@sentriflow/core 0.1.0

package/src/parser/vendors/fortinet-fortigate.ts

@@ -0,0 +1,217 @@
+// packages/core/src/parser/vendors/fortinet-fortigate.ts
+
+import type { VendorSchema } from '../VendorSchema';
+
+/**
+ * Fortinet FortiGate (FortiOS) configuration schema.
+ *
+ * FortiOS uses a distinctive configuration syntax with:
+ * 1. "config" to start configuration blocks
+ * 2. "edit" to create/modify named entries within a table
+ * 3. "next" to end an edit entry
+ * 4. "end" to close a config block
+ *
+ * Key characteristics:
+ * - Hierarchical structure using config/edit/next/end
+ * - "set" commands for setting values
+ * - "unset" commands for removing values
+ * - Comments start with #
+ * - No braces - uses keywords for hierarchy
+ *
+ * Configuration structure:
+ * ```
+ * config system global
+ *     set hostname "FW-01"
+ *     set timezone "America/New_York"
+ * end
+ *
+ * config system interface
+ *     edit "port1"
+ *         set ip 192.168.1.1 255.255.255.0
+ *         set allowaccess ping https ssh
+ *         set type physical
+ *     next
+ *     edit "port2"
+ *         set ip 10.0.0.1 255.255.255.0
+ *         set allowaccess ping
+ *     next
+ * end
+ *
+ * config firewall policy
+ *     edit 1
+ *         set srcintf "port1"
+ *         set dstintf "port2"
+ *         set srcaddr "all"
+ *         set dstaddr "all"
+ *         set action accept
+ *         set schedule "always"
+ *         set service "ALL"
+ *     next
+ * end
+ * ```
+ *
+ * FortiOS sections include:
+ * - config system global - Global system settings
+ * - config system interface - Network interfaces
+ * - config system admin - Admin users and access
+ * - config firewall policy - Security policies
+ * - config firewall address - Address objects
+ * - config firewall service custom - Service objects
+ * - config vpn ipsec phase1-interface - IPsec VPN tunnels
+ * - config router static - Static routing
+ * - config router bgp - BGP routing
+ * - config log syslogd setting - Logging
+ * - config user local - Local users
+ * - config user group - User groups
+ * - config webfilter profile - Web filtering profiles
+ * - config antivirus profile - Antivirus profiles
+ * - config ips sensor - IPS profiles
+ */
+export const FortinetFortiGateSchema: VendorSchema = {
+  id: 'fortinet-fortigate',
+  name: 'Fortinet FortiGate (FortiOS)',
+  useBraceHierarchy: false,
+
+  commentPatterns: [
+    /^#/,                    // Hash comments
+    /^\/\//,                 // Double-slash comments (some versions)
+  ],
+  sectionDelimiter: 'end',
+
+  blockStarters: [
+    // ============ DEPTH 0: Top-level config blocks ============
+
+    // System configuration
+    { pattern: /^config\s+system\s+global$/i, depth: 0 },
+    { pattern: /^config\s+system\s+interface$/i, depth: 0 },
+    { pattern: /^config\s+system\s+admin$/i, depth: 0 },
+    { pattern: /^config\s+system\s+dns$/i, depth: 0 },
+    { pattern: /^config\s+system\s+ntp$/i, depth: 0 },
+    { pattern: /^config\s+system\s+snmp\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+system\s+settings$/i, depth: 0 },
+    { pattern: /^config\s+system\s+ha$/i, depth: 0 },
+    { pattern: /^config\s+system\s+zone$/i, depth: 0 },
+    { pattern: /^config\s+system\s+dhcp\s+server$/i, depth: 0 },
+    { pattern: /^config\s+system\s+replacemsg\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+system\s+accprofile$/i, depth: 0 },
+    { pattern: /^config\s+system\s+api-user$/i, depth: 0 },
+    { pattern: /^config\s+system\s+automation-\S+/i, depth: 0 },
+    { pattern: /^config\s+system\s+virtual-wan-link$/i, depth: 0 },
+    { pattern: /^config\s+system\s+sdwan$/i, depth: 0 },
+    { pattern: /^config\s+system\s+\S+/i, depth: 0 },  // Catch-all for system config
+
+    // Firewall configuration
+    { pattern: /^config\s+firewall\s+policy$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+policy6$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+address$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+address6$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+addrgrp$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+addrgrp6$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+service\s+custom$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+service\s+group$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+schedule\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+vip$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+vip6$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+ippool$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+ippool6$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+central-snat-map$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+shaper\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+shaping-policy$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+ssl-ssh-profile$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+profile-group$/i, depth: 0 },
