Connect to enterprise systems through one Gateway
Every adapter is brokered through the Tool Gateway: typed envelopes, declared approval_mode, idempotency on writes, identity propagation, OTEL traces.
MCP / A2A / OpenAPI / custom — one envelope shape, one policy boundary.
Adapters stay behind one Tool Gateway, where approval modes, identities, idempotency keys, evidence capture, and traces are bound before effects reach external systems.
- 01Discover capability
Resolve the adapter from intent, not a raw catalog dump.
- 02Bind approval
Apply the highest allowed approval mode for the request.
- 03Propagate identity
Carry user delegation and workload identity into the call.
- 04Protect writes
Attach idempotency, retry, and circuit-breaker controls.
- 05Record evidence
Return tool results with policy, trace, and evidence refs.
PostgreSQL
Snowflake
Salesforce
HubSpot
Linear
Jira
Slack
Notion
+ 50 More
View Build GuideEvery capability declares its highest approval mode
Adapters declare what they can do. The Tool Gateway decides whether the call happens, on whose behalf, with which credentials, and what evidence the result must produce. Policy may select a lower effective mode for a bounded request when the declared maximum allows it, but cannot exceed that maximum.
See the Adapter Mesh foundation and the approval-mode tier taxonomy.
adapter_id: adp_payments
type: OPENAPI
approval_mode: destructive
capabilities:
- name: issue_refund
input_schema:
properties:
order_id: { type: string }
amount_inr: { type: number, max: 50000 }
idempotency_key:
type: string
pattern: "^ik_[a-z0-9]{16}$"
required: [order_id, amount_inr, idempotency_key]
permissions:
- role: support_agent
arg_constraints: { amount_inr: { max: 500 } }