@connexum/ai-governance 1.0.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2917) hide show
  1. package/LICENSE.md +78 -0
  2. package/README.md +582 -0
  3. package/dist/adapters/cursor.d.ts +85 -0
  4. package/dist/adapters/cursor.d.ts.map +1 -0
  5. package/dist/adapters/cursor.js +188 -0
  6. package/dist/adapters/cursor.js.map +1 -0
  7. package/dist/adapters/index.d.ts +250 -0
  8. package/dist/adapters/index.d.ts.map +1 -0
  9. package/dist/adapters/index.js +377 -0
  10. package/dist/adapters/index.js.map +1 -0
  11. package/dist/agents/compliance-agent-templates/dora.d.ts +53 -0
  12. package/dist/agents/compliance-agent-templates/dora.d.ts.map +1 -0
  13. package/dist/agents/compliance-agent-templates/dora.js +947 -0
  14. package/dist/agents/compliance-agent-templates/dora.js.map +1 -0
  15. package/dist/agents/compliance-agent-templates/eu-ai-act.d.ts +27 -0
  16. package/dist/agents/compliance-agent-templates/eu-ai-act.d.ts.map +1 -0
  17. package/dist/agents/compliance-agent-templates/eu-ai-act.js +721 -0
  18. package/dist/agents/compliance-agent-templates/eu-ai-act.js.map +1 -0
  19. package/dist/agents/compliance-agent-templates/gdpr.d.ts +25 -0
  20. package/dist/agents/compliance-agent-templates/gdpr.d.ts.map +1 -0
  21. package/dist/agents/compliance-agent-templates/gdpr.js +688 -0
  22. package/dist/agents/compliance-agent-templates/gdpr.js.map +1 -0
  23. package/dist/agents/compliance-agent-templates/hipaa.d.ts +23 -0
  24. package/dist/agents/compliance-agent-templates/hipaa.d.ts.map +1 -0
  25. package/dist/agents/compliance-agent-templates/hipaa.js +640 -0
  26. package/dist/agents/compliance-agent-templates/hipaa.js.map +1 -0
  27. package/dist/agents/compliance-agent-templates/iso27001.d.ts +30 -0
  28. package/dist/agents/compliance-agent-templates/iso27001.d.ts.map +1 -0
  29. package/dist/agents/compliance-agent-templates/iso27001.js +805 -0
  30. package/dist/agents/compliance-agent-templates/iso27001.js.map +1 -0
  31. package/dist/agents/compliance-agent-templates/iso42001.d.ts +42 -0
  32. package/dist/agents/compliance-agent-templates/iso42001.d.ts.map +1 -0
  33. package/dist/agents/compliance-agent-templates/iso42001.js +898 -0
  34. package/dist/agents/compliance-agent-templates/iso42001.js.map +1 -0
  35. package/dist/agents/compliance-agent-templates/nist-ai-rmf.d.ts +37 -0
  36. package/dist/agents/compliance-agent-templates/nist-ai-rmf.d.ts.map +1 -0
  37. package/dist/agents/compliance-agent-templates/nist-ai-rmf.js +819 -0
  38. package/dist/agents/compliance-agent-templates/nist-ai-rmf.js.map +1 -0
  39. package/dist/agents/compliance-agent-templates/pci-dss.d.ts +25 -0
  40. package/dist/agents/compliance-agent-templates/pci-dss.d.ts.map +1 -0
  41. package/dist/agents/compliance-agent-templates/pci-dss.js +658 -0
  42. package/dist/agents/compliance-agent-templates/pci-dss.js.map +1 -0
  43. package/dist/agents/compliance-agent-templates/soc2.d.ts +24 -0
  44. package/dist/agents/compliance-agent-templates/soc2.d.ts.map +1 -0
  45. package/dist/agents/compliance-agent-templates/soc2.js +643 -0
  46. package/dist/agents/compliance-agent-templates/soc2.js.map +1 -0
  47. package/dist/agents/compliance-agent-templates/types.d.ts +93 -0
  48. package/dist/agents/compliance-agent-templates/types.d.ts.map +1 -0
  49. package/dist/agents/compliance-agent-templates/types.js +34 -0
  50. package/dist/agents/compliance-agent-templates/types.js.map +1 -0
  51. package/dist/audit/audit-integrity.d.ts +88 -0
  52. package/dist/audit/audit-integrity.d.ts.map +1 -0
  53. package/dist/audit/audit-integrity.js +284 -0
  54. package/dist/audit/audit-integrity.js.map +1 -0
  55. package/dist/audit/chain-tamper-detector.d.ts +115 -0
  56. package/dist/audit/chain-tamper-detector.d.ts.map +1 -0
  57. package/dist/audit/chain-tamper-detector.js +256 -0
  58. package/dist/audit/chain-tamper-detector.js.map +1 -0
  59. package/dist/audit/compliance-reporter.d.ts +91 -0
  60. package/dist/audit/compliance-reporter.d.ts.map +1 -0
  61. package/dist/audit/compliance-reporter.js +471 -0
  62. package/dist/audit/compliance-reporter.js.map +1 -0
  63. package/dist/audit/destinations/custom-webhook.d.ts +189 -0
  64. package/dist/audit/destinations/custom-webhook.d.ts.map +1 -0
  65. package/dist/audit/destinations/custom-webhook.js +477 -0
  66. package/dist/audit/destinations/custom-webhook.js.map +1 -0
  67. package/dist/audit/destinations/datadog-logs.d.ts +241 -0
  68. package/dist/audit/destinations/datadog-logs.d.ts.map +1 -0
  69. package/dist/audit/destinations/datadog-logs.js +576 -0
  70. package/dist/audit/destinations/datadog-logs.js.map +1 -0
  71. package/dist/audit/destinations/sentinel.d.ts +336 -0
  72. package/dist/audit/destinations/sentinel.d.ts.map +1 -0
  73. package/dist/audit/destinations/sentinel.js +927 -0
  74. package/dist/audit/destinations/sentinel.js.map +1 -0
  75. package/dist/audit/destinations/sumo-logic.d.ts +227 -0
  76. package/dist/audit/destinations/sumo-logic.d.ts.map +1 -0
  77. package/dist/audit/destinations/sumo-logic.js +572 -0
  78. package/dist/audit/destinations/sumo-logic.js.map +1 -0
  79. package/dist/audit/event-bus.d.ts +79 -0
  80. package/dist/audit/event-bus.d.ts.map +1 -0
  81. package/dist/audit/event-bus.js +256 -0
  82. package/dist/audit/event-bus.js.map +1 -0
  83. package/dist/audit/narrative-generator.d.ts +91 -0
  84. package/dist/audit/narrative-generator.d.ts.map +1 -0
  85. package/dist/audit/narrative-generator.js +538 -0
  86. package/dist/audit/narrative-generator.js.map +1 -0
  87. package/dist/audit/narrative-types.d.ts +274 -0
  88. package/dist/audit/narrative-types.d.ts.map +1 -0
  89. package/dist/audit/narrative-types.js +115 -0
  90. package/dist/audit/narrative-types.js.map +1 -0
  91. package/dist/audit/provenance-signer.d.ts +158 -0
  92. package/dist/audit/provenance-signer.d.ts.map +1 -0
  93. package/dist/audit/provenance-signer.js +315 -0
  94. package/dist/audit/provenance-signer.js.map +1 -0
  95. package/dist/audit/redis-event-bus.d.ts +103 -0
  96. package/dist/audit/redis-event-bus.d.ts.map +1 -0
  97. package/dist/audit/redis-event-bus.js +310 -0
  98. package/dist/audit/redis-event-bus.js.map +1 -0
  99. package/dist/audit/report-templates/disclosure-accounting.d.ts +131 -0
  100. package/dist/audit/report-templates/disclosure-accounting.d.ts.map +1 -0
  101. package/dist/audit/report-templates/disclosure-accounting.js +195 -0
  102. package/dist/audit/report-templates/disclosure-accounting.js.map +1 -0
  103. package/dist/audit/report-templates/dora-ict-major-incident.d.ts +39 -0
  104. package/dist/audit/report-templates/dora-ict-major-incident.d.ts.map +1 -0
  105. package/dist/audit/report-templates/dora-ict-major-incident.js +227 -0
  106. package/dist/audit/report-templates/dora-ict-major-incident.js.map +1 -0
  107. package/dist/audit/report-templates/eu-ai-act-annex-iv.d.ts +38 -0
  108. package/dist/audit/report-templates/eu-ai-act-annex-iv.d.ts.map +1 -0
  109. package/dist/audit/report-templates/eu-ai-act-annex-iv.js +267 -0
  110. package/dist/audit/report-templates/eu-ai-act-annex-iv.js.map +1 -0
  111. package/dist/audit/report-templates/gdpr-data-subject-rights.d.ts +37 -0
  112. package/dist/audit/report-templates/gdpr-data-subject-rights.d.ts.map +1 -0
  113. package/dist/audit/report-templates/gdpr-data-subject-rights.js +235 -0
  114. package/dist/audit/report-templates/gdpr-data-subject-rights.js.map +1 -0
  115. package/dist/audit/report-templates/hipaa-breach-notification.d.ts +27 -0
  116. package/dist/audit/report-templates/hipaa-breach-notification.d.ts.map +1 -0
  117. package/dist/audit/report-templates/hipaa-breach-notification.js +197 -0
  118. package/dist/audit/report-templates/hipaa-breach-notification.js.map +1 -0
  119. package/dist/audit/report-templates/hipaa-security-incident.d.ts +28 -0
  120. package/dist/audit/report-templates/hipaa-security-incident.d.ts.map +1 -0
  121. package/dist/audit/report-templates/hipaa-security-incident.js +172 -0
  122. package/dist/audit/report-templates/hipaa-security-incident.js.map +1 -0
  123. package/dist/audit/report-templates/index.d.ts +86 -0
  124. package/dist/audit/report-templates/index.d.ts.map +1 -0
  125. package/dist/audit/report-templates/index.js +114 -0
  126. package/dist/audit/report-templates/index.js.map +1 -0
  127. package/dist/audit/report-templates/iso-42001-ams.d.ts +36 -0
  128. package/dist/audit/report-templates/iso-42001-ams.d.ts.map +1 -0
  129. package/dist/audit/report-templates/iso-42001-ams.js +262 -0
  130. package/dist/audit/report-templates/iso-42001-ams.js.map +1 -0
  131. package/dist/audit/report-templates/pci-dss-annual-attestation.d.ts +33 -0
  132. package/dist/audit/report-templates/pci-dss-annual-attestation.d.ts.map +1 -0
  133. package/dist/audit/report-templates/pci-dss-annual-attestation.js +211 -0
  134. package/dist/audit/report-templates/pci-dss-annual-attestation.js.map +1 -0
  135. package/dist/audit/report-templates/prompts/base.d.ts +94 -0
  136. package/dist/audit/report-templates/prompts/base.d.ts.map +1 -0
  137. package/dist/audit/report-templates/prompts/base.js +197 -0
  138. package/dist/audit/report-templates/prompts/base.js.map +1 -0
  139. package/dist/audit/report-templates/prompts/dora.d.ts +19 -0
  140. package/dist/audit/report-templates/prompts/dora.d.ts.map +1 -0
  141. package/dist/audit/report-templates/prompts/dora.js +121 -0
  142. package/dist/audit/report-templates/prompts/dora.js.map +1 -0
  143. package/dist/audit/report-templates/prompts/euaiact.d.ts +20 -0
  144. package/dist/audit/report-templates/prompts/euaiact.d.ts.map +1 -0
  145. package/dist/audit/report-templates/prompts/euaiact.js +126 -0
  146. package/dist/audit/report-templates/prompts/euaiact.js.map +1 -0
  147. package/dist/audit/report-templates/prompts/gdpr.d.ts +20 -0
  148. package/dist/audit/report-templates/prompts/gdpr.d.ts.map +1 -0
  149. package/dist/audit/report-templates/prompts/gdpr.js +126 -0
  150. package/dist/audit/report-templates/prompts/gdpr.js.map +1 -0
  151. package/dist/audit/report-templates/prompts/hipaa.d.ts +32 -0
  152. package/dist/audit/report-templates/prompts/hipaa.d.ts.map +1 -0
  153. package/dist/audit/report-templates/prompts/hipaa.js +98 -0
  154. package/dist/audit/report-templates/prompts/hipaa.js.map +1 -0
  155. package/dist/audit/report-templates/prompts/hitech.d.ts +20 -0
  156. package/dist/audit/report-templates/prompts/hitech.d.ts.map +1 -0
  157. package/dist/audit/report-templates/prompts/hitech.js +114 -0
  158. package/dist/audit/report-templates/prompts/hitech.js.map +1 -0
  159. package/dist/audit/report-templates/prompts/index.d.ts +24 -0
  160. package/dist/audit/report-templates/prompts/index.d.ts.map +1 -0
  161. package/dist/audit/report-templates/prompts/index.js +54 -0
  162. package/dist/audit/report-templates/prompts/index.js.map +1 -0
  163. package/dist/audit/report-templates/prompts/iso27001.d.ts +19 -0
  164. package/dist/audit/report-templates/prompts/iso27001.d.ts.map +1 -0
  165. package/dist/audit/report-templates/prompts/iso27001.js +110 -0
  166. package/dist/audit/report-templates/prompts/iso27001.js.map +1 -0
  167. package/dist/audit/report-templates/prompts/pcidss.d.ts +19 -0
  168. package/dist/audit/report-templates/prompts/pcidss.d.ts.map +1 -0
  169. package/dist/audit/report-templates/prompts/pcidss.js +111 -0
  170. package/dist/audit/report-templates/prompts/pcidss.js.map +1 -0
  171. package/dist/audit/report-templates/prompts/soc2.d.ts +19 -0
  172. package/dist/audit/report-templates/prompts/soc2.d.ts.map +1 -0
  173. package/dist/audit/report-templates/prompts/soc2.js +117 -0
  174. package/dist/audit/report-templates/prompts/soc2.js.map +1 -0
  175. package/dist/audit/report-templates/soc2-type-ii.d.ts +23 -0
  176. package/dist/audit/report-templates/soc2-type-ii.d.ts.map +1 -0
  177. package/dist/audit/report-templates/soc2-type-ii.js +187 -0
  178. package/dist/audit/report-templates/soc2-type-ii.js.map +1 -0
  179. package/dist/audit/reporting-exports.d.ts +20 -0
  180. package/dist/audit/reporting-exports.d.ts.map +1 -0
  181. package/dist/audit/reporting-exports.js +39 -0
  182. package/dist/audit/reporting-exports.js.map +1 -0
  183. package/dist/audit/webhook-delivery.d.ts +119 -0
  184. package/dist/audit/webhook-delivery.d.ts.map +1 -0
  185. package/dist/audit/webhook-delivery.js +381 -0
  186. package/dist/audit/webhook-delivery.js.map +1 -0
  187. package/dist/audit-bots/dora.d.ts +59 -0
  188. package/dist/audit-bots/dora.d.ts.map +1 -0
  189. package/dist/audit-bots/dora.js +417 -0
  190. package/dist/audit-bots/dora.js.map +1 -0
  191. package/dist/audit-bots/euaiact.d.ts +56 -0
  192. package/dist/audit-bots/euaiact.d.ts.map +1 -0
  193. package/dist/audit-bots/euaiact.js +372 -0
  194. package/dist/audit-bots/euaiact.js.map +1 -0
  195. package/dist/audit-bots/evidence.d.ts +60 -0
  196. package/dist/audit-bots/evidence.d.ts.map +1 -0
  197. package/dist/audit-bots/evidence.js +190 -0
  198. package/dist/audit-bots/evidence.js.map +1 -0
  199. package/dist/audit-bots/gdpr.d.ts +40 -0
  200. package/dist/audit-bots/gdpr.d.ts.map +1 -0
  201. package/dist/audit-bots/gdpr.js +271 -0
  202. package/dist/audit-bots/gdpr.js.map +1 -0
  203. package/dist/audit-bots/hipaa.d.ts +38 -0
  204. package/dist/audit-bots/hipaa.d.ts.map +1 -0
  205. package/dist/audit-bots/hipaa.js +236 -0
  206. package/dist/audit-bots/hipaa.js.map +1 -0
  207. package/dist/audit-bots/iso27001.d.ts +61 -0
  208. package/dist/audit-bots/iso27001.d.ts.map +1 -0
  209. package/dist/audit-bots/iso27001.js +448 -0
  210. package/dist/audit-bots/iso27001.js.map +1 -0
  211. package/dist/audit-bots/iso42001.d.ts +59 -0
  212. package/dist/audit-bots/iso42001.d.ts.map +1 -0
  213. package/dist/audit-bots/iso42001.js +450 -0
  214. package/dist/audit-bots/iso42001.js.map +1 -0
  215. package/dist/audit-bots/nist-ai-rmf.d.ts +62 -0
  216. package/dist/audit-bots/nist-ai-rmf.d.ts.map +1 -0
  217. package/dist/audit-bots/nist-ai-rmf.js +467 -0
  218. package/dist/audit-bots/nist-ai-rmf.js.map +1 -0
  219. package/dist/audit-bots/pcidss.d.ts +57 -0
  220. package/dist/audit-bots/pcidss.d.ts.map +1 -0
  221. package/dist/audit-bots/pcidss.js +399 -0
  222. package/dist/audit-bots/pcidss.js.map +1 -0
  223. package/dist/audit-bots/scheduler.d.ts +111 -0
  224. package/dist/audit-bots/scheduler.d.ts.map +1 -0
  225. package/dist/audit-bots/scheduler.js +175 -0
  226. package/dist/audit-bots/scheduler.js.map +1 -0
  227. package/dist/audit-bots/soc1.d.ts +67 -0
  228. package/dist/audit-bots/soc1.d.ts.map +1 -0
  229. package/dist/audit-bots/soc1.js +491 -0
  230. package/dist/audit-bots/soc1.js.map +1 -0
  231. package/dist/audit-bots/soc2.d.ts +41 -0
  232. package/dist/audit-bots/soc2.d.ts.map +1 -0
  233. package/dist/audit-bots/soc2.js +352 -0
  234. package/dist/audit-bots/soc2.js.map +1 -0
  235. package/dist/classification/pack-driven-classifier.d.ts +409 -0
  236. package/dist/classification/pack-driven-classifier.d.ts.map +1 -0
  237. package/dist/classification/pack-driven-classifier.js +565 -0
  238. package/dist/classification/pack-driven-classifier.js.map +1 -0
  239. package/dist/cli/agent-dir-scanner.d.ts +35 -0
  240. package/dist/cli/agent-dir-scanner.d.ts.map +1 -0
  241. package/dist/cli/agent-dir-scanner.js +269 -0
  242. package/dist/cli/agent-dir-scanner.js.map +1 -0
  243. package/dist/cli/agent-signatures.d.ts +28 -0
  244. package/dist/cli/agent-signatures.d.ts.map +1 -0
  245. package/dist/cli/agent-signatures.js +241 -0
  246. package/dist/cli/agent-signatures.js.map +1 -0
  247. package/dist/cli/audit-chain-append.d.ts +47 -0
  248. package/dist/cli/audit-chain-append.d.ts.map +1 -0
  249. package/dist/cli/audit-chain-append.js +277 -0
  250. package/dist/cli/audit-chain-append.js.map +1 -0
  251. package/dist/cli/discover.d.ts +24 -0
  252. package/dist/cli/discover.d.ts.map +1 -0
  253. package/dist/cli/discover.js +179 -0
  254. package/dist/cli/discover.js.map +1 -0
  255. package/dist/cli/discover.test.d.ts +12 -0
  256. package/dist/cli/discover.test.d.ts.map +1 -0
  257. package/dist/cli/discover.test.js +192 -0
  258. package/dist/cli/discover.test.js.map +1 -0
  259. package/dist/cli/index.d.ts +201 -0
  260. package/dist/cli/index.d.ts.map +1 -0
  261. package/dist/cli/index.js +2130 -0
  262. package/dist/cli/index.js.map +1 -0
  263. package/dist/cli/pack-enforcement-bridge.d.ts +39 -0
  264. package/dist/cli/pack-enforcement-bridge.d.ts.map +1 -0
  265. package/dist/cli/pack-enforcement-bridge.js +211 -0
  266. package/dist/cli/pack-enforcement-bridge.js.map +1 -0
  267. package/dist/cli/packs.d.ts +22 -0
  268. package/dist/cli/packs.d.ts.map +1 -0
  269. package/dist/cli/packs.js +299 -0
  270. package/dist/cli/packs.js.map +1 -0
  271. package/dist/cli/preflight-report.d.ts +51 -0
  272. package/dist/cli/preflight-report.d.ts.map +1 -0
  273. package/dist/cli/preflight-report.js +143 -0
  274. package/dist/cli/preflight-report.js.map +1 -0
  275. package/dist/cli/preflight.d.ts +57 -0
  276. package/dist/cli/preflight.d.ts.map +1 -0
  277. package/dist/cli/preflight.js +375 -0
  278. package/dist/cli/preflight.js.map +1 -0
  279. package/dist/cli/shim-templates/python-anthropic.template.py.txt +54 -0
  280. package/dist/cli/shim-templates/python-bedrock.template.py.txt +55 -0
  281. package/dist/cli/shim-templates/python-google.template.py.txt +55 -0
  282. package/dist/cli/shim-templates/python-huggingface.template.py.txt +142 -0
  283. package/dist/cli/shim-templates/python-langchain-anthropic.template.py.txt +61 -0
  284. package/dist/cli/shim-templates/python-langchain-openai.template.py.txt +66 -0
  285. package/dist/cli/shim-templates/python-ollama.template.py.txt +75 -0
  286. package/dist/cli/shim-templates/python-openai.template.py.txt +54 -0
  287. package/dist/cli/shim-templates/typescript-anthropic.template.ts.txt +25 -0
  288. package/dist/cli/shim-templates/typescript-google.template.ts.txt +25 -0
  289. package/dist/cli/shim-templates/typescript-openai.template.ts.txt +25 -0
  290. package/dist/cli/wrap-shim-generator.d.ts +65 -0
  291. package/dist/cli/wrap-shim-generator.d.ts.map +1 -0
  292. package/dist/cli/wrap-shim-generator.js +245 -0
  293. package/dist/cli/wrap-shim-generator.js.map +1 -0
  294. package/dist/dashboard/api.d.ts +157 -0
  295. package/dist/dashboard/api.d.ts.map +1 -0
  296. package/dist/dashboard/api.js +347 -0
  297. package/dist/dashboard/api.js.map +1 -0
  298. package/dist/dashboard/theme.d.ts +80 -0
  299. package/dist/dashboard/theme.d.ts.map +1 -0
  300. package/dist/dashboard/theme.js +172 -0
  301. package/dist/dashboard/theme.js.map +1 -0
  302. package/dist/errors/index.d.ts +46 -0
  303. package/dist/errors/index.d.ts.map +1 -0
  304. package/dist/errors/index.js +93 -0
  305. package/dist/errors/index.js.map +1 -0
  306. package/dist/esm/adapters/cursor.js +184 -0
  307. package/dist/esm/adapters/cursor.js.map +1 -0
  308. package/dist/esm/adapters/index.js +335 -0
  309. package/dist/esm/adapters/index.js.map +1 -0
  310. package/dist/esm/agents/compliance-agent-templates/dora.js +943 -0
  311. package/dist/esm/agents/compliance-agent-templates/dora.js.map +1 -0
  312. package/dist/esm/agents/compliance-agent-templates/eu-ai-act.js +717 -0
  313. package/dist/esm/agents/compliance-agent-templates/eu-ai-act.js.map +1 -0
  314. package/dist/esm/agents/compliance-agent-templates/gdpr.js +684 -0
  315. package/dist/esm/agents/compliance-agent-templates/gdpr.js.map +1 -0
  316. package/dist/esm/agents/compliance-agent-templates/hipaa.js +636 -0
  317. package/dist/esm/agents/compliance-agent-templates/hipaa.js.map +1 -0
  318. package/dist/esm/agents/compliance-agent-templates/iso27001.js +801 -0
  319. package/dist/esm/agents/compliance-agent-templates/iso27001.js.map +1 -0
  320. package/dist/esm/agents/compliance-agent-templates/iso42001.js +894 -0
  321. package/dist/esm/agents/compliance-agent-templates/iso42001.js.map +1 -0
  322. package/dist/esm/agents/compliance-agent-templates/nist-ai-rmf.js +815 -0
  323. package/dist/esm/agents/compliance-agent-templates/nist-ai-rmf.js.map +1 -0
  324. package/dist/esm/agents/compliance-agent-templates/pci-dss.js +654 -0
  325. package/dist/esm/agents/compliance-agent-templates/pci-dss.js.map +1 -0
  326. package/dist/esm/agents/compliance-agent-templates/soc2.js +639 -0
  327. package/dist/esm/agents/compliance-agent-templates/soc2.js.map +1 -0
  328. package/dist/esm/agents/compliance-agent-templates/types.js +33 -0
  329. package/dist/esm/agents/compliance-agent-templates/types.js.map +1 -0
  330. package/dist/esm/audit/audit-integrity.js +247 -0
  331. package/dist/esm/audit/audit-integrity.js.map +1 -0
  332. package/dist/esm/audit/chain-tamper-detector.js +217 -0
  333. package/dist/esm/audit/chain-tamper-detector.js.map +1 -0
  334. package/dist/esm/audit/compliance-reporter.js +434 -0
  335. package/dist/esm/audit/compliance-reporter.js.map +1 -0
  336. package/dist/esm/audit/destinations/custom-webhook.js +436 -0
  337. package/dist/esm/audit/destinations/custom-webhook.js.map +1 -0
  338. package/dist/esm/audit/destinations/datadog-logs.js +533 -0
  339. package/dist/esm/audit/destinations/datadog-logs.js.map +1 -0
  340. package/dist/esm/audit/destinations/sentinel.js +881 -0
  341. package/dist/esm/audit/destinations/sentinel.js.map +1 -0
  342. package/dist/esm/audit/destinations/sumo-logic.js +529 -0
  343. package/dist/esm/audit/destinations/sumo-logic.js.map +1 -0
  344. package/dist/esm/audit/event-bus.js +219 -0
  345. package/dist/esm/audit/event-bus.js.map +1 -0
  346. package/dist/esm/audit/narrative-generator.js +498 -0
  347. package/dist/esm/audit/narrative-generator.js.map +1 -0
  348. package/dist/esm/audit/narrative-types.js +108 -0
  349. package/dist/esm/audit/narrative-types.js.map +1 -0
  350. package/dist/esm/audit/provenance-signer.js +273 -0
  351. package/dist/esm/audit/provenance-signer.js.map +1 -0
  352. package/dist/esm/audit/redis-event-bus.js +272 -0
  353. package/dist/esm/audit/redis-event-bus.js.map +1 -0
  354. package/dist/esm/audit/report-templates/disclosure-accounting.js +191 -0
  355. package/dist/esm/audit/report-templates/disclosure-accounting.js.map +1 -0
  356. package/dist/esm/audit/report-templates/dora-ict-major-incident.js +224 -0
  357. package/dist/esm/audit/report-templates/dora-ict-major-incident.js.map +1 -0
  358. package/dist/esm/audit/report-templates/eu-ai-act-annex-iv.js +264 -0
  359. package/dist/esm/audit/report-templates/eu-ai-act-annex-iv.js.map +1 -0
  360. package/dist/esm/audit/report-templates/gdpr-data-subject-rights.js +232 -0
  361. package/dist/esm/audit/report-templates/gdpr-data-subject-rights.js.map +1 -0
  362. package/dist/esm/audit/report-templates/hipaa-breach-notification.js +194 -0
  363. package/dist/esm/audit/report-templates/hipaa-breach-notification.js.map +1 -0
  364. package/dist/esm/audit/report-templates/hipaa-security-incident.js +169 -0
  365. package/dist/esm/audit/report-templates/hipaa-security-incident.js.map +1 -0
  366. package/dist/esm/audit/report-templates/index.js +93 -0
  367. package/dist/esm/audit/report-templates/index.js.map +1 -0
  368. package/dist/esm/audit/report-templates/iso-42001-ams.js +259 -0
  369. package/dist/esm/audit/report-templates/iso-42001-ams.js.map +1 -0
  370. package/dist/esm/audit/report-templates/pci-dss-annual-attestation.js +208 -0
  371. package/dist/esm/audit/report-templates/pci-dss-annual-attestation.js.map +1 -0
  372. package/dist/esm/audit/report-templates/prompts/base.js +189 -0
  373. package/dist/esm/audit/report-templates/prompts/base.js.map +1 -0
  374. package/dist/esm/audit/report-templates/prompts/dora.js +118 -0
  375. package/dist/esm/audit/report-templates/prompts/dora.js.map +1 -0
  376. package/dist/esm/audit/report-templates/prompts/euaiact.js +123 -0
  377. package/dist/esm/audit/report-templates/prompts/euaiact.js.map +1 -0
  378. package/dist/esm/audit/report-templates/prompts/gdpr.js +123 -0
  379. package/dist/esm/audit/report-templates/prompts/gdpr.js.map +1 -0
  380. package/dist/esm/audit/report-templates/prompts/hipaa.js +95 -0
  381. package/dist/esm/audit/report-templates/prompts/hipaa.js.map +1 -0
  382. package/dist/esm/audit/report-templates/prompts/hitech.js +111 -0
  383. package/dist/esm/audit/report-templates/prompts/hitech.js.map +1 -0
  384. package/dist/esm/audit/report-templates/prompts/index.js +43 -0
  385. package/dist/esm/audit/report-templates/prompts/index.js.map +1 -0
  386. package/dist/esm/audit/report-templates/prompts/iso27001.js +107 -0
  387. package/dist/esm/audit/report-templates/prompts/iso27001.js.map +1 -0
  388. package/dist/esm/audit/report-templates/prompts/pcidss.js +108 -0
  389. package/dist/esm/audit/report-templates/prompts/pcidss.js.map +1 -0
  390. package/dist/esm/audit/report-templates/prompts/soc2.js +114 -0
  391. package/dist/esm/audit/report-templates/prompts/soc2.js.map +1 -0
  392. package/dist/esm/audit/report-templates/soc2-type-ii.js +184 -0
  393. package/dist/esm/audit/report-templates/soc2-type-ii.js.map +1 -0
  394. package/dist/esm/audit/reporting-exports.js +19 -0
  395. package/dist/esm/audit/reporting-exports.js.map +1 -0
  396. package/dist/esm/audit/webhook-delivery.js +344 -0
  397. package/dist/esm/audit/webhook-delivery.js.map +1 -0
  398. package/dist/esm/audit-bots/dora.js +379 -0
  399. package/dist/esm/audit-bots/dora.js.map +1 -0
  400. package/dist/esm/audit-bots/euaiact.js +334 -0
  401. package/dist/esm/audit-bots/euaiact.js.map +1 -0
  402. package/dist/esm/audit-bots/evidence.js +153 -0
  403. package/dist/esm/audit-bots/evidence.js.map +1 -0
  404. package/dist/esm/audit-bots/gdpr.js +234 -0
  405. package/dist/esm/audit-bots/gdpr.js.map +1 -0
  406. package/dist/esm/audit-bots/hipaa.js +199 -0
  407. package/dist/esm/audit-bots/hipaa.js.map +1 -0
  408. package/dist/esm/audit-bots/iso27001.js +410 -0
  409. package/dist/esm/audit-bots/iso27001.js.map +1 -0
  410. package/dist/esm/audit-bots/iso42001.js +412 -0
  411. package/dist/esm/audit-bots/iso42001.js.map +1 -0
  412. package/dist/esm/audit-bots/nist-ai-rmf.js +429 -0
  413. package/dist/esm/audit-bots/nist-ai-rmf.js.map +1 -0
  414. package/dist/esm/audit-bots/pcidss.js +361 -0
  415. package/dist/esm/audit-bots/pcidss.js.map +1 -0
  416. package/dist/esm/audit-bots/scheduler.js +137 -0
  417. package/dist/esm/audit-bots/scheduler.js.map +1 -0
  418. package/dist/esm/audit-bots/soc1.js +453 -0
  419. package/dist/esm/audit-bots/soc1.js.map +1 -0
  420. package/dist/esm/audit-bots/soc2.js +315 -0
  421. package/dist/esm/audit-bots/soc2.js.map +1 -0
  422. package/dist/esm/classification/pack-driven-classifier.js +525 -0
  423. package/dist/esm/classification/pack-driven-classifier.js.map +1 -0
  424. package/dist/esm/cli/agent-dir-scanner.js +233 -0
  425. package/dist/esm/cli/agent-dir-scanner.js.map +1 -0
  426. package/dist/esm/cli/agent-signatures.js +238 -0
  427. package/dist/esm/cli/agent-signatures.js.map +1 -0
  428. package/dist/esm/cli/audit-chain-append.js +242 -0
  429. package/dist/esm/cli/audit-chain-append.js.map +1 -0
  430. package/dist/esm/cli/discover.js +143 -0
  431. package/dist/esm/cli/discover.js.map +1 -0
  432. package/dist/esm/cli/discover.test.js +157 -0
  433. package/dist/esm/cli/discover.test.js.map +1 -0
  434. package/dist/esm/cli/index.js +2083 -0
  435. package/dist/esm/cli/index.js.map +1 -0
  436. package/dist/esm/cli/pack-enforcement-bridge.js +176 -0
  437. package/dist/esm/cli/pack-enforcement-bridge.js.map +1 -0
  438. package/dist/esm/cli/packs.js +263 -0
  439. package/dist/esm/cli/packs.js.map +1 -0
  440. package/dist/esm/cli/preflight-report.js +135 -0
  441. package/dist/esm/cli/preflight-report.js.map +1 -0
  442. package/dist/esm/cli/preflight.js +339 -0
  443. package/dist/esm/cli/preflight.js.map +1 -0
  444. package/dist/esm/cli/wrap-shim-generator.js +205 -0
  445. package/dist/esm/cli/wrap-shim-generator.js.map +1 -0
  446. package/dist/esm/dashboard/api.js +310 -0
  447. package/dist/esm/dashboard/api.js.map +1 -0
  448. package/dist/esm/dashboard/theme.js +135 -0
  449. package/dist/esm/dashboard/theme.js.map +1 -0
  450. package/dist/esm/errors/index.js +84 -0
  451. package/dist/esm/errors/index.js.map +1 -0
  452. package/dist/esm/governance/action-classes.js +171 -0
  453. package/dist/esm/governance/action-classes.js.map +1 -0
  454. package/dist/esm/governance/action-isolation.js +582 -0
  455. package/dist/esm/governance/action-isolation.js.map +1 -0
  456. package/dist/esm/governance/agent-discovery.js +213 -0
  457. package/dist/esm/governance/agent-discovery.js.map +1 -0
  458. package/dist/esm/governance/agent-discovery.test.js +144 -0
  459. package/dist/esm/governance/agent-discovery.test.js.map +1 -0
  460. package/dist/esm/governance/agent-trust-report.js +149 -0
  461. package/dist/esm/governance/agent-trust-report.js.map +1 -0
  462. package/dist/esm/governance/agent-trust-report.test.js +259 -0
  463. package/dist/esm/governance/agent-trust-report.test.js.map +1 -0
  464. package/dist/esm/governance/approval-channel-adapters.js +134 -0
  465. package/dist/esm/governance/approval-channel-adapters.js.map +1 -0
  466. package/dist/esm/governance/approval-channel-adapters.test.js +163 -0
  467. package/dist/esm/governance/approval-channel-adapters.test.js.map +1 -0
  468. package/dist/esm/governance/approval-gate-enforcer.js +405 -0
  469. package/dist/esm/governance/approval-gate-enforcer.js.map +1 -0
  470. package/dist/esm/governance/approval-notifications.js +139 -0
  471. package/dist/esm/governance/approval-notifications.js.map +1 -0
  472. package/dist/esm/governance/approval-notifications.test.js +192 -0
  473. package/dist/esm/governance/approval-notifications.test.js.map +1 -0
  474. package/dist/esm/governance/approval-queue-store.js +112 -0
  475. package/dist/esm/governance/approval-queue-store.js.map +1 -0
  476. package/dist/esm/governance/approval-queue.js +291 -0
  477. package/dist/esm/governance/approval-queue.js.map +1 -0
  478. package/dist/esm/governance/approval-service.js +92 -0
  479. package/dist/esm/governance/approval-service.js.map +1 -0
  480. package/dist/esm/governance/audit-chain-emitter.js +178 -0
  481. package/dist/esm/governance/audit-chain-emitter.js.map +1 -0
  482. package/dist/esm/governance/audit-chain-emitter.test.js +190 -0
  483. package/dist/esm/governance/audit-chain-emitter.test.js.map +1 -0
  484. package/dist/esm/governance/auto-pack-generator.js +67 -0
  485. package/dist/esm/governance/auto-pack-generator.js.map +1 -0
  486. package/dist/esm/governance/auto-pack-generator.test.js +95 -0
  487. package/dist/esm/governance/auto-pack-generator.test.js.map +1 -0
  488. package/dist/esm/governance/autonomy-spectrum.js +652 -0
  489. package/dist/esm/governance/autonomy-spectrum.js.map +1 -0
  490. package/dist/esm/governance/batch-mode-governance.js +603 -0
  491. package/dist/esm/governance/batch-mode-governance.js.map +1 -0
  492. package/dist/esm/governance/bias-monitor.js +273 -0
  493. package/dist/esm/governance/bias-monitor.js.map +1 -0
  494. package/dist/esm/governance/blast-radius-enforcer.js +539 -0
  495. package/dist/esm/governance/blast-radius-enforcer.js.map +1 -0
  496. package/dist/esm/governance/build-structure-score.js +61 -0
  497. package/dist/esm/governance/build-structure-score.js.map +1 -0
  498. package/dist/esm/governance/build-structure-score.test.js +116 -0
  499. package/dist/esm/governance/build-structure-score.test.js.map +1 -0
  500. package/dist/esm/governance/capability-bundle.js +241 -0
  501. package/dist/esm/governance/capability-bundle.js.map +1 -0
  502. package/dist/esm/governance/capability-change-detector.js +701 -0
  503. package/dist/esm/governance/capability-change-detector.js.map +1 -0
  504. package/dist/esm/governance/capability-classes.js +123 -0
  505. package/dist/esm/governance/capability-classes.js.map +1 -0
  506. package/dist/esm/governance/capability-classes.test.js +171 -0
  507. package/dist/esm/governance/capability-classes.test.js.map +1 -0
  508. package/dist/esm/governance/company-pack-builder.js +71 -0
  509. package/dist/esm/governance/company-pack-builder.js.map +1 -0
  510. package/dist/esm/governance/confidence-gate.js +246 -0
  511. package/dist/esm/governance/confidence-gate.js.map +1 -0
  512. package/dist/esm/governance/council.js +268 -0
  513. package/dist/esm/governance/council.js.map +1 -0
  514. package/dist/esm/governance/cross-session-pseudonymizer.js +598 -0
  515. package/dist/esm/governance/cross-session-pseudonymizer.js.map +1 -0
  516. package/dist/esm/governance/cycle-timeout.js +212 -0
  517. package/dist/esm/governance/cycle-timeout.js.map +1 -0
  518. package/dist/esm/governance/cycle-token-budget.js +177 -0
  519. package/dist/esm/governance/cycle-token-budget.js.map +1 -0
  520. package/dist/esm/governance/data-subject-rights.js +455 -0
  521. package/dist/esm/governance/data-subject-rights.js.map +1 -0
  522. package/dist/esm/governance/demo-workspace.js +210 -0
  523. package/dist/esm/governance/demo-workspace.js.map +1 -0
  524. package/dist/esm/governance/demo-workspace.test.js +80 -0
  525. package/dist/esm/governance/demo-workspace.test.js.map +1 -0
  526. package/dist/esm/governance/discovery-cli.js +95 -0
  527. package/dist/esm/governance/discovery-cli.js.map +1 -0
  528. package/dist/esm/governance/discovery-cli.test.js +191 -0
  529. package/dist/esm/governance/discovery-cli.test.js.map +1 -0
  530. package/dist/esm/governance/gateguard.js +265 -0
  531. package/dist/esm/governance/gateguard.js.map +1 -0
  532. package/dist/esm/governance/governance-runtime.js +376 -0
  533. package/dist/esm/governance/governance-runtime.js.map +1 -0
  534. package/dist/esm/governance/hook-install-snippet.js +208 -0
  535. package/dist/esm/governance/hook-install-snippet.js.map +1 -0
  536. package/dist/esm/governance/hook-install-snippet.test.js +95 -0
  537. package/dist/esm/governance/hook-install-snippet.test.js.map +1 -0
  538. package/dist/esm/governance/hook-profile.js +474 -0
  539. package/dist/esm/governance/hook-profile.js.map +1 -0
  540. package/dist/esm/governance/improvement-recommendations.js +165 -0
  541. package/dist/esm/governance/improvement-recommendations.js.map +1 -0
  542. package/dist/esm/governance/improvement-recommendations.test.js +178 -0
  543. package/dist/esm/governance/improvement-recommendations.test.js.map +1 -0
  544. package/dist/esm/governance/incident-notifier.js +488 -0
  545. package/dist/esm/governance/incident-notifier.js.map +1 -0
  546. package/dist/esm/governance/index.js +33 -0
