@greenarmor/ges-core 0.1.0

package/dist/schemas/index.js

@@ -0,0 +1,102 @@
+import { z } from "zod";
+export const ProjectTypeSchema = z.enum([
+    "saas",
+    "ai-application",
+    "mcp-server",
+    "blockchain",
+    "wallet",
+    "government-system",
+    "healthcare-system",
+    "event-platform",
+    "photo-storage-platform",
+    "vulnerability-scanner",
+    "generic-web-application",
+    "api-backend",
+    "mobile-application",
+]);
+export const FrameworkNameSchema = z.enum([
+    "GDPR",
+    "OWASP",
+    "CIS",
+    "NIST",
+    "ISO27001",
+    "ISO27701",
+]);
+export const DataClassificationSchema = z.enum([
+    "public",
+    "internal",
+    "confidential",
+    "restricted",
+]);
+export const ControlStatusSchema = z.enum([
+    "pass",
+    "fail",
+    "warning",
+    "not-applicable",
+    "not-implemented",
+]);
+export const ReportFormatSchema = z.enum(["markdown", "html", "pdf"]);
+export const RequirementConfigSchema = z.object({
+    required: z.boolean(),
+    level: z.enum(["mandatory", "recommended", "optional"]).optional(),
+    notes: z.string().optional(),
+});
+export const ProjectConfigSchema = z.object({
+    project_name: z.string().min(1),
+    project_type: ProjectTypeSchema,
+    frameworks: z.array(FrameworkNameSchema).min(1),
+    requirements: z.object({
+        encryption: RequirementConfigSchema,
+        mfa: RequirementConfigSchema,
+        audit_logs: RequirementConfigSchema,
+        backups: RequirementConfigSchema,
+        retention_policy: RequirementConfigSchema,
+        vulnerability_scanning: RequirementConfigSchema,
+        authentication: RequirementConfigSchema,
+        authorization: RequirementConfigSchema,
+        secrets_management: RequirementConfigSchema,
+        logging: RequirementConfigSchema,
+        monitoring: RequirementConfigSchema,
+        data_classification: RequirementConfigSchema,
+        disaster_recovery: RequirementConfigSchema,
+        incident_response: RequirementConfigSchema,
+        privacy_controls: RequirementConfigSchema,
+    }),
+    created_at: z.string(),
+    version: z.string(),
+});
+export const ControlCheckSchema = z.object({
+    id: z.string(),
+    description: z.string(),
+    status: ControlStatusSchema,
+    evidence: z.string().optional(),
+});
+export const ControlSchema = z.object({
+    id: z.string(),
+    name: z.string(),
+    description: z.string(),
+    category: z.string(),
+    framework: FrameworkNameSchema,
+    article: z.string().optional(),
+    status: ControlStatusSchema.default("not-implemented"),
+    severity: z.enum(["critical", "high", "medium", "low"]),
+    implementation_guidance: z.string(),
+    checks: z.array(ControlCheckSchema),
+});
+export const AuditEntrySchema = z.object({
+    userId: z.string(),
+    action: z.string(),
+    resource: z.string(),
+    timestamp: z.string(),
+    ipAddress: z.string(),
+    metadata: z.record(z.unknown()).optional(),
+});
+export const ReportOptionsSchema = z.object({
+    format: ReportFormatSchema,
+    title: z.string(),
+    include_executive_summary: z.boolean(),
+    include_risk_assessment: z.boolean(),
+    include_compliance: z.boolean(),
+    include_security: z.boolean(),
+});
+//# sourceMappingURL=index.js.map

