{"counts":{"config_only":0,"copy_only":3,"live":17,"live_or_copy":15,"planned":19,"total_entries":54},"entries":[{"auth_modes":["none"],"blockers":[],"category":"Local browser context","config_type":"page_context","description":"Sends the current page title, headings, and bounded body text to the model.","key":"input:page-context","kind":"input","label":"Current page context","requirements":["The browser workbench already has a direct BYO-token runtime path for this pack today.","No provider credential is required; the operator still chooses the exact page, file, or route input in the browser.","Runtime source: active_document."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["none"],"blockers":[],"category":"Local browser context","config_type":"recipes_index","description":"Searches the generated recipe index and attaches the most relevant docs, prompts, and remediation pages.","key":"input:recipe-index","kind":"input","label":"SecurityRecipes search index","requirements":["The browser workbench already has a direct BYO-token runtime path for this pack today.","No provider credential is required; the operator still chooses the exact page, file, or route input in the browser.","Runtime source: /recipes-index.json."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["public","pat","oauth"],"blockers":[],"category":"Code and findings sources","config_type":"github_repository","description":"Pulls bounded public or authenticated GitHub repo metadata, manifest files, open issues, and pull requests.","key":"input:github-repository","kind":"input","label":"GitHub repository context","requirements":["The browser workbench already has a direct BYO-token runtime path for this pack today.","The pack can rely on public or anonymously readable data, but the browser still needs a bounded repository, tenant, or document target.","A user-scoped personal access token must stay in browser storage and carry only the minimum read or write scope required for the selected task.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["public","pat","oauth"],"blockers":[],"category":"Code and findings sources","config_type":"deps_dev_lookup","description":"Checks public GitHub Dependency Graph SBOM packages against deps.dev advisory metadata.","key":"input:deps-dev-advisories","kind":"input","label":"deps.dev advisory context","requirements":["The browser workbench already has a direct BYO-token runtime path for this pack today.","The pack can rely on public or anonymously readable data, but the browser still needs a bounded repository, tenant, or document target.","A user-scoped personal access token must stay in browser storage and carry only the minimum read or write scope required for the selected task.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["public","pat","oauth"],"blockers":[],"category":"Code and findings sources","config_type":"gitlab_project_context","description":"Pulls bounded GitLab project metadata, useful repository files, open issues, and open merge requests directly in the browser for GitLab-centered remediation work.","key":"input:gitlab-project-context","kind":"input","label":"GitLab project context","requirements":["The browser workbench already has a direct BYO-token runtime path for this pack today.","The pack can rely on public or anonymously readable data, but the browser still needs a bounded repository, tenant, or document target.","A user-scoped personal access token must stay in browser storage and carry only the minimum read or write scope required for the selected task.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","Provider endpoint: https://gitlab.com/api/v4."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["oauth","pat"],"blockers":[],"category":"Code and findings sources","config_type":"azure_devops_repository","description":"Pulls bounded Azure DevOps repository metadata, useful repo files, active pull requests, and recent open work items directly in the browser for remediation planning.","key":"input:azure-devops-repository","kind":"input","label":"Azure DevOps repository context","requirements":["The browser workbench already has a direct BYO-token runtime path for this pack today.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","A user-scoped personal access token must stay in browser storage and carry only the minimum read or write scope required for the selected task.","Provider endpoint: https://dev.azure.com."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["none"],"blockers":[],"category":"Scanner findings","config_type":"sarif_bundle","description":"Uploads a local SARIF 2.1.0 file in the browser, normalizes the findings, and attaches a bounded summary to prompts and agent runs.","key":"input:sarif-manual-import","kind":"input","label":"SARIF upload","requirements":["The browser workbench already has a direct BYO-token runtime path for this pack today.","No provider credential is required; the operator still chooses the exact page, file, or route input in the browser.","Runtime source: local_file.","Accepted formats: sarif-2.1.0-json."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["none"],"blockers":[],"category":"Scanner findings","config_type":"sbom_bundle","description":"Uploads a local CycloneDX or SPDX JSON SBOM in the browser and attaches a bounded package, dependency, and vulnerability summary to prompts.","key":"input:sbom-manual-import","kind":"input","label":"SBOM upload","requirements":["The browser workbench already has a direct BYO-token runtime path for this pack today.","No provider credential is required; the operator still chooses the exact page, file, or route input in the browser.","Runtime source: local_file.","Accepted formats: cyclonedx-json, spdx-json."