@grc-claw/integration-marketplace 0.8.0

package/dist/connectors/CircleCIConnector.js

@@ -0,0 +1,129 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "circleci-pipelines",
+        name: "Pipeline Runs",
+        description: "Fetch CircleCI pipeline and workflow run history",
+        evidenceCategories: ["ci_cd", "monitoring"],
+    },
+    {
+        id: "circleci-config",
+        name: "Pipeline Configuration",
+        description: "Fetch CircleCI pipeline configuration and orb usage",
+        evidenceCategories: ["ci_cd", "configuration"],
+    },
+    {
+        id: "circleci-insights",
+        name: "Pipeline Insights",
+        description: "Fetch CircleCI pipeline performance and failure metrics",
+        evidenceCategories: ["monitoring", "change_management"],
+    },
+    {
+        id: "circleci-contexts",
+        name: "Contexts & Secrets",
+        description: "Fetch CircleCI context and environment variable configurations",
+        evidenceCategories: ["access_control", "data_protection"],
+    },
+];
+export class CircleCIConnector {
+    id = "circleci";
+    name = "CircleCI";
+    category = "ci_cd";
+    authType = "api_key";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+    ];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://circleci.com/api/v2";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                "Circle-Token": config.apiToken || "",
+                Accept: "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`CircleCI API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/me");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const projectSlug = config.extra?.projectSlug || "gh/default/project";
+        const pipelines = await this.fetchApi(config, `/project/${encodeURIComponent(projectSlug)}/pipeline?limit=10`).catch(() => ({ items: [] }));
+        const pipelineList = Array.isArray(pipelines.items) ? pipelines.items : [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "circleci-pipelines",
+            timestamp: now,
+            hash: hashEvidence({ count: pipelineList.length }),
+            framework: "SOC2",
+            controlId: "CC8.1",
+            source: `circleci/${projectSlug}/pipelines`,
+            status: pipelineList.length > 0 ? "compliant" : "partial",
+            data: { recentPipelines: pipelineList.length },
+            metadata: { projectSlug },
+        });
+        const configData = await this.fetchApi(config, `/project/${encodeURIComponent(projectSlug)}/config`).catch(() => ({ output: "" }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "circleci-config",
+            timestamp: now,
+            hash: hashEvidence({ hasConfig: !!configData.output }),
+            framework: "ISO27001",
+            controlId: "A.12.1.1",
+            source: `circleci/${projectSlug}/config`,
+            status: configData.output ? "compliant" : "partial",
+            data: { hasConfig: !!configData.output },
+            metadata: { projectSlug },
+        });
+        const insights = await this.fetchApi(config, `/insights/${encodeURIComponent(projectSlug)}/workflows?limit=10`).catch(() => ({ items: [] }));
+        const insightList = Array.isArray(insights.items) ? insights.items : [];
+        const failedWorkflows = insightList.filter((w) => w.status === "failed");
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "circleci-insights",
+            timestamp: now,
+            hash: hashEvidence({ total: insightList.length, failed: failedWorkflows.length }),
+            framework: "NIST_CSF",
+            controlId: "DE.CM",
+            source: `circleci/${projectSlug}/insights`,
+            status: failedWorkflows.length === 0 ? "compliant" : "partial",
+            data: {
+                recentWorkflows: insightList.length,
+                failedWorkflows: failedWorkflows.length,
+            },
+            metadata: { projectSlug },
+        });
+        const contexts = await this.fetchApi(config, "/context").catch(() => ({ items: [] }));
+        const contextList = Array.isArray(contexts.items) ? contexts.items : [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "circleci-contexts",
+            timestamp: now,
+            hash: hashEvidence({ count: contextList.length }),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: `circleci/${projectSlug}/contexts`,
+            status: contextList.length > 0 ? "compliant" : "partial",
+            data: { contextCount: contextList.length },
+            metadata: { projectSlug },
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/CircleCIConnectorsConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class CircleCIConnectorsConnector implements IntegrationConnector {
+    readonly id = "circleci-connectors";
+    readonly name = "CircleCI (Connectors)";
+    readonly category: "ci_cd";
+    readonly authType: "api_key";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/CircleCIConnectorsConnector.js

