ObjectStackObjectStack

Connector

Connector protocol schemas

Connector Protocol - LEVEL 3: Enterprise Connector

Defines the standard connector specification for external system integration.

Connectors enable ObjectStack to sync data with SaaS apps, databases, file storage,

and message queues through a unified protocol.

Positioning in 3-Layer Architecture:

  • L1: Simple Sync (automation/sync.zod.ts) - Business users - Sync Salesforce to Sheets

  • L2: ETL Pipeline (automation/etl.zod.ts) - Data engineers - Aggregate 10 sources to warehouse

  • L3: Enterprise Connector (THIS FILE) - System integrators - Full SAP integration

SCOPE: Most comprehensive integration layer.

Includes authentication, webhooks, rate limiting, field mapping, bidirectional sync,

retry policies, and complete lifecycle management.

This protocol supports multiple authentication strategies, bidirectional sync,

field mapping, webhooks, and comprehensive rate limiting.

Runtime contract — descriptor vs. registered connector (#2612)

This schema serves TWO distinct consumers; do not conflate them:

  1. Runtime registration (plugin-only). The automation engine's connector

registry — what GET /connectors lists and the connector_action flow

node dispatches — is populated exclusively by plugins calling

engine.registerConnector(def, handlers) with a handler per declared

action (ADR-0018 §Addendum). The definition is validated against this

schema at registration.

  1. Declarative connectors: stack entries (catalog descriptors). Stack

metadata validated against this schema is registered as kind 'connector'

for discovery/documentation/marketplace purposes only — it never reaches

the runtime registry, because an action here carries no execution binding

(deliberately: ADR-0023 rejected re-inventing OpenAPI inside this schema).

The automation service warns at boot about declared entries with actions

that lack a same-name runtime registration; mark deliberate catalog-only

entries with enabled: false. Provider-bound declarative instances that

a generic executor (connector-openapi / connector-mcp) materializes at

boot are tracked in #2977 (ADR-0097).

Authentication is now imported from the canonical auth/config.zod.ts.

When to Use This Layer

Use Enterprise Connector when:

  • Building enterprise-grade connectors (e.g., Salesforce, SAP, Oracle)

  • Complex OAuth2/SAML authentication required

  • Bidirectional sync with field mapping and transformations

  • Webhook management and rate limiting required

  • Full CRUD operations and data synchronization

  • Need comprehensive retry strategies and error handling

Examples:

  • Full Salesforce integration with webhooks

  • SAP ERP connector with CDC (Change Data Capture)

  • Microsoft Dynamics 365 connector

When to downgrade:

@see ../automation/sync.zod.ts for Level 1 (simple sync)

@see ../automation/etl.zod.ts for Level 2 (data engineering)

When to use Integration Connector vs. Trigger Registry?

Use integration/connector.zod.ts when:

  • Building enterprise-grade connectors (e.g., Salesforce, SAP, Oracle)

  • Complex OAuth2/SAML authentication required

  • Bidirectional sync with field mapping and transformations

  • Webhook management and rate limiting required

  • Full CRUD operations and data synchronization

  • Need comprehensive retry strategies and error handling

Use automation/trigger-registry.zod.ts when:

  • Building simple automation triggers (e.g., "when Slack message received, create task")

  • No complex authentication needed (simple API keys, basic auth)

  • Lightweight, single-purpose integrations

  • Quick setup with minimal configuration

@see ../../automation/trigger-registry.zod.ts for lightweight automation triggers

Source: packages/spec/src/integration/connector.zod.ts

TypeScript Usage

import { CircuitBreakerConfig, Connector, ConnectorAction, ConnectorHealth, ConnectorStatus, ConnectorTrigger, ConnectorType, DataSyncConfig, DeclarativeConnectorEntry, ErrorCategory, ErrorMappingConfig, ErrorMappingRule, HealthCheckConfig, RateLimitStrategy, RetryConfig, RetryStrategy, SyncStrategy, WebhookConfig, WebhookEvent, WebhookSignatureAlgorithm } from '@objectstack/spec/integration';
import type { CircuitBreakerConfig, Connector, ConnectorAction, ConnectorHealth, ConnectorStatus, ConnectorTrigger, ConnectorType, DataSyncConfig, DeclarativeConnectorEntry, ErrorCategory, ErrorMappingConfig, ErrorMappingRule, HealthCheckConfig, RateLimitStrategy, RetryConfig, RetryStrategy, SyncStrategy, WebhookConfig, WebhookEvent, WebhookSignatureAlgorithm } from '@objectstack/spec/integration';

// Validate data
const result = CircuitBreakerConfig.parse(data);

CircuitBreakerConfig

Circuit breaker configuration

Properties

PropertyTypeRequiredDescription
enabledbooleanEnable circuit breaker
failureThresholdnumberFailures before opening circuit
resetTimeoutMsnumberTime in open state before half-open
halfOpenMaxRequestsnumberRequests allowed in half-open state
monitoringWindownumberRolling window for failure count in ms
fallbackStrategyEnum<'cache' | 'default_value' | 'error' | 'queue'>optionalFallback strategy when circuit is open