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["none"],"blockers":[],"category":"Scanner findings","config_type":"scanner_export_bundle","description":"Uploads major scanner and findings-platform JSON exports in the browser, normalizes them into a bounded summary, and feeds the exposure queue plus downstream reports without any server-side secret handling.","key":"input:scanner-export-bundle","kind":"input","label":"Major scanner JSON exports","requirements":["The browser workbench already has a direct BYO-token runtime path for this pack today.","No provider credential is required; the operator still chooses the exact page, file, or route input in the browser.","Runtime source: local_file.","Accepted formats: aws-security-hub-asff, tenable-vulnerability-export, defectdojo-findings-json, generic-findings-array-json."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["api_key","oauth"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"wiz_findings","description":"Pre-populated browser-side config for pulling cloud and workload findings from Wiz when a customer enables direct API access.","key":"input:wiz-findings-api","kind":"input","label":"Wiz findings API","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The operator must paste a provider-issued API key into browser storage before the pack can call the provider API directly.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","Provider endpoint: https://api.us1.app.wiz.io/graphql."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["api_token"],"blockers":[],"category":"Scanner findings","config_type":"snyk_issues","description":"Pulls a bounded first page of high-priority Snyk organization issues directly in the browser for scanner-aware triage and remediation planning.","key":"input:snyk-issues-api","kind":"input","label":"Snyk issues API","requirements":["The browser workbench already has a direct BYO-token runtime path for this pack today.","The operator must supply a provider token or service token in browser storage before this pack can run.","Provider endpoint: https://api.snyk.io/rest."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["aws_sigv4"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"aws_security_hub","description":"Config profile for pulling ASFF findings into remediation reports and downstream workflow packs.","key":"input:security-hub-api","kind":"input","label":"AWS Security Hub","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The browser runtime needs real AWS SigV4 request signing and short-lived credentials before the provider API can be called honestly from the browser."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["oauth"],"blockers":[],"category":"Scanner findings","config_type":"microsoft_defender_xdr_incidents","description":"Pulls a bounded Microsoft Defender XDR incident sample directly in the browser with local severity and status filters for queueing, reporting, and remediation planning.","key":"input:microsoft-defender-xdr-incidents","kind":"input","label":"Microsoft Defender XDR incidents","requirements":["The browser workbench already has a direct BYO-token runtime path for this pack today.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","Provider endpoint: https://api.security.microsoft.com/api/incidents."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["oauth"],"blockers":[],"category":"Scanner findings","config_type":"microsoft_sentinel_incidents","description":"Pulls a bounded Microsoft Sentinel workspace incident sample directly in the browser with local severity and status filters for queueing, reporting, and remediation planning.","key":"input:microsoft-sentinel-incidents","kind":"input","label":"Microsoft Sentinel incidents","requirements":["The browser workbench already has a direct BYO-token runtime path for this pack today.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","Provider endpoint: https://management.azure.com."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["pat","oauth"],"blockers":[],"category":"Scanner findings","config_type":"gitlab_vulnerability_findings","description":"Pulls a bounded first page of GitLab project vulnerability findings directly in the browser when AppSec findings and fix ownership live in the same GitLab namespace.","key":"input:gitlab-vulnerability-findings","kind":"input","label":"GitLab vulnerability findings","requirements":["The browser workbench already has a direct BYO-token runtime path for this pack today.","A user-scoped personal access token must stay in browser storage and carry only the minimum read or write scope required for the selected task.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","Provider endpoint: https://gitlab.com/api/v4."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["oauth","api_key"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"crowdstrike_detections","description":"Starter config for bounded CrowdStrike Falcon detection intake into browser-side triage and response workflows.","key":"input:crowdstrike-detections","kind":"input","label":"CrowdStrike detections","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","The operator must paste a provider-issued API key into browser storage before the pack can call the provider API directly.","Provider endpoint: https://api.crowdstrike.com."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["api_key"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"tenable_vuln_export","description":"Starter config for exporting high-severity Tenable vulnerabilities into remediation and report workflows.","key":"input:tenable-vulnerability-management","kind":"input","label":"Tenable vulnerability management","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The operator must paste a provider-issued API key into browser storage before the pack can call the provider API directly.","Provider endpoint: https://cloud.tenable.com."