npm - @complior/engine - Versions diffs - 0.9.0 - Mend

@complior/engine 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (594) hide show

package/.well-known/ai-compliance.json +16 -0
package/COMPLIANCE.md +64 -0
package/data/data-integrity.test.ts +75 -0
package/data/eval/eval-mappings.json +33 -0
package/data/llm/model-pricing.json +15 -0
package/data/llm/model-routing.json +36 -0
package/data/onboarding/risk-profile.json +17 -0
package/data/regulations/eu-ai-act/README.md +245 -0
package/data/regulations/eu-ai-act/applicability-tree.json +160 -0
package/data/regulations/eu-ai-act/cross-mapping.json +175 -0
package/data/regulations/eu-ai-act/localization.json +186 -0
package/data/regulations/eu-ai-act/obligations.json +3981 -0
package/data/regulations/eu-ai-act/regulation-meta.json +482 -0
package/data/regulations/eu-ai-act/scoring.json +342 -0
package/data/regulations/eu-ai-act/technical-requirements.json +2590 -0
package/data/regulations/eu-ai-act/timeline.json +160 -0
package/data/regulations/jurisdictions/at.json +15 -0
package/data/regulations/jurisdictions/be.json +15 -0
package/data/regulations/jurisdictions/bg.json +15 -0
package/data/regulations/jurisdictions/cy.json +15 -0
package/data/regulations/jurisdictions/cz.json +15 -0
package/data/regulations/jurisdictions/de.json +15 -0
package/data/regulations/jurisdictions/dk.json +15 -0
package/data/regulations/jurisdictions/ee.json +15 -0
package/data/regulations/jurisdictions/es.json +15 -0
package/data/regulations/jurisdictions/fi.json +15 -0
package/data/regulations/jurisdictions/fr.json +15 -0
package/data/regulations/jurisdictions/gr.json +15 -0
package/data/regulations/jurisdictions/hr.json +15 -0
package/data/regulations/jurisdictions/hu.json +15 -0
package/data/regulations/jurisdictions/ie.json +15 -0
package/data/regulations/jurisdictions/is.json +15 -0
package/data/regulations/jurisdictions/it.json +15 -0
package/data/regulations/jurisdictions/li.json +15 -0
package/data/regulations/jurisdictions/lt.json +15 -0
package/data/regulations/jurisdictions/lu.json +15 -0
package/data/regulations/jurisdictions/lv.json +15 -0
package/data/regulations/jurisdictions/mt.json +15 -0
package/data/regulations/jurisdictions/nl.json +15 -0
package/data/regulations/jurisdictions/no.json +15 -0
package/data/regulations/jurisdictions/pl.json +15 -0
package/data/regulations/jurisdictions/pt.json +15 -0
package/data/regulations/jurisdictions/ro.json +15 -0
package/data/regulations/jurisdictions/se.json +15 -0
package/data/regulations/jurisdictions/si.json +15 -0
package/data/regulations/jurisdictions/sk.json +15 -0
package/data/scanner/check-id-categories.json +81 -0
package/data/scanner/confidence-params.json +16 -0
package/data/scanner/limits.json +4 -0
package/data/schemas/http-contract-sample.json +79 -0
package/data/schemas/http-contract.json +144 -0
package/data/semgrep-rules/bare-call.yaml +37 -0
package/data/semgrep-rules/injection.yaml +73 -0
package/data/semgrep-rules/missing-error-handling.yaml +58 -0
package/data/semgrep-rules/unsafe-deser.yaml +65 -0
package/data/templates/eu-ai-act/ai-literacy.md +184 -0
package/data/templates/eu-ai-act/art5-screening.md +131 -0
package/data/templates/eu-ai-act/data-governance.md +145 -0
package/data/templates/eu-ai-act/declaration-of-conformity.md +161 -0
package/data/templates/eu-ai-act/fria.md +127 -0
package/data/templates/eu-ai-act/gpai-systemic-risk.md +150 -0
package/data/templates/eu-ai-act/gpai-transparency.md +166 -0
package/data/templates/eu-ai-act/incident-report.md +188 -0
package/data/templates/eu-ai-act/instructions-for-use.md +202 -0
package/data/templates/eu-ai-act/monitoring-policy.md +110 -0
package/data/templates/eu-ai-act/qms.md +180 -0
package/data/templates/eu-ai-act/risk-management-system.md +123 -0
package/data/templates/eu-ai-act/technical-documentation.md +287 -0
package/data/templates/eu-ai-act/worker-notification.md +143 -0
package/data/templates/policies/biometrics-ai-policy.md +214 -0
package/data/templates/policies/critical-infra-ai-policy.md +228 -0
package/data/templates/policies/education-ai-policy.md +184 -0
package/data/templates/policies/finance-ai-policy.md +191 -0
package/data/templates/policies/healthcare-ai-policy.md +197 -0
package/data/templates/policies/hr-ai-policy.md +178 -0
package/data/templates/policies/legal-ai-policy.md +189 -0
package/data/templates/policies/migration-ai-policy.md +239 -0
package/engine.log +7 -0
package/package.json +74 -0
package/src/composition-root.ts +791 -0
package/src/data/eval/conformity-tests.test.ts +122 -0
package/src/data/eval/ct-1-transparency.ts +106 -0
package/src/data/eval/ct-10-gpai.ts +25 -0
package/src/data/eval/ct-11-industry.ts +42 -0
package/src/data/eval/ct-2-oversight.ts +41 -0
package/src/data/eval/ct-3-explanation.ts +14 -0
package/src/data/eval/ct-4-bias.ts +83 -0
package/src/data/eval/ct-5-accuracy.ts +41 -0
package/src/data/eval/ct-6-robustness.ts +81 -0
package/src/data/eval/ct-7-prohibited.ts +52 -0
package/src/data/eval/ct-8-logging.ts +68 -0
package/src/data/eval/ct-9-risk-awareness.ts +33 -0
package/src/data/eval/deterministic-evaluator.ts +120 -0
package/src/data/eval/index.ts +55 -0
package/src/data/eval/judge-prompts.ts +146 -0
package/src/data/eval/llm-judged-tests.ts +279 -0
package/src/data/eval/llm-tests.test.ts +83 -0
package/src/data/eval/remediation/ct-1-transparency.ts +91 -0
package/src/data/eval/remediation/ct-10-gpai.ts +94 -0
package/src/data/eval/remediation/ct-11-industry.ts +94 -0
package/src/data/eval/remediation/ct-2-oversight.ts +71 -0
package/src/data/eval/remediation/ct-3-explanation.ts +70 -0
package/src/data/eval/remediation/ct-4-bias.ts +70 -0
package/src/data/eval/remediation/ct-5-accuracy.ts +70 -0
package/src/data/eval/remediation/ct-6-robustness.ts +70 -0
package/src/data/eval/remediation/ct-7-prohibited.ts +94 -0
package/src/data/eval/remediation/ct-8-logging.ts +94 -0
package/src/data/eval/remediation/ct-9-risk-awareness.ts +94 -0
package/src/data/eval/remediation/index.ts +89 -0
package/src/data/eval/remediation/owasp-art5.ts +15 -0
package/src/data/eval/remediation/owasp-llm01.ts +72 -0
package/src/data/eval/remediation/owasp-llm02.ts +72 -0
package/src/data/eval/remediation/owasp-llm03.ts +15 -0
package/src/data/eval/remediation/owasp-llm04.ts +15 -0
package/src/data/eval/remediation/owasp-llm05.ts +15 -0
package/src/data/eval/remediation/owasp-llm06.ts +15 -0
package/src/data/eval/remediation/owasp-llm07.ts +15 -0
package/src/data/eval/remediation/owasp-llm08.ts +15 -0
package/src/data/eval/remediation/owasp-llm09.ts +15 -0
package/src/data/eval/remediation/owasp-llm10.ts +15 -0
package/src/data/eval/remediation/remediation.test.ts +229 -0
package/src/data/eval/remediation/test-mapping.ts +290 -0
package/src/data/eval/security-rubrics.ts +381 -0
package/src/data/finding-explanations.json +453 -0
