wxcli 1.2.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- wxcli/__init__.py +4 -0
- wxcli/_playbook/.claude/agents/migration-advisor.md +239 -0
- wxcli/_playbook/.claude/agents/wxc-calling-builder.md +946 -0
- wxcli/_playbook/.claude/rules/cleanup.md +29 -0
- wxcli/_playbook/.claude/rules/cucm-migration.md +58 -0
- wxcli/_playbook/.claude/rules/org-health.md +14 -0
- wxcli/_playbook/.claude/settings.json +8 -0
- wxcli/_playbook/.claude/skills/audit-compliance/SKILL.md +515 -0
- wxcli/_playbook/.claude/skills/call-control/SKILL.md +747 -0
- wxcli/_playbook/.claude/skills/configure-features/SKILL.md +623 -0
- wxcli/_playbook/.claude/skills/configure-routing/SKILL.md +627 -0
- wxcli/_playbook/.claude/skills/contact-center/SKILL.md +1181 -0
- wxcli/_playbook/.claude/skills/cucm-migrate/SKILL.md +820 -0
- wxcli/_playbook/.claude/skills/customer-assist/SKILL.md +443 -0
- wxcli/_playbook/.claude/skills/device-platform/SKILL.md +407 -0
- wxcli/_playbook/.claude/skills/manage-call-settings/SKILL.md +757 -0
- wxcli/_playbook/.claude/skills/manage-devices/SKILL.md +790 -0
- wxcli/_playbook/.claude/skills/manage-identity/SKILL.md +638 -0
- wxcli/_playbook/.claude/skills/manage-licensing/SKILL.md +528 -0
- wxcli/_playbook/.claude/skills/manage-meetings/SKILL.md +708 -0
- wxcli/_playbook/.claude/skills/messaging-bots/SKILL.md +365 -0
- wxcli/_playbook/.claude/skills/messaging-spaces/SKILL.md +520 -0
- wxcli/_playbook/.claude/skills/org-health/SKILL.md +159 -0
- wxcli/_playbook/.claude/skills/provision-calling/SKILL.md +421 -0
- wxcli/_playbook/.claude/skills/query-live/SKILL.md +183 -0
- wxcli/_playbook/.claude/skills/query-live/domains/call-flow-trace.md +223 -0
- wxcli/_playbook/.claude/skills/query-live/domains/call-history.md +44 -0
- wxcli/_playbook/.claude/skills/query-live/domains/features.md +169 -0
- wxcli/_playbook/.claude/skills/query-live/domains/numbers.md +93 -0
- wxcli/_playbook/.claude/skills/query-live/domains/people-and-settings.md +146 -0
- wxcli/_playbook/.claude/skills/query-live/domains/routing.md +124 -0
- wxcli/_playbook/.claude/skills/reporting/SKILL.md +501 -0
- wxcli/_playbook/.claude/skills/reporting/references/cdr-recipes.md +1628 -0
- wxcli/_playbook/.claude/skills/reporting-cc/SKILL.md +251 -0
- wxcli/_playbook/.claude/skills/reporting-meetings/SKILL.md +290 -0
- wxcli/_playbook/.claude/skills/teardown/SKILL.md +214 -0
- wxcli/_playbook/.claude/skills/video-mesh/SKILL.md +379 -0
- wxcli/_playbook/.claude/skills/wxc-calling-debug/SKILL.md +475 -0
- wxcli/_playbook/CLAUDE.md +373 -0
- wxcli/_playbook/docs/reference/CLAUDE.md +25 -0
- wxcli/_playbook/docs/reference/admin-apps-data.md +643 -0
- wxcli/_playbook/docs/reference/admin-audit-security.md +322 -0
- wxcli/_playbook/docs/reference/admin-hybrid.md +383 -0
- wxcli/_playbook/docs/reference/admin-identity-scim.md +1007 -0
- wxcli/_playbook/docs/reference/admin-licensing.md +414 -0
- wxcli/_playbook/docs/reference/admin-org-management.md +586 -0
- wxcli/_playbook/docs/reference/admin-partner.md +357 -0
- wxcli/_playbook/docs/reference/archive/wxc-sdk-patterns.md +1229 -0
- wxcli/_playbook/docs/reference/archive/wxcadm-advanced.md +835 -0
- wxcli/_playbook/docs/reference/archive/wxcadm-core.md +743 -0
- wxcli/_playbook/docs/reference/archive/wxcadm-devices-workspaces.md +1305 -0
- wxcli/_playbook/docs/reference/archive/wxcadm-features.md +849 -0
- wxcli/_playbook/docs/reference/archive/wxcadm-locations.md +938 -0
- wxcli/_playbook/docs/reference/archive/wxcadm-person.md +1255 -0
- wxcli/_playbook/docs/reference/archive/wxcadm-routing.md +1262 -0
- wxcli/_playbook/docs/reference/authentication.md +965 -0
- wxcli/_playbook/docs/reference/call-control.md +1205 -0
- wxcli/_playbook/docs/reference/call-features-additional.md +2541 -0
- wxcli/_playbook/docs/reference/call-features-major.md +1320 -0
- wxcli/_playbook/docs/reference/call-routing.md +2304 -0
- wxcli/_playbook/docs/reference/contact-center-analytics.md +1049 -0
- wxcli/_playbook/docs/reference/contact-center-core.md +1614 -0
- wxcli/_playbook/docs/reference/contact-center-journey.md +457 -0
- wxcli/_playbook/docs/reference/contact-center-routing.md +1138 -0
- wxcli/_playbook/docs/reference/devices-core.md +1869 -0
- wxcli/_playbook/docs/reference/devices-dect.md +1150 -0
- wxcli/_playbook/docs/reference/devices-platform.md +467 -0
- wxcli/_playbook/docs/reference/devices-workspaces.md +1426 -0
- wxcli/_playbook/docs/reference/emergency-services.md +1122 -0
- wxcli/_playbook/docs/reference/location-calling-core.md +2037 -0
- wxcli/_playbook/docs/reference/location-calling-media.md +1334 -0
- wxcli/_playbook/docs/reference/location-recording-advanced.md +1482 -0
- wxcli/_playbook/docs/reference/meetings-content.md +473 -0
- wxcli/_playbook/docs/reference/meetings-core.md +903 -0
- wxcli/_playbook/docs/reference/meetings-infrastructure.md +899 -0
- wxcli/_playbook/docs/reference/meetings-settings.md +850 -0
- wxcli/_playbook/docs/reference/messaging-bots.md +1091 -0
- wxcli/_playbook/docs/reference/messaging-spaces.md +695 -0
- wxcli/_playbook/docs/reference/person-call-settings-behavior.md +1639 -0
- wxcli/_playbook/docs/reference/person-call-settings-handling.md +1394 -0
- wxcli/_playbook/docs/reference/person-call-settings-media.md +1898 -0
- wxcli/_playbook/docs/reference/person-call-settings-permissions.md +1329 -0
- wxcli/_playbook/docs/reference/provisioning.md +1366 -0
- wxcli/_playbook/docs/reference/reporting-analytics.md +1318 -0
- wxcli/_playbook/docs/reference/self-service-call-settings.md +1020 -0
- wxcli/_playbook/docs/reference/virtual-lines.md +1132 -0
- wxcli/_playbook/docs/reference/webhooks-events.md +1444 -0
- wxcli/_playbook/docs/reference/wxcadm-xsi-realtime.md +953 -0
- wxcli/_version.py +24 -0
- wxcli/auth.py +137 -0
- wxcli/commands/__init__.py +0 -0
- wxcli/commands/_registry.py +181 -0
- wxcli/commands/activation_email.py +103 -0
- wxcli/commands/admin_recordings.py +585 -0
- wxcli/commands/analytics.py +105 -0
- wxcli/commands/announcement_playlists.py +219 -0
- wxcli/commands/announcements.py +519 -0
- wxcli/commands/archive_users.py +36 -0
- wxcli/commands/attachment_actions.py +60 -0
- wxcli/commands/audit_events.py +83 -0
- wxcli/commands/authorizations.py +113 -0
- wxcli/commands/auto_attendant.py +642 -0
- wxcli/commands/broadworks_billing_reports.py +126 -0
- wxcli/commands/broadworks_enterprises.py +160 -0
- wxcli/commands/broadworks_subscribers.py +319 -0
- wxcli/commands/broadworks_workspaces.py +108 -0
- wxcli/commands/call_controls.py +1304 -0
- wxcli/commands/call_park.py +494 -0
- wxcli/commands/call_pickup.py +229 -0
- wxcli/commands/call_queue.py +1878 -0
- wxcli/commands/call_recording.py +707 -0
- wxcli/commands/call_routing.py +1610 -0
- wxcli/commands/call_settings_for_me_phase_5.py +212 -0
- wxcli/commands/caller_reputation.py +169 -0
- wxcli/commands/calling_service.py +305 -0
- wxcli/commands/cc_address_book.py +770 -0
- wxcli/commands/cc_agent_greetings.py +242 -0
- wxcli/commands/cc_agent_summaries.py +39 -0
