@complior/engine 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.well-known/ai-compliance.json +16 -0
- package/COMPLIANCE.md +64 -0
- package/data/data-integrity.test.ts +75 -0
- package/data/eval/eval-mappings.json +33 -0
- package/data/llm/model-pricing.json +15 -0
- package/data/llm/model-routing.json +36 -0
- package/data/onboarding/risk-profile.json +17 -0
- package/data/regulations/eu-ai-act/README.md +245 -0
- package/data/regulations/eu-ai-act/applicability-tree.json +160 -0
- package/data/regulations/eu-ai-act/cross-mapping.json +175 -0
- package/data/regulations/eu-ai-act/localization.json +186 -0
- package/data/regulations/eu-ai-act/obligations.json +3981 -0
- package/data/regulations/eu-ai-act/regulation-meta.json +482 -0
- package/data/regulations/eu-ai-act/scoring.json +342 -0
- package/data/regulations/eu-ai-act/technical-requirements.json +2590 -0
- package/data/regulations/eu-ai-act/timeline.json +160 -0
- package/data/regulations/jurisdictions/at.json +15 -0
- package/data/regulations/jurisdictions/be.json +15 -0
- package/data/regulations/jurisdictions/bg.json +15 -0
- package/data/regulations/jurisdictions/cy.json +15 -0
- package/data/regulations/jurisdictions/cz.json +15 -0
- package/data/regulations/jurisdictions/de.json +15 -0
- package/data/regulations/jurisdictions/dk.json +15 -0
- package/data/regulations/jurisdictions/ee.json +15 -0
- package/data/regulations/jurisdictions/es.json +15 -0
- package/data/regulations/jurisdictions/fi.json +15 -0
- package/data/regulations/jurisdictions/fr.json +15 -0
- package/data/regulations/jurisdictions/gr.json +15 -0
- package/data/regulations/jurisdictions/hr.json +15 -0
- package/data/regulations/jurisdictions/hu.json +15 -0
- package/data/regulations/jurisdictions/ie.json +15 -0
- package/data/regulations/jurisdictions/is.json +15 -0
- package/data/regulations/jurisdictions/it.json +15 -0
- package/data/regulations/jurisdictions/li.json +15 -0
- package/data/regulations/jurisdictions/lt.json +15 -0
- package/data/regulations/jurisdictions/lu.json +15 -0
- package/data/regulations/jurisdictions/lv.json +15 -0
- package/data/regulations/jurisdictions/mt.json +15 -0
- package/data/regulations/jurisdictions/nl.json +15 -0
- package/data/regulations/jurisdictions/no.json +15 -0
- package/data/regulations/jurisdictions/pl.json +15 -0
- package/data/regulations/jurisdictions/pt.json +15 -0
- package/data/regulations/jurisdictions/ro.json +15 -0
- package/data/regulations/jurisdictions/se.json +15 -0
- package/data/regulations/jurisdictions/si.json +15 -0
- package/data/regulations/jurisdictions/sk.json +15 -0
- package/data/scanner/check-id-categories.json +81 -0
- package/data/scanner/confidence-params.json +16 -0
- package/data/scanner/limits.json +4 -0
- package/data/schemas/http-contract-sample.json +79 -0
- package/data/schemas/http-contract.json +144 -0
- package/data/semgrep-rules/bare-call.yaml +37 -0
- package/data/semgrep-rules/injection.yaml +73 -0
- package/data/semgrep-rules/missing-error-handling.yaml +58 -0
- package/data/semgrep-rules/unsafe-deser.yaml +65 -0
- package/data/templates/eu-ai-act/ai-literacy.md +184 -0
- package/data/templates/eu-ai-act/art5-screening.md +131 -0
- package/data/templates/eu-ai-act/data-governance.md +145 -0
- package/data/templates/eu-ai-act/declaration-of-conformity.md +161 -0
- package/data/templates/eu-ai-act/fria.md +127 -0
- package/data/templates/eu-ai-act/gpai-systemic-risk.md +150 -0
- package/data/templates/eu-ai-act/gpai-transparency.md +166 -0
- package/data/templates/eu-ai-act/incident-report.md +188 -0
- package/data/templates/eu-ai-act/instructions-for-use.md +202 -0
- package/data/templates/eu-ai-act/monitoring-policy.md +110 -0
- package/data/templates/eu-ai-act/qms.md +180 -0
- package/data/templates/eu-ai-act/risk-management-system.md +123 -0
- package/data/templates/eu-ai-act/technical-documentation.md +287 -0
- package/data/templates/eu-ai-act/worker-notification.md +143 -0
- package/data/templates/policies/biometrics-ai-policy.md +214 -0
- package/data/templates/policies/critical-infra-ai-policy.md +228 -0
- package/data/templates/policies/education-ai-policy.md +184 -0
- package/data/templates/policies/finance-ai-policy.md +191 -0
- package/data/templates/policies/healthcare-ai-policy.md +197 -0
- package/data/templates/policies/hr-ai-policy.md +178 -0
- package/data/templates/policies/legal-ai-policy.md +189 -0
- package/data/templates/policies/migration-ai-policy.md +239 -0
- package/engine.log +7 -0
- package/package.json +74 -0
- package/src/composition-root.ts +791 -0
- package/src/data/eval/conformity-tests.test.ts +122 -0
- package/src/data/eval/ct-1-transparency.ts +106 -0
- package/src/data/eval/ct-10-gpai.ts +25 -0
- package/src/data/eval/ct-11-industry.ts +42 -0
- package/src/data/eval/ct-2-oversight.ts +41 -0
- package/src/data/eval/ct-3-explanation.ts +14 -0
- package/src/data/eval/ct-4-bias.ts +83 -0
- package/src/data/eval/ct-5-accuracy.ts +41 -0
- package/src/data/eval/ct-6-robustness.ts +81 -0
- package/src/data/eval/ct-7-prohibited.ts +52 -0
- package/src/data/eval/ct-8-logging.ts +68 -0
- package/src/data/eval/ct-9-risk-awareness.ts +33 -0
- package/src/data/eval/deterministic-evaluator.ts +120 -0
- package/src/data/eval/index.ts +55 -0
- package/src/data/eval/judge-prompts.ts +146 -0
- package/src/data/eval/llm-judged-tests.ts +279 -0
- package/src/data/eval/llm-tests.test.ts +83 -0
- package/src/data/eval/remediation/ct-1-transparency.ts +91 -0
- package/src/data/eval/remediation/ct-10-gpai.ts +94 -0
- package/src/data/eval/remediation/ct-11-industry.ts +94 -0
- package/src/data/eval/remediation/ct-2-oversight.ts +71 -0
- package/src/data/eval/remediation/ct-3-explanation.ts +70 -0
- package/src/data/eval/remediation/ct-4-bias.ts +70 -0
- package/src/data/eval/remediation/ct-5-accuracy.ts +70 -0
- package/src/data/eval/remediation/ct-6-robustness.ts +70 -0
- package/src/data/eval/remediation/ct-7-prohibited.ts +94 -0
- package/src/data/eval/remediation/ct-8-logging.ts +94 -0
- package/src/data/eval/remediation/ct-9-risk-awareness.ts +94 -0
- package/src/data/eval/remediation/index.ts +89 -0
- package/src/data/eval/remediation/owasp-art5.ts +15 -0
- package/src/data/eval/remediation/owasp-llm01.ts +72 -0
- package/src/data/eval/remediation/owasp-llm02.ts +72 -0
- package/src/data/eval/remediation/owasp-llm03.ts +15 -0
- package/src/data/eval/remediation/owasp-llm04.ts +15 -0
- package/src/data/eval/remediation/owasp-llm05.ts +15 -0
- package/src/data/eval/remediation/owasp-llm06.ts +15 -0
- package/src/data/eval/remediation/owasp-llm07.ts +15 -0
- package/src/data/eval/remediation/owasp-llm08.ts +15 -0
- package/src/data/eval/remediation/owasp-llm09.ts +15 -0
- package/src/data/eval/remediation/owasp-llm10.ts +15 -0
- package/src/data/eval/remediation/remediation.test.ts +229 -0
- package/src/data/eval/remediation/test-mapping.ts +290 -0
- package/src/data/eval/security-rubrics.ts +381 -0
- package/src/data/finding-explanations.json +453 -0
- package/src/data/industry-patterns.ts +161 -0
- package/src/data/registry-cards.ts +368 -0
- package/src/data/regulation/index.ts +5 -0
- package/src/data/regulation/jurisdiction-data.test.ts +73 -0
- package/src/data/regulation/jurisdiction-data.ts +65 -0
- package/src/data/regulation/regulation-data.ts +19 -0
- package/src/data/regulation/regulation-loader.test.ts +107 -0
- package/src/data/regulation/regulation-loader.ts +56 -0
- package/src/data/scanner-constants.ts +46 -0
- package/src/data/schemas/schemas-core.ts +140 -0
- package/src/data/schemas/schemas-supplementary.ts +211 -0
- package/src/data/schemas/schemas.ts +28 -0
- package/src/data/security/attack-probes.test.ts +62 -0
- package/src/data/security/attack-probes.ts +496 -0
