@grc-claw/integration-marketplace 0.8.0

package/dist/connectors/IntercomConnector.js

@@ -0,0 +1,69 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "intercom-conversations",
+        name: "Conversations",
+        description: "Fetch Intercom conversation history, resolution rates, and SLA compliance",
+        evidenceCategories: ["incident_management", "monitoring"],
+    },
+    {
+        id: "intercom-security",
+        name: "Security Settings",
+        description: "Fetch Intercom SSO, data retention, and API access controls",
+        evidenceCategories: ["access_control", "data_protection"],
+    },
+    {
+        id: "intercom-audit",
+        name: "Audit Logs",
+        description: "Fetch Intercom admin audit log and workspace activity events",
+        evidenceCategories: ["audit", "change_management"],
+    },
+];
+export class IntercomConnector {
+    id = "intercom";
+    name = "Intercom";
+    category = "communication";
+    authType = "api_key";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001"];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://api.intercom.io";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                Accept: "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`Intercom API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/me");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const me = await this.fetchApi(config, "/me").catch(() => ({}));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "intercom-conversations",
+            timestamp: now,
+            hash: hashEvidence(me),
+            framework: "SOC2",
+            controlId: "CC7.3",
+            source: "intercom/me",
+            status: "unknown",
+            data: { connected: true },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/JenkinsConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class JenkinsConnector implements IntegrationConnector {
+    readonly id = "jenkins";
+    readonly name = "Jenkins";
+    readonly category: "ci_cd";
+    readonly authType: "api_key";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/JenkinsConnector.js

@@ -0,0 +1,96 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "jenkins-jobs",
+        name: "Build Jobs",
+        description: "Fetch Jenkins job configurations and build history",
+        evidenceCategories: ["change_management", "configuration"],
+    },
+    {
+        id: "jenkins-plugins",
+        name: "Plugins & Security",
+        description: "Fetch installed plugins and security configurations",
+        evidenceCategories: ["vulnerability_management", "configuration"],
+    },
+    {
+        id: "jenkins-credentials",
+        name: "Credential Management",
+        description: "Fetch credential store configurations and usage",
+        evidenceCategories: ["access_control", "data_protection"],
+    },
+    {
+        id: "jenkins-audit",
+        name: "Audit Trail",
+        description: "Fetch Jenkins audit log and user activity",
+        evidenceCategories: ["monitoring", "access_control"],
+    },
+];
+export class JenkinsConnector {
+    id = "jenkins";
+    name = "Jenkins";
+    category = "ci_cd";
+    authType = "api_key";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+        "PCI_DSS",
+    ];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://jenkins.example.com";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                "Content-Type": "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`Jenkins API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/api/json");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const jobs = await this.fetchApi(config, "/api/json?tree=jobs[name,url,color]").catch(() => ({
+            jobs: [],
+        }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "jenkins-jobs",
+            timestamp: now,
+            hash: hashEvidence(jobs),
+            framework: "SOC2",
+            controlId: "CC8.1",
+            source: "jenkins/jobs",
+            status: jobs.jobs?.length > 0 ? "compliant" : "unknown",
+            data: { jobCount: jobs.jobs?.length || 0 },
+            metadata: {},
+        });
+        const plugins = await this.fetchApi(config, "/pluginManager/api/json?tree=shortName,version").catch(() => ({ plugins: [] }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "jenkins-plugins",
+            timestamp: now,
+            hash: hashEvidence(plugins),
+            framework: "ISO27001",
+            controlId: "A.12.6.1",
+            source: "jenkins/plugins",
+            status: "partial",
+            data: { installedPlugins: plugins.plugins?.length || 0 },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/JiraConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class JiraConnector implements IntegrationConnector {
+    readonly id = "jira";
+    readonly name = "Jira";
+    readonly category: "project_management";
+    readonly authType: "basic_auth";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/JiraConnector.js

