@baselineos/govern 1.0.0

package/dist/index.js

@@ -0,0 +1,1271 @@
+// src/system.ts
+import { randomUUID } from "crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { dirname } from "path";
+var BaselineGovernSystem = class {
+  persistPath;
+  state = {
+    initialized: false,
+    currentPolicies: /* @__PURE__ */ new Map(),
+    currentEvaluations: /* @__PURE__ */ new Map(),
+    approvalRequests: /* @__PURE__ */ new Map(),
+    auditTrail: [],
+    currentRisks: /* @__PURE__ */ new Map(),
+    currentPermissions: /* @__PURE__ */ new Map(),
+    currentCosts: /* @__PURE__ */ new Map(),
+    currentCompliance: /* @__PURE__ */ new Map(),
+    governanceHistory: []
+  };
+  policies;
+  approvals;
+  risk;
+  permissions;
+  costs;
+  compliance;
+  constructor(options = {}) {
+    this.persistPath = options.persistPath ?? ".baseline/govern/audit-trail.json";
+    this.policies = this.initializePolicies();
+    this.approvals = this.initializeApprovals();
+    this.risk = this.initializeRisk();
+    this.permissions = this.initializePermissions();
+    this.costs = this.initializeCosts();
+    this.compliance = this.initializeCompliance();
+    this.loadAuditTrail();
+    this.state.initialized = true;
+  }
+  initializePolicies() {
+    return {
+      create: async (name, content, options = {}) => {
+        const policy = {
+          id: `policy-${Date.now()}`,
+          name,
+          content,
+          created: /* @__PURE__ */ new Date(),
+          version: "1.0.0",
+          status: "draft",
+          severity: this.asSeverity(options.severity) ?? "medium",
+          enforcement: this.asEnforcement(options.enforcement) ?? "warn",
+          rules: this.parseRules(options.rules),
+          requireApproval: Boolean(options.requireApproval),
+          options
+        };
+        this.state.currentPolicies.set(policy.id, policy);
+        this.recordAudit("policy_created", "system", { policyId: policy.id, name: policy.name });
+        return { success: true, policy };
+      },
+      approve: async (policyId, approver) => {
+        const policy = this.state.currentPolicies.get(policyId);
+        if (policy) {
+          policy.status = "approved";
+          policy.approved = /* @__PURE__ */ new Date();
+          policy.approver = approver;
+          this.recordAudit("policy_approved", approver, { policyId: policy.id });
+          return { success: true, policy };
+        }
+        return this.fail("POLICY_NOT_FOUND", "Policy not found");
+      },
+      enforce: async (policyId, context) => {
+        const policy = this.state.currentPolicies.get(policyId);
+        if (!policy) {
+          return this.fail("POLICY_NOT_FOUND", "Policy not found");
+        }
+        if (policy.status !== "approved") {
+          return this.fail("POLICY_NOT_APPROVED", "Policy not approved");
+        }
+        const evaluation = this.evaluatePolicy(policy, context);
+        this.state.currentEvaluations.set(evaluation.id, evaluation);
+        this.recordAudit("policy_evaluated", "system", {
+          policyId,
+          passed: evaluation.passed,
+          enforcementAction: evaluation.enforcementAction,
+          violationCount: evaluation.violations.length
+        });
+        const resourceId = this.getContextValue(context, "resourceId") || this.getContextValue(context, "resource") || policyId;
+        const requestedBy = this.getContextValue(context, "requestedBy") || "system";
+        if (evaluation.requiresApproval) {
+          const approved = this.findApprovedRequest(policyId, String(resourceId));
+          if (!approved) {
+            const approval = this.createApprovalRequest(policyId, String(resourceId), String(requestedBy), policy.options);
+            return {
+              success: false,
+              policy,
+              evaluation: { ...evaluation, enforcementAction: "approval_required", passed: false },
+              approval,
+              evidence: this.getEvidenceBundle(policyId, String(resourceId)),
+              error: "Approval required before enforcement",
+              errorCode: "APPROVAL_REQUIRED"
+            };
+          }
+        }
+        if (!evaluation.passed) {
+          return {
+            success: false,
+            policy,
+            evaluation,
+            evidence: this.getEvidenceBundle(policyId, String(resourceId)),
+            error: "Policy enforcement blocked by violations",
+            errorCode: "POLICY_ENFORCEMENT_BLOCKED"
+          };
+        }
+        policy.status = "enforced";
+        this.recordAudit("policy_enforced", "system", {
+          policyId,
+          resourceId,
+          enforcementAction: evaluation.enforcementAction
+        });
+        return {
+          success: true,
+          policy,
+          evaluation,
+          evidence: this.getEvidenceBundle(policyId, String(resourceId)),
+          enforcement: {
+            id: `enforcement-${Date.now()}`,
+            policyId,
+            context,
+            enforced: /* @__PURE__ */ new Date(),
+            result: evaluation.enforcementAction
+          }
+        };
+      }
+    };
+  }
+  initializeApprovals() {
+    return {
+      request: async (policyId, resourceId, requestedBy, options = {}) => {
+        const approval = this.createApprovalRequest(policyId, resourceId, requestedBy, options);
