability you will not delegate.