Integrations
25 integrations across three connection models. Pick the one that fits your stack — or let the setup wizard pick for you.
Tip
The setup wizard auto-scans 10+ credential sources (env, Doppler, 1Password, Dashlane, Bitwarden, Keychain, Chrome history, dotfiles, browser sessions, Claude Code settings) before asking you to paste anything. Most integrations configure themselves silently. See Privacy and Security for the full scan inventory.
flowchart TD
Root[25 Integrations] --> MCP[MCP<br/>OAuth via Claude.ai]
Root --> CLI[CLI<br/>command-line tool]
Root --> API[API key<br/>curl + token]
MCP --> M1[Linear]
MCP --> M2[Vercel]
MCP --> M3[Slack]
MCP --> M4[Gmail/Cal]
MCP --> M5[Sentry]
MCP --> M6[Telegram<br/>bundled]
CLI --> C1[gh · GitHub]
CLI --> C2[aws · AWS]
CLI --> C3[wacli · WhatsApp]
CLI --> C4[gog · Gmail send]
CLI --> C5[doppler · Secrets]
CLI --> C6[shopify · App init]
CLI --> C7[op/dcli/bw · Vaults]
API --> A1[Shopify Admin]
API --> A2[Klaviyo]
API --> A3[Meta Ads]
API --> A4[GA4]
API --> A5[Search Console]
API --> A6[ShipBob]
API --> A7[Bland AI]
API --> A8[ElevenLabs]
API --> A9[Groq]
API --> A10[Stripe]
API --> A11[RevenueCat]
API --> A12[Datadog]
API --> A13[New Relic]
API --> A14[OpenTelemetry]
classDef mcp fill:#6366f1,color:#fff,stroke:#4338ca
classDef cli fill:#22c55e,color:#fff,stroke:#15803d
classDef api fill:#f59e0b,color:#fff,stroke:#b45309
classDef root fill:#8b5cf6,color:#fff,stroke:#6d28d9
class Root root
class MCP,M1,M2,M3,M4,M5,M6 mcp
class CLI,C1,C2,C3,C4,C5,C6,C7 cli
class API,A1,A2,A3,A4,A5,A6,A7,A8,A9,A10,A11,A12,A13,A14 api
Note
Some integrations offer multiple paths (e.g., Slack via MCP or local bot token, Gmail via MCP or gog). The wizard lets you choose per integration.
| Integration | MCP | CLI tool | API key | Best path |
|---|---|---|---|---|
| GitHub | — |
gh (auto-installed) |
— | CLI only — everything requires gh
|
| AWS | — |
aws (auto-installed) |
— | CLI only — ECS, Cost Explorer, CloudWatch |
| Linear | OAuth via Claude.ai | — | — | MCP only — 12 tools cover everything |
| Vercel | OAuth via Claude.ai | — | — | MCP only — deploy status, logs |
| Slack | OAuth via Claude.ai | local bot token | — | MCP for most; token adds unlimited search |
| Gmail | OAuth (read + draft) |
gog (send + archive) |
— | CLI for autonomous send/archive |
| Google Calendar | OAuth (full CRUD) |
gog calendar events (read only) |
— | Either works for briefings |
| Sentry | OAuth via Claude.ai | sentry-cli |
— | MCP covers all current use cases |
| — | wacli |
— | CLI only — no MCP alternative exists | |
| Telegram | Bundled MCP (gram.js) | — | — | Bundled server — setup fully automated |
| Shopify | — |
shopify + ops-shopify-create
|
Admin API token | API for ops-ecom, CLI for app scaffolding |
| Klaviyo | — | — | Private API key | API key only — email campaign metrics |
| Meta Ads | — | — | Access token + ad account ID | API key only — Facebook Marketing API |
| Google Analytics 4 | — | — | Property ID + OAuth | API key for ops-marketing analytics |
| Search Console | — | — | Site URL + OAuth | API key for ops-marketing seo |
| ShipBob | — | — | Personal Access Token | API key for ops-ecom fulfillment |
| Bland AI | — | — | API key | Required for /ops:voice call
|
| ElevenLabs | — | — | API key | Required for /ops:voice tts
|
| Groq (Whisper) | — | — | API key | Required for /ops:voice transcribe
|
| Stripe | — | — |
rk_live_ / sk_live_
|
Required for /ops:revenue MRR tracking |
| RevenueCat | — | — | Secret API key + project ID | Required for mobile MRR tracking |
| Datadog | — | — | API key + App key | API key only — /ops:monitor active alerts + events |
| New Relic | — | — | User API key | API key only — /ops:monitor NerdGraph alerts + entities |
| OpenTelemetry | — | — | OTLP/HTTP endpoint | Endpoint + headers — /ops:monitor traces + metrics |
| Doppler | — |
doppler (optional) |
— | Optional secrets manager — skills query doppler secrets get
|
| 1Password / Dashlane / Bitwarden / Keychain | — |
op / dcli / bw
|
— | Optional credential vaults |
| GSD | — | auto-detected | — | Optional companion plugin |
| Type | CLI only |
| Tool |
gh — GitHub CLI |
| Auto-install | Yes (Homebrew / apt) |
| Setup |
gh auth login — auto-invoked if not authenticated |
What you get: Open PR listings with review state · CI failure logs (last 24h) · autonomous PR merge (/ops:merge) · issue triage cross-referenced with code (/ops:triage).
