npm - @complior/engine - Versions diffs - 0.9.0 - Mend

@complior/engine 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (594) hide show

package/.well-known/ai-compliance.json +16 -0
package/COMPLIANCE.md +64 -0
package/data/data-integrity.test.ts +75 -0
package/data/eval/eval-mappings.json +33 -0
package/data/llm/model-pricing.json +15 -0
package/data/llm/model-routing.json +36 -0
package/data/onboarding/risk-profile.json +17 -0
package/data/regulations/eu-ai-act/README.md +245 -0
package/data/regulations/eu-ai-act/applicability-tree.json +160 -0
package/data/regulations/eu-ai-act/cross-mapping.json +175 -0
package/data/regulations/eu-ai-act/localization.json +186 -0
package/data/regulations/eu-ai-act/obligations.json +3981 -0
package/data/regulations/eu-ai-act/regulation-meta.json +482 -0
package/data/regulations/eu-ai-act/scoring.json +342 -0
package/data/regulations/eu-ai-act/technical-requirements.json +2590 -0
package/data/regulations/eu-ai-act/timeline.json +160 -0
package/data/regulations/jurisdictions/at.json +15 -0
package/data/regulations/jurisdictions/be.json +15 -0
package/data/regulations/jurisdictions/bg.json +15 -0
package/data/regulations/jurisdictions/cy.json +15 -0
package/data/regulations/jurisdictions/cz.json +15 -0
package/data/regulations/jurisdictions/de.json +15 -0
package/data/regulations/jurisdictions/dk.json +15 -0
package/data/regulations/jurisdictions/ee.json +15 -0
package/data/regulations/jurisdictions/es.json +15 -0
package/data/regulations/jurisdictions/fi.json +15 -0
package/data/regulations/jurisdictions/fr.json +15 -0
package/data/regulations/jurisdictions/gr.json +15 -0
package/data/regulations/jurisdictions/hr.json +15 -0
package/data/regulations/jurisdictions/hu.json +15 -0
package/data/regulations/jurisdictions/ie.json +15 -0
package/data/regulations/jurisdictions/is.json +15 -0
package/data/regulations/jurisdictions/it.json +15 -0
package/data/regulations/jurisdictions/li.json +15 -0
package/data/regulations/jurisdictions/lt.json +15 -0
package/data/regulations/jurisdictions/lu.json +15 -0
package/data/regulations/jurisdictions/lv.json +15 -0
package/data/regulations/jurisdictions/mt.json +15 -0
package/data/regulations/jurisdictions/nl.json +15 -0
package/data/regulations/jurisdictions/no.json +15 -0
package/data/regulations/jurisdictions/pl.json +15 -0
package/data/regulations/jurisdictions/pt.json +15 -0
package/data/regulations/jurisdictions/ro.json +15 -0
package/data/regulations/jurisdictions/se.json +15 -0
package/data/regulations/jurisdictions/si.json +15 -0
package/data/regulations/jurisdictions/sk.json +15 -0
package/data/scanner/check-id-categories.json +81 -0
package/data/scanner/confidence-params.json +16 -0
package/data/scanner/limits.json +4 -0
package/data/schemas/http-contract-sample.json +79 -0
package/data/schemas/http-contract.json +144 -0
package/data/semgrep-rules/bare-call.yaml +37 -0
package/data/semgrep-rules/injection.yaml +73 -0
package/data/semgrep-rules/missing-error-handling.yaml +58 -0
package/data/semgrep-rules/unsafe-deser.yaml +65 -0
package/data/templates/eu-ai-act/ai-literacy.md +184 -0
package/data/templates/eu-ai-act/art5-screening.md +131 -0
package/data/templates/eu-ai-act/data-governance.md +145 -0
package/data/templates/eu-ai-act/declaration-of-conformity.md +161 -0
package/data/templates/eu-ai-act/fria.md +127 -0
package/data/templates/eu-ai-act/gpai-systemic-risk.md +150 -0
package/data/templates/eu-ai-act/gpai-transparency.md +166 -0
package/data/templates/eu-ai-act/incident-report.md +188 -0
package/data/templates/eu-ai-act/instructions-for-use.md +202 -0
package/data/templates/eu-ai-act/monitoring-policy.md +110 -0
package/data/templates/eu-ai-act/qms.md +180 -0
package/data/templates/eu-ai-act/risk-management-system.md +123 -0
package/data/templates/eu-ai-act/technical-documentation.md +287 -0
package/data/templates/eu-ai-act/worker-notification.md +143 -0
package/data/templates/policies/biometrics-ai-policy.md +214 -0
package/data/templates/policies/critical-infra-ai-policy.md +228 -0
package/data/templates/policies/education-ai-policy.md +184 -0
package/data/templates/policies/finance-ai-policy.md +191 -0
package/data/templates/policies/healthcare-ai-policy.md +197 -0
package/data/templates/policies/hr-ai-policy.md +178 -0
package/data/templates/policies/legal-ai-policy.md +189 -0
package/data/templates/policies/migration-ai-policy.md +239 -0
package/engine.log +7 -0
package/package.json +74 -0
package/src/composition-root.ts +791 -0
package/src/data/eval/conformity-tests.test.ts +122 -0
package/src/data/eval/ct-1-transparency.ts +106 -0
package/src/data/eval/ct-10-gpai.ts +25 -0
package/src/data/eval/ct-11-industry.ts +42 -0
package/src/data/eval/ct-2-oversight.ts +41 -0
package/src/data/eval/ct-3-explanation.ts +14 -0
package/src/data/eval/ct-4-bias.ts +83 -0
package/src/data/eval/ct-5-accuracy.ts +41 -0
package/src/data/eval/ct-6-robustness.ts +81 -0
package/src/data/eval/ct-7-prohibited.ts +52 -0
package/src/data/eval/ct-8-logging.ts +68 -0
package/src/data/eval/ct-9-risk-awareness.ts +33 -0
package/src/data/eval/deterministic-evaluator.ts +120 -0
package/src/data/eval/index.ts +55 -0
package/src/data/eval/judge-prompts.ts +146 -0
package/src/data/eval/llm-judged-tests.ts +279 -0
package/src/data/eval/llm-tests.test.ts +83 -0
package/src/data/eval/remediation/ct-1-transparency.ts +91 -0
package/src/data/eval/remediation/ct-10-gpai.ts +94 -0
package/src/data/eval/remediation/ct-11-industry.ts +94 -0
package/src/data/eval/remediation/ct-2-oversight.ts +71 -0
package/src/data/eval/remediation/ct-3-explanation.ts +70 -0
package/src/data/eval/remediation/ct-4-bias.ts +70 -0
package/src/data/eval/remediation/ct-5-accuracy.ts +70 -0
package/src/data/eval/remediation/ct-6-robustness.ts +70 -0
package/src/data/eval/remediation/ct-7-prohibited.ts +94 -0
package/src/data/eval/remediation/ct-8-logging.ts +94 -0
package/src/data/eval/remediation/ct-9-risk-awareness.ts +94 -0
package/src/data/eval/remediation/index.ts +89 -0
package/src/data/eval/remediation/owasp-art5.ts +15 -0
package/src/data/eval/remediation/owasp-llm01.ts +72 -0
package/src/data/eval/remediation/owasp-llm02.ts +72 -0
package/src/data/eval/remediation/owasp-llm03.ts +15 -0
package/src/data/eval/remediation/owasp-llm04.ts +15 -0
package/src/data/eval/remediation/owasp-llm05.ts +15 -0
package/src/data/eval/remediation/owasp-llm06.ts +15 -0
