@aigrc/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/dist/index.d.mts +226 -0
  2. package/dist/index.d.ts +226 -0
  3. package/dist/index.js +2337 -0
  4. package/dist/index.js.map +1 -0
  5. package/dist/index.mjs +2264 -0
  6. package/dist/index.mjs.map +1 -0
  7. package/dist/schemas/index.d.mts +2332 -0
  8. package/dist/schemas/index.d.ts +2332 -0
  9. package/dist/schemas/index.js +213 -0
  10. package/dist/schemas/index.js.map +1 -0
  11. package/dist/schemas/index.mjs +176 -0
  12. package/dist/schemas/index.mjs.map +1 -0
  13. package/package.json +69 -0
package/dist/schemas/index.js ADDED
@@ -0,0 +1,213 @@
1
+ "use strict";
2
+ var __defProp = Object.defineProperty;
3
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
+ var __getOwnPropNames = Object.getOwnPropertyNames;
5
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
6
+ var __export = (target, all) => {
7
+ for (var name in all)
8
+ __defProp(target, name, { get: all[name], enumerable: true });
9
+ };
10
+ var __copyProps = (to, from, except, desc) => {
11
+ if (from && typeof from === "object" || typeof from === "function") {
12
+ for (let key of __getOwnPropNames(from))
13
+ if (!__hasOwnProp.call(to, key) && key !== except)
14
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
+ }
16
+ return to;
17
+ };
18
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
+
20
+ // src/schemas/index.ts
21
+ var schemas_exports = {};
22
+ __export(schemas_exports, {
23
+ ApprovalSchema: () => ApprovalSchema,
24
+ AssetCardSchema: () => AssetCardSchema,
25
+ ClassificationSchema: () => ClassificationSchema,
26
+ ConstraintsSchema: () => ConstraintsSchema,
27
+ ControlStatusSchema: () => ControlStatusSchema,
28
+ GovernanceSchema: () => GovernanceSchema,
29
+ IntentSchema: () => IntentSchema,
30
+ JurisdictionClassificationSchema: () => JurisdictionClassificationSchema,
31
+ OwnerSchema: () => OwnerSchema,
32
+ RiskFactorsSchema: () => RiskFactorsSchema,
33
+ TechnicalSchema: () => TechnicalSchema,
34
+ TrustworthinessCharacteristicSchema: () => TrustworthinessCharacteristicSchema,
35
+ TrustworthinessSchema: () => TrustworthinessSchema
36
+ });
37
+ module.exports = __toCommonJS(schemas_exports);
38
+ var import_zod = require("zod");
39
+ var OwnerSchema = import_zod.z.object({
40
+ name: import_zod.z.string().min(1),
41
+ email: import_zod.z.string().email(),
42
+ team: import_zod.z.string().optional()
43
+ });
44
+ var TechnicalSchema = import_zod.z.object({
45
+ type: import_zod.z.enum(["model", "agent", "api_client", "framework", "pipeline"]),
46
+ framework: import_zod.z.string().optional(),
47
+ frameworkVersion: import_zod.z.string().optional(),
48
+ components: import_zod.z.array(
49
+ import_zod.z.object({
50
+ type: import_zod.z.string(),
51
+ provider: import_zod.z.string().optional(),
52
+ model: import_zod.z.string().optional()
53
+ })
54
+ ).optional(),
55
+ sourceFiles: import_zod.z.array(import_zod.z.string()).optional()
56
+ });
57
+ var RiskFactorsSchema = import_zod.z.object({
58
+ autonomousDecisions: import_zod.z.boolean().default(false),
59
+ customerFacing: import_zod.z.boolean().default(false),
60
+ toolExecution: import_zod.z.boolean().default(false),
61
+ externalDataAccess: import_zod.z.boolean().default(false),
62
+ piiProcessing: import_zod.z.enum(["yes", "no", "unknown"]).default("unknown"),
63
+ highStakesDecisions: import_zod.z.boolean().default(false)
64
+ });
65
+ var ControlStatusSchema = import_zod.z.object({
66
+ controlId: import_zod.z.string(),
67
+ status: import_zod.z.enum(["implemented", "partial", "not_implemented", "not_applicable"]),
68
+ evidence: import_zod.z.string().optional(),
69
+ notes: import_zod.z.string().optional(),
70
+ lastUpdated: import_zod.z.string().datetime().optional()
71
+ });
72
+ var JurisdictionClassificationSchema = import_zod.z.object({
73
+ /** Profile/jurisdiction ID (e.g., "eu-ai-act", "us-omb-m24") */
74
+ jurisdictionId: import_zod.z.string(),
75
+ /** Risk level mapped to this jurisdiction's terminology */
76
+ riskLevel: import_zod.z.string(),
77
+ /** Jurisdiction-specific category (e.g., EU AI Act category) */
78
+ category: import_zod.z.string().optional(),
79
+ /** Status of controls for this jurisdiction */
80
+ controlStatuses: import_zod.z.array(ControlStatusSchema).optional(),
81
+ /** Required artifacts for this jurisdiction */
82
+ requiredArtifacts: import_zod.z.array(
83
+ import_zod.z.object({
84
+ artifactId: import_zod.z.string(),
85
+ status: import_zod.z.enum(["pending", "complete", "not_applicable"]),
86
+ path: import_zod.z.string().optional()
87
+ })
88
+ ).optional(),
89
+ /** Last compliance check date */
90
+ lastChecked: import_zod.z.string().datetime().optional(),
91
+ /** Compliance percentage for this jurisdiction */
92
+ compliancePercentage: import_zod.z.number().min(0).max(100).optional()
93
+ });
94
+ var TrustworthinessCharacteristicSchema = import_zod.z.object({
95
+ score: import_zod.z.number().min(0).max(100).optional(),
96
+ notes: import_zod.z.string().optional(),
97
+ lastAssessed: import_zod.z.string().datetime().optional(),
98
+ assessedBy: import_zod.z.string().optional()
99
+ });
100
+ var TrustworthinessSchema = import_zod.z.object({
101
+ /** Valid and reliable: produces accurate, consistent results */
102
+ valid: TrustworthinessCharacteristicSchema.optional(),
103
+ reliable: TrustworthinessCharacteristicSchema.optional(),
104
+ /** Safe: minimizes harm and risk */
105
+ safe: TrustworthinessCharacteristicSchema.optional(),
106
+ /** Secure: protected against threats */
107
+ secure: TrustworthinessCharacteristicSchema.optional(),
108
+ /** Accountable: clear responsibility and oversight */
109
+ accountable: TrustworthinessCharacteristicSchema.optional(),
110
+ /** Transparent: understandable and open about limitations */
111
+ transparent: TrustworthinessCharacteristicSchema.optional(),
112
+ /** Explainable: decisions can be understood */
113
+ explainable: TrustworthinessCharacteristicSchema.optional(),
114