Important
GitHub has no MCP fallback in claude-ops — 10+ skills require gh. It is the one non-optional CLI.
| Type | CLI only |
| Tool |
aws — AWS CLI v2 |
| Auto-install | Yes |
| Setup |
aws configure or AWS_PROFILE / AWS_ACCESS_KEY_ID in env |
What you get: ECS cluster + service health · monthly AWS spend by service · 3-month cost trend · credits expiry · runway estimate. infra-monitor probes IAM per-service before reporting ECS, EC2, RDS, Lambda, S3 (flags public buckets), CloudFront, ALB/NLB, API Gateway, SQS (+ DLQ), SNS, DynamoDB, ElastiCache, Route 53, ACM, CloudWatch alarms, Budgets, IAM stale keys.
| Type | MCP (primary) or sentry-cli (fallback) |
| MCP | OAuth via Claude.ai — 6 tools |
| Setup | /ops:setup mcp |
What you get: Issue search · issue detail · project + org lookup · whoami.
| Type | MCP only |
| MCP | OAuth via Claude.ai |
| Setup | /ops:setup mcp |
What you get: Project list · deployments · build logs · runtime logs. Deploys run via GitHub Actions, not directly through the MCP.
| Type | CLI only |
| Tool | wacli |
| Auto-install | No — manual (see wacli) |
| Setup |
/ops:setup channels → wacli auth (QR pairing) |
What you get: Personal-account WhatsApp access via WhatsApp Web protocol. The ops-daemon keeps wacli connected persistently; a PreToolUse hook pre-flights every WhatsApp call against ~/.wacli/.health.
Warning
wacli auth is the only Rule 2 exception — it genuinely requires a phone camera pointed at the terminal. Every other OAuth flow runs via Bash in the background.
| Type | Bundled MCP server (gram.js MTProto) |
| Auth | Personal account (not bot) |
| Tools |
list_dialogs, get_messages, send_message, search_messages
|
| Setup |
/ops:setup telegram — fully automated |
What you get: Personal-account DMs (Bot API can't read DMs). bin/ops-telegram-autolink.mjs handles my.telegram.org app creation, session generation, and keychain storage. Credentials auto-write to .mcp.json — no manual paste.
| Type | MCP (primary) and/or local bot token (extended) |
| Tool |
bin/ops-slack-autolink.mjs for token extraction |
| Setup | /ops:setup channels |
What you get: MCP covers most use cases. The local bot token path adds unlimited search and private channels without requiring bot membership. The autolink script scouts ~/.claude.json, env, Keychain, shell profiles, and Doppler before falling back to Playwright.
| Type | MCP (read + draft) or gog CLI (send + archive) |
| CLI |
gog — public steipete/gogcli (as of v1.1.0); cross-OS install table below |
| Setup |
/ops:setup channels → Email |
What you get: MCP reads threads + creates drafts. gog enables autonomous /ops:inbox email with send + archive, plus multi-account (-a account@example.com). Calendar shares the same OAuth scope.
Cross-OS install:
| OS | Install |
|---|---|
| macOS (Homebrew) | brew install steipete/tap/gogcli |
| Linux (script) | curl -fsSL https://raw.githubusercontent.com/steipete/gogcli/main/install.sh | sh |
| Windows (Scoop) | scoop bucket add steipete https://github.com/steipete/scoop-bucket && scoop install gogcli |
| Manual | go install github.com/steipete/gogcli@latest |
Note
Command names changed in v1.1.0: gog auth login → gog auth add, and gog cal → gog calendar events. The setup wizard uses the new commands automatically.
| Type | API key (primary) + CLI (scaffolding) |
| Keys |
shopify_store_url, shopify_admin_token
|
| CLI |
shopify (Homebrew) + bundled bin/ops-shopify-create
|
| Setup |
/ops:setup shopify or /ops:ecom setup
|
What you get: Orders, inventory, fulfillment, analytics via Admin REST/GraphQL API. ops-shopify-create scaffolds apps non-interactively — device-code OAuth via expect, Partners API org lookup, auto client-ID injection. Ships with templates/shopify-admin-app/ (Remix + all admin scopes).
| Type | API key |
| Key |
shipbob_access_token (Personal Access Token) |
| Setup |
/ops:setup ecom → ShipBob |
What you get: Shipping status, FC inventory, order tracking for /ops:ecom fulfillment.
| Type | API key |
| Key |
klaviyo_private_key (starts with pk_ or ck_) |
| Setup |
/ops:setup marketing → Klaviyo |
What you get: Campaign performance · list health · open rates · flow analytics for /ops:marketing email.
