@complior/engine 0.9.0

package/src/data/security/eu-ai-act-security.ts

@@ -0,0 +1,40 @@
+/**
+ * EU AI Act Security Mappings — extracted from Promptfoo (MIT License).
+ * Data source: promptfoo/src/redteam/constants/frameworks.ts
+ *
+ * Art. 5 (Prohibited practices) + Annex III (High-risk use-cases).
+ * Zero runtime dependency on Promptfoo.
+ */
+
+import type { Severity } from '../../types/common.types.js';
+
+export interface EuAiActSecurityEntry {
+  readonly id: string;
+  readonly euId: string;
+  readonly name: string;
+  readonly description: string;
+  readonly category: 'art5-prohibited' | 'annex3-high-risk';
+  readonly severity: Severity;
+  readonly plugins: readonly string[];
+  readonly strategies: readonly string[];
+}
+
+export const EU_AI_ACT_SECURITY_ENTRIES: readonly EuAiActSecurityEntry[] = Object.freeze([
+  // Art. 5 — Prohibited practices
+  { id: 'EU-SEC-01', euId: 'eu:ai-act:art5:subliminal-manipulation', name: 'Subliminal Manipulation', description: 'Art. 5(1)(a) — tests for goal hijacking, intent manipulation, excessive agency, and misinformation.', category: 'art5-prohibited', severity: 'critical', plugins: ['hijacking', 'intent', 'excessive-agency', 'harmful:misinformation-disinformation'], strategies: ['jailbreak', 'jailbreak:tree', 'jailbreak:composite', 'jailbreak-templates'] },
+  { id: 'EU-SEC-02', euId: 'eu:ai-act:art5:exploitation-of-vulnerabilities', name: 'Exploitation of Vulnerabilities', description: 'Art. 5(1)(b) — targets age, disability, social/economic situation.', category: 'art5-prohibited', severity: 'critical', plugins: ['hijacking', 'imitation', 'harmful:misinformation-disinformation', 'bias:age', 'bias:disability'], strategies: ['jailbreak'] },
+  { id: 'EU-SEC-03', euId: 'eu:ai-act:art5:social-scoring', name: 'Social Scoring', description: 'Art. 5(1)(c) — discriminatory classification of persons.', category: 'art5-prohibited', severity: 'critical', plugins: ['harmful:misinformation-disinformation', 'overreliance', 'bias:age', 'bias:gender', 'bias:race', 'bias:disability'], strategies: [] },
+  { id: 'EU-SEC-04', euId: 'eu:ai-act:art5:biometric-categorisation', name: 'Biometric Categorisation', description: 'Art. 5(1)(g) — biometric categorisation by sensitive characteristics.', category: 'art5-prohibited', severity: 'critical', plugins: ['pii:direct', 'pii:session', 'harmful:privacy'], strategies: [] },
+  { id: 'EU-SEC-05', euId: 'eu:ai-act:art5:remote-biometric-id-live', name: 'Remote Biometric ID (Live)', description: 'Art. 5(1)(h) — real-time remote biometric identification.', category: 'art5-prohibited', severity: 'critical', plugins: ['pii:session', 'pii:direct', 'harmful:privacy'], strategies: [] },
+  { id: 'EU-SEC-06', euId: 'eu:ai-act:art5:remote-biometric-id-post', name: 'Remote Biometric ID (Post)', description: 'Art. 5(1)(h) — post remote biometric identification.', category: 'art5-prohibited', severity: 'critical', plugins: ['pii:api-db', 'pii:direct', 'harmful:privacy'], strategies: [] },
+
+  // Annex III — High-risk use-cases
+  { id: 'EU-SEC-07', euId: 'eu:ai-act:annex3:biometric-id', name: 'Biometric Identification', description: 'Annex III §1 — biometric identification and categorisation.', category: 'annex3-high-risk', severity: 'high', plugins: ['pii:direct', 'pii:session', 'harmful:privacy'], strategies: [] },
+  { id: 'EU-SEC-08', euId: 'eu:ai-act:annex3:critical-infrastructure', name: 'Critical Infrastructure', description: 'Annex III §2 — management of critical digital infrastructure.', category: 'annex3-high-risk', severity: 'critical', plugins: ['shell-injection', 'sql-injection', 'ssrf', 'excessive-agency'], strategies: ['jailbreak', 'jailbreak-templates'] },
+  { id: 'EU-SEC-09', euId: 'eu:ai-act:annex3:education', name: 'Education', description: 'Annex III §3 — access to education, learning outcomes.', category: 'annex3-high-risk', severity: 'high', plugins: ['harmful:misinformation-disinformation', 'hallucination', 'overreliance', 'bias:race', 'bias:gender', 'bias:disability'], strategies: [] },
+  { id: 'EU-SEC-10', euId: 'eu:ai-act:annex3:employment', name: 'Employment', description: 'Annex III §4 — recruitment, selection, promotion, termination.', category: 'annex3-high-risk', severity: 'high', plugins: ['imitation', 'pii:direct', 'overreliance', 'bias:gender', 'bias:race', 'bias:age', 'bias:disability'], strategies: [] },
+  { id: 'EU-SEC-11', euId: 'eu:ai-act:annex3:essential-services', name: 'Essential Services', description: 'Annex III §5 — creditworthiness, emergency dispatch, public services.', category: 'annex3-high-risk', severity: 'high', plugins: ['pii:direct', 'pii:session', 'excessive-agency', 'bias:race', 'bias:gender'], strategies: [] },
+  { id: 'EU-SEC-12', euId: 'eu:ai-act:annex3:law-enforcement', name: 'Law Enforcement', description: 'Annex III §6 — risk assessments, profiling, evidence evaluation.', category: 'annex3-high-risk', severity: 'high', plugins: ['pii:direct', 'pii:api-db', 'harmful:privacy', 'bias:race'], strategies: [] },
+  { id: 'EU-SEC-13', euId: 'eu:ai-act:annex3:migration-border', name: 'Migration & Border', description: 'Annex III §7 — verification, risk assessments, document authenticity.', category: 'annex3-high-risk', severity: 'high', plugins: ['pii:direct', 'harmful:hate', 'harmful:privacy', 'bias:race'], strategies: [] },
+  { id: 'EU-SEC-14', euId: 'eu:ai-act:annex3:justice-democracy', name: 'Justice & Democracy', description: 'Annex III §8 — interpreting facts/law, applying law to facts.', category: 'annex3-high-risk', severity: 'high', plugins: ['hallucination', 'harmful:misinformation-disinformation', 'pii:direct', 'bias:race', 'bias:gender'], strategies: [] },
+]);

