Operators manage what's connected and what agents can see. Engineers read the same memory through the API. Same workspace, same audit trail.
Slack, Google Drive, Notion, and Gmail are live. Each connector ships with channel allowlists, sync health, source counts, and per-source freshness — no surprise indexing.
Workspaces, channels, threads, permalinks. Channel-level allowlist; DM scope is intentionally excluded today. Auto-sync runs on a configurable cadence; every source item preserves channel basis as part of its access policy.
Documents, spreadsheets, markdown, CSV, PDF, plus folder hierarchies and image assets indexed via catalog records (no binary download). Owner, sharing user, and per-file permission summary are preserved as access policy on every result.
The worker claims queued sync runs with FOR UPDATE SKIP LOCKED so multiple workers never double-process the same connector. Per-connector deduplication prevents two simultaneous active runs.
The console flags Drive connectors with source items that pre-date access-policy preservation, with the exact item count missing and a re-sync CTA. Operators always know what's eligible for retrieval.
Repo chunks, embeds, and extracts entities from your sources, then writes them onto a single canvas with provider, channel or folder basis, freshness, and access policy on every node.
Channels, folders, people, and decisions are namespaced by provider so Slack and Drive entities with the same label don't collapse into one cluster. Click a cluster to filter the canvas to that provider.
Drive sources surface their folder basis — Brand/assets/svg, Ops/playbooks, etc. — so an agent can find a file by where it lives, not just what's inside it.
The same person across Slack and Drive maps to one canvas node. Conflicts surface in the inspector instead of silently collapsing.
Selecting an integration or cluster narrows the ring to just that provider's channels and entities, cutting visual noise without losing the global view.
Operators ask in plain English. Every answer ships with the exact messages, files, and folders it was built from, plus per-result freshness and an asset-aware structure for “where is …” queries.
Queries about logos, folders, brand files, or assets get a soft retrieval boost on Drive results that carry an isAsset flag — Repo answers with the file path and link instead of a paragraph of prose.
Each citation reports the age of the underlying source and the last sync of the connector. Agents can choose to ignore stale evidence at the prompt layer.
The console and any agent see the same retrieval; the only difference is auth. Console requests run under the signed-in user; agent requests run under a scoped API key.
Repo synthesizes a natural-language answer with OpenAI when configured. If the model fails or is unavailable, Repo returns the deterministic source-stitched answer instead of failing the request.
Sync runs and retrieval audits live on one timeline. Filter by actor, action, or provider. Inspect a single retrieval to see exactly what evidence was returned, what was excluded, and why.
Every successful context call writes a row keyed by request id with the actor, scope, evidence ids, freshness, and limitations — metadata only, never snippet text.
Every admin write — key creation, key revocation, allowlist updates, sync triggers, ingest, maintenance — records an audit event with the actor and a metadata-only payload.
The API enforces atomic per-key, per-action rate windows in Postgres. Limited responses return 429 with Retry-After and X-RateLimit-* headers and never touch retrieval or audit.
The Activity inspector renders the Context Contract envelope for any past retrieval — actor identity, allowed actions/providers, retrieval stats, providers returned, exclusions, and limitations.
A live workspace walkthrough is the fastest way to see what governed memory looks like with your sources.
