Data Providers
Agents rarely live on the LLM alone — they read issues, send emails, move money. TapPass ships a catalogue of data providers with a uniform governance layer: every operation is policy-checked, audited, and subject to PII redaction before hitting the vendor.
Shipped providers
Section titled “Shipped providers”| Provider | Operations | EU residency | Go to |
|---|---|---|---|
| GitHub | Repos, issues, PRs, code search | US (SCC) | GitHub |
| Slack | Messages, channels, search | US (SCC) | Slack |
| Jira | Issues, transitions, comments | US (SCC) | Jira |
| Gmail | Send, search, labels | US (SCC) | Gmail |
| Google Drive | List, download, create | US (SCC) | Google Drive |
| Stripe | Payments, subscriptions, Connect, Issuing | EU / US | Stripe |
| Revolut | Payment intents, transfers, cards | EU (Lithuania) | Configured via YAML |
| WhatsApp Business | Send, read, mark read | US (SCC) | Configured via YAML |
| Holded (accounting) | Invoicing, contacts, documents | EU | Configured via YAML |
How they work
Section titled “How they work”Every data provider is declared in a YAML spec under config/providers/*.yaml and backed by GenericHTTPAdapter (or a specialised adapter like GmailAdapter).
name: githubapi_base_url: https://api.github.comauth: type: oauth2operations: - name: list_issues op_group: read method: GET endpoint: /repos/{owner}/{repo}/issues - name: create_issue op_group: write method: POST endpoint: /repos/{owner}/{repo}/issuesYour agent calls them through TapPass — never directly:
result = agent.call_provider( provider="github", operation="list_issues", params={"owner": "tappass", "repo": "tappass"},)Governance applied
Section titled “Governance applied”On every call:
- Authz —
authz.regodecides if this agent can use this provider and op - Detection — payloads are scanned for PII / secrets before leaving
- Policy —
tool_decision.regocan approve/block by op + args (e.g., nosend_messageto@external-*channels) - Audit — operation, args, result, and policy verdict are all recorded
- Rate limit / budget — per-agent and per-provider quotas
Add your own
Section titled “Add your own”Drop a YAML spec under config/providers/<name>.yaml pointing at any REST API. The GenericHTTPAdapter handles OAuth / Bearer / API-key auth, templated endpoints, and response parsing — no Python required for the common case.
name: myvendordisplay_name: "My Vendor"api_base_url: https://api.myvendor.comauth: type: bearer header: Authorizationoperations: - name: list_things op_group: read method: GET endpoint: /thingsadapter_class: tappass.vault.providers.generic.GenericHTTPAdapterFor complex protocols (MIME construction, signed requests, non-REST), subclass ProviderAdapter — see tappass/vault/providers/gmail.py for a reference.