Early access opening ahead of Snowflake Summit, June 2–5. Request access →
Tessra
Menu
ProductIntegrationsDocsBlogDemoSnowflake

Paste these commands into Snowflake to run your first governed action.

Governance authoring & context

Register warehouse context, bind it to actions, compile policies into durable tables, and operate the same paths from SQL or the Tessra Action Service (including MCP tools).

Why this exists

Tessra evaluates policy against action params and optional context rows loaded from your warehouse. Authoring keeps the catalog and rules in Snowflake so runtime stays table-driven; HTTP and MCP are convenience surfaces over the same contracts.

Core vocabulary

  • Governance context — Named catalog entry: which relation to read and which param keys match a row (GOVERNANCE_CONTEXT_SOURCE). Not the same as per-intent snapshots in ACTION_CONTEXT.
  • Context binding — Enables loading that context for an action (ACTION_CONTEXT_BINDING).
  • Action policy — Ordered rules compiled into ORG_POLICY (and related authoring metadata). Predicates may reference params.* and context.*.

Policy language (v1)

  • Each of AUTO_APPROVE_WHEN, REQUIRE_APPROVAL_WHEN, DENY_WHEN is optional; clauses join with AND (case-insensitive).
  • Each clause: params.<field> <op> <number> or context.<field> <op> <number>.
  • Operators: <= < > >= = ==
  • At most one params.amount comparison per WHEN blob (compiler rejects ambiguous amount predicates).

API / SQL reference → for procedures, HTTP routes, and callback contracts.

Snowflake procedures (authoring)

  • APP.CREATE_ACTION_CONTEXT — register context catalog row
  • APP.CREATE_ACTION_POLICY — compile WHEN strings into ORG_POLICY + binding
  • APP.ENABLE_ACTION — enable an action for an org
  • APP.LIST_GOVERNANCE_CONTEXT_SOURCES — list catalog rows (JSON)
  • APP.DESCRIBE_GOVERNANCE_CONTEXT_SOURCE — schema + sample rows (JSON)
Illustrative shape (names vary by install)
-- Register context, bind to action, compile policy bands (simplified):
-- CALL APP.CREATE_ACTION_CONTEXT(...);
-- CALL APP.CREATE_ACTION_POLICY(...);
-- CALL APP.ENABLE_ACTION(...);

Operator flow (Action Service / MCP)

  1. Discover context — list and describe governance context sources (schemas, example rows).
  2. Generate policy SQL — natural language to a verified intermediate spec, then compiled CALL APP.* SQL (never auto-applied).
  3. Apply — run only allowlisted authoring calls (CREATE_ACTION_CONTEXT, CREATE_ACTION_POLICY, ENABLE_ACTION).
  4. Executors — template-bound webhook mapping and validation (separate from raw SQL apply).
  5. Run & audit — simulate or request actions and read receipts / walkthroughs.

Canonical HTTP route list and field names live in the repository docs/api-spec.md (Governance authoring section).

Related