npm - @complior/engine - Versions diffs - 0.9.0 - Mend

@complior/engine 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (594) hide show

package/.well-known/ai-compliance.json +16 -0
package/COMPLIANCE.md +64 -0
package/data/data-integrity.test.ts +75 -0
package/data/eval/eval-mappings.json +33 -0
package/data/llm/model-pricing.json +15 -0
package/data/llm/model-routing.json +36 -0
package/data/onboarding/risk-profile.json +17 -0
package/data/regulations/eu-ai-act/README.md +245 -0
package/data/regulations/eu-ai-act/applicability-tree.json +160 -0
package/data/regulations/eu-ai-act/cross-mapping.json +175 -0
package/data/regulations/eu-ai-act/localization.json +186 -0
package/data/regulations/eu-ai-act/obligations.json +3981 -0
package/data/regulations/eu-ai-act/regulation-meta.json +482 -0
package/data/regulations/eu-ai-act/scoring.json +342 -0
package/data/regulations/eu-ai-act/technical-requirements.json +2590 -0
package/data/regulations/eu-ai-act/timeline.json +160 -0
package/data/regulations/jurisdictions/at.json +15 -0
package/data/regulations/jurisdictions/be.json +15 -0
package/data/regulations/jurisdictions/bg.json +15 -0
package/data/regulations/jurisdictions/cy.json +15 -0
package/data/regulations/jurisdictions/cz.json +15 -0
package/data/regulations/jurisdictions/de.json +15 -0
package/data/regulations/jurisdictions/dk.json +15 -0
package/data/regulations/jurisdictions/ee.json +15 -0
package/data/regulations/jurisdictions/es.json +15 -0
package/data/regulations/jurisdictions/fi.json +15 -0
package/data/regulations/jurisdictions/fr.json +15 -0
package/data/regulations/jurisdictions/gr.json +15 -0
package/data/regulations/jurisdictions/hr.json +15 -0
package/data/regulations/jurisdictions/hu.json +15 -0
package/data/regulations/jurisdictions/ie.json +15 -0
package/data/regulations/jurisdictions/is.json +15 -0
package/data/regulations/jurisdictions/it.json +15 -0
package/data/regulations/jurisdictions/li.json +15 -0
package/data/regulations/jurisdictions/lt.json +15 -0
package/data/regulations/jurisdictions/lu.json +15 -0
package/data/regulations/jurisdictions/lv.json +15 -0
package/data/regulations/jurisdictions/mt.json +15 -0
package/data/regulations/jurisdictions/nl.json +15 -0
package/data/regulations/jurisdictions/no.json +15 -0
package/data/regulations/jurisdictions/pl.json +15 -0
package/data/regulations/jurisdictions/pt.json +15 -0
package/data/regulations/jurisdictions/ro.json +15 -0
package/data/regulations/jurisdictions/se.json +15 -0
package/data/regulations/jurisdictions/si.json +15 -0
package/data/regulations/jurisdictions/sk.json +15 -0
package/data/scanner/check-id-categories.json +81 -0
package/data/scanner/confidence-params.json +16 -0
package/data/scanner/limits.json +4 -0
package/data/schemas/http-contract-sample.json +79 -0
package/data/schemas/http-contract.json +144 -0
package/data/semgrep-rules/bare-call.yaml +37 -0
package/data/semgrep-rules/injection.yaml +73 -0
package/data/semgrep-rules/missing-error-handling.yaml +58 -0
package/data/semgrep-rules/unsafe-deser.yaml +65 -0
package/data/templates/eu-ai-act/ai-literacy.md +184 -0
package/data/templates/eu-ai-act/art5-screening.md +131 -0
package/data/templates/eu-ai-act/data-governance.md +145 -0
package/data/templates/eu-ai-act/declaration-of-conformity.md +161 -0
package/data/templates/eu-ai-act/fria.md +127 -0
package/data/templates/eu-ai-act/gpai-systemic-risk.md +150 -0
package/data/templates/eu-ai-act/gpai-transparency.md +166 -0
package/data/templates/eu-ai-act/incident-report.md +188 -0
package/data/templates/eu-ai-act/instructions-for-use.md +202 -0
package/data/templates/eu-ai-act/monitoring-policy.md +110 -0
package/data/templates/eu-ai-act/qms.md +180 -0
package/data/templates/eu-ai-act/risk-management-system.md +123 -0
package/data/templates/eu-ai-act/technical-documentation.md +287 -0
package/data/templates/eu-ai-act/worker-notification.md +143 -0
package/data/templates/policies/biometrics-ai-policy.md +214 -0
package/data/templates/policies/critical-infra-ai-policy.md +228 -0
package/data/templates/policies/education-ai-policy.md +184 -0
package/data/templates/policies/finance-ai-policy.md +191 -0
package/data/templates/policies/healthcare-ai-policy.md +197 -0
package/data/templates/policies/hr-ai-policy.md +178 -0
package/data/templates/policies/legal-ai-policy.md +189 -0
package/data/templates/policies/migration-ai-policy.md +239 -0
package/engine.log +7 -0
package/package.json +74 -0
package/src/composition-root.ts +791 -0
package/src/data/eval/conformity-tests.test.ts +122 -0
package/src/data/eval/ct-1-transparency.ts +106 -0
package/src/data/eval/ct-10-gpai.ts +25 -0
package/src/data/eval/ct-11-industry.ts +42 -0
package/src/data/eval/ct-2-oversight.ts +41 -0
package/src/data/eval/ct-3-explanation.ts +14 -0
package/src/data/eval/ct-4-bias.ts +83 -0
package/src/data/eval/ct-5-accuracy.ts +41 -0
package/src/data/eval/ct-6-robustness.ts +81 -0
package/src/data/eval/ct-7-prohibited.ts +52 -0
package/src/data/eval/ct-8-logging.ts +68 -0
package/src/data/eval/ct-9-risk-awareness.ts +33 -0
package/src/data/eval/deterministic-evaluator.ts +120 -0
package/src/data/eval/index.ts +55 -0
package/src/data/eval/judge-prompts.ts +146 -0
package/src/data/eval/llm-judged-tests.ts +279 -0
package/src/data/eval/llm-tests.test.ts +83 -0
package/src/data/eval/remediation/ct-1-transparency.ts +91 -0
package/src/data/eval/remediation/ct-10-gpai.ts +94 -0
package/src/data/eval/remediation/ct-11-industry.ts +94 -0
package/src/data/eval/remediation/ct-2-oversight.ts +71 -0
package/src/data/eval/remediation/ct-3-explanation.ts +70 -0
package/src/data/eval/remediation/ct-4-bias.ts +70 -0
package/src/data/eval/remediation/ct-5-accuracy.ts +70 -0
package/src/data/eval/remediation/ct-6-robustness.ts +70 -0
package/src/data/eval/remediation/ct-7-prohibited.ts +94 -0
package/src/data/eval/remediation/ct-8-logging.ts +94 -0
package/src/data/eval/remediation/ct-9-risk-awareness.ts +94 -0
package/src/data/eval/remediation/index.ts +89 -0
package/src/data/eval/remediation/owasp-art5.ts +15 -0
package/src/data/eval/remediation/owasp-llm01.ts +72 -0
package/src/data/eval/remediation/owasp-llm02.ts +72 -0
package/src/data/eval/remediation/owasp-llm03.ts +15 -0
package/src/data/eval/remediation/owasp-llm04.ts +15 -0
package/src/data/eval/remediation/owasp-llm05.ts +15 -0
package/src/data/eval/remediation/owasp-llm06.ts +15 -0
package/src/data/eval/remediation/owasp-llm07.ts +15 -0
package/src/data/eval/remediation/owasp-llm08.ts +15 -0
