Complete Self Service Connection Onboarding
Artifacts
Official change artifacts tracked under openspec/.
Connector setup is still fragmented across local collector enrollment, browser collector proof gates, static-secret draft/capture routes, console catalog copy, and owner-agent intent responses. A self-hosted operator, including a Railway operator, should not need connector-specific per-connection environment variables or runbook archaeology to add supported connections.
The reference now has several connection setup primitives, but they do not yet compose into one SLVP setup contract:
Affected capabilities
Capability specs this change proposes to modify.
The reference implementation SHALL materialize or activate connector instances only through typed setup lifecycles appropriate to the connector's setup modality. A setup intent or setup plan SHALL NOT silently create an active connection row unless the modality's proof boundary has been satisfied.
The reference implementation SHALL provide one owner-mediated setup engine as the source of truth for connector setup modality, support state, deployment readiness, owner next steps, proof gates, and secret boundaries. Console, owner-agent REST, CLI, and SDK-style helpers SHALL consume that engine or a serialized projection of it rather than maintaining separate setup classification tables.
The owner-agent control surface SHALL initiate connector setup by projecting the shared owner-mediated setup engine. It SHALL return typed next steps, support states, deployment-readiness requirements, and proof-gate reasons, but SHALL NOT return provider credentials, owner-session credentials, browser session credentials, or grant-scoped MCP tokens.
Project notes
Change-local notes that support this workstream but have not been promoted into the official change artifacts.
Complete Self Service Connection Onboarding
3 notes · 2 plans · 1 working note · updated
Status: decided Owner: reference implementation owner Created: 2026-06-11 Confidence: >95% for the target owner experience, based on current Google documentation and prior art; <95% for any claim that Google offers a raw Timeline OAuth/API path.
Status: proposed plan Owner: reference implementation owner Created: 2026-06-10 Related: - openspec/changes/complete-self-service-connection-onboarding/ - tmp/workstreams/connection-onboarding-alignment-audit-2026-06-10.md - design-notes/full-context-refresh.md - openspec/changes/add-browser-collector-enrollment-primitive/ (Phase 5 decision disposes this change: absorb if productizing, close-as-superseded if demoting) - openspec/specs/reference-connection-health/ (Phase 2/3 state vocabulary must project from this model, not duplicate it) - design-notes/data-ops-backup-retirement-contract-2026-06-09.md (Phase 6 shares the storage-hygiene diagnostics surface) - design-notes/owner-journey-flow-design-2026-06-10.md (the flow design: skeleton, modality variants, validation moment, state projection — Phases 2/3/5 implement it) - research/connection-onboarding-prior-art-2026-06-10.md (Plaid/Stripe/Zapier/GitHub-Importer teardown grounding the flow design)