EXTENSIONS
User-built models, drivers, vaults, and reports — the parts that plug into swamp.
Filter by what you need and pull what fits.
Anthropic/compliance
Observe a Claude Enterprise account via the Compliance API. Covers the
Aws Default Sg Audit
Fleet audit for AWS Security Hub control EC2.2 ("VPC default security groups
Aws Vpc Inventory
Fleet-wide VPC inventory across `profiles × regions`. A single read-only
Aws Default Sg Audit Report
Workflow-scope report that renders an operator worklist for AWS Security Hub
Aws Iam Role Audit
Read-only fleet IAM lens for an integration's roles across many accounts. A
Aws Integration Coverage
Coalesces a CloudFormation StackSet lens (@jentz/aws-stackset-audit) and an
Aws Rds Inventory
Lists RDS DB clusters in the configured AWS region and emits two
Cloudflare Audit
Cloudflare security and configuration audit workflow.
Aws Stackset Audit
Read-only operational audit of a CloudFormation StackSet and all of its stack
Aws Context Guard
Generic AWS workflow-safety primitive. Fails closed before any AWS work
Aws S3 Bucket Audit
Workflow-scope report that audits S3 buckets against standard security
Customerio
Customer.io App API — snapshot segments and transactional messages, and run an idempotent per-brand readiness audit (segments + transactional messages) for a shared workspace.
Syscheck
Fleet node verification framework. A catalog of tagged checks (category × cadence × scope) contributed by domains — host-OS/apt hygiene & fitness over scripts/host-probe.sh, plus a proxmox provider for PVE-scoped checks — run by the syscheck workflow and scored into a per-node pass/warn/fail verdict. Domains (proxmox, future @stateless/docker, …) plug in via a CheckProvider contract. Sits above the domains; results belong in @stateless/inventory.
Coder Audit Collector
Pages through the Coder audit log API and writes events as versioned data. Supports incremental collection with configurable limits and query filters.
Aws Cost Audit
AWS cost audit workflow — identifies infrastructure waste by combining
Macos Doctor
Read-only local macOS security, sanity, and performance posture checks with a severity-rated report.
Github
GitHub models for swamp. Currently provides @hivemq/github/token, which audits a single GitHub token.
Github Security
GitHub repository security auditing with support for native features and third-party tool detection
Dry Run
Dry-run execution driver that captures method requests without executing them. Useful for debugging, auditing, and validating workflows.