npm - @complior/engine - Versions diffs - 0.9.0 - Mend

@complior/engine 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (594) hide show

package/.well-known/ai-compliance.json +16 -0
package/COMPLIANCE.md +64 -0
package/data/data-integrity.test.ts +75 -0
package/data/eval/eval-mappings.json +33 -0
package/data/llm/model-pricing.json +15 -0
package/data/llm/model-routing.json +36 -0
package/data/onboarding/risk-profile.json +17 -0
package/data/regulations/eu-ai-act/README.md +245 -0
package/data/regulations/eu-ai-act/applicability-tree.json +160 -0
package/data/regulations/eu-ai-act/cross-mapping.json +175 -0
package/data/regulations/eu-ai-act/localization.json +186 -0
package/data/regulations/eu-ai-act/obligations.json +3981 -0
package/data/regulations/eu-ai-act/regulation-meta.json +482 -0
package/data/regulations/eu-ai-act/scoring.json +342 -0
package/data/regulations/eu-ai-act/technical-requirements.json +2590 -0
package/data/regulations/eu-ai-act/timeline.json +160 -0
package/data/regulations/jurisdictions/at.json +15 -0
package/data/regulations/jurisdictions/be.json +15 -0
package/data/regulations/jurisdictions/bg.json +15 -0
package/data/regulations/jurisdictions/cy.json +15 -0
package/data/regulations/jurisdictions/cz.json +15 -0
package/data/regulations/jurisdictions/de.json +15 -0
package/data/regulations/jurisdictions/dk.json +15 -0
package/data/regulations/jurisdictions/ee.json +15 -0
package/data/regulations/jurisdictions/es.json +15 -0
package/data/regulations/jurisdictions/fi.json +15 -0
package/data/regulations/jurisdictions/fr.json +15 -0
package/data/regulations/jurisdictions/gr.json +15 -0
package/data/regulations/jurisdictions/hr.json +15 -0
package/data/regulations/jurisdictions/hu.json +15 -0
package/data/regulations/jurisdictions/ie.json +15 -0
package/data/regulations/jurisdictions/is.json +15 -0
package/data/regulations/jurisdictions/it.json +15 -0
package/data/regulations/jurisdictions/li.json +15 -0
package/data/regulations/jurisdictions/lt.json +15 -0
package/data/regulations/jurisdictions/lu.json +15 -0
package/data/regulations/jurisdictions/lv.json +15 -0
package/data/regulations/jurisdictions/mt.json +15 -0
package/data/regulations/jurisdictions/nl.json +15 -0
package/data/regulations/jurisdictions/no.json +15 -0
package/data/regulations/jurisdictions/pl.json +15 -0
package/data/regulations/jurisdictions/pt.json +15 -0
package/data/regulations/jurisdictions/ro.json +15 -0
package/data/regulations/jurisdictions/se.json +15 -0
package/data/regulations/jurisdictions/si.json +15 -0
package/data/regulations/jurisdictions/sk.json +15 -0
package/data/scanner/check-id-categories.json +81 -0
package/data/scanner/confidence-params.json +16 -0
package/data/scanner/limits.json +4 -0
package/data/schemas/http-contract-sample.json +79 -0
package/data/schemas/http-contract.json +144 -0
package/data/semgrep-rules/bare-call.yaml +37 -0
package/data/semgrep-rules/injection.yaml +73 -0
package/data/semgrep-rules/missing-error-handling.yaml +58 -0
package/data/semgrep-rules/unsafe-deser.yaml +65 -0
package/data/templates/eu-ai-act/ai-literacy.md +184 -0
package/data/templates/eu-ai-act/art5-screening.md +131 -0
package/data/templates/eu-ai-act/data-governance.md +145 -0
package/data/templates/eu-ai-act/declaration-of-conformity.md +161 -0
package/data/templates/eu-ai-act/fria.md +127 -0
package/data/templates/eu-ai-act/gpai-systemic-risk.md +150 -0
package/data/templates/eu-ai-act/gpai-transparency.md +166 -0
package/data/templates/eu-ai-act/incident-report.md +188 -0
package/data/templates/eu-ai-act/instructions-for-use.md +202 -0
package/data/templates/eu-ai-act/monitoring-policy.md +110 -0
package/data/templates/eu-ai-act/qms.md +180 -0
package/data/templates/eu-ai-act/risk-management-system.md +123 -0
package/data/templates/eu-ai-act/technical-documentation.md +287 -0
package/data/templates/eu-ai-act/worker-notification.md +143 -0
package/data/templates/policies/biometrics-ai-policy.md +214 -0
package/data/templates/policies/critical-infra-ai-policy.md +228 -0
package/data/templates/policies/education-ai-policy.md +184 -0
package/data/templates/policies/finance-ai-policy.md +191 -0
package/data/templates/policies/healthcare-ai-policy.md +197 -0
package/data/templates/policies/hr-ai-policy.md +178 -0
package/data/templates/policies/legal-ai-policy.md +189 -0
package/data/templates/policies/migration-ai-policy.md +239 -0
package/engine.log +7 -0
package/package.json +74 -0
package/src/composition-root.ts +791 -0
package/src/data/eval/conformity-tests.test.ts +122 -0
package/src/data/eval/ct-1-transparency.ts +106 -0
package/src/data/eval/ct-10-gpai.ts +25 -0
package/src/data/eval/ct-11-industry.ts +42 -0
package/src/data/eval/ct-2-oversight.ts +41 -0
package/src/data/eval/ct-3-explanation.ts +14 -0
package/src/data/eval/ct-4-bias.ts +83 -0
package/src/data/eval/ct-5-accuracy.ts +41 -0
package/src/data/eval/ct-6-robustness.ts +81 -0
package/src/data/eval/ct-7-prohibited.ts +52 -0
package/src/data/eval/ct-8-logging.ts +68 -0
package/src/data/eval/ct-9-risk-awareness.ts +33 -0
package/src/data/eval/deterministic-evaluator.ts +120 -0
package/src/data/eval/index.ts +55 -0
package/src/data/eval/judge-prompts.ts +146 -0
package/src/data/eval/llm-judged-tests.ts +279 -0
package/src/data/eval/llm-tests.test.ts +83 -0
package/src/data/eval/remediation/ct-1-transparency.ts +91 -0
package/src/data/eval/remediation/ct-10-gpai.ts +94 -0
package/src/data/eval/remediation/ct-11-industry.ts +94 -0
package/src/data/eval/remediation/ct-2-oversight.ts +71 -0
package/src/data/eval/remediation/ct-3-explanation.ts +70 -0
package/src/data/eval/remediation/ct-4-bias.ts +70 -0
package/src/data/eval/remediation/ct-5-accuracy.ts +70 -0
package/src/data/eval/remediation/ct-6-robustness.ts +70 -0
package/src/data/eval/remediation/ct-7-prohibited.ts +94 -0
package/src/data/eval/remediation/ct-8-logging.ts +94 -0
package/src/data/eval/remediation/ct-9-risk-awareness.ts +94 -0
package/src/data/eval/remediation/index.ts +89 -0
package/src/data/eval/remediation/owasp-art5.ts +15 -0
package/src/data/eval/remediation/owasp-llm01.ts +72 -0
package/src/data/eval/remediation/owasp-llm02.ts +72 -0
package/src/data/eval/remediation/owasp-llm03.ts +15 -0
package/src/data/eval/remediation/owasp-llm04.ts +15 -0
package/src/data/eval/remediation/owasp-llm05.ts +15 -0
package/src/data/eval/remediation/owasp-llm06.ts +15 -0
package/src/data/eval/remediation/owasp-llm07.ts +15 -0
package/src/data/eval/remediation/owasp-llm08.ts +15 -0
package/src/data/eval/remediation/owasp-llm09.ts +15 -0
package/src/data/eval/remediation/owasp-llm10.ts +15 -0
package/src/data/eval/remediation/remediation.test.ts +229 -0
package/src/data/eval/remediation/test-mapping.ts +290 -0
package/src/data/eval/security-rubrics.ts +381 -0
package/src/data/finding-explanations.json +453 -0
package/src/data/industry-patterns.ts +161 -0
package/src/data/registry-cards.ts +368 -0
package/src/data/regulation/index.ts +5 -0
package/src/data/regulation/jurisdiction-data.test.ts +73 -0
package/src/data/regulation/jurisdiction-data.ts +65 -0
package/src/data/regulation/regulation-data.ts +19 -0
package/src/data/regulation/regulation-loader.test.ts +107 -0
package/src/data/regulation/regulation-loader.ts +56 -0
package/src/data/scanner-constants.ts +46 -0
package/src/data/schemas/schemas-core.ts +140 -0
package/src/data/schemas/schemas-supplementary.ts +211 -0
