@grc-claw/integration-marketplace 1.0.0

package/dist/IntegrationMarketplace.d.ts

@@ -0,0 +1,32 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCategory, ComplianceFramework, MarketplaceStats } from "./types.js";
+export interface CollectionJob {
+    id: string;
+    connectorId: string;
+    startedAt: string;
+    completedAt?: string;
+    status: "running" | "completed" | "failed";
+    artifacts: EvidenceArtifact[];
+    error?: string;
+}
+export declare class IntegrationMarketplace {
+    private registrations;
+    private configs;
+    private jobs;
+    constructor();
+    private registerBuiltinConnectors;
+    registerConnector(connector: IntegrationConnector): void;
+    unregisterConnector(connectorId: string): boolean;
+    enableConnector(connectorId: string): void;
+    disableConnector(connectorId: string): void;
+    setConfig(connectorId: string, config: ConnectorConfig): void;
+    getConnector(connectorId: string): IntegrationConnector | undefined;
+    getEnabledConnectors(): IntegrationConnector[];
+    getConnectorsByCategory(category: IntegrationCategory): IntegrationConnector[];
+    getConnectorsByFramework(framework: ComplianceFramework): IntegrationConnector[];
+    testAllConnections(): Promise<Map<string, boolean>>;
+    collectFromConnector(connectorId: string): Promise<CollectionJob>;
+    collectAll(): Promise<CollectionJob[]>;
+    getStats(): MarketplaceStats;
+    getJobs(): CollectionJob[];
+    getRecentJobs(limit?: number): CollectionJob[];
+}

