Every AI agent is only as useful as the tools it can reach. We kept hearing the same thing from users: "I love my agents, but I wish they could actually do things in the apps I already use." Fair point.
Why This Matters
The promise of AI agents has always been that they can take action on your behalf. Not just answer questions, but actually do work -- create pull requests, draft emails, update spreadsheets, generate presentations. But that only works if the agent can securely connect to your tools.
Until now, connecting an app to an agent on our platform meant manual configuration steps that felt like homework. We wanted something radically simpler: click a button, authorize once, and your agents can use that app forever.
Our Approach
We studied how other platforms handle this. Some rely on API keys for everything (tedious and insecure). Others use a one-size-fits-all proxy layer that becomes a bottleneck. A few, like the way tools work in modern coding assistants, use an open protocol called MCP -- Model Context Protocol -- that lets apps expose their capabilities directly to AI.
We decided on a hybrid approach. For apps that already speak MCP natively (like GitHub, Gamma, and Canva), we connect directly. For Google Workspace apps, we use lightweight bridges that translate between the app and the agent. And for simpler tools that just need an API key (like DALL-E), we handle the key securely and wrap it in a clean interface.
The key principle: one authorization flow for the user, regardless of how the plumbing works underneath.
The Key Insight
The most interesting challenge was security. When a user authorizes GitHub for one specific agent, that agent -- and only that agent -- should be able to use it. Not every agent in the organization. Not agents in other departments. Just the one the user chose.
We built a per-agent permission model. After connecting an app to your account, you explicitly toggle which agents get access. Every credential is encrypted at rest using industry-standard encryption (the same kind banks use). Tokens that expire are automatically refreshed in the background. And if a token does expire without a refresh available, the agent stops and tells you -- it never fails silently.
We ended up with 144 backend tests and 187 frontend tests covering every edge case: expired tokens, blocked popups, network failures, revoked permissions. When security is involved, we test obsessively.
What This Means for Users
Starting today, you can connect 17 apps to your agents with a single click:
Productivity: Gmail, Google Drive, Google Sheets, Google Calendar, Notion, Airtable, Linear, Dropbox
Development: GitHub (your agents can search repos, create pull requests, review code)
Design: Gamma (generate presentations), Canva (create and edit designs)
Communication: Slack
AI Tools: DALL-E (generate images on demand)
The authorization flow is a familiar popup -- the same kind you see when connecting apps anywhere else. On mobile, it gracefully falls back to a full-page redirect since popups are unreliable on phones.
Once connected, you control everything from the agent detail page. See which apps each agent can access, test connections with one click, and get warnings if a token is about to expire.
Looking Ahead
This foundation opens up a much bigger vision. We are already exploring how agents can chain tools together -- imagine an agent that pulls data from Google Sheets, generates a chart with the AI, creates a Gamma presentation with the results, and posts a summary to Slack. The building blocks are now in place for workflows that span multiple apps in a single conversation.