package/src/data/schemas/schemas.ts +28 -0
package/src/data/security/attack-probes.test.ts +62 -0
package/src/data/security/attack-probes.ts +496 -0
package/src/data/security/eu-ai-act-security.ts +40 -0
package/src/data/security/index.ts +19 -0
package/src/data/security/mitre-atlas.test.ts +43 -0
package/src/data/security/mitre-atlas.ts +93 -0
package/src/data/security/nist-ai-rmf.ts +43 -0
package/src/data/security/owasp-llm-top10.test.ts +60 -0
package/src/data/security/owasp-llm-top10.ts +138 -0
package/src/data/template-registry.ts +53 -0
package/src/data/tool-versions.json +22 -0
package/src/domain/audit/audit-package.test.ts +152 -0
package/src/domain/audit/audit-package.ts +166 -0
package/src/domain/audit/audit-trail.test.ts +121 -0
package/src/domain/audit/audit-trail.ts +174 -0
package/src/domain/audit/index.ts +8 -0
package/src/domain/audit/permissions-matrix.test.ts +136 -0
package/src/domain/audit/permissions-matrix.ts +121 -0
package/src/domain/certification/adversarial/bias-tests.ts +95 -0
package/src/domain/certification/adversarial/evaluators.ts +304 -0
package/src/domain/certification/adversarial/index.ts +11 -0
package/src/domain/certification/adversarial/prompt-injection.ts +103 -0
package/src/domain/certification/adversarial/safety-boundary.ts +132 -0
package/src/domain/certification/aiuc1-readiness.test.ts +236 -0
package/src/domain/certification/aiuc1-readiness.ts +298 -0
package/src/domain/certification/aiuc1-requirements.ts +235 -0
package/src/domain/certification/index.ts +10 -0
package/src/domain/certification/redteam-runner.test.ts +97 -0
package/src/domain/certification/redteam-runner.ts +205 -0
package/src/domain/certification/test-runner.test.ts +232 -0
package/src/domain/certification/test-runner.ts +289 -0
package/src/domain/cost/cost-estimator.test.ts +187 -0
package/src/domain/cost/cost-estimator.ts +133 -0
package/src/domain/disclaimer.test.ts +52 -0
package/src/domain/disclaimer.ts +39 -0
package/src/domain/documents/ai-enricher.test.ts +120 -0
package/src/domain/documents/ai-enricher.ts +159 -0
package/src/domain/documents/document-generator.test.ts +318 -0
package/src/domain/documents/document-generator.ts +239 -0
package/src/domain/documents/index.ts +9 -0
package/src/domain/documents/passport-helpers.ts +25 -0
package/src/domain/documents/policy-generator.test.ts +252 -0
package/src/domain/documents/policy-generator.ts +94 -0
package/src/domain/documents/worker-notification-generator.test.ts +162 -0
package/src/domain/documents/worker-notification-generator.ts +141 -0
package/src/domain/eval/adapters/adapter-port.ts +94 -0
package/src/domain/eval/adapters/adapters.test.ts +303 -0
package/src/domain/eval/adapters/anthropic-adapter.ts +57 -0
package/src/domain/eval/adapters/auto-detect.ts +104 -0
package/src/domain/eval/adapters/create-chat-adapter.ts +106 -0
package/src/domain/eval/adapters/custom-adapter.ts +74 -0
package/src/domain/eval/adapters/http-adapter.ts +66 -0
package/src/domain/eval/adapters/index.ts +7 -0
package/src/domain/eval/adapters/ollama-adapter.ts +48 -0
package/src/domain/eval/adapters/openai-adapter.ts +58 -0
package/src/domain/eval/adapters/with-timeout.ts +25 -0
package/src/domain/eval/conformity-score.test.ts +161 -0
package/src/domain/eval/conformity-score.ts +135 -0
package/src/domain/eval/eval-constants.ts +55 -0
package/src/domain/eval/eval-evidence.test.ts +85 -0
package/src/domain/eval/eval-evidence.ts +103 -0
package/src/domain/eval/eval-fix-generator.test.ts +421 -0
package/src/domain/eval/eval-fix-generator.ts +205 -0
package/src/domain/eval/eval-passport.test.ts +82 -0
package/src/domain/eval/eval-passport.ts +89 -0
package/src/domain/eval/eval-remediation-report.test.ts +682 -0
package/src/domain/eval/eval-remediation-report.ts +170 -0
package/src/domain/eval/eval-report.ts +108 -0
package/src/domain/eval/eval-runner.test.ts +609 -0
package/src/domain/eval/eval-runner.ts +593 -0
package/src/domain/eval/eval-to-findings.test.ts +293 -0
package/src/domain/eval/eval-to-findings.ts +83 -0
package/src/domain/eval/index.ts +31 -0
package/src/domain/eval/llm-judge.test.ts +139 -0
package/src/domain/eval/llm-judge.ts +168 -0
package/src/domain/eval/remediation-types.ts +90 -0
package/src/domain/eval/security-integration.test.ts +196 -0
package/src/domain/eval/security-integration.ts +136 -0
package/src/domain/eval/types.test.ts +173 -0
package/src/domain/eval/types.ts +244 -0
package/src/domain/eval/verdict-utils.ts +45 -0
package/src/domain/fixer/create-fixer.ts +101 -0
package/src/domain/fixer/diff.ts +70 -0
package/src/domain/fixer/fix-history.ts +23 -0
package/src/domain/fixer/fixer.test.ts +306 -0
package/src/domain/fixer/index.ts +9 -0
package/src/domain/fixer/strategies/bandit-fix.ts +61 -0
package/src/domain/fixer/strategies/bias-testing.ts +49 -0
package/src/domain/fixer/strategies/ci-compliance.ts +57 -0
package/src/domain/fixer/strategies/content-marking.ts +45 -0
package/src/domain/fixer/strategies/cve-upgrade.ts +66 -0
package/src/domain/fixer/strategies/data-governance.ts +65 -0
package/src/domain/fixer/strategies/disclosure.ts +69 -0
package/src/domain/fixer/strategies/doc-code-sync.ts +53 -0
package/src/domain/fixer/strategies/documentation.ts +59 -0
package/src/domain/fixer/strategies/error-handler.ts +63 -0
package/src/domain/fixer/strategies/hitl-gate.ts +67 -0
package/src/domain/fixer/strategies/index.ts +61 -0
package/src/domain/fixer/strategies/kill-switch-test.ts +85 -0
package/src/domain/fixer/strategies/kill-switch.ts +53 -0
package/src/domain/fixer/strategies/license-fix.ts +57 -0
package/src/domain/fixer/strategies/log-retention.ts +40 -0
package/src/domain/fixer/strategies/logging.ts +59 -0
package/src/domain/fixer/strategies/metadata.ts +45 -0
package/src/domain/fixer/strategies/permission-guard.ts +84 -0
package/src/domain/fixer/strategies/record-keeping.ts +69 -0
package/src/domain/fixer/strategies/secret-rotation.ts +52 -0
package/src/domain/fixer/strategies.test.ts +341 -0
package/src/domain/fixer/template-engine.test.ts +64 -0
package/src/domain/fixer/template-engine.ts +38 -0
package/src/domain/fixer/types.ts +88 -0
package/src/domain/frameworks/aiuc1-framework.test.ts +159 -0
package/src/domain/frameworks/aiuc1-framework.ts +126 -0
package/src/domain/frameworks/collect-foundation-metrics.test.ts +96 -0
package/src/domain/frameworks/collect-foundation-metrics.ts +34 -0
package/src/domain/frameworks/eu-ai-act-framework.test.ts +117 -0
package/src/domain/frameworks/eu-ai-act-framework.ts +100 -0
package/src/domain/frameworks/framework-registry.test.ts +91 -0
package/src/domain/frameworks/framework-registry.ts +38 -0
package/src/domain/frameworks/index.ts +8 -0
package/src/domain/frameworks/mitre-atlas-framework.test.ts +53 -0
package/src/domain/frameworks/mitre-atlas-framework.ts +53 -0
package/src/domain/frameworks/owasp-llm-framework.test.ts +77 -0
package/src/domain/frameworks/owasp-llm-framework.ts +54 -0
package/src/domain/frameworks/score-plugin-framework.ts +117 -0
package/src/domain/fria/fria-generator.test.ts +273 -0
package/src/domain/fria/fria-generator.ts +366 -0
package/src/domain/import/promptfoo-importer.test.ts +103 -0
package/src/domain/import/promptfoo-importer.ts +151 -0
package/src/domain/onboarding/guided-onboarding.test.ts +144 -0
package/src/domain/onboarding/guided-onboarding.ts +135 -0
package/src/domain/passport/builder/domain-mapper.ts +9 -0