+        return { success: true, approval };
+      },
+      review: async (requestId, approver, decision, options = {}) => {
+        const request = this.state.approvalRequests.get(requestId);
+        if (!request) {
+          return this.fail("APPROVAL_NOT_FOUND", "Approval request not found");
+        }
+        if (request.status !== "pending") {
+          return this.fail("APPROVAL_ALREADY_RESOLVED", `Approval request already ${request.status}`);
+        }
+        const note = typeof options.note === "string" ? options.note : void 0;
+        const now = /* @__PURE__ */ new Date();
+        if (decision === "approved") {
+          request.approvals.push({ approver, at: now, note });
+          const allRequiredApproved = request.requiredApprovers.every(
+            (required) => request.approvals.some((approval) => approval.approver === required)
+          );
+          if (allRequiredApproved) {
+            request.status = "approved";
+          }
+        } else {
+          request.rejections.push({ approver, at: now, note });
+          request.status = "rejected";
+        }
+        request.updatedAt = now;
+        this.recordAudit("approval_reviewed", approver, {
+          requestId,
+          policyId: request.policyId,
+          resourceId: request.resourceId,
+          decision,
+          status: request.status
+        });
+        return { success: true, approval: request };
+      },
+      get: (requestId) => {
+        const approval = this.state.approvalRequests.get(requestId);
+        if (!approval) {
+          return this.fail("APPROVAL_NOT_FOUND", "Approval request not found");
+        }
+        return { success: true, approval };
+      },
+      list: (policyId) => {
+        let approvals = Array.from(this.state.approvalRequests.values());
+        if (policyId) {
+          approvals = approvals.filter((approval) => approval.policyId === policyId);
+        }
+        return { success: true, approvals };
+      }
+    };
+  }
+  initializeRisk() {
+    return {
+      assess: async (context) => {
+        const assessment = {
+          id: `assessment-${Date.now()}`,
+          context,
+          riskLevel: this.calculateRiskLevel(context),
+          factors: this.identifyRiskFactors(),
+          recommendations: this.generateRiskRecommendations(),
+          assessed: /* @__PURE__ */ new Date()
+        };
+        this.state.currentRisks.set(assessment.id, assessment);
+        return { success: true, assessment };
+      },
+      mitigate: async (riskId, strategy) => {
+        const risk = this.state.currentRisks.get(riskId);
+        if (risk) {
+          risk.mitigation = { strategy, implemented: /* @__PURE__ */ new Date(), status: "implemented" };
+          return { success: true, assessment: risk };
+        }
+        return this.fail("RISK_NOT_FOUND", "Risk not found");
+      },
+      monitor: async (riskId) => {
+        const risk = this.state.currentRisks.get(riskId);
+        if (risk) {
+          return {
+            success: true,
+            monitoring: { id: `monitoring-${Date.now()}`, riskId, status: "monitoring", started: /* @__PURE__ */ new Date() }
+          };
+        }
+        return this.fail("RISK_NOT_FOUND", "Risk not found");
+      }
+    };
+  }
+  initializePermissions() {
+    return {
+      grant: async (subject, resource, action, options = {}) => {
+        const permission = {
+          id: `permission-${Date.now()}`,
+          subject,
+          resource,
+          action,
+          granted: /* @__PURE__ */ new Date(),
+          options
+        };
+        this.state.currentPermissions.set(permission.id, permission);
+        this.recordAudit("permission_granted", String(options.actor ?? "system"), {
+          permissionId: permission.id,
+          subject,
+          resource,
+          action
+        });
+        return { success: true, permission };
+      },
+      check: async (subject, resource, action) => {
+        const permissions = Array.from(this.state.currentPermissions.values());
+        const hasPermission = permissions.some(
+          (p) => p.subject === subject && p.resource === resource && p.action === action
+        );
+        return { success: true, data: { hasPermission } };
+      },
+      revoke: async (permissionId) => {
+        const permission = this.state.currentPermissions.get(permissionId);
+        if (permission) {
+          permission.revoked = /* @__PURE__ */ new Date();
+          permission.status = "revoked";
+          this.recordAudit("permission_revoked", "system", { permissionId });
+          return { success: true, permission };
+        }
+        return this.fail("PERMISSION_NOT_FOUND", "Permission not found");
+      }
+    };
+  }
+  initializeCosts() {
+    return {
+      track: async (resource, amount, options = {}) => {
+        const cost = {
+          id: `cost-${Date.now()}`,
+          resource,
+          amount,
+          tracked: /* @__PURE__ */ new Date(),
+          options
+        };
+        this.state.currentCosts.set(cost.id, cost);
+        this.recordAudit("cost_tracked", String(options.actor ?? "system"), {
+          costId: cost.id,
+          resource,
+          amount
+        });
+        return { success: true, cost };
+      },
