@sonde/packs 0.1.2 → 0.1.4

package/src/integrations/checkpoint.ts

@@ -0,0 +1,381 @@
+import type {
+  FetchFn,
+  IntegrationConfig,
+  IntegrationCredentials,
+  IntegrationPack,
+  IntegrationProbeHandler,
+} from '@sonde/shared';
+
+// --- Session-based auth ---
+
+/** Session ID cache: sid + expiry timestamp */
+let cachedSession: { sid: string; expiresAt: number } | null = null;
+
+/** Acquire a Check Point session ID via POST /web_api/login */
+async function getSessionId(
+  config: IntegrationConfig,
+  credentials: IntegrationCredentials,
+  fetchFn: FetchFn,
+): Promise<string> {
+  const now = Date.now();
+  if (cachedSession && cachedSession.expiresAt > now) {
+    return cachedSession.sid;
+  }
+
+  const { username, password } = credentials.credentials;
+  if (!username || !password) {
+    throw new Error('Check Point requires username and password credentials');
+  }
+
+  const url = `${config.endpoint.replace(/\/$/, '')}/web_api/login`;
+  const res = await fetchFn(url, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      ...config.headers,
+    },
+    body: JSON.stringify({ user: username, password }),
+  });
+
+  if (!res.ok) {
+    throw new Error(`Check Point login failed: ${res.status} ${res.statusText}`);
+  }
+
+  const data = (await res.json()) as { sid?: string };
+  if (!data.sid) {
+    throw new Error('Check Point login response missing sid');
+  }
+
+  cachedSession = { sid: data.sid, expiresAt: now + 5 * 60 * 1000 };
+  return data.sid;
+}
+
+// --- REST helper ---
+
+async function cpPost<T>(
+  command: string,
+  config: IntegrationConfig,
+  credentials: IntegrationCredentials,
+  fetchFn: FetchFn,
+  body?: Record<string, unknown>,
+): Promise<T> {
+  const sid = await getSessionId(config, credentials, fetchFn);
+  const url = `${config.endpoint.replace(/\/$/, '')}/web_api/${command}`;
+
+  const headers: Record<string, string> = {
+    'Content-Type': 'application/json',
+    'X-chkp-sid': sid,
+    ...config.headers,
+  };
+
+  const res = await fetchFn(url, {
+    method: 'POST',
+    headers,
+    body: JSON.stringify(body ?? {}),
+  });
+
+  if (!res.ok) {
+    throw new Error(`Check Point API returned ${res.status}: ${res.statusText}`);
+  }
+  return (await res.json()) as T;
+}
+
+// --- Probe handlers ---
+
+const gatewaysList: IntegrationProbeHandler = async (
+  params,
+  config,
+  credentials,
+  fetchFn,
+) => {
+  const detailsLevel = (params?.detailsLevel as string) || 'standard';
+  const data = await cpPost<{
+    objects?: Array<{
+      uid?: string;
+      name?: string;
+      type?: string;
+      'ipv4-address'?: string;
+      policy?: { name?: string };
+      version?: string;
+    }>;
+    total?: number;
+  }>('show-gateways-and-servers', config, credentials, fetchFn, {
+    'details-level': detailsLevel,
+  });
+
+  const gateways = (data.objects ?? []).map((gw) => ({
+    uid: gw.uid ?? null,
+    name: gw.name ?? null,
+    type: gw.type ?? null,
+    ipv4Address: gw['ipv4-address'] ?? null,
+    policy: gw.policy?.name ?? null,
+    version: gw.version ?? null,
+  }));
+
+  return { gateways, count: gateways.length, total: data.total ?? gateways.length };
+};
+
+const accessLayersList: IntegrationProbeHandler = async (
+  params,
+  config,
+  credentials,
+  fetchFn,
+) => {
+  const body: Record<string, unknown> = {};
+  const limit = params?.limit as number | undefined;
+  if (limit) body.limit = limit;
+
+  const data = await cpPost<{
+    'access-layers'?: Array<{
+      uid?: string;
+      name?: string;
+      domain?: { name?: string };
+    }>;
+    total?: number;
+  }>('show-access-layers', config, credentials, fetchFn, body);
+
+  const layers = (data['access-layers'] ?? []).map((l) => ({
+    uid: l.uid ?? null,
+    name: l.name ?? null,
+    domain: l.domain?.name ?? null,
+  }));
+
+  return { layers, count: layers.length, total: data.total ?? layers.length };
+};
+
+const accessRulesShow: IntegrationProbeHandler = async (
+  params,
+  config,
+  credentials,
+  fetchFn,
+) => {
+  const name = params?.name as string;
+  if (!name) throw new Error('name parameter is required (access layer name)');
+
+  const body: Record<string, unknown> = { name };
+  const limit = params?.limit as number | undefined;
+  if (limit) body.limit = limit;
+
+  const data = await cpPost<{
+    rulebase?: Array<{
+      'rule-number'?: number;
+      action?: { name?: string };
+      source?: Array<{ name?: string }>;
