@complior/engine 0.9.0

package/src/services/undo-service.ts

@@ -0,0 +1,144 @@
+import { resolve, dirname } from 'node:path';
+import { mkdir, copyFile, unlink, readFile, writeFile } from 'node:fs/promises';
+import { z } from 'zod';
+import type { EventBusPort } from '../ports/events.port.js';
+import type { ScanService } from './scan-service.js';
+import type { FixPlan, FixResult, FixValidation, FixHistory, FixHistoryEntry, FixHistoryFile } from '../domain/fixer/types.js';
+import type { ScanResult } from '../types/common.types.js';
+import { createEmptyHistory, addEntry, markUndone, getLastApplied, getById } from '../domain/fixer/fix-history.js';
+
+const FixHistoryFileSchema = z.object({
+  path: z.string(),
+  action: z.enum(['create', 'edit', 'splice']),
+  backupPath: z.string(),
+});
+
+const FixHistoryEntrySchema = z.object({
+  id: z.number(),
+  checkId: z.string(),
+  obligationId: z.string(),
+  fixType: z.enum(['code_injection', 'template_generation', 'config_fix', 'metadata_generation', 'dependency_fix', 'ai_enrichment']),
+  status: z.enum(['applied', 'undone']),
+  timestamp: z.string(),
+  files: z.array(FixHistoryFileSchema),
+  scoreBefore: z.number(),
+  scoreAfter: z.number(),
+});
+
+const FixHistorySchema = z.object({
+  fixes: z.array(FixHistoryEntrySchema),
+});
+
+export interface UndoServiceDeps {
+  readonly events: EventBusPort;
+  readonly scanService: ScanService;
+  readonly getProjectPath: () => string;
+  readonly getHistoryPath: () => string;
+  readonly getLastScanResult: () => ScanResult | null;
+}
+
+export const createUndoService = (deps: UndoServiceDeps) => {
+  const { events, scanService, getProjectPath, getHistoryPath, getLastScanResult } = deps;
+
+  const loadHistory = async (): Promise<FixHistory> => {
+    try {
+      const raw = await readFile(getHistoryPath(), 'utf-8');
+      return FixHistorySchema.parse(JSON.parse(raw));
+    } catch {
+      return createEmptyHistory();
+    }
+  };
+
+  const saveHistory = async (history: FixHistory): Promise<void> => {
+    const historyPath = getHistoryPath();
+    await mkdir(dirname(historyPath), { recursive: true });
+    await writeFile(historyPath, JSON.stringify(history, null, 2), 'utf-8');
+  };
+
+  const recordFix = async (result: FixResult, plan: FixPlan): Promise<void> => {
+    const history = await loadHistory();
+    const nextId = history.fixes.length > 0
+      ? Math.max(...history.fixes.map((f) => f.id)) + 1
+      : 1;
+
+    const files: FixHistoryFile[] = plan.actions.map((action, i) => ({
+      path: action.path,
+      action: action.type,
+      backupPath: result.backedUpFiles[i] ?? '',
+    }));
+
+    const entry: FixHistoryEntry = {
+      id: nextId,
+      checkId: plan.checkId,
+      obligationId: plan.obligationId,
+      fixType: plan.fixType,
+      status: 'applied',
+      timestamp: new Date().toISOString(),
+      files,
+      scoreBefore: result.scoreBefore,
+      scoreAfter: result.scoreAfter,
+    };
+
+    await saveHistory(addEntry(history, entry));
+  };
+
+  const undoEntry = async (entry: FixHistoryEntry): Promise<FixValidation> => {
+    const projectPath = getProjectPath();
+    const scoreBefore = getLastScanResult()?.score.totalScore ?? 0;
+    const restoredFiles: string[] = [];
+
+    for (const file of entry.files) {
+      const fullPath = resolve(projectPath, file.path);
+      if (file.action === 'create') {
+        try { await unlink(fullPath); } catch { /* already removed */ }
+      } else {
+        await mkdir(dirname(fullPath), { recursive: true });
+        await copyFile(file.backupPath, fullPath);
