@grc-claw/integration-marketplace 1.0.0

package/dist/connectors/JiraConnector.js

@@ -0,0 +1,103 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "jira-projects",
+        name: "Jira Projects",
+        description: "Fetch Jira project configurations and permissions",
+        evidenceCategories: ["project_management", "access_control"],
+    },
+    {
+        id: "jira-workflows",
+        name: "Workflows",
+        description: "Fetch workflow configurations and approval gates",
+        evidenceCategories: ["change_management"],
+    },
+    {
+        id: "jira-sla",
+        name: "SLA Compliance",
+        description: "Fetch SLA compliance metrics and breach history",
+        evidenceCategories: ["service_management"],
+    },
+];
+export class JiraConnector {
+    id = "jira";
+    name = "Jira";
+    category = "project_management";
+    authType = "basic_auth";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001"];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://your-domain.atlassian.net";
+        const resp = await fetch(`${base}/rest/api/3${endpoint}`, {
+            headers: {
+                Authorization: `Basic ${Buffer.from(`${config.clientId}:${config.apiToken}`).toString("base64")}`,
+                Accept: "application/json",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`Jira API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/myself");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const projects = await this.fetchApi(config, "/project");
+        const projectList = Array.isArray(projects) ? projects : [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "jira-projects",
+            timestamp: now,
+            hash: hashEvidence({ projects: projectList.map((p) => ({ id: p.id, key: p.key })) }),
+            framework: "SOC2",
+            controlId: "CC8.1",
+            source: "jira/projects",
+            status: "unknown",
+            data: { projectCount: projectList.length },
+            metadata: { domain: config.baseUrl || "" },
+        });
+        const workflows = await fetch(`${config.baseUrl || "https://your-domain.atlassian.net"}/rest/api/3/workflow`, {
+            headers: {
+                Authorization: `Basic ${Buffer.from(`${config.clientId}:${config.apiToken}`).toString("base64")}`,
+                Accept: "application/json",
+            },
+        }).then((r) => r.json());
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "jira-workflows",
+            timestamp: now,
+            hash: hashEvidence(workflows),
+            framework: "SOC2",
+            controlId: "CC8.1",
+            source: "jira/workflows",
+            status: "unknown",
+            data: { workflows },
+            metadata: { domain: config.baseUrl || "" },
+        });
+        const issues = await this.fetchApi(config, "/search?jql=issuetype=Story&maxResults=0&expand=names").catch(() => ({ total: 0 }));
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "jira-sla",
+            timestamp: now,
+            hash: hashEvidence(issues),
+            framework: "ISO27001",
+            controlId: "A.12.1.4",
+            source: "jira/search",
+            status: "unknown",
+            data: { totalIssues: issues.total || 0 },
+            metadata: { domain: config.baseUrl || "" },
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/KubernetesConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class KubernetesConnector implements IntegrationConnector {
+    readonly id = "kubernetes";
+    readonly name = "Kubernetes";
+    readonly category: "infrastructure";
+    readonly authType: "bearer_token";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchK8s;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/KubernetesConnector.js

