Connectors · the enforcement plane
The gate verifies. Not us.
Connectors live in the target systems your agents act on. They verify the Authority Token presented to them — signature, TTL, intent hash, revocation — before the action proceeds. If anything is off, the action is refused there.
02 · Available connectors
workflow_dispatch · single-use
Authority-bound workflow triggers. Token verified at the action boundary. Workflow run ID linked back to the audit chain.
incident · change request
Token-bound incident creation and change requests. Approval state preserved against the issued token.
payment · refund · subscription
Authority-bound payment actions. Single-use tokens prevent replay; refunds verified against original authority chain.
tool calls · across MCP servers
Every tool call through MCP is authority-gated. Compatible with any MCP-speaking client.
03 · What every connector verifies
signature
kid-pinned tenant key
TTL
10-minute default · configurable
intent hash
matches declared action
revocation
not present in revoke list