Integrations
How integrations work
Every integration is an MCP server — a module that registers tools with the agent. When you add a valid API key, the corresponding MCP server activates and its tools become available to the agent immediately (on next goal/conversation start).
You don't need to tell the agent which tools exist — it sees all available tools and picks the right one automatically.
Adding an integration
Method 1: Settings UI
Go to Settings → Integrations and enter the API key for each service.
Method 2: .env file
Open .env in the project root and add the appropriate variable, then restart:
docker compose restart app
Method 3: Credential Vault (for runtime secrets)
For credentials you don't want in .env, store them encrypted:
POST /api/vault/credentials
{ "key": "GITHUB_TOKEN", "value": "ghp_xxxx" }
The agent fetches from the vault at runtime — the plaintext value never appears in logs.
All integrations
Developer Tools
| Service | Env var(s) | Tools unlocked |
|---|---|---|
| GitHub | GITHUB_TOKEN | search_repos, list_issues, create_issue, get_file, search_code, list_prs, add_comment |
| Jira | JIRA_API_TOKEN + JIRA_HOST + JIRA_USER_EMAIL | create_issue, update_issue, search_issues, list_projects, get_issue |
| Confluence | CONFLUENCE_API_TOKEN + CONFLUENCE_HOST | read_page, create_page, search, list_spaces |
| Sentry | SENTRY_AUTH_TOKEN + SENTRY_ORG | list_projects, list_issues, get_issue; gated writes: resolve_issue, assign_issue |
Example usage:
Search GitHub for open issues in our repo labeled "bug" and "priority:high".
Create a Jira ticket for each one with the same title and description.
Productivity & Knowledge
| Service | Env var(s) | Tools unlocked |
|---|---|---|
| Notion | NOTION_API_KEY | search, read_page, create_page, query_database, append_blocks |
| Google Drive | GOOGLE_DRIVE_ACCESS_TOKEN | search_files, get_file, list_folder, create_file |
| Google Calendar | GOOGLE_CALENDAR_ACCESS_TOKEN | list_events, create_event, check_availability, delete_event |
| Trello | TRELLO_API_KEY + TRELLO_TOKEN | list_boards, list_cards, create_card, move_card, add_comment |
Example usage:
Check my Google Calendar for this week. For any meeting with "review" in the title,
create a Notion page in my "Meeting Notes" database with the date, attendees, and an
agenda section for me to fill in.
Communication
| Service | Env var(s) | Tools unlocked |
|---|---|---|
| Gmail | GMAIL_USER + GMAIL_APP_PASSWORD | send_email, search_emails, read_email, list_inbox, reply_email |
| Slack (workspace bot) | SLACK_BOT_TOKEN | send_message, list_channels, read_thread, list_users |
| Slack (user OAuth) | SLACK_USER_TOKEN | Above + DM read/write as your identity |
| Discord | DISCORD_BOT_TOKEN + DISCORD_GUILD_ID | send_message, list_channels, create_thread |
| Twitter/X | TWITTER_BEARER_TOKEN (read) + OAuth keys (write) | search_tweets, read_timeline, post_tweet |
REDDIT_CLIENT_ID + REDDIT_CLIENT_SECRET | search, get_post, list_subreddit, get_comments |
Example usage:
Search Twitter for mentions of our product (@AcmeApp) in the last 24 hours.
Summarize sentiment. If there are any bug reports, create GitHub issues for each.
CRM, Finance & Cloud
| Service | Env var(s) | Notes |
|---|---|---|
| HubSpot CRM | HUBSPOT_ACCESS_TOKEN | Read: contacts, deals, companies. Gated writes: update contact, create deal, delete contact |
| Stripe | STRIPE_SECRET_KEY | Read: customers, balance, products, charges. Gated writes: create payment link, issue refund, cancel subscription |
| AWS S3 | AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY + AWS_REGION | Read: list buckets/objects, download. Gated writes: upload, delete |
| Microsoft Outlook | OUTLOOK_CLIENT_ID + OUTLOOK_CLIENT_SECRET + OUTLOOK_TENANT_ID | Read: emails, calendar. Gated writes: send, delete, create event |
Gated writes means the action is evaluated by AuthorityPolicy before executing — you'll receive a Telegram approval request for any write operation.
Example usage:
Search HubSpot for all deals in "Negotiation" stage created in the last 30 days.
For each deal, check the last contact date. If it's been more than 7 days,
draft a follow-up email and send it to me for approval.
Media & Data
| Service | Env var(s) | Tools unlocked |
|---|---|---|
| Image generation | OPENAI_API_KEY or STABILITY_API_KEY or MINIMAX_API_KEY or NVIDIA_API_KEY | image_generate (DALL-E 3, Stability SDXL, MiniMax image-01, NVIDIA FLUX) |
| Video generation | MINIMAX_API_KEY | video_generate (MiniMax Hailuo — 6s, 1080p, optional image-to-video) |
| Spotify | SPOTIFY_ACCESS_TOKEN | search_music, play, pause, skip, create_playlist |
| arXiv | (no key needed) | search_papers, get_abstract, get_metadata |
| RSS | (no key needed) | fetch_feed, parse_entries |
| Whisper STT | Local Docker service | transcribe_audio (self-hosted, no API key) |
| Finance | (no key needed for basic) | get_stock_price, get_crypto_price, market_news, company_info |
| Apify | APIFY_API_TOKEN | Residential proxy scraping for CAPTCHA-protected sites |
Checking which integrations are active
Via UI: Go to Settings → Integrations — active integrations show a green dot.
Via API:
curl http://localhost:3000/api/mcp/servers
Returns a list of all MCP servers with their status (active/inactive) and available tools.
Via chat:
Which integrations do I have configured?
Integration security
All API keys are stored encrypted at rest in the SQLite database using AES-256. They are never logged or transmitted to LLM providers as part of prompts — they're accessed only at tool-call time by the MCP server.
For extra security, use the Credential Vault instead of .env:
- Keys are encrypted with a master key derived from your machine
- Only the running server process can decrypt them
- Keys are never written to disk in plaintext
Adding more integrations
New integrations appear in the Tool Marketplace and the Integrations panel. Connect a service by adding its API key under Settings → Integrations; once connected, its tools become available to the agent automatically. Need a service that isn't listed yet? Reach out and we'll look at adding it.