feat(bitdefender): expand GravityZone control surface + correct policy docs

Re-verified the live tenant's full API scope and wrapped the modules the key
allows but the skill didn't expose. New CLI subcommands:
- assign-policy (gated) — apply an existing policy to endpoints/groups
  (param shape policyId+targetIds verified live)
- reports, accounts, notif-settings, scan-tasks — read
- push-settings / push-stats / push-set (gated) — push event service
  (status param verified; needs a receiver URL to enable)

Corrections from live probing:
- policies are NOT shallow: getPolicyDetails returns the FULL granular config.
  Removed the false "shallow" warning; documented read+assign, console-only authoring.
- raw now gates assignPolicy + setPushEventSettings.
- documented dead modules (patchmanagement/phasr/maintenancewindows/integrations,
  incidents.getIncidentsList) and unconfigured-push handled cleanly (rc0, no errorlog).

selftest 29/29 -> 42/42, all green against the live tenant.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-21 10:02:25 -07:00
parent 1f65facb6f
commit d622a05b84
5 changed files with 417 additions and 41 deletions

View File

@@ -68,6 +68,19 @@ check("blocklist json", ["blocklist", "--json"], want_rc=0, out_json_ok=True)
check("blocklist page2", ["blocklist", "--page", "2", "--per-page", "3"], want_rc=0, out_has="Blocklist items:")
check("inventory cached", ["inventory"], want_rc=0, out_has="Inventory cached_at:")
# --- expanded control surface (read) ---
check("reports", ["reports"], want_rc=0, out_has="Reports:")
check("reports json", ["reports", "--json"], want_rc=0, out_json_ok=True)
check("accounts", ["accounts"], want_rc=0, out_has="Accounts:")
check("accounts json", ["accounts", "--json"], want_rc=0, out_json_ok=True)
check("notif-settings", ["notif-settings"], want_rc=0)
check("scan-tasks", ["scan-tasks"], want_rc=0, out_has="Scan tasks:")
# push read: unconfigured tenant must be treated as expected (rc0 + INFO), NOT an error
check("push-settings (unconfigured -> rc0)", ["push-settings"], want_rc=0, out_has="not configured")
check("push-stats (unconfigured -> rc0)", ["push-stats"], want_rc=0, out_has="not configured")
# policy detail must NOT carry the old false 'shallow' warning anymore
check("policy no shallow warning", ["policy", "5c42940b6e16d61a0c8b4568"], want_rc=0, err_has=None)
# --- error handling: a MALFORMED id (not valid hex/ObjectId) makes the API
# error, which must exit non-zero (1). Note: a well-formed but non-existent
# hex id is ACCEPTED by GravityZone and returns a stub (rc 0) -- that is the
@@ -87,6 +100,10 @@ check("blocklist-remove no confirm -> rc3", ["blocklist-remove", "--id", "x"], w
check("delete-endpoint no confirm -> rc3", ["delete-endpoint", "x"], want_rc=3)
check("delete-package no confirm -> rc3", ["delete-package", "--package", "x"], want_rc=3)
check("delete-group no confirm -> rc3", ["delete-group", "--group", "x"], want_rc=3)
check("assign-policy no confirm -> rc3", ["assign-policy", "--policy", "p", "--targets", "x"], want_rc=3, out_has="Would")
check("push-set no confirm -> rc3", ["push-set", "--status", "1", "--url", "https://x/y"], want_rc=3)
check("push-set enable no url -> rc2", ["push-set", "--status", "1", "--confirm"], want_rc=2)
check("raw assignPolicy no confirm -> rc3", ["raw", "--module", "network", "--method", "assignPolicy", "--params", "{}"], want_rc=3)
# --- raw gating ---
check("raw destructive no confirm -> rc3", ["raw", "--module", "network",