package/src/data/industry-patterns.ts +161 -0
package/src/data/registry-cards.ts +368 -0
package/src/data/regulation/index.ts +5 -0
package/src/data/regulation/jurisdiction-data.test.ts +73 -0
package/src/data/regulation/jurisdiction-data.ts +65 -0
package/src/data/regulation/regulation-data.ts +19 -0
package/src/data/regulation/regulation-loader.test.ts +107 -0
package/src/data/regulation/regulation-loader.ts +56 -0
package/src/data/scanner-constants.ts +46 -0
package/src/data/schemas/schemas-core.ts +140 -0
package/src/data/schemas/schemas-supplementary.ts +211 -0
package/src/data/schemas/schemas.ts +28 -0
package/src/data/security/attack-probes.test.ts +62 -0
package/src/data/security/attack-probes.ts +496 -0
package/src/data/security/eu-ai-act-security.ts +40 -0
package/src/data/security/index.ts +19 -0
package/src/data/security/mitre-atlas.test.ts +43 -0
package/src/data/security/mitre-atlas.ts +93 -0
package/src/data/security/nist-ai-rmf.ts +43 -0
package/src/data/security/owasp-llm-top10.test.ts +60 -0
package/src/data/security/owasp-llm-top10.ts +138 -0
package/src/data/template-registry.ts +53 -0
package/src/data/tool-versions.json +22 -0
package/src/domain/audit/audit-package.test.ts +152 -0
package/src/domain/audit/audit-package.ts +166 -0
package/src/domain/audit/audit-trail.test.ts +121 -0
package/src/domain/audit/audit-trail.ts +174 -0
package/src/domain/audit/index.ts +8 -0
package/src/domain/audit/permissions-matrix.test.ts +136 -0
package/src/domain/audit/permissions-matrix.ts +121 -0
package/src/domain/certification/adversarial/bias-tests.ts +95 -0
package/src/domain/certification/adversarial/evaluators.ts +304 -0
package/src/domain/certification/adversarial/index.ts +11 -0
package/src/domain/certification/adversarial/prompt-injection.ts +103 -0
package/src/domain/certification/adversarial/safety-boundary.ts +132 -0
package/src/domain/certification/aiuc1-readiness.test.ts +236 -0
package/src/domain/certification/aiuc1-readiness.ts +298 -0
package/src/domain/certification/aiuc1-requirements.ts +235 -0
package/src/domain/certification/index.ts +10 -0
package/src/domain/certification/redteam-runner.test.ts +97 -0
package/src/domain/certification/redteam-runner.ts +205 -0
package/src/domain/certification/test-runner.test.ts +232 -0
package/src/domain/certification/test-runner.ts +289 -0
package/src/domain/cost/cost-estimator.test.ts +187 -0
package/src/domain/cost/cost-estimator.ts +133 -0
package/src/domain/disclaimer.test.ts +52 -0
package/src/domain/disclaimer.ts +39 -0
package/src/domain/documents/ai-enricher.test.ts +120 -0
package/src/domain/documents/ai-enricher.ts +159 -0
package/src/domain/documents/document-generator.test.ts +318 -0
package/src/domain/documents/document-generator.ts +239 -0
package/src/domain/documents/index.ts +9 -0
package/src/domain/documents/passport-helpers.ts +25 -0
package/src/domain/documents/policy-generator.test.ts +252 -0
package/src/domain/documents/policy-generator.ts +94 -0
package/src/domain/documents/worker-notification-generator.test.ts +162 -0
package/src/domain/documents/worker-notification-generator.ts +141 -0
package/src/domain/eval/adapters/adapter-port.ts +94 -0
package/src/domain/eval/adapters/adapters.test.ts +303 -0
package/src/domain/eval/adapters/anthropic-adapter.ts +57 -0
package/src/domain/eval/adapters/auto-detect.ts +104 -0
package/src/domain/eval/adapters/create-chat-adapter.ts +106 -0
package/src/domain/eval/adapters/custom-adapter.ts +74 -0
package/src/domain/eval/adapters/http-adapter.ts +66 -0
package/src/domain/eval/adapters/index.ts +7 -0
package/src/domain/eval/adapters/ollama-adapter.ts +48 -0
package/src/domain/eval/adapters/openai-adapter.ts +58 -0
package/src/domain/eval/adapters/with-timeout.ts +25 -0
package/src/domain/eval/conformity-score.test.ts +161 -0
package/src/domain/eval/conformity-score.ts +135 -0
package/src/domain/eval/eval-constants.ts +55 -0
package/src/domain/eval/eval-evidence.test.ts +85 -0
package/src/domain/eval/eval-evidence.ts +103 -0
package/src/domain/eval/eval-fix-generator.test.ts +421 -0
package/src/domain/eval/eval-fix-generator.ts +205 -0
package/src/domain/eval/eval-passport.test.ts +82 -0
package/src/domain/eval/eval-passport.ts +89 -0
package/src/domain/eval/eval-remediation-report.test.ts +682 -0
package/src/domain/eval/eval-remediation-report.ts +170 -0
package/src/domain/eval/eval-report.ts +108 -0
package/src/domain/eval/eval-runner.test.ts +609 -0
package/src/domain/eval/eval-runner.ts +593 -0
package/src/domain/eval/eval-to-findings.test.ts +293 -0
package/src/domain/eval/eval-to-findings.ts +83 -0
package/src/domain/eval/index.ts +31 -0
package/src/domain/eval/llm-judge.test.ts +139 -0
package/src/domain/eval/llm-judge.ts +168 -0
package/src/domain/eval/remediation-types.ts +90 -0
package/src/domain/eval/security-integration.test.ts +196 -0
package/src/domain/eval/security-integration.ts +136 -0
package/src/domain/eval/types.test.ts +173 -0
package/src/domain/eval/types.ts +244 -0
package/src/domain/eval/verdict-utils.ts +45 -0
package/src/domain/fixer/create-fixer.ts +101 -0
package/src/domain/fixer/diff.ts +70 -0
package/src/domain/fixer/fix-history.ts +23 -0
package/src/domain/fixer/fixer.test.ts +306 -0
package/src/domain/fixer/index.ts +9 -0
package/src/domain/fixer/strategies/bandit-fix.ts +61 -0
package/src/domain/fixer/strategies/bias-testing.ts +49 -0
package/src/domain/fixer/strategies/ci-compliance.ts +57 -0
package/src/domain/fixer/strategies/content-marking.ts +45 -0
package/src/domain/fixer/strategies/cve-upgrade.ts +66 -0
package/src/domain/fixer/strategies/data-governance.ts +65 -0
package/src/domain/fixer/strategies/disclosure.ts +69 -0
package/src/domain/fixer/strategies/doc-code-sync.ts +53 -0
package/src/domain/fixer/strategies/documentation.ts +59 -0
package/src/domain/fixer/strategies/error-handler.ts +63 -0
package/src/domain/fixer/strategies/hitl-gate.ts +67 -0
package/src/domain/fixer/strategies/index.ts +61 -0
package/src/domain/fixer/strategies/kill-switch-test.ts +85 -0
package/src/domain/fixer/strategies/kill-switch.ts +53 -0
package/src/domain/fixer/strategies/license-fix.ts +57 -0
package/src/domain/fixer/strategies/log-retention.ts +40 -0
package/src/domain/fixer/strategies/logging.ts +59 -0
package/src/domain/fixer/strategies/metadata.ts +45 -0
package/src/domain/fixer/strategies/permission-guard.ts +84 -0
package/src/domain/fixer/strategies/record-keeping.ts +69 -0
package/src/domain/fixer/strategies/secret-rotation.ts +52 -0
package/src/domain/fixer/strategies.test.ts +341 -0
package/src/domain/fixer/template-engine.test.ts +64 -0
package/src/domain/fixer/template-engine.ts +38 -0
package/src/domain/fixer/types.ts +88 -0
package/src/domain/frameworks/aiuc1-framework.test.ts +159 -0
package/src/domain/frameworks/aiuc1-framework.ts +126 -0