package/src/data/eval/remediation/owasp-llm09.ts +15 -0
package/src/data/eval/remediation/owasp-llm10.ts +15 -0
package/src/data/eval/remediation/remediation.test.ts +229 -0
package/src/data/eval/remediation/test-mapping.ts +290 -0
package/src/data/eval/security-rubrics.ts +381 -0
package/src/data/finding-explanations.json +453 -0
package/src/data/industry-patterns.ts +161 -0
package/src/data/registry-cards.ts +368 -0
package/src/data/regulation/index.ts +5 -0
package/src/data/regulation/jurisdiction-data.test.ts +73 -0
package/src/data/regulation/jurisdiction-data.ts +65 -0
package/src/data/regulation/regulation-data.ts +19 -0
package/src/data/regulation/regulation-loader.test.ts +107 -0
package/src/data/regulation/regulation-loader.ts +56 -0
package/src/data/scanner-constants.ts +46 -0
package/src/data/schemas/schemas-core.ts +140 -0
package/src/data/schemas/schemas-supplementary.ts +211 -0
package/src/data/schemas/schemas.ts +28 -0
package/src/data/security/attack-probes.test.ts +62 -0
package/src/data/security/attack-probes.ts +496 -0
package/src/data/security/eu-ai-act-security.ts +40 -0
package/src/data/security/index.ts +19 -0
package/src/data/security/mitre-atlas.test.ts +43 -0
package/src/data/security/mitre-atlas.ts +93 -0
package/src/data/security/nist-ai-rmf.ts +43 -0
package/src/data/security/owasp-llm-top10.test.ts +60 -0
package/src/data/security/owasp-llm-top10.ts +138 -0
package/src/data/template-registry.ts +53 -0
package/src/data/tool-versions.json +22 -0
package/src/domain/audit/audit-package.test.ts +152 -0
package/src/domain/audit/audit-package.ts +166 -0
package/src/domain/audit/audit-trail.test.ts +121 -0
package/src/domain/audit/audit-trail.ts +174 -0
package/src/domain/audit/index.ts +8 -0
package/src/domain/audit/permissions-matrix.test.ts +136 -0
package/src/domain/audit/permissions-matrix.ts +121 -0
package/src/domain/certification/adversarial/bias-tests.ts +95 -0
package/src/domain/certification/adversarial/evaluators.ts +304 -0
package/src/domain/certification/adversarial/index.ts +11 -0
package/src/domain/certification/adversarial/prompt-injection.ts +103 -0
package/src/domain/certification/adversarial/safety-boundary.ts +132 -0
package/src/domain/certification/aiuc1-readiness.test.ts +236 -0
package/src/domain/certification/aiuc1-readiness.ts +298 -0
package/src/domain/certification/aiuc1-requirements.ts +235 -0
package/src/domain/certification/index.ts +10 -0
package/src/domain/certification/redteam-runner.test.ts +97 -0
package/src/domain/certification/redteam-runner.ts +205 -0
package/src/domain/certification/test-runner.test.ts +232 -0
package/src/domain/certification/test-runner.ts +289 -0
package/src/domain/cost/cost-estimator.test.ts +187 -0
package/src/domain/cost/cost-estimator.ts +133 -0
package/src/domain/disclaimer.test.ts +52 -0
package/src/domain/disclaimer.ts +39 -0
package/src/domain/documents/ai-enricher.test.ts +120 -0
package/src/domain/documents/ai-enricher.ts +159 -0
package/src/domain/documents/document-generator.test.ts +318 -0
package/src/domain/documents/document-generator.ts +239 -0
package/src/domain/documents/index.ts +9 -0
package/src/domain/documents/passport-helpers.ts +25 -0
package/src/domain/documents/policy-generator.test.ts +252 -0
package/src/domain/documents/policy-generator.ts +94 -0
package/src/domain/documents/worker-notification-generator.test.ts +162 -0
package/src/domain/documents/worker-notification-generator.ts +141 -0
package/src/domain/eval/adapters/adapter-port.ts +94 -0
package/src/domain/eval/adapters/adapters.test.ts +303 -0
package/src/domain/eval/adapters/anthropic-adapter.ts +57 -0
package/src/domain/eval/adapters/auto-detect.ts +104 -0
package/src/domain/eval/adapters/create-chat-adapter.ts +106 -0
package/src/domain/eval/adapters/custom-adapter.ts +74 -0
package/src/domain/eval/adapters/http-adapter.ts +66 -0
package/src/domain/eval/adapters/index.ts +7 -0
package/src/domain/eval/adapters/ollama-adapter.ts +48 -0
package/src/domain/eval/adapters/openai-adapter.ts +58 -0
package/src/domain/eval/adapters/with-timeout.ts +25 -0
package/src/domain/eval/conformity-score.test.ts +161 -0
package/src/domain/eval/conformity-score.ts +135 -0
package/src/domain/eval/eval-constants.ts +55 -0
package/src/domain/eval/eval-evidence.test.ts +85 -0
package/src/domain/eval/eval-evidence.ts +103 -0
package/src/domain/eval/eval-fix-generator.test.ts +421 -0
package/src/domain/eval/eval-fix-generator.ts +205 -0
package/src/domain/eval/eval-passport.test.ts +82 -0
package/src/domain/eval/eval-passport.ts +89 -0
package/src/domain/eval/eval-remediation-report.test.ts +682 -0
package/src/domain/eval/eval-remediation-report.ts +170 -0
package/src/domain/eval/eval-report.ts +108 -0
package/src/domain/eval/eval-runner.test.ts +609 -0
package/src/domain/eval/eval-runner.ts +593 -0
package/src/domain/eval/eval-to-findings.test.ts +293 -0
package/src/domain/eval/eval-to-findings.ts +83 -0
package/src/domain/eval/index.ts +31 -0
package/src/domain/eval/llm-judge.test.ts +139 -0
package/src/domain/eval/llm-judge.ts +168 -0
package/src/domain/eval/remediation-types.ts +90 -0
package/src/domain/eval/security-integration.test.ts +196 -0
package/src/domain/eval/security-integration.ts +136 -0
package/src/domain/eval/types.test.ts +173 -0
package/src/domain/eval/types.ts +244 -0
package/src/domain/eval/verdict-utils.ts +45 -0
package/src/domain/fixer/create-fixer.ts +101 -0
package/src/domain/fixer/diff.ts +70 -0
package/src/domain/fixer/fix-history.ts +23 -0
package/src/domain/fixer/fixer.test.ts +306 -0
package/src/domain/fixer/index.ts +9 -0
package/src/domain/fixer/strategies/bandit-fix.ts +61 -0
package/src/domain/fixer/strategies/bias-testing.ts +49 -0
package/src/domain/fixer/strategies/ci-compliance.ts +57 -0
package/src/domain/fixer/strategies/content-marking.ts +45 -0
package/src/domain/fixer/strategies/cve-upgrade.ts +66 -0
package/src/domain/fixer/strategies/data-governance.ts +65 -0
package/src/domain/fixer/strategies/disclosure.ts +69 -0
package/src/domain/fixer/strategies/doc-code-sync.ts +53 -0
package/src/domain/fixer/strategies/documentation.ts +59 -0
package/src/domain/fixer/strategies/error-handler.ts +63 -0
package/src/domain/fixer/strategies/hitl-gate.ts +67 -0
package/src/domain/fixer/strategies/index.ts +61 -0
package/src/domain/fixer/strategies/kill-switch-test.ts +85 -0
package/src/domain/fixer/strategies/kill-switch.ts +53 -0
package/src/domain/fixer/strategies/license-fix.ts +57 -0
