Self-healing connectors for AI agents.

Upstream APIs change. Your connectors adapt. Your org chart governs them.

Agents on your team write connectors against any HTTP, GraphQL, or database source. When the API drifts, the agent patches the contract. Every fetch runs in a sandbox bound to the caller's role.

Flexible primitives Self-healing connectors Sandboxed by default Org-chart permissions MCP-native
See the catalog Build a custom connector

Flexible. Self-healing. Secure.

Three things every integration on Contextful gives you — by default, on every connector, in every deployment mode.

Flexible

Reach any tool with an API

Connectors are typed contracts, not hard-coded SDKs. Agents on your team write new ones against any HTTP, GraphQL, or database source. Versioned, reviewable, and forkable like code.

  • Typed schema in / typed records out
  • Hot-swappable — no platform redeploy
  • Every connector exposes an MCP tool surface
Self-healing

Connectors that adapt when APIs drift

Upstream API changed a field name? Added a required parameter? Deprecated an endpoint? Agents detect the drift, propose a patch against the typed contract, and ship the fix the same day — without breaking your sync.

  • Schema-drift detection on every sync
  • Agent-proposed patches reviewed like a pull request
  • Versioned contracts — roll back a bad patch in one click
Secure

Permissions that follow your org chart

Every connector runs in a WASM sandbox with capability tokens scoped to the caller's role. Egress is allow-listed. Data exports as Parquet today, so migration risk is priced at zero from day one.

  • Per-role capability tokens, per-call audit
  • Network egress allow-list per connector
  • One-command Parquet + SQLite export, anytime

Connector catalog

First-party connectors maintained by the Contextful team. Every one is a starting point — fork it, extend it, or replace it.

Finance & Accounting

  • QuickBooks Online
  • Xero
  • NetSuite
  • Stripe
  • Brex / Ramp

Productivity & Docs

  • Google Workspace
  • Microsoft 365
  • Notion
  • Confluence
  • Dropbox / Box

Communication

  • Slack
  • Microsoft Teams
  • Gmail / Outlook
  • Zoom transcripts
  • Linear / Jira

CRM & Sales

  • Salesforce
  • HubSpot
  • Pipedrive
  • Attio
  • Gong

Data & Warehouses

  • Snowflake
  • BigQuery
  • Postgres / MySQL
  • S3 / GCS / Azure Blob
  • DuckDB / Parquet files

Compliance & Security

  • Vanta / Drata
  • Okta / Entra ID
  • 1Password / Vault
  • Workday
  • DocuSign

+ Anything with an API

  • OpenAPI / Swagger spec
  • GraphQL schema
  • Postgres / MySQL / SQL Server
  • Sample JSON payload
  • Agents write the connector

Don't see your tool? Have an agent write the connector.

How do AI agents build (and repair) custom connectors?

Custom connectors aren't a six-week services engagement. An agent on your team ships one in an afternoon — typed, sandboxed, reviewed, and merged like any other change. When the upstream API drifts, the same loop produces the patch.

1

Describe the source

Point an agent at an OpenAPI spec, a GraphQL schema, a database, or a sample payload. It infers the typed contract — entities, fields, primary keys, sync cursors.

2

Generate & sandbox

The agent writes a WASM connector against the contract. It runs in an isolated sandbox with no ambient credentials and an allow-listed egress policy you approve before first sync.

3

Review & ship

Your team reviews the diff like any pull request. Permissions map to your org chart automatically — capability tokens are derived from roles, not configured by hand. The connector ships as an MCP tool any agent can call.

4

Heal as APIs drift

When an upstream schema changes, the next sync detects the drift, the agent proposes a patch against the contract, and your team approves it the same way. No 3am pages, no broken pipelines.

How does Contextful keep agent ETL safe?

Permissions follow the caller

Capability tokens are issued per-call, scoped to the human or agent that triggered the work. The connector inherits the caller's role — not a service-account superuser. Your org chart is the access policy.

No exfiltration path

Connectors can only reach the hosts on their allow-list. A compromised connector cannot phone home, cannot scan your VPC, cannot reach another tenant's data. The WASM sandbox is the trust boundary.

Every fetch is provenanced

Every record carries source, fetch time, calling identity, and the capability token used. Auditors get a complete, queryable lineage. Your incident response gets a real timeline.

Open formats, real export

Test the export today, not after a procurement call. Parquet + SQLite means standard tools (DuckDB, Pandas, Polars) read your data with zero conversion. Migration risk is priced at zero.

Ready to extend the platform to your stack?

Get early access, or jump straight to the connector authoring guide.

Get Early Access Read the docs