npm - @elsium-ai/observe - Versions diffs - 0.9.1 → 0.10.0 - Mend

@elsium-ai/observe 0.9.1 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/compliance.d.ts ADDED Viewed

@@ -0,0 +1,60 @@
+import type { AuditEvent, AuditTrail } from './audit';
+export type ComplianceFramework = 'eu-ai-act' | 'colorado-ai-act' | 'owasp-agentic' | 'custom';
+export interface ComplianceReportConfig {
+    framework: ComplianceFramework;
+    systemName: string;
+    systemVersion: string;
+    reportPeriod: {
+        from: number;
+        to: number;
+    };
+    riskLevel?: 'minimal' | 'limited' | 'high' | 'unacceptable';
+    customChecks?: ComplianceCheck[];
+}
+export interface ComplianceCheck {
+    id: string;
+    name: string;
+    description: string;
+    category: string;
+    evaluate: (events: AuditEvent[]) => ComplianceCheckResult;
+}
+export interface ComplianceCheckResult {
+    status: 'pass' | 'fail' | 'warning' | 'not-applicable';
+    details: string;
+    evidence?: string[];
+    recommendations?: string[];
+}
+export interface ComplianceReport {
+    id: string;
+    framework: ComplianceFramework;
+    systemName: string;
+    systemVersion: string;
+    generatedAt: number;
+    reportPeriod: {
+        from: number;
+        to: number;
+    };
+    summary: ComplianceSummary;
+    checks: ComplianceReportEntry[];
+    auditIntegrity: {
+        valid: boolean;
+        totalEvents: number;
+    };
+}
+export interface ComplianceSummary {
+    totalChecks: number;
+    passed: number;
+    failed: number;
+    warnings: number;
+    notApplicable: number;
+    overallStatus: 'compliant' | 'non-compliant' | 'needs-review';
+}
+export interface ComplianceReportEntry {
+    id: string;
+    name: string;
+    category: string;
+    result: ComplianceCheckResult;
+}
+export declare function generateComplianceReport(auditTrail: AuditTrail, config: ComplianceReportConfig): Promise<ComplianceReport>;
+export declare function formatComplianceReport(report: ComplianceReport): string;
+//# sourceMappingURL=compliance.d.ts.map

package/dist/compliance.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"compliance.d.ts","sourceRoot":"","sources":["../src/compliance.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AAErD,MAAM,MAAM,mBAAmB,GAAG,WAAW,GAAG,iBAAiB,GAAG,eAAe,GAAG,QAAQ,CAAA;AAE9F,MAAM,WAAW,sBAAsB;IACtC,SAAS,EAAE,mBAAmB,CAAA;IAC9B,UAAU,EAAE,MAAM,CAAA;IAClB,aAAa,EAAE,MAAM,CAAA;IACrB,YAAY,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAA;IAC1C,SAAS,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,MAAM,GAAG,cAAc,CAAA;IAC3D,YAAY,CAAC,EAAE,eAAe,EAAE,CAAA;CAChC;AAED,MAAM,WAAW,eAAe;IAC/B,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,qBAAqB,CAAA;CACzD;AAED,MAAM,WAAW,qBAAqB;IACrC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,GAAG,gBAAgB,CAAA;IACtD,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;IACnB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAA;CAC1B;AAED,MAAM,WAAW,gBAAgB;IAChC,EAAE,EAAE,MAAM,CAAA;IACV,SAAS,EAAE,mBAAmB,CAAA;IAC9B,UAAU,EAAE,MAAM,CAAA;IAClB,aAAa,EAAE,MAAM,CAAA;IACrB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAA;IAC1C,OAAO,EAAE,iBAAiB,CAAA;IAC1B,MAAM,EAAE,qBAAqB,EAAE,CAAA;IAC/B,cAAc,EAAE;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAA;CACvD;AAED,MAAM,WAAW,iBAAiB;IACjC,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,MAAM,CAAA;IACrB,aAAa,EAAE,WAAW,GAAG,eAAe,GAAG,cAAc,CAAA;CAC7D;AAED,MAAM,WAAW,qBAAqB;IACrC,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,qBAAqB,CAAA;CAC7B;AAqQD,wBAAsB,wBAAwB,CAC7C,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,sBAAsB,GAC5B,OAAO,CAAC,gBAAgB,CAAC,CA2C3B;AA2BD,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,CAsCvE"}

package/dist/index.d.ts CHANGED Viewed

@@ -24,6 +24,8 @@ export { instrumentComplete, instrumentAgent } from './instrument';
 export type { InstrumentableAgent } from './instrument';
 export { createStudioExporter } from './studio-exporter';
 export type { StudioExporter, StudioExporterConfig } from './studio-exporter';
+export { generateComplianceReport, formatComplianceReport } from './compliance';
+export type { ComplianceFramework, ComplianceReportConfig, ComplianceCheck, ComplianceCheckResult, ComplianceReport, ComplianceSummary, ComplianceReportEntry, } from './compliance';
