@blamejs/core 0.14.10 → 0.14.12

package/lib/compliance-ai-act.js

@@ -38,13 +38,21 @@
 
 var validateOpts        = require("./validate-opts");
 var lazyRequire         = require("./lazy-require");
+var C                   = require("./constants");
 var { ComplianceError }  = require("./framework-error");
 
 var prohibited     = require("./compliance-ai-act-prohibited");
 var risk           = require("./compliance-ai-act-risk");
 var transparency   = require("./compliance-ai-act-transparency");
 var logging        = require("./compliance-ai-act-logging");
+var safeJson       = require("./safe-json");
 var audit          = lazyRequire(function () { return require("./audit"); });
+// modelManifest carries the CycloneDX 1.6 ML-BOM build/sign/verify
+// envelope. lazyRequire'd to dodge the framework's documented
+// circular-load chain (index.js → compliance-* → audit → db →
+// framework-error → constants → package.json), the same reason
+// ai-model-manifest reads package.json behind a call.
+var modelManifest  = lazyRequire(function () { return require("./ai-model-manifest"); });
 
 // ---- Article 113 deadline calendar ----
 //
@@ -795,6 +803,441 @@ function crossWalkIso23894() {
     });
 }
 
+// ---- GPAI Code-of-Practice adherence declaration (Art. 53/55) ----
+//
+// The General-Purpose AI Code of Practice (published 10 July 2025 by
+// the AI Office) is the voluntary instrument by which a GPAI provider
+// demonstrates compliance with Reg (EU) 2024/1689 Art. 53 (and Art. 55
+// for systemic-risk models). Signing the Code is a public adherence
+// declaration; this primitive emits a cryptographically-bound,
+// tamper-evident version of that declaration so the obligation-set it
+// covers cannot be silently downgraded and the per-commitment evidence
+// cannot be replaced with a hollow claim.
+//
+// COP_VERSION_RE is shape-only — it pins the documented `YYYY-MM`
+// release-label form of the Code (e.g. "2025-07") with a real month
+// group; it is NOT a semantic validity check (the AI Office is the
+// authority on which labels exist).
+var COP_VERSION_RE = /^\d{4}-(0[1-9]|1[0-2])$/;                                                 // allow:regex-no-length-cap — fixed 7-char YYYY-MM Code-of-Practice release label, fully anchored
+// SHA3-512 hex digest shape, matching b.crypto.sha3Hash output (64
+// bytes → 128 lowercase-hex chars). An evidenceHash that does not match
+// this shape is a hollow attestation — the compliance-theater shape
+// this primitive exists to refuse.
+var EVIDENCE_HASH_RE = /^[0-9a-f]{128}$/;                                                       // allow:regex-no-length-cap — fixed-length SHA3-512 hex (128 chars), fully anchored
+
+// Default validity window for a phase-in adherence declaration. The
+// Art. 53 obligations become applicable 2026-08-02 (DEADLINES
+// .generalPurposeAI); a declaration that predates a material model
+// change should not be relied on indefinitely. 90 days is the auditor-
+// review default; operators override via opts.validityMs.
+var DEFAULT_VALIDITY_MS = C.TIME.days(90);
+
+var DECLARE_ALLOWED_KEYS = [
+  "modelId", "modelVersion", "provider", "isSystemicRisk", "trainingFlops",
+  "designatedSystemicRisk", "modalities", "copVersion", "commitments",
+  "trainingDataSummary", "generatedAt", "validityMs", "privateKeyPem",
+  "serialNumber", "audit",
+];
+
+// Derive the in-scope obligation set from the regulation, never from an
+// operator-asserted list. declareAdherence is GPAI-specific, so kind is
+// injected as "gpai" before gpaiClassify runs — otherwise a caller that
+// omits kind/generalPurpose would classify as non-GPAI (isGpai:false →
+// obligations:[]) and the scope-downgrade refusal below could never
+// fire.
+function _deriveGpaiObligations(opts) {
+  var probe = {
+    kind:                   "gpai",
+    trainingFlops:          opts.trainingFlops,
+    designatedSystemicRisk: opts.designatedSystemicRisk === true ||
+                            opts.isSystemicRisk === true ? true : undefined,
+  };
+  var verdict = gpaiClassify(probe);
+  return {
+    isSystemicRisk: verdict.isSystemicRisk,
+    obligations:    verdict.obligations,   // [{ article, title, description }, ...]