+      destination?: Array<{ name?: string }>;
+      service?: Array<{ name?: string }>;
+      enabled?: boolean;
+    }>;
+    total?: number;
+  }>('show-access-rulebase', config, credentials, fetchFn, body);
+
+  const rules = (data.rulebase ?? []).map((r) => ({
+    ruleNumber: r['rule-number'] ?? null,
+    action: r.action?.name ?? null,
+    source: (r.source ?? []).map((s) => s.name ?? 'unknown'),
+    destination: (r.destination ?? []).map((d) => d.name ?? 'unknown'),
+    service: (r.service ?? []).map((s) => s.name ?? 'unknown'),
+    enabled: r.enabled ?? true,
+  }));
+
+  return { rules, count: rules.length, total: data.total ?? rules.length };
+};
+
+const hostsList: IntegrationProbeHandler = async (
+  params,
+  config,
+  credentials,
+  fetchFn,
+) => {
+  const body: Record<string, unknown> = {};
+  const limit = params?.limit as number | undefined;
+  if (limit) body.limit = limit;
+
+  const data = await cpPost<{
+    objects?: Array<{
+      uid?: string;
+      name?: string;
+      'ipv4-address'?: string;
+    }>;
+    total?: number;
+  }>('show-hosts', config, credentials, fetchFn, body);
+
+  const hosts = (data.objects ?? []).map((h) => ({
+    uid: h.uid ?? null,
+    name: h.name ?? null,
+    ipv4Address: h['ipv4-address'] ?? null,
+  }));
+
+  return { hosts, count: hosts.length, total: data.total ?? hosts.length };
+};
+
+const networksList: IntegrationProbeHandler = async (
+  params,
+  config,
+  credentials,
+  fetchFn,
+) => {
+  const body: Record<string, unknown> = {};
+  const limit = params?.limit as number | undefined;
+  if (limit) body.limit = limit;
+
+  const data = await cpPost<{
+    objects?: Array<{
+      uid?: string;
+      name?: string;
+      subnet4?: string;
+      'mask-length4'?: number;
+    }>;
+    total?: number;
+  }>('show-networks', config, credentials, fetchFn, body);
+
+  const networks = (data.objects ?? []).map((n) => ({
+    uid: n.uid ?? null,
+    name: n.name ?? null,
+    subnet4: n.subnet4 ?? null,
+    maskLength4: n['mask-length4'] ?? null,
+  }));
+
+  return { networks, count: networks.length, total: data.total ?? networks.length };
+};
+
+const tasksList: IntegrationProbeHandler = async (
+  _params,
+  config,
+  credentials,
+  fetchFn,
+) => {
+  const data = await cpPost<{
+    tasks?: Array<{
+      'task-id'?: string;
+      'task-name'?: string;
+      status?: string;
+      progress?: number;
+      'start-date'?: string;
+    }>;
+  }>('show-tasks', config, credentials, fetchFn);
+
+  const tasks = (data.tasks ?? []).map((t) => ({
+    taskId: t['task-id'] ?? null,
+    taskName: t['task-name'] ?? null,
+    status: t.status ?? null,
+    progress: t.progress ?? null,
+    startDate: t['start-date'] ?? null,
+  }));
+
+  return { tasks, count: tasks.length };
+};
+
+// --- Pack definition ---
+
+export const checkpointPack: IntegrationPack = {
+  manifest: {
+    name: 'checkpoint',
+    type: 'integration',
+    version: '0.1.0',
+    description:
+      'Check Point — firewall gateways, access policies, network objects, and management tasks',
+    requires: { groups: [], files: [], commands: [] },
+    probes: [
+      {
+        name: 'gateways.list',
+        description: 'List gateways and servers with policy and version info',
+        capability: 'observe',
+        params: {
+          detailsLevel: {
+            type: 'string',
+            description: 'Detail level: uid, standard, or full (default: standard)',
+            required: false,
+          },
+        },
+        timeout: 15000,
+      },
+      {
+        name: 'access-layers.list',
+        description: 'List access control policy layers',
+        capability: 'observe',
+        params: {
+          limit: {
+            type: 'number',
+            description: 'Max results to return',
+            required: false,
+          },
+        },
+        timeout: 15000,
+      },
+      {
+        name: 'access-rules.show',
+        description: 'Show access rulebase for a named layer',
+        capability: 'observe',
+        params: {
+          name: {
+            type: 'string',
+            description: 'Access layer name',
+            required: true,
+          },
+          limit: {
+            type: 'number',
+            description: 'Max rules to return',
+            required: false,
+          },
+        },
+        timeout: 15000,
+      },
+      {
+        name: 'hosts.list',