package/src/data/eval/remediation/owasp-llm07.ts +15 -0
package/src/data/eval/remediation/owasp-llm08.ts +15 -0
package/src/data/eval/remediation/owasp-llm09.ts +15 -0
package/src/data/eval/remediation/owasp-llm10.ts +15 -0
package/src/data/eval/remediation/remediation.test.ts +229 -0
package/src/data/eval/remediation/test-mapping.ts +290 -0
package/src/data/eval/security-rubrics.ts +381 -0
package/src/data/finding-explanations.json +453 -0
package/src/data/industry-patterns.ts +161 -0
package/src/data/registry-cards.ts +368 -0
package/src/data/regulation/index.ts +5 -0
package/src/data/regulation/jurisdiction-data.test.ts +73 -0
package/src/data/regulation/jurisdiction-data.ts +65 -0
package/src/data/regulation/regulation-data.ts +19 -0
package/src/data/regulation/regulation-loader.test.ts +107 -0
package/src/data/regulation/regulation-loader.ts +56 -0
package/src/data/scanner-constants.ts +46 -0
package/src/data/schemas/schemas-core.ts +140 -0
package/src/data/schemas/schemas-supplementary.ts +211 -0
package/src/data/schemas/schemas.ts +28 -0
package/src/data/security/attack-probes.test.ts +62 -0
package/src/data/security/attack-probes.ts +496 -0
package/src/data/security/eu-ai-act-security.ts +40 -0
package/src/data/security/index.ts +19 -0
package/src/data/security/mitre-atlas.test.ts +43 -0
package/src/data/security/mitre-atlas.ts +93 -0
package/src/data/security/nist-ai-rmf.ts +43 -0
package/src/data/security/owasp-llm-top10.test.ts +60 -0
package/src/data/security/owasp-llm-top10.ts +138 -0
package/src/data/template-registry.ts +53 -0
package/src/data/tool-versions.json +22 -0
package/src/domain/audit/audit-package.test.ts +152 -0
package/src/domain/audit/audit-package.ts +166 -0
package/src/domain/audit/audit-trail.test.ts +121 -0
package/src/domain/audit/audit-trail.ts +174 -0
package/src/domain/audit/index.ts +8 -0
package/src/domain/audit/permissions-matrix.test.ts +136 -0
package/src/domain/audit/permissions-matrix.ts +121 -0
package/src/domain/certification/adversarial/bias-tests.ts +95 -0
package/src/domain/certification/adversarial/evaluators.ts +304 -0
package/src/domain/certification/adversarial/index.ts +11 -0
package/src/domain/certification/adversarial/prompt-injection.ts +103 -0
package/src/domain/certification/adversarial/safety-boundary.ts +132 -0
package/src/domain/certification/aiuc1-readiness.test.ts +236 -0
package/src/domain/certification/aiuc1-readiness.ts +298 -0
package/src/domain/certification/aiuc1-requirements.ts +235 -0
package/src/domain/certification/index.ts +10 -0
package/src/domain/certification/redteam-runner.test.ts +97 -0
package/src/domain/certification/redteam-runner.ts +205 -0
package/src/domain/certification/test-runner.test.ts +232 -0
package/src/domain/certification/test-runner.ts +289 -0
package/src/domain/cost/cost-estimator.test.ts +187 -0
package/src/domain/cost/cost-estimator.ts +133 -0
package/src/domain/disclaimer.test.ts +52 -0
package/src/domain/disclaimer.ts +39 -0
package/src/domain/documents/ai-enricher.test.ts +120 -0
package/src/domain/documents/ai-enricher.ts +159 -0
package/src/domain/documents/document-generator.test.ts +318 -0
package/src/domain/documents/document-generator.ts +239 -0
package/src/domain/documents/index.ts +9 -0
package/src/domain/documents/passport-helpers.ts +25 -0
package/src/domain/documents/policy-generator.test.ts +252 -0
package/src/domain/documents/policy-generator.ts +94 -0
package/src/domain/documents/worker-notification-generator.test.ts +162 -0
package/src/domain/documents/worker-notification-generator.ts +141 -0
package/src/domain/eval/adapters/adapter-port.ts +94 -0
package/src/domain/eval/adapters/adapters.test.ts +303 -0
package/src/domain/eval/adapters/anthropic-adapter.ts +57 -0
package/src/domain/eval/adapters/auto-detect.ts +104 -0
package/src/domain/eval/adapters/create-chat-adapter.ts +106 -0
package/src/domain/eval/adapters/custom-adapter.ts +74 -0
package/src/domain/eval/adapters/http-adapter.ts +66 -0
package/src/domain/eval/adapters/index.ts +7 -0
package/src/domain/eval/adapters/ollama-adapter.ts +48 -0
package/src/domain/eval/adapters/openai-adapter.ts +58 -0
package/src/domain/eval/adapters/with-timeout.ts +25 -0
package/src/domain/eval/conformity-score.test.ts +161 -0
package/src/domain/eval/conformity-score.ts +135 -0
package/src/domain/eval/eval-constants.ts +55 -0
package/src/domain/eval/eval-evidence.test.ts +85 -0
package/src/domain/eval/eval-evidence.ts +103 -0
package/src/domain/eval/eval-fix-generator.test.ts +421 -0
package/src/domain/eval/eval-fix-generator.ts +205 -0
package/src/domain/eval/eval-passport.test.ts +82 -0
package/src/domain/eval/eval-passport.ts +89 -0
package/src/domain/eval/eval-remediation-report.test.ts +682 -0
package/src/domain/eval/eval-remediation-report.ts +170 -0
package/src/domain/eval/eval-report.ts +108 -0
package/src/domain/eval/eval-runner.test.ts +609 -0
package/src/domain/eval/eval-runner.ts +593 -0
package/src/domain/eval/eval-to-findings.test.ts +293 -0
package/src/domain/eval/eval-to-findings.ts +83 -0
package/src/domain/eval/index.ts +31 -0
package/src/domain/eval/llm-judge.test.ts +139 -0
package/src/domain/eval/llm-judge.ts +168 -0
package/src/domain/eval/remediation-types.ts +90 -0
package/src/domain/eval/security-integration.test.ts +196 -0
package/src/domain/eval/security-integration.ts +136 -0
package/src/domain/eval/types.test.ts +173 -0
package/src/domain/eval/types.ts +244 -0
package/src/domain/eval/verdict-utils.ts +45 -0
package/src/domain/fixer/create-fixer.ts +101 -0
package/src/domain/fixer/diff.ts +70 -0
package/src/domain/fixer/fix-history.ts +23 -0
package/src/domain/fixer/fixer.test.ts +306 -0
package/src/domain/fixer/index.ts +9 -0
package/src/domain/fixer/strategies/bandit-fix.ts +61 -0
package/src/domain/fixer/strategies/bias-testing.ts +49 -0
package/src/domain/fixer/strategies/ci-compliance.ts +57 -0
package/src/domain/fixer/strategies/content-marking.ts +45 -0
package/src/domain/fixer/strategies/cve-upgrade.ts +66 -0
package/src/domain/fixer/strategies/data-governance.ts +65 -0
package/src/domain/fixer/strategies/disclosure.ts +69 -0
package/src/domain/fixer/strategies/doc-code-sync.ts +53 -0
package/src/domain/fixer/strategies/documentation.ts +59 -0
package/src/domain/fixer/strategies/error-handler.ts +63 -0
package/src/domain/fixer/strategies/hitl-gate.ts +67 -0
package/src/domain/fixer/strategies/index.ts +61 -0
