@connexum/ai-governance 1.0.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2917) hide show
  1. package/LICENSE.md +78 -0
  2. package/README.md +582 -0
  3. package/dist/adapters/cursor.d.ts +85 -0
  4. package/dist/adapters/cursor.d.ts.map +1 -0
  5. package/dist/adapters/cursor.js +188 -0
  6. package/dist/adapters/cursor.js.map +1 -0
  7. package/dist/adapters/index.d.ts +250 -0
  8. package/dist/adapters/index.d.ts.map +1 -0
  9. package/dist/adapters/index.js +377 -0
  10. package/dist/adapters/index.js.map +1 -0
  11. package/dist/agents/compliance-agent-templates/dora.d.ts +53 -0
  12. package/dist/agents/compliance-agent-templates/dora.d.ts.map +1 -0
  13. package/dist/agents/compliance-agent-templates/dora.js +947 -0
  14. package/dist/agents/compliance-agent-templates/dora.js.map +1 -0
  15. package/dist/agents/compliance-agent-templates/eu-ai-act.d.ts +27 -0
  16. package/dist/agents/compliance-agent-templates/eu-ai-act.d.ts.map +1 -0
  17. package/dist/agents/compliance-agent-templates/eu-ai-act.js +721 -0
  18. package/dist/agents/compliance-agent-templates/eu-ai-act.js.map +1 -0
  19. package/dist/agents/compliance-agent-templates/gdpr.d.ts +25 -0
  20. package/dist/agents/compliance-agent-templates/gdpr.d.ts.map +1 -0
  21. package/dist/agents/compliance-agent-templates/gdpr.js +688 -0
  22. package/dist/agents/compliance-agent-templates/gdpr.js.map +1 -0
  23. package/dist/agents/compliance-agent-templates/hipaa.d.ts +23 -0
  24. package/dist/agents/compliance-agent-templates/hipaa.d.ts.map +1 -0
  25. package/dist/agents/compliance-agent-templates/hipaa.js +640 -0
  26. package/dist/agents/compliance-agent-templates/hipaa.js.map +1 -0
  27. package/dist/agents/compliance-agent-templates/iso27001.d.ts +30 -0
  28. package/dist/agents/compliance-agent-templates/iso27001.d.ts.map +1 -0
  29. package/dist/agents/compliance-agent-templates/iso27001.js +805 -0
  30. package/dist/agents/compliance-agent-templates/iso27001.js.map +1 -0
  31. package/dist/agents/compliance-agent-templates/iso42001.d.ts +42 -0
  32. package/dist/agents/compliance-agent-templates/iso42001.d.ts.map +1 -0
  33. package/dist/agents/compliance-agent-templates/iso42001.js +898 -0
  34. package/dist/agents/compliance-agent-templates/iso42001.js.map +1 -0
  35. package/dist/agents/compliance-agent-templates/nist-ai-rmf.d.ts +37 -0
  36. package/dist/agents/compliance-agent-templates/nist-ai-rmf.d.ts.map +1 -0
  37. package/dist/agents/compliance-agent-templates/nist-ai-rmf.js +819 -0
  38. package/dist/agents/compliance-agent-templates/nist-ai-rmf.js.map +1 -0
  39. package/dist/agents/compliance-agent-templates/pci-dss.d.ts +25 -0
  40. package/dist/agents/compliance-agent-templates/pci-dss.d.ts.map +1 -0
  41. package/dist/agents/compliance-agent-templates/pci-dss.js +658 -0
  42. package/dist/agents/compliance-agent-templates/pci-dss.js.map +1 -0
  43. package/dist/agents/compliance-agent-templates/soc2.d.ts +24 -0
  44. package/dist/agents/compliance-agent-templates/soc2.d.ts.map +1 -0
  45. package/dist/agents/compliance-agent-templates/soc2.js +643 -0
  46. package/dist/agents/compliance-agent-templates/soc2.js.map +1 -0
  47. package/dist/agents/compliance-agent-templates/types.d.ts +93 -0
  48. package/dist/agents/compliance-agent-templates/types.d.ts.map +1 -0
  49. package/dist/agents/compliance-agent-templates/types.js +34 -0
  50. package/dist/agents/compliance-agent-templates/types.js.map +1 -0
  51. package/dist/audit/audit-integrity.d.ts +88 -0
  52. package/dist/audit/audit-integrity.d.ts.map +1 -0
  53. package/dist/audit/audit-integrity.js +284 -0
  54. package/dist/audit/audit-integrity.js.map +1 -0
  55. package/dist/audit/chain-tamper-detector.d.ts +115 -0
  56. package/dist/audit/chain-tamper-detector.d.ts.map +1 -0
  57. package/dist/audit/chain-tamper-detector.js +256 -0
  58. package/dist/audit/chain-tamper-detector.js.map +1 -0
  59. package/dist/audit/compliance-reporter.d.ts +91 -0
  60. package/dist/audit/compliance-reporter.d.ts.map +1 -0
  61. package/dist/audit/compliance-reporter.js +471 -0
  62. package/dist/audit/compliance-reporter.js.map +1 -0
  63. package/dist/audit/destinations/custom-webhook.d.ts +189 -0
  64. package/dist/audit/destinations/custom-webhook.d.ts.map +1 -0
  65. package/dist/audit/destinations/custom-webhook.js +477 -0
  66. package/dist/audit/destinations/custom-webhook.js.map +1 -0
  67. package/dist/audit/destinations/datadog-logs.d.ts +241 -0
  68. package/dist/audit/destinations/datadog-logs.d.ts.map +1 -0
  69. package/dist/audit/destinations/datadog-logs.js +576 -0
  70. package/dist/audit/destinations/datadog-logs.js.map +1 -0
  71. package/dist/audit/destinations/sentinel.d.ts +336 -0
  72. package/dist/audit/destinations/sentinel.d.ts.map +1 -0
  73. package/dist/audit/destinations/sentinel.js +927 -0
  74. package/dist/audit/destinations/sentinel.js.map +1 -0
  75. package/dist/audit/destinations/sumo-logic.d.ts +227 -0
  76. package/dist/audit/destinations/sumo-logic.d.ts.map +1 -0
  77. package/dist/audit/destinations/sumo-logic.js +572 -0
  78. package/dist/audit/destinations/sumo-logic.js.map +1 -0
  79. package/dist/audit/event-bus.d.ts +79 -0
  80. package/dist/audit/event-bus.d.ts.map +1 -0
  81. package/dist/audit/event-bus.js +256 -0
  82. package/dist/audit/event-bus.js.map +1 -0
  83. package/dist/audit/narrative-generator.d.ts +91 -0
  84. package/dist/audit/narrative-generator.d.ts.map +1 -0
  85. package/dist/audit/narrative-generator.js +538 -0
  86. package/dist/audit/narrative-generator.js.map +1 -0
  87. package/dist/audit/narrative-types.d.ts +274 -0
  88. package/dist/audit/narrative-types.d.ts.map +1 -0
  89. package/dist/audit/narrative-types.js +115 -0
  90. package/dist/audit/narrative-types.js.map +1 -0
  91. package/dist/audit/provenance-signer.d.ts +158 -0
  92. package/dist/audit/provenance-signer.d.ts.map +1 -0
  93. package/dist/audit/provenance-signer.js +315 -0
  94. package/dist/audit/provenance-signer.js.map +1 -0
  95. package/dist/audit/redis-event-bus.d.ts +103 -0
  96. package/dist/audit/redis-event-bus.d.ts.map +1 -0
  97. package/dist/audit/redis-event-bus.js +310 -0
  98. package/dist/audit/redis-event-bus.js.map +1 -0
  99. package/dist/audit/report-templates/disclosure-accounting.d.ts +131 -0
  100. package/dist/audit/report-templates/disclosure-accounting.d.ts.map +1 -0
  101. package/dist/audit/report-templates/disclosure-accounting.js +195 -0
  102. package/dist/audit/report-templates/disclosure-accounting.js.map +1 -0
  103. package/dist/audit/report-templates/dora-ict-major-incident.d.ts +39 -0
  104. package/dist/audit/report-templates/dora-ict-major-incident.d.ts.map +1 -0
  105. package/dist/audit/report-templates/dora-ict-major-incident.js +227 -0
  106. package/dist/audit/report-templates/dora-ict-major-incident.js.map +1 -0
  107. package/dist/audit/report-templates/eu-ai-act-annex-iv.d.ts +38 -0
  108. package/dist/audit/report-templates/eu-ai-act-annex-iv.d.ts.map +1 -0
  109. package/dist/audit/report-templates/eu-ai-act-annex-iv.js +267 -0
  110. package/dist/audit/report-templates/eu-ai-act-annex-iv.js.map +1 -0
  111. package/dist/audit/report-templates/gdpr-data-subject-rights.d.ts +37 -0
  112. package/dist/audit/report-templates/gdpr-data-subject-rights.d.ts.map +1 -0
  113. package/dist/audit/report-templates/gdpr-data-subject-rights.js +235 -0
  114. package/dist/audit/report-templates/gdpr-data-subject-rights.js.map +1 -0
  115. package/dist/audit/report-templates/hipaa-breach-notification.d.ts +27 -0
  116. package/dist/audit/report-templates/hipaa-breach-notification.d.ts.map +1 -0
  117. package/dist/audit/report-templates/hipaa-breach-notification.js +197 -0
  118. package/dist/audit/report-templates/hipaa-breach-notification.js.map +1 -0
  119. package/dist/audit/report-templates/hipaa-security-incident.d.ts +28 -0
  120. package/dist/audit/report-templates/hipaa-security-incident.d.ts.map +1 -0
  121. package/dist/audit/report-templates/hipaa-security-incident.js +172 -0
  122. package/dist/audit/report-templates/hipaa-security-incident.js.map +1 -0
  123. package/dist/audit/report-templates/index.d.ts +86 -0
  124. package/dist/audit/report-templates/index.d.ts.map +1 -0
  125. package/dist/audit/report-templates/index.js +114 -0
  126. package/dist/audit/report-templates/index.js.map +1 -0
  127. package/dist/audit/report-templates/iso-42001-ams.d.ts +36 -0
  128. package/dist/audit/report-templates/iso-42001-ams.d.ts.map +1 -0
  129. package/dist/audit/report-templates/iso-42001-ams.js +262 -0
  130. package/dist/audit/report-templates/iso-42001-ams.js.map +1 -0
  131. package/dist/audit/report-templates/pci-dss-annual-attestation.d.ts +33 -0
  132. package/dist/audit/report-templates/pci-dss-annual-attestation.d.ts.map +1 -0
  133. package/dist/audit/report-templates/pci-dss-annual-attestation.js +211 -0
  134. package/dist/audit/report-templates/pci-dss-annual-attestation.js.map +1 -0
  135. package/dist/audit/report-templates/prompts/base.d.ts +94 -0
  136. package/dist/audit/report-templates/prompts/base.d.ts.map +1 -0
  137. package/dist/audit/report-templates/prompts/base.js +197 -0
  138. package/dist/audit/report-templates/prompts/base.js.map +1 -0
  139. package/dist/audit/report-templates/prompts/dora.d.ts +19 -0
  140. package/dist/audit/report-templates/prompts/dora.d.ts.map +1 -0
  141. package/dist/audit/report-templates/prompts/dora.js +121 -0
  142. package/dist/audit/report-templates/prompts/dora.js.map +1 -0
  143. package/dist/audit/report-templates/prompts/euaiact.d.ts +20 -0
  144. package/dist/audit/report-templates/prompts/euaiact.d.ts.map +1 -0
  145. package/dist/audit/report-templates/prompts/euaiact.js +126 -0
  146. package/dist/audit/report-templates/prompts/euaiact.js.map +1 -0
  147. package/dist/audit/report-templates/prompts/gdpr.d.ts +20 -0
  148. package/dist/audit/report-templates/prompts/gdpr.d.ts.map +1 -0
  149. package/dist/audit/report-templates/prompts/gdpr.js +126 -0
  150. package/dist/audit/report-templates/prompts/gdpr.js.map +1 -0
  151. package/dist/audit/report-templates/prompts/hipaa.d.ts +32 -0
  152. package/dist/audit/report-templates/prompts/hipaa.d.ts.map +1 -0
  153. package/dist/audit/report-templates/prompts/hipaa.js +98 -0
  154. package/dist/audit/report-templates/prompts/hipaa.js.map +1 -0
  155. package/dist/audit/report-templates/prompts/hitech.d.ts +20 -0
  156. package/dist/audit/report-templates/prompts/hitech.d.ts.map +1 -0
  157. package/dist/audit/report-templates/prompts/hitech.js +114 -0
  158. package/dist/audit/report-templates/prompts/hitech.js.map +1 -0
  159. package/dist/audit/report-templates/prompts/index.d.ts +24 -0
  160. package/dist/audit/report-templates/prompts/index.d.ts.map +1 -0
  161. package/dist/audit/report-templates/prompts/index.js +54 -0
  162. package/dist/audit/report-templates/prompts/index.js.map +1 -0
  163. package/dist/audit/report-templates/prompts/iso27001.d.ts +19 -0
  164. package/dist/audit/report-templates/prompts/iso27001.d.ts.map +1 -0
  165. package/dist/audit/report-templates/prompts/iso27001.js +110 -0
  166. package/dist/audit/report-templates/prompts/iso27001.js.map +1 -0
  167. package/dist/audit/report-templates/prompts/pcidss.d.ts +19 -0
  168. package/dist/audit/report-templates/prompts/pcidss.d.ts.map +1 -0
  169. package/dist/audit/report-templates/prompts/pcidss.js +111 -0
  170. package/dist/audit/report-templates/prompts/pcidss.js.map +1 -0
  171. package/dist/audit/report-templates/prompts/soc2.d.ts +19 -0
  172. package/dist/audit/report-templates/prompts/soc2.d.ts.map +1 -0
  173. package/dist/audit/report-templates/prompts/soc2.js +117 -0
  174. package/dist/audit/report-templates/prompts/soc2.js.map +1 -0
  175. package/dist/audit/report-templates/soc2-type-ii.d.ts +23 -0
  176. package/dist/audit/report-templates/soc2-type-ii.d.ts.map +1 -0
  177. package/dist/audit/report-templates/soc2-type-ii.js +187 -0
  178. package/dist/audit/report-templates/soc2-type-ii.js.map +1 -0
  179. package/dist/audit/reporting-exports.d.ts +20 -0
  180. package/dist/audit/reporting-exports.d.ts.map +1 -0
  181. package/dist/audit/reporting-exports.js +39 -0
  182. package/dist/audit/reporting-exports.js.map +1 -0
  183. package/dist/audit/webhook-delivery.d.ts +119 -0
  184. package/dist/audit/webhook-delivery.d.ts.map +1 -0
  185. package/dist/audit/webhook-delivery.js +381 -0
  186. package/dist/audit/webhook-delivery.js.map +1 -0
  187. package/dist/audit-bots/dora.d.ts +59 -0
  188. package/dist/audit-bots/dora.d.ts.map +1 -0
  189. package/dist/audit-bots/dora.js +417 -0
  190. package/dist/audit-bots/dora.js.map +1 -0
  191. package/dist/audit-bots/euaiact.d.ts +56 -0
  192. package/dist/audit-bots/euaiact.d.ts.map +1 -0
  193. package/dist/audit-bots/euaiact.js +372 -0
  194. package/dist/audit-bots/euaiact.js.map +1 -0
  195. package/dist/audit-bots/evidence.d.ts +60 -0
  196. package/dist/audit-bots/evidence.d.ts.map +1 -0
  197. package/dist/audit-bots/evidence.js +190 -0
  198. package/dist/audit-bots/evidence.js.map +1 -0
  199. package/dist/audit-bots/gdpr.d.ts +40 -0
  200. package/dist/audit-bots/gdpr.d.ts.map +1 -0
  201. package/dist/audit-bots/gdpr.js +271 -0
  202. package/dist/audit-bots/gdpr.js.map +1 -0
  203. package/dist/audit-bots/hipaa.d.ts +38 -0
  204. package/dist/audit-bots/hipaa.d.ts.map +1 -0
  205. package/dist/audit-bots/hipaa.js +236 -0
  206. package/dist/audit-bots/hipaa.js.map +1 -0
  207. package/dist/audit-bots/iso27001.d.ts +61 -0
  208. package/dist/audit-bots/iso27001.d.ts.map +1 -0
  209. package/dist/audit-bots/iso27001.js +448 -0
  210. package/dist/audit-bots/iso27001.js.map +1 -0
  211. package/dist/audit-bots/iso42001.d.ts +59 -0
  212. package/dist/audit-bots/iso42001.d.ts.map +1 -0
  213. package/dist/audit-bots/iso42001.js +450 -0
  214. package/dist/audit-bots/iso42001.js.map +1 -0
  215. package/dist/audit-bots/nist-ai-rmf.d.ts +62 -0
  216. package/dist/audit-bots/nist-ai-rmf.d.ts.map +1 -0
  217. package/dist/audit-bots/nist-ai-rmf.js +467 -0
  218. package/dist/audit-bots/nist-ai-rmf.js.map +1 -0
  219. package/dist/audit-bots/pcidss.d.ts +57 -0
  220. package/dist/audit-bots/pcidss.d.ts.map +1 -0
  221. package/dist/audit-bots/pcidss.js +399 -0
  222. package/dist/audit-bots/pcidss.js.map +1 -0
  223. package/dist/audit-bots/scheduler.d.ts +111 -0
  224. package/dist/audit-bots/scheduler.d.ts.map +1 -0
  225. package/dist/audit-bots/scheduler.js +175 -0
  226. package/dist/audit-bots/scheduler.js.map +1 -0
  227. package/dist/audit-bots/soc1.d.ts +67 -0
  228. package/dist/audit-bots/soc1.d.ts.map +1 -0
  229. package/dist/audit-bots/soc1.js +491 -0
  230. package/dist/audit-bots/soc1.js.map +1 -0
  231. package/dist/audit-bots/soc2.d.ts +41 -0
  232. package/dist/audit-bots/soc2.d.ts.map +1 -0
  233. package/dist/audit-bots/soc2.js +352 -0
  234. package/dist/audit-bots/soc2.js.map +1 -0
  235. package/dist/classification/pack-driven-classifier.d.ts +409 -0
  236. package/dist/classification/pack-driven-classifier.d.ts.map +1 -0
  237. package/dist/classification/pack-driven-classifier.js +565 -0
  238. package/dist/classification/pack-driven-classifier.js.map +1 -0
  239. package/dist/cli/agent-dir-scanner.d.ts +35 -0
  240. package/dist/cli/agent-dir-scanner.d.ts.map +1 -0
  241. package/dist/cli/agent-dir-scanner.js +269 -0
  242. package/dist/cli/agent-dir-scanner.js.map +1 -0
  243. package/dist/cli/agent-signatures.d.ts +28 -0
  244. package/dist/cli/agent-signatures.d.ts.map +1 -0
  245. package/dist/cli/agent-signatures.js +241 -0
  246. package/dist/cli/agent-signatures.js.map +1 -0
  247. package/dist/cli/audit-chain-append.d.ts +47 -0
  248. package/dist/cli/audit-chain-append.d.ts.map +1 -0
  249. package/dist/cli/audit-chain-append.js +277 -0
  250. package/dist/cli/audit-chain-append.js.map +1 -0
  251. package/dist/cli/discover.d.ts +24 -0
  252. package/dist/cli/discover.d.ts.map +1 -0
  253. package/dist/cli/discover.js +179 -0
  254. package/dist/cli/discover.js.map +1 -0
  255. package/dist/cli/discover.test.d.ts +12 -0
  256. package/dist/cli/discover.test.d.ts.map +1 -0
  257. package/dist/cli/discover.test.js +192 -0
  258. package/dist/cli/discover.test.js.map +1 -0
  259. package/dist/cli/index.d.ts +201 -0
  260. package/dist/cli/index.d.ts.map +1 -0
  261. package/dist/cli/index.js +2130 -0
  262. package/dist/cli/index.js.map +1 -0
  263. package/dist/cli/pack-enforcement-bridge.d.ts +39 -0
  264. package/dist/cli/pack-enforcement-bridge.d.ts.map +1 -0
  265. package/dist/cli/pack-enforcement-bridge.js +211 -0
  266. package/dist/cli/pack-enforcement-bridge.js.map +1 -0
  267. package/dist/cli/packs.d.ts +22 -0
  268. package/dist/cli/packs.d.ts.map +1 -0
  269. package/dist/cli/packs.js +299 -0
  270. package/dist/cli/packs.js.map +1 -0
  271. package/dist/cli/preflight-report.d.ts +51 -0
  272. package/dist/cli/preflight-report.d.ts.map +1 -0
  273. package/dist/cli/preflight-report.js +143 -0
  274. package/dist/cli/preflight-report.js.map +1 -0
  275. package/dist/cli/preflight.d.ts +57 -0
  276. package/dist/cli/preflight.d.ts.map +1 -0
  277. package/dist/cli/preflight.js +375 -0
  278. package/dist/cli/preflight.js.map +1 -0
  279. package/dist/cli/shim-templates/python-anthropic.template.py.txt +54 -0
  280. package/dist/cli/shim-templates/python-bedrock.template.py.txt +55 -0
  281. package/dist/cli/shim-templates/python-google.template.py.txt +55 -0
  282. package/dist/cli/shim-templates/python-huggingface.template.py.txt +142 -0
  283. package/dist/cli/shim-templates/python-langchain-anthropic.template.py.txt +61 -0
  284. package/dist/cli/shim-templates/python-langchain-openai.template.py.txt +66 -0
  285. package/dist/cli/shim-templates/python-ollama.template.py.txt +75 -0
  286. package/dist/cli/shim-templates/python-openai.template.py.txt +54 -0
  287. package/dist/cli/shim-templates/typescript-anthropic.template.ts.txt +25 -0
  288. package/dist/cli/shim-templates/typescript-google.template.ts.txt +25 -0
  289. package/dist/cli/shim-templates/typescript-openai.template.ts.txt +25 -0
  290. package/dist/cli/wrap-shim-generator.d.ts +65 -0
  291. package/dist/cli/wrap-shim-generator.d.ts.map +1 -0
  292. package/dist/cli/wrap-shim-generator.js +245 -0
  293. package/dist/cli/wrap-shim-generator.js.map +1 -0
  294. package/dist/dashboard/api.d.ts +157 -0
  295. package/dist/dashboard/api.d.ts.map +1 -0
  296. package/dist/dashboard/api.js +347 -0
  297. package/dist/dashboard/api.js.map +1 -0
  298. package/dist/dashboard/theme.d.ts +80 -0
  299. package/dist/dashboard/theme.d.ts.map +1 -0
  300. package/dist/dashboard/theme.js +172 -0
  301. package/dist/dashboard/theme.js.map +1 -0
  302. package/dist/errors/index.d.ts +46 -0
  303. package/dist/errors/index.d.ts.map +1 -0
  304. package/dist/errors/index.js +93 -0
  305. package/dist/errors/index.js.map +1 -0
  306. package/dist/esm/adapters/cursor.js +184 -0
  307. package/dist/esm/adapters/cursor.js.map +1 -0
  308. package/dist/esm/adapters/index.js +335 -0
  309. package/dist/esm/adapters/index.js.map +1 -0
  310. package/dist/esm/agents/compliance-agent-templates/dora.js +943 -0
  311. package/dist/esm/agents/compliance-agent-templates/dora.js.map +1 -0
  312. package/dist/esm/agents/compliance-agent-templates/eu-ai-act.js +717 -0
  313. package/dist/esm/agents/compliance-agent-templates/eu-ai-act.js.map +1 -0
  314. package/dist/esm/agents/compliance-agent-templates/gdpr.js +684 -0
  315. package/dist/esm/agents/compliance-agent-templates/gdpr.js.map +1 -0
  316. package/dist/esm/agents/compliance-agent-templates/hipaa.js +636 -0
  317. package/dist/esm/agents/compliance-agent-templates/hipaa.js.map +1 -0
  318. package/dist/esm/agents/compliance-agent-templates/iso27001.js +801 -0
  319. package/dist/esm/agents/compliance-agent-templates/iso27001.js.map +1 -0
  320. package/dist/esm/agents/compliance-agent-templates/iso42001.js +894 -0
  321. package/dist/esm/agents/compliance-agent-templates/iso42001.js.map +1 -0
  322. package/dist/esm/agents/compliance-agent-templates/nist-ai-rmf.js +815 -0
  323. package/dist/esm/agents/compliance-agent-templates/nist-ai-rmf.js.map +1 -0
  324. package/dist/esm/agents/compliance-agent-templates/pci-dss.js +654 -0
  325. package/dist/esm/agents/compliance-agent-templates/pci-dss.js.map +1 -0
  326. package/dist/esm/agents/compliance-agent-templates/soc2.js +639 -0
  327. package/dist/esm/agents/compliance-agent-templates/soc2.js.map +1 -0
  328. package/dist/esm/agents/compliance-agent-templates/types.js +33 -0
  329. package/dist/esm/agents/compliance-agent-templates/types.js.map +1 -0
  330. package/dist/esm/audit/audit-integrity.js +247 -0
  331. package/dist/esm/audit/audit-integrity.js.map +1 -0
  332. package/dist/esm/audit/chain-tamper-detector.js +217 -0
  333. package/dist/esm/audit/chain-tamper-detector.js.map +1 -0
  334. package/dist/esm/audit/compliance-reporter.js +434 -0
  335. package/dist/esm/audit/compliance-reporter.js.map +1 -0
  336. package/dist/esm/audit/destinations/custom-webhook.js +436 -0
  337. package/dist/esm/audit/destinations/custom-webhook.js.map +1 -0
  338. package/dist/esm/audit/destinations/datadog-logs.js +533 -0
  339. package/dist/esm/audit/destinations/datadog-logs.js.map +1 -0
  340. package/dist/esm/audit/destinations/sentinel.js +881 -0
  341. package/dist/esm/audit/destinations/sentinel.js.map +1 -0
  342. package/dist/esm/audit/destinations/sumo-logic.js +529 -0
  343. package/dist/esm/audit/destinations/sumo-logic.js.map +1 -0
  344. package/dist/esm/audit/event-bus.js +219 -0
  345. package/dist/esm/audit/event-bus.js.map +1 -0
  346. package/dist/esm/audit/narrative-generator.js +498 -0
  347. package/dist/esm/audit/narrative-generator.js.map +1 -0
  348. package/dist/esm/audit/narrative-types.js +108 -0
  349. package/dist/esm/audit/narrative-types.js.map +1 -0
  350. package/dist/esm/audit/provenance-signer.js +273 -0
  351. package/dist/esm/audit/provenance-signer.js.map +1 -0
  352. package/dist/esm/audit/redis-event-bus.js +272 -0
  353. package/dist/esm/audit/redis-event-bus.js.map +1 -0
  354. package/dist/esm/audit/report-templates/disclosure-accounting.js +191 -0
  355. package/dist/esm/audit/report-templates/disclosure-accounting.js.map +1 -0
  356. package/dist/esm/audit/report-templates/dora-ict-major-incident.js +224 -0
  357. package/dist/esm/audit/report-templates/dora-ict-major-incident.js.map +1 -0
  358. package/dist/esm/audit/report-templates/eu-ai-act-annex-iv.js +264 -0
  359. package/dist/esm/audit/report-templates/eu-ai-act-annex-iv.js.map +1 -0
  360. package/dist/esm/audit/report-templates/gdpr-data-subject-rights.js +232 -0
  361. package/dist/esm/audit/report-templates/gdpr-data-subject-rights.js.map +1 -0
  362. package/dist/esm/audit/report-templates/hipaa-breach-notification.js +194 -0
  363. package/dist/esm/audit/report-templates/hipaa-breach-notification.js.map +1 -0
  364. package/dist/esm/audit/report-templates/hipaa-security-incident.js +169 -0
  365. package/dist/esm/audit/report-templates/hipaa-security-incident.js.map +1 -0
  366. package/dist/esm/audit/report-templates/index.js +93 -0
  367. package/dist/esm/audit/report-templates/index.js.map +1 -0
  368. package/dist/esm/audit/report-templates/iso-42001-ams.js +259 -0
  369. package/dist/esm/audit/report-templates/iso-42001-ams.js.map +1 -0
  370. package/dist/esm/audit/report-templates/pci-dss-annual-attestation.js +208 -0
  371. package/dist/esm/audit/report-templates/pci-dss-annual-attestation.js.map +1 -0
  372. package/dist/esm/audit/report-templates/prompts/base.js +189 -0
  373. package/dist/esm/audit/report-templates/prompts/base.js.map +1 -0
  374. package/dist/esm/audit/report-templates/prompts/dora.js +118 -0
  375. package/dist/esm/audit/report-templates/prompts/dora.js.map +1 -0
  376. package/dist/esm/audit/report-templates/prompts/euaiact.js +123 -0
  377. package/dist/esm/audit/report-templates/prompts/euaiact.js.map +1 -0
  378. package/dist/esm/audit/report-templates/prompts/gdpr.js +123 -0
  379. package/dist/esm/audit/report-templates/prompts/gdpr.js.map +1 -0
  380. package/dist/esm/audit/report-templates/prompts/hipaa.js +95 -0
  381. package/dist/esm/audit/report-templates/prompts/hipaa.js.map +1 -0
  382. package/dist/esm/audit/report-templates/prompts/hitech.js +111 -0
  383. package/dist/esm/audit/report-templates/prompts/hitech.js.map +1 -0
  384. package/dist/esm/audit/report-templates/prompts/index.js +43 -0
  385. package/dist/esm/audit/report-templates/prompts/index.js.map +1 -0
  386. package/dist/esm/audit/report-templates/prompts/iso27001.js +107 -0
  387. package/dist/esm/audit/report-templates/prompts/iso27001.js.map +1 -0
  388. package/dist/esm/audit/report-templates/prompts/pcidss.js +108 -0
  389. package/dist/esm/audit/report-templates/prompts/pcidss.js.map +1 -0
  390. package/dist/esm/audit/report-templates/prompts/soc2.js +114 -0
  391. package/dist/esm/audit/report-templates/prompts/soc2.js.map +1 -0
  392. package/dist/esm/audit/report-templates/soc2-type-ii.js +184 -0
  393. package/dist/esm/audit/report-templates/soc2-type-ii.js.map +1 -0
  394. package/dist/esm/audit/reporting-exports.js +19 -0
  395. package/dist/esm/audit/reporting-exports.js.map +1 -0
  396. package/dist/esm/audit/webhook-delivery.js +344 -0
  397. package/dist/esm/audit/webhook-delivery.js.map +1 -0
  398. package/dist/esm/audit-bots/dora.js +379 -0
  399. package/dist/esm/audit-bots/dora.js.map +1 -0
  400. package/dist/esm/audit-bots/euaiact.js +334 -0
  401. package/dist/esm/audit-bots/euaiact.js.map +1 -0
  402. package/dist/esm/audit-bots/evidence.js +153 -0
  403. package/dist/esm/audit-bots/evidence.js.map +1 -0
  404. package/dist/esm/audit-bots/gdpr.js +234 -0
  405. package/dist/esm/audit-bots/gdpr.js.map +1 -0
  406. package/dist/esm/audit-bots/hipaa.js +199 -0
  407. package/dist/esm/audit-bots/hipaa.js.map +1 -0
  408. package/dist/esm/audit-bots/iso27001.js +410 -0
  409. package/dist/esm/audit-bots/iso27001.js.map +1 -0
  410. package/dist/esm/audit-bots/iso42001.js +412 -0
  411. package/dist/esm/audit-bots/iso42001.js.map +1 -0
  412. package/dist/esm/audit-bots/nist-ai-rmf.js +429 -0
  413. package/dist/esm/audit-bots/nist-ai-rmf.js.map +1 -0
  414. package/dist/esm/audit-bots/pcidss.js +361 -0
  415. package/dist/esm/audit-bots/pcidss.js.map +1 -0
  416. package/dist/esm/audit-bots/scheduler.js +137 -0
  417. package/dist/esm/audit-bots/scheduler.js.map +1 -0
  418. package/dist/esm/audit-bots/soc1.js +453 -0
  419. package/dist/esm/audit-bots/soc1.js.map +1 -0
  420. package/dist/esm/audit-bots/soc2.js +315 -0
  421. package/dist/esm/audit-bots/soc2.js.map +1 -0
  422. package/dist/esm/classification/pack-driven-classifier.js +525 -0
  423. package/dist/esm/classification/pack-driven-classifier.js.map +1 -0
  424. package/dist/esm/cli/agent-dir-scanner.js +233 -0
  425. package/dist/esm/cli/agent-dir-scanner.js.map +1 -0
  426. package/dist/esm/cli/agent-signatures.js +238 -0
  427. package/dist/esm/cli/agent-signatures.js.map +1 -0
  428. package/dist/esm/cli/audit-chain-append.js +242 -0
  429. package/dist/esm/cli/audit-chain-append.js.map +1 -0
  430. package/dist/esm/cli/discover.js +143 -0
  431. package/dist/esm/cli/discover.js.map +1 -0
  432. package/dist/esm/cli/discover.test.js +157 -0
  433. package/dist/esm/cli/discover.test.js.map +1 -0
  434. package/dist/esm/cli/index.js +2083 -0
  435. package/dist/esm/cli/index.js.map +1 -0
  436. package/dist/esm/cli/pack-enforcement-bridge.js +176 -0
  437. package/dist/esm/cli/pack-enforcement-bridge.js.map +1 -0
  438. package/dist/esm/cli/packs.js +263 -0
  439. package/dist/esm/cli/packs.js.map +1 -0
  440. package/dist/esm/cli/preflight-report.js +135 -0
  441. package/dist/esm/cli/preflight-report.js.map +1 -0
  442. package/dist/esm/cli/preflight.js +339 -0
  443. package/dist/esm/cli/preflight.js.map +1 -0
  444. package/dist/esm/cli/wrap-shim-generator.js +205 -0
  445. package/dist/esm/cli/wrap-shim-generator.js.map +1 -0
  446. package/dist/esm/dashboard/api.js +310 -0
  447. package/dist/esm/dashboard/api.js.map +1 -0
  448. package/dist/esm/dashboard/theme.js +135 -0
  449. package/dist/esm/dashboard/theme.js.map +1 -0
  450. package/dist/esm/errors/index.js +84 -0
  451. package/dist/esm/errors/index.js.map +1 -0
  452. package/dist/esm/governance/action-classes.js +171 -0
  453. package/dist/esm/governance/action-classes.js.map +1 -0
  454. package/dist/esm/governance/action-isolation.js +582 -0
  455. package/dist/esm/governance/action-isolation.js.map +1 -0
  456. package/dist/esm/governance/agent-discovery.js +213 -0
  457. package/dist/esm/governance/agent-discovery.js.map +1 -0
  458. package/dist/esm/governance/agent-discovery.test.js +144 -0
  459. package/dist/esm/governance/agent-discovery.test.js.map +1 -0
  460. package/dist/esm/governance/agent-trust-report.js +149 -0
  461. package/dist/esm/governance/agent-trust-report.js.map +1 -0
  462. package/dist/esm/governance/agent-trust-report.test.js +259 -0
  463. package/dist/esm/governance/agent-trust-report.test.js.map +1 -0
  464. package/dist/esm/governance/approval-channel-adapters.js +134 -0
  465. package/dist/esm/governance/approval-channel-adapters.js.map +1 -0
  466. package/dist/esm/governance/approval-channel-adapters.test.js +163 -0
  467. package/dist/esm/governance/approval-channel-adapters.test.js.map +1 -0
  468. package/dist/esm/governance/approval-gate-enforcer.js +405 -0
  469. package/dist/esm/governance/approval-gate-enforcer.js.map +1 -0
  470. package/dist/esm/governance/approval-notifications.js +139 -0
  471. package/dist/esm/governance/approval-notifications.js.map +1 -0
  472. package/dist/esm/governance/approval-notifications.test.js +192 -0
  473. package/dist/esm/governance/approval-notifications.test.js.map +1 -0
  474. package/dist/esm/governance/approval-queue-store.js +112 -0
  475. package/dist/esm/governance/approval-queue-store.js.map +1 -0