package/src/data/security/index.ts

@@ -0,0 +1,19 @@
+/**
+ * Security data barrel — re-exports all security framework data.
+ * Data extracted from Promptfoo (MIT License), zero runtime dependency.
+ */
+
+export { OWASP_LLM_TOP_10, getOwaspCategory, getOwaspCategoryByOwaspId, getOwaspCategoriesForPlugin } from './owasp-llm-top10.js';
+export type { OwaspLlmCategory } from './owasp-llm-top10.js';
+
+export { MITRE_ATLAS_TACTICS, getMitreAtlasTactic, getMitreAtlasByMitreId } from './mitre-atlas.js';
+export type { MitreAtlasTactic } from './mitre-atlas.js';
+
+export { NIST_AI_RMF_SUBCATEGORIES } from './nist-ai-rmf.js';
+export type { NistAiRmfSubcategory } from './nist-ai-rmf.js';
+
+export { EU_AI_ACT_SECURITY_ENTRIES } from './eu-ai-act-security.js';
+export type { EuAiActSecurityEntry } from './eu-ai-act-security.js';
+
+export { ATTACK_PROBES, getProbesByCategory, getProbesByPlugin, getProbesBySeverity, probeCountByCategory } from './attack-probes.js';
+export type { AttackProbe } from './attack-probes.js';

package/src/data/security/mitre-atlas.test.ts

@@ -0,0 +1,43 @@
+import { describe, it, expect } from 'vitest';
+import { MITRE_ATLAS_TACTICS, getMitreAtlasTactic, getMitreAtlasByMitreId } from './mitre-atlas.js';
+
+describe('MITRE ATLAS data', () => {
+  it('has 6 tactics', () => {
+    expect(MITRE_ATLAS_TACTICS).toHaveLength(6);
+  });
+
+  it('has unique IDs', () => {
+    const ids = MITRE_ATLAS_TACTICS.map((t) => t.id);
+    expect(new Set(ids).size).toBe(6);
+  });
+
+  it('has unique mitreIds', () => {
+    const ids = MITRE_ATLAS_TACTICS.map((t) => t.mitreId);
+    expect(new Set(ids).size).toBe(6);
+  });
+
+  it('all tactics have valid severity', () => {
+    const validSeverities = ['critical', 'high', 'medium', 'low', 'info'];
+    for (const t of MITRE_ATLAS_TACTICS) {
+      expect(validSeverities).toContain(t.severity);
+    }
+  });
+
+  it('all tactics have plugins', () => {
+    for (const t of MITRE_ATLAS_TACTICS) {
+      expect(t.plugins.length).toBeGreaterThan(0);
+    }
+  });
+
+  it('getMitreAtlasTactic finds by ID', () => {
+    const t = getMitreAtlasTactic('AML.TA0003');
+    expect(t).toBeDefined();
+    expect(t!.name).toBe('Initial Access');
+  });
+
+  it('getMitreAtlasByMitreId finds by mitreId', () => {
+    const t = getMitreAtlasByMitreId('mitre:atlas:exfiltration');
+    expect(t).toBeDefined();
+    expect(t!.name).toBe('Exfiltration');
+  });
+});

