Expand description
Shared connector runtime for SIEM Studio apps.
This crate extracts the ~1500 lines of duplicated infrastructure from each SIEM connector binary (Devo Studio, Splunk Studio, etc.) into a single reusable framework. A new connector binary shrinks to ~50-80 lines:
- Load env config, create your provider, call
probe(). - Implement
SiemConnectorApp(app name, icon, Dioxus entry point, provider). - Call
run(app).await.
§What this crate handles
| Module | What it does |
|---|---|
ipc | Unix socket / named pipe transport |
session | JWT token + display name storage |
token_refresh | Background JWT refresh loop |
ott_auth | RSA keypair, Keycloak OAuth, credential persistence |
ws_proxy | Bidirectional WS relay (Matrix <-> Dioxus) |
dioxus_server | LiveView IPC server + HTML rewriting |
capability | Generic siem.* dispatch using dyn SiemProvider |
registration | Registration message building |
run | Orchestrates everything |
§Environment variables
| Variable | Required | Description |
|---|---|---|
STRIKE48_URL / STRIKE48_HOST | Yes | Matrix gRPC endpoint |
TENANT_ID | Yes | Tenant identifier |
INSTANCE_ID | No | Unique instance ID (auto-generated if unset) |
CONNECTOR_NAME | No | Override the default connector type |
STRIKEHUB_SOCKET | No | Override the IPC socket path (Unix only) |
STRIKE48_API_URL | No | Matrix API base URL (for OTT registration + token refresh) |
MATRIX_KEYS_DIR | No | Override keypair storage (default: ~/.matrix/keys/) |
MATRIX_TLS_INSECURE | No | Set to "true" to skip TLS verification |
§Adding a new SIEM connector
ⓘ
struct MyApp { provider: Option<Arc<dyn SiemProvider>> }
impl SiemConnectorApp for MyApp {
fn app_name(&self) -> &str { "My SIEM" }
fn app_icon(&self) -> &str { "hero-shield-check" }
fn default_connector_type(&self) -> &str { "app-my-siem" }
fn nav_order(&self) -> u32 { 32 }
fn dioxus_app(&self) -> fn() -> dioxus::prelude::Element { MyDioxusApp }
fn ipc_prefix(&self) -> &str { "my-siem-connector" }
fn provider(&self) -> Option<Arc<dyn SiemProvider>> { self.provider.clone() }
}
#[tokio::main]
async fn main() -> anyhow::Result<()> {
let app = MyApp { provider: /* ... */ };
siem_connector::run(app).await
}Modules§
- capability
- Generic
siem.*capability dispatch usingdyn SiemProvider. - construct_
proxy - Construct proxy bridge — routes calls through Matrix → Construct.
- dioxus_
server - Dioxus LiveView server on IPC + HTML rewriting + HTTP proxy.
- ipc
- Cross-platform IPC transport for the Dioxus LiveView server.
- message_
loop - Matrix message routing + heartbeat.
- ott_
auth - OTT (One-Time Token) auth flow: RSA keypair management, Keycloak OAuth, and credential persistence.
- registration
- Registration message building for Matrix.
- session
- Shared session state for user auth tokens.
- token_
refresh - Background JWT token refresh loop.
- ws_
proxy - WebSocket proxy (Matrix gRPC <-> Dioxus LiveView) and main connector orchestration.
Traits§
- Siem
Connector App - What each SIEM connector provides to the shared framework.
Functions§
- run
- Run the connector.