+      analyze: async (timeframe) => {
+        const costs = Array.from(this.state.currentCosts.values());
+        return {
+          success: true,
+          analysis: {
+            id: `analysis-${Date.now()}`,
+            timeframe,
+            totalCost: costs.reduce((sum, c) => sum + c.amount, 0),
+            costBreakdown: this.breakdownCosts(costs),
+            analyzed: /* @__PURE__ */ new Date()
+          }
+        };
+      },
+      optimize: async (context) => {
+        return {
+          success: true,
+          optimization: {
+            id: `optimization-${Date.now()}`,
+            context,
+            recommendations: this.generateCostRecommendations(),
+            optimized: /* @__PURE__ */ new Date()
+          }
+        };
+      }
+    };
+  }
+  initializeCompliance() {
+    return {
+      check: async (standard, context) => {
+        const violations = this.identifyViolations(context);
+        const compliance = {
+          id: `compliance-${Date.now()}`,
+          standard,
+          context,
+          compliant: violations.length === 0,
+          violations,
+          checked: /* @__PURE__ */ new Date()
+        };
+        this.state.currentCompliance.set(compliance.id, compliance);
+        this.recordAudit("compliance_checked", "system", {
+          complianceId: compliance.id,
+          standard,
+          compliant: compliance.compliant,
+          violationCount: violations.length
+        });
+        return { success: true, compliance };
+      },
+      report: async (standard) => {
+        return {
+          success: true,
+          report: {
+            id: `report-${Date.now()}`,
+            standard,
+            summary: this.generateComplianceSummary(),
+            details: this.generateComplianceDetails(),
+            generated: /* @__PURE__ */ new Date()
+          }
+        };
+      },
+      remediate: async (violationId, action) => {
+        return {
+          success: true,
+          remediation: {
+            id: `remediation-${Date.now()}`,
+            violationId,
+            action,
+            implemented: /* @__PURE__ */ new Date(),
+            status: "implemented"
+          }
+        };
+      }
+    };
+  }
+  fail(code, message) {
+    return { success: false, error: message, errorCode: code };
+  }
+  // ─── Helper Methods ─────────────────────────────────────────────────
+  asSeverity(value) {
+    if (value === "low" || value === "medium" || value === "high" || value === "critical") {
+      return value;
+    }
+    return null;
+  }
+  asEnforcement(value) {
+    if (value === "advisory" || value === "warn" || value === "block") {
+      return value;
+    }
+    return null;
+  }
+  parseRules(rulesInput) {
+    if (!Array.isArray(rulesInput)) {
+      return [];
+    }
+    const parsed = [];
+    for (const item of rulesInput) {
+      if (!item || typeof item !== "object") {
+        continue;
+      }
+      const raw = item;
+      const condition = raw.condition;
+      if (!condition || typeof condition.field !== "string" || condition.field.trim().length === 0) {
+        continue;
+      }
+      const rule = {
+        id: typeof raw.id === "string" && raw.id.trim().length > 0 ? raw.id : randomUUID(),
+        name: typeof raw.name === "string" && raw.name.trim().length > 0 ? raw.name : "Unnamed Rule",
+        description: typeof raw.description === "string" ? raw.description : void 0,
+        severity: this.asSeverity(raw.severity) ?? "medium",
+        enforcement: this.asEnforcement(raw.enforcement) ?? "warn",
+        condition,
+        message: typeof raw.message === "string" ? raw.message : void 0
+      };
+      parsed.push(rule);
+    }
+    return parsed;
+  }
+  evaluatePolicy(policy, context) {
+    const violations = [];
+    for (const rule of policy.rules) {
+      if (this.matchesCondition(context, rule.condition)) {
+        violations.push({
+          ruleId: rule.id,
+          ruleName: rule.name,
+          severity: rule.severity,
+          enforcement: rule.enforcement,
+          message: rule.message ?? `Policy rule triggered: ${rule.name}`
+        });
+      }
+    }
+    const severityScore = violations.reduce((sum, violation) => sum + this.severityToWeight(violation.severity), 0);
+    const score = Math.max(0, 100 - severityScore * 10);
+    const hasBlocking = violations.some(
+      (violation) => violation.enforcement === "block" || violation.severity === "critical"
+    );
+    const hasWarning = violations.some((violation) => violation.enforcement === "warn");
+    return {
+      id: `evaluation-${Date.now()}-${Math.floor(Math.random() * 1e3)}`,
+      policyId: policy.id,
+      context,
+      passed: !hasBlocking,
+      score,
+      violations,
+      enforcementAction: hasBlocking ? "block" : hasWarning ? "warn" : "allow",
+      requiresApproval: policy.requireApproval,
+      evaluatedAt: /* @__PURE__ */ new Date()
+    };
+  }
+  matchesCondition(context, condition) {
+    const value = this.getContextValue(context, condition.field);
+    if (typeof condition.exists === "boolean") {
+      const exists = value !== void 0 && value !== null;
+      return condition.exists ? exists : !exists;
+    }
+    if (condition.equals !== void 0) {
+      return value === condition.equals;