- wxcli/commands/cc_agent_wellbeing.py +216 -0
- wxcli/commands/cc_agents.py +425 -0
- wxcli/commands/cc_ai_assistant.py +55 -0
- wxcli/commands/cc_ai_feature.py +294 -0
- wxcli/commands/cc_audio_files.py +149 -0
- wxcli/commands/cc_auto_csat.py +311 -0
- wxcli/commands/cc_aux_code.py +458 -0
- wxcli/commands/cc_business_hour.py +353 -0
- wxcli/commands/cc_call_monitoring.py +228 -0
- wxcli/commands/cc_callbacks.py +194 -0
- wxcli/commands/cc_campaign.py +212 -0
- wxcli/commands/cc_captures.py +39 -0
- wxcli/commands/cc_contact_list.py +169 -0
- wxcli/commands/cc_contact_number.py +295 -0
- wxcli/commands/cc_data_sources.py +235 -0
- wxcli/commands/cc_desktop_layout.py +380 -0
- wxcli/commands/cc_desktop_profile.py +322 -0
- wxcli/commands/cc_dial_number.py +511 -0
- wxcli/commands/cc_dial_plan.py +347 -0
- wxcli/commands/cc_dnc.py +101 -0
- wxcli/commands/cc_entry_point.py +545 -0
- wxcli/commands/cc_ewt.py +51 -0
- wxcli/commands/cc_flow.py +477 -0
- wxcli/commands/cc_global_vars.py +430 -0
- wxcli/commands/cc_holiday_list.py +335 -0
- wxcli/commands/cc_journey.py +1261 -0
- wxcli/commands/cc_legacy_flows.py +49 -0
- wxcli/commands/cc_multimedia_profile.py +436 -0
- wxcli/commands/cc_notification.py +51 -0
- wxcli/commands/cc_outdial_ani.py +604 -0
- wxcli/commands/cc_overrides.py +341 -0
- wxcli/commands/cc_queue.py +1083 -0
- wxcli/commands/cc_queue_stats.py +55 -0
- wxcli/commands/cc_realtime.py +51 -0
- wxcli/commands/cc_resource_collection.py +312 -0
- wxcli/commands/cc_search.py +46 -0
- wxcli/commands/cc_site.py +400 -0
- wxcli/commands/cc_skill.py +350 -0
- wxcli/commands/cc_skill_profile.py +289 -0
- wxcli/commands/cc_subscriptions.py +426 -0
- wxcli/commands/cc_summaries.py +130 -0
- wxcli/commands/cc_tasks.py +844 -0
- wxcli/commands/cc_team.py +325 -0
- wxcli/commands/cc_user_profiles.py +349 -0
- wxcli/commands/cc_users.py +701 -0
- wxcli/commands/cc_work_types.py +363 -0
- wxcli/commands/cdr.py +89 -0
- wxcli/commands/classifications.py +38 -0
- wxcli/commands/cleanup.py +1427 -0
- wxcli/commands/client_settings.py +72 -0
- wxcli/commands/conference.py +328 -0
- wxcli/commands/configure.py +72 -0
- wxcli/commands/converged_recordings.py +347 -0
- wxcli/commands/converged_recordings_export.py +310 -0
- wxcli/commands/cq_playlists.py +42 -0
- wxcli/commands/cucm.py +2794 -0
- wxcli/commands/cucm_config.py +129 -0
- wxcli/commands/customer_assist.py +373 -0
- wxcli/commands/data_sources.py +227 -0
- wxcli/commands/dect_devices.py +787 -0
- wxcli/commands/device_configurations.py +77 -0
- wxcli/commands/device_dynamic_settings.py +320 -0
- wxcli/commands/device_settings.py +1489 -0
- wxcli/commands/devices.py +280 -0
- wxcli/commands/domains.py +142 -0
- wxcli/commands/ecm.py +178 -0
- wxcli/commands/emergency_services.py +827 -0
- wxcli/commands/events.py +83 -0
- wxcli/commands/external_voicemail.py +52 -0
- wxcli/commands/groups.py +206 -0
- wxcli/commands/guest_management.py +76 -0
- wxcli/commands/hds.py +340 -0
- wxcli/commands/hot_desk.py +67 -0
- wxcli/commands/hot_desking_members.py +118 -0
- wxcli/commands/hot_desking_portal.py +124 -0
- wxcli/commands/hunt_group.py +577 -0
- wxcli/commands/hybrid_clusters.py +71 -0
- wxcli/commands/hybrid_connectors.py +67 -0
- wxcli/commands/identity_org.py +159 -0
- wxcli/commands/init_playbook.py +155 -0
- wxcli/commands/licenses.py +106 -0
- wxcli/commands/live_monitoring.py +40 -0
- wxcli/commands/location_call_handling.py +577 -0
- wxcli/commands/location_schedules.py +341 -0
- wxcli/commands/location_settings.py +1297 -0
- wxcli/commands/location_voicemail.py +494 -0
- wxcli/commands/locations.py +336 -0
- wxcli/commands/meeting_captions.py +110 -0
- wxcli/commands/meeting_chats.py +63 -0
- wxcli/commands/meeting_invitees.py +234 -0
- wxcli/commands/meeting_messages.py +28 -0
- wxcli/commands/meeting_participants.py +278 -0
- wxcli/commands/meeting_polls.py +111 -0
- wxcli/commands/meeting_preferences.py +515 -0
- wxcli/commands/meeting_qa.py +78 -0
- wxcli/commands/meeting_qualities.py +43 -0
- wxcli/commands/meeting_reports.py +101 -0
- wxcli/commands/meeting_session_types.py +105 -0
- wxcli/commands/meeting_site.py +57 -0
- wxcli/commands/meeting_slido.py +44 -0
- wxcli/commands/meeting_summaries.py +92 -0
- wxcli/commands/meeting_tracking_codes.py +233 -0
- wxcli/commands/meeting_transcripts.py +230 -0
- wxcli/commands/meetings.py +1997 -0
- wxcli/commands/memberships.py +164 -0
- wxcli/commands/messages.py +213 -0
- wxcli/commands/mode_management.py +244 -0
- wxcli/commands/my_call_settings.py +3577 -0
- wxcli/commands/numbers.py +405 -0
- wxcli/commands/operating_modes.py +410 -0
- wxcli/commands/org_contacts.py +284 -0
- wxcli/commands/org_health_cli.py +55 -0
- wxcli/commands/org_settings.py +71 -0
- wxcli/commands/organizations.py +83 -0
- wxcli/commands/paging_group.py +257 -0
- wxcli/commands/partner_admins.py +141 -0
- wxcli/commands/partner_reports.py +188 -0
- wxcli/commands/partner_tags.py +216 -0
- wxcli/commands/people.py +279 -0
- wxcli/commands/person_call_settings.py +71 -0
- wxcli/commands/pstn.py +280 -0
- wxcli/commands/recording_report.py +154 -0
- wxcli/commands/report_templates.py +38 -0
- wxcli/commands/reports.py +144 -0
- wxcli/commands/resource_group_memberships.py +160 -0
- wxcli/commands/resource_groups.py +67 -0
- wxcli/commands/roles.py +63 -0
- wxcli/commands/room_tabs.py +160 -0
- wxcli/commands/rooms.py +225 -0
- wxcli/commands/scim_bulk.py +46 -0
- wxcli/commands/scim_groups.py +246 -0
- wxcli/commands/scim_schemas.py +82 -0
- wxcli/commands/scim_users.py +283 -0
- wxcli/commands/security_audit.py +54 -0
- wxcli/commands/service_apps.py +51 -0
- wxcli/commands/single_number_reach.py +209 -0
- wxcli/commands/team_memberships.py +155 -0
- wxcli/commands/teams.py +153 -0
- wxcli/commands/ucm_profile.py +42 -0
- wxcli/commands/update.py +219 -0
- wxcli/commands/user_settings.py +5116 -0
- wxcli/commands/video_mesh.py +1090 -0
- wxcli/commands/virtual_extensions.py +502 -0
- wxcli/commands/virtual_line_settings.py +2072 -0
- wxcli/commands/webhooks.py +176 -0
- wxcli/commands/wholesale_billing_reports.py +147 -0
- wxcli/commands/wholesale_provisioning.py +523 -0
- wxcli/commands/workspace_locations.py +339 -0
- wxcli/commands/workspace_metrics.py +103 -0
- wxcli/commands/workspace_personalization.py +70 -0
- wxcli/commands/workspace_settings.py +3347 -0
- wxcli/commands/workspaces.py +279 -0
- wxcli/commands/xapi.py +114 -0
- wxcli/config.py +139 -0
- wxcli/errors.py +77 -0
- wxcli/main.py +210 -0
- wxcli/migration/CLAUDE.md +106 -0
- wxcli/migration/__init__.py +1 -0
- wxcli/migration/advisory/CLAUDE.md +196 -0
- wxcli/migration/advisory/__init__.py +46 -0
- wxcli/migration/advisory/advisor.py +107 -0
- wxcli/migration/advisory/advisory_patterns.py +2552 -0
- wxcli/migration/advisory/recommendation_rules.py +835 -0
- wxcli/migration/cucm/CLAUDE.md +74 -0
- wxcli/migration/cucm/__init__.py +5 -0
- wxcli/migration/cucm/connection.py +265 -0
- wxcli/migration/cucm/discovery.py +225 -0