  547. package/dist/esm/governance/index.js.map +1 -0
  548. package/dist/esm/governance/info-action-separation.js +143 -0
  549. package/dist/esm/governance/info-action-separation.js.map +1 -0
  550. package/dist/esm/governance/info-action-separation.test.js +155 -0
  551. package/dist/esm/governance/info-action-separation.test.js.map +1 -0
  552. package/dist/esm/governance/instinct-system.js +351 -0
  553. package/dist/esm/governance/instinct-system.js.map +1 -0
  554. package/dist/esm/governance/insurance-certificate.js +116 -0
  555. package/dist/esm/governance/insurance-certificate.js.map +1 -0
  556. package/dist/esm/governance/insurance-certificate.test.js +205 -0
  557. package/dist/esm/governance/insurance-certificate.test.js.map +1 -0
  558. package/dist/esm/governance/manifest-push-emitter.js +107 -0
  559. package/dist/esm/governance/manifest-push-emitter.js.map +1 -0
  560. package/dist/esm/governance/manifest-push-emitter.test.js +215 -0
  561. package/dist/esm/governance/manifest-push-emitter.test.js.map +1 -0
  562. package/dist/esm/governance/memory/cross-session-memory.js +283 -0
  563. package/dist/esm/governance/memory/cross-session-memory.js.map +1 -0
  564. package/dist/esm/governance/memory/index.js +14 -0
  565. package/dist/esm/governance/memory/index.js.map +1 -0
  566. package/dist/esm/governance/memory/memory-chain.js +183 -0
  567. package/dist/esm/governance/memory/memory-chain.js.map +1 -0
  568. package/dist/esm/governance/memory/retrieval-allowlist.js +172 -0
  569. package/dist/esm/governance/memory/retrieval-allowlist.js.map +1 -0
  570. package/dist/esm/governance/memory/session-memory.js +215 -0
  571. package/dist/esm/governance/memory/session-memory.js.map +1 -0
  572. package/dist/esm/governance/memory-audit-chain.js +361 -0
  573. package/dist/esm/governance/memory-audit-chain.js.map +1 -0
  574. package/dist/esm/governance/memory-integrity.js +267 -0
  575. package/dist/esm/governance/memory-integrity.js.map +1 -0
  576. package/dist/esm/governance/multi-store-deletion-worker.js +263 -0
  577. package/dist/esm/governance/multi-store-deletion-worker.js.map +1 -0
  578. package/dist/esm/governance/multi-tenant.js +273 -0
  579. package/dist/esm/governance/multi-tenant.js.map +1 -0
  580. package/dist/esm/governance/onboarding-tier-router.js +109 -0
  581. package/dist/esm/governance/onboarding-tier-router.js.map +1 -0
  582. package/dist/esm/governance/onboarding-tier-router.test.js +106 -0
  583. package/dist/esm/governance/onboarding-tier-router.test.js.map +1 -0
  584. package/dist/esm/governance/org-reputation.js +88 -0
  585. package/dist/esm/governance/org-reputation.js.map +1 -0
  586. package/dist/esm/governance/org-reputation.test.js +155 -0
  587. package/dist/esm/governance/org-reputation.test.js.map +1 -0
  588. package/dist/esm/governance/owasp-agentic-scanner.js +314 -0
  589. package/dist/esm/governance/owasp-agentic-scanner.js.map +1 -0
  590. package/dist/esm/governance/owasp-agentic-scanner.test.js +128 -0
  591. package/dist/esm/governance/owasp-agentic-scanner.test.js.map +1 -0
  592. package/dist/esm/governance/pack-diff.js +78 -0
  593. package/dist/esm/governance/pack-diff.js.map +1 -0
  594. package/dist/esm/governance/pack-diff.test.js +207 -0
  595. package/dist/esm/governance/pack-diff.test.js.map +1 -0
  596. package/dist/esm/governance/pack-evaluator-prewarm.js +102 -0
  597. package/dist/esm/governance/pack-evaluator-prewarm.js.map +1 -0
  598. package/dist/esm/governance/pack-evaluator.js +324 -0
  599. package/dist/esm/governance/pack-evaluator.js.map +1 -0
  600. package/dist/esm/governance/pack-evaluator.test.js +244 -0
  601. package/dist/esm/governance/pack-evaluator.test.js.map +1 -0
  602. package/dist/esm/governance/pack-inheritance.js +173 -0
  603. package/dist/esm/governance/pack-inheritance.js.map +1 -0
  604. package/dist/esm/governance/pack-inheritance.test.js +172 -0
  605. package/dist/esm/governance/pack-inheritance.test.js.map +1 -0
  606. package/dist/esm/governance/pack-publish-workflow.js +80 -0
  607. package/dist/esm/governance/pack-publish-workflow.js.map +1 -0
  608. package/dist/esm/governance/pack-publish-workflow.test.js +176 -0
  609. package/dist/esm/governance/pack-publish-workflow.test.js.map +1 -0
  610. package/dist/esm/governance/pack-rule-validator.js +139 -0
  611. package/dist/esm/governance/pack-rule-validator.js.map +1 -0
  612. package/dist/esm/governance/pack-rule-validator.test.js +118 -0
  613. package/dist/esm/governance/pack-rule-validator.test.js.map +1 -0
  614. package/dist/esm/governance/pack-versioning.js +188 -0
  615. package/dist/esm/governance/pack-versioning.js.map +1 -0
  616. package/dist/esm/governance/pack-versioning.test.js +137 -0
  617. package/dist/esm/governance/pack-versioning.test.js.map +1 -0
  618. package/dist/esm/governance/partner-manager.js +221 -0
  619. package/dist/esm/governance/partner-manager.js.map +1 -0
  620. package/dist/esm/governance/paste-your-agent.js +151 -0
  621. package/dist/esm/governance/paste-your-agent.js.map +1 -0
  622. package/dist/esm/governance/paste-your-agent.test.js +105 -0
  623. package/dist/esm/governance/paste-your-agent.test.js.map +1 -0
  624. package/dist/esm/governance/per-agent-daily-budget.js +658 -0
  625. package/dist/esm/governance/per-agent-daily-budget.js.map +1 -0
  626. package/dist/esm/governance/per-agent-override.test.js +239 -0
  627. package/dist/esm/governance/per-agent-override.test.js.map +1 -0
  628. package/dist/esm/governance/plugin-system.js +925 -0
  629. package/dist/esm/governance/plugin-system.js.map +1 -0
  630. package/dist/esm/governance/policy-tuning.js +322 -0
  631. package/dist/esm/governance/policy-tuning.js.map +1 -0
  632. package/dist/esm/governance/post-market-monitor.js +242 -0
  633. package/dist/esm/governance/post-market-monitor.js.map +1 -0
  634. package/dist/esm/governance/post-tool-audit-enrichment.js +466 -0
  635. package/dist/esm/governance/post-tool-audit-enrichment.js.map +1 -0
  636. package/dist/esm/governance/prohibited-practices.js +230 -0
  637. package/dist/esm/governance/prohibited-practices.js.map +1 -0
  638. package/dist/esm/governance/proxy-onboarding.js +302 -0
  639. package/dist/esm/governance/proxy-onboarding.js.map +1 -0
  640. package/dist/esm/governance/proxy-onboarding.test.js +100 -0
  641. package/dist/esm/governance/proxy-onboarding.test.js.map +1 -0
  642. package/dist/esm/governance/rag-citation-enforcement.js +527 -0
  643. package/dist/esm/governance/rag-citation-enforcement.js.map +1 -0
  644. package/dist/esm/governance/rag-confidence-threshold.js +409 -0
  645. package/dist/esm/governance/rag-confidence-threshold.js.map +1 -0
  646. package/dist/esm/governance/rag-retrieval-audit.js +478 -0
  647. package/dist/esm/governance/rag-retrieval-audit.js.map +1 -0
  648. package/dist/esm/governance/rag-source-allowlist.js +495 -0
  649. package/dist/esm/governance/rag-source-allowlist.js.map +1 -0
  650. package/dist/esm/governance/rag-source-output-chain.js +641 -0
  651. package/dist/esm/governance/rag-source-output-chain.js.map +1 -0
  652. package/dist/esm/governance/replay-player.js +85 -0
  653. package/dist/esm/governance/replay-player.js.map +1 -0
  654. package/dist/esm/governance/replay-player.test.js +157 -0
  655. package/dist/esm/governance/replay-player.test.js.map +1 -0
  656. package/dist/esm/governance/retention-manager.js +529 -0
  657. package/dist/esm/governance/retention-manager.js.map +1 -0
  658. package/dist/esm/governance/runtime-event-renderer.js +129 -0
  659. package/dist/esm/governance/runtime-event-renderer.js.map +1 -0
  660. package/dist/esm/governance/runtime-event-renderer.test.js +160 -0
  661. package/dist/esm/governance/runtime-event-renderer.test.js.map +1 -0
  662. package/dist/esm/governance/sandbox-replay.js +184 -0
  663. package/dist/esm/governance/sandbox-replay.js.map +1 -0
  664. package/dist/esm/governance/sandbox-replay.test.js +82 -0
  665. package/dist/esm/governance/sandbox-replay.test.js.map +1 -0
  666. package/dist/esm/governance/self-registration-hook.js +112 -0
  667. package/dist/esm/governance/self-registration-hook.js.map +1 -0
  668. package/dist/esm/governance/self-registration-hook.test.js +114 -0
  669. package/dist/esm/governance/self-registration-hook.test.js.map +1 -0
  670. package/dist/esm/governance/session-persistence.js +339 -0
  671. package/dist/esm/governance/session-persistence.js.map +1 -0
  672. package/dist/esm/governance/signed-manifest.js +119 -0
  673. package/dist/esm/governance/signed-manifest.js.map +1 -0
  674. package/dist/esm/governance/signed-manifest.test.js +114 -0
  675. package/dist/esm/governance/signed-manifest.test.js.map +1 -0
  676. package/dist/esm/governance/skip-api-empty-queue.js +458 -0
  677. package/dist/esm/governance/skip-api-empty-queue.js.map +1 -0
  678. package/dist/esm/governance/state-manager.js +249 -0
  679. package/dist/esm/governance/state-manager.js.map +1 -0
  680. package/dist/esm/governance/tenant-provider-agreements.js +398 -0
  681. package/dist/esm/governance/tenant-provider-agreements.js.map +1 -0
  682. package/dist/esm/governance/tool-provider-health.js +650 -0
  683. package/dist/esm/governance/tool-provider-health.js.map +1 -0
  684. package/dist/esm/governance/tool-rate-limit.js +140 -0
  685. package/dist/esm/governance/tool-rate-limit.js.map +1 -0
  686. package/dist/esm/governance/transparency-injector.js +158 -0
  687. package/dist/esm/governance/transparency-injector.js.map +1 -0
  688. package/dist/esm/governance/trust-score-snapshot.js +94 -0
  689. package/dist/esm/governance/trust-score-snapshot.js.map +1 -0
  690. package/dist/esm/governance/trust-score-snapshot.test.js +152 -0
  691. package/dist/esm/governance/trust-score-snapshot.test.js.map +1 -0
  692. package/dist/esm/governance/trust-score-three-dim.js +171 -0
  693. package/dist/esm/governance/trust-score-three-dim.js.map +1 -0
  694. package/dist/esm/governance/trust-score-three-dim.test.js +186 -0
  695. package/dist/esm/governance/trust-score-three-dim.test.js.map +1 -0
  696. package/dist/esm/governance-config.js +308 -0
  697. package/dist/esm/governance-config.js.map +1 -0
  698. package/dist/esm/governed-agent.js +1278 -0
  699. package/dist/esm/governed-agent.js.map +1 -0
  700. package/dist/esm/hooks/data-classifier-bridge.js +78 -0
  701. package/dist/esm/hooks/data-classifier-bridge.js.map +1 -0
  702. package/dist/esm/ide-adapters/aider.js +706 -0
  703. package/dist/esm/ide-adapters/aider.js.map +1 -0
  704. package/dist/esm/ide-adapters/amazon-q-developer.js +682 -0
  705. package/dist/esm/ide-adapters/amazon-q-developer.js.map +1 -0
  706. package/dist/esm/ide-adapters/base.js +229 -0
  707. package/dist/esm/ide-adapters/base.js.map +1 -0
  708. package/dist/esm/ide-adapters/claude-code.js +188 -0
  709. package/dist/esm/ide-adapters/claude-code.js.map +1 -0
  710. package/dist/esm/ide-adapters/cody.js +763 -0
  711. package/dist/esm/ide-adapters/cody.js.map +1 -0
  712. package/dist/esm/ide-adapters/continue-dev.js +355 -0
  713. package/dist/esm/ide-adapters/continue-dev.js.map +1 -0
  714. package/dist/esm/ide-adapters/copilot-studio.js +1093 -0
  715. package/dist/esm/ide-adapters/copilot-studio.js.map +1 -0
  716. package/dist/esm/ide-adapters/copilot-workspace.js +372 -0
  717. package/dist/esm/ide-adapters/copilot-workspace.js.map +1 -0
  718. package/dist/esm/ide-adapters/cursor.js +269 -0
  719. package/dist/esm/ide-adapters/cursor.js.map +1 -0
  720. package/dist/esm/ide-adapters/exports.js +52 -0
  721. package/dist/esm/ide-adapters/exports.js.map +1 -0
  722. package/dist/esm/ide-adapters/gemini-code-assist.js +746 -0
  723. package/dist/esm/ide-adapters/gemini-code-assist.js.map +1 -0
  724. package/dist/esm/ide-adapters/github-copilot.js +543 -0
  725. package/dist/esm/ide-adapters/github-copilot.js.map +1 -0
  726. package/dist/esm/ide-adapters/index.js +96 -0
  727. package/dist/esm/ide-adapters/index.js.map +1 -0
  728. package/dist/esm/ide-adapters/jetbrains-ai.js +714 -0
  729. package/dist/esm/ide-adapters/jetbrains-ai.js.map +1 -0
  730. package/dist/esm/ide-adapters/notebook-ai.js +854 -0
  731. package/dist/esm/ide-adapters/notebook-ai.js.map +1 -0
  732. package/dist/esm/ide-adapters/replit-agent.js +1018 -0
  733. package/dist/esm/ide-adapters/replit-agent.js.map +1 -0
  734. package/dist/esm/ide-adapters/reviewer-tier.js +15 -0
  735. package/dist/esm/ide-adapters/reviewer-tier.js.map +1 -0
  736. package/dist/esm/ide-adapters/shared.js +267 -0
  737. package/dist/esm/ide-adapters/shared.js.map +1 -0
  738. package/dist/esm/ide-adapters/tabnine.js +717 -0
  739. package/dist/esm/ide-adapters/tabnine.js.map +1 -0
  740. package/dist/esm/ide-adapters/windsurf.js +808 -0
  741. package/dist/esm/ide-adapters/windsurf.js.map +1 -0
  742. package/dist/esm/ide-adapters/zed-ai.js +618 -0
  743. package/dist/esm/ide-adapters/zed-ai.js.map +1 -0
  744. package/dist/esm/index.js +182 -0
  745. package/dist/esm/index.js.map +1 -0
  746. package/dist/esm/license/entitlement-client.js +264 -0
  747. package/dist/esm/license/entitlement-client.js.map +1 -0
  748. package/dist/esm/license/index.js +8 -0
  749. package/dist/esm/license/index.js.map +1 -0
  750. package/dist/esm/license/jwt-issuer.js +107 -0
  751. package/dist/esm/license/jwt-issuer.js.map +1 -0
  752. package/dist/esm/license/jwt-validator.js +460 -0
  753. package/dist/esm/license/jwt-validator.js.map +1 -0
  754. package/dist/esm/license/keygen.js +65 -0
  755. package/dist/esm/license/keygen.js.map +1 -0
  756. package/dist/esm/license/subscription-gate.js +251 -0
  757. package/dist/esm/license/subscription-gate.js.map +1 -0
  758. package/dist/esm/llm-adapters/azure-openai.js +665 -0
  759. package/dist/esm/llm-adapters/azure-openai.js.map +1 -0
  760. package/dist/esm/llm-adapters/base.js +258 -0
  761. package/dist/esm/llm-adapters/base.js.map +1 -0
  762. package/dist/esm/llm-adapters/bedrock.js +713 -0
  763. package/dist/esm/llm-adapters/bedrock.js.map +1 -0
  764. package/dist/esm/llm-adapters/claude.js +236 -0
  765. package/dist/esm/llm-adapters/claude.js.map +1 -0
  766. package/dist/esm/llm-adapters/deepseek.js +716 -0
  767. package/dist/esm/llm-adapters/deepseek.js.map +1 -0
  768. package/dist/esm/llm-adapters/exports.js +36 -0
  769. package/dist/esm/llm-adapters/exports.js.map +1 -0
  770. package/dist/esm/llm-adapters/gemini.js +197 -0
  771. package/dist/esm/llm-adapters/gemini.js.map +1 -0
  772. package/dist/esm/llm-adapters/gemma.js +260 -0
  773. package/dist/esm/llm-adapters/gemma.js.map +1 -0
  774. package/dist/esm/llm-adapters/google.js +1136 -0
  775. package/dist/esm/llm-adapters/google.js.map +1 -0
  776. package/dist/esm/llm-adapters/huggingface.js +618 -0
  777. package/dist/esm/llm-adapters/huggingface.js.map +1 -0
  778. package/dist/esm/llm-adapters/index.js +87 -0
  779. package/dist/esm/llm-adapters/index.js.map +1 -0
  780. package/dist/esm/llm-adapters/ollama.js +587 -0
  781. package/dist/esm/llm-adapters/ollama.js.map +1 -0
  782. package/dist/esm/llm-adapters/openai.js +359 -0
  783. package/dist/esm/llm-adapters/openai.js.map +1 -0
  784. package/dist/esm/llm-adapters/replicate-llama.js +596 -0
  785. package/dist/esm/llm-adapters/replicate-llama.js.map +1 -0
  786. package/dist/esm/llm-adapters/shared.js +330 -0
  787. package/dist/esm/llm-adapters/shared.js.map +1 -0
  788. package/dist/esm/llm-adapters/supported-models-catalog.js +741 -0
  789. package/dist/esm/llm-adapters/supported-models-catalog.js.map +1 -0
  790. package/dist/esm/observability/destination-health-monitor.js +239 -0
  791. package/dist/esm/observability/destination-health-monitor.js.map +1 -0
  792. package/dist/esm/observability/health-metrics-store.js +124 -0
  793. package/dist/esm/observability/health-metrics-store.js.map +1 -0
  794. package/dist/esm/orchestrator-adapters/autogen.js +484 -0
  795. package/dist/esm/orchestrator-adapters/autogen.js.map +1 -0
  796. package/dist/esm/orchestrator-adapters/base.js +366 -0
  797. package/dist/esm/orchestrator-adapters/base.js.map +1 -0
  798. package/dist/esm/orchestrator-adapters/bedrock-agentcore.js +812 -0
  799. package/dist/esm/orchestrator-adapters/bedrock-agentcore.js.map +1 -0
  800. package/dist/esm/orchestrator-adapters/claude-agent-sdk.js +701 -0
  801. package/dist/esm/orchestrator-adapters/claude-agent-sdk.js.map +1 -0
  802. package/dist/esm/orchestrator-adapters/crewai.js +470 -0
  803. package/dist/esm/orchestrator-adapters/crewai.js.map +1 -0
  804. package/dist/esm/orchestrator-adapters/deepagents.js +345 -0
  805. package/dist/esm/orchestrator-adapters/deepagents.js.map +1 -0
  806. package/dist/esm/orchestrator-adapters/exports.js +34 -0
  807. package/dist/esm/orchestrator-adapters/exports.js.map +1 -0
  808. package/dist/esm/orchestrator-adapters/google-adk.js +775 -0
  809. package/dist/esm/orchestrator-adapters/google-adk.js.map +1 -0
  810. package/dist/esm/orchestrator-adapters/haystack.js +811 -0
  811. package/dist/esm/orchestrator-adapters/haystack.js.map +1 -0
  812. package/dist/esm/orchestrator-adapters/index.js +106 -0
  813. package/dist/esm/orchestrator-adapters/index.js.map +1 -0
  814. package/dist/esm/orchestrator-adapters/langchain.js +457 -0
  815. package/dist/esm/orchestrator-adapters/langchain.js.map +1 -0
  816. package/dist/esm/orchestrator-adapters/langgraph.js +464 -0
  817. package/dist/esm/orchestrator-adapters/langgraph.js.map +1 -0
  818. package/dist/esm/orchestrator-adapters/llamaindex.js +819 -0
  819. package/dist/esm/orchestrator-adapters/llamaindex.js.map +1 -0
  820. package/dist/esm/orchestrator-adapters/openai-agents.js +494 -0
  821. package/dist/esm/orchestrator-adapters/openai-agents.js.map +1 -0
  822. package/dist/esm/orchestrator-adapters/openclaw.js +866 -0
  823. package/dist/esm/orchestrator-adapters/openclaw.js.map +1 -0
  824. package/dist/esm/orchestrator-adapters/orchestrator-adapter.js +30 -0
  825. package/dist/esm/orchestrator-adapters/orchestrator-adapter.js.map +1 -0
  826. package/dist/esm/orchestrator-adapters/paperclip-adapter.js +366 -0
  827. package/dist/esm/orchestrator-adapters/paperclip-adapter.js.map +1 -0
  828. package/dist/esm/orchestrator-adapters/semantic-kernel.js +487 -0
  829. package/dist/esm/orchestrator-adapters/semantic-kernel.js.map +1 -0
  830. package/dist/esm/orchestrator-adapters/shared.js +121 -0
  831. package/dist/esm/orchestrator-adapters/shared.js.map +1 -0
  832. package/dist/esm/package.json +3 -0
  833. package/dist/esm/packs/_base-classifiers.js +160 -0
  834. package/dist/esm/packs/_base-classifiers.js.map +1 -0
  835. package/dist/esm/packs/aba.js +297 -0
  836. package/dist/esm/packs/aba.js.map +1 -0
  837. package/dist/esm/packs/as-9100.js +814 -0
  838. package/dist/esm/packs/as-9100.js.map +1 -0
  839. package/dist/esm/packs/au-act-hrpaa.js +290 -0
  840. package/dist/esm/packs/au-act-hrpaa.js.map +1 -0
  841. package/dist/esm/packs/au-aiethics-framework.js +341 -0
  842. package/dist/esm/packs/au-aiethics-framework.js.map +1 -0
  843. package/dist/esm/packs/au-aml-ctf.js +346 -0
  844. package/dist/esm/packs/au-aml-ctf.js.map +1 -0
  845. package/dist/esm/packs/au-asic-rg-271.js +268 -0
  846. package/dist/esm/packs/au-asic-rg-271.js.map +1 -0
  847. package/dist/esm/packs/au-asic-rg-274.js +268 -0
  848. package/dist/esm/packs/au-asic-rg-274.js.map +1 -0
  849. package/dist/esm/packs/au-cdr.js +305 -0
  850. package/dist/esm/packs/au-cdr.js.map +1 -0
  851. package/dist/esm/packs/au-cps230.js +264 -0
  852. package/dist/esm/packs/au-cps230.js.map +1 -0
  853. package/dist/esm/packs/au-cps234.js +297 -0
  854. package/dist/esm/packs/au-cps234.js.map +1 -0
  855. package/dist/esm/packs/au-mandatory-ai-guardrails.js +271 -0
  856. package/dist/esm/packs/au-mandatory-ai-guardrails.js.map +1 -0
  857. package/dist/esm/packs/au-nsw-hripa.js +363 -0
  858. package/dist/esm/packs/au-nsw-hripa.js.map +1 -0
  859. package/dist/esm/packs/au-online-safety.js +297 -0
  860. package/dist/esm/packs/au-online-safety.js.map +1 -0
  861. package/dist/esm/packs/au-privacy-act.js +361 -0
  862. package/dist/esm/packs/au-privacy-act.js.map +1 -0
  863. package/dist/esm/packs/au-soci-act.js +251 -0
  864. package/dist/esm/packs/au-soci-act.js.map +1 -0
  865. package/dist/esm/packs/au-spam-act.js +284 -0
  866. package/dist/esm/packs/au-spam-act.js.map +1 -0
  867. package/dist/esm/packs/au-tga-saimd.js +341 -0
  868. package/dist/esm/packs/au-tga-saimd.js.map +1 -0
  869. package/dist/esm/packs/au-vic-hra.js +345 -0
  870. package/dist/esm/packs/au-vic-hra.js.map +1 -0
  871. package/dist/esm/packs/bipa.js +268 -0
  872. package/dist/esm/packs/bipa.js.map +1 -0
  873. package/dist/esm/packs/bsa-aml.js +410 -0
  874. package/dist/esm/packs/bsa-aml.js.map +1 -0
  875. package/dist/esm/packs/ca-pipeda.js +217 -0
  876. package/dist/esm/packs/ca-pipeda.js.map +1 -0
  877. package/dist/esm/packs/ca-qc-law25.js +188 -0
  878. package/dist/esm/packs/ca-qc-law25.js.map +1 -0
  879. package/dist/esm/packs/caldicott-principles.js +441 -0
  880. package/dist/esm/packs/caldicott-principles.js.map +1 -0
  881. package/dist/esm/packs/california-ab2930.js +410 -0
  882. package/dist/esm/packs/california-ab2930.js.map +1 -0
  883. package/dist/esm/packs/ccpa.js +396 -0
  884. package/dist/esm/packs/ccpa.js.map +1 -0
  885. package/dist/esm/packs/cfpb-2023-03.js +282 -0
  886. package/dist/esm/packs/cfpb-2023-03.js.map +1 -0
  887. package/dist/esm/packs/check-registry.js +3337 -0
  888. package/dist/esm/packs/check-registry.js.map +1 -0
  889. package/dist/esm/packs/cjis.js +342 -0
  890. package/dist/esm/packs/cjis.js.map +1 -0
  891. package/dist/esm/packs/cma-ai-foundation-models.js +394 -0
  892. package/dist/esm/packs/cma-ai-foundation-models.js.map +1 -0
  893. package/dist/esm/packs/cmmc2.js +347 -0
  894. package/dist/esm/packs/cmmc2.js.map +1 -0
  895. package/dist/esm/packs/cms-interoperability.js +387 -0
  896. package/dist/esm/packs/cms-interoperability.js.map +1 -0
  897. package/dist/esm/packs/cn-dsl-csl.js +134 -0
  898. package/dist/esm/packs/cn-dsl-csl.js.map +1 -0
  899. package/dist/esm/packs/colorado-ai.js +376 -0
  900. package/dist/esm/packs/colorado-ai.js.map +1 -0
  901. package/dist/esm/packs/common-rule.js +470 -0
  902. package/dist/esm/packs/common-rule.js.map +1 -0
  903. package/dist/esm/packs/coppa.js +406 -0
  904. package/dist/esm/packs/coppa.js.map +1 -0
  905. package/dist/esm/packs/cyber-essentials.js +404 -0
  906. package/dist/esm/packs/cyber-essentials.js.map +1 -0
  907. package/dist/esm/packs/de-bdsg.js +413 -0
  908. package/dist/esm/packs/de-bdsg.js.map +1 -0
  909. package/dist/esm/packs/do-178c.js +723 -0
  910. package/dist/esm/packs/do-178c.js.map +1 -0
  911. package/dist/esm/packs/dora.js +358 -0
  912. package/dist/esm/packs/dora.js.map +1 -0
  913. package/dist/esm/packs/ecoa.js +386 -0
  914. package/dist/esm/packs/ecoa.js.map +1 -0
  915. package/dist/esm/packs/eu-ai-liability.js +300 -0
  916. package/dist/esm/packs/eu-ai-liability.js.map +1 -0
  917. package/dist/esm/packs/eu-cra.js +140 -0
  918. package/dist/esm/packs/eu-cra.js.map +1 -0
  919. package/dist/esm/packs/eu-data-act.js +138 -0
  920. package/dist/esm/packs/eu-data-act.js.map +1 -0
  921. package/dist/esm/packs/eu-dma.js +185 -0
  922. package/dist/esm/packs/eu-dma.js.map +1 -0
  923. package/dist/esm/packs/eu-dsa.js +176 -0
  924. package/dist/esm/packs/eu-dsa.js.map +1 -0
  925. package/dist/esm/packs/eu-lpp.js +342 -0
  926. package/dist/esm/packs/eu-lpp.js.map +1 -0
  927. package/dist/esm/packs/eu-mdr-ivdr.js +417 -0
  928. package/dist/esm/packs/eu-mdr-ivdr.js.map +1 -0
  929. package/dist/esm/packs/euaiact.js +341 -0
  930. package/dist/esm/packs/euaiact.js.map +1 -0
  931. package/dist/esm/packs/fca-consumer-duty.js +409 -0
  932. package/dist/esm/packs/fca-consumer-duty.js.map +1 -0
  933. package/dist/esm/packs/fca-op-resilience.js +350 -0
  934. package/dist/esm/packs/fca-op-resilience.js.map +1 -0
  935. package/dist/esm/packs/fcra.js +441 -0
  936. package/dist/esm/packs/fcra.js.map +1 -0
  937. package/dist/esm/packs/fda-21-cfr-820.js +606 -0
  938. package/dist/esm/packs/fda-21-cfr-820.js.map +1 -0
  939. package/dist/esm/packs/fda-samd-precert.js +863 -0
  940. package/dist/esm/packs/fda-samd-precert.js.map +1 -0
  941. package/dist/esm/packs/fda-samd.js +314 -0
  942. package/dist/esm/packs/fda-samd.js.map +1 -0
  943. package/dist/esm/packs/fedramp.js +318 -0
  944. package/dist/esm/packs/fedramp.js.map +1 -0
  945. package/dist/esm/packs/ferpa.js +309 -0
  946. package/dist/esm/packs/ferpa.js.map +1 -0
  947. package/dist/esm/packs/finra-3110.js +351 -0
  948. package/dist/esm/packs/finra-3110.js.map +1 -0
  949. package/dist/esm/packs/florida-student-privacy.js +448 -0
  950. package/dist/esm/packs/florida-student-privacy.js.map +1 -0
  951. package/dist/esm/packs/foia.js +394 -0
  952. package/dist/esm/packs/foia.js.map +1 -0
  953. package/dist/esm/packs/frcp26.js +294 -0
  954. package/dist/esm/packs/frcp26.js.map +1 -0
  955. package/dist/esm/packs/ftc5.js +290 -0
  956. package/dist/esm/packs/ftc5.js.map +1 -0
  957. package/dist/esm/packs/gdpr.js +487 -0
  958. package/dist/esm/packs/gdpr.js.map +1 -0
  959. package/dist/esm/packs/glba.js +421 -0
  960. package/dist/esm/packs/glba.js.map +1 -0
  961. package/dist/esm/packs/gxp.js +350 -0
  962. package/dist/esm/packs/gxp.js.map +1 -0
  963. package/dist/esm/packs/hipaa.js +381 -0
  964. package/dist/esm/packs/hipaa.js.map +1 -0
  965. package/dist/esm/packs/hitech.js +289 -0
  966. package/dist/esm/packs/hitech.js.map +1 -0
  967. package/dist/esm/packs/hitrust-csf.js +119 -0
  968. package/dist/esm/packs/hitrust-csf.js.map +1 -0
  969. package/dist/esm/packs/hk-pdpo.js +122 -0
  970. package/dist/esm/packs/hk-pdpo.js.map +1 -0
  971. package/dist/esm/packs/hmda.js +379 -0
  972. package/dist/esm/packs/hmda.js.map +1 -0
  973. package/dist/esm/packs/iec-62304.js +585 -0
  974. package/dist/esm/packs/iec-62304.js.map +1 -0
  975. package/dist/esm/packs/iec-62443.js +686 -0
  976. package/dist/esm/packs/iec-62443.js.map +1 -0
  977. package/dist/esm/packs/illinois-aivia.js +348 -0
  978. package/dist/esm/packs/illinois-aivia.js.map +1 -0
  979. package/dist/esm/packs/in-dpdp.js +429 -0
  980. package/dist/esm/packs/in-dpdp.js.map +1 -0
  981. package/dist/esm/packs/index.js +664 -0
  982. package/dist/esm/packs/index.js.map +1 -0
  983. package/dist/esm/packs/iso-15189.js +944 -0
  984. package/dist/esm/packs/iso-15189.js.map +1 -0
  985. package/dist/esm/packs/iso-23894.js +442 -0
  986. package/dist/esm/packs/iso-23894.js.map +1 -0
  987. package/dist/esm/packs/iso-26262.js +734 -0
  988. package/dist/esm/packs/iso-26262.js.map +1 -0
  989. package/dist/esm/packs/iso-iec-80001.js +993 -0
  990. package/dist/esm/packs/iso-iec-80001.js.map +1 -0
  991. package/dist/esm/packs/iso20022.js +344 -0
  992. package/dist/esm/packs/iso20022.js.map +1 -0
  993. package/dist/esm/packs/iso27001.js +388 -0
  994. package/dist/esm/packs/iso27001.js.map +1 -0
  995. package/dist/esm/packs/iso27701.js +390 -0
  996. package/dist/esm/packs/iso27701.js.map +1 -0
  997. package/dist/esm/packs/iso42001.js +288 -0
  998. package/dist/esm/packs/iso42001.js.map +1 -0
  999. package/dist/esm/packs/jp-appi.js +438 -0
  1000. package/dist/esm/packs/jp-appi.js.map +1 -0
  1001. package/dist/esm/packs/kr-pipa.js +442 -0
  1002. package/dist/esm/packs/kr-pipa.js.map +1 -0
  1003. package/dist/esm/packs/lgpd.js +350 -0
  1004. package/dist/esm/packs/lgpd.js.map +1 -0
  1005. package/dist/esm/packs/lpo2024.js +307 -0
  1006. package/dist/esm/packs/lpo2024.js.map +1 -0
  1007. package/dist/esm/packs/maryland-hb1202.js +338 -0
  1008. package/dist/esm/packs/maryland-hb1202.js.map +1 -0
  1009. package/dist/esm/packs/mhra-samd-ukca.js +473 -0
  1010. package/dist/esm/packs/mhra-samd-ukca.js.map +1 -0
  1011. package/dist/esm/packs/mifid2.js +381 -0
  1012. package/dist/esm/packs/mifid2.js.map +1 -0
  1013. package/dist/esm/packs/migration-manifest.js +55 -0
  1014. package/dist/esm/packs/migration-manifest.js.map +1 -0
  1015. package/dist/esm/packs/naic-mdl.js +315 -0
  1016. package/dist/esm/packs/naic-mdl.js.map +1 -0
  1017. package/dist/esm/packs/ncsc-ai-security.js +626 -0
  1018. package/dist/esm/packs/ncsc-ai-security.js.map +1 -0
  1019. package/dist/esm/packs/ncsc-caf.js +381 -0
  1020. package/dist/esm/packs/ncsc-caf.js.map +1 -0
  1021. package/dist/esm/packs/nhs-dcb0129-dcb0160.js +470 -0
  1022. package/dist/esm/packs/nhs-dcb0129-dcb0160.js.map +1 -0
  1023. package/dist/esm/packs/nhs-dspt.js +434 -0
  1024. package/dist/esm/packs/nhs-dspt.js.map +1 -0
  1025. package/dist/esm/packs/nhs-dtac.js +399 -0
  1026. package/dist/esm/packs/nhs-dtac.js.map +1 -0
  1027. package/dist/esm/packs/nhs-psirf.js +414 -0
  1028. package/dist/esm/packs/nhs-psirf.js.map +1 -0
  1029. package/dist/esm/packs/ni-equality.js +436 -0
  1030. package/dist/esm/packs/ni-equality.js.map +1 -0
  1031. package/dist/esm/packs/ni-hscni.js +415 -0
  1032. package/dist/esm/packs/ni-hscni.js.map +1 -0
  1033. package/dist/esm/packs/ni-mental-capacity.js +130 -0
  1034. package/dist/esm/packs/ni-mental-capacity.js.map +1 -0
  1035. package/dist/esm/packs/nice-esf-dht.js +404 -0
  1036. package/dist/esm/packs/nice-esf-dht.js.map +1 -0
  1037. package/dist/esm/packs/nis2.js +422 -0
  1038. package/dist/esm/packs/nis2.js.map +1 -0
  1039. package/dist/esm/packs/nist-800-53.js +126 -0
  1040. package/dist/esm/packs/nist-800-53.js.map +1 -0
  1041. package/dist/esm/packs/nist-ai-rmf.js +367 -0
  1042. package/dist/esm/packs/nist-ai-rmf.js.map +1 -0
  1043. package/dist/esm/packs/nist-csf.js +131 -0
  1044. package/dist/esm/packs/nist-csf.js.map +1 -0
  1045. package/dist/esm/packs/nist-sp-800-82.js +721 -0
  1046. package/dist/esm/packs/nist-sp-800-82.js.map +1 -0
  1047. package/dist/esm/packs/nyc-ll-144.js +288 -0
  1048. package/dist/esm/packs/nyc-ll-144.js.map +1 -0
  1049. package/dist/esm/packs/nydfs500.js +285 -0
  1050. package/dist/esm/packs/nydfs500.js.map +1 -0
  1051. package/dist/esm/packs/nz-privacy.js +465 -0
  1052. package/dist/esm/packs/nz-privacy.js.map +1 -0
  1053. package/dist/esm/packs/part11.js +329 -0
  1054. package/dist/esm/packs/part11.js.map +1 -0
  1055. package/dist/esm/packs/part2.js +355 -0
  1056. package/dist/esm/packs/part2.js.map +1 -0
  1057. package/dist/esm/packs/pcidss.js +466 -0
  1058. package/dist/esm/packs/pcidss.js.map +1 -0
  1059. package/dist/esm/packs/pipl.js +205 -0
  1060. package/dist/esm/packs/pipl.js.map +1 -0
  1061. package/dist/esm/packs/reg-e.js +359 -0
  1062. package/dist/esm/packs/reg-e.js.map +1 -0
  1063. package/dist/esm/packs/registry-expanded.js +2347 -0
  1064. package/dist/esm/packs/registry-expanded.js.map +1 -0
  1065. package/dist/esm/packs/scotland-awi.js +405 -0
  1066. package/dist/esm/packs/scotland-awi.js.map +1 -0
  1067. package/dist/esm/packs/scotland-procurement-reform.js +122 -0
  1068. package/dist/esm/packs/scotland-procurement-reform.js.map +1 -0
  1069. package/dist/esm/packs/scotland-psed.js +369 -0
  1070. package/dist/esm/packs/scotland-psed.js.map +1 -0
  1071. package/dist/esm/packs/sg-model-ai-gov.js +393 -0
  1072. package/dist/esm/packs/sg-model-ai-gov.js.map +1 -0
  1073. package/dist/esm/packs/soc1.js +305 -0
  1074. package/dist/esm/packs/soc1.js.map +1 -0
  1075. package/dist/esm/packs/soc2.js +337 -0
  1076. package/dist/esm/packs/soc2.js.map +1 -0
  1077. package/dist/esm/packs/sox404.js +295 -0
  1078. package/dist/esm/packs/sox404.js.map +1 -0
  1079. package/dist/esm/packs/sr117.js +342 -0
  1080. package/dist/esm/packs/sr117.js.map +1 -0
  1081. package/dist/esm/packs/stateramp.js +324 -0
  1082. package/dist/esm/packs/stateramp.js.map +1 -0
  1083. package/dist/esm/packs/tennessee-elvis.js +417 -0
  1084. package/dist/esm/packs/tennessee-elvis.js.map +1 -0
  1085. package/dist/esm/packs/texas-hb4.js +393 -0
  1086. package/dist/esm/packs/texas-hb4.js.map +1 -0
  1087. package/dist/esm/packs/th-pdpa.js +125 -0
  1088. package/dist/esm/packs/th-pdpa.js.map +1 -0
  1089. package/dist/esm/packs/title-ix.js +444 -0
  1090. package/dist/esm/packs/title-ix.js.map +1 -0
  1091. package/dist/esm/packs/uk-ai-framework.js +352 -0
  1092. package/dist/esm/packs/uk-ai-framework.js.map +1 -0
  1093. package/dist/esm/packs/uk-cma-1990.js +403 -0
  1094. package/dist/esm/packs/uk-cma-1990.js.map +1 -0
  1095. package/dist/esm/packs/uk-equality-act-ai-bias.js +681 -0
  1096. package/dist/esm/packs/uk-equality-act-ai-bias.js.map +1 -0
  1097. package/dist/esm/packs/uk-equality-act.js +406 -0
  1098. package/dist/esm/packs/uk-equality-act.js.map +1 -0
  1099. package/dist/esm/packs/uk-future-ai-legislation.js +209 -0
  1100. package/dist/esm/packs/uk-future-ai-legislation.js.map +1 -0
  1101. package/dist/esm/packs/uk-gdpr.js +374 -0
  1102. package/dist/esm/packs/uk-gdpr.js.map +1 -0
  1103. package/dist/esm/packs/uk-ico-open-case.js +396 -0
  1104. package/dist/esm/packs/uk-ico-open-case.js.map +1 -0
  1105. package/dist/esm/packs/uk-nis-regs.js +363 -0
  1106. package/dist/esm/packs/uk-nis-regs.js.map +1 -0
  1107. package/dist/esm/packs/uk-online-safety-act.js +410 -0
  1108. package/dist/esm/packs/uk-online-safety-act.js.map +1 -0
  1109. package/dist/esm/packs/uk-procurement-act.js +431 -0
  1110. package/dist/esm/packs/uk-procurement-act.js.map +1 -0
  1111. package/dist/esm/packs/us-fda-21cfr56.js +364 -0
  1112. package/dist/esm/packs/us-fda-21cfr56.js.map +1 -0
  1113. package/dist/esm/packs/us-nih-coc.js +203 -0
  1114. package/dist/esm/packs/us-nih-coc.js.map +1 -0
  1115. package/dist/esm/packs/us-nih-dms.js +241 -0
  1116. package/dist/esm/packs/us-nih-dms.js.map +1 -0
  1117. package/dist/esm/packs/us-nih-gds.js +355 -0
  1118. package/dist/esm/packs/us-nih-gds.js.map +1 -0
  1119. package/dist/esm/packs/us-nih-it-security.js +203 -0
  1120. package/dist/esm/packs/us-nih-it-security.js.map +1 -0
  1121. package/dist/esm/packs/us-respa.js +361 -0
  1122. package/dist/esm/packs/us-respa.js.map +1 -0
  1123. package/dist/esm/packs/us-tila.js +350 -0
  1124. package/dist/esm/packs/us-tila.js.map +1 -0
  1125. package/dist/esm/packs/us-trid.js +342 -0
  1126. package/dist/esm/packs/us-trid.js.map +1 -0
  1127. package/dist/esm/packs/utah-ai-policy.js +337 -0
  1128. package/dist/esm/packs/utah-ai-policy.js.map +1 -0
  1129. package/dist/esm/packs/vn-pdpd.js +122 -0
  1130. package/dist/esm/packs/vn-pdpd.js.map +1 -0
  1131. package/dist/esm/packs/wales-future-generations.js +393 -0
  1132. package/dist/esm/packs/wales-future-generations.js.map +1 -0
  1133. package/dist/esm/reporting/governance-reporter.js +405 -0
