Skip to Content
FoundationGovernance

Governance

Service integrators must keep humans in the loop, protect credentials, and provide a clean audit trail. Use these controls when rolling Trame out to clients.

Approvals and workflow status

  • Draft/Pilot require approval before execution. Keep workflows here while validating outcomes with client stakeholders.
  • Live skips approval—only promote once the client signs off.
  • Paused stops trigger-based runs; use this during incidents or connector outages.
  • Approval prompts show planned steps and tools. Encourage reviewers to decline with a reason when something looks risky.

Access control

  • Roles: Owners control roles and can change Admins/Members; Admins manage Members and operational settings; Members run and edit workflows but cannot change roles.
  • Use separate workspaces per client to isolate connectors and data. Never reuse a client’s connector in another workspace.
  • Limit who can connect toolkits to Owners/Admins for regulated clients.

Audit trail

  • Audit logs record connector changes, workflow status changes, trigger updates, and user actions. Owners/Admins can view/export logs from Settings → Audit.
  • During incidents, filter logs by entity (workflow/connector) and timeframe to understand who changed what.

Data and safety practices

  • Keep sensitive values (IDs, emails, URLs) in workflow required details, not in freeform prompts.
  • Scope connectors to least privilege in the source system (read vs. write, specific channels/folders).
  • Reconnect connectors promptly if they enter “Needs attention” to avoid partial runs.
  • Use Pilot mode for any workflow that touches production systems until the client approves the exact behavior.

Change management playbook

  1. Draft/update workflow and keep it in Draft.
  2. Run manual tests; collect feedback from the client.
  3. Move to Pilot with approvals on; monitor early runs and audit logs.
  4. Promote to Live once stable; keep a rollback plan (pause workflow or disconnect trigger) ready.
  5. After incidents, export relevant audit logs and summarize remediation for the client.
Last updated on
Getting startedTrial & Production Plans