npm - @complior/engine - Versions diffs - 0.9.0 - Mend

@complior/engine 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (594) hide show

package/.well-known/ai-compliance.json +16 -0
package/COMPLIANCE.md +64 -0
package/data/data-integrity.test.ts +75 -0
package/data/eval/eval-mappings.json +33 -0
package/data/llm/model-pricing.json +15 -0
package/data/llm/model-routing.json +36 -0
package/data/onboarding/risk-profile.json +17 -0
package/data/regulations/eu-ai-act/README.md +245 -0
package/data/regulations/eu-ai-act/applicability-tree.json +160 -0
package/data/regulations/eu-ai-act/cross-mapping.json +175 -0
package/data/regulations/eu-ai-act/localization.json +186 -0
package/data/regulations/eu-ai-act/obligations.json +3981 -0
package/data/regulations/eu-ai-act/regulation-meta.json +482 -0
package/data/regulations/eu-ai-act/scoring.json +342 -0
package/data/regulations/eu-ai-act/technical-requirements.json +2590 -0
package/data/regulations/eu-ai-act/timeline.json +160 -0
package/data/regulations/jurisdictions/at.json +15 -0
package/data/regulations/jurisdictions/be.json +15 -0
package/data/regulations/jurisdictions/bg.json +15 -0
package/data/regulations/jurisdictions/cy.json +15 -0
package/data/regulations/jurisdictions/cz.json +15 -0
package/data/regulations/jurisdictions/de.json +15 -0
package/data/regulations/jurisdictions/dk.json +15 -0
package/data/regulations/jurisdictions/ee.json +15 -0
package/data/regulations/jurisdictions/es.json +15 -0
package/data/regulations/jurisdictions/fi.json +15 -0
package/data/regulations/jurisdictions/fr.json +15 -0
package/data/regulations/jurisdictions/gr.json +15 -0
package/data/regulations/jurisdictions/hr.json +15 -0
package/data/regulations/jurisdictions/hu.json +15 -0
package/data/regulations/jurisdictions/ie.json +15 -0
package/data/regulations/jurisdictions/is.json +15 -0
package/data/regulations/jurisdictions/it.json +15 -0
package/data/regulations/jurisdictions/li.json +15 -0
package/data/regulations/jurisdictions/lt.json +15 -0
package/data/regulations/jurisdictions/lu.json +15 -0
package/data/regulations/jurisdictions/lv.json +15 -0
package/data/regulations/jurisdictions/mt.json +15 -0
package/data/regulations/jurisdictions/nl.json +15 -0
package/data/regulations/jurisdictions/no.json +15 -0
package/data/regulations/jurisdictions/pl.json +15 -0
package/data/regulations/jurisdictions/pt.json +15 -0
package/data/regulations/jurisdictions/ro.json +15 -0
package/data/regulations/jurisdictions/se.json +15 -0
package/data/regulations/jurisdictions/si.json +15 -0
package/data/regulations/jurisdictions/sk.json +15 -0
package/data/scanner/check-id-categories.json +81 -0
package/data/scanner/confidence-params.json +16 -0
package/data/scanner/limits.json +4 -0
package/data/schemas/http-contract-sample.json +79 -0
package/data/schemas/http-contract.json +144 -0
package/data/semgrep-rules/bare-call.yaml +37 -0
package/data/semgrep-rules/injection.yaml +73 -0
package/data/semgrep-rules/missing-error-handling.yaml +58 -0
package/data/semgrep-rules/unsafe-deser.yaml +65 -0
package/data/templates/eu-ai-act/ai-literacy.md +184 -0
package/data/templates/eu-ai-act/art5-screening.md +131 -0
package/data/templates/eu-ai-act/data-governance.md +145 -0
package/data/templates/eu-ai-act/declaration-of-conformity.md +161 -0
package/data/templates/eu-ai-act/fria.md +127 -0
package/data/templates/eu-ai-act/gpai-systemic-risk.md +150 -0
package/data/templates/eu-ai-act/gpai-transparency.md +166 -0
package/data/templates/eu-ai-act/incident-report.md +188 -0
package/data/templates/eu-ai-act/instructions-for-use.md +202 -0
package/data/templates/eu-ai-act/monitoring-policy.md +110 -0
package/data/templates/eu-ai-act/qms.md +180 -0
package/data/templates/eu-ai-act/risk-management-system.md +123 -0
package/data/templates/eu-ai-act/technical-documentation.md +287 -0
package/data/templates/eu-ai-act/worker-notification.md +143 -0
package/data/templates/policies/biometrics-ai-policy.md +214 -0
package/data/templates/policies/critical-infra-ai-policy.md +228 -0
package/data/templates/policies/education-ai-policy.md +184 -0
package/data/templates/policies/finance-ai-policy.md +191 -0
package/data/templates/policies/healthcare-ai-policy.md +197 -0
package/data/templates/policies/hr-ai-policy.md +178 -0
package/data/templates/policies/legal-ai-policy.md +189 -0
package/data/templates/policies/migration-ai-policy.md +239 -0
package/engine.log +7 -0
package/package.json +74 -0
package/src/composition-root.ts +791 -0
package/src/data/eval/conformity-tests.test.ts +122 -0
package/src/data/eval/ct-1-transparency.ts +106 -0
package/src/data/eval/ct-10-gpai.ts +25 -0
package/src/data/eval/ct-11-industry.ts +42 -0
package/src/data/eval/ct-2-oversight.ts +41 -0
package/src/data/eval/ct-3-explanation.ts +14 -0
package/src/data/eval/ct-4-bias.ts +83 -0
package/src/data/eval/ct-5-accuracy.ts +41 -0
package/src/data/eval/ct-6-robustness.ts +81 -0
package/src/data/eval/ct-7-prohibited.ts +52 -0
package/src/data/eval/ct-8-logging.ts +68 -0
package/src/data/eval/ct-9-risk-awareness.ts +33 -0
package/src/data/eval/deterministic-evaluator.ts +120 -0
package/src/data/eval/index.ts +55 -0
package/src/data/eval/judge-prompts.ts +146 -0
package/src/data/eval/llm-judged-tests.ts +279 -0
package/src/data/eval/llm-tests.test.ts +83 -0
package/src/data/eval/remediation/ct-1-transparency.ts +91 -0
package/src/data/eval/remediation/ct-10-gpai.ts +94 -0
package/src/data/eval/remediation/ct-11-industry.ts +94 -0
package/src/data/eval/remediation/ct-2-oversight.ts +71 -0
package/src/data/eval/remediation/ct-3-explanation.ts +70 -0
package/src/data/eval/remediation/ct-4-bias.ts +70 -0
package/src/data/eval/remediation/ct-5-accuracy.ts +70 -0
package/src/data/eval/remediation/ct-6-robustness.ts +70 -0
package/src/data/eval/remediation/ct-7-prohibited.ts +94 -0
package/src/data/eval/remediation/ct-8-logging.ts +94 -0
package/src/data/eval/remediation/ct-9-risk-awareness.ts +94 -0
package/src/data/eval/remediation/index.ts +89 -0
package/src/data/eval/remediation/owasp-art5.ts +15 -0
package/src/data/eval/remediation/owasp-llm01.ts +72 -0
package/src/data/eval/remediation/owasp-llm02.ts +72 -0
package/src/data/eval/remediation/owasp-llm03.ts +15 -0
package/src/data/eval/remediation/owasp-llm04.ts +15 -0
package/src/data/eval/remediation/owasp-llm05.ts +15 -0
