npm - @complior/engine - Versions diffs - 0.9.0 - Mend

@complior/engine 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (594) hide show

package/.well-known/ai-compliance.json +16 -0
package/COMPLIANCE.md +64 -0
package/data/data-integrity.test.ts +75 -0
package/data/eval/eval-mappings.json +33 -0
package/data/llm/model-pricing.json +15 -0
package/data/llm/model-routing.json +36 -0
package/data/onboarding/risk-profile.json +17 -0
package/data/regulations/eu-ai-act/README.md +245 -0
package/data/regulations/eu-ai-act/applicability-tree.json +160 -0
package/data/regulations/eu-ai-act/cross-mapping.json +175 -0
package/data/regulations/eu-ai-act/localization.json +186 -0
package/data/regulations/eu-ai-act/obligations.json +3981 -0
package/data/regulations/eu-ai-act/regulation-meta.json +482 -0
package/data/regulations/eu-ai-act/scoring.json +342 -0
package/data/regulations/eu-ai-act/technical-requirements.json +2590 -0
package/data/regulations/eu-ai-act/timeline.json +160 -0
package/data/regulations/jurisdictions/at.json +15 -0
package/data/regulations/jurisdictions/be.json +15 -0
package/data/regulations/jurisdictions/bg.json +15 -0
package/data/regulations/jurisdictions/cy.json +15 -0
package/data/regulations/jurisdictions/cz.json +15 -0
package/data/regulations/jurisdictions/de.json +15 -0
package/data/regulations/jurisdictions/dk.json +15 -0
package/data/regulations/jurisdictions/ee.json +15 -0
package/data/regulations/jurisdictions/es.json +15 -0
package/data/regulations/jurisdictions/fi.json +15 -0
package/data/regulations/jurisdictions/fr.json +15 -0
package/data/regulations/jurisdictions/gr.json +15 -0
package/data/regulations/jurisdictions/hr.json +15 -0
package/data/regulations/jurisdictions/hu.json +15 -0
package/data/regulations/jurisdictions/ie.json +15 -0
package/data/regulations/jurisdictions/is.json +15 -0
package/data/regulations/jurisdictions/it.json +15 -0
package/data/regulations/jurisdictions/li.json +15 -0
package/data/regulations/jurisdictions/lt.json +15 -0
package/data/regulations/jurisdictions/lu.json +15 -0
package/data/regulations/jurisdictions/lv.json +15 -0
package/data/regulations/jurisdictions/mt.json +15 -0
package/data/regulations/jurisdictions/nl.json +15 -0
package/data/regulations/jurisdictions/no.json +15 -0
package/data/regulations/jurisdictions/pl.json +15 -0
package/data/regulations/jurisdictions/pt.json +15 -0
package/data/regulations/jurisdictions/ro.json +15 -0
package/data/regulations/jurisdictions/se.json +15 -0
package/data/regulations/jurisdictions/si.json +15 -0
package/data/regulations/jurisdictions/sk.json +15 -0
package/data/scanner/check-id-categories.json +81 -0
package/data/scanner/confidence-params.json +16 -0
package/data/scanner/limits.json +4 -0
package/data/schemas/http-contract-sample.json +79 -0
package/data/schemas/http-contract.json +144 -0
package/data/semgrep-rules/bare-call.yaml +37 -0
package/data/semgrep-rules/injection.yaml +73 -0
package/data/semgrep-rules/missing-error-handling.yaml +58 -0
package/data/semgrep-rules/unsafe-deser.yaml +65 -0
package/data/templates/eu-ai-act/ai-literacy.md +184 -0
package/data/templates/eu-ai-act/art5-screening.md +131 -0
package/data/templates/eu-ai-act/data-governance.md +145 -0
package/data/templates/eu-ai-act/declaration-of-conformity.md +161 -0
package/data/templates/eu-ai-act/fria.md +127 -0
package/data/templates/eu-ai-act/gpai-systemic-risk.md +150 -0
package/data/templates/eu-ai-act/gpai-transparency.md +166 -0
package/data/templates/eu-ai-act/incident-report.md +188 -0
package/data/templates/eu-ai-act/instructions-for-use.md +202 -0
package/data/templates/eu-ai-act/monitoring-policy.md +110 -0
package/data/templates/eu-ai-act/qms.md +180 -0
package/data/templates/eu-ai-act/risk-management-system.md +123 -0
package/data/templates/eu-ai-act/technical-documentation.md +287 -0
package/data/templates/eu-ai-act/worker-notification.md +143 -0
package/data/templates/policies/biometrics-ai-policy.md +214 -0
package/data/templates/policies/critical-infra-ai-policy.md +228 -0
package/data/templates/policies/education-ai-policy.md +184 -0
package/data/templates/policies/finance-ai-policy.md +191 -0
package/data/templates/policies/healthcare-ai-policy.md +197 -0
package/data/templates/policies/hr-ai-policy.md +178 -0
package/data/templates/policies/legal-ai-policy.md +189 -0
package/data/templates/policies/migration-ai-policy.md +239 -0
package/engine.log +7 -0
package/package.json +74 -0
package/src/composition-root.ts +791 -0
package/src/data/eval/conformity-tests.test.ts +122 -0
package/src/data/eval/ct-1-transparency.ts +106 -0
package/src/data/eval/ct-10-gpai.ts +25 -0
package/src/data/eval/ct-11-industry.ts +42 -0
package/src/data/eval/ct-2-oversight.ts +41 -0
package/src/data/eval/ct-3-explanation.ts +14 -0
package/src/data/eval/ct-4-bias.ts +83 -0
package/src/data/eval/ct-5-accuracy.ts +41 -0
package/src/data/eval/ct-6-robustness.ts +81 -0
package/src/data/eval/ct-7-prohibited.ts +52 -0
package/src/data/eval/ct-8-logging.ts +68 -0
package/src/data/eval/ct-9-risk-awareness.ts +33 -0
package/src/data/eval/deterministic-evaluator.ts +120 -0
package/src/data/eval/index.ts +55 -0
package/src/data/eval/judge-prompts.ts +146 -0
package/src/data/eval/llm-judged-tests.ts +279 -0
package/src/data/eval/llm-tests.test.ts +83 -0
package/src/data/eval/remediation/ct-1-transparency.ts +91 -0
package/src/data/eval/remediation/ct-10-gpai.ts +94 -0
package/src/data/eval/remediation/ct-11-industry.ts +94 -0
package/src/data/eval/remediation/ct-2-oversight.ts +71 -0
package/src/data/eval/remediation/ct-3-explanation.ts +70 -0
package/src/data/eval/remediation/ct-4-bias.ts +70 -0
package/src/data/eval/remediation/ct-5-accuracy.ts +70 -0
package/src/data/eval/remediation/ct-6-robustness.ts +70 -0
package/src/data/eval/remediation/ct-7-prohibited.ts +94 -0
package/src/data/eval/remediation/ct-8-logging.ts +94 -0
package/src/data/eval/remediation/ct-9-risk-awareness.ts +94 -0
package/src/data/eval/remediation/index.ts +89 -0
package/src/data/eval/remediation/owasp-art5.ts +15 -0
package/src/data/eval/remediation/owasp-llm01.ts +72 -0
package/src/data/eval/remediation/owasp-llm02.ts +72 -0
package/src/data/eval/remediation/owasp-llm03.ts +15 -0
package/src/data/eval/remediation/owasp-llm04.ts +15 -0
package/src/data/eval/remediation/owasp-llm05.ts +15 -0
