@grc-claw/evidence-automation-engine 0.8.0

package/dist/EvidenceAutomationEngine.d.ts

@@ -0,0 +1,38 @@
+import { type EvidenceArtifact, type CollectionSchedule, type CollectionJob, type ScheduleConfig, type EvidenceGap, type EvidenceSummaryReport, type EvidenceStore } from "./types.js";
+export interface ConnectorAdapter {
+    collectEvidence(): Promise<EvidenceArtifact[]>;
+    testConnection(): Promise<boolean>;
+}
+export interface EvidenceAutomationConfig {
+    defaultFreshnessHours?: number;
+    staleThresholdHours?: number;
+}
+export declare class EvidenceAutomationEngine {
+    private store;
+    private schedules;
+    private jobsArray;
+    private connectors;
+    private timers;
+    private config;
+    private runLoopActive;
+    constructor(config?: EvidenceAutomationConfig);
+    registerConnector(id: string, adapter: ConnectorAdapter): void;
+    unregisterConnector(id: string): void;
+    createSchedule(connectorId: string, config: ScheduleConfig): CollectionSchedule;
+    updateSchedule(scheduleId: string, updates: Partial<CollectionSchedule>): CollectionSchedule | null;
+    deleteSchedule(scheduleId: string): boolean;
+    getSchedules(): CollectionSchedule[];
+    getSchedule(scheduleId: string): CollectionSchedule | undefined;
+    collectFromConnector(connectorId: string): Promise<CollectionJob>;
+    collectAll(): Promise<CollectionJob[]>;
+    startScheduler(): void;
+    stopScheduler(): void;
+    private runLoop;
+    detectGaps(): EvidenceGap[];
+    private getConnectorIdsForControl;
+    generateSummaryReport(): EvidenceSummaryReport;
+    getStore(): EvidenceStore;
+    getJobs(): CollectionJob[];
+    getRecentJobs(limit?: number): CollectionJob[];
+    clearStore(): void;
+}