  476. package/dist/esm/governance/approval-queue.js +291 -0
  477. package/dist/esm/governance/approval-queue.js.map +1 -0
  478. package/dist/esm/governance/approval-service.js +92 -0
  479. package/dist/esm/governance/approval-service.js.map +1 -0
  480. package/dist/esm/governance/audit-chain-emitter.js +178 -0
  481. package/dist/esm/governance/audit-chain-emitter.js.map +1 -0
  482. package/dist/esm/governance/audit-chain-emitter.test.js +190 -0
  483. package/dist/esm/governance/audit-chain-emitter.test.js.map +1 -0
  484. package/dist/esm/governance/auto-pack-generator.js +67 -0
  485. package/dist/esm/governance/auto-pack-generator.js.map +1 -0
  486. package/dist/esm/governance/auto-pack-generator.test.js +95 -0
  487. package/dist/esm/governance/auto-pack-generator.test.js.map +1 -0
  488. package/dist/esm/governance/autonomy-spectrum.js +652 -0
  489. package/dist/esm/governance/autonomy-spectrum.js.map +1 -0
  490. package/dist/esm/governance/batch-mode-governance.js +603 -0
  491. package/dist/esm/governance/batch-mode-governance.js.map +1 -0
  492. package/dist/esm/governance/bias-monitor.js +273 -0
  493. package/dist/esm/governance/bias-monitor.js.map +1 -0
  494. package/dist/esm/governance/blast-radius-enforcer.js +539 -0
  495. package/dist/esm/governance/blast-radius-enforcer.js.map +1 -0
  496. package/dist/esm/governance/build-structure-score.js +61 -0
  497. package/dist/esm/governance/build-structure-score.js.map +1 -0
  498. package/dist/esm/governance/build-structure-score.test.js +116 -0
  499. package/dist/esm/governance/build-structure-score.test.js.map +1 -0
  500. package/dist/esm/governance/capability-bundle.js +241 -0
  501. package/dist/esm/governance/capability-bundle.js.map +1 -0
  502. package/dist/esm/governance/capability-change-detector.js +701 -0
  503. package/dist/esm/governance/capability-change-detector.js.map +1 -0
  504. package/dist/esm/governance/capability-classes.js +123 -0
  505. package/dist/esm/governance/capability-classes.js.map +1 -0
  506. package/dist/esm/governance/capability-classes.test.js +171 -0
  507. package/dist/esm/governance/capability-classes.test.js.map +1 -0
  508. package/dist/esm/governance/company-pack-builder.js +71 -0
  509. package/dist/esm/governance/company-pack-builder.js.map +1 -0
  510. package/dist/esm/governance/confidence-gate.js +246 -0
  511. package/dist/esm/governance/confidence-gate.js.map +1 -0
  512. package/dist/esm/governance/council.js +268 -0
  513. package/dist/esm/governance/council.js.map +1 -0
  514. package/dist/esm/governance/cross-session-pseudonymizer.js +598 -0
  515. package/dist/esm/governance/cross-session-pseudonymizer.js.map +1 -0
  516. package/dist/esm/governance/cycle-timeout.js +212 -0
  517. package/dist/esm/governance/cycle-timeout.js.map +1 -0
  518. package/dist/esm/governance/cycle-token-budget.js +177 -0
  519. package/dist/esm/governance/cycle-token-budget.js.map +1 -0
  520. package/dist/esm/governance/data-subject-rights.js +455 -0
  521. package/dist/esm/governance/data-subject-rights.js.map +1 -0
  522. package/dist/esm/governance/demo-workspace.js +210 -0
  523. package/dist/esm/governance/demo-workspace.js.map +1 -0
  524. package/dist/esm/governance/demo-workspace.test.js +80 -0
  525. package/dist/esm/governance/demo-workspace.test.js.map +1 -0
  526. package/dist/esm/governance/discovery-cli.js +95 -0
  527. package/dist/esm/governance/discovery-cli.js.map +1 -0
  528. package/dist/esm/governance/discovery-cli.test.js +191 -0
  529. package/dist/esm/governance/discovery-cli.test.js.map +1 -0
  530. package/dist/esm/governance/gateguard.js +265 -0
  531. package/dist/esm/governance/gateguard.js.map +1 -0
  532. package/dist/esm/governance/governance-runtime.js +376 -0
  533. package/dist/esm/governance/governance-runtime.js.map +1 -0
  534. package/dist/esm/governance/hook-install-snippet.js +208 -0
  535. package/dist/esm/governance/hook-install-snippet.js.map +1 -0
  536. package/dist/esm/governance/hook-install-snippet.test.js +95 -0
  537. package/dist/esm/governance/hook-install-snippet.test.js.map +1 -0
  538. package/dist/esm/governance/hook-profile.js +474 -0
  539. package/dist/esm/governance/hook-profile.js.map +1 -0
  540. package/dist/esm/governance/improvement-recommendations.js +165 -0
  541. package/dist/esm/governance/improvement-recommendations.js.map +1 -0
  542. package/dist/esm/governance/improvement-recommendations.test.js +178 -0
  543. package/dist/esm/governance/improvement-recommendations.test.js.map +1 -0
  544. package/dist/esm/governance/incident-notifier.js +488 -0
  545. package/dist/esm/governance/incident-notifier.js.map +1 -0
  546. package/dist/esm/governance/index.js +33 -0
  547. package/dist/esm/governance/index.js.map +1 -0
  548. package/dist/esm/governance/info-action-separation.js +143 -0
  549. package/dist/esm/governance/info-action-separation.js.map +1 -0
  550. package/dist/esm/governance/info-action-separation.test.js +155 -0
  551. package/dist/esm/governance/info-action-separation.test.js.map +1 -0
  552. package/dist/esm/governance/instinct-system.js +351 -0
  553. package/dist/esm/governance/instinct-system.js.map +1 -0
  554. package/dist/esm/governance/insurance-certificate.js +116 -0
  555. package/dist/esm/governance/insurance-certificate.js.map +1 -0
  556. package/dist/esm/governance/insurance-certificate.test.js +205 -0
  557. package/dist/esm/governance/insurance-certificate.test.js.map +1 -0
  558. package/dist/esm/governance/manifest-push-emitter.js +107 -0
  559. package/dist/esm/governance/manifest-push-emitter.js.map +1 -0
  560. package/dist/esm/governance/manifest-push-emitter.test.js +215 -0
  561. package/dist/esm/governance/manifest-push-emitter.test.js.map +1 -0
  562. package/dist/esm/governance/memory/cross-session-memory.js +283 -0
  563. package/dist/esm/governance/memory/cross-session-memory.js.map +1 -0
  564. package/dist/esm/governance/memory/index.js +14 -0
  565. package/dist/esm/governance/memory/index.js.map +1 -0
  566. package/dist/esm/governance/memory/memory-chain.js +183 -0
  567. package/dist/esm/governance/memory/memory-chain.js.map +1 -0
  568. package/dist/esm/governance/memory/retrieval-allowlist.js +172 -0
  569. package/dist/esm/governance/memory/retrieval-allowlist.js.map +1 -0
  570. package/dist/esm/governance/memory/session-memory.js +215 -0
  571. package/dist/esm/governance/memory/session-memory.js.map +1 -0
  572. package/dist/esm/governance/memory-audit-chain.js +361 -0
  573. package/dist/esm/governance/memory-audit-chain.js.map +1 -0
  574. package/dist/esm/governance/memory-integrity.js +267 -0
  575. package/dist/esm/governance/memory-integrity.js.map +1 -0
  576. package/dist/esm/governance/multi-store-deletion-worker.js +263 -0
  577. package/dist/esm/governance/multi-store-deletion-worker.js.map +1 -0
  578. package/dist/esm/governance/multi-tenant.js +273 -0
  579. package/dist/esm/governance/multi-tenant.js.map +1 -0
  580. package/dist/esm/governance/onboarding-tier-router.js +109 -0
  581. package/dist/esm/governance/onboarding-tier-router.js.map +1 -0
  582. package/dist/esm/governance/onboarding-tier-router.test.js +106 -0
  583. package/dist/esm/governance/onboarding-tier-router.test.js.map +1 -0
  584. package/dist/esm/governance/org-reputation.js +88 -0
  585. package/dist/esm/governance/org-reputation.js.map +1 -0
  586. package/dist/esm/governance/org-reputation.test.js +155 -0
  587. package/dist/esm/governance/org-reputation.test.js.map +1 -0
  588. package/dist/esm/governance/owasp-agentic-scanner.js +314 -0
  589. package/dist/esm/governance/owasp-agentic-scanner.js.map +1 -0
  590. package/dist/esm/governance/owasp-agentic-scanner.test.js +128 -0
  591. package/dist/esm/governance/owasp-agentic-scanner.test.js.map +1 -0
  592. package/dist/esm/governance/pack-diff.js +78 -0
  593. package/dist/esm/governance/pack-diff.js.map +1 -0
  594. package/dist/esm/governance/pack-diff.test.js +207 -0
  595. package/dist/esm/governance/pack-diff.test.js.map +1 -0
  596. package/dist/esm/governance/pack-evaluator-prewarm.js +102 -0
  597. package/dist/esm/governance/pack-evaluator-prewarm.js.map +1 -0
  598. package/dist/esm/governance/pack-evaluator.js +324 -0
  599. package/dist/esm/governance/pack-evaluator.js.map +1 -0
  600. package/dist/esm/governance/pack-evaluator.test.js +244 -0
  601. package/dist/esm/governance/pack-evaluator.test.js.map +1 -0
  602. package/dist/esm/governance/pack-inheritance.js +173 -0
  603. package/dist/esm/governance/pack-inheritance.js.map +1 -0
  604. package/dist/esm/governance/pack-inheritance.test.js +172 -0
  605. package/dist/esm/governance/pack-inheritance.test.js.map +1 -0
  606. package/dist/esm/governance/pack-publish-workflow.js +80 -0
  607. package/dist/esm/governance/pack-publish-workflow.js.map +1 -0
  608. package/dist/esm/governance/pack-publish-workflow.test.js +176 -0
  609. package/dist/esm/governance/pack-publish-workflow.test.js.map +1 -0
  610. package/dist/esm/governance/pack-rule-validator.js +139 -0
  611. package/dist/esm/governance/pack-rule-validator.js.map +1 -0
  612. package/dist/esm/governance/pack-rule-validator.test.js +118 -0
  613. package/dist/esm/governance/pack-rule-validator.test.js.map +1 -0
  614. package/dist/esm/governance/pack-versioning.js +188 -0
  615. package/dist/esm/governance/pack-versioning.js.map +1 -0
  616. package/dist/esm/governance/pack-versioning.test.js +137 -0
  617. package/dist/esm/governance/pack-versioning.test.js.map +1 -0
  618. package/dist/esm/governance/partner-manager.js +221 -0
  619. package/dist/esm/governance/partner-manager.js.map +1 -0
  620. package/dist/esm/governance/paste-your-agent.js +151 -0
  621. package/dist/esm/governance/paste-your-agent.js.map +1 -0
  622. package/dist/esm/governance/paste-your-agent.test.js +105 -0
  623. package/dist/esm/governance/paste-your-agent.test.js.map +1 -0
  624. package/dist/esm/governance/per-agent-daily-budget.js +658 -0
  625. package/dist/esm/governance/per-agent-daily-budget.js.map +1 -0
  626. package/dist/esm/governance/per-agent-override.test.js +239 -0
  627. package/dist/esm/governance/per-agent-override.test.js.map +1 -0
  628. package/dist/esm/governance/plugin-system.js +925 -0
  629. package/dist/esm/governance/plugin-system.js.map +1 -0
  630. package/dist/esm/governance/policy-tuning.js +322 -0
  631. package/dist/esm/governance/policy-tuning.js.map +1 -0
  632. package/dist/esm/governance/post-market-monitor.js +242 -0
  633. package/dist/esm/governance/post-market-monitor.js.map +1 -0
  634. package/dist/esm/governance/post-tool-audit-enrichment.js +466 -0
  635. package/dist/esm/governance/post-tool-audit-enrichment.js.map +1 -0
  636. package/dist/esm/governance/prohibited-practices.js +230 -0
  637. package/dist/esm/governance/prohibited-practices.js.map +1 -0
  638. package/dist/esm/governance/proxy-onboarding.js +302 -0
  639. package/dist/esm/governance/proxy-onboarding.js.map +1 -0
  640. package/dist/esm/governance/proxy-onboarding.test.js +100 -0
  641. package/dist/esm/governance/proxy-onboarding.test.js.map +1 -0
  642. package/dist/esm/governance/rag-citation-enforcement.js +527 -0
  643. package/dist/esm/governance/rag-citation-enforcement.js.map +1 -0
  644. package/dist/esm/governance/rag-confidence-threshold.js +409 -0
  645. package/dist/esm/governance/rag-confidence-threshold.js.map +1 -0
  646. package/dist/esm/governance/rag-retrieval-audit.js +478 -0
  647. package/dist/esm/governance/rag-retrieval-audit.js.map +1 -0
  648. package/dist/esm/governance/rag-source-allowlist.js +495 -0
  649. package/dist/esm/governance/rag-source-allowlist.js.map +1 -0
  650. package/dist/esm/governance/rag-source-output-chain.js +641 -0
  651. package/dist/esm/governance/rag-source-output-chain.js.map +1 -0
  652. package/dist/esm/governance/replay-player.js +85 -0
  653. package/dist/esm/governance/replay-player.js.map +1 -0
  654. package/dist/esm/governance/replay-player.test.js +157 -0
  655. package/dist/esm/governance/replay-player.test.js.map +1 -0
  656. package/dist/esm/governance/retention-manager.js +529 -0
  657. package/dist/esm/governance/retention-manager.js.map +1 -0
  658. package/dist/esm/governance/runtime-event-renderer.js +129 -0
  659. package/dist/esm/governance/runtime-event-renderer.js.map +1 -0
  660. package/dist/esm/governance/runtime-event-renderer.test.js +160 -0
  661. package/dist/esm/governance/runtime-event-renderer.test.js.map +1 -0
  662. package/dist/esm/governance/sandbox-replay.js +184 -0
  663. package/dist/esm/governance/sandbox-replay.js.map +1 -0
  664. package/dist/esm/governance/sandbox-replay.test.js +82 -0
  665. package/dist/esm/governance/sandbox-replay.test.js.map +1 -0
  666. package/dist/esm/governance/self-registration-hook.js +112 -0
  667. package/dist/esm/governance/self-registration-hook.js.map +1 -0
  668. package/dist/esm/governance/self-registration-hook.test.js +114 -0
  669. package/dist/esm/governance/self-registration-hook.test.js.map +1 -0
  670. package/dist/esm/governance/session-persistence.js +339 -0
  671. package/dist/esm/governance/session-persistence.js.map +1 -0
  672. package/dist/esm/governance/signed-manifest.js +119 -0
  673. package/dist/esm/governance/signed-manifest.js.map +1 -0
  674. package/dist/esm/governance/signed-manifest.test.js +114 -0
  675. package/dist/esm/governance/signed-manifest.test.js.map +1 -0
  676. package/dist/esm/governance/skip-api-empty-queue.js +458 -0
  677. package/dist/esm/governance/skip-api-empty-queue.js.map +1 -0
  678. package/dist/esm/governance/state-manager.js +249 -0
  679. package/dist/esm/governance/state-manager.js.map +1 -0
  680. package/dist/esm/governance/tenant-provider-agreements.js +398 -0
  681. package/dist/esm/governance/tenant-provider-agreements.js.map +1 -0
  682. package/dist/esm/governance/tool-provider-health.js +650 -0
  683. package/dist/esm/governance/tool-provider-health.js.map +1 -0
  684. package/dist/esm/governance/tool-rate-limit.js +140 -0
  685. package/dist/esm/governance/tool-rate-limit.js.map +1 -0
  686. package/dist/esm/governance/transparency-injector.js +158 -0
  687. package/dist/esm/governance/transparency-injector.js.map +1 -0
  688. package/dist/esm/governance/trust-score-snapshot.js +94 -0
  689. package/dist/esm/governance/trust-score-snapshot.js.map +1 -0
  690. package/dist/esm/governance/trust-score-snapshot.test.js +152 -0
  691. package/dist/esm/governance/trust-score-snapshot.test.js.map +1 -0
  692. package/dist/esm/governance/trust-score-three-dim.js +171 -0
  693. package/dist/esm/governance/trust-score-three-dim.js.map +1 -0
  694. package/dist/esm/governance/trust-score-three-dim.test.js +186 -0
  695. package/dist/esm/governance/trust-score-three-dim.test.js.map +1 -0
  696. package/dist/esm/governance-config.js +308 -0
  697. package/dist/esm/governance-config.js.map +1 -0
  698. package/dist/esm/governed-agent.js +1278 -0
  699. package/dist/esm/governed-agent.js.map +1 -0
  700. package/dist/esm/hooks/data-classifier-bridge.js +78 -0
  701. package/dist/esm/hooks/data-classifier-bridge.js.map +1 -0
  702. package/dist/esm/ide-adapters/aider.js +706 -0
  703. package/dist/esm/ide-adapters/aider.js.map +1 -0
  704. package/dist/esm/ide-adapters/amazon-q-developer.js +682 -0
  705. package/dist/esm/ide-adapters/amazon-q-developer.js.map +1 -0
  706. package/dist/esm/ide-adapters/base.js +229 -0
  707. package/dist/esm/ide-adapters/base.js.map +1 -0
  708. package/dist/esm/ide-adapters/claude-code.js +188 -0
  709. package/dist/esm/ide-adapters/claude-code.js.map +1 -0
  710. package/dist/esm/ide-adapters/cody.js +763 -0
  711. package/dist/esm/ide-adapters/cody.js.map +1 -0
  712. package/dist/esm/ide-adapters/continue-dev.js +355 -0
  713. package/dist/esm/ide-adapters/continue-dev.js.map +1 -0
  714. package/dist/esm/ide-adapters/copilot-studio.js +1093 -0
  715. package/dist/esm/ide-adapters/copilot-studio.js.map +1 -0
  716. package/dist/esm/ide-adapters/copilot-workspace.js +372 -0
  717. package/dist/esm/ide-adapters/copilot-workspace.js.map +1 -0
  718. package/dist/esm/ide-adapters/cursor.js +269 -0
  719. package/dist/esm/ide-adapters/cursor.js.map +1 -0
  720. package/dist/esm/ide-adapters/exports.js +52 -0
  721. package/dist/esm/ide-adapters/exports.js.map +1 -0
  722. package/dist/esm/ide-adapters/gemini-code-assist.js +746 -0
  723. package/dist/esm/ide-adapters/gemini-code-assist.js.map +1 -0
  724. package/dist/esm/ide-adapters/github-copilot.js +543 -0
  725. package/dist/esm/ide-adapters/github-copilot.js.map +1 -0
  726. package/dist/esm/ide-adapters/index.js +96 -0
  727. package/dist/esm/ide-adapters/index.js.map +1 -0
  728. package/dist/esm/ide-adapters/jetbrains-ai.js +714 -0
  729. package/dist/esm/ide-adapters/jetbrains-ai.js.map +1 -0
  730. package/dist/esm/ide-adapters/notebook-ai.js +854 -0
  731. package/dist/esm/ide-adapters/notebook-ai.js.map +1 -0
  732. package/dist/esm/ide-adapters/replit-agent.js +1018 -0
  733. package/dist/esm/ide-adapters/replit-agent.js.map +1 -0
  734. package/dist/esm/ide-adapters/reviewer-tier.js +15 -0
  735. package/dist/esm/ide-adapters/reviewer-tier.js.map +1 -0
  736. package/dist/esm/ide-adapters/shared.js +267 -0
  737. package/dist/esm/ide-adapters/shared.js.map +1 -0
  738. package/dist/esm/ide-adapters/tabnine.js +717 -0
  739. package/dist/esm/ide-adapters/tabnine.js.map +1 -0
  740. package/dist/esm/ide-adapters/windsurf.js +808 -0
  741. package/dist/esm/ide-adapters/windsurf.js.map +1 -0
  742. package/dist/esm/ide-adapters/zed-ai.js +618 -0
  743. package/dist/esm/ide-adapters/zed-ai.js.map +1 -0
  744. package/dist/esm/index.js +182 -0
  745. package/dist/esm/index.js.map +1 -0
  746. package/dist/esm/license/entitlement-client.js +264 -0
  747. package/dist/esm/license/entitlement-client.js.map +1 -0
  748. package/dist/esm/license/index.js +8 -0
  749. package/dist/esm/license/index.js.map +1 -0
  750. package/dist/esm/license/jwt-issuer.js +107 -0
  751. package/dist/esm/license/jwt-issuer.js.map +1 -0
  752. package/dist/esm/license/jwt-validator.js +460 -0
  753. package/dist/esm/license/jwt-validator.js.map +1 -0
  754. package/dist/esm/license/keygen.js +65 -0
  755. package/dist/esm/license/keygen.js.map +1 -0
  756. package/dist/esm/license/subscription-gate.js +251 -0
  757. package/dist/esm/license/subscription-gate.js.map +1 -0
  758. package/dist/esm/llm-adapters/azure-openai.js +665 -0
  759. package/dist/esm/llm-adapters/azure-openai.js.map +1 -0
  760. package/dist/esm/llm-adapters/base.js +258 -0
  761. package/dist/esm/llm-adapters/base.js.map +1 -0
  762. package/dist/esm/llm-adapters/bedrock.js +713 -0
  763. package/dist/esm/llm-adapters/bedrock.js.map +1 -0
  764. package/dist/esm/llm-adapters/claude.js +236 -0
  765. package/dist/esm/llm-adapters/claude.js.map +1 -0
  766. package/dist/esm/llm-adapters/deepseek.js +716 -0
  767. package/dist/esm/llm-adapters/deepseek.js.map +1 -0
  768. package/dist/esm/llm-adapters/exports.js +36 -0
  769. package/dist/esm/llm-adapters/exports.js.map +1 -0
  770. package/dist/esm/llm-adapters/gemini.js +197 -0
  771. package/dist/esm/llm-adapters/gemini.js.map +1 -0
  772. package/dist/esm/llm-adapters/gemma.js +260 -0
  773. package/dist/esm/llm-adapters/gemma.js.map +1 -0
  774. package/dist/esm/llm-adapters/google.js +1136 -0
  775. package/dist/esm/llm-adapters/google.js.map +1 -0
  776. package/dist/esm/llm-adapters/huggingface.js +618 -0
  777. package/dist/esm/llm-adapters/huggingface.js.map +1 -0
  778. package/dist/esm/llm-adapters/index.js +87 -0
  779. package/dist/esm/llm-adapters/index.js.map +1 -0
  780. package/dist/esm/llm-adapters/ollama.js +587 -0
  781. package/dist/esm/llm-adapters/ollama.js.map +1 -0
  782. package/dist/esm/llm-adapters/openai.js +359 -0
  783. package/dist/esm/llm-adapters/openai.js.map +1 -0
  784. package/dist/esm/llm-adapters/replicate-llama.js +596 -0
  785. package/dist/esm/llm-adapters/replicate-llama.js.map +1 -0
  786. package/dist/esm/llm-adapters/shared.js +330 -0
  787. package/dist/esm/llm-adapters/shared.js.map +1 -0
  788. package/dist/esm/llm-adapters/supported-models-catalog.js +741 -0
  789. package/dist/esm/llm-adapters/supported-models-catalog.js.map +1 -0
  790. package/dist/esm/observability/destination-health-monitor.js +239 -0
  791. package/dist/esm/observability/destination-health-monitor.js.map +1 -0
  792. package/dist/esm/observability/health-metrics-store.js +124 -0
  793. package/dist/esm/observability/health-metrics-store.js.map +1 -0
  794. package/dist/esm/orchestrator-adapters/autogen.js +484 -0
  795. package/dist/esm/orchestrator-adapters/autogen.js.map +1 -0
  796. package/dist/esm/orchestrator-adapters/base.js +366 -0
  797. package/dist/esm/orchestrator-adapters/base.js.map +1 -0
  798. package/dist/esm/orchestrator-adapters/bedrock-agentcore.js +812 -0
  799. package/dist/esm/orchestrator-adapters/bedrock-agentcore.js.map +1 -0
  800. package/dist/esm/orchestrator-adapters/claude-agent-sdk.js +701 -0
  801. package/dist/esm/orchestrator-adapters/claude-agent-sdk.js.map +1 -0
  802. package/dist/esm/orchestrator-adapters/crewai.js +470 -0
  803. package/dist/esm/orchestrator-adapters/crewai.js.map +1 -0
  804. package/dist/esm/orchestrator-adapters/deepagents.js +345 -0
  805. package/dist/esm/orchestrator-adapters/deepagents.js.map +1 -0
  806. package/dist/esm/orchestrator-adapters/exports.js +34 -0
  807. package/dist/esm/orchestrator-adapters/exports.js.map +1 -0
  808. package/dist/esm/orchestrator-adapters/google-adk.js +775 -0
  809. package/dist/esm/orchestrator-adapters/google-adk.js.map +1 -0
  810. package/dist/esm/orchestrator-adapters/haystack.js +811 -0
  811. package/dist/esm/orchestrator-adapters/haystack.js.map +1 -0
  812. package/dist/esm/orchestrator-adapters/index.js +106 -0
  813. package/dist/esm/orchestrator-adapters/index.js.map +1 -0
  814. package/dist/esm/orchestrator-adapters/langchain.js +457 -0
  815. package/dist/esm/orchestrator-adapters/langchain.js.map +1 -0
  816. package/dist/esm/orchestrator-adapters/langgraph.js +464 -0
  817. package/dist/esm/orchestrator-adapters/langgraph.js.map +1 -0
  818. package/dist/esm/orchestrator-adapters/llamaindex.js +819 -0
  819. package/dist/esm/orchestrator-adapters/llamaindex.js.map +1 -0
  820. package/dist/esm/orchestrator-adapters/openai-agents.js +494 -0
  821. package/dist/esm/orchestrator-adapters/openai-agents.js.map +1 -0
  822. package/dist/esm/orchestrator-adapters/openclaw.js +866 -0
  823. package/dist/esm/orchestrator-adapters/openclaw.js.map +1 -0
  824. package/dist/esm/orchestrator-adapters/orchestrator-adapter.js +30 -0
  825. package/dist/esm/orchestrator-adapters/orchestrator-adapter.js.map +1 -0
  826. package/dist/esm/orchestrator-adapters/paperclip-adapter.js +366 -0
  827. package/dist/esm/orchestrator-adapters/paperclip-adapter.js.map +1 -0
  828. package/dist/esm/orchestrator-adapters/semantic-kernel.js +487 -0
  829. package/dist/esm/orchestrator-adapters/semantic-kernel.js.map +1 -0
  830. package/dist/esm/orchestrator-adapters/shared.js +121 -0
  831. package/dist/esm/orchestrator-adapters/shared.js.map +1 -0
  832. package/dist/esm/package.json +3 -0
  833. package/dist/esm/packs/_base-classifiers.js +160 -0
  834. package/dist/esm/packs/_base-classifiers.js.map +1 -0
  835. package/dist/esm/packs/aba.js +297 -0
  836. package/dist/esm/packs/aba.js.map +1 -0
  837. package/dist/esm/packs/as-9100.js +814 -0
  838. package/dist/esm/packs/as-9100.js.map +1 -0
  839. package/dist/esm/packs/au-act-hrpaa.js +290 -0
  840. package/dist/esm/packs/au-act-hrpaa.js.map +1 -0
  841. package/dist/esm/packs/au-aiethics-framework.js +341 -0
  842. package/dist/esm/packs/au-aiethics-framework.js.map +1 -0
  843. package/dist/esm/packs/au-aml-ctf.js +346 -0
  844. package/dist/esm/packs/au-aml-ctf.js.map +1 -0
  845. package/dist/esm/packs/au-asic-rg-271.js +268 -0
  846. package/dist/esm/packs/au-asic-rg-271.js.map +1 -0
  847. package/dist/esm/packs/au-asic-rg-274.js +268 -0
  848. package/dist/esm/packs/au-asic-rg-274.js.map +1 -0
  849. package/dist/esm/packs/au-cdr.js +305 -0
  850. package/dist/esm/packs/au-cdr.js.map +1 -0
  851. package/dist/esm/packs/au-cps230.js +264 -0
  852. package/dist/esm/packs/au-cps230.js.map +1 -0
  853. package/dist/esm/packs/au-cps234.js +297 -0
  854. package/dist/esm/packs/au-cps234.js.map +1 -0
  855. package/dist/esm/packs/au-mandatory-ai-guardrails.js +271 -0
  856. package/dist/esm/packs/au-mandatory-ai-guardrails.js.map +1 -0
  857. package/dist/esm/packs/au-nsw-hripa.js +363 -0
  858. package/dist/esm/packs/au-nsw-hripa.js.map +1 -0
  859. package/dist/esm/packs/au-online-safety.js +297 -0
  860. package/dist/esm/packs/au-online-safety.js.map +1 -0
  861. package/dist/esm/packs/au-privacy-act.js +361 -0
  862. package/dist/esm/packs/au-privacy-act.js.map +1 -0
  863. package/dist/esm/packs/au-soci-act.js +251 -0
  864. package/dist/esm/packs/au-soci-act.js.map +1 -0
  865. package/dist/esm/packs/au-spam-act.js +284 -0
  866. package/dist/esm/packs/au-spam-act.js.map +1 -0
  867. package/dist/esm/packs/au-tga-saimd.js +341 -0
  868. package/dist/esm/packs/au-tga-saimd.js.map +1 -0
  869. package/dist/esm/packs/au-vic-hra.js +345 -0
  870. package/dist/esm/packs/au-vic-hra.js.map +1 -0
  871. package/dist/esm/packs/bipa.js +268 -0
  872. package/dist/esm/packs/bipa.js.map +1 -0
  873. package/dist/esm/packs/bsa-aml.js +410 -0
  874. package/dist/esm/packs/bsa-aml.js.map +1 -0
  875. package/dist/esm/packs/ca-pipeda.js +217 -0
  876. package/dist/esm/packs/ca-pipeda.js.map +1 -0
  877. package/dist/esm/packs/ca-qc-law25.js +188 -0
  878. package/dist/esm/packs/ca-qc-law25.js.map +1 -0
  879. package/dist/esm/packs/caldicott-principles.js +441 -0
  880. package/dist/esm/packs/caldicott-principles.js.map +1 -0
  881. package/dist/esm/packs/california-ab2930.js +410 -0
  882. package/dist/esm/packs/california-ab2930.js.map +1 -0
  883. package/dist/esm/packs/ccpa.js +396 -0
  884. package/dist/esm/packs/ccpa.js.map +1 -0
  885. package/dist/esm/packs/cfpb-2023-03.js +282 -0
  886. package/dist/esm/packs/cfpb-2023-03.js.map +1 -0
  887. package/dist/esm/packs/check-registry.js +3337 -0
  888. package/dist/esm/packs/check-registry.js.map +1 -0
  889. package/dist/esm/packs/cjis.js +342 -0
  890. package/dist/esm/packs/cjis.js.map +1 -0
  891. package/dist/esm/packs/cma-ai-foundation-models.js +394 -0
  892. package/dist/esm/packs/cma-ai-foundation-models.js.map +1 -0
  893. package/dist/esm/packs/cmmc2.js +347 -0
  894. package/dist/esm/packs/cmmc2.js.map +1 -0
  895. package/dist/esm/packs/cms-interoperability.js +387 -0
  896. package/dist/esm/packs/cms-interoperability.js.map +1 -0
  897. package/dist/esm/packs/cn-dsl-csl.js +134 -0
  898. package/dist/esm/packs/cn-dsl-csl.js.map +1 -0
  899. package/dist/esm/packs/colorado-ai.js +376 -0
  900. package/dist/esm/packs/colorado-ai.js.map +1 -0
  901. package/dist/esm/packs/common-rule.js +470 -0
  902. package/dist/esm/packs/common-rule.js.map +1 -0
  903. package/dist/esm/packs/coppa.js +406 -0
  904. package/dist/esm/packs/coppa.js.map +1 -0
  905. package/dist/esm/packs/cyber-essentials.js +404 -0
  906. package/dist/esm/packs/cyber-essentials.js.map +1 -0
  907. package/dist/esm/packs/de-bdsg.js +413 -0
  908. package/dist/esm/packs/de-bdsg.js.map +1 -0
  909. package/dist/esm/packs/do-178c.js +723 -0
  910. package/dist/esm/packs/do-178c.js.map +1 -0
  911. package/dist/esm/packs/dora.js +358 -0
  912. package/dist/esm/packs/dora.js.map +1 -0
  913. package/dist/esm/packs/ecoa.js +386 -0
  914. package/dist/esm/packs/ecoa.js.map +1 -0
  915. package/dist/esm/packs/eu-ai-liability.js +300 -0
  916. package/dist/esm/packs/eu-ai-liability.js.map +1 -0
  917. package/dist/esm/packs/eu-cra.js +140 -0
  918. package/dist/esm/packs/eu-cra.js.map +1 -0
  919. package/dist/esm/packs/eu-data-act.js +138 -0
  920. package/dist/esm/packs/eu-data-act.js.map +1 -0
  921. package/dist/esm/packs/eu-dma.js +185 -0
  922. package/dist/esm/packs/eu-dma.js.map +1 -0
  923. package/dist/esm/packs/eu-dsa.js +176 -0
  924. package/dist/esm/packs/eu-dsa.js.map +1 -0
  925. package/dist/esm/packs/eu-lpp.js +342 -0
  926. package/dist/esm/packs/eu-lpp.js.map +1 -0
  927. package/dist/esm/packs/eu-mdr-ivdr.js +417 -0
  928. package/dist/esm/packs/eu-mdr-ivdr.js.map +1 -0
  929. package/dist/esm/packs/euaiact.js +341 -0
  930. package/dist/esm/packs/euaiact.js.map +1 -0
  931. package/dist/esm/packs/fca-consumer-duty.js +409 -0
  932. package/dist/esm/packs/fca-consumer-duty.js.map +1 -0
  933. package/dist/esm/packs/fca-op-resilience.js +350 -0
  934. package/dist/esm/packs/fca-op-resilience.js.map +1 -0
  935. package/dist/esm/packs/fcra.js +441 -0
  936. package/dist/esm/packs/fcra.js.map +1 -0
  937. package/dist/esm/packs/fda-21-cfr-820.js +606 -0
  938. package/dist/esm/packs/fda-21-cfr-820.js.map +1 -0
  939. package/dist/esm/packs/fda-samd-precert.js +863 -0
  940. package/dist/esm/packs/fda-samd-precert.js.map +1 -0
  941. package/dist/esm/packs/fda-samd.js +314 -0
  942. package/dist/esm/packs/fda-samd.js.map +1 -0
  943. package/dist/esm/packs/fedramp.js +318 -0
  944. package/dist/esm/packs/fedramp.js.map +1 -0
  945. package/dist/esm/packs/ferpa.js +309 -0
  946. package/dist/esm/packs/ferpa.js.map +1 -0
  947. package/dist/esm/packs/finra-3110.js +351 -0
  948. package/dist/esm/packs/finra-3110.js.map +1 -0
  949. package/dist/esm/packs/florida-student-privacy.js +448 -0
  950. package/dist/esm/packs/florida-student-privacy.js.map +1 -0
  951. package/dist/esm/packs/foia.js +394 -0
  952. package/dist/esm/packs/foia.js.map +1 -0
  953. package/dist/esm/packs/frcp26.js +294 -0
  954. package/dist/esm/packs/frcp26.js.map +1 -0
  955. package/dist/esm/packs/ftc5.js +290 -0
  956. package/dist/esm/packs/ftc5.js.map +1 -0
  957. package/dist/esm/packs/gdpr.js +487 -0
  958. package/dist/esm/packs/gdpr.js.map +1 -0
  959. package/dist/esm/packs/glba.js +421 -0
  960. package/dist/esm/packs/glba.js.map +1 -0