package/src/domain/passport/builder/manifest-builder.test.ts +546 -0
package/src/domain/passport/builder/manifest-builder.ts +535 -0
package/src/domain/passport/builder/manifest-diff.test.ts +105 -0
package/src/domain/passport/builder/manifest-diff.ts +89 -0
package/src/domain/passport/builder/manifest-files.ts +17 -0
package/src/domain/passport/crypto-signer.test.ts +93 -0
package/src/domain/passport/crypto-signer.ts +157 -0
package/src/domain/passport/discovery/agent-discovery.test.ts +296 -0
package/src/domain/passport/discovery/agent-discovery.ts +325 -0
package/src/domain/passport/discovery/autonomy-analyzer.test.ts +141 -0
package/src/domain/passport/discovery/autonomy-analyzer.ts +113 -0
package/src/domain/passport/discovery/permission-scanner.test.ts +191 -0
package/src/domain/passport/discovery/permission-scanner.ts +414 -0
package/src/domain/passport/export/a2a-mapper.ts +75 -0
package/src/domain/passport/export/aiuc1-mapper.ts +126 -0
package/src/domain/passport/export/export.test.ts +207 -0
package/src/domain/passport/export/index.ts +41 -0
package/src/domain/passport/export/nist-mapper.ts +227 -0
package/src/domain/passport/import/a2a-importer.test.ts +133 -0
package/src/domain/passport/import/a2a-importer.ts +156 -0
package/src/domain/passport/import/index.ts +2 -0
package/src/domain/passport/index.ts +32 -0
package/src/domain/passport/obligation-field-map.test.ts +113 -0
package/src/domain/passport/obligation-field-map.ts +117 -0
package/src/domain/passport/passport-validator.test.ts +156 -0
package/src/domain/passport/passport-validator.ts +126 -0
package/src/domain/passport/scan-to-compliance.test.ts +336 -0
package/src/domain/passport/scan-to-compliance.ts +166 -0
package/src/domain/passport/test-generator.test.ts +93 -0
package/src/domain/passport/test-generator.ts +136 -0
package/src/domain/proxy/index.ts +11 -0
package/src/domain/proxy/json-rpc.test.ts +72 -0
package/src/domain/proxy/json-rpc.ts +53 -0
package/src/domain/proxy/policy-engine.test.ts +259 -0
package/src/domain/proxy/policy-engine.ts +137 -0
package/src/domain/proxy/proxy-bridge.ts +125 -0
package/src/domain/proxy/proxy-interceptor.test.ts +184 -0
package/src/domain/proxy/proxy-interceptor.ts +120 -0
package/src/domain/proxy/proxy-types.ts +35 -0
package/src/domain/registry/compute-agent-score.test.ts +279 -0
package/src/domain/registry/compute-agent-score.ts +162 -0
package/src/domain/reporter/audit-report.test.ts +87 -0
package/src/domain/reporter/audit-report.ts +116 -0
package/src/domain/reporter/badge-generator.test.ts +54 -0
package/src/domain/reporter/badge-generator.ts +40 -0
package/src/domain/reporter/compliance-md.ts +45 -0
package/src/domain/reporter/index.ts +7 -0
package/src/domain/reporter/pdf-renderer.ts +282 -0
package/src/domain/reporter/share.test.ts +92 -0
package/src/domain/reporter/share.ts +80 -0
package/src/domain/scanner/ast/swc-analyzer.test.ts +49 -0
package/src/domain/scanner/ast/swc-analyzer.ts +124 -0
package/src/domain/scanner/attestations.ts +97 -0
package/src/domain/scanner/checks/ai-disclosure.test.ts +90 -0
package/src/domain/scanner/checks/ai-disclosure.ts +54 -0
package/src/domain/scanner/checks/ai-literacy.ts +163 -0
package/src/domain/scanner/checks/behavioral-constraints.test.ts +167 -0
package/src/domain/scanner/checks/behavioral-constraints.ts +86 -0
package/src/domain/scanner/checks/compliance-metadata.ts +63 -0
package/src/domain/scanner/checks/content-marking.ts +74 -0
package/src/domain/scanner/checks/dep-deep-scan.test.ts +318 -0
package/src/domain/scanner/checks/dep-deep-scan.ts +137 -0
package/src/domain/scanner/checks/documentation.test.ts +88 -0
package/src/domain/scanner/checks/documentation.ts +79 -0
package/src/domain/scanner/checks/git-history.test.ts +120 -0
package/src/domain/scanner/checks/git-history.ts +163 -0
package/src/domain/scanner/checks/gpai-systemic-risk.test.ts +84 -0
package/src/domain/scanner/checks/gpai-systemic-risk.ts +98 -0
package/src/domain/scanner/checks/gpai-transparency.ts +94 -0
package/src/domain/scanner/checks/index.ts +28 -0
package/src/domain/scanner/checks/industry/index.ts +40 -0
package/src/domain/scanner/checks/industry/industry.test.ts +287 -0
package/src/domain/scanner/checks/interaction-logging.test.ts +113 -0
package/src/domain/scanner/checks/interaction-logging.ts +142 -0
package/src/domain/scanner/checks/nhi-scanner.test.ts +158 -0
package/src/domain/scanner/checks/nhi-scanner.ts +78 -0
package/src/domain/scanner/checks/passport-completeness.test.ts +127 -0
package/src/domain/scanner/checks/passport-completeness.ts +82 -0
package/src/domain/scanner/checks/passport-presence.test.ts +56 -0
package/src/domain/scanner/checks/passport-presence.ts +78 -0
package/src/domain/scanner/checks/pattern-check-factory.ts +70 -0
package/src/domain/scanner/checks/permission-scanner.test.ts +279 -0
package/src/domain/scanner/checks/permission-scanner.ts +90 -0
package/src/domain/scanner/checks/presence-check-factory.test.ts +124 -0
package/src/domain/scanner/checks/presence-check-factory.ts +275 -0
package/src/domain/scanner/compliance-diff.test.ts +165 -0
package/src/domain/scanner/compliance-diff.ts +138 -0
package/src/domain/scanner/confidence.test.ts +235 -0
package/src/domain/scanner/confidence.ts +156 -0
package/src/domain/scanner/constants.ts +13 -0
package/src/domain/scanner/create-scanner.ts +573 -0
package/src/domain/scanner/cross-layer.test.ts +372 -0
package/src/domain/scanner/cross-layer.ts +232 -0
package/src/domain/scanner/data/ai-packages.ts +82 -0
package/src/domain/scanner/debt-calculator.test.ts +89 -0
package/src/domain/scanner/debt-calculator.ts +111 -0
package/src/domain/scanner/drift.test.ts +191 -0
package/src/domain/scanner/drift.ts +73 -0
package/src/domain/scanner/evidence-store.test.ts +207 -0
package/src/domain/scanner/evidence-store.ts +195 -0
package/src/domain/scanner/evidence.test.ts +104 -0
package/src/domain/scanner/evidence.ts +71 -0
package/src/domain/scanner/external/bandit-runner.test.ts +45 -0
package/src/domain/scanner/external/bandit-runner.ts +90 -0
package/src/domain/scanner/external/checks.ts +321 -0
package/src/domain/scanner/external/dedup.test.ts +79 -0
package/src/domain/scanner/external/dedup.ts +94 -0
package/src/domain/scanner/external/detect-secrets-runner.test.ts +58 -0
package/src/domain/scanner/external/detect-secrets-runner.ts +81 -0
package/src/domain/scanner/external/external-scanner.test.ts +221 -0
package/src/domain/scanner/external/external-scanner.ts +36 -0
package/src/domain/scanner/external/finding-mapper.test.ts +95 -0
package/src/domain/scanner/external/finding-mapper.ts +138 -0
package/src/domain/scanner/external/index.ts +15 -0
package/src/domain/scanner/external/mappings.ts +93 -0
package/src/domain/scanner/external/modelscan-runner.test.ts +35 -0
package/src/domain/scanner/external/modelscan-runner.ts +101 -0
package/src/domain/scanner/external/path-utils.ts +8 -0
package/src/domain/scanner/external/runner-port.ts +45 -0
package/src/domain/scanner/external/semgrep-runner.test.ts +52 -0
package/src/domain/scanner/external/semgrep-runner.ts +94 -0
package/src/domain/scanner/external/types.ts +32 -0
package/src/domain/scanner/finding-attribution.test.ts +444 -0
package/src/domain/scanner/finding-attribution.ts +195 -0
package/src/domain/scanner/finding-explainer.test.ts +157 -0
package/src/domain/scanner/finding-explainer.ts +73 -0
package/src/domain/scanner/fix-diff-builder.test.ts +272 -0
