KarmanFlow
Request early preview

Connectors

Plug in the vendors you already use. Extend without rebuilding the platform.

Shopify, Amazon, Adyen, ShipBob — and a framework where a new connector declares its manifest, vendor handlers, and conformance checks instead of rebuilding retry, replay, audit, and secret handling from scratch.

See the frameworkRun the quickstart

How a connector behaves

One governed path, in and out.

A vendor's data lands as a typed signal, crosses the same policy and receipt boundary every action crosses, and reaches operators and agents the same way an in-app action would. What we push back to the vendor follows the same path in reverse.

VendorStorefront, marketplace, 3PL, payments
  • Stock countsPer location, per variant
  • OrdersWith line items and payment state
  • Fulfillment eventsPicked, packed, shipped
  • WebhooksSigned, verified, replayable
KarmanFlowOne governed path
  • VerifySignature and rate limits checked
  • NormalizeInto a canonical command or signal
  • AuditReceipt written for every step
  • RouteTo operators, agents, or projections
Your teamOperators, agents, audit
  • Operator consolePreview view with policy in place
  • Agent runsBounded actions only
  • ReceiptsReplayable end to end
What we push backInventory updatesOut to storefronts and marketplacesFulfillment statusOut to checkout and customer commsOrder cancel and editWhen approved or auto-routed
Bidirectional vendors are one connector, not two. The runtime tracks every inbound delivery and every outbound push under the same identity, so failures replay without double-spending.

What's connected today

Named vendors, honest status.

We name the connectors we have. Preview means a package exists but release evidence is still being proven; Production appears only after sandbox preflight and install evidence are green. We will add to this list as packages mature, never before.

Shopify

Storefront
Preview

Your storefront stays in sync with the ledger. Stock counts, products, variants, orders, fulfillment, and refunds all move through one audited path.

Reads in and writes out
  • Stock counts in
  • Orders and fulfillment in
  • Catalog and locations out
  • Signed webhooks for drift, refunds, and app lifecycle
  • One-click OAuth install
  • Per-shop secret isolation

Amazon US

Marketplace
Preview

Sell on Amazon under the same operating rules as your direct store. Stock counts and orders arrive shaped the same way; you decide once where the stock goes.

Reads in and writes out
  • Stock counts in
  • Orders in
  • Marketplace listings in
  • Per-marketplace profile
  • SP-API ingestion

ShipBob

3PL / WMS
Preview

Your 3PL becomes an operating partner instead of a CSV export. Inbound receipts, outbound shipments, tracking, and returns flow through a visible connector path as evidence is proven.

Reads in and writes out
  • Stock counts in
  • Shipments and tracking in
  • Inbound receiving in and out
  • Returns in
  • Webhooks for shipment and return events
  • Order create and cancel out

Adyen

Payments
Preview

Payment events land on the same evidence chain as orders. Refund risk, chargeback, and capture state stay visible without a parallel reconciliation tool.

Reads in
  • Payment authorization events
  • Capture and refund events
  • Chargeback notifications
  • Signed webhook verification

What every connector inherits

The boring parts, solved once.

The framework absorbs the work that every vendor integration would otherwise re-solve badly. Connector authors write the vendor parts; the runtime supplies the operating parts.

Retry that respects the vendor.

Every connector follows the vendor's rate limits, honors Retry-After, and backs off cleanly so rate-limit incidents are visible and recoverable.

Replay without surprise.

Stuck events go to a dead-letter lane and replay individually after the fix. Each replay carries the same idempotency guarantees as the preview path.

One audit trail.

Connector webhooks, outbound pushes, and secret use are designed to land receipts. The same trail your operators read, your agents read, and your CISO reads.

Secrets stay in their vault.

Connector credentials live in the managed secret store. Tenant config never holds a raw token; logs never leak one.

Build a new one

Vendor code stays small because the operating layer is shared.

The shape is small enough to review. Connector authors focus on the vendor's idiosyncrasies while the framework handles the operating controls every integration needs.

  1. Declare the manifest.

    Name the vendor. Pick auth shape (OAuth, API key, signed webhook). Declare rate limits, scopes, and which roles you ship (Source, Destination, or both). One typed file that reviewers can reason about.

  2. Plug in the handlers.

    Write the vendor-specific bits: a client for outbound, a normalizer for inbound, a webhook verifier. The framework supplies the retry loop, dead-letter, audit emit, and secret resolution.

  3. Prove it before production.

    Run sandbox preflight against a test tenant. The conformance check tells you which contract points are missing. Production status waits for install evidence, replay evidence, and rate-limit behavior.

What's coming

Honest roadmap.

We do not list vendors we have not started. These three are actively scoped or planned; we will move them up the status ladder as the packages mature.

Get started

Wire your first connector against a real receipt.

The early preview ships with seeded connector data so you can install, drift-test, and replay before you touch a real vendor token.

Request early previewBack to developers
Privacy choices

This controls app-managed marketing analytics: cookie-free Plausible, optional Cloudflare Web Analytics, and first-party event logs with session-only UTM attribution. The site works without it.

Read the privacy notice