The working environment touches roughly 60 distinct third-party services across eight categories. The largest concentration is AI providers (12 services) and marketing data sources (10+ platforms, including four Google Ads MCCs). One open security item: an OpenAI key abuse incident on 2026-05-15 remains under root-cause review.
These are the third-party integrations connected through Anthropic's Claude.ai platform. They authenticate via OAuth on a per-user basis. IT should treat each as a SaaS-to-SaaS connection with delegated access to the underlying service.
| Service | Purpose | Status | Data accessed |
|---|---|---|---|
| Canva | Brand templates, design generation, asset export | Active | Designs, brand kits, folders, assets |
| Coupler.io | Data integration platform; reads pipeline output and runs SQL | Active | Connected datasets, dataflows, credentials |
| Gmail | Email read, search, draft creation, label management | Active | Inbox, threads, drafts, labels |
| Google Calendar | Event creation, scheduling, free/busy | Active | Calendars, events, invitees |
| Google Drive | File access (authentication only, not fully provisioned) | Auth only | Pending sign-in |
| Granola | Meeting transcripts and notes | Active | Meetings, transcripts, folders. Per-user encrypted tokens. |
| Microsoft 365 | Outlook, Teams, OneDrive (authentication only) | Auth only | Pending sign-in |
| Notion | Workspace search, page creation, database queries, comments | Active | Pages, databases, users, teams |
| Pencil | Local .pen design file editor (runs locally, not SaaS) | Active | Local files only |
| Railway | Infrastructure management CLI (project, services, deploys) | Active | Workspaces, projects, services, logs, env vars |
Direct API keys consumed by SGA and BetterFaith applications. Most are routed through the Council of Experts skill or embedded in agentic workflows. Anthropic is the primary provider; the rest are used for multi-model consensus or specialty tasks.
| Provider | Used for | Status |
|---|---|---|
| Anthropic (Claude API) | Primary LLM, agentic workflows, Council Chair, asset-registry interviewer | Active |
| OpenAI (GPT-5) | Council of Experts member | Key rotated 2026-05-15 after abuse incident |
| Google Gemini | Council of Experts member | Active |
| xAI Grok | Council of Experts member | Active |
| Fireworks AI | Council of Experts (hosts DeepSeek, Kimi via Fireworks) | Active |
| DeepSeek | Council of Experts member (via Fireworks) | Active |
| Moonshot Kimi | Council of Experts member (via Fireworks) | Active |
| Fal.ai (Flux) | Photoreal image generation for brand templates | Provisioned, optional in code |
| Firecrawl | Web scraping, crawling, structured extraction | Active CLI |
| Promo Republic / Gen4Engage MCP | Social posting, analytics, inbox, AI content (OAuth + DCR) | Active |
| Zernio | Social distribution API (may be displaced by Gen4Engage) | Referenced |
| Anthropic SDK (Managed Agents) | Code-side prompt caching, tool use, file handling | Active |
| Service | Purpose | Status |
|---|---|---|
| Railway | Primary app hosting: sga3p.com root + 5 subdomains, asset-registry, marketing-ingest, intranet API | Active |
| Cloudflare | DNS (DNS-only mode for Railway), Pages (memo sites, attribution flow, calculators), Workers (password gates) | Active (two accounts: MODIS and Chasebowers) |
| Vercel | BetterFaith docs site, Dakota personal site | Active |
| AWS S3 | Asset storage for sga-intranet (sga-assets-dev bucket) | Provisioned in env, dev uses local storage |
| AWS CloudFront | CDN in front of S3 | Configured in env |
| AWS SES | Transactional email (alternative to Resend) | Referenced, not active |
| GitHub | Source control for all repos (SGA, BF, sga-intranet, personal site) | Active |
| Clerk | Auth provider on BetterFaith docs (witty-aphid-61.accounts.dev) | Active |
Sources feeding the marketing data warehouse (planned Postgres + ClickHouse + Temporal stack, surfaced to Power BI). Google Ads is the first integration, with four separate MCC accounts.
