Operative Namespace
@webframp
one old devop
30 extensions
@webframp/aws/alarm-investigation
CloudWatch alarm investigation and triage model. Enriches CloudWatch alarms with metric activity, SNS subscription data, state-change history, and a verdict classifying each alarm as one of: healthy, stale, silent, noisy, orphaned, or unknown. ## Authentication Uses the default AWS credential chain (environment variables, shared config, instance profiles, ECS task roles). No credentials are stored in swamp. ## Required IAM Permissions ```json { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmHistory", "cloudwatch:GetMetricStatistics", "sns:ListSubscriptionsByTopic" ], "Resource": "*" } ``` ## Methods ### investigate Deep-dive enrichment for a single alarm by name. Fetches metric activity for the last 24 hours, state-change history for the last 7 days, and SNS topic subscription counts. Assigns a verdict and writes one `alarm_detail` resource. ``` swamp model method run <name> investigate alarmName="MyAlarm" ``` ### triage Fan-out enrichment across all (or filtered) alarms in the account. Writes one `alarm_detail` resource per alarm plus a `triage_summary` resource with aggregate verdict and state counts. ``` swamp model method run <name> triage swamp model method run <name> triage stateFilter=ALARM limit=50 ``` ## Verdict Classifications | Verdict | Condition | |-----------|--------------------------------------------------------------| | orphaned | INSUFFICIENT_DATA for > 365 days | | silent | In ALARM with no alarm actions configured | | stale | In ALARM for > 180 days | | noisy | > 5 state changes in the last 7 days | | healthy | OK, has actions, and has recent metric data points | | unknown | None of the above patterns matched |
@webframp/terraform
Read Terraform and OpenTofu state via CLI and marshal into swamp data. Shells out to `terraform show -json` (or `tofu show -json`) to read state from any configured backend, then writes swamp resources keyed by Terraform resource address for CEL consumption in workflows and reports. Supports workspace selection and binary switching between Terraform and OpenTofu via global arguments. ## Quick Start ```bash swamp extension pull @webframp/terraform swamp model create @webframp/terraform tf-infra \ --global-arg workDir=/path/to/terraform/repo ```
@webframp/cloudflare-audit
Cloudflare security and configuration audit workflow. Inspects zone settings, DNS records, WAF rules, Workers, and cache configuration, then generates a severity-rated report with findings and recommendations. ## Quick Start ```bash swamp extension pull @webframp/cloudflare-audit swamp model create @webframp/cloudflare/zone cf-zone \ --global-arg apiToken=CLOUDFLARE_API_TOKEN swamp model create @webframp/cloudflare/dns cf-dns \ --global-arg apiToken=CLOUDFLARE_API_TOKEN --global-arg zoneId=ZONE_ID swamp model create @webframp/cloudflare/waf cf-waf \ --global-arg apiToken=CLOUDFLARE_API_TOKEN --global-arg zoneId=ZONE_ID swamp model create @webframp/cloudflare/worker cf-worker \ --global-arg apiToken=CLOUDFLARE_API_TOKEN --global-arg accountId=ACCOUNT_ID swamp model create @webframp/cloudflare/cache cf-cache \ --global-arg apiToken=CLOUDFLARE_API_TOKEN --global-arg zoneId=ZONE_ID swamp workflow run @webframp/cloudflare-audit --input zoneId=ZONE_ID ``` ## Checks Performed - SSL mode (off/flexible/full/strict) - Always Use HTTPS enabled - Development mode disabled - Zone paused/active status - Firewall rules present and active - WAF managed rulesets enabled - DNS records proxied (origin IP exposure) - Dangling CNAMEs (subdomain takeover risk) - CAA records present - Worker scripts bound to routes - Cache level and hit rate
@webframp/macos-keychain
macOS Keychain vault using the security CLI
@webframp/redmine
Redmine issue tracker integration - manage issues, projects, and workflows. Provides model methods for CRUD operations on Redmine issues (themes, stories, tasks), project queries, status/tracker/user lookups, and custom field access. Includes reports for flow metrics and sprint summaries, plus a scaffold-story workflow for creating stories with child tasks. ## Quick Start ```bash swamp extension pull @webframp/redmine swamp model create @webframp/redmine tracker \ --global-arg host=https://your-redmine.example.org \ --global-arg apiKey=YOUR_API_KEY \ --global-arg project=your-project ```