+        description: 'List host objects with IP addresses',
+        capability: 'observe',
+        params: {
+          limit: {
+            type: 'number',
+            description: 'Max results to return',
+            required: false,
+          },
+        },
+        timeout: 15000,
+      },
+      {
+        name: 'networks.list',
+        description: 'List network objects with subnet and mask',
+        capability: 'observe',
+        params: {
+          limit: {
+            type: 'number',
+            description: 'Max results to return',
+            required: false,
+          },
+        },
+        timeout: 15000,
+      },
+      {
+        name: 'tasks.list',
+        description: 'List recent management tasks with status and progress',
+        capability: 'observe',
+        params: {},
+        timeout: 15000,
+      },
+    ],
+    runbook: {
+      category: 'security',
+      probes: ['gateways.list', 'tasks.list'],
+      parallel: true,
+    },
+  },
+
+  handlers: {
+    'gateways.list': gatewaysList,
+    'access-layers.list': accessLayersList,
+    'access-rules.show': accessRulesShow,
+    'hosts.list': hostsList,
+    'networks.list': networksList,
+    'tasks.list': tasksList,
+  },
+
+  testConnection: async (config, credentials, fetchFn) => {
+    try {
+      await getSessionId(config, credentials, fetchFn);
+      return true;
+    } catch {
+      return false;
+    }
+  },
+};

package/src/integrations/datadog.ts

@@ -0,0 +1,281 @@
+import type {
+  FetchFn,
+  IntegrationConfig,
+  IntegrationCredentials,
+  IntegrationPack,
+  IntegrationProbeHandler,
+} from '@sonde/shared';
+
+// --- Auth helpers ---
+
+/** Build Datadog auth headers: DD-API-KEY + DD-APPLICATION-KEY */
+function buildAuthHeaders(credentials: IntegrationCredentials): Record<string, string> {
+  const apiKey = credentials.credentials.apiKey ?? '';
+  const appKey = credentials.credentials.appKey ?? '';
+  return {
+    'DD-API-KEY': apiKey,
+    'DD-APPLICATION-KEY': appKey,
+  };
+}
+
+// --- REST helper ---
+
+async function datadogGet<T>(
+  path: string,
+  config: IntegrationConfig,
+  credentials: IntegrationCredentials,
+  fetchFn: FetchFn,
+  params?: Record<string, string>,
+): Promise<T> {
+  const base = `${config.endpoint.replace(/\/$/, '')}${path}`;
+  const url = new URL(base);
+  if (params) {
+    for (const [key, value] of Object.entries(params)) {
+      url.searchParams.set(key, value);
+    }
+  }
+
+  const headers: Record<string, string> = {
+    Accept: 'application/json',
+    ...buildAuthHeaders(credentials),
+    ...config.headers,
+  };
+
+  const res = await fetchFn(url.toString(), { headers });
+  if (!res.ok) {
+    throw new Error(`Datadog API returned ${res.status}: ${res.statusText}`);
+  }
+  return (await res.json()) as T;
+}
+
+// --- Probe handlers ---
+
+const monitorsList: IntegrationProbeHandler = async (params, config, credentials, fetchFn) => {
+  const queryParams: Record<string, string> = {};
+  const tags = params?.tags as string | undefined;
+  if (tags) queryParams.tags = tags;
+
+  const monitors = await datadogGet<
+    Array<{
+      id: number;
+      name: string;
+      type: string;
+      overall_state: string;
+      tags?: string[];
+      message?: string;
+    }>
+  >('/api/v1/monitor', config, credentials, fetchFn, queryParams);
+
+  return {
+    monitors: monitors.map((m) => ({
+      id: m.id,
+      name: m.name,
+      type: m.type,
+      overallState: m.overall_state,
+      tags: m.tags ?? [],
+    })),
+    count: monitors.length,
+  };
+};
+
+const monitorsTriggered: IntegrationProbeHandler = async (
+  _params,
+  config,
+  credentials,
+  fetchFn,
+) => {
+  const monitors = await datadogGet<
+    Array<{
+      id: number;
+      name: string;
+      type: string;
+      overall_state: string;
+      tags?: string[];
+    }>
+  >('/api/v1/monitor', config, credentials, fetchFn);
+
+  const triggered = monitors.filter(
+    (m) => m.overall_state === 'Alert' ||
+      m.overall_state === 'Warn' ||
+      m.overall_state === 'No Data',
+  );
+
+  return {
+    monitors: triggered.map((m) => ({
+      id: m.id,
+      name: m.name,
+      type: m.type,
+      overallState: m.overall_state,
+      tags: m.tags ?? [],
+    })),
+    count: triggered.length,
+  };
+};
+
+const hostsList: IntegrationProbeHandler = async (_params, config, credentials, fetchFn) => {
+  const data = await datadogGet<{
+    host_list?: Array<{
