Connectors
A SARB connector is a declarative manifest — data that describes a service's API, validated against a schema and exercised against recorded fixtures. Connectors are not plugins: no connector ships executable code into your deployment.
Manifest-driven
Each connector declares its auth shape and its actions as templated HTTP calls. The same closed expression language fills the templates, and each action's fixtures are replayed in CI — a connector that drifts from its fixtures fails the build.
Credentials
- Stored encrypted; the secret never comes back out through the API.
- Verified before saving when the connector declares a test call.
- Scoped: private, shared with groups, or tenant-wide — and publishing an agent checks it only uses credentials its publisher may use.
OAuth without pasted tokens
For OAuth services (Google, Microsoft), you register your OAuth app once, then click Connect and approve in the provider's own window. SARB stores the grant encrypted and refreshes access tokens automatically before each use — agents keep working without anyone pasting a token again.
Plain HTTP with predefined credentials
The generic http step can attach a connector credential: the connector's manifest describes how auth is injected (header or query), and the engine applies it at request time. The secret never appears in the step's configuration, logs, or output.
Beyond HTTP
Protocols that aren't plain HTTP — SMTP, Postgres, MySQL, MongoDB, Redis — are served by a small registry of built-in handlers behind the same credential and manifest machinery.
The catalog
Today's registry covers Slack, Gmail, Outlook, GitHub, Jira, Notion, Telegram, Discord, WhatsApp Cloud, Google Drive / Sheets / Calendar, S3, Postgres, MySQL, MongoDB, Redis, SMTP, spreadsheets, and more. A connector is authored from the target service's own API documentation — one connector, one manifest, one pull request.