+    }
+    if (condition.notEquals !== void 0) {
+      return value !== condition.notEquals;
+    }
+    if (condition.includes !== void 0) {
+      if (typeof value === "string") {
+        return value.includes(String(condition.includes));
+      }
+      if (Array.isArray(value)) {
+        return value.includes(condition.includes);
+      }
+      return false;
+    }
+    return false;
+  }
+  getContextValue(context, field) {
+    if (!context || typeof context !== "object") {
+      return void 0;
+    }
+    const source = context;
+    if (!field.includes(".")) {
+      return source[field];
+    }
+    const segments = field.split(".");
+    let current = source;
+    for (const segment of segments) {
+      if (!current || typeof current !== "object") {
+        return void 0;
+      }
+      current = current[segment];
+    }
+    return current;
+  }
+  severityToWeight(severity) {
+    switch (severity) {
+      case "critical":
+        return 4;
+      case "high":
+        return 3;
+      case "medium":
+        return 2;
+      case "low":
+      default:
+        return 1;
+    }
+  }
+  createApprovalRequest(policyId, resourceId, requestedBy, options = {}) {
+    const existing = Array.from(this.state.approvalRequests.values()).find(
+      (request2) => request2.policyId === policyId && request2.resourceId === resourceId && request2.status === "pending"
+    );
+    if (existing) {
+      return existing;
+    }
+    const requiredApprovers = Array.isArray(options.requiredApprovers) ? options.requiredApprovers.filter((value) => typeof value === "string" && value.length > 0) : ["govern-approver"];
+    const request = {
+      id: `approval-${Date.now()}-${Math.floor(Math.random() * 1e3)}`,
+      policyId,
+      resourceId,
+      requestedBy,
+      status: "pending",
+      requiredApprovers,
+      approvals: [],
+      rejections: [],
+      createdAt: /* @__PURE__ */ new Date(),
+      updatedAt: /* @__PURE__ */ new Date()
+    };
+    this.state.approvalRequests.set(request.id, request);
+    this.recordAudit("approval_requested", requestedBy, {
+      requestId: request.id,
+      policyId,
+      resourceId,
+      requiredApprovers
+    });
+    return request;
+  }
+  findApprovedRequest(policyId, resourceId) {
+    return Array.from(this.state.approvalRequests.values()).find(
+      (request) => request.policyId === policyId && request.resourceId === resourceId && request.status === "approved"
+    );
+  }
+  recordAudit(type, actor, details) {
+    const event = {
+      id: `audit-${Date.now()}-${Math.floor(Math.random() * 1e3)}`,
+      type,
+      actor,
+      policyId: typeof details.policyId === "string" ? details.policyId : void 0,
+      resourceId: typeof details.resourceId === "string" ? details.resourceId : void 0,
+      details,
+      timestamp: /* @__PURE__ */ new Date()
+    };
+    this.state.auditTrail.push(event);
+    this.persistAuditTrail();
+  }
+  loadAuditTrail() {
+    if (!existsSync(this.persistPath)) {
+      return;
+    }
+    try {
+      const raw = JSON.parse(readFileSync(this.persistPath, "utf-8"));
+      if (!Array.isArray(raw)) {
+        return;
+      }
+      const entries = raw.filter((value) => value && typeof value === "object").map((value) => {
+        const event = value;
+        return {
+          id: String(event.id ?? `audit-${Date.now()}`),
+          type: String(event.type ?? "policy_created"),
+          actor: String(event.actor ?? "unknown"),
+          policyId: typeof event.policyId === "string" ? event.policyId : void 0,
+          resourceId: typeof event.resourceId === "string" ? event.resourceId : void 0,
+          details: event.details && typeof event.details === "object" ? event.details : {},
+          timestamp: new Date(String(event.timestamp ?? (/* @__PURE__ */ new Date()).toISOString()))
+        };
+      });
+      this.state.auditTrail = entries;
+    } catch {
+      this.state.auditTrail = [];
+    }
+  }
+  persistAuditTrail() {
+    try {
+      const dir = dirname(this.persistPath);
+      if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+      }
+      writeFileSync(this.persistPath, JSON.stringify(this.state.auditTrail, null, 2));
+    } catch {
+    }
+  }
+  calculateRiskLevel(context) {
+    if (context.complexity === "high" && context.impact === "high") return "critical";
+    if (context.complexity === "high" || context.impact === "high") return "high";
+    if (context.complexity === "medium" || context.impact === "medium") return "medium";
+    return "low";
+  }
+  identifyRiskFactors() {
+    return ["complexity", "impact", "dependencies", "external_factors"];
+  }
+  generateRiskRecommendations() {
+    return ["Implement monitoring", "Add safeguards", "Reduce complexity"];
+  }
+  breakdownCosts(costs) {
+    const breakdown = {};
+    for (const cost of costs) {
+      breakdown[cost.resource] = (breakdown[cost.resource] || 0) + cost.amount;
+    }
+    return breakdown;
+  }
+  generateCostRecommendations() {
+    return ["Optimize resource usage", "Implement cost controls", "Monitor spending"];
+  }
+  identifyViolations(context) {
+    if (!context || typeof context !== "object") {
+      return [];
+    }
+    const source = context;
+    const violations = [];
+    if (source.documentation === "missing") {
