@aigrc/core 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/dist/air/index.d.mts +1669 -0
  2. package/dist/air/index.d.ts +1669 -0
  3. package/dist/air/index.js +450 -0
  4. package/dist/air/index.js.map +1 -0
  5. package/dist/air/index.mjs +410 -0
  6. package/dist/air/index.mjs.map +1 -0
  7. package/dist/governance-lock/index.d.mts +903 -0
  8. package/dist/governance-lock/index.d.ts +903 -0
  9. package/dist/governance-lock/index.js +444 -0
  10. package/dist/governance-lock/index.js.map +1 -0
  11. package/dist/governance-lock/index.mjs +389 -0
  12. package/dist/governance-lock/index.mjs.map +1 -0
  13. package/dist/index.d.mts +467 -4
  14. package/dist/index.d.ts +467 -4
  15. package/dist/index.js +2213 -3
  16. package/dist/index.js.map +1 -1
  17. package/dist/index.mjs +2114 -2
  18. package/dist/index.mjs.map +1 -1
  19. package/dist/schemas/index.d.mts +1950 -29
  20. package/dist/schemas/index.d.ts +1950 -29
  21. package/dist/schemas/index.js +354 -1
  22. package/dist/schemas/index.js.map +1 -1
  23. package/dist/schemas/index.mjs +332 -1
  24. package/dist/schemas/index.mjs.map +1 -1
  25. package/package.json +11 -1
package/dist/air/index.d.mts ADDED
@@ -0,0 +1,1669 @@
1
+ import { z } from 'zod';
2
+
3
+ /**
4
+ * AIGRC Intermediate Representation (AIR)
5
+ *
6
+ * The AIR is a JSON/YAML schema that represents compiled policy constraints
7
+ * in a format consumable by enforcement endpoints. It is the output of the
8
+ * Policy Compiler and the input to the Supply Chain Firewall.
9
+ *
10
+ * @see I2E_Engine_Specification_v1.md Section 4.2.2
11
+ * @module @aigrc/core/air
12
+ */
13
+
14
+ declare const AIRVendorSchema: z.ZodObject<{
15
+ /** Vendor identifier (e.g., "openai", "anthropic", "google") */
16
+ id: z.ZodString;
17
+ /** Human-readable vendor name */
18
+ name: z.ZodOptional<z.ZodString>;
19
+ /** Status of this vendor */
20
+ status: z.ZodDefault<z.ZodEnum<["approved", "pending", "blocked"]>>;
21
+ /** Optional approval ticket ID (Golden Thread) */
22
+ approval_ticket: z.ZodOptional<z.ZodString>;
23
+ /** When approval was granted */
24
+ approved_at: z.ZodOptional<z.ZodString>;
25
+ /** Who approved this vendor */
26
+ approved_by: z.ZodOptional<z.ZodString>;
27
+ /** Expiration date for approval */
28
+ expires_at: z.ZodOptional<z.ZodString>;
29
+ /** Vendor-specific notes */
30
+ notes: z.ZodOptional<z.ZodString>;
31
+ }, "strip", z.ZodTypeAny, {
32
+ status: "pending" | "approved" | "blocked";
33
+ id: string;
34
+ name?: string | undefined;
35
+ notes?: string | undefined;
36
+ approved_by?: string | undefined;
37
+ approved_at?: string | undefined;
38
+ approval_ticket?: string | undefined;
39
+ expires_at?: string | undefined;
40
+ }, {
41
+ id: string;
42
+ name?: string | undefined;
43
+ status?: "pending" | "approved" | "blocked" | undefined;
44
+ notes?: string | undefined;
45
+ approved_by?: string | undefined;
46
+ approved_at?: string | undefined;
47
+ approval_ticket?: string | undefined;
48
+ expires_at?: string | undefined;
49
+ }>;
50
+ type AIRVendor = z.infer<typeof AIRVendorSchema>;
51
+ declare const AIRModelSchema: z.ZodObject<{
52
+ /** Model identifier (e.g., "gpt-4", "claude-3-opus") */
53
+ id: z.ZodString;
54
+ /** Vendor that provides this model */
55
+ vendor_id: z.ZodString;
56
+ /** Human-readable model name */
57
+ name: z.ZodOptional<z.ZodString>;
58
+ /** Model version pattern (supports wildcards like "gpt-4*") */
59
+ version_pattern: z.ZodOptional<z.ZodString>;
60
+ /** Status of this model */
61
+ status: z.ZodDefault<z.ZodEnum<["approved", "pending", "blocked"]>>;
62
+ /** Maximum allowed parameters (for on-premise deployment considerations) */
63
+ max_parameters: z.ZodOptional<z.ZodNumber>;
64
+ /** Risk level assigned to this model */
65
+ risk_level: z.ZodOptional<z.ZodEnum<["minimal", "limited", "high", "unacceptable"]>>;
66
+ /** Optional approval ticket ID */
67
+ approval_ticket: z.ZodOptional<z.ZodString>;
68
+ /** When approval was granted */
69
+ approved_at: z.ZodOptional<z.ZodString>;
70
+ /** Expiration date for approval */
71
+ expires_at: z.ZodOptional<z.ZodString>;
72
+ /** Model-specific notes */
73
+ notes: z.ZodOptional<z.ZodString>;
74
+ }, "strip", z.ZodTypeAny, {
75
+ status: "pending" | "approved" | "blocked";
76
+ id: string;
77
+ vendor_id: string;
78
+ name?: string | undefined;
79
+ notes?: string | undefined;
80
+ approved_at?: string | undefined;
81
+ risk_level?: "minimal" | "limited" | "high" | "unacceptable" | undefined;
82
+ approval_ticket?: string | undefined;
83
+ expires_at?: string | undefined;
84
+ version_pattern?: string | undefined;
85
+ max_parameters?: number | undefined;
86
+ }, {
87
+ id: string;
88
+ vendor_id: string;
89
+ name?: string | undefined;
90
+ status?: "pending" | "approved" | "blocked" | undefined;
91
+ notes?: string | undefined;
92
+ approved_at?: string | undefined;
93
+ risk_level?: "minimal" | "limited" | "high" | "unacceptable" | undefined;
94
+ approval_ticket?: string | undefined;
95
+ expires_at?: string | undefined;
96
+ version_pattern?: string | undefined;
97
+ max_parameters?: number | undefined;
98
+ }>;
99
+ type AIRModel = z.infer<typeof AIRModelSchema>;
100
+ declare const AIRRegionSchema: z.ZodObject<{
101
+ /** Region code (e.g., "us-east-1", "eu-west-1", "EU", "US") */
102
+ code: z.ZodString;
103
+ /** Human-readable region name */
104
+ name: z.ZodOptional<z.ZodString>;
105
+ /** Status of this region */
106
+ status: z.ZodDefault<z.ZodEnum<["allowed", "restricted", "blocked"]>>;
107
+ /** Jurisdictions this region falls under (e.g., ["GDPR", "EU-AI-ACT"]) */
108
+ jurisdictions: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
109
+ /** Data residency requirements */
110
+ data_residency: z.ZodDefault<z.ZodEnum<["required", "preferred", "none"]>>;
111
+ /** Notes about this region */
112
+ notes: z.ZodOptional<z.ZodString>;
113
+ }, "strip", z.ZodTypeAny, {
114
+ code: string;
115
+ status: "blocked" | "allowed" | "restricted";
116
+ jurisdictions: string[];
117
+ data_residency: "required" | "preferred" | "none";
118
+ name?: string | undefined;
119
+ notes?: string | undefined;
120
+ }, {
121
+ code: string;
122
+ name?: string | undefined;
123
+ status?: "blocked" | "allowed" | "restricted" | undefined;
124
+ notes?: string | undefined;
125
+ jurisdictions?: string[] | undefined;
126
+ data_residency?: "required" | "preferred" | "none" | undefined;
127
+ }>;
128
+ type AIRRegion = z.infer<typeof AIRRegionSchema>;
129
+ declare const AIRRegistryConstraintsSchema: z.ZodObject<{
130
+ /** List of approved vendors */
131
+ allowed_vendors: z.ZodDefault<z.ZodArray<z.ZodObject<{
132
+ /** Vendor identifier (e.g., "openai", "anthropic", "google") */
133
+ id: z.ZodString;
134
+ /** Human-readable vendor name */
135
+ name: z.ZodOptional<z.ZodString>;
136
+ /** Status of this vendor */
137
+ status: z.ZodDefault<z.ZodEnum<["approved", "pending", "blocked"]>>;
138
+ /** Optional approval ticket ID (Golden Thread) */
139
+ approval_ticket: z.ZodOptional<z.ZodString>;
140
+ /** When approval was granted */
141
+ approved_at: z.ZodOptional<z.ZodString>;
142
+ /** Who approved this vendor */
143
+ approved_by: z.ZodOptional<z.ZodString>;
144
+ /** Expiration date for approval */
145
+ expires_at: z.ZodOptional<z.ZodString>;
146
+ /** Vendor-specific notes */
147
+ notes: z.ZodOptional<z.ZodString>;
148
+ }, "strip", z.ZodTypeAny, {
149
+ status: "pending" | "approved" | "blocked";
150
+ id: string;
151
+ name?: string | undefined;
152
+ notes?: string | undefined;
153
+ approved_by?: string | undefined;
154
+ approved_at?: string | undefined;
155
+ approval_ticket?: string | undefined;
156
+ expires_at?: string | undefined;
157
+ }, {
158
+ id: string;
159
+ name?: string | undefined;
160
+ status?: "pending" | "approved" | "blocked" | undefined;
161
+ notes?: string | undefined;
162
+ approved_by?: string | undefined;
163
+ approved_at?: string | undefined;
164
+ approval_ticket?: string | undefined;
165
+ expires_at?: string | undefined;
166
+ }>, "many">>;
167
+ /** List of blocked vendors */
168
+ blocked_vendors: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
169
+ /** List of approved regions */
170
+ allowed_regions: z.ZodDefault<z.ZodArray<z.ZodObject<{
171
+ /** Region code (e.g., "us-east-1", "eu-west-1", "EU", "US") */
172
+ code: z.ZodString;
173
+ /** Human-readable region name */
174
+ name: z.ZodOptional<z.ZodString>;
175
+ /** Status of this region */
176
+ status: z.ZodDefault<z.ZodEnum<["allowed", "restricted", "blocked"]>>;
177
+ /** Jurisdictions this region falls under (e.g., ["GDPR", "EU-AI-ACT"]) */
178