  961. package/dist/esm/packs/gxp.js +350 -0
  962. package/dist/esm/packs/gxp.js.map +1 -0
  963. package/dist/esm/packs/hipaa.js +381 -0
  964. package/dist/esm/packs/hipaa.js.map +1 -0
  965. package/dist/esm/packs/hitech.js +289 -0
  966. package/dist/esm/packs/hitech.js.map +1 -0
  967. package/dist/esm/packs/hitrust-csf.js +119 -0
  968. package/dist/esm/packs/hitrust-csf.js.map +1 -0
  969. package/dist/esm/packs/hk-pdpo.js +122 -0
  970. package/dist/esm/packs/hk-pdpo.js.map +1 -0
  971. package/dist/esm/packs/hmda.js +379 -0
  972. package/dist/esm/packs/hmda.js.map +1 -0
  973. package/dist/esm/packs/iec-62304.js +585 -0
  974. package/dist/esm/packs/iec-62304.js.map +1 -0
  975. package/dist/esm/packs/iec-62443.js +686 -0
  976. package/dist/esm/packs/iec-62443.js.map +1 -0
  977. package/dist/esm/packs/illinois-aivia.js +348 -0
  978. package/dist/esm/packs/illinois-aivia.js.map +1 -0
  979. package/dist/esm/packs/in-dpdp.js +429 -0
  980. package/dist/esm/packs/in-dpdp.js.map +1 -0
  981. package/dist/esm/packs/index.js +664 -0
  982. package/dist/esm/packs/index.js.map +1 -0
  983. package/dist/esm/packs/iso-15189.js +944 -0
  984. package/dist/esm/packs/iso-15189.js.map +1 -0
  985. package/dist/esm/packs/iso-23894.js +442 -0
  986. package/dist/esm/packs/iso-23894.js.map +1 -0
  987. package/dist/esm/packs/iso-26262.js +734 -0
  988. package/dist/esm/packs/iso-26262.js.map +1 -0
  989. package/dist/esm/packs/iso-iec-80001.js +993 -0
  990. package/dist/esm/packs/iso-iec-80001.js.map +1 -0
  991. package/dist/esm/packs/iso20022.js +344 -0
  992. package/dist/esm/packs/iso20022.js.map +1 -0
  993. package/dist/esm/packs/iso27001.js +388 -0
  994. package/dist/esm/packs/iso27001.js.map +1 -0
  995. package/dist/esm/packs/iso27701.js +390 -0
  996. package/dist/esm/packs/iso27701.js.map +1 -0
  997. package/dist/esm/packs/iso42001.js +288 -0
  998. package/dist/esm/packs/iso42001.js.map +1 -0
  999. package/dist/esm/packs/jp-appi.js +438 -0
  1000. package/dist/esm/packs/jp-appi.js.map +1 -0
  1001. package/dist/esm/packs/kr-pipa.js +442 -0
  1002. package/dist/esm/packs/kr-pipa.js.map +1 -0
  1003. package/dist/esm/packs/lgpd.js +350 -0
  1004. package/dist/esm/packs/lgpd.js.map +1 -0
  1005. package/dist/esm/packs/lpo2024.js +307 -0
  1006. package/dist/esm/packs/lpo2024.js.map +1 -0
  1007. package/dist/esm/packs/maryland-hb1202.js +338 -0
  1008. package/dist/esm/packs/maryland-hb1202.js.map +1 -0
  1009. package/dist/esm/packs/mhra-samd-ukca.js +473 -0
  1010. package/dist/esm/packs/mhra-samd-ukca.js.map +1 -0
  1011. package/dist/esm/packs/mifid2.js +381 -0
  1012. package/dist/esm/packs/mifid2.js.map +1 -0
  1013. package/dist/esm/packs/migration-manifest.js +55 -0
  1014. package/dist/esm/packs/migration-manifest.js.map +1 -0
  1015. package/dist/esm/packs/naic-mdl.js +315 -0
  1016. package/dist/esm/packs/naic-mdl.js.map +1 -0
  1017. package/dist/esm/packs/ncsc-ai-security.js +626 -0
  1018. package/dist/esm/packs/ncsc-ai-security.js.map +1 -0
  1019. package/dist/esm/packs/ncsc-caf.js +381 -0
  1020. package/dist/esm/packs/ncsc-caf.js.map +1 -0
  1021. package/dist/esm/packs/nhs-dcb0129-dcb0160.js +470 -0
  1022. package/dist/esm/packs/nhs-dcb0129-dcb0160.js.map +1 -0
  1023. package/dist/esm/packs/nhs-dspt.js +434 -0
  1024. package/dist/esm/packs/nhs-dspt.js.map +1 -0
  1025. package/dist/esm/packs/nhs-dtac.js +399 -0
  1026. package/dist/esm/packs/nhs-dtac.js.map +1 -0
  1027. package/dist/esm/packs/nhs-psirf.js +414 -0
  1028. package/dist/esm/packs/nhs-psirf.js.map +1 -0
  1029. package/dist/esm/packs/ni-equality.js +436 -0
  1030. package/dist/esm/packs/ni-equality.js.map +1 -0
  1031. package/dist/esm/packs/ni-hscni.js +415 -0
  1032. package/dist/esm/packs/ni-hscni.js.map +1 -0
  1033. package/dist/esm/packs/ni-mental-capacity.js +130 -0
  1034. package/dist/esm/packs/ni-mental-capacity.js.map +1 -0
  1035. package/dist/esm/packs/nice-esf-dht.js +404 -0
  1036. package/dist/esm/packs/nice-esf-dht.js.map +1 -0
  1037. package/dist/esm/packs/nis2.js +422 -0
  1038. package/dist/esm/packs/nis2.js.map +1 -0
  1039. package/dist/esm/packs/nist-800-53.js +126 -0
  1040. package/dist/esm/packs/nist-800-53.js.map +1 -0
  1041. package/dist/esm/packs/nist-ai-rmf.js +367 -0
  1042. package/dist/esm/packs/nist-ai-rmf.js.map +1 -0
  1043. package/dist/esm/packs/nist-csf.js +131 -0
  1044. package/dist/esm/packs/nist-csf.js.map +1 -0
  1045. package/dist/esm/packs/nist-sp-800-82.js +721 -0
  1046. package/dist/esm/packs/nist-sp-800-82.js.map +1 -0
  1047. package/dist/esm/packs/nyc-ll-144.js +288 -0
  1048. package/dist/esm/packs/nyc-ll-144.js.map +1 -0
  1049. package/dist/esm/packs/nydfs500.js +285 -0
  1050. package/dist/esm/packs/nydfs500.js.map +1 -0
  1051. package/dist/esm/packs/nz-privacy.js +465 -0
  1052. package/dist/esm/packs/nz-privacy.js.map +1 -0
  1053. package/dist/esm/packs/part11.js +329 -0
  1054. package/dist/esm/packs/part11.js.map +1 -0
  1055. package/dist/esm/packs/part2.js +355 -0
  1056. package/dist/esm/packs/part2.js.map +1 -0
  1057. package/dist/esm/packs/pcidss.js +466 -0
  1058. package/dist/esm/packs/pcidss.js.map +1 -0
  1059. package/dist/esm/packs/pipl.js +205 -0
  1060. package/dist/esm/packs/pipl.js.map +1 -0
  1061. package/dist/esm/packs/reg-e.js +359 -0
  1062. package/dist/esm/packs/reg-e.js.map +1 -0
  1063. package/dist/esm/packs/registry-expanded.js +2347 -0
  1064. package/dist/esm/packs/registry-expanded.js.map +1 -0
  1065. package/dist/esm/packs/scotland-awi.js +405 -0
  1066. package/dist/esm/packs/scotland-awi.js.map +1 -0
  1067. package/dist/esm/packs/scotland-procurement-reform.js +122 -0
  1068. package/dist/esm/packs/scotland-procurement-reform.js.map +1 -0
  1069. package/dist/esm/packs/scotland-psed.js +369 -0
  1070. package/dist/esm/packs/scotland-psed.js.map +1 -0
  1071. package/dist/esm/packs/sg-model-ai-gov.js +393 -0
  1072. package/dist/esm/packs/sg-model-ai-gov.js.map +1 -0
  1073. package/dist/esm/packs/soc1.js +305 -0
  1074. package/dist/esm/packs/soc1.js.map +1 -0
  1075. package/dist/esm/packs/soc2.js +337 -0
  1076. package/dist/esm/packs/soc2.js.map +1 -0
  1077. package/dist/esm/packs/sox404.js +295 -0
  1078. package/dist/esm/packs/sox404.js.map +1 -0
  1079. package/dist/esm/packs/sr117.js +342 -0
  1080. package/dist/esm/packs/sr117.js.map +1 -0
  1081. package/dist/esm/packs/stateramp.js +324 -0
  1082. package/dist/esm/packs/stateramp.js.map +1 -0
  1083. package/dist/esm/packs/tennessee-elvis.js +417 -0
  1084. package/dist/esm/packs/tennessee-elvis.js.map +1 -0
  1085. package/dist/esm/packs/texas-hb4.js +393 -0
  1086. package/dist/esm/packs/texas-hb4.js.map +1 -0
  1087. package/dist/esm/packs/th-pdpa.js +125 -0
  1088. package/dist/esm/packs/th-pdpa.js.map +1 -0
  1089. package/dist/esm/packs/title-ix.js +444 -0
  1090. package/dist/esm/packs/title-ix.js.map +1 -0
  1091. package/dist/esm/packs/uk-ai-framework.js +352 -0
  1092. package/dist/esm/packs/uk-ai-framework.js.map +1 -0
  1093. package/dist/esm/packs/uk-cma-1990.js +403 -0
  1094. package/dist/esm/packs/uk-cma-1990.js.map +1 -0
  1095. package/dist/esm/packs/uk-equality-act-ai-bias.js +681 -0
  1096. package/dist/esm/packs/uk-equality-act-ai-bias.js.map +1 -0
  1097. package/dist/esm/packs/uk-equality-act.js +406 -0
  1098. package/dist/esm/packs/uk-equality-act.js.map +1 -0
  1099. package/dist/esm/packs/uk-future-ai-legislation.js +209 -0
  1100. package/dist/esm/packs/uk-future-ai-legislation.js.map +1 -0
  1101. package/dist/esm/packs/uk-gdpr.js +374 -0
  1102. package/dist/esm/packs/uk-gdpr.js.map +1 -0
  1103. package/dist/esm/packs/uk-ico-open-case.js +396 -0
  1104. package/dist/esm/packs/uk-ico-open-case.js.map +1 -0
  1105. package/dist/esm/packs/uk-nis-regs.js +363 -0
  1106. package/dist/esm/packs/uk-nis-regs.js.map +1 -0
  1107. package/dist/esm/packs/uk-online-safety-act.js +410 -0
  1108. package/dist/esm/packs/uk-online-safety-act.js.map +1 -0
  1109. package/dist/esm/packs/uk-procurement-act.js +431 -0
  1110. package/dist/esm/packs/uk-procurement-act.js.map +1 -0
  1111. package/dist/esm/packs/us-fda-21cfr56.js +364 -0
  1112. package/dist/esm/packs/us-fda-21cfr56.js.map +1 -0
  1113. package/dist/esm/packs/us-nih-coc.js +203 -0
  1114. package/dist/esm/packs/us-nih-coc.js.map +1 -0
  1115. package/dist/esm/packs/us-nih-dms.js +241 -0
  1116. package/dist/esm/packs/us-nih-dms.js.map +1 -0
  1117. package/dist/esm/packs/us-nih-gds.js +355 -0
  1118. package/dist/esm/packs/us-nih-gds.js.map +1 -0
  1119. package/dist/esm/packs/us-nih-it-security.js +203 -0
  1120. package/dist/esm/packs/us-nih-it-security.js.map +1 -0
  1121. package/dist/esm/packs/us-respa.js +361 -0
  1122. package/dist/esm/packs/us-respa.js.map +1 -0
  1123. package/dist/esm/packs/us-tila.js +350 -0
  1124. package/dist/esm/packs/us-tila.js.map +1 -0
  1125. package/dist/esm/packs/us-trid.js +342 -0
  1126. package/dist/esm/packs/us-trid.js.map +1 -0
  1127. package/dist/esm/packs/utah-ai-policy.js +337 -0
  1128. package/dist/esm/packs/utah-ai-policy.js.map +1 -0
  1129. package/dist/esm/packs/vn-pdpd.js +122 -0
  1130. package/dist/esm/packs/vn-pdpd.js.map +1 -0
  1131. package/dist/esm/packs/wales-future-generations.js +393 -0
  1132. package/dist/esm/packs/wales-future-generations.js.map +1 -0
  1133. package/dist/esm/reporting/governance-reporter.js +405 -0
  1134. package/dist/esm/reporting/governance-reporter.js.map +1 -0
  1135. package/dist/esm/retention/backup-retention-adapter.js +66 -0
  1136. package/dist/esm/retention/backup-retention-adapter.js.map +1 -0
  1137. package/dist/esm/retention/classification-rules.js +182 -0
  1138. package/dist/esm/retention/classification-rules.js.map +1 -0
  1139. package/dist/esm/retention/classifier.js +243 -0
  1140. package/dist/esm/retention/classifier.js.map +1 -0
  1141. package/dist/esm/retention/data-class.js +44 -0
  1142. package/dist/esm/retention/data-class.js.map +1 -0
  1143. package/dist/esm/retention/enforcement-log-store.js +145 -0
  1144. package/dist/esm/retention/enforcement-log-store.js.map +1 -0
  1145. package/dist/esm/retention/index.js +31 -0
  1146. package/dist/esm/retention/index.js.map +1 -0
  1147. package/dist/esm/retention/ingest-classifier.js +123 -0
  1148. package/dist/esm/retention/ingest-classifier.js.map +1 -0
  1149. package/dist/esm/retention/legal-hold-errors.js +92 -0
  1150. package/dist/esm/retention/legal-hold-errors.js.map +1 -0
  1151. package/dist/esm/retention/legal-hold-store.js +394 -0
  1152. package/dist/esm/retention/legal-hold-store.js.map +1 -0
  1153. package/dist/esm/retention/legal-hold.js +17 -0
  1154. package/dist/esm/retention/legal-hold.js.map +1 -0
  1155. package/dist/esm/retention/log-aggregators/datadog.js +153 -0
  1156. package/dist/esm/retention/log-aggregators/datadog.js.map +1 -0
  1157. package/dist/esm/retention/log-aggregators/index.js +10 -0
  1158. package/dist/esm/retention/log-aggregators/index.js.map +1 -0
  1159. package/dist/esm/retention/log-aggregators/log-aggregator.js +20 -0
  1160. package/dist/esm/retention/log-aggregators/log-aggregator.js.map +1 -0
  1161. package/dist/esm/retention/log-aggregators/noop.js +26 -0
  1162. package/dist/esm/retention/log-aggregators/noop.js.map +1 -0
  1163. package/dist/esm/retention/log-aggregators/sentinel.js +216 -0
  1164. package/dist/esm/retention/log-aggregators/sentinel.js.map +1 -0
  1165. package/dist/esm/retention/log-aggregators/splunk.js +147 -0
  1166. package/dist/esm/retention/log-aggregators/splunk.js.map +1 -0
  1167. package/dist/esm/retention/policy-matrix-errors.js +127 -0
  1168. package/dist/esm/retention/policy-matrix-errors.js.map +1 -0
  1169. package/dist/esm/retention/policy-matrix.js +580 -0
  1170. package/dist/esm/retention/policy-matrix.js.map +1 -0
  1171. package/dist/esm/scanner/gap-report.js +333 -0
  1172. package/dist/esm/scanner/gap-report.js.map +1 -0
  1173. package/dist/esm/scanner/index.js +414 -0
  1174. package/dist/esm/scanner/index.js.map +1 -0
  1175. package/dist/esm/scanner/manifest-integrity.js +151 -0
  1176. package/dist/esm/scanner/manifest-integrity.js.map +1 -0
  1177. package/dist/esm/scanner/remediation.js +255 -0
  1178. package/dist/esm/scanner/remediation.js.map +1 -0
  1179. package/dist/esm/security/access-review.js +235 -0
  1180. package/dist/esm/security/access-review.js.map +1 -0
  1181. package/dist/esm/security/agent-auth.js +253 -0
  1182. package/dist/esm/security/agent-auth.js.map +1 -0
  1183. package/dist/esm/security/anomaly-auto-suspend.js +345 -0
  1184. package/dist/esm/security/anomaly-auto-suspend.js.map +1 -0
  1185. package/dist/esm/security/anomaly-correlator.js +279 -0
  1186. package/dist/esm/security/anomaly-correlator.js.map +1 -0
  1187. package/dist/esm/security/anomaly-detector.js +261 -0
  1188. package/dist/esm/security/anomaly-detector.js.map +1 -0
  1189. package/dist/esm/security/anomaly-self-reflection.js +292 -0
  1190. package/dist/esm/security/anomaly-self-reflection.js.map +1 -0
  1191. package/dist/esm/security/built-in-llm-providers.js +80 -0
  1192. package/dist/esm/security/built-in-llm-providers.js.map +1 -0
  1193. package/dist/esm/security/circuit-breaker.js +146 -0
  1194. package/dist/esm/security/circuit-breaker.js.map +1 -0
  1195. package/dist/esm/security/data-classifier.js +446 -0
  1196. package/dist/esm/security/data-classifier.js.map +1 -0
  1197. package/dist/esm/security/encrypted-storage.js +220 -0
  1198. package/dist/esm/security/encrypted-storage.js.map +1 -0
  1199. package/dist/esm/security/encryption-layer.js +337 -0
  1200. package/dist/esm/security/encryption-layer.js.map +1 -0
  1201. package/dist/esm/security/external-cross-check.js +451 -0
  1202. package/dist/esm/security/external-cross-check.js.map +1 -0
  1203. package/dist/esm/security/hash-manifest.js +229 -0
  1204. package/dist/esm/security/hash-manifest.js.map +1 -0
  1205. package/dist/esm/security/http-interceptor.js +594 -0
  1206. package/dist/esm/security/http-interceptor.js.map +1 -0
  1207. package/dist/esm/security/key-manager.js +289 -0
  1208. package/dist/esm/security/key-manager.js.map +1 -0
  1209. package/dist/esm/security/nonce-store.js +133 -0
  1210. package/dist/esm/security/nonce-store.js.map +1 -0
  1211. package/dist/esm/security/operator-roles.js +241 -0
  1212. package/dist/esm/security/operator-roles.js.map +1 -0
  1213. package/dist/esm/security/plugin-integrity.js +153 -0
  1214. package/dist/esm/security/plugin-integrity.js.map +1 -0
  1215. package/dist/esm/security/prompt-injection-detector.js +466 -0
  1216. package/dist/esm/security/prompt-injection-detector.js.map +1 -0
  1217. package/dist/esm/security/provider-compliance-boot.js +102 -0
  1218. package/dist/esm/security/provider-compliance-boot.js.map +1 -0
  1219. package/dist/esm/security/provider-compliance.js +707 -0
  1220. package/dist/esm/security/provider-compliance.js.map +1 -0
  1221. package/dist/esm/security/secret-leak-detector.js +176 -0
  1222. package/dist/esm/security/secret-leak-detector.js.map +1 -0
  1223. package/dist/esm/security/session-timeout.js +254 -0
  1224. package/dist/esm/security/session-timeout.js.map +1 -0
  1225. package/dist/esm/security/ssrf-guard.js +222 -0
  1226. package/dist/esm/security/ssrf-guard.js.map +1 -0
  1227. package/dist/esm/security/supply-chain.js +283 -0
  1228. package/dist/esm/security/supply-chain.js.map +1 -0
  1229. package/dist/esm/security/vendor-registry.js +256 -0
  1230. package/dist/esm/security/vendor-registry.js.map +1 -0
  1231. package/dist/esm/tenant/index.js +14 -0
  1232. package/dist/esm/tenant/index.js.map +1 -0
  1233. package/dist/esm/tenant/policy-inheritance.js +342 -0
  1234. package/dist/esm/tenant/policy-inheritance.js.map +1 -0
  1235. package/dist/esm/tenant/rbac.js +178 -0
  1236. package/dist/esm/tenant/rbac.js.map +1 -0
  1237. package/dist/esm/tenant/workspace.js +274 -0
  1238. package/dist/esm/tenant/workspace.js.map +1 -0
  1239. package/dist/esm/trust-passport/index.js +119 -0
  1240. package/dist/esm/trust-passport/index.js.map +1 -0
  1241. package/dist/esm/util/async-io.js +164 -0
  1242. package/dist/esm/util/async-io.js.map +1 -0
  1243. package/dist/esm/util/fs.js +165 -0
  1244. package/dist/esm/util/fs.js.map +1 -0
  1245. package/dist/esm/util/log-rotation.js +175 -0
  1246. package/dist/esm/util/log-rotation.js.map +1 -0
  1247. package/dist/esm/util/log.js +77 -0
  1248. package/dist/esm/util/log.js.map +1 -0
  1249. package/dist/esm/util/sigv4.js +113 -0
  1250. package/dist/esm/util/sigv4.js.map +1 -0
  1251. package/dist/esm/util/storage-backend.js +167 -0
  1252. package/dist/esm/util/storage-backend.js.map +1 -0
  1253. package/dist/governance/action-classes.d.ts +153 -0
  1254. package/dist/governance/action-classes.d.ts.map +1 -0
  1255. package/dist/governance/action-classes.js +177 -0
  1256. package/dist/governance/action-classes.js.map +1 -0
  1257. package/dist/governance/action-isolation.d.ts +317 -0
  1258. package/dist/governance/action-isolation.d.ts.map +1 -0
  1259. package/dist/governance/action-isolation.js +623 -0
  1260. package/dist/governance/action-isolation.js.map +1 -0
  1261. package/dist/governance/agent-discovery.d.ts +33 -0
  1262. package/dist/governance/agent-discovery.d.ts.map +1 -0
  1263. package/dist/governance/agent-discovery.js +249 -0
  1264. package/dist/governance/agent-discovery.js.map +1 -0
  1265. package/dist/governance/agent-discovery.test.d.ts +7 -0
  1266. package/dist/governance/agent-discovery.test.d.ts.map +1 -0
  1267. package/dist/governance/agent-discovery.test.js +179 -0
  1268. package/dist/governance/agent-discovery.test.js.map +1 -0
  1269. package/dist/governance/agent-trust-report.d.ts +124 -0
  1270. package/dist/governance/agent-trust-report.d.ts.map +1 -0
  1271. package/dist/governance/agent-trust-report.js +155 -0
  1272. package/dist/governance/agent-trust-report.js.map +1 -0
  1273. package/dist/governance/agent-trust-report.test.d.ts +7 -0
  1274. package/dist/governance/agent-trust-report.test.d.ts.map +1 -0
  1275. package/dist/governance/agent-trust-report.test.js +294 -0
  1276. package/dist/governance/agent-trust-report.test.js.map +1 -0
  1277. package/dist/governance/approval-channel-adapters.d.ts +45 -0
  1278. package/dist/governance/approval-channel-adapters.d.ts.map +1 -0
  1279. package/dist/governance/approval-channel-adapters.js +173 -0
  1280. package/dist/governance/approval-channel-adapters.js.map +1 -0
  1281. package/dist/governance/approval-channel-adapters.test.d.ts +7 -0
  1282. package/dist/governance/approval-channel-adapters.test.d.ts.map +1 -0
  1283. package/dist/governance/approval-channel-adapters.test.js +198 -0
  1284. package/dist/governance/approval-channel-adapters.test.js.map +1 -0
  1285. package/dist/governance/approval-gate-enforcer.d.ts +224 -0
  1286. package/dist/governance/approval-gate-enforcer.d.ts.map +1 -0
  1287. package/dist/governance/approval-gate-enforcer.js +443 -0
  1288. package/dist/governance/approval-gate-enforcer.js.map +1 -0
  1289. package/dist/governance/approval-notifications.d.ts +101 -0
  1290. package/dist/governance/approval-notifications.d.ts.map +1 -0
  1291. package/dist/governance/approval-notifications.js +143 -0
  1292. package/dist/governance/approval-notifications.js.map +1 -0
  1293. package/dist/governance/approval-notifications.test.d.ts +15 -0
  1294. package/dist/governance/approval-notifications.test.d.ts.map +1 -0
  1295. package/dist/governance/approval-notifications.test.js +227 -0
  1296. package/dist/governance/approval-notifications.test.js.map +1 -0
  1297. package/dist/governance/approval-queue-store.d.ts +114 -0
  1298. package/dist/governance/approval-queue-store.d.ts.map +1 -0
  1299. package/dist/governance/approval-queue-store.js +149 -0
  1300. package/dist/governance/approval-queue-store.js.map +1 -0
  1301. package/dist/governance/approval-queue.d.ts +172 -0
  1302. package/dist/governance/approval-queue.d.ts.map +1 -0
  1303. package/dist/governance/approval-queue.js +329 -0
  1304. package/dist/governance/approval-queue.js.map +1 -0
  1305. package/dist/governance/approval-service.d.ts +79 -0
  1306. package/dist/governance/approval-service.d.ts.map +1 -0
  1307. package/dist/governance/approval-service.js +129 -0
  1308. package/dist/governance/approval-service.js.map +1 -0
  1309. package/dist/governance/audit-chain-emitter.d.ts +103 -0
  1310. package/dist/governance/audit-chain-emitter.d.ts.map +1 -0
  1311. package/dist/governance/audit-chain-emitter.js +220 -0
  1312. package/dist/governance/audit-chain-emitter.js.map +1 -0
  1313. package/dist/governance/audit-chain-emitter.test.d.ts +7 -0
  1314. package/dist/governance/audit-chain-emitter.test.d.ts.map +1 -0
  1315. package/dist/governance/audit-chain-emitter.test.js +225 -0
  1316. package/dist/governance/audit-chain-emitter.test.js.map +1 -0
  1317. package/dist/governance/auto-pack-generator.d.ts +56 -0
  1318. package/dist/governance/auto-pack-generator.d.ts.map +1 -0
  1319. package/dist/governance/auto-pack-generator.js +70 -0
  1320. package/dist/governance/auto-pack-generator.js.map +1 -0
  1321. package/dist/governance/auto-pack-generator.test.d.ts +7 -0
  1322. package/dist/governance/auto-pack-generator.test.d.ts.map +1 -0
  1323. package/dist/governance/auto-pack-generator.test.js +130 -0
  1324. package/dist/governance/auto-pack-generator.test.js.map +1 -0
  1325. package/dist/governance/autonomy-spectrum.d.ts +253 -0
  1326. package/dist/governance/autonomy-spectrum.d.ts.map +1 -0
  1327. package/dist/governance/autonomy-spectrum.js +697 -0
  1328. package/dist/governance/autonomy-spectrum.js.map +1 -0
  1329. package/dist/governance/batch-mode-governance.d.ts +337 -0
  1330. package/dist/governance/batch-mode-governance.d.ts.map +1 -0
  1331. package/dist/governance/batch-mode-governance.js +651 -0
  1332. package/dist/governance/batch-mode-governance.js.map +1 -0
  1333. package/dist/governance/bias-monitor.d.ts +100 -0
  1334. package/dist/governance/bias-monitor.d.ts.map +1 -0
  1335. package/dist/governance/bias-monitor.js +310 -0
  1336. package/dist/governance/bias-monitor.js.map +1 -0
  1337. package/dist/governance/blast-radius-enforcer.d.ts +308 -0
  1338. package/dist/governance/blast-radius-enforcer.d.ts.map +1 -0
  1339. package/dist/governance/blast-radius-enforcer.js +579 -0
  1340. package/dist/governance/blast-radius-enforcer.js.map +1 -0
  1341. package/dist/governance/build-structure-score.d.ts +38 -0
  1342. package/dist/governance/build-structure-score.d.ts.map +1 -0
  1343. package/dist/governance/build-structure-score.js +64 -0
  1344. package/dist/governance/build-structure-score.js.map +1 -0
  1345. package/dist/governance/build-structure-score.test.d.ts +8 -0
  1346. package/dist/governance/build-structure-score.test.d.ts.map +1 -0
  1347. package/dist/governance/build-structure-score.test.js +151 -0
  1348. package/dist/governance/build-structure-score.test.js.map +1 -0
  1349. package/dist/governance/capability-bundle.d.ts +58 -0
  1350. package/dist/governance/capability-bundle.d.ts.map +1 -0
  1351. package/dist/governance/capability-bundle.js +277 -0
  1352. package/dist/governance/capability-bundle.js.map +1 -0
  1353. package/dist/governance/capability-change-detector.d.ts +335 -0
  1354. package/dist/governance/capability-change-detector.d.ts.map +1 -0
  1355. package/dist/governance/capability-change-detector.js +743 -0
  1356. package/dist/governance/capability-change-detector.js.map +1 -0
  1357. package/dist/governance/capability-classes.d.ts +42 -0
  1358. package/dist/governance/capability-classes.d.ts.map +1 -0
  1359. package/dist/governance/capability-classes.js +133 -0
  1360. package/dist/governance/capability-classes.js.map +1 -0
  1361. package/dist/governance/capability-classes.test.d.ts +23 -0
  1362. package/dist/governance/capability-classes.test.d.ts.map +1 -0
  1363. package/dist/governance/capability-classes.test.js +206 -0
  1364. package/dist/governance/capability-classes.test.js.map +1 -0
  1365. package/dist/governance/company-pack-builder.d.ts +46 -0
  1366. package/dist/governance/company-pack-builder.d.ts.map +1 -0
  1367. package/dist/governance/company-pack-builder.js +74 -0
  1368. package/dist/governance/company-pack-builder.js.map +1 -0
  1369. package/dist/governance/confidence-gate.d.ts +129 -0
  1370. package/dist/governance/confidence-gate.d.ts.map +1 -0
  1371. package/dist/governance/confidence-gate.js +253 -0
  1372. package/dist/governance/confidence-gate.js.map +1 -0
  1373. package/dist/governance/council.d.ts +99 -0
  1374. package/dist/governance/council.d.ts.map +1 -0
  1375. package/dist/governance/council.js +305 -0
  1376. package/dist/governance/council.js.map +1 -0
  1377. package/dist/governance/cross-session-pseudonymizer.d.ts +286 -0
  1378. package/dist/governance/cross-session-pseudonymizer.d.ts.map +1 -0
  1379. package/dist/governance/cross-session-pseudonymizer.js +639 -0
  1380. package/dist/governance/cross-session-pseudonymizer.js.map +1 -0
  1381. package/dist/governance/cycle-timeout.d.ts +120 -0
  1382. package/dist/governance/cycle-timeout.d.ts.map +1 -0
  1383. package/dist/governance/cycle-timeout.js +217 -0
  1384. package/dist/governance/cycle-timeout.js.map +1 -0
  1385. package/dist/governance/cycle-token-budget.d.ts +122 -0
  1386. package/dist/governance/cycle-token-budget.d.ts.map +1 -0
  1387. package/dist/governance/cycle-token-budget.js +182 -0
  1388. package/dist/governance/cycle-token-budget.js.map +1 -0
  1389. package/dist/governance/data-subject-rights.d.ts +155 -0
  1390. package/dist/governance/data-subject-rights.d.ts.map +1 -0
  1391. package/dist/governance/data-subject-rights.js +492 -0
  1392. package/dist/governance/data-subject-rights.js.map +1 -0
  1393. package/dist/governance/demo-workspace.d.ts +35 -0
  1394. package/dist/governance/demo-workspace.d.ts.map +1 -0
  1395. package/dist/governance/demo-workspace.js +214 -0
  1396. package/dist/governance/demo-workspace.js.map +1 -0
  1397. package/dist/governance/demo-workspace.test.d.ts +12 -0
  1398. package/dist/governance/demo-workspace.test.d.ts.map +1 -0
  1399. package/dist/governance/demo-workspace.test.js +115 -0
  1400. package/dist/governance/demo-workspace.test.js.map +1 -0
  1401. package/dist/governance/discovery-cli.d.ts +63 -0
  1402. package/dist/governance/discovery-cli.d.ts.map +1 -0
  1403. package/dist/governance/discovery-cli.js +99 -0
  1404. package/dist/governance/discovery-cli.js.map +1 -0
  1405. package/dist/governance/discovery-cli.test.d.ts +7 -0
  1406. package/dist/governance/discovery-cli.test.d.ts.map +1 -0
  1407. package/dist/governance/discovery-cli.test.js +226 -0
  1408. package/dist/governance/discovery-cli.test.js.map +1 -0
  1409. package/dist/governance/gateguard.d.ts +103 -0
  1410. package/dist/governance/gateguard.d.ts.map +1 -0
  1411. package/dist/governance/gateguard.js +302 -0
  1412. package/dist/governance/gateguard.js.map +1 -0
  1413. package/dist/governance/governance-runtime.d.ts +148 -0
  1414. package/dist/governance/governance-runtime.d.ts.map +1 -0
  1415. package/dist/governance/governance-runtime.js +414 -0
  1416. package/dist/governance/governance-runtime.js.map +1 -0
  1417. package/dist/governance/hook-install-snippet.d.ts +42 -0
  1418. package/dist/governance/hook-install-snippet.d.ts.map +1 -0
  1419. package/dist/governance/hook-install-snippet.js +212 -0
  1420. package/dist/governance/hook-install-snippet.js.map +1 -0
  1421. package/dist/governance/hook-install-snippet.test.d.ts +7 -0
  1422. package/dist/governance/hook-install-snippet.test.d.ts.map +1 -0
  1423. package/dist/governance/hook-install-snippet.test.js +130 -0
  1424. package/dist/governance/hook-install-snippet.test.js.map +1 -0
  1425. package/dist/governance/hook-profile.d.ts +215 -0
  1426. package/dist/governance/hook-profile.d.ts.map +1 -0
  1427. package/dist/governance/hook-profile.js +515 -0
  1428. package/dist/governance/hook-profile.js.map +1 -0
  1429. package/dist/governance/improvement-recommendations.d.ts +101 -0
  1430. package/dist/governance/improvement-recommendations.d.ts.map +1 -0
  1431. package/dist/governance/improvement-recommendations.js +171 -0
  1432. package/dist/governance/improvement-recommendations.js.map +1 -0
  1433. package/dist/governance/improvement-recommendations.test.d.ts +11 -0
  1434. package/dist/governance/improvement-recommendations.test.d.ts.map +1 -0
  1435. package/dist/governance/improvement-recommendations.test.js +213 -0
  1436. package/dist/governance/improvement-recommendations.test.js.map +1 -0
  1437. package/dist/governance/incident-notifier.d.ts +195 -0
  1438. package/dist/governance/incident-notifier.d.ts.map +1 -0
  1439. package/dist/governance/incident-notifier.js +527 -0
  1440. package/dist/governance/incident-notifier.js.map +1 -0
  1441. package/dist/governance/index.d.ts +24 -0
  1442. package/dist/governance/index.d.ts.map +1 -0
  1443. package/dist/governance/index.js +67 -0
  1444. package/dist/governance/index.js.map +1 -0
  1445. package/dist/governance/info-action-separation.d.ts +98 -0
  1446. package/dist/governance/info-action-separation.d.ts.map +1 -0
  1447. package/dist/governance/info-action-separation.js +148 -0
  1448. package/dist/governance/info-action-separation.js.map +1 -0
  1449. package/dist/governance/info-action-separation.test.d.ts +20 -0
  1450. package/dist/governance/info-action-separation.test.d.ts.map +1 -0
  1451. package/dist/governance/info-action-separation.test.js +190 -0
  1452. package/dist/governance/info-action-separation.test.js.map +1 -0
  1453. package/dist/governance/instinct-system.d.ts +141 -0
  1454. package/dist/governance/instinct-system.d.ts.map +1 -0
  1455. package/dist/governance/instinct-system.js +388 -0
  1456. package/dist/governance/instinct-system.js.map +1 -0
  1457. package/dist/governance/insurance-certificate.d.ts +88 -0
  1458. package/dist/governance/insurance-certificate.d.ts.map +1 -0
