Managed SaaS Connectors
Punk's managed connectors are installable, first-party MCP servers for common SaaS systems. This page is generated from the manifest-backed catalog in apps/connectors/src/connectors/*/manifest.json and reflects what GET /api/v1/connectors/catalog exposes.
Connector vs. Tool
A connector is one installable integration, such as Slack or GitHub. A governed tool is one action exposed by that connector, such as slack.post_message or github.search_issues. Each tool carries governance metadata: side-effect level, action label, cache posture, replay mode, shadow behavior, idempotency posture, redaction metadata, and whether approval is required by default.
Availability Summary
- Manifest-backed catalog: 47 managed connectors.
- Governed tools: 464 tools.
- Side-effect levels: L0=10, L1=296, L2=14, L3=99, L4=45.
- High-impact tools requiring approval by default: 45.
- Registry-only IDs not exposed by the catalog yet:
webhook,observability. They appear in the static connector registry but have no manifest directory, so they are not installable through the managed connector catalog today.
How Humans Should Use This Page
- Pick the connector from the catalog table and confirm its categories, data classes, auth mode, and vendor docs.
- Review the connector's auth requirements and least-privilege scopes before installing it.
- Inspect each tool's side-effect level, approval default, idempotency requirement, replay mode, and shadow behavior before enabling writes.
- Use fixture selfchecks and dry-run write calls before turning on live writes for a tenant.
How Agents Should Use This Page
- Prefer L0/L1 read tools for context gathering and respect cache scope.
tenantcache scope is shared tenant metadata;subjectscope is user or subject-specific context. - Treat L2/L3/L4 tools as side-effecting. Keep
dryRuntrue unless the user explicitly authorized execution and policy permits it. - For tools with idempotency support, always provide a stable
idempotencyKeybefore execution. - For L4 tools, provide approval metadata and expect replay/shadow suppression. Never infer approval from conversational context alone.
- Do not request raw body/transcript/content expansions unless required for the task and allowed by policy.
- Use the
/api/v1/connectors/catalogendpoint or manifest files as the machine-readable source of truth when building tool selectors.
Governance Semantics
| Level | Meaning | Default handling |
|---|---|---|
| L0 | Local or planning-only; no external side effect. | Replayable and cacheable when useful. |
| L1 | Read-only external access. | May be cached by subject or tenant scope; safe for recorded replay unless the manifest says otherwise. |
| L2 | Draft, reversible, or low-impact write. | Dry-run capable, uncached, and suppressed in shadow/replay. |
| L3 | User-visible or business-system write. | Dry-run first, uncached, idempotency expected, and suppressed in shadow/replay. |
| L4 | High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. | Approval required by default, uncached, replay mode never, and shadow side effects suppressed. |
Catalog
| Connector | ID | Tools | Auth modes | Categories | Data classes | Details |
|---|---|---|---|---|---|---|
| Airtable | airtable | 10 | Bearer token | project_management | metadata, pii, comments | details |
| Asana | asana | 12 | Bearer token | project_management, productivity | tasks, comments, files, pii, metadata | details |
| Atlassian Jira and Confluence | atlassian | 9 | OAuth 2.0, Basic/API token | engineering, productivity | metadata, pii, tickets, documents | details |
| AWS Operations | aws-ops | 12 | API token | cloud, infrastructure, observability, security | cloud, infrastructure, logs, telemetry, costs, identity, audit, metadata | details |
| BigQuery | bigquery | 10 | OAuth 2.0 | data, database, analytics | warehouse, database, schema, analytics, pii, metadata | details |
| Box | box | 10 | Bearer token | content, productivity | documents, files, comments, pii, metadata | details |
| Calendly | calendly | 10 | Bearer token | productivity | calendar, scheduling, pii, metadata | details |
| Chargebee | chargebee | 7 | API token | billing | pii, billing, payments | details |
| Datadog | datadog | 9 | API token | observability, incident | observability, telemetry, metadata, pii | details |
| DocuSign | docusign | 10 | OAuth 2.0 | legal, productivity | contracts, signatures, documents, pii, audit, metadata | details |
| Dropbox | dropbox | 12 | Bearer token | content, productivity | documents, files, comments, pii, metadata | details |
| Figma | figma | 10 | Bearer token | design, productivity | design, files, comments, pii, metadata | details |
| GitHub | github | 10 | Bearer token, API token | engineering | metadata, source_code, tickets, pii | details |
| GitLab | gitlab | 12 | API token | engineering | metadata, source_code, tickets, pii | details |
| Gong | gong | 10 | Basic/API token | sales, crm, communications | sales, recordings, communications, pii, metadata | details |
| Google Workspace | google-workspace | 15 | OAuth 2.0 | productivity, support | email, documents, calendar, pii, metadata | details |
| Greenhouse | greenhouse | 10 | OAuth 2.0 | recruiting, hr | recruiting, hr, pii, comments, audit, metadata | details |
| HubSpot | hubspot | 9 | OAuth 2.0, API token | crm, support | crm, pii, tickets, billing | details |
| Intercom | intercom | 9 | Bearer token, OAuth 2.0 | support, crm | metadata, pii, email, chat, crm | details |
| Kubernetes | kubernetes | 12 | Bearer token | infrastructure, cloud, observability | kubernetes, infrastructure, logs, telemetry, metadata, secrets | details |
| Lightfield | lightfield | 6 | API token | crm, support | crm, pii, tickets, billing, calendar, metadata, identity | details |
| Linear | linear | 7 | OAuth 2.0, API token | engineering | tickets, metadata, pii | details |
| Mailchimp | mailchimp | 11 | API token | marketing, communications | marketing, email, pii, metadata | details |
| Microsoft 365 | microsoft-365 | 14 | OAuth 2.0 | productivity, support, identity | metadata, identity, pii, email, chat, documents, calendar | details |
| Microsoft Dynamics / Dataverse | dynamics | 11 | OAuth 2.0 | crm, sales, support | crm, sales, tickets, comments, pii, metadata | details |
| Miro | miro | 10 | Bearer token | design, productivity | whiteboard, comments, files, pii, metadata | details |
| monday.com | monday | 13 | API token | project_management, productivity | tasks, comments, files, pii, metadata | details |
| NetSuite | netsuite | 11 | OAuth 2.0 | accounting, commerce, crm | erp, accounting, inventory, payments, billing, pii, metadata | details |
| Notion | notion | 8 | Bearer token, OAuth 2.0 | productivity | metadata, pii, documents | details |
| Okta | okta | 10 | API token | identity, security | identity, pii, audit, metadata | details |
| Outreach | outreach | 11 | OAuth 2.0 | sales, crm, communications | sales, communications, crm, email, pii, metadata | details |
| PagerDuty | pagerduty | 8 | API token | incident, observability | metadata, pii, audit, identity | details |
| Postgres / Neon | postgres | 12 | Bearer token | database, data, engineering | database, schema, pii, metadata | details |
| QuickBooks Online | quickbooks | 10 | OAuth 2.0 | accounting, billing | metadata, pii, accounting, billing, payments, inventory | details |
| Salesforce | salesforce | 6 | OAuth 2.0, Bearer token | crm, support | crm, pii, tickets, billing | details |
| Segment | segment | 10 | Bearer token | marketing, data, analytics | analytics, events, marketing, warehouse, pii, metadata | details |
| Sentry | sentry | 8 | Bearer token, API token | engineering, observability | observability, source_code, metadata, pii | details |
| ServiceNow | servicenow | 9 | OAuth 2.0, Basic/API token | incident, support | tickets, pii, metadata, audit | details |
| Shopify | shopify | 12 | API token | commerce, billing | commerce, inventory, payments, pii, metadata | details |
| Slack | slack | 7 | Bearer token | productivity, support, engineering | chat, pii, metadata | details |
| Snowflake | snowflake | 8 | Bearer token | data | warehouse, pii, metadata, audit | details |
| Stripe Customer-Agent Connector | stripe | 9 | API token | billing | pii, billing, payments | details |
| Twilio | twilio | 10 | Basic/API token | communications, support | communications, pii, metadata | details |
| Vanta | vanta | 10 | API token | compliance, security | compliance, audit, documents, pii, metadata | details |
| Workday | workday | 10 | OAuth 2.0 | hr, recruiting, identity | hr, recruiting, identity, pii, audit, metadata | details |
| Zendesk | zendesk | 7 | OAuth 2.0, API token | support | tickets, pii | details |
| Zoom | zoom | 8 | OAuth 2.0 | productivity, communications | calendar, recordings, pii, documents, metadata, identity | details |
Runtime And Installation
Managed connector install uses the existing MCP runtime rather than a separate execution path. Installing a connector creates an encrypted credential, registers a stdio MCP server, injects field-qualified secret refs such as cred:<id>#access_token, and starts apps/connectors/src/index.ts <connector-id> in live mode. Fixture mode exists for deterministic demos and tests and must be explicitly selected. Missing live credentials fail closed instead of returning fixture data.
| Endpoint | Purpose |
|---|---|
GET /api/v1/connectors/catalog | List manifest-backed managed connectors with auth requirements, data classes, and tool metadata. |
GET /api/v1/connectors/installations | List installed managed connectors for the tenant. |
POST /api/v1/connectors/install | Store or reuse a credential and register the connector MCP server. |
DELETE /api/v1/connectors/installations/:id | Uninstall the managed connector MCP server registration. |
Install request shape:
{
"connectorId": "slack",
"name": "Slack managed connector",
"secret": {
"accessToken": "xoxb-..."
}
}
You can provide credentialId instead of secret to reuse a stored credential for the same connector provider. Install rejects attempts to override Punk-managed live-mode metadata.
Complete Connector Reference
Airtable (airtable)
Airtable connector for bases, tables, records, comments, and governed batch record updates.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | project_management |
| Data classes | metadata, pii, comments |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts airtable |
| Fixture selfcheck | bun run apps/connectors/src/index.ts airtable --fixture --selfcheck |
| Punk docs | https://docs.punk.local/connectors/airtable |
| Vendor docs | https://airtable.com/developers/web/api/introduction |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | Airtable personal access token | access_token | PUNK_AIRTABLE_ACCESS_TOKEN | schema.bases:read, data.records:read | data.records:write | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
schema.bases:read | required | metadata |
data.records:read | required | metadata, pii, comments |
data.records:write | optional | metadata, pii, comments |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
airtable.list_bases | L1 | read:tasks | no | not declared | 3600s / tenant / slow | recorded | no suppression needed | none | List Airtable bases visible to the credential. |
airtable.list_tables | L1 | read:tasks | no | not declared | 3600s / tenant / slow | recorded | no suppression needed | baseId | List tables and fields in an Airtable base. |
airtable.list_records | L1 | read:tasks | no | not declared | 60s / tenant / live | recorded | no suppression needed | baseId, tableIdOrName | List records from an Airtable table with optional view, fields, and text filtering. |
airtable.get_record | L1 | read:tasks | no | not declared | 120s / tenant / live | recorded | no suppression needed | baseId, recordId, tableIdOrName | Fetch one Airtable record by id. |
airtable.list_comments | L1 | read:comments | no | not declared | 60s / tenant / live | recorded | no suppression needed | baseId, recordId, tableIdOrName | List Airtable record comments. |
airtable.create_record | L3 | write:tasks | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | baseId, fields, tableIdOrName | Create one Airtable record. Dry-run is the default. |
airtable.update_record | L3 | write:tasks | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | baseId, fields, recordId, tableIdOrName | Update one Airtable record. Dry-run is the default. |
airtable.batch_update_records | L4 | write:tasks | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | baseId, records, tableIdOrName | Update multiple Airtable records. Live execution requires explicit approval and idempotency. |
airtable.comment_record | L3 | write:comments | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | baseId, recordId, tableIdOrName, text | Add a comment to an Airtable record. Dry-run is the default. |
airtable.delete_record | L4 | destroy:tasks | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | baseId, recordId, tableIdOrName | Delete one Airtable record. Live execution requires explicit approval and idempotency. |
Tool details:
airtable.list_bases
List Airtable bases visible to the credential.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 3600s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
airtable.list_tables
List tables and fields in an Airtable base.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 3600s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
baseId | string | yes | min length 1 | Connector-specific argument. |
includeFields | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
airtable.list_records
List records from an Airtable table with optional view, fields, and text filtering.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: records[].fields; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
baseId | string | yes | min length 1 | Connector-specific argument. |
tableIdOrName | string | yes | min length 1 | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
fields | array | no | - | Connector-specific argument. |
filterByFormula | string | no | max length 5000 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
view | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
airtable.get_record
Fetch one Airtable record by id.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: record.fields; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
baseId | string | yes | min length 1 | Connector-specific argument. |
recordId | string | yes | min length 1 | Connector-specific argument. |
tableIdOrName | string | yes | min length 1 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
airtable.list_comments
List Airtable record comments.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:comments |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: comments[].text, comments[].authorName; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
baseId | string | yes | min length 1 | Connector-specific argument. |
recordId | string | yes | min length 1 | Connector-specific argument. |
tableIdOrName | string | yes | min length 1 | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
airtable.create_record
Create one Airtable record. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:tasks |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: fields; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
baseId | string | yes | min length 1 | Connector-specific argument. |
fields | object | yes | - | Connector-specific argument. |
tableIdOrName | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
typecast | boolean | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
airtable.update_record
Update one Airtable record. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:tasks |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: fields; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
baseId | string | yes | min length 1 | Connector-specific argument. |
fields | object | yes | - | Connector-specific argument. |
recordId | string | yes | min length 1 | Connector-specific argument. |
tableIdOrName | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
typecast | boolean | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
airtable.batch_update_records
Update multiple Airtable records. Live execution requires explicit approval and idempotency.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:tasks |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: records[].fields; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
baseId | string | yes | min length 1 | Connector-specific argument. |
records | array | yes | - | Connector-specific argument. |
tableIdOrName | string | yes | min length 1 | Connector-specific argument. |
approvalId | string | no | max length 128 | Connector-specific argument. |
approvedBy | string | no | max length 256 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
typecast | boolean | no | - | Connector-specific argument. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
airtable.comment_record
Add a comment to an Airtable record. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:comments |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: text; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
baseId | string | yes | min length 1 | Connector-specific argument. |
recordId | string | yes | min length 1 | Connector-specific argument. |
tableIdOrName | string | yes | min length 1 | Connector-specific argument. |
text | string | yes | min length 1; max length 20000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
airtable.delete_record
Delete one Airtable record. Live execution requires explicit approval and idempotency.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | destroy:tasks |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
baseId | string | yes | min length 1 | Connector-specific argument. |
recordId | string | yes | min length 1 | Connector-specific argument. |
tableIdOrName | string | yes | min length 1 | Connector-specific argument. |
approvalId | string | no | max length 128 | Connector-specific argument. |
approvedBy | string | no | max length 256 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
tableId | string | no | min length 1 | Connector-specific argument. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Asana (asana)
Governed Asana connector for project, task, comment, user, and attachment workflows with safe write planning.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | project_management, productivity |
| Data classes | tasks, comments, files, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts asana |
| Fixture selfcheck | bun run apps/connectors/src/index.ts asana --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/asana |
| Vendor docs | https://developers.asana.com/reference/rest-api-reference |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | Personal access token or OAuth access token | accessToken | ASANA_ACCESS_TOKEN | default, tasks:read, tasks:write | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
default | required | tasks, comments, files |
tasks:read | required | tasks, comments, files |
tasks:write | required | tasks, comments, files |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
asana.search_tasks | L1 | read:tasks | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Search Asana tasks with bounded pagination. |
asana.get_task | L1 | read:tasks | no | not declared | 300s / subject / slow | recorded | no suppression needed | taskId | Read a single Asana task by gid. |
asana.list_projects | L1 | read:tasks | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List visible Asana projects. |
asana.get_project | L1 | read:tasks | no | not declared | 300s / subject / slow | recorded | no suppression needed | projectId | Read an Asana project by gid. |
asana.list_project_tasks | L1 | read:tasks | no | not declared | 300s / subject / slow | recorded | no suppression needed | projectId | List tasks in a project. |
asana.list_users | L1 | read:tasks | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List Asana workspace users. |
asana.list_attachments | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | taskId | List attachments on a task. |
asana.list_comments | L1 | read:comments | no | not declared | 300s / subject / slow | recorded | no suppression needed | taskId | List comment stories on an Asana task. |
asana.add_comment | L3 | write:comments | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | taskId, text | Plan or create an Asana task comment. |
asana.attach_file | L4 | write:files | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | fileName, taskId | Plan or attach a file reference to an Asana task. Live execution requires approval and idempotency. |
asana.create_task | L3 | write:tasks | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | name | Plan or create an Asana task. |
asana.update_task | L3 | write:tasks | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | taskId | Plan or update task fields. |
Tool details:
asana.search_tasks
Search Asana tasks with bounded pagination.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
asana.get_task
Read a single Asana task by gid.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
taskId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
asana.list_projects
List visible Asana projects.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
asana.get_project
Read an Asana project by gid.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
projectId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
asana.list_project_tasks
List tasks in a project.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
projectId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
asana.list_users
List Asana workspace users.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
asana.list_attachments
List attachments on a task.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
taskId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
asana.list_comments
List comment stories on an Asana task.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:comments |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: text, createdBy; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
taskId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
asana.add_comment
Plan or create an Asana task comment.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:comments |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: text; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
taskId | string | yes | - | Connector-specific argument. |
text | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
asana.attach_file
Plan or attach a file reference to an Asana task. Live execution requires approval and idempotency.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:files |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: fileName; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl, fileUrl, contentBase64 |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileName | string | yes | - | Connector-specific argument. |
taskId | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
contentBase64 | string | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
fileUrl | string | no | - | Connector-specific argument. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
asana.create_task
Plan or create an Asana task.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:tasks |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: notes, assignee; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
name | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
asana.update_task
Plan or update task fields.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:tasks |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
taskId | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
Atlassian Jira and Confluence (atlassian)
Managed Atlassian Cloud connector for governed Jira issue operations and Confluence knowledge workflows.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | engineering, productivity |
| Data classes | metadata, pii, tickets, documents |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts atlassian |
| Fixture selfcheck | bun run apps/connectors/src/index.ts atlassian --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/atlassian |
| Vendor docs | https://developer.atlassian.com/cloud/jira/platform/rest/v3/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | Atlassian OAuth access token | accessToken, cloudId | PUNK_ATLASSIAN_ACCESS_TOKEN, PUNK_ATLASSIAN_CLOUD_ID | read:jira-work, read:confluence-content.all | write:jira-work, write:confluence-content | yes |
| Basic/API token | Atlassian email plus API token | email, apiToken, siteUrl | PUNK_ATLASSIAN_EMAIL, PUNK_ATLASSIAN_API_TOKEN, PUNK_ATLASSIAN_SITE_URL | - | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
read:jira-work | required | tickets, pii |
write:jira-work | optional | tickets, pii |
read:confluence-content.all | required | documents, pii |
write:confluence-content | optional | documents, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
atlassian.jira_search_issues | L1 | read:ticket | no | not declared | 30s / subject / live | recorded | no suppression needed | jql | Search Jira Cloud issues with JQL using the REST v3 enhanced JQL search endpoint. |
atlassian.jira_get_issue | L1 | read:ticket | no | not declared | 60s / subject / live | recorded | no suppression needed | issueIdOrKey | Get a Jira Cloud issue by id or key with bounded normalized fields and optional raw payload. |
atlassian.jira_create_issue | L3 | write:ticket | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | issueTypeName, projectKey, summary | Create a Jira Cloud issue. Description text is converted to Atlassian Document Format; writes default to dry-run. |
atlassian.jira_comment_issue | L3 | write:ticket | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | body, issueIdOrKey | Add a Jira Cloud issue comment using Atlassian Document Format. Writes default to dry-run. |
atlassian.jira_update_issue | L3 | write:ticket | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | fields, issueIdOrKey | Update allowlisted Jira Cloud issue fields. Arbitrary transition and workflow operations are intentionally out of scope. |
atlassian.confluence_search | L1 | read:document | no | not declared | 60s / subject / live | recorded | no suppression needed | none | Search Confluence Cloud content with CQL through the official REST search endpoint. |
atlassian.confluence_get_page | L1 | read:document | no | not declared | 120s / subject / slow | recorded | no suppression needed | pageId | Get a Confluence Cloud page by id with selected body representation and optional footer comments. |
atlassian.confluence_create_page | L3 | write:document | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | body, spaceId, title | Create a Confluence Cloud page with storage or Atlassian document body. Writes default to dry-run. |
atlassian.confluence_comment_page | L3 | write:document | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | body, pageId | Create a Confluence Cloud footer comment on a page. Writes default to dry-run. |
Tool details:
atlassian.jira_search_issues
Search Jira Cloud issues with JQL using the REST v3 enhanced JQL search endpoint.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:ticket |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: issues.assignee, issues.reporter; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
jql | string | yes | max length 20000 | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
fields | array | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
atlassian.jira_get_issue
Get a Jira Cloud issue by id or key with bounded normalized fields and optional raw payload.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:ticket |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: issue.assignee, issue.reporter, issue.description; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
issueIdOrKey | string | yes | - | Connector-specific argument. |
expand | array | no | - | Connector-specific argument. |
fields | array | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
atlassian.jira_create_issue
Create a Jira Cloud issue. Description text is converted to Atlassian Document Format; writes default to dry-run.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: description, fields; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
issueTypeName | string | yes | - | Connector-specific argument. |
projectKey | string | yes | - | Connector-specific argument. |
summary | string | yes | max length 255 | Connector-specific argument. |
description | string | no | max length 32767 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
fields | object | no | - | Connector-specific argument. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
atlassian.jira_comment_issue
Add a Jira Cloud issue comment using Atlassian Document Format. Writes default to dry-run.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | max length 32767 | Connector-specific argument. |
issueIdOrKey | string | yes | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
visibility | object | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
atlassian.jira_update_issue
Update allowlisted Jira Cloud issue fields. Arbitrary transition and workflow operations are intentionally out of scope.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: fields.description; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fields | object | yes | - | Connector-specific argument. |
issueIdOrKey | string | yes | - | Connector-specific argument. |
allowCustomFields | boolean | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
atlassian.confluence_search
Search Confluence Cloud content with CQL through the official REST search endpoint.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:document |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: results.excerpt; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cql | string | no | max length 20000 | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
spaceKey | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
atlassian.confluence_get_page
Get a Confluence Cloud page by id with selected body representation and optional footer comments.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:document |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: page.body, comments.body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
pageId | string | yes | - | Connector-specific argument. |
bodyFormat | string | no | one of storage, atlas_doc_format | Connector-specific argument. |
commentLimit | integer | no | min 1; max 50 | Connector-specific argument. |
includeComments | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
atlassian.confluence_create_page
Create a Confluence Cloud page with storage or Atlassian document body. Writes default to dry-run.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:document |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | max length 100000 | Connector-specific argument. |
spaceId | string | yes | - | Connector-specific argument. |
title | string | yes | max length 255 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
parentId | string | no | - | Connector-specific argument. |
representation | string | no | one of storage, atlas_doc_format | Connector-specific argument. |
status | string | no | one of current, draft | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
atlassian.confluence_comment_page
Create a Confluence Cloud footer comment on a page. Writes default to dry-run.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:document |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | max length 100000 | Connector-specific argument. |
pageId | string | yes | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
representation | string | no | one of storage, atlas_doc_format | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
AWS Operations (aws-ops)
Governed AWS operations connector for CloudWatch, Cost Explorer, resource inventory, IAM context, dry-run changes, and approval-gated remediation.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | cloud, infrastructure, observability, security |
| Data classes | cloud, infrastructure, logs, telemetry, costs, identity, audit, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts aws-ops |
| Fixture selfcheck | bun run apps/connectors/src/index.ts aws-ops --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/aws-ops |
| Vendor docs | https://docs.aws.amazon.com/cloudwatch/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| API token | Scoped AWS access token or assumed-role broker token | accessToken | AWS_OPS_ACCESS_TOKEN | cloudwatch:read, ce:read, iam:read | ops:write | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
cloudwatch:read | required | logs, telemetry |
ce:read | required | costs |
iam:read | required | identity, audit |
ops:write | optional | cloud, infrastructure |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
aws.search_resources | L1 | read:cloud | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | Search AWS resources from inventory. |
aws.get_resource | L1 | read:cloud | no | not declared | 300s / subject / slow | recorded | no suppression needed | resourceId | Read one AWS resource inventory record. |
aws.query_cloudwatch_metrics | L1 | read:cloud | no | not declared | 60s / subject / live | recorded | no suppression needed | none | Query bounded CloudWatch metrics. |
aws.search_cloudwatch_logs | L1 | read:cloud | no | not declared | 30s / subject / live | recorded | no suppression needed | logGroup | Search CloudWatch logs with bounded time and result windows. |
aws.list_alarms | L1 | read:cloud | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List CloudWatch alarms. |
aws.get_alarm | L1 | read:cloud | no | not declared | 300s / subject / slow | recorded | no suppression needed | alarmName | Read one CloudWatch alarm. |
aws.query_costs | L1 | read:cloud | no | not declared | 3600s / subject / slow | recorded | no suppression needed | endDate, startDate | Read AWS Cost Explorer summaries. |
aws.list_iam_principals | L1 | read:cloud | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List bounded IAM principals. |
aws.get_iam_policy | L1 | read:cloud | no | not declared | 300s / subject / slow | recorded | no suppression needed | policyId | Read one IAM policy summary. |
aws.plan_alarm_update | L2 | write:cloud | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | alarmName | Plan a CloudWatch alarm change without applying it. |
aws.apply_tags | L3 | write:cloud | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | resourceId | Apply AWS resource tags when live writes are enabled. |
aws.remediate_resource | L4 | write:cloud | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | idempotencyKey, resourceId | Run an approval-gated remediation action against an AWS resource. |
Tool details:
aws.search_resources
Search AWS resources from inventory.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:cloud |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
aws.get_resource
Read one AWS resource inventory record.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:cloud |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
resourceId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
aws.query_cloudwatch_metrics
Query bounded CloudWatch metrics.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:cloud |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
aws.search_cloudwatch_logs
Search CloudWatch logs with bounded time and result windows.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:cloud |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
logGroup | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
aws.list_alarms
List CloudWatch alarms.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:cloud |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
aws.get_alarm
Read one CloudWatch alarm.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:cloud |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
alarmName | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
aws.query_costs
Read AWS Cost Explorer summaries.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:cloud |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 3600s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
endDate | string | number | boolean | object | array | yes | - | Connector-specific argument. |
startDate | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
aws.list_iam_principals
List bounded IAM principals.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:cloud |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
aws.get_iam_policy
Read one IAM policy summary.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:cloud |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
policyId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
aws.plan_alarm_update
Plan a CloudWatch alarm change without applying it.
| Contract field | Value |
|---|---|
| Side-effect level | L2 - Draft, reversible, or low-impact write. |
| Policy action | write:cloud |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
alarmName | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.