package/dist/schemas/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/schemas/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,IAAI,CAAC;IACtC,MAAM;IACN,gBAAgB;IAChB,YAAY;IACZ,YAAY;IACZ,QAAQ;IACR,mBAAmB;IACnB,mBAAmB;IACnB,gBAAgB;IAChB,wBAAwB;IACxB,uBAAuB;IACvB,yBAAyB;IACzB,aAAa;IACb,oBAAoB;CACrB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,IAAI,CAAC;IACxC,MAAM;IACN,OAAO;IACP,KAAK;IACL,MAAM;IACN,UAAU;IACV,UAAU;CACX,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,IAAI,CAAC;IAC7C,QAAQ;IACR,UAAU;IACV,cAAc;IACd,YAAY;CACb,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,IAAI,CAAC;IACxC,MAAM;IACN,MAAM;IACN,SAAS;IACT,gBAAgB;IAChB,iBAAiB;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAEtE,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE;IACrB,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE;IAClE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC7B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/B,YAAY,EAAE,iBAAiB;IAC/B,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/C,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;QACrB,UAAU,EAAE,uBAAuB;QACnC,GAAG,EAAE,uBAAuB;QAC5B,UAAU,EAAE,uBAAuB;QACnC,OAAO,EAAE,uBAAuB;QAChC,gBAAgB,EAAE,uBAAuB;QACzC,sBAAsB,EAAE,uBAAuB;QAC/C,cAAc,EAAE,uBAAuB;QACvC,aAAa,EAAE,uBAAuB;QACtC,kBAAkB,EAAE,uBAAuB;QAC3C,OAAO,EAAE,uBAAuB;QAChC,UAAU,EAAE,uBAAuB;QACnC,mBAAmB,EAAE,uBAAuB;QAC5C,iBAAiB,EAAE,uBAAuB;QAC1C,iBAAiB,EAAE,uBAAuB;QAC1C,gBAAgB,EAAE,uBAAuB;KAC1C,CAAC;IACF,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;IACtB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;CACpB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,MAAM,EAAE,mBAAmB;IAC3B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,SAAS,EAAE,mBAAmB;IAC9B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,MAAM,EAAE,mBAAmB,CAAC,OAAO,CAAC,iBAAiB,CAAC;IACtD,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IACvD,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE;IACnC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC;CACpC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,MAAM,EAAE,kBAAkB;IAC1B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,yBAAyB,EAAE,CAAC,CAAC,OAAO,EAAE;IACtC,uBAAuB,EAAE,CAAC,CAAC,OAAO,EAAE;IACpC,kBAAkB,EAAE,CAAC,CAAC,OAAO,EAAE;IAC/B,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE;CAC9B,CAAC,CAAC"}

package/dist/types/index.d.ts

@@ -0,0 +1,105 @@
+export type ProjectType = "saas" | "ai-application" | "mcp-server" | "blockchain" | "wallet" | "government-system" | "healthcare-system" | "event-platform" | "photo-storage-platform" | "vulnerability-scanner" | "generic-web-application" | "api-backend" | "mobile-application";
+export type FrameworkName = "GDPR" | "OWASP" | "CIS" | "NIST" | "ISO27001" | "ISO27701";
+export type DataClassification = "public" | "internal" | "confidential" | "restricted";
+export type ControlStatus = "pass" | "fail" | "warning" | "not-applicable" | "not-implemented";
+export type ReportFormat = "markdown" | "html" | "pdf";
+export interface ProjectConfig {
+    project_name: string;
+    project_type: ProjectType;
+    frameworks: FrameworkName[];
+    requirements: Requirements;
+    created_at: string;
+    version: string;
+}
+export interface Requirements {
+    encryption: RequirementConfig;
+    mfa: RequirementConfig;
+    audit_logs: RequirementConfig;
+    backups: RequirementConfig;
+    retention_policy: RequirementConfig;
+    vulnerability_scanning: RequirementConfig;
+    authentication: RequirementConfig;
+    authorization: RequirementConfig;
+    secrets_management: RequirementConfig;
+    logging: RequirementConfig;
+    monitoring: RequirementConfig;
+    data_classification: RequirementConfig;
+    disaster_recovery: RequirementConfig;
+    incident_response: RequirementConfig;
+    privacy_controls: RequirementConfig;
+}
+export interface RequirementConfig {
+    required: boolean;
+    level?: "mandatory" | "recommended" | "optional";
+    notes?: string;
+}
+export interface Control {
+    id: string;
+    name: string;
+    description: string;
+    category: string;
+    framework: FrameworkName;
+    article?: string;
+    status: ControlStatus;
+    severity: "critical" | "high" | "medium" | "low";
+    implementation_guidance: string;
+    checks: ControlCheck[];
+}
+export interface ControlCheck {
+    id: string;
+    description: string;
+    status: ControlStatus;
+    evidence?: string;
+}
+export interface ComplianceScore {
+    framework: FrameworkName;
+    score: number;
+    total_controls: number;
+    passed_controls: number;
+    failed_controls: number;
+    warning_controls: number;
+    not_applicable: number;
+    evaluated_at: string;
+}
+export interface ScoreFile {
+    overall: number;
+    frameworks: Record<string, ComplianceScore>;
+    evaluated_at: string;
+}
+export interface AuditEntry {
+    userId: string;
+    action: string;
+    resource: string;
+    timestamp: string;
+    ipAddress: string;
+    metadata?: Record<string, unknown>;
+}
+export interface PolicyPack {
+    id: string;
+    name: string;
+    description: string;
+    version: string;
+    project_types: ProjectType[];
+    controls: Control[];
+    frameworks: FrameworkName[];
+}
+export interface FrameworkVersion {
+    gesf_version: string;
+    packs: Record<string, string>;
+}
+export interface Metadata {
+    project_name: string;
+    project_type: ProjectType;
+    initialized_at: string;
+    gesf_version: string;
+    last_audit?: string;
+    last_score?: string;
+}
+export interface ReportOptions {
+    format: ReportFormat;
+    title: string;
+    include_executive_summary: boolean;
+    include_risk_assessment: boolean;
+    include_compliance: boolean;
+    include_security: boolean;
+}