+    { pattern: /^config\s+firewall\s+\S+/i, depth: 0 },  // Catch-all for firewall config
+
+    // VPN configuration
+    { pattern: /^config\s+vpn\s+ipsec\s+phase1-interface$/i, depth: 0 },
+    { pattern: /^config\s+vpn\s+ipsec\s+phase2-interface$/i, depth: 0 },
+    { pattern: /^config\s+vpn\s+ssl\s+settings$/i, depth: 0 },
+    { pattern: /^config\s+vpn\s+ssl\s+web\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+vpn\s+\S+/i, depth: 0 },  // Catch-all for VPN config
+
+    // Router configuration
+    { pattern: /^config\s+router\s+static$/i, depth: 0 },
+    { pattern: /^config\s+router\s+static6$/i, depth: 0 },
+    { pattern: /^config\s+router\s+policy$/i, depth: 0 },
+    { pattern: /^config\s+router\s+bgp$/i, depth: 0 },
+    { pattern: /^config\s+router\s+ospf$/i, depth: 0 },
+    { pattern: /^config\s+router\s+ospf6$/i, depth: 0 },
+    { pattern: /^config\s+router\s+rip$/i, depth: 0 },
+    { pattern: /^config\s+router\s+access-list$/i, depth: 0 },
+    { pattern: /^config\s+router\s+prefix-list$/i, depth: 0 },
+    { pattern: /^config\s+router\s+route-map$/i, depth: 0 },
+    { pattern: /^config\s+router\s+\S+/i, depth: 0 },  // Catch-all for router config
+
+    // Logging configuration
+    { pattern: /^config\s+log\s+syslogd\s+setting$/i, depth: 0 },
+    { pattern: /^config\s+log\s+syslogd\d?\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+log\s+fortianalyzer\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+log\s+disk\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+log\s+memory\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+log\s+\S+/i, depth: 0 },  // Catch-all for log config
+
+    // User and authentication configuration
+    { pattern: /^config\s+user\s+local$/i, depth: 0 },
+    { pattern: /^config\s+user\s+group$/i, depth: 0 },
+    { pattern: /^config\s+user\s+ldap$/i, depth: 0 },
+    { pattern: /^config\s+user\s+radius$/i, depth: 0 },
+    { pattern: /^config\s+user\s+tacacs\+$/i, depth: 0 },
+    { pattern: /^config\s+user\s+fsso$/i, depth: 0 },
+    { pattern: /^config\s+user\s+\S+/i, depth: 0 },  // Catch-all for user config
+
+    // Security profiles
+    { pattern: /^config\s+antivirus\s+profile$/i, depth: 0 },
+    { pattern: /^config\s+webfilter\s+profile$/i, depth: 0 },
+    { pattern: /^config\s+webfilter\s+urlfilter$/i, depth: 0 },
+    { pattern: /^config\s+webfilter\s+content$/i, depth: 0 },
+    { pattern: /^config\s+webfilter\s+ftgd-local-cat$/i, depth: 0 },
+    { pattern: /^config\s+ips\s+sensor$/i, depth: 0 },
+    { pattern: /^config\s+ips\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+application\s+list$/i, depth: 0 },
+    { pattern: /^config\s+application\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+dlp\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+spamfilter\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+emailfilter\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+icap\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+voip\s+profile$/i, depth: 0 },
+    { pattern: /^config\s+waf\s+profile$/i, depth: 0 },
+    { pattern: /^config\s+dnsfilter\s+profile$/i, depth: 0 },
+    { pattern: /^config\s+videofilter\s+profile$/i, depth: 0 },
+    { pattern: /^config\s+file-filter\s+profile$/i, depth: 0 },
+    { pattern: /^config\s+ssh-filter\s+profile$/i, depth: 0 },
+    { pattern: /^config\s+cifs\s+profile$/i, depth: 0 },
+
+    // Certificate configuration
+    { pattern: /^config\s+certificate\s+\S+/i, depth: 0 },
+    { pattern: /^config\s+vpn\s+certificate\s+\S+/i, depth: 0 },
+
+    // Wireless configuration
+    { pattern: /^config\s+wireless-controller\s+\S+/i, depth: 0 },
+
+    // Switch controller (FortiSwitch integration)
+    { pattern: /^config\s+switch-controller\s+\S+/i, depth: 0 },
+
+    // Endpoint control
+    { pattern: /^config\s+endpoint-control\s+\S+/i, depth: 0 },
+
+    // Global/generic config blocks
+    { pattern: /^config\s+\S+/i, depth: 0 },  // Generic config block starter
+
+    // ============ DEPTH 1: Edit entries within config blocks ============
+
+    // Edit with quoted name (most common in FortiOS)
+    { pattern: /^edit\s+"[^"]+"/i, depth: 1 },
+    { pattern: /^edit\s+'[^']+'/i, depth: 1 },
+    // Edit with unquoted name or number (e.g., policy IDs)
+    { pattern: /^edit\s+\S+/i, depth: 1 },
+
+    // ============ DEPTH 2: Nested config within edit blocks ============
+
+    // Nested config blocks inside edit entries (e.g., BGP neighbor config)
+    { pattern: /^config\s+\S+/i, depth: 2 },
+  ],
+
+  blockEnders: [
+    /^end$/i,     // Closes config block
+    /^next$/i,    // Closes edit entry
+  ],
+};

package/src/parser/vendors/huawei-vrp.ts

@@ -0,0 +1,192 @@
+// packages/core/src/parser/vendors/huawei-vrp.ts
+
+import type { VendorSchema } from '../VendorSchema';
+
+/**
+ * Huawei VRP (Versatile Routing Platform) configuration schema.
