feat: Add SNMP Provider (traps v1/v2c/v3 + polling)

[vasquezmyguy-collab]

SNMP Provider — Traps (v1/v2c/v3) + OID Polling

Implements #2112 — /claim #2112

What's included

• SnmpProvider class following Keep's BaseProvider pattern:

  • Trap receiver (consumer): overrides start_consume() / stop_consume(), runs a pysnmp NotificationReceiver in a daemon thread, pushes incoming traps as alerts via self._push_alert()
  • OID polling: _query() method supporting getCmd, nextCmd, and bulkCmd operations via pysnmp.hlapi.asyncio generators
  • _format_alert() static method for webhook/push path compatibility

• SNMPv1 / v2c / v3 support:

  • v1/v2c: community string via CommunityData
  • v3: USM credentials with configurable auth protocol (MD5, SHA, SHA224/256/384/512) and privacy protocol (DES, 3DES, AES128/192/256)

• SnmpProviderAuthConfig — pydantic dataclass with required, description, hint, sensitive metadata for Keep UI

• Well-known trap mapping: automatically maps standard trap OIDs (coldStart, warmStart, linkDown, linkUp, authenticationFailure, egpNeighborLoss) to meaningful names and Keep severity levels

• alerts_mock.py — representative mock alert data for v1/v2c/v3 traps and poll results

Provider class attributes

Attribute	Value
PROVIDER_DISPLAY_NAME	SNMP
PROVIDER_CATEGORY	["Monitoring"]
PROVIDER_TAGS	["alert"]
FINGERPRINT_FIELDS	["name"]
PROVIDER_SCOPES	trap_receive, snmp_poll

pysnmp v6 API compliance

Uses the current CamelCase pysnmp API throughout:

• SnmpEngine(), Config.addV1System(), Config.addV3User(), Config.addTransport()
• udp.domainName, transport.openServerMode()
• hlapi: getCmd, nextCmd, bulkCmd, CommunityData, UsmUserData, UdpTransportTarget, ContextData

Closes #2112

---

🎬 Demo Video

📥 Download MP4 video (higher quality)

The demo shows:

• Authentication config for v1/v2c and v3 USM
• 5 traps received and formatted as Keep alerts
• OID polling operations
• Auto-resolved alerts (linkUp resolves linkDown)

[CLAassistant]

All committers have signed the CLA.

[vasquezmyguy-collab]

🎬 Demo Video: SNMP Provider in Action

This video demonstrates the SNMP provider receiving traps and converting them to Keep alerts:

What you'll see:

1. SNMP v1/v2c/v3 authentication configuration options
2. Trap processing pipeline — 5 different traps received and formatted as Keep alerts:
   • linkDown from 192.168.1.1 → 🔴 HIGH severity, FIRING
   • linkUp from 192.168.1.1 → 🟢 INFO severity, RESOLVED (auto-resolves linkDown)
   • coldStart from 10.0.0.1 → 🔴 CRITICAL severity, FIRING
   • authenticationFailure from 10.0.0.1 → 🟡 WARNING severity, FIRING
   • Enterprise trap (CISCO_CONFIG_EVENT) → 🟡 WARNING severity, FIRING
3. OID polling operations: getCmd / nextCmd / bulkCmd
4. Feature summary

The provider uses pysnmp-lextudio v6 (CamelCase API) for both trap receiving (low-level NotificationReceiver) and OID polling (high-level hlapi.asyncio generators).

[vasquezmyguy-collab]

🎬 Demo Video

SNMP Provider in action — showing trap receiving and alert formatting:

📥 Download MP4 video (higher quality, 0.9 MB)

What the demo shows:

1. Authentication config — SNMP v1/v2c (community string) and v3 (USM auth/priv)
2. Trap processing — 5 different traps received and converted to Keep alerts:
   • linkDown from 192.168.1.1 → 🟠 HIGH severity, 🔥 FIRING
   • linkUp from 192.168.1.1 → 🟢 INFO severity, ✅ RESOLVED
   • coldStart from 10.0.0.1 → 🔴 CRITICAL severity, 🔥 FIRING
   • authenticationFailure from 10.0.0.1 → 🟡 WARNING severity, 🔥 FIRING
   • Enterprise trap (CISCO_CONFIG_EVENT) → 🟡 WARNING severity, 🔥 FIRING
3. OID polling — getCmd / nextCmd / bulkCmd operations

Key implementation details:

• pysnmp-lextudio v6 CamelCase API (low-level NotificationReceiver for traps, high-level hlapi.asyncio for polling)
• Consumer pattern with daemon thread for trap listening
• Well-known trap auto-mapping (coldStart, linkDown, linkUp, etc.)
• Auto-resolved alerts (linkUp resolves linkDown)
• Full varbind enrichment as Keep alert labels

[vasquezmyguy-collab]

Hi @keephq maintainers 👋

Just a friendly bump on this PR — it's been open for ~2 weeks with all CI checks passing and CLA signed. The SNMP provider is fully implemented with:

• SNMP v1/v2c/v3 support (consumer pattern, like Kafka provider)
• Trap-to-alert conversion with severity mapping
• Demo video included
• pysnmp-lextudio v6 asyncio API (verified working)

Happy to address any feedback or make changes. Thanks for your time!