Connectors & MCP
Pull documents in from mail and DMS, and add your own tools over MCP.
Everything here is off by default. Fosnie is zero-egress until an admin explicitly turns a connector or tool on, and every external call passes the egress gate and is audited.
Connectors
Built-in mail and DMS connectors are a Fosnie Enterprise capability. In a Core build the Connectors screens are hidden.
Fosnie ships connectors for Gmail, Outlook, iManage, and NetDocuments. They use per-user OAuth: each person connects their own account and sees only what they can see at the source. The OAuth app registration (client id/secret) is always yours – registered once per connector in your own tenant.
Setup, per connector kind:
- Register an OAuth app in your own tenant (Google Cloud, Microsoft Entra, iManage Control Center, or
the NetDocuments Developer Portal). The redirect URI is shown in-app:
{public_url}/api/connectors/oauth/callback. - In Admin → Connectors, enter the client id/secret, base URL, tenant, and region.
- A super-admin activates the connector (break-glass) – the first point any traffic can leave.
- Users connect their account under Profile → Connections.
Imported items land in a destination you choose: a Workspace (versioned, editable, write-back to the source), a Knowledge Base (retrievable and cite-able in chat), or both. OAuth secrets and tokens are stored AES-256-GCM encrypted. On Enterprise, ACL inheritance can mirror source permissions so imported documents stay access-controlled.
MCP host
Fosnie is a first-class Model Context Protocol host, so you can expose your own tools to agents.
Enable it in Admin → Config (integration.mcp.enabled) and register servers under
Admin → MCP Servers.
- Admin-registered only – users never add servers. A server is a stdio spawn command or a private streamable-HTTP URL. Public endpoints are rejected (loopback / private ranges only).
- Discovered tools are namespaced (
server__tool) and ride the same agent tool loop. - Side-effecting tools require human approval; every call is audited. Fosnie fingerprints each server at approval and re-checks it, auto-quarantining a server whose tools change under it.
Built-in and custom tools
Native tools (document read/edit, search, code interpreter, artefact generation, web search, and more) are managed under Admin → Tools – each can be switched on/off and its description edited. You can also add custom tools: a declarative HTTP tool (name, JSON-Schema parameters, request template) that stays disabled until you Test and Approve it, with an SSRF guard and an explicit egress flag.
See the Tools reference for the current native tool set.