package/src/data/eval/remediation/owasp-llm06.ts +15 -0
package/src/data/eval/remediation/owasp-llm07.ts +15 -0
package/src/data/eval/remediation/owasp-llm08.ts +15 -0
package/src/data/eval/remediation/owasp-llm09.ts +15 -0
package/src/data/eval/remediation/owasp-llm10.ts +15 -0
package/src/data/eval/remediation/remediation.test.ts +229 -0
package/src/data/eval/remediation/test-mapping.ts +290 -0
package/src/data/eval/security-rubrics.ts +381 -0
package/src/data/finding-explanations.json +453 -0
package/src/data/industry-patterns.ts +161 -0
package/src/data/registry-cards.ts +368 -0
package/src/data/regulation/index.ts +5 -0
package/src/data/regulation/jurisdiction-data.test.ts +73 -0
package/src/data/regulation/jurisdiction-data.ts +65 -0
package/src/data/regulation/regulation-data.ts +19 -0
package/src/data/regulation/regulation-loader.test.ts +107 -0
package/src/data/regulation/regulation-loader.ts +56 -0
package/src/data/scanner-constants.ts +46 -0
package/src/data/schemas/schemas-core.ts +140 -0
package/src/data/schemas/schemas-supplementary.ts +211 -0
package/src/data/schemas/schemas.ts +28 -0
package/src/data/security/attack-probes.test.ts +62 -0
package/src/data/security/attack-probes.ts +496 -0
package/src/data/security/eu-ai-act-security.ts +40 -0
package/src/data/security/index.ts +19 -0
package/src/data/security/mitre-atlas.test.ts +43 -0
package/src/data/security/mitre-atlas.ts +93 -0
package/src/data/security/nist-ai-rmf.ts +43 -0
package/src/data/security/owasp-llm-top10.test.ts +60 -0
package/src/data/security/owasp-llm-top10.ts +138 -0
package/src/data/template-registry.ts +53 -0
package/src/data/tool-versions.json +22 -0
package/src/domain/audit/audit-package.test.ts +152 -0
package/src/domain/audit/audit-package.ts +166 -0
package/src/domain/audit/audit-trail.test.ts +121 -0
package/src/domain/audit/audit-trail.ts +174 -0
package/src/domain/audit/index.ts +8 -0
package/src/domain/audit/permissions-matrix.test.ts +136 -0
package/src/domain/audit/permissions-matrix.ts +121 -0
package/src/domain/certification/adversarial/bias-tests.ts +95 -0
package/src/domain/certification/adversarial/evaluators.ts +304 -0
package/src/domain/certification/adversarial/index.ts +11 -0
package/src/domain/certification/adversarial/prompt-injection.ts +103 -0
package/src/domain/certification/adversarial/safety-boundary.ts +132 -0
package/src/domain/certification/aiuc1-readiness.test.ts +236 -0
package/src/domain/certification/aiuc1-readiness.ts +298 -0
package/src/domain/certification/aiuc1-requirements.ts +235 -0
package/src/domain/certification/index.ts +10 -0
package/src/domain/certification/redteam-runner.test.ts +97 -0
package/src/domain/certification/redteam-runner.ts +205 -0
package/src/domain/certification/test-runner.test.ts +232 -0
package/src/domain/certification/test-runner.ts +289 -0
package/src/domain/cost/cost-estimator.test.ts +187 -0
package/src/domain/cost/cost-estimator.ts +133 -0
package/src/domain/disclaimer.test.ts +52 -0
package/src/domain/disclaimer.ts +39 -0
package/src/domain/documents/ai-enricher.test.ts +120 -0
package/src/domain/documents/ai-enricher.ts +159 -0
package/src/domain/documents/document-generator.test.ts +318 -0
package/src/domain/documents/document-generator.ts +239 -0
package/src/domain/documents/index.ts +9 -0
package/src/domain/documents/passport-helpers.ts +25 -0
package/src/domain/documents/policy-generator.test.ts +252 -0
package/src/domain/documents/policy-generator.ts +94 -0
package/src/domain/documents/worker-notification-generator.test.ts +162 -0
package/src/domain/documents/worker-notification-generator.ts +141 -0
package/src/domain/eval/adapters/adapter-port.ts +94 -0
package/src/domain/eval/adapters/adapters.test.ts +303 -0
package/src/domain/eval/adapters/anthropic-adapter.ts +57 -0
package/src/domain/eval/adapters/auto-detect.ts +104 -0
package/src/domain/eval/adapters/create-chat-adapter.ts +106 -0
package/src/domain/eval/adapters/custom-adapter.ts +74 -0
package/src/domain/eval/adapters/http-adapter.ts +66 -0
package/src/domain/eval/adapters/index.ts +7 -0
package/src/domain/eval/adapters/ollama-adapter.ts +48 -0
package/src/domain/eval/adapters/openai-adapter.ts +58 -0
package/src/domain/eval/adapters/with-timeout.ts +25 -0
package/src/domain/eval/conformity-score.test.ts +161 -0
package/src/domain/eval/conformity-score.ts +135 -0
package/src/domain/eval/eval-constants.ts +55 -0
package/src/domain/eval/eval-evidence.test.ts +85 -0
package/src/domain/eval/eval-evidence.ts +103 -0
package/src/domain/eval/eval-fix-generator.test.ts +421 -0
package/src/domain/eval/eval-fix-generator.ts +205 -0
package/src/domain/eval/eval-passport.test.ts +82 -0
package/src/domain/eval/eval-passport.ts +89 -0
package/src/domain/eval/eval-remediation-report.test.ts +682 -0
package/src/domain/eval/eval-remediation-report.ts +170 -0
package/src/domain/eval/eval-report.ts +108 -0
package/src/domain/eval/eval-runner.test.ts +609 -0
package/src/domain/eval/eval-runner.ts +593 -0
package/src/domain/eval/eval-to-findings.test.ts +293 -0
package/src/domain/eval/eval-to-findings.ts +83 -0
package/src/domain/eval/index.ts +31 -0
package/src/domain/eval/llm-judge.test.ts +139 -0
package/src/domain/eval/llm-judge.ts +168 -0
package/src/domain/eval/remediation-types.ts +90 -0
package/src/domain/eval/security-integration.test.ts +196 -0
package/src/domain/eval/security-integration.ts +136 -0
package/src/domain/eval/types.test.ts +173 -0
package/src/domain/eval/types.ts +244 -0
package/src/domain/eval/verdict-utils.ts +45 -0
package/src/domain/fixer/create-fixer.ts +101 -0
package/src/domain/fixer/diff.ts +70 -0
package/src/domain/fixer/fix-history.ts +23 -0
package/src/domain/fixer/fixer.test.ts +306 -0
package/src/domain/fixer/index.ts +9 -0
package/src/domain/fixer/strategies/bandit-fix.ts +61 -0
package/src/domain/fixer/strategies/bias-testing.ts +49 -0
package/src/domain/fixer/strategies/ci-compliance.ts +57 -0
package/src/domain/fixer/strategies/content-marking.ts +45 -0
package/src/domain/fixer/strategies/cve-upgrade.ts +66 -0
package/src/domain/fixer/strategies/data-governance.ts +65 -0
package/src/domain/fixer/strategies/disclosure.ts +69 -0
package/src/domain/fixer/strategies/doc-code-sync.ts +53 -0
package/src/domain/fixer/strategies/documentation.ts +59 -0
package/src/domain/fixer/strategies/error-handler.ts +63 -0
package/src/domain/fixer/strategies/hitl-gate.ts +67 -0