package/src/data/eval/remediation/owasp-llm06.ts +15 -0
package/src/data/eval/remediation/owasp-llm07.ts +15 -0
package/src/data/eval/remediation/owasp-llm08.ts +15 -0
package/src/data/eval/remediation/owasp-llm09.ts +15 -0
package/src/data/eval/remediation/owasp-llm10.ts +15 -0
package/src/data/eval/remediation/remediation.test.ts +229 -0
package/src/data/eval/remediation/test-mapping.ts +290 -0
package/src/data/eval/security-rubrics.ts +381 -0
package/src/data/finding-explanations.json +453 -0
package/src/data/industry-patterns.ts +161 -0
package/src/data/registry-cards.ts +368 -0
package/src/data/regulation/index.ts +5 -0
package/src/data/regulation/jurisdiction-data.test.ts +73 -0
package/src/data/regulation/jurisdiction-data.ts +65 -0
package/src/data/regulation/regulation-data.ts +19 -0
package/src/data/regulation/regulation-loader.test.ts +107 -0
package/src/data/regulation/regulation-loader.ts +56 -0
package/src/data/scanner-constants.ts +46 -0
package/src/data/schemas/schemas-core.ts +140 -0
package/src/data/schemas/schemas-supplementary.ts +211 -0
package/src/data/schemas/schemas.ts +28 -0
package/src/data/security/attack-probes.test.ts +62 -0
package/src/data/security/attack-probes.ts +496 -0
package/src/data/security/eu-ai-act-security.ts +40 -0
package/src/data/security/index.ts +19 -0
package/src/data/security/mitre-atlas.test.ts +43 -0
package/src/data/security/mitre-atlas.ts +93 -0
package/src/data/security/nist-ai-rmf.ts +43 -0
package/src/data/security/owasp-llm-top10.test.ts +60 -0
package/src/data/security/owasp-llm-top10.ts +138 -0
package/src/data/template-registry.ts +53 -0
package/src/data/tool-versions.json +22 -0
package/src/domain/audit/audit-package.test.ts +152 -0
package/src/domain/audit/audit-package.ts +166 -0
package/src/domain/audit/audit-trail.test.ts +121 -0
package/src/domain/audit/audit-trail.ts +174 -0
package/src/domain/audit/index.ts +8 -0
package/src/domain/audit/permissions-matrix.test.ts +136 -0
package/src/domain/audit/permissions-matrix.ts +121 -0
package/src/domain/certification/adversarial/bias-tests.ts +95 -0
package/src/domain/certification/adversarial/evaluators.ts +304 -0
package/src/domain/certification/adversarial/index.ts +11 -0
package/src/domain/certification/adversarial/prompt-injection.ts +103 -0
package/src/domain/certification/adversarial/safety-boundary.ts +132 -0
package/src/domain/certification/aiuc1-readiness.test.ts +236 -0
package/src/domain/certification/aiuc1-readiness.ts +298 -0
package/src/domain/certification/aiuc1-requirements.ts +235 -0
package/src/domain/certification/index.ts +10 -0
package/src/domain/certification/redteam-runner.test.ts +97 -0
package/src/domain/certification/redteam-runner.ts +205 -0
package/src/domain/certification/test-runner.test.ts +232 -0
package/src/domain/certification/test-runner.ts +289 -0
package/src/domain/cost/cost-estimator.test.ts +187 -0
package/src/domain/cost/cost-estimator.ts +133 -0
package/src/domain/disclaimer.test.ts +52 -0
package/src/domain/disclaimer.ts +39 -0
package/src/domain/documents/ai-enricher.test.ts +120 -0
package/src/domain/documents/ai-enricher.ts +159 -0
package/src/domain/documents/document-generator.test.ts +318 -0
package/src/domain/documents/document-generator.ts +239 -0
package/src/domain/documents/index.ts +9 -0
package/src/domain/documents/passport-helpers.ts +25 -0
package/src/domain/documents/policy-generator.test.ts +252 -0
package/src/domain/documents/policy-generator.ts +94 -0
package/src/domain/documents/worker-notification-generator.test.ts +162 -0
package/src/domain/documents/worker-notification-generator.ts +141 -0
package/src/domain/eval/adapters/adapter-port.ts +94 -0
package/src/domain/eval/adapters/adapters.test.ts +303 -0
package/src/domain/eval/adapters/anthropic-adapter.ts +57 -0
package/src/domain/eval/adapters/auto-detect.ts +104 -0
package/src/domain/eval/adapters/create-chat-adapter.ts +106 -0
package/src/domain/eval/adapters/custom-adapter.ts +74 -0
package/src/domain/eval/adapters/http-adapter.ts +66 -0
package/src/domain/eval/adapters/index.ts +7 -0
package/src/domain/eval/adapters/ollama-adapter.ts +48 -0
package/src/domain/eval/adapters/openai-adapter.ts +58 -0
package/src/domain/eval/adapters/with-timeout.ts +25 -0
package/src/domain/eval/conformity-score.test.ts +161 -0
package/src/domain/eval/conformity-score.ts +135 -0
package/src/domain/eval/eval-constants.ts +55 -0
package/src/domain/eval/eval-evidence.test.ts +85 -0
package/src/domain/eval/eval-evidence.ts +103 -0
package/src/domain/eval/eval-fix-generator.test.ts +421 -0
package/src/domain/eval/eval-fix-generator.ts +205 -0
package/src/domain/eval/eval-passport.test.ts +82 -0
package/src/domain/eval/eval-passport.ts +89 -0
package/src/domain/eval/eval-remediation-report.test.ts +682 -0
package/src/domain/eval/eval-remediation-report.ts +170 -0
package/src/domain/eval/eval-report.ts +108 -0
package/src/domain/eval/eval-runner.test.ts +609 -0
package/src/domain/eval/eval-runner.ts +593 -0
package/src/domain/eval/eval-to-findings.test.ts +293 -0
package/src/domain/eval/eval-to-findings.ts +83 -0
package/src/domain/eval/index.ts +31 -0
package/src/domain/eval/llm-judge.test.ts +139 -0
package/src/domain/eval/llm-judge.ts +168 -0
package/src/domain/eval/remediation-types.ts +90 -0
package/src/domain/eval/security-integration.test.ts +196 -0
package/src/domain/eval/security-integration.ts +136 -0
package/src/domain/eval/types.test.ts +173 -0
package/src/domain/eval/types.ts +244 -0
package/src/domain/eval/verdict-utils.ts +45 -0
package/src/domain/fixer/create-fixer.ts +101 -0
package/src/domain/fixer/diff.ts +70 -0
package/src/domain/fixer/fix-history.ts +23 -0
package/src/domain/fixer/fixer.test.ts +306 -0
package/src/domain/fixer/index.ts +9 -0
package/src/domain/fixer/strategies/bandit-fix.ts +61 -0
package/src/domain/fixer/strategies/bias-testing.ts +49 -0
package/src/domain/fixer/strategies/ci-compliance.ts +57 -0
package/src/domain/fixer/strategies/content-marking.ts +45 -0
package/src/domain/fixer/strategies/cve-upgrade.ts +66 -0
package/src/domain/fixer/strategies/data-governance.ts +65 -0
package/src/domain/fixer/strategies/disclosure.ts +69 -0
package/src/domain/fixer/strategies/doc-code-sync.ts +53 -0
package/src/domain/fixer/strategies/documentation.ts +59 -0
package/src/domain/fixer/strategies/error-handler.ts +63 -0
package/src/domain/fixer/strategies/hitl-gate.ts +67 -0