+ /** Privacy-enhanced: protects personal information */
115
+ privacyEnhanced: TrustworthinessCharacteristicSchema.optional(),
116
+ /** Fair: avoids bias and discrimination */
117
+ fair: TrustworthinessCharacteristicSchema.optional()
118
+ });
119
+ var ClassificationSchema = import_zod.z.object({
120
+ /** Primary AIGRC risk level */
121
+ riskLevel: import_zod.z.enum(["minimal", "limited", "high", "unacceptable"]),
122
+ /** Risk factors that influenced the classification */
123
+ riskFactors: RiskFactorsSchema,
124
+ /** EU AI Act specific classification (legacy, prefer jurisdictions) */
125
+ euAiAct: import_zod.z.object({
126
+ category: import_zod.z.string(),
127
+ transparencyRequired: import_zod.z.boolean().default(false)
128
+ }).optional(),
129
+ /** Required artifacts based on classification */
130
+ requiredArtifacts: import_zod.z.array(
131
+ import_zod.z.object({
132
+ type: import_zod.z.string(),
133
+ status: import_zod.z.enum(["pending", "complete", "not_applicable"]),
134
+ path: import_zod.z.string().optional()
135
+ })
136
+ ).optional(),
137
+ /** Per-jurisdiction classifications for multi-jurisdiction compliance */
138
+ jurisdictions: import_zod.z.array(JurisdictionClassificationSchema).optional(),
139
+ /** NIST AI RMF trustworthiness characteristics */
140
+ trustworthiness: TrustworthinessSchema.optional()
141
+ });
142
+ var IntentSchema = import_zod.z.object({
143
+ linked: import_zod.z.boolean().default(false),
144
+ ticketSystem: import_zod.z.enum(["jira", "ado", "github", "gitlab"]).nullable().optional(),
145
+ ticketId: import_zod.z.string().nullable().optional(),
146
+ ticketUrl: import_zod.z.string().url().nullable().optional(),
147
+ businessJustification: import_zod.z.string().nullable().optional(),
148
+ riskTolerance: import_zod.z.enum(["low", "medium", "high"]).nullable().optional(),
149
+ importedAt: import_zod.z.string().datetime().nullable().optional()
150
+ });
151
+ var ApprovalSchema = import_zod.z.object({
152
+ role: import_zod.z.string(),
153
+ name: import_zod.z.string(),
154
+ email: import_zod.z.string().email().optional(),
155
+ date: import_zod.z.string(),
156
+ source: import_zod.z.string().optional()
157
+ });
158
+ var GovernanceSchema = import_zod.z.object({
159
+ status: import_zod.z.enum(["draft", "linked", "approved", "production", "deprecated", "revoked"]),
160
+ approvals: import_zod.z.array(ApprovalSchema).default([]),
161
+ deployment: import_zod.z.object({
162
+ environments: import_zod.z.array(import_zod.z.string()).default([]),
163
+ lastDeployed: import_zod.z.string().datetime().nullable().optional()
164
+ }).optional()
165
+ });
166
+ var ConstraintsSchema = import_zod.z.object({
167
+ runtime: import_zod.z.object({
168
+ maxIterations: import_zod.z.number().positive().optional(),
169
+ timeoutSeconds: import_zod.z.number().positive().optional(),
170
+ maxTokensPerRequest: import_zod.z.number().positive().optional(),
171
+ maxCostPerRequestUsd: import_zod.z.number().positive().optional()
172
+ }).optional(),
173
+ humanApprovalRequired: import_zod.z.array(import_zod.z.string()).optional(),
174
+ monitoring: import_zod.z.object({
175
+ logAllDecisions: import_zod.z.boolean().default(true),
176
+ logToolInvocations: import_zod.z.boolean().default(true)
177
+ }).optional()
178
+ });
179
+ var AssetCardSchema = import_zod.z.object({
180
+ $schema: import_zod.z.string().optional(),
181
+ id: import_zod.z.string().regex(/^aigrc-\d{4}-[a-f0-9]{8}$/),
182
+ name: import_zod.z.string().min(1).max(100),
183
+ description: import_zod.z.string().max(500).optional(),
184
+ version: import_zod.z.string().default("1.0.0"),
185
+ created: import_zod.z.string().datetime(),
186
+ updated: import_zod.z.string().datetime(),
187
+ ownership: import_zod.z.object({
188
+ owner: OwnerSchema,
189
+ team: import_zod.z.string().optional()
190
+ }),
191
+ technical: TechnicalSchema,
192
+ classification: ClassificationSchema,
193
+ intent: IntentSchema,
194
+ governance: GovernanceSchema,
195
+ constraints: ConstraintsSchema.optional()
196
+ });
197
+ // Annotate the CommonJS export names for ESM import in node:
198
+ 0 && (module.exports = {
199
+ ApprovalSchema,
200
+ AssetCardSchema,
201
+ ClassificationSchema,
202
+ ConstraintsSchema,
203
+ ControlStatusSchema,
204
+ GovernanceSchema,
205
+ IntentSchema,
206
+ JurisdictionClassificationSchema,
207
+ OwnerSchema,
208
+ RiskFactorsSchema,
209
+ TechnicalSchema,
210
+ TrustworthinessCharacteristicSchema,
211
+ TrustworthinessSchema
212
+ });
213
+ //# sourceMappingURL=index.js.map
package/dist/schemas/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../src/schemas/index.ts"],"sourcesContent":["import { z } from \"zod\";\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// OWNER SCHEMA\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const OwnerSchema = z.object({\r\n name: z.string().min(1),\r\n email: z.string().email(),\r\n team: z.string().optional(),\r\n});\r\n\r\nexport type Owner = z.infer<typeof OwnerSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// TECHNICAL SCHEMA\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const TechnicalSchema = z.object({\r\n type: z.enum([\"model\", \"agent\", \"api_client\", \"framework\", \"pipeline\"]),\r\n framework: z.string().optional(),\r\n frameworkVersion: z.string().optional(),\r\n components: z\r\n .array(\r\n z.object({\r\n type: z.string(),\r\n provider: z.string().optional(),\r\n model: z.string().optional(),\r\n })\r\n )\r\n .optional(),\r\n sourceFiles: z.array(z.string()).optional(),\r\n});\r\n\r\nexport type Technical = z.infer<typeof TechnicalSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// RISK FACTORS SCHEMA\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const RiskFactorsSchema = z.object({\r\n autonomousDecisions: z.boolean().default(false),\r\n customerFacing: z.boolean().default(false),\r\n toolExecution: z.boolean().default(false),\r\n externalDataAccess: z.boolean().default(false),\r\n piiProcessing: z.enum([\"yes\", \"no\", \"unknown\"]).default(\"unknown\"),\r\n