@nuvlore/extension-access-pagerduty 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. package/LICENSE +202 -0
  2. package/README.md +3 -0
  3. package/package.json +52 -0
  4. package/tools/pagerduty_sso_incident.mjs +32 -0
  5. package/tools/pagerduty_sso_incidents.mjs +36 -0
  6. package/tools/pagerduty_sso_oncalls.mjs +36 -0
  7. package/tools/pagerduty_sso_read.mjs +34 -0
  8. package/tools/pagerduty_sso_services.mjs +33 -0
  9. package/tools/pagerduty_sso_verify.mjs +26 -0
  10. package/vendor/extension-sso/LICENSE +202 -0
  11. package/vendor/extension-sso/README.md +35 -0
  12. package/vendor/extension-sso/commands/okta-login.md +10 -0
  13. package/vendor/extension-sso/package.json +51 -0
  14. package/vendor/extension-sso/skills/workday-okta-auth/SKILL.md +20 -0
  15. package/vendor/extension-sso/src/autoAuth.mjs +25 -0
  16. package/vendor/extension-sso/src/browserLogin.mjs +1 -0
  17. package/vendor/extension-sso/src/chromeCookies.mjs +1 -0
  18. package/vendor/extension-sso/src/cookieJar.mjs +1 -0
  19. package/vendor/extension-sso/src/extensionAccess.mjs +173 -0
  20. package/vendor/extension-sso/src/htmlSessionExtract.mjs +1 -0
  21. package/vendor/extension-sso/src/oktaAppAccess.mjs +133 -0
  22. package/vendor/extension-sso/src/oktaAppCatalog.mjs +118 -0
  23. package/vendor/extension-sso/src/oktaAppRead.mjs +119 -0
  24. package/vendor/extension-sso/src/oktaConfig.mjs +12 -0
  25. package/vendor/extension-sso/src/oktaSession.mjs +32 -0
  26. package/vendor/extension-sso/src/serviceOperations.mjs +407 -0
  27. package/vendor/extension-sso/src/serviceReadSearch.mjs +395 -0
  28. package/vendor/extension-sso/src/serviceReads.mjs +109 -0
  29. package/vendor/extension-sso/src/serviceRegistry.mjs +497 -0
  30. package/vendor/extension-sso/src/sessionAuth.mjs +339 -0
  31. package/vendor/extension-sso/src/sessionManager.mjs +212 -0
  32. package/vendor/extension-sso/src/sessionValidate.mjs +74 -0
  33. package/vendor/extension-sso/src/ssoConfig.mjs +31 -0
  34. package/vendor/extension-sso/src/ssoHttpRead.mjs +292 -0
  35. package/vendor/extension-sso/tools/extension-access-tools.shared.mjs +16 -0
  36. package/vendor/extension-sso/tools/okta-app-tools.shared.mjs +5 -0
  37. package/vendor/extension-sso/tools/okta-tools.shared.mjs +18 -0
  38. package/vendor/extension-sso/tools/workday_extension_read.mjs +51 -0
  39. package/vendor/extension-sso/tools/workday_extension_read_access.mjs +65 -0
  40. package/vendor/extension-sso/tools/workday_list_extension_access.mjs +39 -0
  41. package/vendor/extension-sso/tools/workday_list_okta_apps.mjs +18 -0
  42. package/vendor/extension-sso/tools/workday_list_service_operations.mjs +41 -0
  43. package/vendor/extension-sso/tools/workday_list_service_read_search_capabilities.mjs +34 -0
  44. package/vendor/extension-sso/tools/workday_list_services.mjs +31 -0
  45. package/vendor/extension-sso/tools/workday_okta_app_probe_all.mjs +24 -0
  46. package/vendor/extension-sso/tools/workday_okta_app_read.mjs +30 -0
  47. package/vendor/extension-sso/tools/workday_okta_app_read_access.mjs +25 -0
  48. package/vendor/extension-sso/tools/workday_okta_auth_header.mjs +58 -0
  49. package/vendor/extension-sso/tools/workday_okta_login.mjs +65 -0
  50. package/vendor/extension-sso/tools/workday_okta_open_app.mjs +63 -0
  51. package/vendor/extension-sso/tools/workday_okta_open_service.mjs +63 -0
  52. package/vendor/extension-sso/tools/workday_okta_status.mjs +35 -0
  53. package/vendor/extension-sso/tools/workday_service_auth.mjs +65 -0
  54. package/vendor/extension-sso/tools/workday_service_operation_read.mjs +51 -0
  55. package/vendor/extension-sso/tools/workday_service_read.mjs +56 -0
  56. package/vendor/extension-sso/tools/workday_service_search.mjs +62 -0
  57. package/vendor/extension-sso/tools/workday_sso_cookie_header.mjs +59 -0
  58. package/vendor/extension-sso/vendor/extension-browser-sso/LICENSE +202 -0