- wxcli/migration/cucm/extractors/__init__.py +1 -0
- wxcli/migration/cucm/extractors/announcements.py +92 -0
- wxcli/migration/cucm/extractors/base.py +90 -0
- wxcli/migration/cucm/extractors/device_profiles.py +98 -0
- wxcli/migration/cucm/extractors/devices.py +193 -0
- wxcli/migration/cucm/extractors/e911.py +103 -0
- wxcli/migration/cucm/extractors/features.py +309 -0
- wxcli/migration/cucm/extractors/helpers.py +73 -0
- wxcli/migration/cucm/extractors/informational.py +295 -0
- wxcli/migration/cucm/extractors/locations.py +221 -0
- wxcli/migration/cucm/extractors/moh.py +100 -0
- wxcli/migration/cucm/extractors/remote_destinations.py +96 -0
- wxcli/migration/cucm/extractors/routing.py +493 -0
- wxcli/migration/cucm/extractors/shared_lines.py +146 -0
- wxcli/migration/cucm/extractors/templates.py +229 -0
- wxcli/migration/cucm/extractors/tier4.py +173 -0
- wxcli/migration/cucm/extractors/users.py +240 -0
- wxcli/migration/cucm/extractors/voicemail.py +243 -0
- wxcli/migration/cucm/extractors/workspaces.py +88 -0
- wxcli/migration/cucm/unity_connection.py +304 -0
- wxcli/migration/execute/CLAUDE.md +372 -0
- wxcli/migration/execute/__init__.py +303 -0
- wxcli/migration/execute/batch.py +277 -0
- wxcli/migration/execute/dependency.py +483 -0
- wxcli/migration/execute/engine.py +964 -0
- wxcli/migration/execute/handlers.py +2232 -0
- wxcli/migration/execute/planner.py +1939 -0
- wxcli/migration/execute/runtime.py +571 -0
- wxcli/migration/export/CLAUDE.md +49 -0
- wxcli/migration/export/__init__.py +8 -0
- wxcli/migration/export/csv_export.py +126 -0
- wxcli/migration/export/deployment_plan.py +479 -0
- wxcli/migration/export/json_export.py +60 -0
- wxcli/migration/models.py +941 -0
- wxcli/migration/phone_models.py +50 -0
- wxcli/migration/preflight/CLAUDE.md +52 -0
- wxcli/migration/preflight/__init__.py +89 -0
- wxcli/migration/preflight/checks.py +911 -0
- wxcli/migration/preflight/runner.py +293 -0
- wxcli/migration/rate_limiter.py +144 -0
- wxcli/migration/report/CLAUDE.md +245 -0
- wxcli/migration/report/__init__.py +7 -0
- wxcli/migration/report/appendix.py +2437 -0
- wxcli/migration/report/assembler.py +183 -0
- wxcli/migration/report/charts.py +263 -0
- wxcli/migration/report/executive.py +776 -0
- wxcli/migration/report/explainer.py +704 -0
- wxcli/migration/report/helpers.py +74 -0
- wxcli/migration/report/ingest.py +152 -0
- wxcli/migration/report/notice_templates.py +192 -0
- wxcli/migration/report/score.py +375 -0
- wxcli/migration/report/styles.py +1052 -0
- wxcli/migration/report/user_diff.py +1052 -0
- wxcli/migration/report/user_notice.py +425 -0
- wxcli/migration/state.py +139 -0
- wxcli/migration/store.py +860 -0
- wxcli/migration/transform/CLAUDE.md +107 -0
- wxcli/migration/transform/__init__.py +12 -0
- wxcli/migration/transform/analysis_pipeline.py +453 -0
- wxcli/migration/transform/analyzers/__init__.py +142 -0
- wxcli/migration/transform/analyzers/css_permission.py +189 -0
- wxcli/migration/transform/analyzers/css_routing.py +335 -0
- wxcli/migration/transform/analyzers/device_compatibility.py +122 -0
- wxcli/migration/transform/analyzers/dn_ambiguity.py +131 -0
- wxcli/migration/transform/analyzers/duplicate_user.py +221 -0
- wxcli/migration/transform/analyzers/extension_conflict.py +173 -0
- wxcli/migration/transform/analyzers/feature_approximation.py +227 -0
- wxcli/migration/transform/analyzers/layout_overflow.py +174 -0
- wxcli/migration/transform/analyzers/location_ambiguity.py +184 -0
- wxcli/migration/transform/analyzers/missing_data.py +300 -0
- wxcli/migration/transform/analyzers/selective_call_handling.py +394 -0
- wxcli/migration/transform/analyzers/shared_line.py +170 -0
- wxcli/migration/transform/analyzers/voicemail_compatibility.py +267 -0
- wxcli/migration/transform/analyzers/workspace_license.py +212 -0
- wxcli/migration/transform/cross_reference.py +1136 -0
- wxcli/migration/transform/cucm_pattern.py +246 -0
- wxcli/migration/transform/decisions.py +301 -0
- wxcli/migration/transform/e164.py +145 -0
- wxcli/migration/transform/engine.py +256 -0
- wxcli/migration/transform/mappers/CLAUDE.md +123 -0
- wxcli/migration/transform/mappers/__init__.py +76 -0
- wxcli/migration/transform/mappers/announcement_mapper.py +122 -0
- wxcli/migration/transform/mappers/base.py +190 -0
- wxcli/migration/transform/mappers/button_template_mapper.py +186 -0
- wxcli/migration/transform/mappers/call_forwarding_mapper.py +228 -0
- wxcli/migration/transform/mappers/call_settings_mapper.py +144 -0
- wxcli/migration/transform/mappers/css_mapper.py +868 -0
- wxcli/migration/transform/mappers/dect_mapper.py +367 -0
- wxcli/migration/transform/mappers/device_layout_mapper.py +289 -0
- wxcli/migration/transform/mappers/device_mapper.py +227 -0
- wxcli/migration/transform/mappers/device_profile_mapper.py +190 -0
- wxcli/migration/transform/mappers/device_settings_mapper.py +464 -0
- wxcli/migration/transform/mappers/e911_mapper.py +129 -0
- wxcli/migration/transform/mappers/ecbn_mapper.py +263 -0
- wxcli/migration/transform/mappers/executive_assistant_mapper.py +156 -0
- wxcli/migration/transform/mappers/feature_mapper.py +1179 -0
- wxcli/migration/transform/mappers/line_mapper.py +310 -0
- wxcli/migration/transform/mappers/location_mapper.py +235 -0
- wxcli/migration/transform/mappers/moh_mapper.py +114 -0
- wxcli/migration/transform/mappers/monitoring_mapper.py +221 -0
- wxcli/migration/transform/mappers/receptionist_mapper.py +245 -0
- wxcli/migration/transform/mappers/routing_mapper.py +821 -0
- wxcli/migration/transform/mappers/snr_mapper.py +201 -0
- wxcli/migration/transform/mappers/softkey_mapper.py +205 -0
- wxcli/migration/transform/mappers/user_mapper.py +264 -0
- wxcli/migration/transform/mappers/voicemail_group_mapper.py +286 -0
- wxcli/migration/transform/mappers/voicemail_mapper.py +514 -0
- wxcli/migration/transform/mappers/workspace_mapper.py +464 -0
- wxcli/migration/transform/normalizers.py +2008 -0
- wxcli/migration/transform/pattern_converter.py +106 -0
- wxcli/migration/transform/pipeline.py +271 -0
- wxcli/migration/transform/rules.py +255 -0
- wxcli/org_health/CLAUDE.md +63 -0
- wxcli/org_health/__init__.py +7 -0
- wxcli/org_health/analyze.py +93 -0
- wxcli/org_health/checks.py +458 -0
- wxcli/org_health/collector.py +62 -0
- wxcli/org_health/models.py +78 -0
- wxcli/org_health/report.py +300 -0
- wxcli/output.py +101 -0
- wxcli-1.2.0.dist-info/METADATA +505 -0
- wxcli-1.2.0.dist-info/RECORD +413 -0
- wxcli-1.2.0.dist-info/WHEEL +5 -0
- wxcli-1.2.0.dist-info/entry_points.txt +2 -0
- wxcli-1.2.0.dist-info/licenses/LICENSE +191 -0
- wxcli-1.2.0.dist-info/scm_file_list.json +751 -0
- wxcli-1.2.0.dist-info/scm_version.json +8 -0
- wxcli-1.2.0.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
---
|
|
2
|
+
paths:
|
|
3
|
+
- "src/wxcli/commands/cleanup.py"
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Cleanup Command
|
|
7
|
+
|
|
8
|
+
`wxcli cleanup run` batch-deletes Webex Calling resources in dependency-safe order.
