docs/features/connectors.md

Connectors & data sources

A source connector brings an outside system's data into Vocion's knowledge store, where your agents can retrieve it. Connectors are intentionally narrow — they just yield document records; the runtime handles chunking, embedding, dedup, scoping, and re-sync.

Built-in connectors

ConnectorBrings inAuth
Google AdsCampaign performance by day (impressions, clicks, cost, conversions)OAuth + developer token
GA4Analytics rows (sessions, conversions, bounce rate) by date + landing pageOAuth
HubSpotCRM records — contacts, deals, companiesPrivate-app token
GmailMessages (subject, sender, snippet)OAuth
SlackChannel messagesOAuth
Google DriveDocuments — Docs, Sheets, Slides (exported as text), plain-text filesOAuth
WebPublic URLs or a crawled siteNone

Durable, incremental sync

Connecting a real system means syncing a lot of data, reliably. Every connector runs on the durable ingestion pipeline: a checkpoint per source tracks a since watermark and a resume cursor, so a sync fetches only what changed and a failure resumes from the last good point instead of re-crawling from zero. Full syncs prune deletions; incremental runs don't.

Scheduled syncs

A source can declare a cron (schedule: '0 6 * * *') and sync itself. The cron drives a durable Temporal Schedule that runs the sync as a workflow — so a crash mid-sync resumes from the last checkpoint instead of losing the run, and each scheduled run is incremental (only what changed). There's exactly one schedule per source; disable the source and the schedule goes with it. Omit schedule and the source stays manual-only.

Scoped + access-controlled

Ingested data carries scope — workspace, client, or team — and retrieval enforces it: a search scoped to one client returns that client's data plus shared data, never another client's. This is the cross-client isolation boundary that lets one workspace safely serve many clients.

Connecting credentials

Most connectors need a credential — an OAuth token, an API key. Vocion stores them encrypted at rest: sealed with AES-256-GCM under a per-tenant data-encryption key (KMS-wrapped in production), so the database only ever holds ciphertext. At sync time the runtime decrypts the org's credential in memory and hands it to the connector; nothing in the clear is ever persisted, and a revoked credential is never used. Connectors that need no credential (like the web crawler) simply get none.

How a teammate uses it

Connected data is discoverable (a teammate can search and cite it within its scope) but acting on the outside world — sending an email, changing a CRM record — is a separate, gated action that passes the autonomy + approval model. Discovery and mutation are governed independently.

Want a connector that isn't here yet? Connectors are plugins on a stable interface — tell us which one.