- package/src/data/security/eu-ai-act-security.ts +40 -0
- package/src/data/security/index.ts +19 -0
- package/src/data/security/mitre-atlas.test.ts +43 -0
- package/src/data/security/mitre-atlas.ts +93 -0
- package/src/data/security/nist-ai-rmf.ts +43 -0
- package/src/data/security/owasp-llm-top10.test.ts +60 -0
- package/src/data/security/owasp-llm-top10.ts +138 -0
- package/src/data/template-registry.ts +53 -0
- package/src/data/tool-versions.json +22 -0
- package/src/domain/audit/audit-package.test.ts +152 -0
- package/src/domain/audit/audit-package.ts +166 -0
- package/src/domain/audit/audit-trail.test.ts +121 -0
- package/src/domain/audit/audit-trail.ts +174 -0
- package/src/domain/audit/index.ts +8 -0
- package/src/domain/audit/permissions-matrix.test.ts +136 -0
- package/src/domain/audit/permissions-matrix.ts +121 -0
- package/src/domain/certification/adversarial/bias-tests.ts +95 -0
- package/src/domain/certification/adversarial/evaluators.ts +304 -0
- package/src/domain/certification/adversarial/index.ts +11 -0
- package/src/domain/certification/adversarial/prompt-injection.ts +103 -0
- package/src/domain/certification/adversarial/safety-boundary.ts +132 -0
- package/src/domain/certification/aiuc1-readiness.test.ts +236 -0
- package/src/domain/certification/aiuc1-readiness.ts +298 -0
- package/src/domain/certification/aiuc1-requirements.ts +235 -0
- package/src/domain/certification/index.ts +10 -0
- package/src/domain/certification/redteam-runner.test.ts +97 -0
- package/src/domain/certification/redteam-runner.ts +205 -0
- package/src/domain/certification/test-runner.test.ts +232 -0
- package/src/domain/certification/test-runner.ts +289 -0
- package/src/domain/cost/cost-estimator.test.ts +187 -0
- package/src/domain/cost/cost-estimator.ts +133 -0
- package/src/domain/disclaimer.test.ts +52 -0
- package/src/domain/disclaimer.ts +39 -0
- package/src/domain/documents/ai-enricher.test.ts +120 -0
- package/src/domain/documents/ai-enricher.ts +159 -0
- package/src/domain/documents/document-generator.test.ts +318 -0
- package/src/domain/documents/document-generator.ts +239 -0
- package/src/domain/documents/index.ts +9 -0
- package/src/domain/documents/passport-helpers.ts +25 -0
- package/src/domain/documents/policy-generator.test.ts +252 -0
- package/src/domain/documents/policy-generator.ts +94 -0
- package/src/domain/documents/worker-notification-generator.test.ts +162 -0
- package/src/domain/documents/worker-notification-generator.ts +141 -0
- package/src/domain/eval/adapters/adapter-port.ts +94 -0
- package/src/domain/eval/adapters/adapters.test.ts +303 -0
- package/src/domain/eval/adapters/anthropic-adapter.ts +57 -0
- package/src/domain/eval/adapters/auto-detect.ts +104 -0
- package/src/domain/eval/adapters/create-chat-adapter.ts +106 -0
- package/src/domain/eval/adapters/custom-adapter.ts +74 -0
- package/src/domain/eval/adapters/http-adapter.ts +66 -0
- package/src/domain/eval/adapters/index.ts +7 -0
- package/src/domain/eval/adapters/ollama-adapter.ts +48 -0
- package/src/domain/eval/adapters/openai-adapter.ts +58 -0
- package/src/domain/eval/adapters/with-timeout.ts +25 -0
- package/src/domain/eval/conformity-score.test.ts +161 -0
- package/src/domain/eval/conformity-score.ts +135 -0
- package/src/domain/eval/eval-constants.ts +55 -0
- package/src/domain/eval/eval-evidence.test.ts +85 -0
- package/src/domain/eval/eval-evidence.ts +103 -0
- package/src/domain/eval/eval-fix-generator.test.ts +421 -0
- package/src/domain/eval/eval-fix-generator.ts +205 -0
- package/src/domain/eval/eval-passport.test.ts +82 -0
- package/src/domain/eval/eval-passport.ts +89 -0
- package/src/domain/eval/eval-remediation-report.test.ts +682 -0
- package/src/domain/eval/eval-remediation-report.ts +170 -0
- package/src/domain/eval/eval-report.ts +108 -0
- package/src/domain/eval/eval-runner.test.ts +609 -0
- package/src/domain/eval/eval-runner.ts +593 -0
- package/src/domain/eval/eval-to-findings.test.ts +293 -0
- package/src/domain/eval/eval-to-findings.ts +83 -0
- package/src/domain/eval/index.ts +31 -0
- package/src/domain/eval/llm-judge.test.ts +139 -0
- package/src/domain/eval/llm-judge.ts +168 -0
- package/src/domain/eval/remediation-types.ts +90 -0
- package/src/domain/eval/security-integration.test.ts +196 -0
- package/src/domain/eval/security-integration.ts +136 -0
- package/src/domain/eval/types.test.ts +173 -0
- package/src/domain/eval/types.ts +244 -0
- package/src/domain/eval/verdict-utils.ts +45 -0
- package/src/domain/fixer/create-fixer.ts +101 -0
- package/src/domain/fixer/diff.ts +70 -0
- package/src/domain/fixer/fix-history.ts +23 -0
- package/src/domain/fixer/fixer.test.ts +306 -0
- package/src/domain/fixer/index.ts +9 -0
- package/src/domain/fixer/strategies/bandit-fix.ts +61 -0
- package/src/domain/fixer/strategies/bias-testing.ts +49 -0
- package/src/domain/fixer/strategies/ci-compliance.ts +57 -0
- package/src/domain/fixer/strategies/content-marking.ts +45 -0
- package/src/domain/fixer/strategies/cve-upgrade.ts +66 -0
- package/src/domain/fixer/strategies/data-governance.ts +65 -0
- package/src/domain/fixer/strategies/disclosure.ts +69 -0
- package/src/domain/fixer/strategies/doc-code-sync.ts +53 -0
- package/src/domain/fixer/strategies/documentation.ts +59 -0
- package/src/domain/fixer/strategies/error-handler.ts +63 -0
- package/src/domain/fixer/strategies/hitl-gate.ts +67 -0
- package/src/domain/fixer/strategies/index.ts +61 -0
- package/src/domain/fixer/strategies/kill-switch-test.ts +85 -0
- package/src/domain/fixer/strategies/kill-switch.ts +53 -0
- package/src/domain/fixer/strategies/license-fix.ts +57 -0
- package/src/domain/fixer/strategies/log-retention.ts +40 -0
- package/src/domain/fixer/strategies/logging.ts +59 -0
- package/src/domain/fixer/strategies/metadata.ts +45 -0
- package/src/domain/fixer/strategies/permission-guard.ts +84 -0
- package/src/domain/fixer/strategies/record-keeping.ts +69 -0
- package/src/domain/fixer/strategies/secret-rotation.ts +52 -0
- package/src/domain/fixer/strategies.test.ts +341 -0
- package/src/domain/fixer/template-engine.test.ts +64 -0
- package/src/domain/fixer/template-engine.ts +38 -0
- package/src/domain/fixer/types.ts +88 -0
- package/src/domain/frameworks/aiuc1-framework.test.ts +159 -0
- package/src/domain/frameworks/aiuc1-framework.ts +126 -0
- package/src/domain/frameworks/collect-foundation-metrics.test.ts +96 -0
- package/src/domain/frameworks/collect-foundation-metrics.ts +34 -0
- package/src/domain/frameworks/eu-ai-act-framework.test.ts +117 -0
- package/src/domain/frameworks/eu-ai-act-framework.ts +100 -0
- package/src/domain/frameworks/framework-registry.test.ts +91 -0
- package/src/domain/frameworks/framework-registry.ts +38 -0
- package/src/domain/frameworks/index.ts +8 -0
- package/src/domain/frameworks/mitre-atlas-framework.test.ts +53 -0
- package/src/domain/frameworks/mitre-atlas-framework.ts +53 -0
- package/src/domain/frameworks/owasp-llm-framework.test.ts +77 -0
- package/src/domain/frameworks/owasp-llm-framework.ts +54 -0
- package/src/domain/frameworks/score-plugin-framework.ts +117 -0
- package/src/domain/fria/fria-generator.test.ts +273 -0
- package/src/domain/fria/fria-generator.ts +366 -0
- package/src/domain/import/promptfoo-importer.test.ts +103 -0
- package/src/domain/import/promptfoo-importer.ts +151 -0
- package/src/domain/onboarding/guided-onboarding.test.ts +144 -0
- package/src/domain/onboarding/guided-onboarding.ts +135 -0
- package/src/domain/passport/builder/domain-mapper.ts +9 -0
- package/src/domain/passport/builder/manifest-builder.test.ts +546 -0
- package/src/domain/passport/builder/manifest-builder.ts +535 -0
- package/src/domain/passport/builder/manifest-diff.test.ts +105 -0
- package/src/domain/passport/builder/manifest-diff.ts +89 -0