package/dist/EvidenceAutomationEngine.js

@@ -0,0 +1,256 @@
+import { generateId, computeNextRun, assessFreshness, getControlFrameworkMap, } from "./types.js";
+class InMemoryEvidenceStore {
+    artifacts = new Map();
+    add(artifact) {
+        this.artifacts.set(artifact.id, artifact);
+    }
+    get(id) {
+        return this.artifacts.get(id);
+    }
+    getAll() {
+        return Array.from(this.artifacts.values());
+    }
+    getByConnector(connectorId) {
+        return this.getAll().filter((a) => a.connectorId === connectorId);
+    }
+    getByControl(controlId) {
+        return this.getAll().filter((a) => a.controlId === controlId);
+    }
+    getByFramework(framework) {
+        return this.getAll().filter((a) => a.framework === framework);
+    }
+    remove(id) {
+        return this.artifacts.delete(id);
+    }
+    get size() {
+        return this.artifacts.size;
+    }
+}
+export class EvidenceAutomationEngine {
+    store;
+    schedules = new Map();
+    jobsArray = [];
+    connectors = new Map();
+    timers = new Map();
+    config;
+    runLoopActive = false;
+    constructor(config = {}) {
+        this.store = new InMemoryEvidenceStore();
+        this.config = {
+            defaultFreshnessHours: config.defaultFreshnessHours ?? 24 * 30,
+            staleThresholdHours: config.staleThresholdHours ?? 24 * 14,
+        };
+    }
+    registerConnector(id, adapter) {
+        this.connectors.set(id, adapter);
+    }
+    unregisterConnector(id) {
+        this.connectors.delete(id);
+        for (const [scheduleId, s] of this.schedules) {
+            if (s.connectorId === id)
+                this.schedules.delete(scheduleId);
+        }
+    }
+    createSchedule(connectorId, config) {
+        if (!this.connectors.has(connectorId)) {
+            throw new Error(`Connector not registered: ${connectorId}`);
+        }
+        const schedule = {
+            id: generateId("sched"),
+            connectorId,
+            config,
+            enabled: true,
+            nextRunAt: computeNextRun(config),
+        };
+        this.schedules.set(schedule.id, schedule);
+        return schedule;
+    }
+    updateSchedule(scheduleId, updates) {
+        const schedule = this.schedules.get(scheduleId);
+        if (!schedule)
+            return null;
+        if (updates.config) {
+            schedule.config = updates.config;
+            schedule.nextRunAt = computeNextRun(updates.config, schedule.lastRunAt);
+        }
+        if (updates.enabled !== undefined)
+            schedule.enabled = updates.enabled;
+        return schedule;
+    }
+    deleteSchedule(scheduleId) {
+        const timer = this.timers.get(scheduleId);
+        if (timer) {
+            clearTimeout(timer);
+            this.timers.delete(scheduleId);
+        }
+        return this.schedules.delete(scheduleId);
+    }
+    getSchedules() {
+        return Array.from(this.schedules.values());
+    }
+    getSchedule(scheduleId) {
+        return this.schedules.get(scheduleId);
+    }
+    async collectFromConnector(connectorId) {
+        const adapter = this.connectors.get(connectorId);
+        if (!adapter)
+            throw new Error(`Connector not found: ${connectorId}`);
+        const job = {
+            id: generateId("job"),
+            connectorId,
+            startedAt: new Date().toISOString(),
+            status: "running",
+            artifacts: [],
+        };
+        this.jobsArray.push(job);
+        try {
+            const artifacts = await adapter.collectEvidence();
+            for (const artifact of artifacts) {
+                this.store.add(artifact);
+            }
+            job.artifacts = artifacts;
+            job.status = "completed";
+            job.completedAt = new Date().toISOString();
+            job.duration =
+                new Date(job.completedAt).getTime() - new Date(job.startedAt).getTime();
+        }
+        catch (err) {
+            job.status = "failed";
+            job.completedAt = new Date().toISOString();
+            job.error = err instanceof Error ? err.message : String(err);
+            job.duration =
+                new Date(job.completedAt).getTime() - new Date(job.startedAt).getTime();
+        }
+        const schedule = Array.from(this.schedules.values()).find((s) => s.connectorId === connectorId);
+        if (schedule) {
+            schedule.lastRunAt = job.completedAt;
+            schedule.lastJobId = job.id;
+            schedule.nextRunAt = computeNextRun(schedule.config, schedule.lastRunAt);
+        }
+        return job;
+    }
+    async collectAll() {
+        const jobs = [];
+        for (const connectorId of this.connectors.keys()) {
+            jobs.push(await this.collectFromConnector(connectorId));
+        }
+        return jobs;
+    }
+    startScheduler() {
+        if (this.runLoopActive)
+            return;
+        this.runLoopActive = true;
+        this.runLoop();
+    }
+    stopScheduler() {
+        this.runLoopActive = false;
+        for (const timer of this.timers.values()) {
+            clearTimeout(timer);
+        }
+        this.timers.clear();
+    }
