@aigrc/cli 0.1.0

package/dist/aigrc.js

@@ -0,0 +1,2372 @@
+#!/usr/bin/env node
+
+// src/bin/aigrc.ts
+import { program } from "commander";
+
+// src/commands/scan.ts
+import { Command } from "commander";
+import chalk2 from "chalk";
+import ora from "ora";
+import path from "path";
+import {
+  scan,
+  suggestAssetCard,
+  initializePatterns
+} from "@aigrc/core";
+
+// src/utils/output.ts
+import chalk from "chalk";
+function printHeader() {
+  console.log();
+  console.log(chalk.cyan.bold("AIGRC") + chalk.dim(" - AI Governance, Risk, Compliance"));
+  console.log(chalk.dim("\u2500".repeat(50)));
+  console.log();
+}
+function printSubheader(text) {
+  console.log();
+  console.log(chalk.bold.cyan(`\u25B8 ${text}`));
+  console.log(chalk.cyan("\u2500".repeat(40)));
+}
+function printSuccess(text) {
+  console.log(chalk.green(`\u2713 ${text}`));
+}
+function printWarning(text) {
+  console.log(chalk.yellow(`\u26A0 ${text}`));
+}
+function printError(text) {
+  console.log(chalk.red(`\u2717 ${text}`));
+}
+function printInfo(text) {
+  console.log(chalk.gray(`\u2139 ${text}`));
+}
+function printScanSummary(result) {
+  const { summary, scannedFiles, skippedFiles, duration } = result;
+  printSubheader("Scan Summary");
+  console.log(`  Files scanned: ${chalk.bold(scannedFiles)}`);
+  if (skippedFiles > 0) {
+    console.log(`  Files skipped: ${chalk.yellow(skippedFiles)}`);
+  }
+  console.log(`  Duration: ${chalk.gray(`${duration}ms`)}`);
+  console.log();
+  if (summary.totalDetections === 0) {
+    printInfo("No AI frameworks or models detected.");
+    return;
+  }
+  console.log(`  ${chalk.bold("Total detections:")} ${summary.totalDetections}`);
+  console.log();
+  console.log(chalk.dim("  By confidence:"));
+  if (summary.byConfidence.high > 0) {
+    console.log(`    ${confidenceLabel("high")}: ${summary.byConfidence.high}`);
+  }
+  if (summary.byConfidence.medium > 0) {
+    console.log(`    ${confidenceLabel("medium")}: ${summary.byConfidence.medium}`);
+  }
+  if (summary.byConfidence.low > 0) {
+    console.log(`    ${confidenceLabel("low")}: ${summary.byConfidence.low}`);
+  }
+  console.log();
+  if (Object.keys(summary.byFramework).length > 0) {
+    console.log(chalk.dim("  By framework:"));
+    for (const [framework, count] of Object.entries(summary.byFramework)) {
+      console.log(`    ${chalk.bold(framework)}: ${count}`);
+    }
+    console.log();
+  }
+  if (summary.primaryFramework) {
+    console.log(
+      `  ${chalk.bold("Primary framework:")} ${chalk.cyan(summary.primaryFramework)}`
+    );
+  }
+  if (summary.primaryCategory) {
+    console.log(
+      `  ${chalk.bold("Primary category:")} ${formatCategory(summary.primaryCategory)}`
+    );
+  }
+}
+function printDetections(detections, verbose = false, limit = 20) {
+  if (detections.length === 0) {
+    return;
+  }
+  printSubheader(`Detections (${detections.length} total)`);
+  const toShow = detections.slice(0, limit);
+  for (const detection of toShow) {
+    const confidence = confidenceLabel(detection.confidence);
+    const location = chalk.gray(`${detection.filePath}:${detection.line}`);
+    const framework = chalk.bold(detection.framework);
+    console.log(`  ${confidence} ${framework}`);
+    console.log(`     ${location}`);
+    console.log(`     ${chalk.dim(truncate(detection.match, 60))}`);
+    if (verbose) {
+      console.log(`     ${chalk.dim(`Strategy: ${detection.strategy}`)}`);
+      if (detection.implies.length > 0) {
+        console.log(
+          `     ${chalk.dim(`Implies: ${detection.implies.map((i) => i.factor).join(", ")}`)}`
+        );
+      }
+    }
+    console.log();
+  }
+  if (detections.length > limit) {
+    printInfo(`... and ${detections.length - limit} more detections`);
+  }
+}
+function printRiskFactors(riskFactors) {
+  printSubheader("Inferred Risk Factors");
+  const factors = [
+    { key: "autonomousDecisions", label: "Autonomous Decisions", value: riskFactors.autonomousDecisions },
+    { key: "customerFacing", label: "Customer Facing", value: riskFactors.customerFacing },
+    { key: "toolExecution", label: "Tool Execution", value: riskFactors.toolExecution },
+    { key: "externalDataAccess", label: "External Data Access", value: riskFactors.externalDataAccess },
+    { key: "piiProcessing", label: "PII Processing", value: riskFactors.piiProcessing },
+    { key: "highStakesDecisions", label: "High-Stakes Decisions", value: riskFactors.highStakesDecisions }
+  ];
+  for (const factor of factors) {
+    const icon = factor.value === true || factor.value === "yes" ? chalk.red("\u25CF") : factor.value === false || factor.value === "no" ? chalk.green("\u25CB") : chalk.yellow("\u25D0");
+    const valueStr = factor.value === true ? chalk.red("Yes") : factor.value === false ? chalk.green("No") : factor.value === "yes" ? chalk.red("Yes") : factor.value === "no" ? chalk.green("No") : chalk.yellow("Unknown");
+    console.log(`  ${icon} ${factor.label}: ${valueStr}`);
+  }
+}
+function confidenceLabel(confidence) {
+  switch (confidence) {
+    case "high":
+      return chalk.green("HIGH  ");
+    case "medium":
+      return chalk.yellow("MEDIUM");
+    case "low":
+      return chalk.gray("LOW   ");
+  }
+}
+function formatCategory(category) {
+  const labels = {
+    llm_provider: "LLM Provider",
+    framework: "Framework",
+    agent_framework: "Agent Framework",
+    ml_framework: "ML Framework",
+    ml_ops: "ML Ops",
+    model_file: "Model File"
+  };
+  return labels[category] ?? category;
+}
+function truncate(text, maxLength) {
+  const cleaned = text.replace(/\s+/g, " ").trim();
+  if (cleaned.length <= maxLength) {
+    return cleaned;
+  }
+  return cleaned.slice(0, maxLength - 3) + "...";
+}
+function printAssetSuggestion(suggestion) {
+  printSubheader("Asset Card Suggestion");
+  console.log(`  ${chalk.bold("Name:")} ${chalk.cyan(suggestion.name)}`);
+  console.log(`  ${chalk.bold("Description:")} ${suggestion.description}`);
+  console.log(`  ${chalk.bold("Type:")} ${suggestion.technical.type}`);
+  console.log(`  ${chalk.bold("Framework:")} ${suggestion.technical.framework}`);
+  console.log(`  ${chalk.bold("Confidence:")} ${confidenceLabel(suggestion.confidence)}`);
+  console.log();
+  if (suggestion.technical.components.length > 0) {
+    console.log(chalk.dim("  Components:"));
+    for (const comp of suggestion.technical.components) {
+      const details = [comp.type];
+      if (comp.provider) details.push(`provider: ${comp.provider}`);
+      if (comp.model) details.push(`model: ${comp.model}`);
+      console.log(`    - ${details.join(", ")}`);
+    }
+    console.log();
+  }
+  if (Object.keys(suggestion.riskFactors).length > 0) {
+    console.log(chalk.dim("  Risk Factors:"));
+    printRiskFactorsInline(suggestion.riskFactors);
+  }
+}
+function printRiskFactorsInline(riskFactors) {
+  const factors = [
+    { key: "autonomousDecisions", label: "Autonomous", value: riskFactors.autonomousDecisions },
+    { key: "customerFacing", label: "Customer-Facing", value: riskFactors.customerFacing },
+    { key: "toolExecution", label: "Tool Execution", value: riskFactors.toolExecution },
+    { key: "externalDataAccess", label: "External Data", value: riskFactors.externalDataAccess },
+    { key: "piiProcessing", label: "PII", value: riskFactors.piiProcessing },
+    { key: "highStakesDecisions", label: "High-Stakes", value: riskFactors.highStakesDecisions }
+  ];
+  for (const factor of factors) {
+    if (factor.value === void 0) continue;
+    const icon = factor.value === true || factor.value === "yes" ? chalk.red("\u25CF") : factor.value === false || factor.value === "no" ? chalk.green("\u25CB") : chalk.yellow("\u25D0");
+    const valueStr = factor.value === true || factor.value === "yes" ? chalk.red("Yes") : factor.value === false || factor.value === "no" ? chalk.green("No") : chalk.yellow("Unknown");
+    console.log(`    ${icon} ${factor.label}: ${valueStr}`);
+  }
+}
+
+// src/commands/scan.ts
+var scanCommand = new Command("scan").description("Scan a directory for AI/ML frameworks and generate risk assessments").argument("[directory]", "Directory to scan", ".").option("-o, --output <format>", "Output format (text, json, yaml)", "text").option("-v, --verbose", "Show detailed detection information").option("-i, --include <patterns...>", "Include glob patterns").option("-e, --exclude <patterns...>", "Exclude glob patterns").option("-d, --max-depth <depth>", "Maximum directory depth", parseInt).option("-s, --suggest", "Generate asset card suggestion from detections").option("--no-progress", "Disable progress spinner").action(async (directory, options) => {
+  await runScan(directory, options);
+});
+async function runScan(directory, options) {
+  const targetDir = path.resolve(process.cwd(), directory);
+  if (options.output === "text") {
+    printHeader();
+    console.log(chalk2.dim(`Scanning: ${targetDir}
+`));
+  }
+  initializePatterns();
+  const scanOptions = {
+    directory: targetDir,
+    ignorePatterns: options.exclude
+  };
+  let spinner;
+  let lastFile = "";
+  if (options.output === "text" && options.noProgress !== false) {
+    spinner = ora("Scanning...").start();
+  }
+  try {
+    const result = await scan(scanOptions, (progress) => {
+      if (spinner && progress.currentFile !== lastFile) {
+        lastFile = progress.currentFile;
+        const pct = Math.round(progress.scannedFiles / Math.max(progress.totalFiles, 1) * 100);
+        spinner.text = `Scanning (${pct}%): ${path.basename(progress.currentFile)}`;
+      }
+    });
+    spinner?.succeed(`Scanned ${result.scannedFiles} files`);
+    if (options.output === "json") {
+      outputJson(result);
+    } else if (options.output === "yaml") {
+      await outputYaml(result);
+    } else {
+      outputText(result, options);
+    }
+    if (options.suggest && result.detections.length > 0) {
+      const suggestion = suggestAssetCard(result);
+      if (options.output === "json") {
+        console.log(JSON.stringify({ suggestion }, null, 2));
+      } else if (options.output === "yaml") {
+        const { stringify: stringify2 } = await import("yaml");
+        console.log(stringify2({ suggestion }));
+      } else {
+        console.log();
+        printAssetSuggestion(suggestion);
+      }
+    }
+    if (result.summary.byConfidence.high > 0) {
+      process.exitCode = 1;
+    }
+  } catch (error) {
+    spinner?.fail("Scan failed");
+    if (error instanceof Error) {
+      console.error(chalk2.red(`
+Error: ${error.message}`));
+      if (options.verbose) {
+        console.error(chalk2.dim(error.stack));
+      }
+    }
+    process.exit(1);
+  }
+}
+function outputText(result, options) {
+  console.log();
+  printScanSummary(result);
+  if (result.detections.length > 0) {
+    console.log();
+    printDetections(result.detections, options.verbose);
