Skip to main content

Documentation Index

Fetch the complete documentation index at: https://veryfront.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Integrations

Veryfront integrations let AI agents use third-party services on behalf of users. Developers enable integrations in veryfront.config.ts, and the runtime uses the built-in connector catalog plus remote integration helpers to fetch tool definitions and execute calls through the configured API layer.

Prerequisites

  • A Veryfront project with a configured agent (see Agents).
  • Provider credentials for each integration you enable: either a Veryfront Cloud token plus a project reference, or per-user OAuth credentials (see OAuth).
  • veryfront.config.ts is editable in your repo.

How it works

Key points:
  • The runtime reads integration config locally, syncs it to the API when needed, and fetches remote tool definitions per request
  • The API / service layer is responsible for OAuth, token storage, and remote integration execution
  • Config-driven: adding github: {} to the integrations record enables all GitHub tools instantly
  • Per-user tokens: set perUser: true so each end-user authenticates with their own account
  • Tool allowlisting: use tools: ["send-message"] to expose only specific tools

Configuration

// veryfront.config.ts
import { defineConfig } from "veryfront";

export default defineConfig({
  integrations: {
    // All tools, project-level token
    github: {},

    // Only specific tools
    slack: {
      tools: ["send-message", "list-channels"],
    },

    // Per-user tokens (each end-user authenticates individually)
    linear: {
      perUser: true,
    },

    // API-key based (no OAuth needed)
    stripe: {},
  },
});

Authentication flow

When an agent calls an integration tool and no valid token exists:
  1. Tool returns { error: "authentication_required", connectUrl: "..." }
  2. Agent surfaces the connect URL to the user
  3. User selects the connect URL and completes the configured OAuth app, provider consent screen, and callback flow
  4. The backing API layer stores the resulting token according to its configured token store
  5. Subsequent tool calls can use that token automatically
  6. Refresh behavior depends on the provider and the API/service layer you run behind these endpoints

OAuth credentials and deployment model

The open-core repo exposes provider metadata, OAuth handler building blocks, and integration/runtime helpers. Managed OAuth defaults, shared provider apps, and token-vault behavior depend on the API/service layer you deploy behind these endpoints.

BYO Credentials

Enterprise teams can use their own OAuth app credentials by setting environment variables: 
GITHUB_CLIENT_ID=<GITHUB_CLIENT_ID>
GITHUB_CLIENT_SECRET=<GITHUB_CLIENT_SECRET>
When these are set in the backing API environment, the OAuth handlers use them directly.

API setup for OAuth credentials

If you are running your own API/service layer for integrations, register an OAuth app for each provider you enable and configure the matching credentials there.

Provider registration

For each OAuth provider, create an application and configure the callback URL: 
https://<api-host>/api/oauth/callback/{integration-name}
Then set the credentials as environment variables on the API:
ProviderVariable PrefixRegistration URL
GitHubGITHUB_https://github.com/settings/developers
Google (Gmail, Calendar, Docs, Drive, Sheets)GOOGLE_https://console.cloud.google.com/apis/credentials
SlackSLACK_https://api.slack.com/apps
Microsoft (Outlook, Teams, OneDrive, SharePoint)MICROSOFT_https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps
Atlassian (Jira, Confluence)ATLASSIAN_https://developer.atlassian.com/console/myapps/
LinearLINEAR_https://linear.app/settings/api
NotionNOTION_https://www.notion.so/my-integrations
FigmaFIGMA_https://www.figma.com/developers/apps
DiscordDISCORD_https://discord.com/developers/applications
DropboxDROPBOX_https://www.dropbox.com/developers/apps
AirtableAIRTABLE_https://airtable.com/create/oauth
AsanaASANA_https://app.asana.com/0/developer-console
BitbucketBITBUCKET_https://bitbucket.org/workspace/settings/oauth-consumers
BoxBOX_https://app.box.com/developers/console
ClickUpCLICKUP_https://app.clickup.com/settings/integrations
FreshdeskFRESHDESK_https://developers.freshdesk.com/
GitLabGITLAB_https://gitlab.com/-/profile/applications
HubSpotHUBSPOT_https://app.hubspot.com/developer
IntercomINTERCOM_https://app.intercom.com/a/apps/_/developer-hub
MailchimpMAILCHIMP_https://admin.mailchimp.com/account/oauth2/
Monday.comMONDAY_https://monday.com/developers/apps
PipedrivePIPEDRIVE_https://developers.pipedrive.com/docs/marketplace
QuickBooksQUICKBOOKS_https://developer.intuit.com/app/developer/dashboard
SalesforceSALESFORCE_https://login.salesforce.com/lightning/setup/ConnectedApplication
ServiceNowSERVICENOW_Instance admin, Application Registry
ShopifySHOPIFY_https://partners.shopify.com/organizations
TrelloTRELLO_https://trello.com/power-ups/admin
Twitter/XTWITTER_https://developer.twitter.com/en/portal/dashboard
WebexWEBEX_https://developer.webex.com/my-apps
XeroXERO_https://developer.xero.com/app/manage
ZendeskZENDESK_https://zendesk.com/admin/apps-integrations
ZoomZOOM_https://marketplace.zoom.us/develop
Each provider needs two variables: 
{PREFIX}CLIENT_ID=...
{PREFIX}CLIENT_SECRET=...
For example: 
GITHUB_CLIENT_ID=<GITHUB_CLIENT_ID>
GITHUB_CLIENT_SECRET=<GITHUB_CLIENT_SECRET>
GOOGLE_CLIENT_ID=<GOOGLE_CLIENT_ID>
GOOGLE_CLIENT_SECRET=<GOOGLE_CLIENT_SECRET>
SLACK_CLIENT_ID=<SLACK_CLIENT_ID>
SLACK_CLIENT_SECRET=<SLACK_CLIENT_SECRET>