highStakesDecisions: z.boolean().default(false),\r\n});\r\n\r\nexport type RiskFactors = z.infer<typeof RiskFactorsSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// JURISDICTION CLASSIFICATION SCHEMA\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const ControlStatusSchema = z.object({\r\n controlId: z.string(),\r\n status: z.enum([\"implemented\", \"partial\", \"not_implemented\", \"not_applicable\"]),\r\n evidence: z.string().optional(),\r\n notes: z.string().optional(),\r\n lastUpdated: z.string().datetime().optional(),\r\n});\r\n\r\nexport type ControlStatus = z.infer<typeof ControlStatusSchema>;\r\n\r\nexport const JurisdictionClassificationSchema = z.object({\r\n /** Profile/jurisdiction ID (e.g., \"eu-ai-act\", \"us-omb-m24\") */\r\n jurisdictionId: z.string(),\r\n /** Risk level mapped to this jurisdiction's terminology */\r\n riskLevel: z.string(),\r\n /** Jurisdiction-specific category (e.g., EU AI Act category) */\r\n category: z.string().optional(),\r\n /** Status of controls for this jurisdiction */\r\n controlStatuses: z.array(ControlStatusSchema).optional(),\r\n /** Required artifacts for this jurisdiction */\r\n requiredArtifacts: z\r\n .array(\r\n z.object({\r\n artifactId: z.string(),\r\n status: z.enum([\"pending\", \"complete\", \"not_applicable\"]),\r\n path: z.string().optional(),\r\n })\r\n )\r\n .optional(),\r\n /** Last compliance check date */\r\n lastChecked: z.string().datetime().optional(),\r\n /** Compliance percentage for this jurisdiction */\r\n compliancePercentage: z.number().min(0).max(100).optional(),\r\n});\r\n\r\nexport type JurisdictionClassification = z.infer<typeof JurisdictionClassificationSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// TRUSTWORTHINESS CHARACTERISTICS SCHEMA (NIST AI RMF)\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const TrustworthinessCharacteristicSchema = z.object({\r\n score: z.number().min(0).max(100).optional(),\r\n notes: z.string().optional(),\r\n lastAssessed: z.string().datetime().optional(),\r\n assessedBy: z.string().optional(),\r\n});\r\n\r\nexport type TrustworthinessCharacteristic = z.infer<typeof TrustworthinessCharacteristicSchema>;\r\n\r\nexport const TrustworthinessSchema = z.object({\r\n /** Valid and reliable: produces accurate, consistent results */\r\n valid: TrustworthinessCharacteristicSchema.optional(),\r\n reliable: TrustworthinessCharacteristicSchema.optional(),\r\n /** Safe: minimizes harm and risk */\r\n safe: TrustworthinessCharacteristicSchema.optional(),\r\n /** Secure: protected against threats */\r\n secure: TrustworthinessCharacteristicSchema.optional(),\r\n /** Accountable: clear responsibility and oversight */\r\n accountable: TrustworthinessCharacteristicSchema.optional(),\r\n /** Transparent: understandable and open about limitations */\r\n transparent: TrustworthinessCharacteristicSchema.optional(),\r\n /** Explainable: decisions can be understood */\r\n explainable: TrustworthinessCharacteristicSchema.optional(),\r\n /** Privacy-enhanced: protects personal information */\r\n privacyEnhanced: TrustworthinessCharacteristicSchema.optional(),\r\n /** Fair: avoids bias and discrimination */\r\n fair: TrustworthinessCharacteristicSchema.optional(),\r\n});\r\n\r\nexport type Trustworthiness = z.infer<typeof TrustworthinessSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// CLASSIFICATION SCHEMA\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const ClassificationSchema = z.object({\r\n /** Primary AIGRC risk level */\r\n riskLevel: z.enum([\"minimal\", \"limited\", \"high\", \"unacceptable\"]),\r\n /** Risk factors that influenced the classification */\r\n riskFactors: RiskFactorsSchema,\r\n /** EU AI Act specific classification (legacy, prefer jurisdictions) */\r\n euAiAct: z\r\n .object({\r\n category: z.string(),\r\n transparencyRequired: z.boolean().default(false),\r\n })\r\n .optional(),\r\n /** Required artifacts based on classification */\r\n requiredArtifacts: z\r\n .array(\r\n z.object({\r\n type: z.string(),\r\n status: z.enum([\"pending\", \"complete\", \"not_applicable\"]),\r\n path: z.string().optional(),\r\n })\r\n )\r\n .optional(),\r\n /** Per-jurisdiction classifications for multi-jurisdiction compliance */\r\n jurisdictions: z.array(JurisdictionClassificationSchema).optional(),\r\n /** NIST AI RMF trustworthiness characteristics */\r\n trustworthiness: TrustworthinessSchema.optional(),\r\n});\r\n\r\nexport type Classification = z.infer<typeof ClassificationSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// INTENT SCHEMA (Golden Thread)\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const IntentSchema = z.object({\r\n linked: z.boolean().default(false),\r\n ticketSystem: z.enum([\"jira\", \"ado\", \"github\", \"gitlab\"]).nullable().optional(),\r\n ticketId: z.string().nullable().optional(),\r\n ticketUrl: z.string().url().nullable().optional(),\r\n businessJustification: z.string().nullable().optional(),\r\n riskTolerance: z.enum([\"low\", \"medium\", \"high\"]).nullable().optional(),\r\n importedAt: z.string().datetime().nullable().optional(),\r\n});\r\n\r\nexport type Intent = z.infer<typeof IntentSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// GOVERNANCE SCHEMA\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const ApprovalSchema = z.object({\r\n role: z.string(),\r\n name: z.string(),\r\n email: z.string().email().optional(),\r\n date: z.string(),\r\n source: z.string().optional(),\r\n});\r\n\r\nexport const GovernanceSchema = z.object({\r\n status: z.enum([\"draft\", \"linked\", \"approved\", \"production\", \"deprecated\", \"revoked\"]),\r\n approvals: z.array(ApprovalSchema).default([]),\r\n deployment: z\r\n .object({\r\n environments: z.array(z.string()).default([]),\r\n lastDeployed: z.string().datetime().nullable().optional(),\r\n })\r\n .optional(),\r\n});\r\n\r\nexport type Governance = z.infer<typeof GovernanceSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// CONSTRAINTS SCHEMA\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const