package/src/domain/scanner/fix-diff-builder.ts +477 -0
package/src/domain/scanner/import-graph.test.ts +162 -0
package/src/domain/scanner/import-graph.ts +198 -0
package/src/domain/scanner/languages/adapter.test.ts +105 -0
package/src/domain/scanner/languages/adapter.ts +239 -0
package/src/domain/scanner/layers/index.ts +24 -0
package/src/domain/scanner/layers/layer1-files.ts +54 -0
package/src/domain/scanner/layers/layer2-docs.test.ts +1207 -0
package/src/domain/scanner/layers/layer2-docs.ts +297 -0
package/src/domain/scanner/layers/layer2-parsing.ts +217 -0
package/src/domain/scanner/layers/layer3-config.test.ts +187 -0
package/src/domain/scanner/layers/layer3-config.ts +279 -0
package/src/domain/scanner/layers/layer3-parsers.ts +73 -0
package/src/domain/scanner/layers/layer4-patterns.test.ts +397 -0
package/src/domain/scanner/layers/layer4-patterns.ts +216 -0
package/src/domain/scanner/layers/layer5-docs.test.ts +99 -0
package/src/domain/scanner/layers/layer5-docs.ts +250 -0
package/src/domain/scanner/layers/layer5-llm.test.ts +146 -0
package/src/domain/scanner/layers/layer5-llm.ts +262 -0
package/src/domain/scanner/layers/layer5-targeted.test.ts +93 -0
package/src/domain/scanner/layers/layer5-targeted.ts +233 -0
package/src/domain/scanner/layers/lockfile-parsers.test.ts +320 -0
package/src/domain/scanner/layers/lockfile-parsers.ts +184 -0
package/src/domain/scanner/regulation-version.test.ts +54 -0
package/src/domain/scanner/regulation-version.ts +23 -0
package/src/domain/scanner/role-filter.test.ts +116 -0
package/src/domain/scanner/role-filter.ts +51 -0
package/src/domain/scanner/rules/banned-packages-data.ts +553 -0
package/src/domain/scanner/rules/banned-packages-sdk.ts +65 -0
package/src/domain/scanner/rules/banned-packages.test.ts +249 -0
package/src/domain/scanner/rules/banned-packages.ts +55 -0
package/src/domain/scanner/rules/comment-filter.test.ts +115 -0
package/src/domain/scanner/rules/comment-filter.ts +297 -0
package/src/domain/scanner/rules/index.ts +9 -0
package/src/domain/scanner/rules/nhi-patterns.test.ts +128 -0
package/src/domain/scanner/rules/nhi-patterns.ts +60 -0
package/src/domain/scanner/rules/pattern-rules.ts +1152 -0
package/src/domain/scanner/sbom.test.ts +136 -0
package/src/domain/scanner/sbom.ts +103 -0
package/src/domain/scanner/scan-cache.test.ts +136 -0
package/src/domain/scanner/scan-cache.ts +115 -0
package/src/domain/scanner/scanner.test.ts +125 -0
package/src/domain/scanner/score-calculator.test.ts +363 -0
package/src/domain/scanner/score-calculator.ts +189 -0
package/src/domain/scanner/security-score.test.ts +107 -0
package/src/domain/scanner/security-score.ts +116 -0
package/src/domain/scanner/source-filter.ts +24 -0
package/src/domain/scanner/validators.ts +223 -0
package/src/domain/shared/compliance-constants.ts +48 -0
package/src/domain/shared/disclosure-patterns.ts +16 -0
package/src/domain/shared/index.ts +6 -0
package/src/domain/shared/parse-dependencies.ts +21 -0
package/src/domain/supply-chain/dependency-analyzer.ts +138 -0
package/src/domain/supply-chain/index.ts +3 -0
package/src/domain/supply-chain/supply-chain.test.ts +211 -0
package/src/domain/supply-chain/types.ts +32 -0
package/src/domain/whatif/config-fixer.ts +187 -0
package/src/domain/whatif/index.ts +6 -0
package/src/domain/whatif/scenario-engine.ts +121 -0
package/src/domain/whatif/simulate-actions.test.ts +161 -0
package/src/domain/whatif/simulate-actions.ts +114 -0
package/src/domain/whatif/whatif.test.ts +135 -0
package/src/e2e/gaps-e2e.test.ts +259 -0
package/src/e2e/smoke.test.ts +101 -0
package/src/hooks/hooks-export.test.ts +81 -0
package/src/hooks/installer.ts +113 -0
package/src/http/cors.test.ts +38 -0
package/src/http/create-router.ts +259 -0
package/src/http/routes/agent.route.ts +380 -0
package/src/http/routes/audit.route.ts +66 -0
package/src/http/routes/badge.route.ts +23 -0
package/src/http/routes/cert.route.ts +66 -0
package/src/http/routes/chat.route.ts +228 -0
package/src/http/routes/cost.route.ts +33 -0
package/src/http/routes/debt.route.ts +29 -0
package/src/http/routes/disclaimer.route.ts +64 -0
package/src/http/routes/eval.route.ts +161 -0
package/src/http/routes/events.route.test.ts +108 -0
package/src/http/routes/events.route.ts +71 -0
package/src/http/routes/external-scan.route.ts +24 -0
package/src/http/routes/file.route.ts +54 -0
package/src/http/routes/fix.route.ts +219 -0
package/src/http/routes/frameworks.route.test.ts +66 -0
package/src/http/routes/frameworks.route.ts +36 -0
package/src/http/routes/git.route.ts +27 -0
package/src/http/routes/guided-onboarding.route.ts +65 -0
package/src/http/routes/import.route.ts +64 -0
package/src/http/routes/jurisdiction.route.ts +22 -0
package/src/http/routes/obligations.route.test.ts +122 -0
package/src/http/routes/obligations.route.ts +110 -0
package/src/http/routes/onboarding.route.ts +53 -0
package/src/http/routes/provider.route.ts +42 -0
package/src/http/routes/proxy.route.ts +40 -0
package/src/http/routes/redteam.route.ts +84 -0
package/src/http/routes/report.route.ts +29 -0
package/src/http/routes/scan.route.ts +104 -0
package/src/http/routes/share.route.ts +44 -0
package/src/http/routes/shell.route.ts +27 -0
package/src/http/routes/status.route.ts +66 -0
package/src/http/routes/supply-chain.route.ts +121 -0
package/src/http/routes/sync.route.ts +328 -0
package/src/http/routes/tools.route.ts +29 -0
package/src/http/routes/whatif.route.ts +96 -0
package/src/http/utils/validation.ts +31 -0
package/src/index.ts +1 -0
package/src/infra/bundle-fetcher.ts +77 -0
package/src/infra/cache-storage.ts +34 -0
package/src/infra/event-bus.ts +31 -0
package/src/infra/file-collector.ts +61 -0
package/src/infra/file-ops-adapter.ts +95 -0
package/src/infra/file-watcher.test.ts +90 -0
package/src/infra/file-watcher.ts +106 -0
package/src/infra/git-adapter.ts +93 -0
package/src/infra/git-history-adapter.ts +41 -0
package/src/infra/headless-browser.ts +178 -0
package/src/infra/llm-adapter.test.ts +83 -0
package/src/infra/llm-adapter.ts +86 -0
package/src/infra/logger.ts +27 -0
package/src/infra/project-config.test.ts +74 -0
package/src/infra/project-config.ts +35 -0
package/src/infra/rate-limiter.test.ts +36 -0
package/src/infra/rate-limiter.ts +34 -0
package/src/infra/retry.ts +46 -0
package/src/infra/saas-client.ts +123 -0
package/src/infra/search-adapter.ts +113 -0
package/src/infra/shell-adapter.ts +68 -0
package/src/infra/tool-manager.test.ts +99 -0
package/src/infra/tool-manager.ts +197 -0
package/src/llm/agents/agent-modes.test.ts +44 -0
package/src/llm/agents/modes.ts +68 -0
package/src/llm/routing/cost-routing.test.ts +37 -0
package/src/llm/routing/cost-tracker.ts +74 -0
package/src/llm/routing/model-routing.test.ts +79 -0
package/src/llm/routing/model-routing.ts +38 -0
package/src/llm/routing/pricing.ts +19 -0
package/src/llm/sse-protocol.ts +77 -0
package/src/llm/tool-definitions.ts +83 -0
package/src/llm/tool-executors.ts +80 -0
package/src/llm/tools/types.ts +13 -0
package/src/mcp/create-mcp-stack.ts +82 -0
package/src/mcp/handlers.ts +245 -0
package/src/mcp/index.ts +28 -0
package/src/mcp/mcp-server.test.ts +80 -0
package/src/mcp/server.ts +79 -0
package/src/mcp/tools.ts +48 -0
package/src/onboarding/auto-detect.ts +164 -0
package/src/onboarding/onboarding.test.ts +89 -0
package/src/onboarding/profile.ts +169 -0
package/src/onboarding/questions.ts +112 -0
package/src/onboarding/wizard.ts +66 -0
