Appearance
External Processors & Connectors
Use external services in Data Motion pipelines for inspection and transformation. Processors are declared globally under configuration.integrations.processors and referenced from dataMotion rules via action: "process".
What You'll Learn
- Processor types (builtin, http, grpc, script, queue)
- Security, privacy, and sovereignty controls
- Timeouts, concurrency, rate limits, and offline behavior
- Authoring examples for common integrations (DLP, OCR, AV, redaction)
Registry schema
Declare processors under configuration.integrations.processors.
- Common fields
id: stable identifier used by pipelines (e.g., dlp-purview)type: builtin | http | grpc | script | queuecapabilities:[inspect|transform]regionAllowlist: optional list of allowed regions/sovereign tagsdataPolicies: payload minimization and chunking options (sendRaw|hashOnly|maxBytes|redactPatterns|chunking)limits:timeoutMs,maxConcurrent,rateLimit,offlinePolicy("deny"|"allow"|"skipProcessor")audit:redactRequest,redactResponse,includeFindingsInAudit
When a processor is used from a Data Motion pipeline with mode: "observe", the runtime treats the call as observe-only: the payload for the current operation is not modified and any results are recorded as semanticFindings for audit and analytics, not as a basis for denying the operation.
- Type-specific fields
- builtin:
name(e.g.,htmlSanitize,stripFormats,watermark,blurBackground,rateLimit) - http:
endpoint,auth(apiKey|basic|oidc|bearer),security(mTLS + pin),headers - grpc:
target,security(mTLS + pin) - script:
command,args[],workingDirectory - queue:
queue(name/ARN/url), optionalendpoint/auth/security
- builtin:
See the Schema Reference for the authoritative definition.
Security and privacy
- Credentials via
{{CRED:*}}variables; never bake secrets in policy. - mTLS with certificate pinning where possible; use
regionAllowlistto enforce sovereignty. - Minimize payloads: prefer
hashOnlyor feature extraction when full content is not required; setmaxBytesandredactPatterns. - Strict audit with redaction: emit metadata (sizes, hashes, timings, provider id) without payloads.
Failure and offline policy
- Per-processor:
limits.offlinePolicycontrols behavior when the processor is unreachable. - Per-pipeline:
action.process.onProcessorFailureprovides a default for all steps; each step can override viastep.onFailure. - Recommended defaults for high assurance:
offlinePolicy: "deny"andonProcessorFailure: "deny".
Performance and scalability
External processors participate in runtime-critical paths such as clipboard, drag-and-drop, screen capture, and AI interactions. Configure them with explicit performance and capacity limits so that slow or unavailable services do not degrade user experience.
Recommended patterns:
- Set explicit latency bounds: Use
limits.timeoutMsto cap how long the Launcher waits for a processor. Avoid unbounded waits on latency-sensitive channels. - Control concurrency and throughput: Use
limits.maxConcurrentandlimits.rateLimitto protect downstream services from overload and to prevent the client from saturating local resources. - Choose an offline policy per integration:
offlinePolicy: "deny"for mandatory security gates where inspection is required before allowing data to move.offlinePolicy: "skipProcessor"for optional enrichments where it is acceptable to proceed without the external result.
- Use queue processors for heavy workloads: For large file scans, batch OCR, or multi-step classification, prefer
type: "queue"processors so that inspection can be completed off the critical user path. - Combine with Data Motion caching: When processors feed back normalized classifications or findings, use
dataMotionrules withaction.process.cacheTtlSecto avoid re-submitting identical content. - Prefer observe mode for AI telemetry: For AI-related channels (such as
ai.promptInput,ai.modelOutput, andrag.contextRetrieval), prefermode: "observe"withtype: "queue"or other asynchronous processors so that telemetry and classification run off the critical user path. CombineofflinePolicy: "skipProcessor"on the processor withonProcessorFailure: "allow"in the pipeline when observation should never block the AI interaction.
Example (queue-backed AV scan with bounded latency and concurrency):
json
{
"configuration": {
"integrations": {
"processors": [
{
"id": "av-gateway-queue",
"type": "queue",
"queue": "arn:aws:sqs:us-gov-west-1:123456789012:av-scan",
"capabilities": ["inspect"],
"limits": {
"timeoutMs": 3000,
"offlinePolicy": "deny",
"maxConcurrent": 8
}
}
]
}
}
}Paired with Data Motion rules that use classifications produced by the AV service, this allows the Launcher to enforce DLP decisions without performing full content scans synchronously on every transfer.
Examples
HTTP DLP inspection
json
{
"configuration": {
"integrations": {
"processors": [
{
"id": "dlp-purview",
"type": "http",
"endpoint": "https://dlp.api.corp/inspect",
"auth": { "type": "oidc", "clientId": "{{CRED:Purv:clientId}}", "clientSecret": "{{CRED:Purv:secret}}", "tokenUrl": "https://login.corp/token" },
"security": { "mtls": true, "pinSha256": ["ABCD…"] },
"capabilities": ["inspect"],
"dataPolicies": { "sendRaw": true, "maxBytes": 1048576 },
"limits": { "timeoutMs": 2000, "offlinePolicy": "deny" }
}
]
}
}
}gRPC face redaction (transform)
json
{
"configuration": {
"integrations": {
"processors": [
{
"id": "grpc.faceRedact",
"type": "grpc",
"target": "facesvc.corp:8443",
"capabilities": ["transform"],
"limits": { "timeoutMs": 1500, "offlinePolicy": "skipProcessor" }
}
]
}
}
}Queue AV scan (inspect)
json
{
"configuration": {
"integrations": {
"processors": [
{
"id": "av-gateway",
"type": "queue",
"queue": "arn:aws:sqs:us-gov-west-1:123456789012:av-scan",
"capabilities": ["inspect"],
"limits": { "timeoutMs": 5000, "offlinePolicy": "deny" }
}
]
}
}
}Script-based OCR (inspect)
json
{
"configuration": {
"integrations": {
"processors": [
{
"id": "tesseract-ocr",
"type": "script",
"command": "C:/tools/tesseract.exe",
"args": ["stdin", "--oem", "1", "--psm", "3"],
"capabilities": ["inspect"],
"limits": { "timeoutMs": 2000, "offlinePolicy": "skipProcessor" }
}
]
}
}
}Using processors in rules
json
{
"configuration": {
"launch": { "runtime": { "dataMotion": {
"rules": [
{
"id": "clip-out-dlp-sanitize",
"enabled": true,
"priority": 950,
"channel": "clipboard",
"direction": "out",
"action": {
"type": "process",
"pipeline": [
{ "processorRef": "dlp-purview", "mode": "inspect" },
{ "processorRef": "builtin.htmlSanitize", "mode": "transform", "with": { "allowElements": [], "allowAttributes": [], "maxDepth": 5 } }
],
"onProcessorFailure": "deny"
}
}
]
} } }
}
}Troubleshooting
- Verify health: timeouts and offlinePolicy determine observed behavior during outages.
- Check audit records: confirm which processor ran, timings, decision, and any step-level failures.
- Validate payload limits: if maxBytes is exceeded, the step may be skipped or denied based on limits and onFailure.
