- ›
/connections— connect each end-user's agents to 1,000+ third-party apps (formerly the /integrations primitive) - ›
Per user, not per app key— every connection belongs to one tenant user and is gated by that user's Account Kit - ›
One surface— list what's available, connect via a hosted link, list an app's tools, and execute a tool with structured arguments - ›
Governed connects— starting a connection is a sensitive action and can require human approval per Account Kit - ›
Cheap reads— Naïve keeps a local mirror of connection status so listing is fast; execute-time auth always goes through the provider - ›Composes with /browser for services that have no connector and with /vault for agent-generated secrets
An agent that can reason still can't do much until it can act inside the tools your users already live in — their inbox, their Slack, their GitHub, their Stripe. Naïve is the autonomous company infrastructure that gives agents real-world capabilities, and the /connections primitive (formerly /integrations) is how each of your end-users' agents gets authenticated access to 1,000+ third-party apps, per user, without you building an OAuth layer per customer.
Every connection belongs to one tenant user and is gated by that user's Account Kit. One customer's Gmail is never another customer's Gmail. That per-user binding is the whole point.
One surface: list, connect, discover, execute
Connections expose a small, uniform set of actions so an agent can work with any connected app the same way:
- List — the apps available to a user (filtered by their Account Kit) with connection status.
- Connect — start a connect flow; returns a hosted redirect link for the user to authorize.
- Tools — list the tools a connected app exposes.
- Execute — run a specific tool for the user with structured arguments.
- Disconnect — remove (and optionally purge) an app for the user.
naive connections list --user alice
naive connections connect gmail --user alice
naive connections execute gmail GMAIL_SEND_EMAIL --user alice \
--args '{"recipient_email":"lead@co.com","subject":"Hi","body":"..."}'Connecting is per-user and governed
connect returns a hosted redirectUrl. You send the end-user there; once they finish authorizing, the connection becomes ACTIVE. Because a connection grants access under the user's own identity, it is a sensitive action — depending on the user's Account Kit, the connect can be gated for human approval before it takes effect.
const res = await naive.forUser(alice.id).connections.connect("gmail", {
callbackUrl: "https://myapp.com/oauth/callback",
});
// Send the user to res.redirectUrl. After they finish, the connection becomes ACTIVE.In a multi-tenant product this maps cleanly onto your own users: create a Naïve user per customer, and every connection, token, and execution stays scoped to that customer.
Cheap reads, live execution
Naïve keeps a local mirror of each user's connection status, so listing availability and checking what's connected are fast reads. Execute-time authorization always goes through the connections provider against the live token — so a stale mirror never lets an expired connection through. Freshly initiated connections are re-checked before the API answers.
What you can build
Give each customer an agent that works in their own accounts — A per-tenant assistant that reads and sends from the customer's own Gmail, posts to their Slack, or files issues in their GitHub — authorized once by that customer, isolated from every other tenant.
Run cross-app workflows from one agent loop — Pull from one app, push to another, all through the same connect-and-execute surface, with each step attributable to the end-user who owns the connections.
Reach the long tail with /browser — When an app isn't on the connector catalog, fall back to /browser so the agent can operate the web UI directly and vault any credentials it generates via /vault.
Compose with the rest of the runtime — Pair connections with /research, /image, and /social to run content and outreach workflows inside the tools your users already use.
Get started
- Read the docs: usenaive.ai/docs/getting-started/connections
- Quickstart: usenaive.ai/docs/getting-started/quickstart
- Pair it with
/browserand/vault - Join the community on Discord
What is the connections primitive?+
How does connecting an app work?+
How is this scoped in a multi-tenant app?+
What if an app I need has no connector?+
How does execution stay fast and auditable?+
How much does the connections primitive cost?+
How do I get started?+
The vault primitive: per-user encrypted storage for the secrets your agents hold — API keys, cookies, tokens — envelope-encrypted with a managed KMS.
Browser sessions your agents drive — navigate, act, extract — plus autonomous signup and login that vault credentials, scoped per user and watchable live.
Three depths of web research — single-page extraction, multi-source web search, and full multi-step deep research with cited synthesis. Backed by Naïve's search providers and ready for agent loops that need real, verifiable facts.