An agent that can only reason is a very expensive autocomplete. The agents that earn their keep are the ones that can act — read the inbox, look up the account, draft the reply, update the record. That means reaching into the systems your team already runs on, which for a lot of teams means Gmail and Salesforce.
LoopLlama ships first-party connectors for both, built on a bring-your-own-credentials model: you connect your own Google and Salesforce accounts, and your agents act as you, against your data.
OAuth, encrypted at rest#
Connecting a provider runs a standard OAuth flow. The resulting tokens are encrypted at rest and scoped to your tenant — they're never shared across customers and never exposed to the model. When an agent uses a connector, LoopLlama exchanges the encrypted token server-side and makes the call on the agent's behalf. The model sees the results, not the credentials.
Exposing a connector as tools#
Each connector surfaces a small set of typed tools the agent can call with structured arguments:
- Gmail: read and search threads, and draft or send messages.
- Salesforce: query records, and create or update objects like leads, contacts, and opportunities.
Because the arguments are typed, the agent can't invent a malformed request — it fills in a schema, and the connector validates it before anything touches your account. The same mechanism works for your own APIs: expose them via OpenAPI or a simple JSON schema and they become tools alongside the built-in connectors.
Least privilege and approval gates#
Reaching into real systems demands real guardrails. Connect only the scopes a workflow needs, and put the destructive verbs behind approval gates: let an agent read freely, but require a human yes before it sends an email or writes to the CRM. Combined with per-step traces — which record exactly which tool an agent called with which arguments — you get agents that can act on your systems and a clear, auditable account of everything they did.