+      violations.push("missing_documentation");
+    }
+    if (source.process === "incomplete") {
+      violations.push("incomplete_process");
+    }
+    return violations;
+  }
+  generateComplianceSummary() {
+    return { overall: "compliant", score: 85, areas: ["documentation", "process", "monitoring"] };
+  }
+  generateComplianceDetails() {
+    return {
+      documentation: { status: "compliant", score: 90 },
+      process: { status: "compliant", score: 85 },
+      monitoring: { status: "compliant", score: 80 }
+    };
+  }
+  // ─── Public Helpers ───────────────────────────────────────────────
+  getAuditTrail(policyId, resourceId) {
+    return this.state.auditTrail.filter((event) => {
+      const policyMatch = policyId ? event.policyId === policyId : true;
+      const resourceMatch = resourceId ? event.resourceId === resourceId : true;
+      return policyMatch && resourceMatch;
+    });
+  }
+  getEvidenceBundle(policyId, resourceId) {
+    const policy = this.state.currentPolicies.get(policyId);
+    const evaluations = Array.from(this.state.currentEvaluations.values()).filter((evaluation) => evaluation.policyId === policyId).sort((a, b) => b.evaluatedAt.getTime() - a.evaluatedAt.getTime());
+    const approvals = Array.from(this.state.approvalRequests.values()).filter((request) => {
+      if (request.policyId !== policyId) return false;
+      if (resourceId) {
+        return request.resourceId === resourceId;
+      }
+      return true;
+    });
+    return {
+      policy,
+      latestEvaluation: evaluations[0],
+      approvals,
+      auditTrail: this.getAuditTrail(policyId, resourceId)
+    };
+  }
+  async executeGovernWorkflow(options = {}) {
+    try {
+      const policyResult = await this.policies.create("default", "Default governance policy", options);
+      if (!policyResult.success) throw new Error(policyResult.error);
+      const policyId = policyResult.policy.id;
+      const approveResult = await this.policies.approve(policyId, String(options.approver ?? "system"));
+      if (!approveResult.success) throw new Error(approveResult.error);
+      const enforcement = await this.policies.enforce(policyId, {
+        resourceId: String(options.resourceId ?? "workflow-default"),
+        requestedBy: String(options.requestedBy ?? "system"),
+        ...typeof options.context === "object" && options.context ? options.context : {}
+      });
+      const riskResult = await this.risk.assess({ complexity: "medium", impact: "medium" });
+      if (!riskResult.success) throw new Error(riskResult.error);
+      const permissionResult = await this.permissions.grant("user", "resource", "read");
+      if (!permissionResult.success) throw new Error(permissionResult.error);
+      const costResult = await this.costs.track("resource", 100);
+      if (!costResult.success) throw new Error(costResult.error);
+      const complianceResult = await this.compliance.check("ISO27001", {
+        context: "security",
+        documentation: options.documentation,
+        process: options.process
+      });
+      if (!complianceResult.success) throw new Error(complianceResult.error);
+      return {
+        success: enforcement.success,
+        policy: policyResult.policy,
+        evaluation: enforcement.evaluation,
+        approval: enforcement.approval,
+        evidence: this.getEvidenceBundle(policyId, String(options.resourceId ?? "workflow-default")),
+        assessment: riskResult.assessment,
+        permission: permissionResult.permission,
+        cost: costResult.cost,
+        compliance: complianceResult.compliance,
+        error: enforcement.error
+      };
+    } catch (error) {
+      const msg = error instanceof Error ? error.message : String(error);
+      return { success: false, error: msg, errorCode: "INTERNAL_ERROR" };
+    }
+  }
+  getStatus() {
+    return {
+      initialized: this.state.initialized,
+      policies: this.state.currentPolicies.size,
+      evaluations: this.state.currentEvaluations.size,
+      approvals: this.state.approvalRequests.size,
+      auditTrail: this.state.auditTrail.length,
+      risks: this.state.currentRisks.size,
+      permissions: this.state.currentPermissions.size,
+      costs: this.state.currentCosts.size,
+      compliance: this.state.currentCompliance.size,
+      governanceHistory: this.state.governanceHistory.length
+    };
+  }
+};
+
+// src/errors.ts
+var BaselineError = class extends Error {
+  code;
+  details;
+  timestamp;
+  constructor(code, message, details = {}) {
+    super(message);
+    this.name = "BaselineError";
+    this.code = code;
+    this.details = details;
+    this.timestamp = /* @__PURE__ */ new Date();
+  }
+  toJSON() {
+    return {
+      name: this.name,
+      code: this.code,
+      message: this.message,
+      details: this.details,
+      timestamp: this.timestamp.toISOString()
+    };
+  }
+};
+var GovernError = class extends BaselineError {
+  constructor(code, message, details = {}) {
+    super(code, message, details);
+    this.name = "GovernError";
+  }
+};
+var ComplianceError = class extends BaselineError {
+  standard;
+  constructor(standard, message, details = {}) {
+    super("COMPLIANCE_VIOLATION", message, { standard, ...details });
+    this.name = "ComplianceError";
+    this.standard = standard;
+  }
+};
