Integrations Overview

How LumenFlow connects to external services across Tool Connections, channels, MCP, OAuth, and API keys.

Product surfaces#

LumenFlow currently exposes external integrations through three different product surfaces:

Surface	What it's for	Current examples
Tool Connections	Governed `conn:*` tools inside Sidekick	Gmail, Google Calendar, Google Docs, Google Sheets, GitHub, HubSpot, Jira, Notion, Outlook, OneDrive, Microsoft To Do, Greenhouse
Channels	Messaging and inbound/outbound conversation transport	Slack, Discord, Telegram, Microsoft Teams, Twilio SMS, custom webhooks
Advanced Custom MCP	Self-hosted or custom tool servers	Internal tools, niche SaaS, bespoke workflows

Connection methods#

Depending on the integration, setup uses one of these methods:

Method	Use case	Setup
OAuth	Google, Slack, GitHub, HubSpot, Atlassian, Microsoft, Notion	One-click authorize
API key	Greenhouse and some custom services	Paste key in settings
MCP	Advanced custom tools	Deploy or register MCP server
Webhooks	Inbound events and messaging channels	Configure endpoint URL and verification

How connections work#

You add a Tool Connection or channel in Settings → Connections
LumenFlow securely stores the credentials
Sidekick discovers the governed actions available from that integration
Governance rules control which actions are allowed

Connection lifecycle#

Connections and channels follow a state machine with clear health status:

  disconnected ──(add integration)──> connected
      ^                                    |
      |                              (needs config?)
      |                               /         \
      |                             no           yes
      |                              |            |
      |                              v            v
      |                       inbound_ready   action_required
      |                              |            |
      |                        (healthy)    (fix config)
      |                              |            |
      |                              v            v
      +──(revoke)──────────── active      degraded

State	Meaning
disconnected	Not configured
connected	Credentials stored, basic outbound works
action_required	Needs additional setup (webhook URL, bot token, etc.)
inbound_ready	Full bidirectional capability
degraded	Was working, now failing (token expired, webhook down)

OAuth tokens are refreshed automatically. You can revoke access at any time from settings.

For newer integrations, v1 means the integration is real and installable today, but intentionally bounded. LumenFlow exposes the most useful governed actions first and expands later instead of claiming the provider's full API on day one.

Security#

OAuth tokens are encrypted at rest
Credentials are never exposed in the UI after initial setup
All connection activity appears in the audit trail
Revoking a connection immediately stops all related actions

info LumenFlow requests minimal scopes by default. You choose exactly which permissions to grant during OAuth authorization.