package/src/domain/fixer/strategies/index.ts +61 -0
package/src/domain/fixer/strategies/kill-switch-test.ts +85 -0
package/src/domain/fixer/strategies/kill-switch.ts +53 -0
package/src/domain/fixer/strategies/license-fix.ts +57 -0
package/src/domain/fixer/strategies/log-retention.ts +40 -0
package/src/domain/fixer/strategies/logging.ts +59 -0
package/src/domain/fixer/strategies/metadata.ts +45 -0
package/src/domain/fixer/strategies/permission-guard.ts +84 -0
package/src/domain/fixer/strategies/record-keeping.ts +69 -0
package/src/domain/fixer/strategies/secret-rotation.ts +52 -0
package/src/domain/fixer/strategies.test.ts +341 -0
package/src/domain/fixer/template-engine.test.ts +64 -0
package/src/domain/fixer/template-engine.ts +38 -0
package/src/domain/fixer/types.ts +88 -0
package/src/domain/frameworks/aiuc1-framework.test.ts +159 -0
package/src/domain/frameworks/aiuc1-framework.ts +126 -0
package/src/domain/frameworks/collect-foundation-metrics.test.ts +96 -0
package/src/domain/frameworks/collect-foundation-metrics.ts +34 -0
package/src/domain/frameworks/eu-ai-act-framework.test.ts +117 -0
package/src/domain/frameworks/eu-ai-act-framework.ts +100 -0
package/src/domain/frameworks/framework-registry.test.ts +91 -0
package/src/domain/frameworks/framework-registry.ts +38 -0
package/src/domain/frameworks/index.ts +8 -0
package/src/domain/frameworks/mitre-atlas-framework.test.ts +53 -0
package/src/domain/frameworks/mitre-atlas-framework.ts +53 -0
package/src/domain/frameworks/owasp-llm-framework.test.ts +77 -0
package/src/domain/frameworks/owasp-llm-framework.ts +54 -0
package/src/domain/frameworks/score-plugin-framework.ts +117 -0
package/src/domain/fria/fria-generator.test.ts +273 -0
package/src/domain/fria/fria-generator.ts +366 -0
package/src/domain/import/promptfoo-importer.test.ts +103 -0
package/src/domain/import/promptfoo-importer.ts +151 -0
package/src/domain/onboarding/guided-onboarding.test.ts +144 -0
package/src/domain/onboarding/guided-onboarding.ts +135 -0
package/src/domain/passport/builder/domain-mapper.ts +9 -0
package/src/domain/passport/builder/manifest-builder.test.ts +546 -0
package/src/domain/passport/builder/manifest-builder.ts +535 -0
package/src/domain/passport/builder/manifest-diff.test.ts +105 -0
package/src/domain/passport/builder/manifest-diff.ts +89 -0
package/src/domain/passport/builder/manifest-files.ts +17 -0
package/src/domain/passport/crypto-signer.test.ts +93 -0
package/src/domain/passport/crypto-signer.ts +157 -0
package/src/domain/passport/discovery/agent-discovery.test.ts +296 -0
package/src/domain/passport/discovery/agent-discovery.ts +325 -0
package/src/domain/passport/discovery/autonomy-analyzer.test.ts +141 -0
package/src/domain/passport/discovery/autonomy-analyzer.ts +113 -0
package/src/domain/passport/discovery/permission-scanner.test.ts +191 -0
package/src/domain/passport/discovery/permission-scanner.ts +414 -0
package/src/domain/passport/export/a2a-mapper.ts +75 -0
package/src/domain/passport/export/aiuc1-mapper.ts +126 -0
package/src/domain/passport/export/export.test.ts +207 -0
package/src/domain/passport/export/index.ts +41 -0
package/src/domain/passport/export/nist-mapper.ts +227 -0
package/src/domain/passport/import/a2a-importer.test.ts +133 -0
package/src/domain/passport/import/a2a-importer.ts +156 -0
package/src/domain/passport/import/index.ts +2 -0
package/src/domain/passport/index.ts +32 -0
package/src/domain/passport/obligation-field-map.test.ts +113 -0
package/src/domain/passport/obligation-field-map.ts +117 -0
package/src/domain/passport/passport-validator.test.ts +156 -0
package/src/domain/passport/passport-validator.ts +126 -0
package/src/domain/passport/scan-to-compliance.test.ts +336 -0
package/src/domain/passport/scan-to-compliance.ts +166 -0
package/src/domain/passport/test-generator.test.ts +93 -0
package/src/domain/passport/test-generator.ts +136 -0
package/src/domain/proxy/index.ts +11 -0
package/src/domain/proxy/json-rpc.test.ts +72 -0
package/src/domain/proxy/json-rpc.ts +53 -0
package/src/domain/proxy/policy-engine.test.ts +259 -0
package/src/domain/proxy/policy-engine.ts +137 -0
package/src/domain/proxy/proxy-bridge.ts +125 -0
package/src/domain/proxy/proxy-interceptor.test.ts +184 -0
package/src/domain/proxy/proxy-interceptor.ts +120 -0
package/src/domain/proxy/proxy-types.ts +35 -0
package/src/domain/registry/compute-agent-score.test.ts +279 -0
package/src/domain/registry/compute-agent-score.ts +162 -0
package/src/domain/reporter/audit-report.test.ts +87 -0
package/src/domain/reporter/audit-report.ts +116 -0
package/src/domain/reporter/badge-generator.test.ts +54 -0
package/src/domain/reporter/badge-generator.ts +40 -0
package/src/domain/reporter/compliance-md.ts +45 -0
package/src/domain/reporter/index.ts +7 -0
package/src/domain/reporter/pdf-renderer.ts +282 -0
package/src/domain/reporter/share.test.ts +92 -0
package/src/domain/reporter/share.ts +80 -0
package/src/domain/scanner/ast/swc-analyzer.test.ts +49 -0
package/src/domain/scanner/ast/swc-analyzer.ts +124 -0
package/src/domain/scanner/attestations.ts +97 -0
package/src/domain/scanner/checks/ai-disclosure.test.ts +90 -0
package/src/domain/scanner/checks/ai-disclosure.ts +54 -0
package/src/domain/scanner/checks/ai-literacy.ts +163 -0
package/src/domain/scanner/checks/behavioral-constraints.test.ts +167 -0
package/src/domain/scanner/checks/behavioral-constraints.ts +86 -0
package/src/domain/scanner/checks/compliance-metadata.ts +63 -0
package/src/domain/scanner/checks/content-marking.ts +74 -0
package/src/domain/scanner/checks/dep-deep-scan.test.ts +318 -0
package/src/domain/scanner/checks/dep-deep-scan.ts +137 -0
package/src/domain/scanner/checks/documentation.test.ts +88 -0
package/src/domain/scanner/checks/documentation.ts +79 -0
package/src/domain/scanner/checks/git-history.test.ts +120 -0
package/src/domain/scanner/checks/git-history.ts +163 -0
package/src/domain/scanner/checks/gpai-systemic-risk.test.ts +84 -0
package/src/domain/scanner/checks/gpai-systemic-risk.ts +98 -0
package/src/domain/scanner/checks/gpai-transparency.ts +94 -0
package/src/domain/scanner/checks/index.ts +28 -0
package/src/domain/scanner/checks/industry/index.ts +40 -0
package/src/domain/scanner/checks/industry/industry.test.ts +287 -0
package/src/domain/scanner/checks/interaction-logging.test.ts +113 -0