  1134. package/dist/esm/reporting/governance-reporter.js.map +1 -0
  1135. package/dist/esm/retention/backup-retention-adapter.js +66 -0
  1136. package/dist/esm/retention/backup-retention-adapter.js.map +1 -0
  1137. package/dist/esm/retention/classification-rules.js +182 -0
  1138. package/dist/esm/retention/classification-rules.js.map +1 -0
  1139. package/dist/esm/retention/classifier.js +243 -0
  1140. package/dist/esm/retention/classifier.js.map +1 -0
  1141. package/dist/esm/retention/data-class.js +44 -0
  1142. package/dist/esm/retention/data-class.js.map +1 -0
  1143. package/dist/esm/retention/enforcement-log-store.js +145 -0
  1144. package/dist/esm/retention/enforcement-log-store.js.map +1 -0
  1145. package/dist/esm/retention/index.js +31 -0
  1146. package/dist/esm/retention/index.js.map +1 -0
  1147. package/dist/esm/retention/ingest-classifier.js +123 -0
  1148. package/dist/esm/retention/ingest-classifier.js.map +1 -0
  1149. package/dist/esm/retention/legal-hold-errors.js +92 -0
  1150. package/dist/esm/retention/legal-hold-errors.js.map +1 -0
  1151. package/dist/esm/retention/legal-hold-store.js +394 -0
  1152. package/dist/esm/retention/legal-hold-store.js.map +1 -0
  1153. package/dist/esm/retention/legal-hold.js +17 -0
  1154. package/dist/esm/retention/legal-hold.js.map +1 -0
  1155. package/dist/esm/retention/log-aggregators/datadog.js +153 -0
  1156. package/dist/esm/retention/log-aggregators/datadog.js.map +1 -0
  1157. package/dist/esm/retention/log-aggregators/index.js +10 -0
  1158. package/dist/esm/retention/log-aggregators/index.js.map +1 -0
  1159. package/dist/esm/retention/log-aggregators/log-aggregator.js +20 -0
  1160. package/dist/esm/retention/log-aggregators/log-aggregator.js.map +1 -0
  1161. package/dist/esm/retention/log-aggregators/noop.js +26 -0
  1162. package/dist/esm/retention/log-aggregators/noop.js.map +1 -0
  1163. package/dist/esm/retention/log-aggregators/sentinel.js +216 -0
  1164. package/dist/esm/retention/log-aggregators/sentinel.js.map +1 -0
  1165. package/dist/esm/retention/log-aggregators/splunk.js +147 -0
  1166. package/dist/esm/retention/log-aggregators/splunk.js.map +1 -0
  1167. package/dist/esm/retention/policy-matrix-errors.js +127 -0
  1168. package/dist/esm/retention/policy-matrix-errors.js.map +1 -0
  1169. package/dist/esm/retention/policy-matrix.js +580 -0
  1170. package/dist/esm/retention/policy-matrix.js.map +1 -0
  1171. package/dist/esm/scanner/gap-report.js +333 -0
  1172. package/dist/esm/scanner/gap-report.js.map +1 -0
  1173. package/dist/esm/scanner/index.js +414 -0
  1174. package/dist/esm/scanner/index.js.map +1 -0
  1175. package/dist/esm/scanner/manifest-integrity.js +151 -0
  1176. package/dist/esm/scanner/manifest-integrity.js.map +1 -0
  1177. package/dist/esm/scanner/remediation.js +255 -0
  1178. package/dist/esm/scanner/remediation.js.map +1 -0
  1179. package/dist/esm/security/access-review.js +235 -0
  1180. package/dist/esm/security/access-review.js.map +1 -0
  1181. package/dist/esm/security/agent-auth.js +253 -0
  1182. package/dist/esm/security/agent-auth.js.map +1 -0
  1183. package/dist/esm/security/anomaly-auto-suspend.js +345 -0
  1184. package/dist/esm/security/anomaly-auto-suspend.js.map +1 -0
  1185. package/dist/esm/security/anomaly-correlator.js +279 -0
  1186. package/dist/esm/security/anomaly-correlator.js.map +1 -0
  1187. package/dist/esm/security/anomaly-detector.js +261 -0
  1188. package/dist/esm/security/anomaly-detector.js.map +1 -0
  1189. package/dist/esm/security/anomaly-self-reflection.js +292 -0
  1190. package/dist/esm/security/anomaly-self-reflection.js.map +1 -0
  1191. package/dist/esm/security/built-in-llm-providers.js +80 -0
  1192. package/dist/esm/security/built-in-llm-providers.js.map +1 -0
  1193. package/dist/esm/security/circuit-breaker.js +146 -0
  1194. package/dist/esm/security/circuit-breaker.js.map +1 -0
  1195. package/dist/esm/security/data-classifier.js +446 -0
  1196. package/dist/esm/security/data-classifier.js.map +1 -0
  1197. package/dist/esm/security/encrypted-storage.js +220 -0
  1198. package/dist/esm/security/encrypted-storage.js.map +1 -0
  1199. package/dist/esm/security/encryption-layer.js +337 -0
  1200. package/dist/esm/security/encryption-layer.js.map +1 -0
  1201. package/dist/esm/security/external-cross-check.js +451 -0
  1202. package/dist/esm/security/external-cross-check.js.map +1 -0
  1203. package/dist/esm/security/hash-manifest.js +229 -0
  1204. package/dist/esm/security/hash-manifest.js.map +1 -0
  1205. package/dist/esm/security/http-interceptor.js +594 -0
  1206. package/dist/esm/security/http-interceptor.js.map +1 -0
  1207. package/dist/esm/security/key-manager.js +289 -0
  1208. package/dist/esm/security/key-manager.js.map +1 -0
  1209. package/dist/esm/security/nonce-store.js +133 -0
  1210. package/dist/esm/security/nonce-store.js.map +1 -0
  1211. package/dist/esm/security/operator-roles.js +241 -0
  1212. package/dist/esm/security/operator-roles.js.map +1 -0
  1213. package/dist/esm/security/plugin-integrity.js +153 -0
  1214. package/dist/esm/security/plugin-integrity.js.map +1 -0
  1215. package/dist/esm/security/prompt-injection-detector.js +466 -0
  1216. package/dist/esm/security/prompt-injection-detector.js.map +1 -0
  1217. package/dist/esm/security/provider-compliance-boot.js +102 -0
  1218. package/dist/esm/security/provider-compliance-boot.js.map +1 -0
  1219. package/dist/esm/security/provider-compliance.js +707 -0
  1220. package/dist/esm/security/provider-compliance.js.map +1 -0
  1221. package/dist/esm/security/secret-leak-detector.js +176 -0
  1222. package/dist/esm/security/secret-leak-detector.js.map +1 -0
  1223. package/dist/esm/security/session-timeout.js +254 -0
  1224. package/dist/esm/security/session-timeout.js.map +1 -0
  1225. package/dist/esm/security/ssrf-guard.js +222 -0
  1226. package/dist/esm/security/ssrf-guard.js.map +1 -0
  1227. package/dist/esm/security/supply-chain.js +283 -0
  1228. package/dist/esm/security/supply-chain.js.map +1 -0
  1229. package/dist/esm/security/vendor-registry.js +256 -0
  1230. package/dist/esm/security/vendor-registry.js.map +1 -0
  1231. package/dist/esm/tenant/index.js +14 -0
  1232. package/dist/esm/tenant/index.js.map +1 -0
  1233. package/dist/esm/tenant/policy-inheritance.js +342 -0
  1234. package/dist/esm/tenant/policy-inheritance.js.map +1 -0
  1235. package/dist/esm/tenant/rbac.js +178 -0
  1236. package/dist/esm/tenant/rbac.js.map +1 -0
  1237. package/dist/esm/tenant/workspace.js +274 -0
  1238. package/dist/esm/tenant/workspace.js.map +1 -0
  1239. package/dist/esm/trust-passport/index.js +119 -0
  1240. package/dist/esm/trust-passport/index.js.map +1 -0
  1241. package/dist/esm/util/async-io.js +164 -0
  1242. package/dist/esm/util/async-io.js.map +1 -0
  1243. package/dist/esm/util/fs.js +165 -0
  1244. package/dist/esm/util/fs.js.map +1 -0
  1245. package/dist/esm/util/log-rotation.js +175 -0
  1246. package/dist/esm/util/log-rotation.js.map +1 -0
  1247. package/dist/esm/util/log.js +77 -0
  1248. package/dist/esm/util/log.js.map +1 -0
  1249. package/dist/esm/util/sigv4.js +113 -0
  1250. package/dist/esm/util/sigv4.js.map +1 -0
  1251. package/dist/esm/util/storage-backend.js +167 -0
  1252. package/dist/esm/util/storage-backend.js.map +1 -0
  1253. package/dist/governance/action-classes.d.ts +153 -0
  1254. package/dist/governance/action-classes.d.ts.map +1 -0
  1255. package/dist/governance/action-classes.js +177 -0
  1256. package/dist/governance/action-classes.js.map +1 -0
  1257. package/dist/governance/action-isolation.d.ts +317 -0
  1258. package/dist/governance/action-isolation.d.ts.map +1 -0
  1259. package/dist/governance/action-isolation.js +623 -0
  1260. package/dist/governance/action-isolation.js.map +1 -0
  1261. package/dist/governance/agent-discovery.d.ts +33 -0
  1262. package/dist/governance/agent-discovery.d.ts.map +1 -0
  1263. package/dist/governance/agent-discovery.js +249 -0
  1264. package/dist/governance/agent-discovery.js.map +1 -0
  1265. package/dist/governance/agent-discovery.test.d.ts +7 -0
  1266. package/dist/governance/agent-discovery.test.d.ts.map +1 -0
  1267. package/dist/governance/agent-discovery.test.js +179 -0
  1268. package/dist/governance/agent-discovery.test.js.map +1 -0
  1269. package/dist/governance/agent-trust-report.d.ts +124 -0
  1270. package/dist/governance/agent-trust-report.d.ts.map +1 -0
  1271. package/dist/governance/agent-trust-report.js +155 -0
  1272. package/dist/governance/agent-trust-report.js.map +1 -0
  1273. package/dist/governance/agent-trust-report.test.d.ts +7 -0
  1274. package/dist/governance/agent-trust-report.test.d.ts.map +1 -0
  1275. package/dist/governance/agent-trust-report.test.js +294 -0
  1276. package/dist/governance/agent-trust-report.test.js.map +1 -0
  1277. package/dist/governance/approval-channel-adapters.d.ts +45 -0
  1278. package/dist/governance/approval-channel-adapters.d.ts.map +1 -0
  1279. package/dist/governance/approval-channel-adapters.js +173 -0
  1280. package/dist/governance/approval-channel-adapters.js.map +1 -0
  1281. package/dist/governance/approval-channel-adapters.test.d.ts +7 -0
  1282. package/dist/governance/approval-channel-adapters.test.d.ts.map +1 -0
  1283. package/dist/governance/approval-channel-adapters.test.js +198 -0
  1284. package/dist/governance/approval-channel-adapters.test.js.map +1 -0
  1285. package/dist/governance/approval-gate-enforcer.d.ts +224 -0
  1286. package/dist/governance/approval-gate-enforcer.d.ts.map +1 -0
  1287. package/dist/governance/approval-gate-enforcer.js +443 -0
  1288. package/dist/governance/approval-gate-enforcer.js.map +1 -0
  1289. package/dist/governance/approval-notifications.d.ts +101 -0
  1290. package/dist/governance/approval-notifications.d.ts.map +1 -0
  1291. package/dist/governance/approval-notifications.js +143 -0
  1292. package/dist/governance/approval-notifications.js.map +1 -0
  1293. package/dist/governance/approval-notifications.test.d.ts +15 -0
  1294. package/dist/governance/approval-notifications.test.d.ts.map +1 -0
  1295. package/dist/governance/approval-notifications.test.js +227 -0
  1296. package/dist/governance/approval-notifications.test.js.map +1 -0
  1297. package/dist/governance/approval-queue-store.d.ts +114 -0
  1298. package/dist/governance/approval-queue-store.d.ts.map +1 -0
  1299. package/dist/governance/approval-queue-store.js +149 -0
  1300. package/dist/governance/approval-queue-store.js.map +1 -0
  1301. package/dist/governance/approval-queue.d.ts +172 -0
  1302. package/dist/governance/approval-queue.d.ts.map +1 -0
  1303. package/dist/governance/approval-queue.js +329 -0
  1304. package/dist/governance/approval-queue.js.map +1 -0
  1305. package/dist/governance/approval-service.d.ts +79 -0
  1306. package/dist/governance/approval-service.d.ts.map +1 -0
  1307. package/dist/governance/approval-service.js +129 -0
  1308. package/dist/governance/approval-service.js.map +1 -0
  1309. package/dist/governance/audit-chain-emitter.d.ts +103 -0
  1310. package/dist/governance/audit-chain-emitter.d.ts.map +1 -0
  1311. package/dist/governance/audit-chain-emitter.js +220 -0
  1312. package/dist/governance/audit-chain-emitter.js.map +1 -0
  1313. package/dist/governance/audit-chain-emitter.test.d.ts +7 -0
  1314. package/dist/governance/audit-chain-emitter.test.d.ts.map +1 -0
  1315. package/dist/governance/audit-chain-emitter.test.js +225 -0
  1316. package/dist/governance/audit-chain-emitter.test.js.map +1 -0
  1317. package/dist/governance/auto-pack-generator.d.ts +56 -0
  1318. package/dist/governance/auto-pack-generator.d.ts.map +1 -0
  1319. package/dist/governance/auto-pack-generator.js +70 -0
  1320. package/dist/governance/auto-pack-generator.js.map +1 -0
  1321. package/dist/governance/auto-pack-generator.test.d.ts +7 -0
  1322. package/dist/governance/auto-pack-generator.test.d.ts.map +1 -0
  1323. package/dist/governance/auto-pack-generator.test.js +130 -0
  1324. package/dist/governance/auto-pack-generator.test.js.map +1 -0
  1325. package/dist/governance/autonomy-spectrum.d.ts +253 -0
  1326. package/dist/governance/autonomy-spectrum.d.ts.map +1 -0
  1327. package/dist/governance/autonomy-spectrum.js +697 -0
  1328. package/dist/governance/autonomy-spectrum.js.map +1 -0
  1329. package/dist/governance/batch-mode-governance.d.ts +337 -0
  1330. package/dist/governance/batch-mode-governance.d.ts.map +1 -0
  1331. package/dist/governance/batch-mode-governance.js +651 -0
  1332. package/dist/governance/batch-mode-governance.js.map +1 -0
  1333. package/dist/governance/bias-monitor.d.ts +100 -0
  1334. package/dist/governance/bias-monitor.d.ts.map +1 -0
  1335. package/dist/governance/bias-monitor.js +310 -0
  1336. package/dist/governance/bias-monitor.js.map +1 -0
  1337. package/dist/governance/blast-radius-enforcer.d.ts +308 -0
  1338. package/dist/governance/blast-radius-enforcer.d.ts.map +1 -0
  1339. package/dist/governance/blast-radius-enforcer.js +579 -0
  1340. package/dist/governance/blast-radius-enforcer.js.map +1 -0
  1341. package/dist/governance/build-structure-score.d.ts +38 -0
  1342. package/dist/governance/build-structure-score.d.ts.map +1 -0
  1343. package/dist/governance/build-structure-score.js +64 -0
  1344. package/dist/governance/build-structure-score.js.map +1 -0
  1345. package/dist/governance/build-structure-score.test.d.ts +8 -0
  1346. package/dist/governance/build-structure-score.test.d.ts.map +1 -0
  1347. package/dist/governance/build-structure-score.test.js +151 -0
  1348. package/dist/governance/build-structure-score.test.js.map +1 -0
  1349. package/dist/governance/capability-bundle.d.ts +58 -0
  1350. package/dist/governance/capability-bundle.d.ts.map +1 -0
  1351. package/dist/governance/capability-bundle.js +277 -0
  1352. package/dist/governance/capability-bundle.js.map +1 -0
  1353. package/dist/governance/capability-change-detector.d.ts +335 -0
  1354. package/dist/governance/capability-change-detector.d.ts.map +1 -0
  1355. package/dist/governance/capability-change-detector.js +743 -0
  1356. package/dist/governance/capability-change-detector.js.map +1 -0
  1357. package/dist/governance/capability-classes.d.ts +42 -0
  1358. package/dist/governance/capability-classes.d.ts.map +1 -0
  1359. package/dist/governance/capability-classes.js +133 -0
  1360. package/dist/governance/capability-classes.js.map +1 -0
  1361. package/dist/governance/capability-classes.test.d.ts +23 -0
  1362. package/dist/governance/capability-classes.test.d.ts.map +1 -0
  1363. package/dist/governance/capability-classes.test.js +206 -0
  1364. package/dist/governance/capability-classes.test.js.map +1 -0
  1365. package/dist/governance/company-pack-builder.d.ts +46 -0
  1366. package/dist/governance/company-pack-builder.d.ts.map +1 -0
  1367. package/dist/governance/company-pack-builder.js +74 -0
  1368. package/dist/governance/company-pack-builder.js.map +1 -0
  1369. package/dist/governance/confidence-gate.d.ts +129 -0
  1370. package/dist/governance/confidence-gate.d.ts.map +1 -0
  1371. package/dist/governance/confidence-gate.js +253 -0
  1372. package/dist/governance/confidence-gate.js.map +1 -0
  1373. package/dist/governance/council.d.ts +99 -0
  1374. package/dist/governance/council.d.ts.map +1 -0
  1375. package/dist/governance/council.js +305 -0
  1376. package/dist/governance/council.js.map +1 -0
  1377. package/dist/governance/cross-session-pseudonymizer.d.ts +286 -0
  1378. package/dist/governance/cross-session-pseudonymizer.d.ts.map +1 -0
  1379. package/dist/governance/cross-session-pseudonymizer.js +639 -0
  1380. package/dist/governance/cross-session-pseudonymizer.js.map +1 -0
  1381. package/dist/governance/cycle-timeout.d.ts +120 -0
  1382. package/dist/governance/cycle-timeout.d.ts.map +1 -0
  1383. package/dist/governance/cycle-timeout.js +217 -0
  1384. package/dist/governance/cycle-timeout.js.map +1 -0
  1385. package/dist/governance/cycle-token-budget.d.ts +122 -0
  1386. package/dist/governance/cycle-token-budget.d.ts.map +1 -0
  1387. package/dist/governance/cycle-token-budget.js +182 -0
  1388. package/dist/governance/cycle-token-budget.js.map +1 -0
  1389. package/dist/governance/data-subject-rights.d.ts +155 -0
  1390. package/dist/governance/data-subject-rights.d.ts.map +1 -0
  1391. package/dist/governance/data-subject-rights.js +492 -0
  1392. package/dist/governance/data-subject-rights.js.map +1 -0
  1393. package/dist/governance/demo-workspace.d.ts +35 -0
  1394. package/dist/governance/demo-workspace.d.ts.map +1 -0
  1395. package/dist/governance/demo-workspace.js +214 -0
  1396. package/dist/governance/demo-workspace.js.map +1 -0
  1397. package/dist/governance/demo-workspace.test.d.ts +12 -0
  1398. package/dist/governance/demo-workspace.test.d.ts.map +1 -0
  1399. package/dist/governance/demo-workspace.test.js +115 -0
  1400. package/dist/governance/demo-workspace.test.js.map +1 -0
  1401. package/dist/governance/discovery-cli.d.ts +63 -0
  1402. package/dist/governance/discovery-cli.d.ts.map +1 -0
  1403. package/dist/governance/discovery-cli.js +99 -0
  1404. package/dist/governance/discovery-cli.js.map +1 -0
  1405. package/dist/governance/discovery-cli.test.d.ts +7 -0
  1406. package/dist/governance/discovery-cli.test.d.ts.map +1 -0
  1407. package/dist/governance/discovery-cli.test.js +226 -0
  1408. package/dist/governance/discovery-cli.test.js.map +1 -0
  1409. package/dist/governance/gateguard.d.ts +103 -0
  1410. package/dist/governance/gateguard.d.ts.map +1 -0
  1411. package/dist/governance/gateguard.js +302 -0
  1412. package/dist/governance/gateguard.js.map +1 -0
  1413. package/dist/governance/governance-runtime.d.ts +148 -0
  1414. package/dist/governance/governance-runtime.d.ts.map +1 -0
  1415. package/dist/governance/governance-runtime.js +414 -0
  1416. package/dist/governance/governance-runtime.js.map +1 -0
  1417. package/dist/governance/hook-install-snippet.d.ts +42 -0
  1418. package/dist/governance/hook-install-snippet.d.ts.map +1 -0
  1419. package/dist/governance/hook-install-snippet.js +212 -0
  1420. package/dist/governance/hook-install-snippet.js.map +1 -0
  1421. package/dist/governance/hook-install-snippet.test.d.ts +7 -0
  1422. package/dist/governance/hook-install-snippet.test.d.ts.map +1 -0
  1423. package/dist/governance/hook-install-snippet.test.js +130 -0
  1424. package/dist/governance/hook-install-snippet.test.js.map +1 -0
  1425. package/dist/governance/hook-profile.d.ts +215 -0
  1426. package/dist/governance/hook-profile.d.ts.map +1 -0
  1427. package/dist/governance/hook-profile.js +515 -0
  1428. package/dist/governance/hook-profile.js.map +1 -0
  1429. package/dist/governance/improvement-recommendations.d.ts +101 -0
  1430. package/dist/governance/improvement-recommendations.d.ts.map +1 -0
  1431. package/dist/governance/improvement-recommendations.js +171 -0
  1432. package/dist/governance/improvement-recommendations.js.map +1 -0
  1433. package/dist/governance/improvement-recommendations.test.d.ts +11 -0
  1434. package/dist/governance/improvement-recommendations.test.d.ts.map +1 -0
  1435. package/dist/governance/improvement-recommendations.test.js +213 -0
  1436. package/dist/governance/improvement-recommendations.test.js.map +1 -0
  1437. package/dist/governance/incident-notifier.d.ts +195 -0
  1438. package/dist/governance/incident-notifier.d.ts.map +1 -0
  1439. package/dist/governance/incident-notifier.js +527 -0
  1440. package/dist/governance/incident-notifier.js.map +1 -0
  1441. package/dist/governance/index.d.ts +24 -0
  1442. package/dist/governance/index.d.ts.map +1 -0
  1443. package/dist/governance/index.js +67 -0
  1444. package/dist/governance/index.js.map +1 -0
  1445. package/dist/governance/info-action-separation.d.ts +98 -0
  1446. package/dist/governance/info-action-separation.d.ts.map +1 -0
  1447. package/dist/governance/info-action-separation.js +148 -0
  1448. package/dist/governance/info-action-separation.js.map +1 -0
  1449. package/dist/governance/info-action-separation.test.d.ts +20 -0
  1450. package/dist/governance/info-action-separation.test.d.ts.map +1 -0
  1451. package/dist/governance/info-action-separation.test.js +190 -0
  1452. package/dist/governance/info-action-separation.test.js.map +1 -0
  1453. package/dist/governance/instinct-system.d.ts +141 -0
  1454. package/dist/governance/instinct-system.d.ts.map +1 -0
  1455. package/dist/governance/instinct-system.js +388 -0
  1456. package/dist/governance/instinct-system.js.map +1 -0
  1457. package/dist/governance/insurance-certificate.d.ts +88 -0
  1458. package/dist/governance/insurance-certificate.d.ts.map +1 -0
  1459. package/dist/governance/insurance-certificate.js +155 -0
  1460. package/dist/governance/insurance-certificate.js.map +1 -0
  1461. package/dist/governance/insurance-certificate.test.d.ts +7 -0
  1462. package/dist/governance/insurance-certificate.test.d.ts.map +1 -0
  1463. package/dist/governance/insurance-certificate.test.js +240 -0
  1464. package/dist/governance/insurance-certificate.test.js.map +1 -0
  1465. package/dist/governance/manifest-push-emitter.d.ts +51 -0
  1466. package/dist/governance/manifest-push-emitter.d.ts.map +1 -0
  1467. package/dist/governance/manifest-push-emitter.js +111 -0
  1468. package/dist/governance/manifest-push-emitter.js.map +1 -0
  1469. package/dist/governance/manifest-push-emitter.test.d.ts +7 -0
  1470. package/dist/governance/manifest-push-emitter.test.d.ts.map +1 -0
  1471. package/dist/governance/manifest-push-emitter.test.js +250 -0
  1472. package/dist/governance/manifest-push-emitter.test.js.map +1 -0
  1473. package/dist/governance/memory/cross-session-memory.d.ts +100 -0
  1474. package/dist/governance/memory/cross-session-memory.d.ts.map +1 -0
  1475. package/dist/governance/memory/cross-session-memory.js +319 -0
  1476. package/dist/governance/memory/cross-session-memory.js.map +1 -0
  1477. package/dist/governance/memory/index.d.ts +14 -0
  1478. package/dist/governance/memory/index.d.ts.map +1 -0
  1479. package/dist/governance/memory/index.js +27 -0
  1480. package/dist/governance/memory/index.js.map +1 -0
  1481. package/dist/governance/memory/memory-chain.d.ts +109 -0
  1482. package/dist/governance/memory/memory-chain.d.ts.map +1 -0
  1483. package/dist/governance/memory/memory-chain.js +221 -0
  1484. package/dist/governance/memory/memory-chain.js.map +1 -0
  1485. package/dist/governance/memory/retrieval-allowlist.d.ts +120 -0
  1486. package/dist/governance/memory/retrieval-allowlist.d.ts.map +1 -0
  1487. package/dist/governance/memory/retrieval-allowlist.js +177 -0
  1488. package/dist/governance/memory/retrieval-allowlist.js.map +1 -0
  1489. package/dist/governance/memory/session-memory.d.ts +105 -0
  1490. package/dist/governance/memory/session-memory.d.ts.map +1 -0
  1491. package/dist/governance/memory/session-memory.js +220 -0
  1492. package/dist/governance/memory/session-memory.js.map +1 -0
  1493. package/dist/governance/memory-audit-chain.d.ts +218 -0
  1494. package/dist/governance/memory-audit-chain.d.ts.map +1 -0
  1495. package/dist/governance/memory-audit-chain.js +400 -0
  1496. package/dist/governance/memory-audit-chain.js.map +1 -0
  1497. package/dist/governance/memory-integrity.d.ts +82 -0
  1498. package/dist/governance/memory-integrity.d.ts.map +1 -0
  1499. package/dist/governance/memory-integrity.js +304 -0
  1500. package/dist/governance/memory-integrity.js.map +1 -0
  1501. package/dist/governance/multi-store-deletion-worker.d.ts +163 -0
  1502. package/dist/governance/multi-store-deletion-worker.d.ts.map +1 -0
  1503. package/dist/governance/multi-store-deletion-worker.js +300 -0
  1504. package/dist/governance/multi-store-deletion-worker.js.map +1 -0
  1505. package/dist/governance/multi-tenant.d.ts +105 -0
  1506. package/dist/governance/multi-tenant.d.ts.map +1 -0
  1507. package/dist/governance/multi-tenant.js +312 -0
  1508. package/dist/governance/multi-tenant.js.map +1 -0
  1509. package/dist/governance/onboarding-tier-router.d.ts +51 -0
  1510. package/dist/governance/onboarding-tier-router.d.ts.map +1 -0
  1511. package/dist/governance/onboarding-tier-router.js +112 -0
  1512. package/dist/governance/onboarding-tier-router.js.map +1 -0
  1513. package/dist/governance/onboarding-tier-router.test.d.ts +7 -0
  1514. package/dist/governance/onboarding-tier-router.test.d.ts.map +1 -0
  1515. package/dist/governance/onboarding-tier-router.test.js +141 -0
  1516. package/dist/governance/onboarding-tier-router.test.js.map +1 -0
  1517. package/dist/governance/org-reputation.d.ts +54 -0
  1518. package/dist/governance/org-reputation.d.ts.map +1 -0
  1519. package/dist/governance/org-reputation.js +91 -0
  1520. package/dist/governance/org-reputation.js.map +1 -0
  1521. package/dist/governance/org-reputation.test.d.ts +7 -0
  1522. package/dist/governance/org-reputation.test.d.ts.map +1 -0
  1523. package/dist/governance/org-reputation.test.js +190 -0
  1524. package/dist/governance/org-reputation.test.js.map +1 -0
  1525. package/dist/governance/owasp-agentic-scanner.d.ts +100 -0
  1526. package/dist/governance/owasp-agentic-scanner.d.ts.map +1 -0
  1527. package/dist/governance/owasp-agentic-scanner.js +318 -0
  1528. package/dist/governance/owasp-agentic-scanner.js.map +1 -0
  1529. package/dist/governance/owasp-agentic-scanner.test.d.ts +8 -0
  1530. package/dist/governance/owasp-agentic-scanner.test.d.ts.map +1 -0
  1531. package/dist/governance/owasp-agentic-scanner.test.js +163 -0
  1532. package/dist/governance/owasp-agentic-scanner.test.js.map +1 -0
  1533. package/dist/governance/pack-diff.d.ts +61 -0
  1534. package/dist/governance/pack-diff.d.ts.map +1 -0
  1535. package/dist/governance/pack-diff.js +82 -0
  1536. package/dist/governance/pack-diff.js.map +1 -0
  1537. package/dist/governance/pack-diff.test.d.ts +7 -0
  1538. package/dist/governance/pack-diff.test.d.ts.map +1 -0
  1539. package/dist/governance/pack-diff.test.js +242 -0
  1540. package/dist/governance/pack-diff.test.js.map +1 -0
  1541. package/dist/governance/pack-evaluator-prewarm.d.ts +66 -0
  1542. package/dist/governance/pack-evaluator-prewarm.d.ts.map +1 -0
  1543. package/dist/governance/pack-evaluator-prewarm.js +139 -0
  1544. package/dist/governance/pack-evaluator-prewarm.js.map +1 -0
  1545. package/dist/governance/pack-evaluator.d.ts +110 -0
  1546. package/dist/governance/pack-evaluator.d.ts.map +1 -0
  1547. package/dist/governance/pack-evaluator.js +328 -0
  1548. package/dist/governance/pack-evaluator.js.map +1 -0
  1549. package/dist/governance/pack-evaluator.test.d.ts +7 -0
  1550. package/dist/governance/pack-evaluator.test.d.ts.map +1 -0
  1551. package/dist/governance/pack-evaluator.test.js +279 -0
  1552. package/dist/governance/pack-evaluator.test.js.map +1 -0
  1553. package/dist/governance/pack-inheritance.d.ts +121 -0
  1554. package/dist/governance/pack-inheritance.d.ts.map +1 -0
  1555. package/dist/governance/pack-inheritance.js +178 -0
  1556. package/dist/governance/pack-inheritance.js.map +1 -0
  1557. package/dist/governance/pack-inheritance.test.d.ts +17 -0
  1558. package/dist/governance/pack-inheritance.test.d.ts.map +1 -0
  1559. package/dist/governance/pack-inheritance.test.js +207 -0
  1560. package/dist/governance/pack-inheritance.test.js.map +1 -0
  1561. package/dist/governance/pack-publish-workflow.d.ts +60 -0
  1562. package/dist/governance/pack-publish-workflow.d.ts.map +1 -0
  1563. package/dist/governance/pack-publish-workflow.js +85 -0
  1564. package/dist/governance/pack-publish-workflow.js.map +1 -0
  1565. package/dist/governance/pack-publish-workflow.test.d.ts +7 -0
  1566. package/dist/governance/pack-publish-workflow.test.d.ts.map +1 -0
  1567. package/dist/governance/pack-publish-workflow.test.js +211 -0
  1568. package/dist/governance/pack-publish-workflow.test.js.map +1 -0
  1569. package/dist/governance/pack-rule-validator.d.ts +40 -0
  1570. package/dist/governance/pack-rule-validator.d.ts.map +1 -0
  1571. package/dist/governance/pack-rule-validator.js +142 -0
  1572. package/dist/governance/pack-rule-validator.js.map +1 -0
  1573. package/dist/governance/pack-rule-validator.test.d.ts +7 -0
  1574. package/dist/governance/pack-rule-validator.test.d.ts.map +1 -0
  1575. package/dist/governance/pack-rule-validator.test.js +153 -0
  1576. package/dist/governance/pack-rule-validator.test.js.map +1 -0
  1577. package/dist/governance/pack-versioning.d.ts +75 -0
  1578. package/dist/governance/pack-versioning.d.ts.map +1 -0
  1579. package/dist/governance/pack-versioning.js +192 -0
  1580. package/dist/governance/pack-versioning.js.map +1 -0
  1581. package/dist/governance/pack-versioning.test.d.ts +7 -0
  1582. package/dist/governance/pack-versioning.test.d.ts.map +1 -0
  1583. package/dist/governance/pack-versioning.test.js +172 -0
  1584. package/dist/governance/pack-versioning.test.js.map +1 -0
  1585. package/dist/governance/partner-manager.d.ts +185 -0
  1586. package/dist/governance/partner-manager.d.ts.map +1 -0
  1587. package/dist/governance/partner-manager.js +258 -0
  1588. package/dist/governance/partner-manager.js.map +1 -0
  1589. package/dist/governance/paste-your-agent.d.ts +30 -0
  1590. package/dist/governance/paste-your-agent.d.ts.map +1 -0
  1591. package/dist/governance/paste-your-agent.js +154 -0
  1592. package/dist/governance/paste-your-agent.js.map +1 -0
  1593. package/dist/governance/paste-your-agent.test.d.ts +7 -0
  1594. package/dist/governance/paste-your-agent.test.d.ts.map +1 -0
  1595. package/dist/governance/paste-your-agent.test.js +140 -0
  1596. package/dist/governance/paste-your-agent.test.js.map +1 -0
  1597. package/dist/governance/per-agent-daily-budget.d.ts +329 -0
  1598. package/dist/governance/per-agent-daily-budget.d.ts.map +1 -0
  1599. package/dist/governance/per-agent-daily-budget.js +699 -0
  1600. package/dist/governance/per-agent-daily-budget.js.map +1 -0
  1601. package/dist/governance/per-agent-override.test.d.ts +21 -0
  1602. package/dist/governance/per-agent-override.test.d.ts.map +1 -0
  1603. package/dist/governance/per-agent-override.test.js +274 -0
  1604. package/dist/governance/per-agent-override.test.js.map +1 -0
  1605. package/dist/governance/plugin-system.d.ts +519 -0
  1606. package/dist/governance/plugin-system.d.ts.map +1 -0
  1607. package/dist/governance/plugin-system.js +964 -0
  1608. package/dist/governance/plugin-system.js.map +1 -0
  1609. package/dist/governance/policy-tuning.d.ts +190 -0
  1610. package/dist/governance/policy-tuning.d.ts.map +1 -0
  1611. package/dist/governance/policy-tuning.js +359 -0
  1612. package/dist/governance/policy-tuning.js.map +1 -0
  1613. package/dist/governance/post-market-monitor.d.ts +114 -0
  1614. package/dist/governance/post-market-monitor.d.ts.map +1 -0
  1615. package/dist/governance/post-market-monitor.js +279 -0
  1616. package/dist/governance/post-market-monitor.js.map +1 -0
  1617. package/dist/governance/post-tool-audit-enrichment.d.ts +286 -0
  1618. package/dist/governance/post-tool-audit-enrichment.d.ts.map +1 -0
  1619. package/dist/governance/post-tool-audit-enrichment.js +504 -0
  1620. package/dist/governance/post-tool-audit-enrichment.js.map +1 -0
  1621. package/dist/governance/prohibited-practices.d.ts +85 -0
  1622. package/dist/governance/prohibited-practices.d.ts.map +1 -0
  1623. package/dist/governance/prohibited-practices.js +267 -0
  1624. package/dist/governance/prohibited-practices.js.map +1 -0
  1625. package/dist/governance/proxy-onboarding.d.ts +47 -0
  1626. package/dist/governance/proxy-onboarding.d.ts.map +1 -0
  1627. package/dist/governance/proxy-onboarding.js +306 -0
  1628. package/dist/governance/proxy-onboarding.js.map +1 -0
  1629. package/dist/governance/proxy-onboarding.test.d.ts +7 -0
  1630. package/dist/governance/proxy-onboarding.test.d.ts.map +1 -0
  1631. package/dist/governance/proxy-onboarding.test.js +135 -0
  1632. package/dist/governance/proxy-onboarding.test.js.map +1 -0
  1633. package/dist/governance/rag-citation-enforcement.d.ts +400 -0
  1634. package/dist/governance/rag-citation-enforcement.d.ts.map +1 -0
  1635. package/dist/governance/rag-citation-enforcement.js +568 -0
  1636. package/dist/governance/rag-citation-enforcement.js.map +1 -0
  1637. package/dist/governance/rag-confidence-threshold.d.ts +249 -0
  1638. package/dist/governance/rag-confidence-threshold.d.ts.map +1 -0
  1639. package/dist/governance/rag-confidence-threshold.js +449 -0
  1640. package/dist/governance/rag-confidence-threshold.js.map +1 -0
  1641. package/dist/governance/rag-retrieval-audit.d.ts +377 -0
  1642. package/dist/governance/rag-retrieval-audit.d.ts.map +1 -0
  1643. package/dist/governance/rag-retrieval-audit.js +517 -0
  1644. package/dist/governance/rag-retrieval-audit.js.map +1 -0
  1645. package/dist/governance/rag-source-allowlist.d.ts +273 -0
  1646. package/dist/governance/rag-source-allowlist.d.ts.map +1 -0
  1647. package/dist/governance/rag-source-allowlist.js +535 -0
  1648. package/dist/governance/rag-source-allowlist.js.map +1 -0
  1649. package/dist/governance/rag-source-output-chain.d.ts +420 -0
  1650. package/dist/governance/rag-source-output-chain.d.ts.map +1 -0
  1651. package/dist/governance/rag-source-output-chain.js +682 -0
  1652. package/dist/governance/rag-source-output-chain.js.map +1 -0
  1653. package/dist/governance/replay-player.d.ts +55 -0
  1654. package/dist/governance/replay-player.d.ts.map +1 -0
  1655. package/dist/governance/replay-player.js +89 -0
  1656. package/dist/governance/replay-player.js.map +1 -0
  1657. package/dist/governance/replay-player.test.d.ts +7 -0
  1658. package/dist/governance/replay-player.test.d.ts.map +1 -0
  1659. package/dist/governance/replay-player.test.js +192 -0
  1660. package/dist/governance/replay-player.test.js.map +1 -0
  1661. package/dist/governance/retention-manager.d.ts +189 -0
  1662. package/dist/governance/retention-manager.d.ts.map +1 -0
  1663. package/dist/governance/retention-manager.js +566 -0
  1664. package/dist/governance/retention-manager.js.map +1 -0
  1665. package/dist/governance/runtime-event-renderer.d.ts +55 -0
  1666. package/dist/governance/runtime-event-renderer.d.ts.map +1 -0
  1667. package/dist/governance/runtime-event-renderer.js +137 -0
  1668. package/dist/governance/runtime-event-renderer.js.map +1 -0
  1669. package/dist/governance/runtime-event-renderer.test.d.ts +7 -0
  1670. package/dist/governance/runtime-event-renderer.test.d.ts.map +1 -0
  1671. package/dist/governance/runtime-event-renderer.test.js +195 -0
  1672. package/dist/governance/runtime-event-renderer.test.js.map +1 -0
  1673. package/dist/governance/sandbox-replay.d.ts +52 -0