+  } else {
+    console.log(chalk2.dim("\nNo AI/ML frameworks detected."));
+  }
+  if (result.inferredRiskFactors && Object.keys(result.inferredRiskFactors).length > 0) {
+    console.log();
+    printRiskFactors(result.inferredRiskFactors);
+  }
+}
+function outputJson(result) {
+  console.log(JSON.stringify(result, null, 2));
+}
+async function outputYaml(result) {
+  const { stringify: stringify2 } = await import("yaml");
+  console.log(stringify2(result));
+}
+
+// src/commands/init.ts
+import { Command as Command2 } from "commander";
+import chalk3 from "chalk";
+import ora2 from "ora";
+import path2 from "path";
+import fs from "fs/promises";
+import { stringify } from "yaml";
+import {
+  scan as scan2,
+  suggestAssetCard as suggestAssetCard2,
+  initializePatterns as initializePatterns2,
+  createAssetCard,
+  saveAssetCard
+} from "@aigrc/core";
+
+// src/utils/prompts.ts
+import inquirer from "inquirer";
+async function promptForOwner() {
+  const answers = await inquirer.prompt([
+    {
+      type: "input",
+      name: "name",
+      message: "Owner name:",
+      validate: (input) => input.length > 0 || "Name is required"
+    },
+    {
+      type: "input",
+      name: "email",
+      message: "Owner email:",
+      validate: (input) => /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(input) || "Valid email is required"
+    },
+    {
+      type: "input",
+      name: "team",
+      message: "Team name (optional):"
+    }
+  ]);
+  return {
+    name: answers.name,
+    email: answers.email,
+    team: answers.team || void 0
+  };
+}
+async function promptForRegistration(suggestion) {
+  console.log();
+  const basicAnswers = await inquirer.prompt([
+    {
+      type: "input",
+      name: "name",
+      message: "Asset name:",
+      default: suggestion.name,
+      validate: (input) => input.length > 0 || "Name is required"
+    },
+    {
+      type: "input",
+      name: "description",
+      message: "Description:",
+      default: suggestion.description
+    }
+  ]);
+  console.log("\n-- Owner Information --\n");
+  const owner = await promptForOwner();
+  console.log("\n-- Risk Factors --\n");
+  console.log("Based on the scan, the following risk factors were inferred:");
+  console.log();
+  const riskFactorLabels = [
+    { key: "autonomousDecisions", label: "Autonomous Decisions", value: suggestion.riskFactors.autonomousDecisions },
+    { key: "customerFacing", label: "Customer Facing", value: suggestion.riskFactors.customerFacing },
+    { key: "toolExecution", label: "Tool Execution", value: suggestion.riskFactors.toolExecution },
+    { key: "externalDataAccess", label: "External Data Access", value: suggestion.riskFactors.externalDataAccess },
+    { key: "piiProcessing", label: "PII Processing", value: suggestion.riskFactors.piiProcessing },
+    { key: "highStakesDecisions", label: "High-Stakes Decisions", value: suggestion.riskFactors.highStakesDecisions }
+  ];
+  for (const factor of riskFactorLabels) {
+    const value = factor.value === true || factor.value === "yes" ? "Yes" : factor.value === false || factor.value === "no" ? "No" : "Unknown";
+    console.log(`  ${factor.label}: ${value}`);
+  }
+  console.log();
+  const { confirmRiskFactors } = await inquirer.prompt([
+    {
+      type: "confirm",
+      name: "confirmRiskFactors",
+      message: "Are these risk factors correct?",
+      default: true
+    }
+  ]);
+  let riskFactorOverrides;
+  if (!confirmRiskFactors) {
+    riskFactorOverrides = await promptForRiskFactorOverrides(suggestion.riskFactors);
+  }
+  return {
+    name: basicAnswers.name,
+    description: basicAnswers.description,
+    owner,
+    confirmRiskFactors,
+    riskFactorOverrides
+  };
+}
+async function promptForRiskFactorOverrides(current) {
+  const answers = await inquirer.prompt([
+    {
+      type: "confirm",
+      name: "autonomousDecisions",
+      message: "Does this AI make autonomous decisions?",
+      default: current.autonomousDecisions ?? false
+    },
+    {
+      type: "confirm",
+      name: "customerFacing",
+      message: "Is this AI customer-facing?",
+      default: current.customerFacing ?? false
+    },
+    {
+      type: "confirm",
+      name: "toolExecution",
+      message: "Does this AI execute tools or functions?",
+      default: current.toolExecution ?? false
+    },
+    {
+      type: "confirm",
+      name: "externalDataAccess",
+      message: "Does this AI access external data?",
+      default: current.externalDataAccess ?? false
+    },
+    {
+      type: "list",
+      name: "piiProcessing",
+      message: "Does this AI process PII (personal data)?",
+      choices: [
+        { name: "Yes", value: "yes" },
+        { name: "No", value: "no" },
+        { name: "Unknown", value: "unknown" }
+      ],
+      default: current.piiProcessing ?? "unknown"
+    },
+    {
+      type: "confirm",
+      name: "highStakesDecisions",
+      message: "Does this AI make high-stakes decisions (medical, legal, financial, hiring)?",
+      default: current.highStakesDecisions ?? false
+    }
+  ]);
+  return answers;
+}
+
+// src/commands/init.ts
+var DEFAULT_CONFIG_FILE = ".aigrc.yaml";
+var DEFAULT_CARDS_DIR = ".aigrc/cards";
+var initCommand = new Command2("init").description("Initialize AIGRC in a project - scan, detect, and create asset card").argument("[directory]", "Directory to initialize", ".").option("-f, --force", "Overwrite existing configuration").option("-y, --yes", "Accept all defaults without prompting").option("-o, --output <path>", "Output path for asset card").action(async (directory, options) => {
+  await runInit(directory, options);
+});
+async function runInit(directory, options) {
+  const targetDir = path2.resolve(process.cwd(), directory);
+  printHeader();
+  console.log(chalk3.cyan("Initializing AIGRC in:"), targetDir);
+  console.log();
+  const configPath = path2.join(targetDir, DEFAULT_CONFIG_FILE);
+  const configExists = await fileExists(configPath);
+  if (configExists && !options.force) {
+    console.log(chalk3.yellow("\u26A0 AIGRC already initialized in this directory."));
+    console.log(chalk3.dim(`  Config file: ${configPath}`));
+    console.log(chalk3.dim("  Use --force to reinitialize."));
+    return;
+  }
+  initializePatterns2();
+  const spinner = ora2("Scanning for AI/ML frameworks...").start();
+  try {
+    const result = await scan2({
+      directory: targetDir,
+      ignorePatterns: ["node_modules", ".git", "dist", "build", "__pycache__", ".venv", "venv"]
+    });
+    spinner.succeed(`Found ${result.detections.length} AI/ML detections`);
+    if (result.detections.length === 0) {
+      console.log();
+      console.log(chalk3.yellow("No AI/ML frameworks detected."));
+      console.log(chalk3.dim("You can still create an asset card manually using:"));
+      console.log(chalk3.dim("  aigrc register --manual"));
+      return;
+    }
+    const suggestion = suggestAssetCard2(result);
+    console.log();
+    printAssetSuggestion(suggestion);
+    console.log();
+    let registrationData;
+    if (options.yes) {
+      registrationData = {
+        name: suggestion.name,
+        description: suggestion.description,
+        owner: {
+          name: process.env.USER || process.env.USERNAME || "Unknown",
+          email: `${process.env.USER || process.env.USERNAME || "user"}@example.com`
+        },
+        confirmRiskFactors: true
+      };
+    } else {
+      registrationData = await promptForRegistration(suggestion);
+    }
+    const riskFactors = registrationData.confirmRiskFactors ? suggestion.riskFactors : { ...suggestion.riskFactors, ...registrationData.riskFactorOverrides };
+    const assetCard = createAssetCard({
+      name: registrationData.name,
+      description: registrationData.description,
+      owner: registrationData.owner,
+      technical: {
+        type: suggestion.technical.type,
+        framework: suggestion.technical.framework
+      },
+      riskFactors: {
+        autonomousDecisions: riskFactors.autonomousDecisions ?? false,
+        customerFacing: riskFactors.customerFacing ?? false,
+        toolExecution: riskFactors.toolExecution ?? false,
+        externalDataAccess: riskFactors.externalDataAccess ?? false,
+        piiProcessing: riskFactors.piiProcessing ?? "unknown",
+        highStakesDecisions: riskFactors.highStakesDecisions ?? false
+      }
+    });
+    const cardsDir = path2.join(targetDir, DEFAULT_CARDS_DIR);
+    await fs.mkdir(cardsDir, { recursive: true });
+    const cardFileName = `${sanitizeFileName(assetCard.name)}.yaml`;
+    const cardPath = options.output || path2.join(cardsDir, cardFileName);
+    saveAssetCard(assetCard, cardPath);
+    console.log();
+    console.log(chalk3.green("\u2713 Asset card created:"), chalk3.cyan(cardPath));
+    const config = {
+      version: "1.0",
+      cardsDir: DEFAULT_CARDS_DIR,
+      scan: {
+        exclude: ["node_modules", ".git", "dist", "build", "__pycache__", ".venv", "venv"]
+      }
+    };
+    await fs.writeFile(configPath, stringify(config), "utf-8");
+    console.log(chalk3.green("\u2713 Config file created:"), chalk3.cyan(configPath));
+    console.log();
+    console.log(chalk3.green("AIGRC initialized successfully!"));
+    console.log();
+    console.log(chalk3.dim("Next steps:"));
+    console.log(chalk3.dim("  1. Review and edit the asset card: ") + chalk3.cyan(cardPath));
+    console.log(chalk3.dim("  2. Run ") + chalk3.cyan("aigrc validate") + chalk3.dim(" to check compliance"));
+    console.log(chalk3.dim("  3. Run ") + chalk3.cyan("aigrc status") + chalk3.dim(" to see current status"));
+  } catch (error) {
+    spinner.fail("Initialization failed");
+    if (error instanceof Error) {
+      console.error(chalk3.red(`
+Error: ${error.message}`));
+    }
+    process.exit(1);
+  }
+}
+async function fileExists(filePath) {
+  try {
+    await fs.access(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function sanitizeFileName(name) {
+  return name.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "");
+}
+
+// src/commands/register.ts
+import { Command as Command3 } from "commander";
+import chalk4 from "chalk";
+import path3 from "path";
+import fs2 from "fs/promises";
+import inquirer2 from "inquirer";
+import {
+  createAssetCard as createAssetCard2,
+  saveAssetCard as saveAssetCard2
+} from "@aigrc/core";
+var DEFAULT_CARDS_DIR2 = ".aigrc/cards";
+var registerCommand = new Command3("register").description("Manually register an AI asset without scanning").option("-o, --output <path>", "Output path for asset card").option("-m, --manual", "Skip detection and enter all details manually").action(async (options) => {
+  await runRegister(options);
+});
+async function runRegister(options) {
+  printHeader();
+  console.log(chalk4.cyan("Register a new AI asset\n"));