+ *
+ * Huawei VRP uses indentation-based hierarchy similar to Cisco IOS,
+ * with '#' as the section delimiter and 'quit' or 'return' to exit blocks.
+ *
+ * VRP View Hierarchy:
+ * - User View: <Huawei> - Initial access, limited commands
+ * - System View: [Huawei] - Global configuration (enter via 'system-view')
+ * - Interface View: [Huawei-GigabitEthernet0/0/1] - Interface config
+ * - Protocol View: [Huawei-ospf-1] - Routing protocol config
+ * - AAA View: [Huawei-aaa] - AAA configuration
+ *
+ * Configuration structure:
+ * - Top-level: interface, ospf, bgp, vlan, aaa, acl, user-interface, etc.
+ * - Nested: area inside ospf, peer inside bgp, address-family inside bgp
+ * - Deeply nested: rules inside ACL, local-user inside aaa
+ *
+ * Distinctive patterns:
+ * - sysname for hostname (vs Cisco's hostname)
+ * - Interface naming: GigabitEthernet X/Y/Z, XGigabitEthernet, 40GE, 100GE
+ * - undo command for negation (vs Cisco's 'no')
+ * - quit to exit views (vs Cisco's exit)
+ * - '#' as section delimiter in config files
+ * - display commands for show (vs Cisco's show)
+ */
+export const HuaweiVRPSchema: VendorSchema = {
+  id: 'huawei-vrp',
+  name: 'Huawei VRP',
+  useBraceHierarchy: false,
+
+  // Comments in VRP config files start with # or !
+  // The # is also used as a section delimiter
+  commentPatterns: [/^#$/, /^!/],
+  sectionDelimiter: '#',
+
+  blockStarters: [
+    // ============ DEPTH 0: Top-level blocks ============
+
+    // Interface blocks - Huawei naming conventions
+    { pattern: /^interface\s+\S+/i, depth: 0 },
+
+    // VLAN interface (Vlanif in Huawei)
+    { pattern: /^interface\s+Vlanif\s*\d+/i, depth: 0 },
+
+    // Routing protocol blocks
+    { pattern: /^ospf\s+\d+/i, depth: 0 },
+    { pattern: /^ospfv3\s+\d+/i, depth: 0 },
+    { pattern: /^bgp\s+\d+/i, depth: 0 },
+    { pattern: /^isis\s+\d+/i, depth: 0 },
+    { pattern: /^rip\s+\d+/i, depth: 0 },
+    { pattern: /^mpls$/i, depth: 0 },
+    { pattern: /^mpls\s+ldp$/i, depth: 0 },
+    { pattern: /^mpls\s+l2vpn$/i, depth: 0 },
+    { pattern: /^mpls\s+te$/i, depth: 0 },
+
+    // VLAN configuration
+    { pattern: /^vlan\s+\d+/i, depth: 0 },
+    { pattern: /^vlan\s+batch\s+/i, depth: 0 },
+
+    // AAA and security
+    { pattern: /^aaa$/i, depth: 0 },
+    { pattern: /^acl\s+\d+/i, depth: 0 },
+    { pattern: /^acl\s+name\s+\S+/i, depth: 0 },
+    { pattern: /^acl\s+(number\s+)?\d+/i, depth: 0 },
+    { pattern: /^traffic\s+classifier\s+\S+/i, depth: 0 },
+    { pattern: /^traffic\s+behavior\s+\S+/i, depth: 0 },
+    { pattern: /^traffic\s+policy\s+\S+/i, depth: 0 },
+
+    // User and line configuration
+    { pattern: /^user-interface\s+\S+/i, depth: 0 },
+    { pattern: /^local-user\s+\S+/i, depth: 0 },
+
+    // RADIUS and TACACS
+    { pattern: /^radius-server\s+group\s+\S+/i, depth: 0 },
+    { pattern: /^radius-server\s+template\s+\S+/i, depth: 0 },
+    { pattern: /^hwtacacs-server\s+template\s+\S+/i, depth: 0 },
+
+    // VPN and tunneling
+    { pattern: /^ip\s+vpn-instance\s+\S+/i, depth: 0 },
+    { pattern: /^ipsec\s+proposal\s+\S+/i, depth: 0 },
+    { pattern: /^ipsec\s+policy\s+\S+/i, depth: 0 },
+    { pattern: /^ike\s+proposal\s+\S+/i, depth: 0 },
