OSS-first docs

These docs teach the open system first: contracts, generated surfaces, runtimes, governance, and incremental adoption. Studio shows up as the operating layer on top, not as the source of truth.

AI index

Consumer integration setup

Use ContractSpec integrations without rewriting provider glue

The OSS monorepo ships runtime adapters, provider families, concrete implementations, and harnesses. Consumers should choose an ownership mode first, then bind providers through explicit capabilities instead of calling SDKs directly from app surfaces.

BYOK / self-managed

The consumer owns provider accounts, API keys, OAuth apps, webhooks, storage, observability, and incident response. ContractSpec packages supply typed boundaries and reusable adapters.

  • Use runtime-local or runtime-hybrid.
  • Store tenant connection metadata in your app.
  • Rotate and revoke secrets in your own infrastructure.

Managed

The managed layer can host provider connections or execution, but the app should still treat capabilities, policies, and tenant bindings as explicit contracts.

  • Use runtime-managed boundaries.
  • Keep managed credentials redacted from app logs.
  • Record provider evidence and handoff IDs, not raw secrets.

Hybrid

Split ownership deliberately: tenant credentials may remain BYOK while selected workflows, harnesses, or provider execution run in a managed environment.

  • Document which side owns every credential.
  • Keep webhook and callback URLs environment-specific.
  • Test provider failure with harness-runtime.

Reusable integration code map

Runtime mode adapters

Choose where secrets, tenant connections, transport, telemetry, and managed execution live before wiring a provider.

  • @lssm-tech/integration.runtime
  • @lssm-tech/integration.runtime-local
  • @lssm-tech/integration.runtime-hybrid
  • @lssm-tech/integration.runtime-managed

Provider families

Use provider packages as reusable adapters behind ContractSpec capabilities instead of spreading SDK calls through apps.

  • provider-llm, provider-email, provider-calendar
  • provider-storage, provider-vector-store, provider-payments
  • provider-messaging, provider-sms, provider-voice
  • provider-github, provider-database, provider-openbanking

Concrete implementations and harnesses

Use implementation bundles, test harnesses, and Builder channels when a consumer app needs a ready adapter or proof harness.

  • @lssm-tech/integration.providers-impls
  • @lssm-tech/integration.harness-runtime
  • @lssm-tech/integration.workflow-devkit
  • builder-telegram, builder-whatsapp, builder-voice

Setup flow

  • Define the integration capability and data contract before importing a provider SDK.
  • Pick BYOK, managed, or hybrid runtime mode based on who owns secrets, credentials, tenant connection records, and operational support.
  • Install only the provider package family needed by the app surface, then bind it through the runtime adapter.
  • Route secrets through the provider interface; never serialize secret values into examples, telemetry, reports, or client state.
  • Add a test harness or fake adapter before enabling a real external provider in production-like flows.
  • Keep provider-specific redirects, webhooks, retries, and rate-limit handling behind the integration boundary.

Binding shape

Treat this as an architecture pattern, not a copy-paste API guarantee: pick the runtime mode, resolve secrets through the runtime, then create the provider adapter behind a capability such as billing.payments, knowledge.embeddings, or communication.messaging.

import { createIntegrationRuntime } from "@lssm-tech/integration.runtime";
import { createManagedRuntime } from "@lssm-tech/integration.runtime-managed";
import { createPaymentsProvider } from "@lssm-tech/integration.provider-payments";

const runtime = createIntegrationRuntime({
  mode: "managed",
  secrets: createManagedRuntime({ tenantId }).secrets,
  telemetry: "redacted",
});

export const payments = createPaymentsProvider({
  runtime,
  capability: "billing.payments",
  tenantConnectionId: "tenant_conn_payments_primary",
});

Safety boundary

Integration examples must stay redacted. Show package names, capability keys, tenant connection IDs, and evidence handles. Do not print API keys, OAuth refresh tokens, raw webhook payload secrets, or managed credential material in docs, telemetry, or review reports.

Integration spec model

Integration binding

Health routing

OSS docsintegrationsStart with OSS. Adopt Studio when you want the operating layer.
Previous

Integrations overview

Understand the binding model for external services, providers, and tenant-owned connections.

Next

Integration spec model

Define what an integration provides before wiring it into an app or runtime.

Why ContractSpec

Keep educational and comparison content reachable without letting it define the primary OSS learning path.

ManifestoContract-first APISpec-driven development