- package/src/domain/passport/builder/manifest-files.ts +17 -0
- package/src/domain/passport/crypto-signer.test.ts +93 -0
- package/src/domain/passport/crypto-signer.ts +157 -0
- package/src/domain/passport/discovery/agent-discovery.test.ts +296 -0
- package/src/domain/passport/discovery/agent-discovery.ts +325 -0
- package/src/domain/passport/discovery/autonomy-analyzer.test.ts +141 -0
- package/src/domain/passport/discovery/autonomy-analyzer.ts +113 -0
- package/src/domain/passport/discovery/permission-scanner.test.ts +191 -0
- package/src/domain/passport/discovery/permission-scanner.ts +414 -0
- package/src/domain/passport/export/a2a-mapper.ts +75 -0
- package/src/domain/passport/export/aiuc1-mapper.ts +126 -0
- package/src/domain/passport/export/export.test.ts +207 -0
- package/src/domain/passport/export/index.ts +41 -0
- package/src/domain/passport/export/nist-mapper.ts +227 -0
- package/src/domain/passport/import/a2a-importer.test.ts +133 -0
- package/src/domain/passport/import/a2a-importer.ts +156 -0
- package/src/domain/passport/import/index.ts +2 -0
- package/src/domain/passport/index.ts +32 -0
- package/src/domain/passport/obligation-field-map.test.ts +113 -0
- package/src/domain/passport/obligation-field-map.ts +117 -0
- package/src/domain/passport/passport-validator.test.ts +156 -0
- package/src/domain/passport/passport-validator.ts +126 -0
- package/src/domain/passport/scan-to-compliance.test.ts +336 -0
- package/src/domain/passport/scan-to-compliance.ts +166 -0
- package/src/domain/passport/test-generator.test.ts +93 -0
- package/src/domain/passport/test-generator.ts +136 -0
- package/src/domain/proxy/index.ts +11 -0
- package/src/domain/proxy/json-rpc.test.ts +72 -0
- package/src/domain/proxy/json-rpc.ts +53 -0
- package/src/domain/proxy/policy-engine.test.ts +259 -0
- package/src/domain/proxy/policy-engine.ts +137 -0
- package/src/domain/proxy/proxy-bridge.ts +125 -0
- package/src/domain/proxy/proxy-interceptor.test.ts +184 -0
- package/src/domain/proxy/proxy-interceptor.ts +120 -0
- package/src/domain/proxy/proxy-types.ts +35 -0
- package/src/domain/registry/compute-agent-score.test.ts +279 -0
- package/src/domain/registry/compute-agent-score.ts +162 -0
- package/src/domain/reporter/audit-report.test.ts +87 -0
- package/src/domain/reporter/audit-report.ts +116 -0
- package/src/domain/reporter/badge-generator.test.ts +54 -0
- package/src/domain/reporter/badge-generator.ts +40 -0
- package/src/domain/reporter/compliance-md.ts +45 -0
- package/src/domain/reporter/index.ts +7 -0
- package/src/domain/reporter/pdf-renderer.ts +282 -0
- package/src/domain/reporter/share.test.ts +92 -0
- package/src/domain/reporter/share.ts +80 -0
- package/src/domain/scanner/ast/swc-analyzer.test.ts +49 -0
- package/src/domain/scanner/ast/swc-analyzer.ts +124 -0
- package/src/domain/scanner/attestations.ts +97 -0
- package/src/domain/scanner/checks/ai-disclosure.test.ts +90 -0
- package/src/domain/scanner/checks/ai-disclosure.ts +54 -0
- package/src/domain/scanner/checks/ai-literacy.ts +163 -0
- package/src/domain/scanner/checks/behavioral-constraints.test.ts +167 -0
- package/src/domain/scanner/checks/behavioral-constraints.ts +86 -0
- package/src/domain/scanner/checks/compliance-metadata.ts +63 -0
- package/src/domain/scanner/checks/content-marking.ts +74 -0
- package/src/domain/scanner/checks/dep-deep-scan.test.ts +318 -0
- package/src/domain/scanner/checks/dep-deep-scan.ts +137 -0
- package/src/domain/scanner/checks/documentation.test.ts +88 -0
- package/src/domain/scanner/checks/documentation.ts +79 -0
- package/src/domain/scanner/checks/git-history.test.ts +120 -0
- package/src/domain/scanner/checks/git-history.ts +163 -0
- package/src/domain/scanner/checks/gpai-systemic-risk.test.ts +84 -0
- package/src/domain/scanner/checks/gpai-systemic-risk.ts +98 -0
- package/src/domain/scanner/checks/gpai-transparency.ts +94 -0
- package/src/domain/scanner/checks/index.ts +28 -0
- package/src/domain/scanner/checks/industry/index.ts +40 -0
- package/src/domain/scanner/checks/industry/industry.test.ts +287 -0
- package/src/domain/scanner/checks/interaction-logging.test.ts +113 -0
- package/src/domain/scanner/checks/interaction-logging.ts +142 -0
- package/src/domain/scanner/checks/nhi-scanner.test.ts +158 -0
- package/src/domain/scanner/checks/nhi-scanner.ts +78 -0
- package/src/domain/scanner/checks/passport-completeness.test.ts +127 -0
- package/src/domain/scanner/checks/passport-completeness.ts +82 -0
- package/src/domain/scanner/checks/passport-presence.test.ts +56 -0
- package/src/domain/scanner/checks/passport-presence.ts +78 -0
- package/src/domain/scanner/checks/pattern-check-factory.ts +70 -0
- package/src/domain/scanner/checks/permission-scanner.test.ts +279 -0
- package/src/domain/scanner/checks/permission-scanner.ts +90 -0
- package/src/domain/scanner/checks/presence-check-factory.test.ts +124 -0
- package/src/domain/scanner/checks/presence-check-factory.ts +275 -0
- package/src/domain/scanner/compliance-diff.test.ts +165 -0
- package/src/domain/scanner/compliance-diff.ts +138 -0
- package/src/domain/scanner/confidence.test.ts +235 -0
- package/src/domain/scanner/confidence.ts +156 -0
- package/src/domain/scanner/constants.ts +13 -0
- package/src/domain/scanner/create-scanner.ts +573 -0
- package/src/domain/scanner/cross-layer.test.ts +372 -0
- package/src/domain/scanner/cross-layer.ts +232 -0
- package/src/domain/scanner/data/ai-packages.ts +82 -0
- package/src/domain/scanner/debt-calculator.test.ts +89 -0
- package/src/domain/scanner/debt-calculator.ts +111 -0
- package/src/domain/scanner/drift.test.ts +191 -0
- package/src/domain/scanner/drift.ts +73 -0
- package/src/domain/scanner/evidence-store.test.ts +207 -0
- package/src/domain/scanner/evidence-store.ts +195 -0
- package/src/domain/scanner/evidence.test.ts +104 -0
- package/src/domain/scanner/evidence.ts +71 -0
- package/src/domain/scanner/external/bandit-runner.test.ts +45 -0
- package/src/domain/scanner/external/bandit-runner.ts +90 -0
- package/src/domain/scanner/external/checks.ts +321 -0
- package/src/domain/scanner/external/dedup.test.ts +79 -0
- package/src/domain/scanner/external/dedup.ts +94 -0
- package/src/domain/scanner/external/detect-secrets-runner.test.ts +58 -0
- package/src/domain/scanner/external/detect-secrets-runner.ts +81 -0
- package/src/domain/scanner/external/external-scanner.test.ts +221 -0
- package/src/domain/scanner/external/external-scanner.ts +36 -0
- package/src/domain/scanner/external/finding-mapper.test.ts +95 -0
- package/src/domain/scanner/external/finding-mapper.ts +138 -0
- package/src/domain/scanner/external/index.ts +15 -0
- package/src/domain/scanner/external/mappings.ts +93 -0
- package/src/domain/scanner/external/modelscan-runner.test.ts +35 -0
- package/src/domain/scanner/external/modelscan-runner.ts +101 -0
- package/src/domain/scanner/external/path-utils.ts +8 -0
- package/src/domain/scanner/external/runner-port.ts +45 -0
- package/src/domain/scanner/external/semgrep-runner.test.ts +52 -0
- package/src/domain/scanner/external/semgrep-runner.ts +94 -0
- package/src/domain/scanner/external/types.ts +32 -0
- package/src/domain/scanner/finding-attribution.test.ts +444 -0
- package/src/domain/scanner/finding-attribution.ts +195 -0
- package/src/domain/scanner/finding-explainer.test.ts +157 -0
- package/src/domain/scanner/finding-explainer.ts +73 -0
- package/src/domain/scanner/fix-diff-builder.test.ts +272 -0
- package/src/domain/scanner/fix-diff-builder.ts +477 -0
- package/src/domain/scanner/import-graph.test.ts +162 -0
- package/src/domain/scanner/import-graph.ts +198 -0
- package/src/domain/scanner/languages/adapter.test.ts +105 -0
- package/src/domain/scanner/languages/adapter.ts +239 -0
- package/src/domain/scanner/layers/index.ts +24 -0
