@greenarmor/ges-policy-engine 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 greenarmor
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+import type { PolicyPack, ProjectType } from "@greenarmor/ges-core";
+export declare function getAllPacks(): PolicyPack[];
+export declare function getPack(id: string): PolicyPack | undefined;
+export declare function getPacksForProjectType(projectType: ProjectType): PolicyPack[];
+export declare function listPackIds(): string[];
+export { createGDPRPolicyPack } from "./packs/gdpr.js";
+export { createOWASPPolicyPack } from "./packs/owasp.js";
+export { createAIPolicyPack } from "./packs/ai.js";
+export { createBlockchainPolicyPack } from "./packs/blockchain.js";
+export { createGovernmentPolicyPack } from "./packs/government.js";
+export { createCISPolicyPack } from "./packs/cis.js";
+export { createNISTPolicyPack } from "./packs/nist.js";

package/dist/index.js

@@ -0,0 +1,46 @@
+import { createGDPRPolicyPack } from "./packs/gdpr.js";
+import { createOWASPPolicyPack } from "./packs/owasp.js";
+import { createAIPolicyPack } from "./packs/ai.js";
+import { createBlockchainPolicyPack } from "./packs/blockchain.js";
+import { createGovernmentPolicyPack } from "./packs/government.js";
+import { createCISPolicyPack } from "./packs/cis.js";
+import { createNISTPolicyPack } from "./packs/nist.js";
+const ALL_PACKS = [
+    createGDPRPolicyPack,
+    createOWASPPolicyPack,
+    createAIPolicyPack,
+    createBlockchainPolicyPack,
+    createGovernmentPolicyPack,
+    createCISPolicyPack,
+    createNISTPolicyPack,
+];
+const PACK_MAP = {
+    gdpr: createGDPRPolicyPack,
+    owasp: createOWASPPolicyPack,
+    ai: createAIPolicyPack,
+    blockchain: createBlockchainPolicyPack,
+    government: createGovernmentPolicyPack,
+    cis: createCISPolicyPack,
+    nist: createNISTPolicyPack,
+};
+export function getAllPacks() {
+    return ALL_PACKS.map(fn => fn());
+}
+export function getPack(id) {
+    const factory = PACK_MAP[id];
+    return factory ? factory() : undefined;
+}
+export function getPacksForProjectType(projectType) {
+    return getAllPacks().filter(pack => pack.project_types.includes(projectType));
+}
+export function listPackIds() {
+    return Object.keys(PACK_MAP);
+}
+export { createGDPRPolicyPack } from "./packs/gdpr.js";
+export { createOWASPPolicyPack } from "./packs/owasp.js";
+export { createAIPolicyPack } from "./packs/ai.js";
+export { createBlockchainPolicyPack } from "./packs/blockchain.js";
+export { createGovernmentPolicyPack } from "./packs/government.js";
+export { createCISPolicyPack } from "./packs/cis.js";
+export { createNISTPolicyPack } from "./packs/nist.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AACnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEvD,MAAM,SAAS,GAAyB;IACtC,oBAAoB;IACpB,qBAAqB;IACrB,kBAAkB;IAClB,0BAA0B;IAC1B,0BAA0B;IAC1B,mBAAmB;IACnB,oBAAoB;CACrB,CAAC;AAEF,MAAM,QAAQ,GAAqC;IACjD,IAAI,EAAE,oBAAoB;IAC1B,KAAK,EAAE,qBAAqB;IAC5B,EAAE,EAAE,kBAAkB;IACtB,UAAU,EAAE,0BAA0B;IACtC,UAAU,EAAE,0BAA0B;IACtC,GAAG,EAAE,mBAAmB;IACxB,IAAI,EAAE,oBAAoB;CAC3B,CAAC;AAEF,MAAM,UAAU,WAAW;IACzB,OAAO,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,EAAU;IAChC,MAAM,OAAO,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC7B,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,WAAwB;IAC7D,OAAO,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;AAChF,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC/B,CAAC;AAED,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AACnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/packs/ai.d.ts

@@ -0,0 +1,2 @@
+import type { PolicyPack } from "@greenarmor/ges-core";
+export declare function createAIPolicyPack(): PolicyPack;