+ jurisdictions: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
179
+ /** Data residency requirements */
180
+ data_residency: z.ZodDefault<z.ZodEnum<["required", "preferred", "none"]>>;
181
+ /** Notes about this region */
182
+ notes: z.ZodOptional<z.ZodString>;
183
+ }, "strip", z.ZodTypeAny, {
184
+ code: string;
185
+ status: "blocked" | "allowed" | "restricted";
186
+ jurisdictions: string[];
187
+ data_residency: "required" | "preferred" | "none";
188
+ name?: string | undefined;
189
+ notes?: string | undefined;
190
+ }, {
191
+ code: string;
192
+ name?: string | undefined;
193
+ status?: "blocked" | "allowed" | "restricted" | undefined;
194
+ notes?: string | undefined;
195
+ jurisdictions?: string[] | undefined;
196
+ data_residency?: "required" | "preferred" | "none" | undefined;
197
+ }>, "many">>;
198
+ /** List of blocked regions */
199
+ blocked_regions: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
200
+ /** List of approved models */
201
+ allowed_models: z.ZodDefault<z.ZodArray<z.ZodObject<{
202
+ /** Model identifier (e.g., "gpt-4", "claude-3-opus") */
203
+ id: z.ZodString;
204
+ /** Vendor that provides this model */
205
+ vendor_id: z.ZodString;
206
+ /** Human-readable model name */
207
+ name: z.ZodOptional<z.ZodString>;
208
+ /** Model version pattern (supports wildcards like "gpt-4*") */
209
+ version_pattern: z.ZodOptional<z.ZodString>;
210
+ /** Status of this model */
211
+ status: z.ZodDefault<z.ZodEnum<["approved", "pending", "blocked"]>>;
212
+ /** Maximum allowed parameters (for on-premise deployment considerations) */
213
+ max_parameters: z.ZodOptional<z.ZodNumber>;
214
+ /** Risk level assigned to this model */
215
+ risk_level: z.ZodOptional<z.ZodEnum<["minimal", "limited", "high", "unacceptable"]>>;
216
+ /** Optional approval ticket ID */
217
+ approval_ticket: z.ZodOptional<z.ZodString>;
218
+ /** When approval was granted */
219
+ approved_at: z.ZodOptional<z.ZodString>;
220
+ /** Expiration date for approval */
221
+ expires_at: z.ZodOptional<z.ZodString>;
222
+ /** Model-specific notes */
223
+ notes: z.ZodOptional<z.ZodString>;
224
+ }, "strip", z.ZodTypeAny, {
225
+ status: "pending" | "approved" | "blocked";
226
+ id: string;
227
+ vendor_id: string;
228
+ name?: string | undefined;
229
+ notes?: string | undefined;
230
+ approved_at?: string | undefined;
231
+ risk_level?: "minimal" | "limited" | "high" | "unacceptable" | undefined;
232
+ approval_ticket?: string | undefined;
233
+ expires_at?: string | undefined;
234
+ version_pattern?: string | undefined;
235
+ max_parameters?: number | undefined;
236
+ }, {
237
+ id: string;
238
+ vendor_id: string;
239
+ name?: string | undefined;
240
+ status?: "pending" | "approved" | "blocked" | undefined;
241
+ notes?: string | undefined;
242
+ approved_at?: string | undefined;
243
+ risk_level?: "minimal" | "limited" | "high" | "unacceptable" | undefined;
244
+ approval_ticket?: string | undefined;
245
+ expires_at?: string | undefined;
246
+ version_pattern?: string | undefined;
247
+ max_parameters?: number | undefined;
248
+ }>, "many">>;
249
+ /** List of blocked models (patterns supported) */
250
+ blocked_models: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
251
+ /** Maximum model parameters allowed */
252
+ max_model_parameters: z.ZodOptional<z.ZodNumber>;
253
+ /** Require vendor approval before use */
254
+ require_vendor_approval: z.ZodDefault<z.ZodBoolean>;
255
+ /** Require model approval before use */
256
+ require_model_approval: z.ZodDefault<z.ZodBoolean>;
257
+ /** Default behavior for unknown vendors: "block" or "request_approval" */
258
+ unknown_vendor_behavior: z.ZodDefault<z.ZodEnum<["block", "request_approval"]>>;
259
+ /** Default behavior for unknown models */
260
+ unknown_model_behavior: z.ZodDefault<z.ZodEnum<["block", "request_approval"]>>;
261
+ }, "strip", z.ZodTypeAny, {
262
+ allowed_vendors: {
263
+ status: "pending" | "approved" | "blocked";
264
+ id: string;
265
+ name?: string | undefined;
266
+ notes?: string | undefined;
267
+ approved_by?: string | undefined;
268
+ approved_at?: string | undefined;
269
+ approval_ticket?: string | undefined;
270
+ expires_at?: string | undefined;
271
+ }[];
272
+ blocked_vendors: string[];
273
+ allowed_regions: {
274
+ code: string;
275
+ status: "blocked" | "allowed" | "restricted";
276
+ jurisdictions: string[];
277
+ data_residency: "required" | "preferred" | "none";
278
+ name?: string | undefined;
279
+ notes?: string | undefined;
280
+ }[];
281
+ blocked_regions: string[];
282
+ allowed_models: {
283
+ status: "pending" | "approved" | "blocked";
284
+ id: string;
285
+ vendor_id: string;
286
+ name?: string | undefined;
287
+ notes?: string | undefined;
288
+ approved_at?: string | undefined;
289
+ risk_level?: "minimal" | "limited" | "high" | "unacceptable" | undefined;
290
+ approval_ticket?: string | undefined;
291
+ expires_at?: string | undefined;
292
+ version_pattern?: string | undefined;
293
+ max_parameters?: number | undefined;
294
+ }[];
295
+ blocked_models: string[];
296
+ require_vendor_approval: boolean;
297
+ require_model_approval: boolean;
298
+ unknown_vendor_behavior: "block" | "request_approval";
299
+ unknown_model_behavior: "block" | "request_approval";
300
+ max_model_parameters?: number | undefined;
301
+ }, {
302
+ allowed_vendors?: {
303
+ id: string;
304
+ name?: string | undefined;
305
+ status?: "pending" | "approved" | "blocked" | undefined;
306
+ notes?: string | undefined;
307
+ approved_by?: string | undefined;
308
+ approved_at?: string | undefined;
309
+ approval_ticket?: string | undefined;
310
+ expires_at?: string | undefined;
311
+ }[] | undefined;
312
+ blocked_vendors?: string[] | undefined;
313
+ allowed_regions?: {
314
+ code: string;
315
+ name?: string | undefined;
316
+ status?: "blocked" | "allowed" | "restricted" | undefined;
317
+ notes?: string | undefined;
318
+ jurisdictions?: string[] | undefined;
319
+ data_residency?: "required" | "preferred" | "none" | undefined;
320
+ }[] | undefined;
321
+ blocked_regions?: string[] | undefined;
322
+ allowed_models?: {
323
+ id: string;
324
+ vendor_id: string;
325
+ name?: string | undefined;
326
+ status?: "pending" | "approved" | "blocked" | undefined;
327
+ notes?: string | undefined;
328
+ approved_at?: string | undefined;
329
+ risk_level?: "minimal" | "limited" | "high" | "unacceptable" | undefined;
330
+ approval_ticket?: string | undefined;
331
+ expires_at?: string | undefined;
332
+ version_pattern?: string | undefined;
333
+ max_parameters?: number | undefined;
334
+ }[] | undefined;
335
+ blocked_models?: string[] | undefined;
336
+ max_model_parameters?: number | undefined;
337
+ require_vendor_approval?: boolean | undefined;
338
+ require_model_approval?: boolean | undefined;
339
+ unknown_vendor_behavior?: "block" | "request_approval" | undefined;
340
+ unknown_model_behavior?: "block" | "request_approval" | undefined;
341
+ }>;
342
+ type AIRRegistryConstraints = z.infer<typeof AIRRegistryConstraintsSchema>;
343
+ declare const AIRPIIFilterConfigSchema: z.ZodObject<{
344
+ /** Whether PII filtering is enabled */
345
+ enabled: z.ZodDefault<z.ZodBoolean>;
346
+ /** PII types to filter (e.g., ["email", "phone", "ssn", "credit_card"]) */
347
+ filter_types: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
348
+ /** Action when PII is detected: "redact", "block", "warn", "audit" */
349
+ action: z.ZodDefault<z.ZodEnum<["redact", "block", "warn", "audit"]>>;
350
+ /** Custom patterns to detect (regex) */
351
+ custom_patterns: z.ZodDefault<z.ZodArray<z.ZodObject<{
352
+ name: z.ZodString;
353
+ pattern: z.ZodString;
354
+ action: z.ZodOptional<z.ZodEnum<["redact", "block", "warn", "audit"]>>;
355
+ }, "strip", z.ZodTypeAny, {
356
+ name: string;
357
+ pattern: string;
358
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
359
+ }, {
360
+ name: string;
361
+ pattern: string;
362
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
363
+ }>, "many">>;
364
+ }, "strip", z.ZodTypeAny, {
365
+ enabled: boolean;
366
+ filter_types: string[];
367
+ action: "audit" | "block" | "redact" | "warn";
368
+ custom_patterns: {
369
+ name: string;
370
+ pattern: string;
371
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
372
+ }[];
373
+ }, {
374
+ enabled?: boolean | undefined;
375
+ filter_types?: string[] | undefined;
376
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
377
+ custom_patterns?: {
378
+ name: string;
379
+ pattern: string;
380
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
381
+ }[] | undefined;
382
+ }>;
383
+ type AIRPIIFilterConfig = z.infer<typeof AIRPIIFilterConfigSchema>;
384