- package/src/domain/scanner/layers/layer1-files.ts +54 -0
- package/src/domain/scanner/layers/layer2-docs.test.ts +1207 -0
- package/src/domain/scanner/layers/layer2-docs.ts +297 -0
- package/src/domain/scanner/layers/layer2-parsing.ts +217 -0
- package/src/domain/scanner/layers/layer3-config.test.ts +187 -0
- package/src/domain/scanner/layers/layer3-config.ts +279 -0
- package/src/domain/scanner/layers/layer3-parsers.ts +73 -0
- package/src/domain/scanner/layers/layer4-patterns.test.ts +397 -0
- package/src/domain/scanner/layers/layer4-patterns.ts +216 -0
- package/src/domain/scanner/layers/layer5-docs.test.ts +99 -0
- package/src/domain/scanner/layers/layer5-docs.ts +250 -0
- package/src/domain/scanner/layers/layer5-llm.test.ts +146 -0
- package/src/domain/scanner/layers/layer5-llm.ts +262 -0
- package/src/domain/scanner/layers/layer5-targeted.test.ts +93 -0
- package/src/domain/scanner/layers/layer5-targeted.ts +233 -0
- package/src/domain/scanner/layers/lockfile-parsers.test.ts +320 -0
- package/src/domain/scanner/layers/lockfile-parsers.ts +184 -0
- package/src/domain/scanner/regulation-version.test.ts +54 -0
- package/src/domain/scanner/regulation-version.ts +23 -0
- package/src/domain/scanner/role-filter.test.ts +116 -0
- package/src/domain/scanner/role-filter.ts +51 -0
- package/src/domain/scanner/rules/banned-packages-data.ts +553 -0
- package/src/domain/scanner/rules/banned-packages-sdk.ts +65 -0
- package/src/domain/scanner/rules/banned-packages.test.ts +249 -0
- package/src/domain/scanner/rules/banned-packages.ts +55 -0
- package/src/domain/scanner/rules/comment-filter.test.ts +115 -0
- package/src/domain/scanner/rules/comment-filter.ts +297 -0
- package/src/domain/scanner/rules/index.ts +9 -0
- package/src/domain/scanner/rules/nhi-patterns.test.ts +128 -0
- package/src/domain/scanner/rules/nhi-patterns.ts +60 -0
- package/src/domain/scanner/rules/pattern-rules.ts +1152 -0
- package/src/domain/scanner/sbom.test.ts +136 -0
- package/src/domain/scanner/sbom.ts +103 -0
- package/src/domain/scanner/scan-cache.test.ts +136 -0
- package/src/domain/scanner/scan-cache.ts +115 -0
- package/src/domain/scanner/scanner.test.ts +125 -0
- package/src/domain/scanner/score-calculator.test.ts +363 -0
- package/src/domain/scanner/score-calculator.ts +189 -0
- package/src/domain/scanner/security-score.test.ts +107 -0
- package/src/domain/scanner/security-score.ts +116 -0
- package/src/domain/scanner/source-filter.ts +24 -0
- package/src/domain/scanner/validators.ts +223 -0
- package/src/domain/shared/compliance-constants.ts +48 -0
- package/src/domain/shared/disclosure-patterns.ts +16 -0
- package/src/domain/shared/index.ts +6 -0
- package/src/domain/shared/parse-dependencies.ts +21 -0
- package/src/domain/supply-chain/dependency-analyzer.ts +138 -0
- package/src/domain/supply-chain/index.ts +3 -0
- package/src/domain/supply-chain/supply-chain.test.ts +211 -0
- package/src/domain/supply-chain/types.ts +32 -0
- package/src/domain/whatif/config-fixer.ts +187 -0
- package/src/domain/whatif/index.ts +6 -0
- package/src/domain/whatif/scenario-engine.ts +121 -0
- package/src/domain/whatif/simulate-actions.test.ts +161 -0
- package/src/domain/whatif/simulate-actions.ts +114 -0
- package/src/domain/whatif/whatif.test.ts +135 -0
- package/src/e2e/gaps-e2e.test.ts +259 -0
- package/src/e2e/smoke.test.ts +101 -0
- package/src/hooks/hooks-export.test.ts +81 -0
- package/src/hooks/installer.ts +113 -0
- package/src/http/cors.test.ts +38 -0
- package/src/http/create-router.ts +259 -0
- package/src/http/routes/agent.route.ts +380 -0
- package/src/http/routes/audit.route.ts +66 -0
- package/src/http/routes/badge.route.ts +23 -0
- package/src/http/routes/cert.route.ts +66 -0
- package/src/http/routes/chat.route.ts +228 -0
- package/src/http/routes/cost.route.ts +33 -0
- package/src/http/routes/debt.route.ts +29 -0
- package/src/http/routes/disclaimer.route.ts +64 -0
- package/src/http/routes/eval.route.ts +161 -0
- package/src/http/routes/events.route.test.ts +108 -0
- package/src/http/routes/events.route.ts +71 -0
- package/src/http/routes/external-scan.route.ts +24 -0
- package/src/http/routes/file.route.ts +54 -0
- package/src/http/routes/fix.route.ts +219 -0
- package/src/http/routes/frameworks.route.test.ts +66 -0
- package/src/http/routes/frameworks.route.ts +36 -0
- package/src/http/routes/git.route.ts +27 -0
- package/src/http/routes/guided-onboarding.route.ts +65 -0
- package/src/http/routes/import.route.ts +64 -0
- package/src/http/routes/jurisdiction.route.ts +22 -0
- package/src/http/routes/obligations.route.test.ts +122 -0
- package/src/http/routes/obligations.route.ts +110 -0
- package/src/http/routes/onboarding.route.ts +53 -0
- package/src/http/routes/provider.route.ts +42 -0
- package/src/http/routes/proxy.route.ts +40 -0
- package/src/http/routes/redteam.route.ts +84 -0
- package/src/http/routes/report.route.ts +29 -0
- package/src/http/routes/scan.route.ts +104 -0
- package/src/http/routes/share.route.ts +44 -0
- package/src/http/routes/shell.route.ts +27 -0
- package/src/http/routes/status.route.ts +66 -0
- package/src/http/routes/supply-chain.route.ts +121 -0
- package/src/http/routes/sync.route.ts +328 -0
- package/src/http/routes/tools.route.ts +29 -0
- package/src/http/routes/whatif.route.ts +96 -0
- package/src/http/utils/validation.ts +31 -0
- package/src/index.ts +1 -0
- package/src/infra/bundle-fetcher.ts +77 -0
- package/src/infra/cache-storage.ts +34 -0
- package/src/infra/event-bus.ts +31 -0
- package/src/infra/file-collector.ts +61 -0
- package/src/infra/file-ops-adapter.ts +95 -0
- package/src/infra/file-watcher.test.ts +90 -0
- package/src/infra/file-watcher.ts +106 -0
- package/src/infra/git-adapter.ts +93 -0
- package/src/infra/git-history-adapter.ts +41 -0
- package/src/infra/headless-browser.ts +178 -0
- package/src/infra/llm-adapter.test.ts +83 -0
- package/src/infra/llm-adapter.ts +86 -0
- package/src/infra/logger.ts +27 -0
- package/src/infra/project-config.test.ts +74 -0
- package/src/infra/project-config.ts +35 -0
- package/src/infra/rate-limiter.test.ts +36 -0
- package/src/infra/rate-limiter.ts +34 -0
- package/src/infra/retry.ts +46 -0
- package/src/infra/saas-client.ts +123 -0
- package/src/infra/search-adapter.ts +113 -0
- package/src/infra/shell-adapter.ts +68 -0
- package/src/infra/tool-manager.test.ts +99 -0
- package/src/infra/tool-manager.ts +197 -0
- package/src/llm/agents/agent-modes.test.ts +44 -0
- package/src/llm/agents/modes.ts +68 -0
- package/src/llm/routing/cost-routing.test.ts +37 -0
- package/src/llm/routing/cost-tracker.ts +74 -0
- package/src/llm/routing/model-routing.test.ts +79 -0
- package/src/llm/routing/model-routing.ts +38 -0
- package/src/llm/routing/pricing.ts +19 -0
- package/src/llm/sse-protocol.ts +77 -0
- package/src/llm/tool-definitions.ts +83 -0
- package/src/llm/tool-executors.ts +80 -0
- package/src/llm/tools/types.ts +13 -0
- package/src/mcp/create-mcp-stack.ts +82 -0
- package/src/mcp/handlers.ts +245 -0
- package/src/mcp/index.ts +28 -0
- package/src/mcp/mcp-server.test.ts +80 -0
- package/src/mcp/server.ts +79 -0
- package/src/mcp/tools.ts +48 -0
- package/src/onboarding/auto-detect.ts +164 -0
- package/src/onboarding/onboarding.test.ts +89 -0
- package/src/onboarding/profile.ts +169 -0
- package/src/onboarding/questions.ts +112 -0
- package/src/onboarding/wizard.ts +66 -0
- package/src/output/github-issue.ts +32 -0
- package/src/output/json-output.ts +67 -0
- package/src/ports/browser.port.ts +23 -0
- package/src/ports/events.port.ts +28 -0
- package/src/ports/llm.port.ts +23 -0
- package/src/ports/logger.port.ts +6 -0
- package/src/ports/process.port.ts +6 -0
- package/src/ports/scanner.port.ts +15 -0
- package/src/server.ts +134 -0