package/src/data/security/mitre-atlas.ts

@@ -0,0 +1,93 @@
+/**
+ * MITRE ATLAS Tactics — extracted from Promptfoo (MIT License).
+ * Data source: promptfoo/src/redteam/constants/frameworks.ts
+ *
+ * Zero runtime dependency on Promptfoo. Static data only.
+ */
+
+import type { Severity } from '../../types/common.types.js';
+
+export interface MitreAtlasTactic {
+  readonly id: string;
+  readonly mitreId: string;
+  readonly name: string;
+  readonly tactic: string;
+  readonly description: string;
+  readonly severity: Severity;
+  readonly plugins: readonly string[];
+  readonly obligationIds: readonly string[];
+}
+
+/**
+ * MITRE ATLAS tactics with Promptfoo plugin mappings and EU AI Act obligation cross-references.
+ */
+export const MITRE_ATLAS_TACTICS: readonly MitreAtlasTactic[] = Object.freeze([
+  {
+    id: 'AML.TA0001',
+    mitreId: 'mitre:atlas:reconnaissance',
+    name: 'Reconnaissance',
+    tactic: 'reconnaissance',
+    description: 'Tests for enumeration of competitors, policy extraction, system prompt disclosure, and role-based access control bypass to gather intelligence about the target system.',
+    severity: 'medium',
+    plugins: ['competitors', 'policy', 'prompt-extraction', 'rbac'],
+    obligationIds: ['OBL-22'],
+  },
+  {
+    id: 'AML.TA0002',
+    mitreId: 'mitre:atlas:resource-development',
+    name: 'Resource Development',
+    tactic: 'resource-development',
+    description: 'Tests for cybercrime content, illegal drug information, and weapons-related content that could be used for attack resource development.',
+    severity: 'high',
+    plugins: ['harmful:cybercrime', 'harmful:illegal-drugs', 'harmful:indiscriminate-weapons'],
+    obligationIds: ['OBL-1', 'OBL-2', 'OBL-3'],
+  },
+  {
+    id: 'AML.TA0003',
+    mitreId: 'mitre:atlas:initial-access',
+    name: 'Initial Access',
+    tactic: 'initial-access',
+    description: 'Tests for debug interface exposure, cybercrime exploitation, command injection, SQL injection, and SSRF vulnerabilities as initial access vectors.',
+    severity: 'critical',
+    plugins: ['debug-access', 'harmful:cybercrime', 'shell-injection', 'sql-injection', 'ssrf'],
+    obligationIds: ['OBL-22', 'OBL-67'],
+  },
+  {
+    id: 'AML.TA0004',
+    mitreId: 'mitre:atlas:ml-attack-staging',
+    name: 'ML Attack Staging',
+    tactic: 'ml-attack-staging',
+    description: 'Tests for ASCII smuggling, excessive agency exploitation, hallucination induction, and indirect prompt injection for staging ML-specific attacks.',
+    severity: 'high',
+    plugins: ['ascii-smuggling', 'excessive-agency', 'hallucination', 'indirect-prompt-injection'],
+    obligationIds: ['OBL-22', 'OBL-23'],
+  },
+  {
+    id: 'AML.TA0005',
+    mitreId: 'mitre:atlas:exfiltration',
+    name: 'Exfiltration',
+    tactic: 'exfiltration',
+    description: 'Tests for data exfiltration via ASCII smuggling, privacy violations, indirect prompt injection, PII exposure through multiple vectors, and system prompt extraction.',
+    severity: 'critical',
+    plugins: ['ascii-smuggling', 'harmful:privacy', 'indirect-prompt-injection', 'pii:api-db', 'pii:direct', 'pii:session', 'pii:social', 'prompt-extraction'],
+    obligationIds: ['OBL-24', 'OBL-25', 'OBL-69'],
+  },
+  {
+    id: 'AML.TA0006',
+    mitreId: 'mitre:atlas:impact',
+    name: 'Impact',
+    tactic: 'impact',
+    description: 'Tests for excessive agency exploitation, malicious content generation, resource hijacking, and entity impersonation to measure potential impact of successful attacks.',
+    severity: 'high',
+    plugins: ['excessive-agency', 'harmful', 'hijacking', 'imitation'],
+    obligationIds: ['OBL-14', 'OBL-15'],
+  },
+]);
+
+/** Lookup a tactic by short ID (e.g. 'AML.TA0001'). */
+export const getMitreAtlasTactic = (id: string): MitreAtlasTactic | undefined =>
+  MITRE_ATLAS_TACTICS.find((t) => t.id === id);
+
+/** Lookup by mitreId (e.g. 'mitre:atlas:reconnaissance'). */
+export const getMitreAtlasByMitreId = (mitreId: string): MitreAtlasTactic | undefined =>
+  MITRE_ATLAS_TACTICS.find((t) => t.mitreId === mitreId);