|
|
9
|
+
|
|
10
|
+
**Flags:**
|
|
11
|
+
- `--scope "Name1,Name2"` — limit to specific locations (by name or ID)
|
|
12
|
+
- `--all` — clean up entire org (required if --scope not given)
|
|
13
|
+
- `--include-users` — also delete users (off by default)
|
|
14
|
+
- `--include-locations` — also delete locations (off by default, includes 90s wait for calling disable propagation)
|
|
15
|
+
- `--exclude-user-domains "wbx.ai,corp.com"` — keep users matching these email domains (use with `--include-users`)
|
|
16
|
+
- `--dry-run` — show what would be deleted without deleting
|
|
17
|
+
- `--max-concurrent N` — parallel deletions per layer (default 5)
|
|
18
|
+
- `--force` — skip confirmation prompt
|
|
19
|
+
|
|
20
|
+
**Deletion order** (13 layers, reverse of creation): dial plans → route lists → route groups → translation patterns → trunks → call features → schedules/operating modes → virtual lines → devices → workspaces → users → numbers → locations.
|
|
21
|
+
|
|
22
|
+
**Known behaviors:**
|
|
23
|
+
- Virtual lines use raw API (not `wxcli virtual-extensions`) due to ID type mismatch bug
|
|
24
|
+
- Location deletion requires disabling calling first + 90s propagation wait
|
|
25
|
+
- Location delete may still 409 after wait — re-run cleanup to retry
|
|
26
|
+
- Calling disable is best-effort — locations where calling is already off are still attempted for deletion
|
|
27
|
+
- Phone numbers are removed before location deletion (max 5 per API request, main numbers skipped)
|
|
28
|
+
- Call parks and call pickups are enumerated per-location (no org-wide list endpoint)
|
|
29
|
+
- Workspaces must be deleted before disable-calling can succeed — API has no location filter, client-side filtering by locationId
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
---
|
|
2
|
+
paths:
|
|
3
|
+
- "src/wxcli/migration/**"
|
|
4
|
+
- "docs/knowledge-base/migration/**"
|
|
5
|
+
- "docs/runbooks/cucm-migration/**"
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# CUCM Migration Context
|
|
9
|
+
|
|
10
|
+
## Agent Invocation Example
|
|
11
|
+
|
|
12
|
+
The builder agent uses phase-per-invocation for migrations:
|
|
13
|
+
1. Spawn agent: "Run CUCM discovery for project X against host Y"
|
|
14
|
+
2. Agent completes discover + normalize + map + analyze, writes session-state, terminates
|
|
15
|
+
3. Spawn fresh agent: "Project X is at ANALYZED. Run decision review and generate report"
|
|
16
|
+
4. Agent completes decisions + report, writes session-state, terminates
|
|
17
|
+
5. Continue pattern through plan → execute
|
|
18
|
+
|
|
19
|
+
## Migration Knowledge Base (Opus Advisor)
|
|
20
|
+
|
|
21
|
+
Structured knowledge base read by the `migration-advisor` agent (Opus) during CUCM migration analysis and decision review. Grounded in the reference docs above + static advisory heuristics. The advisor reads relevant KB docs based on which decision types are present, then applies its own training for edge cases.
|
|
22
|
+
|
|
23
|
+
| Path | Purpose |
|
|
24
|
+
|------|---------|
|
|
25
|
+
| `docs/knowledge-base/migration/kb-css-routing.md` | CSS/partition ordering, dial plan decomposition, calling permissions |
|
|
26
|
+
| `docs/knowledge-base/migration/kb-device-migration.md` | Device replacement paths, firmware conversion, MPP vs PhoneOS/RoomOS |
|
|
27
|
+
| `docs/knowledge-base/migration/kb-trunk-pstn.md` | Trunk topology, LGW vs CCPP, CPN transformation chains |
|
|
28
|
+
| `docs/knowledge-base/migration/kb-feature-mapping.md` | Hunt Group vs Call Queue depth, AA mapping, shared line semantics |
|
|
29
|
+
| `docs/knowledge-base/migration/kb-user-settings.md` | Call forwarding, voicemail, calling permissions, workspace licensing |
|
|
30
|
+
| `docs/knowledge-base/migration/kb-location-design.md` | Device pool → location consolidation, E911, numbering plan |
|
|
31
|
+
| `docs/knowledge-base/migration/kb-identity-numbering.md` | DN ownership, extension conflicts, duplicate users, number porting |
|
|
32
|
+
| `docs/knowledge-base/migration/kb-webex-limits.md` | Platform hard limits, feature gaps, scope requirements (always loaded) |
|
|
33
|
+
|
|
34
|
+
## Migration Operator Runbooks (Phase 2 Transferability)
|
|
35
|
+
|
|
36
|
+
Operator-facing reference docs for the CUCM-to-Webex migration tool. Written for a CUCM-literate SE running their first migration. The cucm-migrate skill points operators here for end-to-end pipeline help, per-decision lookups, and tuning recipes.
|
|
37
|
+
|
|
38
|
+
| Path | Purpose |
|
|
39
|
+
|------|---------|
|
|
40
|
+
| `docs/runbooks/cucm-migration/operator-runbook.md` | Operator runbook — end-to-end pipeline walkthrough, prerequisites, failure recovery |
|
|
41
|
+
| `docs/runbooks/cucm-migration/decision-guide.md` | Decision guide — one entry per DecisionType + advisory pattern, with override criteria |
|
|
42
|
+
| `docs/runbooks/cucm-migration/tuning-reference.md` | Tuning reference — config keys, auto-rules, score weights, 5 worked recipes |
|
|
43
|
+
|
|
44
|
+
**When handling CUCM migration questions:** Read `operator-runbook.md` first for the pipeline walkthrough and `decision-guide.md` for per-decision interpretation. Read `tuning-reference.md` when discussing customer environment shapes (the 5 worked recipes), config tuning, or recurring decision patterns. The `cucm-migrate` skill loads these references automatically when `/cucm-migrate` is invoked; this instruction covers ad-hoc CUCM questions sent to `wxc-calling-builder` or other agents outside the skill flow.
|
|
45
|
+
|
|
46
|
+
## CUCM→Webex Migration Tool (All 11 phases complete)
|
|
47
|
+
|
|
48
|
+
The migration tool is wired into the CLI as `wxcli cucm <command>`. Use `/cucm-migrate` to execute a migration after running the pipeline.
