integrations · live count 20

Every connector,
every action.

From GitHub to AWS to your filesystem — Nomos ships pre-flighted policy templates for every supported provider so you can grant least-scope access without writing a single line of Cedar. Need a connector that isn’t here yet? The adapter contract is six functions.

matrix

What Nomos can authorize today.

SaaS · 5

provider
auth
notes
status
  • GI
    GitHub
    github
    OAuth · PAT
    Issues, PRs, branches, repo metadata, branch protection.
    live
  • LI
    Linear
    linear
    OAuth
    Issues, projects, cycles, comments via GraphQL.
    live
  • JI
    Jira
    jira
    OAuth
    Issues, sprints, transitions, JQL search.
    live
  • ST
    Stripe
    stripe
    OAuth · API key
    Customers, charges, invoices. Refunds gated by step-up.
    live
  • SA
    Salesforce
    salesforce
    OAuth
    Accounts, opportunities, custom objects.
    beta

Messaging · 5

provider
auth
notes
status
  • SL
    Slack
    slack
    OAuth
    Channel messages, threads, user lookups, file uploads.
    live
  • DI
    Discord
    discord
    Bot token
    Guild messages, channels, role-scoped posting.
    live
  • TE
    Telegram
    telegram
    Bot token
    Bot send/receive, group + DM, inline keyboards.
    live
  • TW
    Twilio
    twilio
    API key
    SMS, voice, WhatsApp. Cost-cap enforced per envelope.
    live
  • IM
    iMessage
    imessage
    macOS host
    Local-host bridge for macOS Messages.app.
    beta

Productivity · 10

provider
auth
notes
status
  • NO
    Notion
    notion
    OAuth
    Read/write pages, blocks, database rows.
    live
  • GO
    Google Drive
    google_drive
    OAuth
    Files, folders, sharing, revisions.
    live
  • GO
    Google Docs
    google_docs
    OAuth
    Create, read, edit documents and headings.
    live
  • GO
    Google Sheets
    google_sheets
    OAuth
    Read/write ranges, append, format, batch update.
    live
  • GM
    Gmail
    google_gmail
    OAuth
    Read, send, label, search. Send gated by step-up.
    live
  • GO
    Google Calendar
    google_calendar
    OAuth
    Events, attendees, free/busy, multi-calendar.
    live
  • GO
    Google Contacts
    google_contacts
    OAuth
    People, groups, contact-level reads.
    live
  • GO
    Google Tasks
    google_tasks
    OAuth
    Lists, tasks, completion state.
    live
  • DR
    Dropbox
    dropbox
    OAuth
    Files, folders, shared links.
    live
  • GR
    Granola
    granola
    API key
    Meeting transcripts + notes.
    beta

Cloud IAM · 3

provider
auth
notes
status
  • AW
    AWS
    aws
    OIDC federation
    STS AssumeRoleWithWebIdentity. KMS-signed Nomos JWT.
    beta
  • AZ
    Azure
    azure
    OIDC federation
    Workload identity federation. Service principal scoped.
    beta
  • GO
    Google Cloud
    gcp
    OIDC federation
    Workload identity pool. Per-call service account impersonation.
    beta

Data · 1

provider
auth
notes
status
  • PO
    Postgres
    postgres
    Connection string
    Query, transaction, schema introspection. Row-level cap.
    live

System · 2

provider
auth
notes
status
  • FI
    Filesystem
    filesystem
    Host path
    Path-scoped read/write. Local + sandboxed for dynamic agents.
    live
  • SS
    SSH / SFTP
    ssh
    Key · password
    Remote exec, file transfer. Shell-injection guards.
    live

AI · 1

provider
auth
notes
status
  • PE
    Perplexity
    perplexity
    API key
    Sonar search + chat completions.
    beta
build your own

Adapter contract,
six functions.

Adding a connector means implementing the OAuth dance and four tiny callbacks. Nomos handles the policy, the audit, the step-up, and the refresh sweep. You bring the API.

export interface Connector {
  id: ConnectorId;                  // 'jira'
  defaultScopes: string[];          // ['read:jira-work']

  authUrl(args: AuthArgs): string;
  exchangeCode(code: string): Promise<TokenSet>;
  refresh(token: string): Promise<TokenSet>;
  callApi(req: ProxiedRequest): Promise<UpstreamResponse>;
}