@grc-claw/integration-marketplace 0.8.0

package/dist/connectors/TableauConnector.js

@@ -0,0 +1,101 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "tableau-workbooks",
+        name: "Workbook Security",
+        description: "Fetch workbook permissions and data source access",
+        evidenceCategories: ["access_control", "data_protection"],
+    },
+    {
+        id: "tableau-projects",
+        name: "Project Hierarchies",
+        description: "Fetch project site and permission settings",
+        evidenceCategories: ["access_control", "configuration"],
+    },
+    {
+        id: "tableau-extracts",
+        name: "Data Extracts",
+        description: "Fetch extract refresh schedules and embedded credentials",
+        evidenceCategories: ["data_protection", "change_management"],
+    },
+    {
+        id: "tableau-audit",
+        name: "Admin Events",
+        description: "Fetch Tableau Server admin event and login logs",
+        evidenceCategories: ["monitoring", "access_control"],
+    },
+];
+export class TableauConnector {
+    id = "tableau";
+    name = "Tableau";
+    category = "data_warehouse";
+    authType = "api_key";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+        "HIPAA",
+    ];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://tableau.example.com/api/3.19";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                "X-Tableau-Auth": config.apiToken || "",
+                "Content-Type": "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`Tableau API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/sites");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const siteId = config.extra?.siteId || "";
+        const workbooks = await this.fetchApi(config, `/sites/${siteId}/workbooks`).catch(() => ({ workbooks: { workbook: [] } }));
+        const wbData = workbooks;
+        const wbObj = wbData.workbooks || {};
+        const wbList = wbObj.workbook || [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "tableau-workbooks",
+            timestamp: now,
+            hash: hashEvidence(workbooks),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: `tableau/${siteId}/workbooks`,
+            status: wbList.length > 0 ? "compliant" : "unknown",
+            data: { workbookCount: wbList.length },
+            metadata: { siteId },
+        });
+        const projects = await this.fetchApi(config, `/sites/${siteId}/projects`).catch(() => ({ projects: { project: [] } }));
+        const projData = projects;
+        const projObj = projData.projects || {};
+        const projList = projObj.project || [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "tableau-projects",
+            timestamp: now,
+            hash: hashEvidence(projects),
+            framework: "ISO27001",
+            controlId: "A.6.2.1",
+            source: `tableau/${siteId}/projects`,
+            status: projList.length > 0 ? "compliant" : "non_compliant",
+            data: { projectCount: projList.length },
+            metadata: { siteId },
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/TaniumConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class TaniumConnector implements IntegrationConnector {
+    readonly id = "tanium";
+    readonly name = "Tanium";
+    readonly category: "endpoint";
+    readonly authType: "api_key";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/TaniumConnector.js

@@ -0,0 +1,97 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "tanium-endpoints",
+        name: "Endpoint Inventory",
+        description: "Fetch Tanium endpoint count and compliance status",
+        evidenceCategories: ["endpoint", "monitoring"],
+    },
+    {
+        id: "tanium-policies",
+        name: "Compliance Policies",
+        description: "Fetch compliance policy rules and violation counts",
+        evidenceCategories: ["compliance", "monitoring"],
+    },
+    {
+        id: "tanium-patches",
+        name: "Patch Status",
+        description: "Fetch endpoint patch compliance and missing updates",
+        evidenceCategories: ["vulnerability_management", "endpoint"],
+    },
+    {
+        id: "tanium-packages",
+        name: "Threat Response",
+        description: "Fetch threat detection packages and response actions",
+        evidenceCategories: ["vulnerability_management", "monitoring"],
+    },
+];
+export class TaniumConnector {
+    id = "tanium";
+    name = "Tanium";
+    category = "endpoint";
+    authType = "api_key";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+        "HIPAA",
+        "PCI_DSS",
+    ];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://tanium.example.com";
+        const resp = await fetch(`${base}/api/v2${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                "Content-Type": "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`Tanium API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/version");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const endpoints = await this.fetchApi(config, "/endpoints?count=1").catch(() => ({
+            totalRecords: 0,
+        }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "tanium-endpoints",
+            timestamp: now,
+            hash: hashEvidence(endpoints),
+            framework: "SOC2",
+            controlId: "CC6.8",
+            source: "tanium/endpoints",
+            status: endpoints.totalRecords > 0 ? "compliant" : "unknown",
+            data: { endpointCount: endpoints.totalRecords },
+            metadata: {},
+        });
+        const packages = await this.fetchApi(config, "/packages").catch(() => ({ data: [] }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "tanium-packages",
+            timestamp: now,
+            hash: hashEvidence(packages),
+            framework: "ISO27001",
+            controlId: "A.12.2.1",
+            source: "tanium/packages",
+            status: packages.data?.length > 0 ? "compliant" : "non_compliant",
+            data: { activePackages: packages.data?.length || 0 },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/TeamCityConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class TeamCityConnector implements IntegrationConnector {
+    readonly id = "teamcity";
+    readonly name = "JetBrains TeamCity";
+    readonly category: "ci_cd";
+    readonly authType: "bearer_token";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/TeamCityConnector.js