| Platform | Account or scope | Status |
|---|---|---|
| Google Ads | Gen4 MCC, Modis MCC, LookSee MCC, agency MCC (no unified SGA MCC yet) | Active, multi-MCC |
| GoHighLevel (GHL) | Agency-level token with sub-account access; per-call locationId routing | Active in marketing-ingest |
| Google Business Profile | Per-practice profiles, Maps Ads, Local Service Ads | Active per practice |
| Meta Business Manager | Per-practice + champion model; managed centrally by Korrine | Active |
| Frame.io | Brand library asset browser (Adobe) | Referenced in env |
| Promo Republic (Gen4Engage) | Social posting + analytics; candidate Content Engine backend | Active |
| Zernio Social API | Social distribution (legacy; may be replaced by Gen4Engage) | Referenced |
| TIE (The Implant Engine) | Full-arch paid media agency for Innovative Dental Springfield | Active vendor |
| Power BI | Marketing warehouse output surface | Planned Q2 deliverable |
| Squirrelscan | Site audit CLI used by /audit-website skill | Active CLI |
| Service | Purpose | Status |
|---|---|---|
| Microsoft 365 | Email, Teams, OneDrive (primary work account: pdakotamilner@modisdental.com via OneDrive sync) | Active |
| Google Workspace | Personal Gmail + Calendar (pdakotamilner@gmail.com), used by Claude connectors | Active |
| Notion | Workspace for BetterFaith, SGA shared docs | Active (Internal API token in use) |
| Granola | Meeting transcription, notes (strictly per-user encrypted tokens) | Active |
| Obsidian (CLAUDE OS) | Local-first knowledge vault; cross-session memory for Claude | Active (local) |
| VS Code + Claude Code | Primary IDE; native Claude Code extension for AI-assisted work | Active |
| GitHub CLI (gh) | PR management, deploy triggers | Active |
| Wrangler (Cloudflare CLI) | Cloudflare Pages and Workers deploys | Active |
| ntfy.sh | Push notifications for Claude Code hooks (sga-claude topic) | Active |
| Clime CLI | Tool discovery (CLI search engine) | Active |
Internal stack used by sga-intranet (asset-registry, marketing-ingest, content engine). Not third-party SaaS per se, but worth listing for IT awareness around hosting, secrets, and access.
| Component | Role | Status |
|---|---|---|
| PostgreSQL | Operational database (Railway-hosted) | Active |
| ClickHouse | Analytics warehouse (planned Q2) | Planned |
| Temporal | Workflow orchestration for ingest jobs | Planned |
| Kafka / KafkaJS | Event streaming between services | Stubbed in dev; planned for prod |
| Drizzle ORM | Type-safe Postgres access in Node services | Active |
| PGlite | Embedded Postgres for local dev (no Docker required) | Active in dev |
| Fastify | HTTP framework for SGA services | Active |
BetterFaith is Dakota's personal venture. Listed here because it shares Dakota's workstation and some credentials surface in the same .env files. IT should treat it as a separate trust boundary.
| Service | Purpose |
|---|---|
| CFC eHealth | Liability insurance carrier (v4.0 quote $4,520/yr). Binding constraints: no minors, no conversion therapy. |
| Cloudflare Pages | memo.betterfaith.co (investor memo), docs.betterfaith.co (internal) |
| Vercel | BetterFaith docs site hosting |
| Clerk | Auth provider on docs.betterfaith.co |
| Notion | BetterFaith workspace + Internal API integration |
| Counselor recruiting sources | ACBC, CCEF, IABC, AABC, BCC (663 candidates tiered for outreach) |
Not technical integrations but listed for completeness, as the cosmetic-dental and full-arch audits reference these by name and IT may field questions about embedding their widgets on practice sites.
| Partner | Use case |
|---|---|
| CareCredit | Patient financing (general dental) |
| Sunbit | Patient financing (point-of-sale) |
| Cherry | Patient financing (cosmetic + elective) |
| LendingClub | Patient financing (large cases, full-arch) |