integrations · live count 20
Every connector,
every action.
From GitHub to AWS to your filesystem — Nomos ships pre-flighted policy templates for every supported provider so you can grant least-scope access without writing a single line of Cedar. Need a connector that isn’t here yet? The adapter contract is six functions.
matrix
What Nomos can authorize today.
SaaS · 5
provider
auth
notes
status
- GIGitHubgithubOAuth · PATIssues, PRs, branches, repo metadata, branch protection.live
- LILinearlinearOAuthIssues, projects, cycles, comments via GraphQL.live
- JIJirajiraOAuthIssues, sprints, transitions, JQL search.live
- STStripestripeOAuth · API keyCustomers, charges, invoices. Refunds gated by step-up.live
- SASalesforcesalesforceOAuthAccounts, opportunities, custom objects.beta
Messaging · 5
provider
auth
notes
status
- SLSlackslackOAuthChannel messages, threads, user lookups, file uploads.live
- DIDiscorddiscordBot tokenGuild messages, channels, role-scoped posting.live
- TETelegramtelegramBot tokenBot send/receive, group + DM, inline keyboards.live
- TWTwiliotwilioAPI keySMS, voice, WhatsApp. Cost-cap enforced per envelope.live
- IMiMessageimessagemacOS hostLocal-host bridge for macOS Messages.app.beta
Productivity · 10
provider
auth
notes
status
- NONotionnotionOAuthRead/write pages, blocks, database rows.live
- GOGoogle Drivegoogle_driveOAuthFiles, folders, sharing, revisions.live
- GOGoogle Docsgoogle_docsOAuthCreate, read, edit documents and headings.live
- GOGoogle Sheetsgoogle_sheetsOAuthRead/write ranges, append, format, batch update.live
- GMGmailgoogle_gmailOAuthRead, send, label, search. Send gated by step-up.live
- GOGoogle Calendargoogle_calendarOAuthEvents, attendees, free/busy, multi-calendar.live
- GOGoogle Contactsgoogle_contactsOAuthPeople, groups, contact-level reads.live
- GOGoogle Tasksgoogle_tasksOAuthLists, tasks, completion state.live
- DRDropboxdropboxOAuthFiles, folders, shared links.live
- GRGranolagranolaAPI keyMeeting transcripts + notes.beta
Cloud IAM · 3
provider
auth
notes
status
- AWAWSawsOIDC federationSTS AssumeRoleWithWebIdentity. KMS-signed Nomos JWT.beta
- AZAzureazureOIDC federationWorkload identity federation. Service principal scoped.beta
- GOGoogle CloudgcpOIDC federationWorkload identity pool. Per-call service account impersonation.beta
Data · 1
provider
auth
notes
status
- POPostgrespostgresConnection stringQuery, transaction, schema introspection. Row-level cap.live
System · 2
provider
auth
notes
status
- FIFilesystemfilesystemHost pathPath-scoped read/write. Local + sandboxed for dynamic agents.live
- SSSSH / SFTPsshKey · passwordRemote exec, file transfer. Shell-injection guards.live
AI · 1
provider
auth
notes
status
- PEPerplexityperplexityAPI keySonar search + chat completions.beta
build your own
Adapter contract,
six functions.
Adding a connector means implementing the OAuth dance and four tiny callbacks. Nomos handles the policy, the audit, the step-up, and the refresh sweep. You bring the API.
export interface Connector {
id: ConnectorId; // 'jira'
defaultScopes: string[]; // ['read:jira-work']
authUrl(args: AuthArgs): string;
exchangeCode(code: string): Promise<TokenSet>;
refresh(token: string): Promise<TokenSet>;
callApi(req: ProxiedRequest): Promise<UpstreamResponse>;
}