+ declare const AIRToxicityFilterConfigSchema: z.ZodObject<{
385
+ /** Whether toxicity filtering is enabled */
386
+ enabled: z.ZodDefault<z.ZodBoolean>;
387
+ /** Toxicity threshold (0-1) */
388
+ threshold: z.ZodDefault<z.ZodNumber>;
389
+ /** Categories to filter (e.g., ["hate", "violence", "sexual"]) */
390
+ categories: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
391
+ /** Action when toxicity is detected */
392
+ action: z.ZodDefault<z.ZodEnum<["block", "warn", "audit"]>>;
393
+ }, "strip", z.ZodTypeAny, {
394
+ enabled: boolean;
395
+ action: "audit" | "block" | "warn";
396
+ threshold: number;
397
+ categories: string[];
398
+ }, {
399
+ enabled?: boolean | undefined;
400
+ action?: "audit" | "block" | "warn" | undefined;
401
+ threshold?: number | undefined;
402
+ categories?: string[] | undefined;
403
+ }>;
404
+ type AIRToxicityFilterConfig = z.infer<typeof AIRToxicityFilterConfigSchema>;
405
+ declare const AIRRuntimeConstraintsSchema: z.ZodObject<{
406
+ /** PII filtering configuration */
407
+ pii_filter: z.ZodOptional<z.ZodObject<{
408
+ /** Whether PII filtering is enabled */
409
+ enabled: z.ZodDefault<z.ZodBoolean>;
410
+ /** PII types to filter (e.g., ["email", "phone", "ssn", "credit_card"]) */
411
+ filter_types: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
412
+ /** Action when PII is detected: "redact", "block", "warn", "audit" */
413
+ action: z.ZodDefault<z.ZodEnum<["redact", "block", "warn", "audit"]>>;
414
+ /** Custom patterns to detect (regex) */
415
+ custom_patterns: z.ZodDefault<z.ZodArray<z.ZodObject<{
416
+ name: z.ZodString;
417
+ pattern: z.ZodString;
418
+ action: z.ZodOptional<z.ZodEnum<["redact", "block", "warn", "audit"]>>;
419
+ }, "strip", z.ZodTypeAny, {
420
+ name: string;
421
+ pattern: string;
422
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
423
+ }, {
424
+ name: string;
425
+ pattern: string;
426
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
427
+ }>, "many">>;
428
+ }, "strip", z.ZodTypeAny, {
429
+ enabled: boolean;
430
+ filter_types: string[];
431
+ action: "audit" | "block" | "redact" | "warn";
432
+ custom_patterns: {
433
+ name: string;
434
+ pattern: string;
435
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
436
+ }[];
437
+ }, {
438
+ enabled?: boolean | undefined;
439
+ filter_types?: string[] | undefined;
440
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
441
+ custom_patterns?: {
442
+ name: string;
443
+ pattern: string;
444
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
445
+ }[] | undefined;
446
+ }>>;
447
+ /** Toxicity filtering configuration */
448
+ toxicity_filter: z.ZodOptional<z.ZodObject<{
449
+ /** Whether toxicity filtering is enabled */
450
+ enabled: z.ZodDefault<z.ZodBoolean>;
451
+ /** Toxicity threshold (0-1) */
452
+ threshold: z.ZodDefault<z.ZodNumber>;
453
+ /** Categories to filter (e.g., ["hate", "violence", "sexual"]) */
454
+ categories: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
455
+ /** Action when toxicity is detected */
456
+ action: z.ZodDefault<z.ZodEnum<["block", "warn", "audit"]>>;
457
+ }, "strip", z.ZodTypeAny, {
458
+ enabled: boolean;
459
+ action: "audit" | "block" | "warn";
460
+ threshold: number;
461
+ categories: string[];
462
+ }, {
463
+ enabled?: boolean | undefined;
464
+ action?: "audit" | "block" | "warn" | undefined;
465
+ threshold?: number | undefined;
466
+ categories?: string[] | undefined;
467
+ }>>;
468
+ /** Data retention period in days (0 = no retention) */
469
+ data_retention_days: z.ZodDefault<z.ZodNumber>;
470
+ /** Whether to enable output watermarking */
471
+ watermark_enabled: z.ZodDefault<z.ZodBoolean>;
472
+ /** Logging level: "none", "errors", "all" */
473
+ logging_level: z.ZodDefault<z.ZodEnum<["none", "errors", "all"]>>;
474
+ /** Maximum tokens per request */
475
+ max_tokens_per_request: z.ZodOptional<z.ZodNumber>;
476
+ /** Maximum requests per minute */
477
+ max_requests_per_minute: z.ZodOptional<z.ZodNumber>;
478
+ /** Maximum cost per request in USD */
479
+ max_cost_per_request_usd: z.ZodOptional<z.ZodNumber>;
480
+ /** Maximum cost per day in USD */
481
+ max_cost_per_day_usd: z.ZodOptional<z.ZodNumber>;
482
+ /** Session timeout in seconds */
483
+ session_timeout_seconds: z.ZodOptional<z.ZodNumber>;
484
+ /** Require human approval for specific actions */
485
+ human_approval_required: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
486
+ /** Kill switch configuration */
487
+ kill_switch: z.ZodOptional<z.ZodObject<{
488
+ enabled: z.ZodDefault<z.ZodBoolean>;
489
+ channel: z.ZodDefault<z.ZodEnum<["sse", "polling", "file"]>>;
490
+ poll_interval_ms: z.ZodDefault<z.ZodNumber>;
491
+ }, "strip", z.ZodTypeAny, {
492
+ enabled: boolean;
493
+ channel: "sse" | "polling" | "file";
494
+ poll_interval_ms: number;
495
+ }, {
496
+ enabled?: boolean | undefined;
497
+ channel?: "sse" | "polling" | "file" | undefined;
498
+ poll_interval_ms?: number | undefined;
499
+ }>>;
500
+ /** Grounding check configuration (prevent hallucination) */
501
+ grounding_check: z.ZodOptional<z.ZodObject<{
502
+ enabled: z.ZodDefault<z.ZodBoolean>;
503
+ confidence_threshold: z.ZodDefault<z.ZodNumber>;
504
+ action: z.ZodDefault<z.ZodEnum<["block", "warn", "audit"]>>;
505
+ }, "strip", z.ZodTypeAny, {
506
+ enabled: boolean;
507
+ action: "audit" | "block" | "warn";
508
+ confidence_threshold: number;
509
+ }, {
510
+ enabled?: boolean | undefined;
511
+ action?: "audit" | "block" | "warn" | undefined;
512
+ confidence_threshold?: number | undefined;
513
+ }>>;
514
+ }, "strip", z.ZodTypeAny, {
515
+ data_retention_days: number;
516
+ watermark_enabled: boolean;
517
+ logging_level: "errors" | "none" | "all";
518
+ human_approval_required: string[];
519
+ kill_switch?: {
520
+ enabled: boolean;
521
+ channel: "sse" | "polling" | "file";
522
+ poll_interval_ms: number;
523
+ } | undefined;
524
+ pii_filter?: {
525
+ enabled: boolean;
526
+ filter_types: string[];
527
+ action: "audit" | "block" | "redact" | "warn";
528
+ custom_patterns: {
529
+ name: string;
530
+ pattern: string;
531
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
532
+ }[];
533
+ } | undefined;
534
+ toxicity_filter?: {
535
+ enabled: boolean;
536
+ action: "audit" | "block" | "warn";
537
+ threshold: number;
538
+ categories: string[];
539
+ } | undefined;
540
+ max_tokens_per_request?: number | undefined;
541
+ max_requests_per_minute?: number | undefined;
542
+ max_cost_per_request_usd?: number | undefined;
543
+ max_cost_per_day_usd?: number | undefined;
544
+ session_timeout_seconds?: number | undefined;
545
+ grounding_check?: {
546
+ enabled: boolean;
547
+ action: "audit" | "block" | "warn";
548
+ confidence_threshold: number;
549
+ } | undefined;
550
+ }, {
551
+ kill_switch?: {
552
+ enabled?: boolean | undefined;
553
+ channel?: "sse" | "polling" | "file" | undefined;
554
+ poll_interval_ms?: number | undefined;
555
+ } | undefined;
556
+ pii_filter?: {
557
+ enabled?: boolean | undefined;
558
+ filter_types?: string[] | undefined;
559
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
560
+ custom_patterns?: {
561
+ name: string;
562
+ pattern: string;
563
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
564
+ }[] | undefined;
565
+ } | undefined;
566
+ toxicity_filter?: {
567
+ enabled?: boolean | undefined;
568
+ action?: "audit" | "block" | "warn" | undefined;
569
+ threshold?: number | undefined;
570
+ categories?: string[] | undefined;
571
+ } | undefined;
572
+ data_retention_days?: number | undefined;
573
+ watermark_enabled?: boolean | undefined;
574
+ logging_level?: "errors" | "none" | "all" | undefined;
575
+ max_tokens_per_request?: number | undefined;
576
+ max_requests_per_minute?: number | undefined;
577
+ max_cost_per_request_usd?: number | undefined;
578
+ max_cost_per_day_usd?: number | undefined;
579
+ session_timeout_seconds?: number | undefined;
580
+ human_approval_required?: string[] | undefined;
581
+ grounding_check?: {
582
+ enabled?: boolean | undefined;
583
+ action?: "audit" | "block" | "warn" | undefined;
584
+ confidence_threshold?: number | undefined;
585
+ } | undefined;
586
+ }>;
587
+ type AIRRuntimeConstraints = z.infer<typeof AIRRuntimeConstraintsSchema>;
588
+ declare const AIRBuildConstraintsSchema: z.ZodObject<{
589
+ /** Require Golden Thread linkage (business justification) */
590
+ require_golden_thread: z.ZodDefault<z.ZodBoolean>;
591
+ /** Require asset card for all AI assets */
592
+ require_asset_card: z.ZodDefault<z.ZodBoolean>;
593
+ /** Require risk classification */
594
+ require_risk_classification: z.ZodDefault<z.ZodBoolean>;
595
+ /** Require model card documentation */
596