package/dist/IntegrationMarketplace.js

@@ -0,0 +1,165 @@
+import { GitHubConnector, GitLabConnector, AWSIAMConnector, AWSS3Connector, AWSCloudTrailConnector, AzureADConnector, AzureSentinelConnector, GCPIAMConnector, GCPSCCConnector, OktaConnector, JiraConnector, SlackConnector, PagerDutyConnector, SnowflakeConnector, DatadogConnector, CrowdStrikeConnector, QualysConnector, SnykConnector, TerraformCloudConnector, GitHubActionsConnector, DockerHubConnector, KubernetesConnector, SalesforceConnector, HubSpotConnector, BambooHRConnector, } from "./connectors/index.js";
+export class IntegrationMarketplace {
+    registrations = new Map();
+    configs = new Map();
+    jobs = [];
+    constructor() {
+        this.registerBuiltinConnectors();
+    }
+    registerBuiltinConnectors() {
+        const builtins = [
+            new GitHubConnector(),
+            new GitLabConnector(),
+            new AWSIAMConnector(),
+            new AWSS3Connector(),
+            new AWSCloudTrailConnector(),
+            new AzureADConnector(),
+            new AzureSentinelConnector(),
+            new GCPIAMConnector(),
+            new GCPSCCConnector(),
+            new OktaConnector(),
+            new JiraConnector(),
+            new SlackConnector(),
+            new PagerDutyConnector(),
+            new SnowflakeConnector(),
+            new DatadogConnector(),
+            new CrowdStrikeConnector(),
+            new QualysConnector(),
+            new SnykConnector(),
+            new TerraformCloudConnector(),
+            new GitHubActionsConnector(),
+            new DockerHubConnector(),
+            new KubernetesConnector(),
+            new SalesforceConnector(),
+            new HubSpotConnector(),
+            new BambooHRConnector(),
+        ];
+        for (const connector of builtins) {
+            this.registrations.set(connector.id, {
+                connector,
+                enabled: true,
+                errorCount: 0,
+            });
+        }
+    }
+    registerConnector(connector) {
+        this.registrations.set(connector.id, {
+            connector,
+            enabled: true,
+            errorCount: 0,
+        });
+    }
+    unregisterConnector(connectorId) {
+        return this.registrations.delete(connectorId);
+    }
+    enableConnector(connectorId) {
+        const reg = this.registrations.get(connectorId);
+        if (reg)
+            reg.enabled = true;
+    }
+    disableConnector(connectorId) {
+        const reg = this.registrations.get(connectorId);
+        if (reg)
+            reg.enabled = false;
+    }
+    setConfig(connectorId, config) {
+        this.configs.set(connectorId, config);
+    }
+    getConnector(connectorId) {
+        return this.registrations.get(connectorId)?.connector;
+    }
+    getEnabledConnectors() {
+        return Array.from(this.registrations.values())
+            .filter((r) => r.enabled)
+            .map((r) => r.connector);
+    }
+    getConnectorsByCategory(category) {
+        return this.getEnabledConnectors().filter((c) => c.category === category);
+    }
+    getConnectorsByFramework(framework) {
+        return this.getEnabledConnectors().filter((c) => c.frameworks.includes(framework));
+    }
+    async testAllConnections() {
+        const results = new Map();
+        for (const [id, reg] of this.registrations) {
+            if (reg.enabled) {
+                const config = this.configs.get(id);
+                if (config) {
+                    try {
+                        results.set(id, await reg.connector.testConnection(config));
+                    }
+                    catch {
+                        results.set(id, false);
+                    }
+                }
+                else {
+                    results.set(id, false);
+                }
+            }
+        }
+        return results;
+    }
+    async collectFromConnector(connectorId) {
+        const reg = this.registrations.get(connectorId);
+        if (!reg)
+            throw new Error(`Connector not found: ${connectorId}`);
+        const config = this.configs.get(connectorId);
+        if (!config)
+            throw new Error(`No config for connector: ${connectorId}`);
+        const job = {
+            id: `job-${Date.now()}-${connectorId}`,
+            connectorId,
+            startedAt: new Date().toISOString(),
+            status: "running",
+            artifacts: [],
+        };
+        this.jobs.push(job);
+        try {
+            job.artifacts = await reg.connector.collectEvidence(config);
+            job.status = "completed";
+            job.completedAt = new Date().toISOString();
+            reg.lastCollectedAt = job.completedAt;
+            reg.errorCount = 0;
+        }
+        catch (err) {
+            job.status = "failed";
+            job.completedAt = new Date().toISOString();
+            job.error = err instanceof Error ? err.message : String(err);
+            reg.errorCount++;
+        }
+        return job;
+    }
+    async collectAll() {
+        const jobs = [];
+        for (const reg of this.registrations.values()) {
+            if (reg.enabled && this.configs.has(reg.connector.id)) {
+                jobs.push(await this.collectFromConnector(reg.connector.id));
+            }
+        }
+        return jobs;
+    }
+    getStats() {
+        const connectors = this.getEnabledConnectors();
+        const byCategory = {};
+        const allFrameworks = new Set();
+        let totalCapabilities = 0;
+        for (const c of connectors) {
+            byCategory[c.category] = (byCategory[c.category] || 0) + 1;
+            totalCapabilities += c.capabilities.length;
+            for (const f of c.frameworks)
+                allFrameworks.add(f);
+        }
+        return {
+            totalConnectors: connectors.length,
+            connectorsByCategory: byCategory,
+            totalCapabilities,
+            frameworksSupported: Array.from(allFrameworks),
+        };
+    }
+    getJobs() {
+        return [...this.jobs];
+    }
+    getRecentJobs(limit = 10) {
+        return this.jobs.slice(-limit);
+    }
+}

package/dist/connectors/AWSCloudTrailConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class AWSCloudTrailConnector implements IntegrationConnector {
+    readonly id = "aws-cloudtrail";
+    readonly name = "AWS CloudTrail";
+    readonly category: "cloud_provider";
+    readonly authType: "service_account";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchCloudTrail;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/AWSCloudTrailConnector.js

