Connectors hold the credential, enforce the gate, and write the record.Okta · ServiceNow · GitHub · Salesforce · Workday · AWS
Connectors

The connector is where governance becomes real.

Agents should not carry credentials or decide when they need approval. ARX connectors hold the credential, score the action, route manager review, and write the personnel record.

See platformVendor review evidence
Control surface

Integrations are plumbing. Connectors are supervision.

Every operation carries an owner, scope, risk class, approval rule, and audit outcome. Below the line, work proceeds. Above the line, the manager decides.

Credential custody

No agent-held secrets

Tokens are minted on demand and scoped to the agent’s manifest, connector, and approved operations.

Approval enforcement

Server-side gates

High-risk writes are paused before they reach the SaaS API. The approval is bound to a named manager.

Record generation

Every call is evidence

The personnel record includes action, score, formula inputs, verdict, approver, and witness hash.

Connector graphOne graph, many workers.

The same governance grammar applies whether the agent touches identity, ITSM, code, data, or security tools.

Readauto-allow

Low-risk reads proceed with record generation.

Writereview

Scoped writes can require manager approval by operation.

Destructivedeny

High-risk actions can be blocked deterministically.

Exitrevoke

Termination invalidates connector grants.

Identity

Okta · Entra · Workday

Read workforce context, bind managers, and revoke access at termination.

users.read · groups.read · lifecycle.write
ITSM

ServiceNow · Jira

Open incidents, draft changes, close duplicates, and pause destructive writes for approval.

incident.create · change.close → approval
Security

CrowdStrike · Wiz · Splunk

Let agents triage signals while ARX supervises remediation scope and audit posture.

detections.read · findings.list · remediate.write
Code and data

GitHub · Snowflake · Salesforce

Govern draft artifacts, pull requests, reporting queries, and CRM updates by role and manager.

pull_request.write · query.read · account.update
Request

The agent asks the connector to perform a declared operation with runtime context.

agent → connector
Score

ARX evaluates operation risk, connector sensitivity, target sensitivity, and session behavior.

0-100 risk
Verdict

Allow, deny, or route to the named manager with diff and rationale.

policy decision
Record

The result lands in the personnel record whether the action was allowed or blocked.

hash-chained

Bring one connector graph.

We will map the first cohort’s tools, writes, manager gates, and termination path.

Book demoRequest connector list