Very cool! One question: how do you handle permissions?
Different apps have different permissions models, not everyone is allowed to see everything. Do you attempt to model this complexity at all or normalize it to some general permissions model?
This is a large challenge in itself actually. Every external tool has it's own framework for permissions (necessarily so).
For example, Google Drive docs have permissions like "global public", "domain public", "private" where "private" is shared with users and groups and there's also the document owner.
Slack has public channels, private channels, DMs, group DMs.
So we need to map these external objects and their external users/groups into a unified representation within Onyx.
Then there are additional challenges like rate limiting so we cannot poll at subsecond intervals.
The way that we do it is we have async jobs that check for object permission updates and group/user updates against the external sources at a configurable frequency (with defaults that depend on the external source type).
Of course, always failing-closed instead of failing-open and defaulting to least permissive.
It appears the answer (if you want differentiated permissions, e.g. user vs admin, or role based access control) is "purchase the enterprise edition" - https://docs.onyx.app/enterprise_edition/overview
Different apps have different permissions models, not everyone is allowed to see everything. Do you attempt to model this complexity at all or normalize it to some general permissions model?