package/src/output/github-issue.ts +32 -0
package/src/output/json-output.ts +67 -0
package/src/ports/browser.port.ts +23 -0
package/src/ports/events.port.ts +28 -0
package/src/ports/llm.port.ts +23 -0
package/src/ports/logger.port.ts +6 -0
package/src/ports/process.port.ts +6 -0
package/src/ports/scanner.port.ts +15 -0
package/src/server.ts +134 -0
package/src/services/badge-service.ts +67 -0
package/src/services/chat-service.test.ts +162 -0
package/src/services/chat-service.ts +152 -0
package/src/services/cost-service.ts +52 -0
package/src/services/debt-service.ts +65 -0
package/src/services/eval-integration.test.ts +132 -0
package/src/services/eval-service.test.ts +373 -0
package/src/services/eval-service.ts +463 -0
package/src/services/external-scan-service.ts +60 -0
package/src/services/file-service.ts +37 -0
package/src/services/fix-service.test.ts +470 -0
package/src/services/fix-service.ts +648 -0
package/src/services/framework-service.test.ts +159 -0
package/src/services/framework-service.ts +67 -0
package/src/services/onboarding-service.ts +165 -0
package/src/services/passport-audit.ts +244 -0
package/src/services/passport-documents.ts +258 -0
package/src/services/passport-service-utils.ts +72 -0
package/src/services/passport-service.test.ts +251 -0
package/src/services/passport-service.ts +339 -0
package/src/services/proxy-service.ts +81 -0
package/src/services/report-service.ts +72 -0
package/src/services/scan-service.test.ts +470 -0
package/src/services/scan-service.ts +335 -0
package/src/services/share-service.ts +108 -0
package/src/services/shared/backup.ts +23 -0
package/src/services/status-service.ts +38 -0
package/src/services/undo-service.test.ts +190 -0
package/src/services/undo-service.ts +144 -0
package/src/test-helpers/factories.ts +116 -0
package/src/types/common.schemas.ts +147 -0
package/src/types/common.types.ts +292 -0
package/src/types/contract.test.ts +217 -0
package/src/types/errors.ts +52 -0
package/src/types/framework.types.ts +87 -0
package/src/types/passport-schemas.ts +241 -0
package/src/types/passport.types.ts +296 -0
package/src/version.ts +1 -0
package/tsconfig.json +20 -0
package/vitest.config.ts +9 -0

package/src/data/registry-cards.ts ADDED Viewed

@@ -0,0 +1,368 @@
+/** Расширение EU AI Act assessment для LLM-моделей (pending SaaS adoption) */
+export interface EuAiActModelAssessment {
+  readonly risk_level?: string;
+  readonly risk_reasoning?: string;
+  readonly applicable_obligation_ids?: readonly string[];
+  readonly confidence?: string;
+  // Расширения для LLM-моделей (нет в SaaS пока):
+  readonly training_cutoff?: string;
+  readonly license?: string;
+  readonly gpai_compliant?: boolean | null;
+  readonly eu_representative?: string | null;
+  readonly limitations?: readonly string[];
+  readonly known_risks?: readonly string[];
+}
+/**
+ * CLI-представление карточки AI-системы из реестра.
+ * Структурно совместим с SaaS RegistryTool (PROJECT/frontend/lib/registry.ts).
+ * Опущены DB-поля: registryToolId, seo, active, createdAt, updatedAt.
+ */
+export interface RegistryToolCard {
+  readonly slug: string;
+  readonly name: string;
+  readonly provider: { readonly name: string; readonly website?: string };
+  readonly description: string | null;
+  readonly category: string | null;
+  readonly riskLevel: string | null;
+  readonly aiActRole: string | null;
+  readonly level: 'classified' | 'scanned' | 'verified';
+  readonly assessments: {
+    readonly 'eu-ai-act'?: EuAiActModelAssessment;
+  } | null;
+  readonly detectionPatterns: {
+    readonly code?: Readonly<Record<string, string | readonly string[]>>;
+  } | null;
+  readonly evidence: readonly {
+    readonly date: string;
+    readonly title: string;
+    readonly type?: string;
+  }[] | null;
+  readonly capabilities: readonly string[] | null;
+  readonly jurisdictions: readonly string[] | null;
+  readonly vendorCountry: string | null;
+  readonly dataResidency: string | null;
+}
+export const REGISTRY_CARDS: readonly RegistryToolCard[] = Object.freeze([
+  {
+    slug: 'gpt-4o',
+    name: 'GPT-4o',
+    provider: { name: 'OpenAI', website: 'https://openai.com/policies' },
+    description: 'Multimodal GPT model with vision, text, and code capabilities',
+    category: 'api_platform',
+    riskLevel: 'gpai_systemic',
+    aiActRole: 'provider',
+    level: 'classified',
+    assessments: {
+      'eu-ai-act': {
+        risk_level: 'gpai_systemic',
+        risk_reasoning: 'GPAI model per Art.51. Systemic risk classification likely. No EU representative disclosed',
+        applicable_obligation_ids: ['OBL-026'],
+        confidence: 'medium',
+        training_cutoff: '2024-10',
+        license: 'proprietary',
+        gpai_compliant: null,
+        eu_representative: null,
+        limitations: ['hallucination risk', 'no real-time data', 'context window limit'],
+        known_risks: ['bias in training data', 'prompt injection susceptibility', 'overconfident outputs'],
+      },
+    },
+    detectionPatterns: { code: { npm: ['openai'], pip: ['openai'] } },
+    evidence: null,
+    capabilities: ['text generation', 'code generation', 'multimodal (vision)', 'function calling', 'reasoning'],
+    jurisdictions: ['US'],
+    vendorCountry: 'US',
+    dataResidency: 'US',
+  },
+  {
+    slug: 'gpt-4o-mini',
+    name: 'GPT-4o Mini',
+    provider: { name: 'OpenAI', website: 'https://openai.com/policies' },
+    description: 'Lightweight GPT model for cost-efficient text and code tasks',
+    category: 'api_platform',
+    riskLevel: 'gpai',
+    aiActRole: 'provider',
+    level: 'classified',
+    assessments: {
+      'eu-ai-act': {
+        risk_level: 'gpai',
+        risk_reasoning: 'GPAI model per Art.51. Below systemic risk threshold',
+        applicable_obligation_ids: ['OBL-026'],
+        confidence: 'medium',
+        training_cutoff: '2024-10',
+        license: 'proprietary',
+        gpai_compliant: null,
+        eu_representative: null,
+        limitations: ['reduced reasoning vs GPT-4o', 'hallucination risk'],
+        known_risks: ['bias in training data', 'prompt injection susceptibility'],
+      },
+    },
+    detectionPatterns: { code: { npm: ['openai'], pip: ['openai'] } },
+    evidence: null,
+    capabilities: ['text generation', 'code generation', 'function calling'],
+    jurisdictions: ['US'],
+    vendorCountry: 'US',
+    dataResidency: 'US',
+  },
+  {
+    slug: 'o1',
+    name: 'OpenAI o1',
+    provider: { name: 'OpenAI', website: 'https://openai.com/policies' },
+    description: 'Advanced reasoning model with multi-step problem solving',
+    category: 'api_platform',
+    riskLevel: 'gpai_systemic',
+    aiActRole: 'provider',
+    level: 'classified',
+    assessments: {
+      'eu-ai-act': {
+        risk_level: 'gpai_systemic',
+        risk_reasoning: 'GPAI model per Art.51. Systemic risk due to advanced reasoning capabilities',
+        applicable_obligation_ids: ['OBL-026'],
+        confidence: 'medium',
+        training_cutoff: '2024-10',
+        license: 'proprietary',
+        gpai_compliant: null,
+        eu_representative: null,
+        limitations: ['high latency', 'higher cost', 'no streaming in reasoning phase'],
+        known_risks: ['chain-of-thought manipulation', 'overconfident reasoning', 'training data bias'],
+      },
+    },
+    detectionPatterns: { code: { npm: ['openai'], pip: ['openai'] } },