  1674. package/dist/governance/sandbox-replay.d.ts.map +1 -0
  1675. package/dist/governance/sandbox-replay.js +189 -0
  1676. package/dist/governance/sandbox-replay.js.map +1 -0
  1677. package/dist/governance/sandbox-replay.test.d.ts +7 -0
  1678. package/dist/governance/sandbox-replay.test.d.ts.map +1 -0
  1679. package/dist/governance/sandbox-replay.test.js +117 -0
  1680. package/dist/governance/sandbox-replay.test.js.map +1 -0
  1681. package/dist/governance/self-registration-hook.d.ts +65 -0
  1682. package/dist/governance/self-registration-hook.d.ts.map +1 -0
  1683. package/dist/governance/self-registration-hook.js +116 -0
  1684. package/dist/governance/self-registration-hook.js.map +1 -0
  1685. package/dist/governance/self-registration-hook.test.d.ts +7 -0
  1686. package/dist/governance/self-registration-hook.test.d.ts.map +1 -0
  1687. package/dist/governance/self-registration-hook.test.js +149 -0
  1688. package/dist/governance/self-registration-hook.test.js.map +1 -0
  1689. package/dist/governance/session-persistence.d.ts +153 -0
  1690. package/dist/governance/session-persistence.d.ts.map +1 -0
  1691. package/dist/governance/session-persistence.js +376 -0
  1692. package/dist/governance/session-persistence.js.map +1 -0
  1693. package/dist/governance/signed-manifest.d.ts +81 -0
  1694. package/dist/governance/signed-manifest.d.ts.map +1 -0
  1695. package/dist/governance/signed-manifest.js +161 -0
  1696. package/dist/governance/signed-manifest.js.map +1 -0
  1697. package/dist/governance/signed-manifest.test.d.ts +7 -0
  1698. package/dist/governance/signed-manifest.test.d.ts.map +1 -0
  1699. package/dist/governance/signed-manifest.test.js +149 -0
  1700. package/dist/governance/signed-manifest.test.js.map +1 -0
  1701. package/dist/governance/skip-api-empty-queue.d.ts +304 -0
  1702. package/dist/governance/skip-api-empty-queue.d.ts.map +1 -0
  1703. package/dist/governance/skip-api-empty-queue.js +499 -0
  1704. package/dist/governance/skip-api-empty-queue.js.map +1 -0
  1705. package/dist/governance/state-manager.d.ts +102 -0
  1706. package/dist/governance/state-manager.d.ts.map +1 -0
  1707. package/dist/governance/state-manager.js +286 -0
  1708. package/dist/governance/state-manager.js.map +1 -0
  1709. package/dist/governance/tenant-provider-agreements.d.ts +211 -0
  1710. package/dist/governance/tenant-provider-agreements.d.ts.map +1 -0
  1711. package/dist/governance/tenant-provider-agreements.js +440 -0
  1712. package/dist/governance/tenant-provider-agreements.js.map +1 -0
  1713. package/dist/governance/tool-provider-health.d.ts +299 -0
  1714. package/dist/governance/tool-provider-health.d.ts.map +1 -0
  1715. package/dist/governance/tool-provider-health.js +697 -0
  1716. package/dist/governance/tool-provider-health.js.map +1 -0
  1717. package/dist/governance/tool-rate-limit.d.ts +94 -0
  1718. package/dist/governance/tool-rate-limit.d.ts.map +1 -0
  1719. package/dist/governance/tool-rate-limit.js +145 -0
  1720. package/dist/governance/tool-rate-limit.js.map +1 -0
  1721. package/dist/governance/transparency-injector.d.ts +102 -0
  1722. package/dist/governance/transparency-injector.d.ts.map +1 -0
  1723. package/dist/governance/transparency-injector.js +162 -0
  1724. package/dist/governance/transparency-injector.js.map +1 -0
  1725. package/dist/governance/trust-score-snapshot.d.ts +61 -0
  1726. package/dist/governance/trust-score-snapshot.d.ts.map +1 -0
  1727. package/dist/governance/trust-score-snapshot.js +98 -0
  1728. package/dist/governance/trust-score-snapshot.js.map +1 -0
  1729. package/dist/governance/trust-score-snapshot.test.d.ts +7 -0
  1730. package/dist/governance/trust-score-snapshot.test.d.ts.map +1 -0
  1731. package/dist/governance/trust-score-snapshot.test.js +187 -0
  1732. package/dist/governance/trust-score-snapshot.test.js.map +1 -0
  1733. package/dist/governance/trust-score-three-dim.d.ts +122 -0
  1734. package/dist/governance/trust-score-three-dim.d.ts.map +1 -0
  1735. package/dist/governance/trust-score-three-dim.js +176 -0
  1736. package/dist/governance/trust-score-three-dim.js.map +1 -0
  1737. package/dist/governance/trust-score-three-dim.test.d.ts +7 -0
  1738. package/dist/governance/trust-score-three-dim.test.d.ts.map +1 -0
  1739. package/dist/governance/trust-score-three-dim.test.js +221 -0
  1740. package/dist/governance/trust-score-three-dim.test.js.map +1 -0
  1741. package/dist/governance-config.d.ts +201 -0
  1742. package/dist/governance-config.d.ts.map +1 -0
  1743. package/dist/governance-config.js +345 -0
  1744. package/dist/governance-config.js.map +1 -0
  1745. package/dist/governed-agent.d.ts +124 -0
  1746. package/dist/governed-agent.d.ts.map +1 -0
  1747. package/dist/governed-agent.js +1317 -0
  1748. package/dist/governed-agent.js.map +1 -0
  1749. package/dist/hooks/audit-dir-picker.sh +70 -0
  1750. package/dist/hooks/audit-logger.sh +325 -0
  1751. package/dist/hooks/cost-budget-gate.sh +74 -0
  1752. package/dist/hooks/data-classifier-bridge.d.ts +24 -0
  1753. package/dist/hooks/data-classifier-bridge.d.ts.map +1 -0
  1754. package/dist/hooks/data-classifier-bridge.js +80 -0
  1755. package/dist/hooks/data-classifier-bridge.js.map +1 -0
  1756. package/dist/hooks/destructive-command-guard.sh +200 -0
  1757. package/dist/hooks/file-boundary-guard.sh +159 -0
  1758. package/dist/hooks/file-change-tracker.sh +78 -0
  1759. package/dist/hooks/governance-file-shield.sh +102 -0
  1760. package/dist/hooks/governance-integrity-check.sh +109 -0
  1761. package/dist/hooks/hook-health-monitor.sh +189 -0
  1762. package/dist/hooks/hook-utils.sh +51 -0
  1763. package/dist/hooks/hook-wrapper.sh +77 -0
  1764. package/dist/hooks/install-hooks.sh +162 -0
  1765. package/dist/hooks/output-exfiltration-scanner.sh +112 -0
  1766. package/dist/hooks/powershell/audit-dir-picker.ps1 +72 -0
  1767. package/dist/hooks/powershell/audit-logger.ps1 +75 -0
  1768. package/dist/hooks/powershell/cost-budget-gate.ps1 +61 -0
  1769. package/dist/hooks/powershell/destructive-command-guard.ps1 +67 -0
  1770. package/dist/hooks/powershell/file-boundary-guard.ps1 +76 -0
  1771. package/dist/hooks/powershell/file-change-tracker.ps1 +74 -0
  1772. package/dist/hooks/powershell/governance-file-shield.ps1 +86 -0
  1773. package/dist/hooks/powershell/governance-integrity-check.ps1 +101 -0
  1774. package/dist/hooks/powershell/hook-health-monitor.ps1 +153 -0
  1775. package/dist/hooks/powershell/hook-utils.ps1 +44 -0
  1776. package/dist/hooks/powershell/hook-wrapper.ps1 +67 -0
  1777. package/dist/hooks/powershell/install-hooks.ps1 +142 -0
  1778. package/dist/hooks/powershell/output-exfiltration-scanner.ps1 +85 -0
  1779. package/dist/hooks/powershell/secret-leak-scanner.ps1 +105 -0
  1780. package/dist/hooks/powershell/token-tracker.ps1 +83 -0
  1781. package/dist/hooks/powershell/web-access-gate.ps1 +89 -0
  1782. package/dist/hooks/secret-leak-scanner.sh +293 -0
  1783. package/dist/hooks/token-tracker.sh +89 -0
  1784. package/dist/hooks/web-access-gate.sh +123 -0
  1785. package/dist/ide-adapters/aider.d.ts +213 -0
  1786. package/dist/ide-adapters/aider.d.ts.map +1 -0
  1787. package/dist/ide-adapters/aider.js +710 -0
  1788. package/dist/ide-adapters/aider.js.map +1 -0
  1789. package/dist/ide-adapters/amazon-q-developer.d.ts +124 -0
  1790. package/dist/ide-adapters/amazon-q-developer.d.ts.map +1 -0
  1791. package/dist/ide-adapters/amazon-q-developer.js +686 -0
  1792. package/dist/ide-adapters/amazon-q-developer.js.map +1 -0
  1793. package/dist/ide-adapters/base.d.ts +64 -0
  1794. package/dist/ide-adapters/base.d.ts.map +1 -0
  1795. package/dist/ide-adapters/base.js +233 -0
  1796. package/dist/ide-adapters/base.js.map +1 -0
  1797. package/dist/ide-adapters/claude-code.d.ts +43 -0
  1798. package/dist/ide-adapters/claude-code.d.ts.map +1 -0
  1799. package/dist/ide-adapters/claude-code.js +192 -0
  1800. package/dist/ide-adapters/claude-code.js.map +1 -0
  1801. package/dist/ide-adapters/cody.d.ts +150 -0
  1802. package/dist/ide-adapters/cody.d.ts.map +1 -0
  1803. package/dist/ide-adapters/cody.js +767 -0
  1804. package/dist/ide-adapters/cody.js.map +1 -0
  1805. package/dist/ide-adapters/continue-dev.d.ts +120 -0
  1806. package/dist/ide-adapters/continue-dev.d.ts.map +1 -0
  1807. package/dist/ide-adapters/continue-dev.js +359 -0
  1808. package/dist/ide-adapters/continue-dev.js.map +1 -0
  1809. package/dist/ide-adapters/copilot-studio.d.ts +310 -0
  1810. package/dist/ide-adapters/copilot-studio.d.ts.map +1 -0
  1811. package/dist/ide-adapters/copilot-studio.js +1097 -0
  1812. package/dist/ide-adapters/copilot-studio.js.map +1 -0
  1813. package/dist/ide-adapters/copilot-workspace.d.ts +167 -0
  1814. package/dist/ide-adapters/copilot-workspace.d.ts.map +1 -0
  1815. package/dist/ide-adapters/copilot-workspace.js +376 -0
  1816. package/dist/ide-adapters/copilot-workspace.js.map +1 -0
  1817. package/dist/ide-adapters/cursor.d.ts +74 -0
  1818. package/dist/ide-adapters/cursor.d.ts.map +1 -0
  1819. package/dist/ide-adapters/cursor.js +273 -0
  1820. package/dist/ide-adapters/cursor.js.map +1 -0
  1821. package/dist/ide-adapters/exports.d.ts +53 -0
  1822. package/dist/ide-adapters/exports.d.ts.map +1 -0
  1823. package/dist/ide-adapters/exports.js +115 -0
  1824. package/dist/ide-adapters/exports.js.map +1 -0
  1825. package/dist/ide-adapters/gemini-code-assist.d.ts +135 -0
  1826. package/dist/ide-adapters/gemini-code-assist.d.ts.map +1 -0
  1827. package/dist/ide-adapters/gemini-code-assist.js +750 -0
  1828. package/dist/ide-adapters/gemini-code-assist.js.map +1 -0
  1829. package/dist/ide-adapters/github-copilot.d.ts +166 -0
  1830. package/dist/ide-adapters/github-copilot.d.ts.map +1 -0
  1831. package/dist/ide-adapters/github-copilot.js +547 -0
  1832. package/dist/ide-adapters/github-copilot.js.map +1 -0
  1833. package/dist/ide-adapters/index.d.ts +271 -0
  1834. package/dist/ide-adapters/index.d.ts.map +1 -0
  1835. package/dist/ide-adapters/index.js +100 -0
  1836. package/dist/ide-adapters/index.js.map +1 -0
  1837. package/dist/ide-adapters/jetbrains-ai.d.ts +150 -0
  1838. package/dist/ide-adapters/jetbrains-ai.d.ts.map +1 -0
  1839. package/dist/ide-adapters/jetbrains-ai.js +718 -0
  1840. package/dist/ide-adapters/jetbrains-ai.js.map +1 -0
  1841. package/dist/ide-adapters/notebook-ai.d.ts +220 -0
  1842. package/dist/ide-adapters/notebook-ai.d.ts.map +1 -0
  1843. package/dist/ide-adapters/notebook-ai.js +858 -0
  1844. package/dist/ide-adapters/notebook-ai.js.map +1 -0
  1845. package/dist/ide-adapters/replit-agent.d.ts +269 -0
  1846. package/dist/ide-adapters/replit-agent.d.ts.map +1 -0
  1847. package/dist/ide-adapters/replit-agent.js +1022 -0
  1848. package/dist/ide-adapters/replit-agent.js.map +1 -0
  1849. package/dist/ide-adapters/reviewer-tier.d.ts +15 -0
  1850. package/dist/ide-adapters/reviewer-tier.d.ts.map +1 -0
  1851. package/dist/ide-adapters/reviewer-tier.js +16 -0
  1852. package/dist/ide-adapters/reviewer-tier.js.map +1 -0
  1853. package/dist/ide-adapters/shared.d.ts +116 -0
  1854. package/dist/ide-adapters/shared.d.ts.map +1 -0
  1855. package/dist/ide-adapters/shared.js +311 -0
  1856. package/dist/ide-adapters/shared.js.map +1 -0
  1857. package/dist/ide-adapters/tabnine.d.ts +189 -0
  1858. package/dist/ide-adapters/tabnine.d.ts.map +1 -0
  1859. package/dist/ide-adapters/tabnine.js +721 -0
  1860. package/dist/ide-adapters/tabnine.js.map +1 -0
  1861. package/dist/ide-adapters/windsurf.d.ts +216 -0
  1862. package/dist/ide-adapters/windsurf.d.ts.map +1 -0
  1863. package/dist/ide-adapters/windsurf.js +812 -0
  1864. package/dist/ide-adapters/windsurf.js.map +1 -0
  1865. package/dist/ide-adapters/zed-ai.d.ts +209 -0
  1866. package/dist/ide-adapters/zed-ai.d.ts.map +1 -0
  1867. package/dist/ide-adapters/zed-ai.js +622 -0
  1868. package/dist/ide-adapters/zed-ai.js.map +1 -0
  1869. package/dist/index.d.ts +104 -0
  1870. package/dist/index.d.ts.map +1 -0
  1871. package/dist/index.js +366 -0
  1872. package/dist/index.js.map +1 -0
  1873. package/dist/license/entitlement-client.d.ts +111 -0
  1874. package/dist/license/entitlement-client.d.ts.map +1 -0
  1875. package/dist/license/entitlement-client.js +306 -0
  1876. package/dist/license/entitlement-client.js.map +1 -0
  1877. package/dist/license/index.d.ts +10 -0
  1878. package/dist/license/index.d.ts.map +1 -0
  1879. package/dist/license/index.js +14 -0
  1880. package/dist/license/index.js.map +1 -0
  1881. package/dist/license/jwt-issuer.d.ts +64 -0
  1882. package/dist/license/jwt-issuer.d.ts.map +1 -0
  1883. package/dist/license/jwt-issuer.js +144 -0
  1884. package/dist/license/jwt-issuer.js.map +1 -0
  1885. package/dist/license/jwt-validator.d.ts +145 -0
  1886. package/dist/license/jwt-validator.d.ts.map +1 -0
  1887. package/dist/license/jwt-validator.js +498 -0
  1888. package/dist/license/jwt-validator.js.map +1 -0
  1889. package/dist/license/keygen.d.ts +16 -0
  1890. package/dist/license/keygen.d.ts.map +1 -0
  1891. package/dist/license/keygen.js +100 -0
  1892. package/dist/license/keygen.js.map +1 -0
  1893. package/dist/license/subscription-gate.d.ts +99 -0
  1894. package/dist/license/subscription-gate.d.ts.map +1 -0
  1895. package/dist/license/subscription-gate.js +293 -0
  1896. package/dist/license/subscription-gate.js.map +1 -0
  1897. package/dist/llm-adapters/azure-openai.d.ts +69 -0
  1898. package/dist/llm-adapters/azure-openai.d.ts.map +1 -0
  1899. package/dist/llm-adapters/azure-openai.js +702 -0
  1900. package/dist/llm-adapters/azure-openai.js.map +1 -0
  1901. package/dist/llm-adapters/base.d.ts +97 -0
  1902. package/dist/llm-adapters/base.d.ts.map +1 -0
  1903. package/dist/llm-adapters/base.js +265 -0
  1904. package/dist/llm-adapters/base.js.map +1 -0
  1905. package/dist/llm-adapters/bedrock.d.ts +67 -0
  1906. package/dist/llm-adapters/bedrock.d.ts.map +1 -0
  1907. package/dist/llm-adapters/bedrock.js +751 -0
  1908. package/dist/llm-adapters/bedrock.js.map +1 -0
  1909. package/dist/llm-adapters/claude.d.ts +84 -0
  1910. package/dist/llm-adapters/claude.d.ts.map +1 -0
  1911. package/dist/llm-adapters/claude.js +273 -0
  1912. package/dist/llm-adapters/claude.js.map +1 -0
  1913. package/dist/llm-adapters/deepseek.d.ts +113 -0
  1914. package/dist/llm-adapters/deepseek.d.ts.map +1 -0
  1915. package/dist/llm-adapters/deepseek.js +754 -0
  1916. package/dist/llm-adapters/deepseek.js.map +1 -0
  1917. package/dist/llm-adapters/exports.d.ts +40 -0
  1918. package/dist/llm-adapters/exports.d.ts.map +1 -0
  1919. package/dist/llm-adapters/exports.js +74 -0
  1920. package/dist/llm-adapters/exports.js.map +1 -0
  1921. package/dist/llm-adapters/gemini.d.ts +106 -0
  1922. package/dist/llm-adapters/gemini.d.ts.map +1 -0
  1923. package/dist/llm-adapters/gemini.js +201 -0
  1924. package/dist/llm-adapters/gemini.js.map +1 -0
  1925. package/dist/llm-adapters/gemma.d.ts +200 -0
  1926. package/dist/llm-adapters/gemma.d.ts.map +1 -0
  1927. package/dist/llm-adapters/gemma.js +270 -0
  1928. package/dist/llm-adapters/gemma.js.map +1 -0
  1929. package/dist/llm-adapters/google.d.ts +221 -0
  1930. package/dist/llm-adapters/google.d.ts.map +1 -0
  1931. package/dist/llm-adapters/google.js +1176 -0
  1932. package/dist/llm-adapters/google.js.map +1 -0
  1933. package/dist/llm-adapters/huggingface.d.ts +354 -0
  1934. package/dist/llm-adapters/huggingface.d.ts.map +1 -0
  1935. package/dist/llm-adapters/huggingface.js +622 -0
  1936. package/dist/llm-adapters/huggingface.js.map +1 -0
  1937. package/dist/llm-adapters/index.d.ts +331 -0
  1938. package/dist/llm-adapters/index.d.ts.map +1 -0
  1939. package/dist/llm-adapters/index.js +96 -0
  1940. package/dist/llm-adapters/index.js.map +1 -0
  1941. package/dist/llm-adapters/ollama.d.ts +90 -0
  1942. package/dist/llm-adapters/ollama.d.ts.map +1 -0
  1943. package/dist/llm-adapters/ollama.js +624 -0
  1944. package/dist/llm-adapters/ollama.js.map +1 -0
  1945. package/dist/llm-adapters/openai.d.ts +168 -0
  1946. package/dist/llm-adapters/openai.d.ts.map +1 -0
  1947. package/dist/llm-adapters/openai.js +363 -0
  1948. package/dist/llm-adapters/openai.js.map +1 -0
  1949. package/dist/llm-adapters/replicate-llama.d.ts +327 -0
  1950. package/dist/llm-adapters/replicate-llama.d.ts.map +1 -0
  1951. package/dist/llm-adapters/replicate-llama.js +600 -0
  1952. package/dist/llm-adapters/replicate-llama.js.map +1 -0
  1953. package/dist/llm-adapters/shared.d.ts +104 -0
  1954. package/dist/llm-adapters/shared.d.ts.map +1 -0
  1955. package/dist/llm-adapters/shared.js +341 -0
  1956. package/dist/llm-adapters/shared.js.map +1 -0
  1957. package/dist/llm-adapters/supported-models-catalog.d.ts +112 -0
  1958. package/dist/llm-adapters/supported-models-catalog.d.ts.map +1 -0
  1959. package/dist/llm-adapters/supported-models-catalog.js +748 -0
  1960. package/dist/llm-adapters/supported-models-catalog.js.map +1 -0
  1961. package/dist/observability/destination-health-monitor.d.ts +147 -0
  1962. package/dist/observability/destination-health-monitor.d.ts.map +1 -0
  1963. package/dist/observability/destination-health-monitor.js +244 -0
  1964. package/dist/observability/destination-health-monitor.js.map +1 -0
  1965. package/dist/observability/health-metrics-store.d.ts +112 -0
  1966. package/dist/observability/health-metrics-store.d.ts.map +1 -0
  1967. package/dist/observability/health-metrics-store.js +131 -0
  1968. package/dist/observability/health-metrics-store.js.map +1 -0
  1969. package/dist/orchestrator-adapters/autogen.d.ts +225 -0
  1970. package/dist/orchestrator-adapters/autogen.d.ts.map +1 -0
  1971. package/dist/orchestrator-adapters/autogen.js +522 -0
  1972. package/dist/orchestrator-adapters/autogen.js.map +1 -0
  1973. package/dist/orchestrator-adapters/base.d.ts +100 -0
  1974. package/dist/orchestrator-adapters/base.d.ts.map +1 -0
  1975. package/dist/orchestrator-adapters/base.js +403 -0
  1976. package/dist/orchestrator-adapters/base.js.map +1 -0
  1977. package/dist/orchestrator-adapters/bedrock-agentcore.d.ts +314 -0
  1978. package/dist/orchestrator-adapters/bedrock-agentcore.d.ts.map +1 -0
  1979. package/dist/orchestrator-adapters/bedrock-agentcore.js +845 -0
  1980. package/dist/orchestrator-adapters/bedrock-agentcore.js.map +1 -0
  1981. package/dist/orchestrator-adapters/claude-agent-sdk.d.ts +288 -0
  1982. package/dist/orchestrator-adapters/claude-agent-sdk.d.ts.map +1 -0
  1983. package/dist/orchestrator-adapters/claude-agent-sdk.js +732 -0
  1984. package/dist/orchestrator-adapters/claude-agent-sdk.js.map +1 -0
  1985. package/dist/orchestrator-adapters/crewai.d.ts +161 -0
  1986. package/dist/orchestrator-adapters/crewai.d.ts.map +1 -0
  1987. package/dist/orchestrator-adapters/crewai.js +507 -0
  1988. package/dist/orchestrator-adapters/crewai.js.map +1 -0
  1989. package/dist/orchestrator-adapters/deepagents.d.ts +218 -0
  1990. package/dist/orchestrator-adapters/deepagents.d.ts.map +1 -0
  1991. package/dist/orchestrator-adapters/deepagents.js +382 -0
  1992. package/dist/orchestrator-adapters/deepagents.js.map +1 -0
  1993. package/dist/orchestrator-adapters/exports.d.ts +30 -0
  1994. package/dist/orchestrator-adapters/exports.d.ts.map +1 -0
  1995. package/dist/orchestrator-adapters/exports.js +94 -0
  1996. package/dist/orchestrator-adapters/exports.js.map +1 -0
  1997. package/dist/orchestrator-adapters/google-adk.d.ts +306 -0
  1998. package/dist/orchestrator-adapters/google-adk.d.ts.map +1 -0
  1999. package/dist/orchestrator-adapters/google-adk.js +805 -0
  2000. package/dist/orchestrator-adapters/google-adk.js.map +1 -0
  2001. package/dist/orchestrator-adapters/haystack.d.ts +327 -0
  2002. package/dist/orchestrator-adapters/haystack.d.ts.map +1 -0
  2003. package/dist/orchestrator-adapters/haystack.js +841 -0
  2004. package/dist/orchestrator-adapters/haystack.js.map +1 -0
  2005. package/dist/orchestrator-adapters/index.d.ts +328 -0
  2006. package/dist/orchestrator-adapters/index.d.ts.map +1 -0
  2007. package/dist/orchestrator-adapters/index.js +117 -0
  2008. package/dist/orchestrator-adapters/index.js.map +1 -0
  2009. package/dist/orchestrator-adapters/langchain.d.ts +186 -0
  2010. package/dist/orchestrator-adapters/langchain.d.ts.map +1 -0
  2011. package/dist/orchestrator-adapters/langchain.js +495 -0
  2012. package/dist/orchestrator-adapters/langchain.js.map +1 -0
  2013. package/dist/orchestrator-adapters/langgraph.d.ts +234 -0
  2014. package/dist/orchestrator-adapters/langgraph.d.ts.map +1 -0
  2015. package/dist/orchestrator-adapters/langgraph.js +502 -0
  2016. package/dist/orchestrator-adapters/langgraph.js.map +1 -0
  2017. package/dist/orchestrator-adapters/llamaindex.d.ts +325 -0
  2018. package/dist/orchestrator-adapters/llamaindex.d.ts.map +1 -0
  2019. package/dist/orchestrator-adapters/llamaindex.js +850 -0
  2020. package/dist/orchestrator-adapters/llamaindex.js.map +1 -0
  2021. package/dist/orchestrator-adapters/openai-agents.d.ts +238 -0
  2022. package/dist/orchestrator-adapters/openai-agents.d.ts.map +1 -0
  2023. package/dist/orchestrator-adapters/openai-agents.js +532 -0
  2024. package/dist/orchestrator-adapters/openai-agents.js.map +1 -0
  2025. package/dist/orchestrator-adapters/openclaw.d.ts +327 -0
  2026. package/dist/orchestrator-adapters/openclaw.d.ts.map +1 -0
  2027. package/dist/orchestrator-adapters/openclaw.js +896 -0
  2028. package/dist/orchestrator-adapters/openclaw.js.map +1 -0
  2029. package/dist/orchestrator-adapters/orchestrator-adapter.d.ts +170 -0
  2030. package/dist/orchestrator-adapters/orchestrator-adapter.d.ts.map +1 -0
  2031. package/dist/orchestrator-adapters/orchestrator-adapter.js +34 -0
  2032. package/dist/orchestrator-adapters/orchestrator-adapter.js.map +1 -0
  2033. package/dist/orchestrator-adapters/paperclip-adapter.d.ts +91 -0
  2034. package/dist/orchestrator-adapters/paperclip-adapter.d.ts.map +1 -0
  2035. package/dist/orchestrator-adapters/paperclip-adapter.js +403 -0
  2036. package/dist/orchestrator-adapters/paperclip-adapter.js.map +1 -0
  2037. package/dist/orchestrator-adapters/semantic-kernel.d.ts +218 -0
  2038. package/dist/orchestrator-adapters/semantic-kernel.d.ts.map +1 -0
  2039. package/dist/orchestrator-adapters/semantic-kernel.js +525 -0
  2040. package/dist/orchestrator-adapters/semantic-kernel.js.map +1 -0
  2041. package/dist/orchestrator-adapters/shared.d.ts +49 -0
  2042. package/dist/orchestrator-adapters/shared.d.ts.map +1 -0
  2043. package/dist/orchestrator-adapters/shared.js +161 -0
  2044. package/dist/orchestrator-adapters/shared.js.map +1 -0
  2045. package/dist/packs/_base-classifiers.d.ts +73 -0
  2046. package/dist/packs/_base-classifiers.d.ts.map +1 -0
  2047. package/dist/packs/_base-classifiers.js +165 -0
  2048. package/dist/packs/_base-classifiers.js.map +1 -0
  2049. package/dist/packs/aba.d.ts +41 -0
  2050. package/dist/packs/aba.d.ts.map +1 -0
  2051. package/dist/packs/aba.js +300 -0
  2052. package/dist/packs/aba.js.map +1 -0
  2053. package/dist/packs/as-9100.d.ts +130 -0
  2054. package/dist/packs/as-9100.d.ts.map +1 -0
  2055. package/dist/packs/as-9100.js +817 -0
  2056. package/dist/packs/as-9100.js.map +1 -0
  2057. package/dist/packs/au-act-hrpaa.d.ts +68 -0
  2058. package/dist/packs/au-act-hrpaa.d.ts.map +1 -0
  2059. package/dist/packs/au-act-hrpaa.js +293 -0
  2060. package/dist/packs/au-act-hrpaa.js.map +1 -0
  2061. package/dist/packs/au-aiethics-framework.d.ts +68 -0
  2062. package/dist/packs/au-aiethics-framework.d.ts.map +1 -0
  2063. package/dist/packs/au-aiethics-framework.js +344 -0
  2064. package/dist/packs/au-aiethics-framework.js.map +1 -0
  2065. package/dist/packs/au-aml-ctf.d.ts +67 -0
  2066. package/dist/packs/au-aml-ctf.d.ts.map +1 -0
  2067. package/dist/packs/au-aml-ctf.js +349 -0
  2068. package/dist/packs/au-aml-ctf.js.map +1 -0
  2069. package/dist/packs/au-asic-rg-271.d.ts +50 -0
  2070. package/dist/packs/au-asic-rg-271.d.ts.map +1 -0
  2071. package/dist/packs/au-asic-rg-271.js +271 -0
  2072. package/dist/packs/au-asic-rg-271.js.map +1 -0
  2073. package/dist/packs/au-asic-rg-274.d.ts +51 -0
  2074. package/dist/packs/au-asic-rg-274.d.ts.map +1 -0
  2075. package/dist/packs/au-asic-rg-274.js +271 -0
  2076. package/dist/packs/au-asic-rg-274.js.map +1 -0
  2077. package/dist/packs/au-cdr.d.ts +49 -0
  2078. package/dist/packs/au-cdr.d.ts.map +1 -0
  2079. package/dist/packs/au-cdr.js +308 -0
  2080. package/dist/packs/au-cdr.js.map +1 -0
  2081. package/dist/packs/au-cps230.d.ts +50 -0
  2082. package/dist/packs/au-cps230.d.ts.map +1 -0
  2083. package/dist/packs/au-cps230.js +267 -0
  2084. package/dist/packs/au-cps230.js.map +1 -0
  2085. package/dist/packs/au-cps234.d.ts +56 -0
  2086. package/dist/packs/au-cps234.d.ts.map +1 -0
  2087. package/dist/packs/au-cps234.js +300 -0
  2088. package/dist/packs/au-cps234.js.map +1 -0
  2089. package/dist/packs/au-mandatory-ai-guardrails.d.ts +61 -0
  2090. package/dist/packs/au-mandatory-ai-guardrails.d.ts.map +1 -0
  2091. package/dist/packs/au-mandatory-ai-guardrails.js +274 -0
  2092. package/dist/packs/au-mandatory-ai-guardrails.js.map +1 -0
  2093. package/dist/packs/au-nsw-hripa.d.ts +78 -0
  2094. package/dist/packs/au-nsw-hripa.d.ts.map +1 -0
  2095. package/dist/packs/au-nsw-hripa.js +366 -0
  2096. package/dist/packs/au-nsw-hripa.js.map +1 -0
  2097. package/dist/packs/au-online-safety.d.ts +55 -0
  2098. package/dist/packs/au-online-safety.d.ts.map +1 -0
  2099. package/dist/packs/au-online-safety.js +300 -0
  2100. package/dist/packs/au-online-safety.js.map +1 -0
  2101. package/dist/packs/au-privacy-act.d.ts +54 -0
  2102. package/dist/packs/au-privacy-act.d.ts.map +1 -0
  2103. package/dist/packs/au-privacy-act.js +364 -0
  2104. package/dist/packs/au-privacy-act.js.map +1 -0
  2105. package/dist/packs/au-soci-act.d.ts +53 -0
  2106. package/dist/packs/au-soci-act.d.ts.map +1 -0
  2107. package/dist/packs/au-soci-act.js +254 -0
  2108. package/dist/packs/au-soci-act.js.map +1 -0
  2109. package/dist/packs/au-spam-act.d.ts +54 -0
  2110. package/dist/packs/au-spam-act.d.ts.map +1 -0
  2111. package/dist/packs/au-spam-act.js +287 -0
  2112. package/dist/packs/au-spam-act.js.map +1 -0
  2113. package/dist/packs/au-tga-saimd.d.ts +74 -0
  2114. package/dist/packs/au-tga-saimd.d.ts.map +1 -0
  2115. package/dist/packs/au-tga-saimd.js +344 -0
  2116. package/dist/packs/au-tga-saimd.js.map +1 -0
  2117. package/dist/packs/au-vic-hra.d.ts +70 -0
  2118. package/dist/packs/au-vic-hra.d.ts.map +1 -0
  2119. package/dist/packs/au-vic-hra.js +348 -0
  2120. package/dist/packs/au-vic-hra.js.map +1 -0
  2121. package/dist/packs/bipa.d.ts +30 -0
  2122. package/dist/packs/bipa.d.ts.map +1 -0
  2123. package/dist/packs/bipa.js +271 -0
  2124. package/dist/packs/bipa.js.map +1 -0
  2125. package/dist/packs/bsa-aml.d.ts +52 -0
  2126. package/dist/packs/bsa-aml.d.ts.map +1 -0
  2127. package/dist/packs/bsa-aml.js +413 -0
  2128. package/dist/packs/bsa-aml.js.map +1 -0
  2129. package/dist/packs/ca-pipeda.d.ts +48 -0
  2130. package/dist/packs/ca-pipeda.d.ts.map +1 -0
  2131. package/dist/packs/ca-pipeda.js +220 -0
  2132. package/dist/packs/ca-pipeda.js.map +1 -0
  2133. package/dist/packs/ca-qc-law25.d.ts +46 -0
  2134. package/dist/packs/ca-qc-law25.d.ts.map +1 -0
  2135. package/dist/packs/ca-qc-law25.js +191 -0
  2136. package/dist/packs/ca-qc-law25.js.map +1 -0
  2137. package/dist/packs/caldicott-principles.d.ts +86 -0
  2138. package/dist/packs/caldicott-principles.d.ts.map +1 -0
  2139. package/dist/packs/caldicott-principles.js +444 -0
  2140. package/dist/packs/caldicott-principles.js.map +1 -0
  2141. package/dist/packs/california-ab2930.d.ts +58 -0
  2142. package/dist/packs/california-ab2930.d.ts.map +1 -0
  2143. package/dist/packs/california-ab2930.js +413 -0
  2144. package/dist/packs/california-ab2930.js.map +1 -0
  2145. package/dist/packs/ccpa.d.ts +47 -0
  2146. package/dist/packs/ccpa.d.ts.map +1 -0
  2147. package/dist/packs/ccpa.js +399 -0
  2148. package/dist/packs/ccpa.js.map +1 -0
  2149. package/dist/packs/cfpb-2023-03.d.ts +32 -0
  2150. package/dist/packs/cfpb-2023-03.d.ts.map +1 -0
  2151. package/dist/packs/cfpb-2023-03.js +285 -0
  2152. package/dist/packs/cfpb-2023-03.js.map +1 -0
  2153. package/dist/packs/check-registry.d.ts +76 -0
  2154. package/dist/packs/check-registry.d.ts.map +1 -0
  2155. package/dist/packs/check-registry.js +3341 -0
  2156. package/dist/packs/check-registry.js.map +1 -0
  2157. package/dist/packs/cjis.d.ts +61 -0
  2158. package/dist/packs/cjis.d.ts.map +1 -0
  2159. package/dist/packs/cjis.js +345 -0
  2160. package/dist/packs/cjis.js.map +1 -0
  2161. package/dist/packs/cma-ai-foundation-models.d.ts +74 -0
  2162. package/dist/packs/cma-ai-foundation-models.d.ts.map +1 -0
  2163. package/dist/packs/cma-ai-foundation-models.js +397 -0
  2164. package/dist/packs/cma-ai-foundation-models.js.map +1 -0
  2165. package/dist/packs/cmmc2.d.ts +69 -0
  2166. package/dist/packs/cmmc2.d.ts.map +1 -0
  2167. package/dist/packs/cmmc2.js +350 -0
  2168. package/dist/packs/cmmc2.js.map +1 -0
  2169. package/dist/packs/cms-interoperability.d.ts +55 -0
  2170. package/dist/packs/cms-interoperability.d.ts.map +1 -0
  2171. package/dist/packs/cms-interoperability.js +390 -0
  2172. package/dist/packs/cms-interoperability.js.map +1 -0
  2173. package/dist/packs/cn-dsl-csl.d.ts +52 -0
  2174. package/dist/packs/cn-dsl-csl.d.ts.map +1 -0
  2175. package/dist/packs/cn-dsl-csl.js +137 -0
  2176. package/dist/packs/cn-dsl-csl.js.map +1 -0
  2177. package/dist/packs/colorado-ai.d.ts +77 -0
  2178. package/dist/packs/colorado-ai.d.ts.map +1 -0
  2179. package/dist/packs/colorado-ai.js +379 -0
  2180. package/dist/packs/colorado-ai.js.map +1 -0
  2181. package/dist/packs/common-rule.d.ts +91 -0
  2182. package/dist/packs/common-rule.d.ts.map +1 -0
  2183. package/dist/packs/common-rule.js +473 -0
  2184. package/dist/packs/common-rule.js.map +1 -0
  2185. package/dist/packs/coppa.d.ts +84 -0
  2186. package/dist/packs/coppa.d.ts.map +1 -0
  2187. package/dist/packs/coppa.js +409 -0
  2188. package/dist/packs/coppa.js.map +1 -0
  2189. package/dist/packs/cyber-essentials.d.ts +63 -0
  2190. package/dist/packs/cyber-essentials.d.ts.map +1 -0
  2191. package/dist/packs/cyber-essentials.js +407 -0
  2192. package/dist/packs/cyber-essentials.js.map +1 -0
  2193. package/dist/packs/de-bdsg.d.ts +66 -0
  2194. package/dist/packs/de-bdsg.d.ts.map +1 -0
  2195. package/dist/packs/de-bdsg.js +416 -0
  2196. package/dist/packs/de-bdsg.js.map +1 -0
  2197. package/dist/packs/do-178c.d.ts +98 -0
  2198. package/dist/packs/do-178c.d.ts.map +1 -0
  2199. package/dist/packs/do-178c.js +726 -0
  2200. package/dist/packs/do-178c.js.map +1 -0
  2201. package/dist/packs/dora.d.ts +48 -0
  2202. package/dist/packs/dora.d.ts.map +1 -0
  2203. package/dist/packs/dora.js +361 -0
  2204. package/dist/packs/dora.js.map +1 -0
  2205. package/dist/packs/ecoa.d.ts +46 -0
  2206. package/dist/packs/ecoa.d.ts.map +1 -0
  2207. package/dist/packs/ecoa.js +389 -0
  2208. package/dist/packs/ecoa.js.map +1 -0
  2209. package/dist/packs/eu-ai-liability.d.ts +39 -0
  2210. package/dist/packs/eu-ai-liability.d.ts.map +1 -0
  2211. package/dist/packs/eu-ai-liability.js +303 -0
  2212. package/dist/packs/eu-ai-liability.js.map +1 -0
  2213. package/dist/packs/eu-cra.d.ts +50 -0
  2214. package/dist/packs/eu-cra.d.ts.map +1 -0
  2215. package/dist/packs/eu-cra.js +143 -0
  2216. package/dist/packs/eu-cra.js.map +1 -0
  2217. package/dist/packs/eu-data-act.d.ts +49 -0
  2218. package/dist/packs/eu-data-act.d.ts.map +1 -0
  2219. package/dist/packs/eu-data-act.js +141 -0
  2220. package/dist/packs/eu-data-act.js.map +1 -0
  2221. package/dist/packs/eu-dma.d.ts +59 -0
  2222. package/dist/packs/eu-dma.d.ts.map +1 -0
  2223. package/dist/packs/eu-dma.js +188 -0
  2224. package/dist/packs/eu-dma.js.map +1 -0
  2225. package/dist/packs/eu-dsa.d.ts +54 -0
  2226. package/dist/packs/eu-dsa.d.ts.map +1 -0
  2227. package/dist/packs/eu-dsa.js +179 -0
  2228. package/dist/packs/eu-dsa.js.map +1 -0
  2229. package/dist/packs/eu-lpp.d.ts +61 -0
  2230. package/dist/packs/eu-lpp.d.ts.map +1 -0
  2231. package/dist/packs/eu-lpp.js +345 -0
  2232. package/dist/packs/eu-lpp.js.map +1 -0
  2233. package/dist/packs/eu-mdr-ivdr.d.ts +67 -0
  2234. package/dist/packs/eu-mdr-ivdr.d.ts.map +1 -0
  2235. package/dist/packs/eu-mdr-ivdr.js +420 -0
  2236. package/dist/packs/eu-mdr-ivdr.js.map +1 -0
  2237. package/dist/packs/euaiact.d.ts +51 -0
  2238. package/dist/packs/euaiact.d.ts.map +1 -0
  2239. package/dist/packs/euaiact.js +344 -0
  2240. package/dist/packs/euaiact.js.map +1 -0
  2241. package/dist/packs/fca-consumer-duty.d.ts +65 -0
  2242. package/dist/packs/fca-consumer-duty.d.ts.map +1 -0
  2243. package/dist/packs/fca-consumer-duty.js +412 -0
  2244. package/dist/packs/fca-consumer-duty.js.map +1 -0
  2245. package/dist/packs/fca-op-resilience.d.ts +53 -0
  2246. package/dist/packs/fca-op-resilience.d.ts.map +1 -0
  2247. package/dist/packs/fca-op-resilience.js +353 -0
  2248. package/dist/packs/fca-op-resilience.js.map +1 -0
  2249. package/dist/packs/fcra.d.ts +47 -0
  2250. package/dist/packs/fcra.d.ts.map +1 -0
  2251. package/dist/packs/fcra.js +444 -0
  2252. package/dist/packs/fcra.js.map +1 -0
  2253. package/dist/packs/fda-21-cfr-820.d.ts +53 -0
  2254. package/dist/packs/fda-21-cfr-820.d.ts.map +1 -0
  2255. package/dist/packs/fda-21-cfr-820.js +609 -0
  2256. package/dist/packs/fda-21-cfr-820.js.map +1 -0
  2257. package/dist/packs/fda-samd-precert.d.ts +122 -0
  2258. package/dist/packs/fda-samd-precert.d.ts.map +1 -0
  2259. package/dist/packs/fda-samd-precert.js +866 -0
  2260. package/dist/packs/fda-samd-precert.js.map +1 -0
  2261. package/dist/packs/fda-samd.d.ts +42 -0
  2262. package/dist/packs/fda-samd.d.ts.map +1 -0
  2263. package/dist/packs/fda-samd.js +317 -0
  2264. package/dist/packs/fda-samd.js.map +1 -0
  2265. package/dist/packs/fedramp.d.ts +51 -0
  2266. package/dist/packs/fedramp.d.ts.map +1 -0
  2267. package/dist/packs/fedramp.js +321 -0
  2268. package/dist/packs/fedramp.js.map +1 -0
  2269. package/dist/packs/ferpa.d.ts +57 -0
  2270. package/dist/packs/ferpa.d.ts.map +1 -0
  2271. package/dist/packs/ferpa.js +312 -0
  2272. package/dist/packs/ferpa.js.map +1 -0
  2273. package/dist/packs/finra-3110.d.ts +53 -0
  2274. package/dist/packs/finra-3110.d.ts.map +1 -0
  2275. package/dist/packs/finra-3110.js +354 -0
  2276. package/dist/packs/finra-3110.js.map +1 -0
  2277. package/dist/packs/florida-student-privacy.d.ts +104 -0
  2278. package/dist/packs/florida-student-privacy.d.ts.map +1 -0
  2279. package/dist/packs/florida-student-privacy.js +451 -0