+  };
+}
+
+/**
+ * @primitive  b.compliance.aiAct.gpai.adherenceForm
+ * @signature  b.compliance.aiAct.gpai.adherenceForm(opts)
+ * @since      0.14.11
+ * @status     stable
+ * @compliance eu-ai-act-art-11
+ * @related    b.compliance.aiAct.gpai.declareAdherence, b.ai.modelManifest.build
+ *
+ * Build the unsigned GPAI Code-of-Practice adherence document for a
+ * general-purpose AI model. The obligation set is DERIVED from the
+ * regulation via the GPAI classifier (Reg (EU) 2024/1689 Art. 53(1)(a-d)
+ * always; Art. 55 when the model is a systemic-risk model under
+ * Art. 51(2)), never taken from an operator-supplied list. Each
+ * obligation is paired with the operator's commitment + evidence hash;
+ * the evidence hash is validated against the SHA3-512 hex shape so a
+ * hollow attestation (junk "hash") is refused at build time (CWE-345
+ * insufficient verification of data authenticity).
+ *
+ * This is the document `declareAdherence` signs; most operators call
+ * `declareAdherence` directly. The form is exposed for operators who
+ * want to inspect or persist the derived obligation set before signing.
+ *
+ * @opts
+ *   modelId:        string,     // required — provider's model identifier
+ *   modelVersion:   string,     // required — model version
+ *   provider:       object,     // { name, address, contact }
+ *   trainingFlops:  number,     // cumulative training compute (Art. 51(2) presumption at >= 1e25)
+ *   isSystemicRisk: boolean,    // operator-asserted systemic-risk designation (Art. 51(1)(b))
+ *   designatedSystemicRisk: boolean,  // AI-Office-designated systemic risk
+ *   copVersion:     string,     // GPAI Code of Practice release label, "YYYY-MM" (default "2025-07")
+ *   commitments:    object[],   // [{ article, statement, evidenceHash }] — evidenceHash is SHA3-512 hex
+ *   trainingDataSummary: object,// Art. 53(1)(d) public-summary pointer (b.compliance.aiAct.gpai.trainingDataSummary)
+ *   generatedAt:    string,     // ISO 8601 UTC; defaults to now
+ *   validityMs:     number,     // declaration validity window; default 90 days
+ *
+ * @example
+ *   var hash = b.crypto.sha3Hash("eval-report-2026.pdf");
+ *   var form = b.compliance.aiAct.gpai.adherenceForm({
+ *     modelId:      "acme-llm-7b",
+ *     modelVersion: "1.0",
+ *     commitments:  [{ article: "Art. 53(1)(a)", statement: "Annex XI docs maintained", evidenceHash: hash }],
+ *   });
+ *   form.commitments.length;       // 4 — the four Art. 53 obligations (no systemic-risk chapter)
+ *   form.commitments[0].evidenced; // true (Art. 53(1)(a) has a bound commitment)
+ *   form.commitments[1].evidenced; // false (no commitment supplied yet)
+ */
+function adherenceForm(opts) {
+  validateOpts.requireObject(opts, "compliance.aiAct.gpai.adherenceForm",
+    ComplianceError, "compliance-ai-act/bad-input");
+  validateOpts(opts, DECLARE_ALLOWED_KEYS, "compliance.aiAct.gpai.adherenceForm");
+  validateOpts.requireNonEmptyString(opts.modelId, "adherenceForm: modelId",
+    ComplianceError, "compliance-ai-act/no-model-id");
+  validateOpts.requireNonEmptyString(opts.modelVersion, "adherenceForm: modelVersion",
+    ComplianceError, "compliance-ai-act/no-model-version");
+
+  var copVersion = opts.copVersion || "2025-07";
+  if (typeof copVersion !== "string" || copVersion.length > 10 || !COP_VERSION_RE.test(copVersion)) {
+    throw new ComplianceError("compliance-ai-act/cop-version-bad",
+      "adherenceForm: copVersion must be a YYYY-MM Code-of-Practice release label — got " +
+      JSON.stringify(copVersion));
+  }
+
+  var derived = _deriveGpaiObligations(opts);
+  if (derived.obligations.length === 0) {
+    // Defensive: kind is injected "gpai" so this is unreachable on the
+    // happy path, but a future classifier change must not silently emit
+    // an empty-obligation declaration that asserts nothing.