@@ -0,0 +1,71 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "teamcity-builds",
+        name: "Build Configurations",
+        description: "Fetch TeamCity build configurations and VCS root settings",
+        evidenceCategories: ["ci_cd", "change_management"],
+    },
+    {
+        id: "teamcity-agents",
+        name: "Build Agents",
+        description: "Fetch TeamCity build agent status and pool assignments",
+        evidenceCategories: ["infrastructure", "monitoring"],
+    },
+    {
+        id: "teamcity-security",
+        name: "Build Security",
+        description: "Fetch TeamCity build trigger rules and access tokens",
+        evidenceCategories: ["access_control", "secret_management"],
+    },
+];
+export class TeamCityConnector {
+    id = "teamcity";
+    name = "JetBrains TeamCity";
+    category = "ci_cd";
+    authType = "bearer_token";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001", "NIST_CSF"];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://teamcity.example.com/app/rest";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                "Content-Type": "application/json",
+                Accept: "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`TeamCity API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/buildTypes?count=1");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const builds = await this.fetchApi(config, "/buildTypes?count=100").catch(() => ({ buildType: [] }));
+        const buildList = (builds.buildType || []);
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "teamcity-builds",
+            timestamp: now,
+            hash: hashEvidence({ buildConfigCount: buildList.length }),
+            framework: "SOC2",
+            controlId: "CC8.1",
+            source: "teamcity/buildTypes",
+            status: "unknown",
+            data: { buildConfigCount: buildList.length },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/TeamsConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class TeamsConnector implements IntegrationConnector {
+    readonly id = "microsoft-teams";
+    readonly name = "Microsoft Teams";
+    readonly category: "communication";
+    readonly authType: "oauth2";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/TeamsConnector.js

@@ -0,0 +1,96 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "teams-policies",
+        name: "Meeting Policies",
+        description: "Fetch Teams meeting and messaging policy configurations",
+        evidenceCategories: ["access_control", "configuration"],
+    },
+    {
+        id: "teams-compliance",
+        name: "Compliance Management",
+        description: "Fetch retention policies and eDiscovery configurations",
+        evidenceCategories: ["compliance", "data_protection"],
+    },
+    {
+        id: "teams-security",
+        name: "Security Defaults",
+        description: "Fetch conditional access and MFA enforcement status",
+        evidenceCategories: ["access_control", "configuration"],
+    },
+    {
+        id: "teams-audit",
+        name: "Unified Audit Log",
+        description: "Fetch Teams activity from Microsoft 365 audit logs",
+        evidenceCategories: ["monitoring", "access_control"],
+    },
+];
+export class TeamsConnector {
+    id = "microsoft-teams";
+    name = "Microsoft Teams";
+    category = "communication";
+    authType = "oauth2";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+        "HIPAA",
+        "GDPR",
+    ];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://graph.microsoft.com/v1.0";
+        const resp = fetch(`${base}${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                "Content-Type": "application/json",
+            },
+        });
+        const r = await resp;
+        if (!r.ok)
+            throw new Error(`Teams API ${r.status}: ${r.statusText}`);
+        return (await r.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/me");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const teams = await this.fetchApi(config, "/me/joinedTeams").catch(() => ({ value: [] }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "teams-policies",
+            timestamp: now,
+            hash: hashEvidence(teams),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: "teams/joinedTeams",
+            status: teams.value?.length > 0 ? "compliant" : "unknown",
+            data: { teamCount: teams.value?.length || 0 },
+            metadata: {},
+        });
+        const messages = await this.fetchApi(config, "/me/messages?$top=10&$select=subject,receivedDateTime").catch(() => ({ value: [] }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "teams-compliance",
+            timestamp: now,
+            hash: hashEvidence(messages),
+            framework: "ISO27001",
+            controlId: "A.8.3.1",
+            source: "teams/messages",
+            status: "partial",
+            data: { recentMessages: messages.value?.length || 0 },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/TenableIOConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class TenableIOConnector implements IntegrationConnector {
+    readonly id = "tenable_io";
+    readonly name = "Tenable.io";
+    readonly category: "vulnerability";
+    readonly authType: "api_key";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/TenableIOConnector.js