|
|
49
|
+
|
|
50
|
+
**To run a migration:** `wxcli cucm init` → `discover` → `normalize` → `map` → `analyze` → `decisions` → `plan` → `preflight` → `export` → then invoke `/cucm-migrate`.
|
|
51
|
+
|
|
52
|
+
**Migration advisory workflow:** During `/cucm-migrate`, the cucm-migrate skill delegates to the `migration-advisor` agent (Opus) at two points: (1) after pipeline verification, it produces a `migration-narrative.md` with cross-decision analysis, dissent flags, and risk assessment; (2) during decision review, it presents advisories and recommendations with CCIE-level contextual explanation, grounded in the knowledge base at `docs/knowledge-base/migration/`. The static heuristics (`recommendation_rules.py`, `advisory_patterns.py`) remain the backbone — the Opus layer adds interpretation and structured dissent when heuristics are likely wrong. Falls back to mechanical presentation if the advisor agent is unavailable.
|
|
53
|
+
|
|
54
|
+
**To generate an assessment report:** `wxcli cucm init` → `discover` (or `discover --from-file`) → `normalize` → `map` → `analyze` → `report --brand "..." --prepared-by "..."`. Does not require plan/preflight/export — the report reads directly from the post-analyze store.
|
|
55
|
+
|
|
56
|
+
**To generate a per-user diff:** `wxcli cucm init` → `discover` → `normalize` → `map` → `analyze` → `user-diff`. Does not require plan/preflight/export.
|
|
57
|
+
|
|
58
|
+
**To generate a user communication notice:** `wxcli cucm init` → `discover` → `normalize` → `map` → `analyze` → `user-notice --brand "..." --migration-date "..." --helpdesk "..."`. Does not require plan/preflight/export.
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
---
|
|
2
|
+
paths:
|
|
3
|
+
- "src/wxcli/org_health/**"
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Org Health Assessment
|
|
7
|
+
|
|
8
|
+
Live Webex Calling org audit. Deterministic Python checks against collected JSON — no LLM analysis. Reuses the migration report's CSS design system and chart functions.
|
|
9
|
+
|
|
10
|
+
Implementation lives inside the installed wxcli package; run it via `wxcli org-health`.
|
|
11
|
+
|
|
12
|
+
**To run:** Builder agent → "audit my org" → `org-health` skill orchestrates 3 phases (collect via wxcli → analyze via `wxcli org-health analyze` → report via `wxcli org-health report`).
|
|
13
|
+
|
|
14
|
+
**Check categories:** Security Posture (4), Routing Hygiene (3), Feature Utilization (6), Device Health (5).
|
|
@@ -0,0 +1,515 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: audit-compliance
|
|
3
|
+
description: |
|
|
4
|
+
Pull and analyze Webex audit logs, security events, and compliance data.
|
|
5
|
+
Covers admin audit trail, security audit events, authorization review,
|
|
6
|
+
and service app credential management. Guides from query design through export.
|
|
7
|
+
NOT for: org health assessment (use org-health skill), CDR/call analytics (use reporting skill),
|
|
8
|
+
or license auditing (use manage-licensing skill).
|
|
9
|
+
allowed-tools: Read, Grep, Glob, Bash
|
|
10
|
+
argument-hint: [audit-type -- e.g. "admin audit", "security events", "compliance review", "authorization check"]
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
# Audit & Compliance Workflow
|
|
14
|
+
|
|
15
|
+
**Checkpoint — do NOT proceed until you can answer these:**
|
|
16
|
+
1. What date parameter format do audit event APIs require? (Answer: ISO 8601 format with timezone — e.g., `2026-03-01T00:00:00.000Z`. Queries without timezone may return unexpected results.)
|
|
17
|
+
2. What is the difference between admin audit events and security audit events? (Answer: Admin audit tracks configuration changes by admins. Security audit tracks login events, token grants, and authorization changes.)
|
|
18
|
+
|
|
19
|
+
If you cannot answer both, you skipped reading this skill. Go back and read it.
|
|
20
|
+
|
|
21
|
+
## Step 1: Load references
|
|
22
|
+
|
|
23
|
+
1. Read `docs/reference/admin-audit-security.md` for audit event APIs, security audit scopes, event categories, and date parameter conventions
|
|
24
|
+
|
|
25
|
+
**Mandatory --help verification:** Before constructing any wxcli command, run `wxcli <group> --help` to verify the subcommand exists, then `wxcli <group> <subcommand> --help` to verify the exact flags (e.g. `wxcli audit-events list --help` and `wxcli security-audit --help` — date/range parameter names are spec-generated, not guessable). Do NOT rely on examples in this skill or reference docs — the CLI is auto-generated and flag names may differ from what documentation suggests.
|
|
26
|
+
|
|
27
|
+
## Step 2: Verify auth token
|
|
28
|
+
|
|
29
|
+
Before any API calls, confirm the user has a working auth token:
|
|
30
|
+
|
|
31
|
+
```bash
|
|
32
|
+
wxcli whoami
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
If this fails, stop and resolve authentication first (`wxcli configure`).
|
|
36
|
+
|
|
37
|
+
### Required scopes by audit type
|
|
38
|
+
|
|
39
|
+
| Audit Type | CLI Group | Scope | Date Params | Notes |
|
|
40
|
+
|------------|-----------|-------|-------------|-------|
|
|
41
|
+
| Admin audit events | `audit-events` | Standard admin token | `--from` / `--to` | Full or read-only admin. No special scope beyond admin auth. |
|
|
42
|
+
| Security audit events | `security-audit` | `audit:events_read` | `--start-time` / `--end-time` | Specifically required. Standard admin token without this scope returns 401/403. |
|
|
43
|
+
| Platform events (compliance) | `events` | Standard admin token | `--from` / `--to` | Full or read-only admin. Compliance officer role also works. |
|
|
44
|
+
| Authorizations review | `authorizations` | Standard admin token | N/A | Lists OAuth grants for users and the org. Full admin required for delete. |
|
|
45
|
+
| Service app tokens | `service-apps` | Admin + service app credentials | N/A | Requires `client-id`, `client-secret`, and `target-org-id`. |
|
|
46
|
+
|
|
47
|
+
### Verification gate
|
|
48
|
+
|
|
49
|
+
Run a quick probe for the audit type the user needs. If it fails, stop and fix auth before proceeding.
|
|
50
|
+
|
|
51
|
+
```bash
|
|
52
|
+
# Admin audit — verify access
|
|
53
|
+
wxcli audit-events list-event-categories -o json
|
|
54
|
+
|
|
55
|
+
# Security audit — verify audit:events_read scope
|
|
56
|
+
wxcli security-audit list \
|
|
57
|
+
--start-time "2026-03-18T00:00:00.000Z" \
|
|
58
|
+
--end-time "2026-03-19T00:00:00.000Z" \
|
|
59
|
+
--limit 1 \
|
|
60
|
+
-o json
|
|
61
|
+
|
|
62
|
+
# Platform events — verify access
|
|
63
|
+
wxcli events list \
|
|
64
|
+
--from "2026-03-18T00:00:00.000Z" \
|
|
65
|
+
--to "2026-03-19T00:00:00.000Z" \
|
|
66
|
+
--limit 1 \
|
|
67
|
+
-o json
|
|
68
|
+
|
|
69
|
+
# Authorizations — verify access
|
|
70
|
+
wxcli authorizations show -o json
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
If the probe returns 401/403, the token lacks the required scope. Resolve before continuing.
|
|
74
|
+
|
|
75
|
+
## Step 3: Identify the operation
|
|
76
|
+
|
|
77
|
+
Ask the user what they want to investigate. Present this decision matrix if they are unsure:
|
|
78
|
+
|
|
79
|
+
| Need | Operation | CLI Group |
|
|
80
|
+
|------|-----------|-----------|
|
|
81
|
+
| Who changed what in Control Hub | Admin audit events | `audit-events` |
|
|
82
|
+
| Security incidents (failed logins, policy changes) | Security audit events | `security-audit` |
|
|
83
|
+
| Compliance review (messages, calls, meetings) | Platform events | `events` |
|
|
84
|
+
| Review OAuth grants and integrations | Authorization audit | `authorizations` |
|
|
85
|
+
| Create/rotate service app credentials | Service app token | `service-apps` |
|
|
86
|
+
| List available audit event categories | Category reference | `audit-events` |
|
|
87
|
+
|
|
88
|
+
## Step 4: Check prerequisites
|
|
89
|
+
|
|
90
|
+
### 4a. Confirm date range and filters
|
|
91
|
+
|
|
92
|
+
All audit queries require scoping. Confirm with the user:
|
|
93
|
+
|
|
94
|
+
1. **Date range** — What period to cover? Use ISO 8601 format (`2026-03-18T00:00:00.000Z`).
