@grc-claw/integration-marketplace 0.8.0

package/dist/IntegrationMarketplace.d.ts

@@ -0,0 +1,32 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCategory, ComplianceFramework, MarketplaceStats } from "./types.js";
+export interface CollectionJob {
+    id: string;
+    connectorId: string;
+    startedAt: string;
+    completedAt?: string;
+    status: "running" | "completed" | "failed";
+    artifacts: EvidenceArtifact[];
+    error?: string;
+}
+export declare class IntegrationMarketplace {
+    private registrations;
+    private configs;
+    private jobs;
+    constructor();
+    private registerBuiltinConnectors;
+    registerConnector(connector: IntegrationConnector): void;
+    unregisterConnector(connectorId: string): boolean;
+    enableConnector(connectorId: string): void;
+    disableConnector(connectorId: string): void;
+    setConfig(connectorId: string, config: ConnectorConfig): void;
+    getConnector(connectorId: string): IntegrationConnector | undefined;
+    getEnabledConnectors(): IntegrationConnector[];
+    getConnectorsByCategory(category: IntegrationCategory): IntegrationConnector[];
+    getConnectorsByFramework(framework: ComplianceFramework): IntegrationConnector[];
+    testAllConnections(): Promise<Map<string, boolean>>;
+    collectFromConnector(connectorId: string): Promise<CollectionJob>;
+    collectAll(): Promise<CollectionJob[]>;
+    getStats(): MarketplaceStats;
+    getJobs(): CollectionJob[];
+    getRecentJobs(limit?: number): CollectionJob[];
+}