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["api_token","oauth"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"defectdojo_findings","description":"Starter config for pulling active high-severity DefectDojo findings with enough context for analyst routing and ticket creation.","key":"input:defectdojo-findings","kind":"input","label":"DefectDojo findings","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The operator must supply a provider token or service token in browser storage before this pack can run.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","Provider endpoint: https://dojo.example.com/api/v2."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["access_key"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"prisma_cloud_alerts","description":"Starter config for Prisma Cloud alert intake across posture and runtime findings.","key":"input:prisma-cloud-alerts","kind":"input","label":"Prisma Cloud alerts","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The pack needs provider access-key style credentials and should only be promoted when the browser flow can keep those values bounded and explicit.","Provider endpoint: https://api.prismacloud.io."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["oauth"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"google_cloud_scc_findings","description":"Starter config for Security Command Center findings when cloud exposures need browser-side triage and routing.","key":"input:google-cloud-scc-findings","kind":"input","label":"Google Cloud SCC findings","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","Provider endpoint: https://securitycenter.googleapis.com."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["pat","oauth"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"github_code_scanning_alerts","description":"Starter config for pulling open high-severity GitHub code scanning alerts into browser-side triage and remediation planning.","key":"input:github-code-scanning-alerts","kind":"input","label":"GitHub code scanning alerts","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","A user-scoped personal access token must stay in browser storage and carry only the minimum read or write scope required for the selected task.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","Provider endpoint: https://api.github.com."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["api_token"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"semgrep_appsec_findings","description":"Starter config for bringing bounded Semgrep AppSec findings into browser-side reviewer queues and remediation handoffs.","key":"input:semgrep-appsec-findings","kind":"input","label":"Semgrep AppSec findings","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The operator must supply a provider token or service token in browser storage before this pack can run.","Provider endpoint: https://semgrep.dev/api/v1."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["api_token"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"sonarqube_issues","description":"Starter config for pulling open SonarQube vulnerabilities and security hotspots into a browser-local remediation queue.","key":"input:sonarqube-issues","kind":"input","label":"SonarQube security issues","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The operator must supply a provider token or service token in browser storage before this pack can run.","Provider endpoint: https://sonarqube.example.com/api."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["oauth","api_key"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"checkmarx_one_findings","description":"Starter config for pulling high-severity Checkmarx One findings into browser-side triage and routed handoff workflows.","key":"input:checkmarx-one-findings","kind":"input","label":"Checkmarx One findings","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","The operator must paste a provider-issued API key into browser storage before the pack can call the provider API directly.","Provider endpoint: https://ast.checkmarx.net/api."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["api_key"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"veracode_findings","description":"Starter config for pulling actionable Veracode findings into a browser-local remediation and reporting workflow.","key":"input:veracode-findings","kind":"input","label":"Veracode findings","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The operator must paste a provider-issued API key into browser storage before the pack can call the provider API directly.","Provider endpoint: https://api.veracode.com/appsec/v1."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["aws_sigv4"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"aws_inspector_findings","description":"Starter config for pulling Amazon Inspector findings into browser-side prioritization, reporting, and downstream routing.","key":"input:aws-inspector-findings","kind":"input","label":"AWS Inspector findings","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The browser runtime needs real AWS SigV4 request signing and short-lived credentials before the provider API can be called honestly from the browser.","Provider endpoint: https://inspector2.us-east-1.amazonaws.com."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["api_key"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"rapid7_insightvm_vulnerabilities","description":"Starter config for pulling high-risk Rapid7 InsightVM vulnerabilities into browser-side triage and routing workflows.","key":"input:rapid7-insightvm-vulnerabilities","kind":"input","label":"Rapid7 InsightVM vulnerabilities","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The operator must paste a provider-issued API key into browser storage before the pack can call the provider API directly.","Provider endpoint: https://console.insight.rapid7.com/api/3."