  2280. package/dist/packs/florida-student-privacy.js.map +1 -0
  2281. package/dist/packs/foia.d.ts +46 -0
  2282. package/dist/packs/foia.d.ts.map +1 -0
  2283. package/dist/packs/foia.js +397 -0
  2284. package/dist/packs/foia.js.map +1 -0
  2285. package/dist/packs/frcp26.d.ts +52 -0
  2286. package/dist/packs/frcp26.d.ts.map +1 -0
  2287. package/dist/packs/frcp26.js +297 -0
  2288. package/dist/packs/frcp26.js.map +1 -0
  2289. package/dist/packs/ftc5.d.ts +35 -0
  2290. package/dist/packs/ftc5.d.ts.map +1 -0
  2291. package/dist/packs/ftc5.js +293 -0
  2292. package/dist/packs/ftc5.js.map +1 -0
  2293. package/dist/packs/gdpr.d.ts +41 -0
  2294. package/dist/packs/gdpr.d.ts.map +1 -0
  2295. package/dist/packs/gdpr.js +490 -0
  2296. package/dist/packs/gdpr.js.map +1 -0
  2297. package/dist/packs/glba.d.ts +34 -0
  2298. package/dist/packs/glba.d.ts.map +1 -0
  2299. package/dist/packs/glba.js +424 -0
  2300. package/dist/packs/glba.js.map +1 -0
  2301. package/dist/packs/gxp.d.ts +43 -0
  2302. package/dist/packs/gxp.d.ts.map +1 -0
  2303. package/dist/packs/gxp.js +353 -0
  2304. package/dist/packs/gxp.js.map +1 -0
  2305. package/dist/packs/hipaa.d.ts +47 -0
  2306. package/dist/packs/hipaa.d.ts.map +1 -0
  2307. package/dist/packs/hipaa.js +384 -0
  2308. package/dist/packs/hipaa.js.map +1 -0
  2309. package/dist/packs/hitech.d.ts +43 -0
  2310. package/dist/packs/hitech.d.ts.map +1 -0
  2311. package/dist/packs/hitech.js +292 -0
  2312. package/dist/packs/hitech.js.map +1 -0
  2313. package/dist/packs/hitrust-csf.d.ts +41 -0
  2314. package/dist/packs/hitrust-csf.d.ts.map +1 -0
  2315. package/dist/packs/hitrust-csf.js +122 -0
  2316. package/dist/packs/hitrust-csf.js.map +1 -0
  2317. package/dist/packs/hk-pdpo.d.ts +38 -0
  2318. package/dist/packs/hk-pdpo.d.ts.map +1 -0
  2319. package/dist/packs/hk-pdpo.js +125 -0
  2320. package/dist/packs/hk-pdpo.js.map +1 -0
  2321. package/dist/packs/hmda.d.ts +42 -0
  2322. package/dist/packs/hmda.d.ts.map +1 -0
  2323. package/dist/packs/hmda.js +382 -0
  2324. package/dist/packs/hmda.js.map +1 -0
  2325. package/dist/packs/iec-62304.d.ts +79 -0
  2326. package/dist/packs/iec-62304.d.ts.map +1 -0
  2327. package/dist/packs/iec-62304.js +588 -0
  2328. package/dist/packs/iec-62304.js.map +1 -0
  2329. package/dist/packs/iec-62443.d.ts +112 -0
  2330. package/dist/packs/iec-62443.d.ts.map +1 -0
  2331. package/dist/packs/iec-62443.js +689 -0
  2332. package/dist/packs/iec-62443.js.map +1 -0
  2333. package/dist/packs/illinois-aivia.d.ts +56 -0
  2334. package/dist/packs/illinois-aivia.d.ts.map +1 -0
  2335. package/dist/packs/illinois-aivia.js +351 -0
  2336. package/dist/packs/illinois-aivia.js.map +1 -0
  2337. package/dist/packs/in-dpdp.d.ts +82 -0
  2338. package/dist/packs/in-dpdp.d.ts.map +1 -0
  2339. package/dist/packs/in-dpdp.js +432 -0
  2340. package/dist/packs/in-dpdp.js.map +1 -0
  2341. package/dist/packs/index.d.ts +468 -0
  2342. package/dist/packs/index.d.ts.map +1 -0
  2343. package/dist/packs/index.js +672 -0
  2344. package/dist/packs/index.js.map +1 -0
  2345. package/dist/packs/iso-15189.d.ts +143 -0
  2346. package/dist/packs/iso-15189.d.ts.map +1 -0
  2347. package/dist/packs/iso-15189.js +947 -0
  2348. package/dist/packs/iso-15189.js.map +1 -0
  2349. package/dist/packs/iso-23894.d.ts +40 -0
  2350. package/dist/packs/iso-23894.d.ts.map +1 -0
  2351. package/dist/packs/iso-23894.js +445 -0
  2352. package/dist/packs/iso-23894.js.map +1 -0
  2353. package/dist/packs/iso-26262.d.ts +97 -0
  2354. package/dist/packs/iso-26262.d.ts.map +1 -0
  2355. package/dist/packs/iso-26262.js +737 -0
  2356. package/dist/packs/iso-26262.js.map +1 -0
  2357. package/dist/packs/iso-iec-80001.d.ts +151 -0
  2358. package/dist/packs/iso-iec-80001.d.ts.map +1 -0
  2359. package/dist/packs/iso-iec-80001.js +996 -0
  2360. package/dist/packs/iso-iec-80001.js.map +1 -0
  2361. package/dist/packs/iso20022.d.ts +54 -0
  2362. package/dist/packs/iso20022.d.ts.map +1 -0
  2363. package/dist/packs/iso20022.js +347 -0
  2364. package/dist/packs/iso20022.js.map +1 -0
  2365. package/dist/packs/iso27001.d.ts +46 -0
  2366. package/dist/packs/iso27001.d.ts.map +1 -0
  2367. package/dist/packs/iso27001.js +391 -0
  2368. package/dist/packs/iso27001.js.map +1 -0
  2369. package/dist/packs/iso27701.d.ts +53 -0
  2370. package/dist/packs/iso27701.d.ts.map +1 -0
  2371. package/dist/packs/iso27701.js +393 -0
  2372. package/dist/packs/iso27701.js.map +1 -0
  2373. package/dist/packs/iso42001.d.ts +47 -0
  2374. package/dist/packs/iso42001.d.ts.map +1 -0
  2375. package/dist/packs/iso42001.js +291 -0
  2376. package/dist/packs/iso42001.js.map +1 -0
  2377. package/dist/packs/jp-appi.d.ts +78 -0
  2378. package/dist/packs/jp-appi.d.ts.map +1 -0
  2379. package/dist/packs/jp-appi.js +441 -0
  2380. package/dist/packs/jp-appi.js.map +1 -0
  2381. package/dist/packs/kr-pipa.d.ts +74 -0
  2382. package/dist/packs/kr-pipa.d.ts.map +1 -0
  2383. package/dist/packs/kr-pipa.js +445 -0
  2384. package/dist/packs/kr-pipa.js.map +1 -0
  2385. package/dist/packs/lgpd.d.ts +32 -0
  2386. package/dist/packs/lgpd.d.ts.map +1 -0
  2387. package/dist/packs/lgpd.js +353 -0
  2388. package/dist/packs/lgpd.js.map +1 -0
  2389. package/dist/packs/lpo2024.d.ts +70 -0
  2390. package/dist/packs/lpo2024.d.ts.map +1 -0
  2391. package/dist/packs/lpo2024.js +310 -0
  2392. package/dist/packs/lpo2024.js.map +1 -0
  2393. package/dist/packs/maryland-hb1202.d.ts +53 -0
  2394. package/dist/packs/maryland-hb1202.d.ts.map +1 -0
  2395. package/dist/packs/maryland-hb1202.js +341 -0
  2396. package/dist/packs/maryland-hb1202.js.map +1 -0
  2397. package/dist/packs/mhra-samd-ukca.d.ts +79 -0
  2398. package/dist/packs/mhra-samd-ukca.d.ts.map +1 -0
  2399. package/dist/packs/mhra-samd-ukca.js +476 -0
  2400. package/dist/packs/mhra-samd-ukca.js.map +1 -0
  2401. package/dist/packs/mifid2.d.ts +51 -0
  2402. package/dist/packs/mifid2.d.ts.map +1 -0
  2403. package/dist/packs/mifid2.js +384 -0
  2404. package/dist/packs/mifid2.js.map +1 -0
  2405. package/dist/packs/migration-manifest.d.ts +30 -0
  2406. package/dist/packs/migration-manifest.d.ts.map +1 -0
  2407. package/dist/packs/migration-manifest.js +59 -0
  2408. package/dist/packs/migration-manifest.js.map +1 -0
  2409. package/dist/packs/naic-mdl.d.ts +50 -0
  2410. package/dist/packs/naic-mdl.d.ts.map +1 -0
  2411. package/dist/packs/naic-mdl.js +318 -0
  2412. package/dist/packs/naic-mdl.js.map +1 -0
  2413. package/dist/packs/ncsc-ai-security.d.ts +69 -0
  2414. package/dist/packs/ncsc-ai-security.d.ts.map +1 -0
  2415. package/dist/packs/ncsc-ai-security.js +629 -0
  2416. package/dist/packs/ncsc-ai-security.js.map +1 -0
  2417. package/dist/packs/ncsc-caf.d.ts +62 -0
  2418. package/dist/packs/ncsc-caf.d.ts.map +1 -0
  2419. package/dist/packs/ncsc-caf.js +384 -0
  2420. package/dist/packs/ncsc-caf.js.map +1 -0
  2421. package/dist/packs/nhs-dcb0129-dcb0160.d.ts +85 -0
  2422. package/dist/packs/nhs-dcb0129-dcb0160.d.ts.map +1 -0
  2423. package/dist/packs/nhs-dcb0129-dcb0160.js +473 -0
  2424. package/dist/packs/nhs-dcb0129-dcb0160.js.map +1 -0
  2425. package/dist/packs/nhs-dspt.d.ts +83 -0
  2426. package/dist/packs/nhs-dspt.d.ts.map +1 -0
  2427. package/dist/packs/nhs-dspt.js +437 -0
  2428. package/dist/packs/nhs-dspt.js.map +1 -0
  2429. package/dist/packs/nhs-dtac.d.ts +80 -0
  2430. package/dist/packs/nhs-dtac.d.ts.map +1 -0
  2431. package/dist/packs/nhs-dtac.js +402 -0
  2432. package/dist/packs/nhs-dtac.js.map +1 -0
  2433. package/dist/packs/nhs-psirf.d.ts +74 -0
  2434. package/dist/packs/nhs-psirf.d.ts.map +1 -0
  2435. package/dist/packs/nhs-psirf.js +417 -0
  2436. package/dist/packs/nhs-psirf.js.map +1 -0
  2437. package/dist/packs/ni-equality.d.ts +87 -0
  2438. package/dist/packs/ni-equality.d.ts.map +1 -0
  2439. package/dist/packs/ni-equality.js +439 -0
  2440. package/dist/packs/ni-equality.js.map +1 -0
  2441. package/dist/packs/ni-hscni.d.ts +76 -0
  2442. package/dist/packs/ni-hscni.d.ts.map +1 -0
  2443. package/dist/packs/ni-hscni.js +418 -0
  2444. package/dist/packs/ni-hscni.js.map +1 -0
  2445. package/dist/packs/ni-mental-capacity.d.ts +45 -0
  2446. package/dist/packs/ni-mental-capacity.d.ts.map +1 -0
  2447. package/dist/packs/ni-mental-capacity.js +133 -0
  2448. package/dist/packs/ni-mental-capacity.js.map +1 -0
  2449. package/dist/packs/nice-esf-dht.d.ts +72 -0
  2450. package/dist/packs/nice-esf-dht.d.ts.map +1 -0
  2451. package/dist/packs/nice-esf-dht.js +407 -0
  2452. package/dist/packs/nice-esf-dht.js.map +1 -0
  2453. package/dist/packs/nis2.d.ts +80 -0
  2454. package/dist/packs/nis2.d.ts.map +1 -0
  2455. package/dist/packs/nis2.js +425 -0
  2456. package/dist/packs/nis2.js.map +1 -0
  2457. package/dist/packs/nist-800-53.d.ts +40 -0
  2458. package/dist/packs/nist-800-53.d.ts.map +1 -0
  2459. package/dist/packs/nist-800-53.js +129 -0
  2460. package/dist/packs/nist-800-53.js.map +1 -0
  2461. package/dist/packs/nist-ai-rmf.d.ts +48 -0
  2462. package/dist/packs/nist-ai-rmf.d.ts.map +1 -0
  2463. package/dist/packs/nist-ai-rmf.js +370 -0
  2464. package/dist/packs/nist-ai-rmf.js.map +1 -0
  2465. package/dist/packs/nist-csf.d.ts +41 -0
  2466. package/dist/packs/nist-csf.d.ts.map +1 -0
  2467. package/dist/packs/nist-csf.js +134 -0
  2468. package/dist/packs/nist-csf.js.map +1 -0
  2469. package/dist/packs/nist-sp-800-82.d.ts +127 -0
  2470. package/dist/packs/nist-sp-800-82.d.ts.map +1 -0
  2471. package/dist/packs/nist-sp-800-82.js +724 -0
  2472. package/dist/packs/nist-sp-800-82.js.map +1 -0
  2473. package/dist/packs/nyc-ll-144.d.ts +38 -0
  2474. package/dist/packs/nyc-ll-144.d.ts.map +1 -0
  2475. package/dist/packs/nyc-ll-144.js +291 -0
  2476. package/dist/packs/nyc-ll-144.js.map +1 -0
  2477. package/dist/packs/nydfs500.d.ts +32 -0
  2478. package/dist/packs/nydfs500.d.ts.map +1 -0
  2479. package/dist/packs/nydfs500.js +288 -0
  2480. package/dist/packs/nydfs500.js.map +1 -0
  2481. package/dist/packs/nz-privacy.d.ts +91 -0
  2482. package/dist/packs/nz-privacy.d.ts.map +1 -0
  2483. package/dist/packs/nz-privacy.js +468 -0
  2484. package/dist/packs/nz-privacy.js.map +1 -0
  2485. package/dist/packs/part11.d.ts +31 -0
  2486. package/dist/packs/part11.d.ts.map +1 -0
  2487. package/dist/packs/part11.js +332 -0
  2488. package/dist/packs/part11.js.map +1 -0
  2489. package/dist/packs/part2.d.ts +42 -0
  2490. package/dist/packs/part2.d.ts.map +1 -0
  2491. package/dist/packs/part2.js +358 -0
  2492. package/dist/packs/part2.js.map +1 -0
  2493. package/dist/packs/pcidss.d.ts +72 -0
  2494. package/dist/packs/pcidss.d.ts.map +1 -0
  2495. package/dist/packs/pcidss.js +470 -0
  2496. package/dist/packs/pcidss.js.map +1 -0
  2497. package/dist/packs/pipl.d.ts +31 -0
  2498. package/dist/packs/pipl.d.ts.map +1 -0
  2499. package/dist/packs/pipl.js +208 -0
  2500. package/dist/packs/pipl.js.map +1 -0
  2501. package/dist/packs/reg-e.d.ts +55 -0
  2502. package/dist/packs/reg-e.d.ts.map +1 -0
  2503. package/dist/packs/reg-e.js +362 -0
  2504. package/dist/packs/reg-e.js.map +1 -0
  2505. package/dist/packs/registry-expanded.d.ts +76 -0
  2506. package/dist/packs/registry-expanded.d.ts.map +1 -0
  2507. package/dist/packs/registry-expanded.js +2354 -0
  2508. package/dist/packs/registry-expanded.js.map +1 -0
  2509. package/dist/packs/scotland-awi.d.ts +74 -0
  2510. package/dist/packs/scotland-awi.d.ts.map +1 -0
  2511. package/dist/packs/scotland-awi.js +408 -0
  2512. package/dist/packs/scotland-awi.js.map +1 -0
  2513. package/dist/packs/scotland-procurement-reform.d.ts +40 -0
  2514. package/dist/packs/scotland-procurement-reform.d.ts.map +1 -0
  2515. package/dist/packs/scotland-procurement-reform.js +125 -0
  2516. package/dist/packs/scotland-procurement-reform.js.map +1 -0
  2517. package/dist/packs/scotland-psed.d.ts +67 -0
  2518. package/dist/packs/scotland-psed.d.ts.map +1 -0
  2519. package/dist/packs/scotland-psed.js +372 -0
  2520. package/dist/packs/scotland-psed.js.map +1 -0
  2521. package/dist/packs/sg-model-ai-gov.d.ts +62 -0
  2522. package/dist/packs/sg-model-ai-gov.d.ts.map +1 -0
  2523. package/dist/packs/sg-model-ai-gov.js +396 -0
  2524. package/dist/packs/sg-model-ai-gov.js.map +1 -0
  2525. package/dist/packs/soc1.d.ts +34 -0
  2526. package/dist/packs/soc1.d.ts.map +1 -0
  2527. package/dist/packs/soc1.js +308 -0
  2528. package/dist/packs/soc1.js.map +1 -0
  2529. package/dist/packs/soc2.d.ts +44 -0
  2530. package/dist/packs/soc2.d.ts.map +1 -0
  2531. package/dist/packs/soc2.js +340 -0
  2532. package/dist/packs/soc2.js.map +1 -0
  2533. package/dist/packs/sox404.d.ts +32 -0
  2534. package/dist/packs/sox404.d.ts.map +1 -0
  2535. package/dist/packs/sox404.js +298 -0
  2536. package/dist/packs/sox404.js.map +1 -0
  2537. package/dist/packs/sr117.d.ts +35 -0
  2538. package/dist/packs/sr117.d.ts.map +1 -0
  2539. package/dist/packs/sr117.js +345 -0
  2540. package/dist/packs/sr117.js.map +1 -0
  2541. package/dist/packs/stateramp.d.ts +62 -0
  2542. package/dist/packs/stateramp.d.ts.map +1 -0
  2543. package/dist/packs/stateramp.js +327 -0
  2544. package/dist/packs/stateramp.js.map +1 -0
  2545. package/dist/packs/tennessee-elvis.d.ts +68 -0
  2546. package/dist/packs/tennessee-elvis.d.ts.map +1 -0
  2547. package/dist/packs/tennessee-elvis.js +420 -0
  2548. package/dist/packs/tennessee-elvis.js.map +1 -0
  2549. package/dist/packs/texas-hb4.d.ts +77 -0
  2550. package/dist/packs/texas-hb4.d.ts.map +1 -0
  2551. package/dist/packs/texas-hb4.js +396 -0
  2552. package/dist/packs/texas-hb4.js.map +1 -0
  2553. package/dist/packs/th-pdpa.d.ts +43 -0
  2554. package/dist/packs/th-pdpa.d.ts.map +1 -0
  2555. package/dist/packs/th-pdpa.js +128 -0
  2556. package/dist/packs/th-pdpa.js.map +1 -0
  2557. package/dist/packs/title-ix.d.ts +93 -0
  2558. package/dist/packs/title-ix.d.ts.map +1 -0
  2559. package/dist/packs/title-ix.js +447 -0
  2560. package/dist/packs/title-ix.js.map +1 -0
  2561. package/dist/packs/uk-ai-framework.d.ts +42 -0
  2562. package/dist/packs/uk-ai-framework.d.ts.map +1 -0
  2563. package/dist/packs/uk-ai-framework.js +355 -0
  2564. package/dist/packs/uk-ai-framework.js.map +1 -0
  2565. package/dist/packs/uk-cma-1990.d.ts +75 -0
  2566. package/dist/packs/uk-cma-1990.d.ts.map +1 -0
  2567. package/dist/packs/uk-cma-1990.js +406 -0
  2568. package/dist/packs/uk-cma-1990.js.map +1 -0
  2569. package/dist/packs/uk-equality-act-ai-bias.d.ts +54 -0
  2570. package/dist/packs/uk-equality-act-ai-bias.d.ts.map +1 -0
  2571. package/dist/packs/uk-equality-act-ai-bias.js +684 -0
  2572. package/dist/packs/uk-equality-act-ai-bias.js.map +1 -0
  2573. package/dist/packs/uk-equality-act.d.ts +69 -0
  2574. package/dist/packs/uk-equality-act.d.ts.map +1 -0
  2575. package/dist/packs/uk-equality-act.js +409 -0
  2576. package/dist/packs/uk-equality-act.js.map +1 -0
  2577. package/dist/packs/uk-future-ai-legislation.d.ts +42 -0
  2578. package/dist/packs/uk-future-ai-legislation.d.ts.map +1 -0
  2579. package/dist/packs/uk-future-ai-legislation.js +212 -0
  2580. package/dist/packs/uk-future-ai-legislation.js.map +1 -0
  2581. package/dist/packs/uk-gdpr.d.ts +74 -0
  2582. package/dist/packs/uk-gdpr.d.ts.map +1 -0
  2583. package/dist/packs/uk-gdpr.js +377 -0
  2584. package/dist/packs/uk-gdpr.js.map +1 -0
  2585. package/dist/packs/uk-ico-open-case.d.ts +65 -0
  2586. package/dist/packs/uk-ico-open-case.d.ts.map +1 -0
  2587. package/dist/packs/uk-ico-open-case.js +399 -0
  2588. package/dist/packs/uk-ico-open-case.js.map +1 -0
  2589. package/dist/packs/uk-nis-regs.d.ts +67 -0
  2590. package/dist/packs/uk-nis-regs.d.ts.map +1 -0
  2591. package/dist/packs/uk-nis-regs.js +366 -0
  2592. package/dist/packs/uk-nis-regs.js.map +1 -0
  2593. package/dist/packs/uk-online-safety-act.d.ts +68 -0
  2594. package/dist/packs/uk-online-safety-act.d.ts.map +1 -0
  2595. package/dist/packs/uk-online-safety-act.js +413 -0
  2596. package/dist/packs/uk-online-safety-act.js.map +1 -0
  2597. package/dist/packs/uk-procurement-act.d.ts +81 -0
  2598. package/dist/packs/uk-procurement-act.d.ts.map +1 -0
  2599. package/dist/packs/uk-procurement-act.js +434 -0
  2600. package/dist/packs/uk-procurement-act.js.map +1 -0
  2601. package/dist/packs/us-fda-21cfr56.d.ts +63 -0
  2602. package/dist/packs/us-fda-21cfr56.d.ts.map +1 -0
  2603. package/dist/packs/us-fda-21cfr56.js +367 -0
  2604. package/dist/packs/us-fda-21cfr56.js.map +1 -0
  2605. package/dist/packs/us-nih-coc.d.ts +43 -0
  2606. package/dist/packs/us-nih-coc.d.ts.map +1 -0
  2607. package/dist/packs/us-nih-coc.js +206 -0
  2608. package/dist/packs/us-nih-coc.js.map +1 -0
  2609. package/dist/packs/us-nih-dms.d.ts +43 -0
  2610. package/dist/packs/us-nih-dms.d.ts.map +1 -0
  2611. package/dist/packs/us-nih-dms.js +244 -0
  2612. package/dist/packs/us-nih-dms.js.map +1 -0
  2613. package/dist/packs/us-nih-gds.d.ts +41 -0
  2614. package/dist/packs/us-nih-gds.d.ts.map +1 -0
  2615. package/dist/packs/us-nih-gds.js +358 -0
  2616. package/dist/packs/us-nih-gds.js.map +1 -0
  2617. package/dist/packs/us-nih-it-security.d.ts +40 -0
  2618. package/dist/packs/us-nih-it-security.d.ts.map +1 -0
  2619. package/dist/packs/us-nih-it-security.js +206 -0
  2620. package/dist/packs/us-nih-it-security.js.map +1 -0
  2621. package/dist/packs/us-respa.d.ts +55 -0
  2622. package/dist/packs/us-respa.d.ts.map +1 -0
  2623. package/dist/packs/us-respa.js +364 -0
  2624. package/dist/packs/us-respa.js.map +1 -0
  2625. package/dist/packs/us-tila.d.ts +65 -0
  2626. package/dist/packs/us-tila.d.ts.map +1 -0
  2627. package/dist/packs/us-tila.js +353 -0
  2628. package/dist/packs/us-tila.js.map +1 -0
  2629. package/dist/packs/us-trid.d.ts +62 -0
  2630. package/dist/packs/us-trid.d.ts.map +1 -0
  2631. package/dist/packs/us-trid.js +345 -0
  2632. package/dist/packs/us-trid.js.map +1 -0
  2633. package/dist/packs/utah-ai-policy.d.ts +55 -0
  2634. package/dist/packs/utah-ai-policy.d.ts.map +1 -0
  2635. package/dist/packs/utah-ai-policy.js +340 -0
  2636. package/dist/packs/utah-ai-policy.js.map +1 -0
  2637. package/dist/packs/vn-pdpd.d.ts +40 -0
  2638. package/dist/packs/vn-pdpd.d.ts.map +1 -0
  2639. package/dist/packs/vn-pdpd.js +125 -0
  2640. package/dist/packs/vn-pdpd.js.map +1 -0
  2641. package/dist/packs/wales-future-generations.d.ts +67 -0
  2642. package/dist/packs/wales-future-generations.d.ts.map +1 -0
  2643. package/dist/packs/wales-future-generations.js +396 -0
  2644. package/dist/packs/wales-future-generations.js.map +1 -0
  2645. package/dist/reporting/governance-reporter.d.ts +196 -0
  2646. package/dist/reporting/governance-reporter.d.ts.map +1 -0
  2647. package/dist/reporting/governance-reporter.js +442 -0
  2648. package/dist/reporting/governance-reporter.js.map +1 -0
  2649. package/dist/retention/backup-retention-adapter.d.ts +72 -0
  2650. package/dist/retention/backup-retention-adapter.d.ts.map +1 -0
  2651. package/dist/retention/backup-retention-adapter.js +69 -0
  2652. package/dist/retention/backup-retention-adapter.js.map +1 -0
  2653. package/dist/retention/classification-rules.d.ts +59 -0
  2654. package/dist/retention/classification-rules.d.ts.map +1 -0
  2655. package/dist/retention/classification-rules.js +185 -0
  2656. package/dist/retention/classification-rules.js.map +1 -0
  2657. package/dist/retention/classifier.d.ts +195 -0
  2658. package/dist/retention/classifier.d.ts.map +1 -0
  2659. package/dist/retention/classifier.js +254 -0
  2660. package/dist/retention/classifier.js.map +1 -0
  2661. package/dist/retention/data-class.d.ts +70 -0
  2662. package/dist/retention/data-class.d.ts.map +1 -0
  2663. package/dist/retention/data-class.js +47 -0
  2664. package/dist/retention/data-class.js.map +1 -0
  2665. package/dist/retention/enforcement-log-store.d.ts +121 -0
  2666. package/dist/retention/enforcement-log-store.d.ts.map +1 -0
  2667. package/dist/retention/enforcement-log-store.js +183 -0
  2668. package/dist/retention/enforcement-log-store.js.map +1 -0
  2669. package/dist/retention/index.d.ts +31 -0
  2670. package/dist/retention/index.d.ts.map +1 -0
  2671. package/dist/retention/index.js +67 -0
  2672. package/dist/retention/index.js.map +1 -0
  2673. package/dist/retention/ingest-classifier.d.ts +126 -0
  2674. package/dist/retention/ingest-classifier.d.ts.map +1 -0
  2675. package/dist/retention/ingest-classifier.js +130 -0
  2676. package/dist/retention/ingest-classifier.js.map +1 -0
  2677. package/dist/retention/legal-hold-errors.d.ts +57 -0
  2678. package/dist/retention/legal-hold-errors.d.ts.map +1 -0
  2679. package/dist/retention/legal-hold-errors.js +99 -0
  2680. package/dist/retention/legal-hold-errors.js.map +1 -0
  2681. package/dist/retention/legal-hold-store.d.ts +191 -0
  2682. package/dist/retention/legal-hold-store.d.ts.map +1 -0
  2683. package/dist/retention/legal-hold-store.js +432 -0
  2684. package/dist/retention/legal-hold-store.js.map +1 -0
  2685. package/dist/retention/legal-hold.d.ts +122 -0
  2686. package/dist/retention/legal-hold.d.ts.map +1 -0
  2687. package/dist/retention/legal-hold.js +18 -0
  2688. package/dist/retention/legal-hold.js.map +1 -0
  2689. package/dist/retention/log-aggregators/datadog.d.ts +53 -0
  2690. package/dist/retention/log-aggregators/datadog.d.ts.map +1 -0
  2691. package/dist/retention/log-aggregators/datadog.js +157 -0
  2692. package/dist/retention/log-aggregators/datadog.js.map +1 -0
  2693. package/dist/retention/log-aggregators/index.d.ts +14 -0
  2694. package/dist/retention/log-aggregators/index.d.ts.map +1 -0
  2695. package/dist/retention/log-aggregators/index.js +18 -0
  2696. package/dist/retention/log-aggregators/index.js.map +1 -0
  2697. package/dist/retention/log-aggregators/log-aggregator.d.ts +62 -0
  2698. package/dist/retention/log-aggregators/log-aggregator.d.ts.map +1 -0
  2699. package/dist/retention/log-aggregators/log-aggregator.js +21 -0
  2700. package/dist/retention/log-aggregators/log-aggregator.js.map +1 -0
  2701. package/dist/retention/log-aggregators/noop.d.ts +23 -0
  2702. package/dist/retention/log-aggregators/noop.d.ts.map +1 -0
  2703. package/dist/retention/log-aggregators/noop.js +30 -0
  2704. package/dist/retention/log-aggregators/noop.js.map +1 -0
  2705. package/dist/retention/log-aggregators/sentinel.d.ts +75 -0
  2706. package/dist/retention/log-aggregators/sentinel.d.ts.map +1 -0
  2707. package/dist/retention/log-aggregators/sentinel.js +220 -0
  2708. package/dist/retention/log-aggregators/sentinel.js.map +1 -0
  2709. package/dist/retention/log-aggregators/splunk.d.ts +58 -0
  2710. package/dist/retention/log-aggregators/splunk.d.ts.map +1 -0
  2711. package/dist/retention/log-aggregators/splunk.js +151 -0
  2712. package/dist/retention/log-aggregators/splunk.js.map +1 -0
  2713. package/dist/retention/policy-matrix-errors.d.ts +80 -0
  2714. package/dist/retention/policy-matrix-errors.d.ts.map +1 -0
  2715. package/dist/retention/policy-matrix-errors.js +134 -0
  2716. package/dist/retention/policy-matrix-errors.js.map +1 -0
  2717. package/dist/retention/policy-matrix.d.ts +263 -0
  2718. package/dist/retention/policy-matrix.d.ts.map +1 -0
  2719. package/dist/retention/policy-matrix.js +584 -0
  2720. package/dist/retention/policy-matrix.js.map +1 -0
  2721. package/dist/scanner/gap-report.d.ts +108 -0
  2722. package/dist/scanner/gap-report.d.ts.map +1 -0
  2723. package/dist/scanner/gap-report.js +337 -0
  2724. package/dist/scanner/gap-report.js.map +1 -0
  2725. package/dist/scanner/index.d.ts +98 -0
  2726. package/dist/scanner/index.d.ts.map +1 -0
  2727. package/dist/scanner/index.js +453 -0
  2728. package/dist/scanner/index.js.map +1 -0
  2729. package/dist/scanner/manifest-integrity.d.ts +44 -0
  2730. package/dist/scanner/manifest-integrity.d.ts.map +1 -0
  2731. package/dist/scanner/manifest-integrity.js +155 -0
  2732. package/dist/scanner/manifest-integrity.js.map +1 -0
  2733. package/dist/scanner/remediation.d.ts +72 -0
  2734. package/dist/scanner/remediation.d.ts.map +1 -0
  2735. package/dist/scanner/remediation.js +292 -0
  2736. package/dist/scanner/remediation.js.map +1 -0
  2737. package/dist/security/access-review.d.ts +122 -0
  2738. package/dist/security/access-review.d.ts.map +1 -0
  2739. package/dist/security/access-review.js +272 -0
  2740. package/dist/security/access-review.js.map +1 -0
  2741. package/dist/security/agent-auth.d.ts +92 -0
  2742. package/dist/security/agent-auth.d.ts.map +1 -0
  2743. package/dist/security/agent-auth.js +290 -0
  2744. package/dist/security/agent-auth.js.map +1 -0
  2745. package/dist/security/anomaly-auto-suspend.d.ts +226 -0
  2746. package/dist/security/anomaly-auto-suspend.d.ts.map +1 -0
  2747. package/dist/security/anomaly-auto-suspend.js +384 -0
  2748. package/dist/security/anomaly-auto-suspend.js.map +1 -0
  2749. package/dist/security/anomaly-correlator.d.ts +66 -0
  2750. package/dist/security/anomaly-correlator.d.ts.map +1 -0
  2751. package/dist/security/anomaly-correlator.js +316 -0
  2752. package/dist/security/anomaly-correlator.js.map +1 -0
  2753. package/dist/security/anomaly-detector.d.ts +137 -0
  2754. package/dist/security/anomaly-detector.d.ts.map +1 -0
  2755. package/dist/security/anomaly-detector.js +298 -0
  2756. package/dist/security/anomaly-detector.js.map +1 -0
  2757. package/dist/security/anomaly-self-reflection.d.ts +168 -0
  2758. package/dist/security/anomaly-self-reflection.d.ts.map +1 -0
  2759. package/dist/security/anomaly-self-reflection.js +331 -0
  2760. package/dist/security/anomaly-self-reflection.js.map +1 -0
  2761. package/dist/security/built-in-llm-providers.d.ts +50 -0
  2762. package/dist/security/built-in-llm-providers.d.ts.map +1 -0
  2763. package/dist/security/built-in-llm-providers.js +83 -0
  2764. package/dist/security/built-in-llm-providers.js.map +1 -0
  2765. package/dist/security/circuit-breaker.d.ts +62 -0
  2766. package/dist/security/circuit-breaker.d.ts.map +1 -0
  2767. package/dist/security/circuit-breaker.js +183 -0
  2768. package/dist/security/circuit-breaker.js.map +1 -0
  2769. package/dist/security/data-classifier.d.ts +139 -0
  2770. package/dist/security/data-classifier.d.ts.map +1 -0
  2771. package/dist/security/data-classifier.js +483 -0
  2772. package/dist/security/data-classifier.js.map +1 -0
  2773. package/dist/security/encrypted-storage.d.ts +80 -0
  2774. package/dist/security/encrypted-storage.d.ts.map +1 -0
  2775. package/dist/security/encrypted-storage.js +257 -0
  2776. package/dist/security/encrypted-storage.js.map +1 -0
  2777. package/dist/security/encryption-layer.d.ts +115 -0
  2778. package/dist/security/encryption-layer.d.ts.map +1 -0
  2779. package/dist/security/encryption-layer.js +374 -0
  2780. package/dist/security/encryption-layer.js.map +1 -0
  2781. package/dist/security/external-cross-check.d.ts +206 -0
  2782. package/dist/security/external-cross-check.d.ts.map +1 -0
  2783. package/dist/security/external-cross-check.js +490 -0
  2784. package/dist/security/external-cross-check.js.map +1 -0
  2785. package/dist/security/hash-manifest.d.ts +70 -0
  2786. package/dist/security/hash-manifest.d.ts.map +1 -0
  2787. package/dist/security/hash-manifest.js +266 -0
  2788. package/dist/security/hash-manifest.js.map +1 -0
  2789. package/dist/security/http-interceptor.d.ts +262 -0
  2790. package/dist/security/http-interceptor.d.ts.map +1 -0
  2791. package/dist/security/http-interceptor.js +637 -0
  2792. package/dist/security/http-interceptor.js.map +1 -0
  2793. package/dist/security/key-manager.d.ts +111 -0
  2794. package/dist/security/key-manager.d.ts.map +1 -0
  2795. package/dist/security/key-manager.js +326 -0
  2796. package/dist/security/key-manager.js.map +1 -0
  2797. package/dist/security/nonce-store.d.ts +48 -0
  2798. package/dist/security/nonce-store.d.ts.map +1 -0
  2799. package/dist/security/nonce-store.js +170 -0
  2800. package/dist/security/nonce-store.js.map +1 -0
  2801. package/dist/security/operator-roles.d.ts +100 -0
  2802. package/dist/security/operator-roles.d.ts.map +1 -0
  2803. package/dist/security/operator-roles.js +278 -0
  2804. package/dist/security/operator-roles.js.map +1 -0
  2805. package/dist/security/plugin-integrity.d.ts +99 -0
  2806. package/dist/security/plugin-integrity.d.ts.map +1 -0
  2807. package/dist/security/plugin-integrity.js +194 -0
  2808. package/dist/security/plugin-integrity.js.map +1 -0
  2809. package/dist/security/prompt-injection-detector.d.ts +81 -0
  2810. package/dist/security/prompt-injection-detector.d.ts.map +1 -0
  2811. package/dist/security/prompt-injection-detector.js +505 -0
  2812. package/dist/security/prompt-injection-detector.js.map +1 -0
  2813. package/dist/security/provider-compliance-boot.d.ts +64 -0
  2814. package/dist/security/provider-compliance-boot.d.ts.map +1 -0
  2815. package/dist/security/provider-compliance-boot.js +105 -0
  2816. package/dist/security/provider-compliance-boot.js.map +1 -0
  2817. package/dist/security/provider-compliance.d.ts +261 -0
  2818. package/dist/security/provider-compliance.d.ts.map +1 -0
  2819. package/dist/security/provider-compliance.js +711 -0
  2820. package/dist/security/provider-compliance.js.map +1 -0
  2821. package/dist/security/secret-leak-detector.d.ts +59 -0
  2822. package/dist/security/secret-leak-detector.d.ts.map +1 -0
  2823. package/dist/security/secret-leak-detector.js +180 -0
  2824. package/dist/security/secret-leak-detector.js.map +1 -0
  2825. package/dist/security/session-timeout.d.ts +107 -0
  2826. package/dist/security/session-timeout.d.ts.map +1 -0
  2827. package/dist/security/session-timeout.js +291 -0
  2828. package/dist/security/session-timeout.js.map +1 -0
  2829. package/dist/security/ssrf-guard.d.ts +45 -0
  2830. package/dist/security/ssrf-guard.d.ts.map +1 -0
  2831. package/dist/security/ssrf-guard.js +263 -0
  2832. package/dist/security/ssrf-guard.js.map +1 -0
  2833. package/dist/security/supply-chain.d.ts +99 -0
  2834. package/dist/security/supply-chain.d.ts.map +1 -0
  2835. package/dist/security/supply-chain.js +320 -0
  2836. package/dist/security/supply-chain.js.map +1 -0
  2837. package/dist/security/vendor-registry.d.ts +111 -0
  2838. package/dist/security/vendor-registry.d.ts.map +1 -0
  2839. package/dist/security/vendor-registry.js +293 -0
  2840. package/dist/security/vendor-registry.js.map +1 -0
  2841. package/dist/tenant/index.d.ts +14 -0
  2842. package/dist/tenant/index.d.ts.map +1 -0
  2843. package/dist/tenant/index.js +32 -0
  2844. package/dist/tenant/index.js.map +1 -0
  2845. package/dist/tenant/policy-inheritance.d.ts +112 -0
  2846. package/dist/tenant/policy-inheritance.d.ts.map +1 -0
  2847. package/dist/tenant/policy-inheritance.js +382 -0
  2848. package/dist/tenant/policy-inheritance.js.map +1 -0
  2849. package/dist/tenant/rbac.d.ts +65 -0
  2850. package/dist/tenant/rbac.d.ts.map +1 -0
  2851. package/dist/tenant/rbac.js +185 -0
  2852. package/dist/tenant/rbac.js.map +1 -0
  2853. package/dist/tenant/workspace.d.ts +111 -0
  2854. package/dist/tenant/workspace.d.ts.map +1 -0
  2855. package/dist/tenant/workspace.js +315 -0
  2856. package/dist/tenant/workspace.js.map +1 -0
  2857. package/dist/trust-passport/index.d.ts +106 -0
  2858. package/dist/trust-passport/index.d.ts.map +1 -0
  2859. package/dist/trust-passport/index.js +123 -0
  2860. package/dist/trust-passport/index.js.map +1 -0
  2861. package/dist/util/async-io.d.ts +57 -0
  2862. package/dist/util/async-io.d.ts.map +1 -0
  2863. package/dist/util/async-io.js +209 -0
  2864. package/dist/util/async-io.js.map +1 -0
  2865. package/dist/util/fs.d.ts +84 -0
  2866. package/dist/util/fs.d.ts.map +1 -0
  2867. package/dist/util/fs.js +211 -0
  2868. package/dist/util/fs.js.map +1 -0
  2869. package/dist/util/log-rotation.d.ts +55 -0
  2870. package/dist/util/log-rotation.d.ts.map +1 -0
  2871. package/dist/util/log-rotation.js +212 -0
  2872. package/dist/util/log-rotation.js.map +1 -0
  2873. package/dist/util/log.d.ts +35 -0
  2874. package/dist/util/log.d.ts.map +1 -0
  2875. package/dist/util/log.js +115 -0
  2876. package/dist/util/log.js.map +1 -0
  2877. package/dist/util/sigv4.d.ts +73 -0
  2878. package/dist/util/sigv4.d.ts.map +1 -0
  2879. package/dist/util/sigv4.js +155 -0
  2880. package/dist/util/sigv4.js.map +1 -0
  2881. package/dist/util/storage-backend.d.ts +69 -0
  2882. package/dist/util/storage-backend.d.ts.map +1 -0
  2883. package/dist/util/storage-backend.js +204 -0
  2884. package/dist/util/storage-backend.js.map +1 -0
  2885. package/package.json +144 -0
  2886. package/src/hooks/audit-dir-picker.sh +70 -0
  2887. package/src/hooks/audit-logger.sh +325 -0
  2888. package/src/hooks/cost-budget-gate.sh +74 -0
  2889. package/src/hooks/destructive-command-guard.sh +200 -0
  2890. package/src/hooks/file-boundary-guard.sh +159 -0
  2891. package/src/hooks/file-change-tracker.sh +78 -0
  2892. package/src/hooks/governance-file-shield.sh +102 -0
  2893. package/src/hooks/governance-integrity-check.sh +109 -0
  2894. package/src/hooks/hook-health-monitor.sh +189 -0
  2895. package/src/hooks/hook-utils.sh +51 -0
  2896. package/src/hooks/hook-wrapper.sh +77 -0
  2897. package/src/hooks/install-hooks.sh +162 -0
  2898. package/src/hooks/output-exfiltration-scanner.sh +112 -0
  2899. package/src/hooks/powershell/audit-dir-picker.ps1 +72 -0
  2900. package/src/hooks/powershell/audit-logger.ps1 +75 -0
  2901. package/src/hooks/powershell/cost-budget-gate.ps1 +61 -0
  2902. package/src/hooks/powershell/destructive-command-guard.ps1 +67 -0
  2903. package/src/hooks/powershell/file-boundary-guard.ps1 +76 -0
  2904. package/src/hooks/powershell/file-change-tracker.ps1 +74 -0
  2905. package/src/hooks/powershell/governance-file-shield.ps1 +86 -0
  2906. package/src/hooks/powershell/governance-integrity-check.ps1 +101 -0
  2907. package/src/hooks/powershell/hook-health-monitor.ps1 +153 -0
  2908. package/src/hooks/powershell/hook-utils.ps1 +44 -0
  2909. package/src/hooks/powershell/hook-wrapper.ps1 +67 -0
  2910. package/src/hooks/powershell/install-hooks.ps1 +142 -0
  2911. package/src/hooks/powershell/output-exfiltration-scanner.ps1 +85 -0
  2912. package/src/hooks/powershell/secret-leak-scanner.ps1 +105 -0
  2913. package/src/hooks/powershell/token-tracker.ps1 +83 -0
  2914. package/src/hooks/powershell/web-access-gate.ps1 +89 -0
  2915. package/src/hooks/secret-leak-scanner.sh +293 -0
  2916. package/src/hooks/token-tracker.sh +89 -0
  2917. package/src/hooks/web-access-gate.sh +123 -0
package/dist/cli/index.js ADDED
@@ -0,0 +1,2130 @@
1
+ #!/usr/bin/env node
2
+ "use strict";
3
+ /**
4
+ * @connexum/ai-governance CLI
5
+ *
6
+ * Scaffolds governance into Claude Code projects.