package/dist/types/index.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,26 @@
+{
+  "name": "@greenarmor/ges-core",
+  "version": "0.1.0",
+  "type": "module",
+  "description": "GESF Core - Types, schemas, and constants",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "dependencies": {
+    "zod": "^3.23.0"
+  },
+  "devDependencies": {
+    "typescript": "^6.0.0",
+    "@types/node": "^22.0.0"
+  },
+  "scripts": {
+    "build": "tsc",
+    "clean": "rm -rf dist tsconfig.tsbuildinfo",
+    "test": "echo \"no tests yet\""
+  }
+}

package/src/constants/index.ts

@@ -0,0 +1,83 @@
+import type { ProjectType, FrameworkName } from "../types/index.js";
+
+export const GESF_VERSION = "0.1.0";
+
+export const PROJECT_TYPES: { value: ProjectType; label: string }[] = [
+  { value: "saas", label: "SaaS" },
+  { value: "ai-application", label: "AI Application" },
+  { value: "mcp-server", label: "MCP Server" },
+  { value: "blockchain", label: "Blockchain" },
+  { value: "wallet", label: "Wallet" },
+  { value: "government-system", label: "Government System" },
+  { value: "healthcare-system", label: "Healthcare System" },
+  { value: "event-platform", label: "Event Platform" },
+  { value: "photo-storage-platform", label: "Photo Storage Platform" },
+  { value: "vulnerability-scanner", label: "Vulnerability Scanner" },
+  { value: "generic-web-application", label: "Generic Web Application" },
+  { value: "api-backend", label: "API Backend" },
+  { value: "mobile-application", label: "Mobile Application" },
+];
+
+export const FRAMEWORKS: { value: FrameworkName; label: string }[] = [
+  { value: "GDPR", label: "GDPR" },
+  { value: "OWASP", label: "OWASP ASVS / Top 10" },
+  { value: "CIS", label: "CIS Controls" },
+  { value: "NIST", label: "NIST Cybersecurity Framework" },
+  { value: "ISO27001", label: "ISO 27001" },
+  { value: "ISO27701", label: "ISO 27701" },
+];
+
+export const DEFAULT_FRAMEWORKS: FrameworkName[] = ["GDPR", "OWASP", "CIS", "NIST"];
+
+export const PROJECT_TYPE_PACKS: Record<ProjectType, string[]> = {
+  "saas": ["gdpr", "owasp", "cis", "nist"],
+  "ai-application": ["gdpr", "owasp", "ai"],
+  "mcp-server": ["gdpr", "ai"],
+  "blockchain": ["gdpr", "blockchain"],
+  "wallet": ["gdpr", "blockchain"],
+  "government-system": ["gdpr", "government"],
+  "healthcare-system": ["gdpr", "owasp", "cis"],
+  "event-platform": ["gdpr", "owasp"],
+  "photo-storage-platform": ["gdpr", "owasp"],
+  "vulnerability-scanner": ["gdpr", "owasp"],
+  "generic-web-application": ["gdpr", "owasp", "cis"],
+  "api-backend": ["gdpr", "owasp"],
+  "mobile-application": ["gdpr", "owasp"],
+};
+
+export const DATA_CLASSIFICATIONS = ["public", "internal", "confidential", "restricted"] as const;
+
+export const APPROVED_ENCRYPTION = ["AES-256-GCM", "ChaCha20-Poly1305", "TLS 1.3", "TLS 1.2"] as const;
+
+export const APPROVED_HASHING = ["Argon2id", "bcrypt", "scrypt"] as const;
+
+export const REJECTED_HASHING = ["MD5", "SHA1", "plain-text"] as const;
+
+export const AUDIT_LOG_FIELDS = ["userId", "action", "resource", "timestamp", "ipAddress"] as const;
+
+export const MUST_LOG_EVENTS = [
+  "authentication",
+  "authorization",
+  "data_export",
+  "role_changes",
+  "administrative_actions",
+] as const;
+
+export const MUST_NOT_LOG = ["passwords", "tokens", "private_keys", "sensitive_personal_data"] as const;
+
+export const DB_AUDIT_COLUMNS = [
+  "created_at",
+  "updated_at",
+  "deleted_at",
+  "created_by",
+  "updated_by",
+] as const;
+
+export const GES_DIR = ".ges";
+export const COMPLIANCE_DIR = "compliance";
+export const SECURITY_DIR = "security";
+export const CONTROLS_DIR = "controls";
+export const POLICIES_DIR = "policies";
+export const CHECKLISTS_DIR = "checklists";
+export const DOCS_DIR = "docs";
+export const REPORTS_DIR = "reports";