+      }
+      restoredFiles.push(file.path);
+    }
+
+    // Mark as undone in history
+    const history = await loadHistory();
+    await saveHistory(markUndone(history, entry.id));
+
+    // Re-scan to get updated score
+    const newResult = await scanService.scan(projectPath);
+    const scoreAfter = newResult.score.totalScore;
+
+    events.emit('fix.undone', { checkId: entry.checkId, restoredFiles });
+
+    const findingAfter = newResult.findings.find((f) => f.checkId === entry.checkId);
+
+    return {
+      checkId: entry.checkId,
+      obligationId: entry.obligationId,
+      article: '',
+      before: 'pass',
+      after: findingAfter?.type ?? 'fail',
+      scoreDelta: scoreAfter - scoreBefore,
+      totalScore: scoreAfter,
+    };
+  };
+
+  const undoLast = async (): Promise<FixValidation> => {
+    const history = await loadHistory();
+    const entry = getLastApplied(history);
+    if (!entry) throw new Error('No applied fixes to undo');
+    return undoEntry(entry);
+  };
+
+  const undoById = async (id: number): Promise<FixValidation> => {
+    const history = await loadHistory();
+    const entry = getById(history, id);
+    if (!entry) throw new Error(`Fix #${id} not found`);
+    if (entry.status === 'undone') throw new Error(`Fix #${id} already undone`);
+    return undoEntry(entry);
+  };
+
+  const getHistory = async (): Promise<FixHistory> => loadHistory();
+
+  return Object.freeze({ recordFix, undoLast, undoById, getHistory });
+};
+
+export type UndoService = ReturnType<typeof createUndoService>;

package/src/test-helpers/factories.ts

@@ -0,0 +1,116 @@
+import type {
+  Finding,
+  CheckResult,
+  ScanResult,
+  CompliorConfig,
+  ProjectProfile,
+} from '../types/common.types.js';
+import type { AgentPassport } from '../types/passport.types.js';
+import type { FileInfo, ScanContext } from '../ports/scanner.port.js';
+
+export const createMockFinding = (overrides?: Partial<Finding>): Finding => ({
+  checkId: 'CHECK-001',
+  type: 'fail',
+  message: 'Test finding',
+  severity: 'medium',
+  ...overrides,
+});
+
+export const createMockCheckResult = (overrides?: Partial<Extract<CheckResult, { readonly type: 'fail' }>>): CheckResult => ({
+  type: 'fail',
+  checkId: 'CHECK-001',
+  message: 'Test check result',
+  severity: 'medium',
+  ...overrides,
+});
+
+export const createMockScanResult = (overrides?: Partial<ScanResult>): ScanResult => ({
+  score: {
+    totalScore: 75,
+    zone: 'yellow',
+    categoryScores: [],
+    criticalCapApplied: false,
+    totalChecks: 10,
+    passedChecks: 7,
+    failedChecks: 2,
+    skippedChecks: 1,
+  },
+  findings: [],
+  projectPath: '/test/project',
+  scannedAt: new Date().toISOString(),
+  duration: 150,
+  filesScanned: 10,
+  ...overrides,
+});
+
+export const createMockConfig = (overrides?: Partial<CompliorConfig>): CompliorConfig => ({
+  projectPath: '/test/project',
+  extends: ['complior:eu-ai-act'],
+  exclude: ['node_modules', '.git', 'dist', 'build'],
+  severity: 'low',
+  outputFormat: 'json',
+  ...overrides,
+});
+
+export const createMockProjectProfile = (overrides?: Partial<ProjectProfile>): ProjectProfile => ({
+  frameworks: [{ name: 'Next.js', version: '^14.0.0', confidence: 1.0 }],
+  aiTools: [{ name: 'OpenAI', version: '^4.0.0', type: 'sdk' }],
+  languages: ['TypeScript', 'JavaScript'],
+  hasPackageJson: true,
+  detectedModels: ['gpt-4'],
+  ...overrides,
+});
+
+export const createMockPassport = (overrides?: Partial<AgentPassport>): AgentPassport => ({
+  $schema: 'https://complior.dev/schemas/agent-manifest-v1.json',