@@ -0,0 +1,130 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "tenable-vulns",
+        name: "Vulnerability Findings",
+        description: "Fetch Tenable.io vulnerability findings and severity breakdown",
+        evidenceCategories: ["vulnerability_management", "asset_management"],
+    },
+    {
+        id: "tenable-scans",
+        name: "Scan Results",
+        description: "Fetch scan history and completion status",
+        evidenceCategories: ["vulnerability_management", "monitoring"],
+    },
+    {
+        id: "tenable-assets",
+        name: "Asset Inventory",
+        description: "Fetch discovered assets and vulnerability counts per host",
+        evidenceCategories: ["asset_management", "vulnerability_management"],
+    },
+    {
+        id: "tenable-compliance",
+        name: "Compliance Checks",
+        description: "Fetch CIS and DISA STIG compliance scan results",
+        evidenceCategories: ["compliance", "configuration"],
+    },
+];
+export class TenableIOConnector {
+    id = "tenable_io";
+    name = "Tenable.io";
+    category = "vulnerability";
+    authType = "api_key";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+        "PCI_DSS",
+        "HIPAA",
+    ];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://cloud.tenable.com";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                "X-ApiKeys": `accessKey=${config.clientId}; secretKey=${config.clientSecret}`,
+                Accept: "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`Tenable API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/server/properties");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const vulns = await this.fetchApi(config, "/vulns/export?filters.state=active&filters.severity=critical,high&limit=100").catch(() => ({ vulnerabilities: [] }));
+        const vulnList = Array.isArray(vulns.vulnerabilities) ? vulns.vulnerabilities : [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "tenable-vulns",
+            timestamp: now,
+            hash: hashEvidence({ count: vulnList.length }),
+            framework: "SOC2",
+            controlId: "CC6.6",
+            source: "tenable/vulnerabilities",
+            status: vulnList.length === 0 ? "compliant" : "non_compliant",
+            data: { criticalHighVulns: vulnList.length },
+            metadata: {},
+        });
+        const scans = await this.fetchApi(config, "/scans?limit=10&sort=creation_date:desc").catch(() => ({ scans: [] }));
+        const scanList = Array.isArray(scans.scans) ? scans.scans : [];
+        const completedScans = scanList.filter((s) => s.status === "completed");
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "tenable-scans",
+            timestamp: now,
+            hash: hashEvidence({ scans: scanList.slice(0, 5) }),
+            framework: "NIST_CSF",
+            controlId: "DE.CM",
+            source: "tenable/scans",
+            status: completedScans.length > 0 ? "compliant" : "non_compliant",
+            data: { recentScans: scanList.length, completed: completedScans.length },
+            metadata: {},
+        });
+        const assets = await this.fetchApi(config, "/assets?limit=100").catch(() => ({ assets: [] }));
+        const assetList = Array.isArray(assets.assets) ? assets.assets : [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "tenable-assets",
+            timestamp: now,
+            hash: hashEvidence({ count: assetList.length }),
+            framework: "ISO27001",
+            controlId: "A.8.1.1",
+            source: "tenable/assets",
+            status: assetList.length > 0 ? "compliant" : "partial",
+            data: { discoveredAssets: assetList.length },
+            metadata: {},
+        });
+        const compliance = await this.fetchApi(config, "/compliance/scan/export?limit=20").catch(() => ({ compliance_results: [] }));
+        const compResults = Array.isArray(compliance.compliance_results)
+            ? compliance.compliance_results
+            : [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "tenable-compliance",
+            timestamp: now,
+            hash: hashEvidence({ count: compResults.length }),
+            framework: "PCI_DSS",
+            controlId: "2.2.1",
+            source: "tenable/compliance",
+            status: compResults.length > 0 ? "compliant" : "partial",
+            data: { complianceResults: compResults.length },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/TerraformCloudConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class TerraformCloudConnector implements IntegrationConnector {
+    readonly id = "terraform-cloud";
+    readonly name = "Terraform Cloud";
+    readonly category: "iac";
+    readonly authType: "bearer_token";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/TerraformCloudConnector.js