ConstraintsSchema = z.object({\r\n runtime: z\r\n .object({\r\n maxIterations: z.number().positive().optional(),\r\n timeoutSeconds: z.number().positive().optional(),\r\n maxTokensPerRequest: z.number().positive().optional(),\r\n maxCostPerRequestUsd: z.number().positive().optional(),\r\n })\r\n .optional(),\r\n humanApprovalRequired: z.array(z.string()).optional(),\r\n monitoring: z\r\n .object({\r\n logAllDecisions: z.boolean().default(true),\r\n logToolInvocations: z.boolean().default(true),\r\n })\r\n .optional(),\r\n});\r\n\r\nexport type Constraints = z.infer<typeof ConstraintsSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// ASSET CARD SCHEMA (Main Schema)\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const AssetCardSchema = z.object({\r\n $schema: z.string().optional(),\r\n id: z.string().regex(/^aigrc-\\d{4}-[a-f0-9]{8}$/),\r\n name: z.string().min(1).max(100),\r\n description: z.string().max(500).optional(),\r\n version: z.string().default(\"1.0.0\"),\r\n created: z.string().datetime(),\r\n updated: z.string().datetime(),\r\n ownership: z.object({\r\n owner: OwnerSchema,\r\n team: z.string().optional(),\r\n }),\r\n technical: TechnicalSchema,\r\n classification: ClassificationSchema,\r\n intent: IntentSchema,\r\n governance: GovernanceSchema,\r\n constraints: ConstraintsSchema.optional(),\r\n});\r\n\r\nexport type AssetCard = z.infer<typeof AssetCardSchema>;"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,iBAAkB;AAMX,IAAM,cAAc,aAAE,OAAO;AAAA,EAClC,MAAM,aAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACtB,OAAO,aAAE,OAAO,EAAE,MAAM;AAAA,EACxB,MAAM,aAAE,OAAO,EAAE,SAAS;AAC5B,CAAC;AAQM,IAAM,kBAAkB,aAAE,OAAO;AAAA,EACtC,MAAM,aAAE,KAAK,CAAC,SAAS,SAAS,cAAc,aAAa,UAAU,CAAC;AAAA,EACtE,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,kBAAkB,aAAE,OAAO,EAAE,SAAS;AAAA,EACtC,YAAY,aACT;AAAA,IACC,aAAE,OAAO;AAAA,MACP,MAAM,aAAE,OAAO;AAAA,MACf,UAAU,aAAE,OAAO,EAAE,SAAS;AAAA,MAC9B,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA,IAC7B,CAAC;AAAA,EACH,EACC,SAAS;AAAA,EACZ,aAAa,aAAE,MAAM,aAAE,OAAO,CAAC,EAAE,SAAS;AAC5C,CAAC;AAQM,IAAM,oBAAoB,aAAE,OAAO;AAAA,EACxC,qBAAqB,aAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EAC9C,gBAAgB,aAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACzC,eAAe,aAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACxC,oBAAoB,aAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EAC7C,eAAe,aAAE,KAAK,CAAC,OAAO,MAAM,SAAS,CAAC,EAAE,QAAQ,SAAS;AAAA,EACjE,qBAAqB,aAAE,QAAQ,EAAE,QAAQ,KAAK;AAChD,CAAC;AAQM,IAAM,sBAAsB,aAAE,OAAO;AAAA,EAC1C,WAAW,aAAE,OAAO;AAAA,EACpB,QAAQ,aAAE,KAAK,CAAC,eAAe,WAAW,mBAAmB,gBAAgB,CAAC;AAAA,EAC9E,UAAU,aAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,aAAa,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAC9C,CAAC;AAIM,IAAM,mCAAmC,aAAE,OAAO;AAAA;AAAA,EAEvD,gBAAgB,aAAE,OAAO;AAAA;AAAA,EAEzB,WAAW,aAAE,OAAO;AAAA;AAAA,EAEpB,UAAU,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE9B,iBAAiB,aAAE,MAAM,mBAAmB,EAAE,SAAS;AAAA;AAAA,EAEvD,mBAAmB,aAChB;AAAA,IACC,aAAE,OAAO;AAAA,MACP,YAAY,aAAE,OAAO;AAAA,MACrB,QAAQ,aAAE,KAAK,CAAC,WAAW,YAAY,gBAAgB,CAAC;AAAA,MACxD,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA,IAC5B,CAAC;AAAA,EACH,EACC,SAAS;AAAA;AAAA,EAEZ,aAAa,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA;AAAA,EAE5C,sBAAsB,aAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS;AAC5D,CAAC;AAQM,IAAM,sCAAsC,aAAE,OAAO;AAAA,EAC1D,OAAO,aAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,EAC3C,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,cAAc,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC7C,YAAY,aAAE,OAAO,EAAE,SAAS;AAClC,CAAC;AAIM,IAAM,wBAAwB,aAAE,OAAO;AAAA;AAAA,EAE5C,OAAO,oCAAoC,SAAS;AAAA,EACpD,UAAU,oCAAoC,SAAS;AAAA;AAAA,EAEvD,MAAM,oCAAoC,SAAS;AAAA;AAAA,EAEnD,QAAQ,oCAAoC,SAAS;AAAA;AAAA,EAErD,aAAa,oCAAoC,SAAS;AAAA;AAAA,EAE1D,aAAa,oCAAoC,SAAS;AAAA;AAAA,EAE1D,aAAa,oCAAoC,SAAS;AAAA;AAAA,EAE1D,iBAAiB,oCAAoC,SAAS;AAAA;AAAA,EAE9D,MAAM,oCAAoC,SAAS;AACrD,CAAC;AAQM,IAAM,uBAAuB,aAAE,OAAO;AAAA;AAAA,EAE3C,WAAW,aAAE,KAAK,CAAC,WAAW,WAAW,QAAQ,cAAc,CAAC;AAAA;AAAA,EAEhE,aAAa;AAAA;AAAA,EAEb,SAAS,aACN,OAAO;AAAA,IACN,UAAU,aAAE,OAAO;AAAA,IACnB,sBAAsB,aAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACjD,CAAC,EACA,SAAS;AAAA;AAAA,EAEZ,mBAAmB,aAChB;AAAA,IACC,aAAE,OAAO;AAAA,MACP,MAAM,aAAE,OAAO;AAAA,MACf,QAAQ,aAAE,KAAK,CAAC,WAAW,YAAY,gBAAgB,CAAC;AAAA,MACxD,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA,IAC5B,CAAC;AAAA,EACH,EACC,SAAS;AAAA;AAAA,EAEZ,eAAe,aAAE,MAAM,gCAAgC,EAAE,SAAS;AAAA;AAAA,EAElE,iBAAiB,sBAAsB,SAAS;AAClD,CAAC;AAQM,IAAM,eAAe,aAAE,OAAO;AAAA,EACnC,QAAQ,aAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACjC,cAAc,aAAE,KAAK,CAAC,QAAQ,OAAO,UAAU,QAAQ,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EAC9E,UAAU,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACzC,WAAW,aAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EAChD,uBAAuB,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACtD,eAAe,aAAE,KAAK,CAAC,OAAO,UAAU,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACrE,YAAY,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;AACxD,CAAC;AAQM,IAAM,iBAAiB,aAAE,OAAO;AAAA,EACrC,MAAM,aAAE,OAAO;AAAA,EACf,MAAM,aAAE,OAAO;AAAA,EACf,OAAO,aAAE,OAAO,EAAE,MAAM,EAAE,SAAS;AAAA,EACnC,MAAM,aAAE,OAAO;AAAA,EACf,QAAQ,aAAE,OAAO,EAAE,SAAS;AAC9B,CAAC;AAEM,IAAM,mBAAmB,aAAE,OAAO;AAAA,EACvC,QAAQ,aAAE,KAAK,CAAC,SAAS,UAAU,YAAY,cAAc,cAAc,SAAS,CAAC;AAAA,EACrF,WAAW,aAAE,MAAM,cAAc,EAAE,QAAQ,CAAC,CAAC;AAAA,EAC7C,YAAY,aACT,OAAO;AAAA,IACN,cAAc,aAAE,MAAM,aAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC;AAAA,IAC5C,cAAc,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1D,CAAC,EACA,SAAS;AACd,CAAC;AAQM,IAAM,oBAAoB,aAAE,OAAO;AAAA,EACxC,SAAS,aACN,OAAO;AAAA,IACN,eAAe,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9C,gBAAgB,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC/C,qBAAqB,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IACpD,sBAAsB,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACvD,CAAC,EACA,SAAS;AAAA,EACZ,uBAAuB,aAAE,MAAM,aAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EACpD,YAAY,aACT,OAAO;AAAA,IACN,iBAAiB,aAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,IACzC,oBAAoB,aAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,EAC9C,CAAC,EACA,SAAS;AACd,CAAC;AAQM,IAAM,kBAAkB,aAAE,OAAO;AAAA,EACtC,SAAS,aAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,IAAI,aAAE,OAAO,EAAE,MAAM,2BAA2B;AAAA,EAChD,MAAM,aAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EAC/B,aAAa,aAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,EAC1C,SAAS,aAAE,OAAO,EAAE,QAAQ,OAAO;AAAA,EACnC,SAAS,aAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,SAAS,aAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,WAAW,aAAE,OAAO;AAAA,IAClB,OAAO;AAAA,IACP,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,CAAC;AAAA,EACD,WAAW;AAAA,EACX,gBAAgB;AAAA,EAChB,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,aAAa,kBAAkB,SAAS;AAC1C,CAAC;","names":[]}