package/src/index.ts

@@ -0,0 +1,3 @@
+export * from "./types/index.js";
+export * from "./schemas/index.js";
+export * from "./constants/index.js";

package/src/schemas/index.ts

@@ -0,0 +1,112 @@
+import { z } from "zod";
+
+export const ProjectTypeSchema = z.enum([
+  "saas",
+  "ai-application",
+  "mcp-server",
+  "blockchain",
+  "wallet",
+  "government-system",
+  "healthcare-system",
+  "event-platform",
+  "photo-storage-platform",
+  "vulnerability-scanner",
+  "generic-web-application",
+  "api-backend",
+  "mobile-application",
+]);
+
+export const FrameworkNameSchema = z.enum([
+  "GDPR",
+  "OWASP",
+  "CIS",
+  "NIST",
+  "ISO27001",
+  "ISO27701",
+]);
+
+export const DataClassificationSchema = z.enum([
+  "public",
+  "internal",
+  "confidential",
+  "restricted",
+]);
+
+export const ControlStatusSchema = z.enum([
+  "pass",
+  "fail",
+  "warning",
+  "not-applicable",
+  "not-implemented",
+]);
+
+export const ReportFormatSchema = z.enum(["markdown", "html", "pdf"]);
+
+export const RequirementConfigSchema = z.object({
+  required: z.boolean(),
+  level: z.enum(["mandatory", "recommended", "optional"]).optional(),
+  notes: z.string().optional(),
+});
+
+export const ProjectConfigSchema = z.object({
+  project_name: z.string().min(1),
+  project_type: ProjectTypeSchema,
+  frameworks: z.array(FrameworkNameSchema).min(1),
+  requirements: z.object({
+    encryption: RequirementConfigSchema,
+    mfa: RequirementConfigSchema,
+    audit_logs: RequirementConfigSchema,
+    backups: RequirementConfigSchema,
+    retention_policy: RequirementConfigSchema,
+    vulnerability_scanning: RequirementConfigSchema,
+    authentication: RequirementConfigSchema,
+    authorization: RequirementConfigSchema,
+    secrets_management: RequirementConfigSchema,
+    logging: RequirementConfigSchema,
+    monitoring: RequirementConfigSchema,
+    data_classification: RequirementConfigSchema,
+    disaster_recovery: RequirementConfigSchema,
+    incident_response: RequirementConfigSchema,
+    privacy_controls: RequirementConfigSchema,
+  }),
+  created_at: z.string(),
+  version: z.string(),
+});
+
+export const ControlCheckSchema = z.object({
+  id: z.string(),
+  description: z.string(),
+  status: ControlStatusSchema,
+  evidence: z.string().optional(),
+});
+
+export const ControlSchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  description: z.string(),
+  category: z.string(),
+  framework: FrameworkNameSchema,
+  article: z.string().optional(),
+  status: ControlStatusSchema.default("not-implemented"),
+  severity: z.enum(["critical", "high", "medium", "low"]),
+  implementation_guidance: z.string(),
+  checks: z.array(ControlCheckSchema),
+});
+
+export const AuditEntrySchema = z.object({
+  userId: z.string(),
+  action: z.string(),
+  resource: z.string(),
+  timestamp: z.string(),
+  ipAddress: z.string(),
+  metadata: z.record(z.unknown()).optional(),
+});
+
+export const ReportOptionsSchema = z.object({
+  format: ReportFormatSchema,
+  title: z.string(),
+  include_executive_summary: z.boolean(),
+  include_risk_assessment: z.boolean(),
+  include_compliance: z.boolean(),
+  include_security: z.boolean(),
+});