| Type | API key |
| Keys |
meta_ads_token + meta_ad_account_id
|
| Setup |
/ops:setup marketing → Meta Ads |
What you get: FB/IG ads spend, ROAS, campaign performance via Marketing API for /ops:marketing ads.
| Type | API key |
| Key | ga4_property_id |
| Setup |
/ops:setup marketing → GA4 |
What you get: Organic traffic · conversions · channel performance for /ops:marketing analytics.
| Type | API key |
| Key |
google_search_console_site (e.g. https://example.com) |
| Setup |
/ops:setup marketing → Search Console |
What you get: Organic impressions · clicks · top queries for /ops:marketing seo.
Note
Added in v0.8.0. /ops:revenue now tracks actual revenue (Stripe + RevenueCat) alongside AWS costs. Before v0.8.0, /ops:revenue showed cost-only data.
| Type | API key |
| Key |
stripe_secret_key (prefer rk_live_ restricted read-only) |
| Setup |
/ops:setup revenue → Stripe |
What you get: Charges · subscriptions → MRR · balance · open invoices · disputes · churn for /ops:revenue.
Tip
Use a restricted key (rk_live_…) with read-only scopes for dashboards. Full secret keys (sk_live_…) are overkill and risk accidental charges if leaked.
| Type | API key |
| Keys |
revenuecat_api_key (starts with sk_) + revenuecat_project_id
|
| Setup |
/ops:setup revenue → RevenueCat |
What you get: Mobile subscription MRR · active subs · churn. Merged into /ops:revenue alongside Stripe.
Warning
Public SDK keys (appl_…, goog_…) won't work for dashboards — they're for client apps only. Use the secret API key from the project settings page.
| Type | API key |
| Key | bland_ai_api_key |
| Setup |
/ops:setup voice → Bland AI |
What you get: Outbound phone calls via Bland's voice agent platform for /ops:voice call.
| Type | API key |
| Key | elevenlabs_api_key |
| Setup |
/ops:setup voice → ElevenLabs |
What you get: Text-to-speech generation for /ops:voice tts.
| Type | API key |
| Key | groq_api_key |
| Setup |
/ops:setup voice → Groq |
What you get: Audio-to-text transcription via Whisper on Groq's fast inference for /ops:voice transcribe.
Note
Added in v1.0.0. /ops:monitor now gives you a single APM surface across Datadog, New Relic, and OpenTelemetry. The lightweight monitor-agent (Haiku 4.5) polls each configured backend and returns active alerts, error traces, and entity health as structured JSON.
| Type | API key |
| Keys |
datadog_api_key + datadog_app_key (both required) |
| Setup |
/ops:monitor --setup or /ops:setup monitor
|
What you get: Active monitors with their state, event stream for the last N minutes, recent Datadog alerts for /ops:monitor and /ops:monitor --watch.
Tip
Use a scoped App Key with only read permission on monitors + events — the agent is read-only.
| Type | API key |
| Key | newrelic_user_api_key |
| Setup |
/ops:monitor --setup or /ops:setup monitor
|
What you get: NerdGraph alert conditions, active incidents, entity health, recent violations for /ops:monitor.
Important
Use a User API key, not an Ingest key or Browser key — NerdGraph requires User-level auth for reads.
| Type | OTLP endpoint (HTTP) |
| Config |
otel_endpoint (URL) + optional otel_headers (for auth) |
| Setup |
/ops:monitor --setup or /ops:setup monitor
|
What you get: Recent traces + metrics from any OTLP/HTTP-compatible collector (Grafana Tempo, Honeycomb, Jaeger, SigNoz, self-hosted). Read-only — monitor-agent never pushes.
| Type | CLI (optional) |
| Tool | doppler |
| Setup | /ops:setup doppler |
What you get: Central secrets vault. Every skill resolves secrets via doppler secrets get <KEY> --plain. Supports doppler:KEY_NAME reference tokens so secrets never leave the vault.
| Type | CLI (optional) |
| Supported | 1Password (op), Dashlane (dcli), Bitwarden (bw), macOS Keychain (security) |
| Setup | /ops:setup secrets |
What you get: Universal credential auto-scan queries every configured vault before asking you to paste. Per Rule 3, if auto-scan comes up empty you're always given an explicit [Paste manually] / [Deep hunt] / [Skip] choice.
| Type | Auto-detected companion plugin |
| Required | No — claude-ops degrades gracefully |
| Setup | /ops:setup plugins |
What you get: When installed, dashboards show active GSD phase, progress %, and next actions per project.
/plugin marketplace add gsd-build/get-shit-done
/plugin install gsd@gsd-build-get-shit-done- Getting Started — the install flow end-to-end
- Privacy and Security — where credentials are scanned (and what's never touched)
- Troubleshooting — per-integration fixes
- Skills Reference — every skill's arguments