  1459. package/dist/governance/insurance-certificate.js +155 -0
  1460. package/dist/governance/insurance-certificate.js.map +1 -0
  1461. package/dist/governance/insurance-certificate.test.d.ts +7 -0
  1462. package/dist/governance/insurance-certificate.test.d.ts.map +1 -0
  1463. package/dist/governance/insurance-certificate.test.js +240 -0
  1464. package/dist/governance/insurance-certificate.test.js.map +1 -0
  1465. package/dist/governance/manifest-push-emitter.d.ts +51 -0
  1466. package/dist/governance/manifest-push-emitter.d.ts.map +1 -0
  1467. package/dist/governance/manifest-push-emitter.js +111 -0
  1468. package/dist/governance/manifest-push-emitter.js.map +1 -0
  1469. package/dist/governance/manifest-push-emitter.test.d.ts +7 -0
  1470. package/dist/governance/manifest-push-emitter.test.d.ts.map +1 -0
  1471. package/dist/governance/manifest-push-emitter.test.js +250 -0
  1472. package/dist/governance/manifest-push-emitter.test.js.map +1 -0
  1473. package/dist/governance/memory/cross-session-memory.d.ts +100 -0
  1474. package/dist/governance/memory/cross-session-memory.d.ts.map +1 -0
  1475. package/dist/governance/memory/cross-session-memory.js +319 -0
  1476. package/dist/governance/memory/cross-session-memory.js.map +1 -0
  1477. package/dist/governance/memory/index.d.ts +14 -0
  1478. package/dist/governance/memory/index.d.ts.map +1 -0
  1479. package/dist/governance/memory/index.js +27 -0
  1480. package/dist/governance/memory/index.js.map +1 -0
  1481. package/dist/governance/memory/memory-chain.d.ts +109 -0
  1482. package/dist/governance/memory/memory-chain.d.ts.map +1 -0
  1483. package/dist/governance/memory/memory-chain.js +221 -0
  1484. package/dist/governance/memory/memory-chain.js.map +1 -0
  1485. package/dist/governance/memory/retrieval-allowlist.d.ts +120 -0
  1486. package/dist/governance/memory/retrieval-allowlist.d.ts.map +1 -0
  1487. package/dist/governance/memory/retrieval-allowlist.js +177 -0
  1488. package/dist/governance/memory/retrieval-allowlist.js.map +1 -0
  1489. package/dist/governance/memory/session-memory.d.ts +105 -0
  1490. package/dist/governance/memory/session-memory.d.ts.map +1 -0
  1491. package/dist/governance/memory/session-memory.js +220 -0
  1492. package/dist/governance/memory/session-memory.js.map +1 -0
  1493. package/dist/governance/memory-audit-chain.d.ts +218 -0
  1494. package/dist/governance/memory-audit-chain.d.ts.map +1 -0
  1495. package/dist/governance/memory-audit-chain.js +400 -0
  1496. package/dist/governance/memory-audit-chain.js.map +1 -0
  1497. package/dist/governance/memory-integrity.d.ts +82 -0
  1498. package/dist/governance/memory-integrity.d.ts.map +1 -0
  1499. package/dist/governance/memory-integrity.js +304 -0
  1500. package/dist/governance/memory-integrity.js.map +1 -0
  1501. package/dist/governance/multi-store-deletion-worker.d.ts +163 -0
  1502. package/dist/governance/multi-store-deletion-worker.d.ts.map +1 -0
  1503. package/dist/governance/multi-store-deletion-worker.js +300 -0
  1504. package/dist/governance/multi-store-deletion-worker.js.map +1 -0
  1505. package/dist/governance/multi-tenant.d.ts +105 -0
  1506. package/dist/governance/multi-tenant.d.ts.map +1 -0
  1507. package/dist/governance/multi-tenant.js +312 -0
  1508. package/dist/governance/multi-tenant.js.map +1 -0
  1509. package/dist/governance/onboarding-tier-router.d.ts +51 -0
  1510. package/dist/governance/onboarding-tier-router.d.ts.map +1 -0
  1511. package/dist/governance/onboarding-tier-router.js +112 -0
  1512. package/dist/governance/onboarding-tier-router.js.map +1 -0
  1513. package/dist/governance/onboarding-tier-router.test.d.ts +7 -0
  1514. package/dist/governance/onboarding-tier-router.test.d.ts.map +1 -0
  1515. package/dist/governance/onboarding-tier-router.test.js +141 -0
  1516. package/dist/governance/onboarding-tier-router.test.js.map +1 -0
  1517. package/dist/governance/org-reputation.d.ts +54 -0
  1518. package/dist/governance/org-reputation.d.ts.map +1 -0
  1519. package/dist/governance/org-reputation.js +91 -0
  1520. package/dist/governance/org-reputation.js.map +1 -0
  1521. package/dist/governance/org-reputation.test.d.ts +7 -0
  1522. package/dist/governance/org-reputation.test.d.ts.map +1 -0
  1523. package/dist/governance/org-reputation.test.js +190 -0
  1524. package/dist/governance/org-reputation.test.js.map +1 -0
  1525. package/dist/governance/owasp-agentic-scanner.d.ts +100 -0
  1526. package/dist/governance/owasp-agentic-scanner.d.ts.map +1 -0
  1527. package/dist/governance/owasp-agentic-scanner.js +318 -0
  1528. package/dist/governance/owasp-agentic-scanner.js.map +1 -0
  1529. package/dist/governance/owasp-agentic-scanner.test.d.ts +8 -0
  1530. package/dist/governance/owasp-agentic-scanner.test.d.ts.map +1 -0
  1531. package/dist/governance/owasp-agentic-scanner.test.js +163 -0
  1532. package/dist/governance/owasp-agentic-scanner.test.js.map +1 -0
  1533. package/dist/governance/pack-diff.d.ts +61 -0
  1534. package/dist/governance/pack-diff.d.ts.map +1 -0
  1535. package/dist/governance/pack-diff.js +82 -0
  1536. package/dist/governance/pack-diff.js.map +1 -0
  1537. package/dist/governance/pack-diff.test.d.ts +7 -0
  1538. package/dist/governance/pack-diff.test.d.ts.map +1 -0
  1539. package/dist/governance/pack-diff.test.js +242 -0
  1540. package/dist/governance/pack-diff.test.js.map +1 -0
  1541. package/dist/governance/pack-evaluator-prewarm.d.ts +66 -0
  1542. package/dist/governance/pack-evaluator-prewarm.d.ts.map +1 -0
  1543. package/dist/governance/pack-evaluator-prewarm.js +139 -0
  1544. package/dist/governance/pack-evaluator-prewarm.js.map +1 -0
  1545. package/dist/governance/pack-evaluator.d.ts +110 -0
  1546. package/dist/governance/pack-evaluator.d.ts.map +1 -0
  1547. package/dist/governance/pack-evaluator.js +328 -0
  1548. package/dist/governance/pack-evaluator.js.map +1 -0
  1549. package/dist/governance/pack-evaluator.test.d.ts +7 -0
  1550. package/dist/governance/pack-evaluator.test.d.ts.map +1 -0
  1551. package/dist/governance/pack-evaluator.test.js +279 -0
  1552. package/dist/governance/pack-evaluator.test.js.map +1 -0
  1553. package/dist/governance/pack-inheritance.d.ts +121 -0
  1554. package/dist/governance/pack-inheritance.d.ts.map +1 -0
  1555. package/dist/governance/pack-inheritance.js +178 -0
  1556. package/dist/governance/pack-inheritance.js.map +1 -0
  1557. package/dist/governance/pack-inheritance.test.d.ts +17 -0
  1558. package/dist/governance/pack-inheritance.test.d.ts.map +1 -0
  1559. package/dist/governance/pack-inheritance.test.js +207 -0
  1560. package/dist/governance/pack-inheritance.test.js.map +1 -0
  1561. package/dist/governance/pack-publish-workflow.d.ts +60 -0
  1562. package/dist/governance/pack-publish-workflow.d.ts.map +1 -0
  1563. package/dist/governance/pack-publish-workflow.js +85 -0
  1564. package/dist/governance/pack-publish-workflow.js.map +1 -0
  1565. package/dist/governance/pack-publish-workflow.test.d.ts +7 -0
  1566. package/dist/governance/pack-publish-workflow.test.d.ts.map +1 -0
  1567. package/dist/governance/pack-publish-workflow.test.js +211 -0
  1568. package/dist/governance/pack-publish-workflow.test.js.map +1 -0
  1569. package/dist/governance/pack-rule-validator.d.ts +40 -0
  1570. package/dist/governance/pack-rule-validator.d.ts.map +1 -0
  1571. package/dist/governance/pack-rule-validator.js +142 -0
  1572. package/dist/governance/pack-rule-validator.js.map +1 -0
  1573. package/dist/governance/pack-rule-validator.test.d.ts +7 -0
  1574. package/dist/governance/pack-rule-validator.test.d.ts.map +1 -0
  1575. package/dist/governance/pack-rule-validator.test.js +153 -0
  1576. package/dist/governance/pack-rule-validator.test.js.map +1 -0
  1577. package/dist/governance/pack-versioning.d.ts +75 -0
  1578. package/dist/governance/pack-versioning.d.ts.map +1 -0
  1579. package/dist/governance/pack-versioning.js +192 -0
  1580. package/dist/governance/pack-versioning.js.map +1 -0
  1581. package/dist/governance/pack-versioning.test.d.ts +7 -0
  1582. package/dist/governance/pack-versioning.test.d.ts.map +1 -0
  1583. package/dist/governance/pack-versioning.test.js +172 -0
  1584. package/dist/governance/pack-versioning.test.js.map +1 -0
  1585. package/dist/governance/partner-manager.d.ts +185 -0
  1586. package/dist/governance/partner-manager.d.ts.map +1 -0
  1587. package/dist/governance/partner-manager.js +258 -0
  1588. package/dist/governance/partner-manager.js.map +1 -0
  1589. package/dist/governance/paste-your-agent.d.ts +30 -0
  1590. package/dist/governance/paste-your-agent.d.ts.map +1 -0
  1591. package/dist/governance/paste-your-agent.js +154 -0
  1592. package/dist/governance/paste-your-agent.js.map +1 -0
  1593. package/dist/governance/paste-your-agent.test.d.ts +7 -0
  1594. package/dist/governance/paste-your-agent.test.d.ts.map +1 -0
  1595. package/dist/governance/paste-your-agent.test.js +140 -0
  1596. package/dist/governance/paste-your-agent.test.js.map +1 -0
  1597. package/dist/governance/per-agent-daily-budget.d.ts +329 -0
  1598. package/dist/governance/per-agent-daily-budget.d.ts.map +1 -0
  1599. package/dist/governance/per-agent-daily-budget.js +699 -0
  1600. package/dist/governance/per-agent-daily-budget.js.map +1 -0
  1601. package/dist/governance/per-agent-override.test.d.ts +21 -0
  1602. package/dist/governance/per-agent-override.test.d.ts.map +1 -0
  1603. package/dist/governance/per-agent-override.test.js +274 -0
  1604. package/dist/governance/per-agent-override.test.js.map +1 -0
  1605. package/dist/governance/plugin-system.d.ts +519 -0
  1606. package/dist/governance/plugin-system.d.ts.map +1 -0
  1607. package/dist/governance/plugin-system.js +964 -0
  1608. package/dist/governance/plugin-system.js.map +1 -0
  1609. package/dist/governance/policy-tuning.d.ts +190 -0
  1610. package/dist/governance/policy-tuning.d.ts.map +1 -0
  1611. package/dist/governance/policy-tuning.js +359 -0
  1612. package/dist/governance/policy-tuning.js.map +1 -0
  1613. package/dist/governance/post-market-monitor.d.ts +114 -0
  1614. package/dist/governance/post-market-monitor.d.ts.map +1 -0
  1615. package/dist/governance/post-market-monitor.js +279 -0
  1616. package/dist/governance/post-market-monitor.js.map +1 -0
  1617. package/dist/governance/post-tool-audit-enrichment.d.ts +286 -0
  1618. package/dist/governance/post-tool-audit-enrichment.d.ts.map +1 -0
  1619. package/dist/governance/post-tool-audit-enrichment.js +504 -0
  1620. package/dist/governance/post-tool-audit-enrichment.js.map +1 -0
  1621. package/dist/governance/prohibited-practices.d.ts +85 -0
  1622. package/dist/governance/prohibited-practices.d.ts.map +1 -0
  1623. package/dist/governance/prohibited-practices.js +267 -0
  1624. package/dist/governance/prohibited-practices.js.map +1 -0
  1625. package/dist/governance/proxy-onboarding.d.ts +47 -0
  1626. package/dist/governance/proxy-onboarding.d.ts.map +1 -0
  1627. package/dist/governance/proxy-onboarding.js +306 -0
  1628. package/dist/governance/proxy-onboarding.js.map +1 -0
  1629. package/dist/governance/proxy-onboarding.test.d.ts +7 -0
  1630. package/dist/governance/proxy-onboarding.test.d.ts.map +1 -0
  1631. package/dist/governance/proxy-onboarding.test.js +135 -0
  1632. package/dist/governance/proxy-onboarding.test.js.map +1 -0
  1633. package/dist/governance/rag-citation-enforcement.d.ts +400 -0
  1634. package/dist/governance/rag-citation-enforcement.d.ts.map +1 -0
  1635. package/dist/governance/rag-citation-enforcement.js +568 -0
  1636. package/dist/governance/rag-citation-enforcement.js.map +1 -0
  1637. package/dist/governance/rag-confidence-threshold.d.ts +249 -0
  1638. package/dist/governance/rag-confidence-threshold.d.ts.map +1 -0
  1639. package/dist/governance/rag-confidence-threshold.js +449 -0
  1640. package/dist/governance/rag-confidence-threshold.js.map +1 -0
  1641. package/dist/governance/rag-retrieval-audit.d.ts +377 -0
  1642. package/dist/governance/rag-retrieval-audit.d.ts.map +1 -0
  1643. package/dist/governance/rag-retrieval-audit.js +517 -0
  1644. package/dist/governance/rag-retrieval-audit.js.map +1 -0
  1645. package/dist/governance/rag-source-allowlist.d.ts +273 -0
  1646. package/dist/governance/rag-source-allowlist.d.ts.map +1 -0
  1647. package/dist/governance/rag-source-allowlist.js +535 -0
  1648. package/dist/governance/rag-source-allowlist.js.map +1 -0
  1649. package/dist/governance/rag-source-output-chain.d.ts +420 -0
  1650. package/dist/governance/rag-source-output-chain.d.ts.map +1 -0
  1651. package/dist/governance/rag-source-output-chain.js +682 -0
  1652. package/dist/governance/rag-source-output-chain.js.map +1 -0
  1653. package/dist/governance/replay-player.d.ts +55 -0
  1654. package/dist/governance/replay-player.d.ts.map +1 -0
  1655. package/dist/governance/replay-player.js +89 -0
  1656. package/dist/governance/replay-player.js.map +1 -0
  1657. package/dist/governance/replay-player.test.d.ts +7 -0
  1658. package/dist/governance/replay-player.test.d.ts.map +1 -0
  1659. package/dist/governance/replay-player.test.js +192 -0
  1660. package/dist/governance/replay-player.test.js.map +1 -0
  1661. package/dist/governance/retention-manager.d.ts +189 -0
  1662. package/dist/governance/retention-manager.d.ts.map +1 -0
  1663. package/dist/governance/retention-manager.js +566 -0
  1664. package/dist/governance/retention-manager.js.map +1 -0
  1665. package/dist/governance/runtime-event-renderer.d.ts +55 -0
  1666. package/dist/governance/runtime-event-renderer.d.ts.map +1 -0
  1667. package/dist/governance/runtime-event-renderer.js +137 -0
  1668. package/dist/governance/runtime-event-renderer.js.map +1 -0
  1669. package/dist/governance/runtime-event-renderer.test.d.ts +7 -0
  1670. package/dist/governance/runtime-event-renderer.test.d.ts.map +1 -0
  1671. package/dist/governance/runtime-event-renderer.test.js +195 -0
  1672. package/dist/governance/runtime-event-renderer.test.js.map +1 -0
  1673. package/dist/governance/sandbox-replay.d.ts +52 -0
  1674. package/dist/governance/sandbox-replay.d.ts.map +1 -0
  1675. package/dist/governance/sandbox-replay.js +189 -0
  1676. package/dist/governance/sandbox-replay.js.map +1 -0
  1677. package/dist/governance/sandbox-replay.test.d.ts +7 -0
  1678. package/dist/governance/sandbox-replay.test.d.ts.map +1 -0
  1679. package/dist/governance/sandbox-replay.test.js +117 -0
  1680. package/dist/governance/sandbox-replay.test.js.map +1 -0
  1681. package/dist/governance/self-registration-hook.d.ts +65 -0
  1682. package/dist/governance/self-registration-hook.d.ts.map +1 -0
  1683. package/dist/governance/self-registration-hook.js +116 -0
  1684. package/dist/governance/self-registration-hook.js.map +1 -0
  1685. package/dist/governance/self-registration-hook.test.d.ts +7 -0
  1686. package/dist/governance/self-registration-hook.test.d.ts.map +1 -0
  1687. package/dist/governance/self-registration-hook.test.js +149 -0
  1688. package/dist/governance/self-registration-hook.test.js.map +1 -0
  1689. package/dist/governance/session-persistence.d.ts +153 -0
  1690. package/dist/governance/session-persistence.d.ts.map +1 -0
  1691. package/dist/governance/session-persistence.js +376 -0
  1692. package/dist/governance/session-persistence.js.map +1 -0
  1693. package/dist/governance/signed-manifest.d.ts +81 -0
  1694. package/dist/governance/signed-manifest.d.ts.map +1 -0
  1695. package/dist/governance/signed-manifest.js +161 -0
  1696. package/dist/governance/signed-manifest.js.map +1 -0
  1697. package/dist/governance/signed-manifest.test.d.ts +7 -0
  1698. package/dist/governance/signed-manifest.test.d.ts.map +1 -0
  1699. package/dist/governance/signed-manifest.test.js +149 -0
  1700. package/dist/governance/signed-manifest.test.js.map +1 -0
  1701. package/dist/governance/skip-api-empty-queue.d.ts +304 -0
  1702. package/dist/governance/skip-api-empty-queue.d.ts.map +1 -0
  1703. package/dist/governance/skip-api-empty-queue.js +499 -0
  1704. package/dist/governance/skip-api-empty-queue.js.map +1 -0
  1705. package/dist/governance/state-manager.d.ts +102 -0
  1706. package/dist/governance/state-manager.d.ts.map +1 -0
  1707. package/dist/governance/state-manager.js +286 -0
  1708. package/dist/governance/state-manager.js.map +1 -0
  1709. package/dist/governance/tenant-provider-agreements.d.ts +211 -0
  1710. package/dist/governance/tenant-provider-agreements.d.ts.map +1 -0
  1711. package/dist/governance/tenant-provider-agreements.js +440 -0
  1712. package/dist/governance/tenant-provider-agreements.js.map +1 -0
  1713. package/dist/governance/tool-provider-health.d.ts +299 -0
  1714. package/dist/governance/tool-provider-health.d.ts.map +1 -0
  1715. package/dist/governance/tool-provider-health.js +697 -0
  1716. package/dist/governance/tool-provider-health.js.map +1 -0
  1717. package/dist/governance/tool-rate-limit.d.ts +94 -0
  1718. package/dist/governance/tool-rate-limit.d.ts.map +1 -0
  1719. package/dist/governance/tool-rate-limit.js +145 -0
  1720. package/dist/governance/tool-rate-limit.js.map +1 -0
  1721. package/dist/governance/transparency-injector.d.ts +102 -0
  1722. package/dist/governance/transparency-injector.d.ts.map +1 -0
  1723. package/dist/governance/transparency-injector.js +162 -0
  1724. package/dist/governance/transparency-injector.js.map +1 -0
  1725. package/dist/governance/trust-score-snapshot.d.ts +61 -0
  1726. package/dist/governance/trust-score-snapshot.d.ts.map +1 -0
  1727. package/dist/governance/trust-score-snapshot.js +98 -0
  1728. package/dist/governance/trust-score-snapshot.js.map +1 -0
  1729. package/dist/governance/trust-score-snapshot.test.d.ts +7 -0
  1730. package/dist/governance/trust-score-snapshot.test.d.ts.map +1 -0
  1731. package/dist/governance/trust-score-snapshot.test.js +187 -0
  1732. package/dist/governance/trust-score-snapshot.test.js.map +1 -0
  1733. package/dist/governance/trust-score-three-dim.d.ts +122 -0
  1734. package/dist/governance/trust-score-three-dim.d.ts.map +1 -0
  1735. package/dist/governance/trust-score-three-dim.js +176 -0
  1736. package/dist/governance/trust-score-three-dim.js.map +1 -0
  1737. package/dist/governance/trust-score-three-dim.test.d.ts +7 -0
  1738. package/dist/governance/trust-score-three-dim.test.d.ts.map +1 -0
  1739. package/dist/governance/trust-score-three-dim.test.js +221 -0
  1740. package/dist/governance/trust-score-three-dim.test.js.map +1 -0
  1741. package/dist/governance-config.d.ts +201 -0
  1742. package/dist/governance-config.d.ts.map +1 -0
  1743. package/dist/governance-config.js +345 -0
  1744. package/dist/governance-config.js.map +1 -0
  1745. package/dist/governed-agent.d.ts +124 -0
  1746. package/dist/governed-agent.d.ts.map +1 -0
  1747. package/dist/governed-agent.js +1317 -0
  1748. package/dist/governed-agent.js.map +1 -0
  1749. package/dist/hooks/audit-dir-picker.sh +70 -0
  1750. package/dist/hooks/audit-logger.sh +325 -0
  1751. package/dist/hooks/cost-budget-gate.sh +74 -0
  1752. package/dist/hooks/data-classifier-bridge.d.ts +24 -0
  1753. package/dist/hooks/data-classifier-bridge.d.ts.map +1 -0
  1754. package/dist/hooks/data-classifier-bridge.js +80 -0
  1755. package/dist/hooks/data-classifier-bridge.js.map +1 -0
  1756. package/dist/hooks/destructive-command-guard.sh +200 -0
  1757. package/dist/hooks/file-boundary-guard.sh +159 -0
  1758. package/dist/hooks/file-change-tracker.sh +78 -0
  1759. package/dist/hooks/governance-file-shield.sh +102 -0
  1760. package/dist/hooks/governance-integrity-check.sh +109 -0
  1761. package/dist/hooks/hook-health-monitor.sh +189 -0
  1762. package/dist/hooks/hook-utils.sh +51 -0
  1763. package/dist/hooks/hook-wrapper.sh +77 -0
  1764. package/dist/hooks/install-hooks.sh +162 -0
  1765. package/dist/hooks/output-exfiltration-scanner.sh +112 -0
  1766. package/dist/hooks/powershell/audit-dir-picker.ps1 +72 -0
  1767. package/dist/hooks/powershell/audit-logger.ps1 +75 -0
  1768. package/dist/hooks/powershell/cost-budget-gate.ps1 +61 -0
  1769. package/dist/hooks/powershell/destructive-command-guard.ps1 +67 -0
  1770. package/dist/hooks/powershell/file-boundary-guard.ps1 +76 -0
  1771. package/dist/hooks/powershell/file-change-tracker.ps1 +74 -0
  1772. package/dist/hooks/powershell/governance-file-shield.ps1 +86 -0
  1773. package/dist/hooks/powershell/governance-integrity-check.ps1 +101 -0
  1774. package/dist/hooks/powershell/hook-health-monitor.ps1 +153 -0
  1775. package/dist/hooks/powershell/hook-utils.ps1 +44 -0
  1776. package/dist/hooks/powershell/hook-wrapper.ps1 +67 -0
  1777. package/dist/hooks/powershell/install-hooks.ps1 +142 -0
  1778. package/dist/hooks/powershell/output-exfiltration-scanner.ps1 +85 -0
  1779. package/dist/hooks/powershell/secret-leak-scanner.ps1 +105 -0
  1780. package/dist/hooks/powershell/token-tracker.ps1 +83 -0
  1781. package/dist/hooks/powershell/web-access-gate.ps1 +89 -0
  1782. package/dist/hooks/secret-leak-scanner.sh +293 -0
  1783. package/dist/hooks/token-tracker.sh +89 -0
  1784. package/dist/hooks/web-access-gate.sh +123 -0
  1785. package/dist/ide-adapters/aider.d.ts +213 -0
  1786. package/dist/ide-adapters/aider.d.ts.map +1 -0
  1787. package/dist/ide-adapters/aider.js +710 -0
  1788. package/dist/ide-adapters/aider.js.map +1 -0
  1789. package/dist/ide-adapters/amazon-q-developer.d.ts +124 -0
  1790. package/dist/ide-adapters/amazon-q-developer.d.ts.map +1 -0
  1791. package/dist/ide-adapters/amazon-q-developer.js +686 -0
  1792. package/dist/ide-adapters/amazon-q-developer.js.map +1 -0
  1793. package/dist/ide-adapters/base.d.ts +64 -0
  1794. package/dist/ide-adapters/base.d.ts.map +1 -0
  1795. package/dist/ide-adapters/base.js +233 -0
  1796. package/dist/ide-adapters/base.js.map +1 -0
  1797. package/dist/ide-adapters/claude-code.d.ts +43 -0
  1798. package/dist/ide-adapters/claude-code.d.ts.map +1 -0
  1799. package/dist/ide-adapters/claude-code.js +192 -0
  1800. package/dist/ide-adapters/claude-code.js.map +1 -0
  1801. package/dist/ide-adapters/cody.d.ts +150 -0
  1802. package/dist/ide-adapters/cody.d.ts.map +1 -0
  1803. package/dist/ide-adapters/cody.js +767 -0
  1804. package/dist/ide-adapters/cody.js.map +1 -0
  1805. package/dist/ide-adapters/continue-dev.d.ts +120 -0
  1806. package/dist/ide-adapters/continue-dev.d.ts.map +1 -0
  1807. package/dist/ide-adapters/continue-dev.js +359 -0
  1808. package/dist/ide-adapters/continue-dev.js.map +1 -0
  1809. package/dist/ide-adapters/copilot-studio.d.ts +310 -0
  1810. package/dist/ide-adapters/copilot-studio.d.ts.map +1 -0
  1811. package/dist/ide-adapters/copilot-studio.js +1097 -0
  1812. package/dist/ide-adapters/copilot-studio.js.map +1 -0
  1813. package/dist/ide-adapters/copilot-workspace.d.ts +167 -0
  1814. package/dist/ide-adapters/copilot-workspace.d.ts.map +1 -0
  1815. package/dist/ide-adapters/copilot-workspace.js +376 -0
  1816. package/dist/ide-adapters/copilot-workspace.js.map +1 -0
  1817. package/dist/ide-adapters/cursor.d.ts +74 -0
  1818. package/dist/ide-adapters/cursor.d.ts.map +1 -0
  1819. package/dist/ide-adapters/cursor.js +273 -0
  1820. package/dist/ide-adapters/cursor.js.map +1 -0
  1821. package/dist/ide-adapters/exports.d.ts +53 -0
  1822. package/dist/ide-adapters/exports.d.ts.map +1 -0
  1823. package/dist/ide-adapters/exports.js +115 -0
  1824. package/dist/ide-adapters/exports.js.map +1 -0
  1825. package/dist/ide-adapters/gemini-code-assist.d.ts +135 -0
  1826. package/dist/ide-adapters/gemini-code-assist.d.ts.map +1 -0
  1827. package/dist/ide-adapters/gemini-code-assist.js +750 -0
  1828. package/dist/ide-adapters/gemini-code-assist.js.map +1 -0
  1829. package/dist/ide-adapters/github-copilot.d.ts +166 -0
  1830. package/dist/ide-adapters/github-copilot.d.ts.map +1 -0
  1831. package/dist/ide-adapters/github-copilot.js +547 -0
  1832. package/dist/ide-adapters/github-copilot.js.map +1 -0
  1833. package/dist/ide-adapters/index.d.ts +271 -0
  1834. package/dist/ide-adapters/index.d.ts.map +1 -0
  1835. package/dist/ide-adapters/index.js +100 -0
  1836. package/dist/ide-adapters/index.js.map +1 -0
  1837. package/dist/ide-adapters/jetbrains-ai.d.ts +150 -0
  1838. package/dist/ide-adapters/jetbrains-ai.d.ts.map +1 -0
  1839. package/dist/ide-adapters/jetbrains-ai.js +718 -0
  1840. package/dist/ide-adapters/jetbrains-ai.js.map +1 -0
  1841. package/dist/ide-adapters/notebook-ai.d.ts +220 -0
  1842. package/dist/ide-adapters/notebook-ai.d.ts.map +1 -0
  1843. package/dist/ide-adapters/notebook-ai.js +858 -0
  1844. package/dist/ide-adapters/notebook-ai.js.map +1 -0
  1845. package/dist/ide-adapters/replit-agent.d.ts +269 -0
  1846. package/dist/ide-adapters/replit-agent.d.ts.map +1 -0
  1847. package/dist/ide-adapters/replit-agent.js +1022 -0
  1848. package/dist/ide-adapters/replit-agent.js.map +1 -0
  1849. package/dist/ide-adapters/reviewer-tier.d.ts +15 -0
  1850. package/dist/ide-adapters/reviewer-tier.d.ts.map +1 -0
  1851. package/dist/ide-adapters/reviewer-tier.js +16 -0
  1852. package/dist/ide-adapters/reviewer-tier.js.map +1 -0
  1853. package/dist/ide-adapters/shared.d.ts +116 -0
  1854. package/dist/ide-adapters/shared.d.ts.map +1 -0
  1855. package/dist/ide-adapters/shared.js +311 -0
  1856. package/dist/ide-adapters/shared.js.map +1 -0
  1857. package/dist/ide-adapters/tabnine.d.ts +189 -0
  1858. package/dist/ide-adapters/tabnine.d.ts.map +1 -0
  1859. package/dist/ide-adapters/tabnine.js +721 -0
  1860. package/dist/ide-adapters/tabnine.js.map +1 -0
  1861. package/dist/ide-adapters/windsurf.d.ts +216 -0
  1862. package/dist/ide-adapters/windsurf.d.ts.map +1 -0
  1863. package/dist/ide-adapters/windsurf.js +812 -0
  1864. package/dist/ide-adapters/windsurf.js.map +1 -0
  1865. package/dist/ide-adapters/zed-ai.d.ts +209 -0
  1866. package/dist/ide-adapters/zed-ai.d.ts.map +1 -0
  1867. package/dist/ide-adapters/zed-ai.js +622 -0
  1868. package/dist/ide-adapters/zed-ai.js.map +1 -0
  1869. package/dist/index.d.ts +104 -0
  1870. package/dist/index.d.ts.map +1 -0
  1871. package/dist/index.js +366 -0
  1872. package/dist/index.js.map +1 -0
  1873. package/dist/license/entitlement-client.d.ts +111 -0
  1874. package/dist/license/entitlement-client.d.ts.map +1 -0
  1875. package/dist/license/entitlement-client.js +306 -0
  1876. package/dist/license/entitlement-client.js.map +1 -0
  1877. package/dist/license/index.d.ts +10 -0
  1878. package/dist/license/index.d.ts.map +1 -0
  1879. package/dist/license/index.js +14 -0
  1880. package/dist/license/index.js.map +1 -0
  1881. package/dist/license/jwt-issuer.d.ts +64 -0
  1882. package/dist/license/jwt-issuer.d.ts.map +1 -0
  1883. package/dist/license/jwt-issuer.js +144 -0
  1884. package/dist/license/jwt-issuer.js.map +1 -0
  1885. package/dist/license/jwt-validator.d.ts +145 -0
  1886. package/dist/license/jwt-validator.d.ts.map +1 -0
  1887. package/dist/license/jwt-validator.js +498 -0
  1888. package/dist/license/jwt-validator.js.map +1 -0
  1889. package/dist/license/keygen.d.ts +16 -0
  1890. package/dist/license/keygen.d.ts.map +1 -0
  1891. package/dist/license/keygen.js +100 -0
  1892. package/dist/license/keygen.js.map +1 -0
  1893. package/dist/license/subscription-gate.d.ts +99 -0
  1894. package/dist/license/subscription-gate.d.ts.map +1 -0
  1895. package/dist/license/subscription-gate.js +293 -0
  1896. package/dist/license/subscription-gate.js.map +1 -0
  1897. package/dist/llm-adapters/azure-openai.d.ts +69 -0
  1898. package/dist/llm-adapters/azure-openai.d.ts.map +1 -0
  1899. package/dist/llm-adapters/azure-openai.js +702 -0
  1900. package/dist/llm-adapters/azure-openai.js.map +1 -0
  1901. package/dist/llm-adapters/base.d.ts +97 -0
  1902. package/dist/llm-adapters/base.d.ts.map +1 -0
  1903. package/dist/llm-adapters/base.js +265 -0
  1904. package/dist/llm-adapters/base.js.map +1 -0
  1905. package/dist/llm-adapters/bedrock.d.ts +67 -0
  1906. package/dist/llm-adapters/bedrock.d.ts.map +1 -0
  1907. package/dist/llm-adapters/bedrock.js +751 -0
  1908. package/dist/llm-adapters/bedrock.js.map +1 -0
  1909. package/dist/llm-adapters/claude.d.ts +84 -0
  1910. package/dist/llm-adapters/claude.d.ts.map +1 -0
  1911. package/dist/llm-adapters/claude.js +273 -0
  1912. package/dist/llm-adapters/claude.js.map +1 -0
  1913. package/dist/llm-adapters/deepseek.d.ts +113 -0
  1914. package/dist/llm-adapters/deepseek.d.ts.map +1 -0
  1915. package/dist/llm-adapters/deepseek.js +754 -0
  1916. package/dist/llm-adapters/deepseek.js.map +1 -0
  1917. package/dist/llm-adapters/exports.d.ts +40 -0
  1918. package/dist/llm-adapters/exports.d.ts.map +1 -0
  1919. package/dist/llm-adapters/exports.js +74 -0
  1920. package/dist/llm-adapters/exports.js.map +1 -0
  1921. package/dist/llm-adapters/gemini.d.ts +106 -0
  1922. package/dist/llm-adapters/gemini.d.ts.map +1 -0
  1923. package/dist/llm-adapters/gemini.js +201 -0
  1924. package/dist/llm-adapters/gemini.js.map +1 -0
  1925. package/dist/llm-adapters/gemma.d.ts +200 -0
  1926. package/dist/llm-adapters/gemma.d.ts.map +1 -0
  1927. package/dist/llm-adapters/gemma.js +270 -0
  1928. package/dist/llm-adapters/gemma.js.map +1 -0
  1929. package/dist/llm-adapters/google.d.ts +221 -0
  1930. package/dist/llm-adapters/google.d.ts.map +1 -0
  1931. package/dist/llm-adapters/google.js +1176 -0
  1932. package/dist/llm-adapters/google.js.map +1 -0
  1933. package/dist/llm-adapters/huggingface.d.ts +354 -0
  1934. package/dist/llm-adapters/huggingface.d.ts.map +1 -0
  1935. package/dist/llm-adapters/huggingface.js +622 -0
  1936. package/dist/llm-adapters/huggingface.js.map +1 -0
  1937. package/dist/llm-adapters/index.d.ts +331 -0
  1938. package/dist/llm-adapters/index.d.ts.map +1 -0
  1939. package/dist/llm-adapters/index.js +96 -0
  1940. package/dist/llm-adapters/index.js.map +1 -0
  1941. package/dist/llm-adapters/ollama.d.ts +90 -0
  1942. package/dist/llm-adapters/ollama.d.ts.map +1 -0
  1943. package/dist/llm-adapters/ollama.js +624 -0
  1944. package/dist/llm-adapters/ollama.js.map +1 -0