aws.apply_tags
Apply AWS resource tags when live writes are enabled.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:cloud |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
resourceId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
aws.remediate_resource
Run an approval-gated remediation action against an AWS resource.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:cloud |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
resourceId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
BigQuery (bigquery)
Governed BigQuery connector for datasets, tables, jobs, bounded query execution, dry-run estimates, and approval-gated warehouse operations.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | data, database, analytics |
| Data classes | warehouse, database, schema, analytics, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts bigquery |
| Fixture selfcheck | bun run apps/connectors/src/index.ts bigquery --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/bigquery |
| Vendor docs | https://docs.cloud.google.com/bigquery/docs/reference/rest |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | Google OAuth access token | accessToken | BIGQUERY_ACCESS_TOKEN | https://www.googleapis.com/auth/bigquery.readonly | https://www.googleapis.com/auth/bigquery | yes |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
https://www.googleapis.com/auth/bigquery.readonly | required | warehouse, schema |
https://www.googleapis.com/auth/bigquery | optional | warehouse |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
bigquery.list_projects | L1 | read:data | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List BigQuery projects. |
bigquery.list_datasets | L1 | read:data | no | not declared | 300s / tenant / slow | recorded | no suppression needed | projectId | List datasets in a project. |
bigquery.list_tables | L1 | read:data | no | not declared | 300s / tenant / slow | recorded | no suppression needed | datasetId, projectId | List tables in a dataset. |
bigquery.describe_table | L1 | read:data | no | not declared | 300s / subject / slow | recorded | no suppression needed | datasetId, projectId, tableId | Read BigQuery table metadata. |
bigquery.get_table_schema | L1 | read:data | no | not declared | 300s / tenant / slow | recorded | no suppression needed | datasetId, projectId, tableId | Read normalized BigQuery table schema fields. |
bigquery.dry_run_query | L0 | read:data | no | not declared | 1800s / subject / slow | recorded | no suppression needed | projectId, sql | Validate read-only SQL and return an estimated execution plan. |
bigquery.execute_query | L1 | read:data | no | not declared | 300s / subject / slow | recorded | no suppression needed | projectId, sql | Execute bounded read-only BigQuery SQL. |
bigquery.list_jobs | L1 | read:data | no | not declared | 300s / subject / slow | recorded | no suppression needed | projectId | List recent BigQuery jobs. |
bigquery.get_job | L1 | read:data | no | not declared | 300s / subject / slow | recorded | no suppression needed | jobId, projectId | Read a BigQuery job by id. |
bigquery.cancel_job | L4 | write:data | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | idempotencyKey, jobId, projectId | Cancel a BigQuery job after approval. |
Tool details:
bigquery.list_projects
List BigQuery projects.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
bigquery.list_datasets
List datasets in a project.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
bigquery.list_tables
List tables in a dataset.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
datasetId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
bigquery.describe_table
Read BigQuery table metadata.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
datasetId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
tableId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
bigquery.get_table_schema
Read normalized BigQuery table schema fields.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
datasetId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
tableId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
bigquery.dry_run_query
Validate read-only SQL and return an estimated execution plan.
| Contract field | Value |
|---|---|
| Side-effect level | L0 - Local or planning-only; no external side effect. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 1800s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
sql | string | yes | - | SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
maxBytes | integer | no | min 1; max 1048576 | Maximum response bytes for content-like reads. |
query | string | no | - | Search string or filter expression accepted by the connector. |
timeoutSeconds | integer | no | min 1; max 60 | Maximum upstream execution window. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
bigquery.execute_query
Execute bounded read-only BigQuery SQL.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
sql | string | yes | - | SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
maxBytes | integer | no | min 1; max 1048576 | Maximum response bytes for content-like reads. |
query | string | no | - | Search string or filter expression accepted by the connector. |
timeoutSeconds | integer | no | min 1; max 60 | Maximum upstream execution window. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
bigquery.list_jobs
List recent BigQuery jobs.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
bigquery.get_job
Read a BigQuery job by id.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
jobId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
bigquery.cancel_job
Cancel a BigQuery job after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:data |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
jobId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Box (box)
Governed Box connector for enterprise content search, metadata, comments, collaborations, and safe sharing actions.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | content, productivity |
| Data classes | documents, files, comments, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts box |
| Fixture selfcheck | bun run apps/connectors/src/index.ts box --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/box |
| Vendor docs | https://developer.box.com/reference |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | OAuth access token or developer token | accessToken | BOX_ACCESS_TOKEN | root_readwrite | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
root_readwrite | required | documents, files, comments |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
box.search_files | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Search Box files and folders. |
box.list_folder_items | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | folderId | List Box folder items. |
box.get_file_metadata | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | fileId | Read Box file metadata. |
box.get_folder_metadata | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | folderId | Read Box folder metadata. |
box.get_file_text | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | fileId | Read bounded text content from a Box file fixture or representation. |
box.list_comments | L1 | read:comments | no | not declared | 300s / subject / slow | recorded | no suppression needed | fileId | List comments on Box files. |
box.list_collaborations | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | folderId | List Box collaborations. |
box.create_shared_link | L3 | write:documents | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | fileId | Plan or create a Box shared link. |
box.create_folder | L3 | write:documents | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | name, parentId | Plan or create a Box folder. |
box.upload_file_draft | L2 | write:documents | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | name, parentId | Prepare a bounded Box upload plan. |
Tool details:
box.search_files
Search Box files and folders.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
box.list_folder_items
List Box folder items.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
folderId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
box.get_file_metadata
Read Box file metadata.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
box.get_folder_metadata
Read Box folder metadata.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
folderId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
box.get_file_text
Read bounded text content from a Box file fixture or representation.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileId | string | yes | - | Connector-specific argument. |
allowBinary | boolean | no | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
maxBytes | integer | no | min 1; max 65536 | Maximum response bytes for content-like reads. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
box.list_comments
List comments on Box files.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:comments |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: message; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
box.list_collaborations
List Box collaborations.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: accessibleBy; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
folderId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
box.create_shared_link
Plan or create a Box shared link.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:documents |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileId | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
box.create_folder
Plan or create a Box folder.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:documents |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
name | string | yes | - | Connector-specific argument. |
parentId | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
box.upload_file_draft
Prepare a bounded Box upload plan.
| Contract field | Value |
|---|---|
| Side-effect level | L2 - Draft, reversible, or low-impact write. |
| Policy action | write:documents |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
name | string | yes | - | Connector-specific argument. |
parentId | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.
Calendly (calendly)
Governed Calendly connector for event types, scheduled events, invitees, availability, users, organization membership, and safe scheduling changes.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | productivity |
| Data classes | calendar, scheduling, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts calendly |
| Fixture selfcheck | bun run apps/connectors/src/index.ts calendly --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/calendly |
| Vendor docs | https://developer.calendly.com/api-docs |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | Calendly OAuth or personal access token | accessToken | CALENDLY_ACCESS_TOKEN | default | scheduled_events:write | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
default | required | calendar, scheduling |
scheduled_events:write | optional | scheduling |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
calendly.list_event_types | L1 | read:scheduling | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Calendly event types. |
calendly.list_scheduled_events | L1 | read:scheduling | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List scheduled events. |
calendly.get_scheduled_event | L1 | read:scheduling | no | not declared | 300s / subject / slow | recorded | no suppression needed | eventId | Read one scheduled event. |
calendly.list_invitees | L1 | read:scheduling | no | not declared | 300s / subject / slow | recorded | no suppression needed | eventId | List invitees for an event. |
calendly.get_availability | L1 | read:scheduling | no | not declared | 120s / subject / slow | recorded | no suppression needed | userId | Read user availability. |
calendly.list_users | L1 | read:scheduling | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Calendly users. |
calendly.list_organization_members | L1 | read:scheduling | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Calendly organization members. |
calendly.create_scheduling_link | L2 | write:scheduling | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | eventType | Create a single-use scheduling link or dry-run plan. |
calendly.update_event_type | L3 | write:scheduling | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | eventTypeId | Update an event type. |
calendly.cancel_event | L4 | write:scheduling | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | eventId, idempotencyKey, reason | Cancel a scheduled event after approval. |
Tool details:
calendly.list_event_types
List Calendly event types.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:scheduling |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
calendly.list_scheduled_events
List scheduled events.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:scheduling |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
calendly.get_scheduled_event
Read one scheduled event.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:scheduling |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
eventId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
calendly.list_invitees
List invitees for an event.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:scheduling |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
eventId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
calendly.get_availability
Read user availability.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:scheduling |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
userId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
calendly.list_users
List Calendly users.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:scheduling |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
calendly.list_organization_members
List Calendly organization members.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:scheduling |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
calendly.create_scheduling_link
Create a single-use scheduling link or dry-run plan.
| Contract field | Value |
|---|---|
| Side-effect level | L2 - Draft, reversible, or low-impact write. |
| Policy action | write:scheduling |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
eventType | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.
calendly.update_event_type
Update an event type.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:scheduling |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
eventTypeId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
calendly.cancel_event
Cancel a scheduled event after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:scheduling |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
eventId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
reason | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Chargebee (chargebee)
Chargebee subscription billing support connector with fixture mode, safe level 4 planning, and real Chargebee API live paths.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | billing |
| Data classes | pii, billing, payments |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts chargebee |
| Fixture selfcheck | bun run apps/connectors/src/index.ts chargebee --fixture --selfcheck |
| Punk docs | https://docs.punk.local/connectors/chargebee |
| Vendor docs | https://apidocs.chargebee.com/docs/api |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| API token | Chargebee site and API key | site, api_key | PUNK_CHARGEBEE_SITE, PUNK_CHARGEBEE_API_KEY | - | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
| - | - | - |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
chargebee.search_customers | L1 | read:billing | no | not declared | 120s / subject / live | recorded | suppressed | none | Search or list Chargebee customers by query, email, or customer id prefix. |
chargebee.get_customer | L1 | read:billing | no | not declared | 300s / subject / slow | recorded | suppressed | customerId | Retrieve a Chargebee customer by id. |
chargebee.list_subscriptions | L1 | read:billing | no | not declared | 120s / subject / live | recorded | suppressed | none | List Chargebee subscriptions with optional customer and status filters. |
chargebee.get_subscription | L1 | read:billing | no | not declared | 300s / subject / slow | recorded | suppressed | subscriptionId | Retrieve a Chargebee subscription by id. |
chargebee.list_invoices | L1 | read:billing | no | not declared | 120s / subject / live | recorded | suppressed | none | List Chargebee invoices by customer, subscription, or status. |
chargebee.cancel_subscription | L4 | write:payment | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | subscriptionId | Cancel a Chargebee subscription only after a dry-run plan, approval metadata, and idempotency key. |
chargebee.issue_credit_note | L4 | write:payment | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | amountCents, customerId, invoiceId | Issue a Chargebee credit note only after a dry-run plan, approval metadata, amount cap check, and idempotency key. |
Tool details:
chargebee.search_customers
Search or list Chargebee customers by query, email, or customer id prefix.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:billing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / live |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: email, customer.email, customers[].email; Secrets: apiKey, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | max length 500 | Opaque pagination cursor returned by a previous call. |
customerId | string | no | max length 128 | Connector-specific argument. |
email | string | no | max length 320 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
chargebee.get_customer
Retrieve a Chargebee customer by id.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:billing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: customer.email, customer.name; Secrets: apiKey, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
customerId | string | yes | min length 1; max length 128 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
chargebee.list_subscriptions
List Chargebee subscriptions with optional customer and status filters.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:billing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / live |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: customerId, subscriptions[].customerId; Secrets: apiKey, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | max length 500 | Opaque pagination cursor returned by a previous call. |
customerId | string | no | max length 128 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
status | string | no | one of future, in_trial, active, non_renewing, paused, cancelled | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
chargebee.get_subscription
Retrieve a Chargebee subscription by id.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:billing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: customerId; Secrets: apiKey, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
subscriptionId | string | yes | min length 1; max length 128 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
chargebee.list_invoices
List Chargebee invoices by customer, subscription, or status.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:billing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / live |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: customerId, invoices[].customerId; Secrets: apiKey, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | max length 500 | Opaque pagination cursor returned by a previous call. |
customerId | string | no | max length 128 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
status | string | no | one of paid, posted, payment_due, not_paid, voided, pending | Connector-specific argument. |
subscriptionId | string | no | max length 128 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
chargebee.cancel_subscription
Cancel a Chargebee subscription only after a dry-run plan, approval metadata, and idempotency key.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:payment |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: approval.approvedBy, customerId; Secrets: apiKey, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
subscriptionId | string | yes | min length 1; max length 128 | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cancelOption | string | no | one of end_of_term, immediately | Connector-specific argument. |
customerId | string | no | max length 128 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | min length 16; max length 255 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
memo | string | no | max length 2000 | Connector-specific argument. |
planId | string | no | max length 160 | Connector-specific argument. |
reasonCode | string | no | max length 100 | Connector-specific argument. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
chargebee.issue_credit_note
Issue a Chargebee credit note only after a dry-run plan, approval metadata, amount cap check, and idempotency key.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:payment |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: approval.approvedBy, customerId; Secrets: apiKey, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
amountCents | integer | yes | min 1 | Connector-specific argument. |
customerId | string | yes | min length 1; max length 128 | Connector-specific argument. |
invoiceId | string | yes | min length 1; max length 128 | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
currency | string | no | min length 3; max length 3 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | min length 16; max length 255 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
memo | string | no | max length 2000 | Connector-specific argument. |
planId | string | no | max length 160 | Connector-specific argument. |
reasonCode | string | no | max length 100 | Connector-specific argument. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Datadog (datadog)
Governed Datadog connector for bounded telemetry reads, monitor context, incident writes, and approval-gated monitor downtime.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | observability, incident |
| Data classes | observability, telemetry, metadata, pii |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts datadog |
| Fixture selfcheck | bun run apps/connectors/src/index.ts datadog --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/datadog |
| Vendor docs | https://docs.datadoghq.com/api/latest/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| API token | Datadog API and application keys | api_key, application_key | DATADOG_API_KEY, DATADOG_APP_KEY | logs_read, apm_read, metrics_read, monitors_read | incident_write, downtime_write | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
logs_read | required | observability, telemetry, pii |
apm_read | required | observability, telemetry, pii |
metrics_read | required | observability, telemetry |
monitors_read | required | observability, metadata |
incident_write | optional | metadata, pii |
downtime_write | optional | metadata, audit |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
datadog.search_logs | L1 | read:observability | no | not declared | 30s / tenant / live | recorded | no suppression needed | from, query, to | Search Datadog logs with required bounded time range and small default row limit. Snippets are returned unless includeRaw is true. |
datadog.get_trace | L1 | read:observability | no | not declared | 60s / tenant / live | recorded | no suppression needed | from, to, traceId | Fetch one Datadog trace with bounded span count and redacted request data. |
datadog.query_metrics | L1 | read:observability | no | not declared | 60s / tenant / live | recorded | no suppression needed | from, query, to | Query Datadog metrics with required bounded time range and a bounded point count. |
datadog.list_monitors | L1 | read:observability | no | not declared | 120s / tenant / live | recorded | no suppression needed | none | Search Datadog monitors with tag filters and bounded pagination. |
datadog.get_monitor | L1 | read:observability | no | not declared | 120s / tenant / live | recorded | no suppression needed | monitorId | Fetch one Datadog monitor and current state. |
datadog.create_incident | L3 | write:incident | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | severity, title | Create a Datadog incident. Dry-run is the default; live execution requires write enablement and idempotency. |
datadog.update_incident | L3 | write:incident | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | incidentId | Patch allowlisted Datadog incident fields. Dry-run is the default. |
datadog.add_incident_timeline_item | L3 | write:incident | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | content, incidentId | Add a note to a Datadog incident timeline. Dry-run is the default. |
datadog.create_monitor_downtime | L4 | write:incident | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | end, monitorId, scope, start | Create bounded monitor downtime. Non-dry-run execution requires approval metadata and an idempotency key. |
Tool details:
datadog.search_logs
Search Datadog logs with required bounded time range and small default row limit. Snippets are returned unless includeRaw is true.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:observability |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: logs[].message, logs[].attributes; Secrets: raw, authorization, cookie, api_key, application_key |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
from | string | yes | - | ISO 8601 start time. |
query | string | yes | min length 1; max length 1000 | Search string or filter expression accepted by the connector. |
to | string | yes | - | ISO 8601 end time. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
datadog.get_trace
Fetch one Datadog trace with bounded span count and redacted request data.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:observability |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: spans[].resource, spans[].meta; Secrets: raw, authorization, cookie, token, secret |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
from | string | yes | - | ISO 8601 start time for trace lookup. |
to | string | yes | - | ISO 8601 end time for trace lookup. |
traceId | string | yes | min length 1; max length 128 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
maxSpans | integer | no | min 1; max 100 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
datadog.query_metrics
Query Datadog metrics with required bounded time range and a bounded point count.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:observability |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
from | string | yes | - | ISO 8601 start time. |
query | string | yes | min length 1; max length 1000 | Search string or filter expression accepted by the connector. |
to | string | yes | - | ISO 8601 end time. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
maxPoints | integer | no | min 1; max 1000 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
datadog.list_monitors
Search Datadog monitors with tag filters and bounded pagination.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:observability |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: monitors[].message; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
tags | array | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
datadog.get_monitor
Fetch one Datadog monitor and current state.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:observability |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: monitor.message; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
monitorId | any | yes | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
datadog.create_incident
Create a Datadog incident. Dry-run is the default; live execution requires write enablement and idempotency.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:incident |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: customerImpact; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
severity | string | yes | one of SEV-1, SEV-2, SEV-3, SEV-4, SEV-5 | Connector-specific argument. |
title | string | yes | min length 1; max length 300 | Connector-specific argument. |
customerImpact | string | no | max length 2000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
service | string | no | max length 128 | Connector-specific argument. |
team | string | no | max length 128 | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
datadog.update_incident
Patch allowlisted Datadog incident fields. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:incident |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: title; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
incidentId | string | yes | min length 1 | Connector-specific argument. |
commander | string | no | max length 128 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
severity | string | no | one of SEV-1, SEV-2, SEV-3, SEV-4, SEV-5 | Connector-specific argument. |
status | string | no | one of active, stable, resolved | Connector-specific argument. |
title | string | no | min length 1; max length 300 | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
datadog.add_incident_timeline_item
Add a note to a Datadog incident timeline. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:incident |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: content; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
content | string | yes | min length 1; max length 5000 | Connector-specific argument. |
incidentId | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
datadog.create_monitor_downtime
Create bounded monitor downtime. Non-dry-run execution requires approval metadata and an idempotency key.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:incident |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: message; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
end | string | yes | - | ISO 8601 end time. |
monitorId | any | yes | - | Connector-specific argument. |
scope | array | yes | - | Connector-specific argument. |
start | string | yes | - | ISO 8601 start time. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
message | string | no | max length 1000 | Connector-specific argument. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
DocuSign (docusign)
Governed DocuSign eSignature connector for templates, envelopes, recipients, documents, audit events, and approval-gated signature actions.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | legal, productivity |
| Data classes | contracts, signatures, documents, pii, audit, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts docusign |
| Fixture selfcheck | bun run apps/connectors/src/index.ts docusign --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/docusign |
| Vendor docs | https://developers.docusign.com/docs/esign-rest-api/reference/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | DocuSign OAuth access token | accessToken | DOCUSIGN_ACCESS_TOKEN | signature | impersonation | yes |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
signature | required | contracts, signatures |
impersonation | optional | contracts |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
docusign.list_templates | L1 | read:contracts | no | not declared | 300s / tenant / slow | recorded | no suppression needed | accountId | List DocuSign templates. |
docusign.list_envelopes | L1 | read:contracts | no | not declared | 300s / subject / slow | recorded | no suppression needed | accountId | List envelopes. |
docusign.get_envelope | L1 | read:contracts | no | not declared | 300s / subject / slow | recorded | no suppression needed | accountId, envelopeId | Read an envelope. |
docusign.list_recipients | L1 | read:contracts | no | not declared | 300s / subject / slow | recorded | no suppression needed | accountId, envelopeId | List envelope recipients. |
docusign.list_documents | L1 | read:contracts | no | not declared | 300s / subject / slow | recorded | no suppression needed | accountId, envelopeId | List envelope documents. |
docusign.get_audit_events | L1 | read:contracts | no | not declared | 60s / subject / live | recorded | no suppression needed | accountId, envelopeId | Read envelope audit events. |
docusign.create_envelope_draft | L2 | write:contracts | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | accountId | Create or plan a DocuSign draft envelope. |
docusign.send_envelope | L4 | write:contracts | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | accountId, envelopeId, idempotencyKey | Send an envelope for signature after approval. |
docusign.void_envelope | L4 | write:contracts | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | accountId, envelopeId, idempotencyKey, voidedReason | Void an envelope after approval. |
docusign.correct_envelope | L4 | write:contracts | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | accountId, envelopeId, idempotencyKey | Correct envelope recipients or documents after approval. |
Tool details:
docusign.list_templates
List DocuSign templates.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:contracts |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
accountId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
docusign.list_envelopes
List envelopes.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:contracts |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
accountId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
docusign.get_envelope
Read an envelope.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:contracts |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
accountId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
envelopeId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
docusign.list_recipients
List envelope recipients.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:contracts |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
accountId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
envelopeId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
docusign.list_documents
List envelope documents.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:contracts |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
accountId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
envelopeId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
docusign.get_audit_events
Read envelope audit events.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:contracts |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
accountId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
envelopeId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
docusign.create_envelope_draft
Create or plan a DocuSign draft envelope.
| Contract field | Value |
|---|---|
| Side-effect level | L2 - Draft, reversible, or low-impact write. |
| Policy action | write:contracts |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
accountId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.
docusign.send_envelope
Send an envelope for signature after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:contracts |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
accountId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
envelopeId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
docusign.void_envelope
Void an envelope after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:contracts |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
accountId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
envelopeId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
voidedReason | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
docusign.correct_envelope
Correct envelope recipients or documents after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:contracts |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
accountId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
envelopeId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Dropbox (dropbox)
Governed Dropbox connector for file metadata, search, previews, shared links, folders, uploads, and delete approval gates.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | content, productivity |
| Data classes | documents, files, comments, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts dropbox |
| Fixture selfcheck | bun run apps/connectors/src/index.ts dropbox --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/dropbox |
| Vendor docs | https://www.dropbox.com/developers/documentation/http/documentation |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | OAuth access token | accessToken | DROPBOX_ACCESS_TOKEN | files.metadata.read, files.content.read, files.content.write, sharing.write | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
files.metadata.read | required | documents, files |
files.content.read | required | documents, files |
files.content.write | required | documents, files |
sharing.write | required | documents, files |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
dropbox.list_folder | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List Dropbox folder entries. |
dropbox.continue_list_folder | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Continue a Dropbox folder cursor. |
dropbox.search_files | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Search Dropbox files. |
dropbox.get_metadata | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | path | Read Dropbox metadata for a path or id. |
dropbox.download_file_preview | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | path | Read bounded Dropbox file fixture content. |
dropbox.list_shared_links | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List Dropbox shared links. |
dropbox.list_collaborations | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | path | List Dropbox file members and invitees. |
dropbox.list_comments | L1 | read:comments | no | not declared | 300s / subject / slow | recorded | no suppression needed | path | List Dropbox file comments or annotations. |
dropbox.create_shared_link | L3 | write:documents | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | path | Plan or create a Dropbox shared link. |
dropbox.create_folder | L3 | write:documents | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | path | Plan or create a Dropbox folder. |
dropbox.upload_file_draft | L2 | write:documents | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | path | Prepare a bounded Dropbox upload plan. |
dropbox.delete_file | L4 | write:documents | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | path | Delete a Dropbox file after approval. |
Tool details:
dropbox.list_folder
List Dropbox folder entries.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dropbox.continue_list_folder
Continue a Dropbox folder cursor.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dropbox.search_files
Search Dropbox files.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dropbox.get_metadata
Read Dropbox metadata for a path or id.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
path | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dropbox.download_file_preview
Read bounded Dropbox file fixture content.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
path | string | yes | - | Connector-specific argument. |
allowBinary | boolean | no | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
maxBytes | integer | no | min 1; max 65536 | Maximum response bytes for content-like reads. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dropbox.list_shared_links
List Dropbox shared links.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dropbox.list_collaborations
List Dropbox file members and invitees.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: user, invitee; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl, url |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
path | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dropbox.list_comments
List Dropbox file comments or annotations.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:comments |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: message, createdBy; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl, url |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
path | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dropbox.create_shared_link
Plan or create a Dropbox shared link.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:documents |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
path | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
dropbox.create_folder
Plan or create a Dropbox folder.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:documents |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
path | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
dropbox.upload_file_draft
Prepare a bounded Dropbox upload plan.
| Contract field | Value |
|---|---|
| Side-effect level | L2 - Draft, reversible, or low-impact write. |
| Policy action | write:documents |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
path | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.
dropbox.delete_file
Delete a Dropbox file after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:documents |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
path | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Figma (figma)
Governed Figma connector for design files, nodes, comments, versions, components, image URLs, and library notes.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | design, productivity |
| Data classes | design, files, comments, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts figma |
| Fixture selfcheck | bun run apps/connectors/src/index.ts figma --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/figma |
| Vendor docs | https://developers.figma.com/docs/rest-api/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | Personal access token or OAuth access token | accessToken | FIGMA_ACCESS_TOKEN | file_read, file_comments:write, projects:read | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
file_read | required | design, files, comments |
file_comments:write | required | design, files, comments |
projects:read | required | design, files, comments |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
figma.get_file | L1 | read:design | no | not declared | 300s / subject / slow | recorded | no suppression needed | fileKey | Read Figma file metadata and document summary. |
figma.get_file_nodes | L1 | read:design | no | not declared | 300s / subject / slow | recorded | no suppression needed | fileKey | Read selected Figma nodes. |
figma.list_file_comments | L1 | read:comments | no | not declared | 300s / subject / slow | recorded | no suppression needed | fileKey | List comments on a Figma file. |
figma.create_comment | L3 | write:comments | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | fileKey, message | Plan or create a Figma file comment. |
figma.list_file_versions | L1 | read:design | no | not declared | 300s / subject / slow | recorded | no suppression needed | fileKey | List Figma file versions. |
figma.get_team_projects | L1 | read:design | no | not declared | 300s / subject / slow | recorded | no suppression needed | teamId | List Figma team projects. |
figma.list_project_files | L1 | read:design | no | not declared | 300s / subject / slow | recorded | no suppression needed | projectId | List Figma project files. |
figma.get_component | L1 | read:design | no | not declared | 300s / subject / slow | recorded | no suppression needed | componentKey | Read a Figma component. |
figma.get_image_urls | L1 | read:design | no | not declared | 300s / subject / slow | recorded | no suppression needed | fileKey | Read bounded Figma image export URLs. |
figma.publish_library_note | L2 | write:design | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | fileKey, message | Prepare a low-impact library note plan. |
Tool details:
figma.get_file
Read Figma file metadata and document summary.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:design |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileKey | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
figma.get_file_nodes
Read selected Figma nodes.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:design |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileKey | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
figma.list_file_comments
List comments on a Figma file.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:comments |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: message; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileKey | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
figma.create_comment
Plan or create a Figma file comment.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:comments |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: message; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileKey | string | yes | - | Connector-specific argument. |
message | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
figma.list_file_versions
List Figma file versions.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:design |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileKey | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
figma.get_team_projects
List Figma team projects.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:design |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
teamId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
figma.list_project_files
List Figma project files.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:design |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
projectId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
figma.get_component
Read a Figma component.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:design |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
componentKey | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
figma.get_image_urls
Read bounded Figma image export URLs.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:design |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileKey | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
figma.publish_library_note
Prepare a low-impact library note plan.
| Contract field | Value |
|---|---|
| Side-effect level | L2 - Draft, reversible, or low-impact write. |
| Policy action | write:design |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: message; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileKey | string | yes | - | Connector-specific argument. |
message | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.