@@ -0,0 +1,106 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "tfc-workspaces",
+        name: "Workspace Configs",
+        description: "Fetch Terraform Cloud workspace configurations and variables",
+        evidenceCategories: ["iac", "configuration"],
+    },
+    {
+        id: "tfc-state",
+        name: "State Files",
+        description: "Fetch state file metadata and resource counts",
+        evidenceCategories: ["iac", "change_management"],
+    },
+    {
+        id: "tfc-drift",
+        name: "Drift Detection",
+        description: "Fetch drift detection results and policy violations",
+        evidenceCategories: ["iac", "compliance"],
+    },
+];
+export class TerraformCloudConnector {
+    id = "terraform-cloud";
+    name = "Terraform Cloud";
+    category = "iac";
+    authType = "bearer_token";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001", "NIST_CSF"];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://app.terraform.io/api/v2";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                "Content-Type": "application/vnd.api+json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`Terraform Cloud API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/organizations?filter[name]=default");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const org = config.extra?.org || "default";
+        const workspaces = await this.fetchApi(config, `/organizations/${org}/workspaces`).catch(() => ({ data: [] }));
+        const wsList = Array.isArray(workspaces.data) ? workspaces.data : [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "tfc-workspaces",
+            timestamp: now,
+            hash: hashEvidence({ workspaceCount: wsList.length }),
+            framework: "SOC2",
+            controlId: "CC8.1",
+            source: `terraform-cloud/organizations/${org}/workspaces`,
+            status: "unknown",
+            data: { workspaceCount: wsList.length },
+            metadata: { org },
+        });
+        const wsId = config.extra?.workspaceId || wsList[0]?.id || "";
+        const state = wsId
+            ? await this.fetchApi(config, `/workspaces/${wsId}/current-state-version`)
+                .catch(() => ({ data: null }))
+            : { data: null };
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "tfc-state",
+            timestamp: now,
+            hash: hashEvidence(state),
+            framework: "ISO27001",
+            controlId: "A.12.3.1",
+            source: `terraform-cloud/workspaces/${wsId}/state`,
+            status: state.data ? "compliant" : "non_compliant",
+            data: { stateVersion: state.data },
+            metadata: { org, workspaceId: wsId },
+        });
+        const runs = wsId
+            ? await this.fetchApi(config, `/workspaces/${wsId}/runs?filter[status]=planned,errored&filter[kinds][]=drift`).catch(() => ({ data: [] }))
+            : { data: [] };
+        const runList = Array.isArray(runs.data) ? runs.data : [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "tfc-drift",
+            timestamp: now,
+            hash: hashEvidence({ driftRuns: runList.length }),
+            framework: "SOC2",
+            controlId: "CC8.1",
+            source: `terraform-cloud/workspaces/${wsId}/drift`,
+            status: runList.length === 0 ? "compliant" : "non_compliant",
+            data: { driftRuns: runList.length },
+            metadata: { org, workspaceId: wsId },
+        });
+        return artifacts;
+    }
+}