7
+ * Usage: npx @connexum/ai-governance init
8
+ *
9
+ * T-084: CLI scaffolder
10
+ * T-085: Interactive framework selection
11
+ * T-086: License key validation
12
+ * T-087: Hook installation
13
+ *
14
+ * @connexum/ai-governance
15
+ */
16
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
17
+ if (k2 === undefined) k2 = k;
18
+ var desc = Object.getOwnPropertyDescriptor(m, k);
19
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
20
+ desc = { enumerable: true, get: function() { return m[k]; } };
21
+ }
22
+ Object.defineProperty(o, k2, desc);
23
+ }) : (function(o, m, k, k2) {
24
+ if (k2 === undefined) k2 = k;
25
+ o[k2] = m[k];
26
+ }));
27
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
28
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
29
+ }) : function(o, v) {
30
+ o["default"] = v;
31
+ });
32
+ var __importStar = (this && this.__importStar) || (function () {
33
+ var ownKeys = function(o) {
34
+ ownKeys = Object.getOwnPropertyNames || function (o) {
35
+ var ar = [];
36
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
37
+ return ar;
38
+ };
39
+ return ownKeys(o);
40
+ };
41
+ return function (mod) {
42
+ if (mod && mod.__esModule) return mod;
43
+ var result = {};
44
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
45
+ __setModuleDefault(result, mod);
46
+ return result;
47
+ };
48
+ })();
49
+ Object.defineProperty(exports, "__esModule", { value: true });
50
+ exports.isValidVendorCodeFormat = isValidVendorCodeFormat;
51
+ exports.exchangeVendorCode = exchangeVendorCode;
52
+ exports.resolveVendorCode = resolveVendorCode;
53
+ exports.writeVendorCodeToConfig = writeVendorCodeToConfig;
54
+ exports.detectIde = detectIde;
55
+ exports.validateLegacyLicense = validateLegacyLicense;
56
+ exports.readLicenseServerUrl = readLicenseServerUrl;
57
+ exports.generateConfig = generateConfig;
58
+ exports.installHooks = installHooks;
59
+ exports.retentionSweep = retentionSweep;
60
+ exports.verifyChain = verifyChain;
61
+ exports.generateAutowrapArtifacts = generateAutowrapArtifacts;
62
+ const fs = __importStar(require("fs"));
63
+ const path = __importStar(require("path"));
64
+ const crypto = __importStar(require("crypto"));
65
+ const readline = __importStar(require("readline"));
66
+ const https = __importStar(require("https"));
67
+ const index_1 = require("../license/index");
68
+ const governed_agent_1 = require("../governed-agent");
69
+ const agent_dir_scanner_1 = require("./agent-dir-scanner");
70
+ const wrap_shim_generator_1 = require("./wrap-shim-generator");
71
+ const preflight_1 = require("./preflight");
72
+ const preflight_report_1 = require("./preflight-report");
73
+ const VERSION = '1.0.0-beta.1';
74
+ // ---------------------------------------------------------------------------
75
+ // S-07: Vendor Code provisioning
76
+ // ---------------------------------------------------------------------------
77
+ const VENDOR_CODE_PATTERN = /^cxni_v1_[BCDFGHJKMNPQRSTVWXYZ234567]{14}$/i;
78
+ const DEFAULT_LICENSE_SERVER_URL = 'https://license.my-cc.io';
79
+ const BILLING_URL = 'https://my-cc.io/billing';
80
+ /**
81
+ * Production gov-server URL — the customer-facing portal API.
82
+ *
83
+ * Thomas directive 2026-05-17 evening: "Make sure this is working and
84
+ * link to the portal so when it goes live it's a fix." When the
85
+ * @connexum/ai-governance package is installed from the public npm
86
+ * registry, the runtime defaults to api.my-cc.io so customers running
87
+ * `npx @connexum/ai-governance@latest init --vendor-code XXX` connect
88
+ * to the production portal automatically. The moment Railway DNS
89
+ * points api.my-cc.io at the production gov-server, every existing
90
+ * customer install starts pushing audit events without re-init.
91
+ *
92
+ * Override paths (in priority order):
93
+ * 1. `--gov-server-url <url>` CLI flag
94
+ * 2. `CXNI_GOV_URL` environment variable
95
+ * 3. This default
96
+ *
97
+ * Local-dev customers pass `--gov-server-url http://localhost:3200`
98
+ * or set `CXNI_GOV_URL` explicitly. The default is production-safe.
99
+ */
100
+ const DEFAULT_GOV_SERVER_URL = 'https://api.my-cc.io';
101
+ const DEFAULT_PROXY_URL = 'https://governed.my-cc.io';
102
+ const DEFAULT_DASHBOARD_URL = 'https://app.my-cc.io';
103
+ const VENDOR_CODE_REMEDIATION = 'Contact thomas@ucreatewithai.com for a Vendor Code or visit ' + BILLING_URL;
104
+ /**
105
+ * Validate a vendor code format.
106
+ * Accepts `cxni_v1_<14 chars, case-insensitive>`.
107
+ */
108
+ function isValidVendorCodeFormat(code) {
109
+ return VENDOR_CODE_PATTERN.test(code);
110
+ }
111
+ /**
112
+ * Exchange a Vendor Code with the license server for an Entitlement Token.
113
+ * Returns structured result; does not throw.
114
+ */
115
+ async function exchangeVendorCode(vendorCode, licenseServerUrl = DEFAULT_LICENSE_SERVER_URL) {
116
+ const body = JSON.stringify({
117
+ vendorCode,
118
+ sdkVersion: VERSION,
119
+ machineId: getMachineId(),
120
+ });
121
+ return new Promise((resolve) => {
122
+ const url = new URL('/api/v1/license/exchange', licenseServerUrl);
123
+ const isHttps = url.protocol === 'https:';
124
+ const mod = isHttps ? https : require('http');
125
+ const req = mod.request({
126
+ hostname: url.hostname,
127
+ port: url.port || (isHttps ? 443 : 80),
128
+ path: url.pathname,
129
+ method: 'POST',
130
+ headers: {
131
+ 'Content-Type': 'application/json',
132
+ 'Content-Length': Buffer.byteLength(body),
133
+ },
134
+ timeout: 10000,
135
+ }, (res) => {
136
+ const chunks = [];
137
+ res.on('data', (chunk) => chunks.push(chunk));
138
+ res.on('end', () => {
139
+ const raw = Buffer.concat(chunks).toString('utf-8');
140
+ try {
141
+ const parsed = JSON.parse(raw);
142
+ if (res.statusCode === 200 && parsed.token) {
143
+ resolve({
144
+ ok: true,
145
+ tier: parsed.tier,
146
+ packEntitlements: parsed.packEntitlements,
147
+ subscriptionActiveUntil: parsed.graceUntil,
148
+ status: parsed.status,
149
+ });
150
+ }
151
+ else if (res.statusCode === 403) {
152
+ resolve({ ok: false, error: 'subscription_inactive', status: 'revoked' });
153
+ }
154
+ else if (res.statusCode === 404) {
155
+ resolve({ ok: false, error: 'vendor_code_not_found' });
156
+ }
157
+ else {
158
+ resolve({ ok: false, error: parsed.error ?? `server_error_${res.statusCode}` });
159
+ }
160
+ }
161
+ catch {
162
+ resolve({ ok: false, error: 'invalid_server_response' });
163
+ }
164
+ });
165
+ });
166
+ req.on('error', (e) => {
167
+ resolve({ ok: false, error: `network_error: ${e.message}` });
168
+ });
169
+ req.on('timeout', () => {
170
+ req.destroy();
171
+ resolve({ ok: false, error: 'request_timeout' });
172
+ });
173
+ req.write(body);
174
+ req.end();
175
+ });
176
+ }
177
+ /**
178
+ * Derive a stable machine ID for abuse-detection telemetry.
179
+ * Not a secret; used for detecting vendor code sharing across many machines.
180
+ */
181
+ function getMachineId() {
182
+ const hostname = require('os').hostname();
183
+ return crypto.createHash('sha256').update(hostname).digest('hex').slice(0, 16);
184
+ }
185
+ /**
186
+ * Read the vendor code from environment, config file, or interactive prompt.
187
+ * Returns the code and how it was sourced, or null if not available.
188
+ */
189
+ async function resolveVendorCode(projectDir, opts = {}) {
190
+ const serverUrl = opts.licenseServerUrl ?? DEFAULT_LICENSE_SERVER_URL;
191
+ // 1. --vendor-code flag
192
+ if (opts.vendorCodeFlag) {
193
+ if (!isValidVendorCodeFormat(opts.vendorCodeFlag)) {
194
+ process.stderr.write(`Invalid vendor code format: "${opts.vendorCodeFlag}"\n`);
195
+ process.stderr.write(VENDOR_CODE_REMEDIATION + '\n');
196
+ return null;
197
+ }
198
+ return { code: opts.vendorCodeFlag, source: 'flag' };
199
+ }
200
+ // 2. CXNI_VENDOR_CODE env var
201
+ const envCode = process.env['CXNI_VENDOR_CODE'];
202
+ if (envCode) {
203
+ if (!isValidVendorCodeFormat(envCode)) {
204
+ process.stderr.write(`CXNI_VENDOR_CODE has invalid format: "${envCode}"\n`);
205
+ process.stderr.write(VENDOR_CODE_REMEDIATION + '\n');
206
+ return null;
207
+ }
208
+ return { code: envCode, source: 'env' };
209
+ }
210
+ // 3. Existing .governance.json
211
+ const configPath = path.join(projectDir, '.governance.json');
212
+ if (fs.existsSync(configPath)) {
213
+ try {
214
+ const config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
215
+ const saved = config.subscription?.vendorCode;
216
+ if (saved && isValidVendorCodeFormat(saved)) {
217
+ return { code: saved, source: 'config' };
218
+ }
219
+ }
220
+ catch { /* ignore parse errors */ }
221
+ }
222
+ // 4. --offline flag
223
+ if (opts.offlineFlag) {
224
+ const ackEnv = process.env['CXNI_OFFLINE_GRACE_ACKNOWLEDGED'];
225
+ if (ackEnv !== 'true') {
226
+ process.stderr.write('--offline flag requires CXNI_OFFLINE_GRACE_ACKNOWLEDGED=true env var to be set.\n' +
227
+ 'This flag bypasses subscription verification and is REFUSED in HIPAA-bound deployments.\n' +
228
+ VENDOR_CODE_REMEDIATION + '\n');
229
+ return null;
230
+ }
231
+ process.stderr.write('WARNING: --offline mode acknowledged. Subscription verification bypassed.\n' +
232
+ 'This deployment will be treated as permanently in grace mode.\n' +
233
+ 'HIPAA/PCI-DSS-bound deployments refuse offline mode at runtime.\n');
234
+ // Return a sentinel that callers handle specially
235
+ return { code: '__offline__', source: 'flag' };
236
+ }
237
+ // 5. Interactive prompt
238
+ if (opts.rl) {
239
+ const code = await new Promise(resolve => opts.rl.question('Enter your Vendor Code (received by email after purchase): ', resolve));
240
+ const trimmed = code.trim();
241
+ if (!trimmed || !isValidVendorCodeFormat(trimmed)) {
242
+ process.stderr.write('Invalid or empty Vendor Code.\n');
243
+ process.stderr.write(VENDOR_CODE_REMEDIATION + '\n');
244
+ return null;
245
+ }
246
+ return { code: trimmed, source: 'prompt' };
247
+ }
248
+ process.stderr.write('No Vendor Code found. Scaffolding refused.\n');
249
+ process.stderr.write(VENDOR_CODE_REMEDIATION + '\n');
250
+ return null;
251
+ }
252
+ /**
253
+ * Write the vendor code into .governance.json at `subscription.vendorCode`
254
+ * with file mode 0600 on Unix.
255
+ */
256
+ function writeVendorCodeToConfig(projectDir, vendorCode, offlineAcknowledged = false) {
257
+ const configPath = path.join(projectDir, '.governance.json');
258
+ let config = {};
259
+ if (fs.existsSync(configPath)) {
260
+ try {
261
+ config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
262
+ }
263
+ catch { /* start fresh */ }
264
+ }
265
+ const subscription = {
266
+ vendorCode,
267
+ writtenAt: new Date().toISOString(),
268
+ };
269
+ if (offlineAcknowledged) {
270
+ subscription['offlineAcknowledged'] = true;
271
+ }
272
+ config['subscription'] = subscription;
273
+ fs.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 0o600 });
274
+ }
275
+ // --- Pack registry for framework selection ---
276
+ const AVAILABLE_PACKS = [
277
+ { id: 'soc2', name: 'SOC 2 Type II', industries: 'SaaS, Cloud Services' },
278
+ { id: 'hipaa', name: 'HIPAA Security & Privacy', industries: 'Healthcare, Telehealth' },
279
+ { id: 'gdpr', name: 'GDPR', industries: 'Any (EU users/data)' },
280
+ { id: 'pci-dss', name: 'PCI DSS v4.0', industries: 'Payments, Fintech' },
281
+ { id: 'dora', name: 'DORA', industries: 'EU Financial Services' },
282
+ { id: 'eu-ai-act', name: 'EU AI Act', industries: 'Any AI system in EU' },
283
+ { id: 'iso27001', name: 'ISO 27001', industries: 'Enterprise, Government' },
284
+ ];
285
+ // --- OS detection for hook selection ---
286
+ const IS_WINDOWS = process.platform === 'win32';
287
+ const HOOK_EXT = IS_WINDOWS ? '.ps1' : '.sh';
288
+ const HOOK_RUNNER = IS_WINDOWS ? 'pwsh' : 'bash';
289
+ const HOOK_SUBDIR = IS_WINDOWS ? 'powershell' : '';
290
+ function detectIde(projectDir) {
291
+ const markers = [
292
+ { dir: '.claude', ide: 'claude-code' },
293
+ { dir: '.cursor', ide: 'cursor' },
294
+ { dir: '.continue', ide: 'continue' },
295
+ { dir: '.cody', ide: 'cody' },
296
+ { dir: '.aider', ide: 'aider' },
297
+ { dir: '.gemini', ide: 'gemini' },
298
+ ];
299
+ for (const m of markers) {
300
+ if (fs.existsSync(path.join(projectDir, m.dir)))
301
+ return m.ide;
302
+ }
303
+ // GitHub Copilot uses `.github/copilot-instructions.md` (file, not dir)
304
+ // as its repo-level rules surface. We use that file as the Copilot
305
+ // marker because `.github/` alone is too noisy (every GitHub repo has
306
+ // it for Actions / issue templates / etc.).
307
+ if (fs.existsSync(path.join(projectDir, '.github', 'copilot-instructions.md'))) {
308
+ return 'copilot';
309
+ }
310
+ return 'unknown';
311
+ }
312
+ // --- Hook manifest ---
313
+ const HOOKS = [
314
+ { file: `governance-integrity-check${HOOK_EXT}`, type: 'PreToolUse', description: 'SHA-256 governance file integrity verification' },
315
+ { file: `governance-file-shield${HOOK_EXT}`, type: 'PreToolUse', description: 'Prevents modification of governance config files' },
316
+ { file: `file-boundary-guard${HOOK_EXT}`, type: 'PreToolUse', description: 'Restricts file access to agent boundaries' },
317
+ { file: `destructive-command-guard${HOOK_EXT}`, type: 'PreToolUse', description: 'Blocks destructive shell commands' },
318
+ { file: `secret-leak-scanner${HOOK_EXT}`, type: 'PreToolUse', description: 'Scans for credentials, API keys, PII' },
319
+ { file: `web-access-gate${HOOK_EXT}`, type: 'PreToolUse', description: 'Controls agent web access' },
320
+ { file: `cost-budget-gate${HOOK_EXT}`, type: 'PreToolUse', description: 'Token budget enforcement' },
321
+ { file: `audit-logger${HOOK_EXT}`, type: 'PostToolUse', description: 'Tamper-evident audit logging' },
322
+ { file: `file-change-tracker${HOOK_EXT}`, type: 'PostToolUse', description: 'Tracks all file modifications' },
323
+ { file: `token-tracker${HOOK_EXT}`, type: 'PostToolUse', description: 'Token usage monitoring' },
324
+ { file: `output-exfiltration-scanner${HOOK_EXT}`, type: 'PostToolUse', description: 'Detects data exfiltration in output' },
325
+ ];
326
+ /**
327
+ * Validate a license key. Supports two formats:
328
+ * 1. JWT tokens (RS256-signed, new format) -- validated via JwtValidator
329
+ * 2. Legacy HMAC keys (CXGOV-<tier>-<org>-<checksum>) -- backward compatible
330
+ */
331
+ async function validateLicenseAsync(key) {
332
+ // Free tier: no key required.
333
+ // 2026-05-17 — raised maxPacks 1→3 so design-partner customers who only
334
+ // pass a vendor code (not a JWT license) can still bind the minimum
335
+ // bundle of HIPAA + SOC 2 + GDPR on day one. The hard cap is still
336
+ // enforced server-side via the per-org PackVersionStore.
337
+ if (!key || key === 'free') {
338
+ return {
339
+ tier: 'free',
340
+ org: 'unlicensed',
341
+ maxPacks: 3,
342
+ maxAgents: 5,
343
+ features: ['scanner', 'basic-hooks', 'multi-pack'],
344
+ };
345
+ }
346
+ // Detect JWT format (three base64url segments separated by dots)
347
+ if (key.split('.').length === 3) {
348
+ return validateJwtLicense(key);
349
+ }
350
+ // Fall back to legacy HMAC format
351
+ return validateLegacyLicense(key);
352
+ }
353
+ /** Validate JWT license token using JwtValidator. */
354
+ async function validateJwtLicense(token) {
355
+ const serverUrl = process.env.CXGOV_LICENSE_SERVER || '';
356
+ const validator = new index_1.JwtValidator({
357
+ serverUrl,
358
+ forceOffline: !serverUrl,
359
+ });
360
+ const result = await validator.validate(token);
361
+ if (!result.valid || !result.claims) {
362
+ process.stderr.write(`[LICENSE] JWT validation failed: ${result.error}\n`);
363
+ return null;
364
+ }
365
+ const claims = result.claims;
366
+ return {
367
+ tier: claims.tier,
368
+ org: claims.org,
369
+ maxPacks: claims.maxPacks,
370
+ maxAgents: claims.maxAgents,
371
+ features: claims.features,
372
+ expiresAt: claims.exp ? new Date(claims.exp * 1000).toISOString() : undefined,
373
+ };
374
+ }
375
+ /**
376
+ * Validate legacy HMAC-based license key (CXGOV-<tier>-<org_hash>-<checksum>).
377
+ *
378
+ * AIAG-006: requires `CXGOV_LICENSE_SECRET` env var and fails closed when
379
+ * missing. No hardcoded fallback. Exported for regression testing — do not
380
+ * re-introduce a default secret.
381
+ */
382
+ function validateLegacyLicense(key) {
383
+ const parts = key.split('-');
384
+ if (parts.length < 4 || parts[0] !== 'CXGOV')
385
+ return null;
386
+ const tier = parts[1].toLowerCase();
387
+ const orgHash = parts[2];
388
+ const checksum = parts[3];
389
+ // CXGOV_LICENSE_SECRET must be set. No fallback -- fail closed.
390
+ const secret = process.env.CXGOV_LICENSE_SECRET;
391
+ if (!secret) {
392
+ process.stderr.write('[SECURITY] CXGOV_LICENSE_SECRET not set. Cannot validate legacy license keys.\n');
393
+ return null;
394
+ }
395
+ const expected = crypto.createHmac('sha256', secret)
396
+ .update(`${tier}-${orgHash}`)
397
+ .digest('hex')
398
+ .substring(0, 8);
399
+ // F-NEW-CRIT-34 (2026-05-02): timingSafeEqual REQUIRES equal-length
400
+ // buffers (Node throws ERR_CRYPTO_TIMING_SAFE_EQUAL_LENGTH otherwise).
401
+ // A malformed customer license with a too-short or too-long checksum
402
+ // used to crash the CLI uncaught at first run. Length-check before
403
+ // the constant-time compare; length mismatch == invalid license ==
404
+ // return null cleanly.
405
+ const checksumBuf = Buffer.from(checksum);
406
+ const expectedBuf = Buffer.from(expected);
407
+ if (checksumBuf.length !== expectedBuf.length)
408
+ return null;
409
+ if (!crypto.timingSafeEqual(checksumBuf, expectedBuf))
410
+ return null;
411
+ const tiers = {
412
+ sta: { tier: 'starter', maxPacks: 1, maxAgents: 25, features: ['basic-hooks', 'single-pack', 'dashboard', 'events', 'sso', 'api-access', 'webhooks'] },
413
+ pro: { tier: 'professional', maxPacks: 1, maxAgents: 25, features: ['basic-hooks', 'single-pack', 'dashboard', 'events', 'audit-reports', 'sso', 'api-access', 'webhooks'] },
414
+ ent: { tier: 'enterprise', maxPacks: 99, maxAgents: 100, features: ['basic-hooks', 'multi-pack', 'audit-reports', 'siem-integration', 'encryption', 'custom-packs'] },
415
+ };
416
+ const tierInfo = tiers[tier];
417
+ if (!tierInfo)
418
+ return null;
419
+ return { ...tierInfo, org: orgHash };
420
+ }
421
+ /** Synchronous wrapper for backward compatibility (uses free tier or legacy only). */
422
+ function validateLicense(key) {
423
+ if (!key || key === 'free') {
424
+ return {
425
+ tier: 'free',
426
+ org: 'unlicensed',
427
+ maxPacks: 3,
428
+ maxAgents: 5,
429
+ features: ['scanner', 'basic-hooks', 'multi-pack'],
430
+ };
431
+ }
432
+ // JWT must use async path
433
+ if (key.split('.').length === 3) {
434
+ process.stderr.write('[LICENSE] JWT tokens require async validation. Use --ci mode or interactive init.\n');
435
+ return null;
436
+ }
437
+ return validateLegacyLicense(key);
438
+ }
439
+ /**
440
+ * Read the license server URL from .governance.json, falling back to DEFAULT.
441
+ * Call this at any point where the license server URL is needed at runtime.
442
+ */
443
+ function readLicenseServerUrl(projectDir) {
444
+ const configPath = path.join(projectDir, '.governance.json');
445
+ if (fs.existsSync(configPath)) {
446
+ try {
447
+ const config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
448
+ if (config.licenseServerUrl)
449
+ return config.licenseServerUrl;
450
+ }
451
+ catch { /* ignore -- fall through to default */ }
452
+ }
453
+ return process.env['CXGOV_LICENSE_SERVER'] ?? DEFAULT_LICENSE_SERVER_URL;
454
+ }
455
+ function generateConfig(packs, license, licenseServerUrl, runtime) {
456
+ return {
457
+ version: VERSION,
458
+ organization: license.org !== 'unlicensed' ? license.org : undefined,
459
+ license: license.tier,
460
+ packs,
461
+ providers: {
462
+ allowed: ['anthropic', 'openai', 'google', 'microsoft', 'amazon'],
463
+ blocked: ['deepseek', 'baidu', 'alibaba'],
464
+ },
465
+ hooks: {
466
+ preToolUse: HOOKS.filter(h => h.type === 'PreToolUse').map(h => h.file),
467
+ postToolUse: HOOKS.filter(h => h.type === 'PostToolUse').map(h => h.file),
468
+ },
469
+ audit: {
470
+ enabled: true,
471
+ format: 'jsonl',
472
+ },
473
+ encryption: {
474
+ enabled: license.features.includes('encryption'),
475
+ algorithm: 'aes-256-gcm',
476
+ },
477
+ // Only persist if a custom URL was provided. Absent = use runtime default.
478
+ ...(licenseServerUrl ? { licenseServerUrl } : {}),
479
+ // F-NEW-CUSTOMER-JOURNEY-001: persist runtime block so audit-logger.sh
480
+ // can push tool-call events to gov-server. Absent = local-only audit
481
+ // (the prior behavior; safe default for offline/air-gapped use).
482
+ ...(runtime ? { runtime } : {}),
483
+ createdAt: new Date().toISOString(),
484
+ };
485
+ }
486
+ // --- Hook installation ---
487
+ function installHooks(projectDir, config) {
488
+ const errors = [];
489
+ let installed = 0;
490
+ // Find the package's hooks directory (bash or powershell based on OS)
491
+ const hooksSrcDir = HOOK_SUBDIR
492
+ ? path.join(__dirname, '..', 'hooks', HOOK_SUBDIR)
493
+ : path.join(__dirname, '..', 'hooks');
494
+ const hooksDestDir = path.join(projectDir, '.governance', 'hooks');
495
+ if (!fs.existsSync(hooksDestDir)) {
496
+ fs.mkdirSync(hooksDestDir, { recursive: true });
497
+ }
498
+ // Copy shared utilities
499
+ const utilsSrc = path.join(hooksSrcDir, `hook-utils${HOOK_EXT}`);
500
+ if (fs.existsSync(utilsSrc)) {
501
+ fs.copyFileSync(utilsSrc, path.join(hooksDestDir, `hook-utils${HOOK_EXT}`));
502
+ }
503
+ // Copy audit-dir-picker helper (sourced by audit-logger.sh at runtime).
504
+ // Without this file the hook exits 1 on every PostToolUse event, silently
505
+ // breaking the audit trail for every customer install. CR-MED-01.
506
+ const auditDirPickerName = `audit-dir-picker${HOOK_EXT}`;
507
+ const auditDirPickerSrc = path.join(hooksSrcDir, auditDirPickerName);
508
+ if (fs.existsSync(auditDirPickerSrc)) {
509
+ fs.copyFileSync(auditDirPickerSrc, path.join(hooksDestDir, auditDirPickerName));
510
+ }
511
+ // Copy hook wrapper
512
+ const wrapperSrc = path.join(hooksSrcDir, `hook-wrapper${HOOK_EXT}`);
513
+ if (fs.existsSync(wrapperSrc)) {
514
+ fs.copyFileSync(wrapperSrc, path.join(hooksDestDir, `hook-wrapper${HOOK_EXT}`));
515
+ }
516
+ // Install configured hooks
517
+ const allHooks = [...config.hooks.preToolUse, ...config.hooks.postToolUse];
518
+ for (const hookFile of allHooks) {
519
+ const src = path.join(hooksSrcDir, hookFile);
520
+ const dest = path.join(hooksDestDir, hookFile);
521
+ if (fs.existsSync(src)) {
522
+ fs.copyFileSync(src, dest);
523
+ // Make executable
524
+ try {
525
+ fs.chmodSync(dest, 0o755);
526
+ }
527
+ catch { /* Windows */ }
528
+ installed++;
529
+ }
530
+ else {
531
+ errors.push(`Hook source not found: ${hookFile}`);
532
+ }
533
+ }
534
+ // Dispatch to IDE-specific surface (F-NEW-CRIT-39g). Cursor / Continue
535
+ // users no longer get a stray .claude/ dir polluting their project;
536
+ // each IDE sees governance rules through its own native surface.
537
+ const ide = detectIde(projectDir);
538
+ switch (ide) {
539
+ case 'cursor':
540
+ case 'continue':
541
+ case 'cody':
542
+ case 'aider':
543
+ case 'gemini':
544
+ case 'copilot':
545
+ installIdeRules(projectDir, config, hooksDestDir, IDE_RULES_SPECS[ide]);
546
+ break;
547
+ default:
548
+ installClaudeCodeSettings(projectDir, config, hooksDestDir);
549
+ break;
550
+ }
551
+ return { installed, errors };
552
+ }
553
+ // Claude Code hook schema (verified against ~/.claude/settings.json on a
554
+ // working install): top-level `hooks` is an object keyed by event name.
555
+ // Each event holds an array of { matcher, hooks: [{ type: 'command', command }] }.
556
+ // Inner `type` is the literal string 'command' (the hook plugin type),
557
+ // NOT the event name.
558
+ function installClaudeCodeSettings(projectDir, config, hooksDestDir) {
559
+ const claudeSettingsDir = path.join(projectDir, '.claude');
560
+ if (!fs.existsSync(claudeSettingsDir)) {
561
+ fs.mkdirSync(claudeSettingsDir, { recursive: true });
562
+ }
563
+ const settingsFile = path.join(claudeSettingsDir, 'settings.json');
564
+ const buildBlock = (hookFile) => ({
565
+ matcher: '*',
566
+ hooks: [{
567
+ type: 'command',
568
+ command: `${HOOK_RUNNER} "${path.join(hooksDestDir, hookFile)}"`,
569
+ }],
570
+ });
571
+ const preEntries = config.hooks.preToolUse.map(buildBlock);
572
+ const postEntries = config.hooks.postToolUse.map(buildBlock);
573
+ let settings = {};
574
+ if (fs.existsSync(settingsFile)) {
575
+ try {
576
+ settings = JSON.parse(fs.readFileSync(settingsFile, 'utf-8'));
577
+ }
578
+ catch { /* fresh */ }
579
+ }
580
+ const existingHooks = (settings['hooks'] && typeof settings['hooks'] === 'object' && !Array.isArray(settings['hooks']))
581
+ ? settings['hooks']
582
+ : {};
583
+ settings['hooks'] = {
584
+ ...existingHooks,
585
+ PreToolUse: preEntries,
586
+ PostToolUse: postEntries,
587
+ };
588
+ fs.writeFileSync(settingsFile, JSON.stringify(settings, null, 2));
589
+ }
590
+ const IDE_RULES_SPECS = {
591
+ cursor: {
592
+ ideKey: 'cursor',
593
+ ideName: 'Cursor',
594
+ fileDir: '.cursor/rules',
595
+ fileName: 'governance.md',
596
+ auditDirRel: '.cursor/audit/',
597
+ fileSelfRef: '.cursor/rules/governance.md',
598
+ integrationSurfaceLines: [
599
+ '**`.cursor/rules/governance.md`** (this file) -- prompt-level policy',
600
+ '**`__HOOKS__/`** -- runtime hook scripts',
601
+ '**`.cursor/audit/`** -- tamper-evident chain (vendor-neutral via picker)',
602
+ ],
603
+ },
604
+ continue: {
605
+ ideKey: 'continue',
606
+ ideName: 'Continue.dev',
607
+ fileDir: '.continue',
608
+ fileName: 'governance.md',
609
+ auditDirRel: '.continue/audit/',
610
+ fileSelfRef: '.continue/governance.md',
611
+ wiringSection: `## Wiring into Continue.dev
612
+
613
+ Continue does not auto-include this file. Wire it in one of two ways:
614
+
615
+ 1. **systemMessage** (simplest) -- copy the rules above into the
616
+ \`systemMessage\` field of your \`.continue/config.json\` so they
617
+ are prepended to every chat/agent prompt.