+  const basicInfo = await inquirer2.prompt([
+    {
+      type: "input",
+      name: "name",
+      message: "Asset name:",
+      validate: (input) => input.length > 0 || "Name is required"
+    },
+    {
+      type: "input",
+      name: "description",
+      message: "Description:",
+      validate: (input) => input.length > 0 || "Description is required"
+    },
+    {
+      type: "input",
+      name: "purpose",
+      message: "Business purpose:"
+    }
+  ]);
+  console.log("\n-- Owner Information --\n");
+  const owner = await promptForOwner();
+  console.log("\n-- Risk Factors --\n");
+  const riskFactors = await promptForRiskFactors();
+  console.log("\n-- Framework Information --\n");
+  const frameworks = await promptForFrameworks();
+  const frameworkTypes = {
+    openai: "api_client",
+    anthropic: "api_client",
+    langchain: "framework",
+    llamaindex: "framework",
+    "vercel-ai-sdk": "framework",
+    pytorch: "model",
+    tensorflow: "model",
+    huggingface: "model",
+    crewai: "agent",
+    autogen: "agent"
+  };
+  const primaryFramework = frameworks[0] || "unknown";
+  const technicalType = frameworkTypes[primaryFramework] || "framework";
+  const assetCard = createAssetCard2({
+    name: basicInfo.name,
+    description: basicInfo.description,
+    owner,
+    technical: {
+      type: technicalType,
+      framework: primaryFramework
+    },
+    riskFactors
+  });
+  const cardsDir = path3.join(process.cwd(), DEFAULT_CARDS_DIR2);
+  await fs2.mkdir(cardsDir, { recursive: true });
+  const cardFileName = `${sanitizeFileName2(assetCard.name)}.yaml`;
+  const cardPath = options.output || path3.join(cardsDir, cardFileName);
+  saveAssetCard2(assetCard, cardPath);
+  console.log();
+  console.log(chalk4.green("\u2713 Asset card created:"), chalk4.cyan(cardPath));
+  console.log();
+  console.log(chalk4.dim("Next steps:"));
+  console.log(chalk4.dim("  1. Review and edit the asset card"));
+  console.log(chalk4.dim("  2. Run ") + chalk4.cyan("aigrc validate") + chalk4.dim(" to check compliance"));
+}
+async function promptForRiskFactors() {
+  const answers = await inquirer2.prompt([
+    {
+      type: "confirm",
+      name: "autonomousDecisions",
+      message: "Does this AI make autonomous decisions?",
+      default: false
+    },
+    {
+      type: "confirm",
+      name: "customerFacing",
+      message: "Is this AI customer-facing?",
+      default: false
+    },
+    {
+      type: "confirm",
+      name: "toolExecution",
+      message: "Does this AI execute tools or functions?",
+      default: false
+    },
+    {
+      type: "confirm",
+      name: "externalDataAccess",
+      message: "Does this AI access external data?",
+      default: false
+    },
+    {
+      type: "list",
+      name: "piiProcessing",
+      message: "Does this AI process PII (personal data)?",
+      choices: [
+        { name: "Yes", value: "yes" },
+        { name: "No", value: "no" },
+        { name: "Unknown", value: "unknown" }
+      ],
+      default: "unknown"
+    },
+    {
+      type: "confirm",
+      name: "highStakesDecisions",
+      message: "Does this AI make high-stakes decisions (medical, legal, financial, hiring)?",
+      default: false
+    }
+  ]);
+  return answers;
+}
+async function promptForFrameworks() {
+  const { hasFrameworks } = await inquirer2.prompt([
+    {
+      type: "confirm",
+      name: "hasFrameworks",
+      message: "Do you want to specify AI/ML frameworks used?",
+      default: true
+    }
+  ]);
+  if (!hasFrameworks) {
+    return [];
+  }
+  const { frameworkList } = await inquirer2.prompt([
+    {
+      type: "checkbox",
+      name: "frameworkList",
+      message: "Select frameworks used:",
+      choices: [
+        { name: "OpenAI API", value: "openai" },
+        { name: "Anthropic API", value: "anthropic" },
+        { name: "LangChain", value: "langchain" },
+        { name: "LlamaIndex", value: "llamaindex" },
+        { name: "Vercel AI SDK", value: "vercel-ai-sdk" },
+        { name: "PyTorch", value: "pytorch" },
+        { name: "TensorFlow", value: "tensorflow" },
+        { name: "Hugging Face", value: "huggingface" },
+        { name: "CrewAI", value: "crewai" },
+        { name: "AutoGen", value: "autogen" },
+        { name: "Other", value: "other" }
+      ]
+    }
+  ]);
+  if (frameworkList.includes("other")) {
+    const { otherFrameworks } = await inquirer2.prompt([
+      {
+        type: "input",
+        name: "otherFrameworks",
+        message: "Enter other frameworks (comma-separated):"
+      }
+    ]);
+    const others = otherFrameworks.split(",").map((f) => f.trim()).filter((f) => f.length > 0);
+    return [...frameworkList.filter((f) => f !== "other"), ...others];
+  }
+  return frameworkList;
+}
+function sanitizeFileName2(name) {
+  return name.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "");
+}
+
+// src/commands/validate.ts
+import { Command as Command4 } from "commander";
+import chalk5 from "chalk";
+import ora3 from "ora";
+import path4 from "path";
+import fs3 from "fs/promises";
+import {
+  loadAssetCard,
+  classifyRisk,
+  validateAssetCard
+} from "@aigrc/core";
+var DEFAULT_CARDS_DIR3 = ".aigrc/cards";
+var validateCommand = new Command4("validate").description("Validate asset cards against compliance requirements").argument("[path]", "Path to asset card or cards directory").option("-s, --strict", "Fail on warnings as well as errors").option("-o, --output <format>", "Output format (text, json)", "text").option("-a, --all", "Validate all cards in the cards directory").action(async (cardPath, options) => {
+  await runValidate(cardPath, options);
+});
+async function runValidate(cardPath, options) {
+  if (options.output === "text") {
+    printHeader();
+  }
+  const cardsToValidate = [];
+  if (options.all || !cardPath) {
+    const cardsDir = path4.join(process.cwd(), DEFAULT_CARDS_DIR3);
+    try {
+      const files = await fs3.readdir(cardsDir);
+      const yamlFiles = files.filter((f) => f.endsWith(".yaml") || f.endsWith(".yml"));
+      for (const file of yamlFiles) {
+        cardsToValidate.push(path4.join(cardsDir, file));
+      }
+    } catch {
+      if (options.output === "text") {
+        console.log(chalk5.yellow("No cards directory found."));
+        console.log(chalk5.dim(`Expected: ${cardsDir}`));
+        console.log(chalk5.dim("Run `aigrc init` to initialize AIGRC."));
+      } else {
+        console.log(JSON.stringify({ error: "No cards directory found" }));
+      }
+      process.exit(1);
+    }
+  } else {
+    cardsToValidate.push(path4.resolve(process.cwd(), cardPath));
+  }
+  if (cardsToValidate.length === 0) {
+    if (options.output === "text") {
+      console.log(chalk5.yellow("No asset cards found to validate."));
+    } else {
+      console.log(JSON.stringify({ error: "No asset cards found" }));
+    }
+    process.exit(1);
+  }
+  const results = [];
+  let hasErrors = false;
+  for (const cardFile of cardsToValidate) {
+    const spinner = options.output === "text" ? ora3(`Validating ${path4.basename(cardFile)}...`).start() : void 0;
+    try {
+      const card = loadAssetCard(cardFile);
+      const validation = validateAssetCard(card);
+      const classification = classifyRisk(card.classification.riskFactors);
+      results.push({
+        path: cardFile,
+        card,
+        validation: {
+          valid: validation.valid,
+          errors: validation.errors ?? []
+        },
+        classification
+      });
+      if (!validation.valid) {
+        hasErrors = true;
+        spinner?.fail(`${path4.basename(cardFile)}: Invalid`);
+      } else {
+        spinner?.succeed(`${path4.basename(cardFile)}: Valid`);
+      }
+    } catch (error) {
+      hasErrors = true;
+      const errorMessage = error instanceof Error ? error.message : "Unknown error";
+      results.push({
+        path: cardFile,
+        validation: {
+          valid: false,
+          errors: [errorMessage]
+        }
+      });
+      spinner?.fail(`${path4.basename(cardFile)}: Parse error`);
+    }
+  }
+  if (options.output === "json") {
+    console.log(JSON.stringify({ results }, null, 2));
+  } else {
+    console.log();
+    printValidationSummary(results);
+  }
+  if (hasErrors) {
+    process.exit(1);
+  }
+}
+function printValidationSummary(results) {
+  console.log(chalk5.bold("Validation Summary"));
+  console.log(chalk5.dim("\u2500".repeat(50)));
+  console.log();
+  for (const result of results) {
+    const fileName = path4.basename(result.path);
+    if (!result.validation.valid) {
+      console.log(chalk5.red(`\u2717 ${fileName}`));
+      for (const error of result.validation.errors) {
+        console.log(chalk5.red(`    Error: ${error}`));
+      }
+    } else {
+      console.log(chalk5.green(`\u2713 ${fileName}`));
+      if (result.card && result.classification) {
+        const tierColor = getRiskLevelColor(result.classification.riskLevel);
+        console.log(
+          chalk5.dim("    Risk Level: ") + tierColor(result.classification.riskLevel)
+        );
+        if (result.classification.euAiActCategory) {
+          console.log(
+            chalk5.dim("    EU AI Act: ") + chalk5.yellow(result.classification.euAiActCategory)
+          );
+        }
+      }
+    }
+    console.log();
+  }
+  const valid = results.filter((r) => r.validation.valid).length;
+  const invalid = results.filter((r) => !r.validation.valid).length;
+  console.log(chalk5.dim("\u2500".repeat(50)));
+  console.log(
+    `Total: ${results.length} | ` + chalk5.green(`Valid: ${valid}`) + ` | ` + chalk5.red(`Invalid: ${invalid}`)
+  );
+}
+function getRiskLevelColor(level) {
+  switch (level) {
+    case "minimal":
+      return chalk5.green;
+    case "limited":
+      return chalk5.yellow;
+    case "high":
+      return chalk5.red;
+    case "unacceptable":
+      return chalk5.magenta;
+    default:
+      return chalk5.white;
+  }
+}
+
+// src/commands/status.ts
+import { Command as Command5 } from "commander";
+import chalk6 from "chalk";
+import path5 from "path";
+import fs4 from "fs/promises";
+import {
+  loadAssetCard as loadAssetCard2,
+  classifyRisk as classifyRisk2
+} from "@aigrc/core";
+var DEFAULT_CARDS_DIR4 = ".aigrc/cards";
+var DEFAULT_CONFIG_FILE2 = ".aigrc.yaml";
+var statusCommand = new Command5("status").description("Show the current AIGRC status and registered assets").option("-o, --output <format>", "Output format (text, json)", "text").action(async (options) => {
+  await runStatus(options);
+});
+async function runStatus(options) {
+  const cwd = process.cwd();
+  if (options.output === "text") {
+    printHeader();
+  }
+  const configPath = path5.join(cwd, DEFAULT_CONFIG_FILE2);
+  const cardsDir = path5.join(cwd, DEFAULT_CARDS_DIR4);
+  const configExists = await fileExists2(configPath);