package/src/domain/fixer/strategies/kill-switch-test.ts +85 -0
package/src/domain/fixer/strategies/kill-switch.ts +53 -0
package/src/domain/fixer/strategies/license-fix.ts +57 -0
package/src/domain/fixer/strategies/log-retention.ts +40 -0
package/src/domain/fixer/strategies/logging.ts +59 -0
package/src/domain/fixer/strategies/metadata.ts +45 -0
package/src/domain/fixer/strategies/permission-guard.ts +84 -0
package/src/domain/fixer/strategies/record-keeping.ts +69 -0
package/src/domain/fixer/strategies/secret-rotation.ts +52 -0
package/src/domain/fixer/strategies.test.ts +341 -0
package/src/domain/fixer/template-engine.test.ts +64 -0
package/src/domain/fixer/template-engine.ts +38 -0
package/src/domain/fixer/types.ts +88 -0
package/src/domain/frameworks/aiuc1-framework.test.ts +159 -0
package/src/domain/frameworks/aiuc1-framework.ts +126 -0
package/src/domain/frameworks/collect-foundation-metrics.test.ts +96 -0
package/src/domain/frameworks/collect-foundation-metrics.ts +34 -0
package/src/domain/frameworks/eu-ai-act-framework.test.ts +117 -0
package/src/domain/frameworks/eu-ai-act-framework.ts +100 -0
package/src/domain/frameworks/framework-registry.test.ts +91 -0
package/src/domain/frameworks/framework-registry.ts +38 -0
package/src/domain/frameworks/index.ts +8 -0
package/src/domain/frameworks/mitre-atlas-framework.test.ts +53 -0
package/src/domain/frameworks/mitre-atlas-framework.ts +53 -0
package/src/domain/frameworks/owasp-llm-framework.test.ts +77 -0
package/src/domain/frameworks/owasp-llm-framework.ts +54 -0
package/src/domain/frameworks/score-plugin-framework.ts +117 -0
package/src/domain/fria/fria-generator.test.ts +273 -0
package/src/domain/fria/fria-generator.ts +366 -0
package/src/domain/import/promptfoo-importer.test.ts +103 -0
package/src/domain/import/promptfoo-importer.ts +151 -0
package/src/domain/onboarding/guided-onboarding.test.ts +144 -0
package/src/domain/onboarding/guided-onboarding.ts +135 -0
package/src/domain/passport/builder/domain-mapper.ts +9 -0
package/src/domain/passport/builder/manifest-builder.test.ts +546 -0
package/src/domain/passport/builder/manifest-builder.ts +535 -0
package/src/domain/passport/builder/manifest-diff.test.ts +105 -0
package/src/domain/passport/builder/manifest-diff.ts +89 -0
package/src/domain/passport/builder/manifest-files.ts +17 -0
package/src/domain/passport/crypto-signer.test.ts +93 -0
package/src/domain/passport/crypto-signer.ts +157 -0
package/src/domain/passport/discovery/agent-discovery.test.ts +296 -0
package/src/domain/passport/discovery/agent-discovery.ts +325 -0
package/src/domain/passport/discovery/autonomy-analyzer.test.ts +141 -0
package/src/domain/passport/discovery/autonomy-analyzer.ts +113 -0
package/src/domain/passport/discovery/permission-scanner.test.ts +191 -0
package/src/domain/passport/discovery/permission-scanner.ts +414 -0
package/src/domain/passport/export/a2a-mapper.ts +75 -0
package/src/domain/passport/export/aiuc1-mapper.ts +126 -0
package/src/domain/passport/export/export.test.ts +207 -0
package/src/domain/passport/export/index.ts +41 -0
package/src/domain/passport/export/nist-mapper.ts +227 -0
package/src/domain/passport/import/a2a-importer.test.ts +133 -0
package/src/domain/passport/import/a2a-importer.ts +156 -0
package/src/domain/passport/import/index.ts +2 -0
package/src/domain/passport/index.ts +32 -0
package/src/domain/passport/obligation-field-map.test.ts +113 -0
package/src/domain/passport/obligation-field-map.ts +117 -0
package/src/domain/passport/passport-validator.test.ts +156 -0
package/src/domain/passport/passport-validator.ts +126 -0
package/src/domain/passport/scan-to-compliance.test.ts +336 -0
package/src/domain/passport/scan-to-compliance.ts +166 -0
package/src/domain/passport/test-generator.test.ts +93 -0
package/src/domain/passport/test-generator.ts +136 -0
package/src/domain/proxy/index.ts +11 -0
package/src/domain/proxy/json-rpc.test.ts +72 -0
package/src/domain/proxy/json-rpc.ts +53 -0
package/src/domain/proxy/policy-engine.test.ts +259 -0
package/src/domain/proxy/policy-engine.ts +137 -0
package/src/domain/proxy/proxy-bridge.ts +125 -0
package/src/domain/proxy/proxy-interceptor.test.ts +184 -0
package/src/domain/proxy/proxy-interceptor.ts +120 -0
package/src/domain/proxy/proxy-types.ts +35 -0
package/src/domain/registry/compute-agent-score.test.ts +279 -0
package/src/domain/registry/compute-agent-score.ts +162 -0
package/src/domain/reporter/audit-report.test.ts +87 -0
package/src/domain/reporter/audit-report.ts +116 -0
package/src/domain/reporter/badge-generator.test.ts +54 -0
package/src/domain/reporter/badge-generator.ts +40 -0
package/src/domain/reporter/compliance-md.ts +45 -0
package/src/domain/reporter/index.ts +7 -0
package/src/domain/reporter/pdf-renderer.ts +282 -0
package/src/domain/reporter/share.test.ts +92 -0
package/src/domain/reporter/share.ts +80 -0
package/src/domain/scanner/ast/swc-analyzer.test.ts +49 -0
package/src/domain/scanner/ast/swc-analyzer.ts +124 -0
package/src/domain/scanner/attestations.ts +97 -0
package/src/domain/scanner/checks/ai-disclosure.test.ts +90 -0
package/src/domain/scanner/checks/ai-disclosure.ts +54 -0
package/src/domain/scanner/checks/ai-literacy.ts +163 -0
package/src/domain/scanner/checks/behavioral-constraints.test.ts +167 -0
package/src/domain/scanner/checks/behavioral-constraints.ts +86 -0
package/src/domain/scanner/checks/compliance-metadata.ts +63 -0
package/src/domain/scanner/checks/content-marking.ts +74 -0
package/src/domain/scanner/checks/dep-deep-scan.test.ts +318 -0
package/src/domain/scanner/checks/dep-deep-scan.ts +137 -0
package/src/domain/scanner/checks/documentation.test.ts +88 -0
package/src/domain/scanner/checks/documentation.ts +79 -0
package/src/domain/scanner/checks/git-history.test.ts +120 -0
package/src/domain/scanner/checks/git-history.ts +163 -0
package/src/domain/scanner/checks/gpai-systemic-risk.test.ts +84 -0
package/src/domain/scanner/checks/gpai-systemic-risk.ts +98 -0
package/src/domain/scanner/checks/gpai-transparency.ts +94 -0
package/src/domain/scanner/checks/index.ts +28 -0
package/src/domain/scanner/checks/industry/index.ts +40 -0
package/src/domain/scanner/checks/industry/industry.test.ts +287 -0
package/src/domain/scanner/checks/interaction-logging.test.ts +113 -0
package/src/domain/scanner/checks/interaction-logging.ts +142 -0
package/src/domain/scanner/checks/nhi-scanner.test.ts +158 -0