@@ -0,0 +1,103 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "jira-projects",
+        name: "Jira Projects",
+        description: "Fetch Jira project configurations and permissions",
+        evidenceCategories: ["project_management", "access_control"],
+    },
+    {
+        id: "jira-workflows",
+        name: "Workflows",
+        description: "Fetch workflow configurations and approval gates",
+        evidenceCategories: ["change_management"],
+    },
+    {
+        id: "jira-sla",
+        name: "SLA Compliance",
+        description: "Fetch SLA compliance metrics and breach history",
+        evidenceCategories: ["service_management"],
+    },
+];
+export class JiraConnector {
+    id = "jira";
+    name = "Jira";
+    category = "project_management";
+    authType = "basic_auth";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001"];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://your-domain.atlassian.net";
+        const resp = await fetch(`${base}/rest/api/3${endpoint}`, {
+            headers: {
+                Authorization: `Basic ${Buffer.from(`${config.clientId}:${config.apiToken}`).toString("base64")}`,
+                Accept: "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`Jira API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/myself");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const projects = await this.fetchApi(config, "/project");
+        const projectList = Array.isArray(projects) ? projects : [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "jira-projects",
+            timestamp: now,
+            hash: hashEvidence({ projects: projectList.map((p) => ({ id: p.id, key: p.key })) }),
+            framework: "SOC2",
+            controlId: "CC8.1",
+            source: "jira/projects",
+            status: "unknown",
+            data: { projectCount: projectList.length },
+            metadata: { domain: config.baseUrl || "" },
+        });
+        const workflows = await fetch(`${config.baseUrl || "https://your-domain.atlassian.net"}/rest/api/3/workflow`, {
+            headers: {
+                Authorization: `Basic ${Buffer.from(`${config.clientId}:${config.apiToken}`).toString("base64")}`,
+                Accept: "application/json",
+            },
+        }).then((r) => r.json());
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "jira-workflows",
+            timestamp: now,
+            hash: hashEvidence(workflows),
+            framework: "SOC2",
+            controlId: "CC8.1",
+            source: "jira/workflows",
+            status: "unknown",
+            data: { workflows },
+            metadata: { domain: config.baseUrl || "" },
+        });
+        const issues = await this.fetchApi(config, "/search?jql=issuetype=Story&maxResults=0&expand=names").catch(() => ({ total: 0 }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "jira-sla",
+            timestamp: now,
+            hash: hashEvidence(issues),
+            framework: "ISO27001",
+            controlId: "A.12.1.4",
+            source: "jira/search",
+            status: "unknown",
+            data: { totalIssues: issues.total || 0 },
+            metadata: { domain: config.baseUrl || "" },
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/KafkaConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class KafkaConnector implements IntegrationConnector {
+    readonly id = "kafka";
+    readonly name = "Apache Kafka";
+    readonly category: "data_warehouse";
+    readonly authType: "api_key";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/KafkaConnector.js

@@ -0,0 +1,70 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "kafka-clusters",
+        name: "Kafka Clusters",
+        description: "Fetch Kafka cluster configurations and topic inventory",
+        evidenceCategories: ["data_protection", "cloud_configuration"],
+    },
+    {
+        id: "kafka-security",
+        name: "Security Configurations",
+        description: "Fetch Kafka SASL/SSL settings and ACL configurations",
+        evidenceCategories: ["access_control", "encryption"],
+    },
+    {
+        id: "kafka-consumers",
+        name: "Consumer Groups",
+        description: "Fetch consumer group lag metrics and partition assignments",
+        evidenceCategories: ["monitoring", "performance"],
+    },
+];
+export class KafkaConnector {
+    id = "kafka";
+    name = "Apache Kafka";
+    category = "data_warehouse";
+    authType = "api_key";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001", "NIST_CSF"];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://api.kafka.example.com/v1";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                "Content-Type": "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`Kafka API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/clusters?limit=1");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const clusters = await this.fetchApi(config, "/clusters?limit=100").catch(() => ({ items: [] }));
+        const clusterList = (clusters.items || []);
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "kafka-clusters",
+            timestamp: now,
+            hash: hashEvidence({ clusterCount: clusterList.length }),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: "kafka/clusters",
+            status: clusterList.length > 0 ? "compliant" : "unknown",
+            data: { clusterCount: clusterList.length },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/KasperskyConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class KasperskyConnector implements IntegrationConnector {
+    readonly id = "kaspersky";
+    readonly name = "Kaspersky";
+    readonly category: "endpoint";
+    readonly authType: "api_key";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/KasperskyConnector.js