@webframp/gitlab
Query GitLab data using the glab CLI for project, merge request, issue, release, and pipeline visibility. ## Authentication Uses the glab CLI's built-in authentication. Run `glab auth login` to configure. ## Required Tools - `glab` CLI (https://gitlab.com/gitlab-org/cli) installed and authenticated ## Usage ```bash # Create gitlab model (default host from glab config) swamp model create @webframp/gitlab gitlab # Create with specific GitLab host swamp model create @webframp/gitlab gitlab --global-arg host=git.example.org # List your projects swamp model method run gitlab list_projects # Get detailed project info swamp model method run gitlab get_project_info --input project=group/repo # List open merge requests swamp model method run gitlab list_merge_requests --input project=group/repo # List closed issues swamp model method run gitlab list_issues --input project=group/repo --input state=closed # List releases swamp model method run gitlab list_releases --input project=group/repo # List recent CI/CD pipelines swamp model method run gitlab list_pipelines --input project=group/repo ``` ## Methods - **list_projects** - List projects for the authenticated user - **get_project_info** - Get detailed information about a specific project - **list_merge_requests** - List merge requests for a project - **list_issues** - List issues for a project - **list_releases** - List releases for a project - **list_pipelines** - List recent CI/CD pipelines for a project
@webframp/system
Query local system diagnostics via shell commands for operational visibility. ## Usage ```bash # Create system diagnostics model swamp model create @webframp/system sys-diag # Get disk usage swamp model method run sys-diag get_disk_usage # Get memory info swamp model method run sys-diag get_memory # Get uptime and load averages swamp model method run sys-diag get_uptime # Get top processes by CPU swamp model method run sys-diag get_processes # Get network interfaces swamp model method run sys-diag get_network_interfaces # Get OS info swamp model method run sys-diag get_os_info ``` ## Methods - **get_disk_usage** - Filesystem usage from df - **get_memory** - Memory and swap usage from free - **get_uptime** - Boot time, uptime string, and load averages - **get_processes** - Top 20 processes sorted by CPU usage - **get_network_interfaces** - Network interfaces and addresses from ip - **get_os_info** - OS release info and kernel version
@webframp/dry-run
Dry-run execution driver that captures method requests without executing them. Useful for debugging, auditing, and validating workflows.
@webframp/aws/inventory
Discover running AWS resources for cost estimation and inventory management. ## Authentication Uses the default AWS credential chain. Requires appropriate IAM permissions for each service being inventoried. ## Required IAM Permissions - `ec2:DescribeInstances` - `rds:DescribeDBInstances` - `dynamodb:ListTables`, `dynamodb:DescribeTable` - `lambda:ListFunctions` - `s3:ListBuckets` ## Usage ```bash # Create inventory model swamp model create @webframp/aws/inventory aws-inventory \ --global region=us-east-1 # List running EC2 instances swamp model method run aws-inventory list_ec2 # List RDS databases swamp model method run aws-inventory list_rds # Full inventory across all resource types swamp model method run aws-inventory inventory_all ``` ## Supported Resources - **EC2** - Instances with state, type, tags - **RDS** - Database instances with engine, storage, Multi-AZ - **DynamoDB** - Tables with billing mode, capacity, size - **Lambda** - Functions with runtime, memory, timeout - **S3** - Buckets (global listing)
@webframp/aws/networking