+ require_model_card: z.ZodDefault<z.ZodBoolean>;
597
+ /** Require security review for high-risk assets */
598
+ require_security_review: z.ZodDefault<z.ZodBoolean>;
599
+ /** Minimum risk levels that require security review */
600
+ security_review_risk_levels: z.ZodDefault<z.ZodArray<z.ZodEnum<["high", "unacceptable"]>, "many">>;
601
+ /** Require governance.lock file */
602
+ require_governance_lock: z.ZodDefault<z.ZodBoolean>;
603
+ /** governance.lock must be signed */
604
+ require_lock_signature: z.ZodDefault<z.ZodBoolean>;
605
+ /** Block merge on validation failure */
606
+ block_on_failure: z.ZodDefault<z.ZodBoolean>;
607
+ /** Generate SARIF report for GitHub Security tab */
608
+ generate_sarif: z.ZodDefault<z.ZodBoolean>;
609
+ /** Required approvals before deployment */
610
+ required_approvals: z.ZodDefault<z.ZodArray<z.ZodObject<{
611
+ role: z.ZodString;
612
+ count: z.ZodDefault<z.ZodNumber>;
613
+ }, "strip", z.ZodTypeAny, {
614
+ role: string;
615
+ count: number;
616
+ }, {
617
+ role: string;
618
+ count?: number | undefined;
619
+ }>, "many">>;
620
+ /** Allowed deployment environments */
621
+ allowed_environments: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
622
+ /** Environment-specific constraints */
623
+ environment_constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
624
+ require_approval: z.ZodDefault<z.ZodBoolean>;
625
+ approvers: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
626
+ require_testing: z.ZodDefault<z.ZodBoolean>;
627
+ test_coverage_threshold: z.ZodOptional<z.ZodNumber>;
628
+ }, "strip", z.ZodTypeAny, {
629
+ require_approval: boolean;
630
+ approvers: string[];
631
+ require_testing: boolean;
632
+ test_coverage_threshold?: number | undefined;
633
+ }, {
634
+ require_approval?: boolean | undefined;
635
+ approvers?: string[] | undefined;
636
+ require_testing?: boolean | undefined;
637
+ test_coverage_threshold?: number | undefined;
638
+ }>>>;
639
+ }, "strip", z.ZodTypeAny, {
640
+ require_golden_thread: boolean;
641
+ require_asset_card: boolean;
642
+ require_risk_classification: boolean;
643
+ require_model_card: boolean;
644
+ require_security_review: boolean;
645
+ security_review_risk_levels: ("high" | "unacceptable")[];
646
+ require_governance_lock: boolean;
647
+ require_lock_signature: boolean;
648
+ block_on_failure: boolean;
649
+ generate_sarif: boolean;
650
+ required_approvals: {
651
+ role: string;
652
+ count: number;
653
+ }[];
654
+ allowed_environments: string[];
655
+ environment_constraints?: Record<string, {
656
+ require_approval: boolean;
657
+ approvers: string[];
658
+ require_testing: boolean;
659
+ test_coverage_threshold?: number | undefined;
660
+ }> | undefined;
661
+ }, {
662
+ require_golden_thread?: boolean | undefined;
663
+ require_asset_card?: boolean | undefined;
664
+ require_risk_classification?: boolean | undefined;
665
+ require_model_card?: boolean | undefined;
666
+ require_security_review?: boolean | undefined;
667
+ security_review_risk_levels?: ("high" | "unacceptable")[] | undefined;
668
+ require_governance_lock?: boolean | undefined;
669
+ require_lock_signature?: boolean | undefined;
670
+ block_on_failure?: boolean | undefined;
671
+ generate_sarif?: boolean | undefined;
672
+ required_approvals?: {
673
+ role: string;
674
+ count?: number | undefined;
675
+ }[] | undefined;
676
+ allowed_environments?: string[] | undefined;
677
+ environment_constraints?: Record<string, {
678
+ require_approval?: boolean | undefined;
679
+ approvers?: string[] | undefined;
680
+ require_testing?: boolean | undefined;
681
+ test_coverage_threshold?: number | undefined;
682
+ }> | undefined;
683
+ }>;
684
+ type AIRBuildConstraints = z.infer<typeof AIRBuildConstraintsSchema>;
685
+ declare const AIRPolicySourceSchema: z.ZodObject<{
686
+ /** Unique identifier for this source */
687
+ id: z.ZodString;
688
+ /** Type of source: "pdf", "url", "confluence", "jira", "manual" */
689
+ type: z.ZodEnum<["pdf", "url", "confluence", "jira", "manual"]>;
690
+ /** URI to the source document */
691
+ uri: z.ZodString;
692
+ /** SHA-256 hash of the source content */
693
+ content_hash: z.ZodString;
694
+ /** When the source was last fetched */
695
+ fetched_at: z.ZodString;
696
+ /** Title of the policy document */
697
+ title: z.ZodOptional<z.ZodString>;
698
+ /** Version of the policy document */
699
+ version: z.ZodOptional<z.ZodString>;
700
+ /** Confidence score of extraction (0-1) */
701
+ extraction_confidence: z.ZodOptional<z.ZodNumber>;
702
+ }, "strip", z.ZodTypeAny, {
703
+ type: "jira" | "url" | "pdf" | "confluence" | "manual";
704
+ id: string;
705
+ uri: string;
706
+ content_hash: string;
707
+ fetched_at: string;
708
+ version?: string | undefined;
709
+ title?: string | undefined;
710
+ extraction_confidence?: number | undefined;
711
+ }, {
712
+ type: "jira" | "url" | "pdf" | "confluence" | "manual";
713
+ id: string;
714
+ uri: string;
715
+ content_hash: string;
716
+ fetched_at: string;
717
+ version?: string | undefined;
718
+ title?: string | undefined;
719
+ extraction_confidence?: number | undefined;
720
+ }>;
721
+ type AIRPolicySource = z.infer<typeof AIRPolicySourceSchema>;
722
+ declare const AIRMetadataSchema: z.ZodObject<{
723
+ /** When this AIR was generated */
724
+ generated_at: z.ZodString;
725
+ /** Tool/system that generated this AIR */
726
+ generated_by: z.ZodDefault<z.ZodString>;
727
+ /** Version of the policy compiler */
728
+ compiler_version: z.ZodString;
729
+ /** Organization this AIR belongs to */
730
+ organization: z.ZodOptional<z.ZodString>;
731
+ /** Environment this AIR is for (e.g., "production", "staging") */
732
+ environment: z.ZodOptional<z.ZodString>;
733
+ /** Human-readable description */
734
+ description: z.ZodOptional<z.ZodString>;
735
+ /** Tags for categorization */
736
+ tags: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
737
+ /** Custom metadata fields */
738
+ custom: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
739
+ }, "strip", z.ZodTypeAny, {
740
+ tags: string[];
741
+ generated_at: string;
742
+ generated_by: string;
743
+ compiler_version: string;
744
+ custom?: Record<string, unknown> | undefined;
745
+ organization?: string | undefined;
746
+ description?: string | undefined;
747
+ environment?: string | undefined;
748
+ }, {
749
+ generated_at: string;
750
+ compiler_version: string;
751
+ custom?: Record<string, unknown> | undefined;
752
+ organization?: string | undefined;
753
+ description?: string | undefined;
754
+ tags?: string[] | undefined;
755
+ generated_by?: string | undefined;
756
+ environment?: string | undefined;
757
+ }>;
758
+ type AIRMetadata = z.infer<typeof AIRMetadataSchema>;
759
+ declare const AIRSchema: z.ZodObject<{
760
+ /** Schema version for forward compatibility */
761
+ version: z.ZodLiteral<"1.0">;
762
+ /** Unique identifier for this AIR */
763
+ id: z.ZodString;
764
+ /** Human-readable name */
765
+ name: z.ZodString;
766
+ /** SHA-256 hash of this AIR (computed after serialization) */
767
+ hash: z.ZodOptional<z.ZodString>;
768
+ /** Policy sources that contributed to this AIR */
769
+ policy_sources: z.ZodDefault<z.ZodArray<z.ZodObject<{
770
+ /** Unique identifier for this source */
771
+ id: z.ZodString;
772
+ /** Type of source: "pdf", "url", "confluence", "jira", "manual" */
773
+ type: z.ZodEnum<["pdf", "url", "confluence", "jira", "manual"]>;
774
+ /** URI to the source document */
775
+ uri: z.ZodString;
776
+ /** SHA-256 hash of the source content */
777
+ content_hash: z.ZodString;
778
+ /** When the source was last fetched */
779
+ fetched_at: z.ZodString;
780
+ /** Title of the policy document */
781
+ title: z.ZodOptional<z.ZodString>;
782
+ /** Version of the policy document */
783
+ version: z.ZodOptional<z.ZodString>;
784
+ /** Confidence score of extraction (0-1) */
785
+ extraction_confidence: z.ZodOptional<z.ZodNumber>;
786
+ }, "strip", z.ZodTypeAny, {
787
+ type: "jira" | "url" | "pdf" | "confluence" | "manual";
788
+ id: string;
789
+ uri: string;
790
+ content_hash: string;
791
+ fetched_at: string;
792
+ version?: string | undefined;
793
+ title?: string | undefined;
794
+ extraction_confidence?: number | undefined;
795
+ }, {
796
+ type: "jira" | "url" | "pdf" | "confluence" | "manual";
797
+ id: string;
798
+ uri: string;
799
+ content_hash: string;
800
+ fetched_at: string;
801
+ version?: string | undefined;
802
+ title?: string | undefined;
803
+ extraction_confidence?: number | undefined;
804
+ }>, "many">>;
805
+ /** Registry constraints (vendor/model/region governance) */
806
+ registry: z.ZodDefault<z.ZodObject<{
807
+ /** List of approved vendors */
808
