# Connections Let the agent call your external tools, brokered server-side per project. Canonical page: https://kortix.com/docs/concepts/connections A **connection** (connector) lets a project's agent call an external tool or service — Slack, Gmail, a database, any HTTP/GraphQL API. Connections are per-project, and the agent can only use what you connect. - **Declared as `connectors` in the manifest** — provider is one of **Pipedream, MCP, OpenAPI, GraphQL, HTTP, Channel** (chat platforms like Slack and Microsoft Teams), or **Computer** (a connected machine). The definition lives in git; the **credentials live in the platform, never in the repo**. - **Channel + Computer connectors auto-materialize.** Connecting Slack or Microsoft Teams ([Channels](/docs/concepts/channels)) creates a `kortix_slack` or `kortix_teams` connector (provider `channel`); connecting a machine ([Computers](/docs/concepts/computers)) creates the `computer` connector — no manifest entry needed. The `kortix_slack` / `kortix_teams` slugs are reserved and blocked from user-declared connectors so they can't shadow the built-in channel. The chat credential is the install token; the `computer` connector has no credential at all (the live tunnel is the credential), and per-machine access is granted in Computers. - **Connection profiles choose the concrete identity behind a connector.** Each connector has a default project-owned profile, and the platform can also store additional project-scoped profiles owned by an agent, member, subject, or external identity (for example, several email inboxes). Profiles carry a credential only when the connector requires one; connectors such as `computer` use their live tunnel instead. A session can bind a specific profile per connector. Once a session binds any profile, every connector for that session must be bound explicitly (no silent fallback to the project default). (Legacy manifests can still say `credential = "per_user"` — per-member BYO credential — but that mode was removed; it's tolerated and silently resolves to `shared`.) - **Per-call policies** — each tool can be set to run, require approval, or be blocked. - **Set up in the dashboard** — the project's Connectors page offers Pipedream one-click connect plus a custom path for OpenAPI/GraphQL/MCP/HTTP. See [Connecting your tools](/docs/guides/connecting-tools). - **Which agent may use which connector** is a separate, per-agent grant — each agent's `connectors` field in the manifest (`all`, `none`, or a list of slugs; see [Agents](/docs/concepts/agents)). Connecting a tool to the project doesn't hand it to every agent automatically. > **Under the hood** > Every session gets a `kortix-executor` MCP server and a scoped Executor token. > The agent discovers tools through it (`connectors` → `discover` → `describe` → > `call`); each `call` is brokered by the Kortix API, which resolves the credential > server-side, enforces sharing and policies, runs it, and audits it. The agent > never holds third-party credentials. Pipedream's one-click connect requires > Pipedream API keys to be configured on the platform.