package/src/domain/scanner/checks/interaction-logging.ts +142 -0
package/src/domain/scanner/checks/nhi-scanner.test.ts +158 -0
package/src/domain/scanner/checks/nhi-scanner.ts +78 -0
package/src/domain/scanner/checks/passport-completeness.test.ts +127 -0
package/src/domain/scanner/checks/passport-completeness.ts +82 -0
package/src/domain/scanner/checks/passport-presence.test.ts +56 -0
package/src/domain/scanner/checks/passport-presence.ts +78 -0
package/src/domain/scanner/checks/pattern-check-factory.ts +70 -0
package/src/domain/scanner/checks/permission-scanner.test.ts +279 -0
package/src/domain/scanner/checks/permission-scanner.ts +90 -0
package/src/domain/scanner/checks/presence-check-factory.test.ts +124 -0
package/src/domain/scanner/checks/presence-check-factory.ts +275 -0
package/src/domain/scanner/compliance-diff.test.ts +165 -0
package/src/domain/scanner/compliance-diff.ts +138 -0
package/src/domain/scanner/confidence.test.ts +235 -0
package/src/domain/scanner/confidence.ts +156 -0
package/src/domain/scanner/constants.ts +13 -0
package/src/domain/scanner/create-scanner.ts +573 -0
package/src/domain/scanner/cross-layer.test.ts +372 -0
package/src/domain/scanner/cross-layer.ts +232 -0
package/src/domain/scanner/data/ai-packages.ts +82 -0
package/src/domain/scanner/debt-calculator.test.ts +89 -0
package/src/domain/scanner/debt-calculator.ts +111 -0
package/src/domain/scanner/drift.test.ts +191 -0
package/src/domain/scanner/drift.ts +73 -0
package/src/domain/scanner/evidence-store.test.ts +207 -0
package/src/domain/scanner/evidence-store.ts +195 -0
package/src/domain/scanner/evidence.test.ts +104 -0
package/src/domain/scanner/evidence.ts +71 -0
package/src/domain/scanner/external/bandit-runner.test.ts +45 -0
package/src/domain/scanner/external/bandit-runner.ts +90 -0
package/src/domain/scanner/external/checks.ts +321 -0
package/src/domain/scanner/external/dedup.test.ts +79 -0
package/src/domain/scanner/external/dedup.ts +94 -0
package/src/domain/scanner/external/detect-secrets-runner.test.ts +58 -0
package/src/domain/scanner/external/detect-secrets-runner.ts +81 -0
package/src/domain/scanner/external/external-scanner.test.ts +221 -0
package/src/domain/scanner/external/external-scanner.ts +36 -0
package/src/domain/scanner/external/finding-mapper.test.ts +95 -0
package/src/domain/scanner/external/finding-mapper.ts +138 -0
package/src/domain/scanner/external/index.ts +15 -0
package/src/domain/scanner/external/mappings.ts +93 -0
package/src/domain/scanner/external/modelscan-runner.test.ts +35 -0
package/src/domain/scanner/external/modelscan-runner.ts +101 -0
package/src/domain/scanner/external/path-utils.ts +8 -0
package/src/domain/scanner/external/runner-port.ts +45 -0
package/src/domain/scanner/external/semgrep-runner.test.ts +52 -0
package/src/domain/scanner/external/semgrep-runner.ts +94 -0
package/src/domain/scanner/external/types.ts +32 -0
package/src/domain/scanner/finding-attribution.test.ts +444 -0
package/src/domain/scanner/finding-attribution.ts +195 -0
package/src/domain/scanner/finding-explainer.test.ts +157 -0
package/src/domain/scanner/finding-explainer.ts +73 -0
package/src/domain/scanner/fix-diff-builder.test.ts +272 -0
package/src/domain/scanner/fix-diff-builder.ts +477 -0
package/src/domain/scanner/import-graph.test.ts +162 -0
package/src/domain/scanner/import-graph.ts +198 -0
package/src/domain/scanner/languages/adapter.test.ts +105 -0
package/src/domain/scanner/languages/adapter.ts +239 -0
package/src/domain/scanner/layers/index.ts +24 -0
package/src/domain/scanner/layers/layer1-files.ts +54 -0
package/src/domain/scanner/layers/layer2-docs.test.ts +1207 -0
package/src/domain/scanner/layers/layer2-docs.ts +297 -0
package/src/domain/scanner/layers/layer2-parsing.ts +217 -0
package/src/domain/scanner/layers/layer3-config.test.ts +187 -0
package/src/domain/scanner/layers/layer3-config.ts +279 -0
package/src/domain/scanner/layers/layer3-parsers.ts +73 -0
package/src/domain/scanner/layers/layer4-patterns.test.ts +397 -0
package/src/domain/scanner/layers/layer4-patterns.ts +216 -0
package/src/domain/scanner/layers/layer5-docs.test.ts +99 -0
package/src/domain/scanner/layers/layer5-docs.ts +250 -0
package/src/domain/scanner/layers/layer5-llm.test.ts +146 -0
package/src/domain/scanner/layers/layer5-llm.ts +262 -0
package/src/domain/scanner/layers/layer5-targeted.test.ts +93 -0
package/src/domain/scanner/layers/layer5-targeted.ts +233 -0
package/src/domain/scanner/layers/lockfile-parsers.test.ts +320 -0
package/src/domain/scanner/layers/lockfile-parsers.ts +184 -0
package/src/domain/scanner/regulation-version.test.ts +54 -0
package/src/domain/scanner/regulation-version.ts +23 -0
package/src/domain/scanner/role-filter.test.ts +116 -0
package/src/domain/scanner/role-filter.ts +51 -0
package/src/domain/scanner/rules/banned-packages-data.ts +553 -0
package/src/domain/scanner/rules/banned-packages-sdk.ts +65 -0
package/src/domain/scanner/rules/banned-packages.test.ts +249 -0
package/src/domain/scanner/rules/banned-packages.ts +55 -0
package/src/domain/scanner/rules/comment-filter.test.ts +115 -0
package/src/domain/scanner/rules/comment-filter.ts +297 -0
package/src/domain/scanner/rules/index.ts +9 -0
package/src/domain/scanner/rules/nhi-patterns.test.ts +128 -0
package/src/domain/scanner/rules/nhi-patterns.ts +60 -0
package/src/domain/scanner/rules/pattern-rules.ts +1152 -0
package/src/domain/scanner/sbom.test.ts +136 -0
package/src/domain/scanner/sbom.ts +103 -0
package/src/domain/scanner/scan-cache.test.ts +136 -0
package/src/domain/scanner/scan-cache.ts +115 -0
package/src/domain/scanner/scanner.test.ts +125 -0
package/src/domain/scanner/score-calculator.test.ts +363 -0
package/src/domain/scanner/score-calculator.ts +189 -0
package/src/domain/scanner/security-score.test.ts +107 -0
package/src/domain/scanner/security-score.ts +116 -0
package/src/domain/scanner/source-filter.ts +24 -0
package/src/domain/scanner/validators.ts +223 -0
package/src/domain/shared/compliance-constants.ts +48 -0
package/src/domain/shared/disclosure-patterns.ts +16 -0
package/src/domain/shared/index.ts +6 -0
package/src/domain/shared/parse-dependencies.ts +21 -0
package/src/domain/supply-chain/dependency-analyzer.ts +138 -0
package/src/domain/supply-chain/index.ts +3 -0
package/src/domain/supply-chain/supply-chain.test.ts +211 -0
package/src/domain/supply-chain/types.ts +32 -0
package/src/domain/whatif/config-fixer.ts +187 -0