  59. package/vendor/extension-sso/vendor/extension-browser-sso/README.md +16 -0
  60. package/vendor/extension-sso/vendor/extension-browser-sso/package.json +47 -0
  61. package/vendor/extension-sso/vendor/extension-browser-sso/src/autoAuth.mjs +47 -0
  62. package/vendor/extension-sso/vendor/extension-browser-sso/src/browserHttpRead.mjs +76 -0
  63. package/vendor/extension-sso/vendor/extension-browser-sso/src/browserLogin.mjs +24 -0
  64. package/vendor/extension-sso/vendor/extension-browser-sso/src/chromeCookies.mjs +192 -0
  65. package/vendor/extension-sso/vendor/extension-browser-sso/src/cookieJar.mjs +132 -0
  66. package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/devops-data-paths.mjs +222 -0
  67. package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/devops-diagnostics.mjs +440 -0
  68. package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/enterprise-api-read.mjs +180 -0
  69. package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/read-only-command-pack.mjs +1 -0
  70. package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/read-only-plan.mjs +45 -0
  71. package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/read-only-shell-policy.d.mts +26 -0
  72. package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/read-only-shell-policy.mjs +170 -0
  73. package/vendor/extension-sso/vendor/extension-browser-sso/src/htmlSessionExtract.mjs +64 -0
  74. package/vendor/extension-sso/vendor/extension-read-only-toolkit/LICENSE +202 -0
  75. package/vendor/extension-sso/vendor/extension-read-only-toolkit/README.md +29 -0
  76. package/vendor/extension-sso/vendor/extension-read-only-toolkit/package.json +43 -0
  77. package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/devops-data-paths.mjs +222 -0
  78. package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/devops-diagnostics.mjs +440 -0
  79. package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/enterprise-api-read.mjs +180 -0
  80. package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/read-only-command-pack.mjs +1 -0
  81. package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/read-only-plan.mjs +45 -0
  82. package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/read-only-shell-policy.d.mts +26 -0
  83. package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/read-only-shell-policy.mjs +170 -0
@@ -0,0 +1,497 @@
1
+ import { OKTA_USER_HOME_APPS } from "./oktaAppCatalog.mjs";
2
+
3
+ function slugify(value) {
4
+ return String(value)
5
+ .toLowerCase()
6
+ .replace(/[^a-z0-9]+/g, "-")
7
+ .replace(/^-|-$/g, "");
8
+ }
9
+
10
+ const OKTA_APP_SERVICE_ID_OVERRIDES = {
11
+ Slack: "slack",
12
+ Sana: "sana",
13
+ "Workday - Google Apps Drive": "google-drive",
14
+ "Workday Service Hub": "service-hub",
15
+ Snyk: "snyk",
16
+ "Collibra Data Intelligence Platform": "collibra",
17
+ Mixpanel: "mixpanel"
18
+ };
19
+
20
+ function oktaServiceId(appName) {
21
+ return OKTA_APP_SERVICE_ID_OVERRIDES[appName] ?? `okta-${slugify(appName)}`;
22
+ }
23
+
24
+ function oktaAppExtensionName(appName) {
25
+ return `@nuvlore/extension-access-okta-${slugify(appName)}`;
26
+ }
27
+
28
+ function oktaAppServiceEntry(appName, app) {
29
+ return {
30
+ extension: oktaAppExtensionName(appName),
31
+ label: appName,
32
+ auth: "okta-sso",
33
+ domains: app.domains ?? [],
34
+ oktaAppName: appName,
35
+ readAccess: {
36
+ readOnly: true,
37
+ methods: ["GET"],
38
+ mode: "cookie-http",
39
+ defaultBaseUrl: app.defaultBaseUrl,
40
+ restPathPrefix: app.probePath ?? "/",
41
+ oktaAppName: appName,
42
+ oktaAppMode: app.mode ?? "cookie-http",
43
+ probePath: app.probePath ?? "/"
44
+ }
45
+ };
46
+ }
47
+
48
+ const OKTA_APP_SERVICES = Object.fromEntries(
49
+ Object.entries(OKTA_USER_HOME_APPS)
50
+ .filter(([, app]) => !app.serviceId)
51
+ .map(([appName, app]) => [oktaServiceId(appName), oktaAppServiceEntry(appName, app)])
52
+ );
53
+
54
+ /**
55
+ * Strict 1:1 registry: each `id` is one Nuvlore extension package.