package/src/domain/fixer/strategies/index.ts +61 -0
package/src/domain/fixer/strategies/kill-switch-test.ts +85 -0
package/src/domain/fixer/strategies/kill-switch.ts +53 -0
package/src/domain/fixer/strategies/license-fix.ts +57 -0
package/src/domain/fixer/strategies/log-retention.ts +40 -0
package/src/domain/fixer/strategies/logging.ts +59 -0
package/src/domain/fixer/strategies/metadata.ts +45 -0
package/src/domain/fixer/strategies/permission-guard.ts +84 -0
package/src/domain/fixer/strategies/record-keeping.ts +69 -0
package/src/domain/fixer/strategies/secret-rotation.ts +52 -0
package/src/domain/fixer/strategies.test.ts +341 -0
package/src/domain/fixer/template-engine.test.ts +64 -0
package/src/domain/fixer/template-engine.ts +38 -0
package/src/domain/fixer/types.ts +88 -0
package/src/domain/frameworks/aiuc1-framework.test.ts +159 -0
package/src/domain/frameworks/aiuc1-framework.ts +126 -0
package/src/domain/frameworks/collect-foundation-metrics.test.ts +96 -0
package/src/domain/frameworks/collect-foundation-metrics.ts +34 -0
package/src/domain/frameworks/eu-ai-act-framework.test.ts +117 -0
package/src/domain/frameworks/eu-ai-act-framework.ts +100 -0
package/src/domain/frameworks/framework-registry.test.ts +91 -0
package/src/domain/frameworks/framework-registry.ts +38 -0
package/src/domain/frameworks/index.ts +8 -0
package/src/domain/frameworks/mitre-atlas-framework.test.ts +53 -0
package/src/domain/frameworks/mitre-atlas-framework.ts +53 -0
package/src/domain/frameworks/owasp-llm-framework.test.ts +77 -0
package/src/domain/frameworks/owasp-llm-framework.ts +54 -0
package/src/domain/frameworks/score-plugin-framework.ts +117 -0
package/src/domain/fria/fria-generator.test.ts +273 -0
package/src/domain/fria/fria-generator.ts +366 -0
package/src/domain/import/promptfoo-importer.test.ts +103 -0
package/src/domain/import/promptfoo-importer.ts +151 -0
package/src/domain/onboarding/guided-onboarding.test.ts +144 -0
package/src/domain/onboarding/guided-onboarding.ts +135 -0
package/src/domain/passport/builder/domain-mapper.ts +9 -0
package/src/domain/passport/builder/manifest-builder.test.ts +546 -0
package/src/domain/passport/builder/manifest-builder.ts +535 -0
package/src/domain/passport/builder/manifest-diff.test.ts +105 -0
package/src/domain/passport/builder/manifest-diff.ts +89 -0
package/src/domain/passport/builder/manifest-files.ts +17 -0
package/src/domain/passport/crypto-signer.test.ts +93 -0
package/src/domain/passport/crypto-signer.ts +157 -0
package/src/domain/passport/discovery/agent-discovery.test.ts +296 -0
package/src/domain/passport/discovery/agent-discovery.ts +325 -0
package/src/domain/passport/discovery/autonomy-analyzer.test.ts +141 -0
package/src/domain/passport/discovery/autonomy-analyzer.ts +113 -0
package/src/domain/passport/discovery/permission-scanner.test.ts +191 -0
package/src/domain/passport/discovery/permission-scanner.ts +414 -0
package/src/domain/passport/export/a2a-mapper.ts +75 -0
package/src/domain/passport/export/aiuc1-mapper.ts +126 -0
package/src/domain/passport/export/export.test.ts +207 -0
package/src/domain/passport/export/index.ts +41 -0
package/src/domain/passport/export/nist-mapper.ts +227 -0
package/src/domain/passport/import/a2a-importer.test.ts +133 -0
package/src/domain/passport/import/a2a-importer.ts +156 -0
package/src/domain/passport/import/index.ts +2 -0
package/src/domain/passport/index.ts +32 -0
package/src/domain/passport/obligation-field-map.test.ts +113 -0
package/src/domain/passport/obligation-field-map.ts +117 -0
package/src/domain/passport/passport-validator.test.ts +156 -0
package/src/domain/passport/passport-validator.ts +126 -0
package/src/domain/passport/scan-to-compliance.test.ts +336 -0
package/src/domain/passport/scan-to-compliance.ts +166 -0
package/src/domain/passport/test-generator.test.ts +93 -0
package/src/domain/passport/test-generator.ts +136 -0
package/src/domain/proxy/index.ts +11 -0
package/src/domain/proxy/json-rpc.test.ts +72 -0
package/src/domain/proxy/json-rpc.ts +53 -0
package/src/domain/proxy/policy-engine.test.ts +259 -0
package/src/domain/proxy/policy-engine.ts +137 -0
package/src/domain/proxy/proxy-bridge.ts +125 -0
package/src/domain/proxy/proxy-interceptor.test.ts +184 -0
package/src/domain/proxy/proxy-interceptor.ts +120 -0
package/src/domain/proxy/proxy-types.ts +35 -0
package/src/domain/registry/compute-agent-score.test.ts +279 -0
package/src/domain/registry/compute-agent-score.ts +162 -0
package/src/domain/reporter/audit-report.test.ts +87 -0
package/src/domain/reporter/audit-report.ts +116 -0
package/src/domain/reporter/badge-generator.test.ts +54 -0
package/src/domain/reporter/badge-generator.ts +40 -0
package/src/domain/reporter/compliance-md.ts +45 -0
package/src/domain/reporter/index.ts +7 -0
package/src/domain/reporter/pdf-renderer.ts +282 -0
package/src/domain/reporter/share.test.ts +92 -0
package/src/domain/reporter/share.ts +80 -0
package/src/domain/scanner/ast/swc-analyzer.test.ts +49 -0
package/src/domain/scanner/ast/swc-analyzer.ts +124 -0
package/src/domain/scanner/attestations.ts +97 -0
package/src/domain/scanner/checks/ai-disclosure.test.ts +90 -0
package/src/domain/scanner/checks/ai-disclosure.ts +54 -0
package/src/domain/scanner/checks/ai-literacy.ts +163 -0
package/src/domain/scanner/checks/behavioral-constraints.test.ts +167 -0
package/src/domain/scanner/checks/behavioral-constraints.ts +86 -0
package/src/domain/scanner/checks/compliance-metadata.ts +63 -0
package/src/domain/scanner/checks/content-marking.ts +74 -0
package/src/domain/scanner/checks/dep-deep-scan.test.ts +318 -0
package/src/domain/scanner/checks/dep-deep-scan.ts +137 -0
package/src/domain/scanner/checks/documentation.test.ts +88 -0
package/src/domain/scanner/checks/documentation.ts +79 -0
package/src/domain/scanner/checks/git-history.test.ts +120 -0
package/src/domain/scanner/checks/git-history.ts +163 -0
package/src/domain/scanner/checks/gpai-systemic-risk.test.ts +84 -0
package/src/domain/scanner/checks/gpai-systemic-risk.ts +98 -0
package/src/domain/scanner/checks/gpai-transparency.ts +94 -0
package/src/domain/scanner/checks/index.ts +28 -0
package/src/domain/scanner/checks/industry/index.ts +40 -0
package/src/domain/scanner/checks/industry/industry.test.ts +287 -0
package/src/domain/scanner/checks/interaction-logging.test.ts +113 -0