package/src/domain/whatif/index.ts +6 -0
package/src/domain/whatif/scenario-engine.ts +121 -0
package/src/domain/whatif/simulate-actions.test.ts +161 -0
package/src/domain/whatif/simulate-actions.ts +114 -0
package/src/domain/whatif/whatif.test.ts +135 -0
package/src/e2e/gaps-e2e.test.ts +259 -0
package/src/e2e/smoke.test.ts +101 -0
package/src/hooks/hooks-export.test.ts +81 -0
package/src/hooks/installer.ts +113 -0
package/src/http/cors.test.ts +38 -0
package/src/http/create-router.ts +259 -0
package/src/http/routes/agent.route.ts +380 -0
package/src/http/routes/audit.route.ts +66 -0
package/src/http/routes/badge.route.ts +23 -0
package/src/http/routes/cert.route.ts +66 -0
package/src/http/routes/chat.route.ts +228 -0
package/src/http/routes/cost.route.ts +33 -0
package/src/http/routes/debt.route.ts +29 -0
package/src/http/routes/disclaimer.route.ts +64 -0
package/src/http/routes/eval.route.ts +161 -0
package/src/http/routes/events.route.test.ts +108 -0
package/src/http/routes/events.route.ts +71 -0
package/src/http/routes/external-scan.route.ts +24 -0
package/src/http/routes/file.route.ts +54 -0
package/src/http/routes/fix.route.ts +219 -0
package/src/http/routes/frameworks.route.test.ts +66 -0
package/src/http/routes/frameworks.route.ts +36 -0
package/src/http/routes/git.route.ts +27 -0
package/src/http/routes/guided-onboarding.route.ts +65 -0
package/src/http/routes/import.route.ts +64 -0
package/src/http/routes/jurisdiction.route.ts +22 -0
package/src/http/routes/obligations.route.test.ts +122 -0
package/src/http/routes/obligations.route.ts +110 -0
package/src/http/routes/onboarding.route.ts +53 -0
package/src/http/routes/provider.route.ts +42 -0
package/src/http/routes/proxy.route.ts +40 -0
package/src/http/routes/redteam.route.ts +84 -0
package/src/http/routes/report.route.ts +29 -0
package/src/http/routes/scan.route.ts +104 -0
package/src/http/routes/share.route.ts +44 -0
package/src/http/routes/shell.route.ts +27 -0
package/src/http/routes/status.route.ts +66 -0
package/src/http/routes/supply-chain.route.ts +121 -0
package/src/http/routes/sync.route.ts +328 -0
package/src/http/routes/tools.route.ts +29 -0
package/src/http/routes/whatif.route.ts +96 -0
package/src/http/utils/validation.ts +31 -0
package/src/index.ts +1 -0
package/src/infra/bundle-fetcher.ts +77 -0
package/src/infra/cache-storage.ts +34 -0
package/src/infra/event-bus.ts +31 -0
package/src/infra/file-collector.ts +61 -0
package/src/infra/file-ops-adapter.ts +95 -0
package/src/infra/file-watcher.test.ts +90 -0
package/src/infra/file-watcher.ts +106 -0
package/src/infra/git-adapter.ts +93 -0
package/src/infra/git-history-adapter.ts +41 -0
package/src/infra/headless-browser.ts +178 -0
package/src/infra/llm-adapter.test.ts +83 -0
package/src/infra/llm-adapter.ts +86 -0
package/src/infra/logger.ts +27 -0
package/src/infra/project-config.test.ts +74 -0
package/src/infra/project-config.ts +35 -0
package/src/infra/rate-limiter.test.ts +36 -0
package/src/infra/rate-limiter.ts +34 -0
package/src/infra/retry.ts +46 -0
package/src/infra/saas-client.ts +123 -0
package/src/infra/search-adapter.ts +113 -0
package/src/infra/shell-adapter.ts +68 -0
package/src/infra/tool-manager.test.ts +99 -0
package/src/infra/tool-manager.ts +197 -0
package/src/llm/agents/agent-modes.test.ts +44 -0
package/src/llm/agents/modes.ts +68 -0
package/src/llm/routing/cost-routing.test.ts +37 -0
package/src/llm/routing/cost-tracker.ts +74 -0
package/src/llm/routing/model-routing.test.ts +79 -0
package/src/llm/routing/model-routing.ts +38 -0
package/src/llm/routing/pricing.ts +19 -0
package/src/llm/sse-protocol.ts +77 -0
package/src/llm/tool-definitions.ts +83 -0
package/src/llm/tool-executors.ts +80 -0
package/src/llm/tools/types.ts +13 -0
package/src/mcp/create-mcp-stack.ts +82 -0
package/src/mcp/handlers.ts +245 -0
package/src/mcp/index.ts +28 -0
package/src/mcp/mcp-server.test.ts +80 -0
package/src/mcp/server.ts +79 -0
package/src/mcp/tools.ts +48 -0
package/src/onboarding/auto-detect.ts +164 -0
package/src/onboarding/onboarding.test.ts +89 -0
package/src/onboarding/profile.ts +169 -0
package/src/onboarding/questions.ts +112 -0
package/src/onboarding/wizard.ts +66 -0
package/src/output/github-issue.ts +32 -0
package/src/output/json-output.ts +67 -0
package/src/ports/browser.port.ts +23 -0
package/src/ports/events.port.ts +28 -0
package/src/ports/llm.port.ts +23 -0
package/src/ports/logger.port.ts +6 -0
package/src/ports/process.port.ts +6 -0
package/src/ports/scanner.port.ts +15 -0
package/src/server.ts +134 -0
package/src/services/badge-service.ts +67 -0
package/src/services/chat-service.test.ts +162 -0
package/src/services/chat-service.ts +152 -0
package/src/services/cost-service.ts +52 -0
package/src/services/debt-service.ts +65 -0
package/src/services/eval-integration.test.ts +132 -0
package/src/services/eval-service.test.ts +373 -0
package/src/services/eval-service.ts +463 -0
package/src/services/external-scan-service.ts +60 -0
package/src/services/file-service.ts +37 -0
package/src/services/fix-service.test.ts +470 -0
package/src/services/fix-service.ts +648 -0
package/src/services/framework-service.test.ts +159 -0
package/src/services/framework-service.ts +67 -0
package/src/services/onboarding-service.ts +165 -0
package/src/services/passport-audit.ts +244 -0
package/src/services/passport-documents.ts +258 -0
package/src/services/passport-service-utils.ts +72 -0
package/src/services/passport-service.test.ts +251 -0
package/src/services/passport-service.ts +339 -0
package/src/services/proxy-service.ts +81 -0
package/src/services/report-service.ts +72 -0
package/src/services/scan-service.test.ts +470 -0
package/src/services/scan-service.ts +335 -0
package/src/services/share-service.ts +108 -0
package/src/services/shared/backup.ts +23 -0
package/src/services/status-service.ts +38 -0
package/src/services/undo-service.test.ts +190 -0
package/src/services/undo-service.ts +144 -0
package/src/test-helpers/factories.ts +116 -0
package/src/types/common.schemas.ts +147 -0
package/src/types/common.types.ts +292 -0
package/src/types/contract.test.ts +217 -0
package/src/types/errors.ts +52 -0
package/src/types/framework.types.ts +87 -0
package/src/types/passport-schemas.ts +241 -0
package/src/types/passport.types.ts +296 -0
package/src/version.ts +1 -0
package/tsconfig.json +20 -0
package/vitest.config.ts +9 -0

