PUNKthe adaptive runtime

//DOCS Connectors

Managed SaaS connector catalog with auth, tool contracts, governance metadata, and agent guidance.

Managed SaaS Connectors

Punk's managed connectors are installable, first-party MCP servers for common SaaS systems. This page is generated from the manifest-backed catalog in apps/connectors/src/connectors/*/manifest.json and reflects what GET /api/v1/connectors/catalog exposes.

Connector vs. Tool

A connector is one installable integration, such as Slack or GitHub. A governed tool is one action exposed by that connector, such as slack.post_message or github.search_issues. Each tool carries governance metadata: side-effect level, action label, cache posture, replay mode, shadow behavior, idempotency posture, redaction metadata, and whether approval is required by default.

Availability Summary

  • Manifest-backed catalog: 47 managed connectors.
  • Governed tools: 464 tools.
  • Side-effect levels: L0=10, L1=296, L2=14, L3=99, L4=45.
  • High-impact tools requiring approval by default: 45.
  • Registry-only IDs not exposed by the catalog yet: webhook, observability. They appear in the static connector registry but have no manifest directory, so they are not installable through the managed connector catalog today.

How Humans Should Use This Page

  1. Pick the connector from the catalog table and confirm its categories, data classes, auth mode, and vendor docs.
  2. Review the connector's auth requirements and least-privilege scopes before installing it.
  3. Inspect each tool's side-effect level, approval default, idempotency requirement, replay mode, and shadow behavior before enabling writes.
  4. Use fixture selfchecks and dry-run write calls before turning on live writes for a tenant.

How Agents Should Use This Page

  1. Prefer L0/L1 read tools for context gathering and respect cache scope. tenant cache scope is shared tenant metadata; subject scope is user or subject-specific context.
  2. Treat L2/L3/L4 tools as side-effecting. Keep dryRun true unless the user explicitly authorized execution and policy permits it.
  3. For tools with idempotency support, always provide a stable idempotencyKey before execution.
  4. For L4 tools, provide approval metadata and expect replay/shadow suppression. Never infer approval from conversational context alone.
  5. Do not request raw body/transcript/content expansions unless required for the task and allowed by policy.
  6. Use the /api/v1/connectors/catalog endpoint or manifest files as the machine-readable source of truth when building tool selectors.

Governance Semantics

LevelMeaningDefault handling
L0Local or planning-only; no external side effect.Replayable and cacheable when useful.
L1Read-only external access.May be cached by subject or tenant scope; safe for recorded replay unless the manifest says otherwise.
L2Draft, reversible, or low-impact write.Dry-run capable, uncached, and suppressed in shadow/replay.
L3User-visible or business-system write.Dry-run first, uncached, idempotency expected, and suppressed in shadow/replay.
L4High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.Approval required by default, uncached, replay mode never, and shadow side effects suppressed.

Catalog

ConnectorIDToolsAuth modesCategoriesData classesDetails
Airtableairtable10Bearer tokenproject_managementmetadata, pii, commentsdetails
Asanaasana12Bearer tokenproject_management, productivitytasks, comments, files, pii, metadatadetails
Atlassian Jira and Confluenceatlassian9OAuth 2.0, Basic/API tokenengineering, productivitymetadata, pii, tickets, documentsdetails
AWS Operationsaws-ops12API tokencloud, infrastructure, observability, securitycloud, infrastructure, logs, telemetry, costs, identity, audit, metadatadetails
BigQuerybigquery10OAuth 2.0data, database, analyticswarehouse, database, schema, analytics, pii, metadatadetails
Boxbox10Bearer tokencontent, productivitydocuments, files, comments, pii, metadatadetails
Calendlycalendly10Bearer tokenproductivitycalendar, scheduling, pii, metadatadetails
Chargebeechargebee7API tokenbillingpii, billing, paymentsdetails
Datadogdatadog9API tokenobservability, incidentobservability, telemetry, metadata, piidetails
DocuSigndocusign10OAuth 2.0legal, productivitycontracts, signatures, documents, pii, audit, metadatadetails
Dropboxdropbox12Bearer tokencontent, productivitydocuments, files, comments, pii, metadatadetails
Figmafigma10Bearer tokendesign, productivitydesign, files, comments, pii, metadatadetails
GitHubgithub10Bearer token, API tokenengineeringmetadata, source_code, tickets, piidetails
GitLabgitlab12API tokenengineeringmetadata, source_code, tickets, piidetails
Gonggong10Basic/API tokensales, crm, communicationssales, recordings, communications, pii, metadatadetails
Google Workspacegoogle-workspace15OAuth 2.0productivity, supportemail, documents, calendar, pii, metadatadetails
Greenhousegreenhouse10OAuth 2.0recruiting, hrrecruiting, hr, pii, comments, audit, metadatadetails
HubSpothubspot9OAuth 2.0, API tokencrm, supportcrm, pii, tickets, billingdetails
Intercomintercom9Bearer token, OAuth 2.0support, crmmetadata, pii, email, chat, crmdetails
Kuberneteskubernetes12Bearer tokeninfrastructure, cloud, observabilitykubernetes, infrastructure, logs, telemetry, metadata, secretsdetails
Lightfieldlightfield6API tokencrm, supportcrm, pii, tickets, billing, calendar, metadata, identitydetails
Linearlinear7OAuth 2.0, API tokenengineeringtickets, metadata, piidetails
Mailchimpmailchimp11API tokenmarketing, communicationsmarketing, email, pii, metadatadetails
Microsoft 365microsoft-36514OAuth 2.0productivity, support, identitymetadata, identity, pii, email, chat, documents, calendardetails
Microsoft Dynamics / Dataversedynamics11OAuth 2.0crm, sales, supportcrm, sales, tickets, comments, pii, metadatadetails
Miromiro10Bearer tokendesign, productivitywhiteboard, comments, files, pii, metadatadetails
monday.commonday13API tokenproject_management, productivitytasks, comments, files, pii, metadatadetails
NetSuitenetsuite11OAuth 2.0accounting, commerce, crmerp, accounting, inventory, payments, billing, pii, metadatadetails
Notionnotion8Bearer token, OAuth 2.0productivitymetadata, pii, documentsdetails
Oktaokta10API tokenidentity, securityidentity, pii, audit, metadatadetails
Outreachoutreach11OAuth 2.0sales, crm, communicationssales, communications, crm, email, pii, metadatadetails
PagerDutypagerduty8API tokenincident, observabilitymetadata, pii, audit, identitydetails
Postgres / Neonpostgres12Bearer tokendatabase, data, engineeringdatabase, schema, pii, metadatadetails
QuickBooks Onlinequickbooks10OAuth 2.0accounting, billingmetadata, pii, accounting, billing, payments, inventorydetails
Salesforcesalesforce6OAuth 2.0, Bearer tokencrm, supportcrm, pii, tickets, billingdetails
Segmentsegment10Bearer tokenmarketing, data, analyticsanalytics, events, marketing, warehouse, pii, metadatadetails
Sentrysentry8Bearer token, API tokenengineering, observabilityobservability, source_code, metadata, piidetails
ServiceNowservicenow9OAuth 2.0, Basic/API tokenincident, supporttickets, pii, metadata, auditdetails
Shopifyshopify12API tokencommerce, billingcommerce, inventory, payments, pii, metadatadetails
Slackslack7Bearer tokenproductivity, support, engineeringchat, pii, metadatadetails
Snowflakesnowflake8Bearer tokendatawarehouse, pii, metadata, auditdetails
Stripe Customer-Agent Connectorstripe9API tokenbillingpii, billing, paymentsdetails
Twiliotwilio10Basic/API tokencommunications, supportcommunications, pii, metadatadetails
Vantavanta10API tokencompliance, securitycompliance, audit, documents, pii, metadatadetails
Workdayworkday10OAuth 2.0hr, recruiting, identityhr, recruiting, identity, pii, audit, metadatadetails
Zendeskzendesk7OAuth 2.0, API tokensupporttickets, piidetails
Zoomzoom8OAuth 2.0productivity, communicationscalendar, recordings, pii, documents, metadata, identitydetails

Runtime And Installation

Managed connector install uses the existing MCP runtime rather than a separate execution path. Installing a connector creates an encrypted credential, registers a stdio MCP server, injects field-qualified secret refs such as cred:<id>#access_token, and starts apps/connectors/src/index.ts <connector-id> in live mode. Fixture mode exists for deterministic demos and tests and must be explicitly selected. Missing live credentials fail closed instead of returning fixture data.

EndpointPurpose
GET /api/v1/connectors/catalogList manifest-backed managed connectors with auth requirements, data classes, and tool metadata.
GET /api/v1/connectors/installationsList installed managed connectors for the tenant.
POST /api/v1/connectors/installStore or reuse a credential and register the connector MCP server.
DELETE /api/v1/connectors/installations/:idUninstall the managed connector MCP server registration.

Install request shape:

{
  "connectorId": "slack",
  "name": "Slack managed connector",
  "secret": {
    "accessToken": "xoxb-..."
  }
}

You can provide credentialId instead of secret to reuse a stored credential for the same connector provider. Install rejects attempts to override Punk-managed live-mode metadata.

Complete Connector Reference

Airtable (airtable)

Airtable connector for bases, tables, records, comments, and governed batch record updates.

FieldValue
Version0.1.0
Categoriesproject_management
Data classesmetadata, pii, comments
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts airtable
Fixture selfcheckbun run apps/connectors/src/index.ts airtable --fixture --selfcheck
Punk docshttps://docs.punk.local/connectors/airtable
Vendor docshttps://airtable.com/developers/web/api/introduction

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenAirtable personal access tokenaccess_tokenPUNK_AIRTABLE_ACCESS_TOKENschema.bases:read, data.records:readdata.records:writeno

Scope/data-class map:

ScopeRequirementData classes
schema.bases:readrequiredmetadata
data.records:readrequiredmetadata, pii, comments
data.records:writeoptionalmetadata, pii, comments

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
airtable.list_basesL1read:tasksnonot declared3600s / tenant / slowrecordedno suppression needednoneList Airtable bases visible to the credential.
airtable.list_tablesL1read:tasksnonot declared3600s / tenant / slowrecordedno suppression neededbaseIdList tables and fields in an Airtable base.
airtable.list_recordsL1read:tasksnonot declared60s / tenant / liverecordedno suppression neededbaseId, tableIdOrNameList records from an Airtable table with optional view, fields, and text filtering.
airtable.get_recordL1read:tasksnonot declared120s / tenant / liverecordedno suppression neededbaseId, recordId, tableIdOrNameFetch one Airtable record by id.
airtable.list_commentsL1read:commentsnonot declared60s / tenant / liverecordedno suppression neededbaseId, recordId, tableIdOrNameList Airtable record comments.
airtable.create_recordL3write:tasksyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbaseId, fields, tableIdOrNameCreate one Airtable record. Dry-run is the default.
airtable.update_recordL3write:tasksyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbaseId, fields, recordId, tableIdOrNameUpdate one Airtable record. Dry-run is the default.
airtable.batch_update_recordsL4write:tasksyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runbaseId, records, tableIdOrNameUpdate multiple Airtable records. Live execution requires explicit approval and idempotency.
airtable.comment_recordL3write:commentsyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbaseId, recordId, tableIdOrName, textAdd a comment to an Airtable record. Dry-run is the default.
airtable.delete_recordL4destroy:tasksyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runbaseId, recordId, tableIdOrNameDelete one Airtable record. Live execution requires explicit approval and idempotency.

Tool details:

airtable.list_bases

List Airtable bases visible to the credential.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache3600s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

airtable.list_tables

List tables and fields in an Airtable base.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache3600s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
baseIdstringyesmin length 1Connector-specific argument.
includeFieldsbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

airtable.list_records

List records from an Airtable table with optional view, fields, and text filtering.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache60s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: records[].fields; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
baseIdstringyesmin length 1Connector-specific argument.
tableIdOrNamestringyesmin length 1Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
fieldsarrayno-Connector-specific argument.
filterByFormulastringnomax length 5000Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.
viewstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

airtable.get_record

Fetch one Airtable record by id.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache120s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: record.fields; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
baseIdstringyesmin length 1Connector-specific argument.
recordIdstringyesmin length 1Connector-specific argument.
tableIdOrNamestringyesmin length 1Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

airtable.list_comments

List Airtable record comments.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:comments
Approval required by defaultno
Idempotencynot declared
Cache60s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: comments[].text, comments[].authorName; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
baseIdstringyesmin length 1Connector-specific argument.
recordIdstringyesmin length 1Connector-specific argument.
tableIdOrNamestringyesmin length 1Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

airtable.create_record

Create one Airtable record. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:tasks
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: fields; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
baseIdstringyesmin length 1Connector-specific argument.
fieldsobjectyes-Connector-specific argument.
tableIdOrNamestringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
typecastbooleanno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

airtable.update_record

Update one Airtable record. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:tasks
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: fields; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
baseIdstringyesmin length 1Connector-specific argument.
fieldsobjectyes-Connector-specific argument.
recordIdstringyesmin length 1Connector-specific argument.
tableIdOrNamestringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
typecastbooleanno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

airtable.batch_update_records

Update multiple Airtable records. Live execution requires explicit approval and idempotency.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:tasks
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: records[].fields; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
baseIdstringyesmin length 1Connector-specific argument.
recordsarrayyes-Connector-specific argument.
tableIdOrNamestringyesmin length 1Connector-specific argument.
approvalIdstringnomax length 128Connector-specific argument.
approvedBystringnomax length 256Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
typecastbooleanno-Connector-specific argument.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

airtable.comment_record

Add a comment to an Airtable record. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:comments
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: text; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
baseIdstringyesmin length 1Connector-specific argument.
recordIdstringyesmin length 1Connector-specific argument.
tableIdOrNamestringyesmin length 1Connector-specific argument.
textstringyesmin length 1; max length 20000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

airtable.delete_record

Delete one Airtable record. Live execution requires explicit approval and idempotency.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actiondestroy:tasks
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
baseIdstringyesmin length 1Connector-specific argument.
recordIdstringyesmin length 1Connector-specific argument.
tableIdOrNamestringyesmin length 1Connector-specific argument.
approvalIdstringnomax length 128Connector-specific argument.
approvedBystringnomax length 256Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
tableIdstringnomin length 1Connector-specific argument.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Asana (asana)

Governed Asana connector for project, task, comment, user, and attachment workflows with safe write planning.

FieldValue
Version0.1.0
Categoriesproject_management, productivity
Data classestasks, comments, files, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts asana
Fixture selfcheckbun run apps/connectors/src/index.ts asana --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/asana
Vendor docshttps://developers.asana.com/reference/rest-api-reference

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenPersonal access token or OAuth access tokenaccessTokenASANA_ACCESS_TOKENdefault, tasks:read, tasks:write-no

Scope/data-class map:

ScopeRequirementData classes
defaultrequiredtasks, comments, files
tasks:readrequiredtasks, comments, files
tasks:writerequiredtasks, comments, files

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
asana.search_tasksL1read:tasksnonot declared300s / subject / slowrecordedno suppression needednoneSearch Asana tasks with bounded pagination.
asana.get_taskL1read:tasksnonot declared300s / subject / slowrecordedno suppression neededtaskIdRead a single Asana task by gid.
asana.list_projectsL1read:tasksnonot declared300s / subject / slowrecordedno suppression needednoneList visible Asana projects.
asana.get_projectL1read:tasksnonot declared300s / subject / slowrecordedno suppression neededprojectIdRead an Asana project by gid.
asana.list_project_tasksL1read:tasksnonot declared300s / subject / slowrecordedno suppression neededprojectIdList tasks in a project.
asana.list_usersL1read:tasksnonot declared300s / subject / slowrecordedno suppression needednoneList Asana workspace users.
asana.list_attachmentsL1read:documentsnonot declared300s / subject / slowrecordedno suppression neededtaskIdList attachments on a task.
asana.list_commentsL1read:commentsnonot declared300s / subject / slowrecordedno suppression neededtaskIdList comment stories on an Asana task.
asana.add_commentL3write:commentsnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runtaskId, textPlan or create an Asana task comment.
asana.attach_fileL4write:filesyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runfileName, taskIdPlan or attach a file reference to an Asana task. Live execution requires approval and idempotency.
asana.create_taskL3write:tasksnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runnamePlan or create an Asana task.
asana.update_taskL3write:tasksnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runtaskIdPlan or update task fields.

Tool details:

asana.search_tasks

Search Asana tasks with bounded pagination.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

asana.get_task

Read a single Asana task by gid.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
taskIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

asana.list_projects

List visible Asana projects.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

asana.get_project

Read an Asana project by gid.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
projectIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

asana.list_project_tasks

List tasks in a project.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
projectIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

asana.list_users

List Asana workspace users.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

asana.list_attachments

List attachments on a task.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
taskIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

asana.list_comments

List comment stories on an Asana task.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:comments
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: text, createdBy; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
taskIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

asana.add_comment

Plan or create an Asana task comment.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:comments
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: text; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
taskIdstringyes-Connector-specific argument.
textstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

asana.attach_file

Plan or attach a file reference to an Asana task. Live execution requires approval and idempotency.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:files
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: fileName; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl, fileUrl, contentBase64

Input contract:

FieldTypeRequiredBounds / enumNotes
fileNamestringyes-Connector-specific argument.
taskIdstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
contentBase64stringno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
fileUrlstringno-Connector-specific argument.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

asana.create_task

Plan or create an Asana task.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:tasks
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: notes, assignee; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
namestringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

asana.update_task

Plan or update task fields.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:tasks
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
taskIdstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

Atlassian Jira and Confluence (atlassian)

Managed Atlassian Cloud connector for governed Jira issue operations and Confluence knowledge workflows.

FieldValue
Version0.1.0
Categoriesengineering, productivity
Data classesmetadata, pii, tickets, documents
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts atlassian
Fixture selfcheckbun run apps/connectors/src/index.ts atlassian --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/atlassian
Vendor docshttps://developer.atlassian.com/cloud/jira/platform/rest/v3/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0Atlassian OAuth access tokenaccessToken, cloudIdPUNK_ATLASSIAN_ACCESS_TOKEN, PUNK_ATLASSIAN_CLOUD_IDread:jira-work, read:confluence-content.allwrite:jira-work, write:confluence-contentyes
Basic/API tokenAtlassian email plus API tokenemail, apiToken, siteUrlPUNK_ATLASSIAN_EMAIL, PUNK_ATLASSIAN_API_TOKEN, PUNK_ATLASSIAN_SITE_URL--no

Scope/data-class map:

ScopeRequirementData classes
read:jira-workrequiredtickets, pii
write:jira-workoptionaltickets, pii
read:confluence-content.allrequireddocuments, pii
write:confluence-contentoptionaldocuments, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
atlassian.jira_search_issuesL1read:ticketnonot declared30s / subject / liverecordedno suppression neededjqlSearch Jira Cloud issues with JQL using the REST v3 enhanced JQL search endpoint.
atlassian.jira_get_issueL1read:ticketnonot declared60s / subject / liverecordedno suppression neededissueIdOrKeyGet a Jira Cloud issue by id or key with bounded normalized fields and optional raw payload.
atlassian.jira_create_issueL3write:ticketyesnot supported0s / none / livedry_runsuppressed, dry-runissueTypeName, projectKey, summaryCreate a Jira Cloud issue. Description text is converted to Atlassian Document Format; writes default to dry-run.
atlassian.jira_comment_issueL3write:ticketyesnot supported0s / none / livedry_runsuppressed, dry-runbody, issueIdOrKeyAdd a Jira Cloud issue comment using Atlassian Document Format. Writes default to dry-run.
atlassian.jira_update_issueL3write:ticketyesnot supported0s / none / livedry_runsuppressed, dry-runfields, issueIdOrKeyUpdate allowlisted Jira Cloud issue fields. Arbitrary transition and workflow operations are intentionally out of scope.
atlassian.confluence_searchL1read:documentnonot declared60s / subject / liverecordedno suppression needednoneSearch Confluence Cloud content with CQL through the official REST search endpoint.
atlassian.confluence_get_pageL1read:documentnonot declared120s / subject / slowrecordedno suppression neededpageIdGet a Confluence Cloud page by id with selected body representation and optional footer comments.
atlassian.confluence_create_pageL3write:documentyesnot supported0s / none / livedry_runsuppressed, dry-runbody, spaceId, titleCreate a Confluence Cloud page with storage or Atlassian document body. Writes default to dry-run.
atlassian.confluence_comment_pageL3write:documentyesnot supported0s / none / livedry_runsuppressed, dry-runbody, pageIdCreate a Confluence Cloud footer comment on a page. Writes default to dry-run.

Tool details:

atlassian.jira_search_issues

Search Jira Cloud issues with JQL using the REST v3 enhanced JQL search endpoint.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:ticket
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: issues.assignee, issues.reporter; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
jqlstringyesmax length 20000Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
fieldsarrayno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

atlassian.jira_get_issue

Get a Jira Cloud issue by id or key with bounded normalized fields and optional raw payload.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:ticket
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: issue.assignee, issue.reporter, issue.description; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
issueIdOrKeystringyes-Connector-specific argument.
expandarrayno-Connector-specific argument.
fieldsarrayno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

atlassian.jira_create_issue

Create a Jira Cloud issue. Description text is converted to Atlassian Document Format; writes default to dry-run.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: description, fields; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
issueTypeNamestringyes-Connector-specific argument.
projectKeystringyes-Connector-specific argument.
summarystringyesmax length 255Connector-specific argument.
descriptionstringnomax length 32767Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
fieldsobjectno-Connector-specific argument.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

atlassian.jira_comment_issue

Add a Jira Cloud issue comment using Atlassian Document Format. Writes default to dry-run.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmax length 32767Connector-specific argument.
issueIdOrKeystringyes-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
visibilityobjectno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

atlassian.jira_update_issue

Update allowlisted Jira Cloud issue fields. Arbitrary transition and workflow operations are intentionally out of scope.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: fields.description; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
fieldsobjectyes-Connector-specific argument.
issueIdOrKeystringyes-Connector-specific argument.
allowCustomFieldsbooleanno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

Search Confluence Cloud content with CQL through the official REST search endpoint.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:document
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: results.excerpt; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
cqlstringnomax length 20000Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.
spaceKeystringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

atlassian.confluence_get_page

Get a Confluence Cloud page by id with selected body representation and optional footer comments.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:document
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: page.body, comments.body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
pageIdstringyes-Connector-specific argument.
bodyFormatstringnoone of storage, atlas_doc_formatConnector-specific argument.
commentLimitintegernomin 1; max 50Connector-specific argument.
includeCommentsbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

atlassian.confluence_create_page

Create a Confluence Cloud page with storage or Atlassian document body. Writes default to dry-run.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:document
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmax length 100000Connector-specific argument.
spaceIdstringyes-Connector-specific argument.
titlestringyesmax length 255Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
parentIdstringno-Connector-specific argument.
representationstringnoone of storage, atlas_doc_formatConnector-specific argument.
statusstringnoone of current, draftConnector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

atlassian.confluence_comment_page

Create a Confluence Cloud footer comment on a page. Writes default to dry-run.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:document
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmax length 100000Connector-specific argument.
pageIdstringyes-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
representationstringnoone of storage, atlas_doc_formatConnector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

AWS Operations (aws-ops)

Governed AWS operations connector for CloudWatch, Cost Explorer, resource inventory, IAM context, dry-run changes, and approval-gated remediation.

FieldValue
Version0.1.0
Categoriescloud, infrastructure, observability, security
Data classescloud, infrastructure, logs, telemetry, costs, identity, audit, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts aws-ops
Fixture selfcheckbun run apps/connectors/src/index.ts aws-ops --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/aws-ops
Vendor docshttps://docs.aws.amazon.com/cloudwatch/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
API tokenScoped AWS access token or assumed-role broker tokenaccessTokenAWS_OPS_ACCESS_TOKENcloudwatch:read, ce:read, iam:readops:writeno

Scope/data-class map:

ScopeRequirementData classes
cloudwatch:readrequiredlogs, telemetry
ce:readrequiredcosts
iam:readrequiredidentity, audit
ops:writeoptionalcloud, infrastructure

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
aws.search_resourcesL1read:cloudnonot declared300s / tenant / slowrecordedno suppression needednoneSearch AWS resources from inventory.
aws.get_resourceL1read:cloudnonot declared300s / subject / slowrecordedno suppression neededresourceIdRead one AWS resource inventory record.
aws.query_cloudwatch_metricsL1read:cloudnonot declared60s / subject / liverecordedno suppression needednoneQuery bounded CloudWatch metrics.
aws.search_cloudwatch_logsL1read:cloudnonot declared30s / subject / liverecordedno suppression neededlogGroupSearch CloudWatch logs with bounded time and result windows.
aws.list_alarmsL1read:cloudnonot declared300s / tenant / slowrecordedno suppression needednoneList CloudWatch alarms.
aws.get_alarmL1read:cloudnonot declared300s / subject / slowrecordedno suppression neededalarmNameRead one CloudWatch alarm.
aws.query_costsL1read:cloudnonot declared3600s / subject / slowrecordedno suppression neededendDate, startDateRead AWS Cost Explorer summaries.
aws.list_iam_principalsL1read:cloudnonot declared300s / tenant / slowrecordedno suppression needednoneList bounded IAM principals.
aws.get_iam_policyL1read:cloudnonot declared300s / subject / slowrecordedno suppression neededpolicyIdRead one IAM policy summary.
aws.plan_alarm_updateL2write:cloudnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runalarmNamePlan a CloudWatch alarm change without applying it.
aws.apply_tagsL3write:cloudnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runresourceIdApply AWS resource tags when live writes are enabled.
aws.remediate_resourceL4write:cloudyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runidempotencyKey, resourceIdRun an approval-gated remediation action against an AWS resource.

Tool details:

aws.search_resources

Search AWS resources from inventory.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:cloud
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

aws.get_resource

Read one AWS resource inventory record.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:cloud
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
resourceIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

aws.query_cloudwatch_metrics

Query bounded CloudWatch metrics.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:cloud
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

aws.search_cloudwatch_logs

Search CloudWatch logs with bounded time and result windows.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:cloud
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
logGroupstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

aws.list_alarms

List CloudWatch alarms.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:cloud
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

aws.get_alarm

Read one CloudWatch alarm.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:cloud
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
alarmNamestring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

aws.query_costs

Read AWS Cost Explorer summaries.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:cloud
Approval required by defaultno
Idempotencynot declared
Cache3600s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
endDatestring | number | boolean | object | arrayyes-Connector-specific argument.
startDatestring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

aws.list_iam_principals

List bounded IAM principals.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:cloud
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

aws.get_iam_policy

Read one IAM policy summary.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:cloud
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
policyIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

aws.plan_alarm_update

Plan a CloudWatch alarm change without applying it.

Contract fieldValue
Side-effect levelL2 - Draft, reversible, or low-impact write.
Policy actionwrite:cloud
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
alarmNamestring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.

aws.apply_tags

Apply AWS resource tags when live writes are enabled.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:cloud
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
resourceIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

aws.remediate_resource

Run an approval-gated remediation action against an AWS resource.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:cloud
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
resourceIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

BigQuery (bigquery)

Governed BigQuery connector for datasets, tables, jobs, bounded query execution, dry-run estimates, and approval-gated warehouse operations.

FieldValue
Version0.1.0
Categoriesdata, database, analytics
Data classeswarehouse, database, schema, analytics, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts bigquery
Fixture selfcheckbun run apps/connectors/src/index.ts bigquery --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/bigquery
Vendor docshttps://docs.cloud.google.com/bigquery/docs/reference/rest

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0Google OAuth access tokenaccessTokenBIGQUERY_ACCESS_TOKENhttps://www.googleapis.com/auth/bigquery.readonlyhttps://www.googleapis.com/auth/bigqueryyes

Scope/data-class map:

ScopeRequirementData classes
https://www.googleapis.com/auth/bigquery.readonlyrequiredwarehouse, schema
https://www.googleapis.com/auth/bigqueryoptionalwarehouse

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
bigquery.list_projectsL1read:datanonot declared300s / tenant / slowrecordedno suppression needednoneList BigQuery projects.
bigquery.list_datasetsL1read:datanonot declared300s / tenant / slowrecordedno suppression neededprojectIdList datasets in a project.
bigquery.list_tablesL1read:datanonot declared300s / tenant / slowrecordedno suppression neededdatasetId, projectIdList tables in a dataset.
bigquery.describe_tableL1read:datanonot declared300s / subject / slowrecordedno suppression neededdatasetId, projectId, tableIdRead BigQuery table metadata.
bigquery.get_table_schemaL1read:datanonot declared300s / tenant / slowrecordedno suppression neededdatasetId, projectId, tableIdRead normalized BigQuery table schema fields.
bigquery.dry_run_queryL0read:datanonot declared1800s / subject / slowrecordedno suppression neededprojectId, sqlValidate read-only SQL and return an estimated execution plan.
bigquery.execute_queryL1read:datanonot declared300s / subject / slowrecordedno suppression neededprojectId, sqlExecute bounded read-only BigQuery SQL.
bigquery.list_jobsL1read:datanonot declared300s / subject / slowrecordedno suppression neededprojectIdList recent BigQuery jobs.
bigquery.get_jobL1read:datanonot declared300s / subject / slowrecordedno suppression neededjobId, projectIdRead a BigQuery job by id.
bigquery.cancel_jobL4write:datayessupported via idempotencyKey0s / none / liveneversuppressed, dry-runidempotencyKey, jobId, projectIdCancel a BigQuery job after approval.