+var ValidationError = class extends BaselineError {
+  constructor(message, details = {}) {
+    super("VALIDATION_FAILED", message, details);
+    this.name = "ValidationError";
+  }
+};
+var TemplateError = class extends BaselineError {
+  templateName;
+  constructor(templateName, message, details = {}) {
+    super("TEMPLATE_VALIDATION_FAILED", message, { templateName, ...details });
+    this.name = "TemplateError";
+    this.templateName = templateName;
+  }
+};
+function isBaselineError(error) {
+  return error instanceof BaselineError;
+}
+function toErrorResult(error) {
+  if (error instanceof BaselineError) {
+    return { code: error.code, message: error.message };
+  }
+  if (error instanceof Error) {
+    return { code: "INTERNAL_ERROR", message: error.message };
+  }
+  return { code: "INTERNAL_ERROR", message: String(error) };
+}
+
+// src/telemetry.ts
+var GovernTelemetry = class {
+  hooks = [];
+  events = [];
+  maxHistory;
+  constructor(options = {}) {
+    this.maxHistory = options.maxHistory ?? 1e3;
+  }
+  addHook(hook) {
+    this.hooks.push(hook);
+  }
+  removeHook(hook) {
+    const idx = this.hooks.indexOf(hook);
+    if (idx >= 0) this.hooks.splice(idx, 1);
+  }
+  emit(event) {
+    this.events.push(event);
+    if (this.events.length > this.maxHistory) {
+      this.events.splice(0, this.events.length - this.maxHistory);
+    }
+    for (const hook of this.hooks) {
+      try {
+        hook(event);
+      } catch {
+      }
+    }
+  }
+  track(operation, subsystem, fn, details = {}) {
+    const start = performance.now();
+    try {
+      const result = fn();
+      const durationMs = performance.now() - start;
+      this.emit({
+        operation,
+        subsystem,
+        success: true,
+        durationMs,
+        timestamp: /* @__PURE__ */ new Date(),
+        details
+      });
+      return result;
+    } catch (error) {
+      const durationMs = performance.now() - start;
+      this.emit({
+        operation,
+        subsystem,
+        success: false,
+        durationMs,
+        timestamp: /* @__PURE__ */ new Date(),
+        details: { ...details, error: error instanceof Error ? error.message : String(error) }
+      });
+      throw error;
+    }
+  }
+  async trackAsync(operation, subsystem, fn, details = {}) {
+    const start = performance.now();
+    try {
+      const result = await fn();
+      const durationMs = performance.now() - start;
+      this.emit({
+        operation,
+        subsystem,
+        success: true,
+        durationMs,
+        timestamp: /* @__PURE__ */ new Date(),
+        details
+      });
+      return result;
+    } catch (error) {
+      const durationMs = performance.now() - start;
+      this.emit({
+        operation,
+        subsystem,
+        success: false,
+        durationMs,
+        timestamp: /* @__PURE__ */ new Date(),
+        details: { ...details, error: error instanceof Error ? error.message : String(error) }
+      });
+      throw error;
+    }
+  }
+  getEvents() {
+    return this.events;
+  }
+  getMetrics() {
+    const bySubsystem = /* @__PURE__ */ new Map();
+    for (const event of this.events) {
+      const key = event.subsystem;
+      const entry = bySubsystem.get(key) ?? { count: 0, totalMs: 0, failures: 0 };
+      entry.count++;
+      entry.totalMs += event.durationMs;
+      if (!event.success) entry.failures++;
+      bySubsystem.set(key, entry);
+    }
+    const subsystems = {};
+    for (const [key, entry] of bySubsystem) {
+      subsystems[key] = {
+        operations: entry.count,
+        avgDurationMs: entry.count > 0 ? entry.totalMs / entry.count : 0,
+        failureRate: entry.count > 0 ? entry.failures / entry.count : 0
+      };
+    }
+    const totalOps = this.events.length;
+    const totalMs = this.events.reduce((sum, e) => sum + e.durationMs, 0);
+    const totalFailures = this.events.filter((e) => !e.success).length;
+    return {
+      totalOperations: totalOps,
+      avgDurationMs: totalOps > 0 ? totalMs / totalOps : 0,
+      failureRate: totalOps > 0 ? totalFailures / totalOps : 0,
+      subsystems,
+      since: this.events[0]?.timestamp ?? /* @__PURE__ */ new Date()
+    };
+  }
+  clear() {
+    this.events = [];
+  }
+};
+
+// src/cache.ts
+var ComplianceCache = class {
+  cache = /* @__PURE__ */ new Map();
+  maxSize;
+  ttlMs;
+  totalHits = 0;
+  totalMisses = 0;
+  constructor(options = {}) {
+    this.maxSize = options.maxSize ?? 256;
+    this.ttlMs = options.ttlMs ?? 6e4;
+  }
+  get(key) {
+    const entry = this.cache.get(key);
+    if (!entry) {
+      this.totalMisses++;
+      return void 0;
+    }
+    if (Date.now() - entry.cachedAt > this.ttlMs) {
+      this.cache.delete(key);
+      this.totalMisses++;
+      return void 0;
+    }
+    this.cache.delete(key);
+    entry.hits++;
+    this.cache.set(key, entry);
+    this.totalHits++;
+    return entry.value;
+  }
+  set(key, value) {
+    if (this.cache.size >= this.maxSize && !this.cache.has(key)) {
+      const firstKey = this.cache.keys().next().value;
+      if (firstKey !== void 0) {
+        this.cache.delete(firstKey);
+      }
+    }
+    this.cache.set(key, {
+      value,
+      cachedAt: Date.now(),
+      hits: 0
+    });
+  }
+  has(key) {
+    const entry = this.cache.get(key);
+    if (!entry) return false;