package/dist/schemas/index.mjs ADDED
@@ -0,0 +1,176 @@
1
+ // src/schemas/index.ts
2
+ import { z } from "zod";
3
+ var OwnerSchema = z.object({
4
+ name: z.string().min(1),
5
+ email: z.string().email(),
6
+ team: z.string().optional()
7
+ });
8
+ var TechnicalSchema = z.object({
9
+ type: z.enum(["model", "agent", "api_client", "framework", "pipeline"]),
10
+ framework: z.string().optional(),
11
+ frameworkVersion: z.string().optional(),
12
+ components: z.array(
13
+ z.object({
14
+ type: z.string(),
15
+ provider: z.string().optional(),
16
+ model: z.string().optional()
17
+ })
18
+ ).optional(),
19
+ sourceFiles: z.array(z.string()).optional()
20
+ });
21
+ var RiskFactorsSchema = z.object({
22
+ autonomousDecisions: z.boolean().default(false),
23
+ customerFacing: z.boolean().default(false),
24
+ toolExecution: z.boolean().default(false),
25
+ externalDataAccess: z.boolean().default(false),
26
+ piiProcessing: z.enum(["yes", "no", "unknown"]).default("unknown"),
27
+ highStakesDecisions: z.boolean().default(false)
28
+ });
29
+ var ControlStatusSchema = z.object({
30
+ controlId: z.string(),
31
+ status: z.enum(["implemented", "partial", "not_implemented", "not_applicable"]),
32
+ evidence: z.string().optional(),
33
+ notes: z.string().optional(),
34
+ lastUpdated: z.string().datetime().optional()
35
+ });
36
+ var JurisdictionClassificationSchema = z.object({
37
+ /** Profile/jurisdiction ID (e.g., "eu-ai-act", "us-omb-m24") */
38
+ jurisdictionId: z.string(),
39
+ /** Risk level mapped to this jurisdiction's terminology */
40
+ riskLevel: z.string(),
41
+ /** Jurisdiction-specific category (e.g., EU AI Act category) */
42
+ category: z.string().optional(),
43
+ /** Status of controls for this jurisdiction */
44
+ controlStatuses: z.array(ControlStatusSchema).optional(),
45
+ /** Required artifacts for this jurisdiction */
46
+ requiredArtifacts: z.array(
47
+ z.object({
48
+ artifactId: z.string(),
49
+ status: z.enum(["pending", "complete", "not_applicable"]),
50
+ path: z.string().optional()
51
+ })
52
+ ).optional(),
53
+ /** Last compliance check date */
54
+ lastChecked: z.string().datetime().optional(),
55
+ /** Compliance percentage for this jurisdiction */
56
+ compliancePercentage: z.number().min(0).max(100).optional()
57
+ });
58
+ var TrustworthinessCharacteristicSchema = z.object({
59
+ score: z.number().min(0).max(100).optional(),
60
+ notes: z.string().optional(),
61
+ lastAssessed: z.string().datetime().optional(),
62
+ assessedBy: z.string().optional()
63
+ });
64
+ var TrustworthinessSchema = z.object({
65
+ /** Valid and reliable: produces accurate, consistent results */
66
+ valid: TrustworthinessCharacteristicSchema.optional(),
67
+ reliable: TrustworthinessCharacteristicSchema.optional(),
68
+ /** Safe: minimizes harm and risk */
69
+ safe: TrustworthinessCharacteristicSchema.optional(),
70
+ /** Secure: protected against threats */
71
+ secure: TrustworthinessCharacteristicSchema.optional(),
72
+ /** Accountable: clear responsibility and oversight */
73
+ accountable: TrustworthinessCharacteristicSchema.optional(),
74
+ /** Transparent: understandable and open about limitations */
75
+ transparent: TrustworthinessCharacteristicSchema.optional(),
76
+ /** Explainable: decisions can be understood */
77
+ explainable: TrustworthinessCharacteristicSchema.optional(),
78
+ /** Privacy-enhanced: protects personal information */
79
+ privacyEnhanced: TrustworthinessCharacteristicSchema.optional(),
80
+ /** Fair: avoids bias and discrimination */
81
+ fair: TrustworthinessCharacteristicSchema.optional()
82
+ });
83
+ var ClassificationSchema = z.object({
84
+ /** Primary AIGRC risk level */
85
+ riskLevel: z.enum(["minimal", "limited", "high", "unacceptable"]),
86
+ /** Risk factors that influenced the classification */
87
+ riskFactors: RiskFactorsSchema,
88
+ /** EU AI Act specific classification (legacy, prefer jurisdictions) */
89
+ euAiAct: z.object({
90
+ category: z.string(),
91
+ transparencyRequired: z.boolean().default(false)
92
+ }).optional(),
93
+ /** Required artifacts based on classification */
94
+ requiredArtifacts: z.array(
95
+ z.object({
96
+ type: z.string(),
97
+ status: z.enum(["pending", "complete", "not_applicable"]),
98
+ path: z.string().optional()
99
+ })
100
+ ).optional(),
101
+ /** Per-jurisdiction classifications for multi-jurisdiction compliance */
102
+ jurisdictions: z.array(JurisdictionClassificationSchema).optional(),
103
+ /** NIST AI RMF trustworthiness characteristics */
104
+ trustworthiness: TrustworthinessSchema.optional()
105
+ });
106
+ var IntentSchema = z.object({
107
+ linked: z.boolean().default(false),
108
+ ticketSystem: z.enum(["jira", "ado", "github", "gitlab"]).nullable().optional(),
109
+ ticketId: z.string().nullable().optional(),
110
+ ticketUrl: z.string().url().nullable().optional(),
111
+ businessJustification: z.string().nullable().optional(),
112
+ riskTolerance: z.enum(["low", "medium", "high"]).nullable().optional(),
113
+ importedAt: z.string().datetime().nullable().optional()
114
+ });
115
+ var ApprovalSchema = z.object({
116
+ role: z.string(),
117
+ name: z.string(),
118
+ email: z.string().email().optional(),
119
+ date: z.string(),