+    throw new ComplianceError("compliance-ai-act/cop-no-obligations",
+      "adherenceForm: derived GPAI obligation set is empty — refusing to sign a declaration that covers no Art. 53 obligation");
+  }
+
+  var requiredArticles = derived.obligations.map(function (o) { return o.article; });
+
+  // Index operator commitments by article + validate each evidence hash.
+  var byArticle = Object.create(null);
+  var commitments = Array.isArray(opts.commitments) ? opts.commitments : [];
+  for (var i = 0; i < commitments.length; i += 1) {
+    var c = commitments[i];
+    if (!c || typeof c !== "object" || typeof c.article !== "string") {
+      throw new ComplianceError("compliance-ai-act/cop-commitment-shape",
+        "adherenceForm: commitments[" + i + "] must be { article, statement, evidenceHash }");
+    }
+    if (typeof c.evidenceHash !== "string" || c.evidenceHash.length !== 128 || !EVIDENCE_HASH_RE.test(c.evidenceHash)) {
+      throw new ComplianceError("compliance-ai-act/cop-evidence-bad-hash",
+        "adherenceForm: commitments[" + i + "].evidenceHash must be a SHA3-512 hex digest " +
+        "(128 lowercase-hex chars, b.crypto.sha3Hash output) — a 1-char junk hash is a hollow attestation");
+    }
+    byArticle[c.article] = {
+      article:      c.article,
+      statement:    typeof c.statement === "string" ? c.statement : null,
+      evidenceHash: c.evidenceHash,
+    };
+  }
+
+  // Build the per-obligation declaration. Every DERIVED obligation gets
+  // an entry; if the operator supplied a matching commitment it binds,
+  // otherwise the obligation is recorded as not-yet-evidenced (the
+  // verify path surfaces it, the auditor decides).
+  var declaredCommitments = derived.obligations.map(function (o) {
+    var bound = byArticle[o.article];
+    return {
+      article:      o.article,
+      title:        o.title,
+      description:  o.description,
+      statement:    bound ? bound.statement : null,
+      evidenceHash: bound ? bound.evidenceHash : null,
+      evidenced:    !!bound,
+    };
+  });
+
+  var generatedAt = opts.generatedAt || new Date().toISOString();
+  var validityMs = opts.validityMs === undefined ? DEFAULT_VALIDITY_MS
+    : validateOpts.optionalPositiveFinite(opts.validityMs, "adherenceForm: validityMs",
+        ComplianceError, "compliance-ai-act/bad-validity");
+
+  return {
+    "$schema":        "https://blamejs.com/schema/ai-act-gpai-cop-adherence-v1.json",
+    regulation:       "EU Regulation 2024/1689 — AI Act",
+    articles:         derived.isSystemicRisk ? ["Art. 53", "Art. 55"] : ["Art. 53"],
+    instrument:       "GPAI Code of Practice (10 July 2025)",
+    copVersion:       copVersion,
+    modelId:          opts.modelId,
+    modelVersion:     opts.modelVersion,
+    provider:         opts.provider || { name: null, address: null, contact: null },
+    isSystemicRisk:   derived.isSystemicRisk,
+    requiredArticles: requiredArticles,
+    commitments:      declaredCommitments,
+    trainingDataSummary: opts.trainingDataSummary || null,
+    // Art. 113 phase-in deadlines are bound INTO the signed payload so a
+    // verifier can confirm the declaration was made against the correct
+    // applicability calendar (not back-dated to a different regime).