56
+ * `id` matches agentRuntimeTools.service on that extension.
57
+ */
58
+ const CORE_WORKDAY_SERVICES = {
59
+ sso: {
60
+ extension: "@nuvlore/extension-sso",
61
+ label: "Okta",
62
+ auth: "okta-hub",
63
+ domains: ["workday.okta.com", "workdaytech.okta.com"],
64
+ readAccess: { readOnly: true, methods: ["GET"], mode: "cookie-http" }
65
+ },
66
+ bamboo: {
67
+ extension: "@nuvlore/extension-bamboo",
68
+ ssoAccessExtension: "@nuvlore/extension-access-bamboo",
69
+ label: "Bamboo CI",
70
+ auth: "okta-sso",
71
+ domains: ["bamboo11.workday.com", "bamboo16.workday.com", "bamboo20.workday.com", "bamboo.workday.com"],
72
+ readAccess: {
73
+ readOnly: true,
74
+ methods: ["GET"],
75
+ mode: "cookie-http",
76
+ defaultBaseUrl: "https://bamboo11.workday.com",
77
+ restPathPrefix: "/rest/api/latest"
78
+ }
79
+ },
80
+ bitbucket: {
81
+ extension: "@nuvlore/extension-bitbucket",
82
+ ssoAccessExtension: "@nuvlore/extension-access-bitbucket",
83
+ label: "Bitbucket",
84
+ auth: "okta-sso",
85
+ domains: ["bitbucket.workday.com"],
86
+ readAccess: {
87
+ readOnly: true,
88
+ methods: ["GET"],
89
+ mode: "cookie-http",
90
+ defaultBaseUrl: "https://bitbucket.workday.com",
91
+ authUrl: "https://bitbucket.workday.com/plugins/servlet/external-login/1?authDest=%2Fdashboard",
92
+ restPathPrefix: "/rest/api/latest"
93
+ }
94
+ },
95
+ confluence: {
96
+ extension: "@nuvlore/extension-confluence",
97
+ ssoAccessExtension: "@nuvlore/extension-access-confluence",
98
+ label: "Confluence",
99
+ auth: "okta-sso",
100
+ domains: ["confluence.workday.com"],
101
+ readAccess: {
102
+ readOnly: true,
103
+ methods: ["GET"],
104
+ mode: "cookie-http",
105
+ defaultBaseUrl: "https://confluence.workday.com",
106
+ restPathPrefix: "/rest/api"
107
+ }
108
+ },
109
+ jira: {
110
+ extension: "@nuvlore/extension-jira",
111
+ ssoAccessExtension: "@nuvlore/extension-access-jira",
112
+ label: "Jira",
113
+ auth: "okta-sso",
114
+ domains: ["jira2.workday.com"],
115
+ readAccess: {
116
+ readOnly: true,
117
+ methods: ["GET"],
118
+ mode: "cookie-http",
119
+ defaultBaseUrl: "https://jira2.workday.com",
120
+ restPathPrefix: "/rest/api/latest"
121
+ }
122
+ },
123
+ pharos: {
124
+ extension: "@nuvlore/extension-pharos",
125
+ ssoAccessExtension: "@nuvlore/extension-access-pharos",
126
+ label: "Pharos",
127
+ auth: "okta-sso",
128
+ domains: [
129
+ "prod-us.auth.wdpharos.io",
130
+ "dev-us.auth.wdpharos.io",
131
+ "grafana.produs.us.wdpharos.io",
132
+ "grafana.dev.wdpharos.io",
133
+ "metrics.produs.us.wdpharos.io",
134
+ "metrics-apis.produs.us.wdpharos.io",
135