Tool details:

bigquery.list_projects

List BigQuery projects.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

bigquery.list_datasets

List datasets in a project.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

bigquery.list_tables

List tables in a dataset.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
datasetIdstring | number | boolean | object | arrayyes-Connector-specific argument.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

bigquery.describe_table

Read BigQuery table metadata.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
datasetIdstring | number | boolean | object | arrayyes-Connector-specific argument.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
tableIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

bigquery.get_table_schema

Read normalized BigQuery table schema fields.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
datasetIdstring | number | boolean | object | arrayyes-Connector-specific argument.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
tableIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

bigquery.dry_run_query

Validate read-only SQL and return an estimated execution plan.

Contract fieldValue
Side-effect levelL0 - Local or planning-only; no external side effect.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache1800s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
sqlstringyes-SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
maxBytesintegernomin 1; max 1048576Maximum response bytes for content-like reads.
querystringno-Search string or filter expression accepted by the connector.
timeoutSecondsintegernomin 1; max 60Maximum upstream execution window.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

bigquery.execute_query

Execute bounded read-only BigQuery SQL.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
sqlstringyes-SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
maxBytesintegernomin 1; max 1048576Maximum response bytes for content-like reads.
querystringno-Search string or filter expression accepted by the connector.
timeoutSecondsintegernomin 1; max 60Maximum upstream execution window.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

bigquery.list_jobs

List recent BigQuery jobs.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

bigquery.get_job

Read a BigQuery job by id.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
jobIdstring | number | boolean | object | arrayyes-Connector-specific argument.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

bigquery.cancel_job

Cancel a BigQuery job after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:data
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
jobIdstring | number | boolean | object | arrayyes-Connector-specific argument.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Box (box)

Governed Box connector for enterprise content search, metadata, comments, collaborations, and safe sharing actions.

FieldValue
Version0.1.0
Categoriescontent, productivity
Data classesdocuments, files, comments, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts box
Fixture selfcheckbun run apps/connectors/src/index.ts box --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/box
Vendor docshttps://developer.box.com/reference

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenOAuth access token or developer tokenaccessTokenBOX_ACCESS_TOKENroot_readwrite-no

Scope/data-class map:

ScopeRequirementData classes
root_readwriterequireddocuments, files, comments

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
box.search_filesL1read:documentsnonot declared300s / subject / slowrecordedno suppression needednoneSearch Box files and folders.
box.list_folder_itemsL1read:documentsnonot declared300s / subject / slowrecordedno suppression neededfolderIdList Box folder items.
box.get_file_metadataL1read:documentsnonot declared300s / subject / slowrecordedno suppression neededfileIdRead Box file metadata.
box.get_folder_metadataL1read:documentsnonot declared300s / subject / slowrecordedno suppression neededfolderIdRead Box folder metadata.
box.get_file_textL1read:documentsnonot declared300s / subject / slowrecordedno suppression neededfileIdRead bounded text content from a Box file fixture or representation.
box.list_commentsL1read:commentsnonot declared300s / subject / slowrecordedno suppression neededfileIdList comments on Box files.
box.list_collaborationsL1read:documentsnonot declared300s / subject / slowrecordedno suppression neededfolderIdList Box collaborations.
box.create_shared_linkL3write:documentsnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runfileIdPlan or create a Box shared link.
box.create_folderL3write:documentsnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runname, parentIdPlan or create a Box folder.
box.upload_file_draftL2write:documentsnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runname, parentIdPrepare a bounded Box upload plan.

Tool details:

box.search_files

Search Box files and folders.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

box.list_folder_items

List Box folder items.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
folderIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

box.get_file_metadata

Read Box file metadata.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
fileIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

box.get_folder_metadata

Read Box folder metadata.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
folderIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

box.get_file_text

Read bounded text content from a Box file fixture or representation.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
fileIdstringyes-Connector-specific argument.
allowBinarybooleanno-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
maxBytesintegernomin 1; max 65536Maximum response bytes for content-like reads.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

box.list_comments

List comments on Box files.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:comments
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: message; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
fileIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

box.list_collaborations

List Box collaborations.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: accessibleBy; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
folderIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

Plan or create a Box shared link.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:documents
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
fileIdstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

box.create_folder

Plan or create a Box folder.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:documents
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
namestringyes-Connector-specific argument.
parentIdstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

box.upload_file_draft

Prepare a bounded Box upload plan.

Contract fieldValue
Side-effect levelL2 - Draft, reversible, or low-impact write.
Policy actionwrite:documents
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
namestringyes-Connector-specific argument.
parentIdstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.

Calendly (calendly)

Governed Calendly connector for event types, scheduled events, invitees, availability, users, organization membership, and safe scheduling changes.

FieldValue
Version0.1.0
Categoriesproductivity
Data classescalendar, scheduling, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts calendly
Fixture selfcheckbun run apps/connectors/src/index.ts calendly --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/calendly
Vendor docshttps://developer.calendly.com/api-docs

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenCalendly OAuth or personal access tokenaccessTokenCALENDLY_ACCESS_TOKENdefaultscheduled_events:writeno

Scope/data-class map:

ScopeRequirementData classes
defaultrequiredcalendar, scheduling
scheduled_events:writeoptionalscheduling

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
calendly.list_event_typesL1read:schedulingnonot declared300s / tenant / slowrecordedno suppression needednoneList Calendly event types.
calendly.list_scheduled_eventsL1read:schedulingnonot declared300s / subject / slowrecordedno suppression needednoneList scheduled events.
calendly.get_scheduled_eventL1read:schedulingnonot declared300s / subject / slowrecordedno suppression neededeventIdRead one scheduled event.
calendly.list_inviteesL1read:schedulingnonot declared300s / subject / slowrecordedno suppression neededeventIdList invitees for an event.
calendly.get_availabilityL1read:schedulingnonot declared120s / subject / slowrecordedno suppression neededuserIdRead user availability.
calendly.list_usersL1read:schedulingnonot declared300s / tenant / slowrecordedno suppression needednoneList Calendly users.
calendly.list_organization_membersL1read:schedulingnonot declared300s / tenant / slowrecordedno suppression needednoneList Calendly organization members.
calendly.create_scheduling_linkL2write:schedulingnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runeventTypeCreate a single-use scheduling link or dry-run plan.
calendly.update_event_typeL3write:schedulingnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runeventTypeIdUpdate an event type.
calendly.cancel_eventL4write:schedulingyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runeventId, idempotencyKey, reasonCancel a scheduled event after approval.

Tool details:

calendly.list_event_types

List Calendly event types.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:scheduling
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

calendly.list_scheduled_events

List scheduled events.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:scheduling
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

calendly.get_scheduled_event

Read one scheduled event.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:scheduling
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
eventIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

calendly.list_invitees

List invitees for an event.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:scheduling
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
eventIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

calendly.get_availability

Read user availability.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:scheduling
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
userIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

calendly.list_users

List Calendly users.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:scheduling
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

calendly.list_organization_members

List Calendly organization members.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:scheduling
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

Create a single-use scheduling link or dry-run plan.

Contract fieldValue
Side-effect levelL2 - Draft, reversible, or low-impact write.
Policy actionwrite:scheduling
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
eventTypestring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.

calendly.update_event_type

Update an event type.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:scheduling
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
eventTypeIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

calendly.cancel_event

Cancel a scheduled event after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:scheduling
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
eventIdstring | number | boolean | object | arrayyes-Connector-specific argument.
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
reasonstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Chargebee (chargebee)

Chargebee subscription billing support connector with fixture mode, safe level 4 planning, and real Chargebee API live paths.

FieldValue
Version0.1.0
Categoriesbilling
Data classespii, billing, payments
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts chargebee
Fixture selfcheckbun run apps/connectors/src/index.ts chargebee --fixture --selfcheck
Punk docshttps://docs.punk.local/connectors/chargebee
Vendor docshttps://apidocs.chargebee.com/docs/api

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
API tokenChargebee site and API keysite, api_keyPUNK_CHARGEBEE_SITE, PUNK_CHARGEBEE_API_KEY--no

Scope/data-class map:

ScopeRequirementData classes
---

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
chargebee.search_customersL1read:billingnonot declared120s / subject / liverecordedsuppressednoneSearch or list Chargebee customers by query, email, or customer id prefix.
chargebee.get_customerL1read:billingnonot declared300s / subject / slowrecordedsuppressedcustomerIdRetrieve a Chargebee customer by id.
chargebee.list_subscriptionsL1read:billingnonot declared120s / subject / liverecordedsuppressednoneList Chargebee subscriptions with optional customer and status filters.
chargebee.get_subscriptionL1read:billingnonot declared300s / subject / slowrecordedsuppressedsubscriptionIdRetrieve a Chargebee subscription by id.
chargebee.list_invoicesL1read:billingnonot declared120s / subject / liverecordedsuppressednoneList Chargebee invoices by customer, subscription, or status.
chargebee.cancel_subscriptionL4write:paymentyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runsubscriptionIdCancel a Chargebee subscription only after a dry-run plan, approval metadata, and idempotency key.
chargebee.issue_credit_noteL4write:paymentyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runamountCents, customerId, invoiceIdIssue a Chargebee credit note only after a dry-run plan, approval metadata, amount cap check, and idempotency key.

Tool details:

chargebee.search_customers

Search or list Chargebee customers by query, email, or customer id prefix.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:billing
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / live
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: email, customer.email, customers[].email; Secrets: apiKey, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringnomax length 500Opaque pagination cursor returned by a previous call.
customerIdstringnomax length 128Connector-specific argument.
emailstringnomax length 320Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringnomax length 500Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

chargebee.get_customer

Retrieve a Chargebee customer by id.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:billing
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: customer.email, customer.name; Secrets: apiKey, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
customerIdstringyesmin length 1; max length 128Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

chargebee.list_subscriptions

List Chargebee subscriptions with optional customer and status filters.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:billing
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / live
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: customerId, subscriptions[].customerId; Secrets: apiKey, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringnomax length 500Opaque pagination cursor returned by a previous call.
customerIdstringnomax length 128Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
statusstringnoone of future, in_trial, active, non_renewing, paused, cancelledConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

chargebee.get_subscription

Retrieve a Chargebee subscription by id.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:billing
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: customerId; Secrets: apiKey, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
subscriptionIdstringyesmin length 1; max length 128Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

chargebee.list_invoices

List Chargebee invoices by customer, subscription, or status.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:billing
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / live
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: customerId, invoices[].customerId; Secrets: apiKey, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringnomax length 500Opaque pagination cursor returned by a previous call.
customerIdstringnomax length 128Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
statusstringnoone of paid, posted, payment_due, not_paid, voided, pendingConnector-specific argument.
subscriptionIdstringnomax length 128Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

chargebee.cancel_subscription

Cancel a Chargebee subscription only after a dry-run plan, approval metadata, and idempotency key.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:payment
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: approval.approvedBy, customerId; Secrets: apiKey, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
subscriptionIdstringyesmin length 1; max length 128Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cancelOptionstringnoone of end_of_term, immediatelyConnector-specific argument.
customerIdstringnomax length 128Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomin length 16; max length 255Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
memostringnomax length 2000Connector-specific argument.
planIdstringnomax length 160Connector-specific argument.
reasonCodestringnomax length 100Connector-specific argument.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

chargebee.issue_credit_note

Issue a Chargebee credit note only after a dry-run plan, approval metadata, amount cap check, and idempotency key.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:payment
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: approval.approvedBy, customerId; Secrets: apiKey, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
amountCentsintegeryesmin 1Connector-specific argument.
customerIdstringyesmin length 1; max length 128Connector-specific argument.
invoiceIdstringyesmin length 1; max length 128Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
currencystringnomin length 3; max length 3Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomin length 16; max length 255Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
memostringnomax length 2000Connector-specific argument.
planIdstringnomax length 160Connector-specific argument.
reasonCodestringnomax length 100Connector-specific argument.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Datadog (datadog)

Governed Datadog connector for bounded telemetry reads, monitor context, incident writes, and approval-gated monitor downtime.

FieldValue
Version0.1.0
Categoriesobservability, incident
Data classesobservability, telemetry, metadata, pii
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts datadog
Fixture selfcheckbun run apps/connectors/src/index.ts datadog --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/datadog
Vendor docshttps://docs.datadoghq.com/api/latest/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
API tokenDatadog API and application keysapi_key, application_keyDATADOG_API_KEY, DATADOG_APP_KEYlogs_read, apm_read, metrics_read, monitors_readincident_write, downtime_writeno

Scope/data-class map:

ScopeRequirementData classes
logs_readrequiredobservability, telemetry, pii
apm_readrequiredobservability, telemetry, pii
metrics_readrequiredobservability, telemetry
monitors_readrequiredobservability, metadata
incident_writeoptionalmetadata, pii
downtime_writeoptionalmetadata, audit

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
datadog.search_logsL1read:observabilitynonot declared30s / tenant / liverecordedno suppression neededfrom, query, toSearch Datadog logs with required bounded time range and small default row limit. Snippets are returned unless includeRaw is true.
datadog.get_traceL1read:observabilitynonot declared60s / tenant / liverecordedno suppression neededfrom, to, traceIdFetch one Datadog trace with bounded span count and redacted request data.
datadog.query_metricsL1read:observabilitynonot declared60s / tenant / liverecordedno suppression neededfrom, query, toQuery Datadog metrics with required bounded time range and a bounded point count.
datadog.list_monitorsL1read:observabilitynonot declared120s / tenant / liverecordedno suppression needednoneSearch Datadog monitors with tag filters and bounded pagination.
datadog.get_monitorL1read:observabilitynonot declared120s / tenant / liverecordedno suppression neededmonitorIdFetch one Datadog monitor and current state.
datadog.create_incidentL3write:incidentnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runseverity, titleCreate a Datadog incident. Dry-run is the default; live execution requires write enablement and idempotency.
datadog.update_incidentL3write:incidentnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runincidentIdPatch allowlisted Datadog incident fields. Dry-run is the default.
datadog.add_incident_timeline_itemL3write:incidentnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runcontent, incidentIdAdd a note to a Datadog incident timeline. Dry-run is the default.
datadog.create_monitor_downtimeL4write:incidentyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runend, monitorId, scope, startCreate bounded monitor downtime. Non-dry-run execution requires approval metadata and an idempotency key.

Tool details:

datadog.search_logs

Search Datadog logs with required bounded time range and small default row limit. Snippets are returned unless includeRaw is true.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:observability
Approval required by defaultno
Idempotencynot declared
Cache30s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: logs[].message, logs[].attributes; Secrets: raw, authorization, cookie, api_key, application_key

Input contract:

FieldTypeRequiredBounds / enumNotes
fromstringyes-ISO 8601 start time.
querystringyesmin length 1; max length 1000Search string or filter expression accepted by the connector.
tostringyes-ISO 8601 end time.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

datadog.get_trace

Fetch one Datadog trace with bounded span count and redacted request data.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:observability
Approval required by defaultno
Idempotencynot declared
Cache60s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: spans[].resource, spans[].meta; Secrets: raw, authorization, cookie, token, secret

Input contract:

FieldTypeRequiredBounds / enumNotes
fromstringyes-ISO 8601 start time for trace lookup.
tostringyes-ISO 8601 end time for trace lookup.
traceIdstringyesmin length 1; max length 128Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
maxSpansintegernomin 1; max 100Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

datadog.query_metrics

Query Datadog metrics with required bounded time range and a bounded point count.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:observability
Approval required by defaultno
Idempotencynot declared
Cache60s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
fromstringyes-ISO 8601 start time.
querystringyesmin length 1; max length 1000Search string or filter expression accepted by the connector.
tostringyes-ISO 8601 end time.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
maxPointsintegernomin 1; max 1000Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

datadog.list_monitors

Search Datadog monitors with tag filters and bounded pagination.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:observability
Approval required by defaultno
Idempotencynot declared
Cache120s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: monitors[].message; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringnomax length 500Search string or filter expression accepted by the connector.
tagsarrayno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

datadog.get_monitor

Fetch one Datadog monitor and current state.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:observability
Approval required by defaultno
Idempotencynot declared
Cache120s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: monitor.message; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
monitorIdanyyes-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

datadog.create_incident

Create a Datadog incident. Dry-run is the default; live execution requires write enablement and idempotency.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:incident
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: customerImpact; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
severitystringyesone of SEV-1, SEV-2, SEV-3, SEV-4, SEV-5Connector-specific argument.
titlestringyesmin length 1; max length 300Connector-specific argument.
customerImpactstringnomax length 2000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
servicestringnomax length 128Connector-specific argument.
teamstringnomax length 128Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

datadog.update_incident

Patch allowlisted Datadog incident fields. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:incident
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: title; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
incidentIdstringyesmin length 1Connector-specific argument.
commanderstringnomax length 128Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
severitystringnoone of SEV-1, SEV-2, SEV-3, SEV-4, SEV-5Connector-specific argument.
statusstringnoone of active, stable, resolvedConnector-specific argument.
titlestringnomin length 1; max length 300Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

datadog.add_incident_timeline_item

Add a note to a Datadog incident timeline. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:incident
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: content; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
contentstringyesmin length 1; max length 5000Connector-specific argument.
incidentIdstringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

datadog.create_monitor_downtime

Create bounded monitor downtime. Non-dry-run execution requires approval metadata and an idempotency key.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:incident
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: message; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
endstringyes-ISO 8601 end time.
monitorIdanyyes-Connector-specific argument.
scopearrayyes-Connector-specific argument.
startstringyes-ISO 8601 start time.
approvalobjectno-Approval metadata required before level 4 actions can execute.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
messagestringnomax length 1000Connector-specific argument.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

DocuSign (docusign)

Governed DocuSign eSignature connector for templates, envelopes, recipients, documents, audit events, and approval-gated signature actions.

FieldValue
Version0.1.0
Categorieslegal, productivity
Data classescontracts, signatures, documents, pii, audit, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts docusign
Fixture selfcheckbun run apps/connectors/src/index.ts docusign --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/docusign
Vendor docshttps://developers.docusign.com/docs/esign-rest-api/reference/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0DocuSign OAuth access tokenaccessTokenDOCUSIGN_ACCESS_TOKENsignatureimpersonationyes

Scope/data-class map:

ScopeRequirementData classes
signaturerequiredcontracts, signatures
impersonationoptionalcontracts

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
docusign.list_templatesL1read:contractsnonot declared300s / tenant / slowrecordedno suppression neededaccountIdList DocuSign templates.
docusign.list_envelopesL1read:contractsnonot declared300s / subject / slowrecordedno suppression neededaccountIdList envelopes.
docusign.get_envelopeL1read:contractsnonot declared300s / subject / slowrecordedno suppression neededaccountId, envelopeIdRead an envelope.
docusign.list_recipientsL1read:contractsnonot declared300s / subject / slowrecordedno suppression neededaccountId, envelopeIdList envelope recipients.
docusign.list_documentsL1read:contractsnonot declared300s / subject / slowrecordedno suppression neededaccountId, envelopeIdList envelope documents.
docusign.get_audit_eventsL1read:contractsnonot declared60s / subject / liverecordedno suppression neededaccountId, envelopeIdRead envelope audit events.
docusign.create_envelope_draftL2write:contractsnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runaccountIdCreate or plan a DocuSign draft envelope.
docusign.send_envelopeL4write:contractsyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runaccountId, envelopeId, idempotencyKeySend an envelope for signature after approval.
docusign.void_envelopeL4write:contractsyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runaccountId, envelopeId, idempotencyKey, voidedReasonVoid an envelope after approval.
docusign.correct_envelopeL4write:contractsyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runaccountId, envelopeId, idempotencyKeyCorrect envelope recipients or documents after approval.

Tool details:

docusign.list_templates

List DocuSign templates.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:contracts
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
accountIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

docusign.list_envelopes

List envelopes.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:contracts
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
accountIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

docusign.get_envelope

Read an envelope.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:contracts
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
accountIdstring | number | boolean | object | arrayyes-Connector-specific argument.
envelopeIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

docusign.list_recipients

List envelope recipients.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:contracts
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
accountIdstring | number | boolean | object | arrayyes-Connector-specific argument.
envelopeIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

docusign.list_documents

List envelope documents.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:contracts
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
accountIdstring | number | boolean | object | arrayyes-Connector-specific argument.
envelopeIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

docusign.get_audit_events

Read envelope audit events.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:contracts
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
accountIdstring | number | boolean | object | arrayyes-Connector-specific argument.
envelopeIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

docusign.create_envelope_draft

Create or plan a DocuSign draft envelope.

Contract fieldValue
Side-effect levelL2 - Draft, reversible, or low-impact write.
Policy actionwrite:contracts
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
accountIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.

docusign.send_envelope

Send an envelope for signature after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:contracts
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
accountIdstring | number | boolean | object | arrayyes-Connector-specific argument.
envelopeIdstring | number | boolean | object | arrayyes-Connector-specific argument.
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

docusign.void_envelope

Void an envelope after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:contracts
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
accountIdstring | number | boolean | object | arrayyes-Connector-specific argument.
envelopeIdstring | number | boolean | object | arrayyes-Connector-specific argument.
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
voidedReasonstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

docusign.correct_envelope

Correct envelope recipients or documents after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:contracts
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
accountIdstring | number | boolean | object | arrayyes-Connector-specific argument.
envelopeIdstring | number | boolean | object | arrayyes-Connector-specific argument.
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Dropbox (dropbox)

Governed Dropbox connector for file metadata, search, previews, shared links, folders, uploads, and delete approval gates.

FieldValue
Version0.1.0
Categoriescontent, productivity
Data classesdocuments, files, comments, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts dropbox
Fixture selfcheckbun run apps/connectors/src/index.ts dropbox --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/dropbox
Vendor docshttps://www.dropbox.com/developers/documentation/http/documentation

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenOAuth access tokenaccessTokenDROPBOX_ACCESS_TOKENfiles.metadata.read, files.content.read, files.content.write, sharing.write-no

Scope/data-class map:

ScopeRequirementData classes
files.metadata.readrequireddocuments, files
files.content.readrequireddocuments, files
files.content.writerequireddocuments, files
sharing.writerequireddocuments, files

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
dropbox.list_folderL1read:documentsnonot declared300s / subject / slowrecordedno suppression needednoneList Dropbox folder entries.
dropbox.continue_list_folderL1read:documentsnonot declared300s / subject / slowrecordedno suppression needednoneContinue a Dropbox folder cursor.
dropbox.search_filesL1read:documentsnonot declared300s / subject / slowrecordedno suppression needednoneSearch Dropbox files.
dropbox.get_metadataL1read:documentsnonot declared300s / subject / slowrecordedno suppression neededpathRead Dropbox metadata for a path or id.
dropbox.download_file_previewL1read:documentsnonot declared300s / subject / slowrecordedno suppression neededpathRead bounded Dropbox file fixture content.
dropbox.list_shared_linksL1read:documentsnonot declared300s / subject / slowrecordedno suppression needednoneList Dropbox shared links.
dropbox.list_collaborationsL1read:documentsnonot declared300s / subject / slowrecordedno suppression neededpathList Dropbox file members and invitees.
dropbox.list_commentsL1read:commentsnonot declared300s / subject / slowrecordedno suppression neededpathList Dropbox file comments or annotations.
dropbox.create_shared_linkL3write:documentsnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runpathPlan or create a Dropbox shared link.
dropbox.create_folderL3write:documentsnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runpathPlan or create a Dropbox folder.
dropbox.upload_file_draftL2write:documentsnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runpathPrepare a bounded Dropbox upload plan.
dropbox.delete_fileL4write:documentsyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runpathDelete a Dropbox file after approval.

Tool details:

dropbox.list_folder

List Dropbox folder entries.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

dropbox.continue_list_folder

Continue a Dropbox folder cursor.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

dropbox.search_files

Search Dropbox files.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

dropbox.get_metadata

Read Dropbox metadata for a path or id.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
pathstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

dropbox.download_file_preview

Read bounded Dropbox file fixture content.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
pathstringyes-Connector-specific argument.
allowBinarybooleanno-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
maxBytesintegernomin 1; max 65536Maximum response bytes for content-like reads.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

List Dropbox shared links.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

dropbox.list_collaborations

List Dropbox file members and invitees.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: user, invitee; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl, url

Input contract:

FieldTypeRequiredBounds / enumNotes
pathstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

dropbox.list_comments

List Dropbox file comments or annotations.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:comments
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: message, createdBy; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl, url

Input contract:

FieldTypeRequiredBounds / enumNotes
pathstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

Plan or create a Dropbox shared link.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:documents
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
pathstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

dropbox.create_folder

Plan or create a Dropbox folder.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:documents
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
pathstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

dropbox.upload_file_draft

Prepare a bounded Dropbox upload plan.

Contract fieldValue
Side-effect levelL2 - Draft, reversible, or low-impact write.
Policy actionwrite:documents
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
pathstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.

dropbox.delete_file

Delete a Dropbox file after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:documents
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
pathstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Figma (figma)

Governed Figma connector for design files, nodes, comments, versions, components, image URLs, and library notes.

FieldValue
Version0.1.0
Categoriesdesign, productivity
Data classesdesign, files, comments, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts figma
Fixture selfcheckbun run apps/connectors/src/index.ts figma --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/figma
Vendor docshttps://developers.figma.com/docs/rest-api/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenPersonal access token or OAuth access tokenaccessTokenFIGMA_ACCESS_TOKENfile_read, file_comments:write, projects:read-no

Scope/data-class map:

ScopeRequirementData classes
file_readrequireddesign, files, comments
file_comments:writerequireddesign, files, comments
projects:readrequireddesign, files, comments

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
figma.get_fileL1read:designnonot declared300s / subject / slowrecordedno suppression neededfileKeyRead Figma file metadata and document summary.
figma.get_file_nodesL1read:designnonot declared300s / subject / slowrecordedno suppression neededfileKeyRead selected Figma nodes.
figma.list_file_commentsL1read:commentsnonot declared300s / subject / slowrecordedno suppression neededfileKeyList comments on a Figma file.
figma.create_commentL3write:commentsnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runfileKey, messagePlan or create a Figma file comment.
figma.list_file_versionsL1read:designnonot declared300s / subject / slowrecordedno suppression neededfileKeyList Figma file versions.
figma.get_team_projectsL1read:designnonot declared300s / subject / slowrecordedno suppression neededteamIdList Figma team projects.
figma.list_project_filesL1read:designnonot declared300s / subject / slowrecordedno suppression neededprojectIdList Figma project files.
figma.get_componentL1read:designnonot declared300s / subject / slowrecordedno suppression neededcomponentKeyRead a Figma component.
figma.get_image_urlsL1read:designnonot declared300s / subject / slowrecordedno suppression neededfileKeyRead bounded Figma image export URLs.
figma.publish_library_noteL2write:designnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runfileKey, messagePrepare a low-impact library note plan.

Tool details:

figma.get_file

Read Figma file metadata and document summary.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:design
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
fileKeystringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

figma.get_file_nodes

Read selected Figma nodes.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:design
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
fileKeystringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

figma.list_file_comments

List comments on a Figma file.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:comments
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: message; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
fileKeystringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

figma.create_comment

Plan or create a Figma file comment.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:comments
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: message; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
fileKeystringyes-Connector-specific argument.
messagestringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

figma.list_file_versions

List Figma file versions.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:design
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
fileKeystringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

figma.get_team_projects

List Figma team projects.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:design
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
teamIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

figma.list_project_files

List Figma project files.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:design
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
projectIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

figma.get_component

Read a Figma component.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:design
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
componentKeystringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

figma.get_image_urls

Read bounded Figma image export URLs.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:design
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
fileKeystringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

figma.publish_library_note

Prepare a low-impact library note plan.

Contract fieldValue
Side-effect levelL2 - Draft, reversible, or low-impact write.
Policy actionwrite:design
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: message; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
fileKeystringyes-Connector-specific argument.
messagestringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.

GitHub (github)

GitHub engineering connector for issues, pull requests, repository files, and safe issue metadata writes.