package/src/domain/fixer/strategies/log-retention.ts +40 -0
package/src/domain/fixer/strategies/logging.ts +59 -0
package/src/domain/fixer/strategies/metadata.ts +45 -0
package/src/domain/fixer/strategies/permission-guard.ts +84 -0
package/src/domain/fixer/strategies/record-keeping.ts +69 -0
package/src/domain/fixer/strategies/secret-rotation.ts +52 -0
package/src/domain/fixer/strategies.test.ts +341 -0
package/src/domain/fixer/template-engine.test.ts +64 -0
package/src/domain/fixer/template-engine.ts +38 -0
package/src/domain/fixer/types.ts +88 -0
package/src/domain/frameworks/aiuc1-framework.test.ts +159 -0
package/src/domain/frameworks/aiuc1-framework.ts +126 -0
package/src/domain/frameworks/collect-foundation-metrics.test.ts +96 -0
package/src/domain/frameworks/collect-foundation-metrics.ts +34 -0
package/src/domain/frameworks/eu-ai-act-framework.test.ts +117 -0
package/src/domain/frameworks/eu-ai-act-framework.ts +100 -0
package/src/domain/frameworks/framework-registry.test.ts +91 -0
package/src/domain/frameworks/framework-registry.ts +38 -0
package/src/domain/frameworks/index.ts +8 -0
package/src/domain/frameworks/mitre-atlas-framework.test.ts +53 -0
package/src/domain/frameworks/mitre-atlas-framework.ts +53 -0
package/src/domain/frameworks/owasp-llm-framework.test.ts +77 -0
package/src/domain/frameworks/owasp-llm-framework.ts +54 -0
package/src/domain/frameworks/score-plugin-framework.ts +117 -0
package/src/domain/fria/fria-generator.test.ts +273 -0
package/src/domain/fria/fria-generator.ts +366 -0
package/src/domain/import/promptfoo-importer.test.ts +103 -0
package/src/domain/import/promptfoo-importer.ts +151 -0
package/src/domain/onboarding/guided-onboarding.test.ts +144 -0
package/src/domain/onboarding/guided-onboarding.ts +135 -0
package/src/domain/passport/builder/domain-mapper.ts +9 -0
package/src/domain/passport/builder/manifest-builder.test.ts +546 -0
package/src/domain/passport/builder/manifest-builder.ts +535 -0
package/src/domain/passport/builder/manifest-diff.test.ts +105 -0
package/src/domain/passport/builder/manifest-diff.ts +89 -0
package/src/domain/passport/builder/manifest-files.ts +17 -0
package/src/domain/passport/crypto-signer.test.ts +93 -0
package/src/domain/passport/crypto-signer.ts +157 -0
package/src/domain/passport/discovery/agent-discovery.test.ts +296 -0
package/src/domain/passport/discovery/agent-discovery.ts +325 -0
package/src/domain/passport/discovery/autonomy-analyzer.test.ts +141 -0
package/src/domain/passport/discovery/autonomy-analyzer.ts +113 -0
package/src/domain/passport/discovery/permission-scanner.test.ts +191 -0
package/src/domain/passport/discovery/permission-scanner.ts +414 -0
package/src/domain/passport/export/a2a-mapper.ts +75 -0
package/src/domain/passport/export/aiuc1-mapper.ts +126 -0
package/src/domain/passport/export/export.test.ts +207 -0
package/src/domain/passport/export/index.ts +41 -0
package/src/domain/passport/export/nist-mapper.ts +227 -0
package/src/domain/passport/import/a2a-importer.test.ts +133 -0
package/src/domain/passport/import/a2a-importer.ts +156 -0
package/src/domain/passport/import/index.ts +2 -0
package/src/domain/passport/index.ts +32 -0
package/src/domain/passport/obligation-field-map.test.ts +113 -0
package/src/domain/passport/obligation-field-map.ts +117 -0
package/src/domain/passport/passport-validator.test.ts +156 -0
package/src/domain/passport/passport-validator.ts +126 -0
package/src/domain/passport/scan-to-compliance.test.ts +336 -0
package/src/domain/passport/scan-to-compliance.ts +166 -0
package/src/domain/passport/test-generator.test.ts +93 -0
package/src/domain/passport/test-generator.ts +136 -0
package/src/domain/proxy/index.ts +11 -0
package/src/domain/proxy/json-rpc.test.ts +72 -0
package/src/domain/proxy/json-rpc.ts +53 -0
package/src/domain/proxy/policy-engine.test.ts +259 -0
package/src/domain/proxy/policy-engine.ts +137 -0
package/src/domain/proxy/proxy-bridge.ts +125 -0
package/src/domain/proxy/proxy-interceptor.test.ts +184 -0
package/src/domain/proxy/proxy-interceptor.ts +120 -0
package/src/domain/proxy/proxy-types.ts +35 -0
package/src/domain/registry/compute-agent-score.test.ts +279 -0
package/src/domain/registry/compute-agent-score.ts +162 -0
package/src/domain/reporter/audit-report.test.ts +87 -0
package/src/domain/reporter/audit-report.ts +116 -0
package/src/domain/reporter/badge-generator.test.ts +54 -0
package/src/domain/reporter/badge-generator.ts +40 -0
package/src/domain/reporter/compliance-md.ts +45 -0
package/src/domain/reporter/index.ts +7 -0
package/src/domain/reporter/pdf-renderer.ts +282 -0
package/src/domain/reporter/share.test.ts +92 -0
package/src/domain/reporter/share.ts +80 -0
package/src/domain/scanner/ast/swc-analyzer.test.ts +49 -0
package/src/domain/scanner/ast/swc-analyzer.ts +124 -0
package/src/domain/scanner/attestations.ts +97 -0
package/src/domain/scanner/checks/ai-disclosure.test.ts +90 -0
package/src/domain/scanner/checks/ai-disclosure.ts +54 -0
package/src/domain/scanner/checks/ai-literacy.ts +163 -0
package/src/domain/scanner/checks/behavioral-constraints.test.ts +167 -0
package/src/domain/scanner/checks/behavioral-constraints.ts +86 -0
package/src/domain/scanner/checks/compliance-metadata.ts +63 -0
package/src/domain/scanner/checks/content-marking.ts +74 -0
package/src/domain/scanner/checks/dep-deep-scan.test.ts +318 -0
package/src/domain/scanner/checks/dep-deep-scan.ts +137 -0
package/src/domain/scanner/checks/documentation.test.ts +88 -0
package/src/domain/scanner/checks/documentation.ts +79 -0
package/src/domain/scanner/checks/git-history.test.ts +120 -0
package/src/domain/scanner/checks/git-history.ts +163 -0
package/src/domain/scanner/checks/gpai-systemic-risk.test.ts +84 -0
package/src/domain/scanner/checks/gpai-systemic-risk.ts +98 -0
package/src/domain/scanner/checks/gpai-transparency.ts +94 -0
package/src/domain/scanner/checks/index.ts +28 -0
package/src/domain/scanner/checks/industry/index.ts +40 -0
package/src/domain/scanner/checks/industry/industry.test.ts +287 -0
package/src/domain/scanner/checks/interaction-logging.test.ts +113 -0
package/src/domain/scanner/checks/interaction-logging.ts +142 -0
package/src/domain/scanner/checks/nhi-scanner.test.ts +158 -0
package/src/domain/scanner/checks/nhi-scanner.ts +78 -0
package/src/domain/scanner/checks/passport-completeness.test.ts +127 -0
package/src/domain/scanner/checks/passport-completeness.ts +82 -0
package/src/domain/scanner/checks/passport-presence.test.ts +56 -0
package/src/domain/scanner/checks/passport-presence.ts +78 -0