+ allowed_vendors: z.ZodDefault<z.ZodArray<z.ZodObject<{
809
+ /** Vendor identifier (e.g., "openai", "anthropic", "google") */
810
+ id: z.ZodString;
811
+ /** Human-readable vendor name */
812
+ name: z.ZodOptional<z.ZodString>;
813
+ /** Status of this vendor */
814
+ status: z.ZodDefault<z.ZodEnum<["approved", "pending", "blocked"]>>;
815
+ /** Optional approval ticket ID (Golden Thread) */
816
+ approval_ticket: z.ZodOptional<z.ZodString>;
817
+ /** When approval was granted */
818
+ approved_at: z.ZodOptional<z.ZodString>;
819
+ /** Who approved this vendor */
820
+ approved_by: z.ZodOptional<z.ZodString>;
821
+ /** Expiration date for approval */
822
+ expires_at: z.ZodOptional<z.ZodString>;
823
+ /** Vendor-specific notes */
824
+ notes: z.ZodOptional<z.ZodString>;
825
+ }, "strip", z.ZodTypeAny, {
826
+ status: "pending" | "approved" | "blocked";
827
+ id: string;
828
+ name?: string | undefined;
829
+ notes?: string | undefined;
830
+ approved_by?: string | undefined;
831
+ approved_at?: string | undefined;
832
+ approval_ticket?: string | undefined;
833
+ expires_at?: string | undefined;
834
+ }, {
835
+ id: string;
836
+ name?: string | undefined;
837
+ status?: "pending" | "approved" | "blocked" | undefined;
838
+ notes?: string | undefined;
839
+ approved_by?: string | undefined;
840
+ approved_at?: string | undefined;
841
+ approval_ticket?: string | undefined;
842
+ expires_at?: string | undefined;
843
+ }>, "many">>;
844
+ /** List of blocked vendors */
845
+ blocked_vendors: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
846
+ /** List of approved regions */
847
+ allowed_regions: z.ZodDefault<z.ZodArray<z.ZodObject<{
848
+ /** Region code (e.g., "us-east-1", "eu-west-1", "EU", "US") */
849
+ code: z.ZodString;
850
+ /** Human-readable region name */
851
+ name: z.ZodOptional<z.ZodString>;
852
+ /** Status of this region */
853
+ status: z.ZodDefault<z.ZodEnum<["allowed", "restricted", "blocked"]>>;
854
+ /** Jurisdictions this region falls under (e.g., ["GDPR", "EU-AI-ACT"]) */
855
+ jurisdictions: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
856
+ /** Data residency requirements */
857
+ data_residency: z.ZodDefault<z.ZodEnum<["required", "preferred", "none"]>>;
858
+ /** Notes about this region */
859
+ notes: z.ZodOptional<z.ZodString>;
860
+ }, "strip", z.ZodTypeAny, {
861
+ code: string;
862
+ status: "blocked" | "allowed" | "restricted";
863
+ jurisdictions: string[];
864
+ data_residency: "required" | "preferred" | "none";
865
+ name?: string | undefined;
866
+ notes?: string | undefined;
867
+ }, {
868
+ code: string;
869
+ name?: string | undefined;
870
+ status?: "blocked" | "allowed" | "restricted" | undefined;
871
+ notes?: string | undefined;
872
+ jurisdictions?: string[] | undefined;
873
+ data_residency?: "required" | "preferred" | "none" | undefined;
874
+ }>, "many">>;
875
+ /** List of blocked regions */
876
+ blocked_regions: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
877
+ /** List of approved models */
878
+ allowed_models: z.ZodDefault<z.ZodArray<z.ZodObject<{
879
+ /** Model identifier (e.g., "gpt-4", "claude-3-opus") */
880
+ id: z.ZodString;
881
+ /** Vendor that provides this model */
882
+ vendor_id: z.ZodString;
883
+ /** Human-readable model name */
884
+ name: z.ZodOptional<z.ZodString>;
885
+ /** Model version pattern (supports wildcards like "gpt-4*") */
886
+ version_pattern: z.ZodOptional<z.ZodString>;
887
+ /** Status of this model */
888
+ status: z.ZodDefault<z.ZodEnum<["approved", "pending", "blocked"]>>;
889
+ /** Maximum allowed parameters (for on-premise deployment considerations) */
890
+ max_parameters: z.ZodOptional<z.ZodNumber>;
891
+ /** Risk level assigned to this model */
892
+ risk_level: z.ZodOptional<z.ZodEnum<["minimal", "limited", "high", "unacceptable"]>>;
893
+ /** Optional approval ticket ID */
894
+ approval_ticket: z.ZodOptional<z.ZodString>;
895
+ /** When approval was granted */
896
+ approved_at: z.ZodOptional<z.ZodString>;
897
+ /** Expiration date for approval */
898
+ expires_at: z.ZodOptional<z.ZodString>;
899
+ /** Model-specific notes */
900
+ notes: z.ZodOptional<z.ZodString>;
901
+ }, "strip", z.ZodTypeAny, {
902
+ status: "pending" | "approved" | "blocked";
903
+ id: string;
904
+ vendor_id: string;
905
+ name?: string | undefined;
906
+ notes?: string | undefined;
907
+ approved_at?: string | undefined;
908
+ risk_level?: "minimal" | "limited" | "high" | "unacceptable" | undefined;
909
+ approval_ticket?: string | undefined;
910
+ expires_at?: string | undefined;
911
+ version_pattern?: string | undefined;
912
+ max_parameters?: number | undefined;
913
+ }, {
914
+ id: string;
915
+ vendor_id: string;
916
+ name?: string | undefined;
917
+ status?: "pending" | "approved" | "blocked" | undefined;
918
+ notes?: string | undefined;
919
+ approved_at?: string | undefined;
920
+ risk_level?: "minimal" | "limited" | "high" | "unacceptable" | undefined;
921
+ approval_ticket?: string | undefined;
922
+ expires_at?: string | undefined;
923
+ version_pattern?: string | undefined;
924
+ max_parameters?: number | undefined;
925
+ }>, "many">>;
926
+ /** List of blocked models (patterns supported) */
927
+ blocked_models: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
928
+ /** Maximum model parameters allowed */
929
+ max_model_parameters: z.ZodOptional<z.ZodNumber>;
930
+ /** Require vendor approval before use */
931
+ require_vendor_approval: z.ZodDefault<z.ZodBoolean>;
932
+ /** Require model approval before use */
933
+ require_model_approval: z.ZodDefault<z.ZodBoolean>;
934
+ /** Default behavior for unknown vendors: "block" or "request_approval" */
935
+ unknown_vendor_behavior: z.ZodDefault<z.ZodEnum<["block", "request_approval"]>>;
936
+ /** Default behavior for unknown models */
937
+ unknown_model_behavior: z.ZodDefault<z.ZodEnum<["block", "request_approval"]>>;
938
+ }, "strip", z.ZodTypeAny, {
939
+ allowed_vendors: {
940
+ status: "pending" | "approved" | "blocked";
941
+ id: string;
942
+ name?: string | undefined;
943
+ notes?: string | undefined;
944
+ approved_by?: string | undefined;
945
+ approved_at?: string | undefined;
946
+ approval_ticket?: string | undefined;
947
+ expires_at?: string | undefined;
948
+ }[];
949
+ blocked_vendors: string[];
950
+ allowed_regions: {
951
+ code: string;
952
+ status: "blocked" | "allowed" | "restricted";
953
+ jurisdictions: string[];
954
+ data_residency: "required" | "preferred" | "none";
955
+ name?: string | undefined;
956
+ notes?: string | undefined;
957
+ }[];
958
+ blocked_regions: string[];
959
+ allowed_models: {
960
+ status: "pending" | "approved" | "blocked";
961
+ id: string;
962
+ vendor_id: string;
963
+ name?: string | undefined;
964
+ notes?: string | undefined;
965
+ approved_at?: string | undefined;
966
+ risk_level?: "minimal" | "limited" | "high" | "unacceptable" | undefined;
967
+ approval_ticket?: string | undefined;
968
+ expires_at?: string | undefined;
969
+ version_pattern?: string | undefined;
970
+ max_parameters?: number | undefined;
971
+ }[];
972
+ blocked_models: string[];
973
+ require_vendor_approval: boolean;
974
+ require_model_approval: boolean;
975
+ unknown_vendor_behavior: "block" | "request_approval";
976
+ unknown_model_behavior: "block" | "request_approval";
977
+ max_model_parameters?: number | undefined;
978
+ }, {
979
+ allowed_vendors?: {
980
+ id: string;
981
+ name?: string | undefined;
982
+ status?: "pending" | "approved" | "blocked" | undefined;
983
+ notes?: string | undefined;
984
+ approved_by?: string | undefined;
985
+ approved_at?: string | undefined;
986
+ approval_ticket?: string | undefined;
987
+ expires_at?: string | undefined;
988
+ }[] | undefined;
989
+ blocked_vendors?: string[] | undefined;
990
+ allowed_regions?: {
991
+ code: string;
992
+ name?: string | undefined;
993
+ status?: "blocked" | "allowed" | "restricted" | undefined;
994
+ notes?: string | undefined;
995
+ jurisdictions?: string[] | undefined;
996
+ data_residency?: "required" | "preferred" | "none" | undefined;
997
+ }[] | undefined;
998
+ blocked_regions?: string[] | undefined;
999
+ allowed_models?: {
1000
+ id: string;
1001
+ vendor_id: string;
1002
+ name?: string | undefined;
1003
+ status?: "pending" | "approved" | "blocked" | undefined;
1004
+ notes?: string | undefined;
1005
+ approved_at?: string | undefined;
1006
+ risk_level?: "minimal" | "limited" | "high" | "unacceptable" | undefined;
1007
+ approval_ticket?: string | undefined;
1008
+ expires_at?: string | undefined;
1009
+ version_pattern?: string | undefined;
1010
+ max_parameters?: number | undefined;
1011
+ }[] | undefined;
1012
+ blocked_models?: string[] | undefined;
