Glossary
Use this page when a support doc, task plan, or review uses repo vocabulary that is precise but not everyday language.
Common Terms
Section titled “Common Terms”- Canonical: The single approved shape, source, path, or implementation that other code should use. If a value is canonical, avoid adding aliases or alternate reads unless a human explicitly accepts a compatibility path.
- Connector: A product integration that lets a user or deployment connect an outside system, such as Gmail, Google Drive, Jira, GitHub, or Odoo.
- Connector key: The stable app-owned connector id, such as
google-drive,jira, orodoo. - Provider: The outside system or provider family behind one or more connectors, such as Google, Microsoft, Atlassian, GitHub, Slack, or Odoo.
- Auth strategy: The connector’s authentication model. Current strategies are
oauthfor Better Auth linked accounts,user-api-keyfor a signed-in user’s own API key or PAT, anddeployment-api-keyfor customer-deployment credentials managed through the customer CMS. - User-managed API key connector: A connector backed by an API key or PAT entered by the signed-in web user and stored encrypted by the API for only that user’s connector.
- Deployment API key connector: A connector backed by one customer-deployment credential profile instead of a per-user OAuth account or per-user API key.
- Credential profile: Non-secret setup metadata for a deployment API-key connector, plus the active secret slot pointer. It must not contain the raw API key.
- Personal access token (PAT): A provider-issued token associated with a provider account. In this repo’s deployment API-key architecture, PAT-based connectors should use a dedicated service/bot account PAT, not an employee’s personal token.
- Service account / bot user: A non-human provider account created for an integration. Its permissions should be intentionally scoped because a deployment API-key connector can see only what this provider account can see.
- Active slot / inactive slot: Two secret storage locations used for rotation. The inactive slot receives a new key first; the active slot changes only after validation succeeds.
- Live query: Chat-time provider access that reads current provider data directly instead of relying on previously indexed data.
- Indexed mode: Connector data is synced, extracted, embedded, and stored for retrieval. Indexed mode has stronger storage and deletion implications than live-only mode.
- Live domain: A shared app-owned result contract for a family of questions, such as
mail,calendar,work-item,code-repository, orbusiness-record. - Canonical tool id: The shared live-query tool name for a domain, such as
business-record-live-query. Provider-specific tool ids should not leak into orchestration when a shared domain tool exists. - Provider adapter: API code that knows how to call one provider and normalize provider-specific payloads into the shared domain contract.
- Registry: Shared connector metadata that defines connector keys, display names, auth strategy, modes, scopes, credential profile metadata, and duplicate-add scope.
- Runtime manifest: API-side executable connector metadata, including live-domain membership, provider adapters, smoke-test registration, and runtime defaults.
- Grounding: Source-backed evidence passed to chat synthesis so the assistant can answer from checked connector data instead of guessing.
- Source metadata: User-safe details attached to evidence and Sources panels, such as connector label, source title, provider URL, checked scope, and coverage hints.
- HITL: Human in the loop. A runtime request for user input when the assistant needs clarification or permission before continuing.
- Fixture: Known test setup data used to make tests or real-provider smoke checks repeatable.
- Smoke test: A narrow verification run that proves an integration path is basically wired and reachable, not exhaustive product coverage.
- Real-provider E2E: An opt-in end-to-end check against an actual configured provider account or deployment credential, controlled by
REAL_PROVIDER_E2E_*env vars. - Local prompt pack: A gitignored set of natural chat prompts generated from a developer’s local connected connectors, then run through the browser-backed chat path.
- Customer CMS:
apps/cms-customer, the customer/deployment operator control plane. - Leverage CMS:
apps/cms-leverage, the Leverage-owned internal operations control plane. It is not deployed into customer clusters. - Payload/Mongo: Payload CMS records stored in MongoDB. Raw connector API keys must not be stored there.
- Better Auth linked account: The per-user OAuth account record used by OAuth connectors. Deployment API-key connectors do not use this path.
Canonical Sources
Section titled “Canonical Sources”AGENTS.mddocs/features/connectors/spec.mddocs/features/live-query/spec.mdapps/support-dev/src/content/docs/connectors/overview.mdxapps/support-dev/src/content/docs/connectors/provider-auth-and-setup.md