{"id":"553ee17b-b5e6-4078-9042-f53573133a2d","shortId":"VK2jhX","kind":"skill","title":"connection-auth-rules","tagline":"Build a Connection Auth Rules for a Monte Carlo connection type. Fetches live connector schemas and transform steps from the apollo-agent repo.","description":"# Connection Auth Rules Builder\n\nUse this skill when the user wants to build a Connection Auth Rules (stored as `ctp_config`) for a Monte Carlo connection. The config is stored on the `Connection` object in the monolith and tells the Apollo agent how to transform flat credentials into the driver-specific `connect_args` format.\n\n## When to activate this skill\n\nActivate when the user:\n\n- Asks to create, build, or generate a Connection Auth Rules\n- Asks what fields are needed for a connection type's Connection Auth Rules\n- Wants to customize credential transformation for a connection\n- Asks about `MapperConfig`, `TransformStep`, or `CtpConfig`\n- Says things like \"help me write Connection Auth Rules for X\", \"what's the connection auth rules format for X\"\n\n## When NOT to activate this skill\n\nDo not activate when the user is:\n\n- Creating monitors (use the monitor-creation skill)\n- Investigating data incidents (use the analyze-root-cause skill)\n- Setting up a connection in the UI (this skill builds the JSON config, not UI flows)\n\n---\n\n## Step 1 — List available connection types\n\nLocate the companion script with Bash:\n\n```bash\nfind -L ~/.claude . -name fetch_schema.py -path \"*/connection-auth-rules/*\" 2>/dev/null | head -1\n```\n\nThen run it:\n\n```bash\npython3 --list\n```\n\nThe script outputs JSON. Parse `result.connectors` — each entry has a `name` field. Present the names to the user and ask which connection type they want to build a config for.\n\n**If the script fails:** Show the error output and offer to retry. Do not proceed until you have the connector list.\n\n---\n\n## Step 2 — Fetch the connector schema\n\nOnce the user selects a connection type, run the script with that connector name:\n\n```bash\npython3 --connector \n```\n\nThe script outputs JSON. Parse `result.schema`:\n\n- **`output_keys`** — the driver-level `connect_args` keys the mapper must produce (from the connector's `TypedDict`)\n- **`default_field_map`** — the existing default mapping (credential field → Jinja2 template)\n- **`default_steps`** — any default transform steps already configured\n\nPresent a summary to the user:\n\n- The output keys\n- The default mapper field_map entries\n- Any existing steps with their types\n\n---\n\n## Step 3 — Optionally fetch available transform steps\n\nIf the connector's default config (from Step 2) already includes steps, or if the user indicates they need custom transform steps, run:\n\n```bash\npython3 --connector --transforms\n```\n\nParse `result.transforms` — each entry has:\n- `name` — the step type string used in `\"type\"`\n- `step_input` — fields the step reads from the pipeline state\n- `step_output` — derived fields the step writes, referenceable as `{{ derived. }}` in the mapper\n- `step_field_map` — typical mapper entry to wire the step's output into `connect_args`\n\nPresent the available steps with their full contracts (input, output, and field_map hint).\n\n**If the script fails:** Tell the user and offer to retry. You can continue without step data — just describe steps as unknown and ask the user to specify them manually.\n\n---\n\n## Step 4 — Build the mapper\n\nWalk the user through each output key in the TypedDict:\n\n1. Show the default template from the connector's `MapperConfig` (if one exists).\n2. Ask if they want to keep the default or customize it.\n3. For custom values, help the user write a Jinja2 template expression.