MCP Connectors Overview
Model Context Protocol (MCP) v0.2 is the standardized protocol AxonFlow uses for permission-aware data access across different systems.
What is MCP?
MCP (Model Context Protocol) provides a standardized way for AI agents to access data from various sources with built-in permission enforcement. AxonFlow implements MCP v0.2, which includes:
- Permission-Aware Access: Every data request validates user permissions
- Standardized Interface: Same API for different data sources
- Audit Logging: Complete trail of data access
- Error Handling: Graceful fallbacks and retries
Available Connectors
AxonFlow provides 17 production-ready connectors across Community and Enterprise editions:
Community Connectors (Free)
| Connector | Type | Use Case |
|---|---|---|
| PostgreSQL | Database | Relational data access, multi-tenant queries |
| MySQL | Database | MySQL/MariaDB data access |
| MongoDB | NoSQL | Document database queries |
| Redis | Cache | Distributed rate limiting, session management |
| HTTP/REST | API | Generic REST API integration |
| Cassandra | NoSQL | Wide-column distributed database |
| S3 | Cloud Storage | AWS S3 and S3-compatible object storage |
| Azure Blob | Cloud Storage | Azure Blob Storage and ADLS Gen2 |
| GCS | Cloud Storage | Google Cloud Storage |
Enterprise Connectors
Enterprise connectors require an AxonFlow Enterprise license. Contact Sales for access.
| Connector | Type | Use Case |
|---|---|---|
| Amadeus GDS | Travel | Flight search, hotel booking, real-time pricing |
| Salesforce | CRM | Customer data, leads, SOQL queries |
| Slack | Communication | Team notifications, alerts, messaging |
| Snowflake | Data Warehouse | Analytics, reporting, large-scale queries |
| HubSpot | CRM | Contact management, deals, companies |
| Jira | Issue Tracking | Ticket management, JQL queries, workflows |
| ServiceNow | ITSM | Incident management, CMDB, change requests |
Custom Connectors
| Option | Description |
|---|---|
| Connector SDK | Build custom connectors using the AxonFlow SDK |
Optional Deployment
As of November 2025, MCP connectors are optional during deployment:
✅ Community Deployments: Deploy without any connectors (EnabledConnectors: "")
✅ Partial Deployments: Enable only required connectors
✅ Dynamic Addition: Add connectors post-deployment without redeployment
Configuration
AxonFlow uses separate parameters for MCP connectors and LLM providers:
# CloudFormation / Environment Config
EnabledConnectors: "amadeus,salesforce,slack" # MCP data connectors
EnabledLLMProviders: "openai,anthropic" # LLM providers
MCP Connectors (EnabledConnectors) - Data integrations:
amadeus- Travel API (flights, hotels, airports)salesforce- CRM integrationslack- Team messagingsnowflake- Data warehouse
LLM Providers (EnabledLLMProviders) - AI model providers:
openai- OpenAI GPT modelsanthropic- Anthropic Claude modelsbedrock- AWS Bedrock (IAM auth)ollama- Self-hosted Ollama
Examples:
- Community Mode:
EnabledConnectors: ""+EnabledLLMProviders: "" - Travel App:
EnabledConnectors: "amadeus"+EnabledLLMProviders: "openai" - E-commerce:
EnabledConnectors: "salesforce"+EnabledLLMProviders: "anthropic" - Healthcare:
EnabledConnectors: "snowflake"+EnabledLLMProviders: "anthropic" - Full Enterprise:
EnabledConnectors: "amadeus,salesforce,slack,snowflake"+EnabledLLMProviders: "openai,anthropic"
Benefits:
- Start with minimal setup (only 3 critical secrets)
- Add connectors and LLM providers as business needs grow
- No redeployment required - just create secrets and restart services
Enterprise customers can manage connectors via the Customer Portal UI at runtime without any deployment. Configure, test, and monitor connectors with zero-downtime changes that take effect within 30 seconds. Learn more about Enterprise features.
Connector Architecture
Connector Configuration
Basic Configuration
All connectors share a common configuration structure:
{
"name": "connector-name",
"type": "connector-type",
"config": {
// Connector-specific configuration
},
"permissions": {
"read": ["resource:pattern"],
"write": ["resource:pattern"]
},
"rate_limits": {
"requests_per_second": 10,
"burst": 20
}
}
Creating a Connector
Connectors are configured via environment variables, config files, or the database. See Runtime Configuration for details.
