What we've shipped.

🛡 Compliance integration for Reverse ETL

• RUN_SALESFORCE_SYNC and RUN_HUBSPOT_SYNC now go through ENFORCE_POLICY_OR_NULL — the same helper that already gates email, Slack, SFTP, and file unloads
• Policy verdicts: BLOCK halts the sync, REQUIRE_APPROVAL enqueues for the compliance team, FORCE_MASK rewrites the source query through the masking proc, WARN_ONLY appends a warning to the success message
• Policy enforcement happens before the network call to Salesforce / HubSpot — saves your API quota and rate-limit budget on blocked runs
• Destination types added to the audit and policy lookup: REVETL_SALESFORCE, REVETL_HUBSPOT
• Customers must re-run INITIALIZE_SALESFORCE / INITIALIZE_HUBSPOT to pick up the new bodies after upgrading

Permalink to v2.2.11 →

v2.2.10 — 🟧 HubSpot connector

• New connector: HubSpot via Private App access tokens — setup is ~3 clicks in HubSpot Settings → Integrations → Private Apps, grant CRM scopes, copy token
• /account-info/v3/details for test connection
• /crm/v3/properties/{type} for schema discovery
• /crm/v3/objects/{type}/batch/upsert for syncs (100 records/batch)
• /crm/v3/objects/{type}/search for post-run reconciliation
• Same state-fingerprint cache, rate-limit retry, and COMPLIANCE_AUDIT trail as the Salesforce connector

v2.2.6 – v2.2.9 — 🔄 Salesforce hardening + reconciliation + UI polish

• Salesforce reconciliation — post-run SOQL COUNT compared to source rows synced
• COMPLIANCE_AUDIT integration for Reverse ETL runs
• Sidebar nav reorganized; brand consolidation into single footer
• Fixed SQL internal error 300016 in "Your syncs" list (rewrote with CTE + ROW_NUMBER vs correlated subqueries)
• Logo centered in sidebar footer

v2.2.3 – v2.2.5 — 🔄 Salesforce upsert + field mapping ship

• Salesforce JWT Bearer auth with admin-pre-approved External Client Apps (no browser consent loop)
• Composite-API upsert: 200 records/batch with external ID match field
• Field mapping UI: drag source columns onto destination fields, with required/default semantics
• Schema discovery via Salesforce DESCRIBE — see real fields, no doc hunting
• State fingerprint cache (SHA-256 over record properties, MERGE into REVETL_SYNC_STATE) — skips unchanged records on subsequent runs
• Rate-limit retry with Retry-After header honored, exponential backoff fallback
• Token caching in REVETL_SF_TOKEN_CACHE — fewer JWT signing operations

v2.2.0 – v2.2.2 — 🚀 Reverse ETL foundation

• New top-level Reverse ETL page in the app
• 5 backend tables: REVETL_CONNECTORS, REVETL_SYNC_CONFIG, REVETL_FIELD_MAPPINGS, REVETL_SYNC_RUNS, REVETL_SYNC_STATE
• Salesforce External Client App setup wizard
• Fixed ALTER TABLE on COMPLIANCE_AUDIT re-execution that tripped Snowflake's ambiguous-column check (removed redundant DEFAULT clause)

Permalink to v2.2 →

v2.1.6 — 📊 Audit log extensions

• COMPLIANCE_AUDIT gains 5 new first-class columns: COMPLIANCE_MODE, IS_BLOCKED, APPROVAL_ID, APPROVAL_STATUS, POLICY_VERDICT_JSON
• Filter / aggregate on blocked exports without JSON parsing
• New filter row in the Reports sub-tab: compliance mode + "Only blocked" toggle
• New status values: BLOCKED, PENDING_APPROVAL, APPROVED_AUTORESUME

v2.1.5 — ⏸ Approval workflow

• New top-level Approvals page
• Policies tagged REQUIRE_APPROVAL now route to a queue instead of blocking
• Auto-resume: re-submitting a previously-approved export ships without re-asking
• 48-hour expiration on approval requests

v2.1.4 — 🛡 Policy enforcement on all 9 delivery surfaces

• BLOCK / REQUIRE_APPROVAL / REQUIRE_MASKING now apply across email body, email link, Slack, Teams, webhook, SFTP, file unload, PDF render, XLSX render
• New ENFORCE_POLICY_OR_NULL helper centralizes the (mode × policy) decision

v2.1.3 — 🛡 SEND_MAIL policy enforcement

• First delivery surface (email body) now honors compliance mode + active policies
• ENFORCE mode actually blocks; WARN_ONLY records the verdict in audit; OFF preserves v2.0 behavior

v2.1.2 — 🎛 Compliance mode + wizard preflight

• New Compliance Mode card in Settings → Compliance: OFF / WARN_ONLY / ENFORCE
• New preflight banner in the export wizard previews per-destination policy verdicts

v2.1.1 — 📋 Policies CRUD UI

• Manage destination policies in Settings → Compliance → Policies sub-tab
• Filter / toggle 12 seeded policies, add custom policies

v2.1.0 — 🏛 Policy gate foundation

• DESTINATION_POLICY table with 12 seeded best-practice policies (all inactive by default)
• CHECK_DESTINATION_POLICY proc evaluates (query × destination) verdicts

Permalink to v2.1 →

Automatic sensitive-data detection

• 45 built-in rules covering PII (names, addresses, phone numbers, SSNs), PCI (card numbers, CVVs), PHI (medical IDs, diagnosis codes), and credentials (API keys, access tokens, password hashes)
• Extendable with custom patterns — register your own column-name patterns or regex content rules in Settings → 🛡️ Compliance → Detection rules
• Detected matches surface in the Create Data Export wizard before the export runs, so you see exactly what will be masked and can override per-column

Mask-by-default transforms

• Last-4 only for credit card numbers and account numbers (4111-1111-1111-1111 → ****1111)
• Redaction for names and free-text identifiers (John Smith → █████ ████)
• Hashing (SHA-256) for medical IDs and other reference identifiers — preserves equality joins downstream while removing the plaintext
• Domain-only for email addresses ([email protected] → @acme.com)

Compliance audit log

• Who exported (the Snowflake user and the SnowExporter role)
• What — columns selected, row count, masking applied per column
• To where — channel, destination identifier, recipient or endpoint
• With what masking — every column's resolved masking transform

v2.0 runs on Snowflake Standard edition. All data and processing stay inside the customer's Snowflake account.