+    { pattern: /^ike\s+peer\s+\S+/i, depth: 0 },
+
+    // SNMP configuration
+    { pattern: /^snmp-agent$/i, depth: 0 },
+
+    // NTP configuration
+    { pattern: /^ntp-service$/i, depth: 0 },
+
+    // SSH and SFTP
+    { pattern: /^ssh\s+server$/i, depth: 0 },
+    { pattern: /^sftp\s+server$/i, depth: 0 },
+
+    // DHCP configuration
+    { pattern: /^dhcp\s+enable$/i, depth: 0 },
+    { pattern: /^ip\s+pool\s+\S+/i, depth: 0 },
+
+    // QoS
+    { pattern: /^qos$/i, depth: 0 },
+    { pattern: /^qos\s+queue-profile\s+\S+/i, depth: 0 },
+    { pattern: /^diffserv\s+domain\s+\S+/i, depth: 0 },
+
+    // Multicast
+    { pattern: /^multicast\s+routing-enable$/i, depth: 0 },
+    { pattern: /^igmp-snooping$/i, depth: 0 },
+
+    // Spanning Tree
+    { pattern: /^stp$/i, depth: 0 },
+    { pattern: /^stp\s+region-configuration$/i, depth: 0 },
+
+    // Link aggregation
+    { pattern: /^interface\s+Eth-Trunk\s*\d+/i, depth: 0 },
+
+    // Port groups
+    { pattern: /^port-group\s+\S+/i, depth: 0 },
+
+    // Static routes (treated as blocks in some contexts)
+    { pattern: /^ip\s+route-static\s+/i, depth: 0 },
+
+    // Route policy
+    { pattern: /^route-policy\s+\S+/i, depth: 0 },
+    { pattern: /^ip\s+prefix-list\s+\S+/i, depth: 0 },
+    { pattern: /^ip\s+ip-prefix\s+\S+/i, depth: 0 },
+    { pattern: /^ip\s+community-filter\s+/i, depth: 0 },
+    { pattern: /^ip\s+as-path-filter\s+/i, depth: 0 },
+
+    // NOTE: vrrp vrid is NOT a block starter - it's an interface-level command
+    // Commands like "vrrp vrid 1 virtual-ip x.x.x.x" are children of interface blocks
+    // Do NOT add vrrp vrid as a block starter here
+
+    // BFD
+    { pattern: /^bfd$/i, depth: 0 },
+
+    // Netstream/Flow
+    { pattern: /^netstream$/i, depth: 0 },
+    { pattern: /^ip\s+netstream$/i, depth: 0 },
+
+    // Stack configuration
+    { pattern: /^stack$/i, depth: 0 },
+
+    // LLDP
+    { pattern: /^lldp$/i, depth: 0 },
+
+    // ============ DEPTH 1: Inside protocol blocks ============
+
+    // OSPF areas
+    { pattern: /^area\s+[\d.]+/i, depth: 1 },
+
+    // BGP address families
+    { pattern: /^ipv4-family\s+\S+/i, depth: 1 },
+    { pattern: /^ipv6-family\s+\S+/i, depth: 1 },
+    { pattern: /^l2vpn-family\s+/i, depth: 1 },
+    { pattern: /^vpls-family\s+/i, depth: 1 },
+
+    // BGP peer groups
+    { pattern: /^group\s+\S+/i, depth: 1 },
+
+    // AAA schemes
+    { pattern: /^authentication-scheme\s+\S+/i, depth: 1 },
+    { pattern: /^authorization-scheme\s+\S+/i, depth: 1 },
+    { pattern: /^accounting-scheme\s+\S+/i, depth: 1 },
+    { pattern: /^domain\s+\S+/i, depth: 1 },
+    { pattern: /^recording-scheme\s+\S+/i, depth: 1 },
+
+    // ACL rules (numbered ACL depth)
+    { pattern: /^rule\s+\d+/i, depth: 1 },
+
+    // Route policy nodes
+    { pattern: /^node\s+\d+/i, depth: 1 },
+
+    // ============ DEPTH 2: Deeply nested blocks ============
+
+    // VRF inside address-family
+    { pattern: /^vpn-instance\s+\S+/i, depth: 2 },
+
+    // Network inside OSPF area
+    { pattern: /^network\s+[\d.]+/i, depth: 2 },
+  ],
+
+  blockEnders: [
+    /^quit$/i,
+    /^return$/i,
+    // Exit from specific views
+    /^q$/i,
+  ],
+};