package/src/domain/scanner/checks/pattern-check-factory.ts +70 -0
package/src/domain/scanner/checks/permission-scanner.test.ts +279 -0
package/src/domain/scanner/checks/permission-scanner.ts +90 -0
package/src/domain/scanner/checks/presence-check-factory.test.ts +124 -0
package/src/domain/scanner/checks/presence-check-factory.ts +275 -0
package/src/domain/scanner/compliance-diff.test.ts +165 -0
package/src/domain/scanner/compliance-diff.ts +138 -0
package/src/domain/scanner/confidence.test.ts +235 -0
package/src/domain/scanner/confidence.ts +156 -0
package/src/domain/scanner/constants.ts +13 -0
package/src/domain/scanner/create-scanner.ts +573 -0
package/src/domain/scanner/cross-layer.test.ts +372 -0
package/src/domain/scanner/cross-layer.ts +232 -0
package/src/domain/scanner/data/ai-packages.ts +82 -0
package/src/domain/scanner/debt-calculator.test.ts +89 -0
package/src/domain/scanner/debt-calculator.ts +111 -0
package/src/domain/scanner/drift.test.ts +191 -0
package/src/domain/scanner/drift.ts +73 -0
package/src/domain/scanner/evidence-store.test.ts +207 -0
package/src/domain/scanner/evidence-store.ts +195 -0
package/src/domain/scanner/evidence.test.ts +104 -0
package/src/domain/scanner/evidence.ts +71 -0
package/src/domain/scanner/external/bandit-runner.test.ts +45 -0
package/src/domain/scanner/external/bandit-runner.ts +90 -0
package/src/domain/scanner/external/checks.ts +321 -0
package/src/domain/scanner/external/dedup.test.ts +79 -0
package/src/domain/scanner/external/dedup.ts +94 -0
package/src/domain/scanner/external/detect-secrets-runner.test.ts +58 -0
package/src/domain/scanner/external/detect-secrets-runner.ts +81 -0
package/src/domain/scanner/external/external-scanner.test.ts +221 -0
package/src/domain/scanner/external/external-scanner.ts +36 -0
package/src/domain/scanner/external/finding-mapper.test.ts +95 -0
package/src/domain/scanner/external/finding-mapper.ts +138 -0
package/src/domain/scanner/external/index.ts +15 -0
package/src/domain/scanner/external/mappings.ts +93 -0
package/src/domain/scanner/external/modelscan-runner.test.ts +35 -0
package/src/domain/scanner/external/modelscan-runner.ts +101 -0
package/src/domain/scanner/external/path-utils.ts +8 -0
package/src/domain/scanner/external/runner-port.ts +45 -0
package/src/domain/scanner/external/semgrep-runner.test.ts +52 -0
package/src/domain/scanner/external/semgrep-runner.ts +94 -0
package/src/domain/scanner/external/types.ts +32 -0
package/src/domain/scanner/finding-attribution.test.ts +444 -0
package/src/domain/scanner/finding-attribution.ts +195 -0
package/src/domain/scanner/finding-explainer.test.ts +157 -0
package/src/domain/scanner/finding-explainer.ts +73 -0
package/src/domain/scanner/fix-diff-builder.test.ts +272 -0
package/src/domain/scanner/fix-diff-builder.ts +477 -0
package/src/domain/scanner/import-graph.test.ts +162 -0
package/src/domain/scanner/import-graph.ts +198 -0
package/src/domain/scanner/languages/adapter.test.ts +105 -0
package/src/domain/scanner/languages/adapter.ts +239 -0
package/src/domain/scanner/layers/index.ts +24 -0
package/src/domain/scanner/layers/layer1-files.ts +54 -0
package/src/domain/scanner/layers/layer2-docs.test.ts +1207 -0
package/src/domain/scanner/layers/layer2-docs.ts +297 -0
package/src/domain/scanner/layers/layer2-parsing.ts +217 -0
package/src/domain/scanner/layers/layer3-config.test.ts +187 -0
package/src/domain/scanner/layers/layer3-config.ts +279 -0
package/src/domain/scanner/layers/layer3-parsers.ts +73 -0
package/src/domain/scanner/layers/layer4-patterns.test.ts +397 -0
package/src/domain/scanner/layers/layer4-patterns.ts +216 -0
package/src/domain/scanner/layers/layer5-docs.test.ts +99 -0
package/src/domain/scanner/layers/layer5-docs.ts +250 -0
package/src/domain/scanner/layers/layer5-llm.test.ts +146 -0
package/src/domain/scanner/layers/layer5-llm.ts +262 -0
package/src/domain/scanner/layers/layer5-targeted.test.ts +93 -0
package/src/domain/scanner/layers/layer5-targeted.ts +233 -0
package/src/domain/scanner/layers/lockfile-parsers.test.ts +320 -0
package/src/domain/scanner/layers/lockfile-parsers.ts +184 -0
package/src/domain/scanner/regulation-version.test.ts +54 -0
package/src/domain/scanner/regulation-version.ts +23 -0
package/src/domain/scanner/role-filter.test.ts +116 -0
package/src/domain/scanner/role-filter.ts +51 -0
package/src/domain/scanner/rules/banned-packages-data.ts +553 -0
package/src/domain/scanner/rules/banned-packages-sdk.ts +65 -0
package/src/domain/scanner/rules/banned-packages.test.ts +249 -0
package/src/domain/scanner/rules/banned-packages.ts +55 -0
package/src/domain/scanner/rules/comment-filter.test.ts +115 -0
package/src/domain/scanner/rules/comment-filter.ts +297 -0
package/src/domain/scanner/rules/index.ts +9 -0
package/src/domain/scanner/rules/nhi-patterns.test.ts +128 -0
package/src/domain/scanner/rules/nhi-patterns.ts +60 -0
package/src/domain/scanner/rules/pattern-rules.ts +1152 -0
package/src/domain/scanner/sbom.test.ts +136 -0
package/src/domain/scanner/sbom.ts +103 -0
package/src/domain/scanner/scan-cache.test.ts +136 -0
package/src/domain/scanner/scan-cache.ts +115 -0
package/src/domain/scanner/scanner.test.ts +125 -0
package/src/domain/scanner/score-calculator.test.ts +363 -0
package/src/domain/scanner/score-calculator.ts +189 -0
package/src/domain/scanner/security-score.test.ts +107 -0
package/src/domain/scanner/security-score.ts +116 -0
package/src/domain/scanner/source-filter.ts +24 -0
package/src/domain/scanner/validators.ts +223 -0
package/src/domain/shared/compliance-constants.ts +48 -0
package/src/domain/shared/disclosure-patterns.ts +16 -0
package/src/domain/shared/index.ts +6 -0
package/src/domain/shared/parse-dependencies.ts +21 -0
package/src/domain/supply-chain/dependency-analyzer.ts +138 -0
package/src/domain/supply-chain/index.ts +3 -0
package/src/domain/supply-chain/supply-chain.test.ts +211 -0
package/src/domain/supply-chain/types.ts +32 -0
package/src/domain/whatif/config-fixer.ts +187 -0
package/src/domain/whatif/index.ts +6 -0
package/src/domain/whatif/scenario-engine.ts +121 -0
package/src/domain/whatif/simulate-actions.test.ts +161 -0
package/src/domain/whatif/simulate-actions.ts +114 -0
package/src/domain/whatif/whatif.test.ts +135 -0
package/src/e2e/gaps-e2e.test.ts +259 -0
package/src/e2e/smoke.test.ts +101 -0
package/src/hooks/hooks-export.test.ts +81 -0
package/src/hooks/installer.ts +113 -0
package/src/http/cors.test.ts +38 -0
package/src/http/create-router.ts +259 -0