+    evidence: null,
+    capabilities: ['advanced reasoning', 'multi-step problem solving', 'code generation', 'math'],
+    jurisdictions: ['US'],
+    vendorCountry: 'US',
+    dataResidency: 'US',
+  },
+  {
+    slug: 'claude-opus-4',
+    name: 'Claude Opus 4',
+    provider: { name: 'Anthropic', website: 'https://www.anthropic.com/policies' },
+    description: 'Frontier model with extended thinking and Constitutional AI alignment',
+    category: 'api_platform',
+    riskLevel: 'gpai_systemic',
+    aiActRole: 'provider',
+    level: 'classified',
+    assessments: {
+      'eu-ai-act': {
+        risk_level: 'gpai_systemic',
+        risk_reasoning: 'GPAI model per Art.51. Constitutional AI alignment approach. Systemic risk classification likely',
+        applicable_obligation_ids: ['OBL-026'],
+        confidence: 'medium',
+        training_cutoff: '2025-03',
+        license: 'proprietary',
+        gpai_compliant: null,
+        eu_representative: null,
+        limitations: ['no real-time data', 'context window limit', 'no internet access'],
+        known_risks: ['hallucination risk', 'training data bias', 'sycophancy tendency'],
+      },
+    },
+    detectionPatterns: { code: { npm: ['@anthropic-ai/sdk'], pip: ['anthropic'] } },
+    evidence: null,
+    capabilities: ['text generation', 'code generation', 'analysis', 'multimodal (vision)', 'extended thinking'],
+    jurisdictions: ['US'],
+    vendorCountry: 'US',
+    dataResidency: 'US',
+  },
+  {
+    slug: 'claude-sonnet-4',
+    name: 'Claude Sonnet 4',
+    provider: { name: 'Anthropic', website: 'https://www.anthropic.com/policies' },
+    description: 'Balanced model for text, code, and multimodal analysis',
+    category: 'api_platform',
+    riskLevel: 'gpai',
+    aiActRole: 'provider',
+    level: 'classified',
+    assessments: {
+      'eu-ai-act': {
+        risk_level: 'gpai',
+        risk_reasoning: 'GPAI model per Art.51. Below systemic risk threshold',
+        applicable_obligation_ids: ['OBL-026'],
+        confidence: 'medium',
+        training_cutoff: '2025-03',
+        license: 'proprietary',
+        gpai_compliant: null,
+        eu_representative: null,
+        limitations: ['reduced capability vs Opus', 'no real-time data'],
+        known_risks: ['hallucination risk', 'training data bias'],
+      },
+    },
+    detectionPatterns: { code: { npm: ['@anthropic-ai/sdk'], pip: ['anthropic'] } },
+    evidence: null,
+    capabilities: ['text generation', 'code generation', 'analysis', 'multimodal (vision)'],
+    jurisdictions: ['US'],
+    vendorCountry: 'US',
+    dataResidency: 'US',
+  },
+  {
+    slug: 'gemini-2.0-flash',
+    name: 'Gemini 2.0 Flash',
+    provider: { name: 'Google', website: 'https://ai.google/responsibility/principles/' },
+    description: 'Fast multimodal model optimized for low-latency tasks',
+    category: 'api_platform',
+    riskLevel: 'gpai',
+    aiActRole: 'provider',
+    level: 'classified',
+    assessments: {
+      'eu-ai-act': {
+        risk_level: 'gpai',
+        risk_reasoning: 'GPAI model per Art.51. EU data residency option available',
+        applicable_obligation_ids: ['OBL-026'],
+        confidence: 'medium',
+        training_cutoff: '2024-08',
+        license: 'proprietary',
+        gpai_compliant: null,
+        eu_representative: 'Google Ireland Limited',
+        limitations: ['lower accuracy on complex tasks', 'hallucination risk'],
+        known_risks: ['training data bias', 'geographic bias in knowledge'],
+      },
+    },
+    detectionPatterns: { code: { npm: ['@google/generative-ai'], pip: ['google-generativeai'] } },
+    evidence: null,
+    capabilities: ['text generation', 'multimodal', 'code generation', 'function calling'],
+    jurisdictions: ['US', 'EU'],
+    vendorCountry: 'US',
+    dataResidency: 'US',
+  },
+  {
+    slug: 'gemini-2.0-pro',
+    name: 'Gemini 2.0 Pro',
+    provider: { name: 'Google', website: 'https://ai.google/responsibility/principles/' },
+    description: 'High-capability multimodal model with reasoning and code generation',
+    category: 'api_platform',
+    riskLevel: 'gpai_systemic',
+    aiActRole: 'provider',
+    level: 'classified',
+    assessments: {
+      'eu-ai-act': {
+        risk_level: 'gpai_systemic',
+        risk_reasoning: 'GPAI model per Art.51. Systemic risk classification likely. EU data residency option available',
+        applicable_obligation_ids: ['OBL-026'],
+        confidence: 'medium',
+        training_cutoff: '2024-08',
+        license: 'proprietary',
+        gpai_compliant: null,
+        eu_representative: 'Google Ireland Limited',
+        limitations: ['hallucination risk', 'high cost'],
+        known_risks: ['training data bias', 'geographic bias', 'overconfident outputs'],
+      },
+    },
+    detectionPatterns: { code: { npm: ['@google/generative-ai'], pip: ['google-generativeai'] } },
+    evidence: null,
+    capabilities: ['text generation', 'multimodal', 'code generation', 'reasoning', 'function calling'],
+    jurisdictions: ['US', 'EU'],
+    vendorCountry: 'US',
+    dataResidency: 'US',
+  },
+  {
+    slug: 'mistral-large',
+    name: 'Mistral Large',
+    provider: { name: 'Mistral AI', website: 'https://mistral.ai/terms/' },
+    description: 'Large multilingual model from EU-headquartered provider',
+    category: 'api_platform',
+    riskLevel: 'gpai',
+    aiActRole: 'provider',
+    level: 'classified',
+    assessments: {
+      'eu-ai-act': {
+        risk_level: 'gpai',
+        risk_reasoning: 'EU-headquartered provider. GPAI model per Art.51. EU data residency by default',
+        applicable_obligation_ids: ['OBL-026'],
+        confidence: 'medium',
+        training_cutoff: '2024-11',
+        license: 'proprietary',
+        gpai_compliant: null,
+        eu_representative: 'Mistral AI (Paris, France)',
+        limitations: ['smaller knowledge base', 'less tested than GPT-4/Claude'],
+        known_risks: ['training data bias', 'limited safety testing disclosure'],
+      },
+    },
+    detectionPatterns: { code: { npm: ['@mistralai/mistralai'], pip: ['mistralai'] } },
+    evidence: null,
+    capabilities: ['text generation', 'code generation', 'multilingual', 'function calling'],
+    jurisdictions: ['EU', 'US'],
+    vendorCountry: 'FR',
+    dataResidency: 'EU',
+  },
+  {
+    slug: 'mistral-small',
+    name: 'Mistral Small',
+    provider: { name: 'Mistral AI', website: 'https://mistral.ai/terms/' },
+    description: 'Compact multilingual model for efficient text and code tasks',
+    category: 'api_platform',
+    riskLevel: 'gpai',
+    aiActRole: 'provider',
+    level: 'classified',
+    assessments: {
+      'eu-ai-act': {
+        risk_level: 'gpai',
+        risk_reasoning: 'EU-headquartered provider. Below systemic risk threshold',
+        applicable_obligation_ids: ['OBL-026'],
+        confidence: 'medium',
+        training_cutoff: '2024-11',
+        license: 'proprietary',
+        gpai_compliant: null,
+        eu_representative: 'Mistral AI (Paris, France)',
+        limitations: ['reduced capability vs Large', 'limited reasoning'],
+        known_risks: ['training data bias'],
+      },
+    },
+    detectionPatterns: { code: { npm: ['@mistralai/mistralai'], pip: ['mistralai'] } },
+    evidence: null,
+    capabilities: ['text generation', 'code generation', 'multilingual'],