\n\n### Jinja2 template help\n\nThe template context has two namespaces:\n\n- **`raw`** — the flat credential dict as received. Use `{{ raw.field_name }}` to reference a credential field directly. Example: `{{ raw.client_id }}`\n- **`derived`** — fields added by transform steps. Use `{{ derived.field_name }}` to reference a step's output. Example: `{{ derived.private_key_pem }}`\n\nCommon patterns:\n- Simple field reference: `\"{{ raw.username }}\"`\n- Conditional/default: `\"{{ raw.port | default('1433') }}\"`\n- Concatenation: `\"{{ raw.host }}:{{ raw.port }}\"`\n\nWhen the user doesn't know their credential field names, remind them these come from the Data Collector's credential dict — the keys are whatever the DC sends for that connection type.\n\n---\n\n## Step 5 — Configure transform steps (optional)\n\nIf the connector needs steps (e.g. decoding a PEM certificate, constructing a derived field), help the user configure each step. A step dict has these fields:\n\n| Field | Required | Description |\n|-------|----------|-------------|\n| `type` | yes | Step type name (e.g. `\"load_private_key\"`) |\n| `input` | yes | Dict of template strings the step reads (e.g. `{\"pem\": \"{{ raw.private_key_pem }}\"}`) |\n| `output` | yes | Dict mapping the step's logical output names to derived key names (e.g. `{\"private_key\": \"private_key_der\"}`) |\n| `when` | no | Jinja2 boolean expression — step only runs if this evaluates to true (e.g. `\"raw.ssl_ca_pem is defined\"`) |\n| `field_map` | no | Mapper entries contributed only when this step runs — useful for conditional fields |\n\nWalk the user through `type`, `input`, and `output` for each step. Ask about `when` if the step should only run under certain credential conditions (e.g. when an optional SSL cert is present).\n\nSteps run in order before the mapper. The mapper can reference step outputs via `{{ derived. }}`.\n\n---\n\n## Step 6 — Output the final config\n\nProduce the complete Connection Auth Rules as a Python dict (ready to serialize to JSON for storage). This is stored as `ctp_config` on the `Connection` model:\n\n```python\n{\n \"steps\": [\n # each step as a dict, e.g.:\n {\n \"type\": \"load_private_key\",\n \"input\": {\n \"pem\": \"{{ raw.private_key_pem }}\"\n },\n \"output\": {\n \"private_key\": \"private_key_der\"\n }\n # optional: \"when\": \"raw.private_key_pem is defined\"\n }\n ],\n \"mapper\": {\n \"field_map\": {\n \"output_key\": \"{{ raw.credential_field }}\",\n # step output referenced as: \"private_key\": \"{{ derived.private_key_der }}\"\n # ...\n }\n }\n}\n```\n\nAlso show the equivalent JSON, since this is what gets stored in the monolith's `Connection.ctp_config` field and entered in the \"Connection auth rules\" field in the UI.\n\nRemind the user that validation happens server-side via `validateConnectionCtpConfig` — they should test the config through that mutation (or the Validate button in the UI) after saving it.\n\n---\n\n## Notes\n\n- **No in-skill validation.** The skill helps construct the config but does not execute or validate it. The user validates via the monolith's `validateConnectionCtpConfig` GraphQL mutation or the Validate button in the \"Connection auth rules\" UI section.\n- **`is not None` pattern.** An empty `field_map` (`{}`) is valid — do not treat it as missing. The monolith checks `ctp_config is not None`, not truthiness.\n- **Steps are optional.** Most simple connectors use `steps: []`. Only add steps when the user needs credential transformation (e.g. PEM decoding, composite field construction).\n- **Fetch failures are recoverable.** If the GitHub API fetch fails, tell the user exactly what failed and offer to retry. Do not silently fall back to guessed schemas.\n- **Naming:** The user-facing name for this feature is \"Connection auth rules\". The underlying field and backend model remain `ctp_config` / `CtpConfig`.","tags":["connection","auth","rules","agent","toolkit","monte-carlo-data","agent-observability","agent-skills","ai-agents","claude-code","codex-skills","cursor"],"capabilities":["skill","source-monte-carlo-data","skill-connection-auth-rules","topic-agent-observability","topic-agent-skills","topic-ai-agents","topic-claude-code","topic-codex-skills","topic-cursor","topic-data-observability","topic-data-quality","topic-mcp","topic-monte-carlo","topic-opencode","topic-skill-md"],"categories":["mc-agent-toolkit"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/monte-carlo-data/mc-agent-toolkit/connection-auth-rules","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add