+    runLoop() {
+        if (!this.runLoopActive)
+            return;
+        const now = new Date();
+        for (const schedule of this.schedules.values()) {
+            if (!schedule.enabled || !schedule.nextRunAt)
+                continue;
+            const nextRun = new Date(schedule.nextRunAt);
+            if (nextRun <= now) {
+                this.collectFromConnector(schedule.connectorId).catch(() => { });
+            }
+        }
+        setTimeout(() => this.runLoop(), 60_000);
+    }
+    detectGaps() {
+        const controlMap = getControlFrameworkMap();
+        const gaps = [];
+        for (const [controlId, frameworks] of Object.entries(controlMap)) {
+            for (const framework of frameworks) {
+                const evidence = this.store.getByFramework(framework).filter((a) => a.controlId === controlId);
+                if (evidence.length === 0) {
+                    gaps.push({
+                        controlId,
+                        framework,
+                        requiredBy: this.getConnectorIdsForControl(controlId),
+                        freshness: "missing",
+                        connectors: [],
+                        recommendation: `No evidence collected for control ${controlId}. Configure a connector to collect this evidence.`,
+                    });
+                    continue;
+                }
+                const latest = evidence.sort((a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime())[0];
+                const freshness = assessFreshness(latest, this.config.defaultFreshnessHours);
+                if (freshness === "expired") {
+                    gaps.push({
+                        controlId,
+                        framework,
+                        requiredBy: this.getConnectorIdsForControl(controlId),
+                        lastCollectedAt: latest.timestamp,
+                        freshness,
+                        connectors: [...new Set(evidence.map((e) => e.connectorId))],
+                        recommendation: `Evidence for control ${controlId} is expired. Re-collect immediately.`,
+                    });
+                }
+                else if (freshness === "stale") {
+                    gaps.push({
+                        controlId,
+                        framework,
+                        requiredBy: this.getConnectorIdsForControl(controlId),
+                        lastCollectedAt: latest.timestamp,
+                        freshness,
+                        connectors: [...new Set(evidence.map((e) => e.connectorId))],
+                        recommendation: `Evidence for control ${controlId} is stale. Schedule more frequent collection.`,
+                    });
+                }
+            }
+        }
+        return gaps;
+    }
+    getConnectorIdsForControl(controlId) {
+        return Array.from(this.connectors.keys()).filter((id) => {
+            const evidence = this.store.getByConnector(id);
+            return evidence.some((e) => e.controlId === controlId);
+        });
+    }
+    generateSummaryReport() {
+        const artifacts = this.store.getAll();
+        const byFramework = {};
+        const byStatus = {};
+        const freshness = { fresh: 0, stale: 0, expired: 0, missing: 0 };
+        for (const artifact of artifacts) {
+            byFramework[artifact.framework] = (byFramework[artifact.framework] || 0) + 1;
+            byStatus[artifact.status] = (byStatus[artifact.status] || 0) + 1;
+            const f = assessFreshness(artifact, this.config.defaultFreshnessHours);
+            freshness[f] = (freshness[f] || 0) + 1;
+        }
+        const gaps = this.detectGaps();
+        const controlMap = getControlFrameworkMap();
+        const totalControls = Object.keys(controlMap).length;
+        const coveredControls = new Set(artifacts.map((a) => a.controlId)).size;
+        return {
+            generatedAt: new Date().toISOString(),
+            totalArtifacts: artifacts.length,
+            artifactsByFramework: byFramework,
+            artifactsByStatus: byStatus,
+            gaps,
+            totalGaps: gaps.length,
+            freshness: freshness,
+            coveragePercentage: totalControls > 0 ? Math.round((coveredControls / totalControls) * 100) : 0,
+        };
+    }
+    getStore() {
+        return this.store;
+    }
+    getJobs() {
+        return [...this.jobsArray];
+    }
+    getRecentJobs(limit = 10) {
+        return this.jobsArray.slice(-limit);
+    }
+    clearStore() {
+        const inMem = this.store;
+        inMem.artifacts.clear();
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+export { EvidenceAutomationEngine } from "./EvidenceAutomationEngine.js";
+export type { ConnectorAdapter, EvidenceAutomationConfig } from "./EvidenceAutomationEngine.js";
+export type { EvidenceArtifact, CollectionSchedule, CollectionJob, ScheduleConfig, ScheduleFrequency, JobStatus, EvidenceGap, EvidenceSummaryReport, EvidenceStore, EvidenceFreshness, ComplianceFramework, } from "./types.js";
+export { hashData, generateId, computeNextRun, assessFreshness, getControlFrameworkMap, } from "./types.js";