Google APIs (shared credentials)

Google Calendar, Gmail, Docs, Drive, and Sheets all use the same GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET. Register one Google OAuth app and enable all required APIs in the Cloud Console:

Microsoft APIs (shared credentials)

Outlook, Teams, OneDrive, and SharePoint all use MICROSOFT_CLIENT_ID / MICROSOFT_CLIENT_SECRET. Register one Azure AD app with the required Microsoft Graph permissions.

API-Key Integrations (no OAuth setup needed)

These integrations use API keys set by the developer in their project environment variables. No OAuth app is needed:
IntegrationRequired Variables
AnthropicANTHROPIC_API_KEY
AWSAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION
MixpanelMIXPANEL_PROJECT_TOKEN, MIXPANEL_API_SECRET, MIXPANEL_PROJECT_ID
NeonNEON_API_KEY, DATABASE_URL
PostHogPOSTHOG_API_KEY
SentrySENTRY_AUTH_TOKEN, SENTRY_ORG
SnowflakeSNOWFLAKE_ACCOUNT, SNOWFLAKE_USERNAME, SNOWFLAKE_PASSWORD, SNOWFLAKE_WAREHOUSE
StripeSTRIPE_SECRET_KEY
SupabaseSUPABASE_URL, SUPABASE_ANON_KEY, SUPABASE_SERVICE_KEY
TwilioTWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN, TWILIO_PHONE_NUMBER

Available integrations

Project management

IntegrationToolsAuth
Jiralist-projects, get-project, search-issues, get-issue, create-issue, update-issue, list-comments, add-comment, get-transitionsOAuth
Linearsearch-issues, get-issue, create-issue, update-issue, list-projectsOAuth
Asanalist-tasks, get-task, create-task, update-task, list-projectsOAuth
ClickUplist-tasks, get-task, create-task, update-task, list-listsOAuth
Monday.comlist-boards, list-items, get-item, create-item, update-itemOAuth (GraphQL)
Trellolist-boards, list-cards, get-card, create-card, update-cardOAuth

Code & DevOps

IntegrationToolsAuth
GitHublist-repos, get-repo, list-issues, get-issue, update-issue, add-issue-comment, list-prs, create-issue, get-pr-diffOAuth
GitLablist-projects, get-project, search-issues, get-issue, create-issue, update-issue, add-issue-comment, list-merge-requests, get-merge-request, add-merge-request-commentOAuth
Bitbucketlist-repositories, list-pull-requests, create-pull-request, list-issuesOAuth
Sentrylist-projects, list-issues, get-issue, resolve-issueAPI Key
AWSlist-s3-buckets, list-s3-objects, get-s3-object, list-ec2-instances, list-lambda-functionsAPI Key