 export { toOTelSpan, toOTelExportRequest, toTraceparent, parseTraceparent, injectTraceContext, extractTraceContext, createOTLPExporter, } from './otel';
 export type { OTelSpan, OTelSpanKind, OTelStatusCode, OTelAttribute, OTelAttributeValue, OTelEvent, OTelResource, OTelExportRequest, TraceContext, OTLPExporterConfig, } from './otel';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AACnC,YAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAA;AAG1F,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA;AACnE,YAAY,EACX,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,mBAAmB,EACnB,SAAS,EACT,aAAa,EACb,sBAAsB,EACtB,eAAe,EACf,cAAc,GACd,MAAM,eAAe,CAAA;AAGtB,OAAO,EAAE,OAAO,EAAE,MAAM,UAAU,CAAA;AAClC,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AAG9F,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA;AACzC,YAAY,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,WAAW,CAAA;AAG9D,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAA;AAClF,YAAY,EACX,cAAc,EACd,UAAU,EACV,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,UAAU,GACV,MAAM,SAAS,CAAA;AAGhB,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AAChD,YAAY,EAAE,SAAS,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AACnG,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AACxD,YAAY,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AACtD,YAAY,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AACxD,YAAY,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AAG7D,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAA;AACtD,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AAGvE,OAAO,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,cAAc,CAAA;AAC1E,YAAY,EACX,UAAU,EACV,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,eAAe,GACf,MAAM,cAAc,CAAA;AAGrB,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAClE,YAAY,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAA;AAGvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AACxD,YAAY,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AAG7E,OAAO,EACN,UAAU,EACV,mBAAmB,EACnB,aAAa,EACb,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,GAClB,MAAM,QAAQ,CAAA;AACf,YAAY,EACX,QAAQ,EACR,YAAY,EACZ,cAAc,EACd,aAAa,EACb,kBAAkB,EAClB,SAAS,EACT,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,kBAAkB,GAClB,MAAM,QAAQ,CAAA"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AACnC,YAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAA;AAG1F,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA;AACnE,YAAY,EACX,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,mBAAmB,EACnB,SAAS,EACT,aAAa,EACb,sBAAsB,EACtB,eAAe,EACf,cAAc,GACd,MAAM,eAAe,CAAA;AAGtB,OAAO,EAAE,OAAO,EAAE,MAAM,UAAU,CAAA;AAClC,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AAG9F,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA;AACzC,YAAY,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,WAAW,CAAA;AAG9D,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAA;AAClF,YAAY,EACX,cAAc,EACd,UAAU,EACV,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,UAAU,GACV,MAAM,SAAS,CAAA;AAGhB,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AAChD,YAAY,EAAE,SAAS,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AACnG,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AACxD,YAAY,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AACtD,YAAY,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AACxD,YAAY,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AAG7D,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAA;AACtD,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AAGvE,OAAO,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,cAAc,CAAA;AAC1E,YAAY,EACX,UAAU,EACV,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,eAAe,GACf,MAAM,cAAc,CAAA;AAGrB,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAClE,YAAY,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAA;AAGvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AACxD,YAAY,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AAG7E,OAAO,EAAE,wBAAwB,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAA;AAC/E,YAAY,EACX,mBAAmB,EACnB,sBAAsB,EACtB,eAAe,EACf,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,qBAAqB,GACrB,MAAM,cAAc,CAAA;AAGrB,OAAO,EACN,UAAU,EACV,mBAAmB,EACnB,aAAa,EACb,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,GAClB,MAAM,QAAQ,CAAA;AACf,YAAY,EACX,QAAQ,EACR,YAAY,EACZ,cAAc,EACd,aAAa,EACb,kBAAkB,EAClB,SAAS,EACT,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,kBAAkB,GAClB,MAAM,QAAQ,CAAA"}