GitHub (github)
GitHub engineering connector for issues, pull requests, repository files, and safe issue metadata writes.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | engineering |
| Data classes | metadata, source_code, tickets, pii |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts github |
| Fixture selfcheck | bun run apps/connectors/src/index.ts github --fixture --selfcheck |
| Punk docs | https://docs.punk.local/connectors/github |
| Vendor docs | https://docs.github.com/en/rest |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | GitHub App installation token | access_token | GITHUB_TOKEN | metadata:read, contents:read, issues:read, pull_requests:read | issues:write | no |
| API token | Fine-grained personal access token | token | GITHUB_TOKEN | Metadata: read, Contents: read, Issues: read/write, Pull requests: read | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
metadata:read | required | metadata |
contents:read | required | source_code |
issues:read | required | tickets, pii |
issues:write | optional | tickets, pii |
pull_requests:read | required | source_code, metadata |
Metadata: read | required | metadata |
Contents: read | required | source_code |
Issues: read/write | required | tickets, pii |
Pull requests: read | required | source_code, metadata |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
github.search_issues | L1 | read:repo | no | not declared | 60s / tenant / live | recorded | no suppression needed | query | Search GitHub issues with bounded results. |
github.get_issue | L1 | read:repo | no | not declared | 300s / tenant / slow | recorded | no suppression needed | number, owner, repo | Fetch one GitHub issue by owner, repository, and issue number. |
github.search_prs | L1 | read:repo | no | not declared | 60s / tenant / live | recorded | no suppression needed | query | Search GitHub pull requests with bounded results. |
github.get_pr | L1 | read:repo | no | not declared | 180s / tenant / live | recorded | no suppression needed | number, owner, repo | Fetch one GitHub pull request by owner, repository, and pull request number. |
github.list_files | L1 | read:repo | no | not declared | 300s / tenant / slow | recorded | no suppression needed | owner, repo | List changed files for a pull request, or repository contents at a path/ref. |
github.get_file | L1 | read:repo | no | not declared | 600s / tenant / slow | recorded | no suppression needed | owner, path, repo | Fetch a bounded text file from a repository path/ref. |
github.create_issue | L3 | write:repo | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | owner, repo, title | Create a GitHub issue. Dry-run is the default. |
github.comment_issue | L3 | write:repo | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | body, number, owner, repo | Add a comment to a GitHub issue or pull request. Dry-run is the default. |
github.update_issue | L3 | write:repo | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | number, owner, repo | Update safe GitHub issue fields. Dry-run is the default. |
github.add_labels | L2 | write:repo | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | labels, number, owner, repo | Add labels to a GitHub issue or pull request. Dry-run is the default. |
Tool details:
github.search_issues
Search GitHub issues with bounded results.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:repo |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: items[].author; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
query | string | yes | min length 1 | Search string or filter expression accepted by the connector. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeBody | boolean | no | - | Optional body expansion. Defaults are bounded excerpts or metadata. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
owner | string | no | - | Connector-specific argument. |
repo | string | no | - | Connector-specific argument. |
state | string | no | one of open, closed, all | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
github.get_issue
Fetch one GitHub issue by owner, repository, and issue number.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:repo |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: author, assignees[]; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
number | integer | yes | min 1 | Connector-specific argument. |
owner | string | yes | min length 1 | Connector-specific argument. |
repo | string | yes | min length 1 | Connector-specific argument. |
includeBody | boolean | no | - | Optional body expansion. Defaults are bounded excerpts or metadata. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
github.search_prs
Search GitHub pull requests with bounded results.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:repo |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: items[].author; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
query | string | yes | min length 1 | Search string or filter expression accepted by the connector. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeBody | boolean | no | - | Optional body expansion. Defaults are bounded excerpts or metadata. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
owner | string | no | - | Connector-specific argument. |
repo | string | no | - | Connector-specific argument. |
state | string | no | one of open, closed, merged, all | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
github.get_pr
Fetch one GitHub pull request by owner, repository, and pull request number.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:repo |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 180s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: author; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
number | integer | yes | min 1 | Connector-specific argument. |
owner | string | yes | min length 1 | Connector-specific argument. |
repo | string | yes | min length 1 | Connector-specific argument. |
includeBody | boolean | no | - | Optional body expansion. Defaults are bounded excerpts or metadata. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
github.list_files
List changed files for a pull request, or repository contents at a path/ref.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:repo |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
owner | string | yes | min length 1 | Connector-specific argument. |
repo | string | yes | min length 1 | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
path | string | no | - | Connector-specific argument. |
pullNumber | integer | no | min 1 | Connector-specific argument. |
ref | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
github.get_file
Fetch a bounded text file from a repository path/ref.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:repo |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 600s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
owner | string | yes | min length 1 | Connector-specific argument. |
path | string | yes | min length 1 | Connector-specific argument. |
repo | string | yes | min length 1 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
maxBytes | integer | no | min 1; max 500000 | Maximum response bytes for content-like reads. |
ref | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
github.create_issue
Create a GitHub issue. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:repo |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body, assignees[]; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
owner | string | yes | min length 1 | Connector-specific argument. |
repo | string | yes | min length 1 | Connector-specific argument. |
title | string | yes | min length 1; max length 256 | Connector-specific argument. |
assignees | array | no | - | Connector-specific argument. |
body | string | no | max length 20000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
labels | array | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
github.comment_issue
Add a comment to a GitHub issue or pull request. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:repo |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | min length 1; max length 20000 | Connector-specific argument. |
number | integer | yes | min 1 | Connector-specific argument. |
owner | string | yes | min length 1 | Connector-specific argument. |
repo | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
github.update_issue
Update safe GitHub issue fields. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:repo |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
number | integer | yes | min 1 | Connector-specific argument. |
owner | string | yes | min length 1 | Connector-specific argument. |
repo | string | yes | min length 1 | Connector-specific argument. |
body | string | no | max length 20000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
state | string | no | one of open, closed | Connector-specific argument. |
title | string | no | max length 256 | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
github.add_labels
Add labels to a GitHub issue or pull request. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L2 - Draft, reversible, or low-impact write. |
| Policy action | write:repo |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
labels | array | yes | - | Connector-specific argument. |
number | integer | yes | min 1 | Connector-specific argument. |
owner | string | yes | min length 1 | Connector-specific argument. |
repo | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.
GitLab (gitlab)
GitLab engineering connector for project, issue, merge request, pipeline job, repository file, and safe issue metadata workflows.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | engineering |
| Data classes | metadata, source_code, tickets, pii |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts gitlab |
| Fixture selfcheck | bun run apps/connectors/src/index.ts gitlab --fixture --selfcheck |
| Punk docs | https://docs.punk.local/connectors/gitlab |
| Vendor docs | https://docs.gitlab.com/api/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| API token | GitLab personal, project, or group access token | token | GITLAB_TOKEN, PUNK_GITLAB_TOKEN | read_api | api | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
read_api | required | metadata, source_code, tickets, pii |
api | optional | tickets, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
gitlab.search_projects | L1 | read:repo | no | not declared | 300s / tenant / slow | recorded | no suppression needed | query | Search GitLab projects with bounded results and optional namespace filters. |
gitlab.get_project | L1 | read:repo | no | not declared | 300s / tenant / slow | recorded | no suppression needed | projectId | Fetch GitLab project metadata by numeric id or full path. |
gitlab.search_issues | L1 | read:ticket | no | not declared | 60s / tenant / live | recorded | no suppression needed | query | Search GitLab issues by project, group, query, state, and labels with bounded results. |
gitlab.get_issue | L1 | read:ticket | no | not declared | 180s / tenant / live | recorded | no suppression needed | issueIid, projectId | Fetch one GitLab issue by project and issue IID, with optional bounded notes. |
gitlab.search_merge_requests | L1 | read:repo | no | not declared | 60s / tenant / live | recorded | no suppression needed | query | Search GitLab merge requests by project, group, query, state, labels, and branch with bounded results. |
gitlab.get_merge_request | L1 | read:repo | no | not declared | 180s / tenant / live | recorded | no suppression needed | mergeRequestIid, projectId | Fetch one GitLab merge request by project and MR IID, with optional bounded diff summary. |
gitlab.list_pipeline_jobs | L1 | read:repo | no | not declared | 60s / tenant / live | recorded | no suppression needed | projectId | List GitLab project or pipeline jobs with bounded status metadata. Job logs are not fetched. |
gitlab.get_file | L1 | read:repo | no | not declared | 600s / tenant / slow | recorded | no suppression needed | path, projectId, ref | Fetch a bounded GitLab repository file by project, ref, and path. Oversized files and binary blobs are rejected unless explicitly allowed. |
gitlab.create_issue | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | projectId, title | Create a GitLab issue. Dry-run is the default and live writes require explicit enablement. |
gitlab.comment_issue | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | body, issueIid, projectId | Add a visible note to a GitLab issue. Dry-run is the default and live writes require explicit enablement. |
gitlab.update_issue | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | issueIid, projectId | Update safe GitLab issue fields: title, description, labels, and assignees. Dry-run is the default. |
gitlab.add_labels | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | issueIid, labels, projectId | Add labels to a GitLab issue. Dry-run is the default and live writes require explicit enablement. |
Tool details:
gitlab.search_projects
Search GitLab projects with bounded results and optional namespace filters.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:repo |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
query | string | yes | min length 1 | Search string or filter expression accepted by the connector. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
namespaceId | any | no | - | Connector-specific argument. |
namespacePath | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gitlab.get_project
Fetch GitLab project metadata by numeric id or full path.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:repo |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
projectId | any | yes | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gitlab.search_issues
Search GitLab issues by project, group, query, state, and labels with bounded results.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:ticket |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: items[].author, items[].assignees[]; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
query | string | yes | min length 1 | Search string or filter expression accepted by the connector. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
groupId | any | no | - | Connector-specific argument. |
includeDescription | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
labels | array | no | - | Connector-specific argument. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
projectId | any | no | - | Connector-specific argument. |
state | string | no | one of opened, closed, all | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gitlab.get_issue
Fetch one GitLab issue by project and issue IID, with optional bounded notes.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:ticket |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 180s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: issue.author, issue.assignees[], notes[].author; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
issueIid | any | yes | - | Connector-specific argument. |
projectId | any | yes | - | Connector-specific argument. |
includeDescription | boolean | no | - | Connector-specific argument. |
includeNotes | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
notesLimit | integer | no | min 1; max 20 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gitlab.search_merge_requests
Search GitLab merge requests by project, group, query, state, labels, and branch with bounded results.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:repo |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: items[].author; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
query | string | yes | min length 1 | Search string or filter expression accepted by the connector. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
groupId | any | no | - | Connector-specific argument. |
includeDescription | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
labels | array | no | - | Connector-specific argument. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
projectId | any | no | - | Connector-specific argument. |
sourceBranch | string | no | - | Connector-specific argument. |
state | string | no | one of opened, closed, merged, all | Connector-specific argument. |
targetBranch | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gitlab.get_merge_request
Fetch one GitLab merge request by project and MR IID, with optional bounded diff summary.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:repo |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 180s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: mergeRequest.author; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
mergeRequestIid | any | yes | - | Connector-specific argument. |
projectId | any | yes | - | Connector-specific argument. |
includeDescription | boolean | no | - | Connector-specific argument. |
includeDiffSummary | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
maxDiffBytes | integer | no | min 1; max 250000 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gitlab.list_pipeline_jobs
List GitLab project or pipeline jobs with bounded status metadata. Job logs are not fetched.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:repo |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: jobs[].user; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
projectId | any | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
pipelineId | any | no | - | Connector-specific argument. |
scope | array | no | - | Connector-specific argument. |
status | string | no | one of created, pending, running, failed, success, canceled, skipped, manual | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gitlab.get_file
Fetch a bounded GitLab repository file by project, ref, and path. Oversized files and binary blobs are rejected unless explicitly allowed.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:repo |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 600s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
path | string | yes | min length 1 | Connector-specific argument. |
projectId | any | yes | - | Connector-specific argument. |
ref | string | yes | min length 1 | Connector-specific argument. |
allowBinary | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
maxBytes | integer | no | min 1; max 500000 | Maximum response bytes for content-like reads. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gitlab.create_issue
Create a GitLab issue. Dry-run is the default and live writes require explicit enablement.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: description, assigneeIds[]; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
projectId | any | yes | - | Connector-specific argument. |
title | string | yes | min length 1; max length 256 | Connector-specific argument. |
assigneeIds | array | no | - | Connector-specific argument. |
description | string | no | max length 20000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
labels | array | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
gitlab.comment_issue
Add a visible note to a GitLab issue. Dry-run is the default and live writes require explicit enablement.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | min length 1; max length 20000 | Connector-specific argument. |
issueIid | any | yes | - | Connector-specific argument. |
projectId | any | yes | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
gitlab.update_issue
Update safe GitLab issue fields: title, description, labels, and assignees. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: description, assigneeIds[]; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
issueIid | any | yes | - | Connector-specific argument. |
projectId | any | yes | - | Connector-specific argument. |
assigneeIds | array | no | - | Connector-specific argument. |
description | string | no | max length 20000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
labels | array | no | - | Connector-specific argument. |
title | string | no | max length 256 | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
gitlab.add_labels
Add labels to a GitLab issue. Dry-run is the default and live writes require explicit enablement.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
issueIid | any | yes | - | Connector-specific argument. |
labels | array | yes | - | Connector-specific argument. |
projectId | any | yes | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
Gong (gong)
Governed Gong revenue intelligence connector for calls, transcripts, users, trackers, activity, deal context, and controlled exports.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | sales, crm, communications |
| Data classes | sales, recordings, communications, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts gong |
| Fixture selfcheck | bun run apps/connectors/src/index.ts gong --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/gong |
| Vendor docs | https://help.gong.io/docs/what-the-gong-api-provides |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Basic/API token | Gong access key and secret | accessKeySecret | GONG_ACCESS_TOKEN | api:calls:read, api:users:read | api:calls:write | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
api:calls:read | required | recordings, communications |
api:users:read | required | pii |
api:calls:write | optional | recordings |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
gong.list_calls | L1 | read:sales | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List Gong calls. |
gong.get_call | L1 | read:sales | no | not declared | 300s / subject / slow | recorded | no suppression needed | callId | Read Gong call metadata. |
gong.get_transcript | L1 | read:sales | no | not declared | 300s / subject / slow | recorded | no suppression needed | callId | Read bounded Gong transcript text. |
gong.list_users | L1 | read:sales | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Gong users. |
gong.list_trackers | L1 | read:sales | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Gong trackers. |
gong.list_activity | L1 | read:sales | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List account activity. |
gong.list_deal_calls | L1 | read:sales | no | not declared | 300s / subject / slow | recorded | no suppression needed | dealId | List calls linked to a deal. |
gong.export_transcript | L3 | write:sales | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | callId | Create a governed transcript export plan. |
gong.add_call_comment | L3 | write:sales | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | callId, text | Add a Gong call comment. |
gong.import_call_recording | L4 | write:sales | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | idempotencyKey, sourceUrl | Import an external recording after approval. |
Tool details:
gong.list_calls
List Gong calls.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:sales |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gong.get_call
Read Gong call metadata.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:sales |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
callId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gong.get_transcript
Read bounded Gong transcript text.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:sales |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: text; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
callId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gong.list_users
List Gong users.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:sales |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gong.list_trackers
List Gong trackers.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:sales |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gong.list_activity
List account activity.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:sales |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gong.list_deal_calls
List calls linked to a deal.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:sales |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
dealId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gong.export_transcript
Create a governed transcript export plan.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:sales |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
callId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
gong.add_call_comment
Add a Gong call comment.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:sales |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: text; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
callId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
text | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
gong.import_call_recording
Import an external recording after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:sales |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
sourceUrl | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Google Workspace (google-workspace)
Governed Google Workspace tools for Gmail, Drive, and Calendar context gathering plus bounded user-visible writes.
| Field | Value |
|---|---|
| Version | 0.1.0-draft |
| Categories | productivity, support |
| Data classes | email, documents, calendar, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts google-workspace |
| Fixture selfcheck | bun run apps/connectors/src/index.ts google-workspace --fixture --selfcheck |
| Punk docs | https://punk.local/docs/connectors/google-workspace |
| Vendor docs | https://developers.google.com/workspace |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | Delegated user OAuth | access_token | GOOGLE_WORKSPACE_ACCESS_TOKEN | https://www.googleapis.com/auth/gmail.readonly, https://www.googleapis.com/auth/gmail.compose, https://www.googleapis.com/auth/gmail.send, https://www.googleapis.com/auth/gmail.modify, https://www.googleapis.com/auth/drive.metadata.readonly, https://www.googleapis.com/auth/drive.readonly, https://www.googleapis.com/auth/drive.file, https://www.googleapis.com/auth/calendar.events.readonly, https://www.googleapis.com/auth/calendar.events | - | yes |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
https://www.googleapis.com/auth/gmail.readonly | required | email, pii |
https://www.googleapis.com/auth/gmail.compose | required | email, pii |
https://www.googleapis.com/auth/gmail.send | required | email, pii |
https://www.googleapis.com/auth/gmail.modify | required | email, pii |
https://www.googleapis.com/auth/drive.metadata.readonly | required | documents, metadata |
https://www.googleapis.com/auth/drive.readonly | required | documents, pii |
https://www.googleapis.com/auth/drive.file | required | documents, pii |
https://www.googleapis.com/auth/calendar.events.readonly | required | calendar, pii |
https://www.googleapis.com/auth/calendar.events | required | calendar, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
gmail.search_messages | L1 | read:email | no | not declared | 60s / subject / live | recorded | no suppression needed | query | Search Gmail messages and return bounded snippets by default. Full body retrieval is opt-in. |
gmail.get_message | L1 | read:email | no | not declared | 300s / subject / slow | recorded | no suppression needed | messageId | Get one Gmail message by ID with body text only when requested. |
gmail.get_thread | L1 | read:email | no | not declared | 120s / subject / slow | recorded | no suppression needed | threadId | Get messages in a Gmail thread with bounded optional body text. |
gmail.create_draft | L2 | write:email | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | bodyText, subject, to | Create a Gmail draft. dryRun defaults to true and returns the planned draft without writing. |
gmail.send_email | L3 | write:email | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | bodyText, subject, to | Send a user-visible email. dryRun defaults to true and approval is recommended. |
gmail.modify_labels | L2 | write:email | no | not declared | 0s / none / live | dry_run | suppressed, dry-run | messageIds | Add or remove labels for one or more Gmail messages. dryRun defaults to true. |
drive.search_files | L1 | read:document | no | not declared | 120s / subject / slow | recorded | no suppression needed | none | Search Google Drive metadata and return normalized file summaries. |
drive.get_file_metadata | L1 | read:document | no | not declared | 600s / subject / slow | recorded | no suppression needed | fileId | Get normalized Google Drive file metadata without file contents. |
drive.export_file_text | L1 | read:document | no | not declared | 600s / subject / slow | recorded | no suppression needed | fileId | Export a Google Workspace file to bounded text. Large exports are truncated. |
drive.create_comment | L3 | write:document | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | content, fileId | Create a user-visible Google Drive comment. dryRun defaults to true. |
drive.reply_comment | L3 | write:document | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | commentId, content, fileId | Reply to a Google Drive comment. dryRun defaults to true. |
calendar.list_events | L1 | read:calendar | no | not declared | 60s / subject / live | recorded | no suppression needed | none | List bounded Google Calendar events in a time window. |
calendar.find_availability | L1 | read:calendar | no | not declared | 30s / subject / live | recorded | no suppression needed | timeMax, timeMin | Find open slots from Google Calendar free/busy data. |
calendar.create_event | L3 | write:calendar | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | end, start, summary | Create a user-visible calendar event. dryRun defaults to true. |
calendar.update_event | L3 | write:calendar | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | eventId | Update a user-visible calendar event. dryRun defaults to true. |
Tool details:
gmail.search_messages
Search Gmail messages and return bounded snippets by default. Full body retrieval is opt-in.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:email |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: messages.from, messages.to, messages.subject, messages.snippet, messages.bodyText; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
query | string | yes | min length 1; max length 1000 | Search string or filter expression accepted by the connector. |
includeBody | boolean | no | - | Optional body expansion. Defaults are bounded excerpts or metadata. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
maxBodyBytes | integer | no | min 0; max 20000 | Connector-specific argument. |
pageToken | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gmail.get_message
Get one Gmail message by ID with body text only when requested.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:email |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: from, to, subject, snippet, bodyText; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
messageId | string | yes | min length 1 | Connector-specific argument. |
includeBody | boolean | no | - | Optional body expansion. Defaults are bounded excerpts or metadata. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
maxBodyBytes | integer | no | min 0; max 50000 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gmail.get_thread
Get messages in a Gmail thread with bounded optional body text.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:email |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: messages.from, messages.to, messages.subject, messages.snippet, messages.bodyText; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
threadId | string | yes | min length 1 | Connector-specific argument. |
includeBody | boolean | no | - | Optional body expansion. Defaults are bounded excerpts or metadata. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
maxBodyBytes | integer | no | min 0; max 50000 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
gmail.create_draft
Create a Gmail draft. dryRun defaults to true and returns the planned draft without writing.
| Contract field | Value |
|---|---|
| Side-effect level | L2 - Draft, reversible, or low-impact write. |
| Policy action | write:email |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: to, cc, bcc, subject, bodyText; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
bodyText | string | yes | min length 1; max length 20000 | Connector-specific argument. |
subject | string | yes | min length 1; max length 500 | Connector-specific argument. |
to | array | yes | - | Connector-specific argument. |
bcc | array | no | - | Connector-specific argument. |
cc | array | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 120 | Stable caller-provided key used to dedupe write execution. |
inReplyToMessageId | string | no | - | Connector-specific argument. |
Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.
gmail.send_email
Send a user-visible email. dryRun defaults to true and approval is recommended.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:email |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: to, cc, bcc, subject, bodyText; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
bodyText | string | yes | min length 1; max length 20000 | Connector-specific argument. |
subject | string | yes | min length 1; max length 500 | Connector-specific argument. |
to | array | yes | - | Connector-specific argument. |
bcc | array | no | - | Connector-specific argument. |
cc | array | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 120 | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
gmail.modify_labels
Add or remove labels for one or more Gmail messages. dryRun defaults to true.
| Contract field | Value |
|---|---|
| Side-effect level | L2 - Draft, reversible, or low-impact write. |
| Policy action | write:email |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
messageIds | array | yes | - | Connector-specific argument. |
addLabelIds | array | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
removeLabelIds | array | no | - | Connector-specific argument. |
Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.
drive.search_files
Search Google Drive metadata and return normalized file summaries.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:document |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: files.name, files.owner; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
includeTrashed | boolean | no | - | Connector-specific argument. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
mimeTypes | array | no | - | Connector-specific argument. |
pageToken | string | no | - | Connector-specific argument. |
query | string | no | max length 1000 | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
drive.get_file_metadata
Get normalized Google Drive file metadata without file contents.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:document |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 600s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: name, owner, permissions; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileId | string | yes | min length 1 | Connector-specific argument. |
includePermissions | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
drive.export_file_text
Export a Google Workspace file to bounded text. Large exports are truncated.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:document |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 600s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: text; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileId | string | yes | min length 1 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
maxBytes | integer | no | min 1; max 250000 | Maximum response bytes for content-like reads. |
mimeType | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
drive.create_comment
Create a user-visible Google Drive comment. dryRun defaults to true.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:document |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: content, quotedText; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
content | string | yes | min length 1; max length 4000 | Connector-specific argument. |
fileId | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 120 | Stable caller-provided key used to dedupe write execution. |
quotedText | string | no | max length 1000 | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
drive.reply_comment
Reply to a Google Drive comment. dryRun defaults to true.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:document |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: content; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
commentId | string | yes | min length 1 | Connector-specific argument. |
content | string | yes | min length 1; max length 4000 | Connector-specific argument. |
fileId | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 120 | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
calendar.list_events
List bounded Google Calendar events in a time window.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:calendar |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: events.summary, events.description, events.attendees; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
calendarId | string | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
pageToken | string | no | - | Connector-specific argument. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
timeMax | string | no | - | Connector-specific argument. |
timeMin | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
calendar.find_availability
Find open slots from Google Calendar free/busy data.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:calendar |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: busy; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
timeMax | string | yes | - | Connector-specific argument. |
timeMin | string | yes | - | Connector-specific argument. |
calendarIds | array | no | - | Connector-specific argument. |
durationMinutes | integer | no | min 5; max 480 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 20 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
timeZone | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
calendar.create_event
Create a user-visible calendar event. dryRun defaults to true.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:calendar |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: summary, description, attendees, location; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
end | string | yes | - | Connector-specific argument. |
start | string | yes | - | Connector-specific argument. |
summary | string | yes | min length 1; max length 500 | Connector-specific argument. |
attendees | array | no | - | Connector-specific argument. |
calendarId | string | no | - | Connector-specific argument. |
description | string | no | max length 4000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 120 | Stable caller-provided key used to dedupe write execution. |
location | string | no | max length 500 | Connector-specific argument. |
sendUpdates | any | no | one of none, all, externalOnly | Connector-specific argument. |
timeZone | string | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
calendar.update_event
Update a user-visible calendar event. dryRun defaults to true.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:calendar |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: summary, description, attendees, location; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
eventId | string | yes | min length 1 | Connector-specific argument. |
attendees | array | no | - | Connector-specific argument. |
calendarId | string | no | - | Connector-specific argument. |
description | string | no | max length 4000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
end | string | no | - | Connector-specific argument. |
idempotencyKey | string | no | max length 120 | Stable caller-provided key used to dedupe write execution. |
location | string | no | max length 500 | Connector-specific argument. |
sendUpdates | any | no | one of none, all, externalOnly | Connector-specific argument. |
start | string | no | - | Connector-specific argument. |
summary | string | no | max length 500 | Connector-specific argument. |
timeZone | string | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
Greenhouse (greenhouse)
Governed Greenhouse recruiting connector for jobs, candidates, applications, interviews, offers, scorecards, notes, and stage movement.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | recruiting, hr |
| Data classes | recruiting, hr, pii, comments, audit, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts greenhouse |
| Fixture selfcheck | bun run apps/connectors/src/index.ts greenhouse --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/greenhouse |
| Vendor docs | https://developers.greenhouse.io/harvest.html |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | Greenhouse Harvest OAuth or API token | accessToken | GREENHOUSE_ACCESS_TOKEN | jobs:read, candidates:read | candidates:write | yes |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
jobs:read | required | recruiting |
candidates:read | required | recruiting, pii |
candidates:write | optional | recruiting, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
greenhouse.list_jobs | L1 | read:recruiting | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Greenhouse jobs. |
greenhouse.search_candidates | L1 | read:recruiting | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Search candidates with PII redaction. |
greenhouse.get_candidate | L1 | read:recruiting | no | not declared | 300s / subject / slow | recorded | no suppression needed | candidateId | Read one candidate. |
greenhouse.list_applications | L1 | read:recruiting | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List applications. |
greenhouse.list_interviews | L1 | read:recruiting | no | not declared | 300s / subject / slow | recorded | no suppression needed | applicationId | List interviews. |
greenhouse.list_offers | L1 | read:recruiting | no | not declared | 300s / subject / slow | recorded | no suppression needed | applicationId | List offers. |
greenhouse.list_scorecards | L1 | read:recruiting | no | not declared | 300s / subject / slow | recorded | no suppression needed | applicationId | List interview scorecards. |
greenhouse.add_note | L3 | write:recruiting | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | body, candidateId | Add a recruiting note. |
greenhouse.update_candidate | L3 | write:recruiting | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | candidateId | Update candidate fields. |
greenhouse.move_application_stage | L4 | write:recruiting | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | applicationId, idempotencyKey, stageId | Move an application to a new hiring stage after approval. |
Tool details:
greenhouse.list_jobs
List Greenhouse jobs.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:recruiting |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
greenhouse.search_candidates
Search candidates with PII redaction.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:recruiting |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
greenhouse.get_candidate
Read one candidate.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:recruiting |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
candidateId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
greenhouse.list_applications
List applications.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:recruiting |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
greenhouse.list_interviews
List interviews.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:recruiting |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
applicationId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
greenhouse.list_offers
List offers.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:recruiting |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
applicationId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
greenhouse.list_scorecards
List interview scorecards.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:recruiting |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
applicationId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
greenhouse.add_note
Add a recruiting note.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:recruiting |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | number | boolean | object | array | yes | - | Connector-specific argument. |
candidateId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
greenhouse.update_candidate
Update candidate fields.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:recruiting |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
candidateId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
greenhouse.move_application_stage
Move an application to a new hiring stage after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:recruiting |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
applicationId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
stageId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
HubSpot (hubspot)
Sales and customer context connector for HubSpot CRM with governed read tools and level 3 CRM writes.