package/src/http/routes/agent.route.ts +380 -0
package/src/http/routes/audit.route.ts +66 -0
package/src/http/routes/badge.route.ts +23 -0
package/src/http/routes/cert.route.ts +66 -0
package/src/http/routes/chat.route.ts +228 -0
package/src/http/routes/cost.route.ts +33 -0
package/src/http/routes/debt.route.ts +29 -0
package/src/http/routes/disclaimer.route.ts +64 -0
package/src/http/routes/eval.route.ts +161 -0
package/src/http/routes/events.route.test.ts +108 -0
package/src/http/routes/events.route.ts +71 -0
package/src/http/routes/external-scan.route.ts +24 -0
package/src/http/routes/file.route.ts +54 -0
package/src/http/routes/fix.route.ts +219 -0
package/src/http/routes/frameworks.route.test.ts +66 -0
package/src/http/routes/frameworks.route.ts +36 -0
package/src/http/routes/git.route.ts +27 -0
package/src/http/routes/guided-onboarding.route.ts +65 -0
package/src/http/routes/import.route.ts +64 -0
package/src/http/routes/jurisdiction.route.ts +22 -0
package/src/http/routes/obligations.route.test.ts +122 -0
package/src/http/routes/obligations.route.ts +110 -0
package/src/http/routes/onboarding.route.ts +53 -0
package/src/http/routes/provider.route.ts +42 -0
package/src/http/routes/proxy.route.ts +40 -0
package/src/http/routes/redteam.route.ts +84 -0
package/src/http/routes/report.route.ts +29 -0
package/src/http/routes/scan.route.ts +104 -0
package/src/http/routes/share.route.ts +44 -0
package/src/http/routes/shell.route.ts +27 -0
package/src/http/routes/status.route.ts +66 -0
package/src/http/routes/supply-chain.route.ts +121 -0
package/src/http/routes/sync.route.ts +328 -0
package/src/http/routes/tools.route.ts +29 -0
package/src/http/routes/whatif.route.ts +96 -0
package/src/http/utils/validation.ts +31 -0
package/src/index.ts +1 -0
package/src/infra/bundle-fetcher.ts +77 -0
package/src/infra/cache-storage.ts +34 -0
package/src/infra/event-bus.ts +31 -0
package/src/infra/file-collector.ts +61 -0
package/src/infra/file-ops-adapter.ts +95 -0
package/src/infra/file-watcher.test.ts +90 -0
package/src/infra/file-watcher.ts +106 -0
package/src/infra/git-adapter.ts +93 -0
package/src/infra/git-history-adapter.ts +41 -0
package/src/infra/headless-browser.ts +178 -0
package/src/infra/llm-adapter.test.ts +83 -0
package/src/infra/llm-adapter.ts +86 -0
package/src/infra/logger.ts +27 -0
package/src/infra/project-config.test.ts +74 -0
package/src/infra/project-config.ts +35 -0
package/src/infra/rate-limiter.test.ts +36 -0
package/src/infra/rate-limiter.ts +34 -0
package/src/infra/retry.ts +46 -0
package/src/infra/saas-client.ts +123 -0
package/src/infra/search-adapter.ts +113 -0
package/src/infra/shell-adapter.ts +68 -0
package/src/infra/tool-manager.test.ts +99 -0
package/src/infra/tool-manager.ts +197 -0
package/src/llm/agents/agent-modes.test.ts +44 -0
package/src/llm/agents/modes.ts +68 -0
package/src/llm/routing/cost-routing.test.ts +37 -0
package/src/llm/routing/cost-tracker.ts +74 -0
package/src/llm/routing/model-routing.test.ts +79 -0
package/src/llm/routing/model-routing.ts +38 -0
package/src/llm/routing/pricing.ts +19 -0
package/src/llm/sse-protocol.ts +77 -0
package/src/llm/tool-definitions.ts +83 -0
package/src/llm/tool-executors.ts +80 -0
package/src/llm/tools/types.ts +13 -0
package/src/mcp/create-mcp-stack.ts +82 -0
package/src/mcp/handlers.ts +245 -0
package/src/mcp/index.ts +28 -0
package/src/mcp/mcp-server.test.ts +80 -0
package/src/mcp/server.ts +79 -0
package/src/mcp/tools.ts +48 -0
package/src/onboarding/auto-detect.ts +164 -0
package/src/onboarding/onboarding.test.ts +89 -0
package/src/onboarding/profile.ts +169 -0
package/src/onboarding/questions.ts +112 -0
package/src/onboarding/wizard.ts +66 -0
package/src/output/github-issue.ts +32 -0
package/src/output/json-output.ts +67 -0
package/src/ports/browser.port.ts +23 -0
package/src/ports/events.port.ts +28 -0
package/src/ports/llm.port.ts +23 -0
package/src/ports/logger.port.ts +6 -0
package/src/ports/process.port.ts +6 -0
package/src/ports/scanner.port.ts +15 -0
package/src/server.ts +134 -0
package/src/services/badge-service.ts +67 -0
package/src/services/chat-service.test.ts +162 -0
package/src/services/chat-service.ts +152 -0
package/src/services/cost-service.ts +52 -0
package/src/services/debt-service.ts +65 -0
package/src/services/eval-integration.test.ts +132 -0
package/src/services/eval-service.test.ts +373 -0
package/src/services/eval-service.ts +463 -0
package/src/services/external-scan-service.ts +60 -0
package/src/services/file-service.ts +37 -0
package/src/services/fix-service.test.ts +470 -0
package/src/services/fix-service.ts +648 -0
package/src/services/framework-service.test.ts +159 -0
package/src/services/framework-service.ts +67 -0
package/src/services/onboarding-service.ts +165 -0
package/src/services/passport-audit.ts +244 -0
package/src/services/passport-documents.ts +258 -0
package/src/services/passport-service-utils.ts +72 -0
package/src/services/passport-service.test.ts +251 -0
package/src/services/passport-service.ts +339 -0
package/src/services/proxy-service.ts +81 -0
package/src/services/report-service.ts +72 -0
package/src/services/scan-service.test.ts +470 -0
package/src/services/scan-service.ts +335 -0
package/src/services/share-service.ts +108 -0
package/src/services/shared/backup.ts +23 -0
package/src/services/status-service.ts +38 -0
package/src/services/undo-service.test.ts +190 -0
package/src/services/undo-service.ts +144 -0
package/src/test-helpers/factories.ts +116 -0
package/src/types/common.schemas.ts +147 -0
package/src/types/common.types.ts +292 -0
package/src/types/contract.test.ts +217 -0
package/src/types/errors.ts +52 -0
package/src/types/framework.types.ts +87 -0
package/src/types/passport-schemas.ts +241 -0
package/src/types/passport.types.ts +296 -0
package/src/version.ts +1 -0
package/tsconfig.json +20 -0
package/vitest.config.ts +9 -0

package/src/server.ts ADDED Viewed

@@ -0,0 +1,134 @@
+import { mkdir, writeFile, unlinkSync, readFileSync } from 'node:fs';
+import { dirname, resolve } from 'node:path';
+import { serve } from '@hono/node-server';
+import { loadApplication } from './composition-root.js';
+import { createLogger } from './infra/logger.js';
+import { withRetry } from './infra/retry.js';
+import { ENGINE_VERSION } from './version.js';
+// ── Load user's .complior/.env (API keys for LLM judge, fix --ai, etc.) ────────
+// Users place their API keys in <project>/.complior/.env.
+// We never load the project root .env (it may contain PORT, DATABASE_URL, etc. for the user's own app).
