Connector runbooks
Verified integrations for the systems most enterprise teams rely on. Every connector ships with least-privilege scopes, read-first defaults, optional write gates, and Action Certificate mappings so downstream systems can audit every Certified Write.
Verified monthly • last evidence refresh September 2025
Catalog
Choose a connector to view scopes, modes, Learning Controls, and sample automations. Need a connector that is not listed? Contact us and we will scope it with you.
Snowflake
Read-first
Query production data via scoped roles. Promotion to writes requires an approved boundary, residency enforcement, and certificate verification hooks.
Databricks
Read-first
Securely read feature tables and lineage metadata. Notebook jobs are promoted via certificate-verified deployment hooks.
ServiceNow
Write-gated
Create and update incidents or change requests only after Action Certificates are verified. All writes map to catalog-scoped policies.
Jira
Read-first
Sync with Jira Cloud for portfolio reporting. Promotion to writes unlocks governed transitions tied to Action Certificates.
Slack
Read-first
Monitor and respond in Slack channels without exposing secrets. Message posting requires certificate validation and audit export.
Microsoft Teams
Read-first
Ingest Teams conversations for approvals and broadcast. Writes require certificate checks and retention alignment with Microsoft Purview.
Splunk
Read-first
Stream Action Certificate telemetry into Splunk for audit, detection, and FinOps reporting. Optional writes update KV stores with certified state.
Datadog
Read-first
Ingest traces and metrics for every request and optionally update monitors after certificates are validated.
Verification cadence
- Monthly runbooks include certificate replays, connector API updates, and incident review notes.
- Every Action Certificate minted includes connector identifiers, scopes, and the Learning Control hash active at the time of verification.
- Evidence bundles (DPIA, shared-responsibility matrix, SIEM mappings) are updated in lockstep with connector validation.
Need signed attestations or a connector-specific DPIA? Use the security contact form.