Documentation

Managed Connectors

Hosted, scheduled syncs that pull a team’s GitLab/GitHub issues, merge requests / PRs and pipelines into the shared context layer — so every seat’s search and knowledge surface them, with no per-call credentials and no manual provider calls.

A managed connector is the hosted, always-on counterpart to a local provider. Instead of a developer running ctx_provider by hand with a token in their environment, the team server runs the sync for the whole team on a schedule. Once a connector has run, every seat’s ctx_semantic_search and ctx_knowledge surface that source’s issues, merge requests / PRs and pipelines — no per-call credential transport, no manual invocation.

Connectors are a hosted convenience: they only add context to a hosted workspace. They never gate or change anything on a developer’s local machine (the Local-Free Invariant holds).

How a sync works

A single background scheduler ticks once a minute and runs each due connector. One run fetches the source, distils it, and consolidates the result into the workspace’s long-term stores — the same BM25 index, property graph and knowledge base your code already lives in:

fetch (GitLab/GitHub API) → chunk → consolidate → BM25 + graph + knowledge
SourceResources
githubissues · pull_requests · actions
gitlabissues · merge_requests · pipelines

Configuring a connector

Connectors are managed from the hosted Account → Team → Knowledge connectors card — add one, point it at a repository, paste a provider token, and enable or disable it. That UI is the front door; under the hood each connector is one entry in the team server’s connectors[] config:

{
  "id": "core-issues",
  "provider": "github",          // or "gitlab"
  "resource": "issues",          // gitlab: issues | merge_requests | pipelines
  "project": "acme/widgets",     // owner/repo (GitHub) or group/project (GitLab)
  "intervalSecs": 3600,           // sync cadence, clamped to a 5-minute floor
  "enabled": true
}

Because connectors live on the team plane, they are an admin / owner concern — a single configured source becomes shared context for every seat in that workspace.

What stays safe

  • Secrets never leak. A connector’s token lives only inside the injected, private team config. The server never writes it to disk and no API ever returns it.
  • External APIs are protected. The sync cadence is clamped to a 5-minute floor, so a misconfigured connector can’t hammer GitLab or GitHub.
  • Storage has a backstop. If the hosted index is over its quota, ingestion pauses — it never deletes data and never gates reads.
  • Status is observable. The account card (and the audit-scoped GET /v1/connectors endpoint) show each connector’s last run, status and item count — always secret-free.

Where to go next