kf connector
Install, configure, rotate, and replay tenant connectors.
kf connector activate-as-shopify-fulfillment-service
Register Karman as a Shopify FulfillmentService against the bound shop.
Register Karman as a Shopify FulfillmentService against the bound shop. Sets connector_bindings.custom_fields.shopifyAsFulfillmentService=true and stores the partner-returned fulfillment_service_id and location_id so destinations can route shipment writes. Emits connector.fulfillment_service.activated. Risk class R3.
| Flag | Required | Description |
|---|---|---|
--tenant <id> | yes | Target tenant id. |
--environment <id> | no | Target environment id; defaults to the active profile environment. |
--actor-type <type> | yes | Actor type (USER, SYSTEM, CONNECTOR, AGENT, SERVICE). |
--actor-id <id> | yes | Actor id. |
--idempotency-key <key> | no | Idempotency key for safe retries. Generated when omitted. |
--binding-id <value> | yes | Binding id. |
--shopify-fulfillment-service-id <value> | yes | Shopify fulfillment service id. |
--shopify-location-id <value> | yes | Shopify location id. |
--callback-url <value> | yes | Callback url. |
Example
kf connector activate-as-shopify-fulfillment-service --tenant tnt_demo --actor-type USER --actor-id usr_sam --binding-id <value> --shopify-fulfillment-service-id <value> --shopify-location-id <value> --callback-url <value>kf connector add-shopify-shop
Attach a secondary Shopify shop to an existing tenant binding (multi-shop).
Attach a secondary Shopify shop to an existing tenant binding (multi-shop). Requires an active primary Shopify binding for the tenant. Stores only a secret-store reference and emits connector.shop.added. Risk class R4 because the command accepts caller-managed connector credentials.
| Flag | Required | Description |
|---|---|---|
--tenant <id> | yes | Target tenant id. |
--environment <id> | no | Target environment id; defaults to the active profile environment. |
--actor-type <type> | yes | Actor type (USER, SYSTEM, CONNECTOR, AGENT, SERVICE). |
--actor-id <id> | yes | Actor id. |
--idempotency-key <key> | no | Idempotency key for safe retries. Generated when omitted. |
--shop-domain <value> | yes | Shop domain. |
--access-token-secret-ref-stdin | yes | Read Access token secret ref. from stdin. |
--scope <value> | yes | Scope. |
--installed-by-actor-id <value> | yes | Installed by actor id. |
Example
kf connector add-shopify-shop --tenant tnt_demo --actor-type USER --actor-id usr_sam --shop-domain <value> --access-token-secret-ref-stdin --scope <value> --installed-by-actor-id <value>kf connector deactivate-as-shopify-fulfillment-service
Deregister Karman as a Shopify FulfillmentService.
Deregister Karman as a Shopify FulfillmentService. Clears the binding's fulfillment-service custom fields. Emits connector.fulfillment_service.deactivated. Risk class R3.
| Flag | Required | Description |
|---|---|---|
--tenant <id> | yes | Target tenant id. |
--environment <id> | no | Target environment id; defaults to the active profile environment. |
--actor-type <type> | yes | Actor type (USER, SYSTEM, CONNECTOR, AGENT, SERVICE). |
--actor-id <id> | yes | Actor id. |
--idempotency-key <key> | no | Idempotency key for safe retries. Generated when omitted. |
--binding-id <value> | yes | Binding id. |
Example
kf connector deactivate-as-shopify-fulfillment-service --tenant tnt_demo --actor-type USER --actor-id usr_sam --binding-id <value>kf connector ignore-shopify-drift-event
Operator-driven dismiss for a Shopify drift inbox row.
Operator-driven dismiss for a Shopify drift inbox row. Emits connector.shopify.drift.ignored referencing the original drift event id; the drift inbox subtracts these from the recorded feed so dismissed rows drop off the operator view. Round 6 P1.6.3. Risk R2.
| Flag | Required | Description |
|---|---|---|
--tenant <id> | yes | Target tenant id. |
--environment <id> | no | Target environment id; defaults to the active profile environment. |
--actor-type <type> | yes | Actor type (USER, SYSTEM, CONNECTOR, AGENT, SERVICE). |
--actor-id <id> | yes | Actor id. |
--idempotency-key <key> | no | Idempotency key for safe retries. Generated when omitted. |
--binding-id <value> | yes | Binding id. |
--drift-event-id <value> | yes | Drift event id. |
--aggregate-type <value> | yes | Aggregate type. |
--partner-aggregate-id <value> | yes | Partner aggregate id. |
--dismissed-reason <value> | no | Dismissed reason. |
Example
kf connector ignore-shopify-drift-event --tenant tnt_demo --actor-type USER --actor-id usr_sam --binding-id <value> --drift-event-id <value> --aggregate-type <value> --partner-aggregate-id <value>kf connector install-shopify
Install (or reinstall) a Shopify connector binding after successful OAuth or custom-app credential entry.