+ "metrics.dev.wdpharos.io",
136
+ "metrics-apis.dev.wdpharos.io"
137
+ ],
138
+ readAccess: {
139
+ readOnly: true,
140
+ methods: ["GET"],
141
+ mode: "cookie-http",
142
+ defaultBaseUrl: "https://grafana.produs.us.wdpharos.io",
143
+ restPathPrefix: "/api"
144
+ }
145
+ },
146
+ dashboard: {
147
+ extension: "@nuvlore/extension-dashboard",
148
+ ssoAccessExtension: "@nuvlore/extension-access-dashboard",
149
+ label: "Grafana / Solas Dashboards",
150
+ auth: "okta-sso",
151
+ domains: ["grafana.produs.us.wdpharos.io", "grafana.dev.wdpharos.io", "solas.workday.com"],
152
+ readAccess: {
153
+ readOnly: true,
154
+ methods: ["GET"],
155
+ mode: "cookie-http",
156
+ defaultBaseUrl: "https://solas.workday.com",
157
+ restPathPrefix: "/s/readonly"
158
+ }
159
+ },
160
+ github: {
161
+ extension: "@nuvlore/extension-github-enterprise",
162
+ ssoAccessExtension: "@nuvlore/extension-access-github",
163
+ label: "GitHub Enterprise",
164
+ auth: "okta-sso",
165
+ domains: ["ghe.megaleo.com", "wd5-master.megaleo.com"],
166
+ readAccess: {
167
+ readOnly: true,
168
+ methods: ["GET"],
169
+ mode: "cookie-http",
170
+ defaultBaseUrl: "https://ghe.megaleo.com",
171
+ restPathPrefix: "/api/v3"
172
+ }
173
+ },
174
+ teamcity: {
175
+ extension: "@nuvlore/extension-teamcity",
176
+ ssoAccessExtension: "@nuvlore/extension-access-teamcity",
177
+ label: "TeamCity",
178
+ auth: "okta-sso",
179
+ domains: ["toolcity.megaleo.com"],
180
+ readAccess: {
181
+ readOnly: true,
182
+ methods: ["GET"],
183
+ mode: "cookie-http",
184
+ defaultBaseUrl: "https://toolcity.megaleo.com",
185
+ restPathPrefix: "/app/rest"
186
+ }
187
+ },
188
+ pagerduty: {
189
+ extension: "@nuvlore/extension-pagerduty",
190
+ ssoAccessExtension: "@nuvlore/extension-access-pagerduty",
191
+ label: "PagerDuty",
192
+ auth: "okta-sso",
193
+ domains: ["workday.pagerduty.com", "identity.pagerduty.com", "tickets.pagerduty.com"],
194
+ readAccess: {
195
+ readOnly: true,
196
+ methods: ["GET"],
197
+ mode: "cookie-http",
198
+ defaultBaseUrl: "https://workday.pagerduty.com",
199
+ restPathPrefix: "/api/v2"
200
+ }
201
+ },
202
+ slack: {
203
+ extension: "@nuvlore/extension-access-okta-slack",
204
+ label: "Slack",
205
+ auth: "okta-sso",
206
+ domains: ["workday.enterprise.slack.com", "workday.slack.com", "workday-dev.slack.com", "slack.com", "app.slack.com"],
207
+ readAccess: {
208
+ readOnly: true,
209
+ methods: ["GET"],
210
+ mode: "cookie-http",
211
+ defaultBaseUrl: "https://workday.enterprise.slack.com",
212
+ restPathPrefix: "/"
213
+ }
214
+ },
215
+ sana: {
216
+ extension: "@nuvlore/extension-access-okta-sana",