package/src/types/index.ts

@@ -0,0 +1,140 @@
+export type ProjectType =
+  | "saas"
+  | "ai-application"
+  | "mcp-server"
+  | "blockchain"
+  | "wallet"
+  | "government-system"
+  | "healthcare-system"
+  | "event-platform"
+  | "photo-storage-platform"
+  | "vulnerability-scanner"
+  | "generic-web-application"
+  | "api-backend"
+  | "mobile-application";
+
+export type FrameworkName =
+  | "GDPR"
+  | "OWASP"
+  | "CIS"
+  | "NIST"
+  | "ISO27001"
+  | "ISO27701";
+
+export type DataClassification = "public" | "internal" | "confidential" | "restricted";
+
+export type ControlStatus = "pass" | "fail" | "warning" | "not-applicable" | "not-implemented";
+
+export type ReportFormat = "markdown" | "html" | "pdf";
+
+export interface ProjectConfig {
+  project_name: string;
+  project_type: ProjectType;
+  frameworks: FrameworkName[];
+  requirements: Requirements;
+  created_at: string;
+  version: string;
+}
+
+export interface Requirements {
+  encryption: RequirementConfig;
+  mfa: RequirementConfig;
+  audit_logs: RequirementConfig;
+  backups: RequirementConfig;
+  retention_policy: RequirementConfig;
+  vulnerability_scanning: RequirementConfig;
+  authentication: RequirementConfig;
+  authorization: RequirementConfig;
+  secrets_management: RequirementConfig;
+  logging: RequirementConfig;
+  monitoring: RequirementConfig;
+  data_classification: RequirementConfig;
+  disaster_recovery: RequirementConfig;
+  incident_response: RequirementConfig;
+  privacy_controls: RequirementConfig;
+}
+
+export interface RequirementConfig {
+  required: boolean;
+  level?: "mandatory" | "recommended" | "optional";
+  notes?: string;
+}
+
+export interface Control {
+  id: string;
+  name: string;
+  description: string;
+  category: string;
+  framework: FrameworkName;
+  article?: string;
+  status: ControlStatus;
+  severity: "critical" | "high" | "medium" | "low";
+  implementation_guidance: string;
+  checks: ControlCheck[];
+}
+
+export interface ControlCheck {
+  id: string;
+  description: string;
+  status: ControlStatus;
+  evidence?: string;
+}
+
+export interface ComplianceScore {
+  framework: FrameworkName;
+  score: number;
+  total_controls: number;
+  passed_controls: number;
+  failed_controls: number;
+  warning_controls: number;
+  not_applicable: number;
+  evaluated_at: string;
+}
+
+export interface ScoreFile {
+  overall: number;
+  frameworks: Record<string, ComplianceScore>;
+  evaluated_at: string;
+}
+
+export interface AuditEntry {
+  userId: string;
+  action: string;
+  resource: string;
+  timestamp: string;
+  ipAddress: string;
+  metadata?: Record<string, unknown>;
+}
+
+export interface PolicyPack {
+  id: string;
+  name: string;
+  description: string;
+  version: string;
+  project_types: ProjectType[];
+  controls: Control[];
+  frameworks: FrameworkName[];
+}
+
+export interface FrameworkVersion {
+  gesf_version: string;
+  packs: Record<string, string>;
+}
+
+export interface Metadata {
+  project_name: string;
+  project_type: ProjectType;
+  initialized_at: string;
+  gesf_version: string;
+  last_audit?: string;
+  last_score?: string;
+}
+
+export interface ReportOptions {
+  format: ReportFormat;
+  title: string;
+  include_executive_summary: boolean;
+  include_risk_assessment: boolean;
+  include_compliance: boolean;
+  include_security: boolean;
+}

package/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "./dist",
+    "rootDir": "./src"
+  },
+  "include": ["src"]
+}