  1945. package/dist/llm-adapters/openai.d.ts +168 -0
  1946. package/dist/llm-adapters/openai.d.ts.map +1 -0
  1947. package/dist/llm-adapters/openai.js +363 -0
  1948. package/dist/llm-adapters/openai.js.map +1 -0
  1949. package/dist/llm-adapters/replicate-llama.d.ts +327 -0
  1950. package/dist/llm-adapters/replicate-llama.d.ts.map +1 -0
  1951. package/dist/llm-adapters/replicate-llama.js +600 -0
  1952. package/dist/llm-adapters/replicate-llama.js.map +1 -0
  1953. package/dist/llm-adapters/shared.d.ts +104 -0
  1954. package/dist/llm-adapters/shared.d.ts.map +1 -0
  1955. package/dist/llm-adapters/shared.js +341 -0
  1956. package/dist/llm-adapters/shared.js.map +1 -0
  1957. package/dist/llm-adapters/supported-models-catalog.d.ts +112 -0
  1958. package/dist/llm-adapters/supported-models-catalog.d.ts.map +1 -0
  1959. package/dist/llm-adapters/supported-models-catalog.js +748 -0
  1960. package/dist/llm-adapters/supported-models-catalog.js.map +1 -0
  1961. package/dist/observability/destination-health-monitor.d.ts +147 -0
  1962. package/dist/observability/destination-health-monitor.d.ts.map +1 -0
  1963. package/dist/observability/destination-health-monitor.js +244 -0
  1964. package/dist/observability/destination-health-monitor.js.map +1 -0
  1965. package/dist/observability/health-metrics-store.d.ts +112 -0
  1966. package/dist/observability/health-metrics-store.d.ts.map +1 -0
  1967. package/dist/observability/health-metrics-store.js +131 -0
  1968. package/dist/observability/health-metrics-store.js.map +1 -0
  1969. package/dist/orchestrator-adapters/autogen.d.ts +225 -0
  1970. package/dist/orchestrator-adapters/autogen.d.ts.map +1 -0
  1971. package/dist/orchestrator-adapters/autogen.js +522 -0
  1972. package/dist/orchestrator-adapters/autogen.js.map +1 -0
  1973. package/dist/orchestrator-adapters/base.d.ts +100 -0
  1974. package/dist/orchestrator-adapters/base.d.ts.map +1 -0
  1975. package/dist/orchestrator-adapters/base.js +403 -0
  1976. package/dist/orchestrator-adapters/base.js.map +1 -0
  1977. package/dist/orchestrator-adapters/bedrock-agentcore.d.ts +314 -0
  1978. package/dist/orchestrator-adapters/bedrock-agentcore.d.ts.map +1 -0
  1979. package/dist/orchestrator-adapters/bedrock-agentcore.js +845 -0
  1980. package/dist/orchestrator-adapters/bedrock-agentcore.js.map +1 -0
  1981. package/dist/orchestrator-adapters/claude-agent-sdk.d.ts +288 -0
  1982. package/dist/orchestrator-adapters/claude-agent-sdk.d.ts.map +1 -0
  1983. package/dist/orchestrator-adapters/claude-agent-sdk.js +732 -0
  1984. package/dist/orchestrator-adapters/claude-agent-sdk.js.map +1 -0
  1985. package/dist/orchestrator-adapters/crewai.d.ts +161 -0
  1986. package/dist/orchestrator-adapters/crewai.d.ts.map +1 -0
  1987. package/dist/orchestrator-adapters/crewai.js +507 -0
  1988. package/dist/orchestrator-adapters/crewai.js.map +1 -0
  1989. package/dist/orchestrator-adapters/deepagents.d.ts +218 -0
  1990. package/dist/orchestrator-adapters/deepagents.d.ts.map +1 -0
  1991. package/dist/orchestrator-adapters/deepagents.js +382 -0
  1992. package/dist/orchestrator-adapters/deepagents.js.map +1 -0
  1993. package/dist/orchestrator-adapters/exports.d.ts +30 -0
  1994. package/dist/orchestrator-adapters/exports.d.ts.map +1 -0
  1995. package/dist/orchestrator-adapters/exports.js +94 -0
  1996. package/dist/orchestrator-adapters/exports.js.map +1 -0
  1997. package/dist/orchestrator-adapters/google-adk.d.ts +306 -0
  1998. package/dist/orchestrator-adapters/google-adk.d.ts.map +1 -0
  1999. package/dist/orchestrator-adapters/google-adk.js +805 -0
  2000. package/dist/orchestrator-adapters/google-adk.js.map +1 -0
  2001. package/dist/orchestrator-adapters/haystack.d.ts +327 -0
  2002. package/dist/orchestrator-adapters/haystack.d.ts.map +1 -0
  2003. package/dist/orchestrator-adapters/haystack.js +841 -0
  2004. package/dist/orchestrator-adapters/haystack.js.map +1 -0
  2005. package/dist/orchestrator-adapters/index.d.ts +328 -0
  2006. package/dist/orchestrator-adapters/index.d.ts.map +1 -0
  2007. package/dist/orchestrator-adapters/index.js +117 -0
  2008. package/dist/orchestrator-adapters/index.js.map +1 -0
  2009. package/dist/orchestrator-adapters/langchain.d.ts +186 -0
  2010. package/dist/orchestrator-adapters/langchain.d.ts.map +1 -0
  2011. package/dist/orchestrator-adapters/langchain.js +495 -0
  2012. package/dist/orchestrator-adapters/langchain.js.map +1 -0
  2013. package/dist/orchestrator-adapters/langgraph.d.ts +234 -0
  2014. package/dist/orchestrator-adapters/langgraph.d.ts.map +1 -0
  2015. package/dist/orchestrator-adapters/langgraph.js +502 -0
  2016. package/dist/orchestrator-adapters/langgraph.js.map +1 -0
  2017. package/dist/orchestrator-adapters/llamaindex.d.ts +325 -0
  2018. package/dist/orchestrator-adapters/llamaindex.d.ts.map +1 -0
  2019. package/dist/orchestrator-adapters/llamaindex.js +850 -0
  2020. package/dist/orchestrator-adapters/llamaindex.js.map +1 -0
  2021. package/dist/orchestrator-adapters/openai-agents.d.ts +238 -0
  2022. package/dist/orchestrator-adapters/openai-agents.d.ts.map +1 -0
  2023. package/dist/orchestrator-adapters/openai-agents.js +532 -0
  2024. package/dist/orchestrator-adapters/openai-agents.js.map +1 -0
  2025. package/dist/orchestrator-adapters/openclaw.d.ts +327 -0
  2026. package/dist/orchestrator-adapters/openclaw.d.ts.map +1 -0
  2027. package/dist/orchestrator-adapters/openclaw.js +896 -0
  2028. package/dist/orchestrator-adapters/openclaw.js.map +1 -0
  2029. package/dist/orchestrator-adapters/orchestrator-adapter.d.ts +170 -0
  2030. package/dist/orchestrator-adapters/orchestrator-adapter.d.ts.map +1 -0
  2031. package/dist/orchestrator-adapters/orchestrator-adapter.js +34 -0
  2032. package/dist/orchestrator-adapters/orchestrator-adapter.js.map +1 -0
  2033. package/dist/orchestrator-adapters/paperclip-adapter.d.ts +91 -0
  2034. package/dist/orchestrator-adapters/paperclip-adapter.d.ts.map +1 -0
  2035. package/dist/orchestrator-adapters/paperclip-adapter.js +403 -0
  2036. package/dist/orchestrator-adapters/paperclip-adapter.js.map +1 -0
  2037. package/dist/orchestrator-adapters/semantic-kernel.d.ts +218 -0
  2038. package/dist/orchestrator-adapters/semantic-kernel.d.ts.map +1 -0
  2039. package/dist/orchestrator-adapters/semantic-kernel.js +525 -0
  2040. package/dist/orchestrator-adapters/semantic-kernel.js.map +1 -0
  2041. package/dist/orchestrator-adapters/shared.d.ts +49 -0
  2042. package/dist/orchestrator-adapters/shared.d.ts.map +1 -0
  2043. package/dist/orchestrator-adapters/shared.js +161 -0
  2044. package/dist/orchestrator-adapters/shared.js.map +1 -0
  2045. package/dist/packs/_base-classifiers.d.ts +73 -0
  2046. package/dist/packs/_base-classifiers.d.ts.map +1 -0
  2047. package/dist/packs/_base-classifiers.js +165 -0
  2048. package/dist/packs/_base-classifiers.js.map +1 -0
  2049. package/dist/packs/aba.d.ts +41 -0
  2050. package/dist/packs/aba.d.ts.map +1 -0
  2051. package/dist/packs/aba.js +300 -0
  2052. package/dist/packs/aba.js.map +1 -0
  2053. package/dist/packs/as-9100.d.ts +130 -0
  2054. package/dist/packs/as-9100.d.ts.map +1 -0
  2055. package/dist/packs/as-9100.js +817 -0
  2056. package/dist/packs/as-9100.js.map +1 -0
  2057. package/dist/packs/au-act-hrpaa.d.ts +68 -0
  2058. package/dist/packs/au-act-hrpaa.d.ts.map +1 -0
  2059. package/dist/packs/au-act-hrpaa.js +293 -0
  2060. package/dist/packs/au-act-hrpaa.js.map +1 -0
  2061. package/dist/packs/au-aiethics-framework.d.ts +68 -0
  2062. package/dist/packs/au-aiethics-framework.d.ts.map +1 -0
  2063. package/dist/packs/au-aiethics-framework.js +344 -0
  2064. package/dist/packs/au-aiethics-framework.js.map +1 -0
  2065. package/dist/packs/au-aml-ctf.d.ts +67 -0
  2066. package/dist/packs/au-aml-ctf.d.ts.map +1 -0
  2067. package/dist/packs/au-aml-ctf.js +349 -0
  2068. package/dist/packs/au-aml-ctf.js.map +1 -0
  2069. package/dist/packs/au-asic-rg-271.d.ts +50 -0
  2070. package/dist/packs/au-asic-rg-271.d.ts.map +1 -0
  2071. package/dist/packs/au-asic-rg-271.js +271 -0
  2072. package/dist/packs/au-asic-rg-271.js.map +1 -0
  2073. package/dist/packs/au-asic-rg-274.d.ts +51 -0
  2074. package/dist/packs/au-asic-rg-274.d.ts.map +1 -0
  2075. package/dist/packs/au-asic-rg-274.js +271 -0
  2076. package/dist/packs/au-asic-rg-274.js.map +1 -0
  2077. package/dist/packs/au-cdr.d.ts +49 -0
  2078. package/dist/packs/au-cdr.d.ts.map +1 -0
  2079. package/dist/packs/au-cdr.js +308 -0
  2080. package/dist/packs/au-cdr.js.map +1 -0
  2081. package/dist/packs/au-cps230.d.ts +50 -0
  2082. package/dist/packs/au-cps230.d.ts.map +1 -0
  2083. package/dist/packs/au-cps230.js +267 -0
  2084. package/dist/packs/au-cps230.js.map +1 -0
  2085. package/dist/packs/au-cps234.d.ts +56 -0
  2086. package/dist/packs/au-cps234.d.ts.map +1 -0
  2087. package/dist/packs/au-cps234.js +300 -0
  2088. package/dist/packs/au-cps234.js.map +1 -0
  2089. package/dist/packs/au-mandatory-ai-guardrails.d.ts +61 -0
  2090. package/dist/packs/au-mandatory-ai-guardrails.d.ts.map +1 -0
  2091. package/dist/packs/au-mandatory-ai-guardrails.js +274 -0
  2092. package/dist/packs/au-mandatory-ai-guardrails.js.map +1 -0
  2093. package/dist/packs/au-nsw-hripa.d.ts +78 -0
  2094. package/dist/packs/au-nsw-hripa.d.ts.map +1 -0
  2095. package/dist/packs/au-nsw-hripa.js +366 -0
  2096. package/dist/packs/au-nsw-hripa.js.map +1 -0
  2097. package/dist/packs/au-online-safety.d.ts +55 -0
  2098. package/dist/packs/au-online-safety.d.ts.map +1 -0
  2099. package/dist/packs/au-online-safety.js +300 -0
  2100. package/dist/packs/au-online-safety.js.map +1 -0
  2101. package/dist/packs/au-privacy-act.d.ts +54 -0
  2102. package/dist/packs/au-privacy-act.d.ts.map +1 -0
  2103. package/dist/packs/au-privacy-act.js +364 -0
  2104. package/dist/packs/au-privacy-act.js.map +1 -0
  2105. package/dist/packs/au-soci-act.d.ts +53 -0
  2106. package/dist/packs/au-soci-act.d.ts.map +1 -0
  2107. package/dist/packs/au-soci-act.js +254 -0
  2108. package/dist/packs/au-soci-act.js.map +1 -0
  2109. package/dist/packs/au-spam-act.d.ts +54 -0
  2110. package/dist/packs/au-spam-act.d.ts.map +1 -0
  2111. package/dist/packs/au-spam-act.js +287 -0
  2112. package/dist/packs/au-spam-act.js.map +1 -0
  2113. package/dist/packs/au-tga-saimd.d.ts +74 -0
  2114. package/dist/packs/au-tga-saimd.d.ts.map +1 -0
  2115. package/dist/packs/au-tga-saimd.js +344 -0
  2116. package/dist/packs/au-tga-saimd.js.map +1 -0
  2117. package/dist/packs/au-vic-hra.d.ts +70 -0
  2118. package/dist/packs/au-vic-hra.d.ts.map +1 -0
  2119. package/dist/packs/au-vic-hra.js +348 -0
  2120. package/dist/packs/au-vic-hra.js.map +1 -0
  2121. package/dist/packs/bipa.d.ts +30 -0
  2122. package/dist/packs/bipa.d.ts.map +1 -0
  2123. package/dist/packs/bipa.js +271 -0
  2124. package/dist/packs/bipa.js.map +1 -0
  2125. package/dist/packs/bsa-aml.d.ts +52 -0
  2126. package/dist/packs/bsa-aml.d.ts.map +1 -0
  2127. package/dist/packs/bsa-aml.js +413 -0
  2128. package/dist/packs/bsa-aml.js.map +1 -0
  2129. package/dist/packs/ca-pipeda.d.ts +48 -0
  2130. package/dist/packs/ca-pipeda.d.ts.map +1 -0
  2131. package/dist/packs/ca-pipeda.js +220 -0
  2132. package/dist/packs/ca-pipeda.js.map +1 -0
  2133. package/dist/packs/ca-qc-law25.d.ts +46 -0
  2134. package/dist/packs/ca-qc-law25.d.ts.map +1 -0
  2135. package/dist/packs/ca-qc-law25.js +191 -0
  2136. package/dist/packs/ca-qc-law25.js.map +1 -0
  2137. package/dist/packs/caldicott-principles.d.ts +86 -0
  2138. package/dist/packs/caldicott-principles.d.ts.map +1 -0
  2139. package/dist/packs/caldicott-principles.js +444 -0
  2140. package/dist/packs/caldicott-principles.js.map +1 -0
  2141. package/dist/packs/california-ab2930.d.ts +58 -0
  2142. package/dist/packs/california-ab2930.d.ts.map +1 -0
  2143. package/dist/packs/california-ab2930.js +413 -0
  2144. package/dist/packs/california-ab2930.js.map +1 -0
  2145. package/dist/packs/ccpa.d.ts +47 -0
  2146. package/dist/packs/ccpa.d.ts.map +1 -0
  2147. package/dist/packs/ccpa.js +399 -0
  2148. package/dist/packs/ccpa.js.map +1 -0
  2149. package/dist/packs/cfpb-2023-03.d.ts +32 -0
  2150. package/dist/packs/cfpb-2023-03.d.ts.map +1 -0
  2151. package/dist/packs/cfpb-2023-03.js +285 -0
  2152. package/dist/packs/cfpb-2023-03.js.map +1 -0
  2153. package/dist/packs/check-registry.d.ts +76 -0
  2154. package/dist/packs/check-registry.d.ts.map +1 -0
  2155. package/dist/packs/check-registry.js +3341 -0
  2156. package/dist/packs/check-registry.js.map +1 -0
  2157. package/dist/packs/cjis.d.ts +61 -0
  2158. package/dist/packs/cjis.d.ts.map +1 -0
  2159. package/dist/packs/cjis.js +345 -0
  2160. package/dist/packs/cjis.js.map +1 -0
  2161. package/dist/packs/cma-ai-foundation-models.d.ts +74 -0
  2162. package/dist/packs/cma-ai-foundation-models.d.ts.map +1 -0
  2163. package/dist/packs/cma-ai-foundation-models.js +397 -0
  2164. package/dist/packs/cma-ai-foundation-models.js.map +1 -0
  2165. package/dist/packs/cmmc2.d.ts +69 -0
  2166. package/dist/packs/cmmc2.d.ts.map +1 -0
  2167. package/dist/packs/cmmc2.js +350 -0
  2168. package/dist/packs/cmmc2.js.map +1 -0
  2169. package/dist/packs/cms-interoperability.d.ts +55 -0
  2170. package/dist/packs/cms-interoperability.d.ts.map +1 -0
  2171. package/dist/packs/cms-interoperability.js +390 -0
  2172. package/dist/packs/cms-interoperability.js.map +1 -0
  2173. package/dist/packs/cn-dsl-csl.d.ts +52 -0
  2174. package/dist/packs/cn-dsl-csl.d.ts.map +1 -0
  2175. package/dist/packs/cn-dsl-csl.js +137 -0
  2176. package/dist/packs/cn-dsl-csl.js.map +1 -0
  2177. package/dist/packs/colorado-ai.d.ts +77 -0
  2178. package/dist/packs/colorado-ai.d.ts.map +1 -0
  2179. package/dist/packs/colorado-ai.js +379 -0
  2180. package/dist/packs/colorado-ai.js.map +1 -0
  2181. package/dist/packs/common-rule.d.ts +91 -0
  2182. package/dist/packs/common-rule.d.ts.map +1 -0
  2183. package/dist/packs/common-rule.js +473 -0
  2184. package/dist/packs/common-rule.js.map +1 -0
  2185. package/dist/packs/coppa.d.ts +84 -0
  2186. package/dist/packs/coppa.d.ts.map +1 -0
  2187. package/dist/packs/coppa.js +409 -0
  2188. package/dist/packs/coppa.js.map +1 -0
  2189. package/dist/packs/cyber-essentials.d.ts +63 -0
  2190. package/dist/packs/cyber-essentials.d.ts.map +1 -0
  2191. package/dist/packs/cyber-essentials.js +407 -0
  2192. package/dist/packs/cyber-essentials.js.map +1 -0
  2193. package/dist/packs/de-bdsg.d.ts +66 -0
  2194. package/dist/packs/de-bdsg.d.ts.map +1 -0
  2195. package/dist/packs/de-bdsg.js +416 -0
  2196. package/dist/packs/de-bdsg.js.map +1 -0
  2197. package/dist/packs/do-178c.d.ts +98 -0
  2198. package/dist/packs/do-178c.d.ts.map +1 -0
  2199. package/dist/packs/do-178c.js +726 -0
  2200. package/dist/packs/do-178c.js.map +1 -0
  2201. package/dist/packs/dora.d.ts +48 -0
  2202. package/dist/packs/dora.d.ts.map +1 -0
  2203. package/dist/packs/dora.js +361 -0
  2204. package/dist/packs/dora.js.map +1 -0
  2205. package/dist/packs/ecoa.d.ts +46 -0
  2206. package/dist/packs/ecoa.d.ts.map +1 -0
  2207. package/dist/packs/ecoa.js +389 -0
  2208. package/dist/packs/ecoa.js.map +1 -0
  2209. package/dist/packs/eu-ai-liability.d.ts +39 -0
  2210. package/dist/packs/eu-ai-liability.d.ts.map +1 -0
  2211. package/dist/packs/eu-ai-liability.js +303 -0
  2212. package/dist/packs/eu-ai-liability.js.map +1 -0
  2213. package/dist/packs/eu-cra.d.ts +50 -0
  2214. package/dist/packs/eu-cra.d.ts.map +1 -0
  2215. package/dist/packs/eu-cra.js +143 -0
  2216. package/dist/packs/eu-cra.js.map +1 -0
  2217. package/dist/packs/eu-data-act.d.ts +49 -0
  2218. package/dist/packs/eu-data-act.d.ts.map +1 -0
  2219. package/dist/packs/eu-data-act.js +141 -0
  2220. package/dist/packs/eu-data-act.js.map +1 -0
  2221. package/dist/packs/eu-dma.d.ts +59 -0
  2222. package/dist/packs/eu-dma.d.ts.map +1 -0
  2223. package/dist/packs/eu-dma.js +188 -0
  2224. package/dist/packs/eu-dma.js.map +1 -0
  2225. package/dist/packs/eu-dsa.d.ts +54 -0
  2226. package/dist/packs/eu-dsa.d.ts.map +1 -0
  2227. package/dist/packs/eu-dsa.js +179 -0
  2228. package/dist/packs/eu-dsa.js.map +1 -0
  2229. package/dist/packs/eu-lpp.d.ts +61 -0
  2230. package/dist/packs/eu-lpp.d.ts.map +1 -0
  2231. package/dist/packs/eu-lpp.js +345 -0
  2232. package/dist/packs/eu-lpp.js.map +1 -0
  2233. package/dist/packs/eu-mdr-ivdr.d.ts +67 -0
  2234. package/dist/packs/eu-mdr-ivdr.d.ts.map +1 -0
  2235. package/dist/packs/eu-mdr-ivdr.js +420 -0
  2236. package/dist/packs/eu-mdr-ivdr.js.map +1 -0
  2237. package/dist/packs/euaiact.d.ts +51 -0
  2238. package/dist/packs/euaiact.d.ts.map +1 -0
  2239. package/dist/packs/euaiact.js +344 -0
  2240. package/dist/packs/euaiact.js.map +1 -0
  2241. package/dist/packs/fca-consumer-duty.d.ts +65 -0
  2242. package/dist/packs/fca-consumer-duty.d.ts.map +1 -0
  2243. package/dist/packs/fca-consumer-duty.js +412 -0
  2244. package/dist/packs/fca-consumer-duty.js.map +1 -0
  2245. package/dist/packs/fca-op-resilience.d.ts +53 -0
  2246. package/dist/packs/fca-op-resilience.d.ts.map +1 -0
  2247. package/dist/packs/fca-op-resilience.js +353 -0
  2248. package/dist/packs/fca-op-resilience.js.map +1 -0
  2249. package/dist/packs/fcra.d.ts +47 -0
  2250. package/dist/packs/fcra.d.ts.map +1 -0
  2251. package/dist/packs/fcra.js +444 -0
  2252. package/dist/packs/fcra.js.map +1 -0
  2253. package/dist/packs/fda-21-cfr-820.d.ts +53 -0
  2254. package/dist/packs/fda-21-cfr-820.d.ts.map +1 -0
  2255. package/dist/packs/fda-21-cfr-820.js +609 -0
  2256. package/dist/packs/fda-21-cfr-820.js.map +1 -0
  2257. package/dist/packs/fda-samd-precert.d.ts +122 -0
  2258. package/dist/packs/fda-samd-precert.d.ts.map +1 -0
  2259. package/dist/packs/fda-samd-precert.js +866 -0
  2260. package/dist/packs/fda-samd-precert.js.map +1 -0
  2261. package/dist/packs/fda-samd.d.ts +42 -0
  2262. package/dist/packs/fda-samd.d.ts.map +1 -0
  2263. package/dist/packs/fda-samd.js +317 -0
  2264. package/dist/packs/fda-samd.js.map +1 -0
  2265. package/dist/packs/fedramp.d.ts +51 -0
  2266. package/dist/packs/fedramp.d.ts.map +1 -0
  2267. package/dist/packs/fedramp.js +321 -0
  2268. package/dist/packs/fedramp.js.map +1 -0
  2269. package/dist/packs/ferpa.d.ts +57 -0
  2270. package/dist/packs/ferpa.d.ts.map +1 -0
  2271. package/dist/packs/ferpa.js +312 -0
  2272. package/dist/packs/ferpa.js.map +1 -0
  2273. package/dist/packs/finra-3110.d.ts +53 -0
  2274. package/dist/packs/finra-3110.d.ts.map +1 -0
  2275. package/dist/packs/finra-3110.js +354 -0
  2276. package/dist/packs/finra-3110.js.map +1 -0
  2277. package/dist/packs/florida-student-privacy.d.ts +104 -0
  2278. package/dist/packs/florida-student-privacy.d.ts.map +1 -0
  2279. package/dist/packs/florida-student-privacy.js +451 -0
  2280. package/dist/packs/florida-student-privacy.js.map +1 -0
  2281. package/dist/packs/foia.d.ts +46 -0
  2282. package/dist/packs/foia.d.ts.map +1 -0
  2283. package/dist/packs/foia.js +397 -0
  2284. package/dist/packs/foia.js.map +1 -0
  2285. package/dist/packs/frcp26.d.ts +52 -0
  2286. package/dist/packs/frcp26.d.ts.map +1 -0
  2287. package/dist/packs/frcp26.js +297 -0
  2288. package/dist/packs/frcp26.js.map +1 -0
  2289. package/dist/packs/ftc5.d.ts +35 -0
  2290. package/dist/packs/ftc5.d.ts.map +1 -0
  2291. package/dist/packs/ftc5.js +293 -0
  2292. package/dist/packs/ftc5.js.map +1 -0
  2293. package/dist/packs/gdpr.d.ts +41 -0
  2294. package/dist/packs/gdpr.d.ts.map +1 -0
  2295. package/dist/packs/gdpr.js +490 -0
  2296. package/dist/packs/gdpr.js.map +1 -0
  2297. package/dist/packs/glba.d.ts +34 -0
  2298. package/dist/packs/glba.d.ts.map +1 -0
  2299. package/dist/packs/glba.js +424 -0
  2300. package/dist/packs/glba.js.map +1 -0
  2301. package/dist/packs/gxp.d.ts +43 -0
  2302. package/dist/packs/gxp.d.ts.map +1 -0
  2303. package/dist/packs/gxp.js +353 -0
  2304. package/dist/packs/gxp.js.map +1 -0
  2305. package/dist/packs/hipaa.d.ts +47 -0
  2306. package/dist/packs/hipaa.d.ts.map +1 -0
  2307. package/dist/packs/hipaa.js +384 -0
  2308. package/dist/packs/hipaa.js.map +1 -0
  2309. package/dist/packs/hitech.d.ts +43 -0
  2310. package/dist/packs/hitech.d.ts.map +1 -0
  2311. package/dist/packs/hitech.js +292 -0
  2312. package/dist/packs/hitech.js.map +1 -0
  2313. package/dist/packs/hitrust-csf.d.ts +41 -0
  2314. package/dist/packs/hitrust-csf.d.ts.map +1 -0
  2315. package/dist/packs/hitrust-csf.js +122 -0
  2316. package/dist/packs/hitrust-csf.js.map +1 -0
  2317. package/dist/packs/hk-pdpo.d.ts +38 -0
  2318. package/dist/packs/hk-pdpo.d.ts.map +1 -0
  2319. package/dist/packs/hk-pdpo.js +125 -0
  2320. package/dist/packs/hk-pdpo.js.map +1 -0
  2321. package/dist/packs/hmda.d.ts +42 -0
  2322. package/dist/packs/hmda.d.ts.map +1 -0
  2323. package/dist/packs/hmda.js +382 -0
  2324. package/dist/packs/hmda.js.map +1 -0
  2325. package/dist/packs/iec-62304.d.ts +79 -0
  2326. package/dist/packs/iec-62304.d.ts.map +1 -0
  2327. package/dist/packs/iec-62304.js +588 -0
  2328. package/dist/packs/iec-62304.js.map +1 -0
  2329. package/dist/packs/iec-62443.d.ts +112 -0
  2330. package/dist/packs/iec-62443.d.ts.map +1 -0
  2331. package/dist/packs/iec-62443.js +689 -0
  2332. package/dist/packs/iec-62443.js.map +1 -0
  2333. package/dist/packs/illinois-aivia.d.ts +56 -0
  2334. package/dist/packs/illinois-aivia.d.ts.map +1 -0
  2335. package/dist/packs/illinois-aivia.js +351 -0
  2336. package/dist/packs/illinois-aivia.js.map +1 -0
  2337. package/dist/packs/in-dpdp.d.ts +82 -0
  2338. package/dist/packs/in-dpdp.d.ts.map +1 -0
  2339. package/dist/packs/in-dpdp.js +432 -0
  2340. package/dist/packs/in-dpdp.js.map +1 -0
  2341. package/dist/packs/index.d.ts +468 -0
  2342. package/dist/packs/index.d.ts.map +1 -0
  2343. package/dist/packs/index.js +672 -0
  2344. package/dist/packs/index.js.map +1 -0
  2345. package/dist/packs/iso-15189.d.ts +143 -0
  2346. package/dist/packs/iso-15189.d.ts.map +1 -0
  2347. package/dist/packs/iso-15189.js +947 -0
  2348. package/dist/packs/iso-15189.js.map +1 -0
  2349. package/dist/packs/iso-23894.d.ts +40 -0
  2350. package/dist/packs/iso-23894.d.ts.map +1 -0
  2351. package/dist/packs/iso-23894.js +445 -0
  2352. package/dist/packs/iso-23894.js.map +1 -0
  2353. package/dist/packs/iso-26262.d.ts +97 -0
  2354. package/dist/packs/iso-26262.d.ts.map +1 -0
  2355. package/dist/packs/iso-26262.js +737 -0
  2356. package/dist/packs/iso-26262.js.map +1 -0
  2357. package/dist/packs/iso-iec-80001.d.ts +151 -0
  2358. package/dist/packs/iso-iec-80001.d.ts.map +1 -0
  2359. package/dist/packs/iso-iec-80001.js +996 -0
  2360. package/dist/packs/iso-iec-80001.js.map +1 -0
  2361. package/dist/packs/iso20022.d.ts +54 -0
  2362. package/dist/packs/iso20022.d.ts.map +1 -0
  2363. package/dist/packs/iso20022.js +347 -0
  2364. package/dist/packs/iso20022.js.map +1 -0
  2365. package/dist/packs/iso27001.d.ts +46 -0
  2366. package/dist/packs/iso27001.d.ts.map +1 -0
  2367. package/dist/packs/iso27001.js +391 -0
  2368. package/dist/packs/iso27001.js.map +1 -0
  2369. package/dist/packs/iso27701.d.ts +53 -0
  2370. package/dist/packs/iso27701.d.ts.map +1 -0
  2371. package/dist/packs/iso27701.js +393 -0
  2372. package/dist/packs/iso27701.js.map +1 -0
  2373. package/dist/packs/iso42001.d.ts +47 -0
  2374. package/dist/packs/iso42001.d.ts.map +1 -0
  2375. package/dist/packs/iso42001.js +291 -0
  2376. package/dist/packs/iso42001.js.map +1 -0
  2377. package/dist/packs/jp-appi.d.ts +78 -0
  2378. package/dist/packs/jp-appi.d.ts.map +1 -0
  2379. package/dist/packs/jp-appi.js +441 -0
  2380. package/dist/packs/jp-appi.js.map +1 -0
  2381. package/dist/packs/kr-pipa.d.ts +74 -0
  2382. package/dist/packs/kr-pipa.d.ts.map +1 -0
  2383. package/dist/packs/kr-pipa.js +445 -0
  2384. package/dist/packs/kr-pipa.js.map +1 -0
  2385. package/dist/packs/lgpd.d.ts +32 -0
  2386. package/dist/packs/lgpd.d.ts.map +1 -0
  2387. package/dist/packs/lgpd.js +353 -0
  2388. package/dist/packs/lgpd.js.map +1 -0
  2389. package/dist/packs/lpo2024.d.ts +70 -0
  2390. package/dist/packs/lpo2024.d.ts.map +1 -0
  2391. package/dist/packs/lpo2024.js +310 -0
  2392. package/dist/packs/lpo2024.js.map +1 -0
  2393. package/dist/packs/maryland-hb1202.d.ts +53 -0
  2394. package/dist/packs/maryland-hb1202.d.ts.map +1 -0
  2395. package/dist/packs/maryland-hb1202.js +341 -0
  2396. package/dist/packs/maryland-hb1202.js.map +1 -0
  2397. package/dist/packs/mhra-samd-ukca.d.ts +79 -0
  2398. package/dist/packs/mhra-samd-ukca.d.ts.map +1 -0
  2399. package/dist/packs/mhra-samd-ukca.js +476 -0
  2400. package/dist/packs/mhra-samd-ukca.js.map +1 -0
  2401. package/dist/packs/mifid2.d.ts +51 -0
  2402. package/dist/packs/mifid2.d.ts.map +1 -0
  2403. package/dist/packs/mifid2.js +384 -0
  2404. package/dist/packs/mifid2.js.map +1 -0
  2405. package/dist/packs/migration-manifest.d.ts +30 -0
  2406. package/dist/packs/migration-manifest.d.ts.map +1 -0
  2407. package/dist/packs/migration-manifest.js +59 -0
  2408. package/dist/packs/migration-manifest.js.map +1 -0
  2409. package/dist/packs/naic-mdl.d.ts +50 -0
  2410. package/dist/packs/naic-mdl.d.ts.map +1 -0
  2411. package/dist/packs/naic-mdl.js +318 -0
  2412. package/dist/packs/naic-mdl.js.map +1 -0
  2413. package/dist/packs/ncsc-ai-security.d.ts +69 -0
  2414. package/dist/packs/ncsc-ai-security.d.ts.map +1 -0
  2415. package/dist/packs/ncsc-ai-security.js +629 -0
  2416. package/dist/packs/ncsc-ai-security.js.map +1 -0
  2417. package/dist/packs/ncsc-caf.d.ts +62 -0
  2418. package/dist/packs/ncsc-caf.d.ts.map +1 -0
  2419. package/dist/packs/ncsc-caf.js +384 -0
  2420. package/dist/packs/ncsc-caf.js.map +1 -0
  2421. package/dist/packs/nhs-dcb0129-dcb0160.d.ts +85 -0
  2422. package/dist/packs/nhs-dcb0129-dcb0160.d.ts.map +1 -0
  2423. package/dist/packs/nhs-dcb0129-dcb0160.js +473 -0
  2424. package/dist/packs/nhs-dcb0129-dcb0160.js.map +1 -0
  2425. package/dist/packs/nhs-dspt.d.ts +83 -0
  2426. package/dist/packs/nhs-dspt.d.ts.map +1 -0
  2427. package/dist/packs/nhs-dspt.js +437 -0
  2428. package/dist/packs/nhs-dspt.js.map +1 -0
  2429. package/dist/packs/nhs-dtac.d.ts +80 -0
  2430. package/dist/packs/nhs-dtac.d.ts.map +1 -0
  2431. package/dist/packs/nhs-dtac.js +402 -0
  2432. package/dist/packs/nhs-dtac.js.map +1 -0
  2433. package/dist/packs/nhs-psirf.d.ts +74 -0
  2434. package/dist/packs/nhs-psirf.d.ts.map +1 -0
  2435. package/dist/packs/nhs-psirf.js +417 -0
  2436. package/dist/packs/nhs-psirf.js.map +1 -0
  2437. package/dist/packs/ni-equality.d.ts +87 -0
  2438. package/dist/packs/ni-equality.d.ts.map +1 -0
  2439. package/dist/packs/ni-equality.js +439 -0
  2440. package/dist/packs/ni-equality.js.map +1 -0
  2441. package/dist/packs/ni-hscni.d.ts +76 -0
  2442. package/dist/packs/ni-hscni.d.ts.map +1 -0
  2443. package/dist/packs/ni-hscni.js +418 -0
  2444. package/dist/packs/ni-hscni.js.map +1 -0
  2445. package/dist/packs/ni-mental-capacity.d.ts +45 -0
  2446. package/dist/packs/ni-mental-capacity.d.ts.map +1 -0
  2447. package/dist/packs/ni-mental-capacity.js +133 -0
  2448. package/dist/packs/ni-mental-capacity.js.map +1 -0
  2449. package/dist/packs/nice-esf-dht.d.ts +72 -0
  2450. package/dist/packs/nice-esf-dht.d.ts.map +1 -0
  2451. package/dist/packs/nice-esf-dht.js +407 -0
  2452. package/dist/packs/nice-esf-dht.js.map +1 -0
  2453. package/dist/packs/nis2.d.ts +80 -0
  2454. package/dist/packs/nis2.d.ts.map +1 -0
  2455. package/dist/packs/nis2.js +425 -0
  2456. package/dist/packs/nis2.js.map +1 -0
  2457. package/dist/packs/nist-800-53.d.ts +40 -0
  2458. package/dist/packs/nist-800-53.d.ts.map +1 -0
  2459. package/dist/packs/nist-800-53.js +129 -0
  2460. package/dist/packs/nist-800-53.js.map +1 -0
  2461. package/dist/packs/nist-ai-rmf.d.ts +48 -0
  2462. package/dist/packs/nist-ai-rmf.d.ts.map +1 -0
  2463. package/dist/packs/nist-ai-rmf.js +370 -0
  2464. package/dist/packs/nist-ai-rmf.js.map +1 -0
  2465. package/dist/packs/nist-csf.d.ts +41 -0
  2466. package/dist/packs/nist-csf.d.ts.map +1 -0
  2467. package/dist/packs/nist-csf.js +134 -0
  2468. package/dist/packs/nist-csf.js.map +1 -0
  2469. package/dist/packs/nist-sp-800-82.d.ts +127 -0
  2470. package/dist/packs/nist-sp-800-82.d.ts.map +1 -0
  2471. package/dist/packs/nist-sp-800-82.js +724 -0
  2472. package/dist/packs/nist-sp-800-82.js.map +1 -0
  2473. package/dist/packs/nyc-ll-144.d.ts +38 -0
  2474. package/dist/packs/nyc-ll-144.d.ts.map +1 -0
  2475. package/dist/packs/nyc-ll-144.js +291 -0
  2476. package/dist/packs/nyc-ll-144.js.map +1 -0
  2477. package/dist/packs/nydfs500.d.ts +32 -0
  2478. package/dist/packs/nydfs500.d.ts.map +1 -0
  2479. package/dist/packs/nydfs500.js +288 -0
  2480. package/dist/packs/nydfs500.js.map +1 -0
  2481. package/dist/packs/nz-privacy.d.ts +91 -0
  2482. package/dist/packs/nz-privacy.d.ts.map +1 -0
  2483. package/dist/packs/nz-privacy.js +468 -0
  2484. package/dist/packs/nz-privacy.js.map +1 -0
  2485. package/dist/packs/part11.d.ts +31 -0
  2486. package/dist/packs/part11.d.ts.map +1 -0
  2487. package/dist/packs/part11.js +332 -0
  2488. package/dist/packs/part11.js.map +1 -0
  2489. package/dist/packs/part2.d.ts +42 -0
  2490. package/dist/packs/part2.d.ts.map +1 -0
  2491. package/dist/packs/part2.js +358 -0
  2492. package/dist/packs/part2.js.map +1 -0
  2493. package/dist/packs/pcidss.d.ts +72 -0
  2494. package/dist/packs/pcidss.d.ts.map +1 -0
  2495. package/dist/packs/pcidss.js +470 -0
  2496. package/dist/packs/pcidss.js.map +1 -0
  2497. package/dist/packs/pipl.d.ts +31 -0
  2498. package/dist/packs/pipl.d.ts.map +1 -0
  2499. package/dist/packs/pipl.js +208 -0
  2500. package/dist/packs/pipl.js.map +1 -0
  2501. package/dist/packs/reg-e.d.ts +55 -0
  2502. package/dist/packs/reg-e.d.ts.map +1 -0
  2503. package/dist/packs/reg-e.js +362 -0
  2504. package/dist/packs/reg-e.js.map +1 -0
  2505. package/dist/packs/registry-expanded.d.ts +76 -0
  2506. package/dist/packs/registry-expanded.d.ts.map +1 -0
  2507. package/dist/packs/registry-expanded.js +2354 -0