@@ -0,0 +1,77 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "ct-audit-logs",
+        name: "CloudTrail Audit Logs",
+        description: "Fetch CloudTrail event history and trail configuration",
+        evidenceCategories: ["logging", "audit"],
+    },
+];
+export class AWSCloudTrailConnector {
+    id = "aws-cloudtrail";
+    name = "AWS CloudTrail";
+    category = "cloud_provider";
+    authType = "service_account";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+        "HIPAA",
+        "PCI_DSS",
+    ];
+    async fetchCloudTrail(config, action, params = {}) {
+        const region = config.region || "us-east-1";
+        const host = `cloudtrail.${region}.amazonaws.com`;
+        const query = new URLSearchParams({ Action: action, Version: "2013-11-01", ...params });
+        const resp = await fetch(`https://${host}/?${query}`, {
+            headers: {
+                Authorization: `AWS4-HMAC-SHA256 Credential=${config.apiToken}/${region}/cloudtrail/aws4_request`,
+                "X-Amz-Date": new Date().toISOString().replace(/[:-]|\.\d{3}/g, ""),
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`CloudTrail ${resp.status}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchCloudTrail(config, "DescribeTrails");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const now = new Date().toISOString();
+        const trails = await this.fetchCloudTrail(config, "DescribeTrails").catch(() => ({
+            trailList: [],
+        }));
+        const trailList = (trails.trailList || []);
+        return [
+            {
+                id: generateEvidenceId(),
+                connectorId: this.id,
+                capabilityId: "ct-audit-logs",
+                timestamp: now,
+                hash: hashEvidence(trails),
+                framework: "SOC2",
+                controlId: "CC7.1",
+                source: "aws-cloudtrail/DescribeTrails",
+                status: trailList.length > 0 ? "compliant" : "non_compliant",
+                data: {
+                    trailCount: trailList.length,
+                    trails: trailList.map((t) => ({
+                        name: t.Name,
+                        s3BucketName: t.S3BucketName,
+                        isMultiRegionTrail: t.IsMultiRegionTrail,
+                        isOrganizationTrail: t.IsOrganizationTrail,
+                        logFileValidationEnabled: t.LogFileValidationEnabled,
+                    })),
+                },
+                metadata: { region: config.region || "us-east-1" },
+            },
+        ];
+    }
+}

package/dist/connectors/AWSIAMConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class AWSIAMConnector implements IntegrationConnector {
+    readonly id = "aws-iam";
+    readonly name = "AWS IAM";
+    readonly category: "cloud_provider";
+    readonly authType: "service_account";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchAws;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/AWSIAMConnector.js

@@ -0,0 +1,90 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "aws-iam-policies",
+        name: "IAM Policies",
+        description: "Fetch IAM policies, attached managed policies, and inline policies",
+        evidenceCategories: ["access_control"],
+    },
+    {
+        id: "aws-iam-access-analyzer",
+        name: "IAM Access Analyzer",
+        description: "Fetch Access Analyzer findings for cross-account and external access",
+        evidenceCategories: ["access_control", "risk_management"],
+    },
+];
+export class AWSIAMConnector {
+    id = "aws-iam";
+    name = "AWS IAM";
+    category = "cloud_provider";
+    authType = "service_account";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+        "HIPAA",
+        "PCI_DSS",
+    ];
+    async fetchAws(config, service, action, params = {}) {
+        const region = config.region || "us-east-1";
+        const host = `${service}.${region}.amazonaws.com`;
+        const query = new URLSearchParams({ Action: action, Version: "2010-05-08", ...params });
+        const resp = await fetch(`https://${host}/?${query}`, {
+            headers: {
+                Authorization: `AWS4-HMAC-SHA256 Credential=${config.apiToken}/${region}/${service}/aws4_request`,
+                "X-Amz-Date": new Date().toISOString().replace(/[:-]|\.\d{3}/g, ""),
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`AWS ${service} ${resp.status}: ${resp.statusText}`);
+        const text = await resp.text();
+        return { raw: text };
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchAws(config, "iam", "GetCallerIdentity");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const policies = await this.fetchAws(config, "iam", "ListPolicies", {
+            Scope: "Local",
+        }).catch(() => ({ policies: [] }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "aws-iam-policies",
+            timestamp: now,
+            hash: hashEvidence(policies),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: "aws-iam/ListPolicies",
+            status: "unknown",
+            data: { policies },
+            metadata: { region: config.region || "us-east-1" },
+        });
+        const analyzer = await this.fetchAws(config, "accessanalyzer", "ListFindings", {
+            analyzerArn: config.extra?.analyzerArn || "",
+        }).catch(() => ({ findings: [] }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "aws-iam-access-analyzer",
+            timestamp: now,
+            hash: hashEvidence(analyzer),
+            framework: "SOC2",
+            controlId: "CC6.2",
+            source: "aws-access-analyzer/ListFindings",
+            status: "unknown",
+            data: { findings: analyzer },
+            metadata: { region: config.region || "us-east-1" },
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/AWSS3Connector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class AWSS3Connector implements IntegrationConnector {
+    readonly id = "aws-s3";
+    readonly name = "AWS S3";
+    readonly category: "cloud_provider";
+    readonly authType: "service_account";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchS3;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/AWSS3Connector.js