package/data/regulations/eu-ai-act/timeline.json ADDED Viewed

@@ -0,0 +1,160 @@
+{
+  "timeline": {
+    "regulation_id": "eu-ai-act",
+    "key_dates": [
+      {
+        "date": "2024-06-13",
+        "event": "EU AI Act adopted by European Parliament and Council",
+        "impact_on_product": "Begin processing regulation content. Start building compliance framework.",
+        "status": "passed"
+      },
+      {
+        "date": "2024-07-12",
+        "event": "Published in Official Journal of the European Union",
+        "impact_on_product": "Official text available. Finalize regulatory parsing.",
+        "status": "passed"
+      },
+      {
+        "date": "2024-08-01",
+        "event": "Entry into force (20 days after publication)",
+        "impact_on_product": "Regulation is law. Countdown timers start for all phases.",
+        "status": "passed"
+      },
+      {
+        "date": "2025-02-02",
+        "event": "Phase 1: Prohibited practices (Art. 5) and AI literacy (Art. 4) apply",
+        "impact_on_product": "Prohibited practices screening and AI literacy modules must be live. Article 5 checklist and training templates must be available.",
+        "status": "passed"
+      },
+      {
+        "date": "2025-02-02",
+        "event": "Commission published Guidelines on Prohibited AI Practices and AI System Definition",
+        "impact_on_product": "Update prohibited practices screening logic and definition matching based on official guidelines.",
+        "status": "passed"
+      },
+      {
+        "date": "2025-08-02",
+        "event": "Phase 2: GPAI rules apply. Governance bodies operational. Penalty regime in force.",
+        "impact_on_product": "GPAI compliance modules must be live. Annex XI/XII documentation templates available. Code of Practice integration. Penalty calculator active.",
+        "status": "passed"
+      },
+      {
+        "date": "2025-08-02",
+        "event": "GPAI Code of Practice finalized and published",
+        "impact_on_product": "Integrate Code of Practice requirements into GPAI provider workflow. Update technical documentation templates.",
+        "status": "passed"
+      },
+      {
+        "date": "2025-08-02",
+        "event": "Member States designate national competent authorities. Penalty rules notified.",
+        "impact_on_product": "Build authority directory per Member State. Enable jurisdiction-specific penalty calculations. Map enforcement contacts.",
+        "status": "passed"
+      },
+      {
+        "date": "2025-12-17",
+        "event": "Commission published first draft Code of Practice on marking/labeling AI-generated content",
+        "impact_on_product": "Update content marking SDK requirements per Code of Practice. Integrate C2PA and marking standards referenced.",
+        "status": "passed"
+      },
+      {
+        "date": "2026-02-02",
+        "event": "Expected: Commission guidelines on high-risk AI classification (detailed examples for Annex III categories)",
+        "impact_on_product": "Update risk classification questionnaire with official examples and edge cases. Refine classification logic.",
+        "status": "upcoming"
+      },
+      {
+        "date": "2026-08-02",
+        "event": "Phase 3: MAJORITY OF PROVISIONS APPLY. High-risk AI (Annex III) rules. Transparency (Art. 50). Deployer obligations (Art. 26). FRIA (Art. 27). Registration (Art. 49). Sandboxes (Art. 57). Post-market monitoring (Art. 72). Incident reporting (Art. 73).",
+        "impact_on_product": "CRITICAL DEADLINE. All deployer and provider modules for high-risk AI must be fully operational. FRIA templates, monitoring dashboards, incident reporting workflows, EU database registration guidance, transparency compliance (disclosure + content marking) all live. This is the main enforcement date.",
+        "status": "upcoming"
+      },
+      {
+        "date": "2026-08-02",
+        "event": "GPAI administrative fines (Art. 101) become enforceable by AI Office",
+        "impact_on_product": "Update penalty information for GPAI providers. Ensure GPAI compliance scoring reflects enforcement risk.",
+        "status": "upcoming"
+      },
+      {
+        "date": "2027-08-02",
+        "event": "Phase 4: Full enforcement. Annex II high-risk (product safety AI). Legacy GPAI compliance deadline.",
+        "impact_on_product": "All remaining modules operational. Product safety AI compliance workflows. Full cross-regulation scoring. Legacy GPAI provider remediation tracking.",
+        "status": "upcoming"
+      },
+      {
+        "date": "2027-12-31",
+        "event": "Expected: Harmonised standards for AI published by European standardisation organisations (CEN/CENELEC)",
+        "impact_on_product": "Integrate harmonised standards references into conformity assessment workflows. Update technical requirements against formal standards.",
+        "status": "upcoming"
+      },
+      {
+        "date": "2028-08-02",
+        "event": "Commission evaluation of AI Office functioning (Art. 112)",
+        "impact_on_product": "Monitor for potential structural changes in enforcement landscape.",
+        "status": "upcoming"
+      },
+      {
+        "date": "2029-08-02",
+        "event": "Commission evaluation of impact/effectiveness of voluntary codes of conduct (Art. 112)",
+        "impact_on_product": "Monitor for potential shift from voluntary to mandatory for minimal-risk AI.",
+        "status": "upcoming"
+      },
+      {
+        "date": "2030-08-02",
+        "event": "Commission review of entire AI Act — potential amendments to scope, classification, governance",
+        "impact_on_product": "Major review cycle. Prepare for potential framework changes. Monitor legislative proposals.",
+        "status": "upcoming"
+      },
+      {
+        "date": "2030-12-31",
+        "event": "Large-scale IT systems in AFSJ (Annex X) compliance deadline",
+        "impact_on_product": "Final compliance deadline for legacy systems in justice/security domain.",
+        "status": "upcoming"
+      }
+    ],
+    "expected_amendments": [
+      "Digital Omnibus Package (proposed 2025): Commission proposed simplification amendments including adjusting high-risk timeline to link application to availability of harmonised standards. May extend some deadlines by up to 16 months.",
+      "Potential amendment to Annex III: Commission can expand or modify the high-risk use case list through delegated acts (Art. 7). Monitor for new high-risk categories.",
+      "GPAI systemic risk threshold: The 10^25 FLOPs threshold may be revised as compute capabilities evolve (Art. 51(3)).",
+      "Content marking standards: Technical standards for AI content marking are still being developed. Expect updates to implementation requirements."
+    ],
+    "codes_of_practice": [
+      {
+        "title": "General-Purpose AI Code of Practice",
+        "status": "finalized_august_2025",
+        "description": "Voluntary guidelines for GPAI model providers covering transparency, documentation, copyright compliance, and safety testing.",
+        "url": "https://digital-strategy.ec.europa.eu/en/policies/ai-pact"
+      },
+      {
+        "title": "Code of Practice on Marking and Labelling AI-Generated Content",
+        "status": "first_draft_december_2025",
+        "description": "Guidelines for machine-readable marking of AI-generated content (images, audio, video, text). Covers C2PA, watermarking, and metadata standards.",
+        "url": "https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai"
+      },
+      {
+        "title": "Harmonised Standards for AI (CEN/CENELEC)",
+        "status": "in_development",
+        "description": "Formal European harmonised standards for AI systems. When published, compliance with these standards provides presumption of conformity with AI Act requirements.",
+        "expected_date": "2027"
+      }
+    ],
+    "monitoring_sources": [
+      "https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai — European Commission AI policy page (primary)",
+      "https://ai-act-service-desk.ec.europa.eu/ — Official EU AI Act Service Desk",
+      "https://artificialintelligenceact.eu/ — Comprehensive AI Act reference (Future of Life Institute)",
+      "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689 — Official text on EUR-Lex",
+      "https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence — European Parliament AI Act overview",
+      "https://ec.europa.eu/commission/presscorner/home/en — European Commission press releases",
+      "EU AI Office announcements — monitor for enforcement actions, guidelines, and delegated acts"
+    ],
+    "review_frequency": "monthly — critical regulatory implementation period through August 2027. Switch to quarterly after full enforcement."
+  },
+  "version": {
+    "framework_version": "3.0-production",
+    "processed_date": "2026-02-17",
+    "source_regulation_version": "Regulation (EU) 2024/1689 as published in OJ L 2024/1689",
+    "processing_prompt_version": "12-stage-v2",
+    "last_regulatory_update_checked": "2025-12-17 (Code of Practice on content marking draft)",
+    "next_review_due": "2026-03-01",
+    "notes": "Production-grade framework with granular obligation decomposition, full what_not_to_do coverage, expanded deployer obligations, and comprehensive tech specs for scanner."
+  }
+}

package/data/regulations/jurisdictions/at.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "AT",
+  "country_name": "Austria",
+  "msa_name": "RTR - Rundfunk und Telekom Regulierungs-GmbH",
+  "msa_url": "https://www.rtr.at",
+  "msa_contact": "rtr@rtr.at",
+  "local_requirements": [
+    "National AI strategy alignment required",
+    "German-language documentation mandatory for public-facing AI systems",
+    "Austrian DPA (DSB) notification required for high-risk AI processing personal data"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "German",
+  "notes": "RTR designated as MSA under national AI Act implementation"
+}

package/data/regulations/jurisdictions/be.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "BE",
+  "country_name": "Belgium",
+  "msa_name": "Federal Public Service Economy - AI Authority",
+  "msa_url": "https://economie.fgov.be",
+  "msa_contact": "info.eco@economie.fgov.be",
+  "local_requirements": [
+    "Bilingual documentation required (French and Dutch) for federal AI systems",
+    "National DPA (APD/GBA) notification required for high-risk AI",
+    "Belgian Knowledge Centre for Data & Society alignment recommended"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "French/Dutch/German",
+  "notes": "Federal structure requires coordination between regional and federal authorities"
+}