- package/src/services/badge-service.ts +67 -0
- package/src/services/chat-service.test.ts +162 -0
- package/src/services/chat-service.ts +152 -0
- package/src/services/cost-service.ts +52 -0
- package/src/services/debt-service.ts +65 -0
- package/src/services/eval-integration.test.ts +132 -0
- package/src/services/eval-service.test.ts +373 -0
- package/src/services/eval-service.ts +463 -0
- package/src/services/external-scan-service.ts +60 -0
- package/src/services/file-service.ts +37 -0
- package/src/services/fix-service.test.ts +470 -0
- package/src/services/fix-service.ts +648 -0
- package/src/services/framework-service.test.ts +159 -0
- package/src/services/framework-service.ts +67 -0
- package/src/services/onboarding-service.ts +165 -0
- package/src/services/passport-audit.ts +244 -0
- package/src/services/passport-documents.ts +258 -0
- package/src/services/passport-service-utils.ts +72 -0
- package/src/services/passport-service.test.ts +251 -0
- package/src/services/passport-service.ts +339 -0
- package/src/services/proxy-service.ts +81 -0
- package/src/services/report-service.ts +72 -0
- package/src/services/scan-service.test.ts +470 -0
- package/src/services/scan-service.ts +335 -0
- package/src/services/share-service.ts +108 -0
- package/src/services/shared/backup.ts +23 -0
- package/src/services/status-service.ts +38 -0
- package/src/services/undo-service.test.ts +190 -0
- package/src/services/undo-service.ts +144 -0
- package/src/test-helpers/factories.ts +116 -0
- package/src/types/common.schemas.ts +147 -0
- package/src/types/common.types.ts +292 -0
- package/src/types/contract.test.ts +217 -0
- package/src/types/errors.ts +52 -0
- package/src/types/framework.types.ts +87 -0
- package/src/types/passport-schemas.ts +241 -0
- package/src/types/passport.types.ts +296 -0
- package/src/version.ts +1 -0
- package/tsconfig.json +20 -0
- package/vitest.config.ts +9 -0
|
@@ -0,0 +1,239 @@
|
|
|
1
|
+
import type { AgentPassport } from '../../types/passport.types.js';
|
|
2
|
+
import { deriveOversightDescription } from './passport-helpers.js';
|
|
3
|
+
import {
|
|
4
|
+
ALL_DOC_TYPES as _ALL_DOC_TYPES,
|
|
5
|
+
TEMPLATE_FILE_MAP as _TEMPLATE_FILE_MAP,
|
|
6
|
+
DOC_ID_PREFIX_MAP,
|
|
7
|
+
DOC_ID_PATTERN_MAP,
|
|
8
|
+
type DocType as _DocType,
|
|
9
|
+
} from '../../data/template-registry.js';
|
|
10
|
+
|
|
11
|
+
// --- Types (re-exported from template-registry — single source of truth) ---
|
|
12
|
+
|
|
13
|
+
export const ALL_DOC_TYPES = _ALL_DOC_TYPES;
|
|
14
|
+
export type DocType = _DocType;
|
|
15
|
+
export const TEMPLATE_FILE_MAP = _TEMPLATE_FILE_MAP;
|
|
16
|
+
|
|
17
|
+
export interface DocGeneratorInput {
|
|
18
|
+
readonly manifest: AgentPassport;
|
|
19
|
+
readonly template: string;
|
|
20
|
+
readonly docType: DocType;
|
|
21
|
+
readonly organization?: string;
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
export interface DocResult {
|
|
25
|
+
readonly markdown: string;
|
|
26
|
+
readonly docType: DocType;
|
|
27
|
+
readonly prefilledFields: readonly string[];
|
|
28
|
+
readonly manualFields: readonly string[];
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
// --- Helpers ---
|
|
32
|
+
|
|
33
|
+
const generateDocId = (prefix: string): string => {
|
|
34
|
+
const year = new Date().getFullYear();
|
|
35
|
+
const seq = String(Math.floor(Math.random() * 999) + 1).padStart(3, '0');
|
|
36
|
+
return `${prefix}-${year}-${seq}`;
|
|
37
|
+
};
|
|
38
|
+
|
|
39
|
+
// --- Generator ---
|
|
40
|
+
|
|
41
|
+
export const generateDocument = (input: DocGeneratorInput): DocResult => {
|
|
42
|
+
const { manifest, template, docType, organization } = input;
|
|
43
|
+
const prefilledFields: string[] = [];
|
|
44
|
+
const manualFields: string[] = [];
|
|
45
|
+
|
|
46
|
+
let markdown = template;
|
|
47
|
+
const today = new Date().toISOString().slice(0, 10);
|
|
48
|
+
|
|
49
|
+
// --- Common placeholders (shared across all templates) ---
|
|
50
|
+
|
|
51
|
+
// Company Name / Organization
|
|
52
|
+
const orgName = organization ?? manifest.owner?.team;
|
|
53
|
+
if (orgName) {
|
|
54
|
+
markdown = markdown.replaceAll('[Company Name]', orgName);
|
|
55
|
+
markdown = markdown.replaceAll('[Organization]', orgName);
|
|
56
|
+
prefilledFields.push('Company Name');
|
|
57
|
+
} else {
|
|
58
|
+
manualFields.push('Company Name');
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
// Date
|
|
62
|
+
markdown = markdown.replaceAll('[Date]', today);
|
|
63
|
+
prefilledFields.push('Date');
|
|
64
|
+
|
|
65
|
+
// AI System Name
|
|
66
|
+
markdown = markdown.replaceAll('[AI System Name]', manifest.display_name);
|
|
67
|
+
prefilledFields.push('AI System Name');
|
|
68
|
+
|
|
69
|
+
// Provider
|
|
70
|
+
const provider = manifest.model?.provider ?? '';
|
|
71
|
+
if (provider) {
|
|
72
|
+
markdown = markdown.replaceAll('[Provider name]', provider);
|
|
73
|
+
markdown = markdown.replaceAll('[Provider]', provider);
|
|
74
|
+
prefilledFields.push('Provider');
|
|
75
|
+
} else {
|
|
76
|
+
manualFields.push('Provider');
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
// Version
|
|
80
|
+
markdown = markdown.replaceAll('[X.Y]', manifest.version);
|
|
81
|
+
prefilledFields.push('Version');
|
|
82
|
+
|
|
83
|
+
// Description
|
|
84
|
+
markdown = markdown.replaceAll('[Description]', manifest.description);
|
|
85
|
+
prefilledFields.push('Description');
|
|
86
|
+
|
|
87
|
+
// Risk class
|
|
88
|
+
const riskClass = manifest.compliance?.eu_ai_act?.risk_class ?? '';
|
|
89
|
+
if (riskClass) {
|
|
90
|
+
markdown = markdown.replaceAll('[Risk Class]', riskClass);
|
|
91
|
+
prefilledFields.push('Risk Class');
|
|
92
|
+
} else {
|
|
93
|
+
manualFields.push('Risk Class');
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
// Human Oversight Description
|
|
97
|
+
const oversightDesc = deriveOversightDescription(manifest);
|
|
98
|
+
markdown = markdown.replaceAll(
|
|
99
|
+
'[Human Oversight Description]',
|
|
100
|
+
oversightDesc,
|
|
101
|
+
);
|
|
102
|
+
|
|
103
|
+
// Autonomy Level
|
|
104
|
+
markdown = markdown.replaceAll('[Autonomy Level]', manifest.autonomy_level);
|
|
105
|
+
|
|
106
|
+
// Model ID
|
|
107
|
+
const modelId = manifest.model?.model_id ?? '';
|
|
108
|
+
if (modelId) {
|
|
109
|
+
markdown = markdown.replaceAll('[Model ID]', modelId);
|
|
110
|
+
}
|
|
111
|
+
|
|
112
|
+
// Document ID (type-specific prefix)
|
|
113
|
+
const idPattern = DOC_ID_PATTERN_MAP[docType];
|
|
114
|
+
const idPrefix = DOC_ID_PREFIX_MAP[docType];
|
|
115
|
+
if (idPattern && idPrefix && markdown.includes(idPattern)) {
|
|
116
|
+
const docId = generateDocId(idPrefix);
|
|
117
|
+
markdown = markdown.replace(idPattern, docId);
|
|
118
|
+
prefilledFields.push('Document ID');
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
// [Name, Title] — always manual
|
|
122
|
+
if (markdown.includes('[Name, Title]')) {
|
|
123
|
+
manualFields.push('Approved By (Name, Title)');
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
// --- Type-specific handling ---
|
|
127
|
+
|
|
128
|
+
switch (docType) {
|
|
129
|
+
case 'ai-literacy':
|
|
130
|
+
manualFields.push('Training levels configuration');
|
|
131
|
+
manualFields.push('AI systems in scope table');
|
|
132
|
+
manualFields.push('Training schedule');
|
|
133
|
+
manualFields.push('Sign-off signatures');
|
|
134
|
+
break;
|
|
135
|
+
|
|
136
|
+
case 'art5-screening':
|
|
137
|
+
manualFields.push('Prohibited practice details');
|
|
138
|
+
manualFields.push('Risk assessment');
|
|
139
|
+
manualFields.push('Decision and justification');
|
|
140
|
+
break;
|
|
141
|
+
|
|
142
|
+
case 'technical-documentation':
|
|
143
|
+
manualFields.push('System architecture details');
|
|
144
|
+
manualFields.push('Training data characteristics');