Inspect VPC networking resources that commonly generate hidden costs: NAT Gateways, Load Balancers, and Elastic IPs. ## Authentication Uses the default AWS credential chain. ## Required IAM Permissions - `ec2:DescribeNatGateways` - `ec2:DescribeAddresses` - `elasticloadbalancing:DescribeLoadBalancers` - `elasticloadbalancing:DescribeTargetGroups` - `elasticloadbalancing:DescribeTargetHealth` - `cloudwatch:GetMetricStatistics` ## Usage ```bash swamp model create @webframp/aws/networking aws-networking \ --global region=us-east-1 # List NAT Gateways swamp model method run aws-networking list_nat_gateways # List ALBs/NLBs with target group info swamp model method run aws-networking list_load_balancers # Find unattached Elastic IPs swamp model method run aws-networking list_elastic_ips # Get data transfer metrics for networking resources swamp model method run aws-networking get_data_transfer_metrics ```
@webframp/aws/cost-estimate
Calculate AWS infrastructure costs from inventory data or planned specs. ## Authentication Uses the default AWS credential chain. The Pricing API is public data but requires valid AWS credentials. ## Usage ### From Inventory (existing resources) First gather inventory using `@webframp/aws/inventory`, then estimate costs: ```bash # Create models swamp model create @webframp/aws/inventory aws-inventory --global-arg region=us-east-1 swamp model create @webframp/aws/cost-estimate cost-est # Gather inventory swamp model method run aws-inventory list_ec2 # Get inventory data EC2_DATA=$(swamp data get aws-inventory ec2-us-east-1 --json | jq '.data.resources') # Estimate costs (pass inventory as JSON) swamp model method run cost-est estimate_ec2 \ --input "inventory=${EC2_DATA}" ``` ### From Spec (planned resources) Estimate costs before deployment: ```bash swamp model method run cost-est estimate_from_spec \ --input 'ec2Instances=[{"name":"web","instanceType":"t3.medium","count":3}]' \ --input 'rdsInstances=[{"name":"db","dbInstanceClass":"db.t3.medium","engine":"postgres","storageGb":100}]' ``` ## Pricing Notes - Uses AWS Pricing API for real-time rates - Assumes On-Demand pricing (no Reserved Instances or Savings Plans) - EC2: Includes compute only (no EBS, transfer) - RDS: Includes compute + storage (gp2 rate default)
@webframp/aws-cost-audit
AWS cost audit workflow — identifies infrastructure waste by combining Cost Explorer spend data, resource inventory, and networking inspection. Generates a report with savings recommendations. ## Quick Start ```bash swamp extension pull @webframp/aws-cost-audit swamp model create @webframp/aws/cost-explorer aws-costs --global-arg region=us-east-1 swamp model create @webframp/aws/networking aws-networking --global-arg region=us-east-1 swamp model create @webframp/aws/inventory aws-inventory --global-arg region=us-east-1 swamp workflow run @webframp/cost-audit ``` ## Required IAM Permissions - `ce:GetCostAndUsage` - `ec2:DescribeInstances`, `ec2:DescribeNatGateways`, `ec2:DescribeAddresses` - `rds:DescribeDBInstances` - `dynamodb:ListTables`, `dynamodb:DescribeTable` - `lambda:ListFunctions` - `s3:ListBuckets` - `elasticloadbalancing:DescribeLoadBalancers`, `elasticloadbalancing:DescribeTargetGroups`, `elasticloadbalancing:DescribeTargetHealth` - `cloudwatch:GetMetricStatistics`
@webframp/aws-ops
AWS Operations Toolkit - Unified incident investigation and operational visibility. This extension provides a complete workflow for investigating AWS outages by gathering data from CloudWatch Logs, Metrics, Alarms, X-Ray Traces, resource inventory (EC2, Lambda), and networking (load balancers, NAT gateways), plus an incident report that summarizes all findings. ## Quick Start ```bash # Install the extension (auto-resolves dependencies) swamp extension pull @webframp/aws-ops # Create model instances for your region swamp model create @webframp/aws/logs aws-logs --global-arg region=us-east-1 swamp model create @webframp/aws/metrics aws-metrics --global-arg region=us-east-1 swamp model create @webframp/aws/alarms aws-alarms --global-arg region=us-east-1 swamp model create @webframp/aws/traces aws-traces --global-arg region=us-east-1 swamp model create @webframp/aws/inventory aws-inventory --global-arg region=us-east-1 swamp model create @webframp/aws/networking aws-networking --global-arg region=us-east-1 # Run the investigate-outage workflow swamp workflow run @webframp/investigate-outage ``` ## Required IAM Permissions - `logs:DescribeLogGroups` - `logs:StartQuery` - `logs:GetQueryResults` - `logs:FilterLogEvents` - `cloudwatch:ListMetrics` - `cloudwatch:GetMetricStatistics` - `cloudwatch:GetMetricData` - `cloudwatch:DescribeAlarms` - `cloudwatch:DescribeAlarmHistory` - `xray:GetServiceGraph` - `xray:GetTraceSummaries` ## Included