1013
+ max_model_parameters?: number | undefined;
1014
+ require_vendor_approval?: boolean | undefined;
1015
+ require_model_approval?: boolean | undefined;
1016
+ unknown_vendor_behavior?: "block" | "request_approval" | undefined;
1017
+ unknown_model_behavior?: "block" | "request_approval" | undefined;
1018
+ }>>;
1019
+ /** Runtime constraints (execution-time governance) */
1020
+ runtime: z.ZodDefault<z.ZodObject<{
1021
+ /** PII filtering configuration */
1022
+ pii_filter: z.ZodOptional<z.ZodObject<{
1023
+ /** Whether PII filtering is enabled */
1024
+ enabled: z.ZodDefault<z.ZodBoolean>;
1025
+ /** PII types to filter (e.g., ["email", "phone", "ssn", "credit_card"]) */
1026
+ filter_types: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1027
+ /** Action when PII is detected: "redact", "block", "warn", "audit" */
1028
+ action: z.ZodDefault<z.ZodEnum<["redact", "block", "warn", "audit"]>>;
1029
+ /** Custom patterns to detect (regex) */
1030
+ custom_patterns: z.ZodDefault<z.ZodArray<z.ZodObject<{
1031
+ name: z.ZodString;
1032
+ pattern: z.ZodString;
1033
+ action: z.ZodOptional<z.ZodEnum<["redact", "block", "warn", "audit"]>>;
1034
+ }, "strip", z.ZodTypeAny, {
1035
+ name: string;
1036
+ pattern: string;
1037
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
1038
+ }, {
1039
+ name: string;
1040
+ pattern: string;
1041
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
1042
+ }>, "many">>;
1043
+ }, "strip", z.ZodTypeAny, {
1044
+ enabled: boolean;
1045
+ filter_types: string[];
1046
+ action: "audit" | "block" | "redact" | "warn";
1047
+ custom_patterns: {
1048
+ name: string;
1049
+ pattern: string;
1050
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
1051
+ }[];
1052
+ }, {
1053
+ enabled?: boolean | undefined;
1054
+ filter_types?: string[] | undefined;
1055
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
1056
+ custom_patterns?: {
1057
+ name: string;
1058
+ pattern: string;
1059
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
1060
+ }[] | undefined;
1061
+ }>>;
1062
+ /** Toxicity filtering configuration */
1063
+ toxicity_filter: z.ZodOptional<z.ZodObject<{
1064
+ /** Whether toxicity filtering is enabled */
1065
+ enabled: z.ZodDefault<z.ZodBoolean>;
1066
+ /** Toxicity threshold (0-1) */
1067
+ threshold: z.ZodDefault<z.ZodNumber>;
1068
+ /** Categories to filter (e.g., ["hate", "violence", "sexual"]) */
1069
+ categories: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1070
+ /** Action when toxicity is detected */
1071
+ action: z.ZodDefault<z.ZodEnum<["block", "warn", "audit"]>>;
1072
+ }, "strip", z.ZodTypeAny, {
1073
+ enabled: boolean;
1074
+ action: "audit" | "block" | "warn";
1075
+ threshold: number;
1076
+ categories: string[];
1077
+ }, {
1078
+ enabled?: boolean | undefined;
1079
+ action?: "audit" | "block" | "warn" | undefined;
1080
+ threshold?: number | undefined;
1081
+ categories?: string[] | undefined;
1082
+ }>>;
1083
+ /** Data retention period in days (0 = no retention) */
1084
+ data_retention_days: z.ZodDefault<z.ZodNumber>;
1085
+ /** Whether to enable output watermarking */
1086
+ watermark_enabled: z.ZodDefault<z.ZodBoolean>;
1087
+ /** Logging level: "none", "errors", "all" */
1088
+ logging_level: z.ZodDefault<z.ZodEnum<["none", "errors", "all"]>>;
1089
+ /** Maximum tokens per request */
1090
+ max_tokens_per_request: z.ZodOptional<z.ZodNumber>;
1091
+ /** Maximum requests per minute */
1092
+ max_requests_per_minute: z.ZodOptional<z.ZodNumber>;
1093
+ /** Maximum cost per request in USD */
1094
+ max_cost_per_request_usd: z.ZodOptional<z.ZodNumber>;
1095
+ /** Maximum cost per day in USD */
1096
+ max_cost_per_day_usd: z.ZodOptional<z.ZodNumber>;
1097
+ /** Session timeout in seconds */
1098
+ session_timeout_seconds: z.ZodOptional<z.ZodNumber>;
1099
+ /** Require human approval for specific actions */
1100
+ human_approval_required: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1101
+ /** Kill switch configuration */
1102
+ kill_switch: z.ZodOptional<z.ZodObject<{
1103
+ enabled: z.ZodDefault<z.ZodBoolean>;
1104
+ channel: z.ZodDefault<z.ZodEnum<["sse", "polling", "file"]>>;
1105
+ poll_interval_ms: z.ZodDefault<z.ZodNumber>;
1106
+ }, "strip", z.ZodTypeAny, {
1107
+ enabled: boolean;
1108
+ channel: "sse" | "polling" | "file";
1109
+ poll_interval_ms: number;
1110
+ }, {
1111
+ enabled?: boolean | undefined;
1112
+ channel?: "sse" | "polling" | "file" | undefined;
1113
+ poll_interval_ms?: number | undefined;
1114
+ }>>;
1115
+ /** Grounding check configuration (prevent hallucination) */
1116
+ grounding_check: z.ZodOptional<z.ZodObject<{
1117
+ enabled: z.ZodDefault<z.ZodBoolean>;
1118
+ confidence_threshold: z.ZodDefault<z.ZodNumber>;
1119
+ action: z.ZodDefault<z.ZodEnum<["block", "warn", "audit"]>>;
1120
+ }, "strip", z.ZodTypeAny, {
1121
+ enabled: boolean;
1122
+ action: "audit" | "block" | "warn";
1123
+ confidence_threshold: number;
1124
+ }, {
1125
+ enabled?: boolean | undefined;
1126
+ action?: "audit" | "block" | "warn" | undefined;
1127
+ confidence_threshold?: number | undefined;
1128
+ }>>;
1129
+ }, "strip", z.ZodTypeAny, {
1130
+ data_retention_days: number;
1131
+ watermark_enabled: boolean;
1132
+ logging_level: "errors" | "none" | "all";
1133
+ human_approval_required: string[];
1134
+ kill_switch?: {
1135
+ enabled: boolean;
1136
+ channel: "sse" | "polling" | "file";
1137
+ poll_interval_ms: number;
1138
+ } | undefined;
1139
+ pii_filter?: {
1140
+ enabled: boolean;
1141
+ filter_types: string[];
1142
+ action: "audit" | "block" | "redact" | "warn";
1143
+ custom_patterns: {
1144
+ name: string;
1145
+ pattern: string;
1146
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
1147
+ }[];
1148
+ } | undefined;
1149
+ toxicity_filter?: {
1150
+ enabled: boolean;
1151
+ action: "audit" | "block" | "warn";
1152
+ threshold: number;
1153
+ categories: string[];
1154
+ } | undefined;
1155
+ max_tokens_per_request?: number | undefined;
1156
+ max_requests_per_minute?: number | undefined;
1157
+ max_cost_per_request_usd?: number | undefined;
1158
+ max_cost_per_day_usd?: number | undefined;
1159
+ session_timeout_seconds?: number | undefined;
1160
+ grounding_check?: {
1161
+ enabled: boolean;
1162
+ action: "audit" | "block" | "warn";
1163
+ confidence_threshold: number;
1164
+ } | undefined;
1165
+ }, {
1166
+ kill_switch?: {
1167
+ enabled?: boolean | undefined;
1168
+ channel?: "sse" | "polling" | "file" | undefined;
1169
+ poll_interval_ms?: number | undefined;
1170
+ } | undefined;
1171
+ pii_filter?: {
1172
+ enabled?: boolean | undefined;
1173
+ filter_types?: string[] | undefined;
1174
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
1175
+ custom_patterns?: {
1176
+ name: string;
1177
+ pattern: string;
1178
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
1179
+ }[] | undefined;
1180
+ } | undefined;
1181
+ toxicity_filter?: {
1182
+ enabled?: boolean | undefined;
1183
+ action?: "audit" | "block" | "warn" | undefined;
1184
+ threshold?: number | undefined;
1185
+ categories?: string[] | undefined;
1186
+ } | undefined;
1187
+ data_retention_days?: number | undefined;
1188
+ watermark_enabled?: boolean | undefined;
1189
+ logging_level?: "errors" | "none" | "all" | undefined;
1190
+ max_tokens_per_request?: number | undefined;
1191
+ max_requests_per_minute?: number | undefined;
1192
+ max_cost_per_request_usd?: number | undefined;
1193
+ max_cost_per_day_usd?: number | undefined;
1194
+ session_timeout_seconds?: number | undefined;
1195
+ human_approval_required?: string[] | undefined;
1196
+ grounding_check?: {
1197
+ enabled?: boolean | undefined;
1198
+ action?: "audit" | "block" | "warn" | undefined;
1199
+ confidence_threshold?: number | undefined;
1200
+ } | undefined;
1201
+ }>>;
1202
+ /** Build constraints (CI/CD governance) */
1203
+ build: z.ZodDefault<z.ZodObject<{
1204
+ /** Require Golden Thread linkage (business justification) */
1205
+ require_golden_thread: z.ZodDefault<z.ZodBoolean>;
1206
+ /** Require asset card for all AI assets */
1207
+ require_asset_card: z.ZodDefault<z.ZodBoolean>;
1208
+ /** Require risk classification */
1209
+ require_risk_classification: z.ZodDefault<z.ZodBoolean>;
1210
+ /** Require model card documentation */
1211
+ require_model_card: z.ZodDefault<z.ZodBoolean>;
1212
+ /** Require security review for high-risk assets */
1213
+ require_security_review: z.ZodDefault<z.ZodBoolean>;
1214
+ /** Minimum risk levels that require security review */
1215
+ security_review_risk_levels: z.ZodDefault<z.ZodArray<z.ZodEnum<["high", "unacceptable"]>, "many">>;
1216
+ /** Require governance.lock file */
1217
