Skip to content

Glossary

Use this page when a support doc, task plan, or review uses repo vocabulary that is precise but not everyday language.

  • Canonical: The single approved shape, source, path, or implementation that other code should use. If a value is canonical, avoid adding aliases or alternate reads unless a human explicitly accepts a compatibility path.
  • Connector: A product integration that lets a user or deployment connect an outside system, such as Gmail, Google Drive, Jira, GitHub, or Odoo.
  • Connector key: The stable app-owned connector id, such as google-drive, jira, or odoo.
  • Provider: The outside system or provider family behind one or more connectors, such as Google, Microsoft, Atlassian, GitHub, Slack, or Odoo.
  • Auth strategy: The connector’s authentication model. Current strategies are oauth for Better Auth linked accounts, user-api-key for a signed-in user’s own API key or PAT, and deployment-api-key for customer-deployment credentials managed through the customer CMS.
  • User-managed API key connector: A connector backed by an API key or PAT entered by the signed-in web user and stored encrypted by the API for only that user’s connector.
  • Deployment API key connector: A connector backed by one customer-deployment credential profile instead of a per-user OAuth account or per-user API key.
  • Credential profile: Non-secret setup metadata for a deployment API-key connector, plus the active secret slot pointer. It must not contain the raw API key.
  • Personal access token (PAT): A provider-issued token associated with a provider account. In this repo’s deployment API-key architecture, PAT-based connectors should use a dedicated service/bot account PAT, not an employee’s personal token.
  • Service account / bot user: A non-human provider account created for an integration. Its permissions should be intentionally scoped because a deployment API-key connector can see only what this provider account can see.
  • Active slot / inactive slot: Two secret storage locations used for rotation. The inactive slot receives a new key first; the active slot changes only after validation succeeds.
  • Live query: Chat-time provider access that reads current provider data directly instead of relying on previously indexed data.
  • Indexed mode: Connector data is synced, extracted, embedded, and stored for retrieval. Indexed mode has stronger storage and deletion implications than live-only mode.
  • Live domain: A shared app-owned result contract for a family of questions, such as mail, calendar, work-item, code-repository, or business-record.
  • Canonical tool id: The shared live-query tool name for a domain, such as business-record-live-query. Provider-specific tool ids should not leak into orchestration when a shared domain tool exists.
  • Provider adapter: API code that knows how to call one provider and normalize provider-specific payloads into the shared domain contract.
  • Registry: Shared connector metadata that defines connector keys, display names, auth strategy, modes, scopes, credential profile metadata, and duplicate-add scope.
  • Runtime manifest: API-side executable connector metadata, including live-domain membership, provider adapters, smoke-test registration, and runtime defaults.
  • Grounding: Source-backed evidence passed to chat synthesis so the assistant can answer from checked connector data instead of guessing.
  • Source metadata: User-safe details attached to evidence and Sources panels, such as connector label, source title, provider URL, checked scope, and coverage hints.
  • HITL: Human in the loop. A runtime request for user input when the assistant needs clarification or permission before continuing.
  • Fixture: Known test setup data used to make tests or real-provider smoke checks repeatable.
  • Smoke test: A narrow verification run that proves an integration path is basically wired and reachable, not exhaustive product coverage.
  • Real-provider E2E: An opt-in end-to-end check against an actual configured provider account or deployment credential, controlled by REAL_PROVIDER_E2E_* env vars.
  • Local prompt pack: A gitignored set of natural chat prompts generated from a developer’s local connected connectors, then run through the browser-backed chat path.
  • Customer CMS: apps/cms-customer, the customer/deployment operator control plane.
  • Leverage CMS: apps/cms-leverage, the Leverage-owned internal operations control plane. It is not deployed into customer clusters.
  • Payload/Mongo: Payload CMS records stored in MongoDB. Raw connector API keys must not be stored there.
  • Better Auth linked account: The per-user OAuth account record used by OAuth connectors. Deployment API-key connectors do not use this path.
  • AGENTS.md
  • docs/features/connectors/spec.md
  • docs/features/live-query/spec.md
  • apps/support-dev/src/content/docs/connectors/overview.mdx
  • apps/support-dev/src/content/docs/connectors/provider-auth-and-setup.md