package/src/domain/scanner/checks/interaction-logging.ts +142 -0
package/src/domain/scanner/checks/nhi-scanner.test.ts +158 -0
package/src/domain/scanner/checks/nhi-scanner.ts +78 -0
package/src/domain/scanner/checks/passport-completeness.test.ts +127 -0
package/src/domain/scanner/checks/passport-completeness.ts +82 -0
package/src/domain/scanner/checks/passport-presence.test.ts +56 -0
package/src/domain/scanner/checks/passport-presence.ts +78 -0
package/src/domain/scanner/checks/pattern-check-factory.ts +70 -0
package/src/domain/scanner/checks/permission-scanner.test.ts +279 -0
package/src/domain/scanner/checks/permission-scanner.ts +90 -0
package/src/domain/scanner/checks/presence-check-factory.test.ts +124 -0
package/src/domain/scanner/checks/presence-check-factory.ts +275 -0
package/src/domain/scanner/compliance-diff.test.ts +165 -0
package/src/domain/scanner/compliance-diff.ts +138 -0
package/src/domain/scanner/confidence.test.ts +235 -0
package/src/domain/scanner/confidence.ts +156 -0
package/src/domain/scanner/constants.ts +13 -0
package/src/domain/scanner/create-scanner.ts +573 -0
package/src/domain/scanner/cross-layer.test.ts +372 -0
package/src/domain/scanner/cross-layer.ts +232 -0
package/src/domain/scanner/data/ai-packages.ts +82 -0
package/src/domain/scanner/debt-calculator.test.ts +89 -0
package/src/domain/scanner/debt-calculator.ts +111 -0
package/src/domain/scanner/drift.test.ts +191 -0
package/src/domain/scanner/drift.ts +73 -0
package/src/domain/scanner/evidence-store.test.ts +207 -0
package/src/domain/scanner/evidence-store.ts +195 -0
package/src/domain/scanner/evidence.test.ts +104 -0
package/src/domain/scanner/evidence.ts +71 -0
package/src/domain/scanner/external/bandit-runner.test.ts +45 -0
package/src/domain/scanner/external/bandit-runner.ts +90 -0
package/src/domain/scanner/external/checks.ts +321 -0
package/src/domain/scanner/external/dedup.test.ts +79 -0
package/src/domain/scanner/external/dedup.ts +94 -0
package/src/domain/scanner/external/detect-secrets-runner.test.ts +58 -0
package/src/domain/scanner/external/detect-secrets-runner.ts +81 -0
package/src/domain/scanner/external/external-scanner.test.ts +221 -0
package/src/domain/scanner/external/external-scanner.ts +36 -0
package/src/domain/scanner/external/finding-mapper.test.ts +95 -0
package/src/domain/scanner/external/finding-mapper.ts +138 -0
package/src/domain/scanner/external/index.ts +15 -0
package/src/domain/scanner/external/mappings.ts +93 -0
package/src/domain/scanner/external/modelscan-runner.test.ts +35 -0
package/src/domain/scanner/external/modelscan-runner.ts +101 -0
package/src/domain/scanner/external/path-utils.ts +8 -0
package/src/domain/scanner/external/runner-port.ts +45 -0
package/src/domain/scanner/external/semgrep-runner.test.ts +52 -0
package/src/domain/scanner/external/semgrep-runner.ts +94 -0
package/src/domain/scanner/external/types.ts +32 -0
package/src/domain/scanner/finding-attribution.test.ts +444 -0
package/src/domain/scanner/finding-attribution.ts +195 -0
package/src/domain/scanner/finding-explainer.test.ts +157 -0
package/src/domain/scanner/finding-explainer.ts +73 -0
package/src/domain/scanner/fix-diff-builder.test.ts +272 -0
package/src/domain/scanner/fix-diff-builder.ts +477 -0
package/src/domain/scanner/import-graph.test.ts +162 -0
package/src/domain/scanner/import-graph.ts +198 -0
package/src/domain/scanner/languages/adapter.test.ts +105 -0
package/src/domain/scanner/languages/adapter.ts +239 -0
package/src/domain/scanner/layers/index.ts +24 -0
package/src/domain/scanner/layers/layer1-files.ts +54 -0
package/src/domain/scanner/layers/layer2-docs.test.ts +1207 -0
package/src/domain/scanner/layers/layer2-docs.ts +297 -0
package/src/domain/scanner/layers/layer2-parsing.ts +217 -0
package/src/domain/scanner/layers/layer3-config.test.ts +187 -0
package/src/domain/scanner/layers/layer3-config.ts +279 -0
package/src/domain/scanner/layers/layer3-parsers.ts +73 -0
package/src/domain/scanner/layers/layer4-patterns.test.ts +397 -0
package/src/domain/scanner/layers/layer4-patterns.ts +216 -0
package/src/domain/scanner/layers/layer5-docs.test.ts +99 -0
package/src/domain/scanner/layers/layer5-docs.ts +250 -0
package/src/domain/scanner/layers/layer5-llm.test.ts +146 -0
package/src/domain/scanner/layers/layer5-llm.ts +262 -0
package/src/domain/scanner/layers/layer5-targeted.test.ts +93 -0
package/src/domain/scanner/layers/layer5-targeted.ts +233 -0
package/src/domain/scanner/layers/lockfile-parsers.test.ts +320 -0
package/src/domain/scanner/layers/lockfile-parsers.ts +184 -0
package/src/domain/scanner/regulation-version.test.ts +54 -0
package/src/domain/scanner/regulation-version.ts +23 -0
package/src/domain/scanner/role-filter.test.ts +116 -0
package/src/domain/scanner/role-filter.ts +51 -0
package/src/domain/scanner/rules/banned-packages-data.ts +553 -0
package/src/domain/scanner/rules/banned-packages-sdk.ts +65 -0
package/src/domain/scanner/rules/banned-packages.test.ts +249 -0
package/src/domain/scanner/rules/banned-packages.ts +55 -0
package/src/domain/scanner/rules/comment-filter.test.ts +115 -0
package/src/domain/scanner/rules/comment-filter.ts +297 -0
package/src/domain/scanner/rules/index.ts +9 -0
package/src/domain/scanner/rules/nhi-patterns.test.ts +128 -0
package/src/domain/scanner/rules/nhi-patterns.ts +60 -0
package/src/domain/scanner/rules/pattern-rules.ts +1152 -0
package/src/domain/scanner/sbom.test.ts +136 -0
package/src/domain/scanner/sbom.ts +103 -0
package/src/domain/scanner/scan-cache.test.ts +136 -0
package/src/domain/scanner/scan-cache.ts +115 -0
package/src/domain/scanner/scanner.test.ts +125 -0
package/src/domain/scanner/score-calculator.test.ts +363 -0
package/src/domain/scanner/score-calculator.ts +189 -0
package/src/domain/scanner/security-score.test.ts +107 -0
package/src/domain/scanner/security-score.ts +116 -0
package/src/domain/scanner/source-filter.ts +24 -0
package/src/domain/scanner/validators.ts +223 -0
package/src/domain/shared/compliance-constants.ts +48 -0
package/src/domain/shared/disclosure-patterns.ts +16 -0
package/src/domain/shared/index.ts +6 -0
package/src/domain/shared/parse-dependencies.ts +21 -0
package/src/domain/supply-chain/dependency-analyzer.ts +138 -0
package/src/domain/supply-chain/index.ts +3 -0
package/src/domain/supply-chain/supply-chain.test.ts +211 -0
package/src/domain/supply-chain/types.ts +32 -0
package/src/domain/whatif/config-fixer.ts +187 -0