+const loadEnvFile = (filePath: string): void => {
+  try {
+    const content = readFileSync(filePath, 'utf-8');
+    for (const line of content.split('\n')) {
+      const trimmed = line.trim();
+      if (!trimmed || trimmed.startsWith('#')) continue;
+      const eqIdx = trimmed.indexOf('=');
+      if (eqIdx < 1) continue;
+      const key = trimmed.slice(0, eqIdx).trim();
+      const val = trimmed.slice(eqIdx + 1).trim().replace(/^["']|["']$/g, '');
+      if (process.env[key] === undefined) {
+        process.env[key] = val;
+      }
+    }
+  } catch {
+    // File doesn't exist — expected
+  }
+};
+const projectDir = process.env['COMPLIOR_PROJECT_PATH'] ?? process.cwd();
+loadEnvFile(resolve(projectDir, '.complior', '.env'));
+const log = createLogger('server');
+const PORT = Number(process.env['PORT'] ?? 3099);
+const isMcpMode = process.argv.includes('mcp-server');
+const pidFilePath = process.env['COMPLIOR_PID_FILE'] ?? '';
+const watchMode = process.env['COMPLIOR_WATCH'] === '1';
+const writePidFile = (port: number): void => {
+  if (!pidFilePath) return;
+  const info = JSON.stringify({
+    pid: process.pid,
+    port,
+    started_at: new Date().toISOString(),
+  });
+  mkdir(dirname(pidFilePath), { recursive: true }, (mkdirErr) => {
+    if (mkdirErr) {
+      log.warn(`Failed to create PID dir: ${mkdirErr.message}`);
+      return;
+    }
+    writeFile(pidFilePath, info, (writeErr) => {
+      if (writeErr) log.warn(`Failed to write PID file: ${writeErr.message}`);
+      else log.info(`PID file written: ${pidFilePath}`);
+    });
+  });
+};
+const removePidFile = (): void => {
+  if (!pidFilePath) return;
+  try {
+    unlinkSync(pidFilePath);
+    log.info('PID file removed');
+  } catch {
+    // Already gone or never written — fine
+  }
+};
+const startHttp = async (): Promise<void> => {
+  log.info('Loading regulation data...');
+  const { app, startWatcher } = await loadApplication();
+  const server = serve({ fetch: app.fetch, port: PORT }, () => {
+    log.info(`Complior Engine v${ENGINE_VERSION} running on http://127.0.0.1:${PORT}`);
+    // Write PID file after server binds (daemon mode)
+    writePidFile(PORT);
+    // Start file watcher: always in daemon watch mode, or legacy default
+    if (watchMode) {
+      startWatcher();
+      log.info('File watcher started (daemon mode)');
+    } else {
+      // US-S0202: start file watcher for Compliance Gate (legacy default)
+      startWatcher();
+    }
+  });
+  // Background: fetch data bundle from SaaS (5s delay, then every 5min)
+  const saasUrl = process.env['PROJECT_API_URL'] ?? '';
+  if (saasUrl && process.env['OFFLINE_MODE'] !== '1') {
+    const { createBundleFetcher } = await import('./infra/bundle-fetcher.js');
+    const cacheDir = process.env['COMPLIOR_CACHE_DIR'] ?? '/tmp/complior-cache';
+    const bundleFetcher = createBundleFetcher(saasUrl, cacheDir);
+    const fetchBundle = () => withRetry(() => bundleFetcher.fetchIfUpdated()).catch((err: unknown) => { log.warn('Background bundle fetch failed:', err); });
+    setTimeout(fetchBundle, 5_000);
+    setInterval(fetchBundle, 300_000);
+  }
+  const shutdown = (): void => {
+    log.info('Graceful shutdown...');
+    removePidFile();
+    server.close(() => {
+      log.info('Server closed');
+      process.exit(0);
+    });
+  };
+  process.on('SIGINT', shutdown);
+  process.on('SIGTERM', shutdown);
+};
+const startMcp = async (): Promise<void> => {
+  const application = await loadApplication();
+  const { state, setLastScanResult } = application;
+  const { createMcpStack } = await import('./mcp/create-mcp-stack.js');
+  const { mcpServer } = await createMcpStack({
+    regulationData: state.regulationData,
+    projectPath: state.projectPath,
+    getLastScanResult: () => state.lastScanResult,
+    setLastScanResult,
+    version: state.version,
+  });
+  await mcpServer.start();
+};
+const main = isMcpMode ? startMcp : startHttp;
+main().catch((err: unknown) => {
+  log.error(`Failed to start engine${isMcpMode ? ' (MCP mode)' : ''}:`, err);
+  process.exit(1);
+});

package/src/services/badge-service.ts ADDED Viewed

@@ -0,0 +1,67 @@
+import { resolve, dirname } from 'node:path';
+import { mkdir, writeFile } from 'node:fs/promises';
+import type { ScanResult } from '../types/common.types.js';
+import type { EventBusPort } from '../ports/events.port.js';
+import { generateBadgeSvg } from '../domain/reporter/badge-generator.js';
+import { generateComplianceMd } from '../domain/reporter/compliance-md.js';
+export interface BadgeServiceDeps {
+  readonly events: EventBusPort;
+  readonly getProjectPath: () => string;
+  readonly getLastScanResult: () => ScanResult | null;
+  readonly getVersion: () => string;
+}
+export const createBadgeService = (deps: BadgeServiceDeps) => {
+  const { events, getProjectPath, getLastScanResult, getVersion } = deps;
+  let cachedSvg = '';
+  const generateBadge = async (): Promise<{ svg: string; md: string; embedCode: string }> => {
+    const scanResult = getLastScanResult();
+    if (!scanResult) {
+      throw new Error('No scan result available. Run a scan first.');
+    }
+    const { score } = scanResult;
+    const date = new Date().toISOString().slice(0, 10);
+    const svg = generateBadgeSvg(score.totalScore, score.zone, 'EU', date);
+    const md = generateComplianceMd(scanResult, getVersion());
+    const projectPath = getProjectPath();
+    const badgePath = resolve(projectPath, '.complior', 'badge.svg');
+    const mdPath = resolve(projectPath, 'COMPLIANCE.md');
+    await mkdir(dirname(badgePath), { recursive: true });
+    await writeFile(badgePath, svg, 'utf-8');
+    await writeFile(mdPath, md, 'utf-8');
+    cachedSvg = svg;
+    events.emit('badge.generated', {
+      path: badgePath,
+      score: score.totalScore,
+      zone: score.zone,
+    });
+    const embedCode = `![Compliance Badge](.complior/badge.svg)`;
+    return { svg, md, embedCode };
+  };
+  const getBadgeSvg = (): string => {
+    if (cachedSvg) return cachedSvg;
+    const scanResult = getLastScanResult();
+    if (!scanResult) return '';
+    const { score } = scanResult;
+    const date = new Date().toISOString().slice(0, 10);
+    cachedSvg = generateBadgeSvg(score.totalScore, score.zone, 'EU', date);
+    return cachedSvg;
+  };
+  return Object.freeze({ generateBadge, getBadgeSvg });
+};
+export type BadgeService = ReturnType<typeof createBadgeService>;

package/src/services/chat-service.test.ts ADDED Viewed

@@ -0,0 +1,162 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { mkdtemp, readFile, rm } from 'node:fs/promises';
+import { join } from 'node:path';
+import { tmpdir } from 'node:os';
+import type { CoreMessage } from 'ai';
+import { createChatService, type ChatServiceDeps } from './chat-service.js';
+const createTestDeps = (overrides: Partial<ChatServiceDeps> = {}): ChatServiceDeps => {
+  const history: CoreMessage[] = [];
+  return {
+    getConversationHistory: () => history,
+    appendConversationHistory: (msg) => { history.push(msg); },
+    getProjectPath: () => '/test/project',
+    getVersion: () => '1.0.0-test',
+    getLastScanResult: () => null,
+    getRegulationData: () => ({
+      obligations: { obligations: [] },
+      scoring: undefined,
+    }),
+    getPassportSummary: async () => null,
+    getChatHistoryPath: () => '/tmp/test-chat-history.json',
+    ...overrides,
+  };
+};
+describe('ChatService', () => {
+  describe('buildSystemPrompt', () => {
+    it('includes deadline', async () => {
+      const svc = createChatService(createTestDeps());
+      const prompt = await svc.buildSystemPrompt();