@@ -0,0 +1,69 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "circleci-pipelines",
+        name: "CI Pipelines",
+        description: "Fetch CircleCI pipeline configurations and workflow execution history",
+        evidenceCategories: ["ci_cd", "change_management"],
+    },
+    {
+        id: "circleci-environments",
+        name: "Environment Variables",
+        description: "Fetch CircleCI environment variable groups and context assignments",
+        evidenceCategories: ["secret_management", "configuration"],
+    },
+    {
+        id: "circleci-insights",
+        name: "Pipeline Insights",
+        description: "Fetch CircleCI workflow duration metrics and failure rate analytics",
+        evidenceCategories: ["monitoring", "performance"],
+    },
+];
+export class CircleCIConnectorsConnector {
+    id = "circleci-connectors";
+    name = "CircleCI (Connectors)";
+    category = "ci_cd";
+    authType = "api_key";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001", "NIST_CSF"];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://circleci.com/api/v2";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                "Content-Type": "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`CircleCI API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/me");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const me = await this.fetchApi(config, "/me").catch(() => ({}));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "circleci-pipelines",
+            timestamp: now,
+            hash: hashEvidence(me),
+            framework: "SOC2",
+            controlId: "CC8.1",
+            source: "circleci-connectors/me",
+            status: "unknown",
+            data: { connected: true },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/CiscoUmbrellaConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class CiscoUmbrellaConnector implements IntegrationConnector {
+    readonly id = "cisco-umbrella";
+    readonly name = "Cisco Umbrella";
+    readonly category: "cloud_provider";
+    readonly authType: "api_key";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/CiscoUmbrellaConnector.js

@@ -0,0 +1,96 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "umbrella-dns",
+        name: "DNS Security",
+        description: "Fetch DNS-layer security policies and block lists",
+        evidenceCategories: ["access_control", "vulnerability_management"],
+    },
+    {
+        id: "umbrella-sig",
+        name: "Secure Internet Gateway",
+        description: "Fetch SIG proxy and URL filtering policies",
+        evidenceCategories: ["access_control", "data_protection"],
+    },
+    {
+        id: "umbrella-dga",
+        name: "DGA Detection",
+        description: "Fetch domain generation algorithm detection alerts",
+        evidenceCategories: ["vulnerability_management", "monitoring"],
+    },
+    {
+        id: "umbrella-roaming",
+        name: "Roaming Security",
+        description: "Fetch roaming client compliance and coverage",
+        evidenceCategories: ["endpoint", "access_control"],
+    },
+];
+export class CiscoUmbrellaConnector {
+    id = "cisco-umbrella";
+    name = "Cisco Umbrella";
+    category = "cloud_provider";
+    authType = "api_key";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+        "PCI_DSS",
+        "HIPAA",
+    ];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://api Umbrella.com";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                "Content-Type": "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`Cisco Umbrella API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/deployments/org");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const orgId = config.extra?.orgId || "default";
+        const policies = await this.fetchApi(config, `/policies/v2/policies?orgId=${orgId}`).catch(() => ({ data: [] }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "umbrella-dns",
+            timestamp: now,
+            hash: hashEvidence(policies),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: `umbrella/${orgId}/policies`,
+            status: policies.data?.length > 0 ? "compliant" : "unknown",
+            data: { policyCount: policies.data?.length || 0 },
+            metadata: { orgId },
+        });
+        const destinations = await this.fetchApi(config, `/deployments/v2/destinations?orgId=${orgId}`).catch(() => ({ data: [] }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "umbrella-roaming",
+            timestamp: now,
+            hash: hashEvidence(destinations),
+            framework: "ISO27001",
+            controlId: "A.6.2.1",
+            source: `umbrella/${orgId}/destinations`,
+            status: "partial",
+            data: { destinations: destinations.data?.length || 0 },
+            metadata: { orgId },
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/CloudBeesJenkinsConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class CloudBeesJenkinsConnector implements IntegrationConnector {
+    readonly id = "cloudbees-jenkins";
+    readonly name = "CloudBees Jenkins";
+    readonly category: "ci_cd";
+    readonly authType: "bearer_token";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/CloudBeesJenkinsConnector.js

@@ -0,0 +1,70 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "cloudbees-jenkins-jobs",
+        name: "Jenkins Jobs",
+        description: "Fetch CloudBees Jenkins job configurations and build history",
+        evidenceCategories: ["ci_cd", "change_management"],
+    },
+    {
+        id: "cloudbees-jenkins-agents",
+        name: "Jenkins Agents",
+        description: "Fetch Jenkins agent configurations and connection status",
+        evidenceCategories: ["infrastructure", "monitoring"],
+    },
+    {
+        id: "cloudbees-jenkins-security",
+        name: "Jenkins Security",
+        description: "Fetch Jenkins security realm configurations and credential scopes",
+        evidenceCategories: ["access_control", "secret_management"],
+    },
+];
+export class CloudBeesJenkinsConnector {
+    id = "cloudbees-jenkins";
+    name = "CloudBees Jenkins";
+    category = "ci_cd";
+    authType = "bearer_token";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001", "NIST_CSF"];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://jenkins.example.com";
+        const resp = await fetch(`${base}/api/json${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                "Content-Type": "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`Jenkins API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "?tree=name");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const jobs = await this.fetchApi(config, "?tree=jobs[name,url]{0,100}").catch(() => ({ jobs: [] }));
+        const jobList = (jobs.jobs || []);
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "cloudbees-jenkins-jobs",
+            timestamp: now,
+            hash: hashEvidence({ jobCount: jobList.length }),
+            framework: "SOC2",
+            controlId: "CC8.1",
+            source: "cloudbees-jenkins/jobs",
+            status: "unknown",
+            data: { jobCount: jobList.length },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/CloudflareDNSConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class CloudflareDNSConnector implements IntegrationConnector {
+    readonly id = "cloudflare-dns";
+    readonly name = "Cloudflare DNS";
+    readonly category: "infrastructure";
+    readonly authType: "bearer_token";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/CloudflareDNSConnector.js