package/src/domain/whatif/index.ts +6 -0
package/src/domain/whatif/scenario-engine.ts +121 -0
package/src/domain/whatif/simulate-actions.test.ts +161 -0
package/src/domain/whatif/simulate-actions.ts +114 -0
package/src/domain/whatif/whatif.test.ts +135 -0
package/src/e2e/gaps-e2e.test.ts +259 -0
package/src/e2e/smoke.test.ts +101 -0
package/src/hooks/hooks-export.test.ts +81 -0
package/src/hooks/installer.ts +113 -0
package/src/http/cors.test.ts +38 -0
package/src/http/create-router.ts +259 -0
package/src/http/routes/agent.route.ts +380 -0
package/src/http/routes/audit.route.ts +66 -0
package/src/http/routes/badge.route.ts +23 -0
package/src/http/routes/cert.route.ts +66 -0
package/src/http/routes/chat.route.ts +228 -0
package/src/http/routes/cost.route.ts +33 -0
package/src/http/routes/debt.route.ts +29 -0
package/src/http/routes/disclaimer.route.ts +64 -0
package/src/http/routes/eval.route.ts +161 -0
package/src/http/routes/events.route.test.ts +108 -0
package/src/http/routes/events.route.ts +71 -0
package/src/http/routes/external-scan.route.ts +24 -0
package/src/http/routes/file.route.ts +54 -0
package/src/http/routes/fix.route.ts +219 -0
package/src/http/routes/frameworks.route.test.ts +66 -0
package/src/http/routes/frameworks.route.ts +36 -0
package/src/http/routes/git.route.ts +27 -0
package/src/http/routes/guided-onboarding.route.ts +65 -0
package/src/http/routes/import.route.ts +64 -0
package/src/http/routes/jurisdiction.route.ts +22 -0
package/src/http/routes/obligations.route.test.ts +122 -0
package/src/http/routes/obligations.route.ts +110 -0
package/src/http/routes/onboarding.route.ts +53 -0
package/src/http/routes/provider.route.ts +42 -0
package/src/http/routes/proxy.route.ts +40 -0
package/src/http/routes/redteam.route.ts +84 -0
package/src/http/routes/report.route.ts +29 -0
package/src/http/routes/scan.route.ts +104 -0
package/src/http/routes/share.route.ts +44 -0
package/src/http/routes/shell.route.ts +27 -0
package/src/http/routes/status.route.ts +66 -0
package/src/http/routes/supply-chain.route.ts +121 -0
package/src/http/routes/sync.route.ts +328 -0
package/src/http/routes/tools.route.ts +29 -0
package/src/http/routes/whatif.route.ts +96 -0
package/src/http/utils/validation.ts +31 -0
package/src/index.ts +1 -0
package/src/infra/bundle-fetcher.ts +77 -0
package/src/infra/cache-storage.ts +34 -0
package/src/infra/event-bus.ts +31 -0
package/src/infra/file-collector.ts +61 -0
package/src/infra/file-ops-adapter.ts +95 -0
package/src/infra/file-watcher.test.ts +90 -0
package/src/infra/file-watcher.ts +106 -0
package/src/infra/git-adapter.ts +93 -0
package/src/infra/git-history-adapter.ts +41 -0
package/src/infra/headless-browser.ts +178 -0
package/src/infra/llm-adapter.test.ts +83 -0
package/src/infra/llm-adapter.ts +86 -0
package/src/infra/logger.ts +27 -0
package/src/infra/project-config.test.ts +74 -0
package/src/infra/project-config.ts +35 -0
package/src/infra/rate-limiter.test.ts +36 -0
package/src/infra/rate-limiter.ts +34 -0
package/src/infra/retry.ts +46 -0
package/src/infra/saas-client.ts +123 -0
package/src/infra/search-adapter.ts +113 -0
package/src/infra/shell-adapter.ts +68 -0
package/src/infra/tool-manager.test.ts +99 -0
package/src/infra/tool-manager.ts +197 -0
package/src/llm/agents/agent-modes.test.ts +44 -0
package/src/llm/agents/modes.ts +68 -0
package/src/llm/routing/cost-routing.test.ts +37 -0
package/src/llm/routing/cost-tracker.ts +74 -0
package/src/llm/routing/model-routing.test.ts +79 -0
package/src/llm/routing/model-routing.ts +38 -0
package/src/llm/routing/pricing.ts +19 -0
package/src/llm/sse-protocol.ts +77 -0
package/src/llm/tool-definitions.ts +83 -0
package/src/llm/tool-executors.ts +80 -0
package/src/llm/tools/types.ts +13 -0
package/src/mcp/create-mcp-stack.ts +82 -0
package/src/mcp/handlers.ts +245 -0
package/src/mcp/index.ts +28 -0
package/src/mcp/mcp-server.test.ts +80 -0
package/src/mcp/server.ts +79 -0
package/src/mcp/tools.ts +48 -0
package/src/onboarding/auto-detect.ts +164 -0
package/src/onboarding/onboarding.test.ts +89 -0
package/src/onboarding/profile.ts +169 -0
package/src/onboarding/questions.ts +112 -0
package/src/onboarding/wizard.ts +66 -0
package/src/output/github-issue.ts +32 -0
package/src/output/json-output.ts +67 -0
package/src/ports/browser.port.ts +23 -0
package/src/ports/events.port.ts +28 -0
package/src/ports/llm.port.ts +23 -0
package/src/ports/logger.port.ts +6 -0
package/src/ports/process.port.ts +6 -0
package/src/ports/scanner.port.ts +15 -0
package/src/server.ts +134 -0
package/src/services/badge-service.ts +67 -0
package/src/services/chat-service.test.ts +162 -0
package/src/services/chat-service.ts +152 -0
package/src/services/cost-service.ts +52 -0
package/src/services/debt-service.ts +65 -0
package/src/services/eval-integration.test.ts +132 -0
package/src/services/eval-service.test.ts +373 -0
package/src/services/eval-service.ts +463 -0
package/src/services/external-scan-service.ts +60 -0
package/src/services/file-service.ts +37 -0
package/src/services/fix-service.test.ts +470 -0
package/src/services/fix-service.ts +648 -0
package/src/services/framework-service.test.ts +159 -0
package/src/services/framework-service.ts +67 -0
package/src/services/onboarding-service.ts +165 -0
package/src/services/passport-audit.ts +244 -0
package/src/services/passport-documents.ts +258 -0
package/src/services/passport-service-utils.ts +72 -0
package/src/services/passport-service.test.ts +251 -0
package/src/services/passport-service.ts +339 -0
package/src/services/proxy-service.ts +81 -0
package/src/services/report-service.ts +72 -0
package/src/services/scan-service.test.ts +470 -0
package/src/services/scan-service.ts +335 -0
package/src/services/share-service.ts +108 -0
package/src/services/shared/backup.ts +23 -0
package/src/services/status-service.ts +38 -0
package/src/services/undo-service.test.ts +190 -0
package/src/services/undo-service.ts +144 -0
package/src/test-helpers/factories.ts +116 -0
package/src/types/common.schemas.ts +147 -0
package/src/types/common.types.ts +292 -0
package/src/types/contract.test.ts +217 -0
package/src/types/errors.ts +52 -0
package/src/types/framework.types.ts +87 -0
package/src/types/passport-schemas.ts +241 -0
package/src/types/passport.types.ts +296 -0
package/src/version.ts +1 -0
package/tsconfig.json +20 -0
package/vitest.config.ts +9 -0