FieldValue
Version0.1.0
Categoriesengineering
Data classesmetadata, source_code, tickets, pii
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts github
Fixture selfcheckbun run apps/connectors/src/index.ts github --fixture --selfcheck
Punk docshttps://docs.punk.local/connectors/github
Vendor docshttps://docs.github.com/en/rest

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenGitHub App installation tokenaccess_tokenGITHUB_TOKENmetadata:read, contents:read, issues:read, pull_requests:readissues:writeno
API tokenFine-grained personal access tokentokenGITHUB_TOKENMetadata: read, Contents: read, Issues: read/write, Pull requests: read-no

Scope/data-class map:

ScopeRequirementData classes
metadata:readrequiredmetadata
contents:readrequiredsource_code
issues:readrequiredtickets, pii
issues:writeoptionaltickets, pii
pull_requests:readrequiredsource_code, metadata
Metadata: readrequiredmetadata
Contents: readrequiredsource_code
Issues: read/writerequiredtickets, pii
Pull requests: readrequiredsource_code, metadata

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
github.search_issuesL1read:repononot declared60s / tenant / liverecordedno suppression neededquerySearch GitHub issues with bounded results.
github.get_issueL1read:repononot declared300s / tenant / slowrecordedno suppression needednumber, owner, repoFetch one GitHub issue by owner, repository, and issue number.
github.search_prsL1read:repononot declared60s / tenant / liverecordedno suppression neededquerySearch GitHub pull requests with bounded results.
github.get_prL1read:repononot declared180s / tenant / liverecordedno suppression needednumber, owner, repoFetch one GitHub pull request by owner, repository, and pull request number.
github.list_filesL1read:repononot declared300s / tenant / slowrecordedno suppression neededowner, repoList changed files for a pull request, or repository contents at a path/ref.
github.get_fileL1read:repononot declared600s / tenant / slowrecordedno suppression neededowner, path, repoFetch a bounded text file from a repository path/ref.
github.create_issueL3write:repoyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runowner, repo, titleCreate a GitHub issue. Dry-run is the default.
github.comment_issueL3write:repoyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbody, number, owner, repoAdd a comment to a GitHub issue or pull request. Dry-run is the default.
github.update_issueL3write:repoyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runnumber, owner, repoUpdate safe GitHub issue fields. Dry-run is the default.
github.add_labelsL2write:reponosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runlabels, number, owner, repoAdd labels to a GitHub issue or pull request. Dry-run is the default.

Tool details:

github.search_issues

Search GitHub issues with bounded results.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:repo
Approval required by defaultno
Idempotencynot declared
Cache60s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: items[].author; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
querystringyesmin length 1Search string or filter expression accepted by the connector.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeBodybooleanno-Optional body expansion. Defaults are bounded excerpts or metadata.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
ownerstringno-Connector-specific argument.
repostringno-Connector-specific argument.
statestringnoone of open, closed, allConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

github.get_issue

Fetch one GitHub issue by owner, repository, and issue number.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:repo
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: author, assignees[]; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
numberintegeryesmin 1Connector-specific argument.
ownerstringyesmin length 1Connector-specific argument.
repostringyesmin length 1Connector-specific argument.
includeBodybooleanno-Optional body expansion. Defaults are bounded excerpts or metadata.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

github.search_prs

Search GitHub pull requests with bounded results.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:repo
Approval required by defaultno
Idempotencynot declared
Cache60s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: items[].author; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
querystringyesmin length 1Search string or filter expression accepted by the connector.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeBodybooleanno-Optional body expansion. Defaults are bounded excerpts or metadata.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
ownerstringno-Connector-specific argument.
repostringno-Connector-specific argument.
statestringnoone of open, closed, merged, allConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

github.get_pr

Fetch one GitHub pull request by owner, repository, and pull request number.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:repo
Approval required by defaultno
Idempotencynot declared
Cache180s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: author; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
numberintegeryesmin 1Connector-specific argument.
ownerstringyesmin length 1Connector-specific argument.
repostringyesmin length 1Connector-specific argument.
includeBodybooleanno-Optional body expansion. Defaults are bounded excerpts or metadata.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

github.list_files

List changed files for a pull request, or repository contents at a path/ref.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:repo
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
ownerstringyesmin length 1Connector-specific argument.
repostringyesmin length 1Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
pathstringno-Connector-specific argument.
pullNumberintegernomin 1Connector-specific argument.
refstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

github.get_file

Fetch a bounded text file from a repository path/ref.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:repo
Approval required by defaultno
Idempotencynot declared
Cache600s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
ownerstringyesmin length 1Connector-specific argument.
pathstringyesmin length 1Connector-specific argument.
repostringyesmin length 1Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
maxBytesintegernomin 1; max 500000Maximum response bytes for content-like reads.
refstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

github.create_issue

Create a GitHub issue. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:repo
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body, assignees[]; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
ownerstringyesmin length 1Connector-specific argument.
repostringyesmin length 1Connector-specific argument.
titlestringyesmin length 1; max length 256Connector-specific argument.
assigneesarrayno-Connector-specific argument.
bodystringnomax length 20000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
labelsarrayno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

github.comment_issue

Add a comment to a GitHub issue or pull request. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:repo
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmin length 1; max length 20000Connector-specific argument.
numberintegeryesmin 1Connector-specific argument.
ownerstringyesmin length 1Connector-specific argument.
repostringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

github.update_issue

Update safe GitHub issue fields. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:repo
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
numberintegeryesmin 1Connector-specific argument.
ownerstringyesmin length 1Connector-specific argument.
repostringyesmin length 1Connector-specific argument.
bodystringnomax length 20000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
statestringnoone of open, closedConnector-specific argument.
titlestringnomax length 256Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

github.add_labels

Add labels to a GitHub issue or pull request. Dry-run is the default.

Contract fieldValue
Side-effect levelL2 - Draft, reversible, or low-impact write.
Policy actionwrite:repo
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
labelsarrayyes-Connector-specific argument.
numberintegeryesmin 1Connector-specific argument.
ownerstringyesmin length 1Connector-specific argument.
repostringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.

GitLab (gitlab)

GitLab engineering connector for project, issue, merge request, pipeline job, repository file, and safe issue metadata workflows.

FieldValue
Version0.1.0
Categoriesengineering
Data classesmetadata, source_code, tickets, pii
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts gitlab
Fixture selfcheckbun run apps/connectors/src/index.ts gitlab --fixture --selfcheck
Punk docshttps://docs.punk.local/connectors/gitlab
Vendor docshttps://docs.gitlab.com/api/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
API tokenGitLab personal, project, or group access tokentokenGITLAB_TOKEN, PUNK_GITLAB_TOKENread_apiapino

Scope/data-class map:

ScopeRequirementData classes
read_apirequiredmetadata, source_code, tickets, pii
apioptionaltickets, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
gitlab.search_projectsL1read:repononot declared300s / tenant / slowrecordedno suppression neededquerySearch GitLab projects with bounded results and optional namespace filters.
gitlab.get_projectL1read:repononot declared300s / tenant / slowrecordedno suppression neededprojectIdFetch GitLab project metadata by numeric id or full path.
gitlab.search_issuesL1read:ticketnonot declared60s / tenant / liverecordedno suppression neededquerySearch GitLab issues by project, group, query, state, and labels with bounded results.
gitlab.get_issueL1read:ticketnonot declared180s / tenant / liverecordedno suppression neededissueIid, projectIdFetch one GitLab issue by project and issue IID, with optional bounded notes.
gitlab.search_merge_requestsL1read:repononot declared60s / tenant / liverecordedno suppression neededquerySearch GitLab merge requests by project, group, query, state, labels, and branch with bounded results.
gitlab.get_merge_requestL1read:repononot declared180s / tenant / liverecordedno suppression neededmergeRequestIid, projectIdFetch one GitLab merge request by project and MR IID, with optional bounded diff summary.
gitlab.list_pipeline_jobsL1read:repononot declared60s / tenant / liverecordedno suppression neededprojectIdList GitLab project or pipeline jobs with bounded status metadata. Job logs are not fetched.
gitlab.get_fileL1read:repononot declared600s / tenant / slowrecordedno suppression neededpath, projectId, refFetch a bounded GitLab repository file by project, ref, and path. Oversized files and binary blobs are rejected unless explicitly allowed.
gitlab.create_issueL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runprojectId, titleCreate a GitLab issue. Dry-run is the default and live writes require explicit enablement.
gitlab.comment_issueL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbody, issueIid, projectIdAdd a visible note to a GitLab issue. Dry-run is the default and live writes require explicit enablement.
gitlab.update_issueL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runissueIid, projectIdUpdate safe GitLab issue fields: title, description, labels, and assignees. Dry-run is the default.
gitlab.add_labelsL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runissueIid, labels, projectIdAdd labels to a GitLab issue. Dry-run is the default and live writes require explicit enablement.

Tool details:

gitlab.search_projects

Search GitLab projects with bounded results and optional namespace filters.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:repo
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
querystringyesmin length 1Search string or filter expression accepted by the connector.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
namespaceIdanyno-Connector-specific argument.
namespacePathstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gitlab.get_project

Fetch GitLab project metadata by numeric id or full path.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:repo
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
projectIdanyyes-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gitlab.search_issues

Search GitLab issues by project, group, query, state, and labels with bounded results.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:ticket
Approval required by defaultno
Idempotencynot declared
Cache60s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: items[].author, items[].assignees[]; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
querystringyesmin length 1Search string or filter expression accepted by the connector.
cursorstringno-Opaque pagination cursor returned by a previous call.
groupIdanyno-Connector-specific argument.
includeDescriptionbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
labelsarrayno-Connector-specific argument.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
projectIdanyno-Connector-specific argument.
statestringnoone of opened, closed, allConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gitlab.get_issue

Fetch one GitLab issue by project and issue IID, with optional bounded notes.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:ticket
Approval required by defaultno
Idempotencynot declared
Cache180s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: issue.author, issue.assignees[], notes[].author; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
issueIidanyyes-Connector-specific argument.
projectIdanyyes-Connector-specific argument.
includeDescriptionbooleanno-Connector-specific argument.
includeNotesbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
notesLimitintegernomin 1; max 20Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gitlab.search_merge_requests

Search GitLab merge requests by project, group, query, state, labels, and branch with bounded results.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:repo
Approval required by defaultno
Idempotencynot declared
Cache60s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: items[].author; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
querystringyesmin length 1Search string or filter expression accepted by the connector.
cursorstringno-Opaque pagination cursor returned by a previous call.
groupIdanyno-Connector-specific argument.
includeDescriptionbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
labelsarrayno-Connector-specific argument.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
projectIdanyno-Connector-specific argument.
sourceBranchstringno-Connector-specific argument.
statestringnoone of opened, closed, merged, allConnector-specific argument.
targetBranchstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gitlab.get_merge_request

Fetch one GitLab merge request by project and MR IID, with optional bounded diff summary.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:repo
Approval required by defaultno
Idempotencynot declared
Cache180s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: mergeRequest.author; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
mergeRequestIidanyyes-Connector-specific argument.
projectIdanyyes-Connector-specific argument.
includeDescriptionbooleanno-Connector-specific argument.
includeDiffSummarybooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
maxDiffBytesintegernomin 1; max 250000Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gitlab.list_pipeline_jobs

List GitLab project or pipeline jobs with bounded status metadata. Job logs are not fetched.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:repo
Approval required by defaultno
Idempotencynot declared
Cache60s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: jobs[].user; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
projectIdanyyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
pipelineIdanyno-Connector-specific argument.
scopearrayno-Connector-specific argument.
statusstringnoone of created, pending, running, failed, success, canceled, skipped, manualConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gitlab.get_file

Fetch a bounded GitLab repository file by project, ref, and path. Oversized files and binary blobs are rejected unless explicitly allowed.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:repo
Approval required by defaultno
Idempotencynot declared
Cache600s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
pathstringyesmin length 1Connector-specific argument.
projectIdanyyes-Connector-specific argument.
refstringyesmin length 1Connector-specific argument.
allowBinarybooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
maxBytesintegernomin 1; max 500000Maximum response bytes for content-like reads.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gitlab.create_issue

Create a GitLab issue. Dry-run is the default and live writes require explicit enablement.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: description, assigneeIds[]; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
projectIdanyyes-Connector-specific argument.
titlestringyesmin length 1; max length 256Connector-specific argument.
assigneeIdsarrayno-Connector-specific argument.
descriptionstringnomax length 20000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
labelsarrayno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

gitlab.comment_issue

Add a visible note to a GitLab issue. Dry-run is the default and live writes require explicit enablement.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmin length 1; max length 20000Connector-specific argument.
issueIidanyyes-Connector-specific argument.
projectIdanyyes-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

gitlab.update_issue

Update safe GitLab issue fields: title, description, labels, and assignees. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: description, assigneeIds[]; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
issueIidanyyes-Connector-specific argument.
projectIdanyyes-Connector-specific argument.
assigneeIdsarrayno-Connector-specific argument.
descriptionstringnomax length 20000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
labelsarrayno-Connector-specific argument.
titlestringnomax length 256Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

gitlab.add_labels

Add labels to a GitLab issue. Dry-run is the default and live writes require explicit enablement.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
issueIidanyyes-Connector-specific argument.
labelsarrayyes-Connector-specific argument.
projectIdanyyes-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

Gong (gong)

Governed Gong revenue intelligence connector for calls, transcripts, users, trackers, activity, deal context, and controlled exports.

FieldValue
Version0.1.0
Categoriessales, crm, communications
Data classessales, recordings, communications, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts gong
Fixture selfcheckbun run apps/connectors/src/index.ts gong --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/gong
Vendor docshttps://help.gong.io/docs/what-the-gong-api-provides

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Basic/API tokenGong access key and secretaccessKeySecretGONG_ACCESS_TOKENapi:calls:read, api:users:readapi:calls:writeno

Scope/data-class map:

ScopeRequirementData classes
api:calls:readrequiredrecordings, communications
api:users:readrequiredpii
api:calls:writeoptionalrecordings

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
gong.list_callsL1read:salesnonot declared300s / subject / slowrecordedno suppression needednoneList Gong calls.
gong.get_callL1read:salesnonot declared300s / subject / slowrecordedno suppression neededcallIdRead Gong call metadata.
gong.get_transcriptL1read:salesnonot declared300s / subject / slowrecordedno suppression neededcallIdRead bounded Gong transcript text.
gong.list_usersL1read:salesnonot declared300s / tenant / slowrecordedno suppression needednoneList Gong users.
gong.list_trackersL1read:salesnonot declared300s / tenant / slowrecordedno suppression needednoneList Gong trackers.
gong.list_activityL1read:salesnonot declared300s / subject / slowrecordedno suppression needednoneList account activity.
gong.list_deal_callsL1read:salesnonot declared300s / subject / slowrecordedno suppression neededdealIdList calls linked to a deal.
gong.export_transcriptL3write:salesnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runcallIdCreate a governed transcript export plan.
gong.add_call_commentL3write:salesnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runcallId, textAdd a Gong call comment.
gong.import_call_recordingL4write:salesyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runidempotencyKey, sourceUrlImport an external recording after approval.

Tool details:

gong.list_calls

List Gong calls.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:sales
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gong.get_call

Read Gong call metadata.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:sales
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
callIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gong.get_transcript

Read bounded Gong transcript text.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:sales
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: text; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
callIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gong.list_users

List Gong users.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:sales
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gong.list_trackers

List Gong trackers.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:sales
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gong.list_activity

List account activity.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:sales
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gong.list_deal_calls

List calls linked to a deal.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:sales
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
dealIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gong.export_transcript

Create a governed transcript export plan.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:sales
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
callIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

gong.add_call_comment

Add a Gong call comment.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:sales
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: text; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
callIdstring | number | boolean | object | arrayyes-Connector-specific argument.
textstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

gong.import_call_recording

Import an external recording after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:sales
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
sourceUrlstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Google Workspace (google-workspace)

Governed Google Workspace tools for Gmail, Drive, and Calendar context gathering plus bounded user-visible writes.

FieldValue
Version0.1.0-draft
Categoriesproductivity, support
Data classesemail, documents, calendar, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts google-workspace
Fixture selfcheckbun run apps/connectors/src/index.ts google-workspace --fixture --selfcheck
Punk docshttps://punk.local/docs/connectors/google-workspace
Vendor docshttps://developers.google.com/workspace

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0Delegated user OAuthaccess_tokenGOOGLE_WORKSPACE_ACCESS_TOKENhttps://www.googleapis.com/auth/gmail.readonly, https://www.googleapis.com/auth/gmail.compose, https://www.googleapis.com/auth/gmail.send, https://www.googleapis.com/auth/gmail.modify, https://www.googleapis.com/auth/drive.metadata.readonly, https://www.googleapis.com/auth/drive.readonly, https://www.googleapis.com/auth/drive.file, https://www.googleapis.com/auth/calendar.events.readonly, https://www.googleapis.com/auth/calendar.events-yes

Scope/data-class map:

ScopeRequirementData classes
https://www.googleapis.com/auth/gmail.readonlyrequiredemail, pii
https://www.googleapis.com/auth/gmail.composerequiredemail, pii
https://www.googleapis.com/auth/gmail.sendrequiredemail, pii
https://www.googleapis.com/auth/gmail.modifyrequiredemail, pii
https://www.googleapis.com/auth/drive.metadata.readonlyrequireddocuments, metadata
https://www.googleapis.com/auth/drive.readonlyrequireddocuments, pii
https://www.googleapis.com/auth/drive.filerequireddocuments, pii
https://www.googleapis.com/auth/calendar.events.readonlyrequiredcalendar, pii
https://www.googleapis.com/auth/calendar.eventsrequiredcalendar, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
gmail.search_messagesL1read:emailnonot declared60s / subject / liverecordedno suppression neededquerySearch Gmail messages and return bounded snippets by default. Full body retrieval is opt-in.
gmail.get_messageL1read:emailnonot declared300s / subject / slowrecordedno suppression neededmessageIdGet one Gmail message by ID with body text only when requested.
gmail.get_threadL1read:emailnonot declared120s / subject / slowrecordedno suppression neededthreadIdGet messages in a Gmail thread with bounded optional body text.
gmail.create_draftL2write:emailnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbodyText, subject, toCreate a Gmail draft. dryRun defaults to true and returns the planned draft without writing.
gmail.send_emailL3write:emailyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbodyText, subject, toSend a user-visible email. dryRun defaults to true and approval is recommended.
gmail.modify_labelsL2write:emailnonot declared0s / none / livedry_runsuppressed, dry-runmessageIdsAdd or remove labels for one or more Gmail messages. dryRun defaults to true.
drive.search_filesL1read:documentnonot declared120s / subject / slowrecordedno suppression needednoneSearch Google Drive metadata and return normalized file summaries.
drive.get_file_metadataL1read:documentnonot declared600s / subject / slowrecordedno suppression neededfileIdGet normalized Google Drive file metadata without file contents.
drive.export_file_textL1read:documentnonot declared600s / subject / slowrecordedno suppression neededfileIdExport a Google Workspace file to bounded text. Large exports are truncated.
drive.create_commentL3write:documentyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runcontent, fileIdCreate a user-visible Google Drive comment. dryRun defaults to true.
drive.reply_commentL3write:documentyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runcommentId, content, fileIdReply to a Google Drive comment. dryRun defaults to true.
calendar.list_eventsL1read:calendarnonot declared60s / subject / liverecordedno suppression needednoneList bounded Google Calendar events in a time window.
calendar.find_availabilityL1read:calendarnonot declared30s / subject / liverecordedno suppression neededtimeMax, timeMinFind open slots from Google Calendar free/busy data.
calendar.create_eventL3write:calendaryessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runend, start, summaryCreate a user-visible calendar event. dryRun defaults to true.
calendar.update_eventL3write:calendaryessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runeventIdUpdate a user-visible calendar event. dryRun defaults to true.

Tool details:

gmail.search_messages

Search Gmail messages and return bounded snippets by default. Full body retrieval is opt-in.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:email
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: messages.from, messages.to, messages.subject, messages.snippet, messages.bodyText; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
querystringyesmin length 1; max length 1000Search string or filter expression accepted by the connector.
includeBodybooleanno-Optional body expansion. Defaults are bounded excerpts or metadata.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
maxBodyBytesintegernomin 0; max 20000Connector-specific argument.
pageTokenstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gmail.get_message

Get one Gmail message by ID with body text only when requested.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:email
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: from, to, subject, snippet, bodyText; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
messageIdstringyesmin length 1Connector-specific argument.
includeBodybooleanno-Optional body expansion. Defaults are bounded excerpts or metadata.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
maxBodyBytesintegernomin 0; max 50000Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gmail.get_thread

Get messages in a Gmail thread with bounded optional body text.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:email
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: messages.from, messages.to, messages.subject, messages.snippet, messages.bodyText; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
threadIdstringyesmin length 1Connector-specific argument.
includeBodybooleanno-Optional body expansion. Defaults are bounded excerpts or metadata.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
maxBodyBytesintegernomin 0; max 50000Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

gmail.create_draft

Create a Gmail draft. dryRun defaults to true and returns the planned draft without writing.

Contract fieldValue
Side-effect levelL2 - Draft, reversible, or low-impact write.
Policy actionwrite:email
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: to, cc, bcc, subject, bodyText; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodyTextstringyesmin length 1; max length 20000Connector-specific argument.
subjectstringyesmin length 1; max length 500Connector-specific argument.
toarrayyes-Connector-specific argument.
bccarrayno-Connector-specific argument.
ccarrayno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 120Stable caller-provided key used to dedupe write execution.
inReplyToMessageIdstringno-Connector-specific argument.

Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.

gmail.send_email

Send a user-visible email. dryRun defaults to true and approval is recommended.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:email
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: to, cc, bcc, subject, bodyText; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodyTextstringyesmin length 1; max length 20000Connector-specific argument.
subjectstringyesmin length 1; max length 500Connector-specific argument.
toarrayyes-Connector-specific argument.
bccarrayno-Connector-specific argument.
ccarrayno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 120Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

gmail.modify_labels

Add or remove labels for one or more Gmail messages. dryRun defaults to true.

Contract fieldValue
Side-effect levelL2 - Draft, reversible, or low-impact write.
Policy actionwrite:email
Approval required by defaultno
Idempotencynot declared
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
messageIdsarrayyes-Connector-specific argument.
addLabelIdsarrayno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
removeLabelIdsarrayno-Connector-specific argument.

Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.

drive.search_files

Search Google Drive metadata and return normalized file summaries.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:document
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: files.name, files.owner; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
includeTrashedbooleanno-Connector-specific argument.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
mimeTypesarrayno-Connector-specific argument.
pageTokenstringno-Connector-specific argument.
querystringnomax length 1000Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

drive.get_file_metadata

Get normalized Google Drive file metadata without file contents.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:document
Approval required by defaultno
Idempotencynot declared
Cache600s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: name, owner, permissions; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
fileIdstringyesmin length 1Connector-specific argument.
includePermissionsbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

drive.export_file_text

Export a Google Workspace file to bounded text. Large exports are truncated.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:document
Approval required by defaultno
Idempotencynot declared
Cache600s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: text; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
fileIdstringyesmin length 1Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
maxBytesintegernomin 1; max 250000Maximum response bytes for content-like reads.
mimeTypestringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

drive.create_comment

Create a user-visible Google Drive comment. dryRun defaults to true.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:document
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: content, quotedText; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
contentstringyesmin length 1; max length 4000Connector-specific argument.
fileIdstringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 120Stable caller-provided key used to dedupe write execution.
quotedTextstringnomax length 1000Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

drive.reply_comment

Reply to a Google Drive comment. dryRun defaults to true.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:document
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: content; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
commentIdstringyesmin length 1Connector-specific argument.
contentstringyesmin length 1; max length 4000Connector-specific argument.
fileIdstringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 120Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

calendar.list_events

List bounded Google Calendar events in a time window.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:calendar
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: events.summary, events.description, events.attendees; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
calendarIdstringno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
pageTokenstringno-Connector-specific argument.
querystringnomax length 500Search string or filter expression accepted by the connector.
timeMaxstringno-Connector-specific argument.
timeMinstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

calendar.find_availability

Find open slots from Google Calendar free/busy data.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:calendar
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: busy; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
timeMaxstringyes-Connector-specific argument.
timeMinstringyes-Connector-specific argument.
calendarIdsarrayno-Connector-specific argument.
durationMinutesintegernomin 5; max 480Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 20Maximum items to return. Connectors bound this value even when callers provide a larger number.
timeZonestringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

calendar.create_event

Create a user-visible calendar event. dryRun defaults to true.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:calendar
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: summary, description, attendees, location; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
endstringyes-Connector-specific argument.
startstringyes-Connector-specific argument.
summarystringyesmin length 1; max length 500Connector-specific argument.
attendeesarrayno-Connector-specific argument.
calendarIdstringno-Connector-specific argument.
descriptionstringnomax length 4000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 120Stable caller-provided key used to dedupe write execution.
locationstringnomax length 500Connector-specific argument.
sendUpdatesanynoone of none, all, externalOnlyConnector-specific argument.
timeZonestringno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

calendar.update_event

Update a user-visible calendar event. dryRun defaults to true.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:calendar
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: summary, description, attendees, location; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
eventIdstringyesmin length 1Connector-specific argument.
attendeesarrayno-Connector-specific argument.
calendarIdstringno-Connector-specific argument.
descriptionstringnomax length 4000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
endstringno-Connector-specific argument.
idempotencyKeystringnomax length 120Stable caller-provided key used to dedupe write execution.
locationstringnomax length 500Connector-specific argument.
sendUpdatesanynoone of none, all, externalOnlyConnector-specific argument.
startstringno-Connector-specific argument.
summarystringnomax length 500Connector-specific argument.
timeZonestringno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

Greenhouse (greenhouse)

Governed Greenhouse recruiting connector for jobs, candidates, applications, interviews, offers, scorecards, notes, and stage movement.

FieldValue
Version0.1.0
Categoriesrecruiting, hr
Data classesrecruiting, hr, pii, comments, audit, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts greenhouse
Fixture selfcheckbun run apps/connectors/src/index.ts greenhouse --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/greenhouse
Vendor docshttps://developers.greenhouse.io/harvest.html

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0Greenhouse Harvest OAuth or API tokenaccessTokenGREENHOUSE_ACCESS_TOKENjobs:read, candidates:readcandidates:writeyes

Scope/data-class map:

ScopeRequirementData classes
jobs:readrequiredrecruiting
candidates:readrequiredrecruiting, pii
candidates:writeoptionalrecruiting, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
greenhouse.list_jobsL1read:recruitingnonot declared300s / tenant / slowrecordedno suppression needednoneList Greenhouse jobs.
greenhouse.search_candidatesL1read:recruitingnonot declared300s / subject / slowrecordedno suppression needednoneSearch candidates with PII redaction.
greenhouse.get_candidateL1read:recruitingnonot declared300s / subject / slowrecordedno suppression neededcandidateIdRead one candidate.
greenhouse.list_applicationsL1read:recruitingnonot declared300s / subject / slowrecordedno suppression needednoneList applications.
greenhouse.list_interviewsL1read:recruitingnonot declared300s / subject / slowrecordedno suppression neededapplicationIdList interviews.
greenhouse.list_offersL1read:recruitingnonot declared300s / subject / slowrecordedno suppression neededapplicationIdList offers.
greenhouse.list_scorecardsL1read:recruitingnonot declared300s / subject / slowrecordedno suppression neededapplicationIdList interview scorecards.
greenhouse.add_noteL3write:recruitingnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbody, candidateIdAdd a recruiting note.
greenhouse.update_candidateL3write:recruitingnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runcandidateIdUpdate candidate fields.
greenhouse.move_application_stageL4write:recruitingyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runapplicationId, idempotencyKey, stageIdMove an application to a new hiring stage after approval.

Tool details:

greenhouse.list_jobs

List Greenhouse jobs.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:recruiting
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

greenhouse.search_candidates

Search candidates with PII redaction.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:recruiting
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

greenhouse.get_candidate

Read one candidate.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:recruiting
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
candidateIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

greenhouse.list_applications

List applications.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:recruiting
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

greenhouse.list_interviews

List interviews.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:recruiting
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
applicationIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

greenhouse.list_offers

List offers.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:recruiting
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
applicationIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

greenhouse.list_scorecards

List interview scorecards.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:recruiting
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
applicationIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

greenhouse.add_note

Add a recruiting note.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:recruiting
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystring | number | boolean | object | arrayyes-Connector-specific argument.
candidateIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

greenhouse.update_candidate

Update candidate fields.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:recruiting
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
candidateIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

greenhouse.move_application_stage

Move an application to a new hiring stage after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:recruiting
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
applicationIdstring | number | boolean | object | arrayyes-Connector-specific argument.
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
stageIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

HubSpot (hubspot)

Sales and customer context connector for HubSpot CRM with governed read tools and level 3 CRM writes.