Connector

Properties

PropertyTypeRequiredDescription
namestringUnique connector identifier
labelstringDisplay label
typeEnum<'saas' | 'database' | 'file_storage' | 'message_queue' | 'api' | 'custom'>Connector type
descriptionstringoptionalConnector description
iconstringoptionalIcon identifier
authenticationObject | Object | Object | Object | ObjectoptionalAuthentication configuration (runtime shape with inline secrets). Provider-bound declarative instances use auth.credentialRef instead.
providerstringoptionalGeneric-executor key that materializes this declarative entry at boot (e.g. openapi/mcp/rest). Omit for a catalog-only descriptor. Unknown provider ⇒ hard boot error (ADR-0097).
providerConfigRecord<string, any>optionalProvider-specific config validated by the provider factory at boot (e.g. { spec, baseUrl } for openapi, where spec is an inline document, a package-relative file path like './billing-openapi.json', or an http(s) URL). Requires provider.
authObject | Object | Object | ObjectoptionalDeclarative instance auth — references credentials via credentialRef (resolved at boot), never inline secrets. Requires provider (ADR-0097).
actionsObject[]optional
triggersObject[]optional
syncConfigObjectoptionalData sync configuration
fieldMappingsObject[]optionalField mapping rules
webhooksObject[]optionalWebhook configurations
rateLimitConfigObjectoptionalRate limiting configuration
retryConfigObjectoptionalRetry configuration
connectionTimeoutMsnumberoptionalConnection timeout in ms
requestTimeoutMsnumberoptionalRequest timeout in ms
statusEnum<'active' | 'inactive' | 'error' | 'configuring'>optionalConnector status
enabledbooleanoptionalEnable connector. On declarative stack entries, false marks a deliberate catalog-only descriptor (#2612).
errorMappingObjectoptionalError mapping configuration
healthObjectoptionalHealth and resilience configuration
metadataRecord<string, any>optionalCustom connector metadata

ConnectorAction

Properties

PropertyTypeRequiredDescription
keystringAction key (machine name)
labelstringHuman readable label
descriptionstringoptional
inputSchemaRecord<string, any>optionalInput parameters schema (JSON Schema)
outputSchemaRecord<string, any>optionalOutput schema (JSON Schema)

ConnectorHealth

Connector health configuration

Properties

PropertyTypeRequiredDescription
healthCheckObjectoptionalHealth check configuration
circuitBreakerObjectoptionalCircuit breaker configuration

ConnectorStatus

Connector status

Allowed Values

  • active
  • inactive
  • error
  • configuring

ConnectorTrigger

Properties

PropertyTypeRequiredDescription
keystringTrigger key
labelstringTrigger label
descriptionstringoptional
typeEnum<'polling' | 'webhook'>Trigger type
intervalnumberoptionalPolling interval in seconds

ConnectorType

Connector type

Allowed Values

  • saas
  • database
  • file_storage
  • message_queue
  • api
  • custom

DataSyncConfig

Properties

PropertyTypeRequiredDescription
strategyEnum<'full' | 'incremental' | 'upsert' | 'append_only'>optionalSynchronization strategy
directionEnum<'import' | 'export' | 'bidirectional'>optionalSync direction
schedulestring | ObjectoptionalCron expression for scheduled sync — cron0 */15 * * *
realtimeSyncbooleanoptionalEnable real-time sync
timestampFieldstringoptionalField to track last modification time
conflictResolutionEnum<'source_wins' | 'target_wins' | 'latest_wins' | 'manual'>optionalConflict resolution strategy
batchSizenumberoptionalRecords per batch
deleteModeEnum<'hard_delete' | 'soft_delete' | 'ignore'>optionalDelete handling mode
filtersRecord<string, any>optionalFilter criteria for selective sync

DeclarativeConnectorEntry

Properties

PropertyTypeRequiredDescription
namestringUnique connector identifier
labelstringDisplay label
typeEnum<'saas' | 'database' | 'file_storage' | 'message_queue' | 'api' | 'custom'>Connector type
descriptionstringoptionalConnector description
iconstringoptionalIcon identifier
authenticationObject | Object | Object | Object | ObjectoptionalAuthentication configuration (runtime shape with inline secrets). Provider-bound declarative instances use auth.credentialRef instead.
providerstringoptionalGeneric-executor key that materializes this declarative entry at boot (e.g. openapi/mcp/rest). Omit for a catalog-only descriptor. Unknown provider ⇒ hard boot error (ADR-0097).
providerConfigRecord<string, any>optionalProvider-specific config validated by the provider factory at boot (e.g. { spec, baseUrl } for openapi, where spec is an inline document, a package-relative file path like './billing-openapi.json', or an http(s) URL). Requires provider.
authObject | Object | Object | ObjectoptionalDeclarative instance auth — references credentials via credentialRef (resolved at boot), never inline secrets. Requires provider (ADR-0097).
actionsObject[]optional
triggersObject[]optional
syncConfigObjectoptionalData sync configuration
fieldMappingsObject[]optionalField mapping rules
webhooksObject[]optionalWebhook configurations
rateLimitConfigObjectoptionalRate limiting configuration
retryConfigObjectoptionalRetry configuration
connectionTimeoutMsnumberoptionalConnection timeout in ms
requestTimeoutMsnumberoptionalRequest timeout in ms
statusEnum<'active' | 'inactive' | 'error' | 'configuring'>optionalConnector status
enabledbooleanoptionalEnable connector. On declarative stack entries, false marks a deliberate catalog-only descriptor (#2612).
errorMappingObjectoptionalError mapping configuration
healthObjectoptionalHealth and resilience configuration
metadataRecord<string, any>optionalCustom connector metadata