Install (or reinstall) a Shopify connector binding after successful OAuth or custom-app credential entry. Stores only a secret-store reference, not the raw access token. Emits connector.shopify.installed on first install and connector.shopify.reinstalled on subsequent runs, and enqueues an INGEST_CONNECTOR_RUN job inside the same transaction. Risk class R4; grant connector.binding:write.
| Flag | Required | Description |
|---|---|---|
--tenant <id> | yes | Target tenant id. |
--environment <id> | no | Target environment id; defaults to the active profile environment. |
--actor-type <type> | yes | Actor type (USER, SYSTEM, CONNECTOR, AGENT, SERVICE). |
--actor-id <id> | yes | Actor id. |
--idempotency-key <key> | no | Idempotency key for safe retries. Generated when omitted. |
--shop-domain <value> | yes | Shop domain. |
--access-token-secret-ref-stdin | yes | Read Access token secret ref. from stdin. |
--scope <value> | yes | Scope. |
--installed-by-actor-id <value> | yes | Installed by actor id. |
Example
kf connector install-shopify --tenant tnt_demo --actor-type USER --actor-id usr_sam --shop-domain <value> --access-token-secret-ref-stdin --scope <value> --installed-by-actor-id <value>kf connector process-gdpr-data-request
Inbound Shopify customers/data_request route.
Inbound Shopify customers/data_request route. Records the request and emits gdpr.data_request.completed with an artifactRef pointing at the encrypted export bundle. Does not email the customer; that is the merchant's responsibility. Risk class R3; the webhook dispatcher files an approval request instead of executing without approval.
| Flag | Required | Description |
|---|---|---|
--tenant <id> | yes | Target tenant id. |
--environment <id> | no | Target environment id; defaults to the active profile environment. |
--actor-type <type> | yes | Actor type (USER, SYSTEM, CONNECTOR, AGENT, SERVICE). |
--actor-id <id> | yes | Actor id. |
--idempotency-key <key> | no | Idempotency key for safe retries. Generated when omitted. |
--binding-id <value> | yes | Binding id. |
--provider <value> | no | Provider. |
--partner-customer-id <value> | yes | Partner customer id. |
--partner-customer-email <value> | no | Partner customer email. |
--partner-orders-requested <value> | no | Partner orders requested. |
--received-on <value> | yes | ISO date/time |
Example
kf connector process-gdpr-data-request --tenant tnt_demo --actor-type USER --actor-id usr_sam --binding-id <value> --partner-customer-id <value> --received-on <value>kf connector record-webhook-receipt
Record a generic inbound connector webhook receipt after signature verification and transition it to processed, deferred, ignored, or failed.
Record a generic inbound connector webhook receipt after signature verification and transition it to processed, deferred, ignored, or failed. Used by payment providers such as Adyen so webhook proof, replay, and command receipts are provider-neutral.
| Flag | Required | Description |
|---|---|---|
--tenant <id> | yes | Target tenant id. |
--environment <id> | no | Target environment id; defaults to the active profile environment. |
--actor-type <type> | yes | Actor type (USER, SYSTEM, CONNECTOR, AGENT, SERVICE). |
--actor-id <id> | yes | Actor id. |
--idempotency-key <key> | no | Idempotency key for safe retries. Generated when omitted. |
--binding-id <value> | yes | Binding id. |
--connector-key <value> | yes | Connector key. |
--provider <value> | yes | Provider. |
--external-account-ref <value> | no | External account ref. |
--delivery-id <value> | yes | Delivery id. |
--topic <value> | yes | Topic. |
--provider-event-id <value> | no | Provider event id. |
--provider-reference <value> | no | Provider reference. |
--body-hash <value> | yes | Body hash. |
--replay-fingerprint <value> | yes | Replay fingerprint. |
--hmac-verified <value> | yes | Hmac verified. |
--raw-payload-ref <value> | no | Raw payload ref. |
--received-on <value> | no | ISO date/time |
--status <value> | yes | Status. |
--last-error <value> | no | Last error. |
Example
kf connector record-webhook-receipt --tenant tnt_demo --actor-type USER --actor-id usr_sam --binding-id <value> --connector-key <value> --provider <value> --delivery-id <value> --topic <value> --body-hash <value> --replay-fingerprint <value> --hmac-verified <value> --status <value>kf connector redact-customer-data
Inbound Shopify customers/redact route.