package/dist/IntegrationMarketplace.js

@@ -0,0 +1,319 @@
+import { GitHubConnector, GitLabConnector, AWSIAMConnector, AWSS3Connector, AWSCloudTrailConnector, AzureADConnector, AzureSentinelConnector, GCPIAMConnector, GCPSCCConnector, OktaConnector, JiraConnector, SlackConnector, PagerDutyConnector, SnowflakeConnector, DatadogConnector, CrowdStrikeConnector, QualysConnector, SnykConnector, TerraformCloudConnector, GitHubActionsConnector, DockerHubConnector, KubernetesConnector, SalesforceConnector, HubSpotConnector, BambooHRConnector, CrowdStrikeFalconConnector, ServiceNowConnector, SplunkConnector, ConfluenceConnector, NotionConnector, BoxConnector, DropboxConnector, GoogleWorkspaceConnector, Microsoft365Connector, Auth0Connector, AtlassianJiraConnector, GitLabSASTConnector, AWSGuardDutyConnector, AzurePolicyConnector, GCPConfigConnector, OktaSystemLogConnector, CrowdStrikeSpotlightConnector, QualysScannerConnector, TenableIOConnector, SnykMonitorConnector, PrismaCloudConnector, WizConnector, LaceworkConnector, AzureDevOpsConnector, CircleCIConnector, PaloAltoPrismaCloudConnector, CheckPointConnector, FortinetConnector, CiscoUmbrellaConnector, ZscalerConnector, NetskopeConnector, CloudflareWAFConnector, AkamaiConnector, ImpervaConnector, RadwareConnector, BitbucketConnector, AzureReposConnector, JenkinsConnector, TravisCIConnector, BuildkiteConnector, ArgoCDConnector, FluxCDConnector, HelmConnector, ArtifactoryConnector, NexusConnector, PingFederateConnector, ForgeRockConnector, CyberArkConnector, BeyondTrustConnector, SailPointConnector, DatabricksConnector, PalantirConnector, TableauConnector, PowerBIConnector, LookerConnector, TaniumConnector, SentinelOneConnector, CarbonBlackConnector, TrendMicroConnector, ESETConnector, WorkdayConnector, SAPSuccessFactorsConnector, ADPConnector, ZenefitsConnector, NamelyConnector, NetSuiteConnector, QuickBooksConnector, XeroConnector, StripeConnector, DocuSignConnector, ZoomConnector, WebexConnector, TeamsConnector, DiscordConnector, RingCentralConnector, 
+// --- 50 new connectors (150+ total) ---
+// Cloud Infrastructure (10)
+AWSLambdaConnector, AWSRDSConnector, AWSKMSConnector, AzureDevOpsPipelinesConnector, GCPFirestoreConnector, GCPBigQueryConnector, GCPComputeConnector, DigitalOceanConnector, LinodeConnector, VultrConnector, 
+// Security (5 new)
+MalwarebytesConnector, SophosConnector, McAfeeConnector, FSecureConnector, KasperskyConnector, 
+// DevOps (9 new)
+GitLabCIConnector, BambooCICDConnector, TeamCityConnector, AzurePipelinesConnector, BitbucketPipelinesConnector, CloudBeesJenkinsConnector, SpinnakerConnector, LaunchDarklyConnector, FeatureFlagConnector, 
+// Data (10)
+MongoDBConnector, PostgreSQLCloudConnector, RedisCloudConnector, ElasticsearchCloudConnector, KafkaConnector, RabbitMQConnector, CassandraConnector, CouchDBConnector, Neo4jConnector, InfluxDBConnector, 
+// Other (10)
+ZapierConnector, IFTTTConnector, TwilioConnector, SendGridConnector, MailchimpConnector, ConstantContactConnector, ZendeskConnector, FreshdeskConnector, IntercomConnector, DriftConnector, 
+// Additional connectors for 150+ total
+CloudflareDNSConnector, OpsgenieConnector, GitHubCopilotConnector, VercelConnector, AWSCloudWatchConnector, CircleCIConnectorsConnector, } from "./connectors/index.js";
+export class IntegrationMarketplace {
+    registrations = new Map();
+    configs = new Map();
+    jobs = [];
+    constructor() {
+        this.registerBuiltinConnectors();
+    }
+    registerBuiltinConnectors() {
+        const builtins = [
+            new GitHubConnector(),
+            new GitLabConnector(),
+            new AWSIAMConnector(),
+            new AWSS3Connector(),
+            new AWSCloudTrailConnector(),
+            new AzureADConnector(),
+            new AzureSentinelConnector(),
+            new GCPIAMConnector(),
+            new GCPSCCConnector(),
+            new OktaConnector(),
+            new JiraConnector(),
+            new SlackConnector(),
+            new PagerDutyConnector(),
+            new SnowflakeConnector(),
+            new DatadogConnector(),
+            new CrowdStrikeConnector(),
+            new QualysConnector(),
+            new SnykConnector(),
+            new TerraformCloudConnector(),
+            new GitHubActionsConnector(),
+            new DockerHubConnector(),
+            new KubernetesConnector(),
+            new SalesforceConnector(),
+            new HubSpotConnector(),
+            new BambooHRConnector(),
+            new CrowdStrikeFalconConnector(),
+            new ServiceNowConnector(),
+            new SplunkConnector(),
+            new ConfluenceConnector(),
+            new NotionConnector(),
+            new BoxConnector(),
+            new DropboxConnector(),
+            new GoogleWorkspaceConnector(),
+            new Microsoft365Connector(),
+            new Auth0Connector(),
+            new AtlassianJiraConnector(),
+            new GitLabSASTConnector(),
+            new AWSGuardDutyConnector(),
+            new AzurePolicyConnector(),
+            new GCPConfigConnector(),
+            new OktaSystemLogConnector(),
+            new CrowdStrikeSpotlightConnector(),
+            new QualysScannerConnector(),
+            new TenableIOConnector(),
+            new SnykMonitorConnector(),
+            new PrismaCloudConnector(),
+            new WizConnector(),
+            new LaceworkConnector(),
+            new AzureDevOpsConnector(),
+            new CircleCIConnector(),
+            // --- 50 new connectors (100+ total) ---
+            // Cloud Security (10)
+            new PaloAltoPrismaCloudConnector(),
+            new CheckPointConnector(),
+            new FortinetConnector(),
+            new CiscoUmbrellaConnector(),
+            new ZscalerConnector(),
+            new NetskopeConnector(),
+            new CloudflareWAFConnector(),
+            new AkamaiConnector(),
+            new ImpervaConnector(),
+            new RadwareConnector(),
+            // DevOps & CI/CD (10)
+            new BitbucketConnector(),
+            new AzureReposConnector(),
+            new JenkinsConnector(),
+            new TravisCIConnector(),
+            new BuildkiteConnector(),
+            new ArgoCDConnector(),
+            new FluxCDConnector(),
+            new HelmConnector(),
+            new ArtifactoryConnector(),
+            new NexusConnector(),
+            // Identity & Access (5)
+            new PingFederateConnector(),
+            new ForgeRockConnector(),
+            new CyberArkConnector(),
+            new BeyondTrustConnector(),
+            new SailPointConnector(),
+            // Data & Analytics (5)
+            new DatabricksConnector(),
+            new PalantirConnector(),
+            new TableauConnector(),
+            new PowerBIConnector(),
+            new LookerConnector(),
+            // Security Operations (5)
+            new TaniumConnector(),
+            new SentinelOneConnector(),
+            new CarbonBlackConnector(),
+            new TrendMicroConnector(),
+            new ESETConnector(),
+            // HR & Compliance (5)
+            new WorkdayConnector(),
+            new SAPSuccessFactorsConnector(),