+  const cardsDirExists = await directoryExists(cardsDir);
+  if (!configExists && !cardsDirExists) {
+    if (options.output === "text") {
+      console.log(chalk6.yellow("AIGRC is not initialized in this directory."));
+      console.log(chalk6.dim("\nRun `aigrc init` to get started."));
+    } else {
+      console.log(JSON.stringify({ initialized: false }));
+    }
+    return;
+  }
+  const cards = [];
+  if (cardsDirExists) {
+    try {
+      const files = await fs4.readdir(cardsDir);
+      const yamlFiles = files.filter((f) => f.endsWith(".yaml") || f.endsWith(".yml"));
+      for (const file of yamlFiles) {
+        try {
+          const filePath = path5.join(cardsDir, file);
+          const card = loadAssetCard2(filePath);
+          const classification = classifyRisk2(card.classification.riskFactors);
+          cards.push({ path: filePath, card, classification });
+        } catch {
+        }
+      }
+    } catch {
+    }
+  }
+  if (options.output === "json") {
+    console.log(
+      JSON.stringify(
+        {
+          initialized: true,
+          configPath,
+          cardsDir,
+          cards: cards.map((c) => ({
+            path: c.path,
+            name: c.card.name,
+            id: c.card.id,
+            riskLevel: c.classification.riskLevel,
+            euAiActCategory: c.classification.euAiActCategory
+          }))
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  console.log(chalk6.bold("AIGRC Status"));
+  console.log(chalk6.dim("\u2500".repeat(50)));
+  console.log();
+  console.log(chalk6.dim("Config:"), configExists ? chalk6.green("\u2713") : chalk6.red("\u2717"), configPath);
+  console.log(chalk6.dim("Cards:"), cardsDirExists ? chalk6.green("\u2713") : chalk6.red("\u2717"), cardsDir);
+  console.log();
+  if (cards.length === 0) {
+    console.log(chalk6.yellow("No asset cards registered."));
+    console.log(chalk6.dim("\nRun `aigrc init` or `aigrc register` to create an asset card."));
+    return;
+  }
+  console.log(chalk6.bold(`Registered Assets (${cards.length})`));
+  console.log(chalk6.dim("\u2500".repeat(50)));
+  console.log();
+  const byLevel = groupByRiskLevel(cards);
+  for (const level of ["unacceptable", "high", "limited", "minimal"]) {
+    const levelCards = byLevel.get(level);
+    if (!levelCards || levelCards.length === 0) continue;
+    const levelColor = getRiskLevelColor2(level);
+    console.log(levelColor(`${level.toUpperCase()} (${levelCards.length})`));
+    console.log();
+    for (const { card, classification } of levelCards) {
+      console.log(`  ${chalk6.bold(card.name)}`);
+      console.log(chalk6.dim(`    ID: ${card.id}`));
+      console.log(chalk6.dim(`    Risk Level: ${classification.riskLevel}`));
+      if (classification.euAiActCategory) {
+        console.log(chalk6.dim(`    EU AI Act: `) + chalk6.yellow(classification.euAiActCategory));
+      }
+      if (card.ownership?.owner) {
+        console.log(chalk6.dim(`    Owner: ${card.ownership.owner.name} <${card.ownership.owner.email}>`));
+      }
+      const activeRisks = getActiveRiskFactors(card);
+      if (activeRisks.length > 0) {
+        console.log(chalk6.dim(`    Risks: `) + activeRisks.join(", "));
+      }
+      console.log();
+    }
+  }
+  printStatusSummary(cards);
+}
+function groupByRiskLevel(cards) {
+  const byLevel = /* @__PURE__ */ new Map();
+  for (const item of cards) {
+    const level = item.classification.riskLevel;
+    if (!byLevel.has(level)) {
+      byLevel.set(level, []);
+    }
+    byLevel.get(level).push(item);
+  }
+  return byLevel;
+}
+function printStatusSummary(cards) {
+  console.log(chalk6.dim("\u2500".repeat(50)));
+  const minimal = cards.filter((c) => c.classification.riskLevel === "minimal").length;
+  const limited = cards.filter((c) => c.classification.riskLevel === "limited").length;
+  const high = cards.filter((c) => c.classification.riskLevel === "high").length;
+  const unacceptable = cards.filter((c) => c.classification.riskLevel === "unacceptable").length;
+  console.log(
+    `Total: ${cards.length} | ` + chalk6.green(`Minimal: ${minimal}`) + ` | ` + chalk6.yellow(`Limited: ${limited}`) + ` | ` + chalk6.red(`High: ${high}`) + ` | ` + chalk6.magenta(`Unacceptable: ${unacceptable}`)
+  );
+  if (high > 0 || unacceptable > 0) {
+    console.log();
+    console.log(chalk6.yellow("\u26A0 High-risk assets detected. Review compliance requirements."));
+  }
+}
+function getActiveRiskFactors(card) {
+  const risks = [];
+  const rf = card.classification?.riskFactors;
+  if (!rf) return risks;
+  if (rf.autonomousDecisions) risks.push("Autonomous");
+  if (rf.customerFacing) risks.push("Customer-Facing");
+  if (rf.toolExecution) risks.push("Tool Execution");
+  if (rf.externalDataAccess) risks.push("External Data");
+  if (rf.piiProcessing === "yes") risks.push("PII");
+  if (rf.highStakesDecisions) risks.push("High-Stakes");
+  return risks;
+}
+function getRiskLevelColor2(level) {
+  switch (level) {
+    case "minimal":
+      return chalk6.green;
+    case "limited":
+      return chalk6.yellow;
+    case "high":
+      return chalk6.red;
+    case "unacceptable":
+      return chalk6.magenta;
+    default:
+      return chalk6.white;
+  }
+}
+async function fileExists2(filePath) {
+  try {
+    const stat = await fs4.stat(filePath);
+    return stat.isFile();
+  } catch {
+    return false;
+  }
+}
+async function directoryExists(dirPath) {
+  try {
+    const stat = await fs4.stat(dirPath);
+    return stat.isDirectory();
+  } catch {
+    return false;
+  }
+}
+
+// src/commands/compliance.ts
+import { Command as Command6 } from "commander";
+import chalk7 from "chalk";
+import ora4 from "ora";
+import { existsSync, readFileSync, writeFileSync } from "fs";
+import { join } from "path";
+import YAML from "yaml";
+var BUILTIN_PROFILES = [
+  {
+    id: "eu-ai-act",
+    name: "EU AI Act",
+    version: "2024.1",
+    jurisdiction: "EU",
+    description: "European Union Artificial Intelligence Act"
+  },
+  {
+    id: "us-omb-m24",
+    name: "US OMB M-24-10/M-24-18",
+    version: "2024.1",
+    jurisdiction: "US",
+    description: "US Federal AI governance memoranda"
+  },
+  {
+    id: "nist-ai-rmf",
+    name: "NIST AI RMF",
+    version: "1.0",
+    jurisdiction: "US",
+    description: "NIST AI Risk Management Framework"
+  },
+  {
+    id: "iso-42001",
+    name: "ISO/IEC 42001",
+    version: "2023",
+    jurisdiction: "International",
+    description: "AI Management System Standard"
+  }
+];
+var complianceCommand = new Command6("compliance").description("Manage compliance profiles").addCommand(
+  new Command6("list").description("List available compliance profiles").option("-a, --active", "Show only active profiles").option("-o, --output <format>", "Output format (text, json, yaml)", "text").action(async (options) => {
+    await listProfiles(options);
+  })
+).addCommand(
+  new Command6("show").description("Show details of a profile").argument("<profileId>", "Profile ID (e.g., eu-ai-act, us-omb-m24)").option("-o, --output <format>", "Output format (text, json, yaml)", "text").action(async (profileId, options) => {
+    await showProfile(profileId, options);
+  })
+).addCommand(
+  new Command6("set").description("Set active profiles in .aigrc.yaml").argument("<profiles...>", "Profile IDs to activate").option("--stack", "Enable profile stacking (strictest wins)").action(async (profiles, options) => {
+    await setProfiles(profiles, options);
+  })
+);
+async function listProfiles(options) {
+  if (options.output === "text") {
+    printHeader();
+    printSubheader("Available Compliance Profiles");
+  }
+  const activeProfiles = loadActiveProfiles();
+  const profiles = options.active ? BUILTIN_PROFILES.filter((p) => activeProfiles.includes(p.id)) : BUILTIN_PROFILES;
+  if (options.output === "json") {
+    console.log(JSON.stringify(profiles, null, 2));
+    return;
+  }
+  if (options.output === "yaml") {
+    console.log(YAML.stringify(profiles));
+    return;
+  }
+  console.log();
+  console.log(
+    chalk7.dim("  ID".padEnd(16)) + chalk7.dim("Name".padEnd(28)) + chalk7.dim("Jurisdiction".padEnd(16)) + chalk7.dim("Active")
+  );
+  console.log(chalk7.dim("  " + "\u2500".repeat(70)));
+  for (const profile of profiles) {
+    const isActive = activeProfiles.includes(profile.id);
+    const activeIndicator = isActive ? chalk7.green("\u2713") : chalk7.gray("\xB7");
+    console.log(
+      `  ${chalk7.cyan(profile.id.padEnd(14))} ${profile.name.padEnd(26)} ${chalk7.dim(profile.jurisdiction.padEnd(14))} ${activeIndicator}`
+    );
+  }
+  console.log();
+  printInfo(`${profiles.length} profile(s) available, ${activeProfiles.length} active`);
+}
+async function showProfile(profileId, options) {
+  const profile = BUILTIN_PROFILES.find((p) => p.id === profileId);
+  if (!profile) {
+    printError(`Profile not found: ${profileId}`);
+    console.log();
+    printInfo(`Available profiles: ${BUILTIN_PROFILES.map((p) => p.id).join(", ")}`);
+    process.exit(1);
+  }
+  if (options.output === "json") {
+    console.log(JSON.stringify(profile, null, 2));
+    return;
+  }
+  if (options.output === "yaml") {
+    console.log(YAML.stringify(profile));
+    return;
+  }
+  printHeader();
+  console.log(chalk7.bold.cyan(`Profile: ${profile.name}`));
+  console.log();
+  console.log(`  ${chalk7.dim("ID:")}           ${profile.id}`);
+  console.log(`  ${chalk7.dim("Version:")}      ${profile.version}`);
+  console.log(`  ${chalk7.dim("Jurisdiction:")} ${profile.jurisdiction}`);
+  console.log(`  ${chalk7.dim("Description:")}  ${profile.description}`);
+  const activeProfiles = loadActiveProfiles();
+  const isActive = activeProfiles.includes(profile.id);
+  console.log();
+  console.log(
+    `  ${chalk7.dim("Status:")}       ${isActive ? chalk7.green("Active") : chalk7.gray("Inactive")}`
+  );
+}
+async function setProfiles(profiles, options) {
+  printHeader();
+  const invalidProfiles = profiles.filter(
+    (p) => !BUILTIN_PROFILES.find((bp) => bp.id === p)
+  );
+  if (invalidProfiles.length > 0) {
+    printError(`Unknown profile(s): ${invalidProfiles.join(", ")}`);
+    console.log();
+    printInfo(`Available profiles: ${BUILTIN_PROFILES.map((p) => p.id).join(", ")}`);
+    process.exit(1);
+  }
+  const spinner = ora4("Updating configuration...").start();
+  try {
+    const configPath = join(process.cwd(), ".aigrc.yaml");
+    let config = {};
+    if (existsSync(configPath)) {
+      const content = readFileSync(configPath, "utf-8");
+      config = YAML.parse(content) || {};
+    }
+    config.profiles = profiles;
+    if (options.stack) {
+      config.stackProfiles = true;
+    }
+    writeFileSync(configPath, YAML.stringify(config, { indent: 2 }), "utf-8");
+    spinner.succeed("Configuration updated");
+    console.log();
+    printSuccess(`Active profiles: ${profiles.join(", ")}`);
