# Quickstart for Automation Engineers ## What this is This quickstart is the fastest path to a production-ready first Protege for an engineer owning internal automation inside a company. ## When to use it Use this path if you care about safe rollout, least privilege, observability, and operational clarity from the start. ## What you need first * A Hookshot workspace * Permission to connect apps and manage Proteges * Access to the source system and destination system for your workflow * A workflow with a clear source, scope, and expected outcome {% hint style="info" %} **Engineer note:** Keep the first rollout scoped to one team, project, repo, channel, or equivalent boundary. Narrow scope is the easiest control for reducing blast radius. {% endhint %} ## Steps ### 1. Define the operating boundary Write these down before you build: * Source system * Exact trigger condition * Output destination * Allowed actions * Owner of the automation * Fast rollback method ### 2. Connect integrations with least privilege 1. Open **Integrations**. 2. Connect only the apps required for the workflow. 3. Review **Trigger Access** for what can start the Protege. 4. Review **Tool Access** for what the Protege can do. 5. Prefer the smallest connection scope that still satisfies the workflow. ### 3. Create the Protege with explicit constraints Your description should include: * What starts it * What it decides * What it produces * What it must never do * The narrowest practical project, repo, channel, or team scope ### 4. Resolve readiness blockers before enabling Confirm: * Connection health is good * Trigger source is live and mapped correctly * Tool access matches the expected actions * No blocker remains in setup ### 5. Run a controlled test Use a known-safe live event or schedule window. Then validate: * Event Feed receives the event * The intended Protege is associated with it * Audit shows the corresponding run * The outcome is correct and limited to the intended scope ### 6. Prepare rollback Before broad rollout, document: * How to disable the Protege * Which integration might need repair if behavior changes * Which team should review future changes ## How to verify ### You’re done when... * The integration scope is as narrow as practical * Trigger Access and Tool Access both match the workflow * Event Feed shows the expected event path * Audit confirms the run and result * You can explain how to pause the Protege if needed ## Common failures * Connections are valid but overscoped * Trigger source is connected to the wrong workspace or resource * Event Feed shows an event but the Protege is `unevaluated` or `skipped` * Audit shows a run, but the output is broader than intended ## Next step * [Safe rollout](/event-feed/safe-rollout.md) * [Security and permissions](/workspace-settings/security-and-permissions.md) * [Troubleshooting](/event-feed/troubleshooting.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.tryprotege.com/overview/quickstart-engineer.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.