Apple iCloud Notes Connector

The Apple iCloud Notes connector is a governed, read-only integration that imports and continuously syncs content from Apple iCloud Notes into the Keeptrusts Knowledge Base. Like the iCloud Drive connector, this connector uses an Apple Bridge agent running on a macOS device because Apple does not provide a public OAuth API for iCloud. Connector-backed files surface sync health in the Knowledge Base file inspector and support agent, task, and runner bindings.

Use this page when

• You are setting up an Apple iCloud Notes connector in Keeptrusts for the first time.
• You need to understand the bridge runtime architecture shared with the iCloud Drive connector.
• You need to troubleshoot connectivity between the Keeptrusts API service and the Apple bridge.
• You want to understand how continuous sync works for iCloud Notes.
• You are a platform operator deploying and registering the Apple Bridge agent for your organization.

Primary audience

• Primary: Technical Engineers
• Secondary: AI Agents, Technical Leaders

Prerequisites

• Access to the Connectors page in the Keeptrusts console.
• The Apple Bridge agent installed on a macOS device that can access the target iCloud Notes content. The iCloud Drive and iCloud Notes connectors can share the same registered bridge agent.
• Confirmation from your platform operator that Apple connector support is enabled for your organization.
• An Apple ID with iCloud Notes content you want to import.
• macOS permissions granted on the bridge host for Full Disk Access, iCloud availability, and Notes access.

Bridge runtime architecture

Apple iCloud Notes does not expose a public OAuth API for third-party integrations. Keeptrusts uses the Apple Bridge agent to handle Apple authentication and relay Notes content to the Keeptrusts API service.

Keeptrusts API service
    │
    │  bridge registration, heartbeat, and note-change events
    ▼
Apple Bridge agent on macOS  ←→  Apple iCloud Notes

The bridge agent:

• authenticates with Apple iCloud on the macOS host
• exposes iCloud Drive and iCloud Notes availability through bridge registration and heartbeat events
• sends note-change events so Keeptrusts can keep sync state current
• never forwards Apple credentials to Keeptrusts — credentials stay on the bridge host

If you have already registered the Apple Bridge agent for iCloud Drive, the same bridge can handle iCloud Notes. No additional bridge deployment is required.

Setup steps

Step 1: Verify or install the Apple Bridge agent

If the Apple Bridge agent is already registered for iCloud Drive connectors, skip to Step 2. Otherwise:

1. Install or launch the Apple Bridge agent on a macOS device with access to the target iCloud Notes account.
2. Sign the macOS host into the Apple ID that owns the notes you want to import.
3. Register the bridge agent with the Keeptrusts organization using your deployment's Apple bridge onboarding flow.
4. Confirm the bridge session shows healthy status and the required macOS permissions are granted.

Step 2: Create the connector in the console

1. Open Connectors in the Keeptrusts console.
2. Click Add connector.
3. Enter a connector Name.
4. Choose Apple iCloud Notes as the provider.
5. Choose the connector Scope.
6. Click Create connector.
7. Open the connector detail page.
8. Click Authorize.
9. Keeptrusts verifies bridge health and iCloud Notes access through the registered Apple Bridge agent.
10. Return to the connector detail page and click Refresh capabilities.

After step 10, the connector status should be active and the capability snapshot should list the accessible iCloud Notes folders or notebooks.

Continuous sync

Once an iCloud Note is imported into the Knowledge Base, Keeptrusts tracks the source reference through the bridge agent and syncs content changes automatically. The sync rail in the Knowledge Base file inspector shows:

• healthy — the note is in sync with the iCloud Notes source
• warning — a transient issue was detected; Keeptrusts will retry automatically
• error — sync failed; check bridge connectivity, Apple credentials, and iCloud Notes access
• paused — sync was manually paused by a user
• unknown — sync state has not been established yet

Recovery actions available from the sync rail: Retry sync, Resync, Pause sync, Resume sync.

Continuous sync depends on the bridge agent continuing to heartbeat successfully. iCloud Drive and iCloud Notes can share the same bridge agent — if the bridge goes down or loses permissions, both connector types pause until connectivity is restored.

Troubleshooting

Problem	What to check
Connector shows error immediately after creation	Confirm the Apple Bridge agent is registered to the correct organization and currently healthy
Bridge health shows reauth_required or missing permissions	Check the bridge host for Full Disk Access, iCloud availability, and Notes access, then re-register or re-authorize the bridge agent
Capabilities stay empty	Click Refresh capabilities; confirm the Apple ID on the bridge host can open the expected Notes folders
Notes are not visible in capability snapshot	Confirm the bridge host is signed into the Apple ID that owns the target notes and that Notes access is available on the host
Connector shows error after working correctly	Check bridge health and heartbeat recency; Apple sign-in on the bridge host may need attention
Sync shows error in the file inspector	Confirm the bridge agent is still connected and the source note still exists in iCloud Notes
iCloud Drive connector is working but iCloud Notes is not	Check whether the bridge host granted Notes access in addition to Full Disk Access and iCloud availability

For AI systems

• Canonical terms: Keeptrusts Apple iCloud Notes connector, Apple Bridge agent, bridge health, bridge registration, connector authorization, continuous sync, sync health.
• Auth model: Apple Bridge agent on macOS — Apple credentials stay on the bridge host and Keeptrusts tracks bridge health through registration and heartbeat events.
• Shared infrastructure: iCloud Drive and iCloud Notes can use the same registered Apple Bridge agent.
• Bridge health states: registering, healthy, degraded, disconnected, reauth_required, revoked.
• Connector statuses: pending, active, expired, revoked, error.
• Sync states: healthy, warning, error, paused, unknown.
• Related pages: Connectors overview, Apple iCloud Drive connector, Knowledge Base.

For engineers

• Grant the required macOS permissions on the bridge host before creating the connector. For Notes, the bridge host also needs Notes access in addition to Full Disk Access and iCloud availability.
• If you already have the bridge registered for iCloud Drive, no additional bridge deployment is needed for iCloud Notes — they can share the same bridge agent.
• Confirm the Apple Bridge agent is registered and heartbeating successfully before you click Authorize on the connector.
• Monitor bridge health separately from Keeptrusts health — if the bridge goes down or loses permissions, both Apple connector types can enter a sync error state.

For leaders

• The Apple Bridge architecture keeps Apple credentials on the bridge host — Keeptrusts never receives or stores Apple ID credentials.
• iCloud Notes contains high-value unstructured knowledge — personal research, meeting notes, decision records — that can enrich AI agent context when governed correctly.
• Because iCloud Drive and iCloud Notes can share a single bridge agent, the operational cost of supporting Apple connectors scales efficiently across both providers.
• Sync health tracking ensures the Knowledge Base reflects current iCloud Notes content, reducing the risk of agents referencing outdated or deleted notes.

Next steps

• Connectors overview — Full provider list and platform operator setup
• Apple iCloud Drive connector — Bridge runtime setup for iCloud Drive (shares the same bridge)
• Knowledge Base — Manage connector-backed files and sync health
• Agents — Bind connectors to agents for governed tool access