@@ -0,0 +1,71 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "cloudflare-dns",
+        name: "DNS Configurations",
+        description: "Fetch Cloudflare DNS zone configurations and record counts",
+        evidenceCategories: ["network_security", "configuration"],
+    },
+    {
+        id: "cloudflare-ssl",
+        name: "SSL/TLS Settings",
+        description: "Fetch Cloudflare SSL/TLS mode, HSTS, and certificate status",
+        evidenceCategories: ["encryption", "configuration"],
+    },
+    {
+        id: "cloudflare-analytics",
+        name: "Traffic Analytics",
+        description: "Fetch Cloudflare traffic statistics and threat detection metrics",
+        evidenceCategories: ["monitoring", "network_security"],
+    },
+];
+export class CloudflareDNSConnector {
+    id = "cloudflare-dns";
+    name = "Cloudflare DNS";
+    category = "infrastructure";
+    authType = "bearer_token";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001", "NIST_CSF"];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://api.cloudflare.com/client/v4";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                "Content-Type": "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`Cloudflare API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/user/tokens/verify");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const zoneId = config.extra?.zoneId || "default";
+        const zone = await this.fetchApi(config, `/zones/${zoneId}`).catch(() => ({ result: {} }));
+        const result = zone.result;
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "cloudflare-dns",
+            timestamp: now,
+            hash: hashEvidence(result),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: "cloudflare-dns/zone",
+            status: "unknown",
+            data: { zoneName: result.name },
+            metadata: { zoneId },
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/CloudflareWAFConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class CloudflareWAFConnector implements IntegrationConnector {
+    readonly id = "cloudflare-waf";
+    readonly name = "Cloudflare WAF";
+    readonly category: "cloud_provider";
+    readonly authType: "api_key";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/CloudflareWAFConnector.js

@@ -0,0 +1,98 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "cloudflare-waf-rules",
+        name: "WAF Rules",
+        description: "Fetch managed and custom WAF rule configurations",
+        evidenceCategories: ["vulnerability_management", "configuration"],
+    },
+    {
+        id: "cloudflare-firewall",
+        name: "Firewall Rules",
+        description: "Fetch firewall rules and IP access lists",
+        evidenceCategories: ["access_control", "configuration"],
+    },
+    {
+        id: "cloudflare-ddos",
+        name: "DDoS Protection",
+        description: "Fetch DDoS mitigation settings and attack analytics",
+        evidenceCategories: ["vulnerability_management", "monitoring"],
+    },
+    {
+        id: "cloudflare-ssl",
+        name: "SSL/TLS Configuration",
+        description: "Fetch SSL/TLS mode and certificate status",
+        evidenceCategories: ["data_protection", "configuration"],
+    },
+];
+export class CloudflareWAFConnector {
+    id = "cloudflare-waf";
+    name = "Cloudflare WAF";
+    category = "cloud_provider";
+    authType = "api_key";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+        "PCI_DSS",
+    ];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://api.cloudflare.com";
+        const zoneId = config.extra?.zoneId || "default";
+        const resp = await fetch(`${base}/client/v4/zones/${zoneId}${endpoint}`, {
+            headers: {
+                Authorization: `Bearer ${config.apiToken}`,
+                "Content-Type": "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`Cloudflare API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const zoneId = config.extra?.zoneId || "default";
+        const rules = await this.fetchApi(config, "/firewall/rules").catch(() => ({ result: [] }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "cloudflare-waf-rules",
+            timestamp: now,
+            hash: hashEvidence(rules),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: `cloudflare/${zoneId}/firewall-rules`,
+            status: rules.result?.length > 0 ? "compliant" : "unknown",
+            data: { firewallRules: rules.result?.length || 0 },
+            metadata: { zoneId },
+        });
+        const ssl = await this.fetchApi(config, "/settings/ssl").catch(() => ({ result: { value: "off" } }));
+        const sslResult = ssl;
+        const sslVal = sslResult.result?.value ?? "unknown";
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "cloudflare-ssl",
+            timestamp: now,
+            hash: hashEvidence(ssl),
+            framework: "PCI_DSS",
+            controlId: "4.1",
+            source: `cloudflare/${zoneId}/ssl`,
+            status: sslVal !== "off" ? "compliant" : "non_compliant",
+            data: { sslMode: sslVal },
+            metadata: { zoneId },
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/ConfluenceConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class ConfluenceConnector implements IntegrationConnector {
+    readonly id = "confluence";
+    readonly name = "Confluence";
+    readonly category: "documentation";
+    readonly authType: "bearer_token";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}