+      expect(prompt).toContain('EU AI Act full enforcement deadline: 2 August 2026');
+      expect(prompt).toMatch(/\d+d left/);
+    });
+    it('includes passport data when available', async () => {
+      const svc = createChatService(createTestDeps({
+        getPassportSummary: async () => ({
+          name: 'test-agent',
+          type: 'chatbot',
+          riskClass: 'high',
+          autonomyLevel: 'L3',
+          completeness: 75,
+        }),
+      }));
+      const prompt = await svc.buildSystemPrompt();
+      expect(prompt).toContain('Agent Passport');
+      expect(prompt).toContain('Name: test-agent');
+      expect(prompt).toContain('Risk class: high');
+      expect(prompt).toContain('Autonomy level: L3');
+      expect(prompt).toContain('Completeness: 75%');
+    });
+    it('includes top findings from last scan', async () => {
+      const svc = createChatService(createTestDeps({
+        getLastScanResult: () => ({
+          score: { totalScore: 42, zone: 'red', breakdown: {} as never },
+          filesScanned: 10,
+          findings: [
+            { checkId: 'l1-risk', message: 'Missing risk assessment', severity: 'critical', type: 'fail', layer: 'L1', category: 'risk' },
+            { checkId: 'l2-fria', message: 'Incomplete FRIA', severity: 'high', type: 'fail', layer: 'L2', category: 'docs' },
+            { checkId: 'l3-sdk', message: 'No SDK wrapper', severity: 'medium', type: 'fail', layer: 'L3', category: 'code' },
+          ],
+          timestamp: new Date().toISOString(),
+        } as never),
+      }));
+      const prompt = await svc.buildSystemPrompt();
+      expect(prompt).toContain('[CRITICAL] l1-risk: Missing risk assessment');
+      expect(prompt).toContain('[HIGH] l2-fria: Incomplete FRIA');
+      // medium severity should not be in top findings
+      expect(prompt).not.toContain('l3-sdk');
+    });
+    it('skips passport section when unavailable', async () => {
+      const svc = createChatService(createTestDeps());
+      const prompt = await svc.buildSystemPrompt();
+      expect(prompt).not.toContain('Agent Passport');
+    });
+  });
+  describe('loadHistory / saveHistory', () => {
+    let tmpDir: string;
+    beforeEach(async () => {
+      tmpDir = await mkdtemp(join(tmpdir(), 'chat-test-'));
+    });
+    afterEach(async () => {
+      await rm(tmpDir, { recursive: true, force: true });
+    });
+    it('round-trips chat history through disk', async () => {
+      const historyPath = join(tmpDir, 'chat-history.json');
+      const history: CoreMessage[] = [];
+      const svc = createChatService(createTestDeps({
+        getConversationHistory: () => history,
+        appendConversationHistory: (msg) => { history.push(msg); },
+        getChatHistoryPath: () => historyPath,
+      }));
+      // Add messages
+      svc.appendConversationHistory({ role: 'user', content: 'Hello' });
+      svc.appendConversationHistory({ role: 'assistant', content: 'Hi there!' });
+      await svc.saveHistory();
+      // Verify file exists
+      const raw = await readFile(historyPath, 'utf-8');
+      const saved = JSON.parse(raw) as CoreMessage[];
+      expect(saved).toHaveLength(2);
+      expect(saved[0]!.role).toBe('user');
+      expect(saved[1]!.role).toBe('assistant');
+      // Load into a fresh service
+      const history2: CoreMessage[] = [];
+      const svc2 = createChatService(createTestDeps({
+        getConversationHistory: () => history2,
+        appendConversationHistory: (msg) => { history2.push(msg); },
+        getChatHistoryPath: () => historyPath,
+      }));
+      await svc2.loadHistory();
+      expect(history2).toHaveLength(2);
+      expect(history2[0]!.content).toBe('Hello');
+    });
+    it('truncates history to 100 messages', async () => {
+      const historyPath = join(tmpDir, 'chat-history.json');
+      // Write 120 messages directly
+      const messages: CoreMessage[] = Array.from({ length: 120 }, (_, i) => ({
+        role: (i % 2 === 0 ? 'user' : 'assistant') as 'user' | 'assistant',
+        content: `Message ${i}`,
+      }));
+      const { writeFile } = await import('node:fs/promises');
+      await writeFile(historyPath, JSON.stringify(messages), 'utf-8');
+      const history: CoreMessage[] = [];
+      const svc = createChatService(createTestDeps({
+        getConversationHistory: () => history,
+        appendConversationHistory: (msg) => { history.push(msg); },
+        getChatHistoryPath: () => historyPath,
+      }));
+      await svc.loadHistory();
+      // Should only load last 100
+      expect(history).toHaveLength(100);
+      expect(history[0]!.content).toBe('Message 20');
+    });
+    it('handles missing history file gracefully', async () => {
+      const historyPath = join(tmpDir, 'nonexistent.json');
+      const history: CoreMessage[] = [];
+      const svc = createChatService(createTestDeps({
+        getConversationHistory: () => history,
+        appendConversationHistory: (msg) => { history.push(msg); },
+        getChatHistoryPath: () => historyPath,
+      }));
+      await svc.loadHistory();
+      expect(history).toHaveLength(0);
+    });
+  });
+});

package/src/services/chat-service.ts ADDED Viewed

@@ -0,0 +1,152 @@
+import { readFile, writeFile, mkdir } from 'node:fs/promises';
+import { dirname } from 'node:path';
+import { z } from 'zod';
+import { createLogger } from '../infra/logger.js';
+import type { CoreMessage } from 'ai';
+import type { ScanResult } from '../types/common.types.js';
+import type { PassportSummary } from '../types/passport.types.js';
+import type { RegulationData } from '../data/regulation/regulation-loader.js';
+import { EU_AI_ACT_DEADLINE } from '../domain/shared/compliance-constants.js';
+/** Maximum chat messages retained in history (disk + memory). */
+const MAX_HISTORY = 100;
+/** Maximum top findings shown in system prompt. */
+const MAX_TOP_FINDINGS = 5;
+/** Zod schema for validating CoreMessage from disk. */
+const CoreMessageSchema = z.object({
+  role: z.enum(['user', 'assistant', 'system', 'tool']),
+  content: z.unknown(),
+});
+const ChatHistorySchema = z.array(CoreMessageSchema);
+export interface ChatServiceDeps {
+  readonly getConversationHistory: () => CoreMessage[];
+  readonly appendConversationHistory: (message: CoreMessage) => void;
+  readonly getProjectPath: () => string;
+  readonly getVersion: () => string;
+  readonly getLastScanResult: () => ScanResult | null;
+  readonly getRegulationData: () => RegulationData;
+  readonly getPassportSummary: () => Promise<PassportSummary | null>;
+  readonly getChatHistoryPath: () => string;
+}
+const log = createLogger('chat-service');
+export const createChatService = (deps: ChatServiceDeps) => {
+  const {
+    getConversationHistory,
+    appendConversationHistory,
+    getProjectPath,
+    getVersion,
+    getLastScanResult,
+    getRegulationData,
+    getPassportSummary,
+    getChatHistoryPath,
+  } = deps;
+  const buildSystemPrompt = async (): Promise<string> => {
+    const parts: string[] = [];
+    parts.push('You are Complior — an EU AI Act compliance assistant and AI coding agent.');
+    parts.push('You help developers ensure their AI systems comply with the EU AI Act regulation.');
+    parts.push('');
+    parts.push('## Capabilities');
+    parts.push('You have access to tools for scanning projects, reading/writing files, searching code, running commands, and git operations.');
+    parts.push('When asked to analyze or fix compliance issues, use the available tools to inspect the codebase and make changes.');
+    parts.push('');
+    parts.push('## Guidelines');