package/src/domain/scanner/checks/nhi-scanner.test.ts ADDED Viewed

@@ -0,0 +1,158 @@
+import { describe, it, expect } from 'vitest';
+import { runNhiScan, nhiToCheckResults } from './nhi-scanner.js';
+import type { ScanContext } from '../../../ports/scanner.port.js';
+const makeCtx = (files: { relativePath: string; content: string }[]): ScanContext => ({
+  projectPath: '/test',
+  files: files.map(f => ({
+    path: `/test/${f.relativePath}`,
+    relativePath: f.relativePath,
+    content: f.content,
+    extension: f.relativePath.split('.').pop() ?? '',
+  })),
+});
+describe('runNhiScan', () => {
+  it('detects OpenAI key in source', () => {
+    const ctx = makeCtx([{
+      relativePath: 'src/config.ts',
+      content: 'const key = "sk-abcdefghijklmnopqrstuvwxyz123456";',
+    }]);
+    const results = runNhiScan(ctx);
+    expect(results.length).toBe(1);
+    expect(results[0].category).toBe('api_key');
+    expect(results[0].file).toBe('src/config.ts');
+    expect(results[0].line).toBe(1);
+  });
+  it('detects multiple secrets in same file', () => {
+    const ctx = makeCtx([{
+      relativePath: 'src/config.ts',
+      content: 'const openai = "sk-abcdefghijklmnopqrstuvwxyz123456";\nconst aws = "AKIAIOSFODNN7EXAMPLE";',
+    }]);
+    const results = runNhiScan(ctx);
+    expect(results.length).toBe(2);
+  });
+  it('skips test files', () => {
+    const ctx = makeCtx([{
+      relativePath: 'src/config.test.ts',
+      content: 'const key = "sk-abcdefghijklmnopqrstuvwxyz123456";',
+    }]);
+    const results = runNhiScan(ctx);
+    expect(results.length).toBe(0);
+  });
+  it('skips .env.example files', () => {
+    const ctx = makeCtx([{
+      relativePath: '.env.example',
+      content: 'OPENAI_KEY=sk-abcdefghijklmnopqrstuvwxyz123456',
+    }]);
+    const results = runNhiScan(ctx);
+    expect(results.length).toBe(0);
+  });
+  it('detects private key', () => {
+    const ctx = makeCtx([{
+      relativePath: 'certs/key.pem',
+      content: '-----BEGIN RSA PRIVATE KEY-----\nMIIBogIBAAJBALRiMLAH...',
+    }]);
+    const results = runNhiScan(ctx);
+    expect(results.length).toBe(1);
+    expect(results[0].category).toBe('secret');
+  });
+  it('detects GCP service account', () => {
+    const ctx = makeCtx([{
+      relativePath: 'gcp-creds.json',
+      content: '{\n"type": "service_account",\n"project_id": "test"\n}',
+    }]);
+    const results = runNhiScan(ctx);
+    expect(results.length).toBe(1);
+    expect(results[0].category).toBe('service_account');
+  });
+  it('detects JWT token', () => {
+    const ctx = makeCtx([{
+      relativePath: 'src/auth.ts',
+      content: 'const token = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.abc123def456";',
+    }]);
+    const results = runNhiScan(ctx);
+    expect(results.length).toBe(1);
+    expect(results[0].category).toBe('token');
+  });
+  it('masks detected secrets', () => {
+    const ctx = makeCtx([{
+      relativePath: 'src/config.ts',
+      content: 'const key = "sk-abcdefghijklmnopqrstuvwxyz123456";',
+    }]);
+    const results = runNhiScan(ctx);
+    expect(results[0].match).not.toContain('abcdefghijklmnopqrstuvwxyz');
+    expect(results[0].match).toMatch(/^sk-a\.\.\.3456$/);
+  });
+  it('returns empty for clean codebase', () => {
+    const ctx = makeCtx([{
+      relativePath: 'src/app.ts',
+      content: 'const app = express();\napp.listen(3000);',
+    }]);
+    const results = runNhiScan(ctx);
+    expect(results.length).toBe(0);
+  });
+  it('detects connection strings', () => {
+    const ctx = makeCtx([{
+      relativePath: 'src/db.ts',
+      content: 'const url = "mongodb://admin:secretpass@cluster.mongodb.net/db";',
+    }]);
+    const results = runNhiScan(ctx);
+    expect(results.length).toBe(1);
+    expect(results[0].category).toBe('secret');
+  });
+});
+describe('nhiToCheckResults', () => {
+  it('returns pass when no findings', () => {
+    const results = nhiToCheckResults([]);
+    expect(results.length).toBe(1);
+    expect(results[0].type).toBe('pass');
+    expect(results[0].checkId).toBe('l4-nhi-clean');
+  });
+  it('converts findings to fail check results', () => {
+    const findings = [{
+      patternId: 'nhi-openai-key',
+      patternName: 'OpenAI API Key',
+      category: 'api_key' as const,
+      severity: 'critical' as const,
+      file: 'src/config.ts',
+      line: 5,
+      match: 'sk-a...3456',
+      description: 'OpenAI API key detected',
+    }];
+    const results = nhiToCheckResults(findings);
+    expect(results.length).toBe(1);
+    expect(results[0].type).toBe('fail');
+    expect(results[0].checkId).toBe('l4-nhi-api_key');
+    if (results[0].type === 'fail') {
+      expect(results[0].severity).toBe('critical');
+      expect(results[0].articleReference).toBe('Art. 15(4)');
+      expect(results[0].file).toBe('src/config.ts');
+      expect(results[0].line).toBe(5);
+    }
+  });
+  it('maps severity correctly', () => {
+    const makeFinding = (severity: 'critical' | 'high' | 'medium') => [{
+      patternId: 'test', patternName: 'Test', category: 'secret' as const,
+      severity, file: 'f.ts', line: 1, match: '***', description: 'test',
+    }];
+    const critical = nhiToCheckResults(makeFinding('critical'));
+    if (critical[0].type === 'fail') expect(critical[0].severity).toBe('critical');
+    const high = nhiToCheckResults(makeFinding('high'));
+    if (high[0].type === 'fail') expect(high[0].severity).toBe('high');
+    const medium = nhiToCheckResults(makeFinding('medium'));
+    if (medium[0].type === 'fail') expect(medium[0].severity).toBe('medium');
+  });
+});

package/src/domain/scanner/checks/nhi-scanner.ts ADDED Viewed

@@ -0,0 +1,78 @@
+import type { CheckResult, Severity } from '../../../types/common.types.js';
+import type { ScanContext } from '../../../ports/scanner.port.js';
+import { NHI_PATTERNS, shouldScanFile, type NhiCategory, type NhiPattern } from '../rules/nhi-patterns.js';
+export interface NhiCheckResult {
+  readonly patternId: string;
+  readonly patternName: string;
+  readonly category: NhiCategory;
+  readonly severity: 'critical' | 'high' | 'medium';
+  readonly file: string;
+  readonly line: number;
+  readonly match: string;
+  readonly description: string;
+}
+const scanLine = (line: string, lineNum: number, file: string, pattern: NhiPattern): NhiCheckResult | null => {
+  const match = pattern.pattern.exec(line);
+  if (!match) return null;
+  // Mask the matched value for security (show first 4 + last 4 chars)
+  const val = match[0];
+  const masked = val.length > 12
+    ? `${val.slice(0, 4)}...${val.slice(-4)}`
+    : '***';
+  return {
+    patternId: pattern.id,
+    patternName: pattern.name,
+    category: pattern.category,
+    severity: pattern.severity,
+    file,
+    line: lineNum,
+    match: masked,
+    description: pattern.description,
+  };
+};
+export const runNhiScan = (ctx: ScanContext): readonly NhiCheckResult[] => {
+  const results: NhiCheckResult[] = [];
+  for (const file of ctx.files) {
+    if (!shouldScanFile(file.relativePath)) continue;
+    const lines = file.content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      for (const pattern of NHI_PATTERNS) {
+        const result = scanLine(line, i + 1, file.relativePath, pattern);
+        if (result) results.push(result);
+      }
+    }
+  }
+  return results;
+};
+const toSeverity = (s: string): Severity =>
+  (s === 'critical' || s === 'high' || s === 'medium') ? s : 'high';
+export const nhiToCheckResults = (results: readonly NhiCheckResult[]): readonly CheckResult[] => {
+  if (results.length === 0) {
+    return [{
+      type: 'pass',
+      checkId: 'l4-nhi-clean',
+      message: 'No non-human identity secrets detected in source code',
+    }];
+  }
+  return results.map((r): CheckResult => ({
+    type: 'fail',
+    checkId: `l4-nhi-${r.category}`,
+    message: `${r.description}: ${r.match} in ${r.file}:${r.line}`,
+    severity: toSeverity(r.severity),
+    obligationId: 'eu-ai-act-OBL-015',
+    articleReference: 'Art. 15(4)',
+    fix: 'Remove or externalize the secret from source code. Use environment variables or a secrets manager.',
+    file: r.file,
+    line: r.line,
+  }));
+};