ErrorCategory

Standard error category

Allowed Values

  • validation
  • authorization
  • not_found
  • conflict
  • rate_limit
  • timeout
  • server_error
  • integration_error

ErrorMappingConfig

Error mapping configuration

Properties

PropertyTypeRequiredDescription
rulesObject[]Error mapping rules
defaultCategoryEnum<'validation' | 'authorization' | 'not_found' | 'conflict' | 'rate_limit' | 'timeout' | 'server_error' | 'integration_error'>Default category for unmapped errors
unmappedBehaviorEnum<'passthrough' | 'generic_error' | 'throw'>What to do with unmapped errors
logUnmappedbooleanLog unmapped errors

ErrorMappingRule

Error mapping rule

Properties

PropertyTypeRequiredDescription
sourceCodestring | numberExternal system error code
sourceMessagestringoptionalPattern to match against error message
targetCodestringObjectStack standard error code
targetCategoryEnum<'validation' | 'authorization' | 'not_found' | 'conflict' | 'rate_limit' | 'timeout' | 'server_error' | 'integration_error'>Error category
severityEnum<'low' | 'medium' | 'high' | 'critical'>Error severity level
retryablebooleanWhether the error is retryable
userMessagestringoptionalHuman-readable message to show users

HealthCheckConfig

Health check configuration

Properties

PropertyTypeRequiredDescription
enabledbooleanEnable health checks
intervalMsnumberHealth check interval in milliseconds
timeoutMsnumberHealth check timeout in milliseconds
endpointstringoptionalHealth check endpoint path
methodEnum<'GET' | 'HEAD' | 'OPTIONS'>optionalHTTP method for health check
expectedStatusnumberExpected HTTP status code
unhealthyThresholdnumberConsecutive failures before marking unhealthy
healthyThresholdnumberConsecutive successes before marking healthy

RateLimitStrategy

Rate limiting strategy

Allowed Values

  • fixed_window
  • sliding_window
  • token_bucket
  • leaky_bucket

RetryConfig

Properties

PropertyTypeRequiredDescription
strategyEnum<'exponential_backoff' | 'linear_backoff' | 'fixed_delay' | 'no_retry'>Retry strategy
maxAttemptsnumberMaximum retry attempts
initialDelayMsnumberInitial retry delay in ms
maxDelayMsnumberMaximum retry delay in ms
backoffMultipliernumberExponential backoff multiplier
retryableStatusCodesnumber[]HTTP status codes to retry
retryOnNetworkErrorbooleanRetry on network errors
jitterbooleanAdd jitter to retry delays

RetryStrategy

Retry strategy

Allowed Values

  • exponential_backoff
  • linear_backoff
  • fixed_delay
  • no_retry

SyncStrategy

Synchronization strategy

Allowed Values

  • full
  • incremental
  • upsert
  • append_only

WebhookConfig

Properties

PropertyTypeRequiredDescription
namestringWebhook unique name (lowercase snake_case)
labelstringoptionalHuman-readable webhook label
objectstringoptionalObject to listen to (optional for manual webhooks)
triggersEnum<'create' | 'update' | 'delete' | 'undelete' | 'api'>[]optionalEvents that trigger execution
urlstringExternal webhook endpoint URL
methodEnum<'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE'>HTTP method
headersRecord<string, string>optionalCustom HTTP headers
bodyanyoptionalRequest body payload (if not using default record data)
payloadFieldsstring[]optionalFields to include. Empty = All
includeSessionbooleanInclude user session info
authenticationObjectoptionalAuthentication configuration
retryPolicyObjectoptionalRetry policy configuration
timeoutMsintegerRequest timeout in milliseconds
secretstringoptionalSigning secret for HMAC signature verification
isActivebooleanWhether webhook is active
descriptionstringoptionalWebhook description
tagsstring[]optionalTags for organization
eventsEnum<'record.created' | 'record.updated' | 'record.deleted' | 'sync.started' | 'sync.completed' | 'sync.failed' | 'auth.expired' | 'rate_limit.exceeded'>[]optionalConnector events to subscribe to
signatureAlgorithmEnum<'hmac_sha256' | 'hmac_sha512' | 'none'>Webhook signature algorithm

WebhookEvent

Webhook event type

Allowed Values

  • record.created
  • record.updated
  • record.deleted
  • sync.started
  • sync.completed
  • sync.failed
  • auth.expired
  • rate_limit.exceeded

WebhookSignatureAlgorithm

Webhook signature algorithm

Allowed Values

  • hmac_sha256
  • hmac_sha512
  • none

On this page