FieldValue
Version0.1.0-draft
Categoriescrm, support
Data classescrm, pii, tickets, billing
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts hubspot
Fixture selfcheckbun run apps/connectors/src/index.ts hubspot --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/hubspot
Vendor docshttps://developers.hubspot.com/docs/api/crm/understanding-the-crm

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0HubSpot OAuth public appaccessTokenPUNK_HUBSPOT_ACCESS_TOKENcrm.objects.contacts.read, crm.objects.contacts.write, crm.objects.companies.read, crm.objects.companies.write, crm.objects.deals.read, crm.objects.deals.write, crm.objects.tickets.read, crm.objects.tickets.write, crm.objects.notes.write, crm.objects.tasks.write-yes
API tokenHubSpot private app tokenaccessTokenPUNK_HUBSPOT_ACCESS_TOKEN--no

Scope/data-class map:

ScopeRequirementData classes
crm.objects.contacts.readrequiredcrm, pii
crm.objects.contacts.writerequiredcrm, pii
crm.objects.companies.readrequiredcrm
crm.objects.companies.writerequiredcrm
crm.objects.deals.readrequiredcrm, billing
crm.objects.deals.writerequiredcrm, billing
crm.objects.tickets.readrequiredcrm, tickets
crm.objects.tickets.writerequiredcrm, tickets
crm.objects.notes.writerequiredcrm
crm.objects.tasks.writerequiredcrm

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
hubspot.search_contactsL1read:crmnonot declared60s / subject / liverecordedno suppression needednoneSearch HubSpot contacts by name, email, company, or title. Body and raw vendor payloads are excluded unless explicitly requested.
hubspot.search_companiesL1read:crmnonot declared120s / subject / liverecordedno suppression needednoneSearch HubSpot companies by name, domain, owner, tier, or risk note.
hubspot.search_dealsL1read:crmnonot declared60s / subject / liverecordedno suppression needednoneSearch HubSpot deals by deal name, company, owner, or stage.
hubspot.search_ticketsL1read:crmnonot declared30s / subject / liverecordedno suppression needednoneSearch HubSpot support tickets by subject, company, requester, status, or priority.
hubspot.get_objectL1read:crmnonot declared300s / subject / slowrecordedno suppression neededobjectId, objectTypeGet one allowlisted HubSpot CRM object by id. Allowed object types are contacts, companies, deals, and tickets.
hubspot.create_noteL3write:crmyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbody, objectId, objectTypeCreate an internal HubSpot CRM note associated with an allowlisted CRM object. This is a level 3 CRM write.
hubspot.update_contactL3write:crmyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runcontactId, propertiesUpdate allowlisted HubSpot contact properties only. Disallowed fields are rejected before vendor calls.
hubspot.update_companyL3write:crmyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runcompanyId, propertiesUpdate allowlisted HubSpot company properties only. Disallowed fields are rejected before vendor calls.
hubspot.create_taskL3write:crmyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runobjectId, objectType, titleCreate a HubSpot CRM task associated with an allowlisted object. This is a level 3 user-visible CRM write.

Tool details:

hubspot.search_contacts

Search HubSpot contacts by name, email, company, or title. Body and raw vendor payloads are excluded unless explicitly requested.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email, phone; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
fieldsarrayno-Optional read field allowlist.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search text such as email, name, company, or title.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

hubspot.search_companies

Search HubSpot companies by name, domain, owner, tier, or risk note.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
fieldsarrayno-Optional read field allowlist.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search text such as company name, domain, owner, or risk note.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

hubspot.search_deals

Search HubSpot deals by deal name, company, owner, or stage.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

hubspot.search_tickets

Search HubSpot support tickets by subject, company, requester, status, or priority.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: requesterEmail; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

hubspot.get_object

Get one allowlisted HubSpot CRM object by id. Allowed object types are contacts, companies, deals, and tickets.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email, phone, requesterEmail; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
objectIdstringyes-Connector-specific argument.
objectTypestringyesone of contacts, companies, deals, ticketsConnector-specific argument.
fieldsarrayno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

hubspot.create_note

Create an internal HubSpot CRM note associated with an allowlisted CRM object. This is a level 3 CRM write.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:crm
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmax length 5000Connector-specific argument.
objectIdstringyes-Connector-specific argument.
objectTypestringyesone of contacts, companies, deals, ticketsConnector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

hubspot.update_contact

Update allowlisted HubSpot contact properties only. Disallowed fields are rejected before vendor calls.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:crm
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: properties.email, properties.phone; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
contactIdstringyes-Connector-specific argument.
propertiesobjectyes-Only firstname, lastname, email, phone, jobtitle, lifecyclestage, and hubspot_owner_id are allowed.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

hubspot.update_company

Update allowlisted HubSpot company properties only. Disallowed fields are rejected before vendor calls.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:crm
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: properties.domain, properties.phone; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
companyIdstringyes-Connector-specific argument.
propertiesobjectyes-Only name, domain, phone, city, state, industry, lifecyclestage, and hubspot_owner_id are allowed.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

hubspot.create_task

Create a HubSpot CRM task associated with an allowlisted object. This is a level 3 user-visible CRM write.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:crm
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
objectIdstringyes-Connector-specific argument.
objectTypestringyesone of contacts, companies, deals, ticketsConnector-specific argument.
titlestringyesmax length 300Connector-specific argument.
bodystringnomax length 5000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
dueAtstringno-ISO timestamp or yyyy-mm-dd date accepted by HubSpot task timestamp properties.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
ownerIdstringno-Connector-specific argument.
prioritystringnoone of LOW, MEDIUM, HIGHConnector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

Intercom (intercom)

Managed Intercom connector for governed conversation, contact, note, tag, reply, and assignment workflows.

FieldValue
Version0.1.0
Categoriessupport, crm
Data classesmetadata, pii, email, chat, crm
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts intercom
Fixture selfcheckbun run apps/connectors/src/index.ts intercom --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/intercom
Vendor docshttps://developers.intercom.com/docs/references/rest-api/api.intercom.io/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenIntercom access tokenaccessTokenPUNK_INTERCOM_ACCESS_TOKENread_conversations, read_contactswrite_conversations, write_contactsno
OAuth 2.0Intercom OAuth access tokenaccessTokenPUNK_INTERCOM_ACCESS_TOKEN--no

Scope/data-class map:

ScopeRequirementData classes
read_conversationsrequiredchat, pii
write_conversationsoptionalchat, pii
read_contactsrequiredcrm, pii, email
write_contactsoptionalcrm, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
intercom.list_conversationsL1read:chatnonot declared30s / subject / liverecordedno suppression needednoneList Intercom conversations with bounded pagination and optional state/open filters.
intercom.search_conversationsL1read:chatnonot declared30s / subject / liverecordedno suppression needednoneSearch Intercom conversations using the official conversations search endpoint.
intercom.get_conversationL1read:chatnonot declared60s / subject / liverecordedno suppression neededconversationIdRetrieve an Intercom conversation by id with normalized source, contacts, assignee, and parts.
intercom.search_contactsL1read:crmnonot declared120s / subject / slowrecordedno suppression needednoneSearch Intercom contacts by explicit query object or email/name/external-id text.
intercom.get_contactL1read:crmnonot declared120s / subject / slowrecordedno suppression neededcontactIdRetrieve an Intercom contact by id.
intercom.create_contact_noteL3write:crmyesnot supported0s / none / livedry_runsuppressed, dry-runbody, contactIdCreate an internal note on an Intercom contact. Writes default to dry-run.
intercom.tag_contactL3write:crmyesnot supported0s / none / livedry_runsuppressed, dry-runcontactIdAttach an existing Intercom tag, or create by name then attach, to a contact. Writes default to dry-run.
intercom.reply_conversationL3write:chatyesnot supported0s / none / livedry_runsuppressed, dry-runbody, conversationId, messageTypeReply to an Intercom conversation as an admin comment or internal note. Writes default to dry-run.
intercom.assign_conversationL3write:chatyesnot supported0s / none / livedry_runsuppressed, dry-runassigneeId, conversationIdAssign an Intercom conversation to an admin or team through a conversation part. Writes default to dry-run.

Tool details:

intercom.list_conversations

List Intercom conversations with bounded pagination and optional state/open filters.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:chat
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: conversations.source.body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
openbooleanno-Connector-specific argument.
statestringnoone of open, closed, snoozedConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

intercom.search_conversations

Search Intercom conversations using the official conversations search endpoint.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:chat
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: conversations.source.body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
queryobjectno-Search string or filter expression accepted by the connector.
textstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

intercom.get_conversation

Retrieve an Intercom conversation by id with normalized source, contacts, assignee, and parts.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:chat
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: conversation.source.body, conversation.parts; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
conversationIdstringyes-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

intercom.search_contacts

Search Intercom contacts by explicit query object or email/name/external-id text.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: contacts.email, contacts.name; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
queryobjectno-Search string or filter expression accepted by the connector.
textstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

intercom.get_contact

Retrieve an Intercom contact by id.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: contact.email, contact.name; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
contactIdstringyes-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

intercom.create_contact_note

Create an internal note on an Intercom contact. Writes default to dry-run.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:crm
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmax length 10000Connector-specific argument.
contactIdstringyes-Connector-specific argument.
adminIdstringno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

intercom.tag_contact

Attach an existing Intercom tag, or create by name then attach, to a contact. Writes default to dry-run.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:crm
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: tagName; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
contactIdstringyes-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
tagIdstringno-Connector-specific argument.
tagNamestringno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

intercom.reply_conversation

Reply to an Intercom conversation as an admin comment or internal note. Writes default to dry-run.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:chat
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmax length 10000Connector-specific argument.
conversationIdstringyes-Connector-specific argument.
messageTypestringyesone of comment, noteConnector-specific argument.
adminIdstringno-Connector-specific argument.
attachmentUrlsarrayno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

intercom.assign_conversation

Assign an Intercom conversation to an admin or team through a conversation part. Writes default to dry-run.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:chat
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
assigneeIdstringyes-Connector-specific argument.
conversationIdstringyes-Connector-specific argument.
adminIdstringno-Connector-specific argument.
bodystringnomax length 10000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

Kubernetes (kubernetes)

Governed Kubernetes connector for runtime state, events, logs, rollout context, dry-run operational changes, and approval-gated destructive actions.

FieldValue
Version0.1.0
Categoriesinfrastructure, cloud, observability
Data classeskubernetes, infrastructure, logs, telemetry, metadata, secrets
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts kubernetes
Fixture selfcheckbun run apps/connectors/src/index.ts kubernetes --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/kubernetes
Vendor docshttps://kubernetes.io/docs/concepts/overview/kubernetes-api/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenKubernetes API bearer tokenaccessTokenKUBERNETES_ACCESS_TOKENget,list,watchpatch,update, deleteno

Scope/data-class map:

ScopeRequirementData classes
get,list,watchrequiredkubernetes, logs
patch,updateoptionalkubernetes
deleteoptionalkubernetes

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
kubernetes.list_namespacesL1read:infrastructurenonot declared300s / tenant / slowrecordedno suppression needednoneList Kubernetes namespaces.
kubernetes.list_podsL1read:infrastructurenonot declared300s / subject / slowrecordedno suppression needednamespaceList pods in a namespace.
kubernetes.list_deploymentsL1read:infrastructurenonot declared300s / tenant / slowrecordedno suppression needednamespaceList deployments in a namespace.
kubernetes.list_servicesL1read:infrastructurenonot declared300s / tenant / slowrecordedno suppression needednamespaceList services in a namespace.
kubernetes.list_eventsL1read:infrastructurenonot declared60s / subject / liverecordedno suppression needednamespaceList events in a namespace.
kubernetes.get_pod_logsL1read:infrastructurenonot declared30s / subject / liverecordedno suppression needednamespace, podNameRead bounded pod logs.
kubernetes.get_rollout_statusL1read:infrastructurenonot declared300s / subject / slowrecordedno suppression neededdeployment, namespaceRead rollout status for a deployment.
kubernetes.scale_deploymentL3write:infrastructurenosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-rundeployment, namespaceDry-run or apply deployment replica changes.
kubernetes.restart_deploymentL3write:infrastructurenosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-rundeployment, namespaceDry-run or restart a deployment rollout.
kubernetes.patch_resourceL3write:infrastructurenosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runapiVersion, kind, name, namespacePatch an allowlisted Kubernetes resource.
kubernetes.delete_resourceL4write:infrastructureyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runapiVersion, idempotencyKey, kind, name, namespaceDelete a Kubernetes resource after approval.
kubernetes.rollback_deploymentL4write:infrastructureyessupported via idempotencyKey0s / none / liveneversuppressed, dry-rundeployment, idempotencyKey, namespaceRollback a deployment after approval.

Tool details:

kubernetes.list_namespaces

List Kubernetes namespaces.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:infrastructure
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

kubernetes.list_pods

List pods in a namespace.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:infrastructure
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
namespacestring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

kubernetes.list_deployments

List deployments in a namespace.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:infrastructure
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
namespacestring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

kubernetes.list_services

List services in a namespace.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:infrastructure
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
namespacestring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

kubernetes.list_events

List events in a namespace.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:infrastructure
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
namespacestring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

kubernetes.get_pod_logs

Read bounded pod logs.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:infrastructure
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
namespacestring | number | boolean | object | arrayyes-Connector-specific argument.
podNamestring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

kubernetes.get_rollout_status

Read rollout status for a deployment.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:infrastructure
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
deploymentstring | number | boolean | object | arrayyes-Connector-specific argument.
namespacestring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

kubernetes.scale_deployment

Dry-run or apply deployment replica changes.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:infrastructure
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
deploymentstring | number | boolean | object | arrayyes-Connector-specific argument.
namespacestring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

kubernetes.restart_deployment

Dry-run or restart a deployment rollout.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:infrastructure
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
deploymentstring | number | boolean | object | arrayyes-Connector-specific argument.
namespacestring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

kubernetes.patch_resource

Patch an allowlisted Kubernetes resource.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:infrastructure
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
apiVersionstring | number | boolean | object | arrayyes-Connector-specific argument.
kindstring | number | boolean | object | arrayyes-Connector-specific argument.
namestring | number | boolean | object | arrayyes-Connector-specific argument.
namespacestring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

kubernetes.delete_resource

Delete a Kubernetes resource after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:infrastructure
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
apiVersionstring | number | boolean | object | arrayyes-Connector-specific argument.
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
kindstring | number | boolean | object | arrayyes-Connector-specific argument.
namestring | number | boolean | object | arrayyes-Connector-specific argument.
namespacestring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

kubernetes.rollback_deployment

Rollback a deployment after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:infrastructure
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
deploymentstring | number | boolean | object | arrayyes-Connector-specific argument.
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
namespacestring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Lightfield (lightfield)

Governed Lightfield CRM connector for account/contact/opportunity context, schema discovery, and dry-run-first CRM notes and tasks.

FieldValue
Version0.1.0
Categoriescrm, support
Data classescrm, pii, tickets, billing, calendar, metadata, identity
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts lightfield
Fixture selfcheckbun run apps/connectors/src/index.ts lightfield --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/lightfield
Vendor docshttps://docs.lightfield.app/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
API tokenLightfield API keyapi_keyLIGHTFIELD_API_KEY, PUNK_LIGHTFIELD_API_KEYaccounts:read, contacts:read, opportunities:readtasks:read, notes:read, meetings:read, lists:read, members:read, notes:create, tasks:createno

Scope/data-class map:

ScopeRequirementData classes
accounts:readrequiredcrm
contacts:readrequiredcrm, pii
opportunities:readrequiredcrm, billing
tasks:readoptionalcrm
notes:readoptionalcrm, pii
meetings:readoptionalcrm, calendar, pii
lists:readoptionalmetadata
members:readoptionalidentity, pii
notes:createoptionalcrm, pii
tasks:createoptionalcrm, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
lightfield.validate_keyL1read:identitynonot declared300s / tenant / slowrecordedno suppression needednoneValidate the configured Lightfield API key and return non-secret metadata such as subject type and granted scopes.
lightfield.get_definitionsL1read:crmnonot declared3600s / tenant / staticrecordedno suppression neededobjectTypeRead field and relationship definitions for a supported Lightfield CRM object type.
lightfield.list_recordsL1read:crmnonot declared30s / subject / liverecordedno suppression neededobjectTypeList supported Lightfield records with bounded pagination and optional field or relationship filters.
lightfield.get_recordL1read:crmnonot declared120s / subject / liverecordedno suppression neededid, objectTypeRetrieve one supported Lightfield record by id.
lightfield.create_noteL3write:crmyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runtitleCreate a Lightfield note linked to CRM records. dryRun defaults to true; live writes require explicit enablement and an idempotency key.
lightfield.create_taskL3write:crmyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runassignedTo, titleCreate a Lightfield task assigned to a member and optionally linked to account or opportunity records. dryRun defaults to true; live writes require explicit enablement and an idempotency key.

Tool details:

lightfield.validate_key

Validate the configured Lightfield API key and return non-secret metadata such as subject type and granted scopes.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:identity
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: api_key, authorization

Input contract:

  • This tool does not declare named input fields.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

lightfield.get_definitions

Read field and relationship definitions for a supported Lightfield CRM object type.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache3600s / tenant / static
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
objectTypestringyesone of account, contact, opportunity, task, noteConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

lightfield.list_records

List supported Lightfield records with bounded pagination and optional field or relationship filters.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: records[].fields, records[].relationships; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
objectTypestringyesone of account, contact, opportunity, task, note, meeting, list, memberConnector-specific argument.
filtersobjectno-Optional Lightfield filter query parameters such as "$name[equal]" or "$account[contains]".
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
offsetintegernomin 0Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

lightfield.get_record

Retrieve one supported Lightfield record by id.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: fields, relationships; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
idstringyesmin length 1Connector-specific argument.
objectTypestringyesone of account, contact, opportunity, task, note, meeting, list, memberConnector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

lightfield.create_note

Create a Lightfield note linked to CRM records. dryRun defaults to true; live writes require explicit enablement and an idempotency key.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:crm
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: content, relationships; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
titlestringyesmin length 1; max length 255Connector-specific argument.
contentstringnomax length 10000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.
relationshipsobjectno-Optional relationship keys such as "$account", "$contact", or "$opportunity".

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

lightfield.create_task

Create a Lightfield task assigned to a member and optionally linked to account or opportunity records. dryRun defaults to true; live writes require explicit enablement and an idempotency key.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:crm
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: description, relationships; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
assignedToanyyes-Connector-specific argument.
titlestringyesmin length 1; max length 255Connector-specific argument.
accountanyno-Connector-specific argument.
descriptionstringnomax length 10000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
dueAtstringno-ISO 8601 due datetime.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.
opportunityanyno-Connector-specific argument.
relationshipsobjectno-Additional Lightfield relationship keys. System keys should include the $ prefix.
statusstringnoone of TODO, IN_PROGRESS, COMPLETE, CANCELLEDConnector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

Linear (linear)

Linear connector for engineering issue search, task creation, comments, assignment, and safe status updates.

FieldValue
Version0.1.0
Categoriesengineering
Data classestickets, metadata, pii
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts linear
Fixture selfcheckbun run apps/connectors/src/index.ts linear --fixture --selfcheck
Punk docshttps://docs.punk.local/connectors/linear
Vendor docshttps://developers.linear.app/docs/graphql/working-with-the-graphql-api

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0Linear OAuthaccess_tokenLINEAR_ACCESS_TOKENread, write-no
API tokenLinear API keyapi_keyLINEAR_API_KEYworkspace-no

Scope/data-class map:

ScopeRequirementData classes
readrequiredtickets, metadata, pii
writerequiredtickets, pii
workspacerequiredtickets, metadata, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
linear.search_issuesL1read:ticketnonot declared60s / tenant / liverecordedno suppression neededquerySearch Linear issues by text with optional team filter.
linear.get_issueL1read:ticketnonot declared180s / tenant / liverecordedno suppression neededidFetch one Linear issue by id or identifier.
linear.list_teamsL1read:ticketnonot declared3600s / tenant / slowrecordedno suppression needednoneList Linear teams for team allowlist setup and issue routing.
linear.create_issueL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runteamId, titleCreate a Linear issue. Dry-run is the default.
linear.comment_issueL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbody, issueIdAdd a comment to a Linear issue. Dry-run is the default.
linear.update_issueL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runissueIdUpdate safe Linear issue fields. Dry-run is the default.
linear.assign_issueL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runassigneeId, issueIdAssign a Linear issue to a user. Dry-run is the default.

Tool details:

linear.search_issues

Search Linear issues by text with optional team filter.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:ticket
Approval required by defaultno
Idempotencynot declared
Cache60s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: items[].assigneeName; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
querystringyesmin length 1Search string or filter expression accepted by the connector.
assigneeIdstringno-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeDescriptionbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
statestringno-Connector-specific argument.
teamKeystringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

linear.get_issue

Fetch one Linear issue by id or identifier.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:ticket
Approval required by defaultno
Idempotencynot declared
Cache180s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: assigneeName; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
idstringyesmin length 1Connector-specific argument.
includeDescriptionbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

linear.list_teams

List Linear teams for team allowlist setup and issue routing.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:ticket
Approval required by defaultno
Idempotencynot declared
Cache3600s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

linear.create_issue

Create a Linear issue. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: description, assigneeId; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
teamIdstringyesmin length 1Connector-specific argument.
titlestringyesmin length 1; max length 256Connector-specific argument.
assigneeIdstringno-Connector-specific argument.
descriptionstringnomax length 20000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
labelIdsarrayno-Connector-specific argument.
priorityintegernomin 0; max 4Connector-specific argument.
projectIdstringno-Connector-specific argument.
stateIdstringno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

linear.comment_issue

Add a comment to a Linear issue. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmin length 1; max length 20000Connector-specific argument.
issueIdstringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

linear.update_issue

Update safe Linear issue fields. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: description, assigneeId; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
issueIdstringyesmin length 1Connector-specific argument.
assigneeIdstringno-Connector-specific argument.
descriptionstringnomax length 20000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
labelIdsarrayno-Connector-specific argument.
priorityintegernomin 0; max 4Connector-specific argument.
stateIdstringno-Connector-specific argument.
titlestringnomax length 256Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

linear.assign_issue

Assign a Linear issue to a user. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: assigneeId; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
assigneeIdstringyesmin length 1Connector-specific argument.
issueIdstringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

Mailchimp (mailchimp)

Governed Mailchimp connector for audiences, members, campaigns, reports, templates, test sends, and campaign scheduling.

FieldValue
Version0.1.0
Categoriesmarketing, communications
Data classesmarketing, email, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts mailchimp
Fixture selfcheckbun run apps/connectors/src/index.ts mailchimp --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/mailchimp
Vendor docshttps://mailchimp.com/developer/marketing/api/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
API tokenMarketing API keyapiKey, serverPrefixMAILCHIMP_API_KEY, MAILCHIMP_SERVER_PREFIXaudiences:read, campaigns:write-no

Scope/data-class map:

ScopeRequirementData classes
audiences:readrequiredmarketing, email
campaigns:writerequiredmarketing, email

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
mailchimp.list_audiencesL1read:marketingnonot declared300s / subject / slowrecordedno suppression needednoneList Mailchimp audiences.
mailchimp.get_audienceL1read:marketingnonot declared300s / subject / slowrecordedno suppression neededlistIdRead audience metadata.
mailchimp.search_membersL1read:marketingnonot declared300s / subject / slowrecordedno suppression needednoneSearch audience members.
mailchimp.get_memberL1read:marketingnonot declared300s / subject / slowrecordedno suppression neededlistId, memberIdRead a Mailchimp member.
mailchimp.list_campaignsL1read:marketingnonot declared300s / subject / slowrecordedno suppression needednoneList Mailchimp campaigns.
mailchimp.get_campaignL1read:marketingnonot declared300s / subject / slowrecordedno suppression neededcampaignIdRead campaign metadata.
mailchimp.get_campaign_reportL1read:marketingnonot declared300s / subject / slowrecordedno suppression neededcampaignIdRead campaign performance report.
mailchimp.list_templatesL1read:marketingnonot declared300s / subject / slowrecordedno suppression needednoneList campaign templates.
mailchimp.create_campaign_draftL2write:marketingnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runtypePrepare or create a campaign draft.
mailchimp.send_test_emailL3write:marketingnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runcampaignIdSend a campaign test email with write suppression.
mailchimp.schedule_campaignL4write:marketingyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runcampaignId, scheduleTimeSchedule a campaign after approval.

Tool details:

mailchimp.list_audiences

List Mailchimp audiences.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:marketing
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

mailchimp.get_audience

Read audience metadata.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:marketing
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
listIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

mailchimp.search_members

Search audience members.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:marketing
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: emailAddress; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

mailchimp.get_member

Read a Mailchimp member.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:marketing
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: emailAddress; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
listIdstringyes-Connector-specific argument.
memberIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

mailchimp.list_campaigns

List Mailchimp campaigns.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:marketing
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

mailchimp.get_campaign

Read campaign metadata.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:marketing
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
campaignIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

mailchimp.get_campaign_report

Read campaign performance report.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:marketing
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
campaignIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

mailchimp.list_templates

List campaign templates.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:marketing
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

mailchimp.create_campaign_draft

Prepare or create a campaign draft.

Contract fieldValue
Side-effect levelL2 - Draft, reversible, or low-impact write.
Policy actionwrite:marketing
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
typestringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.

mailchimp.send_test_email

Send a campaign test email with write suppression.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:marketing
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
campaignIdstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

mailchimp.schedule_campaign

Schedule a campaign after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:marketing
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
campaignIdstringyes-Connector-specific argument.
scheduleTimestringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Microsoft 365 (microsoft-365)

Production Microsoft 365 connector for Microsoft Graph mail, calendar, Teams channel messages, and OneDrive/SharePoint file reads with governed dry-run writes.

FieldValue
Version0.1.0
Categoriesproductivity, support, identity
Data classesmetadata, identity, pii, email, chat, documents, calendar
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts microsoft-365
Fixture selfcheckbun run apps/connectors/src/index.ts microsoft-365 --fixture --selfcheck
Punk docshttps://docs.punk.local/connectors/microsoft-365
Vendor docshttps://learn.microsoft.com/en-us/graph/overview

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0Delegated Microsoft Graph OAuthaccess_token, refresh_token, expires_at, token_url, client_id, client_secretMICROSOFT_365_ACCESS_TOKEN, M365_ACCESS_TOKEN, MICROSOFT_GRAPH_ACCESS_TOKENoffline_access, User.Read, Mail.Read, Mail.ReadWrite, Mail.Send, Calendars.Read, Calendars.ReadWrite, Team.ReadBasic.All, Channel.ReadBasic.All, ChannelMessage.Read.All, ChannelMessage.Send, Files.ReadCalendars.Read.Shared, Files.Read.All, Sites.Read.Allyes

Scope/data-class map:

ScopeRequirementData classes
offline_accessrequiredmetadata
User.Readrequiredidentity, metadata
Mail.Readrequiredemail, pii, metadata
Mail.ReadWriterequiredemail, pii
Mail.Sendrequiredemail, pii
Calendars.Readrequiredcalendar, pii
Calendars.Read.Sharedoptionalcalendar, pii
Calendars.ReadWriterequiredcalendar, pii
Team.ReadBasic.Allrequiredchat, metadata
Channel.ReadBasic.Allrequiredchat, metadata
ChannelMessage.Read.Allrequiredchat, pii
ChannelMessage.Sendrequiredchat, pii
Files.Readrequireddocuments, metadata, pii
Files.Read.Alloptionaldocuments, metadata, pii
Sites.Read.Alloptionaldocuments, metadata, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
outlook.search_messagesL1read:emailnonot declared60s / subject / liverecordedno suppression neededquerySearch Outlook messages with snippets by default and optional bounded body text retrieval.
outlook.get_messageL1read:emailnonot declared300s / subject / slowrecordedno suppression neededmessageIdGet a single Outlook message by ID with optional bounded body text.
outlook.create_draftL2write:emailnonot supported0s / none / livedry_runsuppressed, dry-runbody, subject, toCreate an Outlook draft. dryRun defaults to true and returns the planned message without writing.
outlook.send_mailL3write:emailyesnot supported0s / none / livedry_runsuppressed, dry-runbody, subject, toSend a user-visible Outlook email. dryRun defaults to true and approval is required by default.
m365.calendar.list_eventsL1read:calendarnonot declared60s / subject / liverecordedno suppression needednoneList Microsoft 365 calendar events in a bounded time window.
m365.calendar.find_availabilityL1read:calendarnonot declared60s / subject / liverecordedno suppression neededtimeMax, timeMinUse Microsoft Graph getSchedule data to return busy blocks and candidate free slots.
m365.calendar.create_eventL3write:calendaryesnot supported0s / none / livedry_runsuppressed, dry-runend, start, subjectCreate a Microsoft 365 calendar event. dryRun defaults to true.
teams.list_teamsL1read:chatnonot declared300s / tenant / slowrecordedno suppression needednoneList Teams joined by the signed-in Microsoft 365 user.
teams.list_channelsL1read:chatnonot declared300s / tenant / slowrecordedno suppression neededteamIdList channels in a Microsoft Team.
teams.list_channel_messagesL1read:chatnonot declared30s / subject / liverecordedno suppression neededchannelId, teamIdList recent Teams channel messages with HTML stripped to bounded text.
teams.post_channel_messageL3write:chatyesnot supported0s / none / livedry_runsuppressed, dry-runchannelId, content, teamIdPost a user-visible Teams channel message. dryRun defaults to true.
onedrive.search_filesL1read:documentnonot declared120s / subject / slowrecordedno suppression neededquerySearch OneDrive or SharePoint drive items and return normalized metadata.
onedrive.get_file_metadataL1read:documentnonot declared600s / subject / slowrecordedno suppression neededitemIdGet normalized OneDrive or SharePoint drive item metadata without file contents.
onedrive.download_file_textL1read:documentnonot declared600s / subject / slowrecordedno suppression neededitemIdDownload bounded text from a OneDrive or SharePoint file. Binary Office formats are rejected instead of coerced.