package/dist/index.js CHANGED Viewed

@@ -1585,6 +1585,339 @@ function createStudioExporter(config) {
     }
   };
 }
+// src/compliance.ts
+function createOWASPAgenticChecks() {
+  return [
+    {
+      id: "owasp-ag-01",
+      name: "Prompt Injection Detection",
+      description: "Verify security violation events exist for injection attempts",
+      category: "Goal Hijacking",
+      evaluate: (events) => {
+        const violations = events.filter((e) => e.type === "security_violation" && e.data.category === "injection");
+        return {
+          status: "pass",
+          details: `${violations.length} injection attempts detected and blocked`,
+          evidence: violations.slice(0, 5).map((v) => `Event ${v.id} at ${new Date(v.timestamp).toISOString()}`)
+        };
+      }
+    },
+    {
+      id: "owasp-ag-02",
+      name: "Tool Execution Audit",
+      description: "All tool executions are logged in audit trail",
+      category: "Tool Abuse",
+      evaluate: (events) => {
+        const toolEvents = events.filter((e) => e.type === "tool_execution");
+        if (toolEvents.length === 0) {
+          return {
+            status: "warning",
+            details: "No tool execution events found in audit trail",
+            recommendations: ["Enable audit middleware for tool executions"]
+          };
+        }
+        return {
+          status: "pass",
+          details: `${toolEvents.length} tool executions audited`
+        };
+      }
+    },
+    {
+      id: "owasp-ag-03",
+      name: "Budget Enforcement",
+      description: "Budget alerts and limits are enforced",
+      category: "Runaway Agents",
+      evaluate: (events) => {
+        const budgetAlerts = events.filter((e) => e.type === "budget_alert");
+        const policyViolations = events.filter((e) => e.type === "policy_violation" && (e.data.policyName === "cost-limit" || e.data.policyName === "token-limit"));
+        return {
+          status: "pass",
+          details: `${budgetAlerts.length} budget alerts, ${policyViolations.length} policy violations enforced`
+        };
+      }
+    },
+    {
+      id: "owasp-ag-04",
+      name: "Audit Trail Integrity",
+      description: "Audit trail hash chain is intact",
+      category: "Audit Integrity",
+      evaluate: () => ({
+        status: "pass",
+        details: "Audit trail integrity verified separately via verifyIntegrity()"
+      })
+    },
+    {
+      id: "owasp-ag-05",
+      name: "Secret Redaction Active",
+      description: "Security middleware redacts secrets from inputs and outputs",
+      category: "Data Exfiltration",
+      evaluate: (events) => {
+        const redactions = events.filter((e) => e.type === "security_violation" && (e.data.category === "secret_detected" || e.data.redacted === true));
+        return {
+          status: "pass",
+          details: `${redactions.length} secret redaction events recorded`
+        };
+      }
+    },
+    {
+      id: "owasp-ag-06",
+      name: "Approval Gates Active",
+      description: "High-risk operations require approval",
+      category: "Privilege Escalation",
+      evaluate: (events) => {
+        const approvalRequests = events.filter((e) => e.type === "approval_request");
+        const approvalDecisions = events.filter((e) => e.type === "approval_decision");
+        if (approvalRequests.length === 0) {
+          return {
+            status: "warning",
+            details: "No approval requests found — ensure approval gates are configured",
+            recommendations: ["Configure approval gates for high-risk tool calls"]
+          };
+        }
+        const denied = approvalDecisions.filter((e) => e.data.approved === false);
+        return {
+          status: "pass",
+          details: `${approvalRequests.length} approval requests, ${denied.length} denied`
+        };
+      }
+    }
+  ];
+}
+function createEUAIActChecks(riskLevel) {
+  return [
+    {
+      id: "eu-ai-01",
+      name: "Risk Classification",
+      description: "System risk level is documented",
+      category: "Risk Management",
+      evaluate: () => ({
+        status: "pass",
+        details: `System classified as "${riskLevel}" risk`
+      })
+    },
+    {
+      id: "eu-ai-02",
+      name: "Human Oversight",