package/src/domain/scanner/checks/nhi-scanner.ts +78 -0
package/src/domain/scanner/checks/passport-completeness.test.ts +127 -0
package/src/domain/scanner/checks/passport-completeness.ts +82 -0
package/src/domain/scanner/checks/passport-presence.test.ts +56 -0
package/src/domain/scanner/checks/passport-presence.ts +78 -0
package/src/domain/scanner/checks/pattern-check-factory.ts +70 -0
package/src/domain/scanner/checks/permission-scanner.test.ts +279 -0
package/src/domain/scanner/checks/permission-scanner.ts +90 -0
package/src/domain/scanner/checks/presence-check-factory.test.ts +124 -0
package/src/domain/scanner/checks/presence-check-factory.ts +275 -0
package/src/domain/scanner/compliance-diff.test.ts +165 -0
package/src/domain/scanner/compliance-diff.ts +138 -0
package/src/domain/scanner/confidence.test.ts +235 -0
package/src/domain/scanner/confidence.ts +156 -0
package/src/domain/scanner/constants.ts +13 -0
package/src/domain/scanner/create-scanner.ts +573 -0
package/src/domain/scanner/cross-layer.test.ts +372 -0
package/src/domain/scanner/cross-layer.ts +232 -0
package/src/domain/scanner/data/ai-packages.ts +82 -0
package/src/domain/scanner/debt-calculator.test.ts +89 -0
package/src/domain/scanner/debt-calculator.ts +111 -0
package/src/domain/scanner/drift.test.ts +191 -0
package/src/domain/scanner/drift.ts +73 -0
package/src/domain/scanner/evidence-store.test.ts +207 -0
package/src/domain/scanner/evidence-store.ts +195 -0
package/src/domain/scanner/evidence.test.ts +104 -0
package/src/domain/scanner/evidence.ts +71 -0
package/src/domain/scanner/external/bandit-runner.test.ts +45 -0
package/src/domain/scanner/external/bandit-runner.ts +90 -0
package/src/domain/scanner/external/checks.ts +321 -0
package/src/domain/scanner/external/dedup.test.ts +79 -0
package/src/domain/scanner/external/dedup.ts +94 -0
package/src/domain/scanner/external/detect-secrets-runner.test.ts +58 -0
package/src/domain/scanner/external/detect-secrets-runner.ts +81 -0
package/src/domain/scanner/external/external-scanner.test.ts +221 -0
package/src/domain/scanner/external/external-scanner.ts +36 -0
package/src/domain/scanner/external/finding-mapper.test.ts +95 -0
package/src/domain/scanner/external/finding-mapper.ts +138 -0
package/src/domain/scanner/external/index.ts +15 -0
package/src/domain/scanner/external/mappings.ts +93 -0
package/src/domain/scanner/external/modelscan-runner.test.ts +35 -0
package/src/domain/scanner/external/modelscan-runner.ts +101 -0
package/src/domain/scanner/external/path-utils.ts +8 -0
package/src/domain/scanner/external/runner-port.ts +45 -0
package/src/domain/scanner/external/semgrep-runner.test.ts +52 -0
package/src/domain/scanner/external/semgrep-runner.ts +94 -0
package/src/domain/scanner/external/types.ts +32 -0
package/src/domain/scanner/finding-attribution.test.ts +444 -0
package/src/domain/scanner/finding-attribution.ts +195 -0
package/src/domain/scanner/finding-explainer.test.ts +157 -0
package/src/domain/scanner/finding-explainer.ts +73 -0
package/src/domain/scanner/fix-diff-builder.test.ts +272 -0
package/src/domain/scanner/fix-diff-builder.ts +477 -0
package/src/domain/scanner/import-graph.test.ts +162 -0
package/src/domain/scanner/import-graph.ts +198 -0
package/src/domain/scanner/languages/adapter.test.ts +105 -0
package/src/domain/scanner/languages/adapter.ts +239 -0
package/src/domain/scanner/layers/index.ts +24 -0
package/src/domain/scanner/layers/layer1-files.ts +54 -0
package/src/domain/scanner/layers/layer2-docs.test.ts +1207 -0
package/src/domain/scanner/layers/layer2-docs.ts +297 -0
package/src/domain/scanner/layers/layer2-parsing.ts +217 -0
package/src/domain/scanner/layers/layer3-config.test.ts +187 -0
package/src/domain/scanner/layers/layer3-config.ts +279 -0
package/src/domain/scanner/layers/layer3-parsers.ts +73 -0
package/src/domain/scanner/layers/layer4-patterns.test.ts +397 -0
package/src/domain/scanner/layers/layer4-patterns.ts +216 -0
package/src/domain/scanner/layers/layer5-docs.test.ts +99 -0
package/src/domain/scanner/layers/layer5-docs.ts +250 -0
package/src/domain/scanner/layers/layer5-llm.test.ts +146 -0
package/src/domain/scanner/layers/layer5-llm.ts +262 -0
package/src/domain/scanner/layers/layer5-targeted.test.ts +93 -0
package/src/domain/scanner/layers/layer5-targeted.ts +233 -0
package/src/domain/scanner/layers/lockfile-parsers.test.ts +320 -0
package/src/domain/scanner/layers/lockfile-parsers.ts +184 -0
package/src/domain/scanner/regulation-version.test.ts +54 -0
package/src/domain/scanner/regulation-version.ts +23 -0
package/src/domain/scanner/role-filter.test.ts +116 -0
package/src/domain/scanner/role-filter.ts +51 -0
package/src/domain/scanner/rules/banned-packages-data.ts +553 -0
package/src/domain/scanner/rules/banned-packages-sdk.ts +65 -0
package/src/domain/scanner/rules/banned-packages.test.ts +249 -0
package/src/domain/scanner/rules/banned-packages.ts +55 -0
package/src/domain/scanner/rules/comment-filter.test.ts +115 -0
package/src/domain/scanner/rules/comment-filter.ts +297 -0
package/src/domain/scanner/rules/index.ts +9 -0
package/src/domain/scanner/rules/nhi-patterns.test.ts +128 -0
package/src/domain/scanner/rules/nhi-patterns.ts +60 -0
package/src/domain/scanner/rules/pattern-rules.ts +1152 -0
package/src/domain/scanner/sbom.test.ts +136 -0
package/src/domain/scanner/sbom.ts +103 -0
package/src/domain/scanner/scan-cache.test.ts +136 -0
package/src/domain/scanner/scan-cache.ts +115 -0
package/src/domain/scanner/scanner.test.ts +125 -0
package/src/domain/scanner/score-calculator.test.ts +363 -0
package/src/domain/scanner/score-calculator.ts +189 -0
package/src/domain/scanner/security-score.test.ts +107 -0
package/src/domain/scanner/security-score.ts +116 -0
package/src/domain/scanner/source-filter.ts +24 -0
package/src/domain/scanner/validators.ts +223 -0
package/src/domain/shared/compliance-constants.ts +48 -0
package/src/domain/shared/disclosure-patterns.ts +16 -0
package/src/domain/shared/index.ts +6 -0
package/src/domain/shared/parse-dependencies.ts +21 -0
package/src/domain/supply-chain/dependency-analyzer.ts +138 -0
package/src/domain/supply-chain/index.ts +3 -0
package/src/domain/supply-chain/supply-chain.test.ts +211 -0
package/src/domain/supply-chain/types.ts +32 -0
package/src/domain/whatif/config-fixer.ts +187 -0
package/src/domain/whatif/index.ts +6 -0
package/src/domain/whatif/scenario-engine.ts +121 -0