@@ -0,0 +1,112 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "s3-encryption",
+        name: "Bucket Encryption",
+        description: "Fetch S3 bucket default encryption configuration",
+        evidenceCategories: ["encryption"],
+    },
+    {
+        id: "s3-versioning",
+        name: "Bucket Versioning",
+        description: "Fetch S3 bucket versioning status",
+        evidenceCategories: ["data_protection"],
+    },
+    {
+        id: "s3-logging",
+        name: "Bucket Access Logging",
+        description: "Fetch S3 bucket server access logging configuration",
+        evidenceCategories: ["logging"],
+    },
+];
+export class AWSS3Connector {
+    id = "aws-s3";
+    name = "AWS S3";
+    category = "cloud_provider";
+    authType = "service_account";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+        "HIPAA",
+        "PCI_DSS",
+    ];
+    async fetchS3(config, bucket, action) {
+        const region = config.region || "us-east-1";
+        const resp = await fetch(`https://${bucket}.s3.${region}.amazonaws.com/?${action}`, {
+            headers: {
+                Authorization: `AWS4-HMAC-SHA256 Credential=${config.apiToken}/${region}/s3/aws4_request`,
+                "X-Amz-Date": new Date().toISOString().replace(/[:-]|\.\d{3}/g, ""),
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`S3 ${action} failed: ${resp.status}`);
+        const text = await resp.text();
+        return { raw: text };
+    }
+    async testConnection(config) {
+        try {
+            const bucket = config.extra?.bucket || "test-bucket";
+            await this.fetchS3(config, bucket, "list-type=2&max-keys=1");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const bucket = config.extra?.bucket || "main-bucket";
+        const encryption = await this.fetchS3(config, bucket, "encryption").catch(() => ({
+            enabled: false,
+        }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "s3-encryption",
+            timestamp: now,
+            hash: hashEvidence(encryption),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: `s3://${bucket}/encryption`,
+            status: encryption.enabled !== false ? "compliant" : "non_compliant",
+            data: { bucket, encryption },
+            metadata: { region: config.region || "us-east-1" },
+        });
+        const versioning = await this.fetchS3(config, bucket, "versioning").catch(() => ({
+            status: "Suspended",
+        }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "s3-versioning",
+            timestamp: now,
+            hash: hashEvidence(versioning),
+            framework: "ISO27001",
+            controlId: "A.12.3.1",
+            source: `s3://${bucket}/versioning`,
+            status: versioning.status === "Enabled" ? "compliant" : "non_compliant",
+            data: { bucket, versioning },
+            metadata: { region: config.region || "us-east-1" },
+        });
+        const logging = await this.fetchS3(config, bucket, "logging").catch(() => ({
+            enabled: false,
+        }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "s3-logging",
+            timestamp: now,
+            hash: hashEvidence(logging),
+            framework: "SOC2",
+            controlId: "CC7.1",
+            source: `s3://${bucket}/logging`,
+            status: logging.enabled !== false ? "compliant" : "non_compliant",
+            data: { bucket, logging },
+            metadata: { region: config.region || "us-east-1" },
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/AzureADConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class AzureADConnector implements IntegrationConnector {
+    readonly id = "azure-ad";
+    readonly name = "Azure Active Directory";
+    readonly category: "identity";
+    readonly authType: "oauth2";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private getAccessToken;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/AzureADConnector.js