Components ### Workflows - **@webframp/investigate-outage** - Unified incident investigation workflow that: - Gathers alarm summary and active alarms - Analyzes Lambda Duration/Errors and ELB 5XX/latency metrics for anomalies - Gets X-Ray service dependency graph - Finds error traces and analyzes error patterns - Lists CloudWatch log groups and searches for error patterns - Inventories EC2 instances and Lambda functions - Lists load balancers and NAT gateways with health status - Gets alarm state change history - Generates an incident report summarizing all findings ### Reports - **@webframp/incident-report** - Workflow-scope report that aggregates findings into: - Alarm status and recent state changes - Metric anomaly highlights (Lambda + ELB) - Trace error analysis with top faulty services - Infrastructure inventory (EC2, Lambda) - Networking status (load balancers, NAT gateways) - Actionable recommendations ### Model Dependencies The workflow expects these model instances (create them before running): - `aws-logs` - @webframp/aws/logs - `aws-metrics` - @webframp/aws/metrics - `aws-alarms` - @webframp/aws/alarms - `aws-traces` - @webframp/aws/traces - `aws-inventory` - @webframp/aws/inventory - `aws-networking` - @webframp/aws/networking
@webframp/aws/logs
Query and analyze CloudWatch Logs for operational visibility and incident investigation. ## Authentication Uses the default AWS credential chain. Requires CloudWatch Logs permissions. ## Required IAM Permissions - `logs:DescribeLogGroups` - `logs:StartQuery` - `logs:GetQueryResults` - `logs:FilterLogEvents` ## Usage ```bash # Create logs model swamp model create @webframp/aws/logs aws-logs --global-arg region=us-east-1 # List log groups swamp model method run aws-logs list_log_groups --input prefix=/aws/lambda # Run a Logs Insights query swamp model method run aws-logs query \ --input 'logGroupNames=["/aws/lambda/my-function"]' \ --input 'queryString=fields @timestamp, @message | filter @message like /error/i | limit 50' \ --input startTime=1h # Find error patterns swamp model method run aws-logs find_errors \ --input 'logGroupNames=["/aws/lambda/my-function"]' \ --input startTime=2h # Get recent events with filter swamp model method run aws-logs get_recent_events \ --input logGroupName=/aws/lambda/my-function \ --input filterPattern=ERROR ``` ## Time Formats The `startTime` and `endTime` parameters accept: - Relative times: `30m`, `1h`, `2d` (minutes, hours, days ago) - ISO 8601 dates: `2026-03-30T12:00:00Z` ## Methods - **list_log_groups** - Discover log groups by prefix - **query** - Run CloudWatch Logs Insights queries - **find_errors** - Analyze error patterns with keyword detection - **get_recent_events** - Filter recent log events
@webframp/aws/metrics
Query and analyze CloudWatch Metrics for operational visibility and performance monitoring. ## Authentication Uses the default AWS credential chain. Requires CloudWatch permissions. ## Required IAM Permissions - `cloudwatch:ListMetrics` - `cloudwatch:GetMetricStatistics` - `cloudwatch:GetMetricData` ## Usage ```bash # Create metrics model swamp model create @webframp/aws/metrics aws-metrics --global-arg region=us-east-1 # List available metrics swamp model method run aws-metrics list_metrics --input namespace=AWS/EC2 # Get metric data swamp model method run aws-metrics get_data \ --input namespace=AWS/EC2 \ --input metricName=CPUUtilization \ --input 'dimensions=[{"name":"InstanceId","value":"i-1234567890abcdef0"}]' \ --input startTime=1h # Analyze a metric for trends and anomalies swamp model method run aws-metrics analyze \ --input namespace=AWS/Lambda \ --input metricName=Errors \ --input 'dimensions=[{"name":"FunctionName","value":"my-function"}]' \ --input startTime=6h # Get EC2 CPU utilization (convenience method) swamp model method run aws-metrics get_ec2_cpu --input instanceId=i-1234567890abcdef0 # Get Lambda function metrics swamp model method run aws-metrics get_lambda_metrics --input functionName=my-function ``` ## Time Formats The `startTime` and `endTime` parameters accept: - Relative times: `30m`, `1h`, `2d` (minutes, hours, days ago) - ISO 8601 dates: `2026-03-30T12:00:00Z` ## Methods - **list_metrics** - Discover available CloudWatch metrics by namespace - **get_data** - Retrieve metric data points with configurable statistics - **analyze** - Analyze metrics for trends, anomalies, and summary statistics - **get_ec2_cpu** - Convenience method for EC2 CPU utilization - **get_lambda_metrics** - Get key Lambda function metrics (invocations, errors, duration, throttles)