Inbound Shopify customers/redact route. Tombstones the resolved Karman party (status=ERASED, name fields set to __redacted__) and marks every Party-scoped custom_field with field_group=REDACTED. Risk class R3; the webhook dispatcher files an approval request instead of executing without approval.
| Flag | Required | Description |
|---|---|---|
--tenant <id> | yes | Target tenant id. |
--environment <id> | no | Target environment id; defaults to the active profile environment. |
--actor-type <type> | yes | Actor type (USER, SYSTEM, CONNECTOR, AGENT, SERVICE). |
--actor-id <id> | yes | Actor id. |
--idempotency-key <key> | no | Idempotency key for safe retries. Generated when omitted. |
--binding-id <value> | yes | Binding id. |
--provider <value> | no | Provider. |
--partner-customer-id <value> | yes | Partner customer id. |
--partner-customer-email <value> | no | Partner customer email. |
--received-on <value> | yes | ISO date/time |
Example
kf connector redact-customer-data --tenant tnt_demo --actor-type USER --actor-id usr_sam --binding-id <value> --partner-customer-id <value> --received-on <value>kf connector redact-shop-data
Inbound Shopify shop/redact route.
Inbound Shopify shop/redact route. Mass-mutation that flips the binding to REVOKED, redacts every party scoped to the bound shop, and marks every Party/Address/ContactPoint custom field as REDACTED. Risk class R4: never auto-executed; requires explicit operator approval which is recorded as operatorApprovalReceiptId on the input.
| Flag | Required | Description |
|---|---|---|
--tenant <id> | yes | Target tenant id. |
--environment <id> | no | Target environment id; defaults to the active profile environment. |
--actor-type <type> | yes | Actor type (USER, SYSTEM, CONNECTOR, AGENT, SERVICE). |
--actor-id <id> | yes | Actor id. |
--idempotency-key <key> | no | Idempotency key for safe retries. Generated when omitted. |
--binding-id <value> | yes | Binding id. |
--provider <value> | no | Provider. |
--partner-shop-id <value> | yes | Partner shop id. |
--shop-domain <value> | yes | Shop domain. |
--received-on <value> | yes | ISO date/time |
--operator-approval-receipt-id <value> | yes | Operator approval receipt id. |
Example
kf connector redact-shop-data --tenant tnt_demo --actor-type USER --actor-id usr_sam --binding-id <value> --partner-shop-id <value> --shop-domain <value> --received-on <value> --operator-approval-receipt-id <value>kf connector register-amazon-us-binding
Register (or reinstall) an Amazon US (SP-API) connector binding after a successful LWA handshake.
Register (or reinstall) an Amazon US (SP-API) connector binding after a successful LWA handshake. Stores only secret-store references (refresh token, LWA client id/secret, optional IAM keys and role ARN), never raw credentials. Activates the core.connector.amazon-us feature module in the same transaction so tenant discovery surfaces see Amazon as ACTIVE. Emits connector.amazon_us.installed on first install and connector.amazon_us.reinstalled on subsequent runs, and enqueues an INGEST_CONNECTOR_RUN job inside the same transaction. Risk class R4; grant connector.binding:write to operators and partner agents who onboard sellers.
| Flag | Required | Description |
|---|---|---|
--tenant <id> | yes | Target tenant id. |
--environment <id> | no | Target environment id; defaults to the active profile environment. |
--actor-type <type> | yes | Actor type (USER, SYSTEM, CONNECTOR, AGENT, SERVICE). |
--actor-id <id> | yes | Actor id. |
--idempotency-key <key> | no | Idempotency key for safe retries. Generated when omitted. |
--seller-id <value> | yes | Seller id. |
--marketplace-ids <value> | yes | Marketplace ids. |
--refresh-token-secret-ref-stdin | yes | Read Refresh token secret ref. from stdin. |
--lwa-client-id-secret-ref-stdin | yes | Read Lwa client id secret ref. from stdin. |
--lwa-client-secret-ref-stdin | yes | Read Lwa client secret ref. from stdin. |
--iam-role-arn <value> | no | Iam role arn. |
--iam-access-key-id-secret-ref-stdin | no | Read Iam access key id secret ref. from stdin. |
--iam-secret-access-key-ref-stdin | no | Read Iam secret access key ref. from stdin. |
--region <value> | no | Region. |
--scope <value> | yes | Scope. |
--installed-by-actor-id <value> | yes | Installed by actor id. |
Example
kf connector register-amazon-us-binding --tenant tnt_demo --actor-type USER --actor-id usr_sam --seller-id <value> --marketplace-ids <value> --refresh-token-secret-ref-stdin --lwa-client-id-secret-ref-stdin --lwa-client-secret-ref-stdin --scope <value> --installed-by-actor-id <value>kf connector replay-sync
Operator-initiated replay of a connector ingestion run.