package/src/domain/scanner/checks/passport-completeness.test.ts ADDED Viewed

@@ -0,0 +1,127 @@
+import { describe, it, expect } from 'vitest';
+import { checkPassportCompleteness } from './passport-completeness.js';
+import { createScanFile, createScanCtx } from '../../../test-helpers/factories.js';
+// All 27 required deep-path fields from OBLIGATION_FIELD_MAP must be present and non-empty.
+const fullManifest = JSON.stringify({
+  agent_id: 'uuid-123',
+  name: 'test-bot',
+  display_name: 'Test Bot',
+  version: '1.0.0',
+  description: 'A test bot',
+  type: 'assistant',
+  autonomy_level: 'L2',
+  autonomy_evidence: { human_approval_gates: 1, unsupervised_actions: 0, no_logging_actions: 0, auto_rated: true },
+  framework: 'openai',
+  model: { provider: 'openai', model_id: 'gpt-4', data_residency: 'us' },
+  owner: { team: 'eng', contact: 'eng@co.com', responsible_person: 'Jane' },
+  permissions: { tools: ['search'], denied: [] },
+  constraints: { human_approval_required: ['deploy'], prohibited_actions: ['social_scoring'] },
+  compliance: { eu_ai_act: { risk_class: 'limited' }, complior_score: 80, last_scan: '2026-03-01' },
+  disclosure: { user_facing: true, disclosure_text: 'AI system', ai_marking: { responses_marked: true, method: 'badge' } },
+  logging: { actions_logged: true, retention_days: 180 },
+  lifecycle: { status: 'active', next_review: '2026-06-01', review_frequency_days: 90 },
+  signature: { algorithm: 'ed25519', value: 'abc' },
+  source: { mode: 'auto', confidence: 0.9 },
+});
+describe('checkPassportCompleteness', () => {
+  it('passes for fully complete passport', () => {
+    const ctx = createScanCtx([
+      createScanFile('.complior/agents/test-bot-manifest.json', fullManifest),
+    ]);
+    const results = checkPassportCompleteness(ctx);
+    expect(results).toHaveLength(1);
+    expect(results[0].type).toBe('pass');
+    expect(results[0].message).toContain('100%');
+  });
+  it('fails for partially complete passport', () => {
+    const partial = JSON.stringify({
+      name: 'test-bot',
+      version: '1.0.0',
+      description: 'A test bot',
+      compliance: { eu_ai_act: { risk_class: 'limited' } },
+    });
+    const ctx = createScanCtx([
+      createScanFile('.complior/agents/test-bot-manifest.json', partial),
+    ]);
+    const results = checkPassportCompleteness(ctx);
+    expect(results).toHaveLength(1);
+    expect(results[0].type).toBe('fail');
+    if (results[0].type === 'fail') {
+      expect(results[0].message).toMatch(/\d+%/);
+    }
+  });
+  it('fails with high severity for mostly empty passport', () => {
+    const minimal = JSON.stringify({
+      name: 'test-bot',
+      compliance: { eu_ai_act: { risk_class: 'high' } },
+    });
+    const ctx = createScanCtx([
+      createScanFile('.complior/agents/test-bot-manifest.json', minimal),
+    ]);
+    const results = checkPassportCompleteness(ctx);
+    expect(results).toHaveLength(1);
+    expect(results[0].type).toBe('fail');
+    if (results[0].type === 'fail') {
+      expect(results[0].severity).toBe('high');
+    }
+  });
+  it('checks deep paths — empty owner object counts as unfilled', () => {
+    const emptyNested = JSON.stringify({
+      name: 'test-bot',
+      version: '1.0.0',
+      description: 'A test bot',
+      agent_id: 'uuid-123',
+      type: 'assistant',
+      framework: 'openai',
+      autonomy_level: 'L2',
+      model: {},           // empty — deep path model.provider not filled
+      owner: {},           // empty — deep path owner.team not filled
+      permissions: {},     // empty — deep path permissions.tools not filled
+      constraints: [],     // empty array
+      compliance: { eu_ai_act: { risk_class: 'limited' } },
+    });
+    const ctx = createScanCtx([
+      createScanFile('.complior/agents/test-bot-manifest.json', emptyNested),
+    ]);
+    const results = checkPassportCompleteness(ctx);
+    expect(results).toHaveLength(1);
+    expect(results[0].type).toBe('fail');
+    // Deep-path checking: owner.team/contact/responsible_person, model.provider/model_id all empty
+    expect(results[0].message).toMatch(/\d+\/\d+ fields/);
+  });
+  it('requires oversight fields for high-risk passports', () => {
+    // A high-risk passport without oversight should have more missing fields
+    const highRiskNoOversight = JSON.stringify({
+      ...JSON.parse(fullManifest),
+      compliance: { eu_ai_act: { risk_class: 'high' }, complior_score: 80, last_scan: '2026-03-01' },
+    });
+    const ctx = createScanCtx([
+      createScanFile('.complior/agents/test-bot-manifest.json', highRiskNoOversight),
+    ]);
+    const results = checkPassportCompleteness(ctx);
+    expect(results).toHaveLength(1);
+    expect(results[0].type).toBe('fail');
+    // Missing oversight.responsible_person and oversight.override_mechanism
+    expect(results[0].message).toMatch(/\d+\/\d+ fields/);
+  });
+  it('returns empty for no manifest files', () => {
+    const ctx = createScanCtx([
+      createScanFile('package.json', '{"dependencies":{"openai":"^4.0.0"}}'),
+    ]);
+    const results = checkPassportCompleteness(ctx);
+    expect(results).toHaveLength(0);
+  });
+});

package/src/domain/scanner/checks/passport-completeness.ts ADDED Viewed

@@ -0,0 +1,82 @@
+import type { CheckResult } from '../../../types/common.types.js';
+import type { ScanContext } from '../../../ports/scanner.port.js';
+import { filterPassportManifests, extractRiskClass } from '../../passport/builder/manifest-files.js';
+import { OBLIGATION_FIELD_MAP, getFieldValue, isNonEmpty } from '../../passport/obligation-field-map.js';
+const CHECK_ID = 'passport-completeness';
+const ARTICLE_REF = 'Art. 26(4)';
+const OBLIGATION_ID = 'eu-ai-act-OBL-011';
+/** Deep-path fields required for all risk levels. */
+const BASE_FIELDS = OBLIGATION_FIELD_MAP.filter((m) => m.required).map((m) => m.field);
+/** Additional fields required for high-risk / prohibited passports. */
+const HIGH_RISK_EXTRA = ['oversight.responsible_person', 'oversight.override_mechanism'] as const;
+const countDeepFields = (manifest: Record<string, unknown>, fields: readonly string[]): number => {
+  let filled = 0;
+  for (const fieldPath of fields) {
+    const value = getFieldValue(manifest as never, fieldPath);
+    if (isNonEmpty(value)) {
+      filled++;
+    }
+  }
+  return filled;
+};
+export const checkPassportCompleteness = (ctx: ScanContext): readonly CheckResult[] => {
+  const passportFiles = filterPassportManifests(ctx.files);
+  if (passportFiles.length === 0) {
+    return [];
+  }
+  const results: CheckResult[] = [];
+  for (const file of passportFiles) {
+    try {
+      const manifest = JSON.parse(file.content) as Record<string, unknown>;
+      const risk = extractRiskClass(manifest);
+      const requiredFields = risk === 'high' || risk === 'prohibited'
+        ? [...BASE_FIELDS, ...HIGH_RISK_EXTRA]
+        : BASE_FIELDS;
+      const totalRequired = requiredFields.length;
+      const filled = countDeepFields(manifest, requiredFields);
+      const pct = Math.round((filled / totalRequired) * 100);
+      const name = (manifest.name as string) ?? file.relativePath;
+      if (pct >= 100) {
+        results.push({
+          type: 'pass',
+          checkId: CHECK_ID,
+          message: `Passport Completeness: ${pct}% (${filled}/${totalRequired} fields) — ${name}`,
+        });
+      } else {
+        results.push({
+          type: 'fail',
+          checkId: CHECK_ID,
+          message: `Passport Completeness: ${pct}% (${filled}/${totalRequired} fields) — ${name} (${ARTICLE_REF})`,
+          severity: pct < 50 ? 'high' : 'medium',
+          obligationId: OBLIGATION_ID,
+          articleReference: ARTICLE_REF,
+          fix: `Fill missing passport fields using \`complior agent init --force\` or manual edit`,
+          file: file.relativePath,
+        });
+      }
+    } catch {
+      results.push({
+        type: 'fail',
+        checkId: CHECK_ID,
+        message: `Invalid passport manifest: ${file.relativePath}`,
+        severity: 'high',
+        obligationId: OBLIGATION_ID,
+        articleReference: ARTICLE_REF,
+        fix: 'Regenerate passport with `complior agent init --force`',
+        file: file.relativePath,
+      });
+    }
+  }
+  return results;
+};