+    deadlines:        DEADLINES,
+    generatedAt:      generatedAt,
+    validityMs:       validityMs,
+    note:             "Adherence to the GPAI Code of Practice per Reg (EU) 2024/1689 Art. 53" +
+                      (derived.isSystemicRisk ? " + Art. 55 (systemic risk)." : "."),
+  };
+}
+
+/**
+ * @primitive  b.compliance.aiAct.gpai.declareAdherence
+ * @signature  b.compliance.aiAct.gpai.declareAdherence(opts)
+ * @since      0.14.11
+ * @status     stable
+ * @compliance eu-ai-act-art-11
+ * @related    b.ai.modelManifest.sign, b.compliance.aiAct.gpai.adherenceForm
+ *
+ * Emit a SIGNED, tamper-evident GPAI Code-of-Practice adherence
+ * declaration (Reg (EU) 2024/1689 Art. 53(1)(a-d); Art. 55 when the
+ * model is a systemic-risk model under Art. 51(2)). The Code of
+ * Practice (10 July 2025) is the AI Office's voluntary compliance
+ * instrument; this primitive binds the adherence to the model + the
+ * derived obligation set + the per-commitment evidence hashes inside a
+ * CycloneDX 1.6 ML-BOM signed with ML-DSA-87 (FIPS 204) via
+ * `b.ai.modelManifest.build` + `sign`. There is no unsigned return
+ * path on the happy path: the declaration always ships inside the
+ * signature envelope.
+ *
+ * Two compliance-theater shapes are refused structurally rather than
+ * trusted:
+ *
+ *   - Obligation-set downgrade: the in-scope obligations are DERIVED
+ *     from the classifier (kind injected as "gpai"), never accepted
+ *     from the operator. A 10^25-FLOP+ model that omits the Art. 55
+ *     systemic-risk chapter is refused — the classifier puts Art. 55
+ *     in scope, the declaration must cover it.
+ *   - Hollow attestation: every commitment's `evidenceHash` is checked
+ *     against the SHA3-512 hex shape (128 hex chars, `b.crypto.sha3Hash`
+ *     output). A junk "hash" cannot bind — CWE-345 (insufficient
+ *     verification of data authenticity) / CWE-347 (improper
+ *     verification of cryptographic signature).
+ *
+ * The signed envelope is verified with
+ * `b.compliance.aiAct.gpai.verifyAdherence(envelope, publicKeyPem)`,
+ * which re-canonicalizes before trusting any field (never trusts an
+ * embedded signed-bytes value — the xml-crypto signature-substitution
+ * class, CVE-2025-29774 / CVE-2025-29775) and rejects an expired
+ * declaration (`generatedAt + validityMs < now`) so a stale adherence
+ * cannot be replayed past its window.
+ *
+ * @opts
+ *   modelId:        string,     // required
+ *   modelVersion:   string,     // required
+ *   provider:       object,     // { name, address, contact }
+ *   trainingFlops:  number,     // cumulative training compute; Art. 51(2) presumption at >= 1e25 FLOP
+ *   isSystemicRisk: boolean,    // operator-asserted systemic-risk designation (Art. 51(1)(b))
+ *   designatedSystemicRisk: boolean,  // AI-Office-designated systemic risk
+ *   copVersion:     string,     // Code of Practice release label "YYYY-MM" (default "2025-07")
+ *   commitments:    object[],   // [{ article, statement, evidenceHash }]; evidenceHash is b.crypto.sha3Hash output
+ *   trainingDataSummary: object,// Art. 53(1)(d) public-summary pointer (b.compliance.aiAct.gpai.trainingDataSummary)
+ *   validityMs:     number,     // validity window; default 90 days
+ *   privateKeyPem:  string,     // required — ML-DSA-87 signing key (b.crypto.generateSigningKeyPair)
+ *   serialNumber:   string,     // urn:uuid:...; defaults to a fresh UUIDv4
+ *   audit:          boolean,    // emit compliance.aiact.gpai.declareadherence audit event; default true
+ *
+ * @example
+ *   var pair = b.crypto.generateSigningKeyPair("ml-dsa-87");
+ *   var hash = b.crypto.sha3Hash("annex-xi-technical-documentation-v1");
+ *   var env = b.compliance.aiAct.gpai.declareAdherence({
+ *     modelId:       "acme-llm-7b",
+ *     modelVersion:  "1.0",
+ *     commitments:   [{ article: "Art. 53(1)(a)", statement: "Annex XI docs maintained", evidenceHash: hash }],
+ *     privateKeyPem: pair.privateKey,
+ *   });
+ *   typeof env.signature;   // "string"
+ */
+function declareAdherence(opts) {
+  validateOpts.requireObject(opts, "compliance.aiAct.gpai.declareAdherence",
+    ComplianceError, "compliance-ai-act/bad-input");
+  validateOpts(opts, DECLARE_ALLOWED_KEYS, "compliance.aiAct.gpai.declareAdherence");
+  validateOpts.requireNonEmptyString(opts.privateKeyPem,
+    "declareAdherence: privateKeyPem", ComplianceError, "compliance-ai-act/no-signing-key");
+
+  var form = adherenceForm(opts);
+
+  // Scope-downgrade refusal: a SIGNED declaration must cover EVERY
+  // derived obligation with bound evidence. The obligations are derived
+  // from the classifier, not the operator, so a systemic-risk model
+  // (>= 1e25 FLOP, Art. 51(2)) puts Art. 55 in scope — signing a
+  // declaration that omits the Art. 55 chapter would be a silent scope
+  // downgrade. adherenceForm() stays an inspection tool that surfaces
+  // `evidenced: false`; the signing path refuses an unevidenced
+  // obligation outright (CWE-345 insufficient verification).