package/src/domain/whatif/simulate-actions.test.ts +161 -0
package/src/domain/whatif/simulate-actions.ts +114 -0
package/src/domain/whatif/whatif.test.ts +135 -0
package/src/e2e/gaps-e2e.test.ts +259 -0
package/src/e2e/smoke.test.ts +101 -0
package/src/hooks/hooks-export.test.ts +81 -0
package/src/hooks/installer.ts +113 -0
package/src/http/cors.test.ts +38 -0
package/src/http/create-router.ts +259 -0
package/src/http/routes/agent.route.ts +380 -0
package/src/http/routes/audit.route.ts +66 -0
package/src/http/routes/badge.route.ts +23 -0
package/src/http/routes/cert.route.ts +66 -0
package/src/http/routes/chat.route.ts +228 -0
package/src/http/routes/cost.route.ts +33 -0
package/src/http/routes/debt.route.ts +29 -0
package/src/http/routes/disclaimer.route.ts +64 -0
package/src/http/routes/eval.route.ts +161 -0
package/src/http/routes/events.route.test.ts +108 -0
package/src/http/routes/events.route.ts +71 -0
package/src/http/routes/external-scan.route.ts +24 -0
package/src/http/routes/file.route.ts +54 -0
package/src/http/routes/fix.route.ts +219 -0
package/src/http/routes/frameworks.route.test.ts +66 -0
package/src/http/routes/frameworks.route.ts +36 -0
package/src/http/routes/git.route.ts +27 -0
package/src/http/routes/guided-onboarding.route.ts +65 -0
package/src/http/routes/import.route.ts +64 -0
package/src/http/routes/jurisdiction.route.ts +22 -0
package/src/http/routes/obligations.route.test.ts +122 -0
package/src/http/routes/obligations.route.ts +110 -0
package/src/http/routes/onboarding.route.ts +53 -0
package/src/http/routes/provider.route.ts +42 -0
package/src/http/routes/proxy.route.ts +40 -0
package/src/http/routes/redteam.route.ts +84 -0
package/src/http/routes/report.route.ts +29 -0
package/src/http/routes/scan.route.ts +104 -0
package/src/http/routes/share.route.ts +44 -0
package/src/http/routes/shell.route.ts +27 -0
package/src/http/routes/status.route.ts +66 -0
package/src/http/routes/supply-chain.route.ts +121 -0
package/src/http/routes/sync.route.ts +328 -0
package/src/http/routes/tools.route.ts +29 -0
package/src/http/routes/whatif.route.ts +96 -0
package/src/http/utils/validation.ts +31 -0
package/src/index.ts +1 -0
package/src/infra/bundle-fetcher.ts +77 -0
package/src/infra/cache-storage.ts +34 -0
package/src/infra/event-bus.ts +31 -0
package/src/infra/file-collector.ts +61 -0
package/src/infra/file-ops-adapter.ts +95 -0
package/src/infra/file-watcher.test.ts +90 -0
package/src/infra/file-watcher.ts +106 -0
package/src/infra/git-adapter.ts +93 -0
package/src/infra/git-history-adapter.ts +41 -0
package/src/infra/headless-browser.ts +178 -0
package/src/infra/llm-adapter.test.ts +83 -0
package/src/infra/llm-adapter.ts +86 -0
package/src/infra/logger.ts +27 -0
package/src/infra/project-config.test.ts +74 -0
package/src/infra/project-config.ts +35 -0
package/src/infra/rate-limiter.test.ts +36 -0
package/src/infra/rate-limiter.ts +34 -0
package/src/infra/retry.ts +46 -0
package/src/infra/saas-client.ts +123 -0
package/src/infra/search-adapter.ts +113 -0
package/src/infra/shell-adapter.ts +68 -0
package/src/infra/tool-manager.test.ts +99 -0
package/src/infra/tool-manager.ts +197 -0
package/src/llm/agents/agent-modes.test.ts +44 -0
package/src/llm/agents/modes.ts +68 -0
package/src/llm/routing/cost-routing.test.ts +37 -0
package/src/llm/routing/cost-tracker.ts +74 -0
package/src/llm/routing/model-routing.test.ts +79 -0
package/src/llm/routing/model-routing.ts +38 -0
package/src/llm/routing/pricing.ts +19 -0
package/src/llm/sse-protocol.ts +77 -0
package/src/llm/tool-definitions.ts +83 -0
package/src/llm/tool-executors.ts +80 -0
package/src/llm/tools/types.ts +13 -0
package/src/mcp/create-mcp-stack.ts +82 -0
package/src/mcp/handlers.ts +245 -0
package/src/mcp/index.ts +28 -0
package/src/mcp/mcp-server.test.ts +80 -0
package/src/mcp/server.ts +79 -0
package/src/mcp/tools.ts +48 -0
package/src/onboarding/auto-detect.ts +164 -0
package/src/onboarding/onboarding.test.ts +89 -0
package/src/onboarding/profile.ts +169 -0
package/src/onboarding/questions.ts +112 -0
package/src/onboarding/wizard.ts +66 -0
package/src/output/github-issue.ts +32 -0
package/src/output/json-output.ts +67 -0
package/src/ports/browser.port.ts +23 -0
package/src/ports/events.port.ts +28 -0
package/src/ports/llm.port.ts +23 -0
package/src/ports/logger.port.ts +6 -0
package/src/ports/process.port.ts +6 -0
package/src/ports/scanner.port.ts +15 -0
package/src/server.ts +134 -0
package/src/services/badge-service.ts +67 -0
package/src/services/chat-service.test.ts +162 -0
package/src/services/chat-service.ts +152 -0
package/src/services/cost-service.ts +52 -0
package/src/services/debt-service.ts +65 -0
package/src/services/eval-integration.test.ts +132 -0
package/src/services/eval-service.test.ts +373 -0
package/src/services/eval-service.ts +463 -0
package/src/services/external-scan-service.ts +60 -0
package/src/services/file-service.ts +37 -0
package/src/services/fix-service.test.ts +470 -0
package/src/services/fix-service.ts +648 -0
package/src/services/framework-service.test.ts +159 -0
package/src/services/framework-service.ts +67 -0
package/src/services/onboarding-service.ts +165 -0
package/src/services/passport-audit.ts +244 -0
package/src/services/passport-documents.ts +258 -0
package/src/services/passport-service-utils.ts +72 -0
package/src/services/passport-service.test.ts +251 -0
package/src/services/passport-service.ts +339 -0
package/src/services/proxy-service.ts +81 -0
package/src/services/report-service.ts +72 -0
package/src/services/scan-service.test.ts +470 -0
package/src/services/scan-service.ts +335 -0
package/src/services/share-service.ts +108 -0
package/src/services/shared/backup.ts +23 -0
package/src/services/status-service.ts +38 -0
package/src/services/undo-service.test.ts +190 -0
package/src/services/undo-service.ts +144 -0
package/src/test-helpers/factories.ts +116 -0
package/src/types/common.schemas.ts +147 -0
package/src/types/common.types.ts +292 -0
package/src/types/contract.test.ts +217 -0
package/src/types/errors.ts +52 -0
package/src/types/framework.types.ts +87 -0
package/src/types/passport-schemas.ts +241 -0
package/src/types/passport.types.ts +296 -0
package/src/version.ts +1 -0
package/tsconfig.json +20 -0
package/vitest.config.ts +9 -0

package/src/types/contract.test.ts ADDED Viewed

@@ -0,0 +1,217 @@
+/**
+ * HTTP Contract Test — validates TS types match the shared JSON schema.
