`/integrations` is where owner / admin connects external workspaces so the Kodori agent can search across them — Slack, Google Drive, Gmail, Microsoft SharePoint, OneDrive, and Outlook today. All read-only, all permission-trimmed at the source.
## How tokens are stored
OAuth tokens persist encrypted at rest using AES-256-GCM with a scrypt-derived key from `AUTH_SECRET`. Drop-in extends to per-tenant BYO-KMS wrapping when tenant-key SDK integration lands; the token-vault helper is the swap point. Tokens are never exposed in any UI — only the connector kind, the connected-account label, and the lifecycle status.
## Per-connector incremental sync
Each connector tracks its own cursor in `external_connector_cursors` so a re-connect after a Pause / Resume cycle doesn't re-import the whole archive. The cursor advances on each successful sync window; failed syncs leave the cursor untouched and surface in the row status.
## Lifecycle event types
`external-connector.created`, `external-connector.refreshed`, `external-connector.paused`, `external-connector.resumed`, `external-connector.revoked`, `external-connector.synced` — all on the hash-chained audit log so "every cursor advance against this customer's Drive" is one `/audit` query.
## Privacy posture
Read-only is non-negotiable for v1. The agent can search across connected workspaces and surface citations, but can't edit / move / delete in those external systems. If a customer needs the agent to act, the path forward is a typed MCP tool per vendor with explicit owner-confirmation — not a permission expansion on the connector itself.