Integrations

What are integrations?

Integrations connect Pinchy to external systems — ERPs, CRMs, databases — so agents can query real business data. Instead of giving agents direct database access, Pinchy provides a controlled bridge: the admin sets up a connection once, then decides which agents can use it and what they’re allowed to do.

Currently supported: Odoo. More integrations are planned.

Note

Integrations vs. Channels. This page is about data integrations — how agents access external business systems. If you’re looking for communication channels (how users reach their agents from outside the Pinchy web UI), see Set Up Telegram. LLM providers like OpenAI, Anthropic, Google, and Ollama (local and cloud) are configured separately via Manage LLM Providers.

Connections vs. permissions

These are two separate concepts:

• Connection — a global setting an admin creates once. It stores the credentials and knows which data models are available. Think of it as “Pinchy can talk to this system.”
• Permissions — per-agent settings that control what each agent can do with that connection. Think of it as “this agent can read sales orders but not delete contacts.”

Creating a connection doesn’t give any agent access. You must explicitly grant access in each agent’s Permissions tab.

How the sync works

When you add a connection, Pinchy probes the external system to discover what’s available:

1. Schema discovery — Pinchy calls fields_get() on each model to learn the field names, types, and relationships
2. Permission check — Pinchy calls check_access_rights() to determine which operations (read, create, write, delete) the API user can perform
3. Filtering — Only models where the API user has at least read access appear in the connection summary

This means the connection reflects what’s actually accessible — not what exists in theory. If the Odoo admin later restricts the API user’s permissions, some models may disappear on the next sync.

Access levels

When granting an agent access to a connection, you choose an access level:

Level	Tools enabled	Use case
Read-only	schema, read, count, aggregate	Reporting, dashboards, Q&A
Read & Write	schema, read, count, aggregate, create, write	Data entry, updating records
Full	schema, read, count, aggregate, create, write, delete	Full CRUD — use with caution
Custom	You pick individual tools	Fine-grained control

Each level maps directly to the Odoo tools that get enabled for the agent. See Agent Permissions for the full tool list.

What happens when Odoo permissions change

If the Odoo admin changes the API user’s permissions after you’ve set up the connection, agents may lose access to certain models. When this happens:

• The agent gets a clear error message explaining that access was denied
• The error suggests that an admin re-syncs the connection

To re-sync: go to Settings → Integrations, select the connection, and click Re-sync. Pinchy probes the available models again and updates the connection accordingly.

Re-syncing may remove models that are no longer accessible. Agents that were configured to use those models will lose access to them.

Security

Integration credentials are handled with the same rigor as provider API keys:

• Encryption — credentials are encrypted with AES-256-GCM before being stored in the database. They never appear in logs or API responses.
• Audit trail — every tool invocation is logged: which tool was called, with what parameters, and whether it succeeded or failed. The result data itself is not logged — only the operation metadata. All audit rows are HMAC-SHA256 signed.
• Least privilege — the Odoo API key inherits the permissions of the Odoo user who created it. Create a dedicated Odoo user with minimal permissions for the best security posture.

Agent Templates

Templates bundle permissions, tools, and instructions into a ready-to-use agent configuration. Instead of manually selecting access levels and models, you pick a template (e.g. “Sales Analyst” or “Fleet Manager”) and Pinchy sets everything up for you.

Pinchy ships with 16 Odoo templates spanning Sales, Inventory, Finance, HR, Marketing, and E-Commerce. Templates are only visible when at least one Odoo connection exists, and each template is validated against the connected instance — if required Odoo modules aren’t installed, the template is dimmed and can’t be selected until you install the missing modules and re-sync.

For the full list of available templates and setup instructions, see Connect Odoo — Agent Templates.

Note

For a step-by-step setup guide, see Connect Odoo.