+  manifest_version: '1.0.0',
+  agent_id: 'agent-test-001',
+  name: 'test-agent',
+  display_name: 'Test Agent',
+  description: 'An AI agent for testing compliance',
+  version: '1.0.0',
+  created: '2026-01-01T00:00:00Z',
+  updated: '2026-01-01T00:00:00Z',
+  owner: { team: 'Acme Corp', contact: 'admin@acme.com', responsible_person: 'Jane Doe' },
+  type: 'assistive',
+  autonomy_level: 'L2',
+  autonomy_evidence: { human_approval_gates: 3, unsupervised_actions: 1, no_logging_actions: 0, auto_rated: true },
+  framework: 'openai-sdk',
+  model: { provider: 'OpenAI', model_id: 'gpt-4', deployment: 'cloud', data_residency: 'EU' },
+  permissions: { tools: ['search', 'read'], data_access: { read: ['docs'], write: [], delete: [] }, denied: [] },
+  constraints: {
+    rate_limits: { max_actions_per_minute: 60 },
+    budget: { max_cost_per_session_usd: 10 },
+    human_approval_required: ['deploy', 'delete'],
+    prohibited_actions: [],
+  },
+  compliance: {
+    eu_ai_act: {
+      risk_class: 'high',
+      applicable_articles: ['Art. 9', 'Art. 27'],
+      deployer_obligations_met: ['OBL-013'],
+      deployer_obligations_pending: ['OBL-014'],
+    },
+    complior_score: 72,
+    last_scan: '2026-01-01T00:00:00Z',
+  },
+  disclosure: { user_facing: true, disclosure_text: 'AI-powered', ai_marking: { responses_marked: true, method: 'header' } },
+  logging: { actions_logged: true, retention_days: 90, includes_decision_rationale: true },
+  lifecycle: { status: 'active', deployed_since: '2026-01-01', next_review: '2026-06-01', review_frequency_days: 90 },
+  interop: { mcp_servers: [] },
+  source: { mode: 'auto', generated_by: 'complior', code_analyzed: true, fields_auto_filled: ['name'], fields_manual: [], confidence: 0.85 },
+  signature: { algorithm: 'ed25519', public_key: 'test', signed_at: '2026-01-01T00:00:00Z', hash: 'sha256:test', value: 'test' },
+  ...overrides,
+} as AgentPassport);
+
+export const createScanFile = (relativePath: string, content: string): FileInfo => ({
+  path: `/test/project/${relativePath}`,
+  content,
+  extension: `.${relativePath.split('.').pop()}`,
+  relativePath,
+});
+
+export const createScanCtx = (files: readonly FileInfo[]): ScanContext => ({
+  files,
+  projectPath: '/test/project',
+});

package/src/types/common.schemas.ts

@@ -0,0 +1,147 @@
+import { z } from 'zod';
+import type { ScanResult, EvidenceChain } from './common.types.js';
+
+// --- Sub-schemas ---
+
+const EvidenceSchema = z.object({
+  findingId: z.string(),
+  layer: z.string(),
+  timestamp: z.string(),
+  source: z.string(),
+  snippet: z.string().optional(),
+  file: z.string().optional(),
+  line: z.number().optional(),
+});
+
+const CodeContextLineSchema = z.object({
+  num: z.number(),
+  content: z.string(),
+});
+
+const CodeContextSchema = z.object({
+  lines: z.array(CodeContextLineSchema),
+  startLine: z.number(),
+  highlightLine: z.number().optional(),
+});
+
+const FixDiffSchema = z.object({
+  before: z.array(z.string()),
+  after: z.array(z.string()),
+  startLine: z.number(),
+  filePath: z.string(),
+  importLine: z.string().optional(),
+});
+
+const FindingExplanationSchema = z.object({
+  article: z.string(),
+  penalty: z.string(),
+  deadline: z.string(),
+  business_impact: z.string(),
+});
+
+const FindingSchema = z.object({
+  checkId: z.string(),
+  type: z.enum(['pass', 'fail', 'skip']),
+  message: z.string(),
+  severity: z.enum(['critical', 'high', 'medium', 'low', 'info']),
+  file: z.string().optional(),
+  line: z.number().optional(),
+  obligationId: z.string().optional(),