|
|
145
|
+
manualFields.push('Performance metrics');
|
|
146
|
+
manualFields.push('Monitoring measures');
|
|
147
|
+
break;
|
|
148
|
+
|
|
149
|
+
case 'incident-report':
|
|
150
|
+
manualFields.push('Incident description');
|
|
151
|
+
manualFields.push('Root cause analysis');
|
|
152
|
+
manualFields.push('Corrective actions');
|
|
153
|
+
manualFields.push('Market surveillance authority');
|
|
154
|
+
break;
|
|
155
|
+
|
|
156
|
+
case 'declaration-of-conformity':
|
|
157
|
+
manualFields.push('Harmonised standards used');
|
|
158
|
+
manualFields.push('Notified body details');
|
|
159
|
+
manualFields.push('Conformity assessment procedure');
|
|
160
|
+
manualFields.push('Signatory');
|
|
161
|
+
break;
|
|
162
|
+
|
|
163
|
+
case 'monitoring-policy':
|
|
164
|
+
manualFields.push('AI systems in scope table');
|
|
165
|
+
manualFields.push('Human oversight assignments');
|
|
166
|
+
manualFields.push('Log retention schedule');
|
|
167
|
+
manualFields.push('Review frequency');
|
|
168
|
+
break;
|
|
169
|
+
|
|
170
|
+
case 'fria':
|
|
171
|
+
manualFields.push('Affected groups identification');
|
|
172
|
+
manualFields.push('Rights impact severity assessment');
|
|
173
|
+
manualFields.push('Mitigation measures');
|
|
174
|
+
manualFields.push('Stakeholder consultation records');
|
|
175
|
+
break;
|
|
176
|
+
|
|
177
|
+
case 'worker-notification':
|
|
178
|
+
manualFields.push('Affected worker groups');
|
|
179
|
+
manualFields.push('AI system capabilities description');
|
|
180
|
+
manualFields.push('Worker rights and escalation');
|
|
181
|
+
manualFields.push('Notification timeline');
|
|
182
|
+
break;
|
|
183
|
+
|
|
184
|
+
case 'risk-management':
|
|
185
|
+
manualFields.push('Known risks identification');
|
|
186
|
+
manualFields.push('Misuse scenarios');
|
|
187
|
+
manualFields.push('Residual risk assessment');
|
|
188
|
+
manualFields.push('Test results and methodology');
|
|
189
|
+
manualFields.push('Mitigation measures');
|
|
190
|
+
break;
|
|
191
|
+
|
|
192
|
+
case 'data-governance':
|
|
193
|
+
manualFields.push('Data sources and origins');
|
|
194
|
+
manualFields.push('Collection and preparation methods');
|
|
195
|
+
manualFields.push('Quality metrics and targets');
|
|
196
|
+
manualFields.push('Bias analysis');
|
|
197
|
+
manualFields.push('Representativeness assessment');
|
|
198
|
+
break;
|
|
199
|
+
|
|
200
|
+
case 'qms':
|
|
201
|
+
manualFields.push('Compliance strategy');
|
|
202
|
+
manualFields.push('Design control procedures');
|
|
203
|
+
manualFields.push('Testing procedures');
|
|
204
|
+
manualFields.push('Roles and responsibilities');
|
|
205
|
+
manualFields.push('Change management');
|
|
206
|
+
break;
|
|
207
|
+
|
|
208
|
+
case 'instructions-for-use':
|
|
209
|
+
manualFields.push('Intended purpose details');
|
|
210
|
+
manualFields.push('Performance metrics and benchmarks');
|
|
211
|
+
manualFields.push('Known limitations');
|
|
212
|
+
manualFields.push('Human oversight procedures');
|
|
213
|
+
manualFields.push('Input data specifications');
|
|
214
|
+
break;
|
|
215
|
+
|
|
216
|
+
case 'gpai-transparency':
|
|
217
|
+
manualFields.push('Training data sources');
|
|
218
|
+
manualFields.push('Benchmark results');
|
|
219
|
+
manualFields.push('Safety evaluations');
|
|
220
|
+
manualFields.push('Copyright compliance policy');
|
|
221
|
+
manualFields.push('Energy consumption data');
|
|
222
|
+
break;
|
|
223
|
+
|
|
224
|
+
case 'gpai-systemic-risk':
|
|
225
|
+
manualFields.push('Adversarial testing results');
|
|
226
|
+
manualFields.push('Systemic risk assessment');
|
|
227
|
+
manualFields.push('Incident tracking procedures');
|
|
228
|
+
manualFields.push('Cybersecurity measures');
|
|
229
|
+
break;
|
|
230
|
+
}
|
|
231
|
+
|
|
232
|
+
return Object.freeze({
|
|
233
|
+
markdown,
|
|
234
|
+
docType,
|
|
235
|
+
prefilledFields: Object.freeze([...prefilledFields]),
|
|
236
|
+
manualFields: Object.freeze([...manualFields]),
|
|
237
|
+
});
|
|
238
|
+
};
|
|
239
|
+
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
export { detectWeakSections, buildL2Feedback, enrichDocumentWithAI } from './ai-enricher.js';
|
|
2
|
+
export type { AiEnrichInput, AiEnrichedResult } from './ai-enricher.js';
|
|
3
|
+
export { generateDocument, ALL_DOC_TYPES, TEMPLATE_FILE_MAP } from './document-generator.js';
|
|
4
|
+
export type { DocType, DocGeneratorInput, DocResult } from './document-generator.js';
|
|
5
|
+
export { deriveOversightDescription } from './passport-helpers.js';
|
|
6
|
+
export { generatePolicy } from './policy-generator.js';
|
|
7
|
+
export type { PolicyGeneratorInput, PolicyResult } from './policy-generator.js';
|
|
8
|
+
export { generateWorkerNotification } from './worker-notification-generator.js';
|
|
9
|
+
export type { WorkerNotificationInput, WorkerNotificationResult } from './worker-notification-generator.js';
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import type { AgentPassport } from '../../types/passport.types.js';
|
|
2
|
+
|
|
3
|
+
/** Derive human-readable oversight description from passport autonomy data. */
|
|
4
|
+
export const deriveOversightDescription = (manifest: AgentPassport): string => {
|
|
5
|
+
const parts: string[] = [];
|
|
6
|
+
const level = manifest.autonomy_level;
|
|
7
|
+
|
|
8
|
+
if (level === 'L1' || level === 'L2') {
|
|
9
|
+
parts.push('System operates under direct human supervision.');
|
|
10
|
+
} else if (level === 'L3') {
|
|
11
|
+
parts.push('System operates semi-autonomously with human oversight checkpoints.');
|
|
12
|
+
} else {
|
|
13
|
+
parts.push('System operates autonomously; enhanced oversight measures required.');
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
if (manifest.constraints.human_approval_required.length > 0) {
|
|
17
|
+
parts.push(`Human approval required for: ${manifest.constraints.human_approval_required.join(', ')}.`);
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
if (manifest.autonomy_evidence.human_approval_gates > 0) {
|
|
21
|
+
parts.push(`${manifest.autonomy_evidence.human_approval_gates} human approval gate(s) detected in code.`);
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
return parts.join(' ');
|
|
25
|
+
};
|
|
@@ -0,0 +1,252 @@
|
|
|
1
|
+
import { describe, it, expect } from 'vitest';
|
|
2
|
+
import { generatePolicy } from './policy-generator.js';
|
|
3
|
+
import { createMockPassport } from '../../test-helpers/factories.js';
|
|
4
|
+
import type { IndustryId } from '../../data/industry-patterns.js';
|
|
5
|
+
|
|
6
|
+
const HR_TEMPLATE = `# AI Usage Policy — HR / Employment
|
|
7
|
+
|
|
8
|
+
| Field | Value |
|
|
9
|
+
|-------|-------|
|
|
10
|
+
| Organization | [Organization] |
|
|
11
|
+
| Date | [Date] |
|
|
12
|
+
| Version | [Version] |
|
|
13
|
+
| AI System Name | [AI System Name] |
|
|
14
|
+
| Risk Class | [Risk Class] |
|
|
15
|
+
|
|
16
|
+
## 3. AI System Description
|
|
17
|
+
|
|
18
|
+
- System name: [AI System Name]
|
|
19
|
+
- Description: [Description]
|
|
20
|
+
- Provider: [Provider]
|
|
21
|
+
- Model ID: [Model ID]
|
|
22
|
+
- Autonomy level: [Autonomy Level]
|
|
23
|
+
|
|
24
|
+
## 6. Human Oversight
|
|
25
|
+
|
|
26
|
+
- Autonomy level: [Autonomy Level]
|
|
27
|
+
- [Human Oversight Description]
|
|
28
|
+
|
|
29
|
+
## 14. Approval and Sign-off
|
|
30
|
+
|
|
31
|
+
| Policy Owner | [Approver Name] | [Date] |
|
|
32
|
+
`;
|
|
33
|
+
|
|
34
|
+
const FINANCE_TEMPLATE = `# AI Usage Policy — Finance / Credit
|
|
35
|
+
|
|
36
|
+
| Risk Class | [Risk Class] |
|
|
37
|
+
| AI System Name | [AI System Name] |
|
|
38
|
+
| Date | [Date] |
|
|
39
|
+
|
|
40
|
+
## 4. Risk Classification
|
|
41
|
+
|
|
42
|
+
This AI system is classified as **[Risk Class]** under the EU AI Act.