+    if (options.stack) {
+      printInfo("Profile stacking enabled (strictest requirements apply)");
+    }
+  } catch (error) {
+    spinner.fail("Failed to update configuration");
+    printError(error instanceof Error ? error.message : String(error));
+    process.exit(1);
+  }
+}
+function loadActiveProfiles() {
+  const configPath = join(process.cwd(), ".aigrc.yaml");
+  if (!existsSync(configPath)) {
+    return ["eu-ai-act"];
+  }
+  try {
+    const content = readFileSync(configPath, "utf-8");
+    const config = YAML.parse(content);
+    return config?.profiles || ["eu-ai-act"];
+  } catch {
+    return ["eu-ai-act"];
+  }
+}
+
+// src/commands/classify.ts
+import { Command as Command7 } from "commander";
+import chalk8 from "chalk";
+import ora5 from "ora";
+import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
+import { join as join2 } from "path";
+import YAML2 from "yaml";
+import { loadAssetCard as loadAssetCard3, saveAssetCard as saveAssetCard3 } from "@aigrc/core";
+var RISK_MAPPINGS = {
+  "eu-ai-act": {
+    minimal: "minimal",
+    limited: "limited",
+    high: "high",
+    unacceptable: "unacceptable"
+  },
+  "us-omb-m24": {
+    minimal: "neither",
+    limited: "neither",
+    high: "rights-impacting",
+    unacceptable: "safety-impacting"
+  },
+  "nist-ai-rmf": {
+    minimal: "minimal",
+    limited: "low",
+    high: "high",
+    unacceptable: "critical"
+  },
+  "iso-42001": {
+    minimal: "low",
+    limited: "medium",
+    high: "high",
+    unacceptable: "critical"
+  }
+};
+var PROFILE_NAMES = {
+  "eu-ai-act": "EU AI Act",
+  "us-omb-m24": "US OMB M-24",
+  "nist-ai-rmf": "NIST AI RMF",
+  "iso-42001": "ISO/IEC 42001"
+};
+var classifyCommand = new Command7("classify").description("Classify an asset against compliance profiles").argument("<assetPath>", "Path to asset card YAML file").option("-p, --profiles <profiles...>", "Profile IDs to classify against").option("-a, --all", "Classify against all available profiles").option("-o, --output <format>", "Output format (text, json, yaml)", "text").option("-u, --update", "Update asset card with classification results").action(async (assetPath, options) => {
+  await runClassify(assetPath, options);
+});
+async function runClassify(assetPath, options) {
+  if (options.output === "text") {
+    printHeader();
+  }
+  if (!existsSync2(assetPath)) {
+    printError(`Asset card not found: ${assetPath}`);
+    process.exit(1);
+  }
+  const spinner = ora5("Loading asset card...").start();
+  let card;
+  try {
+    card = loadAssetCard3(assetPath);
+    spinner.succeed(`Loaded: ${card.name}`);
+  } catch (error) {
+    spinner.fail("Failed to load asset card");
+    printError(error instanceof Error ? error.message : String(error));
+    process.exit(1);
+  }
+  let profileIds;
+  if (options.all) {
+    profileIds = Object.keys(RISK_MAPPINGS);
+  } else if (options.profiles && options.profiles.length > 0) {
+    profileIds = options.profiles;
+  } else {
+    profileIds = loadActiveProfiles2();
+  }
+  const invalidProfiles = profileIds.filter((p) => !RISK_MAPPINGS[p]);
+  if (invalidProfiles.length > 0) {
+    printError(`Unknown profile(s): ${invalidProfiles.join(", ")}`);
+    process.exit(1);
+  }
+  const classifications = [];
+  const aigrcLevel = card.classification.riskLevel;
+  for (const profileId of profileIds) {
+    const mapping = RISK_MAPPINGS[profileId];
+    const mappedLevel = mapping[aigrcLevel] || aigrcLevel;
+    classifications.push({
+      profileId,
+      profileName: PROFILE_NAMES[profileId] || profileId,
+      aigrcLevel,
+      mappedLevel
+    });
+  }
+  if (options.output === "json") {
+    console.log(
+      JSON.stringify(
+        {
+          asset: card.name,
+          aigrcRiskLevel: aigrcLevel,
+          classifications
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  if (options.output === "yaml") {
+    console.log(
+      YAML2.stringify({
+        asset: card.name,
+        aigrcRiskLevel: aigrcLevel,
+        classifications
+      })
+    );
+    return;
+  }
+  console.log();
+  printSubheader(`Classification: ${card.name}`);
+  console.log();
+  console.log(`  ${chalk8.dim("AIGRC Risk Level:")} ${formatRiskLevel(aigrcLevel)}`);
+  console.log();
+  console.log(
+    chalk8.dim("  Profile".padEnd(24)) + chalk8.dim("Mapped Risk Level")
+  );
+  console.log(chalk8.dim("  " + "\u2500".repeat(50)));
+  for (const c of classifications) {
+    console.log(
+      `  ${c.profileName.padEnd(22)} ${formatRiskLevel(c.mappedLevel)}`
+    );
+  }
+  const riskOrder = ["minimal", "neither", "low", "limited", "medium", "moderate", "high", "rights-impacting", "critical", "safety-impacting", "unacceptable"];
+  let strictestLevel = classifications[0]?.mappedLevel || aigrcLevel;
+  let strictestIndex = riskOrder.indexOf(strictestLevel);
+  for (const c of classifications) {
+    const idx = riskOrder.indexOf(c.mappedLevel);
+    if (idx > strictestIndex) {
+      strictestIndex = idx;
+      strictestLevel = c.mappedLevel;
+    }
+  }
+  console.log();
+  console.log(`  ${chalk8.dim("Strictest:")} ${formatRiskLevel(strictestLevel)}`);
+  if (options.update) {
+    const updateSpinner = ora5("Updating asset card...").start();
+    try {
+      const jurisdictions = classifications.map((c) => ({
+        jurisdictionId: c.profileId,
+        riskLevel: c.mappedLevel,
+        lastChecked: (/* @__PURE__ */ new Date()).toISOString()
+      }));
+      card.classification.jurisdictions = jurisdictions;
+      saveAssetCard3(card, assetPath);
+      updateSpinner.succeed("Asset card updated with classifications");
+    } catch (error) {
+      updateSpinner.fail("Failed to update asset card");
+      printError(error instanceof Error ? error.message : String(error));
+    }
+  }
+}
+function formatRiskLevel(level) {
+  const colors = {
+    minimal: chalk8.green,
+    neither: chalk8.green,
+    low: chalk8.green,
+    limited: chalk8.yellow,
+    medium: chalk8.yellow,
+    moderate: chalk8.yellow,
+    high: chalk8.red,
+    "rights-impacting": chalk8.red,
+    critical: chalk8.magenta,
+    "safety-impacting": chalk8.magenta,
+    unacceptable: chalk8.magenta.bold
+  };
+  const colorFn = colors[level] || chalk8.white;
+  return colorFn(level.toUpperCase());
+}
+function loadActiveProfiles2() {
+  const configPath = join2(process.cwd(), ".aigrc.yaml");
+  if (!existsSync2(configPath)) {
+    return ["eu-ai-act"];
+  }
+  try {
+    const content = readFileSync2(configPath, "utf-8");
+    const config = YAML2.parse(content);
+    return config?.profiles || ["eu-ai-act"];
+  } catch {
+    return ["eu-ai-act"];
+  }
+}
+
+// src/commands/check.ts
+import { Command as Command8 } from "commander";
+import chalk9 from "chalk";
+import ora6 from "ora";
+import { existsSync as existsSync3, readFileSync as readFileSync3 } from "fs";
+import { join as join3 } from "path";
+import YAML3 from "yaml";
+import { loadAssetCard as loadAssetCard4 } from "@aigrc/core";
+var PROFILE_CONTROLS = {
+  "eu-ai-act": [
+    { id: "eu-art-9", name: "Risk Management System", category: "Risk Management", riskLevels: ["high"] },
+    { id: "eu-art-10", name: "Data Governance", category: "Data Governance", riskLevels: ["high"] },
+    { id: "eu-art-11", name: "Technical Documentation", category: "Documentation", riskLevels: ["high"] },
+    { id: "eu-art-12", name: "Record Keeping", category: "Logging", riskLevels: ["high"] },
+    { id: "eu-art-13", name: "Transparency", category: "Transparency", riskLevels: ["high", "limited"] },
+    { id: "eu-art-14", name: "Human Oversight", category: "Oversight", riskLevels: ["high"] },
+    { id: "eu-art-15", name: "Accuracy and Robustness", category: "Technical", riskLevels: ["high"] },
+    { id: "eu-art-50", name: "Transparency Obligations", category: "Transparency", riskLevels: ["limited"] }
+  ],
+  "us-omb-m24": [
+    { id: "us-aia", name: "AI Impact Assessment", category: "Assessment", riskLevels: ["rights-impacting", "safety-impacting"] },
+    { id: "us-human-oversight", name: "Human Oversight", category: "Oversight", riskLevels: ["rights-impacting", "safety-impacting"] },
+    { id: "us-equity", name: "Equity Assessment", category: "Equity", riskLevels: ["rights-impacting"] },
+    { id: "us-notice", name: "Affected Individual Notice", category: "Transparency", riskLevels: ["rights-impacting"] },
+    { id: "us-appeal", name: "Appeal Process", category: "Remediation", riskLevels: ["rights-impacting"] },
+    { id: "us-safety-testing", name: "Safety Testing", category: "Testing", riskLevels: ["safety-impacting"] }
+  ],
+  "nist-ai-rmf": [
+    { id: "nist-govern", name: "GOVERN Function", category: "Governance", riskLevels: ["minimal", "low", "moderate", "high", "critical"] },
+    { id: "nist-map", name: "MAP Function", category: "Risk Mapping", riskLevels: ["low", "moderate", "high", "critical"] },
+    { id: "nist-measure", name: "MEASURE Function", category: "Measurement", riskLevels: ["low", "moderate", "high", "critical"] },
+    { id: "nist-manage", name: "MANAGE Function", category: "Management", riskLevels: ["low", "moderate", "high", "critical"] }
+  ],
+  "iso-42001": [
+    { id: "iso-a5", name: "Leadership and Commitment", category: "Leadership", riskLevels: ["low", "medium", "high", "critical"] },
+    { id: "iso-a6", name: "Planning", category: "Planning", riskLevels: ["low", "medium", "high", "critical"] },
+    { id: "iso-a7", name: "Support", category: "Support", riskLevels: ["medium", "high", "critical"] },
+    { id: "iso-a8", name: "Operation", category: "Operations", riskLevels: ["medium", "high", "critical"] },
+    { id: "iso-a9", name: "Performance Evaluation", category: "Performance", riskLevels: ["medium", "high", "critical"] },
+    { id: "iso-a10", name: "Improvement", category: "Improvement", riskLevels: ["high", "critical"] }
+  ]
+};
+var RISK_MAPPINGS2 = {
+  "eu-ai-act": { minimal: "minimal", limited: "limited", high: "high", unacceptable: "unacceptable" },
+  "us-omb-m24": { minimal: "neither", limited: "neither", high: "rights-impacting", unacceptable: "safety-impacting" },
+  "nist-ai-rmf": { minimal: "minimal", limited: "low", high: "high", unacceptable: "critical" },
+  "iso-42001": { minimal: "low", limited: "medium", high: "high", unacceptable: "critical" }
+};
+var PROFILE_NAMES2 = {
+  "eu-ai-act": "EU AI Act",
+  "us-omb-m24": "US OMB M-24",
+  "nist-ai-rmf": "NIST AI RMF",
+  "iso-42001": "ISO/IEC 42001"
+};
+var checkCommand = new Command8("check").description("Check compliance status for an asset").argument("<assetPath>", "Path to asset card YAML file").option("-p, --profiles <profiles...>", "Profile IDs to check").option("-s, --stack", "Check against stacked profiles (strictest wins)").option("-o, --output <format>", "Output format (text, json, yaml)", "text").option("-v, --verbose", "Show detailed control status").action(async (assetPath, options) => {
