Plis AI gives agents two parallel paths to reach external services:
native connectors for first-party SaaS (managed in-app at
/integrations) and MCP servers for everything else
(Model Context Protocol — stdio/SSE/HTTP-transport servers managed at
/mcp-servers).
Native Connectors (recommended for SaaS)
21 built-in connectors with the same agent-grade contract: typed errors, auto-refresh on 401, rate-limit retries, response trimming for huge payloads, and idempotency keys on write actions.
| Connector |
Auth |
What agents can do |
| GitHub | OAuth + PAT | List repos, create issues + PRs, commit files, branch |
| Slack | OAuth + bot token | Send messages, list channels (via slack_sdk) |
| Salesforce | OAuth | SOQL queries with auto-pagination (simple-salesforce) |
| Stripe | API key | Charges, PaymentIntents with idempotency (stripe SDK) |
| Azure DevOps | OAuth + PAT | List/trigger pipelines, repos, projects |
| Notion | OAuth | Search pages, create content, manage databases |
| HubSpot, Jira, Discord, Shopify | OAuth | CRM, issue tracking, messaging, e-commerce |
| Google Sheets | OAuth (spreadsheets scope) | Read/write sheets with refresh-on-expiry |
| AWS S3 | API key (or reuse from Cloud Deploy) | List buckets, upload/download objects (boto3) |
| PostgreSQL, MongoDB, Redis | Connection string | Query / read / write |
| SendGrid, Telegram | API key | Send email / messages |
| OpenAI, Anthropic | API key | Extra LLM calls inside an agent |
| Webhook | None / custom | POST to any URL with JSON body |
Enabling a connector for an agent
Save credentials at /integrations
Click the connector card. If it supports OAuth and the deployment has the
<PROVIDER>_CLIENT_ID + _CLIENT_SECRET env vars set, a
"Connect with X" button appears — one click runs the OAuth popup, the token
lands encrypted server-side. Otherwise paste the token in the form (per-field hints
tell you where to grab it).
Enable for the agent
Open the agent in Agent Studio → Connections → Pre-built Integrations. Tick the connector.
Each card shows live status (Connected / Connect first →) so you don't enable
something you forgot to save credentials for.
Run a task
Tools surface to the agent namespaced as <id>_<action> (e.g.
github_create_pull_request, slack_send_message). The agent picks
them by name; the bridge injects credentials at execution time — agents never see raw
tokens. Click the clock icon on a connected card to see the last 25 calls with status,
latency, and truncated I/O.
Agent-grade reliability (built into the bridge)
- Typed error envelope — every failure returns
{error, error_envelope:{type, message, retry_after_ms, status_code, raw}} where type is one of auth | rate_limit | not_found | validation | api | connector | transport. Agents reason about what to do instead of pattern-matching error strings.
- Param validation against declared required inputs — runs before the network call, so bad input never burns an API round-trip.
- Auto-retry on 429 / 503 with the server's
Retry-After header (capped at 8s).
- Idempotency keys derived from
hash(user_id, action, params) for actions declared idempotent: true. Stripe / GitHub / Slack treat retries as no-ops instead of duplicating.
- Response trimming at 50KB so a Notion search or Slack channel list doesn't blow up the agent context. Trimmed payloads carry a
_truncated marker with kept/total counts.
- OAuth refresh on 401 — for connectors using
credentials_source="oauth_registry" the bridge auto-refreshes expired access tokens via the stored refresh token before retrying.