@webframp/aws/cost-explorer
Query AWS Cost Explorer for actual spend analysis by service, usage type, and time period. Identifies top cost drivers and spend trends. ## Authentication Uses the default AWS credential chain. ## Required IAM Permissions - `ce:GetCostAndUsage` ## Usage ```bash swamp model create @webframp/aws/cost-explorer aws-costs \ --global region=us-east-1 # Spend breakdown by service (last 30 days) swamp model method run aws-costs get_cost_by_service # Drill into a service's usage types swamp model method run aws-costs get_cost_by_usage_type \ --input service=Amazon Elastic Compute Cloud - Compute # Daily cost trend swamp model method run aws-costs get_cost_trend --input days=30 # Top 20 cost drivers swamp model method run aws-costs get_top_cost_drivers ```
@webframp/aws/alarms
Query and analyze CloudWatch Alarms for operational visibility and incident response. ## Authentication Uses the default AWS credential chain. Requires CloudWatch permissions. ## Required IAM Permissions - `cloudwatch:DescribeAlarms` - `cloudwatch:DescribeAlarmHistory` ## Usage ```bash # Create alarms model swamp model create @webframp/aws/alarms aws-alarms --global-arg region=us-east-1 # List all alarms swamp model method run aws-alarms list_alarms # List alarms in ALARM state swamp model method run aws-alarms list_alarms --input stateValue=ALARM # Get active alarms (convenience method) swamp model method run aws-alarms get_active # Get alarm history for last 24 hours swamp model method run aws-alarms get_history --input startTime=24h # Get history for a specific alarm swamp model method run aws-alarms get_history --input alarmName=my-alarm --input startTime=7d # Get alarm summary with state counts and recent changes swamp model method run aws-alarms get_summary --input historyHours=6 ``` ## Time Formats The `startTime` and `endTime` parameters accept: - Relative times: `30m`, `1h`, `2d` (minutes, hours, days ago) - ISO 8601 dates: `2026-03-30T12:00:00Z` ## Methods - **list_alarms** - List alarms with optional state and prefix filters - **get_active** - Get all alarms currently in ALARM state - **get_history** - Get alarm state change history - **get_summary** - Get summary with state counts and recent changes
@webframp/aws/traces
Query and analyze X-Ray distributed traces for incident investigation and performance analysis. ## Authentication Uses the default AWS credential chain. Requires X-Ray permissions. ## Required IAM Permissions - `xray:GetServiceGraph` - `xray:GetTraceSummaries` ## Usage ```bash # Create traces model swamp model create @webframp/aws/traces aws-traces --global-arg region=us-east-1 # Get service dependency graph swamp model method run aws-traces get_service_graph --input startTime=1h # Get trace summaries swamp model method run aws-traces get_traces --input startTime=1h # Get traces with filter expression swamp model method run aws-traces get_traces \ --input startTime=1h \ --input 'filterExpression=service("api") AND http.status = 500' # Get error traces (convenience method) swamp model method run aws-traces get_errors --input errorType=fault # Analyze error patterns swamp model method run aws-traces analyze_errors --input startTime=6h ``` ## Time Formats The `startTime` and `endTime` parameters accept: - Relative times: `30m`, `1h`, `2d` (minutes, hours, days ago) - ISO 8601 dates: `2026-03-30T12:00:00Z` ## Filter Expressions X-Ray filter expressions support: - `service("name")` - Filter by service name - `http.url` - HTTP URL - `http.method` - HTTP method (GET, POST, etc.) - `http.status` - HTTP status code - `responsetime > 5` - Response time in seconds - `fault = true` - Traces with faults (5xx) - `error = true` - Traces with errors (4xx) - `throttle = true` - Throttled requests ## Methods - **get_service_graph** - Get service dependency graph with health statistics - **get_traces** - Get trace summaries with optional filter expression - **get_errors** - Get error/fault traces (convenience method) - **analyze_errors** - Analyze error patterns across traces