+  await runCheck(assetPath, options);
+});
+async function runCheck(assetPath, options) {
+  if (options.output === "text") {
+    printHeader();
+  }
+  if (!existsSync3(assetPath)) {
+    printError(`Asset card not found: ${assetPath}`);
+    process.exit(1);
+  }
+  const spinner = ora6("Loading asset card...").start();
+  let card;
+  try {
+    card = loadAssetCard4(assetPath);
+    spinner.succeed(`Loaded: ${card.name}`);
+  } catch (error) {
+    spinner.fail("Failed to load asset card");
+    printError(error instanceof Error ? error.message : String(error));
+    process.exit(1);
+  }
+  let profileIds;
+  if (options.profiles && options.profiles.length > 0) {
+    profileIds = options.profiles;
+  } else {
+    profileIds = loadActiveProfiles3();
+  }
+  const results = [];
+  for (const profileId of profileIds) {
+    const result = checkProfile(card, profileId);
+    if (result) {
+      results.push(result);
+    }
+  }
+  if (options.output === "json") {
+    console.log(JSON.stringify({ asset: card.name, results }, null, 2));
+    return;
+  }
+  if (options.output === "yaml") {
+    console.log(YAML3.stringify({ asset: card.name, results }));
+    return;
+  }
+  console.log();
+  printSubheader(`Compliance Check: ${card.name}`);
+  console.log();
+  console.log(
+    chalk9.dim("  Profile".padEnd(20)) + chalk9.dim("Risk Level".padEnd(20)) + chalk9.dim("Compliant".padEnd(12)) + chalk9.dim("Score")
+  );
+  console.log(chalk9.dim("  " + "\u2500".repeat(60)));
+  for (const r of results) {
+    const compliantIcon = r.compliant ? chalk9.green("\u2713 Yes") : chalk9.red("\u2717 No");
+    const scoreColor = r.percentage >= 80 ? chalk9.green : r.percentage >= 50 ? chalk9.yellow : chalk9.red;
+    console.log(
+      `  ${r.profileName.padEnd(18)} ${formatRiskLevel2(r.riskLevel).padEnd(28)} ${compliantIcon.padEnd(20)} ${scoreColor(r.percentage + "%")}`
+    );
+  }
+  if (options.stack && results.length > 1) {
+    console.log();
+    const allCompliant = results.every((r) => r.compliant);
+    const avgPercentage = Math.round(results.reduce((acc, r) => acc + r.percentage, 0) / results.length);
+    console.log(
+      `  ${chalk9.bold("STACKED")}`.padEnd(18) + `${chalk9.dim("(strictest)")}`.padEnd(28) + `${allCompliant ? chalk9.green("\u2713 Yes") : chalk9.red("\u2717 No")}`.padEnd(20) + `${avgPercentage}%`
+    );
+  }
+  if (options.verbose) {
+    for (const r of results) {
+      console.log();
+      printSubheader(`${r.profileName} Details`);
+      console.log();
+      console.log(
+        chalk9.dim("  Control".padEnd(32)) + chalk9.dim("Status")
+      );
+      console.log(chalk9.dim("  " + "\u2500".repeat(50)));
+      for (const c of r.controls) {
+        const statusIcon = getStatusIcon(c.status);
+        console.log(`  ${c.controlName.padEnd(30)} ${statusIcon}`);
+      }
+      if (r.gaps.length > 0) {
+        console.log();
+        printWarning(`${r.gaps.length} gap(s) identified:`);
+        for (const gap of r.gaps) {
+          console.log(chalk9.yellow(`    - ${gap}`));
+        }
+      }
+    }
+  } else {
+    const allGaps = [];
+    for (const r of results) {
+      allGaps.push(...r.gaps);
+    }
+    if (allGaps.length > 0) {
+      console.log();
+      printWarning(`${allGaps.length} total gap(s) identified. Use --verbose for details.`);
+    }
+  }
+}
+function checkProfile(card, profileId) {
+  const controls = PROFILE_CONTROLS[profileId];
+  const mapping = RISK_MAPPINGS2[profileId];
+  if (!controls || !mapping) {
+    return null;
+  }
+  const aigrcLevel = card.classification.riskLevel;
+  const mappedLevel = mapping[aigrcLevel] || aigrcLevel;
+  const applicableControls = controls.filter((c) => c.riskLevels.includes(mappedLevel));
+  const controlStatuses = applicableControls.map((control) => {
+    const status = evaluateControl(card, control);
+    return {
+      controlId: control.id,
+      controlName: control.name,
+      status,
+      notes: status === "not_implemented" ? "No evidence found" : void 0
+    };
+  });
+  const implemented = controlStatuses.filter((c) => c.status === "implemented" || c.status === "not_applicable").length;
+  const total = controlStatuses.filter((c) => c.status !== "not_applicable").length;
+  const percentage = total > 0 ? Math.round(implemented / total * 100) : 100;
+  const gaps = [];
+  for (const c of controlStatuses) {
+    if (c.status === "not_implemented") {
+      gaps.push(`Missing: ${c.controlName}`);
+    } else if (c.status === "partial") {
+      gaps.push(`Partial: ${c.controlName}`);
+    }
+  }
+  return {
+    profileId,
+    profileName: PROFILE_NAMES2[profileId] || profileId,
+    riskLevel: mappedLevel,
+    compliant: percentage === 100,
+    percentage,
+    controls: controlStatuses,
+    gaps
+  };
+}
+function evaluateControl(card, control) {
+  const hasApprovals = card.governance.approvals.length > 0;
+  const hasIntent = card.intent.linked;
+  const hasConstraints = !!card.constraints;
+  const categoryEvidence = {
+    "Risk Management": hasApprovals || hasIntent,
+    "Data Governance": hasConstraints,
+    Documentation: hasIntent && !!card.intent.businessJustification,
+    Logging: hasConstraints && card.constraints?.monitoring?.logAllDecisions,
+    Transparency: card.intent.linked,
+    Oversight: hasApprovals || hasConstraints && card.constraints?.humanApprovalRequired?.length,
+    Technical: hasConstraints,
+    Assessment: hasIntent && !!card.intent.businessJustification,
+    Governance: hasApprovals,
+    Planning: hasIntent,
+    Leadership: hasApprovals,
+    Support: card.ownership.team !== void 0,
+    Operations: hasConstraints,
+    Performance: hasConstraints && card.constraints?.monitoring?.logAllDecisions,
+    Improvement: hasApprovals && card.governance.status !== "draft",
+    Equity: hasIntent && !!card.intent.businessJustification,
+    Remediation: hasApprovals,
+    Testing: hasConstraints,
+    Measurement: hasConstraints && card.constraints?.monitoring,
+    Management: hasApprovals || hasIntent,
+    "Risk Mapping": hasIntent
+  };
+  const hasEvidence = categoryEvidence[control.category] ?? false;
+  if (hasEvidence) {
+    return "implemented";
+  }
+  return "not_implemented";
+}
+function getStatusIcon(status) {
+  switch (status) {
+    case "implemented":
+      return chalk9.green("\u2713 Implemented");
+    case "partial":
+      return chalk9.yellow("\u25D0 Partial");
+    case "not_implemented":
+      return chalk9.red("\u2717 Missing");
+    case "not_applicable":
+      return chalk9.gray("- N/A");
+  }
+}
+function formatRiskLevel2(level) {
+  const colors = {
+    minimal: chalk9.green,
+    neither: chalk9.green,
+    low: chalk9.green,
+    limited: chalk9.yellow,
+    medium: chalk9.yellow,
+    moderate: chalk9.yellow,
+    high: chalk9.red,
+    "rights-impacting": chalk9.red,
+    critical: chalk9.magenta,
+    "safety-impacting": chalk9.magenta,
+    unacceptable: chalk9.magenta.bold
+  };
+  const colorFn = colors[level] || chalk9.white;
+  return colorFn(level.toUpperCase());
+}
+function loadActiveProfiles3() {
+  const configPath = join3(process.cwd(), ".aigrc.yaml");
+  if (!existsSync3(configPath)) {
+    return ["eu-ai-act"];
+  }
+  try {
+    const content = readFileSync3(configPath, "utf-8");
+    const config = YAML3.parse(content);
+    return config?.profiles || ["eu-ai-act"];
+  } catch {
+    return ["eu-ai-act"];
+  }
+}
+
+// src/commands/generate.ts
+import { Command as Command9 } from "commander";
+import ora7 from "ora";
+import { existsSync as existsSync4, mkdirSync, writeFileSync as writeFileSync3, readFileSync as readFileSync4 } from "fs";
+import { join as join4 } from "path";
+import YAML4 from "yaml";
+import { loadAssetCard as loadAssetCard5 } from "@aigrc/core";
+var ARTIFACT_TEMPLATES = {
+  "eu-ai-act": [
+    { id: "risk-management-plan", name: "Risk Management Plan", requiredFor: ["high"], format: "md" },
+    { id: "technical-documentation", name: "Technical Documentation", requiredFor: ["high"], format: "md" },
+    { id: "conformity-declaration", name: "EU Declaration of Conformity", requiredFor: ["high"], format: "md" }
+  ],
+  "us-omb-m24": [
+    { id: "ai-impact-assessment", name: "AI Impact Assessment", requiredFor: ["rights-impacting", "safety-impacting"], format: "md" },
+    { id: "equity-assessment", name: "Equity Assessment", requiredFor: ["rights-impacting"], format: "md" }
+  ],
+  "nist-ai-rmf": [
+    { id: "nist-profile", name: "NIST AI RMF Profile", requiredFor: ["moderate", "high", "critical"], format: "yaml" },
+    { id: "nist-playbook", name: "NIST AI RMF Playbook", requiredFor: ["high", "critical"], format: "md" }
+  ],
+  "iso-42001": [
+    { id: "aims-policy", name: "AIMS Policy", requiredFor: ["low", "medium", "high", "critical"], format: "md" },
+    { id: "aims-manual", name: "AIMS Manual", requiredFor: ["high", "critical"], format: "md" },
+    { id: "risk-treatment-plan", name: "Risk Treatment Plan", requiredFor: ["medium", "high", "critical"], format: "md" }
+  ]
+};
+var RISK_MAPPINGS3 = {
+  "eu-ai-act": { minimal: "minimal", limited: "limited", high: "high", unacceptable: "unacceptable" },
+  "us-omb-m24": { minimal: "neither", limited: "neither", high: "rights-impacting", unacceptable: "safety-impacting" },
+  "nist-ai-rmf": { minimal: "minimal", limited: "low", high: "high", unacceptable: "critical" },
+  "iso-42001": { minimal: "low", limited: "medium", high: "high", unacceptable: "critical" }
+};
+var PROFILE_NAMES3 = {
+  "eu-ai-act": "EU AI Act",
+  "us-omb-m24": "US OMB M-24",
+  "nist-ai-rmf": "NIST AI RMF",
+  "iso-42001": "ISO/IEC 42001"
+};
+var generateCommand = new Command9("generate").description("Generate compliance artifacts from templates").argument("<assetPath>", "Path to asset card YAML file").option("-p, --profile <profile>", "Profile ID for templates").option("-t, --template <template>", "Specific template ID to generate").option("-a, --all", "Generate all required artifacts").option("-o, --output-dir <dir>", "Output directory", ".aigrc/artifacts").option("-f, --force", "Overwrite existing files").action(async (assetPath, options) => {
+  await runGenerate(assetPath, options);
+});
+async function runGenerate(assetPath, options) {
+  printHeader();
+  if (!existsSync4(assetPath)) {
+    printError(`Asset card not found: ${assetPath}`);
+    process.exit(1);
+  }
+  const spinner = ora7("Loading asset card...").start();
+  let card;
+  try {
+    card = loadAssetCard5(assetPath);
+    spinner.succeed(`Loaded: ${card.name}`);
+  } catch (error) {
+    spinner.fail("Failed to load asset card");
+    printError(error instanceof Error ? error.message : String(error));
+    process.exit(1);
+  }
+  const profileId = options.profile || loadActiveProfiles4()[0];
