Add connector protocols with authentication, sync, webhooks, and templates

[Copilot]

Implements external system integration protocols with comprehensive authentication, data synchronization, and connector templates for SaaS, databases, file storage, and message queues.

Core Protocol (integration/connector.zod.ts)

Authentication - Discriminated union supporting:

• OAuth2 (all grant types), JWT (HS/RS/ES algorithms), SAML (SSO)
• API Key (header/query param), Basic, Bearer, None

Data Sync - Bidirectional with conflict resolution:

• Strategies: full, incremental, upsert, append_only
• Conflict resolution: source_wins, target_wins, latest_wins, manual
• Real-time via webhooks, scheduled via cron, batch processing

Field Mapping - Source → target with transformations:

{
  sourceField: 'FirstName',
  targetField: 'first_name',
  dataType: 'string',
  transform: { type: 'uppercase' },
  syncMode: 'bidirectional'
}

Webhooks - Event-driven with HMAC verification:

• Events: record.created, record.updated, sync.completed, etc.
• Retry with exponential backoff, custom headers, signature algorithms

Rate Limiting - Multiple strategies:

• token_bucket, sliding_window, fixed_window, leaky_bucket
• Upstream rate limit header detection, burst capacity

Connector Templates

SaaS (integration/connector/saas.zod.ts):

• Providers: Salesforce, HubSpot, Stripe, Zendesk, ServiceNow, etc.
• OAuth token refresh, API versioning, object discovery, pagination
• Examples: Salesforce (OAuth2 + incremental sync), HubSpot (API key)

Database (integration/connector/database.zod.ts):

• Providers: PostgreSQL, MySQL, MongoDB, Snowflake, BigQuery, Redshift
• CDC (log-based, trigger-based), connection pooling, SSL/TLS, read replicas
• Examples: PostgreSQL (CDC + replication slot), MongoDB (change streams)

File Storage (integration/connector/file-storage.zod.ts):

• Providers: S3, Azure Blob, GCS, Dropbox, Box, OneDrive, Google Drive
• Multipart uploads, versioning, lifecycle policies, encryption
• Content processing: text extraction, thumbnails, virus scanning
• Examples: S3 (KMS encryption + thumbnails), Google Drive (OAuth2)

Message Queue (integration/connector/message-queue.zod.ts):

• Providers: Kafka, RabbitMQ, SQS, Pub/Sub, Azure Service Bus, NATS
• Consumer/producer configs, acknowledgment modes, delivery guarantees
• DLQ, partitioning, schema registry (Avro), SASL auth
• Examples: Kafka (consumer groups + exactly-once), RabbitMQ (routing keys)

Schema Generation

60+ JSON schemas auto-generated for IDE autocomplete and validation. All schemas follow camelCase for config keys, snake_case for machine names per ObjectStack conventions.

Directory Structure

All connector protocols are organized in the dedicated integration namespace:

• Location: packages/spec/src/integration/
• Exports: Available via @objectstack/spec/integration or Integration namespace
• Organization: Keeps system directory focused on core system-level configurations

The integration namespace is established as the dedicated location for all external system connection protocols, separate from automation workflows and system configuration.

Original prompt

2.3 Connector Protocols / 连接器协议

In THIS Repo (Spec Definitions) / 在本仓库（规范定义）

External System Connector Protocol

Enhance packages/spec/src/system/connector.zod.ts
Authentication method schema (OAuth2, API Key, JWT, SAML)
Data synchronization configuration
Field mapping schema
Webhook configuration schema
Rate limiting and retry configuration
Specific Connector Templates

Create connector protocol templates
SaaS connector protocol template
Database connector protocol template
File storage connector protocol template
Message queue connector protocol template

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
spec	Ready	Preview, Comment	Jan 30, 2026 8:51am

[hotlong]

@copilot AI Prompt

Title: Refactor Connector Protocols to new integration directory

Body:Refactor the changes in this PR to move all Connector-related definitions out of the system directory and into a new top-level directory named integration. The current placement in system is overcrowding that namespace.

Requirements:

1. Create New Directory:

• Create a new directory: packages/spec/src/integration.

2. Move Core Definitions:

• Move packages/spec/src/system/connector.zod.ts (and any related files like authentication, sync configuration, rate limiting schemas) to packages/spec/src/integration/.

• Rename/Structure them appropriately (e.g., packages/spec/src/integration/connector.zod.ts).

3. Move Templates:

• Move all specific connector templates (SaaS, Database, File Storage, Message Queue) into the new packages/spec/src/integration directory.

• You may organize them into a subdirectory if appropriate, e.g., packages/spec/src/integration/templates/.

4. Update Exports:

• Update packages/spec/src/index.ts to export the definitions from the new integration directory instead of system.

• Ensure there are no lingering imports referencing the old system paths for these files.

5. Clean Up:

• Remove the connector-related files from packages/spec/src/system to ensure the directory remains focused on system-level configurations only.

Goal: Establish integration as the dedicated namespace for all external system connection protocols.