Tool details:

outlook.search_messages

Search Outlook messages with snippets by default and optional bounded body text retrieval.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:email
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: messages[].from, messages[].to, messages[].cc, messages[].subject, messages[].bodyPreview, messages[].bodyText; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
querystringyesmin length 1; max length 1000Search string or filter expression accepted by the connector.
cursorstringno-Opaque pagination cursor returned by a previous call.
folderIdstringno-Connector-specific argument.
includeBodybooleanno-Optional body expansion. Defaults are bounded excerpts or metadata.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
maxBodyBytesintegernomin 0; max 50000Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

outlook.get_message

Get a single Outlook message by ID with optional bounded body text.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:email
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: from, to, cc, subject, bodyPreview, bodyText; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
messageIdstringyesmin length 1Connector-specific argument.
includeBodybooleanno-Optional body expansion. Defaults are bounded excerpts or metadata.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
maxBodyBytesintegernomin 0; max 50000Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

outlook.create_draft

Create an Outlook draft. dryRun defaults to true and returns the planned message without writing.

Contract fieldValue
Side-effect levelL2 - Draft, reversible, or low-impact write.
Policy actionwrite:email
Approval required by defaultno
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: to, cc, bcc, subject, body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmin length 1; max length 50000Connector-specific argument.
subjectstringyesmin length 1; max length 500Connector-specific argument.
toarrayyes-Connector-specific argument.
bccarrayno-Connector-specific argument.
bodyContentTypestringnoone of text, htmlConnector-specific argument.
ccarrayno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 120Stable caller-provided key used to dedupe write execution.
importancestringnoone of low, normal, highConnector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.

outlook.send_mail

Send a user-visible Outlook email. dryRun defaults to true and approval is required by default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:email
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: to, cc, bcc, subject, body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmin length 1; max length 50000Connector-specific argument.
subjectstringyesmin length 1; max length 500Connector-specific argument.
toarrayyes-Connector-specific argument.
bccarrayno-Connector-specific argument.
bodyContentTypestringnoone of text, htmlConnector-specific argument.
ccarrayno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 120Stable caller-provided key used to dedupe write execution.
importancestringnoone of low, normal, highConnector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
saveToSentItemsbooleanno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

m365.calendar.list_events

List Microsoft 365 calendar events in a bounded time window.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:calendar
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: events[].subject, events[].bodyPreview, events[].attendees, events[].organizer, events[].location; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
calendarIdstringno-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringnomax length 500Search string or filter expression accepted by the connector.
timeMaxstringno-Connector-specific argument.
timeMinstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

m365.calendar.find_availability

Use Microsoft Graph getSchedule data to return busy blocks and candidate free slots.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:calendar
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: schedules, busy[].scheduleId; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
timeMaxstringyes-Connector-specific argument.
timeMinstringyes-Connector-specific argument.
availabilityViewIntervalintegernomin 5; max 1440Connector-specific argument.
durationMinutesintegernomin 5; max 480Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 20Maximum items to return. Connectors bound this value even when callers provide a larger number.
schedulesarrayno-Connector-specific argument.
timeZonestringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

m365.calendar.create_event

Create a Microsoft 365 calendar event. dryRun defaults to true.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:calendar
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: subject, body, location, attendees; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
endstringyes-Connector-specific argument.
startstringyes-Connector-specific argument.
subjectstringyesmin length 1; max length 500Connector-specific argument.
attendeesarrayno-Connector-specific argument.
bodystringnomax length 20000Connector-specific argument.
bodyContentTypestringnoone of text, htmlConnector-specific argument.
calendarIdstringno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 120Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
isOnlineMeetingbooleanno-Connector-specific argument.
locationstringnomax length 500Connector-specific argument.
timeZonestringno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

teams.list_teams

List Teams joined by the signed-in Microsoft 365 user.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:chat
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: teams[].displayName, teams[].description; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

teams.list_channels

List channels in a Microsoft Team.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:chat
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: channels[].displayName, channels[].description; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
teamIdstringyesmin length 1Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

teams.list_channel_messages

List recent Teams channel messages with HTML stripped to bounded text.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:chat
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: messages[].from, messages[].content; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
channelIdstringyesmin length 1Connector-specific argument.
teamIdstringyesmin length 1Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

teams.post_channel_message

Post a user-visible Teams channel message. dryRun defaults to true.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:chat
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: content; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
channelIdstringyesmin length 1Connector-specific argument.
contentstringyesmin length 1; max length 20000Connector-specific argument.
teamIdstringyesmin length 1Connector-specific argument.
contentTypestringnoone of text, htmlConnector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 120Stable caller-provided key used to dedupe write execution.
importancestringnoone of normal, high, urgentConnector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

onedrive.search_files

Search OneDrive or SharePoint drive items and return normalized metadata.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:document
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: files[].name, files[].createdBy, files[].lastModifiedBy; Secrets: raw, downloadUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
querystringyesmin length 1; max length 500Search string or filter expression accepted by the connector.
cursorstringno-Opaque pagination cursor returned by a previous call.
driveIdstringno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
siteIdstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

onedrive.get_file_metadata

Get normalized OneDrive or SharePoint drive item metadata without file contents.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:document
Approval required by defaultno
Idempotencynot declared
Cache600s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: name, createdBy, lastModifiedBy, permissions; Secrets: raw, downloadUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
itemIdstringyesmin length 1Connector-specific argument.
driveIdstringno-Connector-specific argument.
includePermissionsbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

onedrive.download_file_text

Download bounded text from a OneDrive or SharePoint file. Binary Office formats are rejected instead of coerced.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:document
Approval required by defaultno
Idempotencynot declared
Cache600s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: text; Secrets: raw, downloadUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
itemIdstringyesmin length 1Connector-specific argument.
allowHtmlbooleanno-Connector-specific argument.
driveIdstringno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
maxBytesintegernomin 1; max 250000Maximum response bytes for content-like reads.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

Microsoft Dynamics / Dataverse (dynamics)

Governed Microsoft Dynamics and Dataverse connector for CRM records, cases, tasks, notes, and approval-gated record updates.

FieldValue
Version0.1.0
Categoriescrm, sales, support
Data classescrm, sales, tickets, comments, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts dynamics
Fixture selfcheckbun run apps/connectors/src/index.ts dynamics --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/dynamics
Vendor docshttps://learn.microsoft.com/en-us/power-apps/developer/data-platform/webapi/overview

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0Microsoft Dataverse OAuth access tokenaccessTokenDYNAMICS_ACCESS_TOKENuser_impersonationrecords:writeyes

Scope/data-class map:

ScopeRequirementData classes
user_impersonationrequiredcrm, pii
records:writeoptionalcrm

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
dynamics.search_accountsL1read:crmnonot declared300s / subject / slowrecordedno suppression needednoneSearch Dynamics accounts.
dynamics.get_accountL1read:crmnonot declared300s / subject / slowrecordedno suppression neededaccountIdRead one Dynamics account.
dynamics.search_contactsL1read:crmnonot declared300s / subject / slowrecordedno suppression needednoneSearch contacts.
dynamics.search_leadsL1read:crmnonot declared300s / subject / slowrecordedno suppression needednoneSearch leads.
dynamics.list_opportunitiesL1read:crmnonot declared300s / subject / slowrecordedno suppression needednoneList opportunities.
dynamics.list_casesL1read:crmnonot declared300s / subject / slowrecordedno suppression needednoneList support cases.
dynamics.list_tasksL1read:crmnonot declared300s / subject / slowrecordedno suppression needednoneList CRM tasks.
dynamics.list_notesL1read:crmnonot declared300s / subject / slowrecordedno suppression needednoneList CRM notes.
dynamics.create_taskL3write:crmnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runsubjectCreate a Dynamics task.
dynamics.add_noteL3write:crmnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbody, regardingIdAdd a Dynamics note.
dynamics.update_recordL4write:crmyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runidempotencyKey, recordId, recordTypeUpdate an allowlisted Dynamics record after approval.

Tool details:

dynamics.search_accounts

Search Dynamics accounts.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

dynamics.get_account

Read one Dynamics account.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
accountIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

dynamics.search_contacts

Search contacts.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

dynamics.search_leads

Search leads.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

dynamics.list_opportunities

List opportunities.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

dynamics.list_cases

List support cases.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

dynamics.list_tasks

List CRM tasks.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

dynamics.list_notes

List CRM notes.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: body; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

dynamics.create_task

Create a Dynamics task.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:crm
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
subjectstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

dynamics.add_note

Add a Dynamics note.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:crm
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystring | number | boolean | object | arrayyes-Connector-specific argument.
regardingIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

dynamics.update_record

Update an allowlisted Dynamics record after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:crm
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
recordIdstring | number | boolean | object | arrayyes-Connector-specific argument.
recordTypestring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Miro (miro)

Governed Miro connector for boards, board items, comments, connectors, exports, and safe canvas edits.

FieldValue
Version0.1.0
Categoriesdesign, productivity
Data classeswhiteboard, comments, files, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts miro
Fixture selfcheckbun run apps/connectors/src/index.ts miro --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/miro
Vendor docshttps://developers.miro.com/reference/overview

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenOAuth access tokenaccessTokenMIRO_ACCESS_TOKENboards:read, boards:write-no

Scope/data-class map:

ScopeRequirementData classes
boards:readrequiredwhiteboard, comments, files
boards:writerequiredwhiteboard, comments, files

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
miro.list_boardsL1read:whiteboardnonot declared300s / subject / slowrecordedno suppression needednoneList Miro boards.
miro.get_boardL1read:whiteboardnonot declared300s / subject / slowrecordedno suppression neededboardIdRead Miro board metadata.
miro.list_itemsL1read:whiteboardnonot declared300s / subject / slowrecordedno suppression neededboardIdList Miro board items.
miro.list_connectorsL1read:whiteboardnonot declared300s / subject / slowrecordedno suppression neededboardIdList Miro board connectors.
miro.search_itemsL1read:whiteboardnonot declared300s / subject / slowrecordedno suppression neededboardIdSearch Miro fixture board items.
miro.list_commentsL1read:commentsnonot declared300s / subject / slowrecordedno suppression neededboardIdList Miro comments.
miro.create_sticky_noteL3write:whiteboardnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runboardId, contentPlan or create a Miro sticky note.
miro.share_boardL3write:whiteboardnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runboardId, email, rolePlan or share a Miro board with a collaborator.
miro.create_connectorL3write:whiteboardnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runboardId, endItemId, startItemIdPlan or create a Miro connector line.
miro.export_board_snapshotL1read:whiteboardnonot declared300s / subject / slowrecordedno suppression neededboardIdRead or start a bounded board export snapshot.

Tool details:

miro.list_boards

List Miro boards.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:whiteboard
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

miro.get_board

Read Miro board metadata.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:whiteboard
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
boardIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

miro.list_items

List Miro board items.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:whiteboard
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
boardIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

miro.list_connectors

List Miro board connectors.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:whiteboard
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
boardIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

miro.search_items

Search Miro fixture board items.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:whiteboard
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
boardIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

miro.list_comments

List Miro comments.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:comments
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: text; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
boardIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

miro.create_sticky_note

Plan or create a Miro sticky note.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:whiteboard
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: content; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
boardIdstringyes-Connector-specific argument.
contentstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

miro.share_board

Plan or share a Miro board with a collaborator.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:whiteboard
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: email, message; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
boardIdstringyes-Connector-specific argument.
emailstringyes-Connector-specific argument.
rolestringyesone of viewer, commenter, editorConnector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.
titlestringno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

miro.create_connector

Plan or create a Miro connector line.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:whiteboard
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
boardIdstringyes-Connector-specific argument.
endItemIdstringyes-Connector-specific argument.
startItemIdstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

miro.export_board_snapshot

Read or start a bounded board export snapshot.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:whiteboard
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
boardIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

monday.com (monday)

Governed monday.com connector for boards, items, updates, files, and GraphQL-backed workflow writes.

FieldValue
Version0.1.0
Categoriesproject_management, productivity
Data classestasks, comments, files, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts monday
Fixture selfcheckbun run apps/connectors/src/index.ts monday --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/monday
Vendor docshttps://developer.monday.com/api-reference

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
API tokenAPI tokenapiKeyMONDAY_API_KEYboards:read, boards:write-no

Scope/data-class map:

ScopeRequirementData classes
boards:readrequiredtasks
boards:writerequiredtasks, comments

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
monday.graphql_queryL1read:tasksnonot declared60s / subject / liverecordedno suppression neededqueryRun a read-only monday.com GraphQL query. Mutations are rejected; use governed write tools instead.
monday.list_boardsL1read:tasksnonot declared300s / subject / slowrecordedno suppression needednoneList monday boards.
monday.get_boardL1read:tasksnonot declared300s / subject / slowrecordedno suppression neededboardIdRead board metadata.
monday.list_itemsL1read:tasksnonot declared300s / subject / slowrecordedno suppression neededboardIdList board items.
monday.get_itemL1read:tasksnonot declared300s / subject / slowrecordedno suppression neededitemIdRead a monday item.
monday.search_itemsL1read:tasksnonot declared300s / subject / slowrecordedno suppression needednoneSearch monday items.
monday.list_updatesL1read:commentsnonot declared300s / subject / slowrecordedno suppression needednoneList updates on monday items.
monday.list_filesL1read:documentsnonot declared300s / subject / slowrecordedno suppression needednoneList monday file assets.
monday.create_itemL3write:tasksnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runboardId, namePlan or create a monday item.
monday.update_column_valuesL3write:tasksnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runboardId, itemIdPlan or update monday item column values.
monday.create_updateL3write:commentsnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbody, itemIdPlan or create a monday update.
monday.upload_fileL4write:filesyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runfileName, itemIdUpload a file to a monday.com item. Live execution requires approval and idempotency.
monday.archive_itemL4write:tasksyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runitemIdArchive a monday item after approval.

Tool details:

monday.graphql_query

Run a read-only monday.com GraphQL query. Mutations are rejected; use governed write tools instead.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: data; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
querystringyes-Search string or filter expression accepted by the connector.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
operationNamestringno-Connector-specific argument.
variablesobjectno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

monday.list_boards

List monday boards.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

monday.get_board

Read board metadata.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
boardIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

monday.list_items

List board items.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
boardIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

monday.get_item

Read a monday item.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
itemIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

monday.search_items

Search monday items.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:tasks
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

monday.list_updates

List updates on monday items.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:comments
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: body; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

monday.list_files

List monday file assets.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

monday.create_item

Plan or create a monday item.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:tasks
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
boardIdstringyes-Connector-specific argument.
namestringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

monday.update_column_values

Plan or update monday item column values.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:tasks
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
boardIdstringyes-Connector-specific argument.
itemIdstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

monday.create_update

Plan or create a monday update.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:comments
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyes-Connector-specific argument.
itemIdstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

monday.upload_file

Upload a file to a monday.com item. Live execution requires approval and idempotency.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:files
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: fileName; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl, contentBase64

Input contract:

FieldTypeRequiredBounds / enumNotes
fileNamestringyes-Connector-specific argument.
itemIdstringyes-Connector-specific argument.
approvalIdstringno-Connector-specific argument.
approvedBystringno-Connector-specific argument.
columnIdstringno-Connector-specific argument.
contentBase64stringno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

monday.archive_item

Archive a monday item after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:tasks
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
itemIdstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

NetSuite (netsuite)

Governed NetSuite ERP connector for customer, vendor, item, order, invoice, payment, credit memo, inventory, and approval-gated finance workflows.

FieldValue
Version0.1.0
Categoriesaccounting, commerce, crm
Data classeserp, accounting, inventory, payments, billing, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts netsuite
Fixture selfcheckbun run apps/connectors/src/index.ts netsuite --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/netsuite
Vendor docshttps://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/book_1559132836.html

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0SuiteTalk REST OAuth tokenaccessTokenNETSUITE_ACCESS_TOKENrest_webservicestransactions:writeyes

Scope/data-class map:

ScopeRequirementData classes
rest_webservicesrequirederp, accounting
transactions:writeoptionalpayments, billing

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
netsuite.search_customersL1read:erpnonot declared300s / subject / slowrecordedno suppression needednoneSearch NetSuite customers.
netsuite.search_vendorsL1read:erpnonot declared300s / tenant / slowrecordedno suppression needednoneSearch NetSuite vendors.
netsuite.list_itemsL1read:erpnonot declared300s / tenant / slowrecordedno suppression needednoneList NetSuite items.
netsuite.list_sales_ordersL1read:erpnonot declared300s / subject / slowrecordedno suppression needednoneList sales orders.
netsuite.list_invoicesL1read:erpnonot declared300s / subject / slowrecordedno suppression needednoneList invoices.
netsuite.list_paymentsL1read:erpnonot declared300s / subject / slowrecordedno suppression needednoneList customer payments.
netsuite.list_credit_memosL1read:erpnonot declared300s / subject / slowrecordedno suppression needednoneList credit memos.
netsuite.get_inventoryL1read:erpnonot declared120s / subject / slowrecordedno suppression needednoneRead inventory availability.
netsuite.update_recordL3write:erpnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runrecordId, recordTypeDry-run or update an allowlisted NetSuite record.
netsuite.create_invoiceL4write:erpyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runcustomerId, idempotencyKeyCreate a NetSuite invoice after approval.
netsuite.issue_credit_memoL4write:erpyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runamount, customerId, idempotencyKeyIssue an approval-gated NetSuite credit memo.

Tool details:

netsuite.search_customers

Search NetSuite customers.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:erp
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

netsuite.search_vendors

Search NetSuite vendors.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:erp
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

netsuite.list_items

List NetSuite items.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:erp
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

netsuite.list_sales_orders

List sales orders.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:erp
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

netsuite.list_invoices

List invoices.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:erp
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

netsuite.list_payments

List customer payments.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:erp
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

netsuite.list_credit_memos

List credit memos.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:erp
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

netsuite.get_inventory

Read inventory availability.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:erp
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

netsuite.update_record

Dry-run or update an allowlisted NetSuite record.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:erp
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
recordIdstring | number | boolean | object | arrayyes-Connector-specific argument.
recordTypestring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

netsuite.create_invoice

Create a NetSuite invoice after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:erp
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
customerIdstring | number | boolean | object | arrayyes-Connector-specific argument.
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

netsuite.issue_credit_memo

Issue an approval-gated NetSuite credit memo.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:erp
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
amountstring | number | boolean | object | arrayyes-Connector-specific argument.
customerIdstring | number | boolean | object | arrayyes-Connector-specific argument.
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Notion (notion)

Managed Notion connector for governed workspace search, page/database reads, data-source queries, and dry-run-first content writes.

FieldValue
Version0.1.0
Categoriesproductivity
Data classesmetadata, pii, documents
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts notion
Fixture selfcheckbun run apps/connectors/src/index.ts notion --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/notion
Vendor docshttps://developers.notion.com/reference/intro

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenNotion integration tokenaccessTokenPUNK_NOTION_ACCESS_TOKENread_contentinsert_content, update_contentno
OAuth 2.0Notion OAuth access tokenaccessTokenPUNK_NOTION_ACCESS_TOKEN--yes

Scope/data-class map:

ScopeRequirementData classes
read_contentrequireddocuments, pii
insert_contentoptionaldocuments, pii
update_contentoptionaldocuments, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
notion.searchL1read:documentnonot declared60s / subject / liverecordedno suppression needednoneSearch Notion pages and databases with the official /v1/search endpoint.
notion.get_pageL1read:documentnonot declared120s / subject / slowrecordedno suppression neededpageIdRetrieve a Notion page and optionally fetch one bounded page of child blocks.
notion.get_databaseL1read:documentnonot declared300s / subject / slowrecordedno suppression neededdatabaseIdRetrieve Notion database metadata, including current API data-source references when present.
notion.query_databaseL1read:documentnonot declared60s / subject / liverecordedno suppression needednoneQuery a Notion database's data source using the current data_sources query API. A database id can be resolved to its first data source.
notion.create_pageL3write:documentyesnot supported0s / none / livedry_runsuppressed, dry-runparent, propertiesCreate a Notion page under a page, database, or data source parent. Writes default to dry-run.
notion.update_pageL3write:documentyesnot supported0s / none / livedry_runsuppressed, dry-runpageIdPatch Notion page properties, icon, cover, archive state, or trash state. Writes default to dry-run.
notion.append_block_childrenL3write:documentyesnot supported0s / none / livedry_runsuppressed, dry-runblockId, childrenAppend child blocks to a Notion block using the official block-children endpoint. Writes default to dry-run.
notion.create_commentL3write:documentyesnot supported0s / none / livedry_runsuppressed, dry-runnoneCreate a Notion page or discussion comment when comments are supported by the workspace integration. Writes default to dry-run.

Tool details:

Search Notion pages and databases with the official /v1/search endpoint.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:document
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: results.title; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
filterobjectno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.
sortobjectno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

notion.get_page

Retrieve a Notion page and optionally fetch one bounded page of child blocks.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:document
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: page.properties, blocks; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
pageIdstringyes-Connector-specific argument.
blockLimitintegernomin 1; max 100Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeBlocksbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

notion.get_database

Retrieve Notion database metadata, including current API data-source references when present.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:document
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: database.properties; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
databaseIdstringyes-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

notion.query_database

Query a Notion database's data source using the current data_sources query API. A database id can be resolved to its first data source.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:document
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: results.properties; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
databaseIdstringno-Connector-specific argument.
dataSourceIdstringno-Connector-specific argument.
filterobjectno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
sortsarrayno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

notion.create_page

Create a Notion page under a page, database, or data source parent. Writes default to dry-run.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:document
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: properties, children; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
parentobjectyes-Connector-specific argument.
propertiesobjectyes-Connector-specific argument.
childrenarrayno-Connector-specific argument.
coverobjectno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
iconobjectno-Connector-specific argument.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

notion.update_page

Patch Notion page properties, icon, cover, archive state, or trash state. Writes default to dry-run.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:document
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: properties; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
pageIdstringyes-Connector-specific argument.
archivedbooleanno-Connector-specific argument.
coverobjectno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
iconobjectno-Connector-specific argument.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
inTrashbooleanno-Connector-specific argument.
propertiesobjectno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

notion.append_block_children

Append child blocks to a Notion block using the official block-children endpoint. Writes default to dry-run.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:document
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: children; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
blockIdstringyes-Connector-specific argument.
childrenarrayyes-Connector-specific argument.
afterstringno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

notion.create_comment

Create a Notion page or discussion comment when comments are supported by the workspace integration. Writes default to dry-run.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:document
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: text, richText; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
discussionIdstringno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
pageIdstringno-Connector-specific argument.
richTextarrayno-Connector-specific argument.
textstringnomax length 2000Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

Okta (okta)

Governed Okta connector for identity context, application access review, local lifecycle plans, and approval-gated user/group administration.

FieldValue
Version0.1.0
Categoriesidentity, security
Data classesidentity, pii, audit, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts okta
Fixture selfcheckbun run apps/connectors/src/index.ts okta --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/okta
Vendor docshttps://developer.okta.com/docs/api/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
API tokenOkta API tokenapiToken, orgUrlPUNK_OKTA_API_TOKEN, PUNK_OKTA_ORG_URLokta.users.read, okta.groups.read, okta.apps.readokta.groups.manage, okta.users.manageno

Scope/data-class map:

ScopeRequirementData classes
okta.users.readrequiredidentity, pii
okta.groups.readrequiredidentity
okta.apps.readrequiredidentity, metadata
okta.groups.manageoptionalidentity, audit
okta.users.manageoptionalidentity, audit

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
okta.search_usersL1read:identitynonot declared60s / subject / liverecordedno suppression needednoneSearch Okta users with bounded pagination and selected profile fields. Raw profiles are excluded unless includeRaw is true.
okta.get_userL1read:identitynonot declared300s / subject / slowrecordedno suppression neededuserIdGet one Okta user with status and selected profile fields.
okta.list_groupsL1read:identitynonot declared300s / tenant / slowrecordedno suppression needednoneList Okta groups with bounded pagination and admin or sensitive group labels.
okta.get_groupL1read:identitynonot declared300s / tenant / slowrecordedno suppression neededgroupIdGet one Okta group and optionally include a bounded member list.
okta.list_applicationsL1read:identitynonot declared300s / tenant / slowrecordedno suppression needednoneList Okta application catalog metadata with bounded pagination.
okta.list_user_app_assignmentsL1read:identitynonot declared120s / subject / liverecordedno suppression neededuserIdList applications assigned to one Okta user with bounded response size.
okta.create_user_planL0read:identitynonot declared0s / none / liverecordeddry-runprofileBuild a local side-effect plan for creating an Okta user. This tool does not call Okta.
okta.assign_user_to_groupL4write:identityyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runapproval, groupId, idempotencyKey, userIdAssign a user to an allowlisted Okta group. Level 4 writes require approval metadata and idempotency. Privileged groups are blocked unless explicitly allowlisted.
okta.suspend_user_planL0read:identitynonot declared0s / none / liverecordeddry-runreason, userIdBuild a local side-effect plan for suspending an Okta user. This tool does not call Okta.
okta.suspend_userL4write:identityyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runapproval, idempotencyKey, userIdSuspend an Okta user through a level 4 lifecycle action. Requires approval metadata, a subject-bound target, and idempotency.

Tool details:

okta.search_users

Search Okta users with bounded pagination and selected profile fields. Raw profiles are excluded unless includeRaw is true.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:identity
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: users[].profile.email, users[].profile.login; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
filterstringnomax length 1000Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
profileFieldsarrayno-Connector-specific argument.
querystringnomax length 500Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

okta.get_user

Get one Okta user with status and selected profile fields.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:identity
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: user.profile.email, user.profile.login; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
userIdstringyesmin length 1Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
profileFieldsarrayno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

okta.list_groups

List Okta groups with bounded pagination and admin or sensitive group labels.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:identity
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringnomax length 500Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

okta.get_group

Get one Okta group and optionally include a bounded member list.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:identity
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: members[].profile.email; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
groupIdstringyesmin length 1Connector-specific argument.
includeMembersbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
memberLimitintegernomin 1; max 100Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

okta.list_applications

List Okta application catalog metadata with bounded pagination.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:identity
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: raw, credentials

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringnomax length 500Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

okta.list_user_app_assignments

List applications assigned to one Okta user with bounded response size.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:identity
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: assignments[].userId; Secrets: raw, credentials

Input contract:

FieldTypeRequiredBounds / enumNotes
userIdstringyesmin length 1Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

okta.create_user_plan

Build a local side-effect plan for creating an Okta user. This tool does not call Okta.

Contract fieldValue
Side-effect levelL0 - Local or planning-only; no external side effect.
Policy actionread:identity
Approval required by defaultno
Idempotencynot declared
Cache0s / none / live
Replaycan replay / recorded
Shadowdry-run
RedactionPII: profile.email, profile.login, profile.firstName, profile.lastName; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
profileobjectyes-Connector-specific argument.
activatebooleanno-Connector-specific argument.
groupIdsarrayno-Connector-specific argument.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

okta.assign_user_to_group

Assign a user to an allowlisted Okta group. Level 4 writes require approval metadata and idempotency. Privileged groups are blocked unless explicitly allowlisted.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:identity
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: approval.approvedBy, approval.reason; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
approvalobjectyes-Approval metadata required before level 4 actions can execute.
groupIdstringyesmin length 1Connector-specific argument.
idempotencyKeystringyesmax length 255Stable caller-provided key used to dedupe write execution.
userIdstringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

okta.suspend_user_plan

Build a local side-effect plan for suspending an Okta user. This tool does not call Okta.

Contract fieldValue
Side-effect levelL0 - Local or planning-only; no external side effect.
Policy actionread:identity
Approval required by defaultno
Idempotencynot declared
Cache0s / none / live
Replaycan replay / recorded
Shadowdry-run
RedactionPII: reason; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
reasonstringyesmin length 1; max length 1000Connector-specific argument.
userIdstringyesmin length 1Connector-specific argument.
effectiveAtstringno-Connector-specific argument.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

okta.suspend_user

Suspend an Okta user through a level 4 lifecycle action. Requires approval metadata, a subject-bound target, and idempotency.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:identity
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: approval.approvedBy, approval.reason; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
approvalobjectyes-Approval metadata required before level 4 actions can execute.
idempotencyKeystringyesmax length 255Stable caller-provided key used to dedupe write execution.
userIdstringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Outreach (outreach)

Governed Outreach connector for prospects, accounts, sequences, tasks, mailboxes, activities, and approval-gated sales engagement.