217
+ label: "Sana",
218
+ auth: "okta-sso",
219
+ domains: ["workday.sana.ai", "sana.ai", "sanalabs.com"],
220
+ readAccess: {
221
+ readOnly: true,
222
+ methods: ["GET"],
223
+ mode: "cookie-http",
224
+ defaultBaseUrl: "https://workday.sana.ai",
225
+ restPathPrefix: "/"
226
+ }
227
+ },
228
+ "google-drive": {
229
+ extension: "@nuvlore/extension-access-okta-workday-google-apps-drive",
230
+ label: "Workday Google Drive",
231
+ auth: "okta-sso",
232
+ domains: ["drive.google.com", "accounts.google.com", "google.com"],
233
+ readAccess: {
234
+ readOnly: true,
235
+ methods: ["GET"],
236
+ mode: "cookie-http",
237
+ defaultBaseUrl: "https://drive.google.com",
238
+ restPathPrefix: "/drive"
239
+ }
240
+ },
241
+ "service-hub": {
242
+ extension: "@nuvlore/extension-access-okta-workday-service-hub",
243
+ label: "Workday Service Hub",
244
+ auth: "okta-sso",
245
+ domains: ["workday.service-now.com"],
246
+ readAccess: {
247
+ readOnly: true,
248
+ methods: ["GET"],
249
+ mode: "cookie-http",
250
+ defaultBaseUrl: "https://workday.service-now.com",
251
+ restPathPrefix: "/"
252
+ }
253
+ },
254
+ snyk: {
255
+ extension: "@nuvlore/extension-access-okta-snyk",
256
+ label: "Snyk",
257
+ auth: "okta-sso",
258
+ domains: ["app.snyk.io"],
259
+ readAccess: {
260
+ readOnly: true,
261
+ methods: ["GET"],
262
+ mode: "cookie-http",
263
+ defaultBaseUrl: "https://app.snyk.io",
264
+ restPathPrefix: "/"
265
+ }
266
+ },
267
+ collibra: {
268
+ extension: "@nuvlore/extension-access-okta-collibra-data-intelligence-platform",
269
+ label: "Collibra Data Intelligence Platform",
270
+ auth: "okta-sso",
271
+ domains: ["workday.collibra.com"],
272
+ readAccess: {
273
+ readOnly: true,
274
+ methods: ["GET"],
275
+ mode: "cookie-http",
276
+ defaultBaseUrl: "https://workday.collibra.com",
277
+ restPathPrefix: "/"
278
+ }
279
+ },
280
+ mixpanel: {
281
+ extension: "@nuvlore/extension-access-okta-mixpanel",
282
+ label: "Mixpanel",
283
+ auth: "okta-sso",
284
+ domains: ["mixpanel.com"],
285
+ readAccess: {
286
+ readOnly: true,
287
+ methods: ["GET"],
288
+ mode: "cookie-http",
289
+ defaultBaseUrl: "https://mixpanel.com",
290
+ restPathPrefix: "/"
291
+ }
292
+ },
293
+ kubernetes: {
294
+ extension: "@nuvlore/extension-kubernetes",
295
+ label: "Kubernetes",
296
+ auth: "okta-sso+boundary",
297
+ domains: ["boundary.workday.com", "horizon.workdayinternal.com"],
298
+ readAccess: {
299
+ readOnly: true,
300
+ methods: ["get", "describe", "logs"],
301
+ mode: "cli-readonly",
302
+ note: "Use kubernetes_status_snapshot — kubectl get/describe/logs only."