+  var unevidenced = form.commitments
+    .filter(function (c) { return !c.evidenced; })
+    .map(function (c) { return c.article; });
+  if (unevidenced.length > 0) {
+    throw new ComplianceError("compliance-ai-act/cop-obligation-unevidenced",
+      "declareAdherence: cannot sign — required obligation(s) [" + unevidenced.join(", ") +
+      "] have no bound commitment with a valid evidenceHash. A systemic-risk model must cover " +
+      "the Art. 55 chapter; supply a commitment for every required article (" +
+      form.requiredArticles.join(", ") + ").");
+  }
+
+  // Compose the AIBOM substrate: the adherence form rides as a
+  // property-bag + Art. 53(1)(d) training-data summary on the model
+  // component, signed as one canonical-JSON-1785 byte stream. We do NOT
+  // hand-roll an envelope or call canonicalJson.stringify + crypto.sign
+  // directly — modelManifest.build/sign already provide CycloneDX 1.6
+  // conformance + the signature-substitution defense in verify.
+  var bom = modelManifest().build({
+    model: {
+      name:    form.modelId,
+      version: form.modelVersion,
+      modelCard: {
+        properties: [
+          { name: "ai-act:gpai-cop-adherence", value: JSON.stringify(form) },
+        ],
+      },
+    },
+    serialNumber: opts.serialNumber,
+    tool: { name: "@blamejs/core:compliance.aiAct.gpai.declareAdherence" },
+  });
+
+  var envelope = modelManifest().sign(bom, {
+    privateKeyPem: opts.privateKeyPem,
+    audit:         false,   // emit our own domain-specific event below
+  });
+
+  // Surface the adherence form alongside the signed envelope so callers
+  // don't have to re-parse the BOM property to read what was declared.
+  var out = {
+    bom:           envelope.bom,
+    signature:     envelope.signature,
+    adherence:     form,
+  };
+
+  if (opts.audit !== false) {
+    // Hot-path audit sink — drop-silent by design (rule 5). A throw
+    // here would crash the caller that just produced a valid signed
+    // declaration.
+    try {
+      audit().safeEmit({
+        action:  "compliance.aiact.gpai.declareadherence",
+        outcome: "success",
+        metadata: {
+          modelId:        form.modelId,
+          modelVersion:   form.modelVersion,
+          isSystemicRisk: form.isSystemicRisk,
+          articles:       form.articles,
+          serialNumber:   envelope.bom.serialNumber,
+        },
+      });
+    } catch (_e) { /* drop-silent — by design */ }
+  }
+
+  return Object.freeze(out);
+}
+
+/**
+ * @primitive  b.compliance.aiAct.gpai.verifyAdherence
+ * @signature  b.compliance.aiAct.gpai.verifyAdherence(envelope, publicKeyPem, opts?)