package/src/domain/frameworks/collect-foundation-metrics.test.ts +96 -0
package/src/domain/frameworks/collect-foundation-metrics.ts +34 -0
package/src/domain/frameworks/eu-ai-act-framework.test.ts +117 -0
package/src/domain/frameworks/eu-ai-act-framework.ts +100 -0
package/src/domain/frameworks/framework-registry.test.ts +91 -0
package/src/domain/frameworks/framework-registry.ts +38 -0
package/src/domain/frameworks/index.ts +8 -0
package/src/domain/frameworks/mitre-atlas-framework.test.ts +53 -0
package/src/domain/frameworks/mitre-atlas-framework.ts +53 -0
package/src/domain/frameworks/owasp-llm-framework.test.ts +77 -0
package/src/domain/frameworks/owasp-llm-framework.ts +54 -0
package/src/domain/frameworks/score-plugin-framework.ts +117 -0
package/src/domain/fria/fria-generator.test.ts +273 -0
package/src/domain/fria/fria-generator.ts +366 -0
package/src/domain/import/promptfoo-importer.test.ts +103 -0
package/src/domain/import/promptfoo-importer.ts +151 -0
package/src/domain/onboarding/guided-onboarding.test.ts +144 -0
package/src/domain/onboarding/guided-onboarding.ts +135 -0
package/src/domain/passport/builder/domain-mapper.ts +9 -0
package/src/domain/passport/builder/manifest-builder.test.ts +546 -0
package/src/domain/passport/builder/manifest-builder.ts +535 -0
package/src/domain/passport/builder/manifest-diff.test.ts +105 -0
package/src/domain/passport/builder/manifest-diff.ts +89 -0
package/src/domain/passport/builder/manifest-files.ts +17 -0
package/src/domain/passport/crypto-signer.test.ts +93 -0
package/src/domain/passport/crypto-signer.ts +157 -0
package/src/domain/passport/discovery/agent-discovery.test.ts +296 -0
package/src/domain/passport/discovery/agent-discovery.ts +325 -0
package/src/domain/passport/discovery/autonomy-analyzer.test.ts +141 -0
package/src/domain/passport/discovery/autonomy-analyzer.ts +113 -0
package/src/domain/passport/discovery/permission-scanner.test.ts +191 -0
package/src/domain/passport/discovery/permission-scanner.ts +414 -0
package/src/domain/passport/export/a2a-mapper.ts +75 -0
package/src/domain/passport/export/aiuc1-mapper.ts +126 -0
package/src/domain/passport/export/export.test.ts +207 -0
package/src/domain/passport/export/index.ts +41 -0
package/src/domain/passport/export/nist-mapper.ts +227 -0
package/src/domain/passport/import/a2a-importer.test.ts +133 -0
package/src/domain/passport/import/a2a-importer.ts +156 -0
package/src/domain/passport/import/index.ts +2 -0
package/src/domain/passport/index.ts +32 -0
package/src/domain/passport/obligation-field-map.test.ts +113 -0
package/src/domain/passport/obligation-field-map.ts +117 -0
package/src/domain/passport/passport-validator.test.ts +156 -0
package/src/domain/passport/passport-validator.ts +126 -0
package/src/domain/passport/scan-to-compliance.test.ts +336 -0
package/src/domain/passport/scan-to-compliance.ts +166 -0
package/src/domain/passport/test-generator.test.ts +93 -0
package/src/domain/passport/test-generator.ts +136 -0
package/src/domain/proxy/index.ts +11 -0
package/src/domain/proxy/json-rpc.test.ts +72 -0
package/src/domain/proxy/json-rpc.ts +53 -0
package/src/domain/proxy/policy-engine.test.ts +259 -0
package/src/domain/proxy/policy-engine.ts +137 -0
package/src/domain/proxy/proxy-bridge.ts +125 -0
package/src/domain/proxy/proxy-interceptor.test.ts +184 -0
package/src/domain/proxy/proxy-interceptor.ts +120 -0
package/src/domain/proxy/proxy-types.ts +35 -0
package/src/domain/registry/compute-agent-score.test.ts +279 -0
package/src/domain/registry/compute-agent-score.ts +162 -0
package/src/domain/reporter/audit-report.test.ts +87 -0
package/src/domain/reporter/audit-report.ts +116 -0
package/src/domain/reporter/badge-generator.test.ts +54 -0
package/src/domain/reporter/badge-generator.ts +40 -0
package/src/domain/reporter/compliance-md.ts +45 -0
package/src/domain/reporter/index.ts +7 -0
package/src/domain/reporter/pdf-renderer.ts +282 -0
package/src/domain/reporter/share.test.ts +92 -0
package/src/domain/reporter/share.ts +80 -0
package/src/domain/scanner/ast/swc-analyzer.test.ts +49 -0
package/src/domain/scanner/ast/swc-analyzer.ts +124 -0
package/src/domain/scanner/attestations.ts +97 -0
package/src/domain/scanner/checks/ai-disclosure.test.ts +90 -0
package/src/domain/scanner/checks/ai-disclosure.ts +54 -0
package/src/domain/scanner/checks/ai-literacy.ts +163 -0
package/src/domain/scanner/checks/behavioral-constraints.test.ts +167 -0
package/src/domain/scanner/checks/behavioral-constraints.ts +86 -0
package/src/domain/scanner/checks/compliance-metadata.ts +63 -0
package/src/domain/scanner/checks/content-marking.ts +74 -0
package/src/domain/scanner/checks/dep-deep-scan.test.ts +318 -0
package/src/domain/scanner/checks/dep-deep-scan.ts +137 -0
package/src/domain/scanner/checks/documentation.test.ts +88 -0
package/src/domain/scanner/checks/documentation.ts +79 -0
package/src/domain/scanner/checks/git-history.test.ts +120 -0
package/src/domain/scanner/checks/git-history.ts +163 -0
package/src/domain/scanner/checks/gpai-systemic-risk.test.ts +84 -0
package/src/domain/scanner/checks/gpai-systemic-risk.ts +98 -0
package/src/domain/scanner/checks/gpai-transparency.ts +94 -0
package/src/domain/scanner/checks/index.ts +28 -0
package/src/domain/scanner/checks/industry/index.ts +40 -0
package/src/domain/scanner/checks/industry/industry.test.ts +287 -0
package/src/domain/scanner/checks/interaction-logging.test.ts +113 -0
package/src/domain/scanner/checks/interaction-logging.ts +142 -0
package/src/domain/scanner/checks/nhi-scanner.test.ts +158 -0
package/src/domain/scanner/checks/nhi-scanner.ts +78 -0
package/src/domain/scanner/checks/passport-completeness.test.ts +127 -0
package/src/domain/scanner/checks/passport-completeness.ts +82 -0
package/src/domain/scanner/checks/passport-presence.test.ts +56 -0
package/src/domain/scanner/checks/passport-presence.ts +78 -0
package/src/domain/scanner/checks/pattern-check-factory.ts +70 -0
package/src/domain/scanner/checks/permission-scanner.test.ts +279 -0
package/src/domain/scanner/checks/permission-scanner.ts +90 -0
package/src/domain/scanner/checks/presence-check-factory.test.ts +124 -0
package/src/domain/scanner/checks/presence-check-factory.ts +275 -0
package/src/domain/scanner/compliance-diff.test.ts +165 -0
package/src/domain/scanner/compliance-diff.ts +138 -0
package/src/domain/scanner/confidence.test.ts +235 -0
package/src/domain/scanner/confidence.ts +156 -0
package/src/domain/scanner/constants.ts +13 -0
package/src/domain/scanner/create-scanner.ts +573 -0
package/src/domain/scanner/cross-layer.test.ts +372 -0
package/src/domain/scanner/cross-layer.ts +232 -0
package/src/domain/scanner/data/ai-packages.ts +82 -0
package/src/domain/scanner/debt-calculator.test.ts +89 -0
package/src/domain/scanner/debt-calculator.ts +111 -0
package/src/domain/scanner/drift.test.ts +191 -0