+ require_governance_lock: z.ZodDefault<z.ZodBoolean>;
1218
+ /** governance.lock must be signed */
1219
+ require_lock_signature: z.ZodDefault<z.ZodBoolean>;
1220
+ /** Block merge on validation failure */
1221
+ block_on_failure: z.ZodDefault<z.ZodBoolean>;
1222
+ /** Generate SARIF report for GitHub Security tab */
1223
+ generate_sarif: z.ZodDefault<z.ZodBoolean>;
1224
+ /** Required approvals before deployment */
1225
+ required_approvals: z.ZodDefault<z.ZodArray<z.ZodObject<{
1226
+ role: z.ZodString;
1227
+ count: z.ZodDefault<z.ZodNumber>;
1228
+ }, "strip", z.ZodTypeAny, {
1229
+ role: string;
1230
+ count: number;
1231
+ }, {
1232
+ role: string;
1233
+ count?: number | undefined;
1234
+ }>, "many">>;
1235
+ /** Allowed deployment environments */
1236
+ allowed_environments: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1237
+ /** Environment-specific constraints */
1238
+ environment_constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
1239
+ require_approval: z.ZodDefault<z.ZodBoolean>;
1240
+ approvers: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1241
+ require_testing: z.ZodDefault<z.ZodBoolean>;
1242
+ test_coverage_threshold: z.ZodOptional<z.ZodNumber>;
1243
+ }, "strip", z.ZodTypeAny, {
1244
+ require_approval: boolean;
1245
+ approvers: string[];
1246
+ require_testing: boolean;
1247
+ test_coverage_threshold?: number | undefined;
1248
+ }, {
1249
+ require_approval?: boolean | undefined;
1250
+ approvers?: string[] | undefined;
1251
+ require_testing?: boolean | undefined;
1252
+ test_coverage_threshold?: number | undefined;
1253
+ }>>>;
1254
+ }, "strip", z.ZodTypeAny, {
1255
+ require_golden_thread: boolean;
1256
+ require_asset_card: boolean;
1257
+ require_risk_classification: boolean;
1258
+ require_model_card: boolean;
1259
+ require_security_review: boolean;
1260
+ security_review_risk_levels: ("high" | "unacceptable")[];
1261
+ require_governance_lock: boolean;
1262
+ require_lock_signature: boolean;
1263
+ block_on_failure: boolean;
1264
+ generate_sarif: boolean;
1265
+ required_approvals: {
1266
+ role: string;
1267
+ count: number;
1268
+ }[];
1269
+ allowed_environments: string[];
1270
+ environment_constraints?: Record<string, {
1271
+ require_approval: boolean;
1272
+ approvers: string[];
1273
+ require_testing: boolean;
1274
+ test_coverage_threshold?: number | undefined;
1275
+ }> | undefined;
1276
+ }, {
1277
+ require_golden_thread?: boolean | undefined;
1278
+ require_asset_card?: boolean | undefined;
1279
+ require_risk_classification?: boolean | undefined;
1280
+ require_model_card?: boolean | undefined;
1281
+ require_security_review?: boolean | undefined;
1282
+ security_review_risk_levels?: ("high" | "unacceptable")[] | undefined;
1283
+ require_governance_lock?: boolean | undefined;
1284
+ require_lock_signature?: boolean | undefined;
1285
+ block_on_failure?: boolean | undefined;
1286
+ generate_sarif?: boolean | undefined;
1287
+ required_approvals?: {
1288
+ role: string;
1289
+ count?: number | undefined;
1290
+ }[] | undefined;
1291
+ allowed_environments?: string[] | undefined;
1292
+ environment_constraints?: Record<string, {
1293
+ require_approval?: boolean | undefined;
1294
+ approvers?: string[] | undefined;
1295
+ require_testing?: boolean | undefined;
1296
+ test_coverage_threshold?: number | undefined;
1297
+ }> | undefined;
1298
+ }>>;
1299
+ /** Metadata about this AIR */
1300
+ metadata: z.ZodObject<{
1301
+ /** When this AIR was generated */
1302
+ generated_at: z.ZodString;
1303
+ /** Tool/system that generated this AIR */
1304
+ generated_by: z.ZodDefault<z.ZodString>;
1305
+ /** Version of the policy compiler */
1306
+ compiler_version: z.ZodString;
1307
+ /** Organization this AIR belongs to */
1308
+ organization: z.ZodOptional<z.ZodString>;
1309
+ /** Environment this AIR is for (e.g., "production", "staging") */
1310
+ environment: z.ZodOptional<z.ZodString>;
1311
+ /** Human-readable description */
1312
+ description: z.ZodOptional<z.ZodString>;
1313
+ /** Tags for categorization */
1314
+ tags: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1315
+ /** Custom metadata fields */
1316
+ custom: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
1317
+ }, "strip", z.ZodTypeAny, {
1318
+ tags: string[];
1319
+ generated_at: string;
1320
+ generated_by: string;
1321
+ compiler_version: string;
1322
+ custom?: Record<string, unknown> | undefined;
1323
+ organization?: string | undefined;
1324
+ description?: string | undefined;
1325
+ environment?: string | undefined;
1326
+ }, {
1327
+ generated_at: string;
1328
+ compiler_version: string;
1329
+ custom?: Record<string, unknown> | undefined;
1330
+ organization?: string | undefined;
1331
+ description?: string | undefined;
1332
+ tags?: string[] | undefined;
1333
+ generated_by?: string | undefined;
1334
+ environment?: string | undefined;
1335
+ }>;
1336
+ /** When this AIR expires (forces re-compilation) */
1337
+ expires_at: z.ZodOptional<z.ZodString>;
1338
+ /** Digital signatures for verification */
1339
+ signatures: z.ZodDefault<z.ZodArray<z.ZodObject<{
1340
+ /** Signer identity (email or system ID) */
1341
+ signer: z.ZodString;
1342
+ /** Algorithm used (RS256, ES256) */
1343
+ algorithm: z.ZodEnum<["RS256", "ES256"]>;
1344
+ /** Base64-encoded signature */
1345
+ signature: z.ZodString;
1346
+ /** When the signature was created */
1347
+ signed_at: z.ZodString;
1348
+ /** Key ID for verification */
1349
+ key_id: z.ZodOptional<z.ZodString>;
1350
+ }, "strip", z.ZodTypeAny, {
1351
+ signature: string;
1352
+ algorithm: "RS256" | "ES256";
1353
+ signer: string;
1354
+ signed_at: string;
1355
+ key_id?: string | undefined;
1356
+ }, {
1357
+ signature: string;
1358
+ algorithm: "RS256" | "ES256";
1359
+ signer: string;
1360
+ signed_at: string;
1361
+ key_id?: string | undefined;
1362
+ }>, "many">>;
1363
+ }, "strip", z.ZodTypeAny, {
1364
+ name: string;
1365
+ runtime: {
1366
+ data_retention_days: number;
1367
+ watermark_enabled: boolean;
1368
+ logging_level: "errors" | "none" | "all";
1369
+ human_approval_required: string[];
1370
+ kill_switch?: {
1371
+ enabled: boolean;
1372
+ channel: "sse" | "polling" | "file";
1373
+ poll_interval_ms: number;
1374
+ } | undefined;
1375
+ pii_filter?: {
1376
+ enabled: boolean;
1377
+ filter_types: string[];
1378
+ action: "audit" | "block" | "redact" | "warn";
1379
+ custom_patterns: {
1380
+ name: string;
1381
+ pattern: string;
1382
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
1383
+ }[];
1384
+ } | undefined;
1385
+ toxicity_filter?: {
1386
+ enabled: boolean;
1387
+ action: "audit" | "block" | "warn";
1388
+ threshold: number;
1389
+ categories: string[];
1390
+ } | undefined;
1391
+ max_tokens_per_request?: number | undefined;
1392
+ max_requests_per_minute?: number | undefined;
1393
+ max_cost_per_request_usd?: number | undefined;
1394
+ max_cost_per_day_usd?: number | undefined;
1395
+ session_timeout_seconds?: number | undefined;
1396
+ grounding_check?: {
1397
+ enabled: boolean;
1398
+ action: "audit" | "block" | "warn";
1399
+ confidence_threshold: number;
1400
+ } | undefined;
1401
+ };
1402
+ id: string;
1403
+ version: "1.0";
1404
+ metadata: {
1405
+ tags: string[];
1406
+ generated_at: string;
1407
+ generated_by: string;
1408
+ compiler_version: string;
1409
+ custom?: Record<string, unknown> | undefined;
1410
+ organization?: string | undefined;
1411
+ description?: string | undefined;
1412
+ environment?: string | undefined;
1413
+ };
1414
+ build: {
1415
+ require_golden_thread: boolean;
1416
+ require_asset_card: boolean;
1417
+ require_risk_classification: boolean;
1418
+ require_model_card: boolean;
1419
+ require_security_review: boolean;
1420
+ security_review_risk_levels: ("high" | "unacceptable")[];
1421
+ require_governance_lock: boolean;
1422
+ require_lock_signature: boolean;
1423
+ block_on_failure: boolean;
1424
+ generate_sarif: boolean;
1425
+ required_approvals: {
1426
+ role: string;
1427
+ count: number;
1428
+ }[];
1429
+ allowed_environments: string[];
1430
+ environment_constraints?: Record<string, {
1431
+ require_approval: boolean;
1432
+ approvers: string[];
1433
+ require_testing: boolean;
1434
+ test_coverage_threshold?: number | undefined;
1435
+ }> | undefined;
1436
+ };
1437
+ policy_sources: {
1438
+ type: "jira" | "url" | "pdf" | "confluence" | "manual";
1439
+ id: string;
1440
+ uri: string;
1441
+ content_hash: string;
1442
+ fetched_at: string;
1443
+ version?: string | undefined;
1444
+ title?: string | undefined;
1445
+ extraction_confidence?: number | undefined;
1446
+ }[];
1447
+ registry: {
1448
+ allowed_vendors: {
1449
+ status: "pending" | "approved" | "blocked";