+  const templates = ARTIFACT_TEMPLATES[profileId];
+  if (!templates) {
+    printError(`Unknown profile: ${profileId}`);
+    printInfo(`Available profiles: ${Object.keys(ARTIFACT_TEMPLATES).join(", ")}`);
+    process.exit(1);
+  }
+  const mapping = RISK_MAPPINGS3[profileId];
+  const mappedLevel = mapping[card.classification.riskLevel] || card.classification.riskLevel;
+  let templatesToGenerate = templates.filter((t) => t.requiredFor.includes(mappedLevel));
+  if (options.template) {
+    const specific = templates.find((t) => t.id === options.template);
+    if (!specific) {
+      printError(`Template not found: ${options.template}`);
+      printInfo(`Available templates: ${templates.map((t) => t.id).join(", ")}`);
+      process.exit(1);
+    }
+    templatesToGenerate = [specific];
+  }
+  if (!options.all && !options.template && templatesToGenerate.length === 0) {
+    printInfo(`No artifacts required for risk level: ${mappedLevel}`);
+    printInfo("Use --all to generate all available templates");
+    return;
+  }
+  if (options.all) {
+    templatesToGenerate = templates;
+  }
+  console.log();
+  printSubheader(`Generating Artifacts (${PROFILE_NAMES3[profileId]})`);
+  console.log();
+  printInfo(`Risk Level: ${mappedLevel}`);
+  printInfo(`Output Directory: ${options.outputDir}`);
+  console.log();
+  const outputDir = join4(process.cwd(), options.outputDir || ".aigrc/artifacts", profileId);
+  if (!existsSync4(outputDir)) {
+    mkdirSync(outputDir, { recursive: true });
+  }
+  let generated = 0;
+  let skipped = 0;
+  for (const template of templatesToGenerate) {
+    const filename = `${template.id}.${template.format}`;
+    const outputPath = join4(outputDir, filename);
+    if (existsSync4(outputPath) && !options.force) {
+      printWarning(`Skipped (exists): ${filename}`);
+      skipped++;
+      continue;
+    }
+    const content = generateTemplateContent(card, profileId, template);
+    writeFileSync3(outputPath, content, "utf-8");
+    printSuccess(`Generated: ${filename}`);
+    generated++;
+  }
+  console.log();
+  printInfo(`Generated: ${generated}, Skipped: ${skipped}`);
+  if (skipped > 0) {
+    printInfo("Use --force to overwrite existing files");
+  }
+}
+function generateTemplateContent(card, profileId, template) {
+  const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+  if (template.format === "yaml") {
+    return generateYamlTemplate(card, profileId, template);
+  }
+  return `# ${template.name}
+
+## Document Information
+
+| Field | Value |
+|-------|-------|
+| Asset Name | ${card.name} |
+| Asset ID | ${card.id} |
+| Profile | ${PROFILE_NAMES3[profileId]} |
+| Generated | ${now} |
+| Version | 1.0 |
+
+---
+
+## 1. Overview
+
+${card.description || "No description provided."}
+
+### 1.1 Asset Classification
+
+- **Risk Level:** ${card.classification.riskLevel.toUpperCase()}
+- **Asset Type:** ${card.technical.type}
+- **Framework:** ${card.technical.framework || "Not specified"}
+
+### 1.2 Ownership
+
+- **Owner:** ${card.ownership.owner.name}
+- **Email:** ${card.ownership.owner.email}
+- **Team:** ${card.ownership.team || "Not specified"}
+
+---
+
+## 2. ${getSection2Title(template.id)}
+
+${getSection2Content(template.id, card)}
+
+---
+
+## 3. Risk Factors
+
+| Factor | Status |
+|--------|--------|
+| Autonomous Decisions | ${card.classification.riskFactors.autonomousDecisions ? "Yes" : "No"} |
+| Customer Facing | ${card.classification.riskFactors.customerFacing ? "Yes" : "No"} |
+| Tool Execution | ${card.classification.riskFactors.toolExecution ? "Yes" : "No"} |
+| External Data Access | ${card.classification.riskFactors.externalDataAccess ? "Yes" : "No"} |
+| PII Processing | ${card.classification.riskFactors.piiProcessing} |
+| High Stakes Decisions | ${card.classification.riskFactors.highStakesDecisions ? "Yes" : "No"} |
+
+---
+
+## 4. Governance Status
+
+- **Status:** ${card.governance.status}
+- **Approvals:** ${card.governance.approvals.length}
+
+---
+
+## 5. Next Steps
+
+- [ ] Review and complete all sections
+- [ ] Obtain required approvals
+- [ ] Update asset card with artifact path
+- [ ] Schedule periodic review
+
+---
+
+*This document was auto-generated by AIGRC CLI. Review and customize as needed.*
+`;
+}
+function generateYamlTemplate(card, profileId, template) {
+  const content = {
+    $schema: `https://aigrc.dev/schemas/${template.id}/v1`,
+    metadata: {
+      assetId: card.id,
+      assetName: card.name,
+      profile: profileId,
+      generated: (/* @__PURE__ */ new Date()).toISOString(),
+      version: "1.0"
+    },
+    classification: {
+      riskLevel: card.classification.riskLevel,
+      riskFactors: card.classification.riskFactors
+    },
+    governance: {
+      status: card.governance.status,
+      approvalCount: card.governance.approvals.length
+    },
+    // Profile-specific sections would go here
+    implementation: {
+      status: "draft",
+      completedSections: [],
+      pendingSections: ["All sections require review"]
+    }
+  };
+  return YAML4.stringify(content, { indent: 2 });
+}
+function getSection2Title(templateId) {
+  const titles = {
+    "risk-management-plan": "Risk Management",
+    "technical-documentation": "Technical Specification",
+    "conformity-declaration": "Declaration of Conformity",
+    "ai-impact-assessment": "Impact Assessment",
+    "equity-assessment": "Equity Analysis",
+    "nist-playbook": "Implementation Playbook",
+    "aims-policy": "AI Management Policy",
+    "aims-manual": "Management System",
+    "risk-treatment-plan": "Risk Treatment"
+  };
+  return titles[templateId] || "Details";
+}
+function getSection2Content(templateId, card) {
+  const content = {
+    "risk-management-plan": `
+### 2.1 Risk Identification
+
+*Document identified risks associated with the AI system.*
+
+### 2.2 Risk Analysis
+
+*Analyze the likelihood and impact of identified risks.*
+
+### 2.3 Risk Mitigation
+
+*Define mitigation strategies for each risk.*
+
+### 2.4 Monitoring
+
+*Define ongoing monitoring procedures.*
+`,
+    "technical-documentation": `
+### 2.1 System Architecture
+
+*Describe the technical architecture of the AI system.*
+
+### 2.2 Training Data
+
+*Document training data sources, quality measures, and governance.*
+
+### 2.3 Model Performance
+
+*Document accuracy, robustness, and performance metrics.*
+
+### 2.4 Integration Points
+
+*Document integration with other systems.*
+`,
+    "ai-impact-assessment": `
+### 2.1 Purpose and Scope
+
+*Define the purpose and intended use of the AI system.*
+
+### 2.2 Affected Populations
+
+*Identify populations affected by AI decisions.*
+
+### 2.3 Impact Analysis
+
+*Analyze potential impacts on affected populations.*
+
+### 2.4 Mitigation Measures
+
+*Document measures to mitigate negative impacts.*
+`
+  };
+  return content[templateId] || `
+### 2.1 Purpose
+
+*Define the purpose of this document.*
+
+### 2.2 Scope
+
+*Define the scope and applicability.*
+
+### 2.3 Implementation
+
+*Document implementation details.*
+`;
+}
+function loadActiveProfiles4() {
+  const configPath = join4(process.cwd(), ".aigrc.yaml");
+  if (!existsSync4(configPath)) {
+    return ["eu-ai-act"];
+  }
+  try {
+    const content = readFileSync4(configPath, "utf-8");
+    const config = YAML4.parse(content);
+    return config?.profiles || ["eu-ai-act"];
+  } catch {
+    return ["eu-ai-act"];
+  }
+}
+
+// src/commands/report.ts
+import { Command as Command10 } from "commander";
+import ora8 from "ora";
+import { existsSync as existsSync5, mkdirSync as mkdirSync2, writeFileSync as writeFileSync4, readFileSync as readFileSync5, readdirSync } from "fs";
+import { join as join5 } from "path";
+import YAML5 from "yaml";
+import { loadAssetCard as loadAssetCard6 } from "@aigrc/core";
+var PROFILE_NAMES4 = {
+  "eu-ai-act": "EU AI Act",
+  "us-omb-m24": "US OMB M-24",
+  "nist-ai-rmf": "NIST AI RMF",
+  "iso-42001": "ISO/IEC 42001"
+};
+var RISK_MAPPINGS4 = {
+  "eu-ai-act": { minimal: "minimal", limited: "limited", high: "high", unacceptable: "unacceptable" },
+  "us-omb-m24": { minimal: "neither", limited: "neither", high: "rights-impacting", unacceptable: "safety-impacting" },
+  "nist-ai-rmf": { minimal: "minimal", limited: "low", high: "high", unacceptable: "critical" },
+  "iso-42001": { minimal: "low", limited: "medium", high: "high", unacceptable: "critical" }
+};
+var CONTROL_CROSSWALK = {
+  risk_management: {
+    "eu-ai-act": ["eu-art-9"],
+    "us-omb-m24": ["us-aia"],
+    "nist-ai-rmf": ["nist-govern", "nist-manage"],
+    "iso-42001": ["iso-a6"]
+  },
+  human_oversight: {
+    "eu-ai-act": ["eu-art-14"],
+    "us-omb-m24": ["us-human-oversight"],
+    "nist-ai-rmf": ["nist-govern"],
+    "iso-42001": ["iso-a8"]
+  },
+  transparency: {
+    "eu-ai-act": ["eu-art-13", "eu-art-50"],
+    "us-omb-m24": ["us-notice"],
+    "nist-ai-rmf": ["nist-govern"],
+    "iso-42001": ["iso-a7"]
+  },
+  testing: {
+    "eu-ai-act": ["eu-art-15"],
+    "us-omb-m24": ["us-safety-testing"],
+    "nist-ai-rmf": ["nist-measure"],
+    "iso-42001": ["iso-a9"]
+  },
+  data_governance: {
+    "eu-ai-act": ["eu-art-10"],
+    "nist-ai-rmf": ["nist-map"],
+    "iso-42001": ["iso-a8"]
+  }
+};
+var reportCommand = new Command10("report").description("Generate compliance reports").addCommand(
+  new Command10("gap").description("Generate gap analysis report").argument("[assetPath]", "Path to asset card (or all in .aigrc/cards)").option("-p, --profiles <profiles...>", "Profile IDs to analyze").option("-o, --output <file>", "Output file path").option("-f, --format <format>", "Format (md, json, yaml)", "md").action(async (assetPath, options) => {
+    await generateGapReport(assetPath, options);
+  })
+).addCommand(
+  new Command10("crosswalk").description("Generate cross-framework mapping report").argument("<assetPath>", "Path to asset card").option("-p, --profiles <profiles...>", "Profile IDs to include").option("-o, --output <file>", "Output file path").option("-f, --format <format>", "Format (md, json, yaml)", "md").action(async (assetPath, options) => {
+    await generateCrosswalkReport(assetPath, options);
+  })
+).addCommand(
+  new Command10("audit").description("Generate audit package").option("-p, --profile <profile>", "Profile ID", "eu-ai-act").option("-o, --output <dir>", "Output directory").option("--include-assets <assets...>", "Specific asset card paths").action(async (options) => {
+    await generateAuditPackage(options);
+  })
+);
+async function generateGapReport(assetPath, options) {
+  printHeader();
+  const spinner = ora8("Loading assets...").start();
+  let cards = [];
+  if (assetPath) {
+    try {
+      const card = loadAssetCard6(assetPath);
+      cards.push({ path: assetPath, card });
+    } catch (error) {
+      spinner.fail("Failed to load asset card");