package/data/regulations/jurisdictions/bg.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "BG",
+  "country_name": "Bulgaria",
+  "msa_name": "Commission for Consumer Protection",
+  "msa_url": "https://www.kzp.bg",
+  "msa_contact": "info@kzp.bg",
+  "local_requirements": [
+    "Bulgarian-language user-facing documentation required",
+    "National DPA (CPDP) notification for AI systems processing personal data",
+    "Alignment with Bulgarian Digital Transformation Strategy"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Bulgarian",
+  "notes": "Consumer protection authority acts as primary MSA"
+}

package/data/regulations/jurisdictions/cy.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "CY",
+  "country_name": "Cyprus",
+  "msa_name": "Department of Electronic Communications (DEC)",
+  "msa_url": "https://www.mcw.gov.cy/dec",
+  "msa_contact": "dec@mcw.gov.cy",
+  "local_requirements": [
+    "Greek-language documentation required for public sector AI",
+    "National DPA notification for AI processing personal data",
+    "Alignment with Cyprus Digital Strategy 2025-2030"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Greek",
+  "notes": "Small market; DEC handles AI oversight alongside telecommunications"
+}

package/data/regulations/jurisdictions/cz.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "CZ",
+  "country_name": "Czech Republic",
+  "msa_name": "Czech Trade Inspection Authority (CTIA)",
+  "msa_url": "https://www.coi.cz",
+  "msa_contact": "info@coi.cz",
+  "local_requirements": [
+    "Czech-language user documentation mandatory",
+    "National DPA (UOOU) notification required for high-risk AI",
+    "Alignment with Czech National AI Strategy"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Czech",
+  "notes": "CTIA handles market surveillance for AI products alongside consumer goods"
+}

package/data/regulations/jurisdictions/de.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "DE",
+  "country_name": "Germany",
+  "msa_name": "Bundesnetzagentur (Federal Network Agency)",
+  "msa_url": "https://www.bundesnetzagentur.de",
+  "msa_contact": "info@bnetza.de",
+  "local_requirements": [
+    "German-language documentation mandatory for all AI systems in German market",
+    "National DPA (BfDI) notification required for high-risk AI systems",
+    "Sector-specific requirements for AI in critical infrastructure (BSI alignment)"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "German",
+  "notes": "Bundesnetzagentur designated as primary MSA; federal state DPAs also have oversight roles"
+}

package/data/regulations/jurisdictions/dk.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "DK",
+  "country_name": "Denmark",
+  "msa_name": "Danish Business Authority (Erhvervsstyrelsen)",
+  "msa_url": "https://www.erst.dk",
+  "msa_contact": "erst@erst.dk",
+  "local_requirements": [
+    "Danish-language documentation for consumer-facing AI systems",
+    "National DPA (Datatilsynet) notification for high-risk AI",
+    "Alignment with Danish National Strategy for Artificial Intelligence"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Danish",
+  "notes": "Denmark has a proactive AI ethics framework alongside EU AI Act compliance"
+}

package/data/regulations/jurisdictions/ee.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "EE",
+  "country_name": "Estonia",
+  "msa_name": "Consumer Protection and Technical Regulatory Authority (TTJA)",
+  "msa_url": "https://www.ttja.ee",
+  "msa_contact": "info@ttja.ee",
+  "local_requirements": [
+    "Estonian-language documentation for public sector AI deployments",
+    "National DPA (AKI) notification for AI processing personal data",
+    "e-Estonia digital infrastructure compliance for government AI systems"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Estonian",
+  "notes": "Estonia is a leader in digital governance and AI adoption in public services"
+}

package/data/regulations/jurisdictions/es.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "ES",
+  "country_name": "Spain",
+  "msa_name": "Agencia Espanola de Supervision de la Inteligencia Artificial (AESIA)",
+  "msa_url": "https://www.aesia.gob.es",
+  "msa_contact": "contacto@aesia.gob.es",
+  "local_requirements": [
+    "Spanish-language documentation mandatory for all AI systems in Spanish market",
+    "AEPD notification required for high-risk AI processing personal data",
+    "National AI regulatory sandbox participation available for testing"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Spanish",
+  "notes": "Spain was the first EU member state to create a dedicated AI supervisory agency (AESIA)"
+}

package/data/regulations/jurisdictions/fi.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "FI",
+  "country_name": "Finland",
+  "msa_name": "Transport and Communications Agency (Traficom)",
+  "msa_url": "https://www.traficom.fi",
+  "msa_contact": "kirjaamo@traficom.fi",
+  "local_requirements": [
+    "Finnish and Swedish language documentation for public AI systems",
+    "National DPA (Tietosuojavaltuutettu) notification for high-risk AI",
+    "Alignment with Finland AuroraAI programme for ethical AI"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Finnish/Swedish",
+  "notes": "Traficom oversees digital safety including AI systems"
+}

package/data/regulations/jurisdictions/fr.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "FR",
+  "country_name": "France",
+  "msa_name": "CNIL + Direction generale des entreprises (DGE)",
+  "msa_url": "https://www.cnil.fr",
+  "msa_contact": "contact@cnil.fr",
+  "local_requirements": [
+    "French-language documentation mandatory for all consumer AI systems",
+    "CNIL AI impact assessment required for systems processing personal data",
+    "Sector-specific requirements for public sector AI (Etalab guidelines)"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "French",
+  "notes": "France has dual oversight: CNIL for data protection aspects, DGE for market surveillance"
+}

package/data/regulations/jurisdictions/gr.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "GR",
+  "country_name": "Greece",
+  "msa_name": "National Telecommunications and Post Commission (EETT)",
+  "msa_url": "https://www.eett.gr",
+  "msa_contact": "info@eett.gr",
+  "local_requirements": [
+    "Greek-language documentation required for consumer-facing AI systems",
+    "National DPA (HDPA) notification for AI processing personal data",
+    "Alignment with Greek National AI Strategy (Hellenic AI Society)"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Greek",
+  "notes": "EETT handles digital market oversight including AI systems"
+}

package/data/regulations/jurisdictions/hr.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "HR",
+  "country_name": "Croatia",
+  "msa_name": "Croatian Regulatory Authority for Network Industries (HAKOM)",
+  "msa_url": "https://www.hakom.hr",
+  "msa_contact": "info@hakom.hr",
+  "local_requirements": [
+    "Croatian-language documentation mandatory for consumer-facing AI",
+    "National DPA (AZOP) notification required for high-risk AI",
+    "Sector-specific requirements for public administration AI systems"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Croatian",
+  "notes": "HAKOM designated as primary MSA for AI systems in Croatia"
+}

package/data/regulations/jurisdictions/hu.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "HU",
+  "country_name": "Hungary",
+  "msa_name": "National Media and Infocommunications Authority (NMHH)",
+  "msa_url": "https://www.nmhh.hu",
+  "msa_contact": "info@nmhh.hu",
+  "local_requirements": [
+    "Hungarian-language documentation mandatory for consumer AI systems",
+    "National DPA (NAIH) notification required for high-risk AI",
+    "Alignment with Hungarian Artificial Intelligence Strategy"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Hungarian",
+  "notes": "NMHH oversees digital communications and AI market surveillance"
+}

package/data/regulations/jurisdictions/ie.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "IE",
+  "country_name": "Ireland",
+  "msa_name": "Commission for Communications Regulation (ComReg)",
+  "msa_url": "https://www.comreg.ie",
+  "msa_contact": "info@comreg.ie",
+  "local_requirements": [
+    "English-language documentation accepted; Irish also recognized",
+    "National DPC notification required for high-risk AI processing personal data",
+    "Enterprise Ireland AI governance framework alignment recommended"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "English/Irish",
+  "notes": "Ireland hosts many multinational tech HQs; DPC has significant cross-border AI oversight role"
+}