List Connectors:
curl http://localhost:8080/mcp/connectors
Response:
{
"connectors": [
{
"name": "production-redis",
"type": "redis",
"status": "healthy",
"last_health_check": "2025-10-23T10:30:00Z"
}
],
"count": 1
}
Permission Model
Permission Patterns
Permissions use a hierarchical pattern matching system:
resource:action:scope
Examples:
- "cache:*" - All cache operations
- "cache:read:*" - Read from any cache key
- "cache:read:user:*" - Read user-specific cache
- "database:query:customers" - Query customers table
- "api:call:payments:*" - Call any payments API
Permission Evaluation
When an agent requests data:
- Policy Check: Validate user has permission
- Resource Match: Check resource against connector permissions
- Action Validation: Ensure action is allowed (read/write)
- Scope Enforcement: Apply data filtering based on scope
- Audit Log: Record access attempt
Example Permission Configuration
apiVersion: axonflow.io/v1
kind: ConnectorPermissions
metadata:
connector: amadeus-gds
spec:
users:
- user_id: "[email protected]"
permissions:
- "flights:search:*"
- "hotels:search:*"
- "bookings:read:own"
groups:
- group_id: "travel-agents"
permissions:
- "flights:search:*"
- "flights:book:*"
- "hotels:search:*"
- "hotels:book:*"
- "bookings:*:*"
Connector Lifecycle
States
| State | Description | Actions Available |
|---|---|---|
creating | Being initialized | None |
active | Ready for use | Use, Test, Update, Disable |
disabled | Temporarily disabled | Enable, Delete |
error | Configuration error | Update, Delete |
deleting | Being removed | None |
State Transitions
Testing Connectors
Health Check
All Connectors:
curl http://localhost:8080/mcp/health
Response:
{
"healthy": true,
"total_connectors": 3,
"healthy_count": 3,
"unhealthy_count": 0,
"timestamp": "2025-10-23T10:35:00Z"
}
Specific Connector:
curl http://localhost:8080/mcp/connectors/redis-cache/health
Response:
{
"name": "redis-cache",
"type": "redis",
"healthy": true,
"latency_ms": 5.2,
"last_check": "2025-10-23T10:35:00Z"
}
Query via Connector
curl -X POST http://localhost:8080/mcp/resources/query \
-H "Content-Type: application/json" \
-d '{
"connector": "postgres-main",
"query": "SELECT id, name FROM users WHERE department = $1",
"params": ["engineering"],
"user_token": "user-123"
}'
Monitoring Connectors
Key Metrics
Monitor these CloudWatch metrics:
mcp_connector_requests: Total requests per connectormcp_connector_latency_p95: P95 latencymcp_connector_errors: Error countmcp_connector_permission_denials: Permission violations
Example CloudWatch Query
aws cloudwatch get-metric-statistics \
--namespace AxonFlow \
--metric-name mcp_connector_latency_p95 \
--dimensions Name=ConnectorId,Value=conn_abc123 \
--start-time 2025-10-23T00:00:00Z \
--end-time 2025-10-23T23:59:59Z \
--period 3600 \
--statistics Average
Connector List Management
List All Connectors
curl http://localhost:8080/mcp/connectors
Refresh Connectors
After updating configuration (env vars, config file, or database), refresh connectors:
# Refresh all connectors
curl -X POST http://localhost:8080/api/v1/connectors/refresh
# Refresh specific tenant
curl -X POST http://localhost:8080/api/v1/connectors/refresh/TENANT_ID
# Refresh single connector
curl -X POST http://localhost:8080/api/v1/connectors/refresh/TENANT_ID/CONNECTOR_NAME
View Cache Stats
curl http://localhost:8080/api/v1/connectors/cache/stats
Best Practices
- Use Secrets Manager: Never hardcode credentials
- Set Rate Limits: Protect external systems
- Test Before Production: Use
/testendpoint - Monitor Health: Regular health checks
- Version Control Config: Store connector configs in git
- Least Privilege: Grant minimum required permissions
- Audit Regularly: Review connector access logs
- Use TLS: Always encrypt connections