monte-carlo-data/mc-agent-toolkit","source_repo":"https://github.com/monte-carlo-data/mc-agent-toolkit","install_from":"skills.sh"}},"qualityScore":"0.489","qualityRationale":"deterministic score 0.49 from registry signals: · indexed on github topic:agent-skills · 78 github stars · SKILL.md body (7,356 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-02T12:55:21.475Z","embedding":null,"createdAt":"2026-04-18T22:12:50.326Z","updatedAt":"2026-05-02T12:55:21.475Z","lastSeenAt":"2026-05-02T12:55:21.475Z","tsv":"'-1':220 '/.claude':212 '/connection-auth-rules':216 '/dev/null':218 '1':198,509 '1433':602 '2':217,279,380,522 '3':366,534 '4':495 '5':639 '6':798 'activ':86,89,153,158 'ad':576 'add':1009 'agent':27,70 'alreadi':342,381 'also':876 'analyz':177 'analyze-root-caus':176 'api':1030 'apollo':26,69 'apollo-ag':25 'arg':82,314,449 'ask':93,103,124,246,487,523,761 'auth':3,8,30,44,101,114,137,145,807,899,970,1062 'avail':200,369,452 'back':1047 'backend':1068 'bash':208,209,224,298,395 'boolean':719 'build':5,41,96,190,253,496 'builder':32 'button':927,966 'ca':731 'carlo':13,53 'caus':179 'cert':779 'certain':771 'certif':653 'check':992 'collector':623 'come':619 'common':593 'companion':205 'complet':805 'composit':1020 'concaten':603 'condit':748,773 'conditional/default':599 'config':49,56,193,255,377,802,825,892,920,945,994,1072 'configur':343,640,661 'connect':2,7,14,29,43,54,61,81,100,110,113,123,136,144,184,201,248,289,313,448,636,806,828,898,969,1061 'connection-auth-rul':1 'connection.ctp':891 'connector':18,276,282,296,300,322,374,397,516,646,1005 'construct':654,943,1022 'context':551 'continu':477 'contract':457 'contribut':740 'creat':95,163 'creation':169 'credenti':75,119,332,558,568,613,625,772,1015 'ctp':48,824,993,1071 'ctpconfig':129,1073 'custom':118,391,532,536 'data':172,480,622 'dc':632 'decod':650,1019 'default':325,330,336,339,354,376,512,530,601 'defin':734,859 'der':715,852,875 'deriv':424,431,574,656,707,796 'derived.field':581 'derived.private':590,873 'describ':482 'descript':672 'dict':559,626,666,684,698,812,836 'direct':570 'doesn':609 'driver':79,311 'driver-level':310 'driver-specif':78 'e.g':649,678,691,710,729,774,837,1017 'empti':979 'enter':895 'entri':234,358,402,440,739 'equival':879 'error':263 'evalu':726 'exact':1036 'exampl':571,589 'execut':949 'exist':329,360,521 'express':545,720 'face':1055 'fail':260,467,1032,1038 'failur':1024 'fall':1046 'featur':1059 'fetch':16,280,368,1023,1031 'fetch_schema.py':214 'field':105,238,326,333,356,414,425,436,461,569,575,596,614,657,669,670,735,749,861,866,893,901,980,1021,1066 'final':801 'find':210 'flat':74,557 'flow':196 'format':83,147 'full':456 'generat':98 'get':885 'github':1029 'graphql':961 'guess':1049 'happen':910 'head':219 'help':133,538,548,658,942 'hint':463 'id':573 'in-skil':936 'incid':173 'includ':382 'indic':388 'input':413,458,682,755,842 'investig':171 'jinja2':334,543,546,718 'json':192,230,304,817,880 'keep':528 'key':308,315,352,505,591,628,681,694,708,712,714,841,845,849,851,856,864,872,874 'know':611 'l':211 'level':312 'like':132 'list':199,226,277 'live':17 'load':679,839 'locat':203 'logic':703 'manual':493 'map':327,331,357,437,462,699,736,862,981 'mapper':317,355,434,439,498,738,788,790,860 'mapperconfig':126,518 'miss':989 'model':829,1069 'monitor':164,168 'monitor-cr':167 'monolith':65,889,958,991 'mont':12,52 'must':318 'mutat':923,962 'name':213,237,241,297,404,564,582,615,677,705,709,1051,1056 'namespac':554 'need':107,390,647,1014 'none':976,997 'note':934 'object':62 'offer':266,472,1040 'one':520 'option':367,643,777,853,1002 'order':785 'output':229,264,303,307,351,423,446,459,504,588,696,704,757,794,799,847,863,868 'pars':231,305,399 'path':215 'pattern':594,977 'pem':592,652,692,695,732,843,846,857,1018 'pipelin':420 'present':239,344,450,781 'privat':680,711,713,840,848,850,871 'proceed':271 'produc':319,803 'python':811,830 'python3':225,299,396 'raw':555 