Connector SDK

Give ControlFrame the approved sources, then let framework-specific agents collect mapped evidence.

Connectors define what the runner can access, where credentials live, which artifacts are allowed, and how every output maps back to native framework identifiers.

browserAPIGRCprivate runtime

Connector types

Application, persona, API, IdP, GRC

Framework reach

Seeded mappings use these connector patterns

Artifact fields

Minimum source-backed evidence schema

Private-capable

Can run inside customer boundary

Reusable access layer

Connector definitions

application urlconnector-application-target

Application target

Registers the audited application base URL, allowed domains, collection window, and environment classification before any browser run starts.

Inputs

base URL

allowed hostnames

environment label

collection approval window

redaction rules

Outputs

target manifest

host allowlist

run preflight record

network boundary note

Framework use

CMS EDE

PCI DSS

SOC 2

HIPAA

HITRUST

Secret handling: No application secrets are stored in the SaaS fixture. Private runtimes receive target metadata and resolve credentials locally.

browser personaconnector-browser-personas

Browser personas

Maps framework-required user roles to managed browser sessions, test accounts, MFA instructions, and approval gates.

Inputs

persona role

credential source

MFA path

test account approval

session reset policy

Outputs

browser trace

screenshot catalog

extracted page text

persona run log

blocked-login note

Framework use

CMS EDE

PCI DSS

SOC 2

HIPAA

NIST CSF

Secret handling: Credentials stay in local vaults, browser profiles, or one-time operator input. ControlFrame stores persona labels and run proof, not passwords.

api endpointconnector-api-functional

API functional source

Runs framework-specific API calls, captures request/response metadata, redacts sensitive payload fields, and maps output to native requirement IDs.

Inputs

endpoint collection

auth method

test payload set

expected response mapping

redaction policy

Outputs

request manifest

response JSON

schema validation result

checksum

source row index

Framework use

CMS EDE

PCI DSS

HIPAA

HITRUST

Secret handling: Bearer tokens, client secrets, and mTLS material are mounted only into the private runner process and never serialized to auditor packets.

identity providerconnector-identity-provider

Identity provider

Collects configuration evidence for login, MFA, role assignment, account lifecycle, and identity proofing flows.

Inputs

provider tenant

read-only admin scope

role mapping

MFA policy scope

export approval

Outputs

configuration snapshot

policy evidence

role inventory

identity-proofing blocker note

Framework use

CMS EDE

SOC 2

PCI DSS

HIPAA

NIST CSF

Secret handling: Read-only API tokens are stored in the customer runtime vault and can be rotated without changing framework mappings.

grc toolconnector-grc-docs

GRC and document corpus

Pulls policies, procedures, tickets, screenshots, exports, and prior-audit artifacts into evidence review queues for human approval.

Inputs

repository or GRC endpoint

collection scope

document labels

evidence owner

staleness threshold

Outputs

document inventory

policy freshness table

manual evidence requests

human approval trail

Framework use

SOC 2

PCI DSS

HIPAA

HITRUST

ISO 27001

Secret handling: Document connectors can run with OAuth, service accounts, local folder mounts, or offline package import depending on customer boundary.

CMS EDE first profile

CMS EDE connector profile

Runs CMS EDE source-native browser and API evidence collection against an approved EDE environment while preserving exact toolkit references.

Required access

approved MarketLink/HPS target URL or lower-environment URL

consumer, broker, agent, and operations test personas as required by scenario

CMS UAT/API credentials only when the API lane is authorized

IDM/Okta/RIDP access only when identity proofing collection is authorized

source toolkit/workbook references with native CMS identifiers

Generated artifacts

screenshot catalog

browser trace archive

extracted page text

API response JSON

source-row index

artifact manifest

redaction manifest

auditor HTML/PDF package draft

Guardrails

validation and dry-run before production collection

no final CMS certification claims

no copied MarketLink evidence in the ControlFrame product repository

blocked placeholders for CMS UAT APIs, IDM, Okta, and production credentials until authorized

Collector lifecycle

queuedcontrol plane

Framework scope, allowed target, and job payload are created but not yet accepted by a runner.

preflightprivate runner

Runner verifies hostname allowlist, credential availability, toolkit version, and redaction policy.

runningcollector agent

Browser, API, configuration, or document collector is actively producing mapped evidence.

reviewhuman approver

Artifacts are collected but need redaction, blocker triage, or evidence-owner approval.

packagedexport service

Approved artifacts are checksummed, indexed, source-mapped, and ready for auditor export.

Evidence schema

Minimum artifact contract for auditor traceability

requiredframeworkKey

Names the audit framework without replacing the native control ID.

requirednativeRequirementId

Stores the CMS, PCI, SOC 2, HIPAA, NIST, or other source-native identifier.

requiredsourceDocumentRef

Links evidence to the official toolkit, workbook, control catalog, or licensed source.

requiredcollectorRunId

Connects each artifact to the exact validation, dry-run, or collection execution.

optionalpersonaOrSystem

Identifies the user role, system account, API client, or manual evidence owner.

requiredartifactType

Classifies screenshots, browser traces, extracted text, API JSON, checksums, or manual files.

requiredredactionState

Prevents raw sensitive evidence from becoming auditor-ready before review.

requiredexportStatus

Tracks whether the artifact can be included in an auditor-ready package.