@@ -0,0 +1,109 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "k8s-rbac",
+        name: "RBAC Policies",
+        description: "Fetch Kubernetes ClusterRole, ClusterRoleBinding, and Role data",
+        evidenceCategories: ["access_control", "authorization"],
+    },
+    {
+        id: "k8s-network-policies",
+        name: "Network Policies",
+        description: "Fetch Kubernetes NetworkPolicy resources",
+        evidenceCategories: ["network_security"],
+    },
+    {
+        id: "k8s-pod-security",
+        name: "Pod Security",
+        description: "Fetch Pod Security Standards and PSP/PSA configurations",
+        evidenceCategories: ["container_security", "configuration"],
+    },
+];
+export class KubernetesConnector {
+    id = "kubernetes";
+    name = "Kubernetes";
+    category = "infrastructure";
+    authType = "bearer_token";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001", "NIST_CSF"];
+    async fetchK8s(config, apiPath) {
+        const base = config.baseUrl || "https://kubernetes.default.svc";
+        const resp = await fetch(`${base}${apiPath}`, {
+            headers: { Authorization: `Bearer ${config.apiToken}` },
+        });
+        if (!resp.ok)
+            throw new Error(`K8s API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchK8s(config, "/version");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const rbac = await this.fetchK8s(config, "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings").catch(() => ({
+            items: [],
+        }));
+        const roleBindings = (rbac.items || []);
+        const clusterAdminBindings = roleBindings.filter((r) => r.roleRef?.name === "cluster-admin");
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "k8s-rbac",
+            timestamp: now,
+            hash: hashEvidence({ totalBindings: roleBindings.length, clusterAdminBindings: clusterAdminBindings.length }),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: "k8s/rbac/clusterrolebindings",
+            status: clusterAdminBindings.length <= 2 ? "compliant" : "partial",
+            data: { totalBindings: roleBindings.length, clusterAdminBindings: clusterAdminBindings.length },
+            metadata: {},
+        });
+        const netPol = await this.fetchK8s(config, "/apis/networking.k8s.io/v1/networkpolicies").catch(() => ({
+            items: [],
+        }));
+        const netPolicies = (netPol.items || []);
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "k8s-network-policies",
+            timestamp: now,
+            hash: hashEvidence({ policyCount: netPolicies.length }),
+            framework: "ISO27001",
+            controlId: "A.13.1.1",
+            source: "k8s/networking/networkpolicies",
+            status: netPolicies.length > 0 ? "compliant" : "non_compliant",
+            data: { networkPolicyCount: netPolicies.length },
+            metadata: {},
+        });
+        const pods = await this.fetchK8s(config, "/api/v1/pods").catch(() => ({ items: [] }));
+        const podList = (pods.items || []);
+        const privilegedPods = podList.filter((p) => {
+            const containers = [
+                ...(p.spec?.containers || []),
+                ...(p.spec?.initContainers || []),
+            ];
+            return containers.some((c) => c.securityContext?.privileged === true);
+        });
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "k8s-pod-security",
+            timestamp: now,
+            hash: hashEvidence({ totalPods: podList.length, privilegedPods: privilegedPods.length }),
+            framework: "SOC2",
+            controlId: "CC6.8",
+            source: "k8s/pods",
+            status: privilegedPods.length === 0 ? "compliant" : "non_compliant",
+            data: { totalPods: podList.length, privilegedPods: privilegedPods.length },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/OktaConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class OktaConnector implements IntegrationConnector {
+    readonly id = "okta";
+    readonly name = "Okta";
+    readonly category: "identity";
+    readonly authType: "bearer_token";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/OktaConnector.js

@@ -0,0 +1,123 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "okta-users",
+        name: "User Accounts",
+        description: "Fetch Okta user accounts and status",
+        evidenceCategories: ["identity_management"],
+    },
+    {
+        id: "okta-mfa-factors",
+        name: "MFA Factors",
+        description: "Fetch enrolled MFA factors across users",
+        evidenceCategories: ["authentication"],
+    },
+    {
+        id: "okta-app-assignments",
+        name: "App Assignments",
+        description: "Fetch application assignments and SSO configurations",
+        evidenceCategories: ["access_control"],
+    },
+    {
+        id: "okta-group-memberships",
+        name: "Group Memberships",
+        description: "Fetch group memberships and role assignments",
+        evidenceCategories: ["access_control", "authorization"],
+    },
+];
+export class OktaConnector {
+    id = "okta";
+    name = "Okta";
+    category = "identity";
+    authType = "bearer_token";
+    capabilities = capabilities;
+    frameworks = [
+        "SOC2",
+        "ISO27001",
+        "NIST_CSF",
+        "HIPAA",
+    ];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || `https://${config.extra?.domain || "example"}.okta.com/api/v1`;
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: { Authorization: `SSWS ${config.apiToken}` },
+        });
+        if (!resp.ok)
+            throw new Error(`Okta API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/users/me");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const users = await this.fetchApi(config, "/users?filter=status%20eq%20%22ACTIVE%22&limit=200");
+        const userList = Array.isArray(users) ? users : [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "okta-users",
+            timestamp: now,
+            hash: hashEvidence({ users: userList.map((u) => ({ id: u.id, status: u.status })) }),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: "okta/users",
+            status: "compliant",
+            data: { activeUserCount: userList.length },
+            metadata: { domain: config.extra?.domain || "" },
+        });
+        const factors = await this.fetchApi(config, "/users/me/factors").catch(() => []);
+        const factorList = Array.isArray(factors) ? factors : [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "okta-mfa-factors",
+            timestamp: now,
+            hash: hashEvidence({ factors: factorList }),
+            framework: "SOC2",
+            controlId: "CC6.1",
+            source: "okta/factors",
+            status: factorList.length > 0 ? "compliant" : "non_compliant",
+            data: { factorTypes: factorList.map((f) => f.factorType) },
+            metadata: { domain: config.extra?.domain || "" },
+        });
+        const apps = await this.fetchApi(config, "/apps?limit=100").catch(() => []);
+        const appList = Array.isArray(apps) ? apps : [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "okta-app-assignments",
+            timestamp: now,
+            hash: hashEvidence({ apps: appList.map((a) => ({ id: a.id, name: a.name })) }),
+            framework: "ISO27001",
+            controlId: "A.9.2.5",
+            source: "okta/apps",
+            status: "unknown",
+            data: { appCount: appList.length },
+            metadata: { domain: config.extra?.domain || "" },
+        });
+        const groups = await this.fetchApi(config, "/groups?limit=100").catch(() => []);
+        const groupList = Array.isArray(groups) ? groups : [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "okta-group-memberships",
+            timestamp: now,
+            hash: hashEvidence({ groups: groupList.map((g) => ({ id: g.id, name: (g.profile || {}).name })) }),
+            framework: "SOC2",
+            controlId: "CC6.3",
+            source: "okta/groups",
+            status: groupList.length > 0 ? "compliant" : "non_compliant",
+            data: { groupCount: groupList.length },
+            metadata: { domain: config.extra?.domain || "" },
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/PagerDutyConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class PagerDutyConnector implements IntegrationConnector {
+    readonly id = "pagerduty";
+    readonly name = "PagerDuty";
+    readonly category: "incident_management";
+    readonly authType: "bearer_token";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/PagerDutyConnector.js