FieldValue
Version0.1.0
Categoriessales, crm, communications
Data classessales, communications, crm, email, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts outreach
Fixture selfcheckbun run apps/connectors/src/index.ts outreach --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/outreach
Vendor docshttps://developers.outreach.io/api

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0Outreach OAuth access tokenaccessTokenOUTREACH_ACCESS_TOKENprospects.read, sequences.readsequences.writeyes

Scope/data-class map:

ScopeRequirementData classes
prospects.readrequiredsales, pii
sequences.readrequiredsales
sequences.writeoptionalcommunications, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
outreach.search_prospectsL1read:salesnonot declared300s / subject / slowrecordedno suppression needednoneSearch Outreach prospects.
outreach.get_prospectL1read:salesnonot declared300s / subject / slowrecordedno suppression neededprospectIdRead one prospect.
outreach.list_accountsL1read:salesnonot declared300s / tenant / slowrecordedno suppression needednoneList Outreach accounts.
outreach.list_sequencesL1read:salesnonot declared300s / tenant / slowrecordedno suppression needednoneList Outreach sequences.
outreach.list_tasksL1read:salesnonot declared300s / subject / slowrecordedno suppression needednoneList Outreach tasks.
outreach.list_mailboxesL1read:salesnonot declared300s / tenant / slowrecordedno suppression needednoneList Outreach mailboxes.
outreach.list_activitiesL1read:salesnonot declared300s / subject / slowrecordedno suppression needednoneList Outreach activities.
outreach.create_taskL3write:salesnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runprospectId, subjectCreate an Outreach task.
outreach.create_email_draftL2write:salesnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runprospectId, subjectCreate an Outreach email draft.
outreach.add_prospect_to_sequenceL4write:salesyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runidempotencyKey, prospectId, sequenceIdAdd a prospect to a sequence after approval.
outreach.send_emailL4write:salesyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runidempotencyKey, prospectId, subjectSend a customer-visible Outreach email after approval.

Tool details:

outreach.search_prospects

Search Outreach prospects.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:sales
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

outreach.get_prospect

Read one prospect.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:sales
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
prospectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

outreach.list_accounts

List Outreach accounts.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:sales
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

outreach.list_sequences

List Outreach sequences.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:sales
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

outreach.list_tasks

List Outreach tasks.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:sales
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

outreach.list_mailboxes

List Outreach mailboxes.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:sales
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

outreach.list_activities

List Outreach activities.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:sales
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

outreach.create_task

Create an Outreach task.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:sales
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
prospectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
subjectstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

outreach.create_email_draft

Create an Outreach email draft.

Contract fieldValue
Side-effect levelL2 - Draft, reversible, or low-impact write.
Policy actionwrite:sales
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
prospectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
subjectstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.

outreach.add_prospect_to_sequence

Add a prospect to a sequence after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:sales
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
prospectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
sequenceIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

outreach.send_email

Send a customer-visible Outreach email after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:sales
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
prospectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
subjectstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

PagerDuty (pagerduty)

Governed PagerDuty connector for on-call context, incident search, response coordination, dry-run incident creation, and approval-gated status changes.

FieldValue
Version0.1.0
Categoriesincident, observability
Data classesmetadata, pii, audit, identity
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts pagerduty
Fixture selfcheckbun run apps/connectors/src/index.ts pagerduty --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/pagerduty
Vendor docshttps://developer.pagerduty.com/api-reference/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
API tokenPagerDuty REST API tokenapiTokenPUNK_PAGERDUTY_API_TOKENservices.read, oncalls.read, incidents.readincidents.writeno

Scope/data-class map:

ScopeRequirementData classes
services.readrequiredmetadata
oncalls.readrequiredidentity, pii
incidents.readrequiredmetadata, pii, audit
incidents.writeoptionalmetadata, pii, audit

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
pagerduty.list_servicesL1read:incidentnonot declared600s / tenant / slowrecordedno suppression needednoneList PagerDuty services with bounded pagination. Tenant-cacheable service catalog.
pagerduty.list_oncallsL1read:identitynonot declared60s / subject / liverecordedno suppression needednoneList current PagerDuty on-call assignments by allowlisted schedule or escalation policy.
pagerduty.search_incidentsL1read:incidentnonot declared30s / subject / liverecordedno suppression needednoneSearch PagerDuty incidents by allowlisted service, status, urgency, and date range.
pagerduty.get_incidentL1read:incidentnonot declared60s / subject / liverecordedno suppression neededincidentIdGet a PagerDuty incident by id. Notes are excluded unless requested.
pagerduty.create_incidentL3write:incidentyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runserviceId, titleCreate a PagerDuty incident. dryRun defaults to true and the plan includes target service, urgency, escalation policy, and dedupe key.
pagerduty.add_noteL3write:incidentyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runcontent, incidentIdAdd a visible PagerDuty incident note. dryRun defaults to true; approval is recommended by default.
pagerduty.create_status_updateL3write:incidentyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runincidentId, messageCreate a PagerDuty incident status update for customer or team-facing response coordination.
pagerduty.update_incident_statusL4write:incidentyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runincidentId, statusUpdate a PagerDuty incident status. Acknowledge, resolve, and merge actions are approval-gated.

Tool details:

pagerduty.list_services

List PagerDuty services with bounded pagination. Tenant-cacheable service catalog.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:incident
Approval required by defaultno
Idempotencynot declared
Cache600s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringnomax length 500Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

pagerduty.list_oncalls

List current PagerDuty on-call assignments by allowlisted schedule or escalation policy.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:identity
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: oncalls[].user; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
escalationPolicyIdstringno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
scheduleIdstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

pagerduty.search_incidents

Search PagerDuty incidents by allowlisted service, status, urgency, and date range.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:incident
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: assignments; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringnomax length 500Search string or filter expression accepted by the connector.
serviceIdstringno-Connector-specific argument.
sincestringno-Connector-specific argument.
statusstringnoone of triggered, acknowledged, resolvedConnector-specific argument.
untilstringno-Connector-specific argument.
urgencystringnoone of high, lowConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

pagerduty.get_incident

Get a PagerDuty incident by id. Notes are excluded unless requested.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:incident
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: assignments, notes; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
incidentIdstringyesmin length 1Connector-specific argument.
includeNotesbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

pagerduty.create_incident

Create a PagerDuty incident. dryRun defaults to true and the plan includes target service, urgency, escalation policy, and dedupe key.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:incident
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
serviceIdstringyesmin length 1Connector-specific argument.
titlestringyesmin length 1; max length 1024Connector-specific argument.
bodystringnomax length 8000Connector-specific argument.
dedupeKeystringnomax length 255Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
escalationPolicyIdstringno-Connector-specific argument.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.
urgencystringnoone of high, lowConnector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

pagerduty.add_note

Add a visible PagerDuty incident note. dryRun defaults to true; approval is recommended by default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:incident
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: content; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
contentstringyesmin length 1; max length 8000Connector-specific argument.
incidentIdstringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

pagerduty.create_status_update

Create a PagerDuty incident status update for customer or team-facing response coordination.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:incident
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: message; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
incidentIdstringyesmin length 1Connector-specific argument.
messagestringyesmin length 1; max length 8000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

pagerduty.update_incident_status

Update a PagerDuty incident status. Acknowledge, resolve, and merge actions are approval-gated.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:incident
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: approval.approvedBy; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
incidentIdstringyesmin length 1Connector-specific argument.
statusstringyesone of acknowledged, resolved, mergedConnector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomin length 8; max length 255Stable caller-provided key used to dedupe write execution.
mergeIntoIncidentIdstringno-Connector-specific argument.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Postgres / Neon (postgres)

Governed Postgres and Neon connector for schema introspection, bounded SQL reads, query planning, branch context, and approval-gated database changes.

FieldValue
Version0.1.0
Categoriesdatabase, data, engineering
Data classesdatabase, schema, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts postgres
Fixture selfcheckbun run apps/connectors/src/index.ts postgres --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/postgres
Vendor docshttps://neon.com/docs/reference/api-reference

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenNeon API key or Postgres SQL gateway tokenaccessTokenPOSTGRES_ACCESS_TOKENprojects:read, branches:read, sql:readsql:writeno

Scope/data-class map:

ScopeRequirementData classes
projects:readrequireddatabase, schema
branches:readrequireddatabase, metadata
sql:readrequireddatabase, pii
sql:writeoptionaldatabase

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
postgres.list_schemasL1read:databasenonot declared300s / tenant / slowrecordedno suppression neededbranchId, projectIdList visible Postgres schemas.
postgres.list_tablesL1read:databasenonot declared300s / tenant / slowrecordedno suppression neededbranchId, projectIdList tables in a bounded schema.
postgres.describe_tableL1read:databasenonot declared300s / subject / slowrecordedno suppression neededbranchId, projectId, tableIdRead table columns and metadata.
postgres.list_indexesL1read:databasenonot declared300s / tenant / slowrecordedno suppression neededbranchId, projectId, tableIdList indexes for a table.
postgres.sample_rowsL1read:databasenonot declared300s / subject / slowrecordedno suppression neededbranchId, projectId, tableReturn bounded sample rows from an allowlisted table.
postgres.create_query_planL0read:databasenonot declared3600s / subject / slowrecordedno suppression neededbranchId, projectId, sqlCreate a local bounded read-query plan before execution.
postgres.execute_read_queryL1read:databasenonot declared300s / subject / slowrecordedno suppression neededbranchId, projectId, sqlExecute bounded read-only SQL.
postgres.explain_queryL1read:databasenonot declared300s / subject / slowrecordedno suppression neededbranchId, projectId, sqlRun EXPLAIN for bounded read-only SQL.
postgres.list_neon_projectsL1read:databasenonot declared300s / tenant / slowrecordedno suppression needednoneList Neon projects available to the credential.
postgres.list_neon_branchesL1read:databasenonot declared300s / tenant / slowrecordedno suppression neededprojectIdList branches for a Neon project.
postgres.create_neon_branchL3write:databasenosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runname, projectIdPlan or create an isolated Neon branch for replay or migration validation.
postgres.apply_migrationL4write:databaseyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runbranchId, idempotencyKey, projectId, sqlApply a high-impact database migration after approval.

Tool details:

postgres.list_schemas

List visible Postgres schemas.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:database
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
branchIdstring | number | boolean | object | arrayyes-Connector-specific argument.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

postgres.list_tables

List tables in a bounded schema.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:database
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
branchIdstring | number | boolean | object | arrayyes-Connector-specific argument.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

postgres.describe_table

Read table columns and metadata.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:database
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
branchIdstring | number | boolean | object | arrayyes-Connector-specific argument.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
tableIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

postgres.list_indexes

List indexes for a table.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:database
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
branchIdstring | number | boolean | object | arrayyes-Connector-specific argument.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
tableIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

postgres.sample_rows

Return bounded sample rows from an allowlisted table.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:database
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
branchIdstring | number | boolean | object | arrayyes-Connector-specific argument.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
tablestring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

postgres.create_query_plan

Create a local bounded read-query plan before execution.

Contract fieldValue
Side-effect levelL0 - Local or planning-only; no external side effect.
Policy actionread:database
Approval required by defaultno
Idempotencynot declared
Cache3600s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
branchIdstring | number | boolean | object | arrayyes-Connector-specific argument.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
sqlstringyes-SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
maxBytesintegernomin 1; max 1048576Maximum response bytes for content-like reads.
querystringno-Search string or filter expression accepted by the connector.
timeoutSecondsintegernomin 1; max 60Maximum upstream execution window.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

postgres.execute_read_query

Execute bounded read-only SQL.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:database
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
branchIdstring | number | boolean | object | arrayyes-Connector-specific argument.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
sqlstringyes-SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
maxBytesintegernomin 1; max 1048576Maximum response bytes for content-like reads.
querystringno-Search string or filter expression accepted by the connector.
timeoutSecondsintegernomin 1; max 60Maximum upstream execution window.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

postgres.explain_query

Run EXPLAIN for bounded read-only SQL.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:database
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
branchIdstring | number | boolean | object | arrayyes-Connector-specific argument.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
sqlstringyes-SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
maxBytesintegernomin 1; max 1048576Maximum response bytes for content-like reads.
querystringno-Search string or filter expression accepted by the connector.
timeoutSecondsintegernomin 1; max 60Maximum upstream execution window.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

postgres.list_neon_projects

List Neon projects available to the credential.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:database
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

postgres.list_neon_branches

List branches for a Neon project.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:database
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

postgres.create_neon_branch

Plan or create an isolated Neon branch for replay or migration validation.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:database
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
namestring | number | boolean | object | arrayyes-Connector-specific argument.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

postgres.apply_migration

Apply a high-impact database migration after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:database
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
branchIdstring | number | boolean | object | arrayyes-Connector-specific argument.
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
projectIdstring | number | boolean | object | arrayyes-Connector-specific argument.
sqlstring | number | boolean | object | arrayyes-SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

QuickBooks Online (quickbooks)

QuickBooks Online accounting connector with explicit fixture mode, fail-closed live reads, and dry-run-first accounting writes.

FieldValue
Version0.1.0
Categoriesaccounting, billing
Data classesmetadata, pii, accounting, billing, payments, inventory
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts quickbooks
Fixture selfcheckbun run apps/connectors/src/index.ts quickbooks --fixture --selfcheck
Punk docshttps://docs.punk.local/connectors/quickbooks
Vendor docshttps://developer.intuit.com/app/developer/qbo/docs/api/accounting/all-entities/accounting

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0QuickBooks Online OAuth access tokenaccess_token, realm_idPUNK_QUICKBOOKS_ACCESS_TOKEN, PUNK_QUICKBOOKS_REALM_IDcom.intuit.quickbooks.accounting-yes

Scope/data-class map:

ScopeRequirementData classes
com.intuit.quickbooks.accountingrequiredpii, accounting, billing, payments, inventory

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
quickbooks.get_company_infoL1read:accountingnonot declared3600s / tenant / slowrecordedsuppressednoneRetrieve the connected QuickBooks Online company profile.
quickbooks.query_customersL1read:accountingnonot declared120s / subject / liverecordedsuppressednoneSearch or list QuickBooks Online customers by query, customer id, email, or active status.
quickbooks.query_invoicesL1read:accountingnonot declared120s / subject / liverecordedsuppressednoneSearch QuickBooks Online invoices by customer, invoice id, document number, or payment status.
quickbooks.get_invoiceL1read:accountingnonot declared300s / subject / slowrecordedsuppressedinvoiceIdRetrieve a QuickBooks Online invoice by id.
quickbooks.create_invoice_draftL0read:accountingnosupported via idempotencyKey0s / none / staticrecordedsuppressed, dry-runcustomerId, lineItemsBuild a deterministic QuickBooks invoice draft and approval packet without calling QuickBooks.
quickbooks.create_invoiceL4write:accountingyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runcustomerId, lineItemsCreate a QuickBooks invoice only after a dry-run plan, approval metadata, and idempotency key.
quickbooks.record_paymentL4write:paymentyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runamountCents, customerId, invoiceIdRecord a QuickBooks invoice payment only after a dry-run plan, approval metadata, and idempotency key.
quickbooks.list_itemsL1read:accountingnonot declared300s / tenant / slowrecordedsuppressednoneList QuickBooks products and services with optional type and active filters.
quickbooks.query_reportsL1read:accountingnonot declared300s / tenant / slowrecordedsuppressedreportNameRetrieve a bounded QuickBooks accounting report such as Profit and Loss or Aged Receivables.
quickbooks.attach_noteL2write:accountingnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runentityId, entityType, noteAttach a note to a QuickBooks customer, invoice, payment, or item with dry-run-first write controls.

Tool details:

quickbooks.get_company_info

Retrieve the connected QuickBooks Online company profile.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:accounting
Approval required by defaultno
Idempotencynot declared
Cache3600s / tenant / slow
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: company.email, company.address; Secrets: accessToken, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

quickbooks.query_customers

Search or list QuickBooks Online customers by query, customer id, email, or active status.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:accounting
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / live
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: email, customers[].email, customers[].displayName; Secrets: accessToken, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
activebooleanno-Connector-specific argument.
cursorstringnomax length 500Opaque pagination cursor returned by a previous call.
customerIdstringnomax length 128Connector-specific argument.
emailstringnomax length 320Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringnomax length 500Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

quickbooks.query_invoices

Search QuickBooks Online invoices by customer, invoice id, document number, or payment status.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:accounting
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / live
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: customerId, invoices[].customerName; Secrets: accessToken, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringnomax length 500Opaque pagination cursor returned by a previous call.
customerIdstringnomax length 128Connector-specific argument.
docNumberstringnomax length 128Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
invoiceIdstringnomax length 128Connector-specific argument.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringnomax length 500Search string or filter expression accepted by the connector.
statusstringnoone of open, paid, overdue, voidConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

quickbooks.get_invoice

Retrieve a QuickBooks Online invoice by id.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:accounting
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: invoice.customerName; Secrets: accessToken, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
invoiceIdstringyesmin length 1; max length 128Connector-specific argument.
includeLinesbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

quickbooks.create_invoice_draft

Build a deterministic QuickBooks invoice draft and approval packet without calling QuickBooks.

Contract fieldValue
Side-effect levelL0 - Local or planning-only; no external side effect.
Policy actionread:accounting
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / static
Replaycan replay / recorded
Shadowsuppressed, dry-run
RedactionPII: email, customerId; Secrets: accessToken, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
customerIdstringyesmin length 1; max length 128Connector-specific argument.
lineItemsarrayyes-Connector-specific argument.
currencystringnomin length 3; max length 3Connector-specific argument.
docNumberstringnomax length 128Connector-specific argument.
dueDatestringno-Connector-specific argument.
emailstringnomax length 320Connector-specific argument.
memostringnomax length 2000Connector-specific argument.
txnDatestringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

quickbooks.create_invoice

Create a QuickBooks invoice only after a dry-run plan, approval metadata, and idempotency key.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:accounting
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: approval.approvedBy, email, customerId; Secrets: accessToken, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
customerIdstringyesmin length 1; max length 128Connector-specific argument.
lineItemsarrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
currencystringnomin length 3; max length 3Connector-specific argument.
docNumberstringnomax length 128Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
dueDatestringno-Connector-specific argument.
emailstringnomax length 320Connector-specific argument.
idempotencyKeystringnomin length 16; max length 255Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
memostringnomax length 2000Connector-specific argument.
planIdstringnomax length 180Connector-specific argument.
txnDatestringno-Connector-specific argument.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

quickbooks.record_payment

Record a QuickBooks invoice payment only after a dry-run plan, approval metadata, and idempotency key.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:payment
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: approval.approvedBy, customerId; Secrets: accessToken, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
amountCentsintegeryesmin 1Connector-specific argument.
customerIdstringyesmin length 1; max length 128Connector-specific argument.
invoiceIdstringyesmin length 1; max length 128Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
currencystringnomin length 3; max length 3Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomin length 16; max length 255Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
memostringnomax length 2000Connector-specific argument.
paymentDatestringno-Connector-specific argument.
planIdstringnomax length 180Connector-specific argument.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

quickbooks.list_items

List QuickBooks products and services with optional type and active filters.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:accounting
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: none declared; Secrets: accessToken, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
activebooleanno-Connector-specific argument.
cursorstringnomax length 500Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringnomax length 500Search string or filter expression accepted by the connector.
typestringnoone of Service, Inventory, NonInventory, CategoryConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

quickbooks.query_reports

Retrieve a bounded QuickBooks accounting report such as Profit and Loss or Aged Receivables.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:accounting
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: report.rows[].customerName; Secrets: accessToken, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
reportNamestringyesone of ProfitAndLoss, BalanceSheet, AgedReceivables, CustomerSalesConnector-specific argument.
accountingMethodstringnoone of Cash, AccrualConnector-specific argument.
endDatestringno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
startDatestringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

quickbooks.attach_note

Attach a note to a QuickBooks customer, invoice, payment, or item with dry-run-first write controls.

Contract fieldValue
Side-effect levelL2 - Draft, reversible, or low-impact write.
Policy actionwrite:accounting
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: note; Secrets: accessToken, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
entityIdstringyesmin length 1; max length 128Connector-specific argument.
entityTypestringyesone of customer, invoice, payment, itemConnector-specific argument.
notestringyesmin length 1; max length 2000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomin length 16; max length 255Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.

Salesforce (salesforce)

Enterprise CRM connector for Salesforce records, restricted SOQL reads, case creation, task creation, and allowlisted record updates.

FieldValue
Version0.1.0-draft
Categoriescrm, support
Data classescrm, pii, tickets, billing
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts salesforce
Fixture selfcheckbun run apps/connectors/src/index.ts salesforce --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/salesforce
Vendor docshttps://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_rest.htm

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0Salesforce Connected App OAuthaccessToken, instanceUrlPUNK_SALESFORCE_ACCESS_TOKEN, PUNK_SALESFORCE_INSTANCE_URLapirefresh_tokenyes
Bearer tokenSalesforce bearer tokenaccessToken, instanceUrlPUNK_SALESFORCE_ACCESS_TOKEN, PUNK_SALESFORCE_INSTANCE_URL--no

Scope/data-class map:

ScopeRequirementData classes
apirequiredcrm, pii, tickets
refresh_tokenoptionalcrm

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
salesforce.queryL1read:crmnonot declared60s / subject / liverecordedno suppression neededsoqlRun a restricted, bounded SELECT-only SOQL query against allowlisted objects. Tooling API and unbounded queries are not supported.
salesforce.get_recordL1read:crmnonot declared300s / subject / slowrecordedno suppression neededobjectType, recordIdGet one Salesforce record from an allowlisted object and read field allowlist.
salesforce.search_recordsL1read:crmnonot declared60s / subject / liverecordedno suppression neededobjectType, querySearch allowlisted Salesforce objects with bounded results and allowlisted output fields.
salesforce.create_taskL3write:crmyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runsubjectCreate a Salesforce Task linked to an allowlisted CRM record. This is a level 3 CRM write.
salesforce.create_caseL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-rundescription, subjectCreate a Salesforce Case from a support escalation. This is a level 3 ticket write.
salesforce.update_recordL3write:crmyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runfields, objectType, recordIdUpdate allowlisted fields on Account, Contact, Opportunity, or Case records. Permission and destructive changes are excluded from v1.

Tool details:

salesforce.query

Run a restricted, bounded SELECT-only SOQL query against allowlisted objects. Tooling API and unbounded queries are not supported.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: records[].Email, records[].Phone; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
soqlstringyesmax length 2000Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

salesforce.get_record

Get one Salesforce record from an allowlisted object and read field allowlist.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: Email, Phone; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
objectTypestringyesone of Account, Contact, Opportunity, Case, TaskConnector-specific argument.
recordIdstringyes-Connector-specific argument.
fieldsarrayno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

salesforce.search_records

Search allowlisted Salesforce objects with bounded results and allowlisted output fields.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:crm
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: records[].Email, records[].Phone; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
objectTypestringyesone of Account, Contact, Opportunity, Case, TaskConnector-specific argument.
querystringyesmax length 500Search string or filter expression accepted by the connector.
cursorstringno-Opaque pagination cursor returned by a previous call.
fieldsarrayno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

salesforce.create_task

Create a Salesforce Task linked to an allowlisted CRM record. This is a level 3 CRM write.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:crm
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: description; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
subjectstringyesmax length 255Connector-specific argument.
activityDatestringno-Connector-specific argument.
descriptionstringnomax length 5000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
ownerIdstringno-Connector-specific argument.
prioritystringnoone of Low, Normal, HighConnector-specific argument.
statusstringnoone of Not Started, In Progress, Completed, Waiting on someone else, DeferredConnector-specific argument.
whatIdstringno-Related Account, Opportunity, Case, or custom object id.
whoIdstringno-Related Contact or Lead id.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

salesforce.create_case

Create a Salesforce Case from a support escalation. This is a level 3 ticket write.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: description; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
descriptionstringyesmax length 10000Connector-specific argument.
subjectstringyesmax length 255Connector-specific argument.
accountIdstringno-Connector-specific argument.
contactIdstringno-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
originstringno-Connector-specific argument.
ownerIdstringno-Connector-specific argument.
prioritystringnoone of Low, Medium, HighConnector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

salesforce.update_record

Update allowlisted fields on Account, Contact, Opportunity, or Case records. Permission and destructive changes are excluded from v1.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:crm
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: fields.Phone, fields.Description; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
fieldsobjectyes-Connector-specific argument.
objectTypestringyesone of Account, Contact, Opportunity, CaseConnector-specific argument.
recordIdstringyes-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

Segment (segment)

Governed Segment CDP connector for workspaces, sources, destinations, warehouses, tracking plans, schemas, validation, and approval-gated data-plane changes.

FieldValue
Version0.1.0
Categoriesmarketing, data, analytics
Data classesanalytics, events, marketing, warehouse, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts segment
Fixture selfcheckbun run apps/connectors/src/index.ts segment --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/segment
Vendor docshttps://docs.segmentapis.com/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenSegment Public API tokenaccessTokenSEGMENT_ACCESS_TOKENworkspaces:read, tracking-plans:readtracking-plans:writeno

Scope/data-class map:

ScopeRequirementData classes
workspaces:readrequiredanalytics
tracking-plans:readrequiredevents
tracking-plans:writeoptionalevents

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
segment.list_workspacesL1read:analyticsnonot declared300s / tenant / slowrecordedno suppression needednoneList Segment workspaces.
segment.list_sourcesL1read:analyticsnonot declared300s / tenant / slowrecordedno suppression needednoneList Segment sources.
segment.list_destinationsL1read:analyticsnonot declared300s / tenant / slowrecordedno suppression needednoneList Segment destinations.
segment.list_warehousesL1read:analyticsnonot declared300s / tenant / slowrecordedno suppression needednoneList Segment warehouses.
segment.list_tracking_plansL1read:analyticsnonot declared300s / tenant / slowrecordedno suppression needednoneList tracking plans.
segment.get_tracking_planL1read:analyticsnonot declared300s / subject / slowrecordedno suppression neededtrackingPlanIdRead one tracking plan.
segment.list_event_schemasL1read:analyticsnonot declared300s / subject / slowrecordedno suppression neededtrackingPlanIdList tracking plan event schemas.
segment.validate_eventL0read:analyticsnonot declared300s / subject / slowrecordedno suppression neededevent, trackingPlanIdLocally validate an event against known tracking-plan rules.
segment.update_tracking_planL4write:analyticsyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runidempotencyKey, trackingPlanIdUpdate a Segment tracking plan after approval.
segment.enable_destinationL4write:analyticsyessupported via idempotencyKey0s / none / liveneversuppressed, dry-rundestinationId, enabled, idempotencyKeyEnable or disable a Segment destination after approval.

Tool details:

segment.list_workspaces

List Segment workspaces.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:analytics
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

segment.list_sources

List Segment sources.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:analytics
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

segment.list_destinations

List Segment destinations.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:analytics
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

segment.list_warehouses

List Segment warehouses.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:analytics
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

segment.list_tracking_plans

List tracking plans.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:analytics
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

segment.get_tracking_plan

Read one tracking plan.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:analytics
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
trackingPlanIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

segment.list_event_schemas

List tracking plan event schemas.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:analytics
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
trackingPlanIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

segment.validate_event

Locally validate an event against known tracking-plan rules.

Contract fieldValue
Side-effect levelL0 - Local or planning-only; no external side effect.
Policy actionread:analytics
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
eventstring | number | boolean | object | arrayyes-Connector-specific argument.
trackingPlanIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

segment.update_tracking_plan

Update a Segment tracking plan after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:analytics
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
trackingPlanIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

segment.enable_destination

Enable or disable a Segment destination after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:analytics
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
destinationIdstring | number | boolean | object | arrayyes-Connector-specific argument.
enabledbooleanyes-Connector-specific argument.
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Sentry (sentry)

Governed Sentry connector for bounded issue and event reads, release context, issue comments, assignments, and approval-gated status transitions.

FieldValue
Version0.1.0
Categoriesengineering, observability
Data classesobservability, source_code, metadata, pii
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts sentry
Fixture selfcheckbun run apps/connectors/src/index.ts sentry --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/sentry
Vendor docshttps://docs.sentry.io/api/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenSentry bearer tokenaccess_token, organization_slugSENTRY_AUTH_TOKEN, SENTRY_ORGorg:read, project:read, event:readevent:writeno
API tokenSentry internal integration tokentoken, organization_slugSENTRY_AUTH_TOKEN, SENTRY_ORG--no

Scope/data-class map:

ScopeRequirementData classes
org:readrequiredmetadata
project:readrequiredobservability, source_code, pii
event:readrequiredobservability, pii
event:writeoptionalmetadata, pii, audit

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
sentry.search_issuesL1read:observabilitynonot declared60s / tenant / liverecordedno suppression neededfrom, toSearch Sentry issues by project, query, status, release, and required bounded date range.
sentry.get_issueL1read:observabilitynonot declared120s / tenant / liverecordedno suppression neededissueIdRetrieve one Sentry issue summary with bounded body fields.
sentry.list_issue_eventsL1read:observabilitynonot declared60s / tenant / liverecordedno suppression neededfrom, issueId, toList Sentry events for one issue within a required bounded time range.
sentry.get_eventL1read:observabilitynonot declared120s / tenant / liverecordedno suppression neededeventId, projectSlugFetch one Sentry event with stack trace, request headers, cookies, and known secret fields redacted.
sentry.list_releasesL1read:repononot declared300s / tenant / slowrecordedno suppression neededprojectSlugList Sentry releases for an allowlisted project with bounded pagination.
sentry.comment_issueL3write:incidentnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbody, issueIdAdd a visible comment to a Sentry issue. Dry-run is the default.
sentry.assign_issueL3write:incidentnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runassignee, issueIdAssign or route a Sentry issue. Dry-run is the default.
sentry.update_issue_statusL4write:incidentyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runissueId, statusResolve, ignore, snooze, or reopen a Sentry issue. Non-dry-run execution requires approval metadata and an idempotency key.