+            new ADPConnector(),
+            new ZenefitsConnector(),
+            new NamelyConnector(),
+            // Finance & Legal (5)
+            new NetSuiteConnector(),
+            new QuickBooksConnector(),
+            new XeroConnector(),
+            new StripeConnector(),
+            new DocuSignConnector(),
+            // Communication (5)
+            new ZoomConnector(),
+            new WebexConnector(),
+            new TeamsConnector(),
+            new DiscordConnector(),
+            new RingCentralConnector(),
+            // --- 50 new connectors (150+ total) ---
+            // Cloud Infrastructure (10)
+            new AWSLambdaConnector(),
+            new AWSRDSConnector(),
+            new AWSKMSConnector(),
+            new AzureDevOpsPipelinesConnector(),
+            new GCPFirestoreConnector(),
+            new GCPBigQueryConnector(),
+            new GCPComputeConnector(),
+            new DigitalOceanConnector(),
+            new LinodeConnector(),
+            new VultrConnector(),
+            // Security (5 new)
+            new MalwarebytesConnector(),
+            new SophosConnector(),
+            new McAfeeConnector(),
+            new FSecureConnector(),
+            new KasperskyConnector(),
+            // DevOps (9 new)
+            new GitLabCIConnector(),
+            new BambooCICDConnector(),
+            new TeamCityConnector(),
+            new AzurePipelinesConnector(),
+            new BitbucketPipelinesConnector(),
+            new CloudBeesJenkinsConnector(),
+            new SpinnakerConnector(),
+            new LaunchDarklyConnector(),
+            new FeatureFlagConnector(),
+            // Data (10)
+            new MongoDBConnector(),
+            new PostgreSQLCloudConnector(),
+            new RedisCloudConnector(),
+            new ElasticsearchCloudConnector(),
+            new KafkaConnector(),
+            new RabbitMQConnector(),
+            new CassandraConnector(),
+            new CouchDBConnector(),
+            new Neo4jConnector(),
+            new InfluxDBConnector(),
+            // Other (10)
+            new ZapierConnector(),
+            new IFTTTConnector(),
+            new TwilioConnector(),
+            new SendGridConnector(),
+            new MailchimpConnector(),
+            new ConstantContactConnector(),
+            new ZendeskConnector(),
+            new FreshdeskConnector(),
+            new IntercomConnector(),
+            new DriftConnector(),
+            // Additional connectors for 150+ total
+            new CloudflareDNSConnector(),
+            new OpsgenieConnector(),
+            new GitHubCopilotConnector(),
+            new VercelConnector(),
+            new AWSCloudWatchConnector(),
+            new CircleCIConnectorsConnector(),
+        ];
+        for (const connector of builtins) {
+            this.registrations.set(connector.id, {
+                connector,
+                enabled: true,
+                errorCount: 0,
+            });
+        }
+    }
+    registerConnector(connector) {
+        this.registrations.set(connector.id, {
+            connector,
+            enabled: true,
+            errorCount: 0,
+        });
+    }
+    unregisterConnector(connectorId) {
+        return this.registrations.delete(connectorId);
+    }
+    enableConnector(connectorId) {
+        const reg = this.registrations.get(connectorId);
+        if (reg)
+            reg.enabled = true;
+    }
+    disableConnector(connectorId) {
+        const reg = this.registrations.get(connectorId);
+        if (reg)
+            reg.enabled = false;
+    }
+    setConfig(connectorId, config) {
+        this.configs.set(connectorId, config);
+    }
+    getConnector(connectorId) {
+        return this.registrations.get(connectorId)?.connector;
+    }
+    getEnabledConnectors() {
+        return Array.from(this.registrations.values())
+            .filter((r) => r.enabled)
+            .map((r) => r.connector);
+    }
+    getConnectorsByCategory(category) {
+        return this.getEnabledConnectors().filter((c) => c.category === category);
+    }
+    getConnectorsByFramework(framework) {
+        return this.getEnabledConnectors().filter((c) => c.frameworks.includes(framework));
+    }
+    async testAllConnections() {
+        const results = new Map();
+        for (const [id, reg] of this.registrations) {
+            if (reg.enabled) {
+                const config = this.configs.get(id);
+                if (config) {
+                    try {
+                        results.set(id, await reg.connector.testConnection(config));
+                    }
+                    catch {
+                        results.set(id, false);
+                    }
+                }
+                else {
+                    results.set(id, false);
+                }
+            }
+        }
+        return results;
+    }
+    async collectFromConnector(connectorId) {
+        const reg = this.registrations.get(connectorId);
+        if (!reg)
+            throw new Error(`Connector not found: ${connectorId}`);
+        const config = this.configs.get(connectorId);
+        if (!config)
+            throw new Error(`No config for connector: ${connectorId}`);
+        const job = {
+            id: `job-${Date.now()}-${connectorId}`,
+            connectorId,
+            startedAt: new Date().toISOString(),
+            status: "running",
+            artifacts: [],
+        };
+        this.jobs.push(job);
+        try {
+            job.artifacts = await reg.connector.collectEvidence(config);
+            job.status = "completed";
+            job.completedAt = new Date().toISOString();
+            reg.lastCollectedAt = job.completedAt;
+            reg.errorCount = 0;
+        }
+        catch (err) {
+            job.status = "failed";
+            job.completedAt = new Date().toISOString();
+            job.error = err instanceof Error ? err.message : String(err);
+            reg.errorCount++;
+        }
+        return job;
+    }
+    async collectAll() {
+        const jobs = [];
+        for (const reg of this.registrations.values()) {
+            if (reg.enabled && this.configs.has(reg.connector.id)) {
+                jobs.push(await this.collectFromConnector(reg.connector.id));
+            }
+        }
+        return jobs;
+    }
+    getStats() {
+        const connectors = this.getEnabledConnectors();
+        const byCategory = {};
+        const allFrameworks = new Set();
+        let totalCapabilities = 0;
+        for (const c of connectors) {
+            byCategory[c.category] = (byCategory[c.category] || 0) + 1;
+            totalCapabilities += c.capabilities.length;
+            for (const f of c.frameworks)
+                allFrameworks.add(f);
+        }
+        return {
+            totalConnectors: connectors.length,
+            connectorsByCategory: byCategory,
+            totalCapabilities,
+            frameworksSupported: Array.from(allFrameworks),
+        };
+    }
+    getJobs() {
+        return [...this.jobs];
+    }
+    getRecentJobs(limit = 10) {
+        return this.jobs.slice(-limit);
+    }
+}

