Metadata-Version: 2.4
Name: moss-servicenow
Version: 0.1.0
Summary: MOSS integration for ServiceNow - SIEM events, ITSM incidents, and workflow signing
Project-URL: Homepage, https://getmoss.dev
Project-URL: Documentation, https://docs.getmoss.dev
Project-URL: Repository, https://github.com/moss-signatures/moss-servicenow
Author-email: IAMPASS Technologies <moss@iampass.com>
License: MIT
License-File: LICENSE
Keywords: ai-agents,compliance,itsm,moss,security,servicenow,siem
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Python: >=3.9
Requires-Dist: httpx>=0.24.0
Requires-Dist: moss-sdk>=0.3.0
Requires-Dist: pydantic>=2.0.0
Provides-Extra: dev
Requires-Dist: pytest-asyncio>=0.21.0; extra == 'dev'
Requires-Dist: pytest>=7.0.0; extra == 'dev'
Requires-Dist: respx>=0.20.0; extra == 'dev'
Description-Content-Type: text/markdown

# MOSS ServiceNow Integration

Full ServiceNow connector for AI agent governance with MOSS.

- **SIEM/Security Operations**: Send signed events for security monitoring
- **ITSM**: Create incidents on policy violations
- **Workflows**: Sign ServiceNow AI agent actions

## Installation

```bash
pip install moss-servicenow
```

## Quick Start

### SIEM - Security Events

Send MOSS signed events to ServiceNow Security Operations:

```python
from moss_servicenow import ServiceNowSIEM, EventType, EventSeverity

siem = ServiceNowSIEM(
    instance="your-instance.service-now.com",
    username="api_user",
    password=os.environ["SERVICENOW_PASSWORD"]
)

# Send policy violation event
siem.send_event(
    event_type=EventType.POLICY_BLOCK,
    severity=EventSeverity.HIGH,
    agent_id="finance-agent",
    action="wire_transfer",
    description="Blocked: Transfer exceeds $10,000 limit",
    envelope=signed_result.envelope.to_dict()
)
```

Or send directly from a MOSS SignResult:

```python
from moss import sign
from moss_servicenow import ServiceNowSIEM

result = sign(output=data, agent_id="my-agent", action="transfer")

if result.blocked:
    siem.send_from_sign_result(result)
```

### ITSM - Incident Management

Create incidents when policy violations occur:

```python
from moss_servicenow import ServiceNowITSM, IncidentPriority

itsm = ServiceNowITSM(
    instance="your-instance.service-now.com",
    username="api_user",
    password=os.environ["SERVICENOW_PASSWORD"],
    default_assignment_group="AI Governance Team"
)

# Create incident from policy violation
incident = itsm.create_incident(
    short_description="AI Agent Policy Violation - Unauthorized Access",
    description="Agent attempted to access PII without proper authorization",
    priority=IncidentPriority.HIGH,
    envelope=signed_result.envelope.to_dict(),
    agent_id="data-agent",
    action="read_pii"
)

print(f"Created incident: {incident['number']}")
```

Or create directly from a MOSS SignResult:

```python
if result.blocked:
    incident = itsm.create_from_sign_result(result)
```

### Workflow Signing

Sign ServiceNow AI agent actions before execution:

```python
from moss_servicenow import sign_workflow_action

# Sign before executing
result = sign_workflow_action(
    action="create_incident",
    payload={"short_description": "System alert", "priority": "2"},
    agent_id="snow-automation",
    workflow_name="incident_management"
)

if result.blocked:
    print(f"Blocked: {result.enterprise.policy.reason}")
else:
    # Proceed with ServiceNow API call
    client.create("incident", payload)
```

### Callback Handler for Now Assist

Wrap functions to automatically sign actions:

```python
from moss_servicenow import ServiceNowCallbackHandler

handler = ServiceNowCallbackHandler(
    agent_id="now-assist-agent",
    context={"tenant": "acme"}
)

@handler.wrap("create_incident")
def create_incident(data):
    return client.create("incident", data)

# Action is automatically signed before execution
# Raises PermissionError if blocked by policy
result = create_incident({"short_description": "Alert"})
```

## Configuration

### Environment Variables

```bash
# ServiceNow credentials
SERVICENOW_INSTANCE=your-instance.service-now.com
SERVICENOW_USERNAME=api_user
SERVICENOW_PASSWORD=api_password

# MOSS API key (for enterprise features)
MOSS_API_KEY=moss_live_...
```

### Tables

- **SIEM**: `sn_si_incident` (Security Incidents) by default
- **ITSM**: `incident` table

## API Reference

### ServiceNowSIEM

| Method | Description |
|--------|-------------|
| `send_event()` | Send security event |
| `send_from_sign_result()` | Send event from MOSS SignResult |
| `send_batch()` | Send multiple events |

### ServiceNowITSM

| Method | Description |
|--------|-------------|
| `create_incident()` | Create incident |
| `create_from_sign_result()` | Create incident from MOSS SignResult |
| `update_incident()` | Update incident fields |
| `resolve_incident()` | Resolve and close incident |
| `get_incident()` | Get incident by sys_id |

### Workflow Signing

| Function | Description |
|----------|-------------|
| `sign_workflow_action()` | Sign workflow action |
| `sign_table_operation()` | Sign table API operation |
| `ServiceNowCallbackHandler` | Decorator-based signing |

## License

MIT