+ * @since      0.14.11
+ * @status     stable
+ * @compliance eu-ai-act-art-11
+ * @related    b.compliance.aiAct.gpai.declareAdherence, b.ai.modelManifest.verify
+ *
+ * Verify a signed GPAI Code-of-Practice adherence declaration produced
+ * by `declareAdherence`. Delegates the cryptographic check to
+ * `b.ai.modelManifest.verify`, which re-canonicalizes the BOM with
+ * canonical-JSON-1785 before trusting any field and NEVER trusts an
+ * embedded signed-bytes value (the xml-crypto signature-substitution
+ * class, CVE-2025-29774 / CVE-2025-29775). On a valid signature it
+ * additionally enforces the validity window: a declaration whose
+ * `generatedAt + validityMs` is in the past is rejected with
+ * `reason: "expired"` so a stale adherence cannot be replayed past its
+ * auditor-review window. Returns `{ valid, adherence, reason }`; never
+ * throws (the documented contract mirrors b.ai.modelManifest.verify).
+ *
+ * @opts
+ *   now:    number,     // override the comparison clock (ms epoch); default Date.now()
+ *   audit:  boolean,    // emit compliance.aiact.gpai.verifyadherence audit event; default true
+ *
+ * @example
+ *   var result = b.compliance.aiAct.gpai.verifyAdherence(env, pair.publicKey);
+ *   if (result.valid) result.adherence.requiredArticles;   // ["Art. 53(1)(a)", ...]
+ *   else              result.reason;                        // "signature-invalid" | "expired" | ...
+ */
+function verifyAdherence(envelope, publicKeyPem, opts) {
+  opts = opts || {};
+  var inner = modelManifest().verify(envelope, publicKeyPem, { audit: false });
+  if (!inner.valid) {
+    return { valid: false, adherence: null, reason: inner.reason };
+  }
+
+  // Re-read the adherence form from the (now signature-verified) BOM
+  // property — never from a top-level field a caller could swap.
+  var adherence = _extractAdherenceFromBom(inner.bom);
+  if (!adherence) {
+    return { valid: false, adherence: null, reason: "adherence-property-missing" };
+  }
+
+  // Anti-replay: reject an expired declaration.
+  if (typeof adherence.generatedAt === "string" &&
+      typeof adherence.validityMs === "number" && isFinite(adherence.validityMs)) {
+    var issuedMs = Date.parse(adherence.generatedAt);
+    if (isFinite(issuedMs)) {
+      var now = typeof opts.now === "number" && isFinite(opts.now) ? opts.now : Date.now();
+      if (issuedMs + adherence.validityMs < now) {
+        return { valid: false, adherence: null, reason: "expired" };
+      }
+    }
+  }
+
+  if (opts.audit !== false) {
+    try {
+      audit().safeEmit({
+        action:  "compliance.aiact.gpai.verifyadherence",
+        outcome: "success",
+        metadata: {
+          modelId:        adherence.modelId,
+          modelVersion:   adherence.modelVersion,
+          isSystemicRisk: adherence.isSystemicRisk,
+          serialNumber:   inner.bom && inner.bom.serialNumber,
+        },
+      });
+    } catch (_e) { /* drop-silent — by design */ }
+  }
+
+  return { valid: true, adherence: adherence, reason: null };
+}
+
+// Pull the adherence form out of the signed BOM's model-card property
+// bag. Returns null on any shape mismatch — the caller maps that to a
+// structured verify reason rather than throwing.
+function _extractAdherenceFromBom(bom) {
+  try {
+    var card = bom && bom.metadata && bom.metadata.component && bom.metadata.component.modelCard;
+    var props = card && card.properties;
+    if (!Array.isArray(props)) return null;
+    for (var i = 0; i < props.length; i += 1) {
+      if (props[i] && props[i].name === "ai-act:gpai-cop-adherence") {
+        return safeJson.parse(props[i].value, { maxBytes: C.BYTES.mib(1) });
+      }
+    }
+  } catch (_e) { return null; }
+  return null;
+}
+
 module.exports = {
   classify:                  classify,
   deployerChecklist:         deployerChecklist,
@@ -806,6 +1249,9 @@ module.exports = {
     classify:             gpaiClassify,
     listObligations:      listGpaiObligations,
     trainingDataSummary:  trainingDataSummary,
+    adherenceForm:        adherenceForm,
+    declareAdherence:     declareAdherence,
+    verifyAdherence:      verifyAdherence,
     OBLIGATIONS:          GPAI_OBLIGATIONS,
   },
   articleObligations:        articleObligations,