+      name: string;
+      id: number;
+      up?: boolean;
+      is_muted?: boolean;
+      apps?: string[];
+      meta?: { platform?: string };
+    }>;
+    total_matching?: number;
+  }>('/api/v1/hosts', config, credentials, fetchFn);
+
+  const hosts = data.host_list ?? [];
+  return {
+    hosts: hosts.map((h) => ({
+      name: h.name,
+      id: h.id,
+      up: h.up ?? false,
+      isMuted: h.is_muted ?? false,
+      apps: h.apps ?? [],
+      platform: h.meta?.platform ?? null,
+    })),
+    count: data.total_matching ?? hosts.length,
+  };
+};
+
+const eventsList: IntegrationProbeHandler = async (params, config, credentials, fetchFn) => {
+  const hours = (params?.hours as number) || 24;
+  const now = Math.floor(Date.now() / 1000);
+  const start = now - hours * 3600;
+
+  const queryParams: Record<string, string> = {
+    'filter[from]': String(start),
+    'filter[to]': String(now),
+  };
+  const query = params?.query as string | undefined;
+  if (query) queryParams['filter[query]'] = query;
+
+  const data = await datadogGet<{
+    data?: Array<{
+      id?: string;
+      attributes?: {
+        title?: string;
+        message?: string;
+        timestamp?: string;
+        tags?: string[];
+        status?: string;
+      };
+    }>;
+  }>('/api/v2/events', config, credentials, fetchFn, queryParams);
+
+  const events = data.data ?? [];
+  return {
+    events: events.map((e) => ({
+      id: e.id ?? null,
+      title: e.attributes?.title ?? null,
+      message: e.attributes?.message ?? null,
+      timestamp: e.attributes?.timestamp ?? null,
+      tags: e.attributes?.tags ?? [],
+      status: e.attributes?.status ?? null,
+    })),
+    count: events.length,
+  };
+};
+
+const datadogHealth: IntegrationProbeHandler = async (_params, config, credentials, fetchFn) => {
+  const data = await datadogGet<{ valid?: boolean }>(
+    '/api/v1/validate',
+    config,
+    credentials,
+    fetchFn,
+  );
+
+  return { valid: data.valid ?? false };
+};
+
+// --- Pack definition ---
+
+export const datadogPack: IntegrationPack = {
+  manifest: {
+    name: 'datadog',
+    type: 'integration',
+    version: '0.1.0',
+    description: 'Datadog — monitors, hosts, events, and API health',
+    requires: { groups: [], files: [], commands: [] },
+    probes: [
+      {
+        name: 'monitors.list',
+        description: 'List monitors with status and tags',
+        capability: 'observe',
+        params: {
+          tags: {
+            type: 'string',
+            description: 'Comma-separated tags to filter monitors',
+            required: false,
+          },
+        },
+        timeout: 15000,
+      },
+      {
+        name: 'monitors.triggered',
+        description: 'List monitors in Alert, Warn, or No Data state',
+        capability: 'observe',
+        params: {},
+        timeout: 15000,
+      },
+      {
+        name: 'hosts.list',
+        description: 'List infrastructure hosts with status',
+        capability: 'observe',
+        params: {},
+        timeout: 15000,
+      },
+      {
+        name: 'events.list',
+        description: 'List recent events with optional query filter',
+        capability: 'observe',
+        params: {
+          query: {
+            type: 'string',
+            description: 'Event search query',
+            required: false,
+          },
+          hours: {
+            type: 'number',
+            description: 'Hours to look back (default: 24)',
+            required: false,
+          },
+        },
+        timeout: 15000,
+      },
+      {
+        name: 'health',
+        description: 'Validate API key connectivity',
+        capability: 'observe',
+        params: {},
+        timeout: 10000,
+      },
+    ],
+    runbook: {
+      category: 'observability',
+      probes: ['health', 'monitors.triggered'],
+      parallel: true,
+    },
+  },
+
+  handlers: {
+    'monitors.list': monitorsList,
+    'monitors.triggered': monitorsTriggered,
+    'hosts.list': hostsList,
+    'events.list': eventsList,
+    health: datadogHealth,
+  },
+
+  testConnection: async (config, credentials, fetchFn) => {
+    const url = `${config.endpoint.replace(/\/$/, '')}/api/v1/validate`;
+    const headers: Record<string, string> = {
+      Accept: 'application/json',
+      ...buildAuthHeaders(credentials),
+      ...config.headers,
+    };
+
+    const res = await fetchFn(url, { headers });
+    return res.ok;
+  },
+};