add Connectors & Setup Wizard page
parent
4a81ca3cd7
commit
7381f0d24b
1 changed files with 59 additions and 0 deletions
59
Connectors.md
Normal file
59
Connectors.md
Normal file
|
|
@ -0,0 +1,59 @@
|
||||||
|
# Connectors & Setup Wizard
|
||||||
|
|
||||||
|
`brain.py` is the engine. **Connectors + the setup wizard** are the product layer that turns it
|
||||||
|
into a real "second brain" — plugging into the apps where your life actually lives, instead of
|
||||||
|
manually pointing at directories.
|
||||||
|
|
||||||
|
```
|
||||||
|
your apps ──▶ Connector ──▶ scrub() + _stage() ──▶ brain.db ──▶ recall
|
||||||
|
(mail, cloud, (auth+pull) (SAME engine path) (hybrid)
|
||||||
|
files, chat…) │
|
||||||
|
└── app credentials ──▶ encrypted vault (NEVER in brain.db)
|
||||||
|
```
|
||||||
|
|
||||||
|
## Three-layer design (why it's built this way)
|
||||||
|
1. **Engine** (`brain.py`) — pure, connector-agnostic, unchanged. Still usable as a bare library.
|
||||||
|
2. **Connectors** — one per app. Each authenticates, pulls data, and feeds it through the engine's
|
||||||
|
**same scrub + dedup path** — so secrets inside emails/files are redacted before storage too.
|
||||||
|
3. **Vault** (`connectors/vault.py`) — app logins are encrypted at rest (Fernet + PBKDF2, 390k
|
||||||
|
iters, `~/.secondbrain/vault.enc`, chmod 600). **`brain.db` never sees a credential.**
|
||||||
|
|
||||||
|
This preserves SecondBrain's core promise — local-first, secrets-scrubbed — while adding real
|
||||||
|
onboarding. (Verified: a `DB_PASSWORD=…` inside a synced file is scrubbed out of `brain.db`.)
|
||||||
|
|
||||||
|
## The setup wizard
|
||||||
|
```bash
|
||||||
|
python3 setup.py # pick apps → sign in → test connection → sync
|
||||||
|
python3 setup.py sync # re-sync all connected apps (cron/systemd timer)
|
||||||
|
python3 setup.py list # list available connectors
|
||||||
|
```
|
||||||
|
Set `BRAIN_VAULT_PASS` to run the `sync` non-interactively from a timer.
|
||||||
|
|
||||||
|
## Connectors today
|
||||||
|
| Connector | Auth | Ingests as |
|
||||||
|
|---|---|---|
|
||||||
|
| **Files & folders** | path | files |
|
||||||
|
| **Email (IMAP)** | host + app password | events |
|
||||||
|
| **Nextcloud / WebDAV** | URL + app password | files |
|
||||||
|
|
||||||
|
## Roadmap connectors
|
||||||
|
- **Google & Microsoft** (Gmail/Drive/Calendar, Outlook/OneDrive) — OAuth; needs the wizard's
|
||||||
|
local-web variant for the redirect + a registered app client id/secret.
|
||||||
|
- **WhatsApp** (via Evolution API), **Calendar** (CalDAV), **Paperless-ngx**, **Odoo** (CRM/ERP),
|
||||||
|
**Obsidian** (vault folder), **Git/GitHub** (repos + issues).
|
||||||
|
|
||||||
|
## Writing a connector (~40 lines)
|
||||||
|
```python
|
||||||
|
from .base import Connector, Field, register, feed
|
||||||
|
|
||||||
|
@register
|
||||||
|
class MyAppConnector(Connector):
|
||||||
|
id = "myapp"; name = "My App"; blurb = "Pull stuff from My App."
|
||||||
|
fields = [Field("host","Host"), Field("token","API token", secret=True)]
|
||||||
|
def test(self, cfg): ... # verify creds, raise on failure
|
||||||
|
def sync(self, cfg): # pull -> feed() -> engine scrub+stage
|
||||||
|
items = [{"text": "...", "ref": "...", "ts": "...", "project": "myapp"}]
|
||||||
|
return feed(items, "events")
|
||||||
|
```
|
||||||
|
Drop the file in `connectors/`; the wizard auto-discovers it. `feed()` runs everything through the
|
||||||
|
engine's credential scrub — you never have to think about redaction.
|
||||||
Loading…
Reference in a new issue