@@ -0,0 +1,115 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "aad-conditional-access",
+        name: "Conditional Access Policies",
+        description: "Fetch Azure AD conditional access policies",
+        evidenceCategories: ["access_control"],
+    },
+    {
+        id: "aad-mfa-enrollment",
+        name: "MFA Enrollment",
+        description: "Fetch MFA enrollment statistics and per-user MFA status",
+        evidenceCategories: ["authentication"],
+    },
+    {
+        id: "aad-app-registrations",
+        name: "App Registrations",
+        description: "Fetch app registrations and service principals",
+        evidenceCategories: ["access_control", "application_security"],
+    },
+];
+export class AzureADConnector {
+    id = "azure-ad";
+    name = "Azure Active Directory";
+    category = "identity";
+    authType = "oauth2";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+        "HIPAA",
+    ];
+    async getAccessToken(config) {
+        const resp = await fetch(`https://login.microsoftonline.com/${config.tenantId}/oauth2/v2.0/token`, {
+            method: "POST",
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            body: new URLSearchParams({
+                grant_type: "client_credentials",
+                client_id: config.clientId || "",
+                client_secret: config.clientSecret || "",
+                scope: "https://graph.microsoft.com/.default",
+            }),
+        });
+        if (!resp.ok)
+            throw new Error(`Azure AD token ${resp.status}`);
+        const data = (await resp.json());
+        return data.access_token;
+    }
+    async testConnection(config) {
+        try {
+            const token = await this.getAccessToken(config);
+            const resp = await fetch("https://graph.microsoft.com/v1.0/$metadata", {
+                headers: { Authorization: `Bearer ${token}` },
+            });
+            return resp.ok;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const token = await this.getAccessToken(config);
+        const headers = { Authorization: `Bearer ${token}` };
+        const policies = await fetch("https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies", { headers }).then((r) => r.json());
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "aad-conditional-access",
+            timestamp: now,
+            hash: hashEvidence(policies),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: "azure-ad/conditionalAccess/policies",
+            status: (policies.value || []).length > 0 ? "compliant" : "non_compliant",
+            data: { policyCount: (policies.value || []).length, policies: policies.value },
+            metadata: { tenantId: config.tenantId || "" },
+        });
+        const mfaReport = await fetch("https://graph.microsoft.com/v1.0/reports/authenticationMethods/userRegistrationDetails?$select=isMfaRegistered,isMfaCapable", { headers }).then((r) => r.json());
+        const users = (mfaReport.value || []);
+        const mfaRegistered = users.filter((u) => u.isMfaRegistered === true).length;
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "aad-mfa-enrollment",
+            timestamp: now,
+            hash: hashEvidence(mfaReport),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: "azure-ad/authenticationMethods/userRegistrationDetails",
+            status: users.length > 0 && mfaRegistered / users.length > 0.9 ? "compliant" : "partial",
+            data: { totalUsers: users.length, mfaRegistered, mfaCapable: users.filter((u) => u.isMfaCapable === true).length },
+            metadata: { tenantId: config.tenantId || "" },
+        });
+        const apps = await fetch("https://graph.microsoft.com/v1.0/applicationRegistrations", {
+            headers,
+        }).then((r) => r.json());
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "aad-app-registrations",
+            timestamp: now,
+            hash: hashEvidence(apps),
+            framework: "ISO27001",
+            controlId: "A.14.2.5",
+            source: "azure-ad/applicationRegistrations",
+            status: "unknown",
+            data: { appCount: (apps.value || []).length, apps: apps.value },
+            metadata: { tenantId: config.tenantId || "" },
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/AzureSentinelConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class AzureSentinelConnector implements IntegrationConnector {
+    readonly id = "azure-sentinel";
+    readonly name = "Microsoft Sentinel";
+    readonly category: "siem";
+    readonly authType: "oauth2";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private getAccessToken;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}