package/src/data/security/nist-ai-rmf.ts

@@ -0,0 +1,43 @@
+/**
+ * NIST AI RMF (Risk Management Framework) — extracted from Promptfoo (MIT License).
+ * Data source: promptfoo/src/redteam/constants/frameworks.ts
+ *
+ * 21 subcategories under the MEASURE function.
+ * Zero runtime dependency on Promptfoo.
+ */
+
+import type { Severity } from '../../types/common.types.js';
+
+export interface NistAiRmfSubcategory {
+  readonly id: string;
+  readonly nistId: string;
+  readonly name: string;
+  readonly description: string;
+  readonly severity: Severity;
+  readonly plugins: readonly string[];
+  readonly strategies: readonly string[];
+}
+
+export const NIST_AI_RMF_SUBCATEGORIES: readonly NistAiRmfSubcategory[] = Object.freeze([
+  { id: 'MEASURE-1.1', nistId: 'nist:ai:measure:1.1', name: 'Appropriate methods & metrics', description: 'Tests excessive agency and misinformation handling.', severity: 'medium', plugins: ['excessive-agency', 'harmful:misinformation-disinformation'], strategies: ['jailbreak', 'jailbreak-templates'] },
+  { id: 'MEASURE-1.2', nistId: 'nist:ai:measure:1.2', name: 'Computational evaluation of AI system', description: 'Tests excessive agency and misinformation handling.', severity: 'medium', plugins: ['excessive-agency', 'harmful:misinformation-disinformation'], strategies: ['jailbreak', 'jailbreak-templates'] },
+  { id: 'MEASURE-2.1', nistId: 'nist:ai:measure:2.1', name: 'Privacy risk', description: 'Tests for PII exposure and privacy violations.', severity: 'high', plugins: ['harmful:privacy', 'pii:api-db', 'pii:direct', 'pii:session', 'pii:social'], strategies: [] },
+  { id: 'MEASURE-2.2', nistId: 'nist:ai:measure:2.2', name: 'Privacy values', description: 'Tests for PII exposure and privacy violations.', severity: 'high', plugins: ['harmful:privacy', 'pii:api-db', 'pii:direct', 'pii:session', 'pii:social'], strategies: [] },
+  { id: 'MEASURE-2.3', nistId: 'nist:ai:measure:2.3', name: 'AI system performance', description: 'Tests for excessive agency.', severity: 'medium', plugins: ['excessive-agency'], strategies: [] },
+  { id: 'MEASURE-2.4', nistId: 'nist:ai:measure:2.4', name: 'Bias, equity, and fairness', description: 'Tests excessive agency and misinformation handling.', severity: 'medium', plugins: ['excessive-agency', 'harmful:misinformation-disinformation'], strategies: ['jailbreak', 'jailbreak-templates'] },
+  { id: 'MEASURE-2.5', nistId: 'nist:ai:measure:2.5', name: 'AI system trustworthiness', description: 'Tests for excessive agency.', severity: 'medium', plugins: ['excessive-agency'], strategies: [] },
+  { id: 'MEASURE-2.6', nistId: 'nist:ai:measure:2.6', name: 'Safety measurement', description: 'Tests for WMD content, weapons, and unsafe practices.', severity: 'high', plugins: ['harmful:chemical-biological-weapons', 'harmful:indiscriminate-weapons', 'harmful:unsafe-practices'], strategies: [] },
+  { id: 'MEASURE-2.7', nistId: 'nist:ai:measure:2.7', name: 'Cybersecurity', description: 'Tests for cybercrime, command injection, and SQL injection.', severity: 'high', plugins: ['harmful:cybercrime', 'shell-injection', 'sql-injection'], strategies: ['jailbreak', 'jailbreak-templates'] },
+  { id: 'MEASURE-2.8', nistId: 'nist:ai:measure:2.8', name: 'Access control', description: 'Tests BFLA, BOLA, and RBAC implementations.', severity: 'high', plugins: ['bfla', 'bola', 'rbac'], strategies: [] },
+  { id: 'MEASURE-2.9', nistId: 'nist:ai:measure:2.9', name: 'Human oversight', description: 'Tests for excessive agency.', severity: 'medium', plugins: ['excessive-agency'], strategies: [] },
+  { id: 'MEASURE-2.10', nistId: 'nist:ai:measure:2.10', name: 'Privacy measurement', description: 'Tests for PII exposure and privacy violations.', severity: 'high', plugins: ['harmful:privacy', 'pii:api-db', 'pii:direct', 'pii:session', 'pii:social'], strategies: [] },
+  { id: 'MEASURE-2.11', nistId: 'nist:ai:measure:2.11', name: 'Fairness in AI', description: 'Tests for harassment, hate speech, and insults.', severity: 'medium', plugins: ['harmful:harassment-bullying', 'harmful:hate', 'harmful:insults'], strategies: [] },
+  { id: 'MEASURE-2.12', nistId: 'nist:ai:measure:2.12', name: 'Environmental impact', description: 'Environmental impact measurement (no automated tests).', severity: 'low', plugins: [], strategies: [] },
+  { id: 'MEASURE-2.13', nistId: 'nist:ai:measure:2.13', name: 'Explainability', description: 'Tests for excessive agency.', severity: 'medium', plugins: ['excessive-agency'], strategies: [] },
+  { id: 'MEASURE-3.1', nistId: 'nist:ai:measure:3.1', name: 'Risk monitoring', description: 'Tests excessive agency and misinformation handling.', severity: 'medium', plugins: ['excessive-agency', 'harmful:misinformation-disinformation'], strategies: ['jailbreak', 'jailbreak-templates'] },
+  { id: 'MEASURE-3.2', nistId: 'nist:ai:measure:3.2', name: 'Stakeholder feedback', description: 'Tests for excessive agency.', severity: 'low', plugins: ['excessive-agency'], strategies: [] },
+  { id: 'MEASURE-3.3', nistId: 'nist:ai:measure:3.3', name: 'Risk documentation', description: 'Tests for excessive agency.', severity: 'low', plugins: ['excessive-agency'], strategies: [] },
+  { id: 'MEASURE-4.1', nistId: 'nist:ai:measure:4.1', name: 'Post-deployment monitoring', description: 'Tests for excessive agency.', severity: 'medium', plugins: ['excessive-agency'], strategies: [] },
+  { id: 'MEASURE-4.2', nistId: 'nist:ai:measure:4.2', name: 'Deployment assessment', description: 'Tests excessive agency and misinformation handling.', severity: 'medium', plugins: ['excessive-agency', 'harmful:misinformation-disinformation'], strategies: [] },
+  { id: 'MEASURE-4.3', nistId: 'nist:ai:measure:4.3', name: 'Impact assessment', description: 'Tests for excessive agency.', severity: 'medium', plugins: ['excessive-agency'], strategies: [] },
+]);