+    jurisdictions: ['EU', 'US'],
+    vendorCountry: 'FR',
+    dataResidency: 'EU',
+  },
+  {
+    slug: 'llama-3',
+    name: 'Llama 3',
+    provider: { name: 'Meta', website: 'https://llama.meta.com/' },
+    description: 'Open-weight model for self-hosted text and code generation',
+    category: 'api_platform',
+    riskLevel: 'gpai',
+    aiActRole: 'provider',
+    level: 'classified',
+    assessments: {
+      'eu-ai-act': {
+        risk_level: 'gpai',
+        risk_reasoning: 'Open-weight model. Deployer assumes GPAI obligations if modified. Art.53(2) open-source exemption may apply',
+        applicable_obligation_ids: ['OBL-026'],
+        confidence: 'low',
+        training_cutoff: '2024-03',
+        license: 'llama-community',
+        gpai_compliant: null,
+        eu_representative: null,
+        limitations: ['no multimodal', 'requires self-hosting or third-party provider', 'limited function calling'],
+        known_risks: ['training data bias', 'deployer responsible for safety guardrails', 'no built-in content filtering'],
+      },
+    },
+    detectionPatterns: { code: { pip: ['llama-cpp-python', 'transformers'] } },
+    evidence: null,
+    capabilities: ['text generation', 'code generation', 'multilingual', 'on-premise deployment'],
+    jurisdictions: ['self-hosted'],
+    vendorCountry: 'US',
+    dataResidency: null,
+  },
+] as const);
+export const findRegistryCard = (slug: string): RegistryToolCard | undefined =>
+  REGISTRY_CARDS.find((c) => c.slug === slug);
+export const findRegistryCardsByProvider = (providerName: string): readonly RegistryToolCard[] =>
+  REGISTRY_CARDS.filter((c) => c.provider.name.toLowerCase() === providerName.toLowerCase());
+/** Regex matching all known model slugs. Longest-first to avoid partial matches (e.g. gpt-4o vs gpt-4o-mini). */
+export const REGISTRY_SLUG_PATTERN = new RegExp(
+  `\\b(?:${[...REGISTRY_CARDS].sort((a, b) => b.slug.length - a.slug.length || a.slug.localeCompare(b.slug)).map((c) => c.slug.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')).join('|')})\\b`,
+  'g',
+);
+/** Check if a card is classified as GPAI with systemic risk. */
+export const isGpaiSystemic = (card: RegistryToolCard): boolean =>
+  card.riskLevel === 'gpai_systemic';
+/** Get the provider name from a card. */
+export const getProviderName = (card: RegistryToolCard): string =>
+  card.provider.name;

package/src/data/regulation/index.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export { REGULATION_RAW } from './regulation-data.js';
+export { loadRegulationData, clearRegulationCache } from './regulation-loader.js';
+export type { RegulationData } from './regulation-loader.js';
+export { listJurisdictions, getJurisdiction, JurisdictionSchema } from './jurisdiction-data.js';
+export type { Jurisdiction } from './jurisdiction-data.js';

package/src/data/regulation/jurisdiction-data.test.ts ADDED Viewed

@@ -0,0 +1,73 @@
+import { describe, it, expect } from 'vitest';
+import { listJurisdictions, getJurisdiction, JurisdictionSchema } from './jurisdiction-data.js';
+describe('jurisdiction-data', () => {
+  it('lists all 30 jurisdictions', () => {
+    const jurisdictions = listJurisdictions();
+    expect(jurisdictions.length).toBe(30);
+  });
+  it('all jurisdictions validate against schema', () => {
+    for (const j of listJurisdictions()) {
+      const result = JurisdictionSchema.safeParse(j);
+      expect(result.success, `Failed for ${j.country_code}: ${JSON.stringify(result.error?.issues)}`).toBe(true);
+    }
+  });
+  it('getJurisdiction returns correct country', () => {
+    const de = getJurisdiction('de');
+    expect(de).toBeDefined();
+    expect(de!.country_name).toBe('Germany');
+    expect(de!.msa_name).toContain('Bundesnetzagentur');
+  });
+  it('getJurisdiction is case-insensitive', () => {
+    expect(getJurisdiction('DE')).toBeDefined();
+    expect(getJurisdiction('de')).toBeDefined();
+    expect(getJurisdiction('De')).toBeDefined();
+  });
+  it('getJurisdiction returns undefined for invalid code', () => {
+    expect(getJurisdiction('xx')).toBeUndefined();
+    expect(getJurisdiction('us')).toBeUndefined();
+  });
+  it('all country codes are unique', () => {
+    const codes = listJurisdictions().map(j => j.country_code);
+    expect(new Set(codes).size).toBe(30);
+  });
+  it('all countries have non-empty local_requirements', () => {
+    for (const j of listJurisdictions()) {
+      expect(j.local_requirements.length, `${j.country_code} has no local_requirements`).toBeGreaterThan(0);
+    }
+  });
+  it('all countries have valid enforcement_date format', () => {
+    for (const j of listJurisdictions()) {
+      expect(j.enforcement_date).toMatch(/^\d{4}-\d{2}-\d{2}$/);
+    }
+  });
+  it('EEA countries (IS, LI, NO) are included', () => {
+    expect(getJurisdiction('is')).toBeDefined();
+    expect(getJurisdiction('li')).toBeDefined();
+    expect(getJurisdiction('no')).toBeDefined();
+  });
+  it('France has CNIL as MSA', () => {
+    const fr = getJurisdiction('fr')!;
+    expect(fr.msa_name).toContain('CNIL');
+  });
+  it('Spain has AESIA as MSA', () => {
+    const es = getJurisdiction('es')!;
+    expect(es.msa_name).toContain('AESIA');
+  });
+  it('each jurisdiction has an msa_url starting with https', () => {
+    for (const j of listJurisdictions()) {
+      expect(j.msa_url, `${j.country_code} msa_url`).toMatch(/^https:\/\//);
+    }
+  });
+});

package/src/data/regulation/jurisdiction-data.ts ADDED Viewed

@@ -0,0 +1,65 @@
+import { z } from 'zod';
+export const JurisdictionSchema = z.object({
+  country_code: z.string().length(2),
+  country_name: z.string(),
+  msa_name: z.string(),
+  msa_url: z.string().url(),
+  msa_contact: z.string(),
+  local_requirements: z.array(z.string()),
+  enforcement_date: z.string(),
+  language: z.string(),
+  notes: z.string().optional(),
+});
+export type Jurisdiction = z.infer<typeof JurisdictionSchema>;
+// Import all 30 jurisdiction JSON files at compile time
+import atData from '../../../data/regulations/jurisdictions/at.json' with { type: 'json' };
+import beData from '../../../data/regulations/jurisdictions/be.json' with { type: 'json' };
+import bgData from '../../../data/regulations/jurisdictions/bg.json' with { type: 'json' };
+import hrData from '../../../data/regulations/jurisdictions/hr.json' with { type: 'json' };
+import cyData from '../../../data/regulations/jurisdictions/cy.json' with { type: 'json' };
+import czData from '../../../data/regulations/jurisdictions/cz.json' with { type: 'json' };
+import dkData from '../../../data/regulations/jurisdictions/dk.json' with { type: 'json' };
+import eeData from '../../../data/regulations/jurisdictions/ee.json' with { type: 'json' };
+import fiData from '../../../data/regulations/jurisdictions/fi.json' with { type: 'json' };
+import frData from '../../../data/regulations/jurisdictions/fr.json' with { type: 'json' };
+import deData from '../../../data/regulations/jurisdictions/de.json' with { type: 'json' };
+import grData from '../../../data/regulations/jurisdictions/gr.json' with { type: 'json' };
+import huData from '../../../data/regulations/jurisdictions/hu.json' with { type: 'json' };
+import ieData from '../../../data/regulations/jurisdictions/ie.json' with { type: 'json' };
+import itData from '../../../data/regulations/jurisdictions/it.json' with { type: 'json' };