package/dist/index.js

@@ -0,0 +1,2 @@
+export { EvidenceAutomationEngine } from "./EvidenceAutomationEngine.js";
+export { hashData, generateId, computeNextRun, assessFreshness, getControlFrameworkMap, } from "./types.js";

package/dist/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/index.test.js

@@ -0,0 +1,166 @@
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+import { EvidenceAutomationEngine } from "./EvidenceAutomationEngine.js";
+function createMockConnector(id, fail = false) {
+    return {
+        async collectEvidence() {
+            if (fail)
+                throw new Error(`Connector ${id} failed`);
+            return [
+                {
+                    id: `ev-${id}-1`,
+                    connectorId: id,
+                    capabilityId: "test-cap",
+                    timestamp: new Date().toISOString(),
+                    hash: `sha256:test-${id}`,
+                    framework: "SOC2",
+                    controlId: "CC6.1",
+                    source: `${id}/test`,
+                    status: "compliant",
+                    data: { test: true },
+                    metadata: {},
+                },
+            ];
+        },
+        async testConnection() {
+            return !fail;
+        },
+    };
+}
+describe("EvidenceAutomationEngine", () => {
+    it("should create engine with default config", () => {
+        const engine = new EvidenceAutomationEngine();
+        assert.ok(engine);
+        assert.equal(engine.getStore().size, 0);
+    });
+    it("should register and unregister connectors", () => {
+        const engine = new EvidenceAutomationEngine();
+        engine.registerConnector("github", createMockConnector("github"));
+        engine.registerConnector("gitlab", createMockConnector("gitlab"));
+        const store = engine.getStore();
+        assert.equal(store.size, 0);
+    });
+    it("should create schedules", () => {
+        const engine = new EvidenceAutomationEngine();
+        engine.registerConnector("github", createMockConnector("github"));
+        const schedule = engine.createSchedule("github", {
+            frequency: "daily",
+            hourOfDay: 9,
+        });
+        assert.ok(schedule.id);
+        assert.equal(schedule.connectorId, "github");
+        assert.equal(schedule.enabled, true);
+        assert.ok(schedule.nextRunAt);
+    });
+    it("should throw when creating schedule for unregistered connector", () => {
+        const engine = new EvidenceAutomationEngine();
+        assert.throws(() => {
+            engine.createSchedule("nonexistent", { frequency: "daily" });
+        }, /not registered/);
+    });
+    it("should update schedules", () => {
+        const engine = new EvidenceAutomationEngine();
+        engine.registerConnector("github", createMockConnector("github"));
+        const schedule = engine.createSchedule("github", { frequency: "daily" });
+        const updated = engine.updateSchedule(schedule.id, {
+            config: { frequency: "weekly" },
+        });
+        assert.ok(updated);
+        assert.equal(updated.config.frequency, "weekly");
+    });
+    it("should delete schedules", () => {
+        const engine = new EvidenceAutomationEngine();
+        engine.registerConnector("github", createMockConnector("github"));
+        const schedule = engine.createSchedule("github", { frequency: "daily" });
+        assert.ok(engine.deleteSchedule(schedule.id));
+        assert.equal(engine.getSchedule(schedule.id), undefined);
+    });
+    it("should collect evidence from a connector", async () => {
+        const engine = new EvidenceAutomationEngine();
+        engine.registerConnector("github", createMockConnector("github"));
+        const job = await engine.collectFromConnector("github");
+        assert.equal(job.status, "completed");
+        assert.equal(job.artifacts.length, 1);
+        assert.equal(job.connectorId, "github");
+        assert.ok(job.duration !== undefined);
+    });
+    it("should store evidence after collection", async () => {
+        const engine = new EvidenceAutomationEngine();
+        engine.registerConnector("github", createMockConnector("github"));
+        await engine.collectFromConnector("github");
+        assert.equal(engine.getStore().size, 1);
+    });
+    it("should handle collection failures", async () => {
+        const engine = new EvidenceAutomationEngine();
+        engine.registerConnector("failing", createMockConnector("failing", true));
+        const job = await engine.collectFromConnector("failing");
+        assert.equal(job.status, "failed");
+        assert.ok(job.error);
+        assert.equal(job.artifacts.length, 0);
+    });
+    it("should collect from all connectors", async () => {
+        const engine = new EvidenceAutomationEngine();
+        engine.registerConnector("github", createMockConnector("github"));
+        engine.registerConnector("gitlab", createMockConnector("gitlab"));
+        const jobs = await engine.collectAll();
+        assert.equal(jobs.length, 2);
+        assert.ok(jobs.every((j) => j.status === "completed"));
+        assert.equal(engine.getStore().size, 2);
+    });
+    it("should update schedule lastRunAt after collection", async () => {
+        const engine = new EvidenceAutomationEngine();
+        engine.registerConnector("github", createMockConnector("github"));
+        const schedule = engine.createSchedule("github", { frequency: "daily" });
+        await engine.collectFromConnector("github");
+        const updated = engine.getSchedule(schedule.id);
+        assert.ok(updated?.lastRunAt);
+    });
+    it("should detect missing evidence gaps", () => {
+        const engine = new EvidenceAutomationEngine();
+        const gaps = engine.detectGaps();
+        assert.ok(gaps.length > 0);
+        assert.ok(gaps.every((g) => g.freshness === "missing"));
+    });
+    it("should detect no gaps when evidence is fresh", async () => {
+        const engine = new EvidenceAutomationEngine();
+        engine.registerConnector("github", createMockConnector("github"));
+        await engine.collectFromConnector("github");
+        const gaps = engine.detectGaps();
+        const githubGap = gaps.find((g) => g.controlId === "CC6.1" && g.framework === "SOC2");
+        assert.equal(githubGap, undefined);
+    });
+    it("should generate summary report", async () => {
+        const engine = new EvidenceAutomationEngine();
+        engine.registerConnector("github", createMockConnector("github"));
+        await engine.collectFromConnector("github");
+        const report = engine.generateSummaryReport();
+        assert.equal(report.totalArtifacts, 1);
+        assert.ok(report.generatedAt);
+        assert.equal(report.artifactsByStatus["compliant"], 1);
+        assert.equal(report.coveragePercentage > 0, true);
+    });
+    it("should track jobs", async () => {
+        const engine = new EvidenceAutomationEngine();
+        engine.registerConnector("github", createMockConnector("github"));
+        await engine.collectFromConnector("github");
+        const jobs = engine.getJobs();
+        assert.equal(jobs.length, 1);
+        assert.equal(jobs[0].status, "completed");
+    });
+    it("should clear store", async () => {
+        const engine = new EvidenceAutomationEngine();
+        engine.registerConnector("github", createMockConnector("github"));
+        await engine.collectFromConnector("github");
+        assert.equal(engine.getStore().size, 1);
+        engine.clearStore();
+        assert.equal(engine.getStore().size, 0);
+    });
+    it("should start and stop scheduler", () => {
+        const engine = new EvidenceAutomationEngine();
+        engine.registerConnector("github", createMockConnector("github"));
+        engine.createSchedule("github", { frequency: "hourly" });
+        engine.startScheduler();
+        engine.stopScheduler();
+        assert.equal(engine.getSchedules().length, 1);
+    });
+});