| Field | Value |
|---|---|
| Version | 0.1.0-draft |
| Categories | crm, support |
| Data classes | crm, pii, tickets, billing |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts hubspot |
| Fixture selfcheck | bun run apps/connectors/src/index.ts hubspot --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/hubspot |
| Vendor docs | https://developers.hubspot.com/docs/api/crm/understanding-the-crm |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | HubSpot OAuth public app | accessToken | PUNK_HUBSPOT_ACCESS_TOKEN | crm.objects.contacts.read, crm.objects.contacts.write, crm.objects.companies.read, crm.objects.companies.write, crm.objects.deals.read, crm.objects.deals.write, crm.objects.tickets.read, crm.objects.tickets.write, crm.objects.notes.write, crm.objects.tasks.write | - | yes |
| API token | HubSpot private app token | accessToken | PUNK_HUBSPOT_ACCESS_TOKEN | - | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
crm.objects.contacts.read | required | crm, pii |
crm.objects.contacts.write | required | crm, pii |
crm.objects.companies.read | required | crm |
crm.objects.companies.write | required | crm |
crm.objects.deals.read | required | crm, billing |
crm.objects.deals.write | required | crm, billing |
crm.objects.tickets.read | required | crm, tickets |
crm.objects.tickets.write | required | crm, tickets |
crm.objects.notes.write | required | crm |
crm.objects.tasks.write | required | crm |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
hubspot.search_contacts | L1 | read:crm | no | not declared | 60s / subject / live | recorded | no suppression needed | none | Search HubSpot contacts by name, email, company, or title. Body and raw vendor payloads are excluded unless explicitly requested. |
hubspot.search_companies | L1 | read:crm | no | not declared | 120s / subject / live | recorded | no suppression needed | none | Search HubSpot companies by name, domain, owner, tier, or risk note. |
hubspot.search_deals | L1 | read:crm | no | not declared | 60s / subject / live | recorded | no suppression needed | none | Search HubSpot deals by deal name, company, owner, or stage. |
hubspot.search_tickets | L1 | read:crm | no | not declared | 30s / subject / live | recorded | no suppression needed | none | Search HubSpot support tickets by subject, company, requester, status, or priority. |
hubspot.get_object | L1 | read:crm | no | not declared | 300s / subject / slow | recorded | no suppression needed | objectId, objectType | Get one allowlisted HubSpot CRM object by id. Allowed object types are contacts, companies, deals, and tickets. |
hubspot.create_note | L3 | write:crm | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | body, objectId, objectType | Create an internal HubSpot CRM note associated with an allowlisted CRM object. This is a level 3 CRM write. |
hubspot.update_contact | L3 | write:crm | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | contactId, properties | Update allowlisted HubSpot contact properties only. Disallowed fields are rejected before vendor calls. |
hubspot.update_company | L3 | write:crm | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | companyId, properties | Update allowlisted HubSpot company properties only. Disallowed fields are rejected before vendor calls. |
hubspot.create_task | L3 | write:crm | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | objectId, objectType, title | Create a HubSpot CRM task associated with an allowlisted object. This is a level 3 user-visible CRM write. |
Tool details:
hubspot.search_contacts
Search HubSpot contacts by name, email, company, or title. Body and raw vendor payloads are excluded unless explicitly requested.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email, phone; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
fields | array | no | - | Optional read field allowlist. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search text such as email, name, company, or title. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
hubspot.search_companies
Search HubSpot companies by name, domain, owner, tier, or risk note.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
fields | array | no | - | Optional read field allowlist. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search text such as company name, domain, owner, or risk note. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
hubspot.search_deals
Search HubSpot deals by deal name, company, owner, or stage.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
hubspot.search_tickets
Search HubSpot support tickets by subject, company, requester, status, or priority.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: requesterEmail; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
hubspot.get_object
Get one allowlisted HubSpot CRM object by id. Allowed object types are contacts, companies, deals, and tickets.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email, phone, requesterEmail; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
objectId | string | yes | - | Connector-specific argument. |
objectType | string | yes | one of contacts, companies, deals, tickets | Connector-specific argument. |
fields | array | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
hubspot.create_note
Create an internal HubSpot CRM note associated with an allowlisted CRM object. This is a level 3 CRM write.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:crm |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | max length 5000 | Connector-specific argument. |
objectId | string | yes | - | Connector-specific argument. |
objectType | string | yes | one of contacts, companies, deals, tickets | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
hubspot.update_contact
Update allowlisted HubSpot contact properties only. Disallowed fields are rejected before vendor calls.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:crm |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: properties.email, properties.phone; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
contactId | string | yes | - | Connector-specific argument. |
properties | object | yes | - | Only firstname, lastname, email, phone, jobtitle, lifecyclestage, and hubspot_owner_id are allowed. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
hubspot.update_company
Update allowlisted HubSpot company properties only. Disallowed fields are rejected before vendor calls.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:crm |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: properties.domain, properties.phone; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
companyId | string | yes | - | Connector-specific argument. |
properties | object | yes | - | Only name, domain, phone, city, state, industry, lifecyclestage, and hubspot_owner_id are allowed. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
hubspot.create_task
Create a HubSpot CRM task associated with an allowlisted object. This is a level 3 user-visible CRM write.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:crm |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
objectId | string | yes | - | Connector-specific argument. |
objectType | string | yes | one of contacts, companies, deals, tickets | Connector-specific argument. |
title | string | yes | max length 300 | Connector-specific argument. |
body | string | no | max length 5000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
dueAt | string | no | - | ISO timestamp or yyyy-mm-dd date accepted by HubSpot task timestamp properties. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
ownerId | string | no | - | Connector-specific argument. |
priority | string | no | one of LOW, MEDIUM, HIGH | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
Intercom (intercom)
Managed Intercom connector for governed conversation, contact, note, tag, reply, and assignment workflows.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | support, crm |
| Data classes | metadata, pii, email, chat, crm |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts intercom |
| Fixture selfcheck | bun run apps/connectors/src/index.ts intercom --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/intercom |
| Vendor docs | https://developers.intercom.com/docs/references/rest-api/api.intercom.io/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | Intercom access token | accessToken | PUNK_INTERCOM_ACCESS_TOKEN | read_conversations, read_contacts | write_conversations, write_contacts | no |
| OAuth 2.0 | Intercom OAuth access token | accessToken | PUNK_INTERCOM_ACCESS_TOKEN | - | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
read_conversations | required | chat, pii |
write_conversations | optional | chat, pii |
read_contacts | required | crm, pii, email |
write_contacts | optional | crm, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
intercom.list_conversations | L1 | read:chat | no | not declared | 30s / subject / live | recorded | no suppression needed | none | List Intercom conversations with bounded pagination and optional state/open filters. |
intercom.search_conversations | L1 | read:chat | no | not declared | 30s / subject / live | recorded | no suppression needed | none | Search Intercom conversations using the official conversations search endpoint. |
intercom.get_conversation | L1 | read:chat | no | not declared | 60s / subject / live | recorded | no suppression needed | conversationId | Retrieve an Intercom conversation by id with normalized source, contacts, assignee, and parts. |
intercom.search_contacts | L1 | read:crm | no | not declared | 120s / subject / slow | recorded | no suppression needed | none | Search Intercom contacts by explicit query object or email/name/external-id text. |
intercom.get_contact | L1 | read:crm | no | not declared | 120s / subject / slow | recorded | no suppression needed | contactId | Retrieve an Intercom contact by id. |
intercom.create_contact_note | L3 | write:crm | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | body, contactId | Create an internal note on an Intercom contact. Writes default to dry-run. |
intercom.tag_contact | L3 | write:crm | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | contactId | Attach an existing Intercom tag, or create by name then attach, to a contact. Writes default to dry-run. |
intercom.reply_conversation | L3 | write:chat | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | body, conversationId, messageType | Reply to an Intercom conversation as an admin comment or internal note. Writes default to dry-run. |
intercom.assign_conversation | L3 | write:chat | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | assigneeId, conversationId | Assign an Intercom conversation to an admin or team through a conversation part. Writes default to dry-run. |
Tool details:
intercom.list_conversations
List Intercom conversations with bounded pagination and optional state/open filters.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:chat |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: conversations.source.body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
open | boolean | no | - | Connector-specific argument. |
state | string | no | one of open, closed, snoozed | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
intercom.search_conversations
Search Intercom conversations using the official conversations search endpoint.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:chat |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: conversations.source.body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | object | no | - | Search string or filter expression accepted by the connector. |
text | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
intercom.get_conversation
Retrieve an Intercom conversation by id with normalized source, contacts, assignee, and parts.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:chat |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: conversation.source.body, conversation.parts; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
conversationId | string | yes | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
intercom.search_contacts
Search Intercom contacts by explicit query object or email/name/external-id text.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: contacts.email, contacts.name; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | object | no | - | Search string or filter expression accepted by the connector. |
text | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
intercom.get_contact
Retrieve an Intercom contact by id.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: contact.email, contact.name; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
contactId | string | yes | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
intercom.create_contact_note
Create an internal note on an Intercom contact. Writes default to dry-run.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:crm |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | max length 10000 | Connector-specific argument. |
contactId | string | yes | - | Connector-specific argument. |
adminId | string | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
intercom.tag_contact
Attach an existing Intercom tag, or create by name then attach, to a contact. Writes default to dry-run.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:crm |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: tagName; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
contactId | string | yes | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
tagId | string | no | - | Connector-specific argument. |
tagName | string | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
intercom.reply_conversation
Reply to an Intercom conversation as an admin comment or internal note. Writes default to dry-run.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:chat |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | max length 10000 | Connector-specific argument. |
conversationId | string | yes | - | Connector-specific argument. |
messageType | string | yes | one of comment, note | Connector-specific argument. |
adminId | string | no | - | Connector-specific argument. |
attachmentUrls | array | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
intercom.assign_conversation
Assign an Intercom conversation to an admin or team through a conversation part. Writes default to dry-run.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:chat |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
assigneeId | string | yes | - | Connector-specific argument. |
conversationId | string | yes | - | Connector-specific argument. |
adminId | string | no | - | Connector-specific argument. |
body | string | no | max length 10000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
Kubernetes (kubernetes)
Governed Kubernetes connector for runtime state, events, logs, rollout context, dry-run operational changes, and approval-gated destructive actions.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | infrastructure, cloud, observability |
| Data classes | kubernetes, infrastructure, logs, telemetry, metadata, secrets |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts kubernetes |
| Fixture selfcheck | bun run apps/connectors/src/index.ts kubernetes --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/kubernetes |
| Vendor docs | https://kubernetes.io/docs/concepts/overview/kubernetes-api/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | Kubernetes API bearer token | accessToken | KUBERNETES_ACCESS_TOKEN | get,list,watch | patch,update, delete | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
get,list,watch | required | kubernetes, logs |
patch,update | optional | kubernetes |
delete | optional | kubernetes |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
kubernetes.list_namespaces | L1 | read:infrastructure | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Kubernetes namespaces. |
kubernetes.list_pods | L1 | read:infrastructure | no | not declared | 300s / subject / slow | recorded | no suppression needed | namespace | List pods in a namespace. |
kubernetes.list_deployments | L1 | read:infrastructure | no | not declared | 300s / tenant / slow | recorded | no suppression needed | namespace | List deployments in a namespace. |
kubernetes.list_services | L1 | read:infrastructure | no | not declared | 300s / tenant / slow | recorded | no suppression needed | namespace | List services in a namespace. |
kubernetes.list_events | L1 | read:infrastructure | no | not declared | 60s / subject / live | recorded | no suppression needed | namespace | List events in a namespace. |
kubernetes.get_pod_logs | L1 | read:infrastructure | no | not declared | 30s / subject / live | recorded | no suppression needed | namespace, podName | Read bounded pod logs. |
kubernetes.get_rollout_status | L1 | read:infrastructure | no | not declared | 300s / subject / slow | recorded | no suppression needed | deployment, namespace | Read rollout status for a deployment. |
kubernetes.scale_deployment | L3 | write:infrastructure | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | deployment, namespace | Dry-run or apply deployment replica changes. |
kubernetes.restart_deployment | L3 | write:infrastructure | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | deployment, namespace | Dry-run or restart a deployment rollout. |
kubernetes.patch_resource | L3 | write:infrastructure | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | apiVersion, kind, name, namespace | Patch an allowlisted Kubernetes resource. |
kubernetes.delete_resource | L4 | write:infrastructure | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | apiVersion, idempotencyKey, kind, name, namespace | Delete a Kubernetes resource after approval. |
kubernetes.rollback_deployment | L4 | write:infrastructure | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | deployment, idempotencyKey, namespace | Rollback a deployment after approval. |
Tool details:
kubernetes.list_namespaces
List Kubernetes namespaces.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:infrastructure |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
kubernetes.list_pods
List pods in a namespace.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:infrastructure |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
namespace | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
kubernetes.list_deployments
List deployments in a namespace.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:infrastructure |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
namespace | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
kubernetes.list_services
List services in a namespace.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:infrastructure |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
namespace | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
kubernetes.list_events
List events in a namespace.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:infrastructure |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
namespace | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
kubernetes.get_pod_logs
Read bounded pod logs.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:infrastructure |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
namespace | string | number | boolean | object | array | yes | - | Connector-specific argument. |
podName | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
kubernetes.get_rollout_status
Read rollout status for a deployment.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:infrastructure |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
deployment | string | number | boolean | object | array | yes | - | Connector-specific argument. |
namespace | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
kubernetes.scale_deployment
Dry-run or apply deployment replica changes.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:infrastructure |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
deployment | string | number | boolean | object | array | yes | - | Connector-specific argument. |
namespace | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
kubernetes.restart_deployment
Dry-run or restart a deployment rollout.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:infrastructure |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
deployment | string | number | boolean | object | array | yes | - | Connector-specific argument. |
namespace | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
kubernetes.patch_resource
Patch an allowlisted Kubernetes resource.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:infrastructure |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
apiVersion | string | number | boolean | object | array | yes | - | Connector-specific argument. |
kind | string | number | boolean | object | array | yes | - | Connector-specific argument. |
name | string | number | boolean | object | array | yes | - | Connector-specific argument. |
namespace | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
kubernetes.delete_resource
Delete a Kubernetes resource after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:infrastructure |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
apiVersion | string | number | boolean | object | array | yes | - | Connector-specific argument. |
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
kind | string | number | boolean | object | array | yes | - | Connector-specific argument. |
name | string | number | boolean | object | array | yes | - | Connector-specific argument. |
namespace | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
kubernetes.rollback_deployment
Rollback a deployment after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:infrastructure |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
deployment | string | number | boolean | object | array | yes | - | Connector-specific argument. |
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
namespace | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Lightfield (lightfield)
Governed Lightfield CRM connector for account/contact/opportunity context, schema discovery, and dry-run-first CRM notes and tasks.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | crm, support |
| Data classes | crm, pii, tickets, billing, calendar, metadata, identity |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts lightfield |
| Fixture selfcheck | bun run apps/connectors/src/index.ts lightfield --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/lightfield |
| Vendor docs | https://docs.lightfield.app/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| API token | Lightfield API key | api_key | LIGHTFIELD_API_KEY, PUNK_LIGHTFIELD_API_KEY | accounts:read, contacts:read, opportunities:read | tasks:read, notes:read, meetings:read, lists:read, members:read, notes:create, tasks:create | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
accounts:read | required | crm |
contacts:read | required | crm, pii |
opportunities:read | required | crm, billing |
tasks:read | optional | crm |
notes:read | optional | crm, pii |
meetings:read | optional | crm, calendar, pii |
lists:read | optional | metadata |
members:read | optional | identity, pii |
notes:create | optional | crm, pii |
tasks:create | optional | crm, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
lightfield.validate_key | L1 | read:identity | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | Validate the configured Lightfield API key and return non-secret metadata such as subject type and granted scopes. |
lightfield.get_definitions | L1 | read:crm | no | not declared | 3600s / tenant / static | recorded | no suppression needed | objectType | Read field and relationship definitions for a supported Lightfield CRM object type. |
lightfield.list_records | L1 | read:crm | no | not declared | 30s / subject / live | recorded | no suppression needed | objectType | List supported Lightfield records with bounded pagination and optional field or relationship filters. |
lightfield.get_record | L1 | read:crm | no | not declared | 120s / subject / live | recorded | no suppression needed | id, objectType | Retrieve one supported Lightfield record by id. |
lightfield.create_note | L3 | write:crm | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | title | Create a Lightfield note linked to CRM records. dryRun defaults to true; live writes require explicit enablement and an idempotency key. |
lightfield.create_task | L3 | write:crm | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | assignedTo, title | Create a Lightfield task assigned to a member and optionally linked to account or opportunity records. dryRun defaults to true; live writes require explicit enablement and an idempotency key. |
Tool details:
lightfield.validate_key
Validate the configured Lightfield API key and return non-secret metadata such as subject type and granted scopes.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:identity |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: api_key, authorization |
Input contract:
- This tool does not declare named input fields.
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
lightfield.get_definitions
Read field and relationship definitions for a supported Lightfield CRM object type.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 3600s / tenant / static |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
objectType | string | yes | one of account, contact, opportunity, task, note | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
lightfield.list_records
List supported Lightfield records with bounded pagination and optional field or relationship filters.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: records[].fields, records[].relationships; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
objectType | string | yes | one of account, contact, opportunity, task, note, meeting, list, member | Connector-specific argument. |
filters | object | no | - | Optional Lightfield filter query parameters such as "$name[equal]" or "$account[contains]". |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
offset | integer | no | min 0 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
lightfield.get_record
Retrieve one supported Lightfield record by id.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: fields, relationships; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
id | string | yes | min length 1 | Connector-specific argument. |
objectType | string | yes | one of account, contact, opportunity, task, note, meeting, list, member | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
lightfield.create_note
Create a Lightfield note linked to CRM records. dryRun defaults to true; live writes require explicit enablement and an idempotency key.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:crm |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: content, relationships; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
title | string | yes | min length 1; max length 255 | Connector-specific argument. |
content | string | no | max length 10000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
relationships | object | no | - | Optional relationship keys such as "$account", "$contact", or "$opportunity". |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
lightfield.create_task
Create a Lightfield task assigned to a member and optionally linked to account or opportunity records. dryRun defaults to true; live writes require explicit enablement and an idempotency key.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:crm |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: description, relationships; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
assignedTo | any | yes | - | Connector-specific argument. |
title | string | yes | min length 1; max length 255 | Connector-specific argument. |
account | any | no | - | Connector-specific argument. |
description | string | no | max length 10000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
dueAt | string | no | - | ISO 8601 due datetime. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
opportunity | any | no | - | Connector-specific argument. |
relationships | object | no | - | Additional Lightfield relationship keys. System keys should include the $ prefix. |
status | string | no | one of TODO, IN_PROGRESS, COMPLETE, CANCELLED | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
Linear (linear)
Linear connector for engineering issue search, task creation, comments, assignment, and safe status updates.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | engineering |
| Data classes | tickets, metadata, pii |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts linear |
| Fixture selfcheck | bun run apps/connectors/src/index.ts linear --fixture --selfcheck |
| Punk docs | https://docs.punk.local/connectors/linear |
| Vendor docs | https://developers.linear.app/docs/graphql/working-with-the-graphql-api |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | Linear OAuth | access_token | LINEAR_ACCESS_TOKEN | read, write | - | no |
| API token | Linear API key | api_key | LINEAR_API_KEY | workspace | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
read | required | tickets, metadata, pii |
write | required | tickets, pii |
workspace | required | tickets, metadata, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
linear.search_issues | L1 | read:ticket | no | not declared | 60s / tenant / live | recorded | no suppression needed | query | Search Linear issues by text with optional team filter. |
linear.get_issue | L1 | read:ticket | no | not declared | 180s / tenant / live | recorded | no suppression needed | id | Fetch one Linear issue by id or identifier. |
linear.list_teams | L1 | read:ticket | no | not declared | 3600s / tenant / slow | recorded | no suppression needed | none | List Linear teams for team allowlist setup and issue routing. |
linear.create_issue | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | teamId, title | Create a Linear issue. Dry-run is the default. |
linear.comment_issue | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | body, issueId | Add a comment to a Linear issue. Dry-run is the default. |
linear.update_issue | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | issueId | Update safe Linear issue fields. Dry-run is the default. |
linear.assign_issue | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | assigneeId, issueId | Assign a Linear issue to a user. Dry-run is the default. |
Tool details:
linear.search_issues
Search Linear issues by text with optional team filter.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:ticket |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: items[].assigneeName; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
query | string | yes | min length 1 | Search string or filter expression accepted by the connector. |
assigneeId | string | no | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeDescription | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
state | string | no | - | Connector-specific argument. |
teamKey | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
linear.get_issue
Fetch one Linear issue by id or identifier.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:ticket |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 180s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: assigneeName; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
id | string | yes | min length 1 | Connector-specific argument. |
includeDescription | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
linear.list_teams
List Linear teams for team allowlist setup and issue routing.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:ticket |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 3600s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
linear.create_issue
Create a Linear issue. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: description, assigneeId; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
teamId | string | yes | min length 1 | Connector-specific argument. |
title | string | yes | min length 1; max length 256 | Connector-specific argument. |
assigneeId | string | no | - | Connector-specific argument. |
description | string | no | max length 20000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
labelIds | array | no | - | Connector-specific argument. |
priority | integer | no | min 0; max 4 | Connector-specific argument. |
projectId | string | no | - | Connector-specific argument. |
stateId | string | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
linear.comment_issue
Add a comment to a Linear issue. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | min length 1; max length 20000 | Connector-specific argument. |
issueId | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
linear.update_issue
Update safe Linear issue fields. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: description, assigneeId; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
issueId | string | yes | min length 1 | Connector-specific argument. |
assigneeId | string | no | - | Connector-specific argument. |
description | string | no | max length 20000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
labelIds | array | no | - | Connector-specific argument. |
priority | integer | no | min 0; max 4 | Connector-specific argument. |
stateId | string | no | - | Connector-specific argument. |
title | string | no | max length 256 | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
linear.assign_issue
Assign a Linear issue to a user. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: assigneeId; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
assigneeId | string | yes | min length 1 | Connector-specific argument. |
issueId | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
Mailchimp (mailchimp)
Governed Mailchimp connector for audiences, members, campaigns, reports, templates, test sends, and campaign scheduling.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | marketing, communications |
| Data classes | marketing, email, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts mailchimp |
| Fixture selfcheck | bun run apps/connectors/src/index.ts mailchimp --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/mailchimp |
| Vendor docs | https://mailchimp.com/developer/marketing/api/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| API token | Marketing API key | apiKey, serverPrefix | MAILCHIMP_API_KEY, MAILCHIMP_SERVER_PREFIX | audiences:read, campaigns:write | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
audiences:read | required | marketing, email |
campaigns:write | required | marketing, email |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
mailchimp.list_audiences | L1 | read:marketing | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List Mailchimp audiences. |
mailchimp.get_audience | L1 | read:marketing | no | not declared | 300s / subject / slow | recorded | no suppression needed | listId | Read audience metadata. |
mailchimp.search_members | L1 | read:marketing | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Search audience members. |
mailchimp.get_member | L1 | read:marketing | no | not declared | 300s / subject / slow | recorded | no suppression needed | listId, memberId | Read a Mailchimp member. |
mailchimp.list_campaigns | L1 | read:marketing | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List Mailchimp campaigns. |
mailchimp.get_campaign | L1 | read:marketing | no | not declared | 300s / subject / slow | recorded | no suppression needed | campaignId | Read campaign metadata. |
mailchimp.get_campaign_report | L1 | read:marketing | no | not declared | 300s / subject / slow | recorded | no suppression needed | campaignId | Read campaign performance report. |
mailchimp.list_templates | L1 | read:marketing | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List campaign templates. |
mailchimp.create_campaign_draft | L2 | write:marketing | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | type | Prepare or create a campaign draft. |
mailchimp.send_test_email | L3 | write:marketing | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | campaignId | Send a campaign test email with write suppression. |
mailchimp.schedule_campaign | L4 | write:marketing | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | campaignId, scheduleTime | Schedule a campaign after approval. |
Tool details:
mailchimp.list_audiences
List Mailchimp audiences.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:marketing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
mailchimp.get_audience
Read audience metadata.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:marketing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
listId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
mailchimp.search_members
Search audience members.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:marketing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: emailAddress; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
mailchimp.get_member
Read a Mailchimp member.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:marketing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: emailAddress; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
listId | string | yes | - | Connector-specific argument. |
memberId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
mailchimp.list_campaigns
List Mailchimp campaigns.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:marketing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
mailchimp.get_campaign
Read campaign metadata.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:marketing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
campaignId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
mailchimp.get_campaign_report
Read campaign performance report.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:marketing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
campaignId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
mailchimp.list_templates
List campaign templates.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:marketing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
mailchimp.create_campaign_draft
Prepare or create a campaign draft.
| Contract field | Value |
|---|---|
| Side-effect level | L2 - Draft, reversible, or low-impact write. |
| Policy action | write:marketing |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
type | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.
mailchimp.send_test_email
Send a campaign test email with write suppression.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:marketing |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
campaignId | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
mailchimp.schedule_campaign
Schedule a campaign after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:marketing |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
campaignId | string | yes | - | Connector-specific argument. |
scheduleTime | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Microsoft 365 (microsoft-365)
Production Microsoft 365 connector for Microsoft Graph mail, calendar, Teams channel messages, and OneDrive/SharePoint file reads with governed dry-run writes.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | productivity, support, identity |
| Data classes | metadata, identity, pii, email, chat, documents, calendar |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts microsoft-365 |
| Fixture selfcheck | bun run apps/connectors/src/index.ts microsoft-365 --fixture --selfcheck |
| Punk docs | https://docs.punk.local/connectors/microsoft-365 |
| Vendor docs | https://learn.microsoft.com/en-us/graph/overview |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | Delegated Microsoft Graph OAuth | access_token, refresh_token, expires_at, token_url, client_id, client_secret | MICROSOFT_365_ACCESS_TOKEN, M365_ACCESS_TOKEN, MICROSOFT_GRAPH_ACCESS_TOKEN | offline_access, User.Read, Mail.Read, Mail.ReadWrite, Mail.Send, Calendars.Read, Calendars.ReadWrite, Team.ReadBasic.All, Channel.ReadBasic.All, ChannelMessage.Read.All, ChannelMessage.Send, Files.Read | Calendars.Read.Shared, Files.Read.All, Sites.Read.All | yes |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
offline_access | required | metadata |
User.Read | required | identity, metadata |
Mail.Read | required | email, pii, metadata |
Mail.ReadWrite | required | email, pii |
Mail.Send | required | email, pii |
Calendars.Read | required | calendar, pii |
Calendars.Read.Shared | optional | calendar, pii |
Calendars.ReadWrite | required | calendar, pii |
Team.ReadBasic.All | required | chat, metadata |
Channel.ReadBasic.All | required | chat, metadata |
ChannelMessage.Read.All | required | chat, pii |
ChannelMessage.Send | required | chat, pii |
Files.Read | required | documents, metadata, pii |
Files.Read.All | optional | documents, metadata, pii |
Sites.Read.All | optional | documents, metadata, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
outlook.search_messages | L1 | read:email | no | not declared | 60s / subject / live | recorded | no suppression needed | query | Search Outlook messages with snippets by default and optional bounded body text retrieval. |
outlook.get_message | L1 | read:email | no | not declared | 300s / subject / slow | recorded | no suppression needed | messageId | Get a single Outlook message by ID with optional bounded body text. |
outlook.create_draft | L2 | write:email | no | not supported | 0s / none / live | dry_run | suppressed, dry-run | body, subject, to | Create an Outlook draft. dryRun defaults to true and returns the planned message without writing. |
outlook.send_mail | L3 | write:email | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | body, subject, to | Send a user-visible Outlook email. dryRun defaults to true and approval is required by default. |
m365.calendar.list_events | L1 | read:calendar | no | not declared | 60s / subject / live | recorded | no suppression needed | none | List Microsoft 365 calendar events in a bounded time window. |
m365.calendar.find_availability | L1 | read:calendar | no | not declared | 60s / subject / live | recorded | no suppression needed | timeMax, timeMin | Use Microsoft Graph getSchedule data to return busy blocks and candidate free slots. |
m365.calendar.create_event | L3 | write:calendar | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | end, start, subject | Create a Microsoft 365 calendar event. dryRun defaults to true. |
teams.list_teams | L1 | read:chat | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Teams joined by the signed-in Microsoft 365 user. |
teams.list_channels | L1 | read:chat | no | not declared | 300s / tenant / slow | recorded | no suppression needed | teamId | List channels in a Microsoft Team. |
teams.list_channel_messages | L1 | read:chat | no | not declared | 30s / subject / live | recorded | no suppression needed | channelId, teamId | List recent Teams channel messages with HTML stripped to bounded text. |
teams.post_channel_message | L3 | write:chat | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | channelId, content, teamId | Post a user-visible Teams channel message. dryRun defaults to true. |
onedrive.search_files | L1 | read:document | no | not declared | 120s / subject / slow | recorded | no suppression needed | query | Search OneDrive or SharePoint drive items and return normalized metadata. |
onedrive.get_file_metadata | L1 | read:document | no | not declared | 600s / subject / slow | recorded | no suppression needed | itemId | Get normalized OneDrive or SharePoint drive item metadata without file contents. |
onedrive.download_file_text | L1 | read:document | no | not declared | 600s / subject / slow | recorded | no suppression needed | itemId | Download bounded text from a OneDrive or SharePoint file. Binary Office formats are rejected instead of coerced. |
Tool details:
outlook.search_messages
Search Outlook messages with snippets by default and optional bounded body text retrieval.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:email |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: messages[].from, messages[].to, messages[].cc, messages[].subject, messages[].bodyPreview, messages[].bodyText; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
query | string | yes | min length 1; max length 1000 | Search string or filter expression accepted by the connector. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
folderId | string | no | - | Connector-specific argument. |
includeBody | boolean | no | - | Optional body expansion. Defaults are bounded excerpts or metadata. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
maxBodyBytes | integer | no | min 0; max 50000 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
outlook.get_message
Get a single Outlook message by ID with optional bounded body text.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:email |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: from, to, cc, subject, bodyPreview, bodyText; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
messageId | string | yes | min length 1 | Connector-specific argument. |
includeBody | boolean | no | - | Optional body expansion. Defaults are bounded excerpts or metadata. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
maxBodyBytes | integer | no | min 0; max 50000 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
outlook.create_draft
Create an Outlook draft. dryRun defaults to true and returns the planned message without writing.