303
+ }
304
+ },
305
+ "apache-projects": {
306
+ extension: "@nuvlore/extension-apache-projects",
307
+ label: "Apache Projects",
308
+ auth: "public",
309
+ domains: ["downloads.apache.org", "archive.apache.org"],
310
+ readAccess: {
311
+ readOnly: true,
312
+ methods: ["GET"],
313
+ mode: "public-http",
314
+ defaultBaseUrl: "https://downloads.apache.org"
315
+ }
316
+ },
317
+ workflow: {
318
+ extension: "@nuvlore/extension-claude-code-client",
319
+ label: "Claude Code Workflows",
320
+ auth: "local",
321
+ domains: [],
322
+ readAccess: { readOnly: true, methods: [], mode: "local" }
323
+ },
324
+ local: {
325
+ extension: "@nuvlore/extension-local-diagnostics",
326
+ label: "Local Diagnostics",
327
+ auth: "local",
328
+ domains: [],
329
+ readAccess: { readOnly: true, methods: [], mode: "local" }
330
+ },
331
+ "log-analysis": {
332
+ extension: "@nuvlore/extension-log-analysis",
333
+ label: "Log Analysis",
334
+ auth: "local",
335
+ domains: [],
336
+ readAccess: { readOnly: true, methods: [], mode: "local" }
337
+ },
338
+ remote: {
339
+ extension: "@nuvlore/extension-remote-readonly",
340
+ label: "Remote SSH Read-only",
341
+ auth: "ssh",
342
+ domains: [],
343
+ readAccess: {
344
+ readOnly: true,
345
+ methods: ["read"],
346
+ mode: "ssh-readonly",
347
+ note: "Use remote_readonly_command — read-only shell policy."
348
+ }
349
+ },
350
+ repository: {
351
+ extension: "@nuvlore/extension-repository",
352
+ ssoAccessExtension: "@nuvlore/extension-access-repository",
353
+ label: "Repository / Artifactory",
354
+ auth: "okta-sso",
355
+ domains: ["artifactory.workday.com"],
356
+ readAccess: {
357
+ readOnly: true,
358
+ methods: ["GET"],
359
+ mode: "cookie-http",
360
+ defaultBaseUrl: "https://artifactory.workday.com",
361
+ restPathPrefix: "/artifactory/api"
362
+ }
363
+ },
364
+ review: {
365
+ extension: "@nuvlore/extension-review",
366
+ label: "Code Review",
367
+ auth: "workflow",
368
+ domains: [],
369
+ requires: ["bitbucket", "github", "jira"],
370
+ readAccess: { readOnly: true, methods: ["GET"], mode: "workflow" }
371
+ },
372
+ "runtime-governance": {
373
+ extension: "@nuvlore/extension-runtime-governance",
374
+ label: "Runtime Governance",
375
+ auth: "local",
376
+ domains: [],
377
+ readAccess: { readOnly: true, methods: [], mode: "local" }
378
+ },
379
+ pensiv: {
380
+ extension: "@nuvlore/extension-pensiv",
381
+ label: "Pensiv Memory",
382
+ auth: "mcp",
383
+ domains: [],
384
+ readAccess: { readOnly: true, methods: ["GET"], mode: "mcp" }
385
+ },
386
+ "workday-toolkit": {
387
+ extension: "@nuvlore/extension-read-only-toolkit",
388
+ label: "Workday Toolkit (library)",
389
+ auth: "library",
390
+ domains: [],
391
+ readAccess: { readOnly: true, methods: [], mode: "library" }
392
+ },
393
+ bds: {
394
+ extension: "@nuvlore/extension-bds",
395
+ label: "BDS Workflows",
396
+ auth: "workflow",
397
+ domains: [],
398
+ requires: ["jira", "bitbucket", "confluence", "pharos", "dashboard", "kubernetes", "repository"],
399
+ readAccess: { readOnly: true, methods: ["GET"], mode: "workflow" }
400
+ },
401
+ "workday-ci": {
402
+ extension: "@nuvlore/extension-workday-ci",
403
+ label: "Workday CI Workflows",
404
+ auth: "workflow",
405
+ domains: [],
406