1450
+ id: string;
1451
+ name?: string | undefined;
1452
+ notes?: string | undefined;
1453
+ approved_by?: string | undefined;
1454
+ approved_at?: string | undefined;
1455
+ approval_ticket?: string | undefined;
1456
+ expires_at?: string | undefined;
1457
+ }[];
1458
+ blocked_vendors: string[];
1459
+ allowed_regions: {
1460
+ code: string;
1461
+ status: "blocked" | "allowed" | "restricted";
1462
+ jurisdictions: string[];
1463
+ data_residency: "required" | "preferred" | "none";
1464
+ name?: string | undefined;
1465
+ notes?: string | undefined;
1466
+ }[];
1467
+ blocked_regions: string[];
1468
+ allowed_models: {
1469
+ status: "pending" | "approved" | "blocked";
1470
+ id: string;
1471
+ vendor_id: string;
1472
+ name?: string | undefined;
1473
+ notes?: string | undefined;
1474
+ approved_at?: string | undefined;
1475
+ risk_level?: "minimal" | "limited" | "high" | "unacceptable" | undefined;
1476
+ approval_ticket?: string | undefined;
1477
+ expires_at?: string | undefined;
1478
+ version_pattern?: string | undefined;
1479
+ max_parameters?: number | undefined;
1480
+ }[];
1481
+ blocked_models: string[];
1482
+ require_vendor_approval: boolean;
1483
+ require_model_approval: boolean;
1484
+ unknown_vendor_behavior: "block" | "request_approval";
1485
+ unknown_model_behavior: "block" | "request_approval";
1486
+ max_model_parameters?: number | undefined;
1487
+ };
1488
+ signatures: {
1489
+ signature: string;
1490
+ algorithm: "RS256" | "ES256";
1491
+ signer: string;
1492
+ signed_at: string;
1493
+ key_id?: string | undefined;
1494
+ }[];
1495
+ hash?: string | undefined;
1496
+ expires_at?: string | undefined;
1497
+ }, {
1498
+ name: string;
1499
+ id: string;
1500
+ version: "1.0";
1501
+ metadata: {
1502
+ generated_at: string;
1503
+ compiler_version: string;
1504
+ custom?: Record<string, unknown> | undefined;
1505
+ organization?: string | undefined;
1506
+ description?: string | undefined;
1507
+ tags?: string[] | undefined;
1508
+ generated_by?: string | undefined;
1509
+ environment?: string | undefined;
1510
+ };
1511
+ runtime?: {
1512
+ kill_switch?: {
1513
+ enabled?: boolean | undefined;
1514
+ channel?: "sse" | "polling" | "file" | undefined;
1515
+ poll_interval_ms?: number | undefined;
1516
+ } | undefined;
1517
+ pii_filter?: {
1518
+ enabled?: boolean | undefined;
1519
+ filter_types?: string[] | undefined;
1520
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
1521
+ custom_patterns?: {
1522
+ name: string;
1523
+ pattern: string;
1524
+ action?: "audit" | "block" | "redact" | "warn" | undefined;
1525
+ }[] | undefined;
1526
+ } | undefined;
1527
+ toxicity_filter?: {
1528
+ enabled?: boolean | undefined;
1529
+ action?: "audit" | "block" | "warn" | undefined;
1530
+ threshold?: number | undefined;
1531
+ categories?: string[] | undefined;
1532
+ } | undefined;
1533
+ data_retention_days?: number | undefined;
1534
+ watermark_enabled?: boolean | undefined;
1535
+ logging_level?: "errors" | "none" | "all" | undefined;
1536
+ max_tokens_per_request?: number | undefined;
1537
+ max_requests_per_minute?: number | undefined;
1538
+ max_cost_per_request_usd?: number | undefined;
1539
+ max_cost_per_day_usd?: number | undefined;
1540
+ session_timeout_seconds?: number | undefined;
1541
+ human_approval_required?: string[] | undefined;
1542
+ grounding_check?: {
1543
+ enabled?: boolean | undefined;
1544
+ action?: "audit" | "block" | "warn" | undefined;
1545
+ confidence_threshold?: number | undefined;
1546
+ } | undefined;
1547
+ } | undefined;
1548
+ hash?: string | undefined;
1549
+ build?: {
1550
+ require_golden_thread?: boolean | undefined;
1551
+ require_asset_card?: boolean | undefined;
1552
+ require_risk_classification?: boolean | undefined;
1553
+ require_model_card?: boolean | undefined;
1554
+ require_security_review?: boolean | undefined;
1555
+ security_review_risk_levels?: ("high" | "unacceptable")[] | undefined;
1556
+ require_governance_lock?: boolean | undefined;
1557
+ require_lock_signature?: boolean | undefined;
1558
+ block_on_failure?: boolean | undefined;
1559
+ generate_sarif?: boolean | undefined;
1560
+ required_approvals?: {
1561
+ role: string;
1562
+ count?: number | undefined;
1563
+ }[] | undefined;
1564
+ allowed_environments?: string[] | undefined;
1565
+ environment_constraints?: Record<string, {
1566
+ require_approval?: boolean | undefined;
1567
+ approvers?: string[] | undefined;
1568
+ require_testing?: boolean | undefined;
1569
+ test_coverage_threshold?: number | undefined;
1570
+ }> | undefined;
1571
+ } | undefined;
1572
+ expires_at?: string | undefined;
1573
+ policy_sources?: {
1574
+ type: "jira" | "url" | "pdf" | "confluence" | "manual";
1575
+ id: string;
1576
+ uri: string;
1577
+ content_hash: string;
1578
+ fetched_at: string;
1579
+ version?: string | undefined;
1580
+ title?: string | undefined;
1581
+ extraction_confidence?: number | undefined;
1582
+ }[] | undefined;
1583
+ registry?: {
1584
+ allowed_vendors?: {
1585
+ id: string;
1586
+ name?: string | undefined;
1587
+ status?: "pending" | "approved" | "blocked" | undefined;
1588
+ notes?: string | undefined;
1589
+ approved_by?: string | undefined;
1590
+ approved_at?: string | undefined;
1591
+ approval_ticket?: string | undefined;
1592
+ expires_at?: string | undefined;
1593
+ }[] | undefined;
1594
+ blocked_vendors?: string[] | undefined;
1595
+ allowed_regions?: {
1596
+ code: string;
1597
+ name?: string | undefined;
1598
+ status?: "blocked" | "allowed" | "restricted" | undefined;
1599
+ notes?: string | undefined;
1600
+ jurisdictions?: string[] | undefined;
1601
+ data_residency?: "required" | "preferred" | "none" | undefined;
1602
+ }[] | undefined;
1603
+ blocked_regions?: string[] | undefined;
1604
+ allowed_models?: {
1605
+ id: string;
1606
+ vendor_id: string;
1607
+ name?: string | undefined;
1608
+ status?: "pending" | "approved" | "blocked" | undefined;
1609
+ notes?: string | undefined;
1610
+ approved_at?: string | undefined;
1611
+ risk_level?: "minimal" | "limited" | "high" | "unacceptable" | undefined;
1612
+ approval_ticket?: string | undefined;
1613
+ expires_at?: string | undefined;
1614
+ version_pattern?: string | undefined;
1615
+ max_parameters?: number | undefined;
1616
+ }[] | undefined;
1617
+ blocked_models?: string[] | undefined;
1618
+ max_model_parameters?: number | undefined;
1619
+ require_vendor_approval?: boolean | undefined;
1620
+ require_model_approval?: boolean | undefined;
1621
+ unknown_vendor_behavior?: "block" | "request_approval" | undefined;
1622
+ unknown_model_behavior?: "block" | "request_approval" | undefined;
1623
+ } | undefined;
1624
+ signatures?: {
1625
+ signature: string;
1626
+ algorithm: "RS256" | "ES256";
1627
+ signer: string;
1628
+ signed_at: string;
1629
+ key_id?: string | undefined;
1630
+ }[] | undefined;
1631
+ }>;
1632
+ type AIR = z.infer<typeof AIRSchema>;
1633
+ /**
1634
+ * Creates an empty AIR with default values
1635
+ */
1636
+ declare function createEmptyAIR(name: string, compilerVersion?: string): AIR;
1637
+ /**
1638
+ * Validates an AIR document
1639
+ */
1640
+ declare function validateAIR(air: unknown): {
1641
+ valid: boolean;
1642
+ errors: string[];
1643
+ };
1644
+ /**
1645
+ * Checks if a vendor is allowed by registry constraints
1646
+ */
1647
+ declare function isVendorAllowed(vendorId: string, registry: AIRRegistryConstraints): {
1648
+ allowed: boolean;
1649
+ reason: string;
1650
+ requiresApproval: boolean;
1651
+ };
1652
+ /**
1653
+ * Checks if a model is allowed by registry constraints
1654
+ */
1655
+ declare function isModelAllowed(modelId: string, vendorId: string, registry: AIRRegistryConstraints): {
1656
+ allowed: boolean;
1657
+ reason: string;
1658
+ requiresApproval: boolean;
1659
+ };
1660
+ /**
1661
+ * Checks if a region is allowed by registry constraints
1662
+ */
1663
+ declare function isRegionAllowed(regionCode: string, registry: AIRRegistryConstraints): {
1664
+ allowed: boolean;
1665
+ reason: string;
1666
+ dataResidency: "required" | "preferred" | "none";
1667
+ };
1668
+
1669
+ export { type AIR, type AIRBuildConstraints, AIRBuildConstraintsSchema, type AIRMetadata, AIRMetadataSchema, type AIRModel, AIRModelSchema, type AIRPIIFilterConfig, AIRPIIFilterConfigSchema, type AIRPolicySource, AIRPolicySourceSchema, type AIRRegion, AIRRegionSchema, type AIRRegistryConstraints, AIRRegistryConstraintsSchema, type AIRRuntimeConstraints, AIRRuntimeConstraintsSchema, AIRSchema, type AIRToxicityFilterConfig, AIRToxicityFilterConfigSchema, type AIRVendor, AIRVendorSchema, createEmptyAIR, isModelAllowed, isRegionAllowed, isVendorAllowed, validateAIR };