@complior/engine 0.9.0 → 0.9.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@complior/engine",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "type": "module",
   "main": "src/index.ts",
   "description": "AI Act Compliance Engine — deterministic scanner, auto-fixer, reporter, and MCP server for EU AI Act. Powers the Complior CLI daemon.",
@@ -39,6 +39,11 @@
     "regulation",
     "agent-passport"
   ],
+  "files": [
+    "src/",
+    "data/",
+    "tsconfig.json"
+  ],
   "engines": {
     "node": ">=22"
   },
@@ -52,22 +57,15 @@
     "@ai-sdk/anthropic": "^2.0.65",
     "@ai-sdk/openai": "^2.0.91",
     "@hono/node-server": "^1.19.10",
-    "@modelcontextprotocol/sdk": "^1.26.0",
     "ai": "^5.0.135",
-    "better-sqlite3": "^11.0.0",
     "chokidar": "^4.0.0",
-    "cosmiconfig": "^9.0.0",
     "hono": "^4.12.7",
-    "p-queue": "^8.0.0",
-    "pdfkit": "^0.17.2",
     "simple-git": "^3.27.0",
-    "tsx": "^4.21.0",
     "zod": "^3.23.0"
   },
   "devDependencies": {
-    "@types/better-sqlite3": "^7.6.0",
     "@types/node": "^22.0.0",
-    "@types/pdfkit": "^0.17.5",
+    "tsx": "^4.21.0",
     "typescript": "^5.7.0",
     "vitest": "^3.0.0"
   }

package/.well-known/ai-compliance.json

@@ -1,16 +0,0 @@
-{
-  "version": "1.0",
-  "scanner": "complior/1.0.0",
-  "scannedAt": "[SCAN_DATE]",
-  "organization": "[TO BE SET]",
-  "ai_systems": [
-    {
-      "name": "[TO BE SET]",
-      "provider": "[TO BE SET]",
-      "risk_level": "[TO BE SET]",
-      "compliance_score": 0
-    }
-  ],
-  "jurisdiction": "EU",
-  "regulation": "EU AI Act (Regulation (EU) 2024/1689)"
-}

