Connectors give the agent secure, governed access to the systems your organization already uses, so Infracodebase becomes a single pane of glass for infrastructure operations. A connector can reach a cloud provider, source control, or a SaaS tool, and the agent uses it to gather context and take action without leaving the platform.
For example, the Terraform connector lets the agent connect to Terraform Cloud or Enterprise, look up modules, check provider versions, and pull configuration details. The GitHub connector lets it work with repositories, issues, and pull requests. Cloud connectors like AWS, Azure, and Google Cloud let it work against your accounts through their CLIs.
There are three levels, and it helps to keep them straight:
gh, git, aws), or both.The agent sees one tool per connection, named by the connection, so two accounts of the same connector are distinct and selectable independently.
Browse the available connectors at Connectors. When you find one you need, add it to your enterprise. Adding a connector creates a connection, which you then configure.
To add a second account of a connector you have already added, open the connection's menu and choose Add another account, then give it a name. You can rename any connection at any time from its menu, whether it is the only instance or one of several.
Each connection decides who authenticates under "Who authenticates?":
Per-user connections are isolated per company: a member can only connect a connection that the enterprise has enabled, and is governed and revoked per enterprise.
When a connection uses a shared credential, you provide it under Edit Connection. Credentials are stored as encrypted, connection-scoped secrets. Two connections of the same connector hold separate credentials.
Scope your credentials appropriately. Use accounts or tokens with the minimum permissions needed. If the agent only needs to read state, do not give it write access. Review the permissions of each credential you provide and follow the principle of least privilege.
Under "Where it works", a connection can serve the MCP tool, the CLI shell, or both. Turning on CLI injects the connection's credential into the agent's shell so commands like gh, git, and the cloud CLIs act as that connection.
A note on multiple accounts and the CLI: the MCP surface supports several accounts of one connector at once, because each connection is its own tool with its own credential. The CLI shell holds one identity per tool (one GH_TOKEN, one set of AWS keys), so only one connection of a given connector should serve the CLI in a workspace. Keep extra instances MCP-only. Per-tool multi-account support on the CLI (named AWS profiles, gh account switching) is on the roadmap.
Each connection exposes a set of individual tools. You get granular control over which are available:
For example, if a connection provides ten tools but three are not appropriate for your organization, disable just those three and the agent keeps the other seven.
The Connectors settings page shows the status of each connection:
For shared connections you can test the connection after providing credentials to verify everything works.
Connections are enabled at the enterprise level, then governed per workspace. In each workspace's Connectors settings you choose which connections to turn on for that project, and each instance is enabled independently. A connection marked Required by an admin is always on and cannot be disabled per workspace.
Within a session, the agent's tool picker lists the workspace-enabled connections. An each-user connection shows an inline Connect until the member has personally connected that instance.
When a connection uses per-user OAuth, members connect their own account from Settings → Connections. Each connection of a connector appears as its own entry there, so a member connects each instance independently. Shared connections are not listed, since they use one organization credential rather than a personal login.
Each agent session gets its own MCP server processes, spawned fresh as isolated child processes with their own credentials and terminated when the session ends. They are not shared or pooled between users or sessions, so one member's credentials are never visible to another, even for the same connector.
In addition to the available connectors, you can connect the agent to your own MCP servers, which is useful for custom tooling, internal APIs, or proprietary systems. From the Connectors settings page choose Add Custom, then paste a JSON configuration snippet from any MCP server's documentation.
Here is an example configuration for a custom connector:
{
"name": "internal-deploy",
"description": "Internal deployment pipeline API",
"transport": "sse",
"url": "https://deploy-api.internal.yourcompany.com/mcp",
"headers": {
"Authorization": "Bearer ${DEPLOY_API_TOKEN}"
}
}
The name identifies the connector in your list, description explains what it connects to, transport is the connection protocol, and url is where the MCP server runs. Any credential referenced in the configuration, like ${DEPLOY_API_TOKEN}, should be stored as a secret so it is encrypted and not exposed in the configuration. Once added, a custom connector behaves like any other: the same tool control, status monitoring, runtime isolation, and per-workspace governance.
We are working on support for connecting to MCP servers running behind your own VPC or virtual network, so the agent can reach data and services inside your private infrastructure without exposing them to the public internet.