| Contract field | Value |
|---|---|
| Side-effect level | L2 - Draft, reversible, or low-impact write. |
| Policy action | write:email |
| Approval required by default | no |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: to, cc, bcc, subject, body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | min length 1; max length 50000 | Connector-specific argument. |
subject | string | yes | min length 1; max length 500 | Connector-specific argument. |
to | array | yes | - | Connector-specific argument. |
bcc | array | no | - | Connector-specific argument. |
bodyContentType | string | no | one of text, html | Connector-specific argument. |
cc | array | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 120 | Stable caller-provided key used to dedupe write execution. |
importance | string | no | one of low, normal, high | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.
outlook.send_mail
Send a user-visible Outlook email. dryRun defaults to true and approval is required by default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:email |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: to, cc, bcc, subject, body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | min length 1; max length 50000 | Connector-specific argument. |
subject | string | yes | min length 1; max length 500 | Connector-specific argument. |
to | array | yes | - | Connector-specific argument. |
bcc | array | no | - | Connector-specific argument. |
bodyContentType | string | no | one of text, html | Connector-specific argument. |
cc | array | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 120 | Stable caller-provided key used to dedupe write execution. |
importance | string | no | one of low, normal, high | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
saveToSentItems | boolean | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
m365.calendar.list_events
List Microsoft 365 calendar events in a bounded time window.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:calendar |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: events[].subject, events[].bodyPreview, events[].attendees, events[].organizer, events[].location; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
calendarId | string | no | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
timeMax | string | no | - | Connector-specific argument. |
timeMin | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
m365.calendar.find_availability
Use Microsoft Graph getSchedule data to return busy blocks and candidate free slots.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:calendar |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: schedules, busy[].scheduleId; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
timeMax | string | yes | - | Connector-specific argument. |
timeMin | string | yes | - | Connector-specific argument. |
availabilityViewInterval | integer | no | min 5; max 1440 | Connector-specific argument. |
durationMinutes | integer | no | min 5; max 480 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 20 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
schedules | array | no | - | Connector-specific argument. |
timeZone | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
m365.calendar.create_event
Create a Microsoft 365 calendar event. dryRun defaults to true.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:calendar |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: subject, body, location, attendees; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
end | string | yes | - | Connector-specific argument. |
start | string | yes | - | Connector-specific argument. |
subject | string | yes | min length 1; max length 500 | Connector-specific argument. |
attendees | array | no | - | Connector-specific argument. |
body | string | no | max length 20000 | Connector-specific argument. |
bodyContentType | string | no | one of text, html | Connector-specific argument. |
calendarId | string | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 120 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
isOnlineMeeting | boolean | no | - | Connector-specific argument. |
location | string | no | max length 500 | Connector-specific argument. |
timeZone | string | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
teams.list_teams
List Teams joined by the signed-in Microsoft 365 user.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:chat |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: teams[].displayName, teams[].description; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
teams.list_channels
List channels in a Microsoft Team.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:chat |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: channels[].displayName, channels[].description; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
teamId | string | yes | min length 1 | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
teams.list_channel_messages
List recent Teams channel messages with HTML stripped to bounded text.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:chat |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: messages[].from, messages[].content; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
channelId | string | yes | min length 1 | Connector-specific argument. |
teamId | string | yes | min length 1 | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
teams.post_channel_message
Post a user-visible Teams channel message. dryRun defaults to true.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:chat |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: content; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
channelId | string | yes | min length 1 | Connector-specific argument. |
content | string | yes | min length 1; max length 20000 | Connector-specific argument. |
teamId | string | yes | min length 1 | Connector-specific argument. |
contentType | string | no | one of text, html | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 120 | Stable caller-provided key used to dedupe write execution. |
importance | string | no | one of normal, high, urgent | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
onedrive.search_files
Search OneDrive or SharePoint drive items and return normalized metadata.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:document |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: files[].name, files[].createdBy, files[].lastModifiedBy; Secrets: raw, downloadUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
query | string | yes | min length 1; max length 500 | Search string or filter expression accepted by the connector. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
driveId | string | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
siteId | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
onedrive.get_file_metadata
Get normalized OneDrive or SharePoint drive item metadata without file contents.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:document |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 600s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: name, createdBy, lastModifiedBy, permissions; Secrets: raw, downloadUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
itemId | string | yes | min length 1 | Connector-specific argument. |
driveId | string | no | - | Connector-specific argument. |
includePermissions | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
onedrive.download_file_text
Download bounded text from a OneDrive or SharePoint file. Binary Office formats are rejected instead of coerced.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:document |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 600s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: text; Secrets: raw, downloadUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
itemId | string | yes | min length 1 | Connector-specific argument. |
allowHtml | boolean | no | - | Connector-specific argument. |
driveId | string | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
maxBytes | integer | no | min 1; max 250000 | Maximum response bytes for content-like reads. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
Microsoft Dynamics / Dataverse (dynamics)
Governed Microsoft Dynamics and Dataverse connector for CRM records, cases, tasks, notes, and approval-gated record updates.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | crm, sales, support |
| Data classes | crm, sales, tickets, comments, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts dynamics |
| Fixture selfcheck | bun run apps/connectors/src/index.ts dynamics --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/dynamics |
| Vendor docs | https://learn.microsoft.com/en-us/power-apps/developer/data-platform/webapi/overview |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | Microsoft Dataverse OAuth access token | accessToken | DYNAMICS_ACCESS_TOKEN | user_impersonation | records:write | yes |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
user_impersonation | required | crm, pii |
records:write | optional | crm |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
dynamics.search_accounts | L1 | read:crm | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Search Dynamics accounts. |
dynamics.get_account | L1 | read:crm | no | not declared | 300s / subject / slow | recorded | no suppression needed | accountId | Read one Dynamics account. |
dynamics.search_contacts | L1 | read:crm | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Search contacts. |
dynamics.search_leads | L1 | read:crm | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Search leads. |
dynamics.list_opportunities | L1 | read:crm | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List opportunities. |
dynamics.list_cases | L1 | read:crm | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List support cases. |
dynamics.list_tasks | L1 | read:crm | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List CRM tasks. |
dynamics.list_notes | L1 | read:crm | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List CRM notes. |
dynamics.create_task | L3 | write:crm | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | subject | Create a Dynamics task. |
dynamics.add_note | L3 | write:crm | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | body, regardingId | Add a Dynamics note. |
dynamics.update_record | L4 | write:crm | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | idempotencyKey, recordId, recordType | Update an allowlisted Dynamics record after approval. |
Tool details:
dynamics.search_accounts
Search Dynamics accounts.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dynamics.get_account
Read one Dynamics account.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
accountId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dynamics.search_contacts
Search contacts.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dynamics.search_leads
Search leads.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dynamics.list_opportunities
List opportunities.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dynamics.list_cases
List support cases.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dynamics.list_tasks
List CRM tasks.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dynamics.list_notes
List CRM notes.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: body; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
dynamics.create_task
Create a Dynamics task.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:crm |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
subject | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
dynamics.add_note
Add a Dynamics note.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:crm |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | number | boolean | object | array | yes | - | Connector-specific argument. |
regardingId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
dynamics.update_record
Update an allowlisted Dynamics record after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:crm |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
recordId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
recordType | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Miro (miro)
Governed Miro connector for boards, board items, comments, connectors, exports, and safe canvas edits.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | design, productivity |
| Data classes | whiteboard, comments, files, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts miro |
| Fixture selfcheck | bun run apps/connectors/src/index.ts miro --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/miro |
| Vendor docs | https://developers.miro.com/reference/overview |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | OAuth access token | accessToken | MIRO_ACCESS_TOKEN | boards:read, boards:write | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
boards:read | required | whiteboard, comments, files |
boards:write | required | whiteboard, comments, files |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
miro.list_boards | L1 | read:whiteboard | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List Miro boards. |
miro.get_board | L1 | read:whiteboard | no | not declared | 300s / subject / slow | recorded | no suppression needed | boardId | Read Miro board metadata. |
miro.list_items | L1 | read:whiteboard | no | not declared | 300s / subject / slow | recorded | no suppression needed | boardId | List Miro board items. |
miro.list_connectors | L1 | read:whiteboard | no | not declared | 300s / subject / slow | recorded | no suppression needed | boardId | List Miro board connectors. |
miro.search_items | L1 | read:whiteboard | no | not declared | 300s / subject / slow | recorded | no suppression needed | boardId | Search Miro fixture board items. |
miro.list_comments | L1 | read:comments | no | not declared | 300s / subject / slow | recorded | no suppression needed | boardId | List Miro comments. |
miro.create_sticky_note | L3 | write:whiteboard | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | boardId, content | Plan or create a Miro sticky note. |
miro.share_board | L3 | write:whiteboard | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | boardId, email, role | Plan or share a Miro board with a collaborator. |
miro.create_connector | L3 | write:whiteboard | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | boardId, endItemId, startItemId | Plan or create a Miro connector line. |
miro.export_board_snapshot | L1 | read:whiteboard | no | not declared | 300s / subject / slow | recorded | no suppression needed | boardId | Read or start a bounded board export snapshot. |
Tool details:
miro.list_boards
List Miro boards.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:whiteboard |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
miro.get_board
Read Miro board metadata.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:whiteboard |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
boardId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
miro.list_items
List Miro board items.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:whiteboard |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
boardId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
miro.list_connectors
List Miro board connectors.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:whiteboard |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
boardId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
miro.search_items
Search Miro fixture board items.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:whiteboard |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
boardId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
miro.list_comments
List Miro comments.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:comments |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: text; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
boardId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
miro.create_sticky_note
Plan or create a Miro sticky note.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:whiteboard |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: content; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
boardId | string | yes | - | Connector-specific argument. |
content | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
miro.share_board
Plan or share a Miro board with a collaborator.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:whiteboard |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: email, message; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
boardId | string | yes | - | Connector-specific argument. |
email | string | yes | - | Connector-specific argument. |
role | string | yes | one of viewer, commenter, editor | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
title | string | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
miro.create_connector
Plan or create a Miro connector line.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:whiteboard |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
boardId | string | yes | - | Connector-specific argument. |
endItemId | string | yes | - | Connector-specific argument. |
startItemId | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
miro.export_board_snapshot
Read or start a bounded board export snapshot.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:whiteboard |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
boardId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
monday.com (monday)
Governed monday.com connector for boards, items, updates, files, and GraphQL-backed workflow writes.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | project_management, productivity |
| Data classes | tasks, comments, files, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts monday |
| Fixture selfcheck | bun run apps/connectors/src/index.ts monday --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/monday |
| Vendor docs | https://developer.monday.com/api-reference |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| API token | API token | apiKey | MONDAY_API_KEY | boards:read, boards:write | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
boards:read | required | tasks |
boards:write | required | tasks, comments |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
monday.graphql_query | L1 | read:tasks | no | not declared | 60s / subject / live | recorded | no suppression needed | query | Run a read-only monday.com GraphQL query. Mutations are rejected; use governed write tools instead. |
monday.list_boards | L1 | read:tasks | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List monday boards. |
monday.get_board | L1 | read:tasks | no | not declared | 300s / subject / slow | recorded | no suppression needed | boardId | Read board metadata. |
monday.list_items | L1 | read:tasks | no | not declared | 300s / subject / slow | recorded | no suppression needed | boardId | List board items. |
monday.get_item | L1 | read:tasks | no | not declared | 300s / subject / slow | recorded | no suppression needed | itemId | Read a monday item. |
monday.search_items | L1 | read:tasks | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Search monday items. |
monday.list_updates | L1 | read:comments | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List updates on monday items. |
monday.list_files | L1 | read:documents | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List monday file assets. |
monday.create_item | L3 | write:tasks | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | boardId, name | Plan or create a monday item. |
monday.update_column_values | L3 | write:tasks | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | boardId, itemId | Plan or update monday item column values. |
monday.create_update | L3 | write:comments | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | body, itemId | Plan or create a monday update. |
monday.upload_file | L4 | write:files | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | fileName, itemId | Upload a file to a monday.com item. Live execution requires approval and idempotency. |
monday.archive_item | L4 | write:tasks | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | itemId | Archive a monday item after approval. |
Tool details:
monday.graphql_query
Run a read-only monday.com GraphQL query. Mutations are rejected; use governed write tools instead.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: data; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
query | string | yes | - | Search string or filter expression accepted by the connector. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
operationName | string | no | - | Connector-specific argument. |
variables | object | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
monday.list_boards
List monday boards.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
monday.get_board
Read board metadata.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
boardId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
monday.list_items
List board items.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
boardId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
monday.get_item
Read a monday item.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
itemId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
monday.search_items
Search monday items.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:tasks |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
monday.list_updates
List updates on monday items.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:comments |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: body; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
monday.list_files
List monday file assets.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
monday.create_item
Plan or create a monday item.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:tasks |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
boardId | string | yes | - | Connector-specific argument. |
name | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
monday.update_column_values
Plan or update monday item column values.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:tasks |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
boardId | string | yes | - | Connector-specific argument. |
itemId | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
monday.create_update
Plan or create a monday update.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:comments |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | - | Connector-specific argument. |
itemId | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
monday.upload_file
Upload a file to a monday.com item. Live execution requires approval and idempotency.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:files |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: fileName; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl, contentBase64 |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileName | string | yes | - | Connector-specific argument. |
itemId | string | yes | - | Connector-specific argument. |
approvalId | string | no | - | Connector-specific argument. |
approvedBy | string | no | - | Connector-specific argument. |
columnId | string | no | - | Connector-specific argument. |
contentBase64 | string | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
monday.archive_item
Archive a monday item after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:tasks |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
itemId | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
NetSuite (netsuite)
Governed NetSuite ERP connector for customer, vendor, item, order, invoice, payment, credit memo, inventory, and approval-gated finance workflows.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | accounting, commerce, crm |
| Data classes | erp, accounting, inventory, payments, billing, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts netsuite |
| Fixture selfcheck | bun run apps/connectors/src/index.ts netsuite --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/netsuite |
| Vendor docs | https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/book_1559132836.html |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | SuiteTalk REST OAuth token | accessToken | NETSUITE_ACCESS_TOKEN | rest_webservices | transactions:write | yes |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
rest_webservices | required | erp, accounting |
transactions:write | optional | payments, billing |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
netsuite.search_customers | L1 | read:erp | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Search NetSuite customers. |
netsuite.search_vendors | L1 | read:erp | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | Search NetSuite vendors. |
netsuite.list_items | L1 | read:erp | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List NetSuite items. |
netsuite.list_sales_orders | L1 | read:erp | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List sales orders. |
netsuite.list_invoices | L1 | read:erp | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List invoices. |
netsuite.list_payments | L1 | read:erp | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List customer payments. |
netsuite.list_credit_memos | L1 | read:erp | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List credit memos. |
netsuite.get_inventory | L1 | read:erp | no | not declared | 120s / subject / slow | recorded | no suppression needed | none | Read inventory availability. |
netsuite.update_record | L3 | write:erp | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | recordId, recordType | Dry-run or update an allowlisted NetSuite record. |
netsuite.create_invoice | L4 | write:erp | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | customerId, idempotencyKey | Create a NetSuite invoice after approval. |
netsuite.issue_credit_memo | L4 | write:erp | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | amount, customerId, idempotencyKey | Issue an approval-gated NetSuite credit memo. |
Tool details:
netsuite.search_customers
Search NetSuite customers.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:erp |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
netsuite.search_vendors
Search NetSuite vendors.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:erp |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
netsuite.list_items
List NetSuite items.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:erp |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
netsuite.list_sales_orders
List sales orders.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:erp |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
netsuite.list_invoices
List invoices.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:erp |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
netsuite.list_payments
List customer payments.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:erp |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
netsuite.list_credit_memos
List credit memos.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:erp |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
netsuite.get_inventory
Read inventory availability.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:erp |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
netsuite.update_record
Dry-run or update an allowlisted NetSuite record.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:erp |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
recordId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
recordType | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
netsuite.create_invoice
Create a NetSuite invoice after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:erp |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
customerId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
netsuite.issue_credit_memo
Issue an approval-gated NetSuite credit memo.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:erp |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
amount | string | number | boolean | object | array | yes | - | Connector-specific argument. |
customerId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Notion (notion)
Managed Notion connector for governed workspace search, page/database reads, data-source queries, and dry-run-first content writes.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | productivity |
| Data classes | metadata, pii, documents |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts notion |
| Fixture selfcheck | bun run apps/connectors/src/index.ts notion --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/notion |
| Vendor docs | https://developers.notion.com/reference/intro |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | Notion integration token | accessToken | PUNK_NOTION_ACCESS_TOKEN | read_content | insert_content, update_content | no |
| OAuth 2.0 | Notion OAuth access token | accessToken | PUNK_NOTION_ACCESS_TOKEN | - | - | yes |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
read_content | required | documents, pii |
insert_content | optional | documents, pii |
update_content | optional | documents, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
notion.search | L1 | read:document | no | not declared | 60s / subject / live | recorded | no suppression needed | none | Search Notion pages and databases with the official /v1/search endpoint. |
notion.get_page | L1 | read:document | no | not declared | 120s / subject / slow | recorded | no suppression needed | pageId | Retrieve a Notion page and optionally fetch one bounded page of child blocks. |
notion.get_database | L1 | read:document | no | not declared | 300s / subject / slow | recorded | no suppression needed | databaseId | Retrieve Notion database metadata, including current API data-source references when present. |
notion.query_database | L1 | read:document | no | not declared | 60s / subject / live | recorded | no suppression needed | none | Query a Notion database's data source using the current data_sources query API. A database id can be resolved to its first data source. |
notion.create_page | L3 | write:document | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | parent, properties | Create a Notion page under a page, database, or data source parent. Writes default to dry-run. |
notion.update_page | L3 | write:document | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | pageId | Patch Notion page properties, icon, cover, archive state, or trash state. Writes default to dry-run. |
notion.append_block_children | L3 | write:document | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | blockId, children | Append child blocks to a Notion block using the official block-children endpoint. Writes default to dry-run. |
notion.create_comment | L3 | write:document | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | none | Create a Notion page or discussion comment when comments are supported by the workspace integration. Writes default to dry-run. |
Tool details:
notion.search
Search Notion pages and databases with the official /v1/search endpoint.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:document |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: results.title; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
filter | object | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
sort | object | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
notion.get_page
Retrieve a Notion page and optionally fetch one bounded page of child blocks.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:document |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: page.properties, blocks; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
pageId | string | yes | - | Connector-specific argument. |
blockLimit | integer | no | min 1; max 100 | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeBlocks | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
notion.get_database
Retrieve Notion database metadata, including current API data-source references when present.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:document |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: database.properties; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
databaseId | string | yes | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
notion.query_database
Query a Notion database's data source using the current data_sources query API. A database id can be resolved to its first data source.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:document |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: results.properties; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
databaseId | string | no | - | Connector-specific argument. |
dataSourceId | string | no | - | Connector-specific argument. |
filter | object | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
sorts | array | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
notion.create_page
Create a Notion page under a page, database, or data source parent. Writes default to dry-run.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:document |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: properties, children; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
parent | object | yes | - | Connector-specific argument. |
properties | object | yes | - | Connector-specific argument. |
children | array | no | - | Connector-specific argument. |
cover | object | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
icon | object | no | - | Connector-specific argument. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
notion.update_page
Patch Notion page properties, icon, cover, archive state, or trash state. Writes default to dry-run.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:document |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: properties; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
pageId | string | yes | - | Connector-specific argument. |
archived | boolean | no | - | Connector-specific argument. |
cover | object | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
icon | object | no | - | Connector-specific argument. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
inTrash | boolean | no | - | Connector-specific argument. |
properties | object | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
notion.append_block_children
Append child blocks to a Notion block using the official block-children endpoint. Writes default to dry-run.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:document |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: children; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
blockId | string | yes | - | Connector-specific argument. |
children | array | yes | - | Connector-specific argument. |
after | string | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
notion.create_comment
Create a Notion page or discussion comment when comments are supported by the workspace integration. Writes default to dry-run.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:document |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: text, richText; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
discussionId | string | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
pageId | string | no | - | Connector-specific argument. |
richText | array | no | - | Connector-specific argument. |
text | string | no | max length 2000 | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
Okta (okta)
Governed Okta connector for identity context, application access review, local lifecycle plans, and approval-gated user/group administration.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | identity, security |
| Data classes | identity, pii, audit, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts okta |
| Fixture selfcheck | bun run apps/connectors/src/index.ts okta --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/okta |
| Vendor docs | https://developer.okta.com/docs/api/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| API token | Okta API token | apiToken, orgUrl | PUNK_OKTA_API_TOKEN, PUNK_OKTA_ORG_URL | okta.users.read, okta.groups.read, okta.apps.read | okta.groups.manage, okta.users.manage | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
okta.users.read | required | identity, pii |
okta.groups.read | required | identity |
okta.apps.read | required | identity, metadata |
okta.groups.manage | optional | identity, audit |
okta.users.manage | optional | identity, audit |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
okta.search_users | L1 | read:identity | no | not declared | 60s / subject / live | recorded | no suppression needed | none | Search Okta users with bounded pagination and selected profile fields. Raw profiles are excluded unless includeRaw is true. |
okta.get_user | L1 | read:identity | no | not declared | 300s / subject / slow | recorded | no suppression needed | userId | Get one Okta user with status and selected profile fields. |
okta.list_groups | L1 | read:identity | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Okta groups with bounded pagination and admin or sensitive group labels. |
okta.get_group | L1 | read:identity | no | not declared | 300s / tenant / slow | recorded | no suppression needed | groupId | Get one Okta group and optionally include a bounded member list. |
okta.list_applications | L1 | read:identity | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Okta application catalog metadata with bounded pagination. |
okta.list_user_app_assignments | L1 | read:identity | no | not declared | 120s / subject / live | recorded | no suppression needed | userId | List applications assigned to one Okta user with bounded response size. |
okta.create_user_plan | L0 | read:identity | no | not declared | 0s / none / live | recorded | dry-run | profile | Build a local side-effect plan for creating an Okta user. This tool does not call Okta. |
okta.assign_user_to_group | L4 | write:identity | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | approval, groupId, idempotencyKey, userId | Assign a user to an allowlisted Okta group. Level 4 writes require approval metadata and idempotency. Privileged groups are blocked unless explicitly allowlisted. |
okta.suspend_user_plan | L0 | read:identity | no | not declared | 0s / none / live | recorded | dry-run | reason, userId | Build a local side-effect plan for suspending an Okta user. This tool does not call Okta. |
okta.suspend_user | L4 | write:identity | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | approval, idempotencyKey, userId | Suspend an Okta user through a level 4 lifecycle action. Requires approval metadata, a subject-bound target, and idempotency. |
Tool details:
okta.search_users
Search Okta users with bounded pagination and selected profile fields. Raw profiles are excluded unless includeRaw is true.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:identity |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: users[].profile.email, users[].profile.login; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
filter | string | no | max length 1000 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
profileFields | array | no | - | Connector-specific argument. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
okta.get_user
Get one Okta user with status and selected profile fields.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:identity |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: user.profile.email, user.profile.login; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
userId | string | yes | min length 1 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
profileFields | array | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
okta.list_groups
List Okta groups with bounded pagination and admin or sensitive group labels.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:identity |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
okta.get_group
Get one Okta group and optionally include a bounded member list.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:identity |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: members[].profile.email; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
groupId | string | yes | min length 1 | Connector-specific argument. |
includeMembers | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
memberLimit | integer | no | min 1; max 100 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
okta.list_applications
List Okta application catalog metadata with bounded pagination.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:identity |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: raw, credentials |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
okta.list_user_app_assignments
List applications assigned to one Okta user with bounded response size.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:identity |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: assignments[].userId; Secrets: raw, credentials |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
userId | string | yes | min length 1 | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
okta.create_user_plan
Build a local side-effect plan for creating an Okta user. This tool does not call Okta.
| Contract field | Value |
|---|---|
| Side-effect level | L0 - Local or planning-only; no external side effect. |
| Policy action | read:identity |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 0s / none / live |
| Replay | can replay / recorded |
| Shadow | dry-run |
| Redaction | PII: profile.email, profile.login, profile.firstName, profile.lastName; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
profile | object | yes | - | Connector-specific argument. |
activate | boolean | no | - | Connector-specific argument. |
groupIds | array | no | - | Connector-specific argument. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
okta.assign_user_to_group
Assign a user to an allowlisted Okta group. Level 4 writes require approval metadata and idempotency. Privileged groups are blocked unless explicitly allowlisted.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:identity |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: approval.approvedBy, approval.reason; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
approval | object | yes | - | Approval metadata required before level 4 actions can execute. |
groupId | string | yes | min length 1 | Connector-specific argument. |
idempotencyKey | string | yes | max length 255 | Stable caller-provided key used to dedupe write execution. |
userId | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
okta.suspend_user_plan
Build a local side-effect plan for suspending an Okta user. This tool does not call Okta.
| Contract field | Value |
|---|---|
| Side-effect level | L0 - Local or planning-only; no external side effect. |
| Policy action | read:identity |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 0s / none / live |
| Replay | can replay / recorded |
| Shadow | dry-run |
| Redaction | PII: reason; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
reason | string | yes | min length 1; max length 1000 | Connector-specific argument. |
userId | string | yes | min length 1 | Connector-specific argument. |
effectiveAt | string | no | - | Connector-specific argument. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
okta.suspend_user
Suspend an Okta user through a level 4 lifecycle action. Requires approval metadata, a subject-bound target, and idempotency.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:identity |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: approval.approvedBy, approval.reason; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
approval | object | yes | - | Approval metadata required before level 4 actions can execute. |
idempotencyKey | string | yes | max length 255 | Stable caller-provided key used to dedupe write execution. |
userId | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Outreach (outreach)
Governed Outreach connector for prospects, accounts, sequences, tasks, mailboxes, activities, and approval-gated sales engagement.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | sales, crm, communications |
| Data classes | sales, communications, crm, email, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts outreach |
| Fixture selfcheck | bun run apps/connectors/src/index.ts outreach --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/outreach |
| Vendor docs | https://developers.outreach.io/api |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | Outreach OAuth access token | accessToken | OUTREACH_ACCESS_TOKEN | prospects.read, sequences.read | sequences.write | yes |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
prospects.read | required | sales, pii |
sequences.read | required | sales |
sequences.write | optional | communications, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
outreach.search_prospects | L1 | read:sales | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Search Outreach prospects. |
outreach.get_prospect | L1 | read:sales | no | not declared | 300s / subject / slow | recorded | no suppression needed | prospectId | Read one prospect. |
outreach.list_accounts | L1 | read:sales | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Outreach accounts. |
outreach.list_sequences | L1 | read:sales | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Outreach sequences. |
outreach.list_tasks | L1 | read:sales | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List Outreach tasks. |
outreach.list_mailboxes | L1 | read:sales | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Outreach mailboxes. |
outreach.list_activities | L1 | read:sales | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List Outreach activities. |
outreach.create_task | L3 | write:sales | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | prospectId, subject | Create an Outreach task. |
outreach.create_email_draft | L2 | write:sales | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | prospectId, subject | Create an Outreach email draft. |
outreach.add_prospect_to_sequence | L4 | write:sales | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | idempotencyKey, prospectId, sequenceId | Add a prospect to a sequence after approval. |
outreach.send_email | L4 | write:sales | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | idempotencyKey, prospectId, subject | Send a customer-visible Outreach email after approval. |
Tool details:
outreach.search_prospects
Search Outreach prospects.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:sales |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
outreach.get_prospect
Read one prospect.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:sales |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
prospectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
outreach.list_accounts
List Outreach accounts.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:sales |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
outreach.list_sequences
List Outreach sequences.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:sales |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
outreach.list_tasks
List Outreach tasks.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:sales |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
outreach.list_mailboxes
List Outreach mailboxes.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:sales |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
outreach.list_activities
List Outreach activities.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:sales |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
outreach.create_task
Create an Outreach task.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:sales |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
prospectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
subject | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
outreach.create_email_draft
Create an Outreach email draft.