package/src/domain/scanner/drift.ts +73 -0
package/src/domain/scanner/evidence-store.test.ts +207 -0
package/src/domain/scanner/evidence-store.ts +195 -0
package/src/domain/scanner/evidence.test.ts +104 -0
package/src/domain/scanner/evidence.ts +71 -0
package/src/domain/scanner/external/bandit-runner.test.ts +45 -0
package/src/domain/scanner/external/bandit-runner.ts +90 -0
package/src/domain/scanner/external/checks.ts +321 -0
package/src/domain/scanner/external/dedup.test.ts +79 -0
package/src/domain/scanner/external/dedup.ts +94 -0
package/src/domain/scanner/external/detect-secrets-runner.test.ts +58 -0
package/src/domain/scanner/external/detect-secrets-runner.ts +81 -0
package/src/domain/scanner/external/external-scanner.test.ts +221 -0
package/src/domain/scanner/external/external-scanner.ts +36 -0
package/src/domain/scanner/external/finding-mapper.test.ts +95 -0
package/src/domain/scanner/external/finding-mapper.ts +138 -0
package/src/domain/scanner/external/index.ts +15 -0
package/src/domain/scanner/external/mappings.ts +93 -0
package/src/domain/scanner/external/modelscan-runner.test.ts +35 -0
package/src/domain/scanner/external/modelscan-runner.ts +101 -0
package/src/domain/scanner/external/path-utils.ts +8 -0
package/src/domain/scanner/external/runner-port.ts +45 -0
package/src/domain/scanner/external/semgrep-runner.test.ts +52 -0
package/src/domain/scanner/external/semgrep-runner.ts +94 -0
package/src/domain/scanner/external/types.ts +32 -0
package/src/domain/scanner/finding-attribution.test.ts +444 -0
package/src/domain/scanner/finding-attribution.ts +195 -0
package/src/domain/scanner/finding-explainer.test.ts +157 -0
package/src/domain/scanner/finding-explainer.ts +73 -0
package/src/domain/scanner/fix-diff-builder.test.ts +272 -0
package/src/domain/scanner/fix-diff-builder.ts +477 -0
package/src/domain/scanner/import-graph.test.ts +162 -0
package/src/domain/scanner/import-graph.ts +198 -0
package/src/domain/scanner/languages/adapter.test.ts +105 -0
package/src/domain/scanner/languages/adapter.ts +239 -0
package/src/domain/scanner/layers/index.ts +24 -0
package/src/domain/scanner/layers/layer1-files.ts +54 -0
package/src/domain/scanner/layers/layer2-docs.test.ts +1207 -0
package/src/domain/scanner/layers/layer2-docs.ts +297 -0
package/src/domain/scanner/layers/layer2-parsing.ts +217 -0
package/src/domain/scanner/layers/layer3-config.test.ts +187 -0
package/src/domain/scanner/layers/layer3-config.ts +279 -0
package/src/domain/scanner/layers/layer3-parsers.ts +73 -0
package/src/domain/scanner/layers/layer4-patterns.test.ts +397 -0
package/src/domain/scanner/layers/layer4-patterns.ts +216 -0
package/src/domain/scanner/layers/layer5-docs.test.ts +99 -0
package/src/domain/scanner/layers/layer5-docs.ts +250 -0
package/src/domain/scanner/layers/layer5-llm.test.ts +146 -0
package/src/domain/scanner/layers/layer5-llm.ts +262 -0
package/src/domain/scanner/layers/layer5-targeted.test.ts +93 -0
package/src/domain/scanner/layers/layer5-targeted.ts +233 -0
package/src/domain/scanner/layers/lockfile-parsers.test.ts +320 -0
package/src/domain/scanner/layers/lockfile-parsers.ts +184 -0
package/src/domain/scanner/regulation-version.test.ts +54 -0
package/src/domain/scanner/regulation-version.ts +23 -0
package/src/domain/scanner/role-filter.test.ts +116 -0
package/src/domain/scanner/role-filter.ts +51 -0
package/src/domain/scanner/rules/banned-packages-data.ts +553 -0
package/src/domain/scanner/rules/banned-packages-sdk.ts +65 -0
package/src/domain/scanner/rules/banned-packages.test.ts +249 -0
package/src/domain/scanner/rules/banned-packages.ts +55 -0
package/src/domain/scanner/rules/comment-filter.test.ts +115 -0
package/src/domain/scanner/rules/comment-filter.ts +297 -0
package/src/domain/scanner/rules/index.ts +9 -0
package/src/domain/scanner/rules/nhi-patterns.test.ts +128 -0
package/src/domain/scanner/rules/nhi-patterns.ts +60 -0
package/src/domain/scanner/rules/pattern-rules.ts +1152 -0
package/src/domain/scanner/sbom.test.ts +136 -0
package/src/domain/scanner/sbom.ts +103 -0
package/src/domain/scanner/scan-cache.test.ts +136 -0
package/src/domain/scanner/scan-cache.ts +115 -0
package/src/domain/scanner/scanner.test.ts +125 -0
package/src/domain/scanner/score-calculator.test.ts +363 -0
package/src/domain/scanner/score-calculator.ts +189 -0
package/src/domain/scanner/security-score.test.ts +107 -0
package/src/domain/scanner/security-score.ts +116 -0
package/src/domain/scanner/source-filter.ts +24 -0
package/src/domain/scanner/validators.ts +223 -0
package/src/domain/shared/compliance-constants.ts +48 -0
package/src/domain/shared/disclosure-patterns.ts +16 -0
package/src/domain/shared/index.ts +6 -0
package/src/domain/shared/parse-dependencies.ts +21 -0
package/src/domain/supply-chain/dependency-analyzer.ts +138 -0
package/src/domain/supply-chain/index.ts +3 -0
package/src/domain/supply-chain/supply-chain.test.ts +211 -0
package/src/domain/supply-chain/types.ts +32 -0
package/src/domain/whatif/config-fixer.ts +187 -0
package/src/domain/whatif/index.ts +6 -0
package/src/domain/whatif/scenario-engine.ts +121 -0
package/src/domain/whatif/simulate-actions.test.ts +161 -0
package/src/domain/whatif/simulate-actions.ts +114 -0
package/src/domain/whatif/whatif.test.ts +135 -0
package/src/e2e/gaps-e2e.test.ts +259 -0
package/src/e2e/smoke.test.ts +101 -0
package/src/hooks/hooks-export.test.ts +81 -0
package/src/hooks/installer.ts +113 -0
package/src/http/cors.test.ts +38 -0
package/src/http/create-router.ts +259 -0
package/src/http/routes/agent.route.ts +380 -0
package/src/http/routes/audit.route.ts +66 -0
package/src/http/routes/badge.route.ts +23 -0
package/src/http/routes/cert.route.ts +66 -0
package/src/http/routes/chat.route.ts +228 -0
package/src/http/routes/cost.route.ts +33 -0
package/src/http/routes/debt.route.ts +29 -0
package/src/http/routes/disclaimer.route.ts +64 -0
package/src/http/routes/eval.route.ts +161 -0
package/src/http/routes/events.route.test.ts +108 -0
package/src/http/routes/events.route.ts +71 -0
package/src/http/routes/external-scan.route.ts +24 -0
package/src/http/routes/file.route.ts +54 -0
package/src/http/routes/fix.route.ts +219 -0
package/src/http/routes/frameworks.route.test.ts +66 -0
package/src/http/routes/frameworks.route.ts +36 -0
package/src/http/routes/git.route.ts +27 -0
package/src/http/routes/guided-onboarding.route.ts +65 -0
package/src/http/routes/import.route.ts +64 -0
package/src/http/routes/jurisdiction.route.ts +22 -0
package/src/http/routes/obligations.route.test.ts +122 -0
package/src/http/routes/obligations.route.ts +110 -0
package/src/http/routes/onboarding.route.ts +53 -0
package/src/http/routes/provider.route.ts +42 -0
package/src/http/routes/proxy.route.ts +40 -0
package/src/http/routes/redteam.route.ts +84 -0
package/src/http/routes/report.route.ts +29 -0
package/src/http/routes/scan.route.ts +104 -0