  2508. package/dist/packs/registry-expanded.js.map +1 -0
  2509. package/dist/packs/scotland-awi.d.ts +74 -0
  2510. package/dist/packs/scotland-awi.d.ts.map +1 -0
  2511. package/dist/packs/scotland-awi.js +408 -0
  2512. package/dist/packs/scotland-awi.js.map +1 -0
  2513. package/dist/packs/scotland-procurement-reform.d.ts +40 -0
  2514. package/dist/packs/scotland-procurement-reform.d.ts.map +1 -0
  2515. package/dist/packs/scotland-procurement-reform.js +125 -0
  2516. package/dist/packs/scotland-procurement-reform.js.map +1 -0
  2517. package/dist/packs/scotland-psed.d.ts +67 -0
  2518. package/dist/packs/scotland-psed.d.ts.map +1 -0
  2519. package/dist/packs/scotland-psed.js +372 -0
  2520. package/dist/packs/scotland-psed.js.map +1 -0
  2521. package/dist/packs/sg-model-ai-gov.d.ts +62 -0
  2522. package/dist/packs/sg-model-ai-gov.d.ts.map +1 -0
  2523. package/dist/packs/sg-model-ai-gov.js +396 -0
  2524. package/dist/packs/sg-model-ai-gov.js.map +1 -0
  2525. package/dist/packs/soc1.d.ts +34 -0
  2526. package/dist/packs/soc1.d.ts.map +1 -0
  2527. package/dist/packs/soc1.js +308 -0
  2528. package/dist/packs/soc1.js.map +1 -0
  2529. package/dist/packs/soc2.d.ts +44 -0
  2530. package/dist/packs/soc2.d.ts.map +1 -0
  2531. package/dist/packs/soc2.js +340 -0
  2532. package/dist/packs/soc2.js.map +1 -0
  2533. package/dist/packs/sox404.d.ts +32 -0
  2534. package/dist/packs/sox404.d.ts.map +1 -0
  2535. package/dist/packs/sox404.js +298 -0
  2536. package/dist/packs/sox404.js.map +1 -0
  2537. package/dist/packs/sr117.d.ts +35 -0
  2538. package/dist/packs/sr117.d.ts.map +1 -0
  2539. package/dist/packs/sr117.js +345 -0
  2540. package/dist/packs/sr117.js.map +1 -0
  2541. package/dist/packs/stateramp.d.ts +62 -0
  2542. package/dist/packs/stateramp.d.ts.map +1 -0
  2543. package/dist/packs/stateramp.js +327 -0
  2544. package/dist/packs/stateramp.js.map +1 -0
  2545. package/dist/packs/tennessee-elvis.d.ts +68 -0
  2546. package/dist/packs/tennessee-elvis.d.ts.map +1 -0
  2547. package/dist/packs/tennessee-elvis.js +420 -0
  2548. package/dist/packs/tennessee-elvis.js.map +1 -0
  2549. package/dist/packs/texas-hb4.d.ts +77 -0
  2550. package/dist/packs/texas-hb4.d.ts.map +1 -0
  2551. package/dist/packs/texas-hb4.js +396 -0
  2552. package/dist/packs/texas-hb4.js.map +1 -0
  2553. package/dist/packs/th-pdpa.d.ts +43 -0
  2554. package/dist/packs/th-pdpa.d.ts.map +1 -0
  2555. package/dist/packs/th-pdpa.js +128 -0
  2556. package/dist/packs/th-pdpa.js.map +1 -0
  2557. package/dist/packs/title-ix.d.ts +93 -0
  2558. package/dist/packs/title-ix.d.ts.map +1 -0
  2559. package/dist/packs/title-ix.js +447 -0
  2560. package/dist/packs/title-ix.js.map +1 -0
  2561. package/dist/packs/uk-ai-framework.d.ts +42 -0
  2562. package/dist/packs/uk-ai-framework.d.ts.map +1 -0
  2563. package/dist/packs/uk-ai-framework.js +355 -0
  2564. package/dist/packs/uk-ai-framework.js.map +1 -0
  2565. package/dist/packs/uk-cma-1990.d.ts +75 -0
  2566. package/dist/packs/uk-cma-1990.d.ts.map +1 -0
  2567. package/dist/packs/uk-cma-1990.js +406 -0
  2568. package/dist/packs/uk-cma-1990.js.map +1 -0
  2569. package/dist/packs/uk-equality-act-ai-bias.d.ts +54 -0
  2570. package/dist/packs/uk-equality-act-ai-bias.d.ts.map +1 -0
  2571. package/dist/packs/uk-equality-act-ai-bias.js +684 -0
  2572. package/dist/packs/uk-equality-act-ai-bias.js.map +1 -0
  2573. package/dist/packs/uk-equality-act.d.ts +69 -0
  2574. package/dist/packs/uk-equality-act.d.ts.map +1 -0
  2575. package/dist/packs/uk-equality-act.js +409 -0
  2576. package/dist/packs/uk-equality-act.js.map +1 -0
  2577. package/dist/packs/uk-future-ai-legislation.d.ts +42 -0
  2578. package/dist/packs/uk-future-ai-legislation.d.ts.map +1 -0
  2579. package/dist/packs/uk-future-ai-legislation.js +212 -0
  2580. package/dist/packs/uk-future-ai-legislation.js.map +1 -0
  2581. package/dist/packs/uk-gdpr.d.ts +74 -0
  2582. package/dist/packs/uk-gdpr.d.ts.map +1 -0
  2583. package/dist/packs/uk-gdpr.js +377 -0
  2584. package/dist/packs/uk-gdpr.js.map +1 -0
  2585. package/dist/packs/uk-ico-open-case.d.ts +65 -0
  2586. package/dist/packs/uk-ico-open-case.d.ts.map +1 -0
  2587. package/dist/packs/uk-ico-open-case.js +399 -0
  2588. package/dist/packs/uk-ico-open-case.js.map +1 -0
  2589. package/dist/packs/uk-nis-regs.d.ts +67 -0
  2590. package/dist/packs/uk-nis-regs.d.ts.map +1 -0
  2591. package/dist/packs/uk-nis-regs.js +366 -0
  2592. package/dist/packs/uk-nis-regs.js.map +1 -0
  2593. package/dist/packs/uk-online-safety-act.d.ts +68 -0
  2594. package/dist/packs/uk-online-safety-act.d.ts.map +1 -0
  2595. package/dist/packs/uk-online-safety-act.js +413 -0
  2596. package/dist/packs/uk-online-safety-act.js.map +1 -0
  2597. package/dist/packs/uk-procurement-act.d.ts +81 -0
  2598. package/dist/packs/uk-procurement-act.d.ts.map +1 -0
  2599. package/dist/packs/uk-procurement-act.js +434 -0
  2600. package/dist/packs/uk-procurement-act.js.map +1 -0
  2601. package/dist/packs/us-fda-21cfr56.d.ts +63 -0
  2602. package/dist/packs/us-fda-21cfr56.d.ts.map +1 -0
  2603. package/dist/packs/us-fda-21cfr56.js +367 -0
  2604. package/dist/packs/us-fda-21cfr56.js.map +1 -0
  2605. package/dist/packs/us-nih-coc.d.ts +43 -0
  2606. package/dist/packs/us-nih-coc.d.ts.map +1 -0
  2607. package/dist/packs/us-nih-coc.js +206 -0
  2608. package/dist/packs/us-nih-coc.js.map +1 -0
  2609. package/dist/packs/us-nih-dms.d.ts +43 -0
  2610. package/dist/packs/us-nih-dms.d.ts.map +1 -0
  2611. package/dist/packs/us-nih-dms.js +244 -0
  2612. package/dist/packs/us-nih-dms.js.map +1 -0
  2613. package/dist/packs/us-nih-gds.d.ts +41 -0
  2614. package/dist/packs/us-nih-gds.d.ts.map +1 -0
  2615. package/dist/packs/us-nih-gds.js +358 -0
  2616. package/dist/packs/us-nih-gds.js.map +1 -0
  2617. package/dist/packs/us-nih-it-security.d.ts +40 -0
  2618. package/dist/packs/us-nih-it-security.d.ts.map +1 -0
  2619. package/dist/packs/us-nih-it-security.js +206 -0
  2620. package/dist/packs/us-nih-it-security.js.map +1 -0
  2621. package/dist/packs/us-respa.d.ts +55 -0
  2622. package/dist/packs/us-respa.d.ts.map +1 -0
  2623. package/dist/packs/us-respa.js +364 -0
  2624. package/dist/packs/us-respa.js.map +1 -0
  2625. package/dist/packs/us-tila.d.ts +65 -0
  2626. package/dist/packs/us-tila.d.ts.map +1 -0
  2627. package/dist/packs/us-tila.js +353 -0
  2628. package/dist/packs/us-tila.js.map +1 -0
  2629. package/dist/packs/us-trid.d.ts +62 -0
  2630. package/dist/packs/us-trid.d.ts.map +1 -0
  2631. package/dist/packs/us-trid.js +345 -0
  2632. package/dist/packs/us-trid.js.map +1 -0
  2633. package/dist/packs/utah-ai-policy.d.ts +55 -0
  2634. package/dist/packs/utah-ai-policy.d.ts.map +1 -0
  2635. package/dist/packs/utah-ai-policy.js +340 -0
  2636. package/dist/packs/utah-ai-policy.js.map +1 -0
  2637. package/dist/packs/vn-pdpd.d.ts +40 -0
  2638. package/dist/packs/vn-pdpd.d.ts.map +1 -0
  2639. package/dist/packs/vn-pdpd.js +125 -0
  2640. package/dist/packs/vn-pdpd.js.map +1 -0
  2641. package/dist/packs/wales-future-generations.d.ts +67 -0
  2642. package/dist/packs/wales-future-generations.d.ts.map +1 -0
  2643. package/dist/packs/wales-future-generations.js +396 -0
  2644. package/dist/packs/wales-future-generations.js.map +1 -0
  2645. package/dist/reporting/governance-reporter.d.ts +196 -0
  2646. package/dist/reporting/governance-reporter.d.ts.map +1 -0
  2647. package/dist/reporting/governance-reporter.js +442 -0
  2648. package/dist/reporting/governance-reporter.js.map +1 -0
  2649. package/dist/retention/backup-retention-adapter.d.ts +72 -0
  2650. package/dist/retention/backup-retention-adapter.d.ts.map +1 -0
  2651. package/dist/retention/backup-retention-adapter.js +69 -0
  2652. package/dist/retention/backup-retention-adapter.js.map +1 -0
  2653. package/dist/retention/classification-rules.d.ts +59 -0
  2654. package/dist/retention/classification-rules.d.ts.map +1 -0
  2655. package/dist/retention/classification-rules.js +185 -0
  2656. package/dist/retention/classification-rules.js.map +1 -0
  2657. package/dist/retention/classifier.d.ts +195 -0
  2658. package/dist/retention/classifier.d.ts.map +1 -0
  2659. package/dist/retention/classifier.js +254 -0
  2660. package/dist/retention/classifier.js.map +1 -0
  2661. package/dist/retention/data-class.d.ts +70 -0
  2662. package/dist/retention/data-class.d.ts.map +1 -0
  2663. package/dist/retention/data-class.js +47 -0
  2664. package/dist/retention/data-class.js.map +1 -0
  2665. package/dist/retention/enforcement-log-store.d.ts +121 -0
  2666. package/dist/retention/enforcement-log-store.d.ts.map +1 -0
  2667. package/dist/retention/enforcement-log-store.js +183 -0
  2668. package/dist/retention/enforcement-log-store.js.map +1 -0
  2669. package/dist/retention/index.d.ts +31 -0
  2670. package/dist/retention/index.d.ts.map +1 -0
  2671. package/dist/retention/index.js +67 -0
  2672. package/dist/retention/index.js.map +1 -0
  2673. package/dist/retention/ingest-classifier.d.ts +126 -0
  2674. package/dist/retention/ingest-classifier.d.ts.map +1 -0
  2675. package/dist/retention/ingest-classifier.js +130 -0
  2676. package/dist/retention/ingest-classifier.js.map +1 -0
  2677. package/dist/retention/legal-hold-errors.d.ts +57 -0
  2678. package/dist/retention/legal-hold-errors.d.ts.map +1 -0
  2679. package/dist/retention/legal-hold-errors.js +99 -0
  2680. package/dist/retention/legal-hold-errors.js.map +1 -0
  2681. package/dist/retention/legal-hold-store.d.ts +191 -0
  2682. package/dist/retention/legal-hold-store.d.ts.map +1 -0
  2683. package/dist/retention/legal-hold-store.js +432 -0
  2684. package/dist/retention/legal-hold-store.js.map +1 -0
  2685. package/dist/retention/legal-hold.d.ts +122 -0
  2686. package/dist/retention/legal-hold.d.ts.map +1 -0
  2687. package/dist/retention/legal-hold.js +18 -0
  2688. package/dist/retention/legal-hold.js.map +1 -0
  2689. package/dist/retention/log-aggregators/datadog.d.ts +53 -0
  2690. package/dist/retention/log-aggregators/datadog.d.ts.map +1 -0
  2691. package/dist/retention/log-aggregators/datadog.js +157 -0
  2692. package/dist/retention/log-aggregators/datadog.js.map +1 -0
  2693. package/dist/retention/log-aggregators/index.d.ts +14 -0
  2694. package/dist/retention/log-aggregators/index.d.ts.map +1 -0
  2695. package/dist/retention/log-aggregators/index.js +18 -0
  2696. package/dist/retention/log-aggregators/index.js.map +1 -0
  2697. package/dist/retention/log-aggregators/log-aggregator.d.ts +62 -0
  2698. package/dist/retention/log-aggregators/log-aggregator.d.ts.map +1 -0
  2699. package/dist/retention/log-aggregators/log-aggregator.js +21 -0
  2700. package/dist/retention/log-aggregators/log-aggregator.js.map +1 -0
  2701. package/dist/retention/log-aggregators/noop.d.ts +23 -0
  2702. package/dist/retention/log-aggregators/noop.d.ts.map +1 -0
  2703. package/dist/retention/log-aggregators/noop.js +30 -0
  2704. package/dist/retention/log-aggregators/noop.js.map +1 -0
  2705. package/dist/retention/log-aggregators/sentinel.d.ts +75 -0
  2706. package/dist/retention/log-aggregators/sentinel.d.ts.map +1 -0
  2707. package/dist/retention/log-aggregators/sentinel.js +220 -0
  2708. package/dist/retention/log-aggregators/sentinel.js.map +1 -0
  2709. package/dist/retention/log-aggregators/splunk.d.ts +58 -0
  2710. package/dist/retention/log-aggregators/splunk.d.ts.map +1 -0
  2711. package/dist/retention/log-aggregators/splunk.js +151 -0
  2712. package/dist/retention/log-aggregators/splunk.js.map +1 -0
  2713. package/dist/retention/policy-matrix-errors.d.ts +80 -0
  2714. package/dist/retention/policy-matrix-errors.d.ts.map +1 -0
  2715. package/dist/retention/policy-matrix-errors.js +134 -0
  2716. package/dist/retention/policy-matrix-errors.js.map +1 -0
  2717. package/dist/retention/policy-matrix.d.ts +263 -0
  2718. package/dist/retention/policy-matrix.d.ts.map +1 -0
  2719. package/dist/retention/policy-matrix.js +584 -0
  2720. package/dist/retention/policy-matrix.js.map +1 -0
  2721. package/dist/scanner/gap-report.d.ts +108 -0
  2722. package/dist/scanner/gap-report.d.ts.map +1 -0
  2723. package/dist/scanner/gap-report.js +337 -0
  2724. package/dist/scanner/gap-report.js.map +1 -0
  2725. package/dist/scanner/index.d.ts +98 -0
  2726. package/dist/scanner/index.d.ts.map +1 -0
  2727. package/dist/scanner/index.js +453 -0
  2728. package/dist/scanner/index.js.map +1 -0
  2729. package/dist/scanner/manifest-integrity.d.ts +44 -0
  2730. package/dist/scanner/manifest-integrity.d.ts.map +1 -0
  2731. package/dist/scanner/manifest-integrity.js +155 -0
  2732. package/dist/scanner/manifest-integrity.js.map +1 -0
  2733. package/dist/scanner/remediation.d.ts +72 -0
  2734. package/dist/scanner/remediation.d.ts.map +1 -0
  2735. package/dist/scanner/remediation.js +292 -0
  2736. package/dist/scanner/remediation.js.map +1 -0
  2737. package/dist/security/access-review.d.ts +122 -0
  2738. package/dist/security/access-review.d.ts.map +1 -0
  2739. package/dist/security/access-review.js +272 -0
  2740. package/dist/security/access-review.js.map +1 -0
  2741. package/dist/security/agent-auth.d.ts +92 -0
  2742. package/dist/security/agent-auth.d.ts.map +1 -0
  2743. package/dist/security/agent-auth.js +290 -0
  2744. package/dist/security/agent-auth.js.map +1 -0
  2745. package/dist/security/anomaly-auto-suspend.d.ts +226 -0
  2746. package/dist/security/anomaly-auto-suspend.d.ts.map +1 -0
  2747. package/dist/security/anomaly-auto-suspend.js +384 -0
  2748. package/dist/security/anomaly-auto-suspend.js.map +1 -0
  2749. package/dist/security/anomaly-correlator.d.ts +66 -0
  2750. package/dist/security/anomaly-correlator.d.ts.map +1 -0
  2751. package/dist/security/anomaly-correlator.js +316 -0
  2752. package/dist/security/anomaly-correlator.js.map +1 -0
  2753. package/dist/security/anomaly-detector.d.ts +137 -0
  2754. package/dist/security/anomaly-detector.d.ts.map +1 -0
  2755. package/dist/security/anomaly-detector.js +298 -0
  2756. package/dist/security/anomaly-detector.js.map +1 -0
  2757. package/dist/security/anomaly-self-reflection.d.ts +168 -0
  2758. package/dist/security/anomaly-self-reflection.d.ts.map +1 -0
  2759. package/dist/security/anomaly-self-reflection.js +331 -0
  2760. package/dist/security/anomaly-self-reflection.js.map +1 -0
  2761. package/dist/security/built-in-llm-providers.d.ts +50 -0
  2762. package/dist/security/built-in-llm-providers.d.ts.map +1 -0
  2763. package/dist/security/built-in-llm-providers.js +83 -0
  2764. package/dist/security/built-in-llm-providers.js.map +1 -0
  2765. package/dist/security/circuit-breaker.d.ts +62 -0
  2766. package/dist/security/circuit-breaker.d.ts.map +1 -0
  2767. package/dist/security/circuit-breaker.js +183 -0
  2768. package/dist/security/circuit-breaker.js.map +1 -0
  2769. package/dist/security/data-classifier.d.ts +139 -0
  2770. package/dist/security/data-classifier.d.ts.map +1 -0
  2771. package/dist/security/data-classifier.js +483 -0
  2772. package/dist/security/data-classifier.js.map +1 -0
  2773. package/dist/security/encrypted-storage.d.ts +80 -0
  2774. package/dist/security/encrypted-storage.d.ts.map +1 -0
  2775. package/dist/security/encrypted-storage.js +257 -0
  2776. package/dist/security/encrypted-storage.js.map +1 -0
  2777. package/dist/security/encryption-layer.d.ts +115 -0
  2778. package/dist/security/encryption-layer.d.ts.map +1 -0
  2779. package/dist/security/encryption-layer.js +374 -0
  2780. package/dist/security/encryption-layer.js.map +1 -0
  2781. package/dist/security/external-cross-check.d.ts +206 -0
  2782. package/dist/security/external-cross-check.d.ts.map +1 -0
  2783. package/dist/security/external-cross-check.js +490 -0
  2784. package/dist/security/external-cross-check.js.map +1 -0
  2785. package/dist/security/hash-manifest.d.ts +70 -0
  2786. package/dist/security/hash-manifest.d.ts.map +1 -0
  2787. package/dist/security/hash-manifest.js +266 -0
  2788. package/dist/security/hash-manifest.js.map +1 -0
  2789. package/dist/security/http-interceptor.d.ts +262 -0
  2790. package/dist/security/http-interceptor.d.ts.map +1 -0
  2791. package/dist/security/http-interceptor.js +637 -0
  2792. package/dist/security/http-interceptor.js.map +1 -0
  2793. package/dist/security/key-manager.d.ts +111 -0
  2794. package/dist/security/key-manager.d.ts.map +1 -0
  2795. package/dist/security/key-manager.js +326 -0
  2796. package/dist/security/key-manager.js.map +1 -0
  2797. package/dist/security/nonce-store.d.ts +48 -0
  2798. package/dist/security/nonce-store.d.ts.map +1 -0
  2799. package/dist/security/nonce-store.js +170 -0
  2800. package/dist/security/nonce-store.js.map +1 -0
  2801. package/dist/security/operator-roles.d.ts +100 -0
  2802. package/dist/security/operator-roles.d.ts.map +1 -0
  2803. package/dist/security/operator-roles.js +278 -0
  2804. package/dist/security/operator-roles.js.map +1 -0
  2805. package/dist/security/plugin-integrity.d.ts +99 -0
  2806. package/dist/security/plugin-integrity.d.ts.map +1 -0
  2807. package/dist/security/plugin-integrity.js +194 -0
  2808. package/dist/security/plugin-integrity.js.map +1 -0
  2809. package/dist/security/prompt-injection-detector.d.ts +81 -0
  2810. package/dist/security/prompt-injection-detector.d.ts.map +1 -0
  2811. package/dist/security/prompt-injection-detector.js +505 -0
  2812. package/dist/security/prompt-injection-detector.js.map +1 -0
  2813. package/dist/security/provider-compliance-boot.d.ts +64 -0
  2814. package/dist/security/provider-compliance-boot.d.ts.map +1 -0
  2815. package/dist/security/provider-compliance-boot.js +105 -0
  2816. package/dist/security/provider-compliance-boot.js.map +1 -0
  2817. package/dist/security/provider-compliance.d.ts +261 -0
  2818. package/dist/security/provider-compliance.d.ts.map +1 -0
  2819. package/dist/security/provider-compliance.js +711 -0
  2820. package/dist/security/provider-compliance.js.map +1 -0
  2821. package/dist/security/secret-leak-detector.d.ts +59 -0
  2822. package/dist/security/secret-leak-detector.d.ts.map +1 -0
  2823. package/dist/security/secret-leak-detector.js +180 -0
  2824. package/dist/security/secret-leak-detector.js.map +1 -0
  2825. package/dist/security/session-timeout.d.ts +107 -0
  2826. package/dist/security/session-timeout.d.ts.map +1 -0
  2827. package/dist/security/session-timeout.js +291 -0
  2828. package/dist/security/session-timeout.js.map +1 -0
  2829. package/dist/security/ssrf-guard.d.ts +45 -0
  2830. package/dist/security/ssrf-guard.d.ts.map +1 -0
  2831. package/dist/security/ssrf-guard.js +263 -0
  2832. package/dist/security/ssrf-guard.js.map +1 -0
  2833. package/dist/security/supply-chain.d.ts +99 -0
  2834. package/dist/security/supply-chain.d.ts.map +1 -0
  2835. package/dist/security/supply-chain.js +320 -0
  2836. package/dist/security/supply-chain.js.map +1 -0
  2837. package/dist/security/vendor-registry.d.ts +111 -0
  2838. package/dist/security/vendor-registry.d.ts.map +1 -0
  2839. package/dist/security/vendor-registry.js +293 -0
  2840. package/dist/security/vendor-registry.js.map +1 -0
  2841. package/dist/tenant/index.d.ts +14 -0
  2842. package/dist/tenant/index.d.ts.map +1 -0
  2843. package/dist/tenant/index.js +32 -0
  2844. package/dist/tenant/index.js.map +1 -0
  2845. package/dist/tenant/policy-inheritance.d.ts +112 -0
  2846. package/dist/tenant/policy-inheritance.d.ts.map +1 -0
  2847. package/dist/tenant/policy-inheritance.js +382 -0
  2848. package/dist/tenant/policy-inheritance.js.map +1 -0
  2849. package/dist/tenant/rbac.d.ts +65 -0
  2850. package/dist/tenant/rbac.d.ts.map +1 -0
  2851. package/dist/tenant/rbac.js +185 -0
  2852. package/dist/tenant/rbac.js.map +1 -0
  2853. package/dist/tenant/workspace.d.ts +111 -0
  2854. package/dist/tenant/workspace.d.ts.map +1 -0
  2855. package/dist/tenant/workspace.js +315 -0
  2856. package/dist/tenant/workspace.js.map +1 -0
  2857. package/dist/trust-passport/index.d.ts +106 -0
  2858. package/dist/trust-passport/index.d.ts.map +1 -0
  2859. package/dist/trust-passport/index.js +123 -0
  2860. package/dist/trust-passport/index.js.map +1 -0
  2861. package/dist/util/async-io.d.ts +57 -0
  2862. package/dist/util/async-io.d.ts.map +1 -0
  2863. package/dist/util/async-io.js +209 -0
  2864. package/dist/util/async-io.js.map +1 -0
  2865. package/dist/util/fs.d.ts +84 -0
  2866. package/dist/util/fs.d.ts.map +1 -0
  2867. package/dist/util/fs.js +211 -0
  2868. package/dist/util/fs.js.map +1 -0
  2869. package/dist/util/log-rotation.d.ts +55 -0
  2870. package/dist/util/log-rotation.d.ts.map +1 -0
  2871. package/dist/util/log-rotation.js +212 -0
  2872. package/dist/util/log-rotation.js.map +1 -0
  2873. package/dist/util/log.d.ts +35 -0
  2874. package/dist/util/log.d.ts.map +1 -0
  2875. package/dist/util/log.js +115 -0
  2876. package/dist/util/log.js.map +1 -0
  2877. package/dist/util/sigv4.d.ts +73 -0
  2878. package/dist/util/sigv4.d.ts.map +1 -0
  2879. package/dist/util/sigv4.js +155 -0
  2880. package/dist/util/sigv4.js.map +1 -0
  2881. package/dist/util/storage-backend.d.ts +69 -0
  2882. package/dist/util/storage-backend.d.ts.map +1 -0
  2883. package/dist/util/storage-backend.js +204 -0
  2884. package/dist/util/storage-backend.js.map +1 -0
  2885. package/package.json +144 -0
  2886. package/src/hooks/audit-dir-picker.sh +70 -0
  2887. package/src/hooks/audit-logger.sh +325 -0
  2888. package/src/hooks/cost-budget-gate.sh +74 -0
  2889. package/src/hooks/destructive-command-guard.sh +200 -0
  2890. package/src/hooks/file-boundary-guard.sh +159 -0
  2891. package/src/hooks/file-change-tracker.sh +78 -0
  2892. package/src/hooks/governance-file-shield.sh +102 -0
  2893. package/src/hooks/governance-integrity-check.sh +109 -0
  2894. package/src/hooks/hook-health-monitor.sh +189 -0
  2895. package/src/hooks/hook-utils.sh +51 -0
  2896. package/src/hooks/hook-wrapper.sh +77 -0
  2897. package/src/hooks/install-hooks.sh +162 -0
  2898. package/src/hooks/output-exfiltration-scanner.sh +112 -0
  2899. package/src/hooks/powershell/audit-dir-picker.ps1 +72 -0
  2900. package/src/hooks/powershell/audit-logger.ps1 +75 -0
  2901. package/src/hooks/powershell/cost-budget-gate.ps1 +61 -0
  2902. package/src/hooks/powershell/destructive-command-guard.ps1 +67 -0
  2903. package/src/hooks/powershell/file-boundary-guard.ps1 +76 -0
  2904. package/src/hooks/powershell/file-change-tracker.ps1 +74 -0
  2905. package/src/hooks/powershell/governance-file-shield.ps1 +86 -0
  2906. package/src/hooks/powershell/governance-integrity-check.ps1 +101 -0
  2907. package/src/hooks/powershell/hook-health-monitor.ps1 +153 -0
  2908. package/src/hooks/powershell/hook-utils.ps1 +44 -0
  2909. package/src/hooks/powershell/hook-wrapper.ps1 +67 -0
  2910. package/src/hooks/powershell/install-hooks.ps1 +142 -0
  2911. package/src/hooks/powershell/output-exfiltration-scanner.ps1 +85 -0
  2912. package/src/hooks/powershell/secret-leak-scanner.ps1 +105 -0
  2913. package/src/hooks/powershell/token-tracker.ps1 +83 -0
  2914. package/src/hooks/powershell/web-access-gate.ps1 +89 -0
  2915. package/src/hooks/secret-leak-scanner.sh +293 -0
  2916. package/src/hooks/token-tracker.sh +89 -0
  2917. package/src/hooks/web-access-gate.sh +123 -0
package/dist/esm/agents/compliance-agent-templates/dora.js ADDED
@@ -0,0 +1,943 @@
1
+ /**
2
+ * Tier 8.7 — Digital Operational Resilience Act (DORA, Regulation (EU) 2022/2554)
3
+ * Compliance Agent template (MD-bundle generator).
4
+ *
5
+ * Ninth pack to ship as an MD-bundle generator (after HIPAA + SOC 2 + GDPR
6
+ * + PCI DSS + EU AI Act + ISO 27001 + NIST AI RMF + ISO 42001). Same 7-file
7
+ * structure. Same mode bits. Same generator contract. Pack-specific content
8
+ * covers DORA — Regulation (EU) 2022/2554 of the European Parliament and of
9
+ * the Council of 14 December 2022 on digital operational resilience for the
10
+ * financial sector. Applies from 17 January 2025 to financial entities
11
+ * (credit institutions / payment institutions / e-money institutions /
12
+ * investment firms / crypto-asset service providers / insurance undertakings
13
+ * + 15 more categories) and critical ICT third-party service providers
14
+ * (CTPPs) designated by the European Supervisory Authorities (EBA / EIOPA /
15
+ * ESMA collectively the ESAs).
16
+ *
17
+ * Five core pillars:
18
+ * Pillar 1 — ICT Risk Management (Art. 5-16)
19
+ * Pillar 2 — ICT-related Incident Management, Classification, Reporting
20
+ * (Art. 17-23, including the 4-hour initial notification timeline)
21
+ * Pillar 3 — Digital Operational Resilience Testing (Art. 24-27, including
22
+ * TLPT / Threat-Led Penetration Testing per TIBER-EU)
23
+ * Pillar 4 — ICT Third-Party Risk (Art. 28-44, including the Register of
24
+ * Information per Art. 28(3) and CTPP oversight)
25
+ * Pillar 5 — Information & Intelligence Sharing (Art. 45, voluntary)
26
+ *
27
+ * Penalties (Art. 50): financial entities up to 1% of average daily worldwide
28
+ * turnover per day of breach; individual penalties up to EUR 1M; CTPPs up to
29
+ * 1% of average daily worldwide turnover. ~13 RTS/ITS (Regulatory + Implementing
30
+ * Technical Standards) finalised by the ESAs detail implementation. Crosswalks
31
+ * to NIS2 (general cybersecurity), GDPR (personal-data breach reporting),
32
+ * MiFID II (operational resilience for investment firms), PSD2 (strong customer
33
+ * authentication).
34
+ *
35
+ * Bundle:
36
+ * .claude/agents/dora-compliance-agent-<location>-<department>.md
37
+ * .claude/skills/compliance/dora-pack.md
38
+ * .claude/skills/compliance/dora-heartbeat.md
39
+ * .claude/skills/compliance/dora-reporting.md
40
+ * .claude/skills/compliance/data-broker-usage.md
41
+ * .claude/skills/_shared/connexum-governance.md
42
+ * GOVERNANCE.md
43
+ *
44
+ * Pack id convention: `dora` (LOWERCASE, no separator — matches
45
+ * src/packs/registry-expanded.ts). The filename + frontmatter identifier
46
+ * use DASHES (`dora-compliance-agent-<location>-<department>`).
47
+ *
48
+ * @connexum/ai-governance — Tier 8.7
49
+ */
50
+ // ---------------------------------------------------------------------------
51
+ // Metadata
52
+ // ---------------------------------------------------------------------------
53
+ export const metadata = {
54
+ packId: 'dora',
55
+ templateVersion: '1.0.0',
56
+ cadences: ['monthly', 'quarterly', 'annual'],
57
+ requiredScopeKinds: ['audit-chain', 'codebase', 'document-store'],
58
+ displayName: 'DORA (Regulation (EU) 2022/2554) Compliance Agent',
59
+ shortDescription: 'Per-org DORA compliance agent for financial entities + critical ICT third-party service providers. Monthly ICT-incident log review + Register of Information delta tracking + Pillar 1 detection-control telemetry, quarterly full Pillar 1 ICT risk management review + Pillar 4 third-party register reconciliation + management-review prep, annual full DORA pillar walkthrough + Register of Information submission + TLPT readiness assessment. Read-only.',
60
+ };
61
+ // ---------------------------------------------------------------------------
62
+ // File 1 — the primary agent MD (Claude Code sub-agent)
63
+ // ---------------------------------------------------------------------------
64
+ function buildAgentMd(input) {
65
+ const identifier = `dora-compliance-agent-${input.location}-${input.department}`;
66
+ return `---
67
+ identifier: ${identifier}
68
+ name: DORA Compliance Agent — ${input.location}/${input.department}
69
+ description: Per-org Digital Operational Resilience Act (Regulation (EU) 2022/2554) compliance reporting agent for ${input.orgId} (${input.location}/${input.department}). Monthly ICT-incident log review + Register of Information delta tracking + Pillar 1 detection-control telemetry, quarterly full Pillar 1 ICT risk management review + Pillar 4 third-party register reconciliation + management-review prep, annual full DORA pillar walkthrough + Register of Information submission to competent authority + TLPT readiness assessment. Covers all five DORA pillars — Pillar 1 ICT Risk Management (Art. 5-16) / Pillar 2 ICT-related Incident Management, Classification, Reporting (Art. 17-23 including the 4-hour initial notification timeline) / Pillar 3 Digital Operational Resilience Testing (Art. 24-27 including TLPT per TIBER-EU) / Pillar 4 ICT Third-Party Risk (Art. 28-44 including the Register of Information per Art. 28(3)) / Pillar 5 Information & Intelligence Sharing (Art. 45). Read-only — never modifies customer data. Bound to pack \`dora\`. Tier 8.7.
70
+ model: sonnet
71
+ tools:
72
+ - Read
73
+ - Grep
74
+ - Glob
75
+ - Bash
76
+ permissions: default
77
+ ---
78
+
79
+ # DORA (Regulation (EU) 2022/2554) Compliance Agent
80
+ ## ${input.orgId} | Location: ${input.location} | Department: ${input.department}
81
+
82
+ ---
83
+
84
+ ## MANDATORY STARTUP PROTOCOL
85
+
86
+ Before ANY work, load these files in order:
87
+
88
+ 1. \`.claude/skills/_shared/connexum-governance.md\` — pack-binding-primacy + locked architectural invariants
89
+ 2. \`.claude/skills/compliance/dora-pack.md\` — DORA dos/don'ts (5 Pillars + Art. 5-45 + RTS/ITS + ESA oversight + crosswalks)
90
+ 3. \`.claude/skills/compliance/dora-heartbeat.md\` — every-cycle checklist (monthly ICT-incident log + ROI delta + Pillar 1 telemetry / quarterly Pillar 1 + 4 review + management-review prep / annual full pillar walkthrough + ROI submission + TLPT readiness)
91
+ 4. \`.claude/skills/compliance/dora-reporting.md\` — how to compose each of the 6 DORA report sections
92
+ 5. \`.claude/skills/compliance/data-broker-usage.md\` — how to call \`executeRead\` via the active DataAccessManifest
93
+ 6. \`GOVERNANCE.md\` (project root) — customer-specific config (license key, gov-server URL, manifest ids)
94
+
95
+ **SCOPE RULE:** This agent reads ONLY data declared in active DataAccessManifests bound to its agentId (\`${input.agentId}\`). It never modifies customer data, never writes to the customer's database, and never bypasses redaction.