+ *
+ * This test ensures that:
+ * 1. TS types can construct objects matching the contract sample
+ * 2. The sample fixture round-trips through JSON serialization
+ * 3. All required fields are present and correctly typed
+ *
+ * If this test fails, TS types have drifted from the contract.
+ * Update both `common.types.ts` and `http-contract.json` together.
+ */
+import { describe, it, expect } from 'vitest';
+import { readFileSync } from 'node:fs';
+import { resolve, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import type {
+  ScanResult,
+  Finding,
+  ScoreBreakdown,
+  CategoryScore,
+  CodeContext,
+  CodeContextLine,
+  FixDiff,
+  Severity,
+  ScoreZone,
+} from './common.types.js';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const SAMPLE_PATH = resolve(__dirname, '../../data/schemas/http-contract-sample.json');
+const SCHEMA_PATH = resolve(__dirname, '../../data/schemas/http-contract.json');
+const loadSample = (): unknown => JSON.parse(readFileSync(SAMPLE_PATH, 'utf-8'));
+const loadSchema = (): unknown => JSON.parse(readFileSync(SCHEMA_PATH, 'utf-8'));
+describe('HTTP Contract — TS side', () => {
+  it('sample fixture exists and is valid JSON', () => {
+    const sample = loadSample();
+    expect(sample).toBeDefined();
+    expect(typeof sample).toBe('object');
+  });
+  it('schema file exists and is valid JSON Schema', () => {
+    const schema = loadSchema() as Record<string, unknown>;
+    expect(schema['$schema']).toContain('json-schema.org');
+    expect(schema['$defs']).toBeDefined();
+  });
+  it('sample deserializes as ScanResult with all required fields', () => {
+    const raw = loadSample() as ScanResult;
+    // ScanResult top-level
+    expect(typeof raw.projectPath).toBe('string');
+    expect(typeof raw.scannedAt).toBe('string');
+    expect(typeof raw.duration).toBe('number');
+    expect(typeof raw.filesScanned).toBe('number');
+    expect(Array.isArray(raw.findings)).toBe(true);
+    expect(raw.score).toBeDefined();
+  });
+  it('ScoreBreakdown has correct structure', () => {
+    const raw = loadSample() as ScanResult;
+    const score: ScoreBreakdown = raw.score;
+    expect(typeof score.totalScore).toBe('number');
+    expect(['red', 'yellow', 'green']).toContain(score.zone);
+    expect(Array.isArray(score.categoryScores)).toBe(true);
+    expect(typeof score.criticalCapApplied).toBe('boolean');
+    expect(typeof score.totalChecks).toBe('number');
+    expect(typeof score.passedChecks).toBe('number');
+    expect(typeof score.failedChecks).toBe('number');
+    expect(typeof score.skippedChecks).toBe('number');
+  });
+  it('CategoryScore has correct structure', () => {
+    const raw = loadSample() as ScanResult;
+    const cat: CategoryScore = raw.score.categoryScores[0]!;
+    expect(typeof cat.category).toBe('string');
+    expect(typeof cat.weight).toBe('number');
+    expect(typeof cat.score).toBe('number');
+    expect(typeof cat.obligationCount).toBe('number');
+    expect(typeof cat.passedCount).toBe('number');
+  });
+  it('Finding has correct required fields', () => {
+    const raw = loadSample() as ScanResult;
+    const finding: Finding = raw.findings[0]!;
+    expect(typeof finding.checkId).toBe('string');
+    expect(['pass', 'fail', 'skip', 'info']).toContain(finding.type);
+    expect(typeof finding.message).toBe('string');
+    expect(['critical', 'high', 'medium', 'low', 'info'] satisfies Severity[]).toContain(finding.severity);
+  });
+  it('Finding optional fields have correct types when present', () => {
+    const raw = loadSample() as ScanResult;
+    const finding: Finding = raw.findings[0]!;
+    // First finding has all optional fields
+    expect(typeof finding.file).toBe('string');
+    expect(typeof finding.line).toBe('number');
+    expect(typeof finding.obligationId).toBe('string');
+    expect(typeof finding.articleReference).toBe('string');
+    expect(typeof finding.fix).toBe('string');
+  });
+  it('CodeContext has correct structure when present', () => {
+    const raw = loadSample() as ScanResult;
+    const ctx: CodeContext = raw.findings[0]!.codeContext!;
+    expect(Array.isArray(ctx.lines)).toBe(true);
+    expect(typeof ctx.startLine).toBe('number');
+    expect(typeof ctx.highlightLine).toBe('number');
+    const line: CodeContextLine = ctx.lines[0]!;
+    expect(typeof line.num).toBe('number');
+    expect(typeof line.content).toBe('string');
+  });
+  it('FixDiff has correct structure when present', () => {
+    const raw = loadSample() as ScanResult;
+    // Find a finding with fixDiff (first finding is info, no fixDiff)
+    const findingWithDiff = raw.findings.find((f) => f.fixDiff !== undefined);
+    if (findingWithDiff === undefined) {
+      // No findings with fixDiff in sample — skip
+      return;
+    }
+    const diff: FixDiff = findingWithDiff.fixDiff!;
+    expect(Array.isArray(diff.before)).toBe(true);
+    expect(Array.isArray(diff.after)).toBe(true);
+    expect(typeof diff.startLine).toBe('number');
+    expect(typeof diff.filePath).toBe('string');
+  });
+  it('Severity enum values match contract', () => {
+    const validSeverities: Severity[] = ['critical', 'high', 'medium', 'low', 'info'];
+    const raw = loadSample() as ScanResult;
+    for (const f of raw.findings) {
+      expect(validSeverities).toContain(f.severity);
+    }
+  });
+  it('Zone enum values match contract', () => {
+    const validZones: ScoreZone[] = ['red', 'yellow', 'green'];
+    const raw = loadSample() as ScanResult;
+    expect(validZones).toContain(raw.score.zone);
+  });
+  it('Finding new optional fields have correct types when present', () => {
+    const raw = loadSample() as ScanResult;
+    const finding = raw.findings[0]! as Record<string, unknown>;
+    expect(typeof finding.priority).toBe('number');
+    expect(typeof finding.confidence).toBe('number');
+    expect(typeof finding.confidenceLevel).toBe('string');
+    expect(Array.isArray(finding.evidence)).toBe(true);
+  });
+  it('ScoreBreakdown has confidenceSummary', () => {
+    const raw = loadSample() as ScanResult;
+    const score = raw.score as Record<string, unknown>;
+    expect(score.confidenceSummary).toBeDefined();
+    expect(typeof score.confidenceSummary).toBe('object');
+  });
+  it('ScanResult has new optional fields', () => {
+    const raw = loadSample() as Record<string, unknown>;
+    expect(typeof raw.deepAnalysis).toBe('boolean');
+    expect(typeof raw.l5Cost).toBe('number');
+    expect(raw.regulationVersion).toBeDefined();
+  });
+  it('sample round-trips through JSON serialization', () => {
+    const original = loadSample();
+    const roundTripped = JSON.parse(JSON.stringify(original));
+    expect(roundTripped).toEqual(original);
+  });
+  it('TS can construct a type-safe ScanResult matching the fixture shape', () => {
+    // This verifies the TS interfaces can represent the fixture data.