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["api_token"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"orca_security_alerts","description":"Starter config for Orca alert intake when cloud exposure and workload findings need browser-side case and report handling.","key":"input:orca-security-alerts","kind":"input","label":"Orca Security alerts","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The operator must supply a provider token or service token in browser storage before this pack can run.","Provider endpoint: https://api.orcasecurity.io."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["api_key"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"category":"Scanner findings","config_type":"lacework_alerts","description":"Starter config for pulling open high-severity Lacework alerts into browser-side remediation and escalation planning.","key":"input:lacework-alerts","kind":"input","label":"Lacework alerts","requirements":["This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The operator must paste a provider-issued API key into browser storage before the pack can call the provider API directly.","Provider endpoint: https://api.lacework.net."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["api_token","oauth"],"blockers":[],"category":"Knowledge sources","config_type":"confluence_search","description":"Searches Confluence Cloud pages in the browser to bring internal runbooks, exception notes, and operational context into a scoped agent session.","key":"input:confluence-knowledge","kind":"input","label":"Confluence runbook context","requirements":["The browser workbench already has a direct BYO-token runtime path for this pack today.","The operator must supply a provider token or service token in browser storage before this pack can run.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","Provider endpoint: https://example.atlassian.net/wiki."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["none"],"blockers":["No external write path exists by design, so a reviewer or downstream tool must copy, download, or relay the generated payload."],"browser_delivery":true,"category":"Code handoff","config_type":"draft_pr_packet","description":"Reviewer-ready markdown and metadata for a pull request without writing to the source host.","key":"output:draft-pr-packet","kind":"output","label":"Draft PR packet","requirements":["No GitHub write required. Produces branch name, PR body, tests, rollback, and reviewer checklist.","This pack intentionally stops at a local contract and never performs the external write for the operator.","No provider credential is required; the operator still chooses the exact page, file, or route input in the browser.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Local copy only","runtime_support":"copy_only","status":"native"},{"auth_modes":["pat","oauth"],"blockers":[],"browser_delivery":true,"category":"Ticketing","config_type":"github_issue","description":"Creates a GitHub issue with a normalized remediation or scan handoff body.","key":"output:github-issue","kind":"output","label":"GitHub issue","requirements":["Requires GitHub PAT or OAuth token with issues write access.","The browser workbench already has a direct BYO-token runtime path for this pack today.","A user-scoped personal access token must stay in browser storage and carry only the minimum read or write scope required for the selected task.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["webhook"],"blockers":[],"browser_delivery":true,"category":"Collaboration","config_type":"slack_webhook","description":"Posts the report or remediation handoff into a Slack channel using an incoming webhook.","key":"output:slack-webhook","kind":"output","label":"Slack webhook","requirements":["Requires an incoming Slack webhook URL.","The browser workbench already has a direct BYO-token runtime path for this pack today.","The destination system must expose a pre-approved webhook endpoint or secret-backed URL that the browser can post to directly.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["none"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"Collaboration","config_type":"email_handoff","description":"Generates a browser mail draft or sends through a configured relay endpoint.","key":"output:email-handoff","kind":"output","label":"Email handoff","requirements":["Uses a local mailto draft, or a configured CORS-enabled email relay URL.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","No provider credential is required; the operator still chooses the exact page, file, or route input in the browser.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"},{"auth_modes":["api_token"],"blockers":[],"browser_delivery":true,"category":"Ticketing","config_type":"jira_issue","description":"Creates a Jira task with a structured remediation or scan summary.","key":"output:jira-ticket","kind":"output","label":"Jira ticket","requirements":["Requires Jira base URL, account email, API token, and project key.","The browser workbench already has a direct BYO-token runtime path for this pack today.","The operator must supply a provider token or service token in browser storage before this pack can run.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Browser live","runtime_support":"live","status":"native"},{"auth_modes":["none"],"blockers":["No external write path exists by design, so a reviewer or downstream tool must copy, download, or relay the generated payload."],"browser_delivery":true,"category":"Reports and evidence","config_type":"runbook_receipt","description":"Clipboard-friendly markdown for human execution with stop conditions and rollback.","key":"output:runbook-receipt","kind":"output","label":"Runbook receipt","requirements":["No external auth required. Produces copyable steps and evidence.","This pack intentionally stops at a local contract and never performs the external write for the operator.","No provider credential is required; the operator still chooses the exact page, file, or route input in the browser.