package/src/data/security/owasp-llm-top10.test.ts

@@ -0,0 +1,60 @@
+import { describe, it, expect } from 'vitest';
+import { OWASP_LLM_TOP_10, getOwaspCategory, getOwaspCategoryByOwaspId, getOwaspCategoriesForPlugin } from './owasp-llm-top10.js';
+
+describe('OWASP LLM Top 10 data', () => {
+  it('has exactly 10 categories', () => {
+    expect(OWASP_LLM_TOP_10).toHaveLength(10);
+  });
+
+  it('has unique IDs', () => {
+    const ids = OWASP_LLM_TOP_10.map((c) => c.id);
+    expect(new Set(ids).size).toBe(10);
+  });
+
+  it('has unique owaspIds', () => {
+    const ids = OWASP_LLM_TOP_10.map((c) => c.owaspId);
+    expect(new Set(ids).size).toBe(10);
+  });
+
+  it('IDs follow LLM01-LLM10 pattern', () => {
+    for (let i = 0; i < 10; i++) {
+      expect(OWASP_LLM_TOP_10[i]!.id).toBe(`LLM${String(i + 1).padStart(2, '0')}`);
+    }
+  });
+
+  it('all categories have valid severity', () => {
+    const validSeverities = ['critical', 'high', 'medium', 'low', 'info'];
+    for (const cat of OWASP_LLM_TOP_10) {
+      expect(validSeverities).toContain(cat.severity);
+    }
+  });
+
+  it('all categories have names and descriptions', () => {
+    for (const cat of OWASP_LLM_TOP_10) {
+      expect(cat.name.length).toBeGreaterThan(0);
+      expect(cat.description.length).toBeGreaterThan(0);
+    }
+  });
+
+  it('getOwaspCategory finds by ID', () => {
+    const cat = getOwaspCategory('LLM01');
+    expect(cat).toBeDefined();
+    expect(cat!.name).toBe('Prompt Injection');
+  });
+
+  it('getOwaspCategoryByOwaspId finds by owasp ID', () => {
+    const cat = getOwaspCategoryByOwaspId('owasp:llm:06');
+    expect(cat).toBeDefined();
+    expect(cat!.name).toBe('Excessive Agency');
+  });
+
+  it('getOwaspCategoriesForPlugin maps plugin to categories', () => {
+    const cats = getOwaspCategoriesForPlugin('prompt-extraction');
+    expect(cats.length).toBeGreaterThanOrEqual(1);
+    expect(cats.some((c) => c.id === 'LLM01')).toBe(true);
+  });
+
+  it('returns empty for unknown plugin', () => {
+    expect(getOwaspCategoriesForPlugin('nonexistent-plugin')).toHaveLength(0);
+  });
+});