+    parts.push('- Always think step-by-step before acting');
+    parts.push('- Read files before editing them');
+    parts.push('- After making changes that affect compliance, run a scan to verify the impact');
+    parts.push('- Be precise and concise in explanations');
+    parts.push('- Reference specific EU AI Act articles when relevant');
+    parts.push('');
+    parts.push(`## Current Context`);
+    parts.push(`- Project path: ${getProjectPath()}`);
+    parts.push(`- Engine version: ${getVersion()}`);
+    // Deadline
+    const daysLeft = Math.max(0, Math.ceil((EU_AI_ACT_DEADLINE.getTime() - Date.now()) / (1000 * 60 * 60 * 24)));
+    parts.push(`- EU AI Act full enforcement deadline: 2 August 2026 (${daysLeft}d left)`);
+    const lastScan = getLastScanResult();
+    if (lastScan) {
+      const { totalScore, zone } = lastScan.score;
+      parts.push(`- Last scan score: ${totalScore}/100 (${zone} zone)`);
+      parts.push(`- Files scanned: ${lastScan.filesScanned}`);
+      // Top critical/high findings
+      const topFindings = lastScan.findings
+        .filter(f => f.severity === 'critical' || f.severity === 'high')
+        .slice(0, MAX_TOP_FINDINGS);
+      if (topFindings.length > 0) {
+        parts.push('');
+        parts.push('## Top Findings');
+        for (const f of topFindings) {
+          parts.push(`- [${f.severity.toUpperCase()}] ${f.checkId}: ${f.message}`);
+        }
+      }
+    }
+    // Passport summary
+    try {
+      const passport = await getPassportSummary();
+      if (passport) {
+        parts.push('');
+        parts.push('## Agent Passport');
+        parts.push(`- Name: ${passport.name}`);
+        parts.push(`- Type: ${passport.type}`);
+        parts.push(`- Risk class: ${passport.riskClass}`);
+        parts.push(`- Autonomy level: ${passport.autonomyLevel}`);
+        parts.push(`- Completeness: ${passport.completeness}%`);
+      }
+    } catch { /* passport unavailable — skip */ }
+    const regulationData = getRegulationData();
+    const obligations = regulationData.obligations.obligations;
+    if (obligations.length > 0) {
+      parts.push('');
+      parts.push('## Key EU AI Act Obligations');
+      for (const ob of obligations.slice(0, 10)) {
+        const riskLevels = ob.applies_to_risk_level.join(', ');
+        parts.push(`- ${ob.obligation_id}: ${ob.title} (${riskLevels})`);
+      }
+    }
+    return parts.join('\n');
+  };
+  const loadHistory = async (): Promise<void> => {
+    try {
+      const raw = await readFile(getChatHistoryPath(), 'utf-8');
+      const parsed = ChatHistorySchema.safeParse(JSON.parse(raw));
+      if (!parsed.success) { log.warn('Invalid chat history on disk:', parsed.error.message); return; }
+      const recent = parsed.data.slice(-MAX_HISTORY);
+      for (const msg of recent) {
+        appendConversationHistory(msg as CoreMessage);
+      }
+    } catch { /* no history file — expected on first run */ }
+  };
+  const saveHistory = async (): Promise<void> => {
+    const historyPath = getChatHistoryPath();
+    const history = getConversationHistory().slice(-MAX_HISTORY);
+    try {
+      await mkdir(dirname(historyPath), { recursive: true });
+      await writeFile(historyPath, JSON.stringify(history), 'utf-8');
+    } catch { /* ignore write errors */ }
+  };
+  return Object.freeze({
+    buildSystemPrompt,
+    getConversationHistory,
+    appendConversationHistory,
+    getProjectPath,
+    loadHistory,
+    saveHistory,
+  });
+};
+export type ChatService = ReturnType<typeof createChatService>;

package/src/services/cost-service.ts ADDED Viewed

@@ -0,0 +1,52 @@
+/**
+ * US-S05-27: Cost Estimation Service
+ *
+ * Orchestrates cost estimation by gathering scan results, passport completeness,
+ * and evidence chain state, then delegates to the pure domain function.
+ */
+import type { ScanResult } from '../types/common.types.js';
+import type { CostEstimateResult } from '../domain/cost/cost-estimator.js';
+import { computeCostEstimate } from '../domain/cost/cost-estimator.js';
+import { DEFAULT_HOURLY_RATE } from '../domain/shared/compliance-constants.js';
+export interface CostServiceDeps {
+  readonly getLastScanResult: () => ScanResult | null;
+  readonly getPassportCompleteness: (
+    name?: string,
+  ) => Promise<{ score: number; friaCompleted: boolean }>;
+  readonly getEvidenceValid: () => Promise<boolean>;
+}
+export interface CostService {
+  readonly estimate: (
+    hourlyRate?: number,
+    agentName?: string,
+  ) => Promise<CostEstimateResult>;
+}
+export const createCostService = (deps: CostServiceDeps): CostService => {
+  const estimate = async (
+    hourlyRate = DEFAULT_HOURLY_RATE,
+    agentName?: string,
+  ): Promise<CostEstimateResult> => {
+    const scan = deps.getLastScanResult();
+    const findings = scan?.findings ?? [];
+    const completeness = await deps.getPassportCompleteness(agentName);
+    const evidenceValid = await deps.getEvidenceValid();
+    return computeCostEstimate({
+      findings: findings.map((f) => ({
+        severity: f.severity,
+        checkId: f.checkId,
+        status: f.type ?? 'fail',
+      })),
+      passportCompleteness: completeness.score,
+      friaCompleted: completeness.friaCompleted,
+      evidenceValid,
+      hourlyRate,
+    });
+  };
+  return Object.freeze({ estimate });
+};

package/src/services/debt-service.ts ADDED Viewed

@@ -0,0 +1,65 @@
+/**
+ * US-S05-22: Compliance Debt Service
+ *
+ * Application service that gathers inputs from scan results, passport, and
+ * evidence store, then delegates to the pure domain computeDebt function.
+ */
+import type { ScanResult } from '../types/common.types.js';
+import type { DebtResult } from '../domain/scanner/debt-calculator.js';
+import { computeDebt } from '../domain/scanner/debt-calculator.js';
+export interface DebtServiceDeps {
+  readonly getLastScanResult: () => ScanResult | null;
+  readonly getPassportCompleteness: () => Promise<number>;
+  readonly getEvidenceFreshness: () => Promise<number>;
+}
+/** Extended result with optional trend data (previous debt score). */
+export interface DebtResultWithTrend extends DebtResult {
+  readonly previousDebt?: number;
+}
+export interface DebtService {
+  readonly getDebt: (includeTrend?: boolean) => Promise<DebtResultWithTrend>;
+}
+export const createDebtService = (deps: DebtServiceDeps): DebtService => {
+  /** In-memory previous debt score for trend comparison. */
+  let previousDebt: number | undefined;
+  const getDebt = async (includeTrend = false): Promise<DebtResultWithTrend> => {
+    const scan = deps.getLastScanResult();
+    const findings = scan?.findings ?? [];
+    const passportCompleteness = await deps.getPassportCompleteness();
+    const evidenceFreshness = await deps.getEvidenceFreshness();
+    // Calculate days since last scan
+    const daysSinceLastScan = scan?.scannedAt
+      ? Math.max(0, (Date.now() - new Date(scan.scannedAt).getTime()) / (1000 * 60 * 60 * 24))
+      : 30;
+    const result = computeDebt({
+      findings: findings.map((f) => ({
+        severity: f.severity,
+        status: f.type ?? 'fail',
+        checkId: f.checkId,
+        createdAt: undefined,
+      })),
+      passportCompleteness,
+      evidenceFreshness,
+      daysSinceLastScan: Math.round(daysSinceLastScan),
+    });
+    const withTrend: DebtResultWithTrend = includeTrend && previousDebt !== undefined
+      ? { ...result, previousDebt }
+      : result;
+    // Store current for next trend comparison
+    previousDebt = result.totalDebt;
+    return withTrend;
+  };
+  return Object.freeze({ getDebt });
+};