Documentation
Managed Connectors
Hosted, scheduled syncs that pull a team’s GitLab/GitHub issues, merge requests / PRs and pipelines into the shared context layer — so every seat’s search and knowledge surface them, with no per-call credentials and no manual provider calls.
A managed connector is the hosted, always-on counterpart to a local
provider. Instead of a developer running
ctx_provider by hand with a token in their environment, the team server runs the
sync for the whole team on a schedule. Once a connector has run, every seat’s
ctx_semantic_search and ctx_knowledge surface that source’s issues,
merge requests / PRs and pipelines — no per-call credential transport, no manual
invocation.
Connectors are a hosted convenience: they only add context to a hosted workspace. They never gate or change anything on a developer’s local machine (the Local-Free Invariant holds).
How a sync works
A single background scheduler ticks once a minute and runs each due connector. One run fetches the source, distils it, and consolidates the result into the workspace’s long-term stores — the same BM25 index, property graph and knowledge base your code already lives in:
fetch (GitLab/GitHub API) → chunk → consolidate → BM25 + graph + knowledge | Source | Resources |
|---|---|
github | issues · pull_requests · actions |
gitlab | issues · merge_requests · pipelines |
Configuring a connector
Connectors are managed from the hosted Account → Team → Knowledge connectors
card — add one, point it at a repository, paste a provider token, and enable or disable it.
That UI is the front door; under the hood each connector is one entry in the team server’s
connectors[] config:
{
"id": "core-issues",
"provider": "github", // or "gitlab"
"resource": "issues", // gitlab: issues | merge_requests | pipelines
"project": "acme/widgets", // owner/repo (GitHub) or group/project (GitLab)
"intervalSecs": 3600, // sync cadence, clamped to a 5-minute floor
"enabled": true
} Because connectors live on the team plane, they are an admin / owner concern — a single configured source becomes shared context for every seat in that workspace.
What stays safe
- Secrets never leak. A connector’s token lives only inside the injected, private team config. The server never writes it to disk and no API ever returns it.
- External APIs are protected. The sync cadence is clamped to a 5-minute floor, so a misconfigured connector can’t hammer GitLab or GitHub.
- Storage has a backstop. If the hosted index is over its quota, ingestion pauses — it never deletes data and never gates reads.
- Status is observable. The account card (and the audit-scoped
GET /v1/connectorsendpoint) show each connector’s last run, status and item count — always secret-free.
Where to go next
- Managed Connectors journey — the end-to-end story.
- Data sources & providers — the local, on-demand counterpart.
- Team, Cloud & Self-Hosting — where connectors fit in the team server.
- Security & Governance — roles, scopes and secret handling.