package/src/data/security/owasp-llm-top10.ts

@@ -0,0 +1,138 @@
+/**
+ * OWASP LLM Top 10 (2025) — extracted from Promptfoo (MIT License).
+ * Data source: promptfoo/src/redteam/constants/frameworks.ts + metadata.ts
+ *
+ * Zero runtime dependency on Promptfoo. Static data only.
+ */
+
+import type { Severity } from '../../types/common.types.js';
+
+export interface OwaspLlmCategory {
+  readonly id: string;
+  readonly owaspId: string;
+  readonly name: string;
+  readonly description: string;
+  readonly severity: Severity;
+  readonly plugins: readonly string[];
+  readonly strategies: readonly string[];
+  readonly obligationIds: readonly string[];
+}
+
+/**
+ * OWASP LLM Top 10 categories with Promptfoo plugin mappings,
+ * severity ratings, and EU AI Act obligation cross-references.
+ */
+export const OWASP_LLM_TOP_10: readonly OwaspLlmCategory[] = Object.freeze([
+  {
+    id: 'LLM01',
+    owaspId: 'owasp:llm:01',
+    name: 'Prompt Injection',
+    description: 'Tests vulnerability to Unicode tag-based instruction smuggling, indirect prompt injection, system prompt extraction, and harmful content generation via prompt manipulation.',
+    severity: 'critical',
+    plugins: ['ascii-smuggling', 'indirect-prompt-injection', 'prompt-extraction', 'harmful'],
+    strategies: ['jailbreak', 'jailbreak-templates', 'jailbreak:composite'],
+    obligationIds: ['OBL-22', 'OBL-23', 'OBL-67'],
+  },
+  {
+    id: 'LLM02',
+    owaspId: 'owasp:llm:02',
+    name: 'Sensitive Information Disclosure',
+    description: 'Tests for PII exposure via API/database, direct exposure, session data leaks, social engineering vectors, privacy violations, cross-session data leakage, and system prompt disclosure.',
+    severity: 'high',
+    plugins: ['pii:api-db', 'pii:direct', 'pii:session', 'pii:social', 'harmful:privacy', 'cross-session-leak', 'prompt-extraction'],
+    strategies: ['jailbreak', 'jailbreak-templates', 'jailbreak:composite'],
+    obligationIds: ['OBL-24', 'OBL-25', 'OBL-69'],
+  },
+  {
+    id: 'LLM03',
+    owaspId: 'owasp:llm:03',
+    name: 'Supply Chain',
+    description: 'Tests for supply chain vulnerabilities in AI model dependencies, training data, and third-party integrations.',
+    severity: 'high',
+    plugins: [],
+    strategies: [],
+    obligationIds: ['OBL-41', 'OBL-42'],
+  },
+  {
+    id: 'LLM04',
+    owaspId: 'owasp:llm:04',
+    name: 'Data and Model Poisoning',
+    description: 'Tests for misinformation/disinformation handling, hate speech, bias across age/disability/gender/race dimensions, radicalization content, and unauthorized professional advice.',
+    severity: 'high',
+    plugins: ['harmful:misinformation-disinformation', 'harmful:hate', 'bias:age', 'bias:disability', 'bias:gender', 'bias:race', 'harmful:radicalization', 'harmful:specialized-advice'],
+    strategies: ['jailbreak', 'jailbreak-templates', 'jailbreak:composite'],
+    obligationIds: ['OBL-10', 'OBL-11', 'OBL-61'],
+  },
+  {
+    id: 'LLM05',
+    owaspId: 'owasp:llm:05',
+    name: 'Improper Output Handling',
+    description: 'Tests for command injection, SQL injection, SSRF, and debug interface exposure vulnerabilities in LLM output processing.',
+    severity: 'high',
+    plugins: ['shell-injection', 'sql-injection', 'ssrf', 'debug-access'],