| Contract field | Value |
|---|---|
| Side-effect level | L2 - Draft, reversible, or low-impact write. |
| Policy action | write:sales |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
prospectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
subject | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.
outreach.add_prospect_to_sequence
Add a prospect to a sequence after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:sales |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
prospectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
sequenceId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
outreach.send_email
Send a customer-visible Outreach email after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:sales |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
prospectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
subject | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
PagerDuty (pagerduty)
Governed PagerDuty connector for on-call context, incident search, response coordination, dry-run incident creation, and approval-gated status changes.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | incident, observability |
| Data classes | metadata, pii, audit, identity |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts pagerduty |
| Fixture selfcheck | bun run apps/connectors/src/index.ts pagerduty --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/pagerduty |
| Vendor docs | https://developer.pagerduty.com/api-reference/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| API token | PagerDuty REST API token | apiToken | PUNK_PAGERDUTY_API_TOKEN | services.read, oncalls.read, incidents.read | incidents.write | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
services.read | required | metadata |
oncalls.read | required | identity, pii |
incidents.read | required | metadata, pii, audit |
incidents.write | optional | metadata, pii, audit |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
pagerduty.list_services | L1 | read:incident | no | not declared | 600s / tenant / slow | recorded | no suppression needed | none | List PagerDuty services with bounded pagination. Tenant-cacheable service catalog. |
pagerduty.list_oncalls | L1 | read:identity | no | not declared | 60s / subject / live | recorded | no suppression needed | none | List current PagerDuty on-call assignments by allowlisted schedule or escalation policy. |
pagerduty.search_incidents | L1 | read:incident | no | not declared | 30s / subject / live | recorded | no suppression needed | none | Search PagerDuty incidents by allowlisted service, status, urgency, and date range. |
pagerduty.get_incident | L1 | read:incident | no | not declared | 60s / subject / live | recorded | no suppression needed | incidentId | Get a PagerDuty incident by id. Notes are excluded unless requested. |
pagerduty.create_incident | L3 | write:incident | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | serviceId, title | Create a PagerDuty incident. dryRun defaults to true and the plan includes target service, urgency, escalation policy, and dedupe key. |
pagerduty.add_note | L3 | write:incident | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | content, incidentId | Add a visible PagerDuty incident note. dryRun defaults to true; approval is recommended by default. |
pagerduty.create_status_update | L3 | write:incident | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | incidentId, message | Create a PagerDuty incident status update for customer or team-facing response coordination. |
pagerduty.update_incident_status | L4 | write:incident | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | incidentId, status | Update a PagerDuty incident status. Acknowledge, resolve, and merge actions are approval-gated. |
Tool details:
pagerduty.list_services
List PagerDuty services with bounded pagination. Tenant-cacheable service catalog.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:incident |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 600s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
pagerduty.list_oncalls
List current PagerDuty on-call assignments by allowlisted schedule or escalation policy.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:identity |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: oncalls[].user; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
escalationPolicyId | string | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
scheduleId | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
pagerduty.search_incidents
Search PagerDuty incidents by allowlisted service, status, urgency, and date range.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:incident |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: assignments; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
serviceId | string | no | - | Connector-specific argument. |
since | string | no | - | Connector-specific argument. |
status | string | no | one of triggered, acknowledged, resolved | Connector-specific argument. |
until | string | no | - | Connector-specific argument. |
urgency | string | no | one of high, low | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
pagerduty.get_incident
Get a PagerDuty incident by id. Notes are excluded unless requested.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:incident |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: assignments, notes; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
incidentId | string | yes | min length 1 | Connector-specific argument. |
includeNotes | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
pagerduty.create_incident
Create a PagerDuty incident. dryRun defaults to true and the plan includes target service, urgency, escalation policy, and dedupe key.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:incident |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
serviceId | string | yes | min length 1 | Connector-specific argument. |
title | string | yes | min length 1; max length 1024 | Connector-specific argument. |
body | string | no | max length 8000 | Connector-specific argument. |
dedupeKey | string | no | max length 255 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
escalationPolicyId | string | no | - | Connector-specific argument. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
urgency | string | no | one of high, low | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
pagerduty.add_note
Add a visible PagerDuty incident note. dryRun defaults to true; approval is recommended by default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:incident |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: content; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
content | string | yes | min length 1; max length 8000 | Connector-specific argument. |
incidentId | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
pagerduty.create_status_update
Create a PagerDuty incident status update for customer or team-facing response coordination.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:incident |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: message; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
incidentId | string | yes | min length 1 | Connector-specific argument. |
message | string | yes | min length 1; max length 8000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
pagerduty.update_incident_status
Update a PagerDuty incident status. Acknowledge, resolve, and merge actions are approval-gated.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:incident |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: approval.approvedBy; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
incidentId | string | yes | min length 1 | Connector-specific argument. |
status | string | yes | one of acknowledged, resolved, merged | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | min length 8; max length 255 | Stable caller-provided key used to dedupe write execution. |
mergeIntoIncidentId | string | no | - | Connector-specific argument. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Postgres / Neon (postgres)
Governed Postgres and Neon connector for schema introspection, bounded SQL reads, query planning, branch context, and approval-gated database changes.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | database, data, engineering |
| Data classes | database, schema, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts postgres |
| Fixture selfcheck | bun run apps/connectors/src/index.ts postgres --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/postgres |
| Vendor docs | https://neon.com/docs/reference/api-reference |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | Neon API key or Postgres SQL gateway token | accessToken | POSTGRES_ACCESS_TOKEN | projects:read, branches:read, sql:read | sql:write | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
projects:read | required | database, schema |
branches:read | required | database, metadata |
sql:read | required | database, pii |
sql:write | optional | database |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
postgres.list_schemas | L1 | read:database | no | not declared | 300s / tenant / slow | recorded | no suppression needed | branchId, projectId | List visible Postgres schemas. |
postgres.list_tables | L1 | read:database | no | not declared | 300s / tenant / slow | recorded | no suppression needed | branchId, projectId | List tables in a bounded schema. |
postgres.describe_table | L1 | read:database | no | not declared | 300s / subject / slow | recorded | no suppression needed | branchId, projectId, tableId | Read table columns and metadata. |
postgres.list_indexes | L1 | read:database | no | not declared | 300s / tenant / slow | recorded | no suppression needed | branchId, projectId, tableId | List indexes for a table. |
postgres.sample_rows | L1 | read:database | no | not declared | 300s / subject / slow | recorded | no suppression needed | branchId, projectId, table | Return bounded sample rows from an allowlisted table. |
postgres.create_query_plan | L0 | read:database | no | not declared | 3600s / subject / slow | recorded | no suppression needed | branchId, projectId, sql | Create a local bounded read-query plan before execution. |
postgres.execute_read_query | L1 | read:database | no | not declared | 300s / subject / slow | recorded | no suppression needed | branchId, projectId, sql | Execute bounded read-only SQL. |
postgres.explain_query | L1 | read:database | no | not declared | 300s / subject / slow | recorded | no suppression needed | branchId, projectId, sql | Run EXPLAIN for bounded read-only SQL. |
postgres.list_neon_projects | L1 | read:database | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Neon projects available to the credential. |
postgres.list_neon_branches | L1 | read:database | no | not declared | 300s / tenant / slow | recorded | no suppression needed | projectId | List branches for a Neon project. |
postgres.create_neon_branch | L3 | write:database | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | name, projectId | Plan or create an isolated Neon branch for replay or migration validation. |
postgres.apply_migration | L4 | write:database | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | branchId, idempotencyKey, projectId, sql | Apply a high-impact database migration after approval. |
Tool details:
postgres.list_schemas
List visible Postgres schemas.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:database |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
branchId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
postgres.list_tables
List tables in a bounded schema.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:database |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
branchId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
postgres.describe_table
Read table columns and metadata.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:database |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
branchId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
tableId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
postgres.list_indexes
List indexes for a table.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:database |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
branchId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
tableId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
postgres.sample_rows
Return bounded sample rows from an allowlisted table.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:database |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
branchId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
table | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
postgres.create_query_plan
Create a local bounded read-query plan before execution.
| Contract field | Value |
|---|---|
| Side-effect level | L0 - Local or planning-only; no external side effect. |
| Policy action | read:database |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 3600s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
branchId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
sql | string | yes | - | SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
maxBytes | integer | no | min 1; max 1048576 | Maximum response bytes for content-like reads. |
query | string | no | - | Search string or filter expression accepted by the connector. |
timeoutSeconds | integer | no | min 1; max 60 | Maximum upstream execution window. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
postgres.execute_read_query
Execute bounded read-only SQL.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:database |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
branchId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
sql | string | yes | - | SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
maxBytes | integer | no | min 1; max 1048576 | Maximum response bytes for content-like reads. |
query | string | no | - | Search string or filter expression accepted by the connector. |
timeoutSeconds | integer | no | min 1; max 60 | Maximum upstream execution window. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
postgres.explain_query
Run EXPLAIN for bounded read-only SQL.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:database |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
branchId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
sql | string | yes | - | SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
maxBytes | integer | no | min 1; max 1048576 | Maximum response bytes for content-like reads. |
query | string | no | - | Search string or filter expression accepted by the connector. |
timeoutSeconds | integer | no | min 1; max 60 | Maximum upstream execution window. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
postgres.list_neon_projects
List Neon projects available to the credential.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:database |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
postgres.list_neon_branches
List branches for a Neon project.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:database |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
postgres.create_neon_branch
Plan or create an isolated Neon branch for replay or migration validation.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:database |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
name | string | number | boolean | object | array | yes | - | Connector-specific argument. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
postgres.apply_migration
Apply a high-impact database migration after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:database |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
branchId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
projectId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
sql | string | number | boolean | object | array | yes | - | SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
QuickBooks Online (quickbooks)
QuickBooks Online accounting connector with explicit fixture mode, fail-closed live reads, and dry-run-first accounting writes.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | accounting, billing |
| Data classes | metadata, pii, accounting, billing, payments, inventory |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts quickbooks |
| Fixture selfcheck | bun run apps/connectors/src/index.ts quickbooks --fixture --selfcheck |
| Punk docs | https://docs.punk.local/connectors/quickbooks |
| Vendor docs | https://developer.intuit.com/app/developer/qbo/docs/api/accounting/all-entities/accounting |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | QuickBooks Online OAuth access token | access_token, realm_id | PUNK_QUICKBOOKS_ACCESS_TOKEN, PUNK_QUICKBOOKS_REALM_ID | com.intuit.quickbooks.accounting | - | yes |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
com.intuit.quickbooks.accounting | required | pii, accounting, billing, payments, inventory |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
quickbooks.get_company_info | L1 | read:accounting | no | not declared | 3600s / tenant / slow | recorded | suppressed | none | Retrieve the connected QuickBooks Online company profile. |
quickbooks.query_customers | L1 | read:accounting | no | not declared | 120s / subject / live | recorded | suppressed | none | Search or list QuickBooks Online customers by query, customer id, email, or active status. |
quickbooks.query_invoices | L1 | read:accounting | no | not declared | 120s / subject / live | recorded | suppressed | none | Search QuickBooks Online invoices by customer, invoice id, document number, or payment status. |
quickbooks.get_invoice | L1 | read:accounting | no | not declared | 300s / subject / slow | recorded | suppressed | invoiceId | Retrieve a QuickBooks Online invoice by id. |
quickbooks.create_invoice_draft | L0 | read:accounting | no | supported via idempotencyKey | 0s / none / static | recorded | suppressed, dry-run | customerId, lineItems | Build a deterministic QuickBooks invoice draft and approval packet without calling QuickBooks. |
quickbooks.create_invoice | L4 | write:accounting | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | customerId, lineItems | Create a QuickBooks invoice only after a dry-run plan, approval metadata, and idempotency key. |
quickbooks.record_payment | L4 | write:payment | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | amountCents, customerId, invoiceId | Record a QuickBooks invoice payment only after a dry-run plan, approval metadata, and idempotency key. |
quickbooks.list_items | L1 | read:accounting | no | not declared | 300s / tenant / slow | recorded | suppressed | none | List QuickBooks products and services with optional type and active filters. |
quickbooks.query_reports | L1 | read:accounting | no | not declared | 300s / tenant / slow | recorded | suppressed | reportName | Retrieve a bounded QuickBooks accounting report such as Profit and Loss or Aged Receivables. |
quickbooks.attach_note | L2 | write:accounting | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | entityId, entityType, note | Attach a note to a QuickBooks customer, invoice, payment, or item with dry-run-first write controls. |
Tool details:
quickbooks.get_company_info
Retrieve the connected QuickBooks Online company profile.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:accounting |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 3600s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: company.email, company.address; Secrets: accessToken, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
quickbooks.query_customers
Search or list QuickBooks Online customers by query, customer id, email, or active status.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:accounting |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / live |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: email, customers[].email, customers[].displayName; Secrets: accessToken, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
active | boolean | no | - | Connector-specific argument. |
cursor | string | no | max length 500 | Opaque pagination cursor returned by a previous call. |
customerId | string | no | max length 128 | Connector-specific argument. |
email | string | no | max length 320 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
quickbooks.query_invoices
Search QuickBooks Online invoices by customer, invoice id, document number, or payment status.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:accounting |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / live |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: customerId, invoices[].customerName; Secrets: accessToken, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | max length 500 | Opaque pagination cursor returned by a previous call. |
customerId | string | no | max length 128 | Connector-specific argument. |
docNumber | string | no | max length 128 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
invoiceId | string | no | max length 128 | Connector-specific argument. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
status | string | no | one of open, paid, overdue, void | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
quickbooks.get_invoice
Retrieve a QuickBooks Online invoice by id.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:accounting |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: invoice.customerName; Secrets: accessToken, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
invoiceId | string | yes | min length 1; max length 128 | Connector-specific argument. |
includeLines | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
quickbooks.create_invoice_draft
Build a deterministic QuickBooks invoice draft and approval packet without calling QuickBooks.
| Contract field | Value |
|---|---|
| Side-effect level | L0 - Local or planning-only; no external side effect. |
| Policy action | read:accounting |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / static |
| Replay | can replay / recorded |
| Shadow | suppressed, dry-run |
| Redaction | PII: email, customerId; Secrets: accessToken, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
customerId | string | yes | min length 1; max length 128 | Connector-specific argument. |
lineItems | array | yes | - | Connector-specific argument. |
currency | string | no | min length 3; max length 3 | Connector-specific argument. |
docNumber | string | no | max length 128 | Connector-specific argument. |
dueDate | string | no | - | Connector-specific argument. |
email | string | no | max length 320 | Connector-specific argument. |
memo | string | no | max length 2000 | Connector-specific argument. |
txnDate | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
quickbooks.create_invoice
Create a QuickBooks invoice only after a dry-run plan, approval metadata, and idempotency key.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:accounting |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: approval.approvedBy, email, customerId; Secrets: accessToken, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
customerId | string | yes | min length 1; max length 128 | Connector-specific argument. |
lineItems | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
currency | string | no | min length 3; max length 3 | Connector-specific argument. |
docNumber | string | no | max length 128 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
dueDate | string | no | - | Connector-specific argument. |
email | string | no | max length 320 | Connector-specific argument. |
idempotencyKey | string | no | min length 16; max length 255 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
memo | string | no | max length 2000 | Connector-specific argument. |
planId | string | no | max length 180 | Connector-specific argument. |
txnDate | string | no | - | Connector-specific argument. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
quickbooks.record_payment
Record a QuickBooks invoice payment only after a dry-run plan, approval metadata, and idempotency key.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:payment |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: approval.approvedBy, customerId; Secrets: accessToken, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
amountCents | integer | yes | min 1 | Connector-specific argument. |
customerId | string | yes | min length 1; max length 128 | Connector-specific argument. |
invoiceId | string | yes | min length 1; max length 128 | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
currency | string | no | min length 3; max length 3 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | min length 16; max length 255 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
memo | string | no | max length 2000 | Connector-specific argument. |
paymentDate | string | no | - | Connector-specific argument. |
planId | string | no | max length 180 | Connector-specific argument. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
quickbooks.list_items
List QuickBooks products and services with optional type and active filters.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:accounting |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: none declared; Secrets: accessToken, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
active | boolean | no | - | Connector-specific argument. |
cursor | string | no | max length 500 | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
type | string | no | one of Service, Inventory, NonInventory, Category | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
quickbooks.query_reports
Retrieve a bounded QuickBooks accounting report such as Profit and Loss or Aged Receivables.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:accounting |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: report.rows[].customerName; Secrets: accessToken, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
reportName | string | yes | one of ProfitAndLoss, BalanceSheet, AgedReceivables, CustomerSales | Connector-specific argument. |
accountingMethod | string | no | one of Cash, Accrual | Connector-specific argument. |
endDate | string | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
startDate | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
quickbooks.attach_note
Attach a note to a QuickBooks customer, invoice, payment, or item with dry-run-first write controls.
| Contract field | Value |
|---|---|
| Side-effect level | L2 - Draft, reversible, or low-impact write. |
| Policy action | write:accounting |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: note; Secrets: accessToken, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
entityId | string | yes | min length 1; max length 128 | Connector-specific argument. |
entityType | string | yes | one of customer, invoice, payment, item | Connector-specific argument. |
note | string | yes | min length 1; max length 2000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | min length 16; max length 255 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.
Salesforce (salesforce)
Enterprise CRM connector for Salesforce records, restricted SOQL reads, case creation, task creation, and allowlisted record updates.
| Field | Value |
|---|---|
| Version | 0.1.0-draft |
| Categories | crm, support |
| Data classes | crm, pii, tickets, billing |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts salesforce |
| Fixture selfcheck | bun run apps/connectors/src/index.ts salesforce --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/salesforce |
| Vendor docs | https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_rest.htm |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | Salesforce Connected App OAuth | accessToken, instanceUrl | PUNK_SALESFORCE_ACCESS_TOKEN, PUNK_SALESFORCE_INSTANCE_URL | api | refresh_token | yes |
| Bearer token | Salesforce bearer token | accessToken, instanceUrl | PUNK_SALESFORCE_ACCESS_TOKEN, PUNK_SALESFORCE_INSTANCE_URL | - | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
api | required | crm, pii, tickets |
refresh_token | optional | crm |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
salesforce.query | L1 | read:crm | no | not declared | 60s / subject / live | recorded | no suppression needed | soql | Run a restricted, bounded SELECT-only SOQL query against allowlisted objects. Tooling API and unbounded queries are not supported. |
salesforce.get_record | L1 | read:crm | no | not declared | 300s / subject / slow | recorded | no suppression needed | objectType, recordId | Get one Salesforce record from an allowlisted object and read field allowlist. |
salesforce.search_records | L1 | read:crm | no | not declared | 60s / subject / live | recorded | no suppression needed | objectType, query | Search allowlisted Salesforce objects with bounded results and allowlisted output fields. |
salesforce.create_task | L3 | write:crm | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | subject | Create a Salesforce Task linked to an allowlisted CRM record. This is a level 3 CRM write. |
salesforce.create_case | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | description, subject | Create a Salesforce Case from a support escalation. This is a level 3 ticket write. |
salesforce.update_record | L3 | write:crm | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | fields, objectType, recordId | Update allowlisted fields on Account, Contact, Opportunity, or Case records. Permission and destructive changes are excluded from v1. |
Tool details:
salesforce.query
Run a restricted, bounded SELECT-only SOQL query against allowlisted objects. Tooling API and unbounded queries are not supported.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: records[].Email, records[].Phone; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
soql | string | yes | max length 2000 | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
salesforce.get_record
Get one Salesforce record from an allowlisted object and read field allowlist.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: Email, Phone; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
objectType | string | yes | one of Account, Contact, Opportunity, Case, Task | Connector-specific argument. |
recordId | string | yes | - | Connector-specific argument. |
fields | array | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
salesforce.search_records
Search allowlisted Salesforce objects with bounded results and allowlisted output fields.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:crm |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: records[].Email, records[].Phone; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
objectType | string | yes | one of Account, Contact, Opportunity, Case, Task | Connector-specific argument. |
query | string | yes | max length 500 | Search string or filter expression accepted by the connector. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
fields | array | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
salesforce.create_task
Create a Salesforce Task linked to an allowlisted CRM record. This is a level 3 CRM write.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:crm |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: description; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
subject | string | yes | max length 255 | Connector-specific argument. |
activityDate | string | no | - | Connector-specific argument. |
description | string | no | max length 5000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
ownerId | string | no | - | Connector-specific argument. |
priority | string | no | one of Low, Normal, High | Connector-specific argument. |
status | string | no | one of Not Started, In Progress, Completed, Waiting on someone else, Deferred | Connector-specific argument. |
whatId | string | no | - | Related Account, Opportunity, Case, or custom object id. |
whoId | string | no | - | Related Contact or Lead id. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
salesforce.create_case
Create a Salesforce Case from a support escalation. This is a level 3 ticket write.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: description; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
description | string | yes | max length 10000 | Connector-specific argument. |
subject | string | yes | max length 255 | Connector-specific argument. |
accountId | string | no | - | Connector-specific argument. |
contactId | string | no | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
origin | string | no | - | Connector-specific argument. |
ownerId | string | no | - | Connector-specific argument. |
priority | string | no | one of Low, Medium, High | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
salesforce.update_record
Update allowlisted fields on Account, Contact, Opportunity, or Case records. Permission and destructive changes are excluded from v1.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:crm |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: fields.Phone, fields.Description; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fields | object | yes | - | Connector-specific argument. |
objectType | string | yes | one of Account, Contact, Opportunity, Case | Connector-specific argument. |
recordId | string | yes | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
Segment (segment)
Governed Segment CDP connector for workspaces, sources, destinations, warehouses, tracking plans, schemas, validation, and approval-gated data-plane changes.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | marketing, data, analytics |
| Data classes | analytics, events, marketing, warehouse, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts segment |
| Fixture selfcheck | bun run apps/connectors/src/index.ts segment --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/segment |
| Vendor docs | https://docs.segmentapis.com/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | Segment Public API token | accessToken | SEGMENT_ACCESS_TOKEN | workspaces:read, tracking-plans:read | tracking-plans:write | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
workspaces:read | required | analytics |
tracking-plans:read | required | events |
tracking-plans:write | optional | events |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
segment.list_workspaces | L1 | read:analytics | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Segment workspaces. |
segment.list_sources | L1 | read:analytics | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Segment sources. |
segment.list_destinations | L1 | read:analytics | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Segment destinations. |
segment.list_warehouses | L1 | read:analytics | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Segment warehouses. |
segment.list_tracking_plans | L1 | read:analytics | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List tracking plans. |
segment.get_tracking_plan | L1 | read:analytics | no | not declared | 300s / subject / slow | recorded | no suppression needed | trackingPlanId | Read one tracking plan. |
segment.list_event_schemas | L1 | read:analytics | no | not declared | 300s / subject / slow | recorded | no suppression needed | trackingPlanId | List tracking plan event schemas. |
segment.validate_event | L0 | read:analytics | no | not declared | 300s / subject / slow | recorded | no suppression needed | event, trackingPlanId | Locally validate an event against known tracking-plan rules. |
segment.update_tracking_plan | L4 | write:analytics | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | idempotencyKey, trackingPlanId | Update a Segment tracking plan after approval. |
segment.enable_destination | L4 | write:analytics | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | destinationId, enabled, idempotencyKey | Enable or disable a Segment destination after approval. |
Tool details:
segment.list_workspaces
List Segment workspaces.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:analytics |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
segment.list_sources
List Segment sources.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:analytics |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
segment.list_destinations
List Segment destinations.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:analytics |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
segment.list_warehouses
List Segment warehouses.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:analytics |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
segment.list_tracking_plans
List tracking plans.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:analytics |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
segment.get_tracking_plan
Read one tracking plan.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:analytics |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
trackingPlanId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
segment.list_event_schemas
List tracking plan event schemas.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:analytics |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
trackingPlanId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
segment.validate_event
Locally validate an event against known tracking-plan rules.