package/src/http/routes/share.route.ts +44 -0
package/src/http/routes/shell.route.ts +27 -0
package/src/http/routes/status.route.ts +66 -0
package/src/http/routes/supply-chain.route.ts +121 -0
package/src/http/routes/sync.route.ts +328 -0
package/src/http/routes/tools.route.ts +29 -0
package/src/http/routes/whatif.route.ts +96 -0
package/src/http/utils/validation.ts +31 -0
package/src/index.ts +1 -0
package/src/infra/bundle-fetcher.ts +77 -0
package/src/infra/cache-storage.ts +34 -0
package/src/infra/event-bus.ts +31 -0
package/src/infra/file-collector.ts +61 -0
package/src/infra/file-ops-adapter.ts +95 -0
package/src/infra/file-watcher.test.ts +90 -0
package/src/infra/file-watcher.ts +106 -0
package/src/infra/git-adapter.ts +93 -0
package/src/infra/git-history-adapter.ts +41 -0
package/src/infra/headless-browser.ts +178 -0
package/src/infra/llm-adapter.test.ts +83 -0
package/src/infra/llm-adapter.ts +86 -0
package/src/infra/logger.ts +27 -0
package/src/infra/project-config.test.ts +74 -0
package/src/infra/project-config.ts +35 -0
package/src/infra/rate-limiter.test.ts +36 -0
package/src/infra/rate-limiter.ts +34 -0
package/src/infra/retry.ts +46 -0
package/src/infra/saas-client.ts +123 -0
package/src/infra/search-adapter.ts +113 -0
package/src/infra/shell-adapter.ts +68 -0
package/src/infra/tool-manager.test.ts +99 -0
package/src/infra/tool-manager.ts +197 -0
package/src/llm/agents/agent-modes.test.ts +44 -0
package/src/llm/agents/modes.ts +68 -0
package/src/llm/routing/cost-routing.test.ts +37 -0
package/src/llm/routing/cost-tracker.ts +74 -0
package/src/llm/routing/model-routing.test.ts +79 -0
package/src/llm/routing/model-routing.ts +38 -0
package/src/llm/routing/pricing.ts +19 -0
package/src/llm/sse-protocol.ts +77 -0
package/src/llm/tool-definitions.ts +83 -0
package/src/llm/tool-executors.ts +80 -0
package/src/llm/tools/types.ts +13 -0
package/src/mcp/create-mcp-stack.ts +82 -0
package/src/mcp/handlers.ts +245 -0
package/src/mcp/index.ts +28 -0
package/src/mcp/mcp-server.test.ts +80 -0
package/src/mcp/server.ts +79 -0
package/src/mcp/tools.ts +48 -0
package/src/onboarding/auto-detect.ts +164 -0
package/src/onboarding/onboarding.test.ts +89 -0
package/src/onboarding/profile.ts +169 -0
package/src/onboarding/questions.ts +112 -0
package/src/onboarding/wizard.ts +66 -0
package/src/output/github-issue.ts +32 -0
package/src/output/json-output.ts +67 -0
package/src/ports/browser.port.ts +23 -0
package/src/ports/events.port.ts +28 -0
package/src/ports/llm.port.ts +23 -0
package/src/ports/logger.port.ts +6 -0
package/src/ports/process.port.ts +6 -0
package/src/ports/scanner.port.ts +15 -0
package/src/server.ts +134 -0
package/src/services/badge-service.ts +67 -0
package/src/services/chat-service.test.ts +162 -0
package/src/services/chat-service.ts +152 -0
package/src/services/cost-service.ts +52 -0
package/src/services/debt-service.ts +65 -0
package/src/services/eval-integration.test.ts +132 -0
package/src/services/eval-service.test.ts +373 -0
package/src/services/eval-service.ts +463 -0
package/src/services/external-scan-service.ts +60 -0
package/src/services/file-service.ts +37 -0
package/src/services/fix-service.test.ts +470 -0
package/src/services/fix-service.ts +648 -0
package/src/services/framework-service.test.ts +159 -0
package/src/services/framework-service.ts +67 -0
package/src/services/onboarding-service.ts +165 -0
package/src/services/passport-audit.ts +244 -0
package/src/services/passport-documents.ts +258 -0
package/src/services/passport-service-utils.ts +72 -0
package/src/services/passport-service.test.ts +251 -0
package/src/services/passport-service.ts +339 -0
package/src/services/proxy-service.ts +81 -0
package/src/services/report-service.ts +72 -0
package/src/services/scan-service.test.ts +470 -0
package/src/services/scan-service.ts +335 -0
package/src/services/share-service.ts +108 -0
package/src/services/shared/backup.ts +23 -0
package/src/services/status-service.ts +38 -0
package/src/services/undo-service.test.ts +190 -0
package/src/services/undo-service.ts +144 -0
package/src/test-helpers/factories.ts +116 -0
package/src/types/common.schemas.ts +147 -0
package/src/types/common.types.ts +292 -0
package/src/types/contract.test.ts +217 -0
package/src/types/errors.ts +52 -0
package/src/types/framework.types.ts +87 -0
package/src/types/passport-schemas.ts +241 -0
package/src/types/passport.types.ts +296 -0
package/src/version.ts +1 -0
package/tsconfig.json +20 -0
package/vitest.config.ts +9 -0

package/src/domain/eval/types.test.ts ADDED Viewed

@@ -0,0 +1,173 @@
+import { describe, it, expect } from 'vitest';
+import {
+  EvalCategorySchema,
+  EvalTierSchema,
+  EvalOptionsSchema,
+  AuditOptionsSchema,
+  EVAL_CATEGORIES,
+  EVAL_TIERS,
+  CATEGORY_META,
+  TIER_INCLUDES,
+  resolveIncludes,
+  resolveTierLabel,
+} from './types.js';
+describe('EvalCategory', () => {
+  it('has 11 categories', () => {
+    expect(EVAL_CATEGORIES).toHaveLength(11);
+  });
+  it('validates known categories', () => {
+    for (const cat of EVAL_CATEGORIES) {
+      expect(EvalCategorySchema.parse(cat)).toBe(cat);
+    }
+  });
+  it('rejects unknown category', () => {
+    expect(() => EvalCategorySchema.parse('unknown')).toThrow();
+  });
+});
+describe('CATEGORY_META', () => {
+  it('has metadata for all 11 categories', () => {
+    expect(CATEGORY_META).toHaveLength(11);
+    const ids = CATEGORY_META.map((m) => m.id);
+    for (const cat of EVAL_CATEGORIES) {
+      expect(ids).toContain(cat);
+    }
+  });
+  it('each entry has CT-N id', () => {
+    for (const meta of CATEGORY_META) {
+      expect(meta.ctId).toMatch(/^CT-\d+$/);
+    }
+  });
+});
+describe('EvalTier', () => {
+  it('has 4 tiers', () => {
+    expect(EVAL_TIERS).toHaveLength(4);
+  });
+  it('validates known tiers', () => {
+    for (const tier of EVAL_TIERS) {
+      expect(EvalTierSchema.parse(tier)).toBe(tier);
+    }
+  });
+  it('basic = deterministic only', () => {
+    expect(TIER_INCLUDES.basic).toEqual({ deterministic: true, llm: false, security: false });
+  });
+  it('full includes everything', () => {
+    expect(TIER_INCLUDES.full).toEqual({ deterministic: true, llm: true, security: true });
+  });
+  it('security = probes only', () => {
+    expect(TIER_INCLUDES.security).toEqual({ deterministic: false, llm: false, security: true });
+  });
+});
+describe('resolveIncludes', () => {
+  it('no flags → deterministic only', () => {
+    expect(resolveIncludes({})).toEqual({ deterministic: true, llm: false, security: false });
+  });
+  it('--llm → llm-judge only', () => {
+    expect(resolveIncludes({ llm: true })).toEqual({ deterministic: false, llm: true, security: false });
+  });
+  it('--security → security only', () => {
+    expect(resolveIncludes({ security: true })).toEqual({ deterministic: false, llm: false, security: true });