120
+ source: z.string().optional()
121
+ });
122
+ var GovernanceSchema = z.object({
123
+ status: z.enum(["draft", "linked", "approved", "production", "deprecated", "revoked"]),
124
+ approvals: z.array(ApprovalSchema).default([]),
125
+ deployment: z.object({
126
+ environments: z.array(z.string()).default([]),
127
+ lastDeployed: z.string().datetime().nullable().optional()
128
+ }).optional()
129
+ });
130
+ var ConstraintsSchema = z.object({
131
+ runtime: z.object({
132
+ maxIterations: z.number().positive().optional(),
133
+ timeoutSeconds: z.number().positive().optional(),
134
+ maxTokensPerRequest: z.number().positive().optional(),
135
+ maxCostPerRequestUsd: z.number().positive().optional()
136
+ }).optional(),
137
+ humanApprovalRequired: z.array(z.string()).optional(),
138
+ monitoring: z.object({
139
+ logAllDecisions: z.boolean().default(true),
140
+ logToolInvocations: z.boolean().default(true)
141
+ }).optional()
142
+ });
143
+ var AssetCardSchema = z.object({
144
+ $schema: z.string().optional(),
145
+ id: z.string().regex(/^aigrc-\d{4}-[a-f0-9]{8}$/),
146
+ name: z.string().min(1).max(100),
147
+ description: z.string().max(500).optional(),
148
+ version: z.string().default("1.0.0"),
149
+ created: z.string().datetime(),
150
+ updated: z.string().datetime(),
151
+ ownership: z.object({
152
+ owner: OwnerSchema,
153
+ team: z.string().optional()
154
+ }),
155
+ technical: TechnicalSchema,
156
+ classification: ClassificationSchema,
157
+ intent: IntentSchema,
158
+ governance: GovernanceSchema,
159
+ constraints: ConstraintsSchema.optional()
160
+ });
161
+ export {
162
+ ApprovalSchema,
163
+ AssetCardSchema,
164
+ ClassificationSchema,
165
+ ConstraintsSchema,
166
+ ControlStatusSchema,
167
+ GovernanceSchema,
168
+ IntentSchema,
169
+ JurisdictionClassificationSchema,
170
+ OwnerSchema,
171
+ RiskFactorsSchema,
172
+ TechnicalSchema,
173
+ TrustworthinessCharacteristicSchema,
174
+ TrustworthinessSchema
175
+ };
176
+ //# sourceMappingURL=index.mjs.map
package/dist/schemas/index.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../src/schemas/index.ts"],"sourcesContent":["import { z } from \"zod\";\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// OWNER SCHEMA\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const OwnerSchema = z.object({\r\n name: z.string().min(1),\r\n email: z.string().email(),\r\n team: z.string().optional(),\r\n});\r\n\r\nexport type Owner = z.infer<typeof OwnerSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// TECHNICAL SCHEMA\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const TechnicalSchema = z.object({\r\n type: z.enum([\"model\", \"agent\", \"api_client\", \"framework\", \"pipeline\"]),\r\n framework: z.string().optional(),\r\n frameworkVersion: z.string().optional(),\r\n components: z\r\n .array(\r\n z.object({\r\n type: z.string(),\r\n provider: z.string().optional(),\r\n model: z.string().optional(),\r\n })\r\n )\r\n .optional(),\r\n sourceFiles: z.array(z.string()).optional(),\r\n});\r\n\r\nexport type Technical = z.infer<typeof TechnicalSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// RISK FACTORS SCHEMA\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const RiskFactorsSchema = z.object({\r\n autonomousDecisions: z.boolean().default(false),\r\n customerFacing: z.boolean().default(false),\r\n toolExecution: z.boolean().default(false),\r\n externalDataAccess: z.boolean().default(false),\r\n piiProcessing: z.enum([\"yes\", \"no\", \"unknown\"]).default(\"unknown\"),\r\n highStakesDecisions: z.boolean().default(false),\r\n});\r\n\r\nexport type RiskFactors = z.infer<typeof RiskFactorsSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// JURISDICTION CLASSIFICATION SCHEMA\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const ControlStatusSchema = z.object({\r\n controlId: z.string(),\r\n status: z.enum([\"implemented\", \"partial\", \"not_implemented\", \"not_applicable\"]),\r\n evidence: z.string().optional(),\r\n notes: z.string().optional(),\r\n lastUpdated: z.string().datetime().optional(),\r\n});\r\n\r\nexport type ControlStatus = z.infer<typeof ControlStatusSchema>;\r\n\r\nexport const JurisdictionClassificationSchema = z.object({\r\n /** Profile/jurisdiction ID (e.g., \"eu-ai-act\", \"us-omb-m24\") */\r\n jurisdictionId: z.string(),\r\n /** Risk level mapped to this jurisdiction's terminology */\r\n riskLevel: z.string(),\r\n /** Jurisdiction-specific category (e.g., EU AI Act category) */\r\n category: z.string().optional(),\r\n /** Status of controls for this jurisdiction */\r\n controlStatuses: z.array(ControlStatusSchema).optional(),\r\n /** Required artifacts for this jurisdiction */\r\n requiredArtifacts: z\r\n .array(\r\n z.object({\r\n artifactId: z.string(),\r\n status: z.enum([\"pending\", \"complete\", \"not_applicable\"]),\r\n path: z.string().optional(),\r\n })\r\n )\r\n .optional(),\r\n /** Last compliance check date */\r\n lastChecked: z.string().datetime().optional(),\r\n /** Compliance percentage for this jurisdiction */\r\n compliancePercentage: z.number().min(0).max(100).optional(),\r\n});\r\n\r\nexport type JurisdictionClassification = z.infer<typeof JurisdictionClassificationSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// TRUSTWORTHINESS CHARACTERISTICS SCHEMA (NIST AI RMF)\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const TrustworthinessCharacteristicSchema = z.object({\r\n score: z.number().min(0).max(100).optional(),\r\n notes: z.string().optional(),\r\n lastAssessed: z.string().datetime().optional(),\r\n assessedBy: z.string().optional(),\r\n});\r\n\r\nexport type TrustworthinessCharacteristic = z.infer<typeof TrustworthinessCharacteristicSchema>;\r\n\r\nexport const TrustworthinessSchema = z.object({\r\n /** Valid and reliable: produces accurate, consistent results */\r\n valid: TrustworthinessCharacteristicSchema.optional(),\r\n reliable: TrustworthinessCharacteristicSchema.optional(),\r\n /** Safe: minimizes harm and risk */\r\n safe: TrustworthinessCharacteristicSchema.optional(),\r\n /** Secure: protected against threats */\r\n secure: TrustworthinessCharacteristicSchema.optional(),\r\n /** Accountable: clear responsibility and oversight */\r\n accountable: TrustworthinessCharacteristicSchema.optional(),\r\n /** Transparent: understandable and open about limitations */\r\n transparent: TrustworthinessCharacteristicSchema.optional(),\r\n /** Explainable: decisions can be understood */\r\n explainable: TrustworthinessCharacteristicSchema.optional(),\r\n /** Privacy-enhanced: protects personal information */\r\n privacyEnhanced: TrustworthinessCharacteristicSchema.optional(),\r\n /** Fair: avoids bias and discrimination */\r\n fair: TrustworthinessCharacteristicSchema.optional(),\r\n});\r\n\r\nexport type Trustworthiness = z.infer<typeof TrustworthinessSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// CLASSIFICATION SCHEMA\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const ClassificationSchema = z.object({\r\n /** Primary AIGRC risk level */\r\n riskLevel: z.enum([\"minimal\", \"limited\", \"high\", \"unacceptable\"]),\r\n /** Risk factors that influenced the classification */\r\n riskFactors: RiskFactorsSchema,\r\n /** EU AI Act specific classification (legacy, prefer jurisdictions) */\r\n euAiAct: z\r\n .object({\r\n category: z.string(),\r\n transparencyRequired: z.boolean().default(false),\r\n })\r\n .optional(),\r\n /** Required artifacts based on classification */\r\n requiredArtifacts: z\r\n .array(\r\n z.object({\r\n type: z.string(),\r\n status: z.enum([\"pending\", \"complete\", \"not_applicable\"]),\r\n path: z.string().optional(),\r\n })\r\n )\r\n .optional(),\r\n /** Per-jurisdiction classifications for multi-jurisdiction compliance */\r\n jurisdictions: z.array(JurisdictionClassificationSchema).optional(),\r\n /** NIST AI RMF trustworthiness characteristics */\r\n trustworthiness: TrustworthinessSchema.optional(),\r\n});\r\n\r\nexport type Classification = z.infer<typeof ClassificationSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// INTENT SCHEMA (Golden Thread)\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const IntentSchema = z.object({\r\n linked: z.boolean().default(false),\r\n ticketSystem: z.enum([\"jira\", \"ado\", \"github\", \"gitlab\"]).nullable().optional(),\r\n ticketId: z.string().nullable().optional(),\r\n ticketUrl: z.string().url().nullable().optional(),\r\n businessJustification: z.string().nullable().optional(),\r\n riskTolerance: z.enum([\"low\", \"medium\", \"high\"]).nullable().optional(),\r\n importedAt: z.string().datetime().nullable().optional(),\r\n});\r\n\r\nexport type Intent = z.infer<typeof IntentSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// GOVERNANCE SCHEMA\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const ApprovalSchema = z.object({\r\n role: z.string(),\r\n name: z.string(),\r\n email: z.string().email().optional(),\r\n date: z.string(),\r\n source: z.string().optional(),\r\n});\r\n\r\nexport const GovernanceSchema = z.object({\r\n status: z.enum([\"draft\", \"linked\", \"approved\", \"production\", \"deprecated\", \"revoked\"]),\r\n approvals: z.array(ApprovalSchema).default([]),\r\n deployment: z\r\n .object({\r\n environments: z.array(z.string()).default([]),\r\n lastDeployed: z.string().datetime().nullable().optional(),\r\n })\r\n .optional(),\r\n});\r\n\r\nexport type Governance = z.infer<typeof GovernanceSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// CONSTRAINTS SCHEMA\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const ConstraintsSchema = z.object({\r\n runtime: z\r\n .object({\r\n maxIterations: z.number().positive().optional(),\r\n timeoutSeconds: z.number().positive().optional(),\r\n maxTokensPerRequest: z.number().positive().optional(),\r\n maxCostPerRequestUsd: z.number().positive().optional(),\r\n })\r\n .optional(),\r\n humanApprovalRequired: z.array(z.string()).optional(),\r\n monitoring: z\r\n .object({\r\n logAllDecisions: z.boolean().default(true),\r\n logToolInvocations: z.boolean().default(true),\r\n })\r\n .optional(),\r\n});\r\n\r\nexport type Constraints = z.infer<typeof ConstraintsSchema>;\r\n\r\n// ─────────────────────────────────────────────────────────────────\r\n// ASSET CARD SCHEMA (Main Schema)\r\n// ─────────────────────────────────────────────────────────────────\r\n\r\nexport const AssetCardSchema = z.object({\r\n $schema: z.string().optional(),\r\n id: z.string().regex(/^aigrc-\\d{4}-[a-f0-9]{8}$/),\r\n name: z.string().min(1).max(100),\r\n description: z.string().max(500).optional(),\r\n version: z.string().default(\"1.0.0\"),\r\n created: z.string().datetime(),\r\n updated: z.string().datetime(),\r\n ownership: z.object({\r\n owner: OwnerSchema,\r\n team: z.string().optional(),\r\n }),\r\n technical: TechnicalSchema,\r\n classification: ClassificationSchema,\r\n intent: IntentSchema,\r\n governance: GovernanceSchema,\r\n constraints: ConstraintsSchema.optional(),\r\n});\r\n\r\nexport type AssetCard = z.infer<typeof AssetCardSchema>;"],"mappings":";AAAA,SAAS,SAAS;AAMX,IAAM,cAAc,EAAE,OAAO;AAAA,EAClC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACtB,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,EACxB,MAAM,EAAE,OAAO,EAAE,SAAS;AAC5B,CAAC;AAQM,IAAM,kBAAkB,EAAE,OAAO;AAAA,EACtC,MAAM,EAAE,KAAK,CAAC,SAAS,SAAS,cAAc,aAAa,UAAU,CAAC;AAAA,EACtE,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,kBAAkB,EAAE,OAAO,EAAE,SAAS;AAAA,EACtC,YAAY,EACT;AAAA,IACC,EAAE,OAAO;AAAA,MACP,MAAM,EAAE,OAAO;AAAA,MACf,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,MAC9B,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,IAC7B,CAAC;AAAA,EACH,EACC,SAAS;AAAA,EACZ,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAC5C,CAAC;AAQM,IAAM,oBAAoB,EAAE,OAAO;AAAA,EACxC,qBAAqB,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EAC9C,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACzC,eAAe,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACxC,oBAAoB,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EAC7C,eAAe,EAAE,KAAK,CAAC,OAAO,MAAM,SAAS,CAAC,EAAE,QAAQ,SAAS;AAAA,EACjE,qBAAqB,