|
|
95
|
+
2. **Filters** — Any specific actor (admin/user), event category, resource type, or event type?
|
|
96
|
+
3. **Date parameter names** — `audit-events` and `events` use `--from`/`--to`. `security-audit` uses `--start-time`/`--end-time`. Mixing them produces errors.
|
|
97
|
+
|
|
98
|
+
### 4b. Resolve actor IDs if filtering by person
|
|
99
|
+
|
|
100
|
+
If the user wants to filter by a specific admin or user, resolve their person ID first:
|
|
101
|
+
|
|
102
|
+
```bash
|
|
103
|
+
wxcli people list --email "admin@company.com" -o json
|
|
104
|
+
```
|
|
105
|
+
|
|
106
|
+
For event category filtering on admin audit, discover available categories:
|
|
107
|
+
|
|
108
|
+
```bash
|
|
109
|
+
wxcli audit-events list-event-categories -o json
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
This returns the exact category names (treat as case-sensitive — always use exact values from this list).
|
|
113
|
+
|
|
114
|
+
## Step 5: Build and present deployment plan -- [SHOW BEFORE EXECUTING]
|
|
115
|
+
|
|
116
|
+
Present the query plan to the user for approval before executing. Include:
|
|
117
|
+
|
|
118
|
+
1. **Which API** — `audit-events`, `security-audit`, `events`, `authorizations`, or `service-apps`
|
|
119
|
+
2. **Date range** — Start and end dates, using the correct parameter names for the chosen API
|
|
120
|
+
3. **Filters** — Actor ID, event category, resource type, event type (if any)
|
|
121
|
+
4. **Output format and destination** — Screen display, file export, or pipe to analysis
|
|
122
|
+
5. **Destructive operations** — Flag any delete/revoke operations and require explicit confirmation
|
|
123
|
+
|
|
124
|
+
Example plan format:
|
|
125
|
+
|
|
126
|
+
```
|
|
127
|
+
Audit Query Plan:
|
|
128
|
+
API: wxcli security-audit list
|
|
129
|
+
Date range: 2026-03-12 to 2026-03-19 (--start-time / --end-time)
|
|
130
|
+
Filters: --event-categories "Logins"
|
|
131
|
+
Output: JSON to screen
|
|
132
|
+
Destructive: No
|
|
133
|
+
```
|
|
134
|
+
|
|
135
|
+
**Do not proceed to Step 6 until the user approves the plan.**
|
|
136
|
+
|
|
137
|
+
## Step 6: Execute via wxcli
|
|
138
|
+
|
|
139
|
+
Execute the approved query plan. Jump to the sub-step matching the audit type identified in Step 3.
|
|
140
|
+
|
|
141
|
+
### 6a. Admin audit events (`audit-events`)
|
|
142
|
+
|
|
143
|
+
Use `wxcli audit-events` to see who changed what in Control Hub. Every admin action is logged: user created, setting changed, license assigned, location modified, policy updated.
|
|
144
|
+
|
|
145
|
+
**List audit events with a date range:**
|
|
146
|
+
|
|
147
|
+
```bash
|
|
148
|
+
wxcli audit-events list \
|
|
149
|
+
--from "2026-03-18T00:00:00.000Z" \
|
|
150
|
+
--to "2026-03-19T00:00:00.000Z" \
|
|
151
|
+
-o json
|
|
152
|
+
```
|
|
153
|
+
|
|
154
|
+
**Filter by admin (actor):**
|
|
155
|
+
|
|
156
|
+
```bash
|
|
157
|
+
wxcli audit-events list \
|
|
158
|
+
--actor-id "Y2lzY29zcGFyazovL3VzL1BFT1BMRS8xMjM0" \
|
|
159
|
+
--from "2026-03-01T00:00:00.000Z" \
|
|
160
|
+
--to "2026-03-19T00:00:00.000Z" \
|
|
161
|
+
-o json
|
|
162
|
+
```
|
|
163
|
+
|
|
164
|
+
**Filter by event category:**
|
|
165
|
+
|
|
166
|
+
```bash
|
|
167
|
+
wxcli audit-events list \
|
|
168
|
+
--event-categories "Users" \
|
|
169
|
+
--from "2026-03-01T00:00:00.000Z" \
|
|
170
|
+
--to "2026-03-19T00:00:00.000Z" \
|
|
171
|
+
-o json
|
|
172
|
+
```
|
|
173
|
+
|
|
174
|
+
**Limit results for a quick check:**
|
|
175
|
+
|
|
176
|
+
```bash
|
|
177
|
+
wxcli audit-events list \
|
|
178
|
+
--from "2026-03-18T00:00:00.000Z" \
|
|
179
|
+
--to "2026-03-19T00:00:00.000Z" \
|
|
180
|
+
--limit 50 \
|
|
181
|
+
-o json
|
|
182
|
+
```
|
|
183
|
+
|
|
184
|
+
### 6b. Security audit events (`security-audit`)
|
|
185
|
+
|
|
186
|
+
Use `wxcli security-audit` for security-related events: login failures, suspicious activity, security policy changes, authentication anomalies. This is the API to use when investigating security incidents or feeding events into an external SIEM.
|
|
187
|
+
|
|
188
|
+
**List security events for a date range:**
|
|
189
|
+
|
|
190
|
+
```bash
|
|
191
|
+
wxcli security-audit list \
|
|
192
|
+
--start-time "2026-03-12T00:00:00.000Z" \
|
|
193
|
+
--end-time "2026-03-19T00:00:00.000Z" \
|
|
194
|
+
-o json
|
|
195
|
+
```
|
|
196
|
+
|
|
197
|
+
Note: `security-audit` uses `--start-time`/`--end-time`, NOT `--from`/`--to` like the other audit APIs.
|
|
198
|
+
|
|
199
|
+
**Filter by actor:**
|
|
200
|
+
|
|
201
|
+
```bash
|
|
202
|
+
wxcli security-audit list \
|
|
203
|
+
--actor-id "Y2lzY29zcGFyazovL3VzL1BFT1BMRS8xMjM0" \
|
|
204
|
+
--start-time "2026-03-01T00:00:00.000Z" \
|
|
205
|
+
--end-time "2026-03-19T00:00:00.000Z" \
|
|
206
|
+
-o json
|
|
207
|
+
```
|
|
208
|
+
|
|
209
|
+
**Filter by event category:**
|
|
210
|
+
|
|
211
|
+
```bash
|
|
212
|
+
wxcli security-audit list \
|
|
213
|
+
--event-categories "Logins" \
|
|
214
|
+
--start-time "2026-03-18T00:00:00.000Z" \
|
|
215
|
+
--end-time "2026-03-19T00:00:00.000Z" \
|
|
216
|
+
-o json
|
|
217
|
+
```
|
|
218
|
+
|
|
219
|
+
**Export for SIEM ingestion:**
|
|
220
|
+
|
|
221
|
+
```bash
|
|
222
|
+
# Pull the last 7 days of security events as JSON file
|
|
223
|
+
wxcli security-audit list \
|
|
224
|
+
--start-time "2026-03-12T00:00:00.000Z" \
|
|
225
|
+
--end-time "2026-03-19T00:00:00.000Z" \
|
|
226
|
+
-o json > security_events_export.json
|
|
227
|
+
|
|
228
|
+
# For ongoing daily ingestion, use a 24-hour window
|
|
229
|
+
wxcli security-audit list \
|
|
230
|
+
--start-time "2026-03-18T00:00:00.000Z" \
|
|
231
|
+
--end-time "2026-03-19T00:00:00.000Z" \
|
|
232
|
+
-o json >> siem_feed.json
|
|
233
|
+
```
|
|
234
|
+
|
|
235
|
+
### 6c. Platform events — compliance (`events`)
|
|
236
|
+
|
|
237
|
+
Use `wxcli events` for general Webex platform activity: messages created/deleted, calls placed, meetings held, memberships changed. This is the API for compliance reviews, eDiscovery, and building integrations that react to platform activity.