package/COMPLIANCE.md

@@ -1,64 +0,0 @@
-# Compliance Report
-
-> Generated by Complior v1.0.0 on 2026-03-15T18:52:53.383Z
-
-## Score
-
-| Metric | Value |
-|--------|-------|
-| Total Score | **22.18%** |
-| Zone | red |
-| Checks | 93 total, 56 passed, 36 failed |
-
-## Findings Summary
-
-| Check ID | Severity | Message |
-|----------|----------|---------|
-| l3-banned-emotion-recognition | critical | Art. 5 REVIEW: "emotion-recognition" detected — Emotion recognition. Prohibited under Art. 5(1)(f) when: Infers emotions in workplace or educational settings, except for medical or safety purposes. Verify: Is this used to detect emotions of employees or students? (Medical/safety use is exempt) |
-| cross-permission-passport-mismatch | critical | 14 undeclared permission(s) with unwrapped LLM calls — compounding governance failure per Art. 26(4) |
-| undeclared-permission | high | Tool 'kb_search' (langchain) used in code but not declared in Agent Passport — Art. 26(4) |
-| undeclared-permission | high | Tool 'ticket_history' (langchain) used in code but not declared in Agent Passport — Art. 26(4) |
-| undeclared-permission | high | Tool 'kb_search' (langchain) used in code but not declared in Agent Passport — Art. 26(4) |
-| undeclared-permission | high | Tool 'ticket_history' (langchain) used in code but not declared in Agent Passport — Art. 26(4) |
-| undeclared-permission | high | Tool 'kb_search' (langchain) used in code but not declared in Agent Passport — Art. 26(4) |
-| undeclared-permission | high | Tool 'ticket_history' (langchain) used in code but not declared in Agent Passport — Art. 26(4) |
-| undeclared-permission | high | Tool 'kb_search' (langchain) used in code but not declared in Agent Passport — Art. 26(4) |
-| undeclared-permission | high | Tool 'ticket_history' (langchain) used in code but not declared in Agent Passport — Art. 26(4) |
-| undeclared-permission | high | Tool 'kb_search' (langchain) used in code but not declared in Agent Passport — Art. 26(4) |
-| undeclared-permission | high | Tool 'ticket_history' (langchain) used in code but not declared in Agent Passport — Art. 26(4) |
-| undeclared-permission | high | Tool 'kb_search' (langchain) used in code but not declared in Agent Passport — Art. 26(4) |
-| undeclared-permission | high | Tool 'ticket_history' (langchain) used in code but not declared in Agent Passport — Art. 26(4) |
-| undeclared-permission | high | Tool 'kb_search' (langchain) used in code but not declared in Agent Passport — Art. 26(4) |
-| undeclared-permission | high | Tool 'ticket_history' (langchain) used in code but not declared in Agent Passport — Art. 26(4) |
-| art5-screening | high | No art. 5 screening document found (Art. 5) |
-| technical-documentation | high | No technical documentation found (Art. 11) |
-| declaration-of-conformity | high | No declaration of conformity found (Art. 47) |
-| risk-management | high | No risk management documentation found (Art. 9) |
-| ai-literacy | medium | No AI literacy policy or training documentation found (Art. 4) |
-| incident-report | medium | No incident report template found (Art. 73) |
-| monitoring-policy | medium | No monitoring policy found (Art. 26) |
-| data-governance | medium | No data governance documentation found (Art. 10) |
-| qms | medium | No quality management system found (Art. 17) |
-| instructions-for-use | medium | No instructions for use found (Art. 13) |
-| l4-bare-llm | medium | WARNING: Anthropic bare API call in src/chat/anthropic.ts:8 — eu-ai-act-OBL-015 Art. 50(1) |
-| l4-bare-llm | medium | WARNING: OpenAI bare API call in src/chat/handler.ts:11 — eu-ai-act-OBL-015 Art. 50(1) |
-| l4-security-risk | medium | WARNING: Unsafe eval() with user input in src/screening/hr-filter.ts:16 — eu-ai-act-OBL-008 Art. 15(4) |
-| l4-security-risk | medium | WARNING: Unsafe eval() with user input in src/security/unsafe-eval.ts:11 — eu-ai-act-OBL-008 Art. 15(4) |
-| l4-security-risk | medium | WARNING: Unsafe pickle deserialization in src/security/unsafe-pickle.py:14 — eu-ai-act-OBL-008 Art. 15(4) |
-| cross-banned-with-wrapper | medium | Prohibited package detected but compliance controls (disclosure, oversight, kill-switch) are present. Review whether usage falls under an Art. 5 exception. |
-| cross-logging-no-retention | medium | AI logging implemented in code but no log retention configuration found. Art. 12 requires log retention >= 180 days. |
-| l3-missing-bias-testing | low | AI SDKs detected but no bias testing library found. Consider adding fairlearn, aif360, or aequitas. |
-| l3-log-retention | low | docker-compose.yml: Logging configured but no retention policy found. Ensure >= 180 days retention (Art. 12). |
-| cross-kill-switch-no-test | low | AI kill switch pattern found in code but no automated tests detected for it. Safety mechanisms should be tested. |
-
-## Top Issues
-
-1. **[CRITICAL]** l3-banned-emotion-recognition: Art. 5 REVIEW: "emotion-recognition" detected — Emotion recognition. Prohibited under Art. 5(1)(f) when: Infers emotions in workplace or educational settings, except for medical or safety purposes. Verify: Is this used to detect emotions of employees or students? (Medical/safety use is exempt)
-2. **[CRITICAL]** cross-permission-passport-mismatch: 14 undeclared permission(s) with unwrapped LLM calls — compounding governance failure per Art. 26(4)
-3. **[HIGH]** undeclared-permission: Tool 'kb_search' (langchain) used in code but not declared in Agent Passport — Art. 26(4)
-4. **[HIGH]** undeclared-permission: Tool 'ticket_history' (langchain) used in code but not declared in Agent Passport — Art. 26(4)
-5. **[HIGH]** undeclared-permission: Tool 'kb_search' (langchain) used in code but not declared in Agent Passport — Art. 26(4)
-
----
-
-![Compliance Badge](.complior/badge.svg)

package/engine.log

@@ -1,7 +0,0 @@
-[server] Loading regulation data...
-[app] Loaded 108 obligations
-[app] Loaded persisted scan result from disk
-[server] Complior Engine v1.0.0 running on http://127.0.0.1:3099
-[file-watcher] Watching /home/openclaw/complior/engine/core for compliance-relevant changes
-[server] Graceful shutdown...
-[server] Server closed

package/vitest.config.ts

@@ -1,9 +0,0 @@
-import { defineConfig } from 'vitest/config';
-
-export default defineConfig({
-  test: {
-    include: ['src/**/*.test.ts'],
-    globals: false,
-    testTimeout: 10_000,
-  },
-});