package/src/domain/scanner/checks/passport-presence.test.ts ADDED Viewed

@@ -0,0 +1,56 @@
+import { describe, it, expect } from 'vitest';
+import { checkPassportPresence } from './passport-presence.js';
+import { createScanFile, createScanCtx } from '../../../test-helpers/factories.js';
+describe('checkPassportPresence', () => {
+  it('passes when passport manifest found', () => {
+    const ctx = createScanCtx([
+      createScanFile('.complior/agents/my-bot-manifest.json', '{"name":"my-bot"}'),
+      createScanFile('package.json', '{"dependencies":{"openai":"^4.0.0"}}'),
+    ]);
+    const results = checkPassportPresence(ctx);
+    expect(results).toHaveLength(1);
+    expect(results[0].type).toBe('pass');
+    expect(results[0].message).toContain('Agent Passport found');
+  });
+  it('fails when AI SDK detected but no passport', () => {
+    const ctx = createScanCtx([
+      createScanFile('package.json', '{"dependencies":{"openai":"^4.0.0"}}'),
+      createScanFile('src/app.ts', 'const x = 1;'),
+    ]);
+    const results = checkPassportPresence(ctx);
+    expect(results).toHaveLength(1);
+    expect(results[0].type).toBe('fail');
+    if (results[0].type === 'fail') {
+      expect(results[0].severity).toBe('high');
+      expect(results[0].fix).toContain('complior agent init');
+    }
+  });
+  it('skips when no AI SDK detected', () => {
+    const ctx = createScanCtx([
+      createScanFile('package.json', '{"dependencies":{"express":"^4.0.0"}}'),
+      createScanFile('src/app.ts', 'const x = 1;'),
+    ]);
+    const results = checkPassportPresence(ctx);
+    expect(results).toHaveLength(1);
+    expect(results[0].type).toBe('skip');
+  });
+  it('detects multiple passport manifests', () => {
+    const ctx = createScanCtx([
+      createScanFile('.complior/agents/bot-a-manifest.json', '{"name":"bot-a"}'),
+      createScanFile('.complior/agents/bot-b-manifest.json', '{"name":"bot-b"}'),
+      createScanFile('package.json', '{"dependencies":{"openai":"^4.0.0"}}'),
+    ]);
+    const results = checkPassportPresence(ctx);
+    expect(results).toHaveLength(1);
+    expect(results[0].type).toBe('pass');
+    expect(results[0].message).toContain('2 manifest(s)');
+  });
+});

package/src/domain/scanner/checks/passport-presence.ts ADDED Viewed

@@ -0,0 +1,78 @@
+import { readdirSync } from 'node:fs';
+import { join } from 'node:path';
+import type { CheckResult } from '../../../types/common.types.js';
+import type { ScanContext } from '../../../ports/scanner.port.js';
+import { AI_SDK_PACKAGES } from '../rules/banned-packages-sdk.js';
+import { filterPassportManifests } from '../../passport/builder/manifest-files.js';
+const CHECK_ID = 'passport-presence';
+const ARTICLE_REF = 'Art. 26(4)';
+const OBLIGATION_ID = 'eu-ai-act-OBL-011';
+const hasAiSdk = (ctx: ScanContext): boolean => {
+  const pkgFile = ctx.files.find((f) => f.relativePath.endsWith('package.json'));
+  if (!pkgFile) return false;
+  try {
+    const pkg = JSON.parse(pkgFile.content) as Record<string, unknown>;
+    const deps = {
+      ...(pkg.dependencies as Record<string, string> | undefined),
+      ...(pkg.devDependencies as Record<string, string> | undefined),
+    };
+    return Object.keys(deps).some((name) => AI_SDK_PACKAGES.has(name));
+  } catch {
+    return false;
+  }
+};
+/**
+ * Count passport manifests — first check ctx.files (covers tests and configs that
+ * include .complior), then fall back to disk read (production: .complior is excluded
+ * from EXCLUDED_DIRS in file-collector).
+ */
+const countPassportManifests = (ctx: ScanContext): number => {
+  // 1. Check scanned files (works in tests and when .complior is explicitly included)
+  const fromCtx = filterPassportManifests(ctx.files).length;
+  if (fromCtx > 0) return fromCtx;
+  // 2. Fall back to disk read (production — .complior excluded from scanning)
+  try {
+    const agentsDir = join(ctx.projectPath, '.complior', 'agents');
+    return readdirSync(agentsDir).filter(f => f.endsWith('-manifest.json')).length;
+  } catch {
+    return 0;
+  }
+};
+export const checkPassportPresence = (ctx: ScanContext): readonly CheckResult[] => {
+  const manifestCount = countPassportManifests(ctx);
+  if (manifestCount > 0) {
+    return [{
+      type: 'pass',
+      checkId: CHECK_ID,
+      message: `Agent Passport found (${manifestCount} manifest(s)) — ${ARTICLE_REF}`,
+    }];
+  }
+  // Only fail if AI SDK is detected (no passport needed without AI)
+  if (hasAiSdk(ctx)) {
+    return [{
+      type: 'fail',
+      checkId: CHECK_ID,
+      message: `No Agent Passport found — AI SDK detected but no .complior/agents/*-manifest.json (${ARTICLE_REF})`,
+      severity: 'high',
+      obligationId: OBLIGATION_ID,
+      articleReference: ARTICLE_REF,
+      fix: 'Run `complior agent init` to generate an Agent Passport for your AI system',
+    }];
+  }
+  // No AI SDK → skip
+  return [{
+    type: 'skip',
+    checkId: CHECK_ID,
+    reason: 'No AI SDK detected — passport not required',
+  }];
+};

package/src/domain/scanner/checks/pattern-check-factory.ts ADDED Viewed

@@ -0,0 +1,70 @@
+/**
+ * Factory for dual-pattern scanner checks.
+ * Handles the common pattern: search files for "positive" indicators,
+ * search for "context" indicators, return pass/fail/skip.
+ *
+ * Used by: ai-disclosure (Art. 50.1), content-marking (Art. 50.2).
+ */
+import type { CheckResult } from '../../../types/common.types.js';
+import type { ScanContext, FileInfo } from '../../../ports/scanner.port.js';
+export interface PatternCheckConfig {
+  readonly checkId: string;
+  readonly articleRef: string;
+  readonly obligationId: string;
+  readonly severity: 'critical' | 'high' | 'medium' | 'low';
+  /** Patterns that indicate compliance (e.g., disclosure text, watermarking). */
+  readonly positivePatterns: readonly RegExp[];
+  /** Patterns that indicate the feature IS used but compliance is missing (e.g., chat code, content generation). */
+  readonly contextPatterns: readonly RegExp[];
+  readonly passMessage: string;
+  readonly failMessage: string;
+  readonly skipReason: string;
+  readonly fix: string;
+  /** Optional file filter (e.g., only UI files). Defaults to all files. */
+  readonly fileFilter?: (file: FileInfo) => boolean;
+}
+export const createPatternCheck = (config: PatternCheckConfig) =>
+  (ctx: ScanContext): readonly CheckResult[] => {
+    const files = config.fileFilter ? ctx.files.filter(config.fileFilter) : ctx.files;
+    let positiveFound = false;
+    let contextFound = false;
+    for (const file of files) {
+      if (!positiveFound && config.positivePatterns.some((p) => p.test(file.content))) {
+        positiveFound = true;
+      }
+      if (!contextFound && config.contextPatterns.some((p) => p.test(file.content))) {
+        contextFound = true;
+      }
+      if (positiveFound) break;
+    }
+    if (positiveFound) {
+      return [{
+        type: 'pass',
+        checkId: config.checkId,
+        message: `${config.passMessage} (${config.articleRef})`,
+      }];
+    }
+    if (contextFound) {
+      return [{
+        type: 'fail',
+        checkId: config.checkId,
+        message: `${config.failMessage} (${config.articleRef})`,
+        severity: config.severity,
+        obligationId: config.obligationId,
+        articleReference: config.articleRef,
+        fix: config.fix,
+      }];
+    }
+    return [{
+      type: 'skip',
+      checkId: config.checkId,
+      reason: config.skipReason,
+    }];
+  };