package/data/regulations/jurisdictions/is.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "IS",
+  "country_name": "Iceland",
+  "msa_name": "Post and Telecom Administration (PFS)",
+  "msa_url": "https://www.pfs.is",
+  "msa_contact": "pfs@pfs.is",
+  "local_requirements": [
+    "Icelandic-language documentation for public-facing AI systems",
+    "National DPA (Persónuvernd) notification for AI processing personal data",
+    "EEA agreement obligations for AI Act transposition"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Icelandic",
+  "notes": "EEA member; AI Act applies through EEA Agreement incorporation"
+}

package/data/regulations/jurisdictions/it.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "IT",
+  "country_name": "Italy",
+  "msa_name": "Agenzia per l'Italia Digitale (AgID)",
+  "msa_url": "https://www.agid.gov.it",
+  "msa_contact": "protocollo@pec.agid.gov.it",
+  "local_requirements": [
+    "Italian-language documentation mandatory for all AI systems in Italian market",
+    "Garante per la protezione dei dati personali notification for high-risk AI",
+    "Sector-specific requirements for public administration AI (Piano Triennale)"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Italian",
+  "notes": "AgID coordinates AI governance for public sector; Garante handles data protection aspects"
+}

package/data/regulations/jurisdictions/li.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "LI",
+  "country_name": "Liechtenstein",
+  "msa_name": "Office for Communications (AK)",
+  "msa_url": "https://www.llv.li/inhalt/118804/amtsstellen/amt-fur-kommunikation",
+  "msa_contact": "info.ak@llv.li",
+  "local_requirements": [
+    "German-language documentation accepted",
+    "National DPA (DSS) notification for AI processing personal data",
+    "EEA agreement obligations for AI Act transposition"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "German",
+  "notes": "EEA member; AI Act applies through EEA Agreement; strong fintech sector"
+}

package/data/regulations/jurisdictions/lt.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "LT",
+  "country_name": "Lithuania",
+  "msa_name": "State Consumer Rights Protection Authority (VVTAT)",
+  "msa_url": "https://www.vvtat.lt",
+  "msa_contact": "vvtat@vvtat.lt",
+  "local_requirements": [
+    "Lithuanian-language documentation for consumer-facing AI systems",
+    "National DPA (VDAI) notification for high-risk AI",
+    "Alignment with Lithuanian AI Strategy and Innovation Agency guidelines"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Lithuanian",
+  "notes": "VVTAT manages consumer protection including AI product safety"
+}

package/data/regulations/jurisdictions/lu.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "LU",
+  "country_name": "Luxembourg",
+  "msa_name": "Institut Luxembourgeois de Regulation (ILR)",
+  "msa_url": "https://www.ilr.lu",
+  "msa_contact": "info@ilr.lu",
+  "local_requirements": [
+    "French, German, or Luxembourgish documentation accepted",
+    "National DPA (CNPD) notification for AI processing personal data",
+    "Alignment with Luxembourg Digital Innovation Hub requirements"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "French/German/Luxembourgish",
+  "notes": "ILR regulates digital markets including AI; strong fintech and AI ecosystem"
+}

package/data/regulations/jurisdictions/lv.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "LV",
+  "country_name": "Latvia",
+  "msa_name": "Consumer Rights Protection Centre (PTAC)",
+  "msa_url": "https://www.ptac.gov.lv",
+  "msa_contact": "ptac@ptac.gov.lv",
+  "local_requirements": [
+    "Latvian-language documentation required for consumer-facing AI",
+    "National DPA (DVI) notification for AI processing personal data",
+    "Alignment with Latvian AI Strategy and Digital Transformation Guidelines"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Latvian",
+  "notes": "PTAC handles consumer protection aspects of AI market surveillance"
+}

package/data/regulations/jurisdictions/mt.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "MT",
+  "country_name": "Malta",
+  "msa_name": "Malta Communications Authority (MCA)",
+  "msa_url": "https://www.mca.org.mt",
+  "msa_contact": "info@mca.org.mt",
+  "local_requirements": [
+    "English or Maltese documentation accepted",
+    "Malta Digital Innovation Authority (MDIA) certification for innovative technology",
+    "National DPA (IDPC) notification for AI processing personal data"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Maltese/English",
+  "notes": "Malta was among the first EU states to establish AI-specific governance (MDIA)"
+}

package/data/regulations/jurisdictions/nl.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "NL",
+  "country_name": "Netherlands",
+  "msa_name": "Autoriteit Consument & Markt (ACM)",
+  "msa_url": "https://www.acm.nl",
+  "msa_contact": "info@acm.nl",
+  "local_requirements": [
+    "Dutch-language documentation required for consumer-facing AI",
+    "Autoriteit Persoonsgegevens (AP) notification for high-risk AI processing personal data",
+    "Algorithm Register mandatory for government AI systems"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Dutch",
+  "notes": "Netherlands has a public Algorithm Register and proactive algorithmic oversight"
+}

package/data/regulations/jurisdictions/no.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "NO",
+  "country_name": "Norway",
+  "msa_name": "Norwegian Communications Authority (Nkom)",
+  "msa_url": "https://www.nkom.no",
+  "msa_contact": "firmapost@nkom.no",
+  "local_requirements": [
+    "Norwegian-language documentation required for consumer-facing AI",
+    "National DPA (Datatilsynet) notification for high-risk AI",
+    "Alignment with Norwegian National Strategy for Artificial Intelligence"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Norwegian",
+  "notes": "EEA member; AI Act applies through EEA Agreement; active AI ethics community"
+}

package/data/regulations/jurisdictions/pl.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "PL",
+  "country_name": "Poland",
+  "msa_name": "Office of Electronic Communications (UKE)",
+  "msa_url": "https://www.uke.gov.pl",
+  "msa_contact": "uke@uke.gov.pl",
+  "local_requirements": [
+    "Polish-language documentation mandatory for consumer AI systems",
+    "National DPA (UODO) notification required for high-risk AI",
+    "Alignment with Polish AI Development Policy"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Polish",
+  "notes": "UKE oversees electronic communications and digital market surveillance"
+}

package/data/regulations/jurisdictions/pt.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "PT",
+  "country_name": "Portugal",
+  "msa_name": "ANACOM - Autoridade Nacional de Comunicacoes",
+  "msa_url": "https://www.anacom.pt",
+  "msa_contact": "info@anacom.pt",
+  "local_requirements": [
+    "Portuguese-language documentation required for consumer-facing AI",
+    "National DPA (CNPD) notification for AI processing personal data",
+    "Alignment with Portugal INCoDe.2030 digital competences strategy"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Portuguese",
+  "notes": "ANACOM oversees communications and digital market including AI systems"
+}

package/data/regulations/jurisdictions/ro.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "RO",
+  "country_name": "Romania",
+  "msa_name": "National Authority for Management and Regulation in Communications (ANCOM)",
+  "msa_url": "https://www.ancom.ro",
+  "msa_contact": "ancom@ancom.ro",
+  "local_requirements": [
+    "Romanian-language documentation mandatory for consumer AI systems",
+    "National DPA (ANSPDCP) notification for high-risk AI processing personal data",
+    "Alignment with Romanian National Strategy on Artificial Intelligence"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Romanian",
+  "notes": "ANCOM handles communications regulation and AI market surveillance"
+}

package/data/regulations/jurisdictions/se.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "country_code": "SE",
+  "country_name": "Sweden",
+  "msa_name": "Post and Telecom Authority (PTS)",
+  "msa_url": "https://www.pts.se",
+  "msa_contact": "pts@pts.se",
+  "local_requirements": [
+    "Swedish-language documentation required for consumer AI systems",
+    "National DPA (IMY) notification for high-risk AI processing personal data",
+    "Alignment with Swedish National Approach to Artificial Intelligence"
+  ],
+  "enforcement_date": "2026-08-02",
+  "language": "Swedish",
+  "notes": "PTS oversees telecommunications and digital services including AI market surveillance"
+}