Operator-initiated replay of a connector ingestion run. Enqueues an INGEST_CONNECTOR_RUN job for the given binding, bypassing schedule cadence. Idempotent per metadata.idempotencyKey.
| Flag | Required | Description |
|---|---|---|
--tenant <id> | yes | Target tenant id. |
--environment <id> | no | Target environment id; defaults to the active profile environment. |
--actor-type <type> | yes | Actor type (USER, SYSTEM, CONNECTOR, AGENT, SERVICE). |
--actor-id <id> | yes | Actor id. |
--idempotency-key <key> | no | Idempotency key for safe retries. Generated when omitted. |
--binding-id <value> | yes | Binding id. |
--run-type <value> | yes | Run type. |
--entity-scope <value> | no | Entity scope. |
--observed-from <value> | no | ISO date/time |
--observed-to <value> | no | ISO date/time |
Example
kf connector replay-sync --tenant tnt_demo --actor-type USER --actor-id usr_sam --binding-id <value> --run-type <value>kf connector rotate-shopify-token
Replace the access-token secret reference on a Shopify connector binding.
Replace the access-token secret reference on a Shopify connector binding. Used by both the OAuth re-grant flow (public-app installs) and the operator paste-token flow (custom-app installs). Emits connector.token.rotated. Risk class R4 because the command accepts caller-managed connector credentials.
| Flag | Required | Description |
|---|---|---|
--tenant <id> | yes | Target tenant id. |
--environment <id> | no | Target environment id; defaults to the active profile environment. |
--actor-type <type> | yes | Actor type (USER, SYSTEM, CONNECTOR, AGENT, SERVICE). |
--actor-id <id> | yes | Actor id. |
--idempotency-key <key> | no | Idempotency key for safe retries. Generated when omitted. |
--binding-id <value> | yes | Binding id. |
--access-token-secret-ref-stdin | yes | Read Access token secret ref. from stdin. |
--scope <value> | no | Scope. |
--rotated-by-actor-id <value> | yes | Rotated by actor id. |
Example
kf connector rotate-shopify-token --tenant tnt_demo --actor-type USER --actor-id usr_sam --binding-id <value> --access-token-secret-ref-stdin --rotated-by-actor-id <value>kf connector uninstall-shopify
Mark a Shopify connector binding REVOKED.
Mark a Shopify connector binding REVOKED. Single entry point for the inbound app/uninstalled webhook and operator-driven uninstall. Pauses jobs, invalidates secrets, and emits connector.binding_revoked. Idempotent on already-revoked bindings. Risk class R2.
| Flag | Required | Description |
|---|---|---|
--tenant <id> | yes | Target tenant id. |
--environment <id> | no | Target environment id; defaults to the active profile environment. |
--actor-type <type> | yes | Actor type (USER, SYSTEM, CONNECTOR, AGENT, SERVICE). |
--actor-id <id> | yes | Actor id. |
--idempotency-key <key> | no | Idempotency key for safe retries. Generated when omitted. |
--binding-id <value> | yes | Binding id. |
--reason <value> | yes | Reason. |
--detail <value> | no | Detail. |
Example
kf connector uninstall-shopify --tenant tnt_demo --actor-type USER --actor-id usr_sam --binding-id <value> --reason <value>kf connector upsert-transform-profile
Create or update a tenant TransformProfile in tenant_configs.ingestion.transformProfiles.
Create or update a tenant TransformProfile in tenant_configs.ingestion.transformProfiles. Single write path shared by the operator-console mapping UI and the mapping-author agent (unified-connector-interface invariant). Idempotent on metadata.idempotencyKey; bumps the catalog row's version on each commit. Approval-gated (R2 with requiresApproval) so agent-proposed mappings get human sign-off by default; a per-tenant policy may later auto-approve high-confidence proposals once trust is established.
| Flag | Required | Description |
|---|---|---|
--tenant <id> | yes | Target tenant id. |
--environment <id> | no | Target environment id; defaults to the active profile environment. |
--actor-type <type> | yes | Actor type (USER, SYSTEM, CONNECTOR, AGENT, SERVICE). |
--actor-id <id> | yes | Actor id. |
--idempotency-key <key> | no | Idempotency key for safe retries. Generated when omitted. |
--profile-id <value> | yes | Profile id. |
--profile <value> | yes | Profile. |
--proposed-by <value> | yes | Proposed by. |
--rationale <value> | no | Rationale. |
Example
kf connector upsert-transform-profile --tenant tnt_demo --actor-type USER --actor-id usr_sam --profile-id <value> --profile <value> --proposed-by <value>