@webframp/network
DNS and network probing model that generates diverse diagnostic events. ## Tools Required - `dig` (DNS lookups) - `whois` (domain registration info) - `traceroute` (network path tracing) - `openssl` (TLS certificate inspection) ## Usage ```bash # Create the network probe model swamp model create @webframp/network net-probe # DNS lookup swamp model method run net-probe dns_lookup --input domain=example.com swamp model method run net-probe dns_lookup --input domain=example.com --input recordType=MX # HTTP check swamp model method run net-probe http_check --input url=https://example.com # WHOIS lookup swamp model method run net-probe whois_lookup --input domain=example.com # TLS certificate check swamp model method run net-probe cert_check --input host=example.com # Traceroute swamp model method run net-probe traceroute --input host=example.com # Port scan swamp model method run net-probe port_check --input host=example.com --input ports=[80,443,8080] ``` ## Methods - **dns_lookup** - Run dig to resolve DNS records for a domain - **http_check** - Fetch a URL and record status, headers, timing, and redirects - **whois_lookup** - Query WHOIS for domain registration details - **cert_check** - Inspect TLS certificate subject, issuer, and validity dates - **traceroute** - Trace network path to a host - **port_check** - Test TCP connectivity on specific ports
@webframp/aws/terraform-drift
Terraform drift detection for AWS — compares Terraform state against live AWS resources to find configuration drift. Orchestrates data collection from @webframp/terraform (state via CLI) and @webframp/aws/inventory + @webframp/aws/networking (live AWS via SDK), then produces a drift report highlighting missing, extra, and changed resources. ## Quick Start ```bash swamp extension pull @webframp/aws/terraform-drift swamp model create @webframp/terraform tf-infra \ --global-arg workDir=/path/to/terraform/repo swamp model create @webframp/aws/inventory aws-inventory \ --global-arg region=us-east-1 swamp model create @webframp/aws/networking aws-networking \ --global-arg region=us-east-1 swamp workflow run @webframp/terraform-drift ```
@webframp/sre
SRE Health Check - Unified site reliability health check workflow with report. Runs network probes (HTTP, TLS certs, DNS, ports) against target endpoints and collects local system health (disk, memory, load), then generates a unified SRE health report with actionable findings. ## Quick Start ```bash # Install the extension (auto-resolves dependencies) swamp extension pull @webframp/sre # Create model instances swamp model create @webframp/network net-probe swamp model create @webframp/system sys-diag # Run the health check workflow swamp workflow run @webframp/sre-health-check --input target=https://example.com ``` ## Included Components ### Workflows - **@webframp/sre-health-check** - Unified health check workflow that: - Checks HTTP endpoint status and timing - Inspects TLS certificate expiry - Resolves DNS records - Tests TCP port connectivity - Checks disk, memory, and system load - Generates a health report with severity-rated findings ### Reports - **@webframp/sre-health-report** - Workflow-scope report that aggregates findings into: - Overall health status (HEALTHY/WARNING/CRITICAL/DEGRADED) - Severity-rated findings per check - Actionable recommendations ### Model Dependencies The workflow expects these model instances (create them before running): - `net-probe` - @webframp/network - `sys-diag` - @webframp/system
@webframp/cloudflare
Cloudflare management - zones, DNS records, WAF/firewall rules, Workers, and cache/CDN
@webframp/nix
Nix shell execution driver that runs model methods inside a nix shell with declarative package dependencies. Provides reproducible execution environments without containers.
@webframp/gitlab-datastore
Stores swamp runtime data in GitLab using the Terraform state HTTP API. Provides distributed locking via GitLab's native state locking mechanism and bidirectional sync between local cache and GitLab.