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Local copy only","runtime_support":"copy_only","status":"native"},{"auth_modes":["none"],"blockers":["No external write path exists by design, so a reviewer or downstream tool must copy, download, or relay the generated payload."],"browser_delivery":true,"category":"Reports and evidence","config_type":"server_runbook","description":"Operations-focused handoff for patching or validation during a maintenance window.","key":"output:server-runbook","kind":"output","label":"Server runbook","requirements":["No automatic server changes. Produces commands for a human-run maintenance window.","This pack intentionally stops at a local contract and never performs the external write for the operator.","No provider credential is required; the operator still chooses the exact page, file, or route input in the browser.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Local copy only","runtime_support":"copy_only","status":"native"},{"auth_modes":["webhook"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"Collaboration","config_type":"teams_workflows_webhook","description":"Posts a browser-generated handoff to a Microsoft Teams channel or chat through a Workflows webhook.","key":"output:teams-workflow-webhook","kind":"output","label":"Microsoft Teams workflow webhook","requirements":["Requires a Teams Workflows webhook URL. Microsoft 365 connectors are nearing deprecation, so prefer a Workflows-owned webhook.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","The destination system must expose a pre-approved webhook endpoint or secret-backed URL that the browser can post to directly.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"},{"auth_modes":["oauth"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"Ticketing","config_type":"servicenow_incident","description":"Creates a ServiceNow incident or task record with a normalized remediation or scan summary.","key":"output:servicenow-incident","kind":"output","label":"ServiceNow incident","requirements":["Requires a ServiceNow instance URL, table name, and OAuth bearer token with create access to the target table.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"},{"auth_modes":["api_key"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"Ticketing","config_type":"linear_issue","description":"Creates a Linear issue through the GraphQL API for security engineering or platform backlog handoff.","key":"output:linear-issue","kind":"output","label":"Linear issue","requirements":["Requires a Linear personal API key and a target team ID.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","The operator must paste a provider-issued API key into browser storage before the pack can call the provider API directly.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"},{"auth_modes":["api_token"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"SIEM and analytics","config_type":"splunk_hec","description":"Posts the normalized report bundle directly to Splunk HTTP Event Collector for SIEM or analytics use.","key":"output:splunk-hec","kind":"output","label":"Splunk HEC event","requirements":["Requires a Splunk HEC URL and HEC token.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","The operator must supply a provider token or service token in browser storage before this pack can run.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"},{"auth_modes":["api_key"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"SIEM and analytics","config_type":"elastic_security_case","description":"Creates an Elastic case with the generated remediation or scan summary.","key":"output:elastic-security-case","kind":"output","label":"Elastic Security case","requirements":["Requires a Kibana base URL and Elastic API key with Cases write access.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","The operator must paste a provider-issued API key into browser storage before the pack can call the provider API directly.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"},{"auth_modes":["api_key"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"Incident response","config_type":"pagerduty_events_v2","description":"Starter browser-side route for escalating a high-confidence incident or remediation brief into PagerDuty event orchestration.","key":"output:pagerduty-events-v2","kind":"output","label":"PagerDuty Events API v2","requirements":["Requires a PagerDuty Events API v2 routing key or service integration configured for the target escalation path.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","The operator must paste a provider-issued API key into browser storage before the pack can call the provider API directly.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"},{"auth_modes":["webhook"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"Collaboration","config_type":"google_chat_webhook","description":"Starter browser-side route for posting a normalized remediation or incident brief into a Google Chat space.","key":"output:google-chat-webhook","kind":"output","label":"Google Chat webhook","requirements":["Requires a Google Chat incoming webhook URL for the destination space.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","The destination system must expose a pre-approved webhook endpoint or secret-backed URL that the browser can post to directly.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"},{"auth_modes":["pat","oauth"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"Ticketing","config_type":"azure_devops_work_item","description":"Browser-side route for creating an Azure DevOps work item from a normalized remediation or scan handoff, with local preview fallback when direct delivery is blocked.","key":"output:azure-devops-work-item","kind":"output","label":"Azure DevOps work item","requirements":["Requires an Azure DevOps organization, project, work item type, and a PAT or bearer token with Work Items write scope.