@@ -0,0 +1,70 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "kaspersky-endpoints",
+        name: "Endpoint Protection",
+        description: "Fetch Kaspersky endpoint agent status and security level metrics",
+        evidenceCategories: ["endpoint_security", "monitoring"],
+    },
+    {
+        id: "kaspersky-detections",
+        name: "Threat Detections",
+        description: "Fetch threat detection events and malware neutralization records",
+        evidenceCategories: ["vulnerability_management", "monitoring"],
+    },
+    {
+        id: "kaspersky-policies",
+        name: "Security Policies",
+        description: "Fetch Kaspersky policy configurations and task schedules",
+        evidenceCategories: ["policy_compliance", "configuration"],
+    },
+];
+export class KasperskyConnector {
+    id = "kaspersky";
+    name = "Kaspersky";
+    category = "endpoint";
+    authType = "api_key";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001", "NIST_CSF"];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://cloud.securitycenter.kaspersky.com/api/v1";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                "Content-Type": "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`Kaspersky API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/hosts?limit=1");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const hosts = await this.fetchApi(config, "/hosts?limit=100").catch(() => ({ items: [] }));
+        const hostList = (hosts.items || []);
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "kaspersky-endpoints",
+            timestamp: now,
+            hash: hashEvidence({ hostCount: hostList.length }),
+            framework: "SOC2",
+            controlId: "CC6.8",
+            source: "kaspersky/hosts",
+            status: hostList.length > 0 ? "compliant" : "unknown",
+            data: { endpointCount: hostList.length },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/KubernetesConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class KubernetesConnector implements IntegrationConnector {
+    readonly id = "kubernetes";
+    readonly name = "Kubernetes";
+    readonly category: "infrastructure";
+    readonly authType: "bearer_token";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchK8s;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/KubernetesConnector.js

@@ -0,0 +1,109 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "k8s-rbac",
+        name: "RBAC Policies",
+        description: "Fetch Kubernetes ClusterRole, ClusterRoleBinding, and Role data",
+        evidenceCategories: ["access_control", "authorization"],
+    },
+    {
+        id: "k8s-network-policies",
+        name: "Network Policies",
+        description: "Fetch Kubernetes NetworkPolicy resources",
+        evidenceCategories: ["network_security"],
+    },
+    {
+        id: "k8s-pod-security",
+        name: "Pod Security",
+        description: "Fetch Pod Security Standards and PSP/PSA configurations",
+        evidenceCategories: ["container_security", "configuration"],
+    },
+];
+export class KubernetesConnector {
+    id = "kubernetes";
+    name = "Kubernetes";
+    category = "infrastructure";
+    authType = "bearer_token";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001", "NIST_CSF"];
+    async fetchK8s(config, apiPath) {
+        const base = config.baseUrl || "https://kubernetes.default.svc";
+        const resp = await fetch(`${base}${apiPath}`, {
+            headers: { Authorization: `Bearer ${config.apiToken}` },
+        });
+        if (!resp.ok)
+            throw new Error(`K8s API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchK8s(config, "/version");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const rbac = await this.fetchK8s(config, "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings").catch(() => ({
+            items: [],
+        }));
+        const roleBindings = (rbac.items || []);
+        const clusterAdminBindings = roleBindings.filter((r) => r.roleRef?.name === "cluster-admin");
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "k8s-rbac",
+            timestamp: now,
+            hash: hashEvidence({ totalBindings: roleBindings.length, clusterAdminBindings: clusterAdminBindings.length }),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: "k8s/rbac/clusterrolebindings",
+            status: clusterAdminBindings.length <= 2 ? "compliant" : "partial",
+            data: { totalBindings: roleBindings.length, clusterAdminBindings: clusterAdminBindings.length },
+            metadata: {},
+        });
+        const netPol = await this.fetchK8s(config, "/apis/networking.k8s.io/v1/networkpolicies").catch(() => ({
+            items: [],
+        }));
+        const netPolicies = (netPol.items || []);
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "k8s-network-policies",
+            timestamp: now,
+            hash: hashEvidence({ policyCount: netPolicies.length }),
+            framework: "ISO27001",
+            controlId: "A.13.1.1",
+            source: "k8s/networking/networkpolicies",
+            status: netPolicies.length > 0 ? "compliant" : "non_compliant",
+            data: { networkPolicyCount: netPolicies.length },
+            metadata: {},
+        });
+        const pods = await this.fetchK8s(config, "/api/v1/pods").catch(() => ({ items: [] }));
+        const podList = (pods.items || []);
+        const privilegedPods = podList.filter((p) => {
+            const containers = [
+                ...(p.spec?.containers || []),
+                ...(p.spec?.initContainers || []),
+            ];
+            return containers.some((c) => c.securityContext?.privileged === true);
+        });
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "k8s-pod-security",
+            timestamp: now,
+            hash: hashEvidence({ totalPods: podList.length, privilegedPods: privilegedPods.length }),
+            framework: "SOC2",
+            controlId: "CC6.8",
+            source: "k8s/pods",
+            status: privilegedPods.length === 0 ? "compliant" : "non_compliant",
+            data: { totalPods: podList.length, privilegedPods: privilegedPods.length },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/LaceworkConnector.d.ts

@@ -0,0 +1,13 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class LaceworkConnector implements IntegrationConnector {
+    readonly id = "lacework";
+    readonly name = "Lacework";
+    readonly category: "monitoring";
+    readonly authType: "api_key";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private generateSignature;
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}