17 SaaS connectors · OAuth + API tokens handled

Every SaaS your agents need.
One credential store.

Register each service once with a CredentialRecord. Every tool in the stack — Agent, Autopilot, ShipCrew — picks it up automatically. OAuth, API tokens, Basic auth, custom headers, rate-limit detection, least-privilege gates: all handled.

Browse integrations Setup guideTool reference
Built in
One credential store
Register a token once — every Agent, Autopilot, and ShipCrew picks it up. In-memory for tests, file-backed for dev, your secrets manager for prod.
Built in
Write guard per tool
Mutations off by default. allow_writes=True is an explicit per-tool opt-in. Reads never accidentally become writes.
Built in
Rate-limit aware
Structured error="rate_limited" + retry_after_* on every connector. Your back-off policy honours the limit automatically.
Built in
OAuth · API · Bearer · Basic
Every auth shape covered. Custom headers, instance URLs, refresh-token flows — handled at the connector layer, not your problem.
Plug into your agent

17 SaaS connectors. One line each.

Every connector is a real Tool the agent picks alongside web_search, RAG, structured output. Brand-coloured, credential-stored, OAuth-ready.

gmail_agent.py
from shipit_agent import Agent
from shipit_agent.tools import GmailTool
 
agent = Agent(
    llm=opus_llm,
    tools=[GmailTool(credential_key="gmail-prod")],
)
 
result = agent.run(
    "Find the most recent email from Acme Corp and "
    "summarise the action items."
)
Gmail
Productivity

Search inbox, read messages, threads, attachments. Send drafts.

AuthOAuth2
Drop into any Agent or DeepAgent
Setup guide
Setup

Four steps.
Works for every connector.

Same pattern whether you're wiring up Gmail or Salesforce. The full per-provider walkthrough — exact tokens, scopes, record shapes — lives in the docs.

01
Step

Build a CredentialStore

InMemoryCredentialStore for tests/notebooks. FileCredentialStore for dev. Subclass for Vault / AWS Secrets / GCP Secret Manager in prod.

step_01.py
from shipit_agent import FileCredentialStore
 
store = FileCredentialStore(".shipit_credentials.json")
02
Step

Register each service once

Drop a CredentialRecord per service. Tiny shape — secrets (token / api_key / email+api_token) plus metadata (base_url, auth_scheme).

step_02.py
from shipit_agent import CredentialRecord
 
store.set(CredentialRecord(
    key="github", provider="github",
    secrets={"token": "github_pat_..."},
))
 
store.set(CredentialRecord(
    key="salesforce", provider="salesforce",
    secrets={"access_token": "00D..."},
    metadata={
        "base_url": "https://acme.my.salesforce.com",
        "auth_scheme": "Bearer",
    },
))
03
Step

Hand the store to your tools

Every connector takes credential_store=. One store, every tool, no glue. Autopilot and ShipCrew share it across child agents automatically.

step_03.py
from shipit_agent import Agent
from shipit_agent.tools import GitHubTool, SalesforceTool
 
agent = Agent(
    llm=llm,
    tools=[
        GitHubTool(),
        SalesforceTool(allow_writes=False),
    ],
    credential_store=store,
)
04
Step

Handle rate limits + auth expiry

Every connector returns structured failure metadata — rate_limited with retry_after_seconds, auth_expired for refresh flows, writes_disabled when allow_writes is off. Your loop just reacts.

step_04.py
out = agent.run("Summarise open PRs in acme/api")
 
for r in out.tool_results or []:
    if r.metadata.get("error") == "rate_limited":
        # Wait until retry_after_seconds, retry.
        pass
    elif r.metadata.get("error") == "auth_expired":
        # Refresh the OAuth token, re-register, retry.
        pass
Per-provider walkthrough
Every provider — step by step.
Exact instructions for Gmail · Drive · Calendar · Sheets · Slack · Jira · Confluence · Linear · Notion · HubSpot · GitHub · GitLab · Figma · Salesforce · Stripe · Zendesk · LinkedIn. Where to create each token, what scopes to request, working code for every record shape.
Open the full guide