|
|
43
|
+
|
|
44
|
+
## 14. Approval and Sign-off
|
|
45
|
+
|
|
46
|
+
| Policy Owner | [Approver Name] | [Date] |
|
|
47
|
+
`;
|
|
48
|
+
|
|
49
|
+
const HEALTHCARE_TEMPLATE = `# AI Usage Policy — Healthcare / Medical
|
|
50
|
+
|
|
51
|
+
| AI System Name | [AI System Name] |
|
|
52
|
+
| Autonomy level | [Autonomy Level] |
|
|
53
|
+
|
|
54
|
+
## 6. Human Oversight
|
|
55
|
+
|
|
56
|
+
- Autonomy level: [Autonomy Level]
|
|
57
|
+
- [Human Oversight Description]
|
|
58
|
+
`;
|
|
59
|
+
|
|
60
|
+
const EDUCATION_TEMPLATE = `# AI Usage Policy — Education / Academic
|
|
61
|
+
|
|
62
|
+
| AI System Name | [AI System Name] |
|
|
63
|
+
| Provider | [Provider] |
|
|
64
|
+
| Model ID | [Model ID] |
|
|
65
|
+
| Version | [Version] |
|
|
66
|
+
`;
|
|
67
|
+
|
|
68
|
+
const LEGAL_TEMPLATE = `# AI Usage Policy — Legal / Justice
|
|
69
|
+
|
|
70
|
+
| AI System Name | [AI System Name] |
|
|
71
|
+
| Organization | [Organization] |
|
|
72
|
+
| Date | [Date] |
|
|
73
|
+
|
|
74
|
+
## 14. Approval and Sign-off
|
|
75
|
+
|
|
76
|
+
| Policy Owner | [Approver Name] | [Date] |
|
|
77
|
+
`;
|
|
78
|
+
|
|
79
|
+
describe('generatePolicy', () => {
|
|
80
|
+
it('pre-fills system name and organization for HR template', () => {
|
|
81
|
+
const manifest = createMockPassport({
|
|
82
|
+
display_name: 'HR Screening Bot',
|
|
83
|
+
owner: { team: 'TalentCo', contact: 'hr@talent.co', responsible_person: 'Alice' },
|
|
84
|
+
});
|
|
85
|
+
|
|
86
|
+
const result = generatePolicy({
|
|
87
|
+
manifest,
|
|
88
|
+
template: HR_TEMPLATE,
|
|
89
|
+
industry: 'hr',
|
|
90
|
+
organization: 'TalentCo HR',
|
|
91
|
+
});
|
|
92
|
+
|
|
93
|
+
expect(result.markdown).toContain('HR Screening Bot');
|
|
94
|
+
expect(result.markdown).toContain('TalentCo HR');
|
|
95
|
+
expect(result.markdown).not.toContain('[AI System Name]');
|
|
96
|
+
expect(result.markdown).not.toContain('[Organization]');
|
|
97
|
+
expect(result.prefilledFields).toContain('AI System Name');
|
|
98
|
+
expect(result.prefilledFields).toContain('Organization');
|
|
99
|
+
expect(result.industry).toBe('hr');
|
|
100
|
+
});
|
|
101
|
+
|
|
102
|
+
it('pre-fills risk class for finance template', () => {
|
|
103
|
+
const manifest = createMockPassport({
|
|
104
|
+
compliance: {
|
|
105
|
+
eu_ai_act: {
|
|
106
|
+
risk_class: 'high',
|
|
107
|
+
applicable_articles: ['Art. 6'],
|
|
108
|
+
deployer_obligations_met: [],
|
|
109
|
+
deployer_obligations_pending: [],
|
|
110
|
+
},
|
|
111
|
+
complior_score: 65,
|
|
112
|
+
last_scan: '2026-01-01',
|
|
113
|
+
},
|
|
114
|
+
});
|
|
115
|
+
|
|
116
|
+
const result = generatePolicy({
|
|
117
|
+
manifest,
|
|
118
|
+
template: FINANCE_TEMPLATE,
|
|
119
|
+
industry: 'finance',
|
|
120
|
+
});
|
|
121
|
+
|
|
122
|
+
expect(result.markdown).toContain('**high**');
|
|
123
|
+
expect(result.markdown).not.toContain('[Risk Class]');
|
|
124
|
+
expect(result.prefilledFields).toContain('Risk Class');
|
|
125
|
+
});
|
|
126
|
+
|
|
127
|
+
it('pre-fills autonomy and oversight for healthcare template', () => {
|
|
128
|
+
const manifest = createMockPassport({
|
|
129
|
+
autonomy_level: 'L3',
|
|
130
|
+
autonomy_evidence: {
|
|
131
|
+
human_approval_gates: 2,
|
|
132
|
+
unsupervised_actions: 1,
|
|
133
|
+
no_logging_actions: 0,
|
|
134
|
+
auto_rated: true,
|
|
135
|
+
},
|
|
136
|
+
constraints: {
|
|
137
|
+
rate_limits: { max_actions_per_minute: 60 },
|
|
138
|
+
budget: { max_cost_per_session_usd: 10 },
|
|
139
|
+
human_approval_required: ['prescribe'],
|
|
140
|
+
prohibited_actions: [],
|
|
141
|
+
},
|
|
142
|
+
});
|
|
143
|
+
|
|
144
|
+
const result = generatePolicy({
|
|
145
|
+
manifest,
|
|
146
|
+
template: HEALTHCARE_TEMPLATE,
|
|
147
|
+
industry: 'healthcare',
|
|
148
|
+
});
|
|
149
|
+
|
|
150
|
+
expect(result.markdown).toContain('L3');
|
|
151
|
+
expect(result.markdown).toContain('semi-autonomously');
|
|
152
|
+
expect(result.markdown).toContain('Human approval required for: prescribe');
|
|
153
|
+
expect(result.markdown).toContain('2 human approval gate(s)');
|
|
154
|
+
expect(result.prefilledFields).toContain('Autonomy Level');
|
|
155
|
+
expect(result.prefilledFields).toContain('Human Oversight Description');
|
|
156
|
+
});
|
|
157
|
+
|
|
158
|
+
it('pre-fills provider info for education template', () => {
|
|
159
|
+
const manifest = createMockPassport({
|
|
160
|
+
model: { provider: 'Anthropic', model_id: 'claude-3', deployment: 'cloud', data_residency: 'EU' },
|
|
161
|
+
version: '2.1.0',
|
|
162
|
+
});
|
|
163
|
+
|
|
164
|
+
const result = generatePolicy({
|
|
165
|
+
manifest,
|
|
166
|
+
template: EDUCATION_TEMPLATE,
|
|
167
|
+
industry: 'education',
|
|
168
|
+
});
|
|
169
|
+
|
|
170
|
+
expect(result.markdown).toContain('Anthropic');
|
|
171
|
+
expect(result.markdown).toContain('claude-3');
|
|
172
|
+
expect(result.markdown).toContain('2.1.0');
|
|
173
|
+
expect(result.prefilledFields).toContain('Provider');
|
|
174
|
+
expect(result.prefilledFields).toContain('Model ID');
|
|
175
|
+
expect(result.prefilledFields).toContain('Version');
|
|
176
|
+
});
|
|
177
|
+
|
|
178
|
+
it('tracks manual fields for legal template when approver not provided', () => {
|
|
179
|
+
const manifest = createMockPassport();
|
|
180
|
+
|
|
181
|
+
const result = generatePolicy({
|
|
182
|
+
manifest,
|
|
183
|
+
template: LEGAL_TEMPLATE,
|
|
184
|
+
industry: 'legal',
|
|
185
|
+
});
|
|
186
|
+
|
|
187
|
+
expect(result.manualFields).toContain('Approver Name');
|
|
188
|
+
expect(result.markdown).toContain('[Approver Name]');
|
|
189
|
+
});
|
|
190
|
+
|
|
191
|
+
it('returns frozen result', () => {
|
|
192
|
+
const manifest = createMockPassport();
|
|
193
|
+
|
|
194
|
+
const result = generatePolicy({
|
|
195
|
+
manifest,
|
|
196
|
+
template: HR_TEMPLATE,
|
|
197
|
+
industry: 'hr',
|
|
198
|
+
});
|
|
199
|
+
|
|
200
|
+
expect(Object.isFrozen(result)).toBe(true);
|
|
201
|
+
expect(Object.isFrozen(result.prefilledFields)).toBe(true);