618
+ 2. **buildContinueExtension** (full enforcement) -- import
619
+ \`buildContinueExtension\` from
620
+ \`@connexum/ai-governance/ide-adapters/continue-dev\` and add it
621
+ to your config's \`extensions\` array. This routes tool calls
622
+ through the runtime governance engine (PreToolUse/PostToolUse
623
+ equivalent) instead of just appending policy text.`,
624
+ integrationSurfaceLines: [
625
+ '**`.continue/governance.md`** (this file) -- policy text',
626
+ '**`__HOOKS__/`** -- runtime hook scripts',
627
+ '**`.continue/audit/`** -- tamper-evident chain (vendor-neutral via picker)',
628
+ '**ContinueDevIdeAdapter** -- runtime enforcement (full mode only)',
629
+ ],
630
+ },
631
+ cody: {
632
+ ideKey: 'cody',
633
+ ideName: 'Cody (Sourcegraph)',
634
+ fileDir: '.cody',
635
+ fileName: 'governance.md',
636
+ auditDirRel: '.cody/audit/',
637
+ fileSelfRef: '.cody/governance.md',
638
+ wiringSection: `## Wiring into Cody (Sourcegraph)
639
+
640
+ Cody does not auto-include policy files. Wire it in one of these ways:
641
+
642
+ 1. **Cody chat system prompt** -- paste the rules above into the Cody
643
+ Agent's system prompt for the workspace (Cody Settings ->
644
+ System Prompt).
645
+ 2. **Custom command** -- create a Cody custom command that prepends
646
+ these rules. See Sourcegraph's Cody docs for custom commands.
647
+ 3. **\`.cody/ignore\`** -- pair this rules file with a \`.cody/ignore\`
648
+ that excludes \`.cody/audit/\` from Cody's context window so the
649
+ audit chain itself is never sent to the LLM.`,
650
+ integrationSurfaceLines: [
651
+ '**`.cody/governance.md`** (this file) -- policy text',
652
+ '**`__HOOKS__/`** -- runtime hook scripts',
653
+ '**`.cody/audit/`** -- tamper-evident chain (vendor-neutral via picker)',
654
+ '**`.cody/ignore`** -- excludes audit chain from Cody context',
655
+ ],
656
+ },
657
+ aider: {
658
+ ideKey: 'aider',
659
+ ideName: 'Aider',
660
+ fileDir: '.aider',
661
+ fileName: 'governance.md',
662
+ auditDirRel: '.aider/audit/',
663
+ fileSelfRef: '.aider/governance.md',
664
+ wiringSection: `## Wiring into Aider
665
+
666
+ Aider does not auto-include policy files. Wire it in one of these ways:
667
+
668
+ 1. **\`--read\` flag** -- launch Aider with
669
+ \`aider --read .aider/governance.md\` so the rules are pre-loaded
670
+ into the conversation context.
671
+ 2. **\`.aider.conf.yml\`** -- add a \`read:\` entry pointing at this
672
+ file:
673
+
674
+ \`\`\`yaml
675
+ read:
676
+ - .aider/governance.md
677
+ \`\`\`
678
+
679
+ 3. **Aider chat \`/read\` command** -- inside an Aider session run
680
+ \`/read .aider/governance.md\` to inject the rules mid-session.`,
681
+ integrationSurfaceLines: [
682
+ '**`.aider/governance.md`** (this file) -- policy text loaded via `--read`',
683
+ '**`__HOOKS__/`** -- runtime hook scripts',
684
+ '**`.aider/audit/`** -- tamper-evident chain (vendor-neutral via picker)',
685
+ ],
686
+ },
687
+ gemini: {
688
+ ideKey: 'gemini',
689
+ ideName: 'Gemini Code Assist',
690
+ fileDir: '.gemini',
691
+ fileName: 'governance.md',
692
+ auditDirRel: '.gemini/audit/',
693
+ fileSelfRef: '.gemini/governance.md',
694
+ wiringSection: `## Wiring into Gemini Code Assist
695
+
696
+ Gemini Code Assist does not auto-include policy files. Wire it via:
697
+
698
+ 1. **Code Customization (Enterprise tier)** -- include this file in
699
+ the private repository Gemini grounds on so the rules are part of
700
+ every prompt's context.
701
+ 2. **Workspace README pointer** -- add a top-of-README block linking
702
+ to \`.gemini/governance.md\` so the IDE assistant surfaces it
703
+ when grounding on README.
704
+ 3. **Manual chat injection** -- paste the rules into the Gemini Chat
705
+ panel at session start.`,
706
+ integrationSurfaceLines: [
707
+ '**`.gemini/governance.md`** (this file) -- policy text',
708
+ '**`__HOOKS__/`** -- runtime hook scripts',
709
+ '**`.gemini/audit/`** -- tamper-evident chain (vendor-neutral via picker)',
710
+ ],
711
+ },
712
+ copilot: {
713
+ ideKey: 'copilot',
714
+ ideName: 'GitHub Copilot',
715
+ fileDir: '.github',
716
+ fileName: 'copilot-governance.md',
717
+ auditDirRel: '.governance/audit/',
718
+ fileSelfRef: '.github/copilot-governance.md',
719
+ wiringSection: `## Wiring into GitHub Copilot
720
+
721
+ GitHub Copilot reads \`.github/copilot-instructions.md\`. We intentionally
722
+ did NOT overwrite that file (it may already contain repo-specific
723
+ guidance). Wire this governance policy in one of these ways:
724
+
725
+ 1. **Append a reference** -- in \`.github/copilot-instructions.md\` add
726
+ a line at the top:
727
+ > Apply the policy in \`.github/copilot-governance.md\`.
728
+ Copilot reads the linked file when grounding context.
729
+ 2. **Inline merge** -- copy the rules above into
730
+ \`.github/copilot-instructions.md\` and delete this file.
731
+ 3. **Pull-request review only** -- if the team enforces governance via
732
+ PR review (Copilot does not block destructive suggestions
733
+ prospectively in IDE), this file becomes the reviewer checklist.`,
734
+ integrationSurfaceLines: [
735
+ '**`.github/copilot-governance.md`** (this file) -- policy text',
736
+ '**`.github/copilot-instructions.md`** -- customer-edited Copilot',
737
+ ' instructions (referenced from above)',
738
+ '**`__HOOKS__/`** -- runtime hook scripts',
739
+ '**`.governance/audit/`** -- tamper-evident chain (vendor-neutral)',
740
+ ],
741
+ },
742
+ };
743
+ function installIdeRules(projectDir, config, hooksDestDir, spec) {
744
+ const targetDir = path.join(projectDir, spec.fileDir);
745
+ if (!fs.existsSync(targetDir)) {
746
+ fs.mkdirSync(targetDir, { recursive: true });
747
+ }
748
+ const rulesFile = path.join(targetDir, spec.fileName);
749
+ const packLines = config.packs.length > 0
750
+ ? config.packs.map(p => `- **${p}**`).join('\n')
751
+ : '- (none configured)';
752
+ const blockedProviders = (config.providers?.blocked ?? []).length > 0
753
+ ? config.providers.blocked.map(p => `- ${p}`).join('\n')
754
+ : '- (none configured)';
755
+ const hooksRel = path.relative(projectDir, hooksDestDir);
756
+ const integrationSurface = spec.integrationSurfaceLines
757
+ .map(line => `- ${line.replace(/__HOOKS__/g, hooksRel)}`)
758
+ .join('\n');
759
+ const wiring = spec.wiringSection ? `${spec.wiringSection}\n\n` : '';
760
+ const auditNoun = spec.ideKey === 'copilot'
761
+ ? `Audit chain default: \`${spec.auditDirRel}audit-<date>.jsonl\`.`
762
+ : `Audit chain is appended to \`${spec.auditDirRel}audit-<date>.jsonl\`.`;
763
+ const body = `# AI Governance Policy (auto-generated)
764
+
765
+ > Generated by \`@connexum/ai-governance\` -- DO NOT EDIT BY HAND.
766
+ > Runtime hooks live in \`${hooksRel}\`.
767
+ > ${auditNoun}
768
+ > Re-run \`npx @connexum/ai-governance init\` to regenerate.
769
+
770
+ ## Active compliance packs
771
+ ${packLines}
772
+
773
+ ## Blocked LLM providers
774
+ ${blockedProviders}
775
+
776
+ ## Mandatory rules for every AI action
777
+
778
+ 1. Refuse destructive shell commands. Block patterns include:
779
+ recursive \`rm\`, \`git push --force\`, \`git reset --hard\`,
780
+ \`git clean -f\`, SQL drop/truncate, \`npm publish\`, and any
781
+ \`curl ... | bash\` pipe.
782
+ 2. Refuse reads or writes to sensitive paths: \`/etc/\`, \`/root/\`,
783
+ \`.env\` files, \`secrets/\`, \`.pem\` and \`.key\` files,
784
+ anything matching \`private_?key\`.
785
+ 3. Refuse to write to the audit chain directory \`${spec.auditDirRel}\`.
786
+ The chain is tamper-evident and write-only via the audit logger.
787
+ 4. Every tool invocation is recorded in the audit chain with
788
+ tool name, input summary, decision, reason, and SHA-256 hash
789
+ linking to the prior entry.
790
+ 5. The configured compliance packs above govern data classification.
791
+ Inputs containing PII / PHI / PCI material flagged by those packs
792
+ trigger a DENY decision regardless of the requesting prompt.
793
+
794
+ ${wiring}## Integration surface
795
+
796
+ ${spec.ideName} reaches the governance runtime through:
797
+ ${integrationSurface}
798
+
799
+ ## Override / disable
800
+
801
+ Run \`npx @connexum/ai-governance init\` with a different pack set to
802
+ regenerate this file. To temporarily disable governance for a single
803
+ operation, contact your compliance owner -- there is no in-IDE override.
804
+ `;
805
+ fs.writeFileSync(rulesFile, body);
806
+ }
807
+ // --- Interactive prompts ---
808
+ function ask(rl, question) {
809
+ return new Promise(resolve => rl.question(question, resolve));
810
+ }
811
+ async function interactiveInit(projectDir, opts = {}) {
812
+ const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
813
+ // Citadel banner — emotional positioning. Only emitted on the interactive
814
+ // path so the --ci JSON output stream stays parser-clean.
815
+ process.stdout.write('\n');
816
+ process.stdout.write(' Welcome to the Citadel\n');
817
+ process.stdout.write(' My-CC fortress for building Agent Trust.\n');
818
+ process.stdout.write(' My-CC.io AI Agent Trust Citadel\n');
819
+ process.stdout.write('\n');
820
+ process.stdout.write('@connexum/ai-governance - Enterprise AI Governance Setup\n');
821
+ process.stdout.write('='.repeat(55) + '\n\n');
822
+ // Step 0: S-07 Vendor Code
823
+ const vcResult = await resolveVendorCode(projectDir, {
824
+ vendorCodeFlag: opts.vendorCodeFlag,
825
+ offlineFlag: opts.offlineFlag,
826
+ rl,
827
+ licenseServerUrl: opts.licenseServerUrl,
828
+ });
829
+ if (!vcResult) {
830
+ rl.close();
831
+ process.exit(1);
832
+ }
833
+ const isOffline = vcResult.code === '__offline__';
834
+ let entitlement = null;
835
+ if (!isOffline) {
836
+ process.stdout.write('Validating Vendor Code...\n');
837
+ entitlement = await exchangeVendorCode(vcResult.code, opts.licenseServerUrl);
838
+ if (!entitlement.ok) {
839
+ process.stderr.write(`Vendor Code validation failed: ${entitlement.error}\n`);
840
+ process.stderr.write(VENDOR_CODE_REMEDIATION + '\n');
841
+ rl.close();
842
+ process.exit(1);
843
+ }
844
+ process.stdout.write(`Subscription: ${entitlement.tier ?? 'unknown'} (${entitlement.status ?? 'active'})\n`);
845
+ if (entitlement.packEntitlements?.length) {
846
+ process.stdout.write(`Pack entitlements: ${entitlement.packEntitlements.join(', ')}\n`);
847
+ }
848
+ process.stdout.write('\n');
849
+ }
850
+ // Step 1: License key (supports JWT tokens and legacy HMAC keys)
851
+ const licenseKey = await ask(rl, 'License key (press Enter for free tier): ');
852
+ const license = await validateLicenseAsync(licenseKey || 'free');
853
+ if (!license) {
854
+ process.stderr.write('Invalid license key. Contact thomas@ucreatewithai.com\n');
855
+ rl.close();
856
+ process.exit(1);
857
+ }
858
+ process.stdout.write(`License: ${license.tier} (max ${license.maxPacks} pack${license.maxPacks > 1 ? 's' : ''})\n\n`);
859
+ // Step 2: Framework selection
860
+ process.stdout.write('Available compliance frameworks:\n');
861
+ for (let i = 0; i < AVAILABLE_PACKS.length; i++) {
862
+ const pack = AVAILABLE_PACKS[i];
863
+ process.stdout.write(` ${i + 1}. ${pack.name} - ${pack.industries}\n`);
864
+ }
865
+ process.stdout.write('\n');
866
+ const selection = await ask(rl, `Select frameworks (comma-separated numbers, max ${license.maxPacks}): `);
867
+ const indices = selection.split(',').map(s => parseInt(s.trim(), 10) - 1).filter(i => i >= 0 && i < AVAILABLE_PACKS.length);
868
+ const selectedPacks = indices.slice(0, license.maxPacks).map(i => AVAILABLE_PACKS[i].id);
869
+ if (selectedPacks.length === 0) {
870
+ process.stdout.write('No frameworks selected. Using SOC 2 as default.\n');
871
+ selectedPacks.push('soc2');
872
+ }
873
+ process.stdout.write(`\nSelected: ${selectedPacks.join(', ')}\n\n`);
874
+ // Step 3: Confirmation
875
+ const confirm = await ask(rl, 'Install governance hooks and configuration? (y/n): ');
876
+ if (confirm.toLowerCase() !== 'y') {
877
+ process.stdout.write('Aborted.\n');
878
+ rl.close();
879
+ process.exit(0);
880
+ }
881
+ rl.close();
882
+ // Generate and write config
883
+ // Persist licenseServerUrl if it was provided (allows on-prem customers to override the default)
884
+ const config = generateConfig(selectedPacks, license, opts.licenseServerUrl, opts.runtime);
885
+ const configPath = path.join(projectDir, '.governance.json');
886
+ fs.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 0o600 });
887
+ process.stdout.write(`\nConfiguration written to ${configPath}\n`);
888
+ // Write vendor code into config (file mode 0600 enforced in writeVendorCodeToConfig)
889
+ if (!isOffline) {
890
+ writeVendorCodeToConfig(projectDir, vcResult.code);
891
+ process.stdout.write('Vendor Code stored in .governance.json\n');
892
+ }
893
+ else {
894
+ writeVendorCodeToConfig(projectDir, '', true);
895
+ process.stdout.write('Offline mode recorded in .governance.json\n');
896
+ }
897
+ // Install hooks
898
+ const { installed, errors } = installHooks(projectDir, config);
899
+ process.stdout.write(`Hooks installed: ${installed}\n`);
900
+ if (errors.length > 0) {
901
+ for (const err of errors) {
902
+ process.stderr.write(` Warning: ${err}\n`);
903
+ }
904
+ }
905
+ // Create governance data directory
906
+ const govDir = path.join(projectDir, '.governance');
907
+ const dirs = ['audit', 'sessions', 'events', 'data'];
908
+ for (const dir of dirs) {
909
+ const p = path.join(govDir, dir);
910
+ if (!fs.existsSync(p))
911
+ fs.mkdirSync(p, { recursive: true });
912
+ }
913
+ process.stdout.write(`\nGovernance initialized successfully.\n`);
914
+ process.stdout.write(` Config: ${configPath}\n`);
915
+ process.stdout.write(` Hooks: ${path.join(govDir, 'hooks')}/\n`);
916
+ process.stdout.write(` Audit: ${path.join(govDir, 'audit')}/\n`);
917
+ process.stdout.write(`\nRun 'ai-governance status' to verify.\n`);
918
+ }
919
+ // --- Non-interactive init (CI mode) ---
920
+ async function nonInteractiveInit(projectDir, opts) {
921
+ const licenseKey = opts.license || 'free';
922
+ const license = await validateLicenseAsync(licenseKey);
923
+ if (!license) {
924
+ process.stderr.write('Invalid license key.\n');
925
+ process.exit(1);
926
+ }
927
+ const packs = opts.packs ? opts.packs.split(',') : ['soc2'];
928
+ const validPacks = packs.filter(p => AVAILABLE_PACKS.some(ap => ap.id === p));
929
+ if (validPacks.length > license.maxPacks) {
930
+ process.stderr.write(`License allows max ${license.maxPacks} packs. Selected ${validPacks.length}.\n`);
931
+ process.exit(1);
932
+ }
933
+ const config = generateConfig(validPacks, license, opts.licenseServerUrl, opts.runtime);
934
+ const configPath = path.join(projectDir, '.governance.json');
935
+ fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
936
+ const { installed, errors } = installHooks(projectDir, config);
937
+ // Create directories
938
+ const govDir = path.join(projectDir, '.governance');
939
+ for (const dir of ['audit', 'sessions', 'events', 'data']) {
940
+ const p = path.join(govDir, dir);
941
+ if (!fs.existsSync(p))
942
+ fs.mkdirSync(p, { recursive: true });
943
+ }
944
+ process.stdout.write(JSON.stringify({
945
+ success: true,
946
+ config: configPath,
947
+ packs: validPacks,
948
+ hooksInstalled: installed,
949
+ errors,
950
+ }) + '\n');
951
+ }
952
+ // --- Verify command ---
953
+ function verifyGovernance(projectDir) {
954
+ const configPath = path.join(projectDir, '.governance.json');
955
+ if (!fs.existsSync(configPath)) {
956
+ process.stderr.write('No .governance.json found. Run "ai-governance init" first.\n');
957
+ process.exit(1);
958
+ }
959
+ let config;
960
+ try {
961
+ config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
962
+ }
963
+ catch {
964
+ process.stderr.write('Invalid .governance.json. Re-run "ai-governance init".\n');
965
+ process.exit(1);
966
+ }
967
+ const checks = [];
968
+ // Check config structure
969
+ checks.push({
970
+ name: 'Config valid',
971
+ passed: !!config.version && !!config.packs,
972
+ detail: `Version: ${config.version}, Packs: ${config.packs?.join(', ')}`,
973
+ });
974
+ // Check hooks exist
975
+ const hooksDir = path.join(projectDir, '.governance', 'hooks');
976
+ const allHooks = [...(config.hooks?.preToolUse || []), ...(config.hooks?.postToolUse || [])];
977
+ let hooksFound = 0;
978
+ for (const hookFile of allHooks) {
979
+ if (fs.existsSync(path.join(hooksDir, hookFile)))
980
+ hooksFound++;
981
+ }
982
+ checks.push({
983
+ name: 'Hooks installed',
984
+ passed: hooksFound === allHooks.length,
985
+ detail: `${hooksFound}/${allHooks.length} hooks present`,
986
+ });
987
+ // Check governance directories
988
+ const requiredDirs = ['audit', 'sessions', 'events'];
989
+ const dirsExist = requiredDirs.every(d => fs.existsSync(path.join(projectDir, '.governance', d)));
990
+ checks.push({
991
+ name: 'Data directories',
992
+ passed: dirsExist,
993
+ detail: dirsExist ? 'All directories present' : 'Missing directories',
994
+ });
995
+ // Check blocked providers config
996
+ checks.push({
997
+ name: 'Provider policy',
998
+ passed: (config.providers?.blocked?.length || 0) > 0,
999
+ detail: `Blocked: ${config.providers?.blocked?.join(', ') || 'none'}`,
1000
+ });
1001
+ // Output
1002
+ process.stdout.write('\nGovernance Verification\n');
1003
+ process.stdout.write('='.repeat(40) + '\n');
1004
+ let allPassed = true;
1005
+ for (const check of checks) {
1006
+ const status = check.passed ? 'PASS' : 'FAIL';
1007
+ process.stdout.write(` [${status}] ${check.name}: ${check.detail}\n`);
1008
+ if (!check.passed)
1009
+ allPassed = false;
1010
+ }
1011
+ process.stdout.write('\n' + (allPassed ? 'All checks passed.\n' : 'Some checks failed. Review configuration.\n'));
1012
+ process.exit(allPassed ? 0 : 1);
1013
+ }
1014
+ function retentionSweep(opts) {
1015
+ const now = opts.now ?? new Date();
1016
+ const cutoff = new Date(now.getTime() - opts.retainDays * 24 * 60 * 60 * 1000);
1017
+ const result = {
1018
+ auditDir: opts.auditDir,
1019
+ retainDays: opts.retainDays,
1020
+ cutoffIso: cutoff.toISOString(),
1021
+ archiveDir: opts.archiveDir,
1022
+ dryRun: opts.dryRun,
1023
+ filesScanned: 0,
1024
+ filesRetained: 0,
1025
+ filesActioned: [],
1026
+ errors: [],
1027
+ };
1028
+ if (!fs.existsSync(opts.auditDir)) {
1029
+ return result; // empty result; caller decides if absent dir is an error
1030
+ }
1031
+ if (opts.archiveDir && !fs.existsSync(opts.archiveDir) && !opts.dryRun) {
1032
+ fs.mkdirSync(opts.archiveDir, { recursive: true });
1033
+ }
1034
+ const entries = fs.readdirSync(opts.auditDir);
1035
+ for (const entry of entries) {
1036
+ // Match `audit-YYYY-MM-DD.jsonl` (the format emitted by audit-logger.sh).
1037
+ const m = /^audit-(\d{4}-\d{2}-\d{2})\.jsonl$/.exec(entry);
1038
+ if (!m)
1039
+ continue;
1040
+ result.filesScanned += 1;
1041
+ const fileDate = new Date(m[1] + 'T00:00:00.000Z');
1042
+ const ageDays = Math.floor((now.getTime() - fileDate.getTime()) / (24 * 60 * 60 * 1000));
1043
+ const filePath = path.join(opts.auditDir, entry);
1044
+ if (fileDate.getTime() >= cutoff.getTime()) {
1045
+ result.filesRetained += 1;
1046
+ continue;
1047
+ }
1048
+ if (opts.dryRun) {
1049
+ result.filesActioned.push({ path: filePath, ageDays, action: 'would-action' });
1050
+ continue;
1051
+ }
1052
+ try {
1053
+ if (opts.archiveDir) {
1054
+ const dest = path.join(opts.archiveDir, entry);
1055
+ fs.renameSync(filePath, dest);
1056
+ result.filesActioned.push({ path: filePath, ageDays, action: 'archived' });
1057
+ }
1058
+ else {
1059
+ fs.unlinkSync(filePath);
1060
+ result.filesActioned.push({ path: filePath, ageDays, action: 'deleted' });
1061
+ }
1062
+ }
1063
+ catch (err) {
1064
+ result.errors.push({ path: filePath, error: err.message });
1065
+ }
1066
+ }
1067
+ return result;
1068
+ }
1069
+ function verifyChain(logDir, jsonOutput) {
1070
+ // Validate logDir argument
1071
+ if (!logDir) {
1072
+ process.stderr.write('Error: <logDir> argument is required.\n');
1073
+ process.stderr.write('Usage: ai-governance verify-chain <logDir> [--json]\n');
1074
+ process.exit(2);
1075
+ }
1076
+ if (!fs.existsSync(logDir)) {
1077
+ const msg = `Error: Log directory not found: ${logDir}`;
1078
+ if (jsonOutput) {
1079
+ process.stdout.write(JSON.stringify({
1080
+ ok: false,
1081
+ error: `Log directory not found: ${logDir}`,
1082
+ exitCode: 2,
1083
+ }) + '\n');
1084
+ }
1085
+ else {
1086
+ process.stderr.write(msg + '\n');
1087
+ }
1088
+ process.exit(2);
1089
+ }
1090
+ if (!fs.statSync(logDir).isDirectory()) {
1091
+ const msg = `Error: Path is not a directory: ${logDir}`;
1092
+ if (jsonOutput) {
1093
+ process.stdout.write(JSON.stringify({
1094
+ ok: false,
1095
+ error: `Path is not a directory: ${logDir}`,
1096
+ exitCode: 2,
1097
+ }) + '\n');
1098
+ }
1099
+ else {
1100
+ process.stderr.write(msg + '\n');
1101
+ }
1102
+ process.exit(2);
1103
+ }
1104
+ // Collect JSONL files from logDir
1105
+ let jsonlFiles;
1106
+ try {
1107
+ jsonlFiles = fs.readdirSync(logDir)
1108
+ .filter(f => f.endsWith('.jsonl'))
1109
+ .sort()
1110
+ .map(f => path.join(logDir, f));
1111
+ }
1112
+ catch (err) {
1113
+ const msg = `Error: Cannot read log directory: ${err.message}`;
1114
+ if (jsonOutput) {
1115
+ process.stdout.write(JSON.stringify({ ok: false, error: msg, exitCode: 2 }) + '\n');
1116
+ }
1117
+ else {
1118
+ process.stderr.write(msg + '\n');
1119
+ }
1120
+ process.exit(2);
1121
+ }
1122
+ // Empty directory is valid — no tamper possible on an empty chain.
1123
+ // F-NEW-MED-10 (2026-05-02): when the dir contains other artifacts
1124
+ // (subdirs, .log files, .txt files) but no .jsonl chain entries,
1125
+ // the previous output silently reported EMPTY without acknowledging
1126
+ // the non-chain artifacts. Operators routinely pointed verify-chain
1127
+ // at the WRONG directory (e.g. an audit-logs/ that only had a
1128
+ // manual-verifications/ subdirectory) and saw a clean EMPTY result
1129
+ // when they expected to see entries. We now surface non-chain
1130
+ // artifacts in the response so the operator notices the path is
1131
+ // probably wrong.
1132
+ if (jsonlFiles.length === 0) {
1133
+ let nonJsonlEntries = [];
1134
+ let subdirs = [];
1135
+ try {
1136
+ const dirents = fs.readdirSync(logDir, { withFileTypes: true });
1137
+ for (const d of dirents) {
1138
+ if (d.isDirectory())
1139
+ subdirs.push(d.name);
1140
+ else if (!d.name.endsWith('.jsonl'))
1141
+ nonJsonlEntries.push(d.name);
1142
+ }
1143
+ }
1144
+ catch { /* best effort */ }
1145
+ const hint = (nonJsonlEntries.length > 0 || subdirs.length > 0)
1146
+ ? ('Log directory has no .jsonl chain entries, but contains ' +
1147
+ `${nonJsonlEntries.length} non-chain file(s) and ${subdirs.length} subdirectory(ies). ` +
1148
+ (subdirs.length > 0
1149
+ ? `Did you mean a subdirectory? Subdirs found: ${subdirs.slice(0, 5).join(', ')}${subdirs.length > 5 ? ' ...' : ''}. `
1150
+ : '') +
1151
+ 'verify-chain only reads .jsonl files in the directory you pass; it does not recurse.')
1152
+ : 'Log directory is empty. No chain to verify.';
1153
+ if (jsonOutput) {
1154
+ process.stdout.write(JSON.stringify({
1155
+ ok: true,
1156
+ status: 'EMPTY',
1157
+ chainLength: 0,
1158
+ files: 0,
1159
+ firstEntry: null,
1160
+ lastEntry: null,
1161
+ tamperFindings: [],
1162
+ nonChainFiles: nonJsonlEntries,
1163
+ subdirectories: subdirs,
1164
+ summary: hint,
1165
+ }) + '\n');
1166
+ }
1167
+ else {
1168
+ process.stdout.write('\nAudit Chain Verification\n');
1169
+ process.stdout.write('='.repeat(40) + '\n');
1170
+ process.stdout.write(' Status: EMPTY\n');
1171
+ process.stdout.write(' Chain length: 0 entries\n');
1172
+ process.stdout.write(' Files: 0\n');
1173
+ if (nonJsonlEntries.length > 0) {
1174
+ process.stdout.write(` Non-chain files: ${nonJsonlEntries.length} (e.g. ${nonJsonlEntries.slice(0, 3).join(', ')})\n`);
1175
+ }
1176
+ if (subdirs.length > 0) {
1177
+ process.stdout.write(` Subdirectories: ${subdirs.length} (${subdirs.slice(0, 5).join(', ')})\n`);
1178
+ }
1179
+ process.stdout.write('\n' + hint + '\n');
1180
+ }
1181
+ process.exit(0);
1182
+ }
1183
+ const findings = [];
1184
+ let totalEntries = 0;
1185
+ let prevHash = '';
1186
+ let firstTimestamp = null;
1187
+ let lastTimestamp = null;
1188
+ let globalSeq = 0;
1189
+ function computeEntryHash(entry) {
1190
+ const hashInput = JSON.stringify({
1191
+ data: entry.data,
1192
+ _seq: entry._seq,
1193
+ _prevHash: entry._prevHash,
1194
+ });
1195
+ return crypto.createHash('sha256').update(hashInput).digest('hex');
1196
+ }
1197
+ for (const filePath of jsonlFiles) {
1198
+ const baseName = path.basename(filePath);
1199
+ let rawLines;
1200
+ try {
1201
+ const content = fs.readFileSync(filePath, 'utf-8');
1202
+ rawLines = content.trim().split('\n').filter(Boolean);
1203
+ }
1204
+ catch (err) {
1205
+ findings.push({
1206
+ file: baseName,
1207
+ lineNumber: 0,
1208
+ seq: -1,
1209
+ reason: `Cannot read file: ${err.message}`,
1210
+ });
1211
+ continue;
1212
+ }
1213
+ for (let lineIdx = 0; lineIdx < rawLines.length; lineIdx++) {
1214
+ globalSeq++;
1215
+ totalEntries++;
1216
+ const lineNumber = lineIdx + 1;
1217
+ let entry;
1218
+ try {
1219
+ entry = JSON.parse(rawLines[lineIdx]);
1220
+ }
1221
+ catch (parseErr) {
1222
+ findings.push({
1223
+ file: baseName,
1224
+ lineNumber,
1225
+ seq: globalSeq,
1226
+ reason: `Malformed JSON: ${parseErr.message}`,
1227
+ });
1228
+ // Skip prevHash update — chain is broken here
1229
+ continue;
1230
+ }
1231
+ // Validate required fields
1232
+ if (typeof entry._seq !== 'number' || typeof entry._prevHash !== 'string' || typeof entry._hash !== 'string') {
1233
+ findings.push({
1234
+ file: baseName,
1235
+ lineNumber,
1236
+ seq: globalSeq,
1237
+ reason: 'Entry missing required chain fields (_seq, _prevHash, _hash)',
1238
+ });
1239
+ continue;
1240
+ }
1241
+ // Track timestamps for summary
1242
+ const ts = (entry.data?.timestamp ?? entry.data?.ts);
1243
+ if (ts) {
1244
+ if (firstTimestamp === null)
1245
+ firstTimestamp = ts;
1246
+ lastTimestamp = ts;
1247
+ }
1248
+ // Verify prevHash linkage
1249
+ if (entry._prevHash !== prevHash) {
1250
+ findings.push({
1251
+ file: baseName,
1252
+ lineNumber,
1253
+ seq: entry._seq,
1254
+ reason: `Chain break: _prevHash mismatch. Expected ${prevHash.slice(0, 16) || '(empty)'}, got ${entry._prevHash.slice(0, 16)}`,
1255
+ });
1256
+ }
1257
+ // Verify self-hash
1258
+ const expectedHash = computeEntryHash(entry);
1259
+ if (entry._hash !== expectedHash) {
1260
+ findings.push({
1261
+ file: baseName,
1262
+ lineNumber,
1263
+ seq: entry._seq,
1264
+ reason: `Tamper detected: entry hash does not match content. Entry seq=${entry._seq}`,
1265
+ });
1266
+ }
1267
+ prevHash = entry._hash;
1268
+ }
1269
+ }
1270
+ const intact = findings.length === 0;
1271
+ const status = intact ? 'INTACT' : 'TAMPERED';
1272
+ if (jsonOutput) {
1273
+ process.stdout.write(JSON.stringify({
1274
+ ok: intact,
1275
+ status,
1276
+ chainLength: totalEntries,
1277
+ files: jsonlFiles.length,
1278
+ firstEntry: firstTimestamp,
1279
+ lastEntry: lastTimestamp,
1280
+ tamperFindings: findings.map(f => ({
1281
+ file: f.file,
1282
+ line: f.lineNumber,
1283
+ seq: f.seq,
1284
+ reason: f.reason,
1285
+ })),
1286
+ summary: intact
1287
+ ? `Chain intact. ${totalEntries} entries verified across ${jsonlFiles.length} file(s).`
1288
+ : `TAMPER DETECTED. ${findings.length} finding(s) in ${totalEntries} entries.`,
1289
+ }, null, 2) + '\n');
1290
+ }
1291
+ else {
1292
+ process.stdout.write('\nAudit Chain Verification\n');
1293
+ process.stdout.write('='.repeat(40) + '\n');
1294
+ process.stdout.write(` Status: ${status}\n`);
1295
+ process.stdout.write(` Chain length: ${totalEntries} entries\n`);
1296
+ process.stdout.write(` Files: ${jsonlFiles.length}\n`);
1297
+ if (firstTimestamp) {
1298
+ process.stdout.write(` First entry: ${firstTimestamp}\n`);
1299
+ }
1300
+ if (lastTimestamp) {
1301
+ process.stdout.write(` Last entry: ${lastTimestamp}\n`);
1302
+ }
1303
+ if (findings.length > 0) {
1304
+ process.stdout.write(`\n TAMPER FINDINGS (${findings.length}):\n`);
1305
+ for (const f of findings) {
1306
+ process.stdout.write(` [${f.file}:L${f.lineNumber}] seq=${f.seq}: ${f.reason}\n`);
1307
+ }
1308
+ }
1309
+ process.stdout.write('\n' + (intact
1310
+ ? `Chain integrity verified. ${totalEntries} entries checked.\n`
1311
+ : `INTEGRITY FAILURE. ${findings.length} finding(s) detected. Log may have been tampered.\n`));
1312
+ }
1313
+ process.exit(intact ? 0 : 1);
1314
+ }
1315
+ // --- Status command ---
1316
+ function showStatus(projectDir) {
1317
+ const configPath = path.join(projectDir, '.governance.json');
1318
+ if (!fs.existsSync(configPath)) {
1319
+ process.stderr.write('No governance configured. Run "ai-governance init" first.\n');
1320
+ process.exit(1);
1321
+ }
1322
+ const config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
1323
+ const govDir = path.join(projectDir, '.governance');
1324
+ // Count audit entries
1325
+ const auditDir = path.join(govDir, 'audit');
1326
+ let auditEntries = 0;
1327
+ if (fs.existsSync(auditDir)) {
1328
+ const files = fs.readdirSync(auditDir).filter(f => f.endsWith('.jsonl'));
1329
+ for (const file of files) {
1330
+ try {
1331
+ const content = fs.readFileSync(path.join(auditDir, file), 'utf-8').trim();
1332
+ auditEntries += content ? content.split('\n').length : 0;
1333
+ }
1334
+ catch { /* skip */ }
1335
+ }
1336
+ }
1337
+ // Count hooks
1338
+ const hooksDir = path.join(govDir, 'hooks');
1339
+ const hookCount = fs.existsSync(hooksDir)
1340
+ ? fs.readdirSync(hooksDir).filter(f => f.endsWith('.sh') || f.endsWith('.ps1')).length
1341
+ : 0;
1342
+ process.stdout.write('\nGovernance Status\n');
1343
+ process.stdout.write('='.repeat(40) + '\n');
1344
+ process.stdout.write(` Version: ${config.version}\n`);
1345
+ process.stdout.write(` License: ${config.license}\n`);
1346
+ process.stdout.write(` Packs: ${config.packs.join(', ')}\n`);
1347
+ process.stdout.write(` Hooks: ${hookCount} installed\n`);
1348
+ process.stdout.write(` Audit entries: ${auditEntries}\n`);
1349
+ process.stdout.write(` Encryption: ${config.encryption?.enabled ? 'enabled' : 'disabled'}\n`);
1350
+ process.stdout.write(` Created: ${config.createdAt}\n`);
1351
+ // Per-pack allow/deny rule summary.
1352
+ // Thomas directive 2026-05-17 evening: "It must start up and report
1353
+ // findings to a local database on the compliance and company packs,
1354
+ // including what they are allowed and not allowed to do."
1355
+ //
1356
+ // Pre-fix `status` showed pack NAMES (e.g. "hipaa, soc2") but no rules.
1357
+ // A customer couldn't answer "what does HIPAA block on my install?"
1358
+ // from the CLI. Now each bound pack expands to its categoryActions
1359
+ // (BLOCK / WARN / REQUIRE_APPROVAL / ALLOW), blocked LLM providers,
1360
+ // and required modules so the answer is one terminal scroll away.
1361
+ if (Array.isArray(config.packs) && config.packs.length > 0) {
1362
+ process.stdout.write(`\nPack rules\n${'='.repeat(40)}\n`);
1363
+ for (const packId of config.packs) {
1364
+ const normalizedId = packId.toLowerCase().replace(/[\s-_]/g, '');
1365
+ const pack = governed_agent_1.BUILT_IN_PACKS[packId] ?? governed_agent_1.BUILT_IN_PACKS[normalizedId];
1366
+ if (!pack) {
1367
+ process.stdout.write(` ${packId}: (unknown pack — not in BUILT_IN_PACKS)\n`);
1368
+ continue;
1369
+ }
1370
+ process.stdout.write(`\n ${pack.id} — ${pack.name} (v${pack.version}):\n`);
1371
+ const categoryActions = pack.dataPolicy?.categoryActions;
1372
+ if (categoryActions && Object.keys(categoryActions).length > 0) {
1373
+ process.stdout.write(` Category actions:\n`);
1374
+ const sortedEntries = Object.entries(categoryActions).sort(([, a], [, b]) => {
1375
+ const order = { BLOCK: 0, REQUIRE_APPROVAL: 1, WARN: 2, LOG: 3, ALLOW: 4 };
1376
+ return (order[a] ?? 5) - (order[b] ?? 5);
1377
+ });
1378
+ for (const [category, action] of sortedEntries) {
1379
+ process.stdout.write(` ${category.padEnd(36)} ${action}\n`);
1380
+ }
1381
+ }
1382
+ else {
1383
+ process.stdout.write(` Category actions: (none defined)\n`);
1384
+ }
1385
+ const providerPolicy = pack.providerPolicy;
1386
+ if (providerPolicy?.blockedProviders && providerPolicy.blockedProviders.length > 0) {
1387
+ process.stdout.write(` Blocked providers: ${providerPolicy.blockedProviders.join(', ')}\n`);
1388
+ }
1389
+ if (providerPolicy?.allowedProviders && providerPolicy.allowedProviders.length > 0) {
1390
+ process.stdout.write(` Allowed providers: ${providerPolicy.allowedProviders.join(', ')}\n`);
1391
+ }
1392
+ const requiredModules = pack.requiredModules;
1393
+ if (requiredModules && requiredModules.length > 0) {
1394
+ const names = requiredModules
1395
+ .map((m) => (typeof m === 'string' ? m : m?.name ?? 'unknown'))
1396
+ .filter(Boolean);
1397
+ process.stdout.write(` Required modules: ${names.join(', ')}\n`);
1398
+ }
1399
+ }
1400
+ }
1401
+ // Runtime push health — 2026-05-17 customer-debug enhancement.
1402
+ // Without these lines, customers couldn't tell from `status` whether their
1403
+ // hooks were actually reaching the platform or no-oping silently.