+  });
+  it('--full → everything', () => {
+    expect(resolveIncludes({ full: true })).toEqual({ deterministic: true, llm: true, security: true });
+  });
+  it('--det --llm → deterministic + llm', () => {
+    expect(resolveIncludes({ det: true, llm: true })).toEqual({ deterministic: true, llm: true, security: false });
+  });
+  it('--llm --security → llm + security (no det)', () => {
+    expect(resolveIncludes({ llm: true, security: true })).toEqual({ deterministic: false, llm: true, security: true });
+  });
+  it('--det --security → deterministic + security', () => {
+    expect(resolveIncludes({ det: true, security: true })).toEqual({ deterministic: true, llm: false, security: true });
+  });
+  it('--det alone → same as default', () => {
+    expect(resolveIncludes({ det: true })).toEqual({ deterministic: true, llm: false, security: false });
+  });
+});
+describe('resolveTierLabel', () => {
+  it('maps includes to tier labels', () => {
+    expect(resolveTierLabel({ deterministic: true, llm: false, security: false })).toBe('basic');
+    expect(resolveTierLabel({ deterministic: false, llm: true, security: false })).toBe('standard');
+    expect(resolveTierLabel({ deterministic: true, llm: true, security: false })).toBe('standard');
+    expect(resolveTierLabel({ deterministic: true, llm: true, security: true })).toBe('full');
+    expect(resolveTierLabel({ deterministic: false, llm: false, security: true })).toBe('security');
+    expect(resolveTierLabel({ deterministic: true, llm: false, security: true })).toBe('security');
+  });
+});
+describe('EvalOptionsSchema', () => {
+  it('parses valid options', () => {
+    const result = EvalOptionsSchema.parse({
+      target: 'http://localhost:4000/api/chat',
+    });
+    expect(result.target).toBe('http://localhost:4000/api/chat');
+  });
+  it('parses with flag booleans', () => {
+    const result = EvalOptionsSchema.parse({
+      target: 'http://localhost:4000',
+      llm: true,
+      security: true,
+    });
+    expect(result.llm).toBe(true);
+    expect(result.security).toBe(true);
+  });
+  it('rejects missing target', () => {
+    expect(() => EvalOptionsSchema.parse({})).toThrow();
+  });
+  it('rejects invalid URL', () => {
+    expect(() => EvalOptionsSchema.parse({ target: 'not-a-url' })).toThrow();
+  });
+  it('accepts optional fields', () => {
+    const result = EvalOptionsSchema.parse({
+      target: 'http://localhost:4000',
+      full: true,
+      categories: ['bias', 'transparency'],
+      agent: 'my-agent',
+      model: 'gpt-4o',
+      apiKey: 'sk-test',
+      threshold: 80,
+      json: true,
+      ci: true,
+    });
+    expect(result.full).toBe(true);
+    expect(result.categories).toEqual(['bias', 'transparency']);
+    expect(result.threshold).toBe(80);
+  });
+  it('rejects threshold > 100', () => {
+    expect(() => EvalOptionsSchema.parse({ target: 'http://localhost:4000', threshold: 150 })).toThrow();
+  });
+});
+describe('AuditOptionsSchema', () => {
+  it('parses valid audit options', () => {
+    const result = AuditOptionsSchema.parse({ target: 'http://localhost:4000' });
+    expect(result.target).toBe('http://localhost:4000');
+  });
+  it('rejects invalid target', () => {
+    expect(() => AuditOptionsSchema.parse({ target: '' })).toThrow();
+  });
+});

package/src/domain/eval/types.ts ADDED Viewed

@@ -0,0 +1,244 @@
+/**
+ * Core types for the `complior eval` subsystem.
+ *
+ * Eval sends probes to EXTERNAL AI endpoints (via TargetAdapter) and evaluates
+ * responses for EU AI Act compliance. Two probe families:
+ *   - 380 conformity tests (CT-1..CT-11, 11 categories)
+ *   - 300 security probes (OWASP LLM Top 10)
+ */
+import { z } from 'zod';
+// ── Eval Categories (11 conformity areas) ───────────────────────
+export const EVAL_CATEGORIES = [
+  'transparency',
+  'oversight',
+  'explanation',
+  'bias',
+  'accuracy',
+  'robustness',
+  'prohibited',
+  'logging',
+  'risk-awareness',
+  'gpai',
+  'industry',
+] as const;
+export type EvalCategory = (typeof EVAL_CATEGORIES)[number];
+export const EvalCategorySchema = z.enum(EVAL_CATEGORIES);
+// ── Category metadata ───────────────────────────────────────────
+export interface CategoryMeta {
+  readonly id: EvalCategory;
+  readonly label: string;
+  readonly ctId: string;          // CT-1..CT-11
+  readonly euAiActArticles: readonly string[];
+  readonly description: string;
+}
+export const CATEGORY_META: readonly CategoryMeta[] = Object.freeze([
+  { id: 'transparency', label: 'Transparency', ctId: 'CT-1', euAiActArticles: ['Art.13', 'Art.52'], description: 'AI system identifies itself and discloses AI nature' },
+  { id: 'oversight', label: 'Human Oversight', ctId: 'CT-2', euAiActArticles: ['Art.14'], description: 'Meaningful human control and escalation paths' },
+  { id: 'explanation', label: 'Explanation Quality', ctId: 'CT-3', euAiActArticles: ['Art.13(1)', 'Art.86'], description: 'Clear reasoning and decision explanation' },
+  { id: 'bias', label: 'Bias & Fairness', ctId: 'CT-4', euAiActArticles: ['Art.10', 'Art.15'], description: 'Equal treatment regardless of protected characteristics' },
+  { id: 'accuracy', label: 'Accuracy', ctId: 'CT-5', euAiActArticles: ['Art.15', 'Art.9'], description: 'Factual correctness and hallucination resistance' },
+  { id: 'robustness', label: 'Robustness', ctId: 'CT-6', euAiActArticles: ['Art.15', 'Art.9'], description: 'Graceful handling of adversarial and edge-case input' },
+  { id: 'prohibited', label: 'Prohibited Practices', ctId: 'CT-7', euAiActArticles: ['Art.5'], description: 'Refusal of social scoring, manipulation, exploitation' },
+  { id: 'logging', label: 'Logging & Audit', ctId: 'CT-8', euAiActArticles: ['Art.12', 'Art.19'], description: 'Structured, timestamped, PII-safe audit logs' },
+  { id: 'risk-awareness', label: 'Risk Awareness', ctId: 'CT-9', euAiActArticles: ['Art.9'], description: 'Self-awareness of limitations, scope, and failure modes' },
+  { id: 'gpai', label: 'GPAI Transparency', ctId: 'CT-10', euAiActArticles: ['Art.52', 'Art.53'], description: 'General-purpose AI model and provider identification' },
+  { id: 'industry', label: 'Industry-Specific', ctId: 'CT-11', euAiActArticles: ['Art.6', 'Annex III'], description: 'Domain-specific compliance (HR, education, finance, healthcare)' },
+]);
+// ── Eval Tier ───────────────────────────────────────────────────
+export const EVAL_TIERS = ['basic', 'standard', 'full', 'security'] as const;
+export type EvalTier = (typeof EVAL_TIERS)[number];
+export const EvalTierSchema = z.enum(EVAL_TIERS);
+/** What each tier includes. */
+export const TIER_INCLUDES: Record<EvalTier, { deterministic: boolean; llm: boolean; security: boolean }> = {
+  basic:    { deterministic: true,  llm: false, security: false },