MCP Servers — 93 templates, three shapes
The catalog at /integrations ships 93 templates
across three shapes. All target external services or hosted APIs — local-host MCPs
(filesystem, git, sqlite, docker, kubernetes, puppeteer, playwright, shell) are deliberately out of
scope since PlisAI runs hosted. Pick whichever shape matches the auth model of the target.
| Shape | Auth | Examples | How to connect |
|---|
| Hosted (vendor-run) 7 available |
OAuth (one-click) |
Linear, Cloudflare, Atlassian, Asana, Sentry, Stripe, GitHub |
Connect with X button → OAuth popup → done. Vendor runs the MCP server; Plis stores the encrypted token + refreshes on expiry. |
| External-service stdio (paste-token / connection string) |
API key / connection URL |
postgres, mongodb, redis, mysql; OpenAI, Anthropic, Mistral; brave-search, tavily, exa; user-owned cloud APIs |
Install → Quick Install modal shows the required env vars to paste. Stored encrypted server-side under strict Fernet. |
Operator setup for the 7 hosted MCPs (env vars per vendor, callback URLs, scopes) is in
docs/HOSTED_MCP_SETUP.md.
For local servers — config shape
{
"name": "brave-search",
"transport": "stdio",
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-brave-search"],
"env_vars": {"BRAVE_API_KEY": "YOUR_API_KEY"}
}
For GitHub, Slack, Notion, etc. prefer the native connector — you get OAuth, refresh,
typed errors, and call traces for free. The catalog flags these with a
Native
badge that deep-links you to the recommended connector.
Agent surface — beyond Tools
For every connected MCP server that advertises them, agents also get two pairs of synthetic
tools that map to MCP's Resources + Prompts primitives:
<server>__list_resources + <server>__read_resource(uri) — discover and read URI-addressable content (e.g. linear://issue/ABC-123, notion://page/xyz) without making a regular tool call.<server>__list_prompts + <server>__get_prompt(name, arguments) — render server-provided prompt templates so the agent can use the vendor's recommended framing.
Servers that don't advertise resources or prompts simply omit the corresponding tools — no extra config required.
Operator dashboard — /admin/sdk-pool
Admins get a live view of the SDK connection pool with per-server status,
p50 / p95 latency telemetry, an Inspect button that lists each server's
advertised Resources + Prompts, plus operational controls (Reap Idle, per-server Disconnect, runtime + reaper status).
Security defaults — strict by default, env-var opt-out
The MCP install / probe endpoints enforce three guards. All can be relaxed for trusted-team self-hosted deploys.
| Guard | What it blocks | Env var override |
|---|
| Command allowlist |
stdio command must be one of npx, uvx, node, deno, python, python3, pipx, bunx, pnpx. Inline-code flags (python -c, node -e, deno eval) and .. path-traversal in args also rejected. |
MCP_COMMAND_SAFETY_MODE=off or MCP_COMMAND_ALLOWLIST=mybin,otherbin (additive) |
| SSRF URL guard |
sse / streamable-http url must not resolve to loopback, link-local (incl. 169.254.169.254 IMDS), RFC1918 private, CGNAT, multicast, or reserved ranges. IPv4 + IPv6 + IPv4-mapped IPv6. |
MCP_URL_SAFETY_MODE=off |
| Encryption strictness |
encrypt() refuses to fall back to base64 when Fernet is unavailable. Returns a clean 503 instead of writing reversible "encryption" to the DB. |
Set ENCRYPTION_KEY or SECRET_KEY + ensure the cryptography package is installed. |
Typo'd env var values (=no / =false / =0) fall back to strict — the only string that disables a guard is the literal word off.
Social Media Hub - Account Setup
Connect your social media and messaging accounts to manage them all from one place.
Supported Platforms
How to Connect an Account
Go to Social Media Hub
Navigate to Social Media Hub > Accounts tab.
Choose Platform
For OAuth platforms, click the platform card to start authentication. For bot platforms, select from the dropdown.
Enter Credentials
For messaging platforms: Enter your API token and platform-specific fields (Phone ID for WhatsApp, etc.).
For OAuth platforms: Enter Client ID and Secret from the developer portal.
Verify and Connect
Click Connect Platform. The token will be verified and your account connected.
Each platform setup section includes step-by-step instructions for obtaining your API tokens from the developer portals.