Permalink to v2.0 →

How it works

Cortex (currently mistral-large) extracts and returns:

• The SQL query, using only the tables in the database and schema you selected
• The schedule as a cron expression plus an IANA timezone string
• The delivery mode — email body, email link, Slack, Teams, or file destination
• The recipients and destination, matched against your configured channels and destinations

The wizard pre-fills the SQL and shows a recap card with the suggested schedule and delivery. You review every field before clicking Schedule. Nothing is auto-submitted; you can edit anything.

Different from Snowsight Copilot

Snowsight Copilot writes SQL. SnowExporter's AI writes the SQL plus extracts the cron expression, timezone, delivery channel, recipients, and destination — turning a one-sentence ask into a complete scheduled export, not just a query you still have to wire up by hand.

Requirements & access

• Snowflake Cortex must be enabled on your account (paid Snowflake accounts; not most trial accounts). On accounts without Cortex, the AI panel renders an explainer and the manual wizard works normally.
• SnowExporter Pro or Trial only. Free-plan users see an upgrade card in place of the input.
• Your data never leaves your Snowflake account. Cortex runs server-side inside Snowflake, just like the rest of SnowExporter.

What's unchanged

• Same three account-level privileges requested
• Per-destination role enforcement remains policy-only; runtime enforcement on the roadmap
• Email body delivery still capped at 50 rows per send
• App state still in backend_schema, survives snow app upgrade
• Slack, Teams, and email channels from v1.2 continue to work exactly as configured

Permalink to v1.3 →

New delivery modes

💬 Slack — channel message. Pick a Slack channel as an export destination. Results render as a monospace table directly in the channel (up to 10 rows + summary). Optional downloadable file attached via a 24-hour presigned link for larger results.

💬 Microsoft Teams — channel message. Same shape using Teams MessageCards. File attachments render as a clickable Download button.

Settings reorganized

• Email recipients, Slack channels, and Teams channels now all live under a single 📣 Notifications tab with sub-tabs for each channel type.
• Every channel integration carries optional Business Contact and Description fields so admins can document who owns each endpoint.
• One-click Test button next to every channel.

Bug fixes worth calling out

Encrypted-garbage downloads fixed. Internal stages must be created with ENCRYPTION = (TYPE = 'SNOWFLAKE_SSE') for presigned download links to return readable files. Snowflake's default encryption returns raw encrypted bytes through presigned URLs. The in-app setup helper and the README now both require it.

Multi-line Slack and Teams messages no longer dropped silently. Fixed the webhook integration body template so messages with newlines deliver intact.

GZIP default flipped to OFF for file attachments. Default-on was producing .csv.gz files that chat-app previews mishandled. A ⚠️ warning appears when GZIP is toggled back on for chat-mode file attachments.

Silent-failure bug fixed. Scheduled-run failures that previously looked like successes in the audit log now correctly surface as failures with the actual error message attached.

Permalink to v1.2 →

• Wizard query previews render faster.
• Scheduled-task startup latency reduced.
• Destinations page loads faster with many entries.
• Minor UI polish across Home, Logs, and Settings.

Permalink to v1.1 →

Delivery modes

• Email in the body — up to 50 rows (Snowflake's SYSTEM$SEND_EMAIL cap)
• Email with presigned download link to a file written to an internal stage
• File write to an internal stage or AWS S3 / GCP GCS / Azure Blob

File formats & options

• CSV (default) or JSON
• Optional GZIP compression
• Optional timestamp suffix on the file name
• Partitioned or single-file output (follows Snowflake's COPY INTO rules)

Scheduling

• Cron-based schedules for any export type
• Timezone configurable in Settings → Timezone
• Pause / resume / delete from the Scheduled Exports page

Destinations

• Multi-destination support — define as many as you need
• Per-destination enable / disable
• Per-destination Description and Business Contact metadata
• Per-destination "allowed roles" policy, recorded in UI (runtime enforcement on the roadmap)

Application roles

• app_admin — full access
• app_analyst — limited / consumer access, granted as a sub-role of app_admin
• Per-user role provisioning helper in Settings → Users

Observability

• Activity dashboard on the Home page
• Full audit log on the Logs page
• Per-query actual compute credits from ACCOUNT_USAGE.QUERY_ATTRIBUTION_HISTORY

Privileges requested (only three)

• IMPORTED PRIVILEGES ON SNOWFLAKE DB — to read compute attribution
• EXECUTE TASK — for scheduled exports
• EXECUTE MANAGED TASK — for serverless scheduled exports

The app does not request CREATE DATABASE, MANAGE WAREHOUSES, or any privileges it does not use.

Known limitations in v1.0

• Email body delivery: ≤50 rows per send
• Email recipients: verified Snowflake user emails only
• Per-destination role enforcement: policy-only; runtime enforcement on the roadmap
• File size: follows Snowflake's COPY INTO limits

Permalink to v1.0 →