+  articleReference: z.string().optional(),
+  fix: z.string().optional(),
+  priority: z.number().optional(),
+  confidence: z.number().optional(),
+  confidenceLevel: z.string().optional(),
+  evidence: z.array(EvidenceSchema).optional(),
+  codeContext: CodeContextSchema.optional(),
+  fixDiff: FixDiffSchema.optional(),
+  explanation: FindingExplanationSchema.optional(),
+});
+
+// --- Score schemas ---
+
+const CategoryScoreSchema = z.object({
+  category: z.string(),
+  weight: z.number(),
+  score: z.number(),
+  obligationCount: z.number(),
+  passedCount: z.number(),
+});
+
+const ConfidenceSummarySchema = z.object({
+  pass: z.number(),
+  likelyPass: z.number(),
+  uncertain: z.number(),
+  likelyFail: z.number(),
+  fail: z.number(),
+  total: z.number(),
+});
+
+const ScoreBreakdownSchema = z.object({
+  totalScore: z.number(),
+  zone: z.enum(['red', 'yellow', 'green']),
+  categoryScores: z.array(CategoryScoreSchema),
+  criticalCapApplied: z.boolean(),
+  totalChecks: z.number(),
+  passedChecks: z.number(),
+  failedChecks: z.number(),
+  skippedChecks: z.number(),
+  confidenceSummary: ConfidenceSummarySchema.optional(),
+});
+
+const RegulationVersionSchema = z.object({
+  regulation: z.string(),
+  version: z.string(),
+  rulesVersion: z.string(),
+  checkCount: z.number(),
+  lastUpdated: z.string(),
+});
+
+// --- Top-level I/O schemas ---
+
+const ScanResultSchema = z.object({
+  score: ScoreBreakdownSchema,
+  findings: z.array(FindingSchema),
+  projectPath: z.string(),
+  scannedAt: z.string(),
+  duration: z.number(),
+  filesScanned: z.number(),
+  deepAnalysis: z.boolean().optional(),
+  l5Cost: z.number().optional(),
+  regulationVersion: RegulationVersionSchema.optional(),
+});
+
+const EvidenceEntrySchema = z.object({
+  evidence: EvidenceSchema,
+  scanId: z.string(),
+  chainPrev: z.string().nullable(),
+  hash: z.string(),
+  signature: z.string(),
+});
+
+const EvidenceChainSchema = z.object({
+  version: z.literal('1.0.0'),
+  projectPath: z.string(),
+  entries: z.array(EvidenceEntrySchema),
+  lastHash: z.string(),
+});
+
+// --- Parse functions (never throw) ---
+
+export const parseScanResult = (json: string): ScanResult | null => {
+  try {
+    const result = ScanResultSchema.safeParse(JSON.parse(json));
+    return result.success ? (result.data as ScanResult) : null;
+  } catch {
+    return null;
+  }
+};
+
+export const parseEvidenceChain = (json: string): EvidenceChain | null => {
+  try {
+    const result = EvidenceChainSchema.safeParse(JSON.parse(json));
+    return result.success ? (result.data as EvidenceChain) : null;
+  } catch {
+    return null;
+  }
+};

package/src/types/common.types.ts

@@ -0,0 +1,292 @@
+import type { DocQualityLevel } from './passport.types.js';
+
+// --- Risk & Severity ---
+
+export type RiskLevel = 'unacceptable' | 'high' | 'limited' | 'minimal' | 'gpai' | 'gpai_systemic';
+
+export type Severity = 'critical' | 'high' | 'medium' | 'low' | 'info';
+
+const SEVERITY_ORDER: Record<Severity, number> = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
+
+/** Compare two severity values for sorting (most severe first). */
+export const compareSeverity = (a: Severity, b: Severity): number =>
+  (SEVERITY_ORDER[a] ?? 4) - (SEVERITY_ORDER[b] ?? 4);
+
+export type ComplianceStatus = 'fully_met' | 'partially_met' | 'not_met' | 'not_applicable';
+
+export type ScoreZone = 'red' | 'yellow' | 'green';
+
+export type ObligationType =
+  | 'training'
+  | 'documentation'
+  | 'organizational'
+  | 'assessment'
+  | 'technical'
+  | 'monitoring'
+  | 'reporting'
+  | 'transparency';
