TL;DR
An agent is only as trustworthy as the tools it can use.
I designed Connectors: one surface to connect external tools and govern, per tool, what the agent may do with each, turning an opaque promise that the agent can do things into explicit, auditable, least-privilege control.
The problem
As the agent gained tools (clouds, observability, source control), there was no single place to see what was connected, whether it was healthy, and what the agent was permitted to do.
Permissions were effectively all-or-nothing (just enabled or disabled), which is both a security exposure and a hard trust blocker.
The insight
A connector is not one switch. It is an identity plus a set of tools, each of which needs its own permission.
Collapsing that to one toggle recreates the all-or-nothing problem.
The solution
- A gallery of active and suggested connectors.
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
planstate
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
planstate
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
- A detail page mirroring the integration design language.
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
planstate
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9A walk through Connectors: from the gallery into a connector and its per-tool permissions
- The centerpiece tool-permissions card: a three-state control per tool (allow, ask, deny) so the agent can read freely while writes are gated, with icon toggles, a legend, and inline health states (discovering, unreachable).
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
planstate
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
- Identity editing is separated from connection editing because they carry different risk.
Impact
Made agent capability auditable and least-privilege, removing a top objection to letting an agent act.
Reflection
The three-state per-tool permission was the decision that mattered.
The discovering and unreachable states earned as much attention as the happy path, because capability you cannot trust the health of is capability you will not delegate.