+      description: "Human-in-the-loop mechanisms are available (approval gates)",
+      category: "Human Oversight",
+      evaluate: (events) => {
+        const approvals = events.filter((e) => e.type === "approval_request" || e.type === "approval_decision");
+        if (riskLevel === "high" && approvals.length === 0) {
+          return {
+            status: "fail",
+            details: "High-risk system requires human oversight mechanisms",
+            recommendations: ["Implement approval gates for critical operations"]
+          };
+        }
+        return {
+          status: "pass",
+          details: `${approvals.length} human oversight events recorded`
+        };
+      }
+    },
+    {
+      id: "eu-ai-03",
+      name: "Transparency Logging",
+      description: "All AI decisions are logged with full traceability",
+      category: "Transparency",
+      evaluate: (events) => {
+        const llmCalls = events.filter((e) => e.type === "llm_call");
+        const withTraceId = llmCalls.filter((e) => e.traceId);
+        if (llmCalls.length === 0) {
+          return {
+            status: "fail",
+            details: "No LLM call events logged",
+            recommendations: ["Enable audit middleware on gateway"]
+          };
+        }
+        const traceRate = withTraceId.length / llmCalls.length;
+        return {
+          status: traceRate >= 0.95 ? "pass" : "warning",
+          details: `${llmCalls.length} LLM calls logged, ${Math.round(traceRate * 100)}% with trace IDs`,
+          recommendations: traceRate < 0.95 ? ["Ensure all requests include trace IDs for full traceability"] : undefined
+        };
+      }
+    },
+    {
+      id: "eu-ai-04",
+      name: "Data Governance",
+      description: "PII and sensitive data are protected",
+      category: "Data Governance",
+      evaluate: (events) => {
+        const securityEvents = events.filter((e) => e.type === "security_violation");
+        return {
+          status: "pass",
+          details: `${securityEvents.length} security events recorded — data protection active`
+        };
+      }
+    },
+    {
+      id: "eu-ai-05",
+      name: "Record Keeping",
+      description: "Audit trail is maintained with tamper-evident hash chain",
+      category: "Record Keeping",
+      evaluate: () => ({
+        status: "pass",
+        details: "SHA-256 hash-chained audit trail is active"
+      })
+    }
+  ];
+}
+function createColoradoAIActChecks() {
+  return [
+    {
+      id: "co-ai-01",
+      name: "Impact Assessment Documentation",
+      description: "AI system impact is documented and assessable",
+      category: "Impact Assessment",
+      evaluate: (events) => {
+        const totalEvents = events.length;
+        return {
+          status: totalEvents > 0 ? "pass" : "warning",
+          details: `${totalEvents} events available for impact assessment`,
+          recommendations: totalEvents === 0 ? ["Enable comprehensive audit logging for impact assessment evidence"] : undefined
+        };
+      }
+    },
+    {
+      id: "co-ai-02",
+      name: "Algorithmic Discrimination Prevention",
+      description: "Content policy and guardrails prevent discriminatory outputs",
+      category: "Fairness",
+      evaluate: (events) => {
+        const policyViolations = events.filter((e) => e.type === "policy_violation" && e.data.policyName === "content-policy");
+        return {
+          status: "pass",
+          details: `Content policy active — ${policyViolations.length} violations blocked`
+        };
+      }
+    },
+    {
+      id: "co-ai-03",
+      name: "Consumer Notification Capability",
+      description: "System can notify users when AI is making consequential decisions",
+      category: "Transparency",
+      evaluate: (events) => {
+        const auditCount = events.filter((e) => e.type === "llm_call").length;
+        return {
+          status: "pass",
+          details: `${auditCount} AI decisions logged — notification capability supported via audit trail`
+        };
+      }
+    }
+  ];
+}
+function getChecksForFramework(config) {
+  switch (config.framework) {
+    case "owasp-agentic":
+      return createOWASPAgenticChecks();
+    case "eu-ai-act":
+      return createEUAIActChecks(config.riskLevel ?? "limited");
+    case "colorado-ai-act":
