ceven

Sanity

Syncs structured content and user permissions between your CMS and external apps, manages editor access levels, and automates content screening via GROQ queries.

Try Sanity in Ceven

Ask Ceven anything
Standard

Why use Ceven?

  1. AI native Sanity integration

    • Describe the outcome and Ceven picks the right Sanity calls, fills the parameters, and checks the result.
    • Structured, agent friendly tool schemas so each call runs reliably instead of by guesswork.
    • Rich coverage for reading, writing, and querying your Sanity data, across all 16 of its actions.

  2. Managed auth

    • Built in OAuth with automatic token refresh and rotation.
    • One place to manage, scope, and revoke Sanity access.
    • Per user and per environment credentials instead of shared keys.

  3. Agent optimized design

    • Actions are tuned from real success and error rates so reliability climbs over time.
    • Full execution logs so you always know what ran in Sanity, when, and on whose behalf.
    • The agent pauses and asks when Sanity is unclear instead of plowing ahead.

  4. Enterprise grade security

    • Fine grained access so you control which agents and people can reach Sanity.
    • Least privilege by default, read scopes first and only the writes a workflow needs.
    • A full audit trail of every Sanity action to support review and sign off.

Supported tools

Every action Ceven's agents can run on Sanity, and when to use it.

Add default role
Use this when you need to assign the organization default role to all existing users in a specific organization.
Create attribute definition
Define a custom attribute like customer tier or subscription level that can be attached to resources.
Create prompt post
Send a stateless one shot prompt to the Sanity Content Agent for simple single turn interactions.
Delete attribute definition
Remove a custom attribute definition from an organization or project to clean up the schema.
Delete user attributes
Remove specific custom attributes from a user account within an organization.
Get invite by token
Fetch details about an invite using the public token shared with the invitee.
Get organization role
Retrieve a specific organization role by ID to check permissions and titles.
Get permission
Retrieve details about a particular permission including its actions and scope for a resource.
Get robots
Pull a list of service accounts that have been granted access to a specific resource.
Get role
Fetch details about a role for a given resource type and resource ID.
List resource users
Pull all users of a resource and their assigned roles with pagination support.
List organization roles
Retrieve all available roles that can be assigned to users within a specific organization.
List user attributes
Pull roles and custom properties associated with a specific user in an organization.
Query screening documents
Execute a GROQ query to fetch all screening documents from the Sanity HTTP API.
Update organization ACL
Assign or modify a role for a member in a Sanity organization.
Update attribute values
Set or update custom attribute values for a user within an organization or project.
Add Default Role to Users
Apply organization default role to all users. Use when you need to assign the organization's default role to all existing users in the organization. Requires the resource ID of the organization.
Delete User Attribute Definition
Delete a user attribute definition. Use when you need to remove a custom attribute definition from an organization or project in Sanity. The attribute definition controls how user attributes are structured and validated for a given resource
Query All Screening
Execute a GROQ query to fetch all screening documents from Sanity. Uses the Sanity HTTP query API endpoint. Default query retrieves all documents of type 'screening'. Supports optional query parameters for dynamic queries.
Update User Attributes Values
Update user attribute values for a resource. Use this action to set or update custom attributes for a user within an organization or project. When setting a value for an attribute key that also exists in SAML, the Sanity value will take pre

20 actions · scroll to see them all

Frequently asked questions

Ceven operates using the permissions granted to the connected account or service account token. When the agent performs an action like updating an organization ACL, it does so under the security context of the authenticated user. If the connected user does not have administrative rights to modify roles, the Sanity API will return a forbidden error which Ceven surface as a permission gap. This ensures that the agent cannot escalate its own privileges or modify roles that the human administrator could not change manually in the Sanity dashboard. All permission changes are logged in the workflow history for full auditability.
Ceven can execute GROQ queries via the Sanity HTTP API endpoint. This allows the agent to perform complex filtering and joining of documents that standard REST endpoints cannot handle. For example, you can ask the agent to find all documents of a certain type that lack a specific reference. However, the agent is subject to the same query complexity and timeout limits imposed by Sanity. If a query is too broad or inefficient, the API may kill the request to protect cluster performance. We recommend using specific filters to keep response times fast.
Sanity imposes rate limits on its API to ensure stability across its multi tenant architecture. If a Ceven workflow triggers a massive loop of attribute updates or rapid fire GROQ queries, you may encounter a 429 Too Many Requests error. Ceven handles this by implementing an exponential backoff strategy, meaning the agent will automatically pause and retry the request after a short delay. For very high volume migrations, we suggest batching updates into larger requests where possible to avoid hitting these thresholds and to ensure your content pipeline remains fluid.
The prompt post tool allows Ceven to send a single turn interaction to the Sanity Content Agent. This is a stateless call, meaning the agent does not remember previous messages in that specific thread. It is designed for quick tasks like summarizing a document or generating a title based on content. Because there is no message persistence, each request must contain all the necessary context. This makes it ideal for automating metadata generation or content auditing where you need a quick answer without the overhead of managing a long conversation history.
Yes. Ceven can retrieve the list of robots and service accounts that have access to your resources. This is particularly useful for security audits where you need to ensure that old CI CD pipelines or deprecated third party tools no longer have write access to your content. While the agent can read the robot list and their assigned roles, creating new robots usually requires a secure token generation process that happens within the Sanity project settings. Once a robot is created, Ceven can help manage the roles assigned to that robot via the ACL tools.
Custom user attributes allow you to store project specific data on a user record, such as a department name or a clearance level. Ceven can both define these attributes and update their values. First, the agent uses the create attribute definition tool to establish the key. Once the key exists, the agent can assign values to that key for individual users. This is powerful for building dynamic permission logic where the agent checks a user attribute before allowing a workflow to proceed with a sensitive content publication or a bulk deletion.
Yes. When listing resource users, Sanity uses a cursor based pagination system to handle large datasets. Ceven is designed to handle this automatically. If your project has thousands of users, the agent will follow the cursor through multiple API calls to ensure the full list is retrieved before performing an analysis or a bulk update. You will see the agent iterating through the pages in the workflow logs, ensuring no user is missed during a role audit or a bulk attribute update across the entire organization.
Absolutely. You can build a workflow where an external trigger, such as a new row in a Google Sheet or a new user in Okta, prompts Ceven to interact with Sanity. The agent can check if the user exists, assign them to the organization, apply the default role, and set specific custom attributes based on their job title. This eliminates the need for a developer to manually invite every new team member and assign permissions, making the content operations process much more scalable for growing teams with high turnover or frequent contractor rotations.

Alternatives to Sanity

Other tools that solve a similar problem. Ceven supports these too, so you can switch or run more than one at once.

Contentful logoContentfulStrapi logoStrapiHygraph logoHygraph

Try Ceven on your stack

Plug Ceven on top of the tools you already run. Connect Sanity and the rest of your stack, describe the outcome, and its agents handle the work end to end, days of it in minutes.

Get started for free