This is a conceptual overview. For the user-facing setup of a specific connector, open its page (e.g. Jira, Google Workspaces). To build a connector, the internal
app-mcp-implement skill reproduces this architecture end-to-end.The model in one picture
A connector is never called directly. It is published as an app and installed as an app instance inside a tenant workspace. Both the App-mode instructions and the MCP endpoint then run in that tenant’s app-instance context, so the connector reads the tenant’s own configuration and secrets locally — there is no central shared key and no cross-workspace credential lookup on the hot path.Two consumption surfaces
App mode (DSUL)
Builder automations call named instructions like
Jira.searchJira(). The caller chooses the operation; arguments and outputs are plain JSON. Best for deterministic workflows, data pipelines, and scheduled jobs.MCP mode (agents)
Agent Factory agents connect to the MCP endpoint and discover tools automatically. The LLM selects which tool to call. Best for conversational interfaces and agentic tasks.
Anatomy of a connector
A connector spans two sibling folders, linked one-to-one by name: the DSUL workspace (the runtime logic) and a React configuration app (the setup UI).| Component | Role |
|---|---|
| MCP endpoint | JSON-RPC 2.0 handler. Routes tools/call through auth + dispatch; delegates initialize / tools/list to MCP Core. |
validateAgent | Checks the calling agent against the per-instance allowlist before any tool runs. |
buildAppAuth | Resolves credentials for the tenant’s configured auth mode and returns an access token + base URL. |
| Registry (Custom Code) | Maps entity + action → operation → {method, path, params}. The single source of truth for the API surface. |
| Dispatch chain | routeToolCall → toolRestOp → executeApiCall → formatToolOutput, with a shared handleApiError. |
| Per-operation wrappers | Thin App-mode automations (Connector.operation:) reached dynamically through the registry — one per API operation. |
Request lifecycle
When an agent calls a tool, the MCP endpoint runs a fixed pipeline:Identify the agent
Agent Factory injects the agent identity (
context_id, agent_id, user_id) into the tool call. validateAgent checks agent_id against the instance allowlist. An unauthorized agent is rejected before anything runs.Resolve credentials
buildAppAuth reads the tenant’s auth configuration and returns an access token and base URL for the request — refreshing per-user OAuth tokens on the fly when needed.Dispatch through the registry
The tool name (an entity) plus its
action argument resolve to a concrete {method, path, params} through the registry, and executeApiCall performs the authenticated HTTP call.buildAppAuth directly, dispatches through the registry, and returns the raw API JSON (no MCP envelope) for the automation to consume.
Entity-grouped tools
Connectors do not expose one tool per API endpoint — that would flood an agent with hundreds of near-identical tools. Instead, related endpoints are grouped into a handful of entity tools, each taking anaction enum:
entity + action pair to the underlying operation. Tool schemas are authored to be strict-provider safe: no dangling $refs, bounded descriptions, and typed array items — so enabling a connector never breaks an agent’s completion.
Authentication
A connector supports one or more auth modes, all resolved bybuildAppAuth from a single tenant configuration object. A tenant picks the mode that fits its provider setup in the config app.
| Mode | How it works | Typical use |
|---|---|---|
| API key | Static key sent in a header or query parameter. | Simple APIs, service credentials. |
| Access token | Caller supplies a token + base URL directly. | Quick setup and testing. |
| Client credentials | OAuth2 client_credentials grant (service identity). | Machine-to-machine access. |
| JWT / service account | Signed JWT bearer assertion. | Google domain-wide delegation, Salesforce Connected App. |
| OAuth2 per-user (PKCE) | Authorization-code + PKCE, one token per end user. | User-scoped access in a chat or workflow. |
403. Each connector page documents the concrete read-only lever for its service.
Central platform OAuth
For OAuth connectors, tenants should not need to register their own provider OAuth client. A platform maintainer provisions one central OAuth client on the connector’s core workspace, and tenants get a zero-config OAuth mode: one click on Connect, no client ID or secret to paste. Because a connector’s secrets never resolve inside a tenant instance, the central client is exposed as a token service on the core workspace: a public endpoint returns the client ID and scopes (never the secret), and a proxy endpoint performs the token exchange server-side, injecting the central credentials. The tenant keeps the PKCE exchange locally and never sees the secret. A single provider redirect URI (the core callback) is registered once; per-tenant callbacks are carried in the OAuthstate and proxied back after the exchange.
Agent authorization
Two independent gates decide whether an agent can use a connector — do not confuse them with OAuth scopes:Capability scope
The MCP capability is declared with Scope
context_id,agent_id,user_id. This injects the agent and user identity into every tool call, so the connector knows who is calling — no API key is minted for the agent.Per-instance allowlist
validateAgent checks the injected agent_id against the instance’s allowlist. Only allowlisted agents run tools. A wildcard (*) sentinel authorizes every agent when a tenant opts into it.Configuration app
Each connector ships a React configuration app that a tenant uses to set everything up: choose the auth mode and enter credentials (or click Connect for OAuth), test the connection, select which agents may use the connector, and install the MCP capability onto them. It talks to the platform with the user’s own session, so native RBAC applies. The config app renders in two places from the same bundle: inline inside the tenant’s app-instance editor (the preferred surface), and at a standalone URL surfaced on the instance config. OAuth connectors additionally expose a maintainer view — visible only to the connector’s own workspace admins — for provisioning the central OAuth client and publishing the connector into the org-wide capabilities catalog.Deployment model
A connector moves from source to a usable integration in three steps:Publish the workspace as an app
The DSUL workspace is published to the marketplace under a stable app ID. The published app snapshots the config schema, MCP tool definitions, and the config-app bundle pointer.
Install as an app instance
A tenant installs the app into its workspace. Installation provisions the tenant’s secrets and configuration bindings and surfaces the config app.
Related
Browse connectors
The full list of available connectors and how to choose App vs MCP mode.
Agent capabilities
How Agent Factory agents discover and consume MCP tools.
Building custom connectors
Create your own connector for any API.

Jira connector
A concrete tenant-context connector to see the model in practice.