Short version: native connectors are ungoverned and configured per-user inside the AI client. Runlayer connectors route the same tools through Runlayer so every call is authed, policy-checked, scanned, and audited. Runlayer Plugin is a single connection that exposes all of a user’s Runlayer connectors at once — the golden path for company-wide rollout.
The three options at a glance
| Native connector | Runlayer connector | Runlayer Plugin | |
|---|---|---|---|
| What it is | A vendor MCP/integration configured directly inside the AI client (Claude, ChatGPT, Cursor, …) | A managed MCP server added to Runlayer via catalog, manual, or Deploy | A single, unified MCP entrypoint that exposes all of a user’s active hosted Runlayer connectors and skills |
| Who sets it up | Each end user, in their own client | Admins (users can request) | Admins roll out once; users connect one thing |
| Traffic routed through Runlayer | No | Yes | Yes |
| Policy / PBAC | No | Yes | Yes (delegates to each connector) |
| ToolGuard scanning | No | Yes | Yes |
| Audit logs & analytics | No | Yes | Yes |
| One-click / brokered auth | No (user pastes credentials or does per-app OAuth) | Yes (incl. OAuth Broker) | Yes |
| Setup surface for the user | One per tool, per client | One per connector | One connection for everything |
| Best for | Nothing sanctioned — this is the shadow-AI default | The governed replacement for a native connector | Broad, standardized rollout across teams |
Native connectors
A native connector is any MCP server or integration a user wires directly into their AI client — for example, adding a vendor’s MCP URL inside Claude, enabling a ChatGPT connector, or dropping a server into a localmcp.json for Cursor or Claude Code.
Native connectors are fast for one person to set up, but they sit outside Runlayer:
- Runlayer can’t apply policies, ToolGuard scanning, or audit logging to traffic that never passes through it.
- Auth is the user’s problem — often pasting an API key into a config file or running a per-app OAuth flow.
- Every user configures every tool themselves, so setup drifts and duplicates across the team.
Native connectors inside Claude, ChatGPT, or another client can coexist with Runlayer. But Runlayer can only enforce policies, ToolGuard, and audit logs on traffic that goes through Runlayer or a supported endpoint hook. See the connectors overview.
Runlayer connectors
A Runlayer connector is a managed MCP server in Runlayer. It packages the MCP endpoint together with auth, configuration, permissions, and client setup instructions. Once a connector is active, every tool call flows through Runlayer, so you get:- Identity-aware policy (PBAC) — control exactly which users and agents can call which tools (Policies).
- Real-time security — ToolGuard scans tool definitions, outputs, and intent for prompt injection, tool poisoning, and data exfiltration.
- Full audit trail and analytics — every call is recorded (Audit Logs, Analytics).
- One-click auth — many vendors connect through the OAuth Broker with no per-tenant app registration, so users don’t paste credentials into config files.
Runlayer Plugin
Runlayer Plugin is Runlayer’s unified MCP entrypoint. Instead of asking users to install and manage many separate connectors, the Plugin gives them one connection that can discover and run every tool they already have access to in Runlayer. For each request, Runlayer builds that user’s Plugin view from their active hosted connectors, accessible skills, and Runlayer platform tools — then exposes two meta-tools,search_tools and execute_tool, so the model finds the right tool instead of carrying hundreds of definitions in context.
Key properties:
- No new permissions. The Plugin only exposes capabilities the user already has; every execution still goes through the underlying connector’s normal controls.
- Same security model as direct connector use — PBAC, ToolGuard, OAuth checks, and audit logging all still apply.
- One rollout, many clients. Admins distribute it via Auto Sync (CLI-managed desktop/editor clients), Anthropic org install (Claude), or OpenAI org install (ChatGPT). See Runlayer Plugin → Admin rollout options.
Older organization installs may expose the Plugin’s MCP server as
onelayer rather than runlayer-plugin. Those installs keep working — the proxy URL and plugin identity are unchanged.Choosing between them
Use this as the rule of thumb:- A native connector is what a user reaches for when there’s no sanctioned option. Treat every one you find as a candidate to replace, not to keep.
- A Runlayer connector is the right answer when you want a specific tool governed — you’re standing up Slack, GitHub, Snowflake, or an internal MCP server and you want policy, scanning, and audit on it.
- Runlayer Plugin is the right answer when you’re rolling out to people at scale and don’t want each user managing a list of separate connections. It’s the single golden-path surface built on top of the connectors you’ve already approved.
Rolling out: from native to the golden path
A typical migration from ungoverned native connectors to the governed golden path:Discover what's already running
Use Runlayer Watch to surface the native/shadow connectors people have already wired into their clients. This tells you which tools actually matter to your teams.
Approve Runlayer connectors for those tools
Add the equivalent Runlayer connectors from the catalog (or manually / via Deploy for internal servers). Configure auth — often one-click through the OAuth Broker — and apply policies.
Turn off the native connector, turn on the Runlayer one
Point users at the Runlayer connector for the same tool so traffic is now proxied, scanned, and audited instead of going direct. For managed fleets you can push client config automatically — see Auto-Sync to Clients.
Distribute Runlayer Plugin for broad rollout
Once you have several approved connectors, give users Runlayer Plugin as their single connection via Auto Sync, Anthropic, or OpenAI org install — instead of asking each person to add connectors one by one.
Related docs
Connectors
Add and manage Runlayer connectors from the catalog, manually, or via Deploy.
Runlayer Plugin
The unified MCP entrypoint and how to roll it out.
OAuth Broker
One-click, brokered auth for connectors — no per-tenant app registration.
Policies
Control which users and agents can call which tools.