package/dist/types.d.ts

@@ -0,0 +1,86 @@
+export type ComplianceFramework = "SOC2" | "ISO27001" | "NIST_CSF" | "HIPAA" | "PCI_DSS" | "GDPR" | "CIS";
+export type ScheduleFrequency = "hourly" | "daily" | "weekly" | "monthly" | "quarterly";
+export type JobStatus = "pending" | "running" | "completed" | "failed" | "cancelled";
+export type EvidenceFreshness = "fresh" | "stale" | "expired" | "missing";
+export interface ScheduleConfig {
+    frequency: ScheduleFrequency;
+    interval?: number;
+    dayOfWeek?: number;
+    dayOfMonth?: number;
+    hourOfDay?: number;
+    timezone?: string;
+}
+export interface EvidenceArtifact {
+    id: string;
+    connectorId: string;
+    capabilityId: string;
+    timestamp: string;
+    hash: string;
+    framework: ComplianceFramework;
+    controlId: string;
+    source: string;
+    status: "compliant" | "non_compliant" | "partial" | "unknown";
+    data: Record<string, unknown>;
+    metadata: Record<string, string>;
+    expiresAt?: string;
+}
+export interface EvidenceStore {
+    artifacts: Map<string, EvidenceArtifact>;
+    add(artifact: EvidenceArtifact): void;
+    get(id: string): EvidenceArtifact | undefined;
+    getAll(): EvidenceArtifact[];
+    getByConnector(connectorId: string): EvidenceArtifact[];
+    getByControl(controlId: string): EvidenceArtifact[];
+    getByFramework(framework: ComplianceFramework): EvidenceArtifact[];
+    remove(id: string): boolean;
+    size: number;
+}
+export interface CollectionSchedule {
+    id: string;
+    connectorId: string;
+    config: ScheduleConfig;
+    enabled: boolean;
+    lastRunAt?: string;
+    nextRunAt?: string;
+    lastJobId?: string;
+}
+export interface CollectionJob {
+    id: string;
+    connectorId: string;
+    scheduleId?: string;
+    startedAt: string;
+    completedAt?: string;
+    status: JobStatus;
+    artifacts: EvidenceArtifact[];
+    error?: string;
+    duration?: number;
+}
+export interface EvidenceGap {
+    controlId: string;
+    framework: ComplianceFramework;
+    requiredBy: string[];
+    lastCollectedAt?: string;
+    freshness: EvidenceFreshness;
+    connectors: string[];
+    recommendation: string;
+}
+export interface EvidenceSummaryReport {
+    generatedAt: string;
+    totalArtifacts: number;
+    artifactsByFramework: Record<ComplianceFramework, number>;
+    artifactsByStatus: Record<string, number>;
+    gaps: EvidenceGap[];
+    totalGaps: number;
+    freshness: {
+        fresh: number;
+        stale: number;
+        expired: number;
+        missing: number;
+    };
+    coveragePercentage: number;
+}
+export declare function hashData(data: Record<string, unknown>): string;
+export declare function generateId(prefix: string): string;
+export declare function computeNextRun(config: ScheduleConfig, lastRun?: string): string;
+export declare function assessFreshness(artifact: EvidenceArtifact, maxAgeHours?: number): EvidenceFreshness;
+export declare function getControlFrameworkMap(): Record<string, ComplianceFramework[]>;