+    // If interfaces change in a way that breaks the contract, this won't compile.
+    const result: ScanResult = {
+      score: {
+        totalScore: 72.5,
+        zone: 'yellow',
+        categoryScores: [{
+          category: 'documentation',
+          weight: 0.25,
+          score: 80.0,
+          obligationCount: 5,
+          passedCount: 4,
+        }],
+        criticalCapApplied: false,
+        totalChecks: 20,
+        passedChecks: 14,
+        failedChecks: 4,
+        skippedChecks: 2,
+      },
+      findings: [{
+        checkId: 'l4-bare-api-call',
+        type: 'fail',
+        message: 'test',
+        severity: 'high',
+        file: 'test.ts',
+        line: 1,
+      }],
+      projectPath: '/test',
+      scannedAt: '2026-01-01T00:00:00Z',
+      duration: 100,
+      filesScanned: 10,
+    };
+    expect(result.score.totalScore).toBe(72.5);
+    expect(result.findings).toHaveLength(1);
+  });
+});

package/src/types/errors.ts ADDED Viewed

@@ -0,0 +1,52 @@
+export class AppError extends Error {
+  constructor(
+    message: string,
+    public readonly code: string,
+    public readonly statusCode: number = 500,
+  ) {
+    super(message);
+    this.name = 'AppError';
+  }
+}
+export class ValidationError extends AppError {
+  constructor(message: string) {
+    super(message, 'VALIDATION_ERROR', 400);
+    this.name = 'ValidationError';
+  }
+}
+export class NotFoundError extends AppError {
+  constructor(message: string) {
+    super(message, 'NOT_FOUND', 404);
+    this.name = 'NotFoundError';
+  }
+}
+export class ConfigError extends AppError {
+  constructor(message: string) {
+    super(message, 'CONFIG_ERROR', 500);
+    this.name = 'ConfigError';
+  }
+}
+export class ScanError extends AppError {
+  constructor(message: string) {
+    super(message, 'SCAN_ERROR', 500);
+    this.name = 'ScanError';
+  }
+}
+export class LLMError extends AppError {
+  constructor(message: string) {
+    super(message, 'LLM_ERROR', 502);
+    this.name = 'LLMError';
+  }
+}
+export class ToolError extends AppError {
+  constructor(message: string) {
+    super(message, 'TOOL_ERROR', 500);
+    this.name = 'ToolError';
+  }
+}

package/src/types/framework.types.ts ADDED Viewed

@@ -0,0 +1,87 @@
+import type { ScanResult } from './common.types.js';
+import type { AgentPassport } from './passport.types.js';
+// --- Check sources: what Layer 1 metric does a framework check evaluate? ---
+export type CheckSource = 'scan_check' | 'passport_field' | 'document' | 'evidence';
+// --- Framework check definition ---
+export interface FrameworkCheck {
+  readonly id: string;
+  readonly name: string;
+  readonly source: CheckSource;
+  readonly target: string;
+  readonly categoryId: string;
+  readonly weight: number;
+  readonly description: string;
+}
+// --- Framework category ---
+export interface FrameworkCategory {
+  readonly id: string;
+  readonly name: string;
+  readonly weight: number;
+}
+// --- Grade mapping ---
+export interface GradeThreshold {
+  readonly minScore: number;
+  readonly grade: string;
+}
+export interface GradeMapping {
+  readonly type: 'letter' | 'level' | 'percentage';
+  readonly thresholds: readonly GradeThreshold[];
+}
+// --- Framework definition (data, not behavior) ---
+export interface ComplianceFramework {
+  readonly id: string;
+  readonly name: string;
+  readonly version: string;
+  readonly deadline?: string;
+  readonly checks: readonly FrameworkCheck[];
+  readonly categories: readonly FrameworkCategory[];
+  readonly gradeMapping: GradeMapping;
+}
+// --- Foundation metrics: Layer 1 input collected from existing services ---
+export interface FoundationMetrics {
+  readonly scanResult: ScanResult | null;
+  readonly passport: AgentPassport | null;
+  readonly passportCompleteness: number;
+  readonly evidenceChainValid: boolean;
+  readonly evidenceEntryCount: number;
+  readonly evidenceScanCount: number;
+  readonly documents: ReadonlySet<string>;
+}
+// --- Per-framework category score ---
+export interface FrameworkCategoryScore {
+  readonly categoryId: string;
+  readonly categoryName: string;
+  readonly score: number;
+  readonly weight: number;
+  readonly passedChecks: number;
+  readonly totalChecks: number;
+}
+// --- Per-framework output ---
+export interface FrameworkScoreResult {
+  readonly frameworkId: string;
+  readonly frameworkName: string;
+  readonly score: number;
+  readonly grade: string;
+  readonly gradeType: 'letter' | 'level' | 'percentage';
+  readonly gaps: number;
+  readonly totalChecks: number;
+  readonly passedChecks: number;
+  readonly deadline?: string;
+  readonly categories: readonly FrameworkCategoryScore[];
+}
+// --- All selected frameworks ---
+export interface MultiFrameworkScoreResult {
+  readonly frameworks: readonly FrameworkScoreResult[];
+  readonly selectedFrameworkIds: readonly string[];
+  readonly computedAt: string;
+}

package/src/types/passport-schemas.ts ADDED Viewed

@@ -0,0 +1,241 @@
+/**
+ * Zod validation schemas for Agent Passport types.
+ * Separated from interfaces (passport.types.ts) to keep both files under 300 lines.