|
|
238
|
+
|
|
239
|
+
**List events with a date range:**
|
|
240
|
+
|
|
241
|
+
```bash
|
|
242
|
+
wxcli events list \
|
|
243
|
+
--from "2026-03-18T00:00:00.000Z" \
|
|
244
|
+
--to "2026-03-19T00:00:00.000Z" \
|
|
245
|
+
-o json
|
|
246
|
+
```
|
|
247
|
+
|
|
248
|
+
**Filter by resource type:**
|
|
249
|
+
|
|
250
|
+
```bash
|
|
251
|
+
# Only calling events
|
|
252
|
+
wxcli events list \
|
|
253
|
+
--service-type calling \
|
|
254
|
+
--from "2026-03-18T00:00:00.000Z" \
|
|
255
|
+
--to "2026-03-19T00:00:00.000Z" \
|
|
256
|
+
-o json
|
|
257
|
+
|
|
258
|
+
# Only message events
|
|
259
|
+
wxcli events list \
|
|
260
|
+
--resource messages \
|
|
261
|
+
--from "2026-03-18T00:00:00.000Z" \
|
|
262
|
+
--to "2026-03-19T00:00:00.000Z" \
|
|
263
|
+
-o json
|
|
264
|
+
```
|
|
265
|
+
|
|
266
|
+
**Filter by event type:**
|
|
267
|
+
|
|
268
|
+
```bash
|
|
269
|
+
# Deleted resources (compliance/eDiscovery)
|
|
270
|
+
wxcli events list \
|
|
271
|
+
--type deleted \
|
|
272
|
+
--from "2026-03-18T00:00:00.000Z" \
|
|
273
|
+
--to "2026-03-19T00:00:00.000Z" \
|
|
274
|
+
-o json
|
|
275
|
+
|
|
276
|
+
# Created messages only
|
|
277
|
+
wxcli events list \
|
|
278
|
+
--resource messages \
|
|
279
|
+
--type created \
|
|
280
|
+
--from "2026-03-18T00:00:00.000Z" \
|
|
281
|
+
--to "2026-03-19T00:00:00.000Z" \
|
|
282
|
+
-o json
|
|
283
|
+
```
|
|
284
|
+
|
|
285
|
+
**Compliance review for a specific user:**
|
|
286
|
+
|
|
287
|
+
```bash
|
|
288
|
+
# Get the user's person ID (if not already resolved in Step 4b)
|
|
289
|
+
wxcli people list --email "user@company.com" -o json
|
|
290
|
+
|
|
291
|
+
# Pull all events for that user
|
|
292
|
+
wxcli events list \
|
|
293
|
+
--actor-id "Y2lzY29zcGFyazovL3VzL1BFT1BMRS8xMjM0" \
|
|
294
|
+
--from "2026-03-01T00:00:00.000Z" \
|
|
295
|
+
--to "2026-03-19T00:00:00.000Z" \
|
|
296
|
+
-o json
|
|
297
|
+
|
|
298
|
+
# Get full details on a specific event
|
|
299
|
+
wxcli events show "Y2lzY29zcGFyazovL3VzL0VWRU5ULzU2Nzg5"
|
|
300
|
+
```
|
|
301
|
+
|
|
302
|
+
**Event resource types reference:**
|
|
303
|
+
|
|
304
|
+
| Resource | Description |
|
|
305
|
+
|----------|-------------|
|
|
306
|
+
| `messages` | Messages sent/deleted in rooms |
|
|
307
|
+
| `memberships` | Room membership changes |
|
|
308
|
+
| `rooms` | Room creation/updates |
|
|
309
|
+
| `telephony_calls` | Webex Calling call events |
|
|
310
|
+
| `meetings` | Meeting events |
|
|
311
|
+
| `recordings` | Recording events |
|
|
312
|
+
| `meetingMessages` | In-meeting chat messages |
|
|
313
|
+
|
|
314
|
+
**Event types reference:**
|
|
315
|
+
|
|
316
|
+
| Type | Description |
|
|
317
|
+
|------|-------------|
|
|
318
|
+
| `created` | Resource was created |
|
|
319
|
+
| `updated` | Resource was updated |
|
|
320
|
+
| `deleted` | Resource was deleted |
|
|
321
|
+
| `ended` | Resource ended (calls, meetings) |
|
|
322
|
+
|
|
323
|
+
### 6d. Authorization audit (`authorizations`)
|
|
324
|
+
|
|
325
|
+
Use `wxcli authorizations` to review OAuth grants and integrations authorized in the org. This reveals which third-party apps and integrations have access to user or org data.
|
|
326
|
+
|
|
327
|
+
**List authorizations for a user:**
|
|
328
|
+
|
|
329
|
+
```bash
|
|
330
|
+
# By email
|
|
331
|
+
wxcli authorizations list --person-email "user@company.com" -o json
|
|
332
|
+
|
|
333
|
+
# By person ID
|
|
334
|
+
wxcli authorizations list --person-id "Y2lzY29zcGFyazovL3VzL1BFT1BMRS8xMjM0" -o json
|
|
335
|
+
```
|
|
336
|
+
|
|
337
|
+
**Check token expiration status:**
|
|
338
|
+
|
|
339
|
+
```bash
|
|
340
|
+
wxcli authorizations show -o json
|
|
341
|
+
```
|
|
342
|
+
|
|
343
|
+
**Revoke an OAuth authorization by client ID:**
|
|
344
|
+
|
|
345
|
+
This is destructive -- it revokes access for an integration across the org. Always confirm with the user before executing.
|
|
346
|
+
|
|
347
|
+
```bash
|
|
348
|
+
# Revoke an integration's OAuth grant by its client ID
|
|
349
|
+
wxcli authorizations delete --client-id "C1234567890abcdef" --force
|
|
350
|
+
```
|
|
351
|
+
|
|
352
|
+
**Delete a specific authorization by ID:**
|
|
353
|
+
|
|
354
|
+
This is destructive -- it removes a specific authorization. Always confirm with the user before executing.
|
|
355
|
+
|
|
356
|
+
```bash
|
|
357
|
+
wxcli authorizations delete-authorizations "Y2lzY29zcGFyazovL3VzL0FVVEhPUklaQVRJT04vMTIz" --force
|
|
358
|
+
```
|
|
359
|
+
|
|
360
|
+
### 6e. Service app credential management (`service-apps`)
|
|
361
|
+
|
|
362
|
+
Use `wxcli service-apps` to create access tokens for service applications. Service apps are non-interactive integrations that act on behalf of an org.
|
|
363
|
+
|
|
364
|
+
**Create a service app access token:**
|
|
365
|
+
|
|
366
|
+
```bash
|
|
367
|
+
wxcli service-apps create APPLICATION_ID \
|
|
368
|
+
--client-id "C1234567890abcdef" \
|
|
369
|
+
--client-secret "secret_value_here" \
|
|
370
|
+
--target-org-id "Y2lzY29zcGFyazovL3VzL09SR0FOSVpBVElPTi8xMjM0"
|
|
371
|
+
```
|
|
372
|
+
|
|
373
|
+
The returned token is short-lived. Store it immediately -- the secret is only shown once at creation time.
|
|
374
|
+
|
|
375
|
+
## Step 7: Verify
|
|
376
|
+
|
|
377
|
+
After executing the query, verify the results are correct and complete.
|
|
378
|
+
|
|
379
|
+
### Quick verification checks
|
|
380
|
+
|
|
381
|
+
1. **Non-empty results** — If the query returned empty, check: date range too narrow? Wrong filter values? Misspelled `--resource` type (returns empty, not error)?
|
|
382
|
+
2. **Expected scope** — Do results cover the expected time period and event types?
|
|
383
|
+
3. **Actor correlation** — If filtering by actor, confirm the returned events match the expected admin/user.
|
|
384
|
+
|
|
385
|
+
### Spot-check a specific record
|
|
386
|
+
|
|
387
|
+
```bash
|
|
388
|
+
# For platform events, get full details on one event
|
|
389
|
+
wxcli events show "EVENT_ID_FROM_RESULTS"
|
|
390
|
+
|
|
391
|
+
# For admin audit, re-query a narrow window to confirm
|
|
392
|
+
wxcli audit-events list \
|
|
393
|
+
--from "2026-03-18T12:00:00.000Z" \
|
|
394
|
+
--to "2026-03-18T13:00:00.000Z" \
|
|
395
|
+
--limit 5 \
|
|
396
|
+
-o json
|
|
397
|
+
```
|
|
398
|
+
|
|
399
|
+
## Step 8: Report results
|
|
400
|
+
|
|
401
|
+
After retrieving and verifying audit data, analyze and present the results.