package/dist/packs/ai.js

@@ -0,0 +1,100 @@
+export function createAIPolicyPack() {
+    const controls = [
+        {
+            id: "AI-001",
+            name: "Prompt Logging",
+            description: "Log all AI prompts and interactions for audit purposes.",
+            category: "ai-governance",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Implement logging of all prompts sent to AI models. Store prompts securely with access controls. Define retention periods.",
+            checks: [
+                { id: "AI-001-C1", description: "Prompt logging system implemented", status: "not-implemented" },
+                { id: "AI-001-C2", description: "Logs stored securely", status: "not-implemented" },
+                { id: "AI-001-C3", description: "Retention period defined", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "AI-002",
+            name: "Output Validation",
+            description: "Validate AI outputs before presenting to users or taking actions.",
+            category: "ai-governance",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Implement output filtering and validation. Check for PII leakage. Validate against safety guidelines.",
+            checks: [
+                { id: "AI-002-C1", description: "Output validation pipeline implemented", status: "not-implemented" },
+                { id: "AI-002-C2", description: "PII detection on outputs", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "AI-003",
+            name: "PII Detection",
+            description: "Detect and protect personal data in AI inputs and outputs.",
+            category: "ai-governance",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Implement PII detection before sending to external AI providers. Redact or pseudonymise detected PII.",
+            checks: [
+                { id: "AI-003-C1", description: "PII detection on inputs", status: "not-implemented" },
+                { id: "AI-003-C2", description: "PII redaction/pseudonymisation implemented", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "AI-004",
+            name: "AI Rate Limiting",
+            description: "Implement rate limiting on AI endpoints.",
+            category: "ai-governance",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "high",
+            implementation_guidance: "Implement per-user and per-IP rate limiting on AI endpoints. Define usage quotas.",
+            checks: [
+                { id: "AI-004-C1", description: "Rate limiting on AI endpoints", status: "not-implemented" },
+                { id: "AI-004-C2", description: "Usage quotas defined", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "AI-005",
+            name: "Data Classification for AI",
+            description: "Classify data before processing through AI systems.",
+            category: "ai-governance",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Implement data classification checks before AI processing. Restrict restricted/confidential data from external AI providers.",
+            checks: [
+                { id: "AI-005-C1", description: "Data classification before AI processing", status: "not-implemented" },
+                { id: "AI-005-C2", description: "Restricted data blocked from external AI", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "AI-006",
+            name: "Prevent Unauthorized Data Transfer to External AI",
+            description: "Prevent unauthorized transfer of personal data to external AI providers.",
+            category: "ai-governance",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Implement data loss prevention for AI API calls. Review and approve AI providers. Document data processing agreements.",
+            checks: [
+                { id: "AI-006-C1", description: "DLP controls for AI API calls", status: "not-implemented" },
+                { id: "AI-006-C2", description: "AI providers reviewed and approved", status: "not-implemented" },
+                { id: "AI-006-C3", description: "DPAs with AI providers signed", status: "not-implemented" },
+            ],
+        },
+    ];
+    return {
+        id: "ai",
+        name: "AI System Policy Pack",
+        description: "Controls for LLMs, Agents, MCP, and RAG systems.",
+        version: "1.0.0",
+        project_types: ["ai-application", "mcp-server"],
+        controls,
+        frameworks: ["GDPR"],
+    };
+}
+//# sourceMappingURL=ai.js.map

package/dist/packs/ai.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai.js","sourceRoot":"","sources":["../../src/packs/ai.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,kBAAkB;IAChC,MAAM,QAAQ,GAAc;QAC1B;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,gBAAgB;YACtB,WAAW,EAAE,yDAAyD;YACtE,QAAQ,EAAE,eAAe;YACzB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,4HAA4H;YACrJ,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,mCAAmC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAChG,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,sBAAsB,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACnF,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,0BAA0B,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACxF;SACF;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,mBAAmB;YACzB,WAAW,EAAE,mEAAmE;YAChF,QAAQ,EAAE,eAAe;YACzB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,uGAAuG;YAChI,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,wCAAwC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACrG,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,0BAA0B,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACxF;SACF;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,4DAA4D;YACzE,QAAQ,EAAE,eAAe;YACzB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,uGAAuG;YAChI,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,yBAAyB,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACtF,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,4CAA4C,EAAE,MAAM,EAAE,iBAAiB,EAAE;aAC1G;SACF;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,kBAAkB;YACxB,WAAW,EAAE,0CAA0C;YACvD,QAAQ,EAAE,eAAe;YACzB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,MAAM;YAChB,uBAAuB,EAAE,mFAAmF;YAC5G,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,+BAA+B,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAC5F,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,sBAAsB,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACpF;SACF;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,4BAA4B;YAClC,WAAW,EAAE,qDAAqD;YAClE,QAAQ,EAAE,eAAe;YACzB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,8HAA8H;YACvJ,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,0CAA0C,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACvG,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,0CAA0C,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACxG;SACF;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,mDAAmD;YACzD,WAAW,EAAE,0EAA0E;YACvF,QAAQ,EAAE,eAAe;YACzB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,wHAAwH;YACjJ,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,+BAA+B,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAC5F,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,oCAAoC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACjG,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,+BAA+B,EAAE,MAAM,EAAE,iBAAiB,EAAE;aAC7F;SACF;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,IAAI;QACR,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,kDAAkD;QAC/D,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,CAAC,gBAAgB,EAAE,YAAY,CAAC;QAC/C,QAAQ;QACR,UAAU,EAAE,CAAC,MAAM,CAAC;KACrB,CAAC;AACJ,CAAC"}

package/dist/packs/blockchain.d.ts

@@ -0,0 +1,2 @@
+import type { PolicyPack } from "@greenarmor/ges-core";
+export declare function createBlockchainPolicyPack(): PolicyPack;

package/dist/packs/blockchain.js

@@ -0,0 +1,97 @@
+export function