Connectors

Quetra is a governance-only layer — it decides whether an agent is allowed to act, but it does not interact with third-party services directly. Connectors like Composio and Arcade.dev handle authenticated execution on 500+ third-party services — Gmail, Slack, GitHub, Salesforce, HubSpot, and more. Quetra approves the spend, then the connector does the thing.

How It Works

Every connector action follows a governance-first flow. Quetra evaluates rules and budget before any external service call is made.

1. Check
quetra_can_spend

Pre-flight check — will this action be approved?

2. Approve
quetra_evaluate

Governance gate — deducts budget, returns transactionId

3. Execute
quetra_execute

Connector calls the third-party service with auth

Supported Providers

ProviderIntegrationsAuth ModelTool NamingBest For
Composio500+OAuth, API keysSCREAMING_SNAKE_CASEBroad service coverage
Arcade.dev100+Zero-token-exposureToolkit.ToolNameSecurity-first teams

Available Tools (3)

These tools extend the standard Quetra MCP toolset when a connector provider is configured.

ToolPurpose
quetra_executeExecute an authenticated action after governance approval
quetra_connect_serviceGet auth URL for connecting a third-party service
quetra_list_provider_toolsDiscover available tools for a service

Encrypted at rest

Connector API keys are encrypted with AES-256-GCM before storage and are never returned in API responses. Quetra decrypts them server-side only at the moment of execution — your keys are never sent to agents, exposed in the dashboard, or logged.

Setup

Dashboard (Recommended)

Add your connector API keys in the Quetra dashboard under Connectors. Keys are encrypted and stored per-organization. The connector tools appear automatically for both MCP Remote and MCP Local when at least one key is configured.

MCP Local (stdio)

Alternatively, pass connector keys directly in the MCP config when running locally.

{
  "mcpServers": {
    "quetra": {
      "command": "npx",
      "args": ["@quetra/mcp"],
      "env": {
        "QUETRA_API_KEY": "<your-api-key>",
        "QUETRA_AGENT_ID": "<your-agent-id>",
        "COMPOSIO_API_KEY": "<your-composio-key>",
        "ARCADE_API_KEY": "<your-arcade-key>"
      }
    }
  }
}

Example Flow

A typical connector interaction follows four steps — discover, check, approve, execute.

# 1. Discover tools
→ quetra_list_provider_tools(provider: "composio", toolkit: "gmail")
← ["GMAIL_SEND_EMAIL", "GMAIL_READ_EMAIL", "GMAIL_LIST_THREADS", ...]

# 2. Check governance
→ quetra_can_spend(amount: 0, vendor: "gmail")
← APPROVED

# 3. Approve spending
→ quetra_evaluate(amount: 0, vendor: "gmail")
← transactionId: "tx_123"

# 4. Execute
→ quetra_execute(
    provider: "composio",
    toolName: "GMAIL_SEND_EMAIL",
    input: { to: "buyer@example.com", subject: "Invoice", body: "..." },
    transactionId: "tx_123"
  )
← { success: true, result: { messageId: "msg_abc" } }

Auth Flow

When a connector tool returns AUTH_REQUIRED, the user needs to connect their account for that service. Use the quetra_connect_service tool to get an authorization URL.

# Execute fails — user hasn't connected Gmail
→ quetra_execute(provider: "composio", toolName: "GMAIL_SEND_EMAIL", ...)
← { error: "AUTH_REQUIRED", service: "gmail" }

# Get the auth URL
→ quetra_connect_service(provider: "composio", service: "gmail")
← { authUrl: "https://composio.dev/connect/gmail?token=..." }

# After user authorizes, retry the execution
→ quetra_execute(provider: "composio", toolName: "GMAIL_SEND_EMAIL", ...)
← { success: true }

Authorization is per-user and persists across sessions. Once a service is connected, all tools for that service work without re-authorization.

Links

MCP Server

Core governance tools and MCP setup guide.

MCP docs

SDK Reference

TypeScript client library for programmatic integration.

SDK docs