| Contract field | Value |
|---|---|
| Side-effect level | L0 - Local or planning-only; no external side effect. |
| Policy action | read:analytics |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
event | string | number | boolean | object | array | yes | - | Connector-specific argument. |
trackingPlanId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
segment.update_tracking_plan
Update a Segment tracking plan after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:analytics |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
trackingPlanId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
segment.enable_destination
Enable or disable a Segment destination after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:analytics |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
destinationId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
enabled | boolean | yes | - | Connector-specific argument. |
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Sentry (sentry)
Governed Sentry connector for bounded issue and event reads, release context, issue comments, assignments, and approval-gated status transitions.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | engineering, observability |
| Data classes | observability, source_code, metadata, pii |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts sentry |
| Fixture selfcheck | bun run apps/connectors/src/index.ts sentry --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/sentry |
| Vendor docs | https://docs.sentry.io/api/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | Sentry bearer token | access_token, organization_slug | SENTRY_AUTH_TOKEN, SENTRY_ORG | org:read, project:read, event:read | event:write | no |
| API token | Sentry internal integration token | token, organization_slug | SENTRY_AUTH_TOKEN, SENTRY_ORG | - | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
org:read | required | metadata |
project:read | required | observability, source_code, pii |
event:read | required | observability, pii |
event:write | optional | metadata, pii, audit |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
sentry.search_issues | L1 | read:observability | no | not declared | 60s / tenant / live | recorded | no suppression needed | from, to | Search Sentry issues by project, query, status, release, and required bounded date range. |
sentry.get_issue | L1 | read:observability | no | not declared | 120s / tenant / live | recorded | no suppression needed | issueId | Retrieve one Sentry issue summary with bounded body fields. |
sentry.list_issue_events | L1 | read:observability | no | not declared | 60s / tenant / live | recorded | no suppression needed | from, issueId, to | List Sentry events for one issue within a required bounded time range. |
sentry.get_event | L1 | read:observability | no | not declared | 120s / tenant / live | recorded | no suppression needed | eventId, projectSlug | Fetch one Sentry event with stack trace, request headers, cookies, and known secret fields redacted. |
sentry.list_releases | L1 | read:repo | no | not declared | 300s / tenant / slow | recorded | no suppression needed | projectSlug | List Sentry releases for an allowlisted project with bounded pagination. |
sentry.comment_issue | L3 | write:incident | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | body, issueId | Add a visible comment to a Sentry issue. Dry-run is the default. |
sentry.assign_issue | L3 | write:incident | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | assignee, issueId | Assign or route a Sentry issue. Dry-run is the default. |
sentry.update_issue_status | L4 | write:incident | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | issueId, status | Resolve, ignore, snooze, or reopen a Sentry issue. Non-dry-run execution requires approval metadata and an idempotency key. |
Tool details:
sentry.search_issues
Search Sentry issues by project, query, status, release, and required bounded date range.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:observability |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: issues[].assignee, issues[].culprit; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
from | string | yes | - | ISO 8601 start time. |
to | string | yes | - | ISO 8601 end time. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
projectSlug | string | no | min length 1; max length 128 | Connector-specific argument. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
release | string | no | max length 200 | Connector-specific argument. |
status | string | no | one of unresolved, resolved, ignored, all | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
sentry.get_issue
Retrieve one Sentry issue summary with bounded body fields.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:observability |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: issue.assignee, issue.culprit, issue.body; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
issueId | string | yes | min length 1; max length 128 | Connector-specific argument. |
includeBody | boolean | no | - | Optional body expansion. Defaults are bounded excerpts or metadata. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
maxBodyBytes | integer | no | min 1; max 20000 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
sentry.list_issue_events
List Sentry events for one issue within a required bounded time range.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:observability |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: events[].message, events[].user; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
from | string | yes | - | ISO 8601 start time. |
issueId | string | yes | min length 1; max length 128 | Connector-specific argument. |
to | string | yes | - | ISO 8601 end time. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
sentry.get_event
Fetch one Sentry event with stack trace, request headers, cookies, and known secret fields redacted.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:observability |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / tenant / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: event.request, event.stacktrace; Secrets: raw, authorization, cookie, token, secret, password |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
eventId | string | yes | min length 1; max length 128 | Connector-specific argument. |
projectSlug | string | yes | min length 1; max length 128 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
maxStackFrames | integer | no | min 1; max 50 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
sentry.list_releases
List Sentry releases for an allowlisted project with bounded pagination.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:repo |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
projectSlug | string | yes | min length 1; max length 128 | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
sentry.comment_issue
Add a visible comment to a Sentry issue. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:incident |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | min length 1; max length 5000 | Connector-specific argument. |
issueId | string | yes | min length 1; max length 128 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
sentry.assign_issue
Assign or route a Sentry issue. Dry-run is the default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:incident |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: assignee; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
assignee | string | yes | min length 1; max length 128 | Connector-specific argument. |
issueId | string | yes | min length 1; max length 128 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
sentry.update_issue_status
Resolve, ignore, snooze, or reopen a Sentry issue. Non-dry-run execution requires approval metadata and an idempotency key.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:incident |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: approval.reason; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
issueId | string | yes | min length 1; max length 128 | Connector-specific argument. |
status | string | yes | one of resolved, unresolved, ignored, snoozed | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 128 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
snoozeUntil | string | no | - | ISO 8601 timestamp required when status is snoozed. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
ServiceNow (servicenow)
Governed ServiceNow ITSM connector for incident intake, change request planning, work notes, CMDB lookup, and approval-gated state changes.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | incident, support |
| Data classes | tickets, pii, metadata, audit |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts servicenow |
| Fixture selfcheck | bun run apps/connectors/src/index.ts servicenow --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/servicenow |
| Vendor docs | https://www.servicenow.com/docs/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | ServiceNow OAuth access token | accessToken | PUNK_SERVICENOW_INSTANCE_URL, PUNK_SERVICENOW_ACCESS_TOKEN | incident.read | incident.write, change_request.read, change_request.write, cmdb.read | no |
| Basic/API token | ServiceNow basic/API credential | username, password | PUNK_SERVICENOW_INSTANCE_URL, PUNK_SERVICENOW_USERNAME, PUNK_SERVICENOW_PASSWORD | - | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
incident.read | required | tickets, pii, metadata |
incident.write | optional | tickets, pii, audit |
change_request.read | optional | audit, metadata |
change_request.write | optional | audit, metadata |
cmdb.read | optional | metadata, audit |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
servicenow.search_incidents | L1 | read:ticket | no | not declared | 30s / subject / live | recorded | no suppression needed | none | Search ServiceNow incidents with bounded pagination and allowlisted fields. |
servicenow.get_incident | L1 | read:ticket | no | not declared | 60s / subject / live | recorded | no suppression needed | incidentId | Retrieve one ServiceNow incident by sys_id or number. Comments and work notes are excluded unless requested. |
servicenow.create_incident | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | shortDescription | Create a ServiceNow incident. dryRun defaults to true; assignment group allowlists are enforced before execution. |
servicenow.update_incident | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | fields, incidentId | Patch allowlisted ServiceNow incident fields only. Resolve, close, and cancel transitions must use change_incident_state. |
servicenow.add_work_note | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | incidentId, note | Add an internal ServiceNow work note. Output labels the note as internal/private. |
servicenow.search_change_requests | L1 | read:incident | no | not declared | 60s / subject / live | recorded | no suppression needed | none | Search ServiceNow change requests with bounded pagination and limited fields. |
servicenow.create_change_request | L4 | write:incident | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | backoutPlan, implementationPlan, riskImpactAnalysis, shortDescription, testPlan | Create a ServiceNow change request. Non-dry-run execution requires approval metadata and an idempotency key. |
servicenow.change_incident_state | L4 | write:incident | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | incidentId, state | Change a ServiceNow incident state. Resolve, close, and cancel transitions require approval metadata and an idempotency key. |
servicenow.search_cmdb_items | L1 | read:observability | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | Search allowlisted ServiceNow CMDB tables with bounded pagination. |
Tool details:
servicenow.search_incidents
Search ServiceNow incidents with bounded pagination and allowlisted fields.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:ticket |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: caller, assignedTo; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
assignmentGroup | string | no | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
encodedQuery | string | no | max length 1000 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
state | string | no | one of new, in_progress, on_hold, resolved, closed, cancelled | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
servicenow.get_incident
Retrieve one ServiceNow incident by sys_id or number. Comments and work notes are excluded unless requested.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:ticket |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: comments, workNotes, caller; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
incidentId | string | yes | min length 1 | Connector-specific argument. |
includeNotes | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
servicenow.create_incident
Create a ServiceNow incident. dryRun defaults to true; assignment group allowlists are enforced before execution.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: description, callerId; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
shortDescription | string | yes | min length 1; max length 160 | Connector-specific argument. |
assignmentGroup | string | no | - | Connector-specific argument. |
callerId | string | no | - | Connector-specific argument. |
category | string | no | - | Connector-specific argument. |
description | string | no | max length 8000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
impact | string | no | one of 1, 2, 3, high, medium, low | Connector-specific argument. |
subcategory | string | no | - | Connector-specific argument. |
urgency | string | no | one of 1, 2, 3, high, medium, low | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
servicenow.update_incident
Patch allowlisted ServiceNow incident fields only. Resolve, close, and cancel transitions must use change_incident_state.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: fields.description, fields.assignedTo; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fields | object | yes | - | Only shortDescription, description, urgency, impact, assignmentGroup, assignedTo, category, and subcategory are allowed. |
incidentId | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
servicenow.add_work_note
Add an internal ServiceNow work note. Output labels the note as internal/private.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: note; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
incidentId | string | yes | min length 1 | Connector-specific argument. |
note | string | yes | min length 1; max length 8000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
servicenow.search_change_requests
Search ServiceNow change requests with bounded pagination and limited fields.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:incident |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
encodedQuery | string | no | max length 1000 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
state | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
servicenow.create_change_request
Create a ServiceNow change request. Non-dry-run execution requires approval metadata and an idempotency key.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:incident |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: description, approval.approvedBy; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
backoutPlan | string | yes | min length 1; max length 8000 | Connector-specific argument. |
implementationPlan | string | yes | min length 1; max length 8000 | Connector-specific argument. |
riskImpactAnalysis | string | yes | min length 1; max length 8000 | Connector-specific argument. |
shortDescription | string | yes | min length 1; max length 160 | Connector-specific argument. |
testPlan | string | yes | min length 1; max length 8000 | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
assignmentGroup | string | no | - | Connector-specific argument. |
description | string | no | max length 8000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | min length 8; max length 255 | Stable caller-provided key used to dedupe write execution. |
risk | string | no | one of low, moderate, high, 1, 2, 3, 4 | Connector-specific argument. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
servicenow.change_incident_state
Change a ServiceNow incident state. Resolve, close, and cancel transitions require approval metadata and an idempotency key.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:incident |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: closeNotes, approval.approvedBy; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
incidentId | string | yes | min length 1 | Connector-specific argument. |
state | string | yes | one of resolved, closed, cancelled, in_progress, on_hold | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
closeCode | string | no | max length 160 | Connector-specific argument. |
closeNotes | string | no | max length 8000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | min length 8; max length 255 | Stable caller-provided key used to dedupe write execution. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
servicenow.search_cmdb_items
Search allowlisted ServiceNow CMDB tables with bounded pagination.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:observability |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
encodedQuery | string | no | max length 1000 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
table | string | no | one of cmdb_ci, cmdb_ci_service, cmdb_ci_server, cmdb_ci_business_app | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
Shopify (shopify)
Governed Shopify connector for products, orders, customers, inventory, fulfillment, refunds, and commerce approvals.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | commerce, billing |
| Data classes | commerce, inventory, payments, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts shopify |
| Fixture selfcheck | bun run apps/connectors/src/index.ts shopify --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/shopify |
| Vendor docs | https://shopify.dev/docs/api/admin-graphql/latest |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| API token | Admin API access token | accessToken, shopDomain | SHOPIFY_ACCESS_TOKEN, SHOPIFY_SHOP_DOMAIN | read_products, write_orders | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
read_products | required | commerce |
write_orders | required | commerce, payments |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
shopify.search_products | L1 | read:commerce | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Search Shopify products. |
shopify.get_product | L1 | read:commerce | no | not declared | 300s / subject / slow | recorded | no suppression needed | productId | Read Shopify product detail. |
shopify.list_orders | L1 | read:commerce | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List Shopify orders. |
shopify.get_order | L1 | read:commerce | no | not declared | 300s / subject / slow | recorded | no suppression needed | orderId | Read Shopify order detail. |
shopify.search_customers | L1 | read:commerce | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Search Shopify customers. |
shopify.get_customer | L1 | read:commerce | no | not declared | 300s / subject / slow | recorded | no suppression needed | customerId | Read Shopify customer detail. |
shopify.list_inventory_levels | L1 | read:commerce | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | List Shopify inventory levels. |
shopify.list_fulfillments | L1 | read:commerce | no | not declared | 300s / subject / slow | recorded | no suppression needed | orderId | List fulfillments for an order. |
shopify.add_order_note | L3 | write:commerce | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | note, orderId | Plan or add an internal order note. |
shopify.update_inventory_level | L4 | write:commerce | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | inventoryItemId, locationId | Update inventory after approval. |
shopify.create_fulfillment | L4 | write:commerce | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | orderId | Create an order fulfillment after approval. |
shopify.create_refund | L4 | write:commerce | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | amount, orderId | Create a Shopify refund after approval. |
Tool details:
shopify.search_products
Search Shopify products.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:commerce |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
shopify.get_product
Read Shopify product detail.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:commerce |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
productId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
shopify.list_orders
List Shopify orders.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:commerce |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: customerEmail; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
shopify.get_order
Read Shopify order detail.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:commerce |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
orderId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
shopify.search_customers
Search Shopify customers.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:commerce |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
shopify.get_customer
Read Shopify customer detail.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:commerce |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
customerId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
shopify.list_inventory_levels
List Shopify inventory levels.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:commerce |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
shopify.list_fulfillments
List fulfillments for an order.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:commerce |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
orderId | string | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
shopify.add_order_note
Plan or add an internal order note.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:commerce |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: note; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
note | string | yes | - | Connector-specific argument. |
orderId | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
shopify.update_inventory_level
Update inventory after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:commerce |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
inventoryItemId | string | yes | - | Connector-specific argument. |
locationId | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
shopify.create_fulfillment
Create an order fulfillment after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:commerce |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
orderId | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
shopify.create_refund
Create a Shopify refund after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:commerce |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
amount | string | yes | - | Connector-specific argument. |
orderId | string | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Slack (slack)
Governed Slack tools for channel discovery, message search, thread reads, handoffs, approvals, and incident updates.
| Field | Value |
|---|---|
| Version | 0.1.0-draft |
| Categories | productivity, support, engineering |
| Data classes | chat, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts slack |
| Fixture selfcheck | bun run apps/connectors/src/index.ts slack --fixture --selfcheck |
| Punk docs | https://punk.local/docs/connectors/slack |
| Vendor docs | https://api.slack.com/web |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | Slack bot token | bot_token | SLACK_BOT_TOKEN | channels:read, groups:read, channels:history, groups:history, chat:write, reactions:write, search:read | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
channels:read | required | metadata |
groups:read | required | metadata |
channels:history | required | chat, pii |
groups:history | required | chat, pii |
chat:write | required | chat, pii |
reactions:write | required | chat |
search:read | required | chat, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
slack.list_channels | L1 | read:chat | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List public and private channels visible to the bot token. |
slack.search_messages | L1 | read:chat | no | not declared | 60s / subject / live | recorded | no suppression needed | query | Search messages visible to the Slack credential with bounded snippets by default. |
slack.get_thread | L1 | read:chat | no | not declared | 30s / subject / live | recorded | no suppression needed | channel, threadTs | Read a Slack thread by channel and root message timestamp. |
slack.post_message | L3 | write:chat | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | channel, text | Post a user-visible Slack message. dryRun validates and returns the side-effect plan without posting. |
slack.reply_thread | L3 | write:chat | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | channel, text, threadTs | Post a reply to an existing Slack thread. dryRun validates and returns the side-effect plan without posting. |
slack.update_message | L3 | write:chat | yes | not supported | 0s / none / live | dry_run | suppressed, dry-run | channel, text, ts | Update a visible Slack message. Treat as governed user-visible write by default. |
slack.add_reaction | L2 | write:chat | no | not declared | 0s / none / live | dry_run | suppressed, dry-run | channel, reaction, ts | Add an emoji reaction to a Slack message. dryRun validates and returns the side-effect plan without posting. |
Tool details:
slack.list_channels
List public and private channels visible to the bot token.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:chat |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeArchived | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 200 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
types | array | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
slack.search_messages
Search messages visible to the Slack credential with bounded snippets by default.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:chat |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: messages.text, messages.userName; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
query | string | yes | min length 1; max length 500 | Search string or filter expression accepted by the connector. |
channel | string | no | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
slack.get_thread
Read a Slack thread by channel and root message timestamp.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:chat |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: messages.text, messages.userName; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
channel | string | yes | min length 1 | Connector-specific argument. |
threadTs | string | yes | min length 1 | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
slack.post_message
Post a user-visible Slack message. dryRun validates and returns the side-effect plan without posting.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:chat |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: text; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
channel | string | yes | min length 1 | Connector-specific argument. |
text | string | yes | min length 1; max length 40000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 120 | Stable caller-provided key used to dedupe write execution. |
unfurlLinks | boolean | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
slack.reply_thread
Post a reply to an existing Slack thread. dryRun validates and returns the side-effect plan without posting.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:chat |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: text; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
channel | string | yes | min length 1 | Connector-specific argument. |
text | string | yes | min length 1; max length 40000 | Connector-specific argument. |
threadTs | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 120 | Stable caller-provided key used to dedupe write execution. |
unfurlLinks | boolean | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
slack.update_message
Update a visible Slack message. Treat as governed user-visible write by default.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:chat |
| Approval required by default | yes |
| Idempotency | not supported |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: text; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
channel | string | yes | min length 1 | Connector-specific argument. |
text | string | yes | min length 1; max length 40000 | Connector-specific argument. |
ts | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
slack.add_reaction
Add an emoji reaction to a Slack message. dryRun validates and returns the side-effect plan without posting.
| Contract field | Value |
|---|---|
| Side-effect level | L2 - Draft, reversible, or low-impact write. |
| Policy action | write:chat |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
channel | string | yes | min length 1 | Connector-specific argument. |
reaction | string | yes | - | Connector-specific argument. |
ts | string | yes | min length 1 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
Agent usage: Prefer dry-run first. Treat output as a draft or reversible plan until a human or policy confirms execution.
Snowflake (snowflake)
Governed Snowflake connector for local SQL posture plans, read-only SQL API execution, statement polling, bounded result fetches, and warehouse metadata discovery.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | data |
| Data classes | warehouse, pii, metadata, audit |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts snowflake |
| Fixture selfcheck | bun run apps/connectors/src/index.ts snowflake --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/snowflake |
| Vendor docs | https://docs.snowflake.com/en/developer-guide/sql-api/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Bearer token | Snowflake OAuth access token | accessToken, accountIdentifier, warehouse, role, database, schema | PUNK_SNOWFLAKE_ACCESS_TOKEN, PUNK_SNOWFLAKE_ACCOUNT, PUNK_SNOWFLAKE_WAREHOUSE, PUNK_SNOWFLAKE_ROLE, PUNK_SNOWFLAKE_DATABASE, PUNK_SNOWFLAKE_SCHEMA | session:role, sql:read | - | yes |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
session:role | required | warehouse, metadata, audit |
sql:read | required | warehouse, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
snowflake.create_query_plan | L0 | read:data | no | not declared | 0s / none / static | recorded | no suppression needed | limit, sql, timeoutSeconds | Locally classify a Snowflake SQL statement, reject unsafe SQL, and return the bounded read-only execution plan without contacting Snowflake. |
snowflake.execute_query | L1 | read:data | no | not declared | 0s / none / live | recorded | no suppression needed | limit, sql, timeoutSeconds | Execute a SELECT, SHOW, or DESCRIBE statement through the Snowflake SQL API with mandatory row and timeout bounds. |
snowflake.get_statement_status | L1 | read:data | no | not declared | 5s / subject / live | recorded | no suppression needed | statementHandle | Poll one Snowflake SQL API statement handle and return non-row status metadata. |
snowflake.fetch_results | L1 | read:data | no | not declared | 0s / none / live | recorded | no suppression needed | limit, maxBytes, statementHandle | Fetch one bounded page of Snowflake SQL API results by statement handle. |
snowflake.list_databases | L1 | read:data | no | not declared | 3600s / tenant / static | recorded | no suppression needed | none | List Snowflake databases through fixture metadata or a bounded SHOW DATABASES call. |
snowflake.list_schemas | L1 | read:data | no | not declared | 3600s / tenant / static | recorded | no suppression needed | none | List schemas for an allowed Snowflake database. |
snowflake.list_tables | L1 | read:data | no | not declared | 1800s / tenant / slow | recorded | no suppression needed | none | List tables for an allowed Snowflake database and schema. |
snowflake.describe_table | L1 | read:data | no | not declared | 1800s / tenant / slow | recorded | no suppression needed | table | Return column metadata and approximate row counts for one allowed Snowflake table. |
Tool details:
snowflake.create_query_plan
Locally classify a Snowflake SQL statement, reject unsafe SQL, and return the bounded read-only execution plan without contacting Snowflake.
| Contract field | Value |
|---|---|
| Side-effect level | L0 - Local or planning-only; no external side effect. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 0s / none / static |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: sql; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
limit | integer | yes | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
sql | string | yes | min length 1; max length 10000 | SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced. |
timeoutSeconds | integer | yes | min 1; max 60 | Maximum upstream execution window. |
database | string | no | - | Connector-specific argument. |
maxBytes | integer | no | min 256; max 65536 | Maximum response bytes for content-like reads. |
role | string | no | - | Connector-specific argument. |
schema | string | no | - | Connector-specific argument. |
warehouse | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
snowflake.execute_query
Execute a SELECT, SHOW, or DESCRIBE statement through the Snowflake SQL API with mandatory row and timeout bounds.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 0s / none / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: sql, rows; Secrets: authorization, accessToken |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
limit | integer | yes | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
sql | string | yes | min length 1; max length 10000 | SQL text. Read tools reject mutation SQL, multi-statements, and unbounded execution where enforced. |
timeoutSeconds | integer | yes | min 1; max 60 | Maximum upstream execution window. |
database | string | no | - | Connector-specific argument. |
maxBytes | integer | no | min 256; max 65536 | Maximum response bytes for content-like reads. |
requestId | string | no | max length 128 | Connector-specific argument. |
role | string | no | - | Connector-specific argument. |
schema | string | no | - | Connector-specific argument. |
warehouse | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
snowflake.get_statement_status
Poll one Snowflake SQL API statement handle and return non-row status metadata.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 5s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, accessToken |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
statementHandle | string | yes | min length 1; max length 256 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
snowflake.fetch_results
Fetch one bounded page of Snowflake SQL API results by statement handle.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 0s / none / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: rows; Secrets: authorization, accessToken |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
limit | integer | yes | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
maxBytes | integer | yes | min 256; max 65536 | Maximum response bytes for content-like reads. |
statementHandle | string | yes | min length 1; max length 256 | Connector-specific argument. |
partition | integer | no | min 0 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
snowflake.list_databases
List Snowflake databases through fixture metadata or a bounded SHOW DATABASES call.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 3600s / tenant / static |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, accessToken |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
snowflake.list_schemas
List schemas for an allowed Snowflake database.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 3600s / tenant / static |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, accessToken |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
database | string | no | - | Connector-specific argument. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
snowflake.list_tables
List tables for an allowed Snowflake database and schema.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 1800s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, accessToken |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
database | string | no | - | Connector-specific argument. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
schema | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
snowflake.describe_table
Return column metadata and approximate row counts for one allowed Snowflake table.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:data |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 1800s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, accessToken |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
table | string | yes | min length 1 | Connector-specific argument. |
database | string | no | - | Connector-specific argument. |
schema | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
Stripe Customer-Agent Connector (stripe)
Customer-owned Stripe account connector for billing support and finance automations. This is separate from Punk platform billing.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | billing |
| Data classes | pii, billing, payments |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts stripe |
| Fixture selfcheck | bun run apps/connectors/src/index.ts stripe --fixture --selfcheck |
| Punk docs | https://docs.punk.local/connectors/stripe |
| Vendor docs | https://docs.stripe.com/api |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| API token | Restricted Stripe secret key | api_key | PUNK_STRIPE_CUSTOMER_AGENT_API_KEY | - | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
| - | - | - |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
stripe.search_customers | L1 | read:billing | no | not declared | 120s / subject / live | recorded | suppressed | none | Search or list Stripe customers by query, email, or customer id prefix. |
stripe.get_customer | L1 | read:billing | no | not declared | 300s / subject / slow | recorded | suppressed | customerId | Retrieve a Stripe customer by id with optional subscription summary. |
stripe.list_invoices | L1 | read:billing | no | not declared | 120s / subject / live | recorded | suppressed | none | List Stripe invoices with bounded pagination and optional customer/subscription filters. |
stripe.get_invoice | L1 | read:billing | no | not declared | 300s / subject / slow | recorded | suppressed | invoiceId | Retrieve a Stripe invoice by id with optionally expanded line summaries. |
stripe.list_subscriptions | L1 | read:billing | no | not declared | 120s / subject / live | recorded | suppressed | none | List Stripe subscriptions by customer and status. |
stripe.get_payment_intent | L1 | read:billing | no | not declared | 300s / subject / slow | recorded | suppressed | paymentIntentId | Retrieve a Stripe payment intent by id for duplicate-charge and refund review. |
stripe.create_refund_plan | L0 | read:payment | no | supported via idempotencyKey | 0s / none / static | recorded | suppressed, dry-run | none | Create a local refund approval packet. This never calls Stripe and never moves money. |
stripe.create_refund | L4 | write:payment | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | amountCents | Create a Stripe refund only after a dry-run plan, approval metadata, amount cap check, and idempotency key. |
stripe.cancel_subscription | L4 | write:payment | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | subscriptionId | Cancel a Stripe subscription only after a dry-run plan, approval metadata, and idempotency key. |
Tool details:
stripe.search_customers
Search or list Stripe customers by query, email, or customer id prefix.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:billing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / live |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: email, customer.email, customers[].email; Secrets: apiKey, authorization, client_secret |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | max length 500 | Opaque pagination cursor returned by a previous call. |
customerId | string | no | max length 128 | Connector-specific argument. |
email | string | no | max length 320 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | max length 500 | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
stripe.get_customer
Retrieve a Stripe customer by id with optional subscription summary.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:billing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: customer.email, customer.name, customer.phone; Secrets: apiKey, authorization, client_secret |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
customerId | string | yes | min length 1; max length 128 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
includeSubscriptions | boolean | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
stripe.list_invoices
List Stripe invoices with bounded pagination and optional customer/subscription filters.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:billing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / live |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: customer_email, invoices[].customerEmail, invoices[].customerName; Secrets: apiKey, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | max length 500 | Opaque pagination cursor returned by a previous call. |
customerId | string | no | max length 128 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
status | string | no | one of draft, open, paid, uncollectible, void | Connector-specific argument. |
subscriptionId | string | no | max length 128 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
stripe.get_invoice
Retrieve a Stripe invoice by id with optionally expanded line summaries.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:billing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: customer_email, invoice.customerEmail, invoice.customerName; Secrets: apiKey, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
invoiceId | string | yes | min length 1; max length 128 | Connector-specific argument. |
includeLines | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
stripe.list_subscriptions
List Stripe subscriptions by customer and status.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:billing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / live |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: customerId, subscriptions[].customerId; Secrets: apiKey, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | max length 500 | Opaque pagination cursor returned by a previous call. |
customerId | string | no | max length 128 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
status | string | no | one of active, trialing, past_due, canceled, unpaid, incomplete, all | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
stripe.get_payment_intent
Retrieve a Stripe payment intent by id for duplicate-charge and refund review.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:billing |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | suppressed |
| Redaction | PII: customerId; Secrets: apiKey, authorization, client_secret |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
paymentIntentId | string | yes | min length 1; max length 128 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
stripe.create_refund_plan
Create a local refund approval packet. This never calls Stripe and never moves money.
| Contract field | Value |
|---|---|
| Side-effect level | L0 - Local or planning-only; no external side effect. |
| Policy action | read:payment |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / static |
| Replay | can replay / recorded |
| Shadow | suppressed, dry-run |
| Redaction | PII: requestedBy, customerId; Secrets: apiKey, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
amountCents | integer | no | min 1 | Connector-specific argument. |
chargeId | string | no | max length 128 | Connector-specific argument. |
currency | string | no | min length 3; max length 3 | Connector-specific argument. |
customerId | string | no | max length 128 | Connector-specific argument. |
memo | string | no | max length 2000 | Connector-specific argument. |
paymentIntentId | string | no | max length 128 | Connector-specific argument. |
reason | string | no | one of duplicate, fraudulent, requested_by_customer, other | Connector-specific argument. |
requestedBy | string | no | max length 320 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
stripe.create_refund
Create a Stripe refund only after a dry-run plan, approval metadata, amount cap check, and idempotency key.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:payment |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: approval.approvedBy, customerId; Secrets: apiKey, authorization, client_secret |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
amountCents | integer | yes | min 1 | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
chargeId | string | no | max length 128 | Connector-specific argument. |
currency | string | no | min length 3; max length 3 | Connector-specific argument. |
customerId | string | no | max length 128 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | min length 16; max length 255 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
memo | string | no | max length 2000 | Connector-specific argument. |
paymentIntentId | string | no | max length 128 | Connector-specific argument. |
planId | string | no | max length 160 | Connector-specific argument. |
reason | string | no | one of duplicate, fraudulent, requested_by_customer, other | Connector-specific argument. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
stripe.cancel_subscription
Cancel a Stripe subscription only after a dry-run plan, approval metadata, and idempotency key.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:payment |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: approval.approvedBy, customerId; Secrets: apiKey, authorization |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
subscriptionId | string | yes | min length 1; max length 128 | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cancellationReason | string | no | max length 2000 | Connector-specific argument. |
customerId | string | no | max length 128 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | min length 16; max length 255 | Stable caller-provided key used to dedupe write execution. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
invoiceNow | boolean | no | - | Connector-specific argument. |
planId | string | no | max length 160 | Connector-specific argument. |
prorate | boolean | no | - | Connector-specific argument. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Twilio (twilio)
Governed Twilio connector for phone lookup, SMS and WhatsApp history, media metadata, voice metadata, and dry-run-first customer communications.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | communications, support |
| Data classes | communications, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts twilio |
| Fixture selfcheck | bun run apps/connectors/src/index.ts twilio --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/twilio |
| Vendor docs | https://www.twilio.com/docs/messaging/api |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| Basic/API token | Twilio Account SID and Auth Token | account_sid, auth_token | TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN, PUNK_TWILIO_ACCOUNT_SID, PUNK_TWILIO_AUTH_TOKEN | messages:read | lookups:read, messages:create, calls:read, calls:create | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
lookups:read | optional | communications, pii |
messages:read | required | communications, pii |
messages:create | optional | communications, pii |
calls:read | optional | communications, pii |
calls:create | optional | communications, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
twilio.lookup_phone_number | L1 | read:communications | no | not declared | 3600s / subject / slow | recorded | no suppression needed | phoneNumber | Validate and normalize a phone number using Twilio Lookup when available. |
twilio.list_messages | L1 | read:communications | no | not declared | 30s / subject / live | recorded | no suppression needed | none | List bounded SMS or WhatsApp message history by number, date, or direction. |
twilio.get_message | L1 | read:communications | no | not declared | 60s / subject / live | recorded | no suppression needed | messageSid | Retrieve one Twilio message and delivery status, with message body omitted unless requested. |
twilio.get_media | L1 | read:communications | no | not declared | 60s / subject / live | recorded | no suppression needed | messageSid | Read bounded Twilio media metadata. Binary media content is excluded in v1. |
twilio.create_message_draft | L0 | read:communications | no | not declared | 0s / none / live | recorded | dry-run | body, to | Create a local SMS or WhatsApp message plan without contacting Twilio. |
twilio.send_sms | L3 | write:communications | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | body, to | Send an SMS through a dry-run-first side-effect plan. Live sends require explicit enablement and allowlisted parties. |
twilio.send_whatsapp_message | L3 | write:communications | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | to | Send a WhatsApp message through a dry-run-first side-effect plan with template/body controls. |
twilio.list_calls | L1 | read:communications | no | not declared | 30s / subject / live | recorded | no suppression needed | none | List bounded Twilio voice call metadata without downloading recordings. |
twilio.get_call | L1 | read:communications | no | not declared | 60s / subject / live | recorded | no suppression needed | callSid | Retrieve one Twilio call metadata record, with optional recording metadata only. |
twilio.start_call | L4 | write:communications | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | from, to | Start a voice call. This level 4 action is disabled by default and requires explicit enablement, approval metadata, and an idempotency key. |
Tool details:
twilio.lookup_phone_number
Validate and normalize a phone number using Twilio Lookup when available.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:communications |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 3600s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: phoneNumber, nationalFormat; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
phoneNumber | string | yes | min length 3; max length 64 | Connector-specific argument. |
includeCarrier | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
twilio.list_messages
List bounded SMS or WhatsApp message history by number, date, or direction.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:communications |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: messages[].from, messages[].to, messages[].body, messages[].bodyPreview; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
dateSentAfter | string | no | - | ISO date lower bound. |
dateSentBefore | string | no | - | ISO date upper bound. |
direction | string | no | one of inbound, outbound-api, outbound-call, outbound-reply | Connector-specific argument. |
from | string | no | max length 128 | Connector-specific argument. |
includeBody | boolean | no | - | Optional body expansion. Defaults are bounded excerpts or metadata. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
maxBodyBytes | integer | no | min 0; max 5000 | Connector-specific argument. |
pageToken | string | no | min length 1 | Connector-specific argument. |
to | string | no | max length 128 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
twilio.get_message
Retrieve one Twilio message and delivery status, with message body omitted unless requested.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:communications |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: message.from, message.to, message.body, message.bodyPreview; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
messageSid | string | yes | min length 1 | Connector-specific argument. |
includeBody | boolean | no | - | Optional body expansion. Defaults are bounded excerpts or metadata. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
maxBodyBytes | integer | no | min 0; max 10000 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
twilio.get_media
Read bounded Twilio media metadata. Binary media content is excluded in v1.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:communications |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
messageSid | string | yes | min length 1 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
mediaSid | string | no | min length 1 | Connector-specific argument. |
pageToken | string | no | min length 1 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
twilio.create_message_draft
Create a local SMS or WhatsApp message plan without contacting Twilio.