+import lvData from '../../../data/regulations/jurisdictions/lv.json' with { type: 'json' };
+import ltData from '../../../data/regulations/jurisdictions/lt.json' with { type: 'json' };
+import luData from '../../../data/regulations/jurisdictions/lu.json' with { type: 'json' };
+import mtData from '../../../data/regulations/jurisdictions/mt.json' with { type: 'json' };
+import nlData from '../../../data/regulations/jurisdictions/nl.json' with { type: 'json' };
+import plData from '../../../data/regulations/jurisdictions/pl.json' with { type: 'json' };
+import ptData from '../../../data/regulations/jurisdictions/pt.json' with { type: 'json' };
+import roData from '../../../data/regulations/jurisdictions/ro.json' with { type: 'json' };
+import skData from '../../../data/regulations/jurisdictions/sk.json' with { type: 'json' };
+import siData from '../../../data/regulations/jurisdictions/si.json' with { type: 'json' };
+import esData from '../../../data/regulations/jurisdictions/es.json' with { type: 'json' };
+import seData from '../../../data/regulations/jurisdictions/se.json' with { type: 'json' };
+import isData from '../../../data/regulations/jurisdictions/is.json' with { type: 'json' };
+import liData from '../../../data/regulations/jurisdictions/li.json' with { type: 'json' };
+import noData from '../../../data/regulations/jurisdictions/no.json' with { type: 'json' };
+const RAW_DATA = [
+  atData, beData, bgData, hrData, cyData, czData, dkData, eeData, fiData, frData,
+  deData, grData, huData, ieData, itData, lvData, ltData, luData, mtData, nlData,
+  plData, ptData, roData, skData, siData, esData, seData, isData, liData, noData,
+];
+const ALL_JURISDICTIONS: readonly Jurisdiction[] = RAW_DATA.map(d => JurisdictionSchema.parse(d));
+const jurisdictionMap = new Map<string, Jurisdiction>(
+  ALL_JURISDICTIONS.map(j => [j.country_code.toLowerCase(), j])
+);
+export const getJurisdiction = (code: string): Jurisdiction | undefined =>
+  jurisdictionMap.get(code.toLowerCase());
+export const listJurisdictions = (): readonly Jurisdiction[] =>
+  ALL_JURISDICTIONS;

package/src/data/regulation/regulation-data.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import obligations from '../../../data/regulations/eu-ai-act/obligations.json' with { type: 'json' };
+import technicalRequirements from '../../../data/regulations/eu-ai-act/technical-requirements.json' with { type: 'json' };
+import scoring from '../../../data/regulations/eu-ai-act/scoring.json' with { type: 'json' };
+import regulationMeta from '../../../data/regulations/eu-ai-act/regulation-meta.json' with { type: 'json' };
+import applicabilityTree from '../../../data/regulations/eu-ai-act/applicability-tree.json' with { type: 'json' };
+import crossMapping from '../../../data/regulations/eu-ai-act/cross-mapping.json' with { type: 'json' };
+import localization from '../../../data/regulations/eu-ai-act/localization.json' with { type: 'json' };
+import timeline from '../../../data/regulations/eu-ai-act/timeline.json' with { type: 'json' };
+export const REGULATION_RAW = {
+  obligations,
+  technicalRequirements,
+  scoring,
+  regulationMeta,
+  applicabilityTree,
+  crossMapping,
+  localization,
+  timeline,
+} as const;

package/src/data/regulation/regulation-loader.test.ts ADDED Viewed

@@ -0,0 +1,107 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { loadRegulationData, clearRegulationCache } from './regulation-loader.js';
+describe('RegulationLoader', () => {
+  beforeEach(() => {
+    clearRegulationCache();
+  });
+  it('should load all 8 regulation files successfully', async () => {
+    const data = await loadRegulationData();
+    expect(data.obligations).toBeDefined();
+    expect(data.technicalRequirements).toBeDefined();
+    expect(data.scoring).toBeDefined();
+    expect(data.regulationMeta).toBeDefined();
+    expect(data.applicabilityTree).toBeDefined();
+    expect(data.crossMapping).toBeDefined();
+    expect(data.localization).toBeDefined();
+    expect(data.timeline).toBeDefined();
+  });
+  it('should validate obligations schema', async () => {
+    const data = await loadRegulationData();
+    expect(data.obligations._version).toBe('2.0');
+    expect(data.obligations.obligations.length).toBeGreaterThan(0);
+    const firstObligation = data.obligations.obligations[0];
+    expect(firstObligation?.obligation_id).toMatch(/^eu-ai-act-OBL-/);
+    expect(firstObligation?.article_reference).toBeDefined();
+    expect(firstObligation?.title).toBeDefined();
+    expect(firstObligation?.severity).toBeDefined();
+    expect(firstObligation?.applies_to_risk_level).toBeInstanceOf(Array);
+  });
+  it('should validate scoring schema', async () => {
+    const data = await loadRegulationData();
+    const scoring = data.scoring.scoring;
+    expect(scoring.regulation_id).toBe('eu-ai-act');
+    expect(scoring.total_obligations).toBeGreaterThan(0);
+    expect(scoring.critical_obligation_ids.length).toBeGreaterThan(0);
+    expect(scoring.weighted_categories.length).toBeGreaterThan(0);
+    expect(scoring.thresholds.red).toBeDefined();
+    expect(scoring.thresholds.yellow).toBeDefined();
+    expect(scoring.thresholds.green).toBeDefined();
+    const totalWeight = scoring.weighted_categories.reduce((sum, c) => sum + c.weight, 0);
+    expect(totalWeight).toBe(100);
+  });
+  it('should validate technical-requirements schema', async () => {
+    const data = await loadRegulationData();
+    expect(data.technicalRequirements._version).toBe('2.0');
+    expect(data.technicalRequirements.technical_requirements.length).toBeGreaterThan(0);
+    const first = data.technicalRequirements.technical_requirements[0];
+    expect(first?.obligation_id).toMatch(/^eu-ai-act-OBL-/);
+    expect(first?.feature_type).toBeDefined();
+  });
+  it('should validate regulation-meta schema', async () => {
+    const data = await loadRegulationData();
+    const meta = data.regulationMeta.stage_1_metadata;
+    expect(meta.regulation_id).toBe('eu-ai-act');
+    expect(meta.status).toBe('in-force');
+    expect(meta.extraterritorial).toBe(true);
+    expect(meta.risk_levels.length).toBeGreaterThan(0);
+    expect(data.regulationMeta.stage_2_role_mapping.roles.length).toBeGreaterThan(0);
+    expect(data.regulationMeta.stage_3_risk_classification.levels.length).toBeGreaterThan(0);
+  });
+  it('should validate applicability-tree schema', async () => {
+    const data = await loadRegulationData();
+    const tree = data.applicabilityTree.applicability_tree;
+    expect(tree.regulation_id).toBe('eu-ai-act');
+    expect(tree.root_question).toBe('Q1');
+    expect(tree.questions.length).toBeGreaterThan(0);
+  });
+  it('should validate timeline schema', async () => {
+    const data = await loadRegulationData();
+    const timeline = data.timeline.timeline;
+    expect(timeline.regulation_id).toBe('eu-ai-act');
+    expect(timeline.key_dates.length).toBeGreaterThan(0);
+    expect(timeline.expected_amendments.length).toBeGreaterThan(0);
+  });
+  it('should return cached data on second call', async () => {
+    const data1 = await loadRegulationData();
+    const data2 = await loadRegulationData();
+    expect(data1).toBe(data2);
+  });
+  it('should load within 500ms', async () => {
+    const start = performance.now();
+    await loadRegulationData();
+    const duration = performance.now() - start;
+    expect(duration).toBeLessThan(500);
+  });
+});