@@ -0,0 +1,106 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "pd-services",
+        name: "Services",
+        description: "Fetch PagerDuty service configurations and escalation policies",
+        evidenceCategories: ["incident_management", "configuration"],
+    },
+    {
+        id: "pd-oncall",
+        name: "On-Call Schedules",
+        description: "Fetch on-call schedules and rotation policies",
+        evidenceCategories: ["incident_management", "availability"],
+    },
+    {
+        id: "pd-incidents",
+        name: "Incident History",
+        description: "Fetch recent incidents and resolution metrics",
+        evidenceCategories: ["incident_management"],
+    },
+];
+export class PagerDutyConnector {
+    id = "pagerduty";
+    name = "PagerDuty";
+    category = "incident_management";
+    authType = "bearer_token";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001"];
+    async fetchApi(config, endpoint) {
+        const base = config.baseUrl || "https://api.pagerduty.com";
+        const resp = await fetch(`${base}${endpoint}`, {
+            headers: {
+                Authorization: `Token token=${config.apiToken}`,
+                Accept: "application/vnd.pagerduty+json;version=2",
+            },
+        });
+        if (!resp.ok)
+            throw new Error(`PagerDuty API ${resp.status}: ${resp.statusText}`);
+        return (await resp.json());
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/users/me");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const services = await this.fetchApi(config, "/services?limit=100");
+        const serviceList = (services.services || []);
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "pd-services",
+            timestamp: now,
+            hash: hashEvidence({ services: serviceList.map((s) => ({ id: s.id, name: s.name })) }),
+            framework: "SOC2",
+            controlId: "CC7.3",
+            source: "pagerduty/services",
+            status: serviceList.length > 0 ? "compliant" : "non_compliant",
+            data: { serviceCount: serviceList.length },
+            metadata: {},
+        });
+        const schedules = await this.fetchApi(config, "/schedules?limit=100").catch(() => ({
+            schedules: [],
+        }));
+        const scheduleList = (schedules.schedules || []);
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "pd-oncall",
+            timestamp: now,
+            hash: hashEvidence({ schedules: scheduleList.map((s) => ({ id: s.id, name: s.name })) }),
+            framework: "SOC2",
+            controlId: "CC7.2",
+            source: "pagerduty/schedules",
+            status: scheduleList.length > 0 ? "compliant" : "non_compliant",
+            data: { scheduleCount: scheduleList.length },
+            metadata: {},
+        });
+        const since = new Date(Date.now() - 30 * 24 * 60 * 60 * 1000).toISOString();
+        const incidents = await this.fetchApi(config, `/incidents?since=${since}&limit=100&statuses[]=triggered&statuses[]=resolved`).catch(() => ({ incidents: [] }));
+        const incidentList = (incidents.incidents || []);
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "pd-incidents",
+            timestamp: now,
+            hash: hashEvidence({ incidents: incidentList.map((i) => ({ id: i.id, status: i.status })) }),
+            framework: "ISO27001",
+            controlId: "A.16.1.4",
+            source: "pagerduty/incidents",
+            status: "unknown",
+            data: {
+                incidentCount: incidentList.length,
+                resolved: incidentList.filter((i) => i.status === "resolved").length,
+            },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/QualysConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class QualysConnector implements IntegrationConnector {
+    readonly id = "qualys";
+    readonly name = "Qualys";
+    readonly category: "vulnerability";
+    readonly authType: "basic_auth";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private fetchApi;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}