+    if (Date.now() - entry.cachedAt > this.ttlMs) {
+      this.cache.delete(key);
+      return false;
+    }
+    return true;
+  }
+  clear() {
+    this.cache.clear();
+    this.totalHits = 0;
+    this.totalMisses = 0;
+  }
+  get size() {
+    return this.cache.size;
+  }
+  get hitRate() {
+    const total = this.totalHits + this.totalMisses;
+    return total > 0 ? this.totalHits / total : 0;
+  }
+  getStats() {
+    return {
+      size: this.cache.size,
+      maxSize: this.maxSize,
+      ttlMs: this.ttlMs,
+      hits: this.totalHits,
+      misses: this.totalMisses,
+      hitRate: this.hitRate
+    };
+  }
+  static hashKey(standard, context) {
+    const contextStr = JSON.stringify(context, Object.keys(
+      context && typeof context === "object" ? context : {}
+    ).sort());
+    return `${standard}:${contextStr}`;
+  }
+};
+
+// src/templates/cocobod.ts
+function assessCocobodGrade(context) {
+  const violations = [];
+  if (context.moisturePercentage > 7.5) {
+    violations.push(`Moisture ${context.moisturePercentage}% exceeds 7.5% maximum`);
+  }
+  if (!context.hasOriginCertificate) {
+    violations.push("Missing origin traceability certificate");
+  }
+  if (!context.hasQualityCertificate) {
+    violations.push("Missing quality inspection certificate");
+  }
+  let grade;
+  if (context.defectivePercentage <= 3) {
+    grade = "I";
+  } else if (context.defectivePercentage <= 5) {
+    grade = "II";
+  } else {
+    grade = "substandard";
+    violations.push(`Defective rate ${context.defectivePercentage}% exceeds 5% maximum`);
+  }
+  const exportEligible = grade !== "substandard" && violations.length === 0;
+  return { grade, exportEligible, violations };
+}
+var COCOBOD_TEMPLATE = {
+  name: "COCOBOD-GRADING",
+  description: "Ghana Cocoa Board commodity grading and export compliance",
+  version: "1.0.0",
+  jurisdiction: "GH",
+  rules: [
+    {
+      id: "cocobod-moisture",
+      name: "Moisture Content Limit",
+      description: "Cocoa beans must not exceed 7.5% moisture content",
+      severity: "critical",
+      enforcement: "block",
+      condition: { field: "moisturePercentage", greaterThan: 7.5 },
+      message: "Moisture content exceeds COCOBOD 7.5% limit"
+    },
+    {
+      id: "cocobod-defective",
+      name: "Defective Bean Rate",
+      description: "Defective bean rate must not exceed 5% for export",
+      severity: "high",
+      enforcement: "block",
+      condition: { field: "defectivePercentage", greaterThan: 5 },
+      message: "Defective rate exceeds COCOBOD 5% export threshold"
+    },
+    {
+      id: "cocobod-origin",
+      name: "Origin Certificate Required",
+      description: "All shipments require origin traceability documentation",
+      severity: "critical",
+      enforcement: "block",
+      condition: { field: "hasOriginCertificate", equals: false },
+      message: "Missing COCOBOD origin traceability certificate"
+    },
+    {
+      id: "cocobod-quality",
+      name: "Quality Certificate Required",
+      description: "Quality inspection certificate required for export",
+      severity: "high",
+      enforcement: "block",
+      condition: { field: "hasQualityCertificate", equals: false },
+      message: "Missing COCOBOD quality inspection certificate"
+    }
+  ]
+};
+
+// src/templates/fic-aml.ts
+var STR_THRESHOLD_GHS = 2e4;
+var CTR_THRESHOLD_GHS = 5e4;
+var MIN_RETENTION_YEARS = 5;
+function assessFicAml(context) {
+  const violations = [];
+  const amountGHS = context.currency === "GHS" ? context.transactionAmount : context.transactionAmount;
+  const requiresSTR = amountGHS >= STR_THRESHOLD_GHS;
+  const requiresCTR = amountGHS >= CTR_THRESHOLD_GHS;
+  const requiresEDD = context.isPEP || context.riskRating === "high";
+  if (!context.hasKYC) {
+    violations.push("Customer Due Diligence (KYC) not completed");
+  }
+  if (requiresEDD && !context.hasEDD) {
+    violations.push("Enhanced Due Diligence required for high-risk/PEP customer");
+  }
+  if (!context.sanctionsScreened) {
+    violations.push("Sanctions screening not performed");
+  } else if (!context.sanctionsCleared) {
+    violations.push("Customer failed sanctions screening \u2014 transaction blocked");
+  }
+  if (context.recordRetentionYears !== void 0 && context.recordRetentionYears < MIN_RETENTION_YEARS) {
+    violations.push(`Record retention ${context.recordRetentionYears} years below ${MIN_RETENTION_YEARS}-year minimum`);
+  }
+  if (requiresCTR && !context.sourceOfFunds) {
+    violations.push("Source of funds declaration required for transactions >= GHS 50,000");
+  }
+  return {
+    compliant: violations.length === 0,
+    requiresSTR,
+    requiresCTR,
+    requiresEDD,
+    violations
+  };
+}
+var FIC_AML_TEMPLATE = {
+  name: "FIC-AML-1044",
+  description: "Ghana FIC Anti-Money Laundering Act 1044 compliance",
+  version: "1.0.0",
+  jurisdiction: "GH",
+  rules: [
+    {
+      id: "fic-kyc",
+      name: "Customer Due Diligence",
+      description: "KYC verification required for all transactions",
+      severity: "critical",
+      enforcement: "block",
+      condition: { field: "hasKYC", equals: false },
+      message: "FIC Act 1044: Customer Due Diligence not completed"
+    },
+    {
+      id: "fic-sanctions",
+      name: "Sanctions Screening",