|
|
402
|
+
|
|
403
|
+
### Summarize admin changes by category
|
|
404
|
+
|
|
405
|
+
```bash
|
|
406
|
+
wxcli audit-events list \
|
|
407
|
+
--from "2026-03-01T00:00:00.000Z" \
|
|
408
|
+
--to "2026-03-19T00:00:00.000Z" \
|
|
409
|
+
-o json | python3.11 -c "
|
|
410
|
+
import json, sys
|
|
411
|
+
from collections import Counter
|
|
412
|
+
data = json.load(sys.stdin)
|
|
413
|
+
if isinstance(data, dict):
|
|
414
|
+
data = data.get('items', [data])
|
|
415
|
+
categories = Counter(e.get('eventCategory', 'Unknown') for e in data)
|
|
416
|
+
for cat, count in categories.most_common():
|
|
417
|
+
print(f'{cat}: {count} events')
|
|
418
|
+
"
|
|
419
|
+
```
|
|
420
|
+
|
|
421
|
+
### Identify most active admins
|
|
422
|
+
|
|
423
|
+
```bash
|
|
424
|
+
wxcli audit-events list \
|
|
425
|
+
--from "2026-03-01T00:00:00.000Z" \
|
|
426
|
+
--to "2026-03-19T00:00:00.000Z" \
|
|
427
|
+
-o json | python3.11 -c "
|
|
428
|
+
import json, sys
|
|
429
|
+
from collections import Counter
|
|
430
|
+
data = json.load(sys.stdin)
|
|
431
|
+
if isinstance(data, dict):
|
|
432
|
+
data = data.get('items', [data])
|
|
433
|
+
actors = Counter(e.get('actorEmail', e.get('actorId', 'Unknown')) for e in data)
|
|
434
|
+
for actor, count in actors.most_common(10):
|
|
435
|
+
print(f'{actor}: {count} actions')
|
|
436
|
+
"
|
|
437
|
+
```
|
|
438
|
+
|
|
439
|
+
### Count events by resource type
|
|
440
|
+
|
|
441
|
+
```bash
|
|
442
|
+
wxcli events list \
|
|
443
|
+
--from "2026-03-18T00:00:00.000Z" \
|
|
444
|
+
--to "2026-03-19T00:00:00.000Z" \
|
|
445
|
+
-o json | python3.11 -c "
|
|
446
|
+
import json, sys
|
|
447
|
+
from collections import Counter
|
|
448
|
+
data = json.load(sys.stdin)
|
|
449
|
+
if isinstance(data, dict):
|
|
450
|
+
data = data.get('items', [data])
|
|
451
|
+
resources = Counter(e.get('resource', 'Unknown') for e in data)
|
|
452
|
+
for res, count in resources.most_common():
|
|
453
|
+
print(f'{res}: {count} events')
|
|
454
|
+
"
|
|
455
|
+
```
|
|
456
|
+
|
|
457
|
+
### List all OAuth integrations for a user
|
|
458
|
+
|
|
459
|
+
```bash
|
|
460
|
+
wxcli authorizations list --person-email "user@company.com" -o json | python3.11 -c "
|
|
461
|
+
import json, sys
|
|
462
|
+
data = json.load(sys.stdin)
|
|
463
|
+
if isinstance(data, dict):
|
|
464
|
+
data = data.get('items', [data])
|
|
465
|
+
for auth in data:
|
|
466
|
+
print(f\"App: {auth.get('applicationName', 'Unknown')} | Client: {auth.get('clientId', 'N/A')} | Scope: {auth.get('scope', 'N/A')}\")
|
|
467
|
+
"
|
|
468
|
+
```
|
|
469
|
+
|
|
470
|
+
---
|
|
471
|
+
|
|
472
|
+
## Critical Rules
|
|
473
|
+
|
|
474
|
+
1. **`audit-events` and `security-audit` are different APIs with different scopes.** `audit-events` = admin changes in Control Hub, works with standard admin token. `security-audit` = security/login events, requires `audit:events_read` scope. Do not confuse them.
|
|
475
|
+
2. **`security-audit` requires `audit:events_read` scope specifically.** A standard admin token without this scope returns 401 or 403. If you get a scope error on `security-audit list`, the token needs the `audit:events_read` scope added.
|
|
476
|
+
3. **Date range filtering is essential.** Without date parameters, you get the full event stream, which can be enormous and slow. Always specify a date range.
|
|
477
|
+
4. **Date parameter names differ across APIs.** `audit-events` and `events` use `--from`/`--to`. `security-audit` uses `--start-time`/`--end-time`. Mixing them up produces errors. See Step 2 scopes table for the mapping.
|
|
478
|
+
5. **Events API covers all platform events, not just calling.** Filter by `--resource` and `--type` to narrow results. Use `--service-type calling` to scope to Webex Calling events only.
|
|
479
|
+
6. **`authorizations delete` revokes access -- this is destructive.** It removes an OAuth grant by client ID across the org. Always confirm with the user before executing. `delete-authorizations` removes a specific authorization by ID.
|
|
480
|
+
7. **Service app token creation returns a short-lived token.** Store it immediately. The credentials (`client-secret`) are only shown once at creation time and cannot be retrieved later.
|
|
481
|
+
8. **Always show the query plan before executing (Step 5).** Present which API, date range, filters, and output format to the user for confirmation before running queries.
|
|
482
|
+
9. **ISO 8601 datetime format required.** All date parameters expect ISO 8601 format: `2026-03-18T00:00:00.000Z`. Other formats return errors or unexpected results.
|
|
483
|
+
10. **Event categories — treat as case-sensitive.** Always run `wxcli audit-events list-event-categories` first (Step 4b) to discover the exact category names before filtering. Use exact values from the list output.
|
|
484
|
+
11. **`events list` resource types are not validated client-side.** Misspelled `--resource` values return empty result sets, not errors. Use the known resource types listed in Step 6c.
|
|
485
|
+
|
|
486
|
+
---
|
|
487
|
+
|
|
488
|
+
## Scope Quick Reference
|
|
489
|
+
|
|
490
|
+
| Scope | Grants Access To |
|
|
491
|
+
|-------|-----------------|
|
|
492
|
+
| Standard admin token | Admin audit events (`wxcli audit-events`), platform events (`wxcli events`), authorizations (`wxcli authorizations`) |
|
|
493
|
+
| `audit:events_read` | Security audit events (`wxcli security-audit`) |
|
|
494
|
+
| Compliance officer role | Platform events with compliance-level access (`wxcli events`) |
|
|
495
|
+
|
|
496
|
+
---
|
|
497
|
+
|
|
498
|
+
## Error Handling
|
|
499
|
+
|
|
500
|
+
| Error | Cause | Fix |
|
|
501
|
+
|-------|-------|-----|
|
|
502
|
+
| 401/403 on `security-audit list` | Token missing `audit:events_read` scope | Regenerate token with `audit:events_read` scope or use a service app with that scope |
|
|
503
|
+
| Empty results from `events list` | Wrong `--resource` value or no events in date range | Check resource type spelling against Step 6c resource types table; widen the date range |
|
|
504
|
+
| 403 on `authorizations list` | Insufficient admin privileges | Requires full admin, not read-only |
|
|
505
|
+
| Empty results from `audit-events list` | Date range too narrow or no admin activity | Widen the date range; verify org has admin activity in that period |
|
|
506
|
+
| 400 on date parameters | Wrong date format or wrong parameter names for the API | Use ISO 8601 (`2026-03-18T00:00:00.000Z`); check Step 2 table for which date params the API expects |
|
|
507
|
+
|
|
508
|
+
---
|
|
509
|
+
|
|
510
|
+
## Context Compaction Recovery
|
|
511
|
+
|
|
512
|
+
If context compacts mid-execution, recover by:
|
|
513
|
+
1. Read `docs/reference/admin-audit-security.md` to recover API details, scopes, and date parameter conventions
|
|
514
|
+
2. Check what data has already been retrieved by reviewing recent command output
|
|
515
|
+
3. Resume from the first incomplete step
|