package/dist/connectors/QualysConnector.js

@@ -0,0 +1,96 @@
+import { hashEvidence, generateEvidenceId } from "../types.js";
+const capabilities = [
+    {
+        id: "qualys-vuln-scans",
+        name: "Vulnerability Scans",
+        description: "Fetch Qualys vulnerability scan results and host detections",
+        evidenceCategories: ["vulnerability_management"],
+    },
+    {
+        id: "qualys-compliance-scans",
+        name: "Compliance Scans",
+        description: "Fetch Qualys policy compliance scan results",
+        evidenceCategories: ["compliance", "configuration"],
+    },
+];
+export class QualysConnector {
+    id = "qualys";
+    name = "Qualys";
+    category = "vulnerability";
+    authType = "basic_auth";
+    capabilities = capabilities;
+    frameworks = ["SOC2", "ISO27001", "PCI_DSS", "NIST_CSF"];
+    async fetchApi(config, endpoint, body) {
+        const base = config.baseUrl || "https://qualysapi.qualys.com";
+        const resp = await fetch(`${base}${endpoint}`, {
+            method: body ? "POST" : "GET",
+            headers: {
+                Authorization: `Basic ${Buffer.from(`${config.clientId}:${config.apiToken}`).toString("base64")}`,
+                "Content-Type": body ? "application/x-www-form-urlencoded" : "text/xml",
+                Accept: "application/json",
+            },
+            body,
+        });
+        if (!resp.ok)
+            throw new Error(`Qualys API ${resp.status}: ${resp.statusText}`);
+        return resp.text();
+    }
+    async testConnection(config) {
+        try {
+            await this.fetchApi(config, "/api/2.0/fo/user/?action=list");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async collectEvidence(config) {
+        const artifacts = [];
+        const now = new Date().toISOString();
+        const vulnScan = await this.fetchApi(config, "/api/2.0/fo/scan/?action=list&output_format=JSON&truncate_limit=100").catch(() => '{"response":{"scan_list":[]}}');
+        let vulnData = {};
+        try {
+            vulnData = JSON.parse(vulnScan);
+        }
+        catch {
+            vulnData = { raw: vulnScan.substring(0, 500) };
+        }
+        const scanList = vulnData.response?.scan_list || [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "qualys-vuln-scans",
+            timestamp: now,
+            hash: hashEvidence({ scanCount: Array.isArray(scanList) ? scanList.length : 0 }),
+            framework: "SOC2",
+            controlId: "CC7.1",
+            source: "qualys/scans",
+            status: "unknown",
+            data: { scanCount: Array.isArray(scanList) ? scanList.length : 0 },
+            metadata: {},
+        });
+        const compScan = await this.fetchApi(config, "/api/2.0/compliance_policy/?action=list&output_format=JSON").catch(() => '{"response":{"policy_list":[]}}');
+        let compData = {};
+        try {
+            compData = JSON.parse(compScan);
+        }
+        catch {
+            compData = { raw: compScan.substring(0, 500) };
+        }
+        const policyList = compData.response?.policy_list || [];
+        artifacts.push({
+            id: generateEvidenceId(),
+            connectorId: this.id,
+            capabilityId: "qualys-compliance-scans",
+            timestamp: now,
+            hash: hashEvidence({ policyCount: Array.isArray(policyList) ? policyList.length : 0 }),
+            framework: "ISO27001",
+            controlId: "A.12.6.1",
+            source: "qualys/compliance",
+            status: "unknown",
+            data: { policyCount: Array.isArray(policyList) ? policyList.length : 0 },
+            metadata: {},
+        });
+        return artifacts;
+    }
+}

package/dist/connectors/SalesforceConnector.d.ts

@@ -0,0 +1,12 @@
+import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
+export declare class SalesforceConnector implements IntegrationConnector {
+    readonly id = "salesforce";
+    readonly name = "Salesforce";
+    readonly category: "hr";
+    readonly authType: "oauth2";
+    readonly capabilities: IntegrationCapability[];
+    readonly frameworks: ComplianceFramework[];
+    private getAccessToken;
+    testConnection(config: ConnectorConfig): Promise<boolean>;
+    collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
+}