+    strategies: ['jailbreak', 'jailbreak-templates'],
+    obligationIds: ['OBL-22', 'OBL-67'],
+  },
+  {
+    id: 'LLM06',
+    owaspId: 'owasp:llm:06',
+    name: 'Excessive Agency',
+    description: 'Tests for unauthorized actions beyond system boundaries, role-based access control failures, broken function/object-level authorization, and injection attacks enabling privilege escalation.',
+    severity: 'critical',
+    plugins: ['excessive-agency', 'rbac', 'bfla', 'bola', 'shell-injection', 'sql-injection', 'ssrf'],
+    strategies: ['jailbreak', 'jailbreak-templates', 'jailbreak:composite'],
+    obligationIds: ['OBL-14', 'OBL-15', 'OBL-64'],
+  },
+  {
+    id: 'LLM07',
+    owaspId: 'owasp:llm:07',
+    name: 'System Prompt Leakage',
+    description: 'Tests for system prompt disclosure, role-based access bypass, privacy violations, and PII exposure through various attack vectors targeting system configuration.',
+    severity: 'medium',
+    plugins: ['prompt-extraction', 'rbac', 'harmful:privacy', 'pii:api-db', 'pii:direct', 'pii:session', 'pii:social'],
+    strategies: ['jailbreak', 'jailbreak-templates', 'jailbreak:composite'],
+    obligationIds: ['OBL-22', 'OBL-24'],
+  },
+  {
+    id: 'LLM08',
+    owaspId: 'owasp:llm:08',
+    name: 'Vector and Embedding Weaknesses',
+    description: 'Tests for cross-session data leakage, privacy violations, and PII exposure through vector database and embedding system vulnerabilities.',
+    severity: 'medium',
+    plugins: ['cross-session-leak', 'harmful:privacy', 'pii:api-db', 'pii:direct', 'pii:session', 'pii:social'],
+    strategies: ['jailbreak', 'jailbreak-templates', 'jailbreak:composite'],
+    obligationIds: ['OBL-24', 'OBL-25'],
+  },
+  {
+    id: 'LLM09',
+    owaspId: 'owasp:llm:09',
+    name: 'Misinformation',
+    description: 'Tests for hallucination, overreliance on model assumptions, misinformation/disinformation campaigns, and unauthorized professional advice generation.',
+    severity: 'medium',
+    plugins: ['hallucination', 'overreliance', 'harmful:misinformation-disinformation', 'harmful:specialized-advice'],
+    strategies: ['jailbreak', 'jailbreak-templates', 'jailbreak:composite'],
+    obligationIds: ['OBL-13', 'OBL-62'],
+  },
+  {
+    id: 'LLM10',
+    owaspId: 'owasp:llm:10',
+    name: 'Unbounded Consumption',
+    description: 'Tests for training data leaks through repetitive pattern exploitation and computational resource exhaustion through excessive reasoning patterns.',
+    severity: 'low',
+    plugins: ['divergent-repetition', 'reasoning-dos'],
+    strategies: [],
+    obligationIds: ['OBL-67'],
+  },
+]);
+
+/** Lookup a category by its short ID (e.g. 'LLM01'). */
+export const getOwaspCategory = (id: string): OwaspLlmCategory | undefined =>
+  OWASP_LLM_TOP_10.find((c) => c.id === id);
+
+/** Lookup a category by its owaspId (e.g. 'owasp:llm:01'). */
+export const getOwaspCategoryByOwaspId = (owaspId: string): OwaspLlmCategory | undefined =>
+  OWASP_LLM_TOP_10.find((c) => c.owaspId === owaspId);
+
+/** Map a Promptfoo plugin name to the OWASP category(ies) it belongs to. */
+export const getOwaspCategoriesForPlugin = (pluginId: string): readonly OwaspLlmCategory[] =>
+  OWASP_LLM_TOP_10.filter((c) => c.plugins.includes(pluginId));