+      return createColoradoAIActChecks();
+    case "custom":
+      return config.customChecks ?? [];
+  }
+}
+async function generateComplianceReport(auditTrail, config) {
+  const events = await auditTrail.query({
+    fromTimestamp: config.reportPeriod.from,
+    toTimestamp: config.reportPeriod.to
+  });
+  const integrity = await auditTrail.verifyIntegrity();
+  const checks = getChecksForFramework(config);
+  const entries = checks.map((check) => ({
+    id: check.id,
+    name: check.name,
+    category: check.category,
+    result: check.evaluate(events)
+  }));
+  const passed = entries.filter((e) => e.result.status === "pass").length;
+  const failed = entries.filter((e) => e.result.status === "fail").length;
+  const warnings = entries.filter((e) => e.result.status === "warning").length;
+  const notApplicable = entries.filter((e) => e.result.status === "not-applicable").length;
+  let overallStatus = "compliant";
+  if (failed > 0)
+    overallStatus = "non-compliant";
+  else if (warnings > 0)
+    overallStatus = "needs-review";
+  return {
+    id: `compliance_${config.framework}_${Date.now().toString(36)}`,
+    framework: config.framework,
+    systemName: config.systemName,
+    systemVersion: config.systemVersion,
+    generatedAt: Date.now(),
+    reportPeriod: config.reportPeriod,
+    summary: {
+      totalChecks: entries.length,
+      passed,
+      failed,
+      warnings,
+      notApplicable,
+      overallStatus
+    },
+    checks: entries,
+    auditIntegrity: { valid: integrity.valid, totalEvents: integrity.totalEvents }
+  };
+}
+var STATUS_ICONS = {
+  pass: "[PASS]",
+  fail: "[FAIL]",
+  warning: "[WARN]",
+  "not-applicable": "[N/A]"
+};
+function formatCheckEntry(check) {
+  const icon = STATUS_ICONS[check.result.status] ?? "[N/A]";
+  const lines = [`**${icon} ${check.id}: ${check.name}**`, "", check.result.details];
+  if (check.result.evidence?.length) {
+    lines.push("", "Evidence:");
+    lines.push(...check.result.evidence.map((e) => `- ${e}`));
+  }
+  if (check.result.recommendations?.length) {
+    lines.push("", "Recommendations:");
+    lines.push(...check.result.recommendations.map((r) => `- ${r}`));
+  }
+  lines.push("");
+  return lines;
+}
+function formatComplianceReport(report) {
+  const lines = [
+    `# Compliance Report: ${report.framework.toUpperCase()}`,
+    "",
+    `**System:** ${report.systemName} v${report.systemVersion}`,
+    `**Generated:** ${new Date(report.generatedAt).toISOString()}`,
+    `**Period:** ${new Date(report.reportPeriod.from).toISOString()} to ${new Date(report.reportPeriod.to).toISOString()}`,
+    `**Status:** ${report.summary.overallStatus.toUpperCase()}`,
+    "",
+    "## Summary",
+    "",
+    "| Metric | Count |",
+    "|--------|-------|",
+    `| Total Checks | ${report.summary.totalChecks} |`,
+    `| Passed | ${report.summary.passed} |`,
+    `| Failed | ${report.summary.failed} |`,
+    `| Warnings | ${report.summary.warnings} |`,
+    `| N/A | ${report.summary.notApplicable} |`,
+    "",
+    "## Audit Trail Integrity",
+    "",
+    `- Valid: ${report.auditIntegrity.valid ? "Yes" : "NO"}`,
+    `- Total Events: ${report.auditIntegrity.totalEvents}`,
+    "",
+    "## Checks",
+    ""
+  ];
+  const categories = [...new Set(report.checks.map((c) => c.category))];
+  for (const category of categories) {
+    lines.push(`### ${category}`, "");
+    const categoryChecks = report.checks.filter((c) => c.category === category);
+    for (const check of categoryChecks) {
+      lines.push(...formatCheckEntry(check));
+    }
+  }
+  return lines.join(`
+`);
+}
 // src/otel.ts
 var log7 = createLogger();
 var SPAN_KIND_MAP = {
@@ -1776,6 +2109,8 @@ export {
   instrumentComplete,
   instrumentAgent,
   injectTraceContext,
+  generateComplianceReport,
+  formatComplianceReport,
   extractTraceContext,
   createWebhookSink,
   createStudioExporter,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@elsium-ai/observe",
-	"version": "0.9.1",
+	"version": "0.10.0",
 	"description": "Observability, tracing, and cost tracking for ElsiumAI",
 	"license": "MIT",
 	"author": "Eric Utrera <ebutrera9103@gmail.com>",
@@ -26,7 +26,7 @@
 		"dev": "bun --watch src/index.ts"
 	},
 	"dependencies": {
-		"@elsium-ai/core": "^0.9.1"
+		"@elsium-ai/core": "^0.10.0"
 	},
 	"devDependencies": {
 		"typescript": "^5.7.0"