+
+export type Role = 'provider' | 'deployer' | 'both';
+
+// --- Check Results ---
+
+export type CheckResultType = 'pass' | 'fail' | 'skip' | 'info';
+
+export type CheckResult = Readonly<
+  | { readonly type: 'pass'; readonly checkId: string; readonly message: string }
+  | {
+      readonly type: 'fail';
+      readonly checkId: string;
+      readonly message: string;
+      readonly severity: Severity;
+      readonly obligationId?: string;
+      readonly articleReference?: string;
+      readonly fix?: string;
+      readonly file?: string;
+      readonly line?: number;
+    }
+  | {
+      readonly type: 'info';
+      readonly checkId: string;
+      readonly message: string;
+      readonly severity: Severity;
+      readonly obligationId?: string;
+      readonly articleReference?: string;
+      readonly fix?: string;
+      readonly file?: string;
+      readonly line?: number;
+    }
+  | { readonly type: 'skip'; readonly checkId: string; readonly reason: string }
+>;
+
+// --- Findings ---
+
+export interface Evidence {
+  readonly findingId: string;
+  readonly layer: string;
+  readonly timestamp: string;
+  readonly source: string;
+  readonly snippet?: string;
+  readonly file?: string;
+  readonly line?: number;
+}
+
+export interface CodeContextLine {
+  readonly num: number;
+  readonly content: string;
+}
+
+export interface CodeContext {
+  readonly lines: readonly CodeContextLine[];
+  readonly startLine: number;
+  readonly highlightLine?: number;
+}
+
+export interface FixDiff {
+  readonly before: readonly string[];
+  readonly after: readonly string[];
+  readonly startLine: number;
+  readonly filePath: string;
+  /** Import line to add at top of file (e.g. "import { complior } from '@complior/sdk'"). */
+  readonly importLine?: string;
+}
+
+export interface FindingExplanation {
+  readonly article: string;
+  readonly penalty: string;
+  readonly deadline: string;
+  readonly business_impact: string;
+}
+
+export interface Finding {
+  readonly checkId: string;
+  readonly type: CheckResultType;
+  readonly message: string;
+  readonly severity: Severity;
+  readonly file?: string;
+  readonly line?: number;
+  readonly obligationId?: string;
+  readonly articleReference?: string;
+  readonly fix?: string;
+  readonly priority?: number;
+  readonly confidence?: number;
+  readonly confidenceLevel?: string;
+  readonly evidence?: readonly Evidence[];
+  readonly codeContext?: CodeContext;
+  readonly fixDiff?: FixDiff;
+  readonly explanation?: FindingExplanation;
+  /** Agent passport name (enriched post-scan from passport source_files). */
+  readonly agentId?: string;
+  /** Document quality level (none → scaffold → draft → reviewed). */
+  readonly docQuality?: DocQualityLevel;
+  /** True when this finding was analyzed/modified by L5 LLM. */
+  readonly l5Analyzed?: boolean;
+}
+
+// --- Score ---
+
+export interface CategoryScore {
+  readonly category: string;
+  readonly weight: number;
+  readonly score: number;
+  readonly obligationCount: number;
+  readonly passedCount: number;
+}
+
+export interface ConfidenceSummary {
+  readonly pass: number;
+  readonly likelyPass: number;
+  readonly uncertain: number;
+  readonly likelyFail: number;
+  readonly fail: number;
+  readonly total: number;
+}
+
+export interface ScoreBreakdown {
+  readonly totalScore: number;
+  readonly zone: ScoreZone;
+  readonly categoryScores: readonly CategoryScore[];
+  readonly criticalCapApplied: boolean;
+  readonly totalChecks: number;
+  readonly passedChecks: number;
+  readonly failedChecks: number;
