DEV Community

OpenConnector: SaaS access for agents needs a runtime boundary, not more raw tokens

Many agent demos look simple: give the model tools, put a GitHub/Gmail/Slack token in an environment variable, and let the agent call APIs. That works for demos. It gets uncomfortable in products.

The hard questions are not only "can the agent call the API?" They are:

  • Which user's account is this action using?
  • Which scopes were granted?
  • Can the agent call only safe actions?
  • Are run logs exposing sensitive inputs or provider responses?
  • Is the schema the same across MCP, HTTP, SDK, CLI, and docs?
  • What happens when the user disconnects, rotates credentials, or switches accounts?

That is why oomol-lab/open-connector is worth a look.

Project: https://github.com/oomol-lab/open-connector

Comments

No comments yet. Start the discussion.