'raw.client':572 'raw.credential':865 'raw.field':563 'raw.host':604 'raw.port':600,605 'raw.private':693,844,855 'raw.ssl':730 'raw.username':598 'read':417,690 'readi':813 'receiv':561 'recover':1026 'refer':566,584,597,792 'referenc':429,869 'remain':1070 'remind':616,905 'repo':28 'requir':671 'result.connectors':232 'result.schema':306 'result.transforms':400 'retri':268,474,1042 'root':178 'rule':4,9,31,45,102,115,138,146,808,900,971,1063 'run':222,291,394,723,745,769,783 'save':932 'say':130 'schema':19,283,1050 'script':206,228,259,293,302,466 'section':973 'select':287 'send':633 'serial':815 'server':912 'server-sid':911 'set':181 'show':261,510,877 'side':913 'silent':1045 'simpl':595,1004 'sinc':881 'skill':35,88,155,170,180,189,938,941 'skill-connection-auth-rules' 'source-monte-carlo-data' 'specif':80 'specifi':491 'ssl':778 'state':421 'step':22,197,278,337,341,361,365,371,379,383,393,406,412,416,422,427,435,444,453,479,483,494,579,586,638,642,648,663,665,675,689,701,721,744,760,766,782,793,797,831,833,867,1000,1007,1010 'storag':819 'store':46,58,822,886 'string':408,687 'summari':346 'tell':67,468,1033 'templat':335,513,544,547,550,686 'test':918 'thing':131 'topic-agent-observability' 'topic-agent-skills' 'topic-ai-agents' 'topic-claude-code' 'topic-codex-skills' 'topic-cursor' 'topic-data-observability' 'topic-data-quality' 'topic-mcp' 'topic-monte-carlo' 'topic-opencode' 'topic-skill-md' 'transform':21,73,120,340,370,392,398,578,641,1016 'transformstep':127 'treat':986 'true':728 'truthi':999 'two':553 'type':15,111,202,249,290,364,407,411,637,673,676,754,838 'typeddict':324,508 'typic':438 'ui':187,195,904,930,972 'under':1065 'unknown':485 'use':33,165,174,409,562,580,746,1006 'user':38,92,161,244,286,349,387,470,489,501,540,608,660,752,907,954,1013,1035,1054 'user-fac':1053 'valid':909,926,939,951,955,965,983 'validateconnectionctpconfig':915,960 'valu':537 'via':795,914,956 'walk':499,750 'want':39,116,251,526 'whatev':630 'wire':442 'without':478 'write':135,428,541 'x':140,149 'yes':674,683,697","prices":[{"id":"88894525-7b24-4376-9f36-05ff773564a4","listingId":"553ee17b-b5e6-4078-9042-f53573133a2d","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"monte-carlo-data","category":"mc-agent-toolkit","install_from":"skills.sh"},"createdAt":"2026-04-18T22:12:50.326Z"}],"sources":[{"listingId":"553ee17b-b5e6-4078-9042-f53573133a2d","source":"github","sourceId":"monte-carlo-data/mc-agent-toolkit/connection-auth-rules","sourceUrl":"https://github.com/monte-carlo-data/mc-agent-toolkit/tree/main/skills/connection-auth-rules","isPrimary":false,"firstSeenAt":"2026-04-18T22:12:50.326Z","lastSeenAt":"2026-05-02T12:55:21.475Z"}],"details":{"listingId":"553ee17b-b5e6-4078-9042-f53573133a2d","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"monte-carlo-data","slug":"connection-auth-rules","github":{"repo":"monte-carlo-data/mc-agent-toolkit","stars":78,"topics":["agent-observability","agent-skills","ai-agents","claude-code","codex-skills","cursor","data-observability","data-quality","mcp","monte-carlo","opencode","skill-md","skillsmp","vscode"],"license":"apache-2.0","html_url":"https://github.com/monte-carlo-data/mc-agent-toolkit","pushed_at":"2026-04-30T23:25:43Z","description":"Official Monte Carlo toolkit for AI coding agents. Skills and plugins that bring data and agent observability — monitoring, triaging, troubleshooting, health checks — into Claude Code, Cursor, and more.","skill_md_sha":"640a96d906f567c69a60d46c5f4bc12ee15ba746","skill_md_path":"skills/connection-auth-rules/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/monte-carlo-data/mc-agent-toolkit/tree/main/skills/connection-auth-rules"},"layout":"multi","source":"github","category":"mc-agent-toolkit","frontmatter":{"name":"connection-auth-rules","description":"Build a Connection Auth Rules for a Monte Carlo connection type. Fetches live connector schemas and transform steps from the apollo-agent repo."},"skills_sh_url":"https://skills.sh/monte-carlo-data/mc-agent-toolkit/connection-auth-rules"},"updatedAt":"2026-05-02T12:55:21.475Z"}}