[Copilot]

@copilot AI Prompt

Title: Refactor Connector Protocols to new integration directory

Body:Refactor the changes in this PR to move all Connector-related definitions out of the system directory and int...

Completed the refactoring. All connector protocols have been moved to the new packages/spec/src/integration directory:

Changes made:

• Created new integration directory as a dedicated namespace for external system connection protocols
• Moved connector.zod.ts, connector.test.ts, and all connector templates (saas, database, file-storage, message-queue) from system to integration
• Created integration/index.ts with proper exports
• Updated system/index.ts to remove connector exports
• Added Integration namespace export to main index.ts

Verification:

• ✅ All 36 tests passing
• ✅ Build successful with documentation auto-generated for new integration category
• ✅ JSON schemas moved to packages/spec/json-schema/integration/

The system directory is now focused on system-level configurations only, and integration is the dedicated namespace for all external system connector protocols.

Commit: 95a23eb

[github-actions]

This PR is very large. Consider breaking it into smaller PRs for easier review.

In general, to fix "unused import" issues, you remove the specific imported symbols that are never referenced in the file, leaving the rest of the import statement intact. This improves readability and avoids misleading future maintainers into thinking those items are tested or needed here.

For this file, the best fix is to edit the import block on lines 2–42 of packages/spec/src/integration/connector.test.ts and delete only the unused names: NoAuthSchema, FieldTransformSchema, SyncStrategySchema, ConflictResolutionSchema, WebhookEventSchema, BasicAuthSchema, and BearerTokenAuthSchema. We will keep all imports that are evidently used or could reasonably be used in the shown tests: ApiKeyAuthSchema, OAuth2AuthSchema, JwtAuthSchema, SamlAuthSchema, FieldMappingSchema, DataSyncConfigSchema, RateLimitConfigSchema, RetryConfigSchema, ConnectorSchema, ConnectorTypeSchema, ConnectorStatusSchema, and the imported types Connector, ApiKeyAuth, OAuth2Auth, FieldMapping, DataSyncConfig, WebhookConfig.

No new methods, definitions, or imports are required; we’re only trimming the existing import list.

[Copilot]

Pull request overview

This pull request adds comprehensive connector protocols for external system integration to ObjectStack. It introduces a new integration namespace containing authentication methods, data synchronization, field mapping, webhooks, and specialized connector templates for SaaS, databases, file storage, and message queues.

Changes:

• Creates new integration namespace with core connector protocol (connector.zod.ts)
• Adds 4 specialized connector templates (SaaS, Database, File Storage, Message Queue)
• Implements comprehensive authentication schemas (OAuth2, JWT, SAML, API Key, Basic, Bearer, None)
• Provides data sync configuration with conflict resolution and field mapping
• Includes webhook configuration with HMAC verification and retry logic
• Generates 60+ JSON schemas for IDE autocomplete
• Adds comprehensive test coverage (connector.test.ts with 624 lines)
• Updates documentation and exports

Reviewed changes

Copilot reviewed 68 out of 68 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
packages/spec/src/integration/connector.zod.ts	Core connector protocol with authentication, sync, webhooks, rate limiting
packages/spec/src/integration/connector/saas.zod.ts	SaaS connector template (Salesforce, HubSpot, etc.)
packages/spec/src/integration/connector/database.zod.ts	Database connector template with CDC support
packages/spec/src/integration/connector/file-storage.zod.ts	File storage connector (S3, Azure Blob, Google Drive)
packages/spec/src/integration/connector/message-queue.zod.ts	Message queue connector (Kafka, RabbitMQ, SQS)
packages/spec/src/integration/connector.test.ts	Comprehensive test suite covering all schemas
packages/spec/src/integration/index.ts	Integration namespace exports
packages/spec/src/index.ts	Adds Integration namespace to main exports
packages/spec/src/system/index.ts	Documents connector protocol moved to integration
content/docs/references/integration/*	Documentation for connector schemas
packages/spec/json-schema/integration/*	Auto-generated JSON schemas (60+ files)

[Copilot]

Duplicate schema definition: ConflictResolutionSchema is already defined in packages/spec/src/automation/sync.zod.ts (lines 82-88). The automation version includes a 'merge' option that this integration version lacks. This duplication will lead to maintainability issues and inconsistencies. Consider consolidating these into a shared schema or importing from automation if they serve the same purpose.

[Copilot]

The SAML signatureAlgorithm property permits the weak sha1 option, which is considered cryptographically broken for signatures and can enable forging SAML assertions in realistic attack scenarios. An attacker who can influence or exploit SHA‑1 collisions could bypass SSO/authentication guarantees if SAML messages are signed with SHA‑1. Restrict this field to modern algorithms like sha256/sha512 (with a secure default) and deprecate or remove sha1 support to avoid relying on a broken primitive.

Suggested change

	| **signatureAlgorithm** | `Enum<'sha1' \| 'sha256' \| 'sha512'>` | optional | SAML signature algorithm |
	| **signatureAlgorithm** | `Enum<'sha256' \| 'sha512'>` | optional | SAML signature algorithm |