Tool details:

sentry.search_issues

Search Sentry issues by project, query, status, release, and required bounded date range.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:observability
Approval required by defaultno
Idempotencynot declared
Cache60s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: issues[].assignee, issues[].culprit; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
fromstringyes-ISO 8601 start time.
tostringyes-ISO 8601 end time.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
projectSlugstringnomin length 1; max length 128Connector-specific argument.
querystringnomax length 500Search string or filter expression accepted by the connector.
releasestringnomax length 200Connector-specific argument.
statusstringnoone of unresolved, resolved, ignored, allConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

sentry.get_issue

Retrieve one Sentry issue summary with bounded body fields.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:observability
Approval required by defaultno
Idempotencynot declared
Cache120s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: issue.assignee, issue.culprit, issue.body; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
issueIdstringyesmin length 1; max length 128Connector-specific argument.
includeBodybooleanno-Optional body expansion. Defaults are bounded excerpts or metadata.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
maxBodyBytesintegernomin 1; max 20000Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

sentry.list_issue_events

List Sentry events for one issue within a required bounded time range.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:observability
Approval required by defaultno
Idempotencynot declared
Cache60s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: events[].message, events[].user; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
fromstringyes-ISO 8601 start time.
issueIdstringyesmin length 1; max length 128Connector-specific argument.
tostringyes-ISO 8601 end time.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

sentry.get_event

Fetch one Sentry event with stack trace, request headers, cookies, and known secret fields redacted.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:observability
Approval required by defaultno
Idempotencynot declared
Cache120s / tenant / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: event.request, event.stacktrace; Secrets: raw, authorization, cookie, token, secret, password

Input contract:

FieldTypeRequiredBounds / enumNotes
eventIdstringyesmin length 1; max length 128Connector-specific argument.
projectSlugstringyesmin length 1; max length 128Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
maxStackFramesintegernomin 1; max 50Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

sentry.list_releases

List Sentry releases for an allowlisted project with bounded pagination.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:repo
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
projectSlugstringyesmin length 1; max length 128Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

sentry.comment_issue

Add a visible comment to a Sentry issue. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:incident
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmin length 1; max length 5000Connector-specific argument.
issueIdstringyesmin length 1; max length 128Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

sentry.assign_issue

Assign or route a Sentry issue. Dry-run is the default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:incident
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: assignee; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
assigneestringyesmin length 1; max length 128Connector-specific argument.
issueIdstringyesmin length 1; max length 128Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

sentry.update_issue_status

Resolve, ignore, snooze, or reopen a Sentry issue. Non-dry-run execution requires approval metadata and an idempotency key.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:incident
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: approval.reason; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
issueIdstringyesmin length 1; max length 128Connector-specific argument.
statusstringyesone of resolved, unresolved, ignored, snoozedConnector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 128Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
snoozeUntilstringno-ISO 8601 timestamp required when status is snoozed.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

ServiceNow (servicenow)

Governed ServiceNow ITSM connector for incident intake, change request planning, work notes, CMDB lookup, and approval-gated state changes.

FieldValue
Version0.1.0
Categoriesincident, support
Data classestickets, pii, metadata, audit
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts servicenow
Fixture selfcheckbun run apps/connectors/src/index.ts servicenow --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/servicenow
Vendor docshttps://www.servicenow.com/docs/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0ServiceNow OAuth access tokenaccessTokenPUNK_SERVICENOW_INSTANCE_URL, PUNK_SERVICENOW_ACCESS_TOKENincident.readincident.write, change_request.read, change_request.write, cmdb.readno
Basic/API tokenServiceNow basic/API credentialusername, passwordPUNK_SERVICENOW_INSTANCE_URL, PUNK_SERVICENOW_USERNAME, PUNK_SERVICENOW_PASSWORD--no

Scope/data-class map:

ScopeRequirementData classes
incident.readrequiredtickets, pii, metadata
incident.writeoptionaltickets, pii, audit
change_request.readoptionalaudit, metadata
change_request.writeoptionalaudit, metadata
cmdb.readoptionalmetadata, audit

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
servicenow.search_incidentsL1read:ticketnonot declared30s / subject / liverecordedno suppression needednoneSearch ServiceNow incidents with bounded pagination and allowlisted fields.
servicenow.get_incidentL1read:ticketnonot declared60s / subject / liverecordedno suppression neededincidentIdRetrieve one ServiceNow incident by sys_id or number. Comments and work notes are excluded unless requested.
servicenow.create_incidentL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runshortDescriptionCreate a ServiceNow incident. dryRun defaults to true; assignment group allowlists are enforced before execution.
servicenow.update_incidentL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runfields, incidentIdPatch allowlisted ServiceNow incident fields only. Resolve, close, and cancel transitions must use change_incident_state.
servicenow.add_work_noteL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runincidentId, noteAdd an internal ServiceNow work note. Output labels the note as internal/private.
servicenow.search_change_requestsL1read:incidentnonot declared60s / subject / liverecordedno suppression needednoneSearch ServiceNow change requests with bounded pagination and limited fields.
servicenow.create_change_requestL4write:incidentyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runbackoutPlan, implementationPlan, riskImpactAnalysis, shortDescription, testPlanCreate a ServiceNow change request. Non-dry-run execution requires approval metadata and an idempotency key.
servicenow.change_incident_stateL4write:incidentyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runincidentId, stateChange a ServiceNow incident state. Resolve, close, and cancel transitions require approval metadata and an idempotency key.
servicenow.search_cmdb_itemsL1read:observabilitynonot declared300s / tenant / slowrecordedno suppression needednoneSearch allowlisted ServiceNow CMDB tables with bounded pagination.

Tool details:

servicenow.search_incidents

Search ServiceNow incidents with bounded pagination and allowlisted fields.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:ticket
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: caller, assignedTo; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
assignmentGroupstringno-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
encodedQuerystringnomax length 1000Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringnomax length 500Search string or filter expression accepted by the connector.
statestringnoone of new, in_progress, on_hold, resolved, closed, cancelledConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

servicenow.get_incident

Retrieve one ServiceNow incident by sys_id or number. Comments and work notes are excluded unless requested.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:ticket
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: comments, workNotes, caller; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
incidentIdstringyesmin length 1Connector-specific argument.
includeNotesbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

servicenow.create_incident

Create a ServiceNow incident. dryRun defaults to true; assignment group allowlists are enforced before execution.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: description, callerId; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
shortDescriptionstringyesmin length 1; max length 160Connector-specific argument.
assignmentGroupstringno-Connector-specific argument.
callerIdstringno-Connector-specific argument.
categorystringno-Connector-specific argument.
descriptionstringnomax length 8000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.
impactstringnoone of 1, 2, 3, high, medium, lowConnector-specific argument.
subcategorystringno-Connector-specific argument.
urgencystringnoone of 1, 2, 3, high, medium, lowConnector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

servicenow.update_incident

Patch allowlisted ServiceNow incident fields only. Resolve, close, and cancel transitions must use change_incident_state.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: fields.description, fields.assignedTo; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
fieldsobjectyes-Only shortDescription, description, urgency, impact, assignmentGroup, assignedTo, category, and subcategory are allowed.
incidentIdstringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

servicenow.add_work_note

Add an internal ServiceNow work note. Output labels the note as internal/private.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: note; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
incidentIdstringyesmin length 1Connector-specific argument.
notestringyesmin length 1; max length 8000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

servicenow.search_change_requests

Search ServiceNow change requests with bounded pagination and limited fields.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:incident
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
encodedQuerystringnomax length 1000Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringnomax length 500Search string or filter expression accepted by the connector.
statestringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

servicenow.create_change_request

Create a ServiceNow change request. Non-dry-run execution requires approval metadata and an idempotency key.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:incident
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: description, approval.approvedBy; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
backoutPlanstringyesmin length 1; max length 8000Connector-specific argument.
implementationPlanstringyesmin length 1; max length 8000Connector-specific argument.
riskImpactAnalysisstringyesmin length 1; max length 8000Connector-specific argument.
shortDescriptionstringyesmin length 1; max length 160Connector-specific argument.
testPlanstringyesmin length 1; max length 8000Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
assignmentGroupstringno-Connector-specific argument.
descriptionstringnomax length 8000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomin length 8; max length 255Stable caller-provided key used to dedupe write execution.
riskstringnoone of low, moderate, high, 1, 2, 3, 4Connector-specific argument.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

servicenow.change_incident_state

Change a ServiceNow incident state. Resolve, close, and cancel transitions require approval metadata and an idempotency key.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:incident
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: closeNotes, approval.approvedBy; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
incidentIdstringyesmin length 1Connector-specific argument.
statestringyesone of resolved, closed, cancelled, in_progress, on_holdConnector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
closeCodestringnomax length 160Connector-specific argument.
closeNotesstringnomax length 8000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomin length 8; max length 255Stable caller-provided key used to dedupe write execution.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

servicenow.search_cmdb_items

Search allowlisted ServiceNow CMDB tables with bounded pagination.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:observability
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
encodedQuerystringnomax length 1000Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringnomax length 500Search string or filter expression accepted by the connector.
tablestringnoone of cmdb_ci, cmdb_ci_service, cmdb_ci_server, cmdb_ci_business_appConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

Shopify (shopify)

Governed Shopify connector for products, orders, customers, inventory, fulfillment, refunds, and commerce approvals.

FieldValue
Version0.1.0
Categoriescommerce, billing
Data classescommerce, inventory, payments, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts shopify
Fixture selfcheckbun run apps/connectors/src/index.ts shopify --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/shopify
Vendor docshttps://shopify.dev/docs/api/admin-graphql/latest

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
API tokenAdmin API access tokenaccessToken, shopDomainSHOPIFY_ACCESS_TOKEN, SHOPIFY_SHOP_DOMAINread_products, write_orders-no

Scope/data-class map:

ScopeRequirementData classes
read_productsrequiredcommerce
write_ordersrequiredcommerce, payments

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
shopify.search_productsL1read:commercenonot declared300s / subject / slowrecordedno suppression needednoneSearch Shopify products.
shopify.get_productL1read:commercenonot declared300s / subject / slowrecordedno suppression neededproductIdRead Shopify product detail.
shopify.list_ordersL1read:commercenonot declared300s / subject / slowrecordedno suppression needednoneList Shopify orders.
shopify.get_orderL1read:commercenonot declared300s / subject / slowrecordedno suppression neededorderIdRead Shopify order detail.
shopify.search_customersL1read:commercenonot declared300s / subject / slowrecordedno suppression needednoneSearch Shopify customers.
shopify.get_customerL1read:commercenonot declared300s / subject / slowrecordedno suppression neededcustomerIdRead Shopify customer detail.
shopify.list_inventory_levelsL1read:commercenonot declared300s / subject / slowrecordedno suppression needednoneList Shopify inventory levels.
shopify.list_fulfillmentsL1read:commercenonot declared300s / subject / slowrecordedno suppression neededorderIdList fulfillments for an order.
shopify.add_order_noteL3write:commercenosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runnote, orderIdPlan or add an internal order note.
shopify.update_inventory_levelL4write:commerceyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runinventoryItemId, locationIdUpdate inventory after approval.
shopify.create_fulfillmentL4write:commerceyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runorderIdCreate an order fulfillment after approval.
shopify.create_refundL4write:commerceyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runamount, orderIdCreate a Shopify refund after approval.

Tool details:

shopify.search_products

Search Shopify products.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:commerce
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

shopify.get_product

Read Shopify product detail.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:commerce
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
productIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

shopify.list_orders

List Shopify orders.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:commerce
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: customerEmail; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

shopify.get_order

Read Shopify order detail.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:commerce
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
orderIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

shopify.search_customers

Search Shopify customers.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:commerce
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

shopify.get_customer

Read Shopify customer detail.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:commerce
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
customerIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

shopify.list_inventory_levels

List Shopify inventory levels.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:commerce
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

shopify.list_fulfillments

List fulfillments for an order.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:commerce
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
orderIdstringyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

shopify.add_order_note

Plan or add an internal order note.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:commerce
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: note; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
notestringyes-Connector-specific argument.
orderIdstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

shopify.update_inventory_level

Update inventory after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:commerce
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
inventoryItemIdstringyes-Connector-specific argument.
locationIdstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

shopify.create_fulfillment

Create an order fulfillment after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:commerce
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
orderIdstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

shopify.create_refund

Create a Shopify refund after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:commerce
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
amountstringyes-Connector-specific argument.
orderIdstringyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Slack (slack)

Governed Slack tools for channel discovery, message search, thread reads, handoffs, approvals, and incident updates.

FieldValue
Version0.1.0-draft
Categoriesproductivity, support, engineering
Data classeschat, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts slack
Fixture selfcheckbun run apps/connectors/src/index.ts slack --fixture --selfcheck
Punk docshttps://punk.local/docs/connectors/slack
Vendor docshttps://api.slack.com/web

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenSlack bot tokenbot_tokenSLACK_BOT_TOKENchannels:read, groups:read, channels:history, groups:history, chat:write, reactions:write, search:read-no

Scope/data-class map:

ScopeRequirementData classes
channels:readrequiredmetadata
groups:readrequiredmetadata
channels:historyrequiredchat, pii
groups:historyrequiredchat, pii
chat:writerequiredchat, pii
reactions:writerequiredchat
search:readrequiredchat, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
slack.list_channelsL1read:chatnonot declared300s / tenant / slowrecordedno suppression needednoneList public and private channels visible to the bot token.
slack.search_messagesL1read:chatnonot declared60s / subject / liverecordedno suppression neededquerySearch messages visible to the Slack credential with bounded snippets by default.
slack.get_threadL1read:chatnonot declared30s / subject / liverecordedno suppression neededchannel, threadTsRead a Slack thread by channel and root message timestamp.
slack.post_messageL3write:chatyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runchannel, textPost a user-visible Slack message. dryRun validates and returns the side-effect plan without posting.
slack.reply_threadL3write:chatyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runchannel, text, threadTsPost a reply to an existing Slack thread. dryRun validates and returns the side-effect plan without posting.
slack.update_messageL3write:chatyesnot supported0s / none / livedry_runsuppressed, dry-runchannel, text, tsUpdate a visible Slack message. Treat as governed user-visible write by default.
slack.add_reactionL2write:chatnonot declared0s / none / livedry_runsuppressed, dry-runchannel, reaction, tsAdd an emoji reaction to a Slack message. dryRun validates and returns the side-effect plan without posting.

Tool details:

slack.list_channels

List public and private channels visible to the bot token.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:chat
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeArchivedbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 200Maximum items to return. Connectors bound this value even when callers provide a larger number.
typesarrayno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

slack.search_messages

Search messages visible to the Slack credential with bounded snippets by default.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:chat
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: messages.text, messages.userName; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
querystringyesmin length 1; max length 500Search string or filter expression accepted by the connector.
channelstringno-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

slack.get_thread

Read a Slack thread by channel and root message timestamp.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:chat
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: messages.text, messages.userName; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
channelstringyesmin length 1Connector-specific argument.
threadTsstringyesmin length 1Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

slack.post_message

Post a user-visible Slack message. dryRun validates and returns the side-effect plan without posting.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:chat
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: text; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
channelstringyesmin length 1Connector-specific argument.
textstringyesmin length 1; max length 40000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 120Stable caller-provided key used to dedupe write execution.
unfurlLinksbooleanno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

slack.reply_thread

Post a reply to an existing Slack thread. dryRun validates and returns the side-effect plan without posting.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:chat
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: text; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
channelstringyesmin length 1Connector-specific argument.
textstringyesmin length 1; max length 40000Connector-specific argument.
threadTsstringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 120Stable caller-provided key used to dedupe write execution.
unfurlLinksbooleanno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

slack.update_message

Update a visible Slack message. Treat as governed user-visible write by default.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:chat
Approval required by defaultyes
Idempotencynot supported
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: text; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
channelstringyesmin length 1Connector-specific argument.
textstringyesmin length 1; max length 40000Connector-specific argument.
tsstringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

slack.add_reaction

Add an emoji reaction to a Slack message. dryRun validates and returns the side-effect plan without posting.

Contract fieldValue
Side-effect levelL2 - Draft, reversible, or low-impact write.
Policy actionwrite:chat
Approval required by defaultno
Idempotencynot declared
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
channelstringyesmin length 1Connector-specific argument.
reactionstringyes-Connector-specific argument.
tsstringyesmin length 1Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.

Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.

Snowflake (snowflake)

Governed Snowflake connector for local SQL posture plans, read-only SQL API execution, statement polling, bounded result fetches, and warehouse metadata discovery.

FieldValue
Version0.1.0
Categoriesdata
Data classeswarehouse, pii, metadata, audit
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts snowflake
Fixture selfcheckbun run apps/connectors/src/index.ts snowflake --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/snowflake
Vendor docshttps://docs.snowflake.com/en/developer-guide/sql-api/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Bearer tokenSnowflake OAuth access tokenaccessToken, accountIdentifier, warehouse, role, database, schemaPUNK_SNOWFLAKE_ACCESS_TOKEN, PUNK_SNOWFLAKE_ACCOUNT, PUNK_SNOWFLAKE_WAREHOUSE, PUNK_SNOWFLAKE_ROLE, PUNK_SNOWFLAKE_DATABASE, PUNK_SNOWFLAKE_SCHEMAsession:role, sql:read-yes

Scope/data-class map:

ScopeRequirementData classes
session:rolerequiredwarehouse, metadata, audit
sql:readrequiredwarehouse, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
snowflake.create_query_planL0read:datanonot declared0s / none / staticrecordedno suppression neededlimit, sql, timeoutSecondsLocally classify a Snowflake SQL statement, reject unsafe SQL, and return the bounded read-only execution plan without contacting Snowflake.
snowflake.execute_queryL1read:datanonot declared0s / none / liverecordedno suppression neededlimit, sql, timeoutSecondsExecute a SELECT, SHOW, or DESCRIBE statement through the Snowflake SQL API with mandatory row and timeout bounds.
snowflake.get_statement_statusL1read:datanonot declared5s / subject / liverecordedno suppression neededstatementHandlePoll one Snowflake SQL API statement handle and return non-row status metadata.
snowflake.fetch_resultsL1read:datanonot declared0s / none / liverecordedno suppression neededlimit, maxBytes, statementHandleFetch one bounded page of Snowflake SQL API results by statement handle.
snowflake.list_databasesL1read:datanonot declared3600s / tenant / staticrecordedno suppression needednoneList Snowflake databases through fixture metadata or a bounded SHOW DATABASES call.
snowflake.list_schemasL1read:datanonot declared3600s / tenant / staticrecordedno suppression needednoneList schemas for an allowed Snowflake database.
snowflake.list_tablesL1read:datanonot declared1800s / tenant / slowrecordedno suppression needednoneList tables for an allowed Snowflake database and schema.
snowflake.describe_tableL1read:datanonot declared1800s / tenant / slowrecordedno suppression neededtableReturn column metadata and approximate row counts for one allowed Snowflake table.

Tool details:

snowflake.create_query_plan

Locally classify a Snowflake SQL statement, reject unsafe SQL, and return the bounded read-only execution plan without contacting Snowflake.

Contract fieldValue
Side-effect levelL0 - Local or planning-only; no external side effect.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache0s / none / static
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: sql; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
limitintegeryesmin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
sqlstringyesmin length 1; max length 10000SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced.
timeoutSecondsintegeryesmin 1; max 60Maximum upstream execution window.
databasestringno-Connector-specific argument.
maxBytesintegernomin 256; max 65536Maximum response bytes for content-like reads.
rolestringno-Connector-specific argument.
schemastringno-Connector-specific argument.
warehousestringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

snowflake.execute_query

Execute a SELECT, SHOW, or DESCRIBE statement through the Snowflake SQL API with mandatory row and timeout bounds.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache0s / none / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: sql, rows; Secrets: authorization, accessToken

Input contract:

FieldTypeRequiredBounds / enumNotes
limitintegeryesmin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
sqlstringyesmin length 1; max length 10000SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced.
timeoutSecondsintegeryesmin 1; max 60Maximum upstream execution window.
databasestringno-Connector-specific argument.
maxBytesintegernomin 256; max 65536Maximum response bytes for content-like reads.
requestIdstringnomax length 128Connector-specific argument.
rolestringno-Connector-specific argument.
schemastringno-Connector-specific argument.
warehousestringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

snowflake.get_statement_status

Poll one Snowflake SQL API statement handle and return non-row status metadata.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache5s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, accessToken

Input contract:

FieldTypeRequiredBounds / enumNotes
statementHandlestringyesmin length 1; max length 256Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

snowflake.fetch_results

Fetch one bounded page of Snowflake SQL API results by statement handle.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache0s / none / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: rows; Secrets: authorization, accessToken

Input contract:

FieldTypeRequiredBounds / enumNotes
limitintegeryesmin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
maxBytesintegeryesmin 256; max 65536Maximum response bytes for content-like reads.
statementHandlestringyesmin length 1; max length 256Connector-specific argument.
partitionintegernomin 0Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

snowflake.list_databases

List Snowflake databases through fixture metadata or a bounded SHOW DATABASES call.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache3600s / tenant / static
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, accessToken

Input contract:

FieldTypeRequiredBounds / enumNotes
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

snowflake.list_schemas

List schemas for an allowed Snowflake database.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache3600s / tenant / static
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, accessToken

Input contract:

FieldTypeRequiredBounds / enumNotes
databasestringno-Connector-specific argument.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

snowflake.list_tables

List tables for an allowed Snowflake database and schema.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache1800s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, accessToken

Input contract:

FieldTypeRequiredBounds / enumNotes
databasestringno-Connector-specific argument.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
schemastringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

snowflake.describe_table

Return column metadata and approximate row counts for one allowed Snowflake table.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:data
Approval required by defaultno
Idempotencynot declared
Cache1800s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, accessToken

Input contract:

FieldTypeRequiredBounds / enumNotes
tablestringyesmin length 1Connector-specific argument.
databasestringno-Connector-specific argument.
schemastringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

Stripe Customer-Agent Connector (stripe)

Customer-owned Stripe account connector for billing support and finance automations. This is separate from Punk platform billing.

FieldValue
Version0.1.0
Categoriesbilling
Data classespii, billing, payments
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts stripe
Fixture selfcheckbun run apps/connectors/src/index.ts stripe --fixture --selfcheck
Punk docshttps://docs.punk.local/connectors/stripe
Vendor docshttps://docs.stripe.com/api

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
API tokenRestricted Stripe secret keyapi_keyPUNK_STRIPE_CUSTOMER_AGENT_API_KEY--no

Scope/data-class map:

ScopeRequirementData classes
---

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
stripe.search_customersL1read:billingnonot declared120s / subject / liverecordedsuppressednoneSearch or list Stripe customers by query, email, or customer id prefix.
stripe.get_customerL1read:billingnonot declared300s / subject / slowrecordedsuppressedcustomerIdRetrieve a Stripe customer by id with optional subscription summary.
stripe.list_invoicesL1read:billingnonot declared120s / subject / liverecordedsuppressednoneList Stripe invoices with bounded pagination and optional customer/subscription filters.
stripe.get_invoiceL1read:billingnonot declared300s / subject / slowrecordedsuppressedinvoiceIdRetrieve a Stripe invoice by id with optionally expanded line summaries.
stripe.list_subscriptionsL1read:billingnonot declared120s / subject / liverecordedsuppressednoneList Stripe subscriptions by customer and status.
stripe.get_payment_intentL1read:billingnonot declared300s / subject / slowrecordedsuppressedpaymentIntentIdRetrieve a Stripe payment intent by id for duplicate-charge and refund review.
stripe.create_refund_planL0read:paymentnosupported via idempotencyKey0s / none / staticrecordedsuppressed, dry-runnoneCreate a local refund approval packet. This never calls Stripe and never moves money.
stripe.create_refundL4write:paymentyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runamountCentsCreate a Stripe refund only after a dry-run plan, approval metadata, amount cap check, and idempotency key.
stripe.cancel_subscriptionL4write:paymentyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runsubscriptionIdCancel a Stripe subscription only after a dry-run plan, approval metadata, and idempotency key.

Tool details:

stripe.search_customers

Search or list Stripe customers by query, email, or customer id prefix.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:billing
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / live
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: email, customer.email, customers[].email; Secrets: apiKey, authorization, client_secret

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringnomax length 500Opaque pagination cursor returned by a previous call.
customerIdstringnomax length 128Connector-specific argument.
emailstringnomax length 320Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringnomax length 500Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

stripe.get_customer

Retrieve a Stripe customer by id with optional subscription summary.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:billing
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: customer.email, customer.name, customer.phone; Secrets: apiKey, authorization, client_secret

Input contract:

FieldTypeRequiredBounds / enumNotes
customerIdstringyesmin length 1; max length 128Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
includeSubscriptionsbooleanno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

stripe.list_invoices

List Stripe invoices with bounded pagination and optional customer/subscription filters.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:billing
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / live
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: customer_email, invoices[].customerEmail, invoices[].customerName; Secrets: apiKey, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringnomax length 500Opaque pagination cursor returned by a previous call.
customerIdstringnomax length 128Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
statusstringnoone of draft, open, paid, uncollectible, voidConnector-specific argument.
subscriptionIdstringnomax length 128Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

stripe.get_invoice

Retrieve a Stripe invoice by id with optionally expanded line summaries.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:billing
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: customer_email, invoice.customerEmail, invoice.customerName; Secrets: apiKey, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
invoiceIdstringyesmin length 1; max length 128Connector-specific argument.
includeLinesbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

stripe.list_subscriptions

List Stripe subscriptions by customer and status.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:billing
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / live
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: customerId, subscriptions[].customerId; Secrets: apiKey, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringnomax length 500Opaque pagination cursor returned by a previous call.
customerIdstringnomax length 128Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
statusstringnoone of active, trialing, past_due, canceled, unpaid, incomplete, allConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

stripe.get_payment_intent

Retrieve a Stripe payment intent by id for duplicate-charge and refund review.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:billing
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowsuppressed
RedactionPII: customerId; Secrets: apiKey, authorization, client_secret

Input contract:

FieldTypeRequiredBounds / enumNotes
paymentIntentIdstringyesmin length 1; max length 128Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

stripe.create_refund_plan

Create a local refund approval packet. This never calls Stripe and never moves money.

Contract fieldValue
Side-effect levelL0 - Local or planning-only; no external side effect.
Policy actionread:payment
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / static
Replaycan replay / recorded
Shadowsuppressed, dry-run
RedactionPII: requestedBy, customerId; Secrets: apiKey, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
amountCentsintegernomin 1Connector-specific argument.
chargeIdstringnomax length 128Connector-specific argument.
currencystringnomin length 3; max length 3Connector-specific argument.
customerIdstringnomax length 128Connector-specific argument.
memostringnomax length 2000Connector-specific argument.
paymentIntentIdstringnomax length 128Connector-specific argument.
reasonstringnoone of duplicate, fraudulent, requested_by_customer, otherConnector-specific argument.
requestedBystringnomax length 320Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

stripe.create_refund

Create a Stripe refund only after a dry-run plan, approval metadata, amount cap check, and idempotency key.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:payment
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: approval.approvedBy, customerId; Secrets: apiKey, authorization, client_secret

Input contract:

FieldTypeRequiredBounds / enumNotes
amountCentsintegeryesmin 1Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
chargeIdstringnomax length 128Connector-specific argument.
currencystringnomin length 3; max length 3Connector-specific argument.
customerIdstringnomax length 128Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomin length 16; max length 255Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
memostringnomax length 2000Connector-specific argument.
paymentIntentIdstringnomax length 128Connector-specific argument.
planIdstringnomax length 160Connector-specific argument.
reasonstringnoone of duplicate, fraudulent, requested_by_customer, otherConnector-specific argument.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

stripe.cancel_subscription

Cancel a Stripe subscription only after a dry-run plan, approval metadata, and idempotency key.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:payment
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: approval.approvedBy, customerId; Secrets: apiKey, authorization

Input contract:

FieldTypeRequiredBounds / enumNotes
subscriptionIdstringyesmin length 1; max length 128Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cancellationReasonstringnomax length 2000Connector-specific argument.
customerIdstringnomax length 128Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomin length 16; max length 255Stable caller-provided key used to dedupe write execution.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
invoiceNowbooleanno-Connector-specific argument.
planIdstringnomax length 160Connector-specific argument.
proratebooleanno-Connector-specific argument.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Twilio (twilio)

Governed Twilio connector for phone lookup, SMS and WhatsApp history, media metadata, voice metadata, and dry-run-first customer communications.