package/dist/connectors/ADPConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class ADPConnector implements IntegrationConnector {
+    readonly id = "adp";
+    readonly name = "ADP";
+    readonly category: "hr";
+    readonly authType: "api_key";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/ADPConnector.js

@@ -0,0 +1,97 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "adp-employees",
+        name: "Employee Records",
+        description: "Fetch employee data, status, and org hierarchy",
+        evidenceCategories: ["access_control", "data_protection"],
+    },
+    {
+        id: "adp-compliance",
+        name: "Compliance Management",
+        description: "Fetch I-9, W-4, and tax compliance statuses",
+        evidenceCategories: ["compliance", "monitoring"],
+    },
+    {
+        id: "adp-access",
+        name: "User Permissions",
+        description: "Fetch ADP account permissions and role assignments",
+        evidenceCategories: ["access_control", "configuration"],
+    },
+    {
+        id: "adp-audit",
+        name: "Change Audit",
+        description: "Fetch payroll and employee data change logs",
+        evidenceCategories: ["monitoring", "access_control"],
+    },
+];
+export class ADPConnector {
+    id = "adp";
+    name = "ADP";
+    category = "hr";
+    authType = "api_key";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+        "HIPAA",
+    ];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://api.adp.com";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                "Content-Type": "application/json",
+                Accept: "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`ADP API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/hr/v2/workers?$top=1");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const workers = await this.fetchApi(config, "/hr/v2/workers?$top=100").catch(() => ({
+            workers: [],
+        }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "adp-employees",
+            timestamp: now,
+            hash: hashEvidence(workers),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: "adp/workers",
+            status: workers.workers?.length > 0 ? "compliant" : "unknown",
+            data: { workerCount: workers.workers?.length || 0 },
+            metadata: {},
+        });
+        const users = await this.fetchApi(config, "/admin/v1/users").catch(() => ({ resources: [] }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "adp-access",
+            timestamp: now,
+            hash: hashEvidence(users),
+            framework: "ISO27001",
+            controlId: "A.6.2.1",
+            source: "adp/users",
+            status: users.resources?.length > 0 ? "compliant" : "non_compliant",
+            data: { adminUsers: users.resources?.length || 0 },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/AWSCloudTrailConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class AWSCloudTrailConnector implements IntegrationConnector {
+    readonly id = "aws-cloudtrail";
+    readonly name = "AWS CloudTrail";
+    readonly category: "cloud_provider";
+    readonly authType: "service_account";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchCloudTrail;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/AWSCloudTrailConnector.js