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAChD,CAAC;AAQM,IAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,WAAW,EAAE,OAAO;AAAA,EACpB,QAAQ,EAAE,KAAK,CAAC,eAAe,WAAW,mBAAmB,gBAAgB,CAAC;AAAA,EAC9E,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAC9C,CAAC;AAIM,IAAM,mCAAmC,EAAE,OAAO;AAAA;AAAA,EAEvD,gBAAgB,EAAE,OAAO;AAAA;AAAA,EAEzB,WAAW,EAAE,OAAO;AAAA;AAAA,EAEpB,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE9B,iBAAiB,EAAE,MAAM,mBAAmB,EAAE,SAAS;AAAA;AAAA,EAEvD,mBAAmB,EAChB;AAAA,IACC,EAAE,OAAO;AAAA,MACP,YAAY,EAAE,OAAO;AAAA,MACrB,QAAQ,EAAE,KAAK,CAAC,WAAW,YAAY,gBAAgB,CAAC;AAAA,MACxD,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,IAC5B,CAAC;AAAA,EACH,EACC,SAAS;AAAA;AAAA,EAEZ,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA;AAAA,EAE5C,sBAAsB,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS;AAC5D,CAAC;AAQM,IAAM,sCAAsC,EAAE,OAAO;AAAA,EAC1D,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,EAC3C,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,cAAc,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC7C,YAAY,EAAE,OAAO,EAAE,SAAS;AAClC,CAAC;AAIM,IAAM,wBAAwB,EAAE,OAAO;AAAA;AAAA,EAE5C,OAAO,oCAAoC,SAAS;AAAA,EACpD,UAAU,oCAAoC,SAAS;AAAA;AAAA,EAEvD,MAAM,oCAAoC,SAAS;AAAA;AAAA,EAEnD,QAAQ,oCAAoC,SAAS;AAAA;AAAA,EAErD,aAAa,oCAAoC,SAAS;AAAA;AAAA,EAE1D,aAAa,oCAAoC,SAAS;AAAA;AAAA,EAE1D,aAAa,oCAAoC,SAAS;AAAA;AAAA,EAE1D,iBAAiB,oCAAoC,SAAS;AAAA;AAAA,EAE9D,MAAM,oCAAoC,SAAS;AACrD,CAAC;AAQM,IAAM,uBAAuB,EAAE,OAAO;AAAA;AAAA,EAE3C,WAAW,EAAE,KAAK,CAAC,WAAW,WAAW,QAAQ,cAAc,CAAC;AAAA;AAAA,EAEhE,aAAa;AAAA;AAAA,EAEb,SAAS,EACN,OAAO;AAAA,IACN,UAAU,EAAE,OAAO;AAAA,IACnB,sBAAsB,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACjD,CAAC,EACA,SAAS;AAAA;AAAA,EAEZ,mBAAmB,EAChB;AAAA,IACC,EAAE,OAAO;AAAA,MACP,MAAM,EAAE,OAAO;AAAA,MACf,QAAQ,EAAE,KAAK,CAAC,WAAW,YAAY,gBAAgB,CAAC;AAAA,MACxD,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,IAC5B,CAAC;AAAA,EACH,EACC,SAAS;AAAA;AAAA,EAEZ,eAAe,EAAE,MAAM,gCAAgC,EAAE,SAAS;AAAA;AAAA,EAElE,iBAAiB,sBAAsB,SAAS;AAClD,CAAC;AAQM,IAAM,eAAe,EAAE,OAAO;AAAA,EACnC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACjC,cAAc,EAAE,KAAK,CAAC,QAAQ,OAAO,UAAU,QAAQ,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EAC9E,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACzC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EAChD,uBAAuB,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACtD,eAAe,EAAE,KAAK,CAAC,OAAO,UAAU,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACrE,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;AACxD,CAAC;AAQM,IAAM,iBAAiB,EAAE,OAAO;AAAA,EACrC,MAAM,EAAE,OAAO;AAAA,EACf,MAAM,EAAE,OAAO;AAAA,EACf,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS;AAAA,EACnC,MAAM,EAAE,OAAO;AAAA,EACf,QAAQ,EAAE,OAAO,EAAE,SAAS;AAC9B,CAAC;AAEM,IAAM,mBAAmB,EAAE,OAAO;AAAA,EACvC,QAAQ,EAAE,KAAK,CAAC,SAAS,UAAU,YAAY,cAAc,cAAc,SAAS,CAAC;AAAA,EACrF,WAAW,EAAE,MAAM,cAAc,EAAE,QAAQ,CAAC,CAAC;AAAA,EAC7C,YAAY,EACT,OAAO;AAAA,IACN,cAAc,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC;AAAA,IAC5C,cAAc,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1D,CAAC,EACA,SAAS;AACd,CAAC;AAQM,IAAM,oBAAoB,EAAE,OAAO;AAAA,EACxC,SAAS,EACN,OAAO;AAAA,IACN,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9C,gBAAgB,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC/C,qBAAqB,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IACpD,sBAAsB,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACvD,CAAC,EACA,SAAS;AAAA,EACZ,uBAAuB,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EACpD,YAAY,EACT,OAAO;AAAA,IACN,iBAAiB,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,IACzC,oBAAoB,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,EAC9C,CAAC,EACA,SAAS;AACd,CAAC;AAQM,IAAM,kBAAkB,EAAE,OAAO;AAAA,EACtC,SAAS,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,IAAI,EAAE,OAAO,EAAE,MAAM,2BAA2B;AAAA,EAChD,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EAC/B,aAAa,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,EAC1C,SAAS,EAAE,OAAO,EAAE,QAAQ,OAAO;AAAA,EACnC,SAAS,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,SAAS,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,WAAW,EAAE,OAAO;AAAA,IAClB,OAAO;AAAA,IACP,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,CAAC;AAAA,EACD,WAAW;AAAA,EACX,gBAAgB;AAAA,EAChB,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,aAAa,kBAAkB,SAAS;AAC1C,CAAC;","names":[]}
package/package.json ADDED
@@ -0,0 +1,69 @@
1
+ {
2
+ "name": "@aigrc/core",
3
+ "version": "0.1.0",
4
+ "description": "Core logic for AIGRC - schemas, validation, risk classification",
5
+ "license": "Apache-2.0",
6
+ "author": "AIGRC <contact@aigrc.dev>",
7
+ "homepage": "https://github.com/aigrc/aigrc#readme",
8
+ "repository": {
9
+ "type": "git",
10
+ "url": "git+https://github.com/aigrc/aigrc.git",
11
+ "directory": "packages/core"
12
+ },
13
+ "bugs": {
14
+ "url": "https://github.com/aigrc/aigrc/issues"
15
+ },
16
+ "keywords": [
17
+ "aigrc",
18
+ "ai-governance",
19
+ "risk-management",
20
+ "compliance",
21
+ "eu-ai-act",
22
+ "nist-ai-rmf",
23
+ "iso-42001",
24
+ "schemas",
25
+ "validation",
26
+ "zod"
27
+ ],
28
+ "engines": {
29
+ "node": ">=18.0.0"
30
+ },
31
+ "publishConfig": {
32
+ "access": "public"
33
+ },
34
+ "main": "./dist/index.js",
35
+ "module": "./dist/index.mjs",
36
+ "types": "./dist/index.d.ts",
37
+ "exports": {
38
+ ".": {
39
+ "types": "./dist/index.d.ts",
40
+ "import": "./dist/index.mjs",
41
+ "require": "./dist/index.js"
42
+ },
43
+ "./schemas": {
44
+ "types": "./dist/schemas/index.d.ts",
45
+ "import": "./dist/schemas/index.mjs",
46
+ "require": "./dist/schemas/index.js"
47
+ }
48
+ },
49
+ "files": ["dist"],
50
+ "scripts": {
51
+ "build": "tsup",
52
+ "dev": "tsup --watch",
53
+ "test": "vitest",
54
+ "typecheck": "tsc --noEmit",
55
+ "clean": "rimraf dist"
56
+ },
57
+ "dependencies": {
58
+ "yaml": "^2.3.4",
59
+ "zod": "^3.22.4",
60
+ "zod-to-json-schema": "^3.22.0"
61
+ },
62
+ "devDependencies": {
63
+ "@types/node": "^20.10.0",
64
+ "rimraf": "^5.0.0",
65
+ "tsup": "^8.0.1",
66
+ "typescript": "^5.3.0",
67
+ "vitest": "^1.0.0"
68
+ }
69
+ }