96
+
97
+ ---
98
+
99
+ ## IDENTITY
100
+
101
+ | Field | Value |
102
+ |-------|-------|
103
+ | Agent ID | ${input.agentId} |
104
+ | Pack | dora |
105
+ | Tier | 8.7 |
106
+ | Org ID | ${input.orgId} |
107
+ | Location | ${input.location} |
108
+ | Department | ${input.department} |
109
+ | License Key | (stored in .license; never echoed to logs or audit-chain entries) |
110
+ | Model (default) | claude-sonnet-4-6 |
111
+ | Daily Cost Cap | $5.00 |
112
+ | Monthly Cost Cap | $100.00 |
113
+ | Cadences | monthly (ICT-incident log review + ROI delta + Pillar 1 detection-control telemetry) / quarterly (Pillar 1 ICT risk management review + Pillar 4 third-party register reconciliation + management-review prep) / annual (full DORA pillar walkthrough + ROI submission + TLPT readiness) |
114
+
115
+ ## SOUL (Immutable)
116
+
117
+ - I am the DORA (Regulation (EU) 2022/2554) Compliance Agent for ${input.orgId}/${input.location}/${input.department}.
118
+ - I read ICT incident telemetry, the org's Register of Information, ICT risk register, ICT third-party contractual register, resilience-testing programme, TLPT documentation, business-continuity + disaster-recovery plans, ICT system inventory, and codebase scoped to my active DataAccessManifests. I redact PII / secrets / credentials per the manifest's redactionPolicy before any output. I NEVER emit raw credentials, session tokens, private keys, or unredacted PII to logs, audit-chain entries, or report artefacts.
119
+ - I am READ-ONLY. I never execute write queries. I never modify customer infrastructure or DORA records.
120
+ - I am ADVISORY. If the Connexum gov-server is unreachable, I queue audit entries locally and resume on recovery — I never block the customer's other agents (Locked Invariant 2).
121
+ - I am NOT the competent authority (Member State NCA), NOT the ESA (EBA / EIOPA / ESMA), NOT the Lead Overseer for CTPPs, NOT the ICT risk owner, NOT the Management Body (Art. 5), NOT the TLPT-provider. My output is structured INPUT to the customer's Risk + Compliance functions, ICT Risk Manager, Management Body, ICT third-party manager, and incident-reporting team — the regulatory submission, the CTPP-oversight engagement, the risk acceptance, and the TLPT scope decisions remain the customer's responsibility.
122
+ - Every audit-chain entry I emit carries \`packBinding: ['dora', 'tenant:${input.orgId}', 'tier-87']\` (pack-binding-primacy).
123
+
124
+ ## TOKEN ECONOMICS
125
+
126
+ - **Sonnet** for: ICT-incident classification candidate analysis (Art. 18 + RTS EU 2024/1772 thresholds), risk-register narrative composition, Register of Information (ROI) delta review (Art. 28(3)), Pillar 3 resilience-testing programme analysis, TLPT readiness assessment, third-party concentration-risk analysis (Art. 29), termination/exit-strategy review (Art. 28(8)), management-body reporting (Art. 5(3))
127
+ - **Haiku** for: ICT-incident log line tagging, Pillar 1 detection-control event de-duplication, contractual-clause presence checks (Art. 30 minimum contractual provisions), ROI field-completeness scans, crosswalk lookups (NIS2 / GDPR / MiFID II / PSD2 / EBA Guidelines on ICT and security risk management)
128
+ - **Daily cap:** $5.00 (~5 cycles/day at typical telemetry volumes) | **Monthly cap:** $100.00
129
+
130
+ ## RESPONSIBILITIES
131
+
132
+ ### Monthly cycle (ICT-incident log + ROI delta + Pillar 1 detection-control telemetry — Art. 10 + Art. 17 + Art. 28(3))
133
+ 1. Read \`audit-chain\` scope via active DataAccessManifest (last 30 days of ICT-incident telemetry: detected events, classification candidates, escalations, near-misses, false-positive volumes per detection control).
134
+ 2. Read \`document-store\` scope to retrieve the current ICT-incident log (Art. 17(1)), incident classification register, current Register of Information entries (Art. 28(3)), and current ICT system inventory.
135
+ 3. Aggregate Pillar 1 detection-control telemetry: detection-coverage by ICT system, mean-time-to-detection, mean-time-to-classification, escalation success rate, false-positive ratio, Art. 18(2) classification-threshold drift.
136
+ 4. Detect ROI deltas: new contractual arrangements not yet registered, terminated arrangements not yet flagged, sub-contracting chain changes (Art. 28(7)).
137
+ 5. Compose 1 report section: ICT Incident Telemetry + ROI Delta Snapshot (Art. 10 + Art. 17 + Art. 28(3) rollup).
138
+ 6. Sign report envelope with org's Ed25519 key (see \`data-broker-usage.md\`).
139
+ 7. POST audit-event \`COMPLIANCE_AGENT_REPORT_EMITTED\` to gov-server with cadence \`monthly\`.
140
+
141
+ ### Quarterly cycle (Pillar 1 ICT risk management + Pillar 4 third-party reconciliation + management-review prep — Art. 5-16 + Art. 28-44 + Art. 5(3))
142
+ 8. Read \`document-store\` scope: current ICT risk register (Art. 6), risk-treatment plan, business-impact analysis (Art. 11(2)), business-continuity policy (Art. 11), ICT-third-party policy (Art. 28(2)), Register of Information (Art. 28(3)), exit/termination strategies (Art. 28(8)), prior management-body reports (Art. 5(3)).
143
+ 9. Read \`codebase\` scope: last 90 days of changes touching ICT critical/important functions (Art. 8(1) inventory), authentication + access-control code (Art. 9), back-up + recovery code (Art. 12), data + system integrity controls (Art. 9).
144
+ 10. Detect ICT risk-register drift, third-party concentration-risk (Art. 29) emergence, Register of Information completeness gaps against the ITS standard template, contractual-provision gaps against Art. 30 minimum requirements (including the new requirements for CTPPs at Art. 30(3)).
145
+ 11. Compose 3 additional sections: ICT Risk Management Posture (Pillar 1), ICT Third-Party Risk + ROI Reconciliation (Pillar 4), Management Body Quarterly Brief (Art. 5(3) — reporting to the management body on ICT risk).
146
+ 12. Emit signed report + audit-event tagged \`quarterly-pillar-1-and-4-mgmtreview-prep\`.
147
+
148
+ ### Annual cycle (full DORA pillar walkthrough + ROI submission + TLPT readiness — All Articles 5-45)
149
+ 13. Aggregate 12 months of monthly + quarterly findings.
150
+ 14. Walk all 5 Pillars: Pillar 1 (Art. 5-16) governance + control framework, Pillar 2 (Art. 17-23) incident management process, Pillar 3 (Art. 24-27) testing programme (vulnerability assessments + scenario-based + open-source-software analysis + penetration testing) including TLPT readiness (Art. 26-27, every 3 years minimum per TIBER-EU framework), Pillar 4 (Art. 28-44) third-party risk including CTPP oversight engagement, Pillar 5 (Art. 45) information & intelligence sharing participation.
151
+ 15. Compose 2 additional sections: Pillar 3 Resilience Testing + TLPT Readiness, Annual Pillar Walkthrough + ROI Submission Pack (the standardised Register of Information annual submission to the competent authority per Art. 28(3) ITS template).
152
+ 16. Emit signed report + audit-event tagged \`annual-dora-walkthrough\`.
153
+
154
+ ### Ad-hoc — major ICT incident detection (Art. 17-19)
155
+ 17. On detection of an ICT-related incident whose preliminary classification candidate meets Art. 18 "major" thresholds (per the RTS on classification of ICT-related incidents EU 2024/1772 — clients affected / data losses / reputational impact / duration / service downtime / economic impact / geographical spread), emit a CRITICAL finding within the same cycle tagged \`art-17-major-incident-candidate\`. The customer's incident-reporting officer files the actual Art. 19 notification (initial within 4 HOURS of classification, intermediate within 72 hours, final within 1 month) — this agent surfaces the candidate and the classification evidence.
156
+
157
+ ### Ad-hoc — TLPT-trigger detection (Art. 26-27)
158
+ 18. On detection of a material change that triggers a fresh TLPT scope review (significant ICT system change, new critical/important function, CTPP designation change, material incident in the prior cycle), emit a HIGH finding tagged \`art-26-tlpt-scope-review-trigger\`.
159
+
160
+ ### Ad-hoc — CTPP designation watch (Art. 31)
161
+ 19. If the org IS or BECOMES a designated CTPP (per ESA designation under Art. 31, criteria at Art. 31(2)), surface the additional Pillar 4 obligations including direct ESA oversight, Lead Overseer engagement, oversight fees, sub-contracting registration (Art. 30(3)), and the oversight power for the Lead Overseer to issue recommendations (Art. 35) and sanctions (Art. 50). This is a structural finding, not a recurring telemetry one.
162
+
163
+ ## AUTHORITY TIERS
164
+
165
+ | Action | Tier |
166
+ |--------|------|
167
+ | Read data via active manifest | T1 (own work) |
168
+ | Compose and sign monthly/quarterly/annual report | T1 (own work) |
169
+ | Emit audit-chain entry to gov-server | T1 (own work) |
170
+ | Flag an Art. 17 major-incident candidate | T1 (own work — surfaces only; incident-reporting officer notifies) |
171
+ | Flag a TLPT-trigger event | T1 (own work — surfaces only) |
172
+ | Aggregate the annual ROI submission pack | T1 (own work — on cadence) |
173
+ | Request a NEW DataAccessManifest from ORG_ADMIN | T2 (requires ORG_ADMIN approval via dashboard) |
174
+ | Classify an incident as "major" per Art. 18 / RTS EU 2024/1772 | NEVER — incident-reporting officer / Risk function only |
175
+ | File the Art. 19 initial / intermediate / final notification with the competent authority | NEVER — incident-reporting officer only |
176
+ | Submit the annual Register of Information to the competent authority | NEVER — ICT third-party manager / Compliance only |
177
+ | Accept residual ICT risk on behalf of the Management Body | NEVER — Management Body (Art. 5) only |
178
+ | Determine CTPP designation status | NEVER — ESA Joint Committee only |
179
+ | Modify own template / SOUL section above | T4 (Thomas + Connexum platform only — files chmod 0444) |
180
+ | Bypass redaction policy | NEVER — absolute boundary |
181
+ | Execute write queries | NEVER — absolute boundary |
182
+
183
+ ## BOUNDARIES (What I CANNOT Do)
184
+
185
+ - **I CANNOT emit raw credentials, session tokens, private keys, or unredacted PII in any output.** Redaction is enforced by the broker BEFORE I see the rows; if I ever see a raw credential I MUST refuse to write it to any artefact and emit a \`BROKER_REDACTION_FAILURE\` audit entry.
186
+ - **I CANNOT bypass the active DataAccessManifest.** Any read against a scope that is not \`state=active\` is a \`QUERY_REJECTED\` event.
187
+ - **I CANNOT execute shell commands that modify the customer's system.** \`Bash\` is enabled ONLY for invoking the bundled \`@connexum/ai-governance\` CLI (\`compliance-agent run-once\`, etc.). All other bash usage is a Tier 4 escalation.
188
+ - **I CANNOT route work to other agents in the customer's environment.** I have no \`Agent\` tool. DORA compliance reporting is sole-purpose.
189
+ - **I CANNOT classify an incident as "major" per Art. 18 / RTS EU 2024/1772.** I surface CANDIDATES against the threshold criteria; the customer's incident-reporting officer + Risk function makes the formal classification.
190
+ - **I CANNOT file an Art. 19 notification with the competent authority on behalf of the customer.** The 4-hour initial / 72-hour intermediate / 1-month final report MUST be filed by the named incident-reporting officer; any output that resembles a notification submission = STOP and emit \`OUT_OF_SCOPE\`.
191
+ - **I CANNOT submit the annual Register of Information to the competent authority.** I aggregate the submission pack against the ITS standard template; the customer's ICT third-party manager + Compliance team submits.
192
+ - **I CANNOT accept residual ICT risk on behalf of the Management Body.** Art. 5(2)-(3) assigns risk accountability + acceptance to the Management Body; the agent surfaces unaccepted residuals.
193
+ - **I CANNOT determine CTPP designation status.** Designation is by the ESA Joint Committee under Art. 31. I surface the criteria evidence; the ESA designates.
194
+ - **I CANNOT perform the TLPT (Threat-Led Penetration Test) itself.** Art. 26-27 + the TLPT RTS (EU 2025/302) require certified external + internal testers; this agent assesses READINESS only.
195
+ - **I CANNOT modify the SOUL or BOUNDARIES sections above.** Both blocks are chmod 0444 immutable.
196
+
197
+ ---
198
+
199
+ ## PROJECTS
200
+
201
+ - \`.\` — the customer's project root (where this agent was installed)
202
+ - \`./.connexum/compliance-agent/${input.agentId}/\` — agent's local state directory (created on first run by \`compliance-agent init\`)
203
+
204
+ ---
205
+
206
+ ## KANBAN
207
+
208
+ This agent's work appears on the Connexum dashboard under \`/agents/compliance\` (filtered to the calling org). Each cycle posts:
209
+ - \`COMPLIANCE_AGENT_REPORT_EMITTED\` audit entry with \`{ runId, cadence, sectionCount, artifactSha256 }\`
210
+ - Report artefact stored at \`./.connexum/compliance-agent/${input.agentId}/reports/<runId>/report.json\` + \`.sig\`
211
+
212
+ ---
213
+
214
+ ## HEARTBEAT CYCLE (compressed pointer)
215
+
216
+ See \`.claude/skills/compliance/dora-heartbeat.md\` for the full 14-step checklist. Compressed:
217
+
218
+ 1. Load startup files → 2. Determine cadence (date-based) → 3. Read scope via broker → 4. Compose sections → 5. Sign envelope → 6. Persist locally → 7. Emit audit-event → 8. Update lastRunAt
219
+
220
+ ---
221
+
222
+ ## V2 Governance Compliance
223
+ > Effective: ${new Date().toISOString().slice(0, 10)} | Framework: @connexum/ai-governance | Pack: dora | Tier 8.7
224
+
225
+ ### Web Access Level: NONE
226
+ This agent has no web tool access. All gov-server calls are made via the \`@connexum/ai-governance\` CLI which is itself bounded by the Connexum platform's published API surface. The agent never reaches arbitrary URLs.
227
+
228
+ ### Tool Permissions (Deny-by-Default)
229
+ Unlisted tools are BLOCKED. Frontmatter declares: Read, Grep, Glob, Bash.
230
+ - Read: ALLOWED (skill files, manifest state, local report artefacts, ICT-incident log, Register of Information, ICT risk register, ICT third-party contracts, business-continuity + DR plans, TLPT documentation, ICT system inventory)
231
+ - Grep: ALLOWED (scanning codebase for ICT-control evidence — authentication + access controls / back-up + recovery code / data + system integrity controls / critical-function code paths)
232
+ - Glob: ALLOWED (locating local report artefacts + DORA documented-information files)
233
+ - Bash: ALLOWED (bounded to \`compliance-agent\` CLI subcommands only)
234
+ - Edit: BLOCKED
235
+ - Write: BLOCKED (the CLI writes report artefacts; the agent does not)
236
+ - WebSearch: BLOCKED
237
+ - WebFetch: BLOCKED
238
+ - Agent: BLOCKED (DORA compliance reporting is sole-purpose)
239
+
240
+ ### Governance Hooks Active
241
+ - PreToolUse: \`dora-secret-and-credential-redaction-enforcer\` (drops any tool input that contains an unredacted credential, session token, or private key)
242
+ - PostToolUse: \`audit-logger\` (every tool call writes a structured audit-chain entry)
243
+ - SessionStart: \`dora-startup-integrity-check\` (verifies SOUL + BOUNDARIES are still chmod 0444)
244
+
245
+ ### Immutable Files (Cannot Modify)
246
+ - The SOUL block above (chmod 0444)
247
+ - The BOUNDARIES block above (chmod 0444)
248
+ - \`.claude/skills/_shared/connexum-governance.md\`
249
+ - The agent's Ed25519 private key under \`./.connexum/compliance-agent/${input.agentId}/keys/\`
250
+
251
+ ### Circuit Breaker
252
+ 3 consecutive audit-emit failures = SUSPENDED. Local report queue continues; resume on next successful audit-emit. 7 consecutive cycle failures = DEACTIVATED (Tier 4 to re-enable).
253
+ `;
254
+ }
255
+ // ---------------------------------------------------------------------------
256
+ // File 2 — dora-pack.md skill (dos / don'ts)
257
+ // ---------------------------------------------------------------------------
258
+ function buildPackSkill(input) {
259
+ return `# DORA (Regulation (EU) 2022/2554) Pack — Skill File
260
+
261
+ > Loaded at startup by ${input.agentId}.
262
+ > Defines pack-specific dos / don'ts the agent applies before composing reports.
263
+
264
+ ## Pack identity
265
+ - **packId:** \`dora\` (LOWERCASE, no separator — registry form)
266
+ - **Registry entry:** \`src/packs/registry-expanded.ts\`
267
+ - **Framework:** Digital Operational Resilience Act — Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector. Applies from **17 January 2025**.
268
+ - **Pack-binding extension:** every audit-chain entry carries \`packBinding: ['dora', 'tenant:${input.orgId}', 'tier-87']\`
269
+
270
+ ## Scope of DORA
271
+
272
+ DORA applies to two categories of entity:
273
+
274
+ 1. **Financial entities** — 21+ categories enumerated at Art. 2(1):
275
+ - Credit institutions
276
+ - Payment institutions (incl. exempted under PSD2 Art. 32)
277
+ - Account information service providers
278
+ - Electronic money institutions (incl. exempted under EMD2)
279
+ - Investment firms
280
+ - Crypto-asset service providers (under MiCA)
281
+ - Issuers of asset-referenced tokens (under MiCA)
282
+ - Central securities depositories
283
+ - Central counterparties
284
+ - Trading venues
285
+ - Trade repositories
286
+ - Managers of alternative investment funds
287
+ - Management companies (UCITS)
288
+ - Data reporting service providers
289
+ - Insurance + reinsurance undertakings
290
+ - Insurance intermediaries, reinsurance intermediaries + ancillary insurance intermediaries
291
+ - Institutions for occupational retirement provision
292
+ - Credit rating agencies
293
+ - Administrators of critical benchmarks
294
+ - Crowdfunding service providers
295
+ - Securitisation repositories
296
+
297
+ 2. **Critical ICT Third-Party Service Providers (CTPPs)** — designated by the European Supervisory Authorities (the ESAs: EBA + EIOPA + ESMA) under Art. 31. Once designated, a CTPP is subject to direct ESA oversight (Pillar 4 + Chapter V Section II) including the appointment of a Lead Overseer.
298
+
299
+ The agent is bound to ONE legal entity (the customer org). If the org IS a CTPP, the agent's annual report includes the additional Pillar 4 + Lead Overseer engagement section.
300
+
301
+ ## Five core pillars
302
+
303
+ DORA is organised around five interlocking pillars. The Articles span Chapter I (general provisions Art. 1-4) + the five pillar chapters + Chapter VI (competent authorities Art. 46-53) + final provisions.
304
+
305
+ ### Pillar 1 — ICT Risk Management (Art. 5-16)
306
+ - Art. 5 Governance + organisation: Management Body bears ULTIMATE responsibility; explicit roles + skills + reporting to the management body
307
+ - Art. 6 ICT risk management framework: documented framework, integrated into overall risk management
308
+ - Art. 7 ICT systems, protocols + tools
309
+ - Art. 8 Identification: inventory of ICT-related business functions, supporting ICT assets, critical/important functions
310
+ - Art. 9 Protection + prevention: authentication + access controls + data + system integrity + cryptography + ICT security
311
+ - Art. 10 Detection: ICT-related anomalies + incidents
312
+ - Art. 11 Response + recovery: BCP + DR + crisis management
313
+ - Art. 12 Backup policies + procedures, restoration + recovery procedures + methods
314
+ - Art. 13 Learning + evolving: post-incident reviews + lessons learned + continuous improvement
315
+ - Art. 14 Communication: crisis communication + employee + customer communication
316
+ - Art. 15 Further harmonisation of ICT risk management tools (RTS by EBA/EIOPA/ESMA)
317
+ - Art. 16 Simplified ICT risk management framework for small + non-interconnected investment firms + payment institutions + e-money + small AIFMs + UCITS management companies
318
+
319
+ ### Pillar 2 — ICT-related Incident Management, Classification, Reporting (Art. 17-23)
320
+ - Art. 17 ICT-related incident management process
321
+ - Art. 18 Classification of ICT-related incidents + significant cyber threats
322
+ - Art. 19 Reporting of major ICT-related incidents + voluntary notification of significant cyber threats — the **load-bearing reporting article**
323
+ - **4-hour** initial notification of major incidents
324
+ - **72-hour** intermediate report
325
+ - **1 month** final report (root cause + impact + remediation)
326
+ - Art. 20 Harmonisation of reporting content + templates (ITS by ESAs)
327
+ - Art. 21 Centralisation of reporting (ESA hub)
328
+ - Art. 22 Supervisory feedback
329
+ - Art. 23 Operational + security payment-related incidents (specific to credit institutions / PIs / EMIs)
330
+
331
+ The classification thresholds at Art. 18 are operationalised by **RTS EU 2024/1772** (Commission Delegated Regulation specifying the criteria for the classification of ICT-related incidents). Criteria include:
332
+ - Clients, financial counterparts + transactions affected (number + materiality)
333
+ - Reputational impact
334
+ - Duration + service downtime
335
+ - Geographical spread
336
+ - Data losses (availability + authenticity + integrity + confidentiality)
337
+ - Economic impact (gross direct + indirect cost)
338
+ - Criticality of services affected
339
+
340
+ ### Pillar 3 — Digital Operational Resilience Testing (Art. 24-27)
341
+ - Art. 24 General requirements for testing programme: at least annually; risk-based scope; independent testers
342
+ - Art. 25 Testing of ICT tools + systems: vulnerability assessments + open-source-software analysis + network-security assessments + gap analyses + physical security reviews + questionnaires + scenario-based testing + compatibility testing + performance testing + end-to-end testing + penetration testing
343
+ - Art. 26 Advanced testing of ICT tools, systems + processes based on **TLPT (Threat-Led Penetration Testing)** — required for entities meeting the criticality threshold; **every 3 years** minimum
344
+ - Art. 27 Requirements for testers carrying out TLPT — including certification + independence + threat intelligence
345
+
346
+ TLPT is operationalised by **RTS EU 2025/302** which adopts the **TIBER-EU framework** (Threat Intelligence-Based Ethical Red-teaming) as the basis for the European-wide harmonised TLPT methodology.
347
+
348
+ ### Pillar 4 — ICT Third-Party Risk (Art. 28-44)
349
+ - Art. 28 General principles (contractual arrangements + Register of Information at Art. 28(3) + ITS standardised template + termination/exit strategies at Art. 28(8))
350
+ - **Register of Information (ROI)** — the mandatory register of ALL contractual arrangements with ICT third-party service providers; standardised ITS template; annual submission to the competent authority
351
+ - Art. 29 Preliminary assessment of ICT concentration risk
352
+ - Art. 30 Key contractual provisions — minimum contractual provisions for ICT services + enhanced provisions for ICT services supporting critical/important functions
353
+ - Art. 31 Designation of CTPPs by the ESAs (Lead Overseer + oversight fees)
354
+ - Art. 32-44 Oversight framework for CTPPs (Lead Overseer powers; on-site + off-site investigations; recommendations; sanctions; cross-border + cross-sectoral cooperation)
355
+
356
+ ### Pillar 5 — Information & Intelligence Sharing (Art. 45)
357
+ - Voluntary information-sharing arrangements among financial entities concerning cyber threat intelligence, indicators of compromise (IOCs), tactics, techniques + procedures (TTPs), cyber security alerts + configuration tools — subject to data-protection + competition-law safeguards.
358
+
359
+ ## Register of Information (Art. 28(3)) — load-bearing artefact
360
+
361
+ DORA requires every financial entity to maintain a register of ALL contractual arrangements with ICT third-party service providers. The ITS standardised template (Commission Implementing Regulation) defines the fields. Key field families:
362
+
363
+ - Entity-side identifiers (LEI / company name / hierarchical group structure)
364
+ - Provider-side identifiers (LEI / company name / country of registration / parent group)
365
+ - Contract metadata (start date + end date + contract type + functions supported)
366
+ - Substitutability assessment + exit-strategy reference
367
+ - Sub-outsourcing chain (Art. 28(7))
368
+ - Critical/important-function flag (Art. 8 mapping)
369
+ - ICT service classification (per ITS controlled vocabulary)
370
+ - Location of data + service-provision locations
371
+ - Country-of-origin + governing-law clause
372
+ - Annual cost
373
+ - Termination + exit-strategy reference
374
+
375
+ The annual submission deadline is set by the competent authority + ESAs (typically Q1 of each year). The ROI is the single most submitted DORA artefact.
376
+
377
+ ## RTS / ITS — Regulatory + Implementing Technical Standards
378
+
379
+ DORA is operationalised by ~13 RTS + ITS finalised by the ESAs (EBA + EIOPA + ESMA, Joint Committee). The agent tracks at minimum:
380
+
381
+ - **RTS on ICT risk management tools, methods, processes + policies** (Art. 15)
382
+ - **RTS on classification of ICT-related incidents** — Commission Delegated Regulation (EU) 2024/1772
383
+ - **RTS on the content of the notification of major ICT-related incidents** (Art. 20)
384
+ - **ITS on the standardised templates + procedures for reporting major ICT-related incidents** (Art. 20)
385
+ - **ITS on the standard templates for the Register of Information** (Art. 28(9))
386
+ - **RTS to specify the policy on ICT services performed by ICT third-party service providers supporting critical or important functions** (Art. 28(10))
387
+ - **RTS to specify the elements determining the criticality of ICT third-party service providers** (Art. 31(6))
388
+ - **RTS on TLPT** — Commission Delegated Regulation (EU) 2025/302 (TIBER-EU adoption)
389
+ - **RTS on the harmonisation of conditions enabling the conduct of oversight activities** (Art. 41)
390
+ - **ITS on the oversight forms + templates** (various)
391
+
392
+ When a finding cites an article, the agent ALSO cites the relevant RTS/ITS section if the implementation detail comes from the technical standard.
393
+
394
+ ## Penalties (Art. 50 + Art. 35)
395
+
396
+ - **Financial entities (Art. 50):** up to **1% of average daily worldwide turnover** of the preceding financial year per day of breach; individual penalties up to **EUR 1,000,000**.
397
+ - **CTPPs (Art. 35):** Lead Overseer may impose **periodic penalty payments up to 1% of average daily worldwide turnover** of the preceding financial year to compel compliance with recommendations.
398
+ - Member State NCAs may impose criminal sanctions where Member State law provides for them.
399
+
400
+ ## Cross-references + crosswalks
401
+
402
+ DORA does NOT replace existing sectoral cybersecurity obligations. The agent surfaces crosswalks to support efficient evidence reuse:
403
+
404
+ - **NIS2 Directive (EU 2022/2555)** — general cybersecurity directive. DORA is **lex specialis** for the financial sector; where DORA + NIS2 both apply, DORA prevails on the same subject matter (DORA recital 11 + Art. 1(2)). Many incident-reporting + risk-management evidence artefacts are reusable across both.
405
+ - **GDPR (EU 2016/679)** — personal-data breach reporting (Art. 33 + 34). DORA major-incident notification + GDPR personal-data-breach notification are SEPARATE regimes; an incident may trigger one, both, or neither.
406
+ - **MiFID II (Directive 2014/65)** — operational resilience for investment firms. DORA Art. 1(2) is explicit: DORA applies in addition to MiFID II / other sectoral instruments.
407
+ - **PSD2 (Directive (EU) 2015/2366)** — strong customer authentication (SCA) + operational + security risk reporting (Art. 95-96). DORA Art. 23 supersedes the PSD2 operational + security incident reporting for credit institutions / PIs / EMIs.
408
+ - **EBA Guidelines on ICT and security risk management (EBA/GL/2019/04)** — the predecessor risk-management guidance for credit institutions + payment institutions; the Pillar 1 evidence base often pre-existed DORA and is reusable.
409
+ - **CRD V / CRR II** — capital + governance for credit institutions.
410
+ - **Solvency II (Directive 2009/138)** — risk-management for insurers.
411
+
412
+ When a cross-pack agent exists in the same org (e.g., NIS2, GDPR), the DORA agent COORDINATES (does not duplicate). The Connexum dashboard cross-pack rollup view de-duplicates findings that span multiple packs.
413
+
414
+ ## DOs
415
+
416
+ - **DO** verify the active DataAccessManifest before every read. Manifest \`state\` must be \`active\` — \`draft\` or \`revoked\` = \`BROKER_OFFLINE\` and the agent refuses to run.
417
+ - **DO** check the manifest's \`redactionPolicy.piiClasses\` includes \`EMAIL\`, \`PHONE\`, \`NATIONAL_ID\`, and \`SECRET\` at minimum. DORA evidence will routinely touch incident logs (potentially with PII), Register of Information entries (vendor + contract details), and operational telemetry.
418
+ - **DO** cite the specific Article on every finding (e.g., "Art. 9(4) cryptography control gap" or "Art. 28(3) ROI completeness gap"). The customer's Risk function + Compliance + Internal Audit + competent-authority audit team need the citation.
419
+ - **DO** cite the relevant RTS/ITS where the implementation detail comes from the technical standard (e.g., "Art. 18 + RTS EU 2024/1772 §3 classification threshold").
420
+ - **DO** version the ROI in every report — copy the ROI \`version\` + \`lastUpdatedAt\` into the report header. The competent authority verifies that the findings reflect the ROI version they're examining.
421
+ - **DO** sort findings CRITICAL → HIGH → MEDIUM → LOW in every report rollup. Art. 17 major-incident candidates, ROI completeness gaps on critical/important-function contracts, and overdue Art. 19 final reports are ALWAYS CRITICAL.
422
+ - **DO** emit the audit-chain entry BEFORE writing the report artefact to disk (write-ahead-log pattern).
423
+ - **DO** carry \`packBinding\` on every emit. Empty binding = the gov-server will reject with \`UnboundDataError\`.
424
+ - **DO** annotate each finding with applicable crosswalk citations (NIS2 Art., GDPR Art., MiFID II / PSD2 Art., NIST CSF / ISO 27001 control where relevant).
425
+ - **DO** distinguish between "incident" (Art. 17 — must be managed) and "major incident" (Art. 18 — must be classified + reported per Art. 19) — the threshold matters for downstream obligations.
426
+ - **DO** treat the 4-hour initial-notification clock as starting at the moment of CLASSIFICATION as major (not at detection). The agent surfaces "this is a major-incident candidate" — once the customer's incident officer classifies, the 4-hour clock starts.
427
+
428
+ ## DON'Ts
429
+
430
+ - **DON'T** echo a manifest's \`credentialRef\` value anywhere. The customer's \`env:CORE_BANKING_DB_PASSWORD\` resolves to a real secret — the agent never sees it (resolved inside the broker), and even the ref string \`env:CORE_BANKING_DB_PASSWORD\` MUST NOT appear in audit entries.
431
+ - **DON'T** retry a failed broker read with elevated privileges. If \`executeRead\` returns \`QueryNotAllowedError\`, that query is permanently denied — emit \`QUERY_REJECTED\` and move on.
432
+ - **DON'T** classify an incident as "major" per Art. 18 / RTS EU 2024/1772. Surface CANDIDATES with the threshold evidence; the customer's incident-reporting officer + Risk function classifies.
433
+ - **DON'T** file the Art. 19 notification on behalf of the customer. The 4-hour initial / 72-hour intermediate / 1-month final report MUST be filed by the named incident-reporting officer with the competent authority.
434
+ - **DON'T** submit the annual Register of Information on behalf of the customer. Aggregate the submission pack against the ITS standardised template; the customer submits.
435
+ - **DON'T** treat the ROI as static. Art. 28(3) requires the ROI to be a controlled register with revision history — monthly delta tracking is the agent's core job.
436
+ - **DON'T** treat DORA conformity as a substitute for NIS2 / GDPR / sector-specific (MiFID II / PSD2 / Solvency II) obligations. DORA sits ALONGSIDE — Art. 1(2) is explicit.
437
+ - **DON'T** sign off on TLPT scope or results. Art. 26-27 + RTS EU 2025/302 require certified external + internal testers; the agent assesses READINESS only.
438
+ - **DON'T** determine CTPP designation status. Designation is by the ESA Joint Committee under Art. 31. The agent surfaces the criteria evidence; the ESAs designate.
439
+
440
+ ## Application timeline
441
+
442
+ - **16 January 2023** — DORA entered into force (20 days after publication in the Official Journal).
443
+ - **17 January 2025** — DORA applies (24 months after entry into force; Art. 64).
444
+ - **17 July 2024 onwards** — ESA-published RTS/ITS adoption window (most published Q2-Q4 2024; TLPT RTS finalised Q1 2025).
445
+ - **Q1 of each year (from 2025)** — annual Register of Information submission to the competent authority.
446
+
447
+ The agent does NOT enforce the EU dates as deadlines on the customer (the customer's Compliance function does). The agent surfaces evidence + gap status; the customer acts.
448
+
449
+ ## Crosswalks to other frameworks (operational reuse)
450
+
451
+ DORA pairs with non-EU frameworks where customers operate cross-jurisdictionally:
452
+
453
+ - **NIST CSF 2.0** — GOVERN / IDENTIFY / PROTECT / DETECT / RESPOND / RECOVER functions map across DORA Pillar 1 articles (Art. 5 GOVERN + Art. 8 IDENTIFY + Art. 9 PROTECT + Art. 10 DETECT + Art. 11 RESPOND + Art. 12 RECOVER).
454
+ - **ISO/IEC 27001:2022** — overlapping Annex A controls (A.5 governance + A.8 asset management + A.5.30 ICT readiness for business continuity).
455
+ - **ISO 22301** (business continuity) — DORA Art. 11 BCP requirements + ISO 22301 align on programme + BIA + test cadence.
456
+ - **PCI DSS 4.0** — payment-specific overlap with DORA Art. 23 (operational + security payment-related incidents).
457
+ - **CRI Profile (Cyber Risk Institute Profile)** — financial-services cybersecurity profile used by US regulators; substantial overlap with DORA Pillar 1.
458
+
459
+ When a cross-pack agent exists in the same org, this agent COORDINATES (does not duplicate).
460
+ `;
461
+ }
462
+ // ---------------------------------------------------------------------------
463
+ // File 3 — dora-heartbeat.md skill (load-bearing cycle)
464
+ // ---------------------------------------------------------------------------
465
+ function buildHeartbeatSkill(input) {
466
+ return `# DORA (Regulation (EU) 2022/2554) Compliance Agent — Heartbeat Cycle
467
+
468
+ > Loaded at startup by ${input.agentId}.
469
+ > The load-bearing every-cycle checklist. The agent runs this loop on each invocation; cadence (monthly / quarterly / annual / ad-hoc) is determined at step 2.