FieldValue
Version0.1.0
Categoriescommunications, support
Data classescommunications, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts twilio
Fixture selfcheckbun run apps/connectors/src/index.ts twilio --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/twilio
Vendor docshttps://www.twilio.com/docs/messaging/api

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
Basic/API tokenTwilio Account SID and Auth Tokenaccount_sid, auth_tokenTWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN, PUNK_TWILIO_ACCOUNT_SID, PUNK_TWILIO_AUTH_TOKENmessages:readlookups:read, messages:create, calls:read, calls:createno

Scope/data-class map:

ScopeRequirementData classes
lookups:readoptionalcommunications, pii
messages:readrequiredcommunications, pii
messages:createoptionalcommunications, pii
calls:readoptionalcommunications, pii
calls:createoptionalcommunications, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
twilio.lookup_phone_numberL1read:communicationsnonot declared3600s / subject / slowrecordedno suppression neededphoneNumberValidate and normalize a phone number using Twilio Lookup when available.
twilio.list_messagesL1read:communicationsnonot declared30s / subject / liverecordedno suppression needednoneList bounded SMS or WhatsApp message history by number, date, or direction.
twilio.get_messageL1read:communicationsnonot declared60s / subject / liverecordedno suppression neededmessageSidRetrieve one Twilio message and delivery status, with message body omitted unless requested.
twilio.get_mediaL1read:communicationsnonot declared60s / subject / liverecordedno suppression neededmessageSidRead bounded Twilio media metadata. Binary media content is excluded in v1.
twilio.create_message_draftL0read:communicationsnonot declared0s / none / liverecordeddry-runbody, toCreate a local SMS or WhatsApp message plan without contacting Twilio.
twilio.send_smsL3write:communicationsyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbody, toSend an SMS through a dry-run-first side-effect plan. Live sends require explicit enablement and allowlisted parties.
twilio.send_whatsapp_messageL3write:communicationsyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runtoSend a WhatsApp message through a dry-run-first side-effect plan with template/body controls.
twilio.list_callsL1read:communicationsnonot declared30s / subject / liverecordedno suppression needednoneList bounded Twilio voice call metadata without downloading recordings.
twilio.get_callL1read:communicationsnonot declared60s / subject / liverecordedno suppression neededcallSidRetrieve one Twilio call metadata record, with optional recording metadata only.
twilio.start_callL4write:communicationsyessupported via idempotencyKey0s / none / liveneversuppressed, dry-runfrom, toStart a voice call. This level 4 action is disabled by default and requires explicit enablement, approval metadata, and an idempotency key.

Tool details:

twilio.lookup_phone_number

Validate and normalize a phone number using Twilio Lookup when available.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:communications
Approval required by defaultno
Idempotencynot declared
Cache3600s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: phoneNumber, nationalFormat; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
phoneNumberstringyesmin length 3; max length 64Connector-specific argument.
includeCarrierbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

twilio.list_messages

List bounded SMS or WhatsApp message history by number, date, or direction.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:communications
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: messages[].from, messages[].to, messages[].body, messages[].bodyPreview; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
dateSentAfterstringno-ISO date lower bound.
dateSentBeforestringno-ISO date upper bound.
directionstringnoone of inbound, outbound-api, outbound-call, outbound-replyConnector-specific argument.
fromstringnomax length 128Connector-specific argument.
includeBodybooleanno-Optional body expansion. Defaults are bounded excerpts or metadata.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
maxBodyBytesintegernomin 0; max 5000Connector-specific argument.
pageTokenstringnomin length 1Connector-specific argument.
tostringnomax length 128Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

twilio.get_message

Retrieve one Twilio message and delivery status, with message body omitted unless requested.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:communications
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: message.from, message.to, message.body, message.bodyPreview; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
messageSidstringyesmin length 1Connector-specific argument.
includeBodybooleanno-Optional body expansion. Defaults are bounded excerpts or metadata.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
maxBodyBytesintegernomin 0; max 10000Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

twilio.get_media

Read bounded Twilio media metadata. Binary media content is excluded in v1.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:communications
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
messageSidstringyesmin length 1Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
mediaSidstringnomin length 1Connector-specific argument.
pageTokenstringnomin length 1Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

twilio.create_message_draft

Create a local SMS or WhatsApp message plan without contacting Twilio.

Contract fieldValue
Side-effect levelL0 - Local or planning-only; no external side effect.
Policy actionread:communications
Approval required by defaultno
Idempotencynot declared
Cache0s / none / live
Replaycan replay / recorded
Shadowdry-run
RedactionPII: to, from, body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmin length 1; max length 1600Connector-specific argument.
tostringyesmax length 128Connector-specific argument.
channelstringnoone of sms, whatsappConnector-specific argument.
fromstringnomax length 128Connector-specific argument.
templateSidstringnomax length 64Connector-specific argument.
variablesobjectno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

twilio.send_sms

Send an SMS through a dry-run-first side-effect plan. Live sends require explicit enablement and allowlisted parties.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:communications
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: to, from, body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmin length 1; max length 1600Connector-specific argument.
tostringyesmax length 128Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
fromstringnomax length 128Connector-specific argument.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.
messagingServiceSidstringnomax length 64Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

twilio.send_whatsapp_message

Send a WhatsApp message through a dry-run-first side-effect plan with template/body controls.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:communications
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: to, from, body, variables; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
tostringyesmax length 128Connector-specific argument.
bodystringnomax length 1600Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
fromstringnomax length 128Connector-specific argument.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.
messagingServiceSidstringnomax length 64Connector-specific argument.
templateSidstringnomax length 64Connector-specific argument.
variablesobjectno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

twilio.list_calls

List bounded Twilio voice call metadata without downloading recordings.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:communications
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: calls[].from, calls[].to; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
fromstringnomax length 128Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
pageTokenstringnomin length 1Connector-specific argument.
startTimeAfterstringno-ISO date lower bound.
startTimeBeforestringno-ISO date upper bound.
statusstringnoone of queued, ringing, in-progress, completed, busy, failed, no-answer, canceledConnector-specific argument.
tostringnomax length 128Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

twilio.get_call

Retrieve one Twilio call metadata record, with optional recording metadata only.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:communications
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: call.from, call.to; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
callSidstringyesmin length 1Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
includeRecordingsbooleanno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

twilio.start_call

Start a voice call. This level 4 action is disabled by default and requires explicit enablement, approval metadata, and an idempotency key.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:communications
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: to, from, twiml; Secrets: url

Input contract:

FieldTypeRequiredBounds / enumNotes
fromstringyesmax length 128Connector-specific argument.
tostringyesmax length 128Connector-specific argument.
approvalIdstringnomax length 255Connector-specific argument.
approvedBystringnomax length 255Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.
twimlstringnomax length 4000Connector-specific argument.
urlstringnomax length 2000Connector-specific argument.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Vanta (vanta)

Governed Vanta connector for compliance control, test, evidence, and vendor-risk reads plus dry-run-first evidence and vendor status writes.

FieldValue
Version0.1.0
Categoriescompliance, security
Data classescompliance, audit, documents, pii, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts vanta
Fixture selfcheckbun run apps/connectors/src/index.ts vanta --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/vanta
Vendor docshttps://developer.vanta.com/reference/overview

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
API tokenVanta API tokenapiTokenPUNK_VANTA_API_TOKENcontrols:read, tests:readevidence:read, evidence:write, vendors:read, vendors:writeno

Scope/data-class map:

ScopeRequirementData classes
controls:readrequiredcompliance, audit
tests:readrequiredcompliance, audit
evidence:readoptionaldocuments, compliance, pii
evidence:writeoptionaldocuments, compliance, pii
vendors:readoptionalcompliance, metadata, pii
vendors:writeoptionalcompliance, audit, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
vanta.list_controlsL1read:compliancenonot declared300s / tenant / slowrecordedno suppression needednoneList Vanta controls with optional framework and status filters using bounded pagination.
vanta.get_controlL1read:compliancenonot declared300s / subject / slowrecordedno suppression neededcontrolIdRetrieve one Vanta control with owner, framework, and status metadata.
vanta.list_testsL1read:compliancenonot declared180s / tenant / slowrecordedno suppression needednoneList Vanta test status by framework or control with bounded pagination.
vanta.get_testL1read:compliancenonot declared180s / subject / slowrecordedno suppression neededtestIdRetrieve one Vanta test and its evidence requirements.
vanta.list_evidenceL1read:compliancenonot declared120s / subject / slowrecordedno suppression needednoneList Vanta evidence metadata for a control or test. File contents are never returned.
vanta.upload_evidence_planL0read:compliancenonot declared0s / none / staticrecordedsuppressed, dry-runfileName, mimeType, sizeBytesLocally validate an evidence upload and return an auditable side-effect plan without contacting Vanta.
vanta.upload_evidenceL3write:complianceyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runfileName, mimeType, sizeBytesUpload bounded evidence metadata/content to Vanta. dryRun defaults to true and live writes require explicit write enablement plus approval metadata.
vanta.list_vendorsL1read:compliancenonot declared300s / tenant / slowrecordedno suppression needednoneList Vanta vendors and security-review metadata with bounded pagination.
vanta.get_vendorL1read:compliancenonot declared300s / subject / slowrecordedno suppression neededvendorIdRetrieve one Vanta vendor and its security-review status.
vanta.update_vendor_statusL3write:complianceyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runstatus, vendorIdUpdate a Vanta vendor compliance-review status/comment. dryRun defaults to true and non-dry-run live writes require explicit write enablement plus approval metadata.

Tool details:

vanta.list_controls

List Vanta controls with optional framework and status filters using bounded pagination.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:compliance
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: controls[].owner; Secrets: authorization, apiToken, raw

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
frameworkstringno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
statusstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

vanta.get_control

Retrieve one Vanta control with owner, framework, and status metadata.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:compliance
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: control.owner; Secrets: authorization, apiToken, raw

Input contract:

FieldTypeRequiredBounds / enumNotes
controlIdstringyesmin length 1Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

vanta.list_tests

List Vanta test status by framework or control with bounded pagination.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:compliance
Approval required by defaultno
Idempotencynot declared
Cache180s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: tests[].owner; Secrets: authorization, apiToken, raw

Input contract:

FieldTypeRequiredBounds / enumNotes
controlIdstringno-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
frameworkstringno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
statusstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

vanta.get_test

Retrieve one Vanta test and its evidence requirements.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:compliance
Approval required by defaultno
Idempotencynot declared
Cache180s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: test.owner, test.evidenceRequirements; Secrets: authorization, apiToken, raw

Input contract:

FieldTypeRequiredBounds / enumNotes
testIdstringyesmin length 1Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

vanta.list_evidence

List Vanta evidence metadata for a control or test. File contents are never returned.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:compliance
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: evidence[].createdBy; Secrets: authorization, apiToken, raw, downloadUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
controlIdstringno-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
testIdstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

vanta.upload_evidence_plan

Locally validate an evidence upload and return an auditable side-effect plan without contacting Vanta.

Contract fieldValue
Side-effect levelL0 - Local or planning-only; no external side effect.
Policy actionread:compliance
Approval required by defaultno
Idempotencynot declared
Cache0s / none / static
Replaycan replay / recorded
Shadowsuppressed, dry-run
RedactionPII: fileName, description; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
fileNamestringyesmin length 1; max length 255Connector-specific argument.
mimeTypestringyesmin length 1; max length 120Connector-specific argument.
sizeBytesintegeryesmin 1; max 10485760Connector-specific argument.
controlIdstringno-Connector-specific argument.
descriptionstringnomax length 2000Connector-specific argument.
sha256stringnomax length 128Connector-specific argument.
testIdstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

vanta.upload_evidence

Upload bounded evidence metadata/content to Vanta. dryRun defaults to true and live writes require explicit write enablement plus approval metadata.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:compliance
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: fileName, description, contentBase64; Secrets: authorization, apiToken

Input contract:

FieldTypeRequiredBounds / enumNotes
fileNamestringyesmin length 1; max length 255Connector-specific argument.
mimeTypestringyesmin length 1; max length 120Connector-specific argument.
sizeBytesintegeryesmin 1; max 10485760Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
contentBase64stringnomax length 13981016Connector-specific argument.
controlIdstringno-Connector-specific argument.
descriptionstringnomax length 2000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.
sha256stringnomax length 128Connector-specific argument.
testIdstringno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

vanta.list_vendors

List Vanta vendors and security-review metadata with bounded pagination.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:compliance
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: vendors[].owner; Secrets: authorization, apiToken, raw

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
statusstringno-Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

vanta.get_vendor

Retrieve one Vanta vendor and its security-review status.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:compliance
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: vendor.owner, vendor.contactEmail; Secrets: authorization, apiToken, raw

Input contract:

FieldTypeRequiredBounds / enumNotes
vendorIdstringyesmin length 1Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

vanta.update_vendor_status

Update a Vanta vendor compliance-review status/comment. dryRun defaults to true and non-dry-run live writes require explicit write enablement plus approval metadata.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:compliance
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: comment, approval; Secrets: authorization, apiToken

Input contract:

FieldTypeRequiredBounds / enumNotes
statusstringyesone of not_started, in_review, approved, needs_remediation, rejectedConnector-specific argument.
vendorIdstringyesmin length 1Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
commentstringnomax length 2000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

Workday (workday)

Governed Workday connector for worker, org, job, role, absence, and lifecycle workflows with strict HR approval gates.

FieldValue
Version0.1.0
Categorieshr, recruiting, identity
Data classeshr, recruiting, identity, pii, audit, metadata
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts workday
Fixture selfcheckbun run apps/connectors/src/index.ts workday --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/workday
Vendor docshttps://community.workday.com/sites/default/files/file-hosting/restapi/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0Workday OAuth access tokenaccessTokenWORKDAY_ACCESS_TOKENworkers:read, organizations:readworkers:writeyes

Scope/data-class map:

ScopeRequirementData classes
workers:readrequiredhr, pii
organizations:readrequiredhr
workers:writeoptionalhr, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
workday.search_workersL1read:hrnonot declared300s / subject / slowrecordedno suppression needednoneSearch Workday workers.
workday.get_workerL1read:hrnonot declared300s / subject / slowrecordedno suppression neededworkerIdRead one worker profile.
workday.list_orgsL1read:hrnonot declared300s / tenant / slowrecordedno suppression needednoneList Workday organizations.
workday.list_jobsL1read:hrnonot declared300s / tenant / slowrecordedno suppression needednoneList Workday jobs.
workday.list_rolesL1read:hrnonot declared300s / subject / slowrecordedno suppression neededworkerIdList worker roles.
workday.list_time_offL1read:hrnonot declared300s / subject / slowrecordedno suppression neededworkerIdList worker absence and time-off records.
workday.plan_worker_lifecycleL3write:hrnosupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runworkerIdCreate a dry-run HR lifecycle plan.
workday.update_worker_profileL4write:hryessupported via idempotencyKey0s / none / liveneversuppressed, dry-runidempotencyKey, workerIdUpdate HR profile fields after approval.
workday.request_time_offL4write:hryessupported via idempotencyKey0s / none / liveneversuppressed, dry-runendDate, idempotencyKey, startDate, workerIdSubmit time off for a worker after approval.
workday.terminate_workerL4write:hryessupported via idempotencyKey0s / none / liveneversuppressed, dry-runidempotencyKey, workerIdInitiate worker termination after approval.

Tool details:

workday.search_workers

Search Workday workers.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:hr
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

workday.get_worker

Read one worker profile.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:hr
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
workerIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

workday.list_orgs

List Workday organizations.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:hr
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

workday.list_jobs

List Workday jobs.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:hr
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

workday.list_roles

List worker roles.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:hr
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
workerIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

workday.list_time_off

List worker absence and time-off records.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:hr
Approval required by defaultno
Idempotencynot declared
Cache300s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
workerIdstring | number | boolean | object | arrayyes-Connector-specific argument.
cursorstringno-Opaque pagination cursor returned by a previous call.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

workday.plan_worker_lifecycle

Create a dry-run HR lifecycle plan.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:hr
Approval required by defaultno
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
workerIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

workday.update_worker_profile

Update HR profile fields after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:hr
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
workerIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

workday.request_time_off

Submit time off for a worker after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:hr
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
endDatestring | number | boolean | object | arrayyes-Connector-specific argument.
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
startDatestring | number | boolean | object | arrayyes-Connector-specific argument.
workerIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

workday.terminate_worker

Initiate worker termination after approval.

Contract fieldValue
Side-effect levelL4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution.
Policy actionwrite:hr
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycannot replay / never
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl

Input contract:

FieldTypeRequiredBounds / enumNotes
idempotencyKeystringyes-Stable caller-provided key used to dedupe write execution.
workerIdstring | number | boolean | object | arrayyes-Connector-specific argument.
approvalobjectno-Approval metadata required before level 4 actions can execute.
cursorstringno-Opaque pagination cursor returned by a previous call.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
limitintegernomin 1; max 100Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.

Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.

Zendesk (zendesk)

Support ticket connector for Zendesk with governed reads, explicit public replies versus internal notes, and level 3 ticket writes.

FieldValue
Version0.1.0-draft
Categoriessupport
Data classestickets, pii
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts zendesk
Fixture selfcheckbun run apps/connectors/src/index.ts zendesk --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/zendesk
Vendor docshttps://developer.zendesk.com/api-reference/ticketing/tickets/tickets/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0Zendesk OAuth access tokenaccessToken, subdomainPUNK_ZENDESK_ACCESS_TOKEN, PUNK_ZENDESK_SUBDOMAINread, write-no
API tokenZendesk email plus API tokenemail, apiToken, subdomainPUNK_ZENDESK_EMAIL, PUNK_ZENDESK_API_TOKEN, PUNK_ZENDESK_SUBDOMAIN--no

Scope/data-class map:

ScopeRequirementData classes
readrequiredtickets, pii
writerequiredtickets, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
zendesk.search_ticketsL1read:ticketnonot declared30s / subject / liverecordedno suppression needednoneSearch Zendesk tickets by requester, subject, status, priority, group, brand, or tag.
zendesk.get_ticketL1read:ticketnonot declared120s / subject / slowrecordedno suppression neededticketIdGet a Zendesk ticket by id with bounded normalized comments and optional raw payload.
zendesk.search_usersL1read:ticketnonot declared120s / subject / slowrecordedno suppression needednoneSearch Zendesk users by name, email, organization, or role.
zendesk.create_ticketL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbody, initialCommentVisibility, requesterEmail, subjectCreate a Zendesk ticket. Initial comment visibility must be explicit: public_reply or internal_note.
zendesk.comment_ticketL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runbody, ticketId, visibilityAdd a Zendesk ticket comment. Visibility is required and public_reply is customer-visible.
zendesk.update_ticketL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runfields, ticketIdUpdate allowlisted Zendesk ticket routing and lifecycle fields. Comments must use zendesk.comment_ticket.
zendesk.add_tagsL3write:ticketyessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runtags, ticketIdAdd tags to a Zendesk ticket. Classified as level 3 because tags can drive customer-visible automation.

Tool details:

zendesk.search_tickets

Search Zendesk tickets by requester, subject, status, priority, group, brand, or tag.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:ticket
Approval required by defaultno
Idempotencynot declared
Cache30s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: requesterEmail; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
brandIdstringno-Optional brand filter; checked against tenant allowlist when configured.
cursorstringno-Opaque pagination cursor returned by a previous call.
groupIdstringno-Optional group filter; checked against tenant allowlist when configured.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
prioritystringnoone of low, normal, high, urgentConnector-specific argument.
querystringno-Search string or filter expression accepted by the connector.
statusstringnoone of new, open, pending, hold, solved, closedConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

zendesk.get_ticket

Get a Zendesk ticket by id with bounded normalized comments and optional raw payload.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:ticket
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: requesterEmail, comments.body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
ticketIdstringyes-Connector-specific argument.
includeCommentsbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

zendesk.search_users

Search Zendesk users by name, email, organization, or role.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:ticket
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: email; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
cursorstringno-Opaque pagination cursor returned by a previous call.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
querystringno-Search string or filter expression accepted by the connector.
rolestringnoone of end-user, agent, adminConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

zendesk.create_ticket

Create a Zendesk ticket. Initial comment visibility must be explicit: public_reply or internal_note.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: requesterEmail, body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmax length 10000Connector-specific argument.
initialCommentVisibilitystringyesone of public_reply, internal_noteConnector-specific argument.
requesterEmailstringyes-Connector-specific argument.
subjectstringyesmax length 300Connector-specific argument.
brandIdstringno-Checked against tenant allowlist when configured.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
groupIdstringno-Checked against tenant allowlist when configured.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.
prioritystringnoone of low, normal, high, urgentConnector-specific argument.
tagsarrayno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

zendesk.comment_ticket

Add a Zendesk ticket comment. Visibility is required and public_reply is customer-visible.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: body; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
bodystringyesmax length 10000Connector-specific argument.
ticketIdstringyes-Connector-specific argument.
visibilitystringyesone of public_reply, internal_noteConnector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

zendesk.update_ticket

Update allowlisted Zendesk ticket routing and lifecycle fields. Comments must use zendesk.comment_ticket.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
fieldsobjectyes-Allowed fields: status, priority, assignee_id, group_id, brand_id, custom_status_id.
ticketIdstringyes-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

zendesk.add_tags

Add tags to a Zendesk ticket. Classified as level 3 because tags can drive customer-visible automation.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:ticket
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: none declared; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
tagsarrayyes-Connector-specific argument.
ticketIdstringyes-Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringno-Stable caller-provided key used to dedupe write execution.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

Zoom (zoom)

Governed Zoom connector for meeting metadata, recordings, transcripts, webinars, and dry-run-first meeting changes.

FieldValue
Version0.1.0
Categoriesproductivity, communications
Data classescalendar, recordings, pii, documents, metadata, identity
Default transportstdio
Runtime commandbun run apps/connectors/src/index.ts zoom
Fixture selfcheckbun run apps/connectors/src/index.ts zoom --fixture --selfcheck
Punk docshttps://docs.punk.dev/connectors/zoom
Vendor docshttps://developers.zoom.us/docs/api/

Auth requirements:

Auth modeLabelRequired credential fieldsRequired env varsRequired scopesOptional scopesOAuth refresh
OAuth 2.0Zoom OAuth access tokenaccess_tokenZOOM_ACCESS_TOKEN, PUNK_ZOOM_ACCESS_TOKENuser:read, meeting:readrecording:read, webinar:read, meeting:writeno

Scope/data-class map:

ScopeRequirementData classes
user:readrequiredidentity, pii
meeting:readrequiredcalendar, pii
recording:readoptionalrecordings, documents, pii
webinar:readoptionalcalendar, pii
meeting:writeoptionalcalendar, pii

Tool summary:

ToolLevelActionApprovalIdempotencyCache TTL/scope/freshnessReplayShadowRequired inputsDescription
zoom.list_usersL1read:identitynonot declared300s / tenant / slowrecordedno suppression needednoneList Zoom users with bounded pagination for meeting ownership lookup.
zoom.list_meetingsL1read:calendarnonot declared60s / subject / liverecordedno suppression needednoneList upcoming or previous Zoom meetings for one user with bounded pagination.
zoom.get_meetingL1read:calendarnonot declared120s / subject / liverecordedno suppression neededmeetingIdRetrieve one Zoom meeting. Join URLs are redacted unless explicitly requested.
zoom.list_recordingsL1read:documentsnonot declared60s / subject / liverecordedno suppression needednoneList Zoom cloud recordings by user and date range. Download/play URLs are always redacted.
zoom.get_recording_transcriptL1read:documentsnonot declared120s / subject / liverecordedno suppression neededmeetingIdRetrieve a bounded transcript excerpt by default; full transcript requires an explicit flag and byte limit.
zoom.list_webinarsL1read:calendarnonot declared60s / subject / liverecordedno suppression needednoneList optional Zoom webinar metadata for one user with bounded pagination.
zoom.create_meetingL3write:calendaryessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-rundurationMinutes, startTime, topicCreate a Zoom meeting through a dry-run-first side-effect plan. Live writes require explicit enablement and an idempotency key.
zoom.update_meetingL3write:calendaryessupported via idempotencyKey0s / none / livedry_runsuppressed, dry-runmeetingIdPatch allowlisted Zoom meeting fields through a dry-run-first side-effect plan.

Tool details:

zoom.list_users

List Zoom users with bounded pagination for meeting ownership lookup.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:identity
Approval required by defaultno
Idempotencynot declared
Cache300s / tenant / slow
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: users[].email, users[].displayName; Secrets: raw

Input contract:

FieldTypeRequiredBounds / enumNotes
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
pageTokenstringnomin length 1Connector-specific argument.
statusstringnoone of active, inactive, pendingConnector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

zoom.list_meetings

List upcoming or previous Zoom meetings for one user with bounded pagination.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:calendar
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: meetings[].topic, meetings[].hostEmail; Secrets: meetings[].joinUrl, raw

Input contract:

FieldTypeRequiredBounds / enumNotes
fromstringno-Optional ISO date lower bound for previous meetings.
includeJoinUrlbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
pageTokenstringnomin length 1Connector-specific argument.
tostringno-Optional ISO date upper bound for previous meetings.
typestringnoone of upcoming, previous, scheduledConnector-specific argument.
userIdstringnomin length 1Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

zoom.get_meeting

Retrieve one Zoom meeting. Join URLs are redacted unless explicitly requested.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:calendar
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: meeting.topic, meeting.hostEmail; Secrets: meeting.joinUrl, raw

Input contract:

FieldTypeRequiredBounds / enumNotes
meetingIdstringyesmin length 1Connector-specific argument.
includeJoinUrlbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

zoom.list_recordings

List Zoom cloud recordings by user and date range. Download/play URLs are always redacted.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: recordings[].topic; Secrets: recordings[].files[].downloadUrl, recordings[].files[].playUrl, raw

Input contract:

FieldTypeRequiredBounds / enumNotes
fromstringno-ISO date lower bound.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 25Maximum items to return. Connectors bound this value even when callers provide a larger number.
pageTokenstringnomin length 1Connector-specific argument.
tostringno-ISO date upper bound.
userIdstringnomin length 1Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

zoom.get_recording_transcript

Retrieve a bounded transcript excerpt by default; full transcript requires an explicit flag and byte limit.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:documents
Approval required by defaultno
Idempotencynot declared
Cache120s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: transcript.text, transcript.excerpt; Secrets: transcript.downloadUrl, raw

Input contract:

FieldTypeRequiredBounds / enumNotes
meetingIdstringyesmin length 1Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
includeTranscriptbooleanno-Connector-specific argument.
maxBytesintegernomin 100; max 50000Maximum response bytes for content-like reads.
recordingIdstringnomin length 1Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

zoom.list_webinars

List optional Zoom webinar metadata for one user with bounded pagination.

Contract fieldValue
Side-effect levelL1 - Read-only external access.
Policy actionread:calendar
Approval required by defaultno
Idempotencynot declared
Cache60s / subject / live
Replaycan replay / recorded
Shadowno suppression needed
RedactionPII: webinars[].topic, webinars[].hostEmail; Secrets: webinars[].joinUrl, raw

Input contract:

FieldTypeRequiredBounds / enumNotes
includeJoinUrlbooleanno-Connector-specific argument.
includeRawbooleanno-Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response.
limitintegernomin 1; max 50Maximum items to return. Connectors bound this value even when callers provide a larger number.
pageTokenstringnomin length 1Connector-specific argument.
typestringnoone of upcoming, pastConnector-specific argument.
userIdstringnomin length 1Connector-specific argument.

Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.

zoom.create_meeting

Create a Zoom meeting through a dry-run-first side-effect plan. Live writes require explicit enablement and an idempotency key.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:calendar
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: topic, agenda; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
durationMinutesintegeryesmin 1; max 1440Connector-specific argument.
startTimestringyes-ISO 8601 start datetime.
topicstringyesmin length 1; max length 300Connector-specific argument.
agendastringnomax length 2000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.
joinBeforeHostbooleanno-Connector-specific argument.
timezonestringnomax length 100Connector-specific argument.
userIdstringnomin length 1Connector-specific argument.
waitingRoombooleanno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.

zoom.update_meeting

Patch allowlisted Zoom meeting fields through a dry-run-first side-effect plan.

Contract fieldValue
Side-effect levelL3 - User-visible or business-system write.
Policy actionwrite:calendar
Approval required by defaultyes
Idempotencysupported via idempotencyKey
Cache0s / none / live
Replaycan replay / dry_run
Shadowsuppressed, dry-run
RedactionPII: topic, agenda; Secrets: none declared

Input contract:

FieldTypeRequiredBounds / enumNotes
meetingIdstringyesmin length 1Connector-specific argument.
agendastringnomax length 2000Connector-specific argument.
dryRunbooleanno-When true or omitted for writes, return a side-effect plan without executing the vendor write.
durationMinutesintegernomin 1; max 1440Connector-specific argument.
idempotencyKeystringnomax length 255Stable caller-provided key used to dedupe write execution.
joinBeforeHostbooleanno-Connector-specific argument.
startTimestringno-ISO 8601 start datetime.
timezonestringnomax length 100Connector-specific argument.
topicstringnomin length 1; max length 300Connector-specific argument.
waitingRoombooleanno-Connector-specific argument.

Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.