Infrastructure
Connect your CI/CD, cloud, and dev infrastructure to give the agent access to external services.
Infrastructure integrations give the agent access to your existing tools and services via MCP (Model Context Protocol). Connect cloud providers, databases, project management, monitoring, and more — so the agent can read issues, query databases, check deployments, and investigate errors as part of its workflow.
Pre-Configured Services
Connect any of these services from the agent settings page. Click Browse MCPs to see the full list.
OAuth
These services authenticate through an OAuth flow. Click Connect, then run the provided CLI command to complete authorization.
| Service | What the Agent Can Do |
|---|---|
| Linear | Read and update issues, create tickets, manage projects |
| Jira | Manage tickets, read boards, update issue status |
| Notion | Access documentation, read and search pages |
| Sentry | Investigate errors, read stack traces, query events |
| Vercel | Check deployments, read build logs, inspect environment |
Credentials
These services connect with API keys or tokens entered directly in the dashboard.
| Service | Required Credentials | What the Agent Can Do |
|---|---|---|
| Slack | Bot Token, Team ID | Send messages, read channels |
| Supabase | Access Token, Project Ref | Query databases, manage tables, read schemas |
| Cloudflare | API Token, Account ID | Manage workers, DNS, and pages |
| AWS | Access Key, Secret Key, Region | Interact with EC2, S3, RDS, Lambda, and other AWS services |
| MongoDB | Connection String | Query collections, read and write data |
Credentials are encrypted at rest using AES-256-GCM. They are only decrypted when passed to the agent during a session.
Connecting a Service
OAuth Services
- Go to the Agent page and click Browse MCPs
- Select the service you want to connect
- Copy the CLI command shown in the modal:
paragon mcp-auth linear --url https://mcp.linear.app/sse - Run it in your terminal — this opens the OAuth flow in your browser
- After authorizing, paste the token back into the dashboard modal
- The service appears as Connected with a checkmark
Credential Services
- Go to the Agent page and click Browse MCPs
- Select the service
- Enter the required credentials (API keys, tokens, connection strings)
- Click Save
Custom MCP Servers
Connect any MCP-compatible service that isn't in the pre-configured list.
- Click Browse MCPs > Custom MCP
- Enter a name for the server
- Choose a protocol:
- stdio — Local process communication (command + args)
- HTTP — HTTP-based MCP endpoint
- SSE — Server-Sent Events transport
- Configure the server URL or command
- Add any required environment variables or headers
- Click Save
Example: Custom stdio Server
{
"command": "npx",
"args": ["-y", "@your-org/mcp-server"],
"env": {
"API_KEY": "your-api-key"
}
}Managing Connections
Connected services show a checkmark in the Browse MCPs panel. To disconnect a service, click on it and remove the configuration.
Your MCP configuration applies to all your agent sessions and automations. Each team member manages their own connections independently.
Agent Environments
Each repository can have one or more environments that configure how the agent sets up and runs your project. Environments are managed from the Agent Settings page.
Environment Variables
Add environment variables the agent needs to build and test your project (API keys, database URLs, feature flags, etc.). Variables are stored encrypted at rest using AES-256-GCM and only decrypted when injected into the agent's sandbox during a session.
You can add variables manually as key/value pairs, or sync them from an external secrets manager.
Secret Providers
Instead of manually entering environment variables, you can sync them from an external secrets manager. Provider secrets are fetched at session start and merged with any manual variables (manual variables take precedence on key conflicts).
Doppler
Sync secrets from a Doppler project config:
| Field | Description |
|---|---|
| Service Token | A Doppler service token (dp.st.xxx) with read access to the target config |
| Project | The Doppler project name |
| Config | The config environment (e.g., dev, stg, prd) |
Infisical
Sync secrets from an Infisical workspace:
| Field | Description |
|---|---|
| Service Token | An Infisical service token with read access |
| Workspace ID | The Infisical workspace ID |
| Environment | The environment name (e.g., dev, staging, prod) |
| Secret Path | Optional path prefix (default: /) |
Update Script
A shell script that runs when the agent sets up your project in the sandbox. Use it for steps that go beyond environment variables — installing dependencies, running migrations, seeding databases, or starting background services.
npm install
npx prisma migrate deploy
npm run seedProject Commands
Define the standard commands for your project so the agent knows how to build, test, and run it:
| Command | Description | Example |
|---|---|---|
| dev | Start the dev server | npm run dev |
| test | Run the test suite | npm test |
| build | Build the project | npm run build |
| lint | Run the linter | npm run lint |
Each command can optionally include a port number (for dev servers) and a description.
Auth State
For browser-based testing, you can upload a Playwright storageState JSON file that contains cookies and local storage data. The agent uses this to start browser sessions already authenticated, skipping login flows during E2E testing.
Next Steps
Integrations
Configure GitHub mentions, Slack triggers, and browser tools.
Automations
Set up automated workflows that use your connected infrastructure.