+  standard: { deterministic: false, llm: true,  security: false },
+  full:     { deterministic: true,  llm: true,  security: true },
+  security: { deterministic: false, llm: false, security: true },
+};
+// ── Flag-based resolution (replaces tier) ────────────────────
+export interface EvalIncludes {
+  readonly deterministic: boolean;
+  readonly llm: boolean;
+  readonly security: boolean;
+}
+/** Resolve boolean CLI flags into includes (composable: each flag toggles its test set). */
+export const resolveIncludes = (opts: { det?: boolean; llm?: boolean; security?: boolean; full?: boolean }): EvalIncludes => {
+  if (opts.full) {
+    return { deterministic: true, llm: true, security: true };
+  }
+  // If any explicit flag → compose from flags
+  if (opts.det || opts.llm || opts.security) {
+    return {
+      deterministic: opts.det ?? false,
+      llm: opts.llm ?? false,
+      security: opts.security ?? false,
+    };
+  }
+  // Default (no flags): deterministic only
+  return { deterministic: true, llm: false, security: false };
+};
+/** Derive a tier label from resolved includes (for display/result). */
+export const resolveTierLabel = (includes: EvalIncludes): EvalTier => {
+  if (includes.deterministic && includes.llm && includes.security) return 'full';
+  if (includes.llm) return 'standard';   // any combo with LLM → standard
+  if (includes.security) return 'security';
+  return 'basic';
+};
+// ── Evaluation method ───────────────────────────────────────────
+export type EvalMethod = 'deterministic' | 'llm-judge';
+// ── Conformity Test ─────────────────────────────────────────────
+export interface ConformityTest {
+  readonly id: string;            // e.g. "CT-1-001"
+  readonly category: EvalCategory;
+  readonly name: string;
+  readonly description: string;
+  readonly method: EvalMethod;
+  readonly probe: string;         // Prompt to send to target
+  readonly euAiActRef: string;    // e.g. "Art.13(1)"
+  // Deterministic eval fields (only when method === 'deterministic')
+  readonly passPatterns?: readonly RegExp[];
+  readonly failPatterns?: readonly RegExp[];
+  readonly checkHeaders?: readonly string[];   // Response headers to check
+  readonly checkStatus?: number;               // Expected HTTP status
+  readonly maxLatencyMs?: number;              // Max acceptable latency
+  // LLM-judge fields (only when method === 'llm-judge')
+  readonly judgePrompt?: string;
+  readonly scale?: 'binary' | '1-5';
+  readonly passThreshold?: number;             // Minimum score to pass (1-5 scale)
+  // Multi-turn test support
+  readonly followUp?: string;      // Optional follow-up probe
+  readonly pairWith?: string;      // For bias A/B pair testing (ID of partner)
+  // Metadata
+  readonly severity: 'critical' | 'high' | 'medium' | 'low';
+  readonly tags?: readonly string[];
+}
+// ── Test Result ─────────────────────────────────────────────────
+export interface TestResult {
+  readonly testId: string;
+  readonly category: EvalCategory;
+  readonly name: string;
+  readonly method: EvalMethod;
+  readonly verdict: 'pass' | 'fail' | 'error' | 'skip' | 'inconclusive';
+  readonly score: number;         // 0-100
+  readonly confidence: number;    // 0-100
+  readonly reasoning: string;
+  readonly probe: string;
+  readonly response: string;
+  readonly latencyMs: number;
+  readonly timestamp: string;
+  readonly owaspCategory?: string; // OWASP LLM Top 10 (e.g. 'LLM01') — security probes only
+  readonly severity?: 'critical' | 'high' | 'medium' | 'low'; // Carried from ConformityTest/probe
+}
+// ── Category Score ──────────────────────────────────────────────
+export interface CategoryScore {
+  readonly category: EvalCategory;
+  readonly score: number;         // 0-100
+  readonly grade: string;         // A-F
+  readonly passed: number;
+  readonly failed: number;
+  readonly errors: number;
+  readonly inconclusive: number;
+  readonly skipped: number;
+  readonly total: number;
+}
+// ── Eval Result (top-level) ─────────────────────────────────────
+export interface EvalResult {
+  readonly target: string;
+  readonly tier: EvalTier;
+  readonly overallScore: number;
+  readonly grade: string;
+  readonly categories: readonly CategoryScore[];
+  readonly securityScore?: number;
+  readonly securityGrade?: string;
+  readonly results: readonly TestResult[];
+  readonly totalTests: number;
+  readonly passed: number;
+  readonly failed: number;
+  readonly errors: number;
+  readonly inconclusive: number;
+  readonly skipped: number;
+  readonly duration: number;      // ms
+  readonly timestamp: string;
+  readonly criticalCapped: boolean;
+  readonly agent?: string;        // Agent passport name
+  readonly adapterName?: string;  // Target adapter type (openai, anthropic, ollama, http)
+}
+// ── Eval Options (input to runner) ──────────────────────────────
+export const EvalOptionsSchema = z.object({
+  target: z.string().url(),
+  det: z.boolean().optional(),
+  llm: z.boolean().optional(),
+  security: z.boolean().optional(),
+  full: z.boolean().optional(),
+  categories: z.array(EvalCategorySchema).optional(),
+  agent: z.string().optional(),
+  model: z.string().optional(),
+  apiKey: z.string().optional(),
+  path: z.string().optional(),
+  threshold: z.number().min(0).max(100).optional(),
+  json: z.boolean().optional(),
+  ci: z.boolean().optional(),
+  // Custom adapter fields
+  requestTemplate: z.string().optional(),   // JSON template with {{probe}} placeholder
+  responsePath: z.string().optional(),      // Dot-path to response text (e.g. "result.text")
+  headers: z.string().optional(),           // JSON string of custom headers
+  // Concurrency
+  concurrency: z.number().int().min(1).max(50).optional(), // Parallel test execution (default: 1)
+});
+export type EvalOptions = z.infer<typeof EvalOptionsSchema>;
+// ── Audit Options ───────────────────────────────────────────────
+export const AuditOptionsSchema = z.object({
+  target: z.string().url(),
+  agent: z.string().optional(),
+  path: z.string().optional(),
+  json: z.boolean().optional(),
+});
+export type AuditOptions = z.infer<typeof AuditOptionsSchema>;
+// ── Progress callback ───────────────────────────────────────────
+export interface EvalProgress {
+  readonly phase: 'health' | 'deterministic' | 'llm-judge' | 'security' | 'scoring' | 'done';
+  readonly completed: number;
+  readonly total: number;
+  readonly currentTest?: string;
+  readonly lastResult?: TestResult;
+}
+export type EvalProgressCallback = (progress: EvalProgress) => void | Promise<void>;

package/src/domain/eval/verdict-utils.ts ADDED Viewed

@@ -0,0 +1,45 @@
+/**
+ * Shared verdict counting and score calculation for eval subsystem.
+ *
+ * Single source of truth — used by eval-runner, conformity-score,
+ * security-integration, and eval-evidence.