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","A user-scoped personal access token must stay in browser storage and carry only the minimum read or write scope required for the selected task.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"},{"auth_modes":["pat","oauth"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"Ticketing","config_type":"gitlab_issue","description":"Browser-side route for creating a GitLab issue with a normalized remediation or triage brief, with local preview fallback when direct delivery is blocked.","key":"output:gitlab-issue","kind":"output","label":"GitLab issue","requirements":["Requires a GitLab project path or ID plus a personal access token or bearer token. GitLab.com works out of the box; self-managed hosts need a browser-allowed API base URL.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","A user-scoped personal access token must stay in browser storage and carry only the minimum read or write scope required for the selected task.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"},{"auth_modes":["api_key"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"SOAR and case management","config_type":"cortex_xsoar_incident","description":"Browser-side route for creating a Cortex XSOAR incident from a reviewed SecurityRecipes packet, with incident-shaped payloads and local preview fallback when direct delivery is blocked.","key":"output:cortex-xsoar-incident","kind":"output","label":"Cortex XSOAR incident","requirements":["Requires a Cortex XSOAR tenant URL or incident endpoint plus API key ID and API key with incident create access. Direct browser delivery still depends on tenant CORS and any mandatory incident fields.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","The operator must paste a provider-issued API key into browser storage before the pack can call the provider API directly.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"},{"auth_modes":["api_key"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"browser_delivery":true,"category":"SOAR and case management","config_type":"ibm_soar_incident","description":"Starter browser-side route for creating an IBM SOAR incident from a structured SecurityRecipes packet.","key":"output:ibm-soar-incident","kind":"output","label":"IBM SOAR incident","requirements":["Requires an IBM SOAR organization URL and API credentials with incident create access.","This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The operator must paste a provider-issued API key into browser storage before the pack can call the provider API directly.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["oauth"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"browser_delivery":true,"category":"SOAR and case management","config_type":"microsoft_sentinel_playbook","description":"Starter browser-side route for forwarding a reviewed packet into a Microsoft Sentinel incident playbook.","key":"output:microsoft-sentinel-playbook","kind":"output","label":"Microsoft Sentinel playbook trigger","requirements":["Requires Azure subscription and workspace identifiers plus an OAuth token permitted to run Sentinel playbooks.","This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["webhook"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"SOAR and case management","config_type":"tines_webhook","description":"Browser-side route for forwarding a reviewed SecurityRecipes packet into a Tines story or event-driven workflow, with local preview fallback when direct delivery is blocked.","key":"output:tines-webhook","kind":"output","label":"Tines webhook","requirements":["Requires a Tines webhook or HTTP Request action endpoint approved for browser-triggered incident or remediation intake, with any optional auth header or custom headers configured in the browser.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","The destination system must expose a pre-approved webhook endpoint or secret-backed URL that the browser can post to directly.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"},{"auth_modes":["webhook"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"SOAR and case management","config_type":"torq_webhook","description":"Browser-side route for sending a reviewed remediation or incident packet into a Torq automation workflow, with local preview fallback when direct delivery is blocked.","key":"output:torq-webhook","kind":"output","label":"Torq workflow webhook","requirements":["Requires a Torq webhook or API-triggered workflow endpoint plus any auth header or secret material approved for browser-side use.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","The destination system must expose a pre-approved webhook endpoint or secret-backed URL that the browser can post to directly.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"},{"auth_modes":["api_token"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"SOAR and case management","config_type":"splunk_soar_container","description":"Browser-side route for creating a Splunk SOAR container from a reviewed SecurityRecipes packet, with container-shaped payloads and local preview fallback when direct delivery is blocked.","key":"output:splunk-soar-incident","kind":"output","label":"Splunk SOAR incident","requirements":["Requires a Splunk SOAR or Phantom tenant URL or /rest/container endpoint plus a ph-auth-token for an automation user with container create access. Direct browser delivery still depends on tenant CORS and label permissions.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","The operator must supply a provider token or service token in browser storage before this pack can run.