+  readonly skippedChecks: number;
+  readonly confidenceSummary?: ConfidenceSummary;
+}
+
+export interface ScoreDiff {
+  readonly before: number;
+  readonly after: number;
+  readonly delta: number;
+  readonly improved: readonly string[];
+  readonly degraded: readonly string[];
+}
+
+// --- Scan Tiers ---
+
+export type ScanTier = 1 | 2 | 3;
+
+export type ExternalToolName = 'semgrep' | 'bandit' | 'modelscan' | 'detect-secrets';
+
+export interface ExternalToolResult {
+  readonly tool: ExternalToolName;
+  readonly version: string;
+  readonly findings: readonly Finding[];
+  readonly duration: number;
+  readonly exitCode: number;
+  readonly error?: string;
+}
+
+// --- Scan ---
+
+export interface RegulationVersion {
+  readonly regulation: string;
+  readonly version: string;
+  readonly rulesVersion: string;
+  readonly checkCount: number;
+  readonly lastUpdated: string;
+}
+
+export interface AgentSummary {
+  readonly agentId: string;
+  readonly agentName: string;
+  readonly findingCount: number;
+  readonly criticalCount: number;
+  readonly highCount: number;
+  readonly fileCount: number;
+}
+
+export interface ScanResult {
+  readonly score: ScoreBreakdown;
+  readonly findings: readonly Finding[];
+  readonly projectPath: string;
+  readonly scannedAt: string;
+  readonly duration: number;
+  readonly filesScanned: number;
+  readonly deepAnalysis?: boolean;
+  readonly l5Cost?: number;
+  readonly regulationVersion?: RegulationVersion;
+  readonly tier?: ScanTier;
+  readonly externalToolResults?: readonly ExternalToolResult[];
+  readonly agentSummaries?: readonly AgentSummary[];
+}
+
+// --- Project Profile ---
+
+export interface DetectedFramework {
+  readonly name: string;
+  readonly version?: string;
+  readonly confidence: number;
+}
+
+export interface DetectedAiTool {
+  readonly name: string;
+  readonly version?: string;
+  readonly type: 'sdk' | 'api' | 'library' | 'model';
+}
+
+export interface ProjectProfile {
+  readonly frameworks: readonly DetectedFramework[];
+  readonly aiTools: readonly DetectedAiTool[];
+  readonly languages: readonly string[];
+  readonly hasPackageJson: boolean;
+  readonly detectedModels: readonly string[];
+}
+
+// --- Scan History ---
+
+export interface ScanRecord {
+  readonly score: number;
+  readonly zone: ScoreZone;
+  readonly findingsCount: number;
+  readonly criticalCount: number;
+  readonly timestamp: string;
+}
+
+// --- Config ---
+
+export interface CompliorConfig {
+  readonly projectPath: string;
+  readonly extends: readonly string[];
+  readonly exclude: readonly string[];
+  readonly severity: Severity;
+  readonly outputFormat: 'json' | 'text' | 'sarif';
+}
+
+// --- Compliance Gate ---
+
+export interface GateResult {
+  readonly passed: boolean;
+  readonly beforeScore: number;
+  readonly afterScore: number;
+  readonly delta: number;
+  readonly warnings: readonly string[];
+  readonly newFindings: readonly Finding[];
+}
+
+// --- Server ---
+
+export interface EngineStatus {
+  readonly ready: boolean;
+  readonly version: string;
+  readonly mode: string;
+  readonly uptime: number;
+  readonly lastScan?: ScanRecord;
+}
+
+// --- Evidence Chain (used by evidence-store, read from disk) ---
+
+export interface EvidenceEntry {
+  readonly evidence: Evidence;
+  readonly scanId: string;
+  readonly chainPrev: string | null;
+  readonly hash: string;
+  readonly signature: string;
+}
+
+export interface EvidenceChain {
+  readonly version: '1.0.0';
+  readonly projectPath: string;
+  readonly entries: readonly EvidenceEntry[];
+  readonly lastHash: string;
+}