@grc-claw/compliance-orchestrator 2.0.0

package/dist/types.d.ts

@@ -0,0 +1,184 @@
+export type FrameworkCode = 'iso27001' | 'nist-csf' | 'soc2' | 'iso42001' | 'eu-ai-act' | 'dora' | 'nis2' | 'hipaa' | 'pci-dss' | 'fedramp' | 'cmmc' | 'gdpr' | 'lgpd' | 'pipl' | 'tisax' | 'popia';
+export interface ControlNode {
+    id: string;
+    framework: FrameworkCode;
+    code: string;
+    title: string;
+    description: string;
+    family: string;
+    severity: 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
+    dependencies: string[];
+    evidenceRequirements: EvidenceRequirement[];
+    testLogic?: TestLogic;
+    remediation?: RemediationTemplate;
+}
+export interface EvidenceRequirement {
+    type: 'screenshot' | 'log' | 'config' | 'certificate' | 'policy' | 'attestation' | 'scan' | 'automated' | 'document';
+    source: string;
+    freshness: string;
+    cryptographic?: boolean;
+}
+export interface TestLogic {
+    type: 'rego' | 'sql' | 'typescript' | 'yaml' | 'external';
+    code: string;
+    inputs: Record<string, string>;
+    expectedOutput: unknown;
+}
+export interface RemediationTemplate {
+    type: 'terraform' | 'aws-cli' | 'azure-cli' | 'gcp-cli' | 'kubernetes' | 'manual' | 'script';
+    code: string;
+    rollbackCode?: string;
+    estimatedTime: string;
+    riskLevel: 'low' | 'medium' | 'high';
+}
+export interface CrosswalkEntry {
+    sourceFramework: FrameworkCode;
+    sourceControl: string;
+    targetFramework: FrameworkCode;
+    targetControl: string;
+    relationship: 'equivalent' | 'stronger' | 'weaker' | 'subset' | 'superset';
+    confidence: number;
+}
+export interface RegulationAST {
+    id: string;
+    framework: FrameworkCode;
+    version: string;
+    compiledAt: string;
+    controls: ASTControlNode[];
+    crosswalks: CrosswalkEntry[];
+    metadata: RegulationMetadata;
+}
+export interface ASTControlNode {
+    id: string;
+    code: string;
+    title: string;
+    severity?: 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
+    ast: PolicyAST;
+    crossRefs: string[];
+    evidenceChain: EvidenceChain;
+}
+export interface PolicyAST {
+    type: 'conjunction' | 'disjunction' | 'implication' | 'negation' | 'atom';
+    operator?: string;
+    children?: PolicyAST[];
+    atom?: PolicyAtom;
+}
+export interface PolicyAtom {
+    subject: string;
+    predicate: string;
+    object: string;
+    constraints: Record<string, unknown>;
+}
+export interface EvidenceChain {
+    required: EvidenceRequirement[];
+    collected: CollectedEvidence[];
+    validUntil: string;
+}
+export interface CollectedEvidence {
+    id: string;
+    controlId: string;
+    type: string;
+    source: string;
+    hash: string;
+    timestamp: string;
+    valid: boolean;
+    verifiedBy?: string;
+}
+export interface RegulationMetadata {
+    title: string;
+    issuer: string;
+    publishedAt: string;
+    effectiveAt: string;
+    totalControls: number;
+    families: string[];
+}
+export interface ComplianceState {
+    orgId: string;
+    timestamp: string;
+    framework: FrameworkCode;
+    overallScore: number;
+    controlStatuses: ControlStatus[];
+    drift: DriftEvent[];
+    risks: RiskAssessment[];
+}
+export interface ControlStatus {
+    controlId: string;
+    status: 'compliant' | 'non-compliant' | 'partial' | 'not-applicable' | 'not-tested';
+    lastVerified: string;
+    evidenceCount: number;
+    score: number;
+    issues: ControlIssue[];
+}
+export interface ControlIssue {
+    id: string;
+    severity: 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
+    description: string;
+    detectedAt: string;
+    remediation?: RemediationTemplate;
+}
+export interface DriftEvent {
+    id: string;
+    controlId: string;
+    detectedAt: string;
+    type: 'configuration' | 'policy' | 'evidence' | 'access' | 'network';
+    before: unknown;
+    after: unknown;
+    severity: 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
+    autoRemediated: boolean;
+    remediationId?: string;
+}
+export interface RiskAssessment {
+    controlId: string;
+    riskScore: number;
+    blastRadius: number;
+    likelihood: number;
+    impact: number;
+    factors: string[];
+}
+export interface CompliancePlan {
+    id: string;
+    orgId: string;
+    framework: FrameworkCode;
+    createdAt: string;
+    actions: PlanAction[];
+    estimatedCost: number;
+    estimatedDuration: string;
+}
+export interface PlanAction {
+    id: string;
+    controlId: string;
