Digitorn
Digitorn
All templates
opsadvanced

Scheduled data pipeline

Runs nightly, queries your production replica with a read-only credential, summarises the day's signal, posts it to Slack. Demonstrates the credential vault for connection strings, the postgres module, and the cron trigger together.

lines 48cost ~$0.04 per runinstall hub://digitorn/data-pipeline
Install in one command
digitorn install hub://digitorn/data-pipeline
What you get
  • Daily summary of yesterday's user signal
  • Read-only Postgres credential, no write risk
  • Slack post with the headlines
  • Audit log entry for every run
Credentials this template uses

Click each one for the credential setup command, scope guidance, and provider details.

The full YAML, ready to fork

app.yaml
1app:2  app_id: data-pipeline3  name: "Scheduled data pipeline"4  version: "1.0.0"5  category: "ops"67modules:8  postgres:9    config:10      credential: { ref: prod_replica_readonly, scope: per_app_shared, provider: postgres }11      allowed_actions: [query]12  channels:13    config:14      slack:15        bot_token: { credential: slack_bot_oauth }16        post_channel: "#data-summaries"1718execution:19  mode: background20  entry_agent: pipeline21  triggers:22    - id: nightly23      type: cron24      schedule: "0 4 * * *"25      message: "Summarise yesterday's signal."26  hooks:27    - id: pipeline_audit28      "on": turn_end29      condition: { type: always }30      action:31        type: shell32        command: |33          echo '{"ts":"$(date -u +%FT%TZ)","run":"{{session.id}}"}' \34            >> /var/log/digitorn/pipeline-audit.jsonl3536agents:37  - id: pipeline38    modules: [postgres, {channels: [slack_post]}, {shell: [bash]}]39    brain:40      provider: anthropic41      model: claude-haiku-4-542      credential:43        ref: anthropic_main44        scope: per_user45        provider: anthropic46    system_prompt: |47      Query yesterday's user activity. Summarise top 3 signals.48      Post to Slack. Keep it under 250 words.

How it works

postgres credential in the vault
The connection string lives in the encrypted vault, not in the YAML. The credential block references it by ref, the runtime resolves at session start, the secret never enters the bundle.
scoped query module
The postgres module exposes only query, not insert or update. Even if the agent were prompted to mutate data, the tool surface does not allow it.
audit hook for every run
Each turn writes a row to the audit log. Useful when compliance asks 'what did the agent see in the database last Tuesday'.
Read the deep dive

How credentials work on Digitorn: an encrypted vault driven from YAML

Read article
Newsletter

Get the next post in your inbox.

Engineering notes from the Digitorn team. No marketing, no launch announcements, no "10 prompts that will change your life". Just the things we write that we'd want to read.

One-click unsubscribe. We never share your address. Powered by our own infrastructure, not a tracker.

Other templates

developerStarter coder/templates/starter-coderdeveloperClaude Code clone/templates/claude-code-cloneresearchDeep research agent/templates/deep-researchmessagingSlack helper/templates/slack-helperdeveloperPull request reviewer/templates/pr-revieweropsWeekly digest reporter/templates/weekly-digestknowledgeDocumentation generator/templates/doc-writercreativeLive React app builder/templates/react-buildermessagingVoice assistant/templates/voice-assistant