+      printError(error instanceof Error ? error.message : String(error));
+      process.exit(1);
+    }
+  } else {
+    const cardsDir = join5(process.cwd(), ".aigrc/cards");
+    if (existsSync5(cardsDir)) {
+      const files = readdirSync(cardsDir).filter((f) => f.endsWith(".yaml") || f.endsWith(".yml"));
+      for (const file of files) {
+        try {
+          const card = loadAssetCard6(join5(cardsDir, file));
+          cards.push({ path: join5(cardsDir, file), card });
+        } catch {
+        }
+      }
+    }
+  }
+  if (cards.length === 0) {
+    spinner.fail("No asset cards found");
+    process.exit(1);
+  }
+  spinner.succeed(`Loaded ${cards.length} asset(s)`);
+  const profileIds = options.profiles || loadActiveProfiles5();
+  const gaps = [];
+  for (const { card } of cards) {
+    const assetGaps = {
+      assetId: card.id,
+      assetName: card.name,
+      profiles: []
+    };
+    for (const profileId of profileIds) {
+      const mapping = RISK_MAPPINGS4[profileId];
+      if (!mapping) continue;
+      const mappedLevel = mapping[card.classification.riskLevel] || card.classification.riskLevel;
+      const gapList = [];
+      if (card.governance.approvals.length === 0) {
+        gapList.push({ control: "Governance Approvals", severity: "high" });
+      }
+      if (!card.intent.linked) {
+        gapList.push({ control: "Golden Thread Link", severity: "medium" });
+      }
+      if (!card.intent.businessJustification) {
+        gapList.push({ control: "Business Justification", severity: "medium" });
+      }
+      assetGaps.profiles.push({
+        profileId,
+        riskLevel: mappedLevel,
+        gaps: gapList
+      });
+    }
+    gaps.push(assetGaps);
+  }
+  const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+  if (options.format === "json") {
+    const output = JSON.stringify({ generated: now, gaps }, null, 2);
+    if (options.output) {
+      writeFileSync4(options.output, output, "utf-8");
+      printSuccess(`Report saved to: ${options.output}`);
+    } else {
+      console.log(output);
+    }
+    return;
+  }
+  if (options.format === "yaml") {
+    const output = YAML5.stringify({ generated: now, gaps });
+    if (options.output) {
+      writeFileSync4(options.output, output, "utf-8");
+      printSuccess(`Report saved to: ${options.output}`);
+    } else {
+      console.log(output);
+    }
+    return;
+  }
+  let md = `# Gap Analysis Report
+
+**Generated:** ${now}
+**Assets Analyzed:** ${cards.length}
+**Profiles:** ${profileIds.join(", ")}
+
+---
+
+`;
+  for (const assetGaps of gaps) {
+    md += `## ${assetGaps.assetName}
+
+`;
+    md += `**Asset ID:** ${assetGaps.assetId}
+
+`;
+    for (const profile of assetGaps.profiles) {
+      md += `### ${PROFILE_NAMES4[profile.profileId] || profile.profileId}
+
+`;
+      md += `**Risk Level:** ${profile.riskLevel}
+
+`;
+      if (profile.gaps.length === 0) {
+        md += "No gaps identified.\n\n";
+      } else {
+        md += "| Gap | Severity |\n";
+        md += "|-----|----------|\n";
+        for (const gap of profile.gaps) {
+          md += `| ${gap.control} | ${gap.severity.toUpperCase()} |
+`;
+        }
+        md += "\n";
+      }
+    }
+    md += "---\n\n";
+  }
+  if (options.output) {
+    writeFileSync4(options.output, md, "utf-8");
+    printSuccess(`Report saved to: ${options.output}`);
+  } else {
+    console.log(md);
+  }
+}
+async function generateCrosswalkReport(assetPath, options) {
+  printHeader();
+  if (!existsSync5(assetPath)) {
+    printError(`Asset card not found: ${assetPath}`);
+    process.exit(1);
+  }
+  let card;
+  try {
+    card = loadAssetCard6(assetPath);
+  } catch (error) {
+    printError(error instanceof Error ? error.message : String(error));
+    process.exit(1);
+  }
+  const profileIds = options.profiles || Object.keys(RISK_MAPPINGS4);
+  const classifications = [];
+  for (const profileId of profileIds) {
+    const mapping = RISK_MAPPINGS4[profileId];
+    if (!mapping) continue;
+    const mappedLevel = mapping[card.classification.riskLevel] || card.classification.riskLevel;
+    classifications.push({
+      profileId,
+      profileName: PROFILE_NAMES4[profileId] || profileId,
+      riskLevel: mappedLevel
+    });
+  }
+  const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+  if (options.format === "json") {
+    const output = JSON.stringify(
+      {
+        generated: now,
+        asset: { id: card.id, name: card.name },
+        aigrcRiskLevel: card.classification.riskLevel,
+        classifications,
+        controlCrosswalk: CONTROL_CROSSWALK
+      },
+      null,
+      2
+    );
+    if (options.output) {
+      writeFileSync4(options.output, output, "utf-8");
+      printSuccess(`Report saved to: ${options.output}`);
+    } else {
+      console.log(output);
+    }
+    return;
+  }
+  if (options.format === "yaml") {
+    const output = YAML5.stringify({
+      generated: now,
+      asset: { id: card.id, name: card.name },
+      aigrcRiskLevel: card.classification.riskLevel,
+      classifications,
+      controlCrosswalk: CONTROL_CROSSWALK
+    });
+    if (options.output) {
+      writeFileSync4(options.output, output, "utf-8");
+      printSuccess(`Report saved to: ${options.output}`);
+    } else {
+      console.log(output);
+    }
+    return;
+  }
+  let md = `# Cross-Framework Mapping Report
+
+**Generated:** ${now}
+**Asset:** ${card.name} (${card.id})
+**AIGRC Risk Level:** ${card.classification.riskLevel.toUpperCase()}
+
+---
+
+## Risk Level Mapping
+
+| Framework | Risk Level |
+|-----------|------------|
+`;
+  for (const c of classifications) {
+    md += `| ${c.profileName} | ${c.riskLevel.toUpperCase()} |
+`;
+  }
+  md += `
+---
+
+## Control Crosswalk
+
+| Category | EU AI Act | US OMB | NIST AI RMF | ISO 42001 |
+|----------|-----------|--------|-------------|-----------|
+`;
+  for (const [category, mappings] of Object.entries(CONTROL_CROSSWALK)) {
+    const eu = mappings["eu-ai-act"]?.join(", ") || "-";
+    const us = mappings["us-omb-m24"]?.join(", ") || "-";
+    const nist = mappings["nist-ai-rmf"]?.join(", ") || "-";
+    const iso = mappings["iso-42001"]?.join(", ") || "-";
+    md += `| ${category.replace(/_/g, " ")} | ${eu} | ${us} | ${nist} | ${iso} |
+`;
+  }
+  md += `
+---
+
+*This report shows how controls and risk levels map across different regulatory frameworks.*
+`;
+  if (options.output) {
+    writeFileSync4(options.output, md, "utf-8");
+    printSuccess(`Report saved to: ${options.output}`);
+  } else {
+    console.log(md);
+  }
+}
+async function generateAuditPackage(options) {
+  printHeader();
+  printSubheader("Generating Audit Package");
+  const spinner = ora8("Collecting assets...").start();
+  let cardPaths = [];
+  if (options.includeAssets && options.includeAssets.length > 0) {
+    cardPaths = options.includeAssets;
+  } else {
+    const cardsDir = join5(process.cwd(), ".aigrc/cards");
+    if (existsSync5(cardsDir)) {
+      cardPaths = readdirSync(cardsDir).filter((f) => f.endsWith(".yaml") || f.endsWith(".yml")).map((f) => join5(cardsDir, f));
+    }
+  }
+  if (cardPaths.length === 0) {
+    spinner.fail("No asset cards found");
+    process.exit(1);
+  }
+  const cards = [];
+  for (const path6 of cardPaths) {
+    try {
+      cards.push(loadAssetCard6(path6));
+    } catch {
+    }
+  }
+  spinner.succeed(`Found ${cards.length} asset(s)`);
+  const now = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+  const outputDir = options.output || join5(process.cwd(), `.aigrc/audit-${now}`);
+  mkdirSync2(outputDir, { recursive: true });
+  const profileId = options.profile || "eu-ai-act";
+  const profileName = PROFILE_NAMES4[profileId] || profileId;
+  const summary = `# Audit Package: ${profileName}
+
+**Generated:** ${now}
+**Profile:** ${profileName}
+**Total Assets:** ${cards.length}
+
+## Executive Summary
+
+This audit package contains compliance documentation for ${cards.length} AI asset(s) under the ${profileName} framework.
+
+## Assets Included
+
+| Asset Name | Risk Level | Governance Status |
+|------------|------------|-------------------|
+${cards.map((c) => `| ${c.name} | ${c.classification.riskLevel} | ${c.governance.status} |`).join("\n")}
+
+## Next Steps
+
+1. Review individual asset cards
+2. Complete gap analysis
+3. Generate required artifacts
+4. Obtain necessary approvals
+`;
+  writeFileSync4(join5(outputDir, "README.md"), summary, "utf-8");
+  const assetsDir = join5(outputDir, "assets");
+  mkdirSync2(assetsDir, { recursive: true });
+  for (const card of cards) {
+    const filename = `${card.id}.yaml`;
+    writeFileSync4(join5(assetsDir, filename), YAML5.stringify(card, { indent: 2 }), "utf-8");
+  }
+  const inventory = {
+    generated: now,
+    profile: profileId,
+    totalAssets: cards.length,
+    byRiskLevel: {
+      minimal: cards.filter((c) => c.classification.riskLevel === "minimal").length,
+      limited: cards.filter((c) => c.classification.riskLevel === "limited").length,
+      high: cards.filter((c) => c.classification.riskLevel === "high").length,
+      unacceptable: cards.filter((c) => c.classification.riskLevel === "unacceptable").length
+    },
+    byStatus: {
+      draft: cards.filter((c) => c.governance.status === "draft").length,
+      approved: cards.filter((c) => c.governance.status === "approved").length,
+      production: cards.filter((c) => c.governance.status === "production").length
+    },
+    assets: cards.map((c) => ({
+      id: c.id,
+      name: c.name,
+      riskLevel: c.classification.riskLevel,
+      status: c.governance.status
+    }))
+  };
+  writeFileSync4(join5(outputDir, "inventory.yaml"), YAML5.stringify(inventory, { indent: 2 }), "utf-8");
+  console.log();
+  printSuccess(`Audit package created: ${outputDir}`);
+  printInfo(`  - README.md (Executive Summary)`);
+  printInfo(`  - inventory.yaml (Asset Inventory)`);
+  printInfo(`  - assets/ (${cards.length} asset cards)`);
+}
+function loadActiveProfiles5() {
+  const configPath = join5(process.cwd(), ".aigrc.yaml");
+  if (!existsSync5(configPath)) {
+    return ["eu-ai-act"];
+  }
+  try {
+    const content = readFileSync5(configPath, "utf-8");
+    const config = YAML5.parse(content);
+    return config?.profiles || ["eu-ai-act"];
+  } catch {
+    return ["eu-ai-act"];
+  }
+}
+
+// src/bin/aigrc.ts
+program.name("aigrc").description("AI Governance, Risk, Compliance - CLI Tool").version("0.1.0");
+program.addCommand(scanCommand);
+program.addCommand(initCommand);
+program.addCommand(registerCommand);
+program.addCommand(validateCommand);
+program.addCommand(statusCommand);
+program.addCommand(complianceCommand);
+program.addCommand(classifyCommand);
+program.addCommand(checkCommand);
+program.addCommand(generateCommand);
+program.addCommand(reportCommand);
+program.parse();
+//# sourceMappingURL=aigrc.js.map