Communication

IntegrationToolsAuth
Slacklist-channels, send-message, get-messagesOAuth
Discordlist-guilds, list-channels, get-messages, send-message, get-userOAuth
Gmaillist-emails, send-email, search-emailsOAuth
Outlooklist-emails, get-email, send-email, search-emails, list-foldersOAuth
Teamslist-chats, get-messages, send-message, list-teams, list-channelsOAuth
Twiliosend-sms, send-whatsapp, list-messages, get-message, list-callsAPI Key
Webexlist-meetings, get-meeting, create-meeting, list-rooms, send-messageOAuth

Documents & Storage

IntegrationToolsAuth
Notionsearch-notion, read-page, create-page, query-databaseOAuth
Google Docslist-documents, get-document, create-document, update-document, search-documentsOAuth
Google Drivelist-files, get-file, search-files, create-folder, upload-fileOAuth
Google Sheetslist-spreadsheets, get-spreadsheet, read-range, write-range, create-spreadsheetOAuth
Confluencesearch-content, get-page, create-page, update-page, list-spacesOAuth
Dropboxlist-files, get-file, upload-file, search-files, get-accountOAuth
Boxlist-files, get-file, search-files, create-folder, upload-fileOAuth
OneDrivelist-files, search-files, upload-file, download-fileOAuth
SharePointlist-sites, get-site, list-files, get-file, upload-fileOAuth

CRM & Sales

IntegrationToolsAuth
HubSpotlist-contacts, get-contact, create-contact, list-deals, create-dealOAuth
Salesforcelist-accounts, get-account, list-contacts, list-opportunities, create-leadOAuth
Pipedrivelist-deals, get-deal, create-deal, update-deal, list-personsOAuth
Intercomlist-contacts, get-contact, list-conversations, get-conversation, send-messageOAuth

Databases

IntegrationToolsAuth
Airtablelist-bases, get-base, list-records, get-record, create-record, create-records, update-record, delete-record, create-table, update-table, create-fieldOAuth
Supabaselist-tables, query-table, insert-row, update-row, delete-rowAPI Key
Neonlist-projects, list-branches, query-database, list-tables, describe-tableAPI Key
Snowflakerun-query, list-databases, list-schemas, list-tables, describe-tableAPI Key

Design

IntegrationToolsAuth
Figmalist-files, get-file, get-comments, post-comment, list-projectsOAuth

Analytics

IntegrationToolsAuth
Mixpaneltrack-event, query-events, get-funnel, get-retention, list-cohortsAPI Key
PostHogget-trends, list-feature-flags, list-persons, capture-eventAPI Key
Anthropiclist-workspaces, get-usage, list-api-keys, list-members, get-organizationAPI Key

Finance & Accounting

IntegrationToolsAuth
Stripelist-customers, get-customer, list-payments, get-balance, list-subscriptionsAPI Key
QuickBookslist-invoices, get-invoice, create-invoice, list-customers, get-customerOAuth
Xerolist-invoices, get-invoice, create-invoice, list-contacts, get-contactOAuth

Support

IntegrationToolsAuth
Zendesklist-tickets, get-ticket, create-ticket, search-ticketsOAuth
Freshdesklist-tickets, get-ticket, create-ticket, update-ticket, list-contactsOAuth
ServiceNowlist-incidents, get-incident, create-incident, update-incident, search-knowledgeOAuth

Calendar & Meetings

IntegrationToolsAuth
Google Calendarlist-events, create-event, find-free-timeOAuth
Zoomlist-meetings, get-meeting, create-meeting, update-meeting, delete-meetingOAuth

Marketing

IntegrationToolsAuth
Mailchimplist-campaigns, get-campaign, list-lists, get-list, list-membersOAuth

E-Commerce

IntegrationToolsAuth
Shopifylist-products, get-product, list-orders, get-order, list-customersOAuth

Social

IntegrationToolsAuth
Twitter/Xsearch-tweets, post-tweet, get-timelineOAuth
The built-in connector catalog spans OAuth-backed and API-key-backed integrations. Treat the tables above as representative current coverage rather than a hard-coded count contract.

Verify it worked

After enabling an integration:
  1. Restart veryfront dev. The dev log lists the integration tools that were registered.
  2. From an agent that includes the integration tools, send a message that exercises one tool. The AG-UI stream should include a tool call event with the integration’s tool id and a non-error result.
  3. For per-user OAuth integrations, confirm the user has authorised the provider first (see OAuth). Calls fail with 401 if the user has no token.

Next