+ */
+// ── Verdict counting ────────────────────────────────────────────
+export interface VerdictCounts {
+  readonly passed: number;
+  readonly failed: number;
+  readonly errors: number;
+  readonly inconclusive: number;
+  readonly skipped: number;
+}
+/** Count verdicts from test results. Avoids repeated .filter() chains. */
+export const countVerdicts = (
+  results: readonly { verdict: string }[],
+): VerdictCounts => {
+  let passed = 0, failed = 0, errors = 0, inconclusive = 0, skipped = 0;
+  for (const r of results) {
+    switch (r.verdict) {
+      case 'pass': passed++; break;
+      case 'fail': failed++; break;
+      case 'error': errors++; break;
+      case 'inconclusive': inconclusive++; break;
+      case 'skip': skipped++; break;
+    }
+  }
+  return { passed, failed, errors, inconclusive, skipped };
+};
+// ── Verdict predicates ──────────────────────────────────────────
+/** True when a test result represents a failure (fail or error). */
+export const isFailedVerdict = (r: { verdict: string }): boolean =>
+  r.verdict === 'fail' || r.verdict === 'error';
+// ── Score calculation ───────────────────────────────────────────
+/** Calculate percentage score with division-by-zero protection. */
+export const calculateScore = (passed: number, total: number): number =>
+  total > 0 ? Math.round((passed / total) * 100) : 0;

package/src/domain/fixer/create-fixer.ts ADDED Viewed

@@ -0,0 +1,101 @@
+import type { Finding } from '../../types/common.types.js';
+import type { FixPlan, FixAction, FixContext } from './types.js';
+import { findStrategy } from './strategies/index.js';
+import { generateUnifiedDiff } from './diff.js';
+export interface FixerDeps {
+  readonly getFramework: () => string;
+  readonly getProjectPath: () => string;
+  readonly getExistingFiles: () => readonly string[];
+}
+const descFor = (checkId: string, filePath: string, line: number): string => {
+  if (checkId.includes('bare-call') || checkId.includes('bare')) return `wrap bare LLM call at ${filePath}:${line}`;
+  if (checkId.startsWith('l4-nhi-') || checkId.startsWith('ext-detect-secrets-')) return `externalize secret at ${filePath}:${line}`;
+  if (checkId === 'l4-security-risk' || checkId.includes('unsafe-deser') || checkId.includes('injection')) return `fix security risk at ${filePath}:${line}`;
+  if (checkId === 'l4-ast-missing-error-handling' || checkId.includes('missing-error-handling')) return `add error handling at ${filePath}:${line}`;
+  if (checkId.startsWith('l3-banned-')) return `remove banned dependency from ${filePath}`;
+  if (checkId.startsWith('ext-bandit-')) return `fix security issue at ${filePath}:${line}`;
+  return `inline fix at ${filePath}:${line}`;
+};
+const commitMsgFor = (checkId: string, article: string): string => {
+  if (checkId.includes('bare-call') || checkId.includes('bare')) return `fix: wrap bare LLM call with @complior/sdk (${article || 'Art. 50'}) -- via Complior`;
+  if (checkId.startsWith('l4-nhi-') || checkId.startsWith('ext-detect-secrets-')) return `fix: externalize hardcoded secret (${article || 'Art. 15'}) -- via Complior`;
+  if (checkId === 'l4-security-risk' || checkId.includes('unsafe-deser') || checkId.includes('injection')) return `fix: remediate security risk (${article || 'Art. 15'}) -- via Complior`;
+  if (checkId === 'l4-ast-missing-error-handling' || checkId.includes('missing-error-handling')) return `fix: add LLM error handling (${article || 'Art. 14'}) -- via Complior`;
+  if (checkId.startsWith('l3-banned-')) return `fix: remove banned dependency (${article || 'Art. 5'}) -- via Complior`;
+  if (checkId.startsWith('ext-bandit-')) return `fix: remediate security issue (${article || 'Art. 15'}) -- via Complior`;
+  return `fix: inline compliance fix (${article || 'EU AI Act'}) -- via Complior`;
+};
+const buildInlineFixPlan = (finding: Finding): FixPlan => {
+  const diff = finding.fixDiff!;
+  const desc = descFor(finding.checkId, diff.filePath, diff.startLine);
+  const action: FixAction = {
+    type: 'splice',
+    path: diff.filePath,
+    beforeLines: diff.before,
+    afterLines: diff.after,
+    startLine: diff.startLine,
+    importLine: diff.importLine,
+    description: `Inline fix: ${desc}`,
+  };
+  return {
+    obligationId: finding.obligationId ?? '',
+    checkId: finding.checkId,
+    article: finding.articleReference ?? '',
+    fixType: 'code_injection',
+    framework: '',
+    actions: [action],
+    diff: generateUnifiedDiff(diff.filePath, diff.before.join('\n'), diff.after.join('\n')),
+    scoreImpact: 6,
+    commitMessage: commitMsgFor(finding.checkId, finding.articleReference ?? ''),
+    description: `Inline fix: ${desc}`,
+  };
+};
+export const createFixer = (deps: FixerDeps) => {
+  const { getFramework, getProjectPath, getExistingFiles } = deps;
+  const buildContext = (options?: { useAi?: boolean }): FixContext => ({
+    projectPath: getProjectPath(),
+    framework: getFramework(),
+    existingFiles: getExistingFiles(),
+    useAi: options?.useAi,
+  });
+  const generateFix = (finding: Finding, options?: { useAi?: boolean }): FixPlan | null => {
+    if (finding.type !== 'fail') return null;
+    // Priority 1: Inline fix from scanner fixDiff
+    if (finding.fixDiff) return buildInlineFixPlan(finding);
+    // Priority 2: Strategy-based scaffold
+    return findStrategy(finding, buildContext(options));
+  };
+  const generateFixes = (findings: readonly Finding[], options?: { useAi?: boolean }): readonly FixPlan[] => {
+    const plans: FixPlan[] = [];
+    const seen = new Set<string>();
+    for (const finding of findings) {
+      const plan = generateFix(finding, options);
+      if (plan === null) continue;
+      // Deduplicate: splice by path:startLine, others by output path
+      const key = plan.actions[0]?.type === 'splice'
+        ? `${plan.actions[0].path}:${plan.actions[0].startLine}`
+        : plan.actions[0]?.path ?? plan.checkId;
+      if (seen.has(key)) continue;
+      seen.add(key);
+      plans.push(plan);
+    }
+    return plans;
+  };
+  const previewFix = (finding: Finding): FixPlan | null => {
+    return generateFix(finding);
+  };
+  return Object.freeze({ generateFix, generateFixes, previewFix });
+};
+export type Fixer = ReturnType<typeof createFixer>;

package/src/domain/fixer/diff.ts ADDED Viewed

@@ -0,0 +1,70 @@
+export const generateUnifiedDiff = (
+  filePath: string,
+  oldContent: string,
+  newContent: string,
+): string => {
+  const oldLines = oldContent.split('\n');
+  const newLines = newContent.split('\n');
+  const lines: string[] = [
+    `--- a/${filePath}`,
+    `+++ b/${filePath}`,
+  ];
+  // Simple diff: show removed and added lines
+  const maxLen = Math.max(oldLines.length, newLines.length);
+  let chunkStart = -1;
+  let chunkOld: string[] = [];
+  let chunkNew: string[] = [];
+  let context: string[] = [];
+  const flushChunk = (): void => {
+    if (chunkOld.length === 0 && chunkNew.length === 0) return;
+    const oldStart = Math.max(1, chunkStart - context.length + 1);
+    const oldCount = context.length + chunkOld.length;
+    const newCount = context.length + chunkNew.length;
+    lines.push(`@@ -${oldStart},${oldCount} +${oldStart},${newCount} @@`);
+    for (const c of context) lines.push(` ${c}`);
+    for (const r of chunkOld) lines.push(`-${r}`);
+    for (const a of chunkNew) lines.push(`+${a}`);
+    chunkOld = [];
+    chunkNew = [];
+    context = [];
+  };
+  for (let i = 0; i < maxLen; i++) {
+    const oldLine = i < oldLines.length ? oldLines[i] : undefined;
+    const newLine = i < newLines.length ? newLines[i] : undefined;
+    if (oldLine === newLine) {
+      if (chunkOld.length > 0 || chunkNew.length > 0) {
+        flushChunk();
+      }
+      if (oldLine !== undefined) {
+        context = [oldLine];
+      }
+      chunkStart = i + 1;
+    } else {
+      if (chunkOld.length === 0 && chunkNew.length === 0) {
+        chunkStart = i;
+      }
+      if (oldLine !== undefined) chunkOld.push(oldLine);
+      if (newLine !== undefined) chunkNew.push(newLine);
+    }
+  }
+  flushChunk();
+  return lines.join('\n');
+};
+export const generateCreateDiff = (filePath: string, content: string): string => {
+  const lines = content.split('\n');
+  const header = [
+    `--- /dev/null`,
+    `+++ b/${filePath}`,
+    `@@ -0,0 +1,${lines.length} @@`,
+  ];
+  return [...header, ...lines.map((l) => `+${l}`)].join('\n');
+};

package/src/domain/fixer/fix-history.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import type { FixHistory, FixHistoryEntry } from './types.js';
+export const createEmptyHistory = (): FixHistory => ({ fixes: [] });
+export const addEntry = (history: FixHistory, entry: FixHistoryEntry): FixHistory => ({
+  fixes: [...history.fixes, entry],
+});
+export const markUndone = (history: FixHistory, id: number): FixHistory => ({
+  fixes: history.fixes.map((f) =>
+    f.id === id ? { ...f, status: 'undone' as const } : f,
+  ),
+});
+export const getLastApplied = (history: FixHistory): FixHistoryEntry | null => {
+  for (let i = history.fixes.length - 1; i >= 0; i--) {
+    if (history.fixes[i]!.status === 'applied') return history.fixes[i]!;
+  }
+  return null;
+};
+export const getById = (history: FixHistory, id: number): FixHistoryEntry | null =>
+  history.fixes.find((f) => f.id === id) ?? null;