1404
+ const runtime = config.runtime;
1405
+ process.stdout.write(`\nRuntime push\n${'='.repeat(40)}\n`);
1406
+ if (!runtime || !runtime.serviceToken) {
1407
+ process.stdout.write(` Status: NOT WIRED — hooks fire locally only.\n`);
1408
+ process.stdout.write(` Fix: Re-run \`ai-governance init --vendor-code <code>\`\n`);
1409
+ }
1410
+ else {
1411
+ const govServerUrl = runtime.govServerUrl;
1412
+ const orgId = runtime.orgId;
1413
+ const agentId = runtime.agentId;
1414
+ const token = runtime.serviceToken;
1415
+ process.stdout.write(` Gov-server: ${govServerUrl ?? 'MISSING'}\n`);
1416
+ process.stdout.write(` Org: ${orgId ?? 'MISSING'}\n`);
1417
+ process.stdout.write(` Agent: ${agentId ?? 'MISSING'}\n`);
1418
+ // Decode the service token (best-effort) to surface expiry
1419
+ try {
1420
+ const parts = token.split('.');
1421
+ if (parts.length === 3) {
1422
+ const claims = JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf8'));
1423
+ if (claims.exp) {
1424
+ const expDate = new Date(claims.exp * 1000);
1425
+ const daysLeft = Math.floor((expDate.getTime() - Date.now()) / 86_400_000);
1426
+ const expWarn = daysLeft < 30 ? ' ⚠ (consider `ai-governance rotate-token`)' : '';
1427
+ process.stdout.write(` Token expires: ${expDate.toISOString()} (${daysLeft}d)${expWarn}\n`);
1428
+ }
1429
+ if (claims.role) {
1430
+ process.stdout.write(` Token role: ${claims.role}\n`);
1431
+ }
1432
+ }
1433
+ }
1434
+ catch { /* malformed token; surfaced by ping below */ }
1435
+ // Best-effort ping — short timeout so `status` never hangs
1436
+ if (govServerUrl) {
1437
+ try {
1438
+ const { spawnSync } = require('node:child_process');
1439
+ const result = spawnSync('curl', [
1440
+ '--silent', '--show-error',
1441
+ '--max-time', '3',
1442
+ '--connect-timeout', '1',
1443
+ '-o', '/dev/null',
1444
+ '-w', '%{http_code}',
1445
+ `${govServerUrl.replace(/\/$/, '')}/api/v1/agents?org=${orgId ?? ''}`,
1446
+ '-H', `Authorization: Bearer ${token}`,
1447
+ ], { encoding: 'utf8' });
1448
+ const code = result.stdout?.trim() || '?';
1449
+ const verdict = code === '200' ? '✅ reachable + token valid' :
1450
+ code === '401' ? '⚠ token rejected (try `ai-governance rotate-token`)' :
1451
+ code === '000' ? '❌ unreachable (check govServerUrl + network)' :
1452
+ `⚠ HTTP ${code}`;
1453
+ process.stdout.write(` Live check: ${verdict}\n`);
1454
+ }
1455
+ catch {
1456
+ process.stdout.write(` Live check: skipped (curl unavailable)\n`);
1457
+ }
1458
+ }
1459
+ }
1460
+ process.stdout.write('\n');
1461
+ }
1462
+ // ---------------------------------------------------------------------------
1463
+ // F-NEW-PRODUCT-AGENT-DIR-WRAPPER slice 3: generateAutowrapArtifacts
1464
+ // ---------------------------------------------------------------------------
1465
+ /**
1466
+ * Generate .governance/autowrap.py and .governance/autowrap.js in agentDir.
1467
+ *
1468
+ * These scripts can be passed to Python / Node as bootstrap loaders:
1469
+ * CONNEXUM_AUTOWRAP=1 python -c "import connexum_governance; from openai import OpenAI"
1470
+ * NODE_OPTIONS='--require ./.governance/autowrap.js' node agent.js
1471
+ *
1472
+ * The function prints clear env-var instructions to stdout.
1473
+ * It does NOT modify the user's shell profile or global environment -- that
1474
+ * would be intrusive and violate the principle of least surprise.
1475
+ */
1476
+ function generateAutowrapArtifacts(agentDir, detectedAgents, projectDir) {
1477
+ const govDir = path.join(agentDir, '.governance');
1478
+ if (!fs.existsSync(govDir)) {
1479
+ fs.mkdirSync(govDir, { recursive: true });
1480
+ }
1481
+ // Determine packs from detected agents (deduplicated union)
1482
+ const allPacks = new Set();
1483
+ for (const agent of detectedAgents) {
1484
+ for (const pack of agent.packs) {
1485
+ allPacks.add(pack);
1486
+ }
1487
+ }
1488
+ const tenantId = 'local-dev';
1489
+ const packs = JSON.stringify([...allPacks]);
1490
+ // --- Python bootstrap ---
1491
+ const pyPath = path.join(govDir, 'autowrap.py');
1492
+ const pyContent = [
1493
+ '"""',
1494
+ 'Connexum governance autowrap bootstrap -- generated by ai-governance CLI',
1495
+ 'Edit governance.json to change pack assignments. Do not edit this file.',
1496
+ '',
1497
+ 'Usage:',
1498
+ ' CONNEXUM_AUTOWRAP=1 python your_agent.py',
1499
+ '',
1500
+ 'Or add to your shell profile / CI env:',
1501
+ ' export CONNEXUM_AUTOWRAP=1',
1502
+ '"""',
1503
+ 'import os as _os',
1504
+ 'import sys as _sys',
1505
+ '',
1506
+ '# Activate governance before any provider imports',
1507
+ 'if _os.environ.get("CONNEXUM_AUTOWRAP") == "1":',
1508
+ ' try:',
1509
+ ' from connexum_governance.autowrap import activate',
1510
+ ' activate()',
1511
+ ' except ImportError as _e:',
1512
+ ' print(',
1513
+ ' f"[connexum-autowrap] ERROR: connexum_governance not installed: {_e}",',
1514
+ ' file=_sys.stderr,',
1515
+ ' )',
1516
+ ` # Governance context: tenantId=${tenantId}, packs=${packs}`,
1517
+ '',
1518
+ ].join('\n');
1519
+ fs.writeFileSync(pyPath, pyContent, { mode: 0o644 });
1520
+ process.stdout.write(` [autowrap] Python bootstrap: ${pyPath}\n`);
1521
+ // --- Node.js bootstrap (CommonJS --require script) ---
1522
+ const jsPath = path.join(govDir, 'autowrap.js');
1523
+ const jsContent = [
1524
+ '/**',
1525
+ ' * Connexum governance autowrap bootstrap -- generated by ai-governance CLI',
1526
+ ' * Edit governance.json to change pack assignments. Do not edit this file.',
1527
+ ' *',
1528
+ ' * Usage (add to dev shell or CI):',
1529
+ ' * NODE_OPTIONS="--require ' + path.relative(projectDir, jsPath) + '" node agent.js',
1530
+ ' *',
1531
+ ' * Or for a single invocation:',
1532
+ ' * CONNEXUM_AUTOWRAP=1 node -e "require(\\".governance/autowrap.js\\"); const {OpenAI} = require(\\"openai\\");"',
1533
+ ' */',
1534
+ "'use strict';",
1535
+ '',
1536
+ 'if (process.env.CONNEXUM_AUTOWRAP === "1") {',
1537
+ ' try {',
1538
+ " const { register } = require('@connexum/typescript-sdk/autowrap');",
1539
+ ' register();',
1540
+ ' } catch (err) {',
1541
+ ' process.stderr.write(',
1542
+ " '[connexum-autowrap] ERROR: @connexum/typescript-sdk not installed: ' + err.message + '\\n',",
1543
+ ' );',
1544
+ ' }',
1545
+ '}',
1546
+ `// Governance context: tenantId=${tenantId}, packs=${packs}`,
1547
+ '',
1548
+ ].join('\n');
1549
+ fs.writeFileSync(jsPath, jsContent, { mode: 0o644 });
1550
+ process.stdout.write(` [autowrap] Node.js bootstrap: ${jsPath}\n`);
1551
+ // Print activation instructions
1552
+ const relJs = path.relative(projectDir, jsPath);
1553
+ process.stdout.write('\n');
1554
+ process.stdout.write('Autowrap activation instructions:\n');
1555
+ process.stdout.write('\n');
1556
+ process.stdout.write(' Python:\n');
1557
+ process.stdout.write(' Add to your dev shell or CI environment:\n');
1558
+ process.stdout.write(' export CONNEXUM_AUTOWRAP=1\n');
1559
+ process.stdout.write(' Or activate per-invocation:\n');
1560
+ process.stdout.write(' CONNEXUM_AUTOWRAP=1 python your_agent.py\n');
1561
+ process.stdout.write('\n');
1562
+ process.stdout.write(' Node.js:\n');
1563
+ process.stdout.write(' Add to your dev shell or CI environment:\n');
1564
+ process.stdout.write(` export NODE_OPTIONS='--require ${relJs}'\n`);
1565
+ process.stdout.write(' export CONNEXUM_AUTOWRAP=1\n');
1566
+ process.stdout.write(' Or activate per-invocation:\n');
1567
+ process.stdout.write(` CONNEXUM_AUTOWRAP=1 node --require ${relJs} your_agent.js\n`);
1568
+ process.stdout.write('\n');
1569
+ process.stdout.write(' Note: These bootstrap scripts patch CJS require() calls. Pure ESM modules\n');
1570
+ process.stdout.write(' require slice 1 (--agent-dir) or slice 2 (.governed.ts shim files) instead.\n');
1571
+ }
1572
+ // --- Main ---
1573
+ // Only run the CLI when invoked directly, not when imported by tests.
1574
+ const isDirectRun = require.main === module;
1575
+ const args = process.argv.slice(2);
1576
+ const command = args[0];
1577
+ // SYSTEMIC-H3: CLI escape hatch for malformed governance config.
1578
+ // When --force-empty-config is passed, we set the matching env var so
1579
+ // GovernanceConfig.handleConfigFailure() sees it. The bypass is AUDIT
1580
+ // LOGGED via GovernanceConfig.consumeForceEmptyOverride() at boot.
1581
+ if (args.includes('--force-empty-config')) {
1582
+ process.env.FORCE_EMPTY_GOVERNANCE_CONFIG = 'true';
1583
+ process.env.FORCE_EMPTY_GOVERNANCE_CONFIG_SOURCE = 'cli';
1584
+ }
1585
+ if (isDirectRun && (command === '--version' || command === '-v')) {
1586
+ process.stdout.write(`@connexum/ai-governance v${VERSION}\n`);
1587
+ process.exit(0);
1588
+ }
1589
+ if (isDirectRun && (command === '--help' || command === '-h' || !command)) {
1590
+ process.stdout.write(`
1591
+ @connexum/ai-governance v${VERSION}
1592
+ Enterprise AI governance for Claude Code environments.
1593
+
1594
+ Usage:
1595
+ ai-governance init Interactive setup
1596
+ ai-governance init --vendor-code <code> Non-interactive Vendor Code
1597
+ ai-governance init --offline Offline grace mode (requires env ack)
1598
+ ai-governance init --ci Non-interactive (CI) setup
1599
+ --packs soc2,hipaa Compliance frameworks
1600
+ --license CXGOV-... License key
1601
+ ai-governance init --agent-dir <path> Scan custom agent directory (slices 1-4)
1602
+ [--skip-preflight] Skip preflight sidecar check
1603
+ [--sidecar-url <url>] Override sidecar URL (default: http://localhost:4201)
1604
+ ai-governance verify Verify governance file integrity
1605
+ ai-governance verify-chain <logDir> Verify audit chain integrity (standalone)
1606
+ [--json] Output machine-readable JSON
1607
+ ai-governance status Show governance status
1608
+ ai-governance discover Scan project + push signed manifests
1609
+ --root <path> Project directory to scan
1610
+ --org-id <org> Organisation identifier
1611
+ --key <pem-path> Ed25519 private key (PEM)
1612
+ --endpoint <url> Manifest receive endpoint
1613
+ [--dry-run] Discover + report without push
1614
+ [--max-depth <n>] Recursion depth (default 8)
1615
+ ai-governance packs <select|get|upgrade> Manage per-project compliance packs
1616
+ --project <id> Project ID (required)
1617
+ --packs <list> Comma-separated pack IDs (select)
1618
+ --pack <id> --version <semver> Pin pack version (upgrade)
1619
+ [--api-url <url>] Governance server (default https://api.my-cc.io)
1620
+ [--license-key <jwt>] Bearer JWT (or CONNEXUM_LICENSE env)
1621
+ ai-governance retention-sweep Sweep customer audit logs by age
1622
+ [--audit-dir <dir>] Audit dir (default .governance/audit)
1623
+ [--retain-days <n>] Retention window (default 2190 = 6y)
1624
+ [--archive-dir <dir>] Archive destination (else delete)
1625
+ [--dry-run] Report without acting
1626
+ [--json] Machine-readable output
1627
+ ai-governance rotate-token Rotate the runtime service token
1628
+ Reads .governance.json runtime.serviceToken,
1629
+ requests a fresh token from the gov-server,
1630
+ writes it back. Use case: token approaching
1631
+ 1-year TTL, compromised, or rotated for policy.
1632
+ ai-governance bootstrap-admin Create the first ORG_ADMIN for a fresh tenant
1633
+ --vendor-code <code> Vendor code from /start provisioning
1634
+ --email <email> Admin email
1635
+ --password <password> Admin password (min 8 chars)
1636
+ [--gov-server-url <url>] Override gov-server URL (default https://api.my-cc.io)
1637
+ [--write-config] Persist tokens to .governance.json 'admin' section
1638
+ Headless customer-onboarding for CI / IaC flows.
1639
+ Equivalent to setting a password on /start Screen4.
1640
+
1641
+ Subscription:
1642
+ Vendor Codes are emailed on purchase. Set CXNI_VENDOR_CODE env var or use
1643
+ --vendor-code <code> for non-interactive installs.
1644
+ Contact thomas@ucreatewithai.com or visit ${BILLING_URL}
1645
+
1646
+ Options:
1647
+ --version, -v Show version
1648
+ --help, -h Show this help
1649
+ --vendor-code <code> Supply Vendor Code non-interactively
1650
+ --offline Bypass subscription check (requires
1651
+ CXNI_OFFLINE_GRACE_ACKNOWLEDGED=true)
1652
+ --license-server <url> Override license server URL (persisted to config)
1653
+ --license-server-url <url> Alias for --license-server
1654
+ --force-empty-config (EMERGENCY) Bypass a malformed .governance.json
1655
+ and boot with an empty config. This action is
1656
+ audit-logged and is NOT a valid production mode.
1657
+
1658
+ verify-chain:
1659
+ Download your JSONL audit log directory and run:
1660
+ ai-governance verify-chain ./audit-logs
1661
+ Exit code 0 = chain intact, 1 = tamper detected, 2 = input error.
1662
+ Add --json for machine-readable output suitable for compliance pipelines.
1663
+
1664
+ Documentation: https://my-cc.io/docs/ai-governance
1665
+ Connexum Network Inc.
1666
+ `.trim() + '\n');
1667
+ process.exit(0);
1668
+ }
1669
+ if (isDirectRun) {
1670
+ const projectDir = process.cwd();
1671
+ if (command === 'init') {
1672
+ const ciMode = args.includes('--ci');
1673
+ // S-07: Parse vendor code flags
1674
+ const vendorCodeIdx = args.indexOf('--vendor-code');
1675
+ const vendorCodeFlag = vendorCodeIdx >= 0 ? args[vendorCodeIdx + 1] : undefined;
1676
+ const offlineFlag = args.includes('--offline');
1677
+ // License server URL: accept both --license-server and --license-server-url
1678
+ // --license-server is the shorter alias (matches task spec requirement)
1679
+ const lsIdx = args.indexOf('--license-server') >= 0
1680
+ ? args.indexOf('--license-server')
1681
+ : args.indexOf('--license-server-url');
1682
+ const licenseServerUrl = lsIdx >= 0 ? args[lsIdx + 1] : undefined;
1683
+ // F-NEW-CUSTOMER-JOURNEY-001: hook→gov-server runtime push config.
1684
+ // All four flags must be present together to enable the push path.
1685
+ // Env vars (CXNI_GOV_URL / CXNI_ORG_ID / CXNI_AGENT_ID /
1686
+ // CXNI_SERVICE_TOKEN) serve as fallbacks for CI environments.
1687
+ const govServerUrlIdx = args.indexOf('--gov-server-url');
1688
+ const orgIdIdx = args.indexOf('--org-id');
1689
+ const agentIdIdx = args.indexOf('--agent-id');
1690
+ const serviceTokenIdx = args.indexOf('--service-token');
1691
+ const runtimeGovServerUrl = (govServerUrlIdx >= 0 ? args[govServerUrlIdx + 1] : undefined) ?? process.env.CXNI_GOV_URL;
1692
+ const runtimeOrgId = (orgIdIdx >= 0 ? args[orgIdIdx + 1] : undefined) ?? process.env.CXNI_ORG_ID;
1693
+ const runtimeAgentId = (agentIdIdx >= 0 ? args[agentIdIdx + 1] : undefined) ?? process.env.CXNI_AGENT_ID;
1694
+ const runtimeServiceToken = (serviceTokenIdx >= 0 ? args[serviceTokenIdx + 1] : undefined) ?? process.env.CXNI_SERVICE_TOKEN;
1695
+ let runtimeConfig = runtimeGovServerUrl && runtimeOrgId && runtimeAgentId && runtimeServiceToken
1696
+ ? {
1697
+ govServerUrl: runtimeGovServerUrl,
1698
+ orgId: runtimeOrgId,
1699
+ agentId: runtimeAgentId,
1700
+ serviceToken: runtimeServiceToken,
1701
+ }
1702
+ : undefined;
1703
+ // 2026-05-17 customer-journey fix: when --vendor-code is the only
1704
+ // identifier the customer provides, exchange it server-side for the
1705
+ // four runtime fields. Without this, hooks fire locally but never push
1706
+ // to the platform — customer sees empty portal and churns.
1707
+ // Uses sync curl spawn because the surrounding init block is synchronous
1708
+ // (tsc CommonJS target rejects top-level await).
1709
+ if (!runtimeConfig && vendorCodeFlag) {
1710
+ const exchangeServer = process.env.CXNI_GOV_URL ??
1711
+ runtimeGovServerUrl ??
1712
+ licenseServerUrl ??
1713
+ DEFAULT_GOV_SERVER_URL;
1714
+ try {
1715
+ const { spawnSync } = require('node:child_process');
1716
+ const result = spawnSync('curl', [
1717
+ '--silent',
1718
+ '--show-error',
1719
+ '--max-time', '10',
1720
+ '--connect-timeout', '3',
1721
+ '-X', 'POST',
1722
+ `${exchangeServer.replace(/\/$/, '')}/api/v1/cli/exchange-vendor-code`,
1723
+ '-H', 'Content-Type: application/json',
1724
+ '--data', JSON.stringify({ vendorCode: vendorCodeFlag }),
1725
+ ], { encoding: 'utf8' });
1726
+ if (result.status === 0 && result.stdout) {
1727
+ try {
1728
+ const exchanged = JSON.parse(result.stdout);
1729
+ if (exchanged.govServerUrl && exchanged.orgId && exchanged.agentId && exchanged.serviceToken) {
1730
+ runtimeConfig = {
1731
+ govServerUrl: exchanged.govServerUrl,
1732
+ orgId: exchanged.orgId,
1733
+ agentId: exchanged.agentId,
1734
+ serviceToken: exchanged.serviceToken,
1735
+ };
1736
+ process.stderr.write(`[CLI] vendor-code exchanged: orgId=${exchanged.orgId} agentId=${exchanged.agentId}\n`);
1737
+ }
1738
+ else if (exchanged.error) {
1739
+ process.stderr.write(`[CLI] vendor-code exchange returned error: ${exchanged.error}\n`);
1740
+ }
1741
+ }
1742
+ catch (e) {
1743
+ process.stderr.write(`[CLI] vendor-code exchange parse failed: ${e.message}\n`);
1744
+ }
1745
+ }
1746
+ else if (result.stderr) {
1747
+ process.stderr.write(`[CLI] vendor-code exchange request failed: ${result.stderr.trim()}\n`);
1748
+ }
1749
+ }
1750
+ catch (e) {
1751
+ process.stderr.write(`[CLI] vendor-code exchange skipped (${e.message}). Hooks will run locally but not push to the platform.\n`);
1752
+ }
1753
+ }
1754
+ // F-NEW-PRODUCT-AGENT-DIR-WRAPPER slice 1: --agent-dir flag
1755
+ // Scans the specified directory for AI usage signatures and merges
1756
+ // detected agents into governance.json `agents[]`. Additive: does not
1757
+ // replace IDE marker detection. Runs before (and independently of)
1758
+ // the interactive/CI flow so governance.json already has agents[] when
1759
+ // the hook installer runs.
1760
+ const agentDirIdx = args.indexOf('--agent-dir');
1761
+ const agentDirFlag = agentDirIdx >= 0 ? args[agentDirIdx + 1] : undefined;
1762
+ if (agentDirFlag) {
1763
+ // Wrap in async IIFE so slice 4 await calls work without converting the
1764
+ // entire top-level init block to async (which would break the existing
1765
+ // sync interactiveInit / nonInteractiveInit paths below).
1766
+ void (async () => {
1767
+ const resolvedAgentDir = path.isAbsolute(agentDirFlag)
1768
+ ? agentDirFlag
1769
+ : path.join(projectDir, agentDirFlag);
1770
+ if (!fs.existsSync(resolvedAgentDir)) {
1771
+ process.stderr.write(`--agent-dir: directory not found: ${resolvedAgentDir}\n`);
1772
+ process.exit(1);
1773
+ }
1774
+ process.stdout.write(`Scanning agent directory: ${resolvedAgentDir}\n`);
1775
+ const detectedAgents = (0, agent_dir_scanner_1.scanAgentDirectory)(resolvedAgentDir);
1776
+ process.stdout.write(`Detected ${detectedAgents.length} agent file(s).\n`);
1777
+ // Merge into governance.json (create/update)
1778
+ const configPath = path.join(projectDir, 'governance.json');
1779
+ let config = {};
1780
+ if (fs.existsSync(configPath)) {
1781
+ try {
1782
+ config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
1783
+ }
1784
+ catch { /* fresh */ }
1785
+ }
1786
+ const existing = Array.isArray(config['agents']) ? config['agents'] : [];
1787
+ // Merge: replace any existing auto-<id> entry for the same filePath, append new ones
1788
+ const merged = [...existing];
1789
+ for (const agent of detectedAgents) {
1790
+ const idx = merged.findIndex(a => a.filePath === agent.filePath);
1791
+ if (idx >= 0) {
1792
+ merged[idx] = agent;
1793
+ }
1794
+ else {
1795
+ merged.push(agent);
1796
+ }
1797
+ }
1798
+ config['agents'] = merged;
1799
+ fs.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 0o600 });
1800
+ process.stdout.write(`governance.json updated: ${merged.length} total agent(s).\n`);
1801
+ process.stdout.write(`Config: ${configPath}\n`);
1802
+ for (const agent of detectedAgents) {
1803
+ process.stdout.write(` [${agent.agentId}] ${agent.filePath} ` +
1804
+ `(${agent.language}, provider=${agent.provider ?? 'null'}, framework=${agent.framework ?? 'null'})\n`);
1805
+ }
1806
+ // F-NEW-PRODUCT-AGENT-DIR-WRAPPER slice 2: generate wrap-shim files
1807
+ process.stdout.write('\nGenerating governance shim files...\n');
1808
+ const shimResults = (0, wrap_shim_generator_1.writeWrapShims)(detectedAgents, resolvedAgentDir, (msg) => process.stdout.write(msg + '\n'));
1809
+ const generated = shimResults.filter(r => r.status === 'generated').length;
1810
+ const skipped = shimResults.filter(r => r.status !== 'generated').length;
1811
+ process.stdout.write(`Shim generation complete: ${generated} written, ${skipped} skipped.\n`);
1812
+ // F-NEW-PRODUCT-AGENT-DIR-WRAPPER slice 3: --autowrap flag
1813
+ // Generates .governance/autowrap.py and .governance/autowrap.js in the
1814
+ // agent directory and prints the env-var activation instructions.
1815
+ // Does NOT write to global env -- that would be intrusive.
1816
+ if (args.includes('--autowrap')) {
1817
+ generateAutowrapArtifacts(resolvedAgentDir, detectedAgents, projectDir);
1818
+ }
1819
+ // F-NEW-PRODUCT-AGENT-DIR-WRAPPER slice 4: preflight + green-checkmark report
1820
+ const skipPreflight = args.includes('--skip-preflight');
1821
+ if (!skipPreflight && detectedAgents.length > 0) {
1822
+ const sidecarUrlIdx = args.indexOf('--sidecar-url');
1823
+ const sidecarUrl = sidecarUrlIdx >= 0
1824
+ ? args[sidecarUrlIdx + 1]
1825
+ : (process.env['CONNEXUM_SIDECAR_URL'] ?? 'http://localhost:4201');
1826
+ try {
1827
+ process.stdout.write('\nRunning preflight checks against governance-sidecar...\n');
1828
+ const results = await (0, preflight_1.preflightAgents)(detectedAgents, resolvedAgentDir, { sidecarUrl });
1829
+ const report = (0, preflight_report_1.formatPreflightReport)(results, {
1830
+ useColour: process.stdout.isTTY,
1831
+ showDetail: true,
1832
+ });
1833
+ process.stdout.write(report);
1834
+ }
1835
+ catch (err) {
1836
+ process.stderr.write(`--agent-dir error: ${err.message}\n`);
1837
+ process.exit(1);
1838
+ }
1839
+ }
1840
+ else if (skipPreflight) {
1841
+ process.stdout.write('\nPreflight skipped (--skip-preflight).\n');
1842
+ }
1843
+ // --agent-dir is a standalone operation — do not fall through to interactive init
1844
+ // unless --ci or interactive flow flags are also explicitly set.
1845
+ if (!ciMode && !vendorCodeFlag && !offlineFlag) {
1846
+ process.exit(0);
1847
+ }
1848
+ })();
1849
+ }
1850
+ if (ciMode) {
1851
+ const packsIdx = args.indexOf('--packs');
1852
+ const licenseIdx = args.indexOf('--license');
1853
+ nonInteractiveInit(projectDir, {
1854
+ packs: packsIdx >= 0 ? args[packsIdx + 1] : undefined,
1855
+ license: licenseIdx >= 0 ? args[licenseIdx + 1] : undefined,
1856
+ licenseServerUrl,
1857
+ runtime: runtimeConfig,
1858
+ });
1859
+ }
1860
+ else if (!agentDirFlag) {
1861
+ interactiveInit(projectDir, { vendorCodeFlag, offlineFlag, licenseServerUrl, runtime: runtimeConfig }).catch(err => {
1862
+ process.stderr.write(`Error: ${err.message}\n`);
1863
+ process.exit(1);
1864
+ });
1865
+ }
1866
+ }
1867
+ else if (command === 'verify') {
1868
+ verifyGovernance(projectDir);
1869
+ }
1870
+ else if (command === 'verify-chain') {
1871
+ // GAP-S1-02: standalone audit chain verifier
1872
+ // Usage: ai-governance verify-chain <logDir> [--json]
1873
+ const logDir = args[1];
1874
+ const jsonOutput = args.includes('--json');
1875
+ verifyChain(logDir, jsonOutput);
1876
+ }
1877
+ else if (command === 'retention-sweep') {
1878
+ // F-NEW-AUDIT-RETENTION-1: customer-side audit log retention.
1879
+ // Usage:
1880
+ // ai-governance retention-sweep [--audit-dir DIR] [--retain-days N]
1881
+ // [--archive-dir DIR] [--dry-run] [--json]
1882
+ const auditDirIdx = args.indexOf('--audit-dir');
1883
+ const auditDir = auditDirIdx >= 0
1884
+ ? args[auditDirIdx + 1]
1885
+ : path.join(projectDir, '.governance', 'audit');
1886
+ const retainDaysIdx = args.indexOf('--retain-days');
1887
+ const retainDays = retainDaysIdx >= 0 ? parseInt(args[retainDaysIdx + 1], 10) : 2190;
1888
+ if (!Number.isFinite(retainDays) || retainDays < 1) {
1889
+ process.stderr.write('Error: --retain-days must be a positive integer.\n');
1890
+ process.exit(2);
1891
+ }
1892
+ const archiveDirIdx = args.indexOf('--archive-dir');
1893
+ const archiveDir = archiveDirIdx >= 0 ? args[archiveDirIdx + 1] : null;
1894
+ const dryRun = args.includes('--dry-run');
1895
+ const jsonOutput = args.includes('--json');
1896
+ const result = retentionSweep({ auditDir, retainDays, archiveDir, dryRun });
1897
+ if (jsonOutput) {
1898
+ process.stdout.write(JSON.stringify(result, null, 2) + '\n');
1899
+ }
1900
+ else {
1901
+ process.stdout.write(`Audit retention sweep\n`);
1902
+ process.stdout.write(` audit dir: ${result.auditDir}\n`);
1903
+ process.stdout.write(` retain days: ${result.retainDays}\n`);
1904
+ process.stdout.write(` cutoff: ${result.cutoffIso}\n`);
1905
+ process.stdout.write(` archive dir: ${result.archiveDir ?? '(none, files deleted)'}\n`);
1906
+ process.stdout.write(` dry run: ${result.dryRun}\n`);
1907
+ process.stdout.write(` files scanned: ${result.filesScanned}\n`);
1908
+ process.stdout.write(` files retained: ${result.filesRetained}\n`);
1909
+ process.stdout.write(` files actioned: ${result.filesActioned.length}\n`);
1910
+ for (const a of result.filesActioned) {
1911
+ process.stdout.write(` - ${a.action}: ${a.path} (age ${a.ageDays}d)\n`);
1912
+ }
1913
+ if (result.errors.length > 0) {
1914
+ process.stdout.write(` errors: ${result.errors.length}\n`);
1915
+ for (const e of result.errors) {
1916
+ process.stdout.write(` - ${e.path}: ${e.error}\n`);
1917
+ }
1918
+ }
1919
+ }
1920
+ process.exit(result.errors.length > 0 ? 1 : 0);
1921
+ }
1922
+ else if (command === 'status') {
1923
+ showStatus(projectDir);
1924
+ }
1925
+ else if (command === 'packs') {
1926
+ // W2: per-project pack selection CLI subcommand
1927
+ Promise.resolve().then(() => __importStar(require('./packs.js'))).then(({ runPacksCommand }) => {
1928
+ runPacksCommand(args.slice(1)).catch((err) => {
1929
+ process.stderr.write(`Error: ${err.message}\n`);
1930
+ process.exit(2);
1931
+ });
1932
+ });
1933
+ }
1934
+ else if (command === 'discover') {
1935
+ // F-NEW-PRODUCT-AGENT-DISCOVERY-CLI: scan project + sign + push manifests.
1936
+ // Closes the W2.1 customer-visible loop. See src/cli/discover.ts.
1937
+ Promise.resolve().then(() => __importStar(require('./discover.js'))).then(({ runDiscoverCommand }) => {
1938
+ runDiscoverCommand(args.slice(1)).then((code) => process.exit(code)).catch((err) => {
1939
+ process.stderr.write(`Error: ${err.message}\n`);
1940
+ process.exit(2);
1941
+ });
1942
+ });
1943
+ }
1944
+ else if (command === 'bootstrap-admin') {
1945
+ // 2026-05-17: headless first-admin creation. Used by CI / IaC flows
1946
+ // that provision tenants automatically without going through /start
1947
+ // in a browser. Requires: --vendor-code, --email, --password
1948
+ // (or env CXNI_VENDOR_CODE / CXNI_BOOTSTRAP_EMAIL / CXNI_BOOTSTRAP_PASSWORD).
1949
+ // Optional: --gov-server-url (defaults to CXNI_GOV_URL or DEFAULT_GOV_SERVER_URL = https://api.my-cc.io).
1950
+ (() => {
1951
+ const { spawnSync } = require('node:child_process');
1952
+ const fs = require('node:fs');
1953
+ const path = require('node:path');
1954
+ const argv = args.slice(1);
1955
+ const flag = (name, env) => {
1956
+ const idx = argv.indexOf(name);
1957
+ const v = idx >= 0 ? argv[idx + 1] : undefined;
1958
+ return v ?? (env ? process.env[env] : undefined);
1959
+ };
1960
+ const vendorCode = flag('--vendor-code', 'CXNI_VENDOR_CODE');
1961
+ const email = flag('--email', 'CXNI_BOOTSTRAP_EMAIL');
1962
+ const password = flag('--password', 'CXNI_BOOTSTRAP_PASSWORD');
1963
+ const govServerUrl = flag('--gov-server-url', 'CXNI_GOV_URL') ?? DEFAULT_GOV_SERVER_URL;
1964
+ const writeConfig = argv.includes('--write-config');
1965
+ if (!vendorCode || !email || !password) {
1966
+ process.stderr.write('bootstrap-admin requires --vendor-code, --email, --password (or env vars CXNI_VENDOR_CODE / CXNI_BOOTSTRAP_EMAIL / CXNI_BOOTSTRAP_PASSWORD)\n');
1967
+ process.exit(1);
1968
+ }
1969
+ if (password.length < 8) {
1970
+ process.stderr.write('password must be at least 8 characters\n');
1971
+ process.exit(1);
1972
+ }
1973
+ process.stderr.write(`Bootstrapping admin against ${govServerUrl} for vendorCode=${vendorCode.slice(0, 16)}…\n`);
1974
+ const result = spawnSync('curl', [
1975
+ '--silent', '--show-error',
1976
+ '--max-time', '15',
1977
+ '--connect-timeout', '5',
1978
+ '-X', 'POST',
1979
+ `${govServerUrl.replace(/\/$/, '')}/api/v1/cli/bootstrap-admin`,
1980
+ '-H', 'Content-Type: application/json',
1981
+ '--data', JSON.stringify({ vendorCode, email, password }),
1982
+ ], { encoding: 'utf8' });
1983
+ if (result.status !== 0 || !result.stdout) {
1984
+ process.stderr.write(`Bootstrap request failed: ${result.stderr?.trim() || 'no stdout'}\n`);
1985
+ process.exit(1);
1986
+ }
1987
+ let payload;
1988
+ try {
1989
+ payload = JSON.parse(result.stdout);
1990
+ }
1991
+ catch (e) {
1992
+ process.stderr.write(`Bootstrap response was not JSON: ${result.stdout.slice(0, 200)}\n`);
1993
+ process.exit(1);
1994
+ return;
1995
+ }
1996
+ if (!payload.accessToken) {
1997
+ process.stderr.write(`Bootstrap rejected: ${payload.detail ?? payload.error ?? JSON.stringify(payload)}\n`);
1998
+ process.exit(1);
1999
+ }
2000
+ // Optionally persist the bootstrap credentials into .governance.json
2001
+ // so subsequent CLI calls (e.g., `discover`) don't need to re-supply
2002
+ // the access token. Off by default — most callers will pipe stdout
2003
+ // into their own secret store.
2004
+ if (writeConfig) {
2005
+ const configPath = path.join(projectDir, '.governance.json');
2006
+ let config = {};
2007
+ if (fs.existsSync(configPath)) {
2008
+ try {
2009
+ config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
2010
+ }
2011
+ catch {
2012
+ // overwrite if malformed
2013
+ }
2014
+ }
2015
+ config['admin'] = {
2016
+ email,
2017
+ orgId: payload.orgId,
2018
+ userId: payload.userId,
2019
+ role: payload.role,
2020
+ accessToken: payload.accessToken,
2021
+ refreshToken: payload.refreshToken,
2022
+ createdAt: new Date().toISOString(),
2023
+ };
2024
+ fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n');
2025
+ try {
2026
+ fs.chmodSync(configPath, 0o600);
2027
+ }
2028
+ catch { /* best-effort on Windows */ }
2029
+ process.stderr.write(`Wrote admin section to ${configPath}\n`);
2030
+ }
2031
+ // Always print the result so CI can capture it.
2032
+ process.stdout.write(JSON.stringify({
2033
+ bootstrapped: true,
2034
+ orgId: payload.orgId,
2035
+ userId: payload.userId,
2036
+ role: payload.role,
2037
+ accessToken: payload.accessToken,
2038
+ refreshToken: payload.refreshToken,
2039
+ }) + '\n');
2040
+ process.exit(0);
2041
+ })();
2042
+ }
2043
+ else if (command === 'rotate-token') {
2044
+ // 2026-05-17: rotate the service token without burning a vendor-code redemption.
2045
+ // Reads .governance.json runtime.serviceToken, POSTs to
2046
+ // /api/v1/cli/rotate-token, writes the new token back. Use case:
2047
+ // approaching the 1-year TTL, token compromised, or token lost.
2048
+ (() => {
2049
+ const fs = require('node:fs');
2050
+ const path = require('node:path');
2051
+ const { spawnSync } = require('node:child_process');
2052
+ const configPath = path.join(projectDir, '.governance.json');
2053
+ if (!fs.existsSync(configPath)) {
2054
+ process.stderr.write('No .governance.json found in current directory. Run `ai-governance init` first.\n');
2055
+ process.exit(1);
2056
+ }
2057
+ let config;
2058
+ try {
2059
+ config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
2060
+ }
2061
+ catch (e) {
2062
+ process.stderr.write(`Failed to parse .governance.json: ${e.message}\n`);
2063
+ process.exit(1);
2064
+ return;
2065
+ }
2066
+ const runtime = config['runtime'] ?? {};
2067
+ const serviceToken = typeof runtime['serviceToken'] === 'string' ? runtime['serviceToken'] : '';
2068
+ const govServerUrl = typeof runtime['govServerUrl'] === 'string' ? runtime['govServerUrl'] : '';
2069
+ if (!serviceToken) {
2070
+ process.stderr.write('No runtime.serviceToken in .governance.json. Re-run `init --vendor-code` to obtain one.\n');
2071
+ process.exit(1);
2072
+ }
2073
+ if (!govServerUrl) {
2074
+ process.stderr.write('No runtime.govServerUrl in .governance.json.\n');
2075
+ process.exit(1);
2076
+ }
2077
+ process.stderr.write(`Rotating service token against ${govServerUrl} …\n`);
2078
+ const result = spawnSync('curl', [
2079
+ '--silent', '--show-error',
2080
+ '--max-time', '15',
2081
+ '--connect-timeout', '5',
2082
+ '-X', 'POST',
2083
+ `${govServerUrl.replace(/\/$/, '')}/api/v1/cli/rotate-token`,
2084
+ '-H', `Authorization: Bearer ${serviceToken}`,
2085
+ '-H', 'Content-Type: application/json',
2086
+ '--data', '{}',
2087
+ ], { encoding: 'utf8' });
2088
+ if (result.status !== 0 || !result.stdout) {
2089
+ process.stderr.write(`Rotation request failed: ${result.stderr?.trim() || 'no stdout'}\n`);
2090
+ process.exit(1);
2091
+ }
2092
+ let payload;
2093
+ try {
2094
+ payload = JSON.parse(result.stdout);
2095
+ }
2096
+ catch (e) {
2097
+ process.stderr.write(`Rotation response was not JSON: ${result.stdout.slice(0, 200)}\n`);
2098
+ process.exit(1);
2099
+ return;
2100
+ }
2101
+ if (!payload.serviceToken) {
2102
+ process.stderr.write(`Rotation rejected: ${payload.detail ?? payload.error ?? JSON.stringify(payload)}\n`);
2103
+ if ((payload.error ?? '') === 'token_expired') {
2104
+ process.stderr.write('Token already expired — re-run `ai-governance init --vendor-code <code>` to obtain a fresh one.\n');
2105
+ }
2106
+ process.exit(1);
2107
+ }
2108
+ config['runtime'].serviceToken = payload.serviceToken;
2109
+ fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n');
2110
+ // Explicit chmod — writeFileSync's `mode` flag only applies on create,
2111
+ // and .governance.json already exists. Service token is sensitive →
2112
+ // owner-only read/write.
2113
+ try {
2114
+ fs.chmodSync(configPath, 0o600);
2115
+ }
2116
+ catch { /* best-effort on Windows */ }
2117
+ process.stdout.write(JSON.stringify({
2118
+ rotated: true,
2119
+ expiresAt: payload.expiresAt,
2120
+ configPath,
2121
+ }) + '\n');
2122
+ process.exit(0);
2123
+ })();
2124
+ }
2125
+ else {
2126
+ process.stderr.write(`Unknown command: '${command}'. Run 'ai-governance --help'.\n`);
2127
+ process.exit(1);
2128
+ }
2129
+ }
2130
+ //# sourceMappingURL=index.js.map