+    action: 'create' | 'update' | 'delete' | 'verify' | 'remediate';
+    resource: string;
+    before?: unknown;
+    after?: unknown;
+    evidenceRequired: string[];
+    sla: string;
+    owner?: string;
+}
+export interface ComplianceAudit {
+    id: string;
+    orgId: string;
+    framework: FrameworkCode;
+    startedAt: string;
+    completedAt?: string;
+    controls: AuditControlResult[];
+    summary: AuditSummary;
+}
+export interface AuditControlResult {
+    controlId: string;
+    status: 'pass' | 'fail' | 'skip' | 'error';
+    evidence: CollectedEvidence[];
+    issues: ControlIssue[];
+    duration: number;
+}
+export interface AuditSummary {
+    totalControls: number;
+    passed: number;
+    failed: number;
+    skipped: number;
+    errors: number;
+    complianceScore: number;
+    criticalFindings: number;
+    highFindings: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GACrB,UAAU,GAAG,UAAU,GAAG,MAAM,GAAG,UAAU,GAAG,WAAW,GAC3D,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,MAAM,GAC1D,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,CAAC;AAEjD,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,aAAa,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;IAC5C,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,WAAW,CAAC,EAAE,mBAAmB,CAAC;CACnC;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,YAAY,GAAG,KAAK,GAAG,QAAQ,GAAG,aAAa,GAAG,QAAQ,GAAG,aAAa,GAAG,MAAM,GAAG,WAAW,GAAG,UAAU,CAAC;IACrH,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,GAAG,KAAK,GAAG,YAAY,GAAG,MAAM,GAAG,UAAU,CAAC;IAC1D,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,cAAc,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,WAAW,GAAG,SAAS,GAAG,WAAW,GAAG,SAAS,GAAG,YAAY,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC7F,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CACtC;AAED,MAAM,WAAW,cAAc;IAC7B,eAAe,EAAE,aAAa,CAAC;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,aAAa,CAAC;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,YAAY,GAAG,UAAU,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,CAAC;IAC3E,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,aAAa,CAAC;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,UAAU,EAAE,cAAc,EAAE,CAAC;IAC7B,QAAQ,EAAE,kBAAkB,CAAC;CAC9B;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAClD,GAAG,EAAE,SAAS,CAAC;IACf,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,aAAa,EAAE,aAAa,CAAC;CAC9B;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,aAAa,GAAG,aAAa,GAAG,aAAa,GAAG,UAAU,GAAG,MAAM,CAAC;IAC1E,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,SAAS,EAAE,CAAC;IACvB,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,mBAAmB,EAAE,CAAC;IAChC,SAAS,EAAE,iBAAiB,EAAE,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,OAAO,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,aAAa,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,aAAa,EAAE,CAAC;IACjC,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,KAAK,EAAE,cAAc,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,WAAW,GAAG,eAAe,GAAG,SAAS,GAAG,gBAAgB,GAAG,YAAY,CAAC;IACpF,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,YAAY,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,mBAAmB,CAAC;CACnC;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,eAAe,GAAG,QAAQ,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAC;IACrE,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,OAAO,CAAC;IACf,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,aAAa,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,WAAW,CAAC;IAChE,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,aAAa,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,kBAAkB,EAAE,CAAC;IAC/B,OAAO,EAAE,YAAY,CAAC;CACvB;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAC3C,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,MAAM,EAAE,YAAY,EAAE,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;CACtB"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "@grc-claw/compliance-orchestrator",
+  "version": "2.0.0",
+  "description": "Regulation AST Compiler, Neuro-Symbolic Reasoner, and Continuous Compliance Engine",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "dev": "tsc --watch"
+  },
+  "dependencies": {
+    "@grc-claw/core": "*",
+    "@grc-claw/evidence": "*",
+    "@grc-claw/frameworks": "*",
+    "@grc-claw/aims": "*",
+    "@grc-claw/sdk": "*",
+    "z3-solver": "^4.12.0",
+    "yaml": "^2.4.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.7.0",
+    "vitest": "^1.6.0",
+    "@types/node": "^20.14.0"
+  }
+}