Skip to main content
Copilot Studio (formerly Power Virtual Agents) is Microsoft’s no-code agent builder. Custom topics call out to HTTP connectors, which is the seam Inviolet plugs into. The pattern is the same as the ChatGPT Enterprise action surface — Inviolet sits in front of the data-fetching connector and evaluates intent.

Why it matters

Copilot Studio agents typically have access to Microsoft Graph, Dataverse, and an organization’s custom HTTP endpoints. Without governance, those agents inherit the human’s full permission set. Inviolet narrows that to the declared purpose for each turn.

1. Add Inviolet as a custom connector

In the Power Apps maker portal: Custom connectors → New custom connector → Create from blank.
  • General: Host = gateway.inviolet.ai, Base URL = /proxy/copilot
  • Security: API Key, location = Header, parameter name = Authorization, prefix = Bearer
  • Definition: import the OpenAPI spec at https://gateway.inviolet.ai/openapi.json

2. Call Inviolet from a topic

In a Copilot Studio topic, add a Call an action → Connector action node. Pick the Inviolet connector you registered, then call POST /v1/intent/evaluate: 
{
  "user_id": "{{System.User.Id}}",
  "tool_call": {
    "name": "{{Topic.RequestedAction}}",
    "arguments": { "customer_id": "{{Topic.CustomerId}}" }
  },
  "data_source_id": "dataverse_prod"
}
Branch on the outcome variable. If outcome == "allowed", proceed to the actual data-fetching connector. If denied or pending_approval, return a Copilot message explaining the next step.

3. Verify

Trigger the topic from a test conversation. The decision feed at app.inviolet.ai/decision-feed shows the intent event tagged with source = copilot_studio.