@@ -0,0 +1,77 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "ct-audit-logs",
+        name: "CloudTrail Audit Logs",
+        description: "Fetch CloudTrail event history and trail configuration",
+        evidenceCategories: ["logging", "audit"],
+    },
+];
+export class AWSCloudTrailConnector {
+    id = "aws-cloudtrail";
+    name = "AWS CloudTrail";
+    category = "cloud_provider";
+    authType = "service_account";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+        "HIPAA",
+        "PCI_DSS",
+    ];
+    async fetchCloudTrail(config, action, params = {}) {
+        const region = config.region || "us-east-1";
+        const host = `cloudtrail.${region}.amazonaws.com`;
+        const query = new URLSearchParams({ Action: action, Version: "2013-11-01", ...params });
+        const resp = await fetch(`https://${host}/?${query}`, {
+            headers: {
+                Authorization: `AWS4-HMAC-SHA256 Credential=${config.apiToken}/${region}/cloudtrail/aws4_request`,
+                "X-Amz-Date": new Date().toISOString().replace(/[:-]|\.\d{3}/g, ""),
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`CloudTrail ${resp.status}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchCloudTrail(config, "DescribeTrails");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const now = new Date().toISOString();
+        const trails = await this.fetchCloudTrail(config, "DescribeTrails").catch(() => ({
+            trailList: [],
+        }));
+        const trailList = (trails.trailList || []);
+        return [
+            {
+                id: generateEvidenceId(),
+                connectorId: this.id,
+                capabilityId: "ct-audit-logs",
+                timestamp: now,
+                hash: hashEvidence(trails),
+                framework: "SOC2",
+                controlId: "CC7.1",
+                source: "aws-cloudtrail/DescribeTrails",
+                status: trailList.length > 0 ? "compliant" : "non_compliant",
+                data: {
+                    trailCount: trailList.length,
+                    trails: trailList.map((t) => ({
+                        name: t.Name,
+                        s3BucketName: t.S3BucketName,
+                        isMultiRegionTrail: t.IsMultiRegionTrail,
+                        isOrganizationTrail: t.IsOrganizationTrail,
+                        logFileValidationEnabled: t.LogFileValidationEnabled,
+                    })),
+                },
+                metadata: { region: config.region || "us-east-1" },
+            },
+        ];
+    }
+}

package/dist/connectors/AWSCloudWatchConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class AWSCloudWatchConnector implements IntegrationConnector {
+    readonly id = "aws-cloudwatch";
+    readonly name = "AWS CloudWatch";
+    readonly category: "monitoring";
+    readonly authType: "service_account";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/AWSCloudWatchConnector.js

@@ -0,0 +1,70 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "cloudwatch-alarms",
+        name: "CloudWatch Alarms",
+        description: "Fetch CloudWatch alarm configurations and state history",
+        evidenceCategories: ["monitoring", "configuration"],
+    },
+    {
+        id: "cloudwatch-logs",
+        name: "Log Groups",
+        description: "Fetch CloudWatch log group retention settings and metric filters",
+        evidenceCategories: ["data_protection", "monitoring"],
+    },
+    {
+        id: "cloudwatch-dashboards",
+        name: "Monitoring Dashboards",
+        description: "Fetch CloudWatch dashboard definitions and metric widgets",
+        evidenceCategories: ["monitoring", "configuration"],
+    },
+];
+export class AWSCloudWatchConnector {
+    id = "aws-cloudwatch";
+    name = "AWS CloudWatch";
+    category = "monitoring";
+    authType = "service_account";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001", "NIST_CSF", "PCI_DSS"];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://monitoring.us-east-1.amazonaws.com";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                "Content-Type": "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`AWS CloudWatch API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/?Action=DescribeAlarms&MaxRecords=1");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const alarms = await this.fetchApi(config, "/?Action=DescribeAlarms&MaxRecords=100").catch(() => ({ MetricAlarms: [] }));
+        const alarmList = (alarms.MetricAlarms || []);
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "cloudwatch-alarms",
+            timestamp: now,
+            hash: hashEvidence({ alarmCount: alarmList.length }),
+            framework: "SOC2",
+            controlId: "CC7.1",
+            source: "aws-cloudwatch/alarms",
+            status: alarmList.length > 0 ? "compliant" : "unknown",
+            data: { alarmCount: alarmList.length },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/AWSGuardDutyConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class AWSGuardDutyConnector implements IntegrationConnector {
+    readonly id = "aws_guardduty";
+    readonly name = "AWS GuardDuty";
+    readonly category: "cloud_provider";
+    readonly authType: "service_account";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private signRequest;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}