package/dist/types.js

@@ -0,0 +1,80 @@
+import { createHash, randomUUID } from "node:crypto";
+export function hashData(data) {
+    const payload = JSON.stringify(data, Object.keys(data).sort());
+    return `sha256:${createHash("sha256").update(payload).digest("hex")}`;
+}
+export function generateId(prefix) {
+    return `${prefix}-${randomUUID()}`;
+}
+export function computeNextRun(config, lastRun) {
+    const now = new Date();
+    const base = lastRun ? new Date(lastRun) : now;
+    const next = new Date(base);
+    switch (config.frequency) {
+        case "hourly":
+            next.setHours(next.getHours() + (config.interval || 1));
+            break;
+        case "daily":
+            next.setDate(next.getDate() + (config.interval || 1));
+            next.setHours(config.hourOfDay ?? 9, 0, 0, 0);
+            break;
+        case "weekly":
+            next.setDate(next.getDate() + 7 * (config.interval || 1));
+            next.setHours(config.hourOfDay ?? 9, 0, 0, 0);
+            break;
+        case "monthly":
+            next.setMonth(next.getMonth() + (config.interval || 1));
+            next.setDate(config.dayOfMonth ?? 1);
+            next.setHours(config.hourOfDay ?? 9, 0, 0, 0);
+            break;
+        case "quarterly":
+            next.setMonth(next.getMonth() + 3 * (config.interval || 1));
+            next.setDate(config.dayOfMonth ?? 1);
+            next.setHours(config.hourOfDay ?? 9, 0, 0, 0);
+            break;
+    }
+    if (next <= now)
+        return now.toISOString();
+    return next.toISOString();
+}
+export function assessFreshness(artifact, maxAgeHours = 24 * 30) {
+    if (!artifact.timestamp)
+        return "missing";
+    const age = Date.now() - new Date(artifact.timestamp).getTime();
+    const maxAgeMs = maxAgeHours * 60 * 60 * 1000;
+    if (age <= maxAgeMs * 0.5)
+        return "fresh";
+    if (age <= maxAgeMs)
+        return "stale";
+    return "expired";
+}
+export function getControlFrameworkMap() {
+    return {
+        "CC6.1": ["SOC2"],
+        "CC6.2": ["SOC2"],
+        "CC6.3": ["SOC2"],
+        "CC6.4": ["SOC2"],
+        "CC6.6": ["SOC2"],
+        "CC6.8": ["SOC2"],
+        "CC7.1": ["SOC2"],
+        "CC7.2": ["SOC2"],
+        "CC7.3": ["SOC2"],
+        "CC8.1": ["SOC2"],
+        "A.9.2.5": ["ISO27001"],
+        "A.9.4.1": ["ISO27001"],
+        "A.10.1.1": ["ISO27001"],
+        "A.12.1.4": ["ISO27001"],
+        "A.12.3.1": ["ISO27001"],
+        "A.12.4.1": ["ISO27001"],
+        "A.12.6.1": ["ISO27001"],
+        "A.13.1.1": ["ISO27001"],
+        "A.14.2.1": ["ISO27001"],
+        "A.14.2.5": ["ISO27001"],
+        "A.16.1.4": ["ISO27001"],
+        "A.18.1.5": ["ISO27001"],
+        "PR.AC": ["NIST_CSF"],
+        "PR.DS": ["NIST_CSF"],
+        "DE.CM": ["NIST_CSF"],
+        "RS.AN": ["NIST_CSF"],
+    };
+}

package/package.json

@@ -0,0 +1,33 @@
+{
+  "name": "@grc-claw/evidence-automation-engine",
+  "version": "0.8.0",
+  "description": "Automated evidence collection scheduling, execution, and gap detection for GRC compliance",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "test": "node --import tsx --test --test-force-exit src/**/*.test.ts"
+  },
+  "files": [
+    "dist"
+  ],
+  "devDependencies": {
+    "typescript": "^5.7.0",
+    "tsx": "^4.19.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/AAH20/GRC_Claw"
+  }
+}