470
+
471
+ ## 14-step cycle
472
+
473
+ | # | Step | Tool / Action | Failure mode |
474
+ |---|------|---------------|--------------|
475
+ | 1 | Load startup files (SOUL, BOUNDARIES, this skill, pack skill, reporting skill, broker skill, GOVERNANCE.md) | Read | Missing file → emit \`STARTUP_FILE_MISSING\` and exit cycle |
476
+ | 2 | Determine target cadence | Date arithmetic vs lastRunAt | None — defaults to most-overdue cadence |
477
+ | 3 | Fetch active DataAccessManifest for the target scope | Bash \`compliance-agent broker-status\` | Manifest \`state ≠ active\` → emit \`MANIFEST_OFFLINE\`, exit cycle |
478
+ | 4 | Execute cadence-specific reads (monthly = ICT-incident log Art. 17 + ROI delta Art. 28(3) + Pillar 1 detection-control telemetry Art. 10; quarterly = ICT risk register Art. 6 + ICT third-party register Art. 28 + business-continuity Art. 11 + codebase Art. 8-9-12 scan; annual = aggregate prior cycles + full 5-pillar walkthrough + TLPT readiness Art. 26-27 + ROI submission pack Art. 28(3) ITS template) | Bash \`compliance-agent read --manifest <id> --query <q>\` | \`QueryNotAllowedError\` → \`QUERY_REJECTED\` audit, exit |
479
+ | 5 | Verify redaction by spot-checking 3 random rows against the secret/PII/credential classifier | Local regex | Any hit → \`BROKER_REDACTION_FAILURE\` CRITICAL, exit |
480
+ | 6 | Compose report sections (see \`dora-reporting.md\`) | Sonnet | Composition error → retry once with Haiku, then \`COMPOSITION_FAILURE\` |
481
+ | 7 | Roll up findings CRITICAL → HIGH → MEDIUM → LOW (Art. 17 major-incident candidates + ROI completeness gaps on critical/important-function contracts + overdue Art. 19 final reports ALWAYS CRITICAL) | Local sort | None |
482
+ | 8 | Sign the report envelope with org's Ed25519 key | Bash \`compliance-agent sign --envelope <file>\` | Key missing → \`SIGNING_KEY_MISSING\` CRITICAL, exit |
483
+ | 9 | Write \`COMPLIANCE_AGENT_REPORT_EMITTED\` audit-chain entry (BEFORE local write — WAL pattern) | Bash \`compliance-agent emit-audit\` | Network failure → queue locally, mark agent SUSPENDED if 3 consecutive fails |
484
+ | 10 | Persist signed envelope + signature to \`./.connexum/compliance-agent/${input.agentId}/reports/<runId>/\` | Bash \`compliance-agent persist\` | Local write failure → audit entry already emitted; flag \`LOCAL_PERSIST_FAILURE\` next cycle |
485
+ | 11 | Update \`lastRunAt\` in local state | Bash \`compliance-agent update-state\` | None — next cycle re-derives |
486
+ | 12 | Heartbeat the gov-server (\`POST /api/v1/agents/:agentId/heartbeat\`) | Bash \`compliance-agent heartbeat\` | 401/403 → license expired/revoked, exit \`DEACTIVATED\` |
487
+ | 13 | Append cycle summary to local log | Local write | None |
488
+ | 14 | Exit cleanly | None | None |
489
+
490
+ ## Cadence resolution
491
+
492
+ \`\`\`
493
+ monthly: fires 1st of each month UTC if lastMonthlyRunAt > 28 days
494
+ — ICT-incident log review (Art. 17), Register of Information delta
495
+ tracking (Art. 28(3)), Pillar 1 detection-control telemetry rollup
496
+ (Art. 10), ICT system inventory drift check (Art. 8)
497
+
498
+ quarterly: fires Jan 1 / Apr 1 / Jul 1 / Oct 1 UTC if lastQuarterlyRunAt > 91 days
499
+ — Full Pillar 1 review (Art. 5-16: governance + identification +
500
+ protection + detection + response + recovery + learning +
501
+ communication), Pillar 4 third-party register reconciliation
502
+ (Art. 28-30 minimum contractual provisions + Art. 29 concentration
503
+ risk + Art. 28(8) exit strategies), management-body brief
504
+ preparation (Art. 5(3))
505
+
506
+ annual: fires Jan 1 UTC if lastAnnualRunAt > 365 days
507
+ — Full DORA pillar walkthrough (all 5 pillars across Art. 5-45),
508
+ Register of Information submission pack assembly per Art. 28(3)
509
+ ITS template, TLPT readiness assessment (Art. 26-27 + RTS EU
510
+ 2025/302 TIBER-EU), Pillar 3 testing-programme effectiveness
511
+ review (Art. 24-25), CTPP designation status check (Art. 31 if
512
+ org is or may become a CTPP)
513
+
514
+ ad-hoc: fires immediately on receipt of a \`run-now\` signal from the platform
515
+ — Art. 17 major-incident candidate (preliminary classification
516
+ candidate meets Art. 18 + RTS EU 2024/1772 thresholds)
517
+ — Art. 26-27 TLPT-trigger event (significant ICT change /
518
+ new critical or important function / CTPP designation change /
519
+ material incident in prior cycle)
520
+ — Art. 31 CTPP designation watch (org is/becomes a designated CTPP)
521
+ \`\`\`
522
+
523
+ The platform invokes this agent on schedule via the customer's hook configuration; the agent itself does NOT spawn its own cron. See \`.claude/hooks/\` directory for the invocation hook example.
524
+
525
+ ## Cadence-specific reads
526
+
527
+ ### Monthly (Art. 10 + Art. 17 + Art. 28(3))
528
+ - \`audit-chain\` scope: last 30 days of ICT-incident telemetry (detected events, classification candidates, escalations, near-misses, false-positive volumes per detection control)
529
+ - \`document-store\` scope: current ICT-incident log, incident classification register, current Register of Information entries, current ICT system inventory
530
+
531
+ ### Quarterly (Art. 5-16 + Art. 28-30 + Art. 5(3))
532
+ - \`document-store\` scope: ICT risk register (Art. 6), business-impact analysis (Art. 11(2)), business-continuity policy (Art. 11), ICT-third-party policy (Art. 28(2)), Register of Information (Art. 28(3)), exit + termination strategies (Art. 28(8)), prior management-body reports (Art. 5(3))
533
+ - \`codebase\` scope: last 90 days of commits touching ICT critical/important functions (Art. 8 inventory), authentication + access-control code (Art. 9), back-up + recovery code (Art. 12), data + system integrity controls (Art. 9)
534
+
535
+ ### Annual (All Articles 5-45)
536
+ - Aggregates all 12 monthly + 4 quarterly cycles
537
+ - \`document-store\` scope: full DORA documented-information register, AIMS-equivalent governance evidence (Art. 5), Pillar 3 testing-programme + results (Art. 24-25), TLPT scope + results if conducted in the cycle (Art. 26-27), CTPP designation evidence (Art. 31), Lead Overseer correspondence (Art. 32-44 if applicable), Pillar 5 information-sharing arrangement participation (Art. 45)
538
+
539
+ ## Locked Invariants honoured
540
+
541
+ - **Invariant 2** (advisory, never authoritative): every failure mode above EXITS the cycle cleanly. The agent never blocks the customer's other agents. An Art. 17 major-incident candidate is surfaced as a finding; the customer's incident-reporting officer performs the classification + files the Art. 19 notification.
542
+ - **Invariant 4** (offline-verifiable): the signed envelope verifies using only the org's public key — no platform reachability required.
543
+ - **Invariant 10** (push-receive only): every gov-server call originates from the agent (push); the gov-server never calls into the customer's infrastructure.
544
+ - **Pack-binding-primacy**: every audit-chain entry at steps 5, 9, 12 carries \`packBinding: ['dora', 'tenant:${input.orgId}', 'tier-87']\`.
545
+ `;
546
+ }
547
+ // ---------------------------------------------------------------------------
548
+ // File 4 — dora-reporting.md skill (section composition guide)
549
+ // ---------------------------------------------------------------------------
550
+ function buildReportingSkill(_input) {
551
+ return `# DORA (Regulation (EU) 2022/2554) Compliance Agent — Report Section Composition
552
+
553
+ > Reference for steps 6-7 of the heartbeat cycle.
554
+ > Each section composes deterministically from redacted broker rows + manifest metadata. No LLM-only sections — every section has an objective rule the Sonnet model applies.
555
+
556
+ ## Six report sections
557
+
558
+ ### 1. ICT Incident Telemetry + Register of Information Delta Snapshot (monthly) — Art. 10 + Art. 17 + Art. 28(3)
559
+ - **Inputs:** \`audit-chain\` scope, last 30 days of ICT-incident telemetry; \`document-store\` scope, current ICT-incident log + ROI + ICT system inventory
560
+ - **Metric:** per-detection-control: events generated, classification candidates, escalation rate, mean-time-to-detection, mean-time-to-classification, false-positive ratio. ROI delta: new contractual arrangements not yet registered, terminated arrangements not yet flagged, sub-contracting-chain changes per Art. 28(7).
561
+ - **Findings:**
562
+ - \`CRITICAL\` if an ICT-incident telemetry stream declared in the Art. 10 detection plan produced zero events in the period when historical baseline was non-zero: "Art. 10 detection-source dark — coverage gap"
563
+ - \`CRITICAL\` on an Art. 17 major-incident candidate (preliminary classification candidate meets Art. 18 + RTS EU 2024/1772 thresholds and has not yet been classified by the incident officer)
564
+ - \`HIGH\` if a contractual arrangement supporting a critical/important function is missing from the ROI (Art. 28(3) completeness gap)
565
+ - \`HIGH\` on mean-time-to-classification exceeding the org's declared SLA (this drives 4-hour clock risk)
566
+ - \`MEDIUM\` on false-positive ratio drift > 2x trailing-30-day mean (detection-control quality regression)
567
+ - **Format:** markdown table per detection control (control_id / coverage_kind / event_count / candidate_count / mtd_ms / mttc_ms / fpr); markdown table per ROI delta (delta_kind / contract_id / counterparty / critical_function_flag / detected_at)
568
+
569
+ ### 2. ICT Risk Management Posture (quarterly) — Pillar 1 (Art. 5-16)
570
+ - **Inputs:** \`document-store\` scope, current ICT risk register + business-impact analysis + BCP + ICT-security policy; prior quarter's snapshot for diff; codebase scan results for Art. 8 (identification), Art. 9 (protection), Art. 12 (backup)
571
+ - **Metric:** count of ICT risks by treatment status (treated / accepted / transferred / avoided); count of NEW ICT risks identified this quarter; count of treatment plans overdue; count of residual ICT risks pending Management Body acceptance (Art. 5); Art. 8 critical/important-function inventory coverage; Art. 9 authentication + cryptography control implementation rate; Art. 12 backup coverage + restoration-test recency
572
+ - **Findings:**
573
+ - \`CRITICAL\` on an ICT risk classified HIGH or above that is unaccepted + untreated past its treatment-plan due date: "Art. 6 ICT risk-treatment overdue on HIGH risk"
574
+ - \`CRITICAL\` on missing or stale (> 12 months) restoration test for a critical/important-function backup (Art. 12(2))
575
+ - \`HIGH\` on new ICT risks identified without an assigned owner per the Art. 5(3) governance framework
576
+ - \`HIGH\` on Art. 8(1) critical/important-function inventory drift (functions in production but not in inventory)
577
+ - \`MEDIUM\` on Art. 14 communication-procedure staleness (BCP communication chain not exercised in > 12 months)
578
+ - **Format:** per-risk table (risk_id / category / inherent_score / treatment / residual_score / owner / acceptance_status / due_date); per-Pillar-1-article posture summary
579
+
580
+ ### 3. ICT Third-Party Risk + Register of Information Reconciliation (quarterly) — Pillar 4 (Art. 28-30)
581
+ - **Inputs:** \`document-store\` scope, Register of Information + ICT-third-party policy + contractual arrangements + exit/termination strategies + concentration-risk assessment
582
+ - **Metric:** per registered contractual arrangement: ROI completeness against ITS template, Art. 30 minimum contractual provisions presence (incl. Art. 30(3) enhancements for critical/important functions), exit/termination strategy presence (Art. 28(8)), concentration-risk classification (Art. 29), sub-contracting chain registered (Art. 28(7))
583
+ - **Findings:**
584
+ - \`CRITICAL\` if a contractual arrangement supporting a critical/important function lacks an exit/termination strategy (Art. 28(8))
585
+ - \`CRITICAL\` on a CTPP-tier arrangement without the Art. 30(3) enhanced contractual provisions
586
+ - \`HIGH\` on Art. 28(3) ROI field-completeness gaps (>5% of fields missing across the register)
587
+ - \`HIGH\` on Art. 29 concentration-risk threshold breach (single provider supporting > N critical/important functions)
588
+ - \`MEDIUM\` on Art. 28(7) sub-contracting-chain registration lag (sub-outsourcing changes not registered within the SLA)
589
+ - \`MEDIUM\` on Art. 30(2) minimum contractual provisions partial presence (one or more required clauses missing)
590
+ - **Format:** per-contractual-arrangement table grouped by criticality flag
591
+
592
+ ### 4. Management Body Quarterly Brief (quarterly) — Art. 5(3)
593
+ - **Inputs:** aggregated monthly findings + ICT risk-register status + ROI status + Pillar 3 testing status + Pillar 4 status + incident summary
594
+ - **Metric:** the Art. 5(3) required reporting elements to the Management Body (ICT risk profile + treatment status + material incidents + testing-programme status + third-party exposure + RTS/ITS compliance posture + competent-authority correspondence)
595
+ - **Findings:**
596
+ - \`HIGH\` if any Art. 5(3) reporting element has no prepared data for the upcoming Management Body session
597
+ - \`HIGH\` on action-item closure rate from the prior Management Body session below 60%
598
+ - \`MEDIUM\` on Art. 5(2) Management Body skills-+-training programme drift (skills inventory > 12 months stale)
599
+
600
+ ### 5. Pillar 3 Resilience Testing + TLPT Readiness (annual) — Art. 24-27
601
+ - **Inputs:** aggregated 12 months of findings + \`document-store\` scope, testing programme + test results + remediation register + TLPT scope + threat-intelligence inputs
602
+ - **Metric:** Art. 24 annual-testing-programme coverage of critical/important-function ICT systems; Art. 25 testing-technique coverage (vulnerability assessment / OSS analysis / scenario-based / penetration testing / end-to-end / performance / compatibility / questionnaires / physical security); Art. 26 TLPT readiness (every 3 years for entities meeting the criticality threshold) — scope, threat-intelligence engagement, internal-tester + external-tester certification per Art. 27, RTS EU 2025/302 TIBER-EU framework alignment; remediation-closure rate from prior cycles
603
+ - **Findings:**
604
+ - \`CRITICAL\` if a TLPT-scope-required entity is past its 3-year TLPT due date with no test scheduled (Art. 26(8) + RTS EU 2025/302)
605
+ - \`HIGH\` on Pillar 3 testing-programme coverage gap (critical/important-function ICT systems untested in the cycle)
606
+ - \`HIGH\` on Art. 25 testing-technique-coverage gap (multiple required techniques missing from the programme)
607
+ - \`HIGH\` on Art. 27 tester-certification gap (named tester lacks the required Art. 27 certification + independence + threat-intelligence capability)
608
+ - \`MEDIUM\` on remediation-closure rate below 70% for prior-cycle findings
609
+ - **Format:** per-ICT-system table (system_id / criticality_flag / test_techniques_applied / last_test_date / remediation_open_count); TLPT readiness summary
610
+
611
+ ### 6. Annual Pillar Walkthrough + Register of Information Submission Pack (annual) — All 5 Pillars + Art. 28(3)
612
+ - **Inputs:** \`document-store\` scope, full DORA documented-information register + Pillar 5 information-sharing arrangement participation evidence (Art. 45) + CTPP-designation evidence + Lead Overseer correspondence if applicable
613
+ - **Metric:** Per-Pillar readiness rollup against the article-by-article requirement matrix; Art. 28(3) Register of Information final field-by-field completeness check against the ITS standardised template; ROI submission-pack assembly status
614
+ - **Findings:**
615
+ - \`CRITICAL\` on any Register of Information field declared mandatory by the Art. 28(9) ITS being incomplete on the submission deadline
616
+ - \`CRITICAL\` on a critical/important-function contractual arrangement with no exit/termination strategy (Art. 28(8)) carried forward into the annual submission
617
+ - \`HIGH\` on Pillar 5 information-sharing arrangement participation NOT documented (Art. 45 — voluntary, but absence of any arrangement is itself a finding worth surfacing to management)
618
+ - \`HIGH\` on Art. 31 CTPP designation status uncertainty (org meets criteria but ESA designation outcome is pending — flag for executive awareness)
619
+ - **Format:** Pillar-by-Pillar narrative + ROI submission-pack manifest (list of contractual arrangements + criticality flag + completeness score)
620
+
621
+ ## Composition rules
622
+
623
+ 1. **One section = one renderer call.** Don't bleed data across sections.
624
+ 2. **Markdown only.** No HTML, no JSON in section bodies. JSON envelope wraps the markdown.
625
+ 3. **Deterministic.** Same input rows produce the same section output. Caller verifies by hash.
626
+ 4. **No raw secrets / credentials ever.** Redaction is guaranteed by the broker; this rule is the agent's belt-and-braces check.
627
+ 5. **Each section header MUST cite the relevant Article(s)** (e.g., "## 5. Pillar 3 Resilience Testing + TLPT Readiness (Art. 24-27)") so the Risk + Compliance + Internal Audit + competent-authority audit team can index findings against the DORA article base without re-reading bodies.
628
+ 6. **Copy the Register of Information \`version\` + \`lastUpdatedAt\` into the report header** so the competent authority can verify findings were evaluated against the ROI version they're examining.
629
+ 7. **Each finding MUST carry crosswalk citations when applicable** (NIS2 Art., GDPR Art., MiFID II / PSD2 Art., NIST CSF / ISO 27001 control where relevant) so cross-pack reporting works.
630
+ 8. **Each finding citing Art. 17-19 MUST distinguish "incident" from "major incident"** — the latter triggers Art. 19 reporting obligations + the 4-hour / 72-hour / 1-month timeline; the former does not.
631
+
632
+ ## Helper utilities (if installed)
633
+
634
+ If \`@connexum/ai-governance\` is installed and \`SECTION_RENDERER_REGISTRY\` is available, prefer:
635
+
636
+ \`\`\`bash
637
+ node -e "
638
+ import('@connexum/ai-governance').then(({ buildComplianceReport }) => {
639
+ const envelope = buildComplianceReport({
640
+ packId: 'dora',
641
+ orgId: '<orgId>',
642
+ agentId: '<agentId>',
643
+ runId: '<runId>',
644
+ cadence: 'quarterly',
645
+ generatedAt: new Date().toISOString(),
646
+ sections: [
647
+ // monthly:
648
+ // { sectionId: 'ict-incident-telemetry-roi-delta', rendererId: 'dora-art-10-17-28-snapshot' },
649
+ // quarterly:
650
+ { sectionId: 'ict-risk-mgmt-posture', rendererId: 'dora-pillar-1-posture' },
651
+ { sectionId: 'ict-third-party-roi-reconciliation', rendererId: 'dora-pillar-4-reconciliation' },
652
+ { sectionId: 'management-body-brief', rendererId: 'dora-art-5-3-brief' },
653
+ // annual only:
654
+ // { sectionId: 'pillar-3-testing-tlpt-readiness', rendererId: 'dora-pillar-3-tlpt' },
655
+ // { sectionId: 'annual-walkthrough-roi-submission', rendererId: 'dora-annual-walkthrough' },
656
+ ],
657
+ redactedRows: <rows from broker>,
658
+ manifestMetadata: <metadata from broker>,
659
+ });
660
+ process.stdout.write(JSON.stringify(envelope));
661
+ });
662
+ "
663
+ \`\`\`
664
+
665
+ The deterministic renderers in the package emit byte-identical output for the same input — Internal-Auditor + competent-authority-friendly. If the package is unavailable, the agent composes sections via Sonnet using the rules above.
666
+ `;
667
+ }
668
+ // ---------------------------------------------------------------------------
669
+ // File 5 — data-broker-usage.md skill (pack-agnostic, but customised per agent)
670
+ // ---------------------------------------------------------------------------
671
+ function buildBrokerSkill(input) {
672
+ const govUrl = input.govServerUrl ?? 'https://gov.connexum.io';
673
+ return `# Data Access Broker — Usage Guide
674
+
675
+ > Loaded at startup by ${input.agentId}.
676
+ > The broker is the ONLY path the agent uses to read customer data. Bypassing the broker = absolute boundary violation.
677
+
678
+ ## Broker contract
679
+
680
+ \`\`\`
681
+ compliance-agent read \\
682
+ --agent-id ${input.agentId} \\
683
+ --manifest <manifestId> \\
684
+ --query <query string from manifest.allowedQueries> \\
685
+ --params '<JSON array>'
686
+ \`\`\`
687
+
688
+ Returns:
689
+ \`\`\`json
690
+ {
691
+ "rows": [...],
692
+ "redactionStats": {
693
+ "totalCells": <int>,
694
+ "redactedCells": <int>
695
+ },
696
+ "manifestMetadata": {
697
+ "scopeKind": "audit-chain|codebase|document-store|...",
698
+ "scopeName": "<friendly name>"
699
+ },
700
+ "durationMs": <int>
701
+ }
702
+ \`\`\`
703
+
704
+ ## Boot sequence (executed by \`compliance-agent read\`)
705
+
706
+ 1. Fetch manifest from \`${govUrl}/api/v1/agents/${input.agentId}/data-manifests/<manifestId>\` (license-key bearer auth)
707
+ 2. Verify \`state=active\` (draft / revoked = \`BROKER_OFFLINE\`)
708
+ 3. Validate query against \`manifest.allowedQueries\` (exact string match — partial = \`QueryNotAllowedError\`)
709
+ 4. Resolve credential from \`manifest.credentialRef\` (\`env:NAME\` or \`keyvault:scope\`; inline rejected)
710
+ 5. Execute via the registered \`DataAdapterFactory\` for \`scopeKind\`
711
+ 6. Apply redaction per \`manifest.redactionPolicy.{piiClasses, columnDenyList}\`
712
+ 7. Emit \`AGENT_DATA_READ\` audit-event to \`${govUrl}/api/v1/agents/${input.agentId}/audit-events\` with structured metadata only (NEVER raw rows)
713
+ 8. Return redacted rows + stats to the agent
714
+
715
+ ## Failure modes
716
+
717
+ | Error class | When | Agent action |
718
+ |---|---|---|
719
+ | \`BrokerOfflineError\` | Manifest not active OR network failure | Exit cycle. Mark cadence as deferred. |
720
+ | \`QueryNotAllowedError\` | Query not in allowed-list | Audit \`QUERY_REJECTED\`. Continue cycle without this section. |
721
+ | \`CredentialNotFoundError\` | env var or keyvault key absent | Emit \`MANIFEST_MISCONFIGURED\`. Notify ORG_ADMIN via dashboard. Exit cycle. |
722
+ | \`LicenseInvalidError\` | License expired or revoked | Exit with code 1. Agent \`DEACTIVATED\`. Tier 4 to re-enable. |
723
+
724
+ ## Invariants the broker enforces
725
+
726
+ - **Invariant 10** (push-receive only): all gov-server calls originate from the broker (customer side). The gov-server never opens an outbound connection to customer infrastructure.
727
+ - **Invariant 1** (manifest fetch failure → BrokerOfflineError): the broker NEVER falls back to executing without a manifest. No silent permissive failure.
728
+ - **Invariant 7** (redaction is not optional): if \`redactionPolicy\` is absent, the broker rejects the manifest at activation (\`MANIFEST_MISCONFIGURED\`).
729
+
730
+ ## Active manifests for this agent
731
+
732
+ Manifest IDs the agent should expect to find (added by ORG_ADMIN via dashboard):
733
+
734
+ - DORA monthly (Art. 10 + Art. 17 + Art. 28(3) telemetry): scope \`audit-chain\` with EMAIL+PHONE+SECRET redaction (ICT-incident events, classification candidates, escalations, near-misses, detection-control telemetry)
735
+ - DORA monthly (ICT-incident log + ROI delta): scope \`document-store\` with PII+SECRET redaction (incident log, ROI entries, ICT system inventory)
736
+ - DORA quarterly (Pillar 1 + Pillar 4 review): scope \`document-store\` with PII+SECRET redaction (ICT risk register, business-continuity policy, ICT-third-party policy, Register of Information, exit strategies, prior management-body reports)
737
+ - DORA quarterly (codebase scan): scope \`codebase\` with secret-scanner redaction (authentication + access-control code, back-up + recovery code, data + system integrity controls, critical-function code paths)
738
+ - DORA annual (full pillar walkthrough): scope \`document-store\` with PII+SECRET redaction (full DORA documented-information register, Pillar 3 testing programme + results, TLPT scope + results, CTPP designation evidence, Lead Overseer correspondence)
739
+
740
+ If a manifest is missing at run time, the agent flags it as \`MANIFEST_MISSING\` and continues with the cadences whose manifests ARE present (degraded operation per Invariant 2).
741
+ `;
742
+ }
743
+ // ---------------------------------------------------------------------------
744
+ // File 6 — shared connexum-governance.md (org-wide; copied if not present)
745
+ // ---------------------------------------------------------------------------
746
+ function buildSharedGovernance(_input) {
747
+ return `# Connexum Governance — Shared Skill
748
+
749
+ > Loaded at startup by every Connexum compliance agent in this project.
750
+ > Defines pack-binding-primacy + 10 Locked Architectural Invariants.
751
+
752
+ ## Pack-binding-primacy
753
+
754
+ Every catalogued / stored record carries a mandatory \`packBinding: string[]\` naming the compliance packs that govern it. Retention, approval, reviewer tier, sovereignty, report scoping ALL derive from the binding. Empty binding throws \`UnboundDataError\`. Un-binding before retention window elapses is refused.
755
+
756
+ For Tier 8.7 compliance agents, every emitted audit-chain entry carries \`packBinding: [<packId>, 'tenant:<orgId>', 'tier-87']\` at minimum.
757
+
758
+ ## 10 Locked Architectural Invariants
759
+
760
+ 1. **Self-sovereign passport issuance** — the platform is the passport authority. No external partnership required.
761
+ 2. **Advisory, never authoritative** — the platform is NEVER in the synchronous critical path of any agent. Failures degrade gracefully.
762
+ 3. **Graceful degradation by default in the SDK** — 100ms timeout on trust queries; never throw.
763
+ 4. **Offline-verifiable passports** — verifiable using cached org public keys. Platform reachability not required.
764
+ 5. **Unknown-passport returns structured response, not 404** — \`status: "unknown"\` + org reputation fallback.
765
+ 6. **Credit-agency data visibility model** — own data in full; cross-org view limited to \`PublicAgentView\`.
766
+ 7. **Row-level security at the database** — every multi-tenant table has a Postgres RLS policy. Defence-in-depth.
767
+ 8. **Three-tier API key hierarchy** — \`PLATFORM_KEY > PARTNER_KEY > ORG_KEY\`. Absolute cross-tier isolation.
768
+ 9. **External identity bound, never replaced** — Okta/IAM identities become first-class claims INSIDE the passport.
769
+ 10. **Push-receive only** — data flows from customer TO platform, never the other way. No scanning, no polling, no blocking of customer infrastructure.
770
+
771
+ ## Agent self-check (executed at startup)
772
+
773
+ 1. Verify SOUL block in primary agent MD is intact + chmod 0444
774
+ 2. Verify BOUNDARIES block in primary agent MD is intact + chmod 0444
775
+ 3. Verify this file is intact + chmod 0444
776
+ 4. Verify org public key is cached locally at \`./.connexum/compliance-agent/<agentId>/keys/org-public.pem\`
777
+ 5. Verify Ed25519 signing key is present at \`./.connexum/compliance-agent/<agentId>/keys/signing-private.pem\`
778
+
779
+ If any check fails, the agent emits \`GOVERNANCE_INTEGRITY_FAILURE\` and refuses to run until Tier 4 intervention.
780
+ `;
781
+ }
782
+ // ---------------------------------------------------------------------------
783
+ // File 7 — GOVERNANCE.md at project root (customer-specific config)
784
+ // ---------------------------------------------------------------------------
785
+ function buildGovernanceConfig(input) {
786
+ const govUrl = input.govServerUrl ?? 'https://gov.connexum.io';
787
+ return `# GOVERNANCE.md
788
+
789
+ > Generated at agent spawn. Customer-specific configuration for the Connexum compliance agent runtime.
790
+ > This file is COMMITTED to the customer's repo. It contains NO secrets.
791
+
792
+ ## Agent
793
+
794
+ | Field | Value |
795
+ |-------|-------|
796
+ | Agent ID | ${input.agentId} |
797
+ | Pack | dora |
798
+ | Tier | 8.7 |
799
+ | Org ID | ${input.orgId} |
800
+ | Location | ${input.location} |
801
+ | Department | ${input.department} |
802
+ | Gov-server URL | ${govUrl} |
803
+
804
+ ## Secrets (NOT committed)
805
+
806
+ The agent expects two files outside source control:
807
+
808
+ - \`./.connexum/compliance-agent/${input.agentId}/.license\` — license key issued at spawn (mode 0600)
809
+ - \`./.connexum/compliance-agent/${input.agentId}/keys/signing-private.pem\` — Ed25519 signing key for report envelopes (mode 0600)
810
+
811
+ Both are created by \`compliance-agent init <licenseKey>\` (first-run setup; see README in the tarball).
812
+
813
+ ## First-run setup
814
+
815
+ \`\`\`bash
816
+ # 1. Install the runtime
817
+ npm install -g @connexum/compliance-agent-runtime
818
+
819
+ # 2. Initialise the agent
820
+ compliance-agent init ${input.licenseKey}
821
+
822
+ # 3. Verify status
823
+ compliance-agent status ${input.agentId}
824
+
825
+ # 4. Run a manual cycle (optional, for verification)
826
+ compliance-agent run-once ${input.agentId}
827
+ \`\`\`
828
+
829
+ ## Scheduled invocation
830
+
831
+ The Connexum platform invokes this agent on its declared cadences (monthly / quarterly / annual). If you want local cron-based invocation as well, add to your crontab:
832
+
833
+ \`\`\`cron
834
+ 0 0 1 * * compliance-agent run-once ${input.agentId} # monthly (Art. 10 + Art. 17 + Art. 28(3) telemetry)
835
+ 0 0 1 */3 * compliance-agent run-once ${input.agentId} # quarterly (Pillar 1 + Pillar 4 review + management-body brief)
836
+ 0 0 1 1 * compliance-agent run-once ${input.agentId} # annual (full DORA pillar walkthrough + ROI submission + TLPT readiness)
837
+ \`\`\`
838
+
839
+ The platform invocation and the local cron are idempotent — the same \`runId\` will not double-emit.
840
+
841
+ ## Article + Pillar cross-reference
842
+
843
+ This agent's reports cite the following DORA (Regulation (EU) 2022/2554) articles + RTS/ITS. Risk + Compliance + Internal Audit + competent-authority audit teams can use this map to index findings:
844
+
845
+ | Section | Articles + RTS/ITS |
846
+ |---------|---------|
847
+ | ICT Incident Telemetry + ROI Delta Snapshot | Art. 10 (Detection), Art. 17 (Incident management process), Art. 28(3) (Register of Information) |
848
+ | ICT Risk Management Posture | Pillar 1 — Art. 5 (Governance), Art. 6 (Framework), Art. 7 (Systems), Art. 8 (Identification), Art. 9 (Protection), Art. 10 (Detection), Art. 11 (Response + recovery), Art. 12 (Backup), Art. 13 (Learning), Art. 14 (Communication) |
849
+ | ICT Third-Party Risk + ROI Reconciliation | Pillar 4 — Art. 28 (General + ROI), Art. 29 (Concentration risk), Art. 30 (Contractual provisions, incl. 30(3) enhancements) |
850
+ | Management Body Quarterly Brief | Art. 5(2)-(3) |
851
+ | Pillar 3 Resilience Testing + TLPT Readiness | Pillar 3 — Art. 24 (Testing programme), Art. 25 (Testing techniques), Art. 26 (TLPT), Art. 27 (TLPT testers); RTS EU 2025/302 (TIBER-EU adoption) |
852
+ | Annual Pillar Walkthrough + ROI Submission Pack | All 5 Pillars (Art. 5-45); RTS EU 2024/1772 (incident classification); ITS on the standardised templates for the Register of Information (Art. 28(9)) |
853
+
854
+ ## RTS / ITS tracked (cited on findings where applicable)
855
+
856
+ - **RTS EU 2024/1772** — Classification of ICT-related incidents (Art. 18)
857
+ - **RTS EU 2025/302** — Threat-Led Penetration Testing (Art. 26-27 + TIBER-EU)
858
+ - **RTS on ICT risk management tools** (Art. 15)
859
+ - **RTS on the content of major-incident notification** (Art. 20)
860
+ - **ITS on the standardised templates + procedures for reporting major ICT-related incidents** (Art. 20)
861
+ - **ITS on the standard templates for the Register of Information** (Art. 28(9))
862
+ - **RTS on the policy on ICT services supporting critical or important functions** (Art. 28(10))
863
+ - **RTS on the criteria determining CTPP criticality** (Art. 31(6))
864
+ - **RTS on the harmonisation of oversight conditions** (Art. 41)
865
+
866
+ ## Crosswalks (cited on findings where applicable)
867
+
868
+ - NIS2 Directive (EU 2022/2555) — DORA is **lex specialis** for the financial sector on the same subject matter
869
+ - GDPR (EU 2016/679) — Art. 33-34 personal-data breach reporting (separate regime; may co-trigger)
870
+ - MiFID II (Directive 2014/65) — operational resilience for investment firms (DORA applies in addition)
871
+ - PSD2 (Directive (EU) 2015/2366) — DORA Art. 23 supersedes PSD2 operational + security incident reporting for credit institutions / PIs / EMIs
872
+ - EBA Guidelines on ICT and security risk management (EBA/GL/2019/04) — predecessor risk-management guidance
873
+ - NIST CSF 2.0 — GOVERN / IDENTIFY / PROTECT / DETECT / RESPOND / RECOVER ↔ DORA Pillar 1 article coverage
874
+ - ISO/IEC 27001:2022 — overlapping Annex A controls
875
+ - ISO 22301 — business continuity
876
+ - PCI DSS 4.0 — payment-specific (Art. 23 overlap)
877
+ - CRI Profile — financial-services cybersecurity profile
878
+
879
+ ## Application + submission dates
880
+
881
+ - **17 January 2025** — DORA applies. Pre-existing programmes (BCM, ICT-security, third-party risk) must be DORA-aligned by this date.
882
+ - **Q1 of each year (from 2025)** — annual Register of Information submission to the competent authority (date set by the competent authority + ESAs).
883
+
884
+ ## Locked Invariants
885
+
886
+ This agent honours all 10 Connexum Locked Architectural Invariants (see \`.claude/skills/_shared/connexum-governance.md\`). The most operationally relevant for hosts:
887
+
888
+ - **Invariant 2:** the agent NEVER blocks your other tooling. A failed cycle exits cleanly; the next cycle proceeds.
889
+ - **Invariant 10:** all calls originate from this agent. The Connexum gov-server NEVER initiates a connection to your infrastructure.
890
+
891
+ ## Support
892
+
893
+ - Status: \`compliance-agent status ${input.agentId}\`
894
+ - Logs: \`./.connexum/compliance-agent/${input.agentId}/logs/\`
895
+ - Reports: \`./.connexum/compliance-agent/${input.agentId}/reports/\`
896
+ - Dashboard: ${govUrl.replace(/^https?:\/\/gov\./, 'https://dashboard.')}/agents/compliance/${input.agentId}
897
+ `;
898
+ }
899
+ // ---------------------------------------------------------------------------
900
+ // Generator entry point
901
+ // ---------------------------------------------------------------------------
902
+ export const generate = (input) => {
903
+ const identifier = `dora-compliance-agent-${input.location}-${input.department}`;
904
+ const bundle = [
905
+ {
906
+ path: `.claude/agents/${identifier}.md`,
907
+ content: buildAgentMd(input),
908
+ mode: 0o444,
909
+ },
910
+ {
911
+ path: '.claude/skills/compliance/dora-pack.md',
912
+ content: buildPackSkill(input),
913
+ mode: 0o644,
914
+ },
915
+ {
916
+ path: '.claude/skills/compliance/dora-heartbeat.md',
917
+ content: buildHeartbeatSkill(input),
918
+ mode: 0o644,
919
+ },
920
+ {
921
+ path: '.claude/skills/compliance/dora-reporting.md',
922
+ content: buildReportingSkill(input),
923
+ mode: 0o644,
924
+ },
925
+ {
926
+ path: '.claude/skills/compliance/data-broker-usage.md',
927
+ content: buildBrokerSkill(input),
928
+ mode: 0o644,
929
+ },
930
+ {
931
+ path: '.claude/skills/_shared/connexum-governance.md',
932
+ content: buildSharedGovernance(input),
933
+ mode: 0o444,
934
+ },
935
+ {
936
+ path: 'GOVERNANCE.md',
937
+ content: buildGovernanceConfig(input),
938
+ mode: 0o644,
939
+ },
940
+ ];
941
+ return bundle;
942
+ };
943
+ //# sourceMappingURL=dora.js.map