+ requires: ["bamboo", "bitbucket", "github", "jira", "kubernetes", "log-analysis"],
407
+ readAccess: { readOnly: true, methods: ["GET"], mode: "workflow" }
408
+ },
409
+ "workday-enterprise-workflows": {
410
+ extension: "@nuvlore/extension-workday-enterprise-workflows",
411
+ label: "Workday Enterprise Workflows",
412
+ auth: "workflow",
413
+ domains: [],
414
+ requires: ["bamboo", "bitbucket", "confluence", "github", "jira", "pagerduty", "teamcity", "repository", "review"],
415
+ readAccess: { readOnly: true, methods: ["GET"], mode: "workflow" }
416
+ },
417
+ "workday-infra-access": {
418
+ extension: "@nuvlore/extension-workday-infra-access",
419
+ label: "Workday Infra Access",
420
+ auth: "okta-sso",
421
+ domains: [
422
+ "signin.aws.amazon.com",
423
+ "console.cloud.google.com",
424
+ "boundary.workday.com",
425
+ "signin.resourcecenter.workday.com",
426
+ "dcselfservice.myworkday.com"
427
+ ],
428
+ readAccess: {
429
+ readOnly: true,
430
+ methods: ["describe", "list", "get", "logs"],
431
+ mode: "cli-readonly",
432
+ platforms: {
433
+ aws: { domains: ["signin.aws.amazon.com"], tool: "aws_cust_federated_readonly_command_pack" },
434
+ gcp: { domains: ["console.cloud.google.com"], tool: "gcp_readonly_command_pack" },
435
+ boundary: { domains: ["boundary.workday.com"], tool: "workday_boundary_login", action: "status" }
436
+ }
437
+ }
438
+ },
439
+ "workday-sre-workflows": {
440
+ extension: "@nuvlore/extension-workday-sre-workflows",
441
+ label: "Workday SRE Workflows",
442
+ auth: "workflow",
443
+ domains: [],
444
+ requires: ["pharos", "dashboard", "pagerduty", "kubernetes", "workday-infra-access"],
445
+ readAccess: { readOnly: true, methods: ["GET"], mode: "workflow" }
446
+ }
447
+ };
448
+
449
+ export const WORKDAY_SERVICES = {
450
+ ...CORE_WORKDAY_SERVICES,
451
+ ...OKTA_APP_SERVICES
452
+ };
453
+
454
+ function assertUniqueExtensions() {
455
+ const seen = new Map();
456
+ for (const [id, service] of Object.entries(WORKDAY_SERVICES)) {
457
+ const pkg = service.extension;
458
+ if (seen.has(pkg)) {
459
+ throw new Error(`Duplicate extension ${pkg} on services ${seen.get(pkg)} and ${id}`);
460
+ }
461
+ seen.set(pkg, id);
462
+ }
463
+ }
464
+ assertUniqueExtensions();
465
+
466
+ export function listWorkdayServices() {
467
+ return Object.entries(WORKDAY_SERVICES).map(([id, service]) => ({ id, ...service }));
468
+ }
469
+
470
+ export function listWorkdayExtensions() {
471
+ return listWorkdayServices();
472
+ }
473
+
474
+ export function getWorkdayService(id) {
475
+ const service = WORKDAY_SERVICES[id];
476
+ if (!service) {
477
+ throw new Error(`Unknown Workday service: ${id}`);
478
+ }
479
+ return { id, ...service };
480
+ }
481
+
482
+ export function getServiceDomains(id) {
483
+ return [...(getWorkdayService(id).domains ?? [])];
484
+ }
485
+
486
+ export function getServiceByExtension(packageName) {
487
+ const match = listWorkdayServices().find((service) => service.extension === packageName);
488
+ if (!match) {
489
+ throw new Error(`No SSO registry entry for extension: ${packageName}`);
490
+ }
491
+ return match;
492
+ }
493
+
494
+ export function getRequiredServices(id) {
495
+ const service = getWorkdayService(id);
496
+ return (service.requires ?? []).map((depId) => getWorkdayService(depId));
497
+ }