package/src/data/template-registry.ts

@@ -0,0 +1,53 @@
+/**
+ * Single source of truth for EU AI Act document templates.
+ * All template mappings (fixer, document-generator, passport-service)
+ * MUST derive from this registry to prevent duplication.
+ */
+
+export interface TemplateRegistryEntry {
+  readonly docType: string;
+  readonly obligationId: string;
+  readonly article: string;
+  readonly templateFile: string;
+  readonly outputFile: string;
+  readonly description: string;
+  readonly docIdPrefix: string;
+}
+
+export const TEMPLATE_REGISTRY: readonly TemplateRegistryEntry[] = [
+  { docType: 'ai-literacy', obligationId: 'eu-ai-act-OBL-001', article: 'Art. 4', templateFile: 'ai-literacy.md', outputFile: 'docs/compliance/ai-literacy-policy.md', description: 'AI Literacy Policy', docIdPrefix: 'ALP' },
+  { docType: 'art5-screening', obligationId: 'eu-ai-act-OBL-002', article: 'Art. 5', templateFile: 'art5-screening.md', outputFile: 'docs/compliance/art5-screening-report.md', description: 'Article 5 Screening Report', docIdPrefix: 'ART5' },
+  { docType: 'technical-documentation', obligationId: 'eu-ai-act-OBL-005', article: 'Art. 11', templateFile: 'technical-documentation.md', outputFile: 'docs/compliance/technical-documentation.md', description: 'Technical Documentation', docIdPrefix: 'TDD' },
+  { docType: 'incident-report', obligationId: 'eu-ai-act-OBL-021', article: 'Art. 73', templateFile: 'incident-report.md', outputFile: 'docs/compliance/incident-report.md', description: 'Serious Incident Report', docIdPrefix: 'INC' },
+  { docType: 'declaration-of-conformity', obligationId: 'eu-ai-act-OBL-019', article: 'Art. 47', templateFile: 'declaration-of-conformity.md', outputFile: 'docs/compliance/declaration-of-conformity.md', description: 'Declaration of Conformity', docIdPrefix: 'DOC' },
+  { docType: 'monitoring-policy', obligationId: 'eu-ai-act-OBL-011', article: 'Art. 26', templateFile: 'monitoring-policy.md', outputFile: 'docs/compliance/monitoring-policy.md', description: 'Post-Market Monitoring Policy', docIdPrefix: 'MON' },
+  { docType: 'fria', obligationId: 'eu-ai-act-OBL-013', article: 'Art. 27', templateFile: 'fria.md', outputFile: 'docs/compliance/fria.md', description: 'Fundamental Rights Impact Assessment', docIdPrefix: 'FRIA' },
+  { docType: 'worker-notification', obligationId: 'eu-ai-act-OBL-012', article: 'Art. 26(7)', templateFile: 'worker-notification.md', outputFile: 'docs/compliance/worker-notification.md', description: 'Worker Notification', docIdPrefix: 'WRK' },
+  { docType: 'risk-management', obligationId: 'eu-ai-act-OBL-003', article: 'Art. 9', templateFile: 'risk-management-system.md', outputFile: 'docs/compliance/risk-management-system.md', description: 'Risk Management System', docIdPrefix: 'RMS' },
+  { docType: 'data-governance', obligationId: 'eu-ai-act-OBL-004', article: 'Art. 10', templateFile: 'data-governance.md', outputFile: 'docs/compliance/data-governance.md', description: 'Data Governance Policy', docIdPrefix: 'DGP' },
+  { docType: 'qms', obligationId: 'eu-ai-act-OBL-010', article: 'Art. 17', templateFile: 'qms.md', outputFile: 'docs/compliance/qms.md', description: 'Quality Management System', docIdPrefix: 'QMS' },
+  { docType: 'instructions-for-use', obligationId: 'eu-ai-act-OBL-007', article: 'Art. 13', templateFile: 'instructions-for-use.md', outputFile: 'docs/compliance/instructions-for-use.md', description: 'Instructions for Use', docIdPrefix: 'IFU' },
+  { docType: 'gpai-transparency', obligationId: 'eu-ai-act-OBL-022', article: 'Art. 53', templateFile: 'gpai-transparency.md', outputFile: 'docs/compliance/gpai-transparency.md', description: 'GPAI Transparency Documentation', docIdPrefix: 'GPAI' },
+  { docType: 'gpai-systemic-risk', obligationId: 'eu-ai-act-OBL-023', article: 'Art. 55', templateFile: 'gpai-systemic-risk.md', outputFile: 'docs/compliance/gpai-systemic-risk.md', description: 'GPAI Systemic Risk Assessment', docIdPrefix: 'GSR' },
+] as const;
+
+/** Derive DocType union from registry. */
+export type DocType = (typeof TEMPLATE_REGISTRY)[number]['docType'];
+
+/** All doc types as array (for iteration). */
+export const ALL_DOC_TYPES: readonly DocType[] = TEMPLATE_REGISTRY.map((e) => e.docType);
+
+/** docType → templateFile mapping (for document-generator). */
+export const TEMPLATE_FILE_MAP: Record<string, string> = Object.fromEntries(
+  TEMPLATE_REGISTRY.map((e) => [e.docType, e.templateFile]),
+);
+
+/** docType → docIdPrefix mapping (for document-generator). */
+export const DOC_ID_PREFIX_MAP: Record<string, string> = Object.fromEntries(
+  TEMPLATE_REGISTRY.map((e) => [e.docType, e.docIdPrefix]),
+);
+
+/** docType → docId pattern mapping (for document-generator). */
+export const DOC_ID_PATTERN_MAP: Record<string, string> = Object.fromEntries(
+  TEMPLATE_REGISTRY.map((e) => [e.docType, `${e.docIdPrefix}-[YYYY]-[NNN]`]),
+);

package/src/data/tool-versions.json

@@ -0,0 +1,22 @@
+{
+  "semgrep": {
+    "package": "semgrep",
+    "version": "1.67.0",
+    "description": "Lightweight static analysis for many languages"
+  },
+  "bandit": {
+    "package": "bandit",
+    "version": "1.7.8",
+    "description": "Python security linter (AST-based)"
+  },
+  "modelscan": {
+    "package": "modelscan",
+    "version": "0.8.1",
+    "description": "Scan ML models for unsafe operations"
+  },
+  "detect-secrets": {
+    "package": "detect-secrets",
+    "version": "1.4.0",
+    "description": "Detect secrets and credentials in code"
+  }
+}