|
|
202
|
+
expect(Object.isFrozen(result.manualFields)).toBe(true);
|
|
203
|
+
});
|
|
204
|
+
|
|
205
|
+
it('custom organization overrides passport owner.team', () => {
|
|
206
|
+
const manifest = createMockPassport({
|
|
207
|
+
owner: { team: 'Default Corp', contact: 'info@default.com', responsible_person: 'Bob' },
|
|
208
|
+
});
|
|
209
|
+
|
|
210
|
+
const result = generatePolicy({
|
|
211
|
+
manifest,
|
|
212
|
+
template: HR_TEMPLATE,
|
|
213
|
+
industry: 'hr',
|
|
214
|
+
organization: 'Custom Org Ltd',
|
|
215
|
+
});
|
|
216
|
+
|
|
217
|
+
expect(result.markdown).toContain('Custom Org Ltd');
|
|
218
|
+
expect(result.markdown).not.toContain('Default Corp');
|
|
219
|
+
expect(result.prefilledFields).toContain('Organization');
|
|
220
|
+
});
|
|
221
|
+
|
|
222
|
+
it('falls back to passport owner.team when no organization provided', () => {
|
|
223
|
+
const manifest = createMockPassport({
|
|
224
|
+
owner: { team: 'Fallback Inc', contact: 'info@fallback.com', responsible_person: 'Carol' },
|
|
225
|
+
});
|
|
226
|
+
|
|
227
|
+
const result = generatePolicy({
|
|
228
|
+
manifest,
|
|
229
|
+
template: HR_TEMPLATE,
|
|
230
|
+
industry: 'hr',
|
|
231
|
+
});
|
|
232
|
+
|
|
233
|
+
expect(result.markdown).toContain('Fallback Inc');
|
|
234
|
+
expect(result.prefilledFields).toContain('Organization');
|
|
235
|
+
});
|
|
236
|
+
|
|
237
|
+
it('pre-fills approver when provided', () => {
|
|
238
|
+
const manifest = createMockPassport();
|
|
239
|
+
|
|
240
|
+
const result = generatePolicy({
|
|
241
|
+
manifest,
|
|
242
|
+
template: HR_TEMPLATE,
|
|
243
|
+
industry: 'hr',
|
|
244
|
+
approver: 'Jane Smith, CLO',
|
|
245
|
+
});
|
|
246
|
+
|
|
247
|
+
expect(result.markdown).toContain('Jane Smith, CLO');
|
|
248
|
+
expect(result.markdown).not.toContain('[Approver Name]');
|
|
249
|
+
expect(result.prefilledFields).toContain('Approver');
|
|
250
|
+
expect(result.manualFields).not.toContain('Approver Name');
|
|
251
|
+
});
|
|
252
|
+
});
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
import type { AgentPassport } from '../../types/passport.types.js';
|
|
2
|
+
import type { IndustryId } from '../../data/industry-patterns.js';
|
|
3
|
+
import { deriveOversightDescription } from './passport-helpers.js';
|
|
4
|
+
|
|
5
|
+
// --- Types ---
|
|
6
|
+
|
|
7
|
+
export interface PolicyGeneratorInput {
|
|
8
|
+
readonly manifest: AgentPassport;
|
|
9
|
+
readonly template: string;
|
|
10
|
+
readonly industry: IndustryId;
|
|
11
|
+
readonly organization?: string;
|
|
12
|
+
readonly approver?: string;
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
export interface PolicyResult {
|
|
16
|
+
readonly markdown: string;
|
|
17
|
+
readonly industry: IndustryId;
|
|
18
|
+
readonly prefilledFields: readonly string[];
|
|
19
|
+
readonly manualFields: readonly string[];
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
// --- Generator ---
|
|
23
|
+
|
|
24
|
+
export const generatePolicy = (input: PolicyGeneratorInput): PolicyResult => {
|
|
25
|
+
const { manifest, template, industry, organization, approver } = input;
|
|
26
|
+
const prefilledFields: string[] = [];
|
|
27
|
+
const manualFields: string[] = [];
|
|
28
|
+
|
|
29
|
+
let markdown = template;
|
|
30
|
+
const today = new Date().toISOString().slice(0, 10);
|
|
31
|
+
|
|
32
|
+
// 1. Document Header table fields
|
|
33
|
+
markdown = markdown.replaceAll('[AI System Name]', manifest.display_name);
|
|
34
|
+
prefilledFields.push('AI System Name');
|
|
35
|
+
|
|
36
|
+
markdown = markdown.replaceAll('[Date]', today);
|
|
37
|
+
prefilledFields.push('Date');
|
|
38
|
+
|
|
39
|
+
markdown = markdown.replaceAll('[Version]', manifest.version);
|
|
40
|
+
prefilledFields.push('Version');
|
|
41
|
+
|
|
42
|
+
const orgName = organization ?? manifest.owner.team;
|
|
43
|
+
if (orgName) {
|
|
44
|
+
markdown = markdown.replaceAll('[Organization]', orgName);
|
|
45
|
+
prefilledFields.push('Organization');
|
|
46
|
+
} else {
|
|
47
|
+
manualFields.push('Organization');
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
const riskClass = manifest.compliance?.eu_ai_act?.risk_class ?? '';
|
|
51
|
+
if (riskClass) {
|
|
52
|
+
markdown = markdown.replaceAll('[Risk Class]', riskClass);
|
|
53
|
+
prefilledFields.push('Risk Class');
|
|
54
|
+
} else {
|
|
55
|
+
manualFields.push('Risk Class');
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
// 2. AI System Description section
|
|
59
|
+
markdown = markdown.replaceAll('[Description]', manifest.description);
|
|
60
|
+
prefilledFields.push('Description');
|
|
61
|
+
|
|
62
|
+
markdown = markdown.replaceAll('[Provider]', manifest.model.provider);
|
|
63
|
+
prefilledFields.push('Provider');
|
|
64
|
+
|
|
65
|
+
markdown = markdown.replaceAll('[Model ID]', manifest.model.model_id);
|
|
66
|
+
prefilledFields.push('Model ID');
|
|
67
|
+
|
|
68
|
+
markdown = markdown.replaceAll('[Autonomy Level]', manifest.autonomy_level);
|
|
69
|
+
prefilledFields.push('Autonomy Level');
|
|
70
|
+
|
|
71
|
+
// 3. Human Oversight description
|
|
72
|
+
const oversightDesc = deriveOversightDescription(manifest);
|
|
73
|
+
markdown = markdown.replaceAll('[Human Oversight Description]', oversightDesc);
|
|
74
|
+
prefilledFields.push('Human Oversight Description');
|
|
75
|
+
|
|
76
|
+
// 4. Approver
|
|
77
|
+
if (approver) {
|
|
78
|
+
markdown = markdown.replaceAll('[Approver Name]', approver);
|
|
79
|
+
prefilledFields.push('Approver');
|
|
80
|
+
} else {
|
|
81
|
+
manualFields.push('Approver Name');
|
|
82
|
+
}
|
|
83
|
+
|
|
84
|
+
// 5. Common manual fields (present in all templates)
|
|
85
|
+
manualFields.push('DPO sign-off');
|
|
86
|
+
manualFields.push('Additional role sign-offs');
|
|
87
|
+
|
|
88
|
+
return Object.freeze({
|
|
89
|
+
markdown,
|
|
90
|
+
industry,
|
|
91
|
+
prefilledFields: Object.freeze([...prefilledFields]),
|
|
92
|
+
manualFields: Object.freeze([...manualFields]),
|
|
93
|
+
});
|
|
94
|
+
};
|