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"},{"auth_modes":["api_token"],"blockers":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."],"browser_delivery":true,"category":"SOAR and case management","config_type":"swimlane_record","description":"Starter browser-side route for creating a Swimlane case or work item from a reviewed SecurityRecipes packet.","key":"output:swimlane-case","kind":"output","label":"Swimlane case","requirements":["Requires a Swimlane environment URL, app identifier, and API token with record create access for the target case app.","This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion.","The operator must supply a provider token or service token in browser storage before this pack can run.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Reviewed starter contract","runtime_support":"planned","status":"template"},{"auth_modes":["webhook"],"blockers":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"browser_delivery":true,"category":"Custom integrations","config_type":"generic_webhook","description":"Posts the full SecurityRecipes delivery envelope to a custom SOAR, queue, or workflow endpoint.","key":"output:generic-webhook","kind":"output","label":"Generic webhook","requirements":["Requires a browser-reachable webhook URL and any required headers or bearer token.","The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","The destination system must expose a pre-approved webhook endpoint or secret-backed URL that the browser can post to directly.","Browser delivery is always operator-triggered; no server-side secret storage is introduced by this route."],"runtime_label":"Live with copy fallback","runtime_support":"live_or_copy","status":"native"}],"generated_at":"2026-05-06T06:25:45Z","profiles":{"auth_mode_details":{"access_key":"The pack needs provider access-key style credentials and should only be promoted when the browser flow can keep those values bounded and explicit.","api_key":"The operator must paste a provider-issued API key into browser storage before the pack can call the provider API directly.","api_token":"The operator must supply a provider token or service token in browser storage before this pack can run.","aws_sigv4":"The browser runtime needs real AWS SigV4 request signing and short-lived credentials before the provider API can be called honestly from the browser.","none":"No provider credential is required; the operator still chooses the exact page, file, or route input in the browser.","oauth":"The browser runtime needs an OAuth-capable flow and a delegated token with the provider scopes required for the selected source or route.","pat":"A user-scoped personal access token must stay in browser storage and carry only the minimum read or write scope required for the selected task.","public":"The pack can rely on public or anonymously readable data, but the browser still needs a bounded repository, tenant, or document target.","webhook":"The destination system must expose a pre-approved webhook endpoint or secret-backed URL that the browser can post to directly."},"auth_mode_labels":{"access_key":"Access key pair","api_key":"API key","api_token":"API token","aws_sigv4":"AWS SigV4 signing","none":"No external auth","oauth":"OAuth delegated token","pat":"Personal access token","public":"Public access","webhook":"Webhook secret or URL"},"output_driver_auth_modes":{"azure-devops":["pat","oauth"],"draft-pr":["none"],"elastic-case":["api_key"],"email":["none"],"generic-webhook":["webhook"],"github-issue":["pat","oauth"],"gitlab-issue":["pat","oauth"],"google-chat":["webhook"],"ibm-soar":["api_key"],"jira":["api_token"],"linear":["api_key"],"pagerduty":["api_key"],"runbook":["none"],"sentinel-playbook":["oauth"],"server-runbook":["none"],"servicenow":["oauth"],"slack":["webhook"],"splunk-hec":["api_token"],"splunk-soar":["api_token"],"swimlane":["api_token"],"teams":["webhook"],"tines":["webhook"],"torq":["webhook"],"xsoar":["api_key"]},"runtime_blockers":{"config_only":["Only the configuration contract is published today; the browser runtime has not been implemented yet."],"contract":["This pack shapes the workflow, but it is not itself a connector."],"copy_only":["No external write path exists by design, so a reviewer or downstream tool must copy, download, or relay the generated payload."],"live":[],"live_or_copy":["Operator-owned credentials, webhook targets, or tenant metadata still need to be configured in the browser before a live call can run.","Provider cross-origin behavior and tenant policy still decide whether the direct browser path succeeds, so the local handoff fallback remains part of the design."],"planned":["The runtime path has not been promoted from starter contract to live browser flow yet.","Auth scope, request signing, pagination, throttling, and cross-origin behavior still need explicit verification for this provider."]},"runtime_labels":{"config_only":"Config contract only","contract":"Contract only","copy_only":"Local copy only","live":"Browser live","live_or_copy":"Live with copy fallback","planned":"Reviewed starter contract"},"runtime_requirements":{"config_only":"The contract shape is published for authoring and validation, but the browser runtime is not shipped.","contract":"This entry is a reusable contract rather than a direct connector runtime.","copy_only":"This pack intentionally stops at a local contract and never performs the external write for the operator.","live":"The browser workbench already has a direct BYO-token runtime path for this pack today.","live_or_copy":"The browser can try a direct write when the operator supplies the required config, and it still keeps a safe local copy or export fallback.","planned":"This is a reviewed starter contract that still needs a verified browser-safe auth, API, and CORS story before promotion."}}}