Connector catalog
Connectors are how Gamut exposes broad tool access to agents without weakening the zero-trust architecture. Agents never call tools directly. Tools are registered, governed and invoked through Gamut Gateway after policy, permission, tenant, assessment and identity checks.
How a connector is governed
Section titled “How a connector is governed”Each connector is a governed adapter with a defined contract, rather than a raw API call. A connector carries:
- A stable tool name (for example
siem.search_alerts). - An action type, the policy category, such as retrieve, report, ticket, notify or model.
- A default risk tier for runtime classification.
- A credential reference to a managed Gateway-side secret, never a raw secret in a workflow.
- An endpoint policy, allowlisted destinations and safety rules.
- Payload and response policies: accepted input shape and size, plus redaction and retention rules for outputs.
- An audit policy, the fields recorded for every decision and invocation.
Because credentials live on the Gateway side and destinations are allowlisted, agents get capability without ever holding keys or reaching arbitrary endpoints.
Built-in connector families
Section titled “Built-in connector families”Gamut ships with connector families spanning common enterprise needs. Availability and enablement depend on your plan & entitlements and workspace configuration.
| Family | Typical use |
|---|---|
| Model gateway | Model reasoning or generation (provider keys live only on Gateway). |
| Context (CAG) | Retrieve governed Gamut workspace context, tenant-scoped. |
| Retrieval (RAG) | Search approved knowledge stores with redaction policy. |
| MCP brokers | Broker approved MCP tools with explicit per-tool scopes. |
| Configurable HTTP | Wire customer REST APIs without code changes. |
| Webhook | Send bounded JSON events to approved destinations. |
| SIEM / SOAR | Security investigation context and incident workflows. |
| Ticketing & work | Create governed work items and agent tasks. |
| Document | Produce governed workpapers and summaries. |
| Database | Read approved operational data under strict query policy. |
| Gamut writeback | Materialise approved findings and evidence requests into Gamut. |
| Notification | Notify approved recipients by email or chat. |
| CRM | Read or update customer records under PII controls. |
| Productivity | Mail, calendar, drive and directory APIs, path-scoped. |
| Content & wiki | Retrieve or update approved knowledge stores. |
| Object storage | Read or write scoped object storage. |
| Research & market data | News, RSS and market research from allowlisted sources. |
| Finance | Finance or payment operations (critical risk, approval-gated). |
| Public channels | Publish approved content externally (approval-gated). |
Two layers must agree
Section titled “Two layers must agree”An agent can use a connector only when both authorisation layers align:
- Tool permissions in Agentic CISO, the business decision that this agent may use this tool.
- Connector registration and policy in Gateway, the technical capability, plus a policy that allows the requested action, context and payload.
Add the required approval gates and a valid scoped runtime token, and only then does the action proceed. This is the mechanism that lets Gamut offer broad reach safely.
- Gamut Gateway: how connector calls are decided and enforced.
- Agentic CISO: where tool permissions are granted.