+      description: "All customers must be screened against sanctions lists",
+      severity: "critical",
+      enforcement: "block",
+      condition: { field: "sanctionsScreened", equals: false },
+      message: "FIC Act 1044: Sanctions screening not performed"
+    },
+    {
+      id: "fic-edd",
+      name: "Enhanced Due Diligence",
+      description: "EDD required for PEPs and high-risk customers",
+      severity: "high",
+      enforcement: "block",
+      condition: { field: "isPEP", equals: true },
+      message: "FIC Act 1044: Enhanced Due Diligence required for PEP"
+    },
+    {
+      id: "fic-source-of-funds",
+      name: "Source of Funds",
+      description: "Source of funds required for large transactions",
+      severity: "high",
+      enforcement: "block",
+      condition: { field: "sourceOfFunds", exists: false },
+      message: "FIC Act 1044: Source of funds declaration required"
+    }
+  ]
+};
+
+// src/templates/afcfta.ts
+var AFCFTA_STATE_PARTIES = /* @__PURE__ */ new Set([
+  "DZ",
+  "AO",
+  "BJ",
+  "BW",
+  "BF",
+  "BI",
+  "CV",
+  "CM",
+  "CF",
+  "TD",
+  "KM",
+  "CG",
+  "CD",
+  "CI",
+  "DJ",
+  "EG",
+  "GQ",
+  "ER",
+  "SZ",
+  "ET",
+  "GA",
+  "GM",
+  "GH",
+  "GN",
+  "GW",
+  "KE",
+  "LS",
+  "LR",
+  "LY",
+  "MG",
+  "MW",
+  "ML",
+  "MR",
+  "MU",
+  "MA",
+  "MZ",
+  "NA",
+  "NE",
+  "NG",
+  "RW",
+  "ST",
+  "SN",
+  "SC",
+  "SL",
+  "SO",
+  "ZA",
+  "SS",
+  "SD",
+  "TZ",
+  "TG",
+  "TN",
+  "UG",
+  "ZM",
+  "ZW"
+]);
+var MIN_LOCAL_VALUE_PERCENTAGE = 40;
+function isAfcftaStateParty(countryCode) {
+  return AFCFTA_STATE_PARTIES.has(countryCode.toUpperCase());
+}
+function assessAfcfta(context) {
+  const violations = [];
+  if (!isAfcftaStateParty(context.originCountry)) {
+    violations.push(`Origin country ${context.originCountry} is not an AfCFTA state party`);
+  }
+  if (!isAfcftaStateParty(context.destinationCountry)) {
+    violations.push(`Destination country ${context.destinationCountry} is not an AfCFTA state party`);
+  }
+  if (!context.hasCertificateOfOrigin) {
+    violations.push("Certificate of Origin not provided");
+  }
+  const originSatisfied = context.isWhollyObtained || context.tariffClassificationChanged || context.localValuePercentage >= MIN_LOCAL_VALUE_PERCENTAGE;
+  if (!originSatisfied) {
+    violations.push(
+      `Rules of Origin not met: local value ${context.localValuePercentage}% below ${MIN_LOCAL_VALUE_PERCENTAGE}% minimum, no tariff classification change, and product is not wholly obtained`
+    );
+  }
+  if (!context.isDirectShipment) {
+    const hasUnapprovedTransit = (context.transitCountries ?? []).some(
+      (c) => !isAfcftaStateParty(c)
+    );
+    if (hasUnapprovedTransit) {
+      violations.push("Shipment transits through non-AfCFTA state party without approved exemption");
+    }
+  }
+  const preferentialTariffEligible = originSatisfied && violations.length === 0;
+  return {
+    compliant: violations.length === 0,
+    originSatisfied,
+    preferentialTariffEligible,
+    violations
+  };
+}
+var AFCFTA_TEMPLATE = {
+  name: "AFCFTA-ROO",
+  description: "AfCFTA Rules of Origin for intra-African preferential trade",
+  version: "1.0.0",
+  jurisdiction: "AU",
+  rules: [
+    {
+      id: "afcfta-certificate",
+      name: "Certificate of Origin",
+      description: "Valid Certificate of Origin from authorized body required",
+      severity: "critical",
+      enforcement: "block",
+      condition: { field: "hasCertificateOfOrigin", equals: false },
+      message: "AfCFTA: Certificate of Origin not provided"
+    },
+    {
+      id: "afcfta-origin",
+      name: "Rules of Origin",
+      description: "Product must satisfy wholly obtained, CTC, or 40% value-added criterion",
+      severity: "critical",
+      enforcement: "block",
+      condition: { field: "localValuePercentage", lessThan: 40 },
+      message: "AfCFTA: Rules of Origin not satisfied"
+    },
+    {
+      id: "afcfta-state-party",
+      name: "State Party Requirement",
+      description: "Both origin and destination must be AfCFTA state parties",
+      severity: "critical",
+      enforcement: "block",
+      condition: { field: "originCountry", notAfcftaParty: true },
+      message: "AfCFTA: Origin country is not a state party"
+    },
+    {
+      id: "afcfta-direct-shipment",
+      name: "Direct Shipment",
+      description: "Goods must be shipped directly or through approved transit",
+      severity: "high",
+      enforcement: "block",
+      condition: { field: "isDirectShipment", equals: false },
+      message: "AfCFTA: Direct shipment rule not met"
+    }
+  ]
+};
+
+// src/templates/index.ts
+var GHANA_TEMPLATES = {
+  "COCOBOD-GRADING": "cocobod",
+  "FIC-AML-1044": "fic-aml",
+  "AFCFTA-ROO": "afcfta"
+};
+export {
+  AFCFTA_TEMPLATE,
+  BaselineError,
+  BaselineGovernSystem,
+  COCOBOD_TEMPLATE,
+  ComplianceCache,
+  ComplianceError,
+  FIC_AML_TEMPLATE,
+  GHANA_TEMPLATES,
+  GovernError,
+  GovernTelemetry,
+  TemplateError,
+  ValidationError,
+  assessAfcfta,
+  assessCocobodGrade,
+  assessFicAml,
+  isAfcftaStateParty,
+  isBaselineError,
+  toErrorResult
+};
+/**
+ * Baseline Govern System
+ *
+ * Enterprise governance layer of the Baseline Protocol providing
+ * policy, risk, permission, cost, and compliance governance.
+ *
+ * @license Apache-2.0
+ */