Connections#
A connection represents a link between an AI agent (or human using an AI tool) and an upstream service. Connections are the primary unit of governance in FirstOps.
Connection Lifecycle#
Discovery#
The FirstOps daemon continuously scans the local machine for MCP server configurations across all supported clients:
- Claude Code
- Claude Desktop
- Cursor
- VS Code
- Cline
- Windsurf
- Zed
- JetBrains IDEs
Unmonitored#
A discovered connection that routes directly to the upstream service. Requests bypass FirstOps — no policy enforcement, no credential brokering, no audit trail.
Monitored#
A connection that routes through the FirstOps MCP gateway. Every request is:
- Authenticated (DPoP verification)
- Authorized (policy evaluation)
- Credential-brokered (raw tokens injected at proxy time)
- Audited (full request/response logged)
Fixing a Connection#
When you "fix" an unmonitored connection, the daemon:
- Requests safe connection parameters from FirstOps
- Rewrites the local MCP configuration file
- The connection now routes through the FirstOps gateway
# Fix a specific connection
fo discover fix <connection-id>
# Fix all unmonitored connections
fo discover fix --all
Credential Brokering#
The gateway enforces a strict boundary: agents never see upstream credentials.
When a connection is monitored:
- OAuth tokens and API keys are stored in FirstOps
- The proxy injects authorization headers at request time
- The agent's request contains only its DPoP proof
- Upstream credentials are scoped and rotated independently
This means revoking an agent's access is instant — revoke the principal, and no credential cleanup is needed on upstream services.
Outbound Sets#
An Outbound Set controls which upstream tools the members of an Access Group can reach. You configure it in the dashboard under your Access Group settings:
- Each Access Group has one Outbound Set
- The Outbound Set lists permitted upstream services
- Requests to services outside the Outbound Set are blocked
- This is evaluated before policy rules