| Contract field | Value |
|---|---|
| Side-effect level | L0 - Local or planning-only; no external side effect. |
| Policy action | read:communications |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 0s / none / live |
| Replay | can replay / recorded |
| Shadow | dry-run |
| Redaction | PII: to, from, body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | min length 1; max length 1600 | Connector-specific argument. |
to | string | yes | max length 128 | Connector-specific argument. |
channel | string | no | one of sms, whatsapp | Connector-specific argument. |
from | string | no | max length 128 | Connector-specific argument. |
templateSid | string | no | max length 64 | Connector-specific argument. |
variables | object | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
twilio.send_sms
Send an SMS through a dry-run-first side-effect plan. Live sends require explicit enablement and allowlisted parties.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:communications |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: to, from, body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | min length 1; max length 1600 | Connector-specific argument. |
to | string | yes | max length 128 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
from | string | no | max length 128 | Connector-specific argument. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
messagingServiceSid | string | no | max length 64 | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
twilio.send_whatsapp_message
Send a WhatsApp message through a dry-run-first side-effect plan with template/body controls.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:communications |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: to, from, body, variables; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
to | string | yes | max length 128 | Connector-specific argument. |
body | string | no | max length 1600 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
from | string | no | max length 128 | Connector-specific argument. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
messagingServiceSid | string | no | max length 64 | Connector-specific argument. |
templateSid | string | no | max length 64 | Connector-specific argument. |
variables | object | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
twilio.list_calls
List bounded Twilio voice call metadata without downloading recordings.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:communications |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: calls[].from, calls[].to; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
from | string | no | max length 128 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
pageToken | string | no | min length 1 | Connector-specific argument. |
startTimeAfter | string | no | - | ISO date lower bound. |
startTimeBefore | string | no | - | ISO date upper bound. |
status | string | no | one of queued, ringing, in-progress, completed, busy, failed, no-answer, canceled | Connector-specific argument. |
to | string | no | max length 128 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
twilio.get_call
Retrieve one Twilio call metadata record, with optional recording metadata only.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:communications |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: call.from, call.to; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
callSid | string | yes | min length 1 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
includeRecordings | boolean | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
twilio.start_call
Start a voice call. This level 4 action is disabled by default and requires explicit enablement, approval metadata, and an idempotency key.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:communications |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: to, from, twiml; Secrets: url |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
from | string | yes | max length 128 | Connector-specific argument. |
to | string | yes | max length 128 | Connector-specific argument. |
approvalId | string | no | max length 255 | Connector-specific argument. |
approvedBy | string | no | max length 255 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
twiml | string | no | max length 4000 | Connector-specific argument. |
url | string | no | max length 2000 | Connector-specific argument. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Vanta (vanta)
Governed Vanta connector for compliance control, test, evidence, and vendor-risk reads plus dry-run-first evidence and vendor status writes.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | compliance, security |
| Data classes | compliance, audit, documents, pii, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts vanta |
| Fixture selfcheck | bun run apps/connectors/src/index.ts vanta --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/vanta |
| Vendor docs | https://developer.vanta.com/reference/overview |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| API token | Vanta API token | apiToken | PUNK_VANTA_API_TOKEN | controls:read, tests:read | evidence:read, evidence:write, vendors:read, vendors:write | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
controls:read | required | compliance, audit |
tests:read | required | compliance, audit |
evidence:read | optional | documents, compliance, pii |
evidence:write | optional | documents, compliance, pii |
vendors:read | optional | compliance, metadata, pii |
vendors:write | optional | compliance, audit, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
vanta.list_controls | L1 | read:compliance | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Vanta controls with optional framework and status filters using bounded pagination. |
vanta.get_control | L1 | read:compliance | no | not declared | 300s / subject / slow | recorded | no suppression needed | controlId | Retrieve one Vanta control with owner, framework, and status metadata. |
vanta.list_tests | L1 | read:compliance | no | not declared | 180s / tenant / slow | recorded | no suppression needed | none | List Vanta test status by framework or control with bounded pagination. |
vanta.get_test | L1 | read:compliance | no | not declared | 180s / subject / slow | recorded | no suppression needed | testId | Retrieve one Vanta test and its evidence requirements. |
vanta.list_evidence | L1 | read:compliance | no | not declared | 120s / subject / slow | recorded | no suppression needed | none | List Vanta evidence metadata for a control or test. File contents are never returned. |
vanta.upload_evidence_plan | L0 | read:compliance | no | not declared | 0s / none / static | recorded | suppressed, dry-run | fileName, mimeType, sizeBytes | Locally validate an evidence upload and return an auditable side-effect plan without contacting Vanta. |
vanta.upload_evidence | L3 | write:compliance | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | fileName, mimeType, sizeBytes | Upload bounded evidence metadata/content to Vanta. dryRun defaults to true and live writes require explicit write enablement plus approval metadata. |
vanta.list_vendors | L1 | read:compliance | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Vanta vendors and security-review metadata with bounded pagination. |
vanta.get_vendor | L1 | read:compliance | no | not declared | 300s / subject / slow | recorded | no suppression needed | vendorId | Retrieve one Vanta vendor and its security-review status. |
vanta.update_vendor_status | L3 | write:compliance | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | status, vendorId | Update a Vanta vendor compliance-review status/comment. dryRun defaults to true and non-dry-run live writes require explicit write enablement plus approval metadata. |
Tool details:
vanta.list_controls
List Vanta controls with optional framework and status filters using bounded pagination.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:compliance |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: controls[].owner; Secrets: authorization, apiToken, raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
framework | string | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
status | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
vanta.get_control
Retrieve one Vanta control with owner, framework, and status metadata.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:compliance |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: control.owner; Secrets: authorization, apiToken, raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
controlId | string | yes | min length 1 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
vanta.list_tests
List Vanta test status by framework or control with bounded pagination.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:compliance |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 180s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: tests[].owner; Secrets: authorization, apiToken, raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
controlId | string | no | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
framework | string | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
status | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
vanta.get_test
Retrieve one Vanta test and its evidence requirements.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:compliance |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 180s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: test.owner, test.evidenceRequirements; Secrets: authorization, apiToken, raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
testId | string | yes | min length 1 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
vanta.list_evidence
List Vanta evidence metadata for a control or test. File contents are never returned.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:compliance |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: evidence[].createdBy; Secrets: authorization, apiToken, raw, downloadUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
controlId | string | no | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
testId | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
vanta.upload_evidence_plan
Locally validate an evidence upload and return an auditable side-effect plan without contacting Vanta.
| Contract field | Value |
|---|---|
| Side-effect level | L0 - Local or planning-only; no external side effect. |
| Policy action | read:compliance |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 0s / none / static |
| Replay | can replay / recorded |
| Shadow | suppressed, dry-run |
| Redaction | PII: fileName, description; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileName | string | yes | min length 1; max length 255 | Connector-specific argument. |
mimeType | string | yes | min length 1; max length 120 | Connector-specific argument. |
sizeBytes | integer | yes | min 1; max 10485760 | Connector-specific argument. |
controlId | string | no | - | Connector-specific argument. |
description | string | no | max length 2000 | Connector-specific argument. |
sha256 | string | no | max length 128 | Connector-specific argument. |
testId | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
vanta.upload_evidence
Upload bounded evidence metadata/content to Vanta. dryRun defaults to true and live writes require explicit write enablement plus approval metadata.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:compliance |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: fileName, description, contentBase64; Secrets: authorization, apiToken |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fileName | string | yes | min length 1; max length 255 | Connector-specific argument. |
mimeType | string | yes | min length 1; max length 120 | Connector-specific argument. |
sizeBytes | integer | yes | min 1; max 10485760 | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
contentBase64 | string | no | max length 13981016 | Connector-specific argument. |
controlId | string | no | - | Connector-specific argument. |
description | string | no | max length 2000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
sha256 | string | no | max length 128 | Connector-specific argument. |
testId | string | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
vanta.list_vendors
List Vanta vendors and security-review metadata with bounded pagination.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:compliance |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: vendors[].owner; Secrets: authorization, apiToken, raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
status | string | no | - | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
vanta.get_vendor
Retrieve one Vanta vendor and its security-review status.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:compliance |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: vendor.owner, vendor.contactEmail; Secrets: authorization, apiToken, raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
vendorId | string | yes | min length 1 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
vanta.update_vendor_status
Update a Vanta vendor compliance-review status/comment. dryRun defaults to true and non-dry-run live writes require explicit write enablement plus approval metadata.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:compliance |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: comment, approval; Secrets: authorization, apiToken |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
status | string | yes | one of not_started, in_review, approved, needs_remediation, rejected | Connector-specific argument. |
vendorId | string | yes | min length 1 | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
comment | string | no | max length 2000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
Workday (workday)
Governed Workday connector for worker, org, job, role, absence, and lifecycle workflows with strict HR approval gates.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | hr, recruiting, identity |
| Data classes | hr, recruiting, identity, pii, audit, metadata |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts workday |
| Fixture selfcheck | bun run apps/connectors/src/index.ts workday --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/workday |
| Vendor docs | https://community.workday.com/sites/default/files/file-hosting/restapi/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | Workday OAuth access token | accessToken | WORKDAY_ACCESS_TOKEN | workers:read, organizations:read | workers:write | yes |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
workers:read | required | hr, pii |
organizations:read | required | hr |
workers:write | optional | hr, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
workday.search_workers | L1 | read:hr | no | not declared | 300s / subject / slow | recorded | no suppression needed | none | Search Workday workers. |
workday.get_worker | L1 | read:hr | no | not declared | 300s / subject / slow | recorded | no suppression needed | workerId | Read one worker profile. |
workday.list_orgs | L1 | read:hr | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Workday organizations. |
workday.list_jobs | L1 | read:hr | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Workday jobs. |
workday.list_roles | L1 | read:hr | no | not declared | 300s / subject / slow | recorded | no suppression needed | workerId | List worker roles. |
workday.list_time_off | L1 | read:hr | no | not declared | 300s / subject / slow | recorded | no suppression needed | workerId | List worker absence and time-off records. |
workday.plan_worker_lifecycle | L3 | write:hr | no | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | workerId | Create a dry-run HR lifecycle plan. |
workday.update_worker_profile | L4 | write:hr | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | idempotencyKey, workerId | Update HR profile fields after approval. |
workday.request_time_off | L4 | write:hr | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | endDate, idempotencyKey, startDate, workerId | Submit time off for a worker after approval. |
workday.terminate_worker | L4 | write:hr | yes | supported via idempotencyKey | 0s / none / live | never | suppressed, dry-run | idempotencyKey, workerId | Initiate worker termination after approval. |
Tool details:
workday.search_workers
Search Workday workers.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:hr |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
workday.get_worker
Read one worker profile.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:hr |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
workerId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
workday.list_orgs
List Workday organizations.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:hr |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
workday.list_jobs
List Workday jobs.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:hr |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
workday.list_roles
List worker roles.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:hr |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
workerId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
workday.list_time_off
List worker absence and time-off records.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:hr |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
workerId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
workday.plan_worker_lifecycle
Create a dry-run HR lifecycle plan.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:hr |
| Approval required by default | no |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
workerId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
workday.update_worker_profile
Update HR profile fields after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:hr |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
workerId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
workday.request_time_off
Submit time off for a worker after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:hr |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
endDate | string | number | boolean | object | array | yes | - | Connector-specific argument. |
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
startDate | string | number | boolean | object | array | yes | - | Connector-specific argument. |
workerId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
workday.terminate_worker
Initiate worker termination after approval.
| Contract field | Value |
|---|---|
| Side-effect level | L4 - High-impact action involving money, access, production systems, legal state, HR, deletion, or customer-visible execution. |
| Policy action | write:hr |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | cannot replay / never |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: authorization, token, apiKey, password, secret, cookie, downloadUrl, shareUrl |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
idempotencyKey | string | yes | - | Stable caller-provided key used to dedupe write execution. |
workerId | string | number | boolean | object | array | yes | - | Connector-specific argument. |
approval | object | no | - | Approval metadata required before level 4 actions can execute. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
limit | integer | no | min 1; max 100 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
Agent usage: High-impact action. Execution requires approval metadata, idempotency, explicit live-write enablement, and must never be run during replay or shadow.
Zendesk (zendesk)
Support ticket connector for Zendesk with governed reads, explicit public replies versus internal notes, and level 3 ticket writes.
| Field | Value |
|---|---|
| Version | 0.1.0-draft |
| Categories | support |
| Data classes | tickets, pii |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts zendesk |
| Fixture selfcheck | bun run apps/connectors/src/index.ts zendesk --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/zendesk |
| Vendor docs | https://developer.zendesk.com/api-reference/ticketing/tickets/tickets/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | Zendesk OAuth access token | accessToken, subdomain | PUNK_ZENDESK_ACCESS_TOKEN, PUNK_ZENDESK_SUBDOMAIN | read, write | - | no |
| API token | Zendesk email plus API token | email, apiToken, subdomain | PUNK_ZENDESK_EMAIL, PUNK_ZENDESK_API_TOKEN, PUNK_ZENDESK_SUBDOMAIN | - | - | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
read | required | tickets, pii |
write | required | tickets, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
zendesk.search_tickets | L1 | read:ticket | no | not declared | 30s / subject / live | recorded | no suppression needed | none | Search Zendesk tickets by requester, subject, status, priority, group, brand, or tag. |
zendesk.get_ticket | L1 | read:ticket | no | not declared | 120s / subject / slow | recorded | no suppression needed | ticketId | Get a Zendesk ticket by id with bounded normalized comments and optional raw payload. |
zendesk.search_users | L1 | read:ticket | no | not declared | 120s / subject / slow | recorded | no suppression needed | none | Search Zendesk users by name, email, organization, or role. |
zendesk.create_ticket | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | body, initialCommentVisibility, requesterEmail, subject | Create a Zendesk ticket. Initial comment visibility must be explicit: public_reply or internal_note. |
zendesk.comment_ticket | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | body, ticketId, visibility | Add a Zendesk ticket comment. Visibility is required and public_reply is customer-visible. |
zendesk.update_ticket | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | fields, ticketId | Update allowlisted Zendesk ticket routing and lifecycle fields. Comments must use zendesk.comment_ticket. |
zendesk.add_tags | L3 | write:ticket | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | tags, ticketId | Add tags to a Zendesk ticket. Classified as level 3 because tags can drive customer-visible automation. |
Tool details:
zendesk.search_tickets
Search Zendesk tickets by requester, subject, status, priority, group, brand, or tag.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:ticket |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 30s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: requesterEmail; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
brandId | string | no | - | Optional brand filter; checked against tenant allowlist when configured. |
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
groupId | string | no | - | Optional group filter; checked against tenant allowlist when configured. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
priority | string | no | one of low, normal, high, urgent | Connector-specific argument. |
query | string | no | - | Search string or filter expression accepted by the connector. |
status | string | no | one of new, open, pending, hold, solved, closed | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
zendesk.get_ticket
Get a Zendesk ticket by id with bounded normalized comments and optional raw payload.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:ticket |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: requesterEmail, comments.body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
ticketId | string | yes | - | Connector-specific argument. |
includeComments | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
zendesk.search_users
Search Zendesk users by name, email, organization, or role.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:ticket |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: email; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
cursor | string | no | - | Opaque pagination cursor returned by a previous call. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
query | string | no | - | Search string or filter expression accepted by the connector. |
role | string | no | one of end-user, agent, admin | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
zendesk.create_ticket
Create a Zendesk ticket. Initial comment visibility must be explicit: public_reply or internal_note.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: requesterEmail, body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | max length 10000 | Connector-specific argument. |
initialCommentVisibility | string | yes | one of public_reply, internal_note | Connector-specific argument. |
requesterEmail | string | yes | - | Connector-specific argument. |
subject | string | yes | max length 300 | Connector-specific argument. |
brandId | string | no | - | Checked against tenant allowlist when configured. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
groupId | string | no | - | Checked against tenant allowlist when configured. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
priority | string | no | one of low, normal, high, urgent | Connector-specific argument. |
tags | array | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
zendesk.comment_ticket
Add a Zendesk ticket comment. Visibility is required and public_reply is customer-visible.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: body; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
body | string | yes | max length 10000 | Connector-specific argument. |
ticketId | string | yes | - | Connector-specific argument. |
visibility | string | yes | one of public_reply, internal_note | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
zendesk.update_ticket
Update allowlisted Zendesk ticket routing and lifecycle fields. Comments must use zendesk.comment_ticket.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
fields | object | yes | - | Allowed fields: status, priority, assignee_id, group_id, brand_id, custom_status_id. |
ticketId | string | yes | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
zendesk.add_tags
Add tags to a Zendesk ticket. Classified as level 3 because tags can drive customer-visible automation.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:ticket |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: none declared; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
tags | array | yes | - | Connector-specific argument. |
ticketId | string | yes | - | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | - | Stable caller-provided key used to dedupe write execution. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
Zoom (zoom)
Governed Zoom connector for meeting metadata, recordings, transcripts, webinars, and dry-run-first meeting changes.
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Categories | productivity, communications |
| Data classes | calendar, recordings, pii, documents, metadata, identity |
| Default transport | stdio |
| Runtime command | bun run apps/connectors/src/index.ts zoom |
| Fixture selfcheck | bun run apps/connectors/src/index.ts zoom --fixture --selfcheck |
| Punk docs | https://docs.punk.dev/connectors/zoom |
| Vendor docs | https://developers.zoom.us/docs/api/ |
Auth requirements:
| Auth mode | Label | Required credential fields | Required env vars | Required scopes | Optional scopes | OAuth refresh |
|---|---|---|---|---|---|---|
| OAuth 2.0 | Zoom OAuth access token | access_token | ZOOM_ACCESS_TOKEN, PUNK_ZOOM_ACCESS_TOKEN | user:read, meeting:read | recording:read, webinar:read, meeting:write | no |
Scope/data-class map:
| Scope | Requirement | Data classes |
|---|---|---|
user:read | required | identity, pii |
meeting:read | required | calendar, pii |
recording:read | optional | recordings, documents, pii |
webinar:read | optional | calendar, pii |
meeting:write | optional | calendar, pii |
Tool summary:
| Tool | Level | Action | Approval | Idempotency | Cache TTL/scope/freshness | Replay | Shadow | Required inputs | Description |
|---|---|---|---|---|---|---|---|---|---|
zoom.list_users | L1 | read:identity | no | not declared | 300s / tenant / slow | recorded | no suppression needed | none | List Zoom users with bounded pagination for meeting ownership lookup. |
zoom.list_meetings | L1 | read:calendar | no | not declared | 60s / subject / live | recorded | no suppression needed | none | List upcoming or previous Zoom meetings for one user with bounded pagination. |
zoom.get_meeting | L1 | read:calendar | no | not declared | 120s / subject / live | recorded | no suppression needed | meetingId | Retrieve one Zoom meeting. Join URLs are redacted unless explicitly requested. |
zoom.list_recordings | L1 | read:documents | no | not declared | 60s / subject / live | recorded | no suppression needed | none | List Zoom cloud recordings by user and date range. Download/play URLs are always redacted. |
zoom.get_recording_transcript | L1 | read:documents | no | not declared | 120s / subject / live | recorded | no suppression needed | meetingId | Retrieve a bounded transcript excerpt by default; full transcript requires an explicit flag and byte limit. |
zoom.list_webinars | L1 | read:calendar | no | not declared | 60s / subject / live | recorded | no suppression needed | none | List optional Zoom webinar metadata for one user with bounded pagination. |
zoom.create_meeting | L3 | write:calendar | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | durationMinutes, startTime, topic | Create a Zoom meeting through a dry-run-first side-effect plan. Live writes require explicit enablement and an idempotency key. |
zoom.update_meeting | L3 | write:calendar | yes | supported via idempotencyKey | 0s / none / live | dry_run | suppressed, dry-run | meetingId | Patch allowlisted Zoom meeting fields through a dry-run-first side-effect plan. |
Tool details:
zoom.list_users
List Zoom users with bounded pagination for meeting ownership lookup.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:identity |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 300s / tenant / slow |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: users[].email, users[].displayName; Secrets: raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
pageToken | string | no | min length 1 | Connector-specific argument. |
status | string | no | one of active, inactive, pending | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
zoom.list_meetings
List upcoming or previous Zoom meetings for one user with bounded pagination.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:calendar |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: meetings[].topic, meetings[].hostEmail; Secrets: meetings[].joinUrl, raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
from | string | no | - | Optional ISO date lower bound for previous meetings. |
includeJoinUrl | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
pageToken | string | no | min length 1 | Connector-specific argument. |
to | string | no | - | Optional ISO date upper bound for previous meetings. |
type | string | no | one of upcoming, previous, scheduled | Connector-specific argument. |
userId | string | no | min length 1 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
zoom.get_meeting
Retrieve one Zoom meeting. Join URLs are redacted unless explicitly requested.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:calendar |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: meeting.topic, meeting.hostEmail; Secrets: meeting.joinUrl, raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
meetingId | string | yes | min length 1 | Connector-specific argument. |
includeJoinUrl | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
zoom.list_recordings
List Zoom cloud recordings by user and date range. Download/play URLs are always redacted.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: recordings[].topic; Secrets: recordings[].files[].downloadUrl, recordings[].files[].playUrl, raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
from | string | no | - | ISO date lower bound. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 25 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
pageToken | string | no | min length 1 | Connector-specific argument. |
to | string | no | - | ISO date upper bound. |
userId | string | no | min length 1 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
zoom.get_recording_transcript
Retrieve a bounded transcript excerpt by default; full transcript requires an explicit flag and byte limit.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:documents |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 120s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: transcript.text, transcript.excerpt; Secrets: transcript.downloadUrl, raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
meetingId | string | yes | min length 1 | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
includeTranscript | boolean | no | - | Connector-specific argument. |
maxBytes | integer | no | min 100; max 50000 | Maximum response bytes for content-like reads. |
recordingId | string | no | min length 1 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
zoom.list_webinars
List optional Zoom webinar metadata for one user with bounded pagination.
| Contract field | Value |
|---|---|
| Side-effect level | L1 - Read-only external access. |
| Policy action | read:calendar |
| Approval required by default | no |
| Idempotency | not declared |
| Cache | 60s / subject / live |
| Replay | can replay / recorded |
| Shadow | no suppression needed |
| Redaction | PII: webinars[].topic, webinars[].hostEmail; Secrets: webinars[].joinUrl, raw |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
includeJoinUrl | boolean | no | - | Connector-specific argument. |
includeRaw | boolean | no | - | Optional raw vendor payload expansion. Use only when policy permits the larger/sensitive response. |
limit | integer | no | min 1; max 50 | Maximum items to return. Connectors bound this value even when callers provide a larger number. |
pageToken | string | no | min length 1 | Connector-specific argument. |
type | string | no | one of upcoming, past | Connector-specific argument. |
userId | string | no | min length 1 | Connector-specific argument. |
Agent usage: Use as context-gathering before model reasoning. Respect cache scope and request explicit sensitive expansions only when needed.
zoom.create_meeting
Create a Zoom meeting through a dry-run-first side-effect plan. Live writes require explicit enablement and an idempotency key.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:calendar |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: topic, agenda; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
durationMinutes | integer | yes | min 1; max 1440 | Connector-specific argument. |
startTime | string | yes | - | ISO 8601 start datetime. |
topic | string | yes | min length 1; max length 300 | Connector-specific argument. |
agenda | string | no | max length 2000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
joinBeforeHost | boolean | no | - | Connector-specific argument. |
timezone | string | no | max length 100 | Connector-specific argument. |
userId | string | no | min length 1 | Connector-specific argument. |
waitingRoom | boolean | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.
zoom.update_meeting
Patch allowlisted Zoom meeting fields through a dry-run-first side-effect plan.
| Contract field | Value |
|---|---|
| Side-effect level | L3 - User-visible or business-system write. |
| Policy action | write:calendar |
| Approval required by default | yes |
| Idempotency | supported via idempotencyKey |
| Cache | 0s / none / live |
| Replay | can replay / dry_run |
| Shadow | suppressed, dry-run |
| Redaction | PII: topic, agenda; Secrets: none declared |
Input contract:
| Field | Type | Required | Bounds / enum | Notes |
|---|---|---|---|---|
meetingId | string | yes | min length 1 | Connector-specific argument. |
agenda | string | no | max length 2000 | Connector-specific argument. |
dryRun | boolean | no | - | When true or omitted for writes, return a side-effect plan without executing the vendor write. |
durationMinutes | integer | no | min 1; max 1440 | Connector-specific argument. |
idempotencyKey | string | no | max length 255 | Stable caller-provided key used to dedupe write execution. |
joinBeforeHost | boolean | no | - | Connector-specific argument. |
startTime | string | no | - | ISO 8601 start datetime. |
timezone | string | no | max length 100 | Connector-specific argument. |
topic | string | no | min length 1; max length 300 | Connector-specific argument. |
waitingRoom | boolean | no | - | Connector-specific argument. |
Agent usage: Customer-visible or business-system write. Keep dryRun true for planning, provide idempotencyKey for execution, and expect replay/shadow suppression.