+ */
+import { z } from 'zod';
+import type { AgentPassport } from './passport.types.js';
+// --- Sub-block schemas ---
+const OwnerBlockSchema = z.object({
+  team: z.string(),
+  contact: z.string(),
+  responsible_person: z.string(),
+});
+const AutonomyEvidenceSchema = z.object({
+  human_approval_gates: z.number().int().min(0),
+  unsupervised_actions: z.number().int().min(0),
+  no_logging_actions: z.number().int().min(0),
+  auto_rated: z.boolean(),
+});
+const ModelInfoSchema = z.object({
+  provider: z.string(),
+  model_id: z.string(),
+  deployment: z.string(),
+  data_residency: z.string(),
+});
+const DataBoundariesSchema = z.object({
+  pii_handling: z.enum(['block', 'redact', 'allow']),
+  geographic_restrictions: z.array(z.string()).optional(),
+  retention_days: z.number().int().min(0).optional(),
+  prohibited_data_types: z.array(z.string()).optional(),
+});
+const PermissionsBlockSchema = z.object({
+  tools: z.array(z.string()),
+  data_access: z.object({
+    read: z.array(z.string()),
+    write: z.array(z.string()),
+    delete: z.array(z.string()),
+  }),
+  denied: z.array(z.string()),
+  data_boundaries: DataBoundariesSchema.optional(),
+});
+const EscalationRuleSchema = z.object({
+  condition: z.string(),
+  action: z.enum(['require_approval', 'notify', 'block', 'log']),
+  description: z.string(),
+  timeout_minutes: z.number().int().min(0).optional(),
+});
+const ConstraintsBlockSchema = z.object({
+  rate_limits: z.object({ max_actions_per_minute: z.number().int().min(0) }),
+  budget: z.object({ max_cost_per_session_usd: z.number().min(0) }),
+  human_approval_required: z.array(z.string()),
+  prohibited_actions: z.array(z.string()),
+  escalation_rules: z.array(EscalationRuleSchema).optional(),
+});
+const ComplianceBlockSchema = z.object({
+  eu_ai_act: z.object({
+    risk_class: z.enum(['prohibited', 'high', 'limited', 'minimal']),
+    applicable_articles: z.array(z.string()),
+    deployer_obligations_met: z.array(z.string()),
+    deployer_obligations_pending: z.array(z.string()),
+  }),
+  /** Per-agent: passed / (passed + failed) × 100. No category weights. */
+  complior_score: z.number().min(0).max(100),
+  /** Project-wide: 8-category weighted average, capped at 40 if critical obligation fails. */
+  project_score: z.number().min(0).max(100).optional(),
+  last_scan: z.string(),
+  fria_completed: z.boolean().optional(),
+  fria_date: z.string().optional(),
+  worker_notification_sent: z.boolean().optional(),
+  worker_notification_date: z.string().optional(),
+  policy_generated: z.boolean().optional(),
+  policy_date: z.string().optional(),
+  ai_literacy: z.object({
+    training_completed: z.boolean().optional(),
+    last_training_date: z.string().optional(),
+    trained_count: z.number().int().min(0).optional(),
+    next_training_due: z.string().optional(),
+  }).optional(),
+  risk_management: z.object({
+    documented: z.boolean().optional(),
+    last_review: z.string().optional(),
+    risk_count: z.number().int().min(0).optional(),
+    residual_risks_accepted: z.number().int().min(0).optional(),
+    doc_quality: z.enum(['none', 'scaffold', 'draft', 'reviewed']).optional(),
+  }).optional(),
+  data_governance: z.object({
+    documented: z.boolean().optional(),
+    bias_tested: z.boolean().optional(),
+    last_audit: z.string().optional(),
+    doc_quality: z.enum(['none', 'scaffold', 'draft', 'reviewed']).optional(),
+  }).optional(),
+  technical_documentation: z.object({
+    documented: z.boolean().optional(),
+    last_update: z.string().optional(),
+    doc_quality: z.enum(['none', 'scaffold', 'draft', 'reviewed']).optional(),
+  }).optional(),
+  declaration_of_conformity: z.object({
+    documented: z.boolean().optional(),
+    date: z.string().optional(),
+    doc_quality: z.enum(['none', 'scaffold', 'draft', 'reviewed']).optional(),
+  }).optional(),
+  art5_screening: z.object({
+    completed: z.boolean().optional(),
+    date: z.string().optional(),
+    doc_quality: z.enum(['none', 'scaffold', 'draft', 'reviewed']).optional(),
+  }).optional(),
+  instructions_for_use: z.object({
+    documented: z.boolean().optional(),
+    last_update: z.string().optional(),
+    doc_quality: z.enum(['none', 'scaffold', 'draft', 'reviewed']).optional(),
+  }).optional(),
+  scan_summary: z.object({
+    total_checks: z.number().int().min(0),
+    passed: z.number().int().min(0),
+    failed: z.number().int().min(0),
+    skipped: z.number().int().min(0),
+    by_category: z.record(z.object({
+      passed: z.number().int().min(0),
+      failed: z.number().int().min(0),
+    })),
+    failed_checks: z.array(z.string()),
+    scan_date: z.string(),
+  }).optional(),
+  multi_framework: z.array(z.object({
+    framework_id: z.string(),
+    framework_name: z.string(),
+    score: z.number().min(0).max(100),
+    grade: z.string().optional(),
+    assessed_at: z.string().optional(),
+  })).optional(),
+  doc_quality_summary: z.object({
+    none: z.number().int().min(0),
+    scaffold: z.number().int().min(0),
+    draft: z.number().int().min(0),
+    reviewed: z.number().int().min(0),
+  }).optional(),
+});
+const OversightBlockSchema = z.object({
+  responsible_person: z.string(),
+  role: z.string(),
+  contact: z.string(),
+  override_mechanism: z.string(),
+  escalation_procedure: z.string(),
+});
+const DisclosureBlockSchema = z.object({
+  user_facing: z.boolean(),
+  disclosure_text: z.string(),
+  ai_marking: z.object({
+    responses_marked: z.boolean(),
+    method: z.string(),
+  }),
+});
+const LoggingBlockSchema = z.object({
+  actions_logged: z.boolean(),
+  retention_days: z.number().int().min(0),
+  includes_decision_rationale: z.boolean(),
+});
+const LifecycleBlockSchema = z.object({
+  status: z.enum(['draft', 'review', 'active', 'suspended', 'retired']),
+  deployed_since: z.string(),
+  next_review: z.string(),
+  review_frequency_days: z.number().int().min(1),
+});
+const InteropBlockSchema = z.object({
+  mcp_servers: z.array(z.object({
+    name: z.string(),
+    tools_allowed: z.array(z.string()),
+  })),
+});
+const SignatureBlockSchema = z.object({
+  algorithm: z.string(),
+  public_key: z.string(),
+  signed_at: z.string(),
+  hash: z.string(),
+  value: z.string(),
+});
+const SourceBlockSchema = z.object({
+  mode: z.enum(['auto', 'semi-auto', 'manual']),
+  generated_by: z.string(),
+  code_analyzed: z.boolean(),
+  fields_auto_filled: z.array(z.string()),
+  fields_manual: z.array(z.string()),
+  confidence: z.number().min(0).max(1),
+});
+// --- Main passport schema ---
+export const AgentPassportSchema = z.object({
+  $schema: z.string(),
+  manifest_version: z.string(),
+  agent_id: z.string(),
+  name: z.string(),
+  display_name: z.string(),
+  description: z.string(),
+  version: z.string(),
+  created: z.string(),
+  updated: z.string(),
+  owner: OwnerBlockSchema,
+  type: z.enum(['autonomous', 'assistive', 'hybrid']),
+  autonomy_level: z.enum(['L1', 'L2', 'L3', 'L4', 'L5']),
+  autonomy_evidence: AutonomyEvidenceSchema,
+  framework: z.string(),
+  model: ModelInfoSchema,
+  permissions: PermissionsBlockSchema,
+  constraints: ConstraintsBlockSchema,
+  compliance: ComplianceBlockSchema,
+  oversight: OversightBlockSchema.optional(),
+  disclosure: DisclosureBlockSchema,
+  logging: LoggingBlockSchema,
+  lifecycle: LifecycleBlockSchema,
+  interop: InteropBlockSchema,
+  upstream_registry: z.array(z.record(z.unknown())).optional(),
+  source_files: z.array(z.string()).optional(),
+  endpoints: z.array(z.string().url()).optional(),
+  source: SourceBlockSchema,
+  signature: SignatureBlockSchema,
+});
+export const parsePassport = (json: string): AgentPassport | null => {
+  try {
+    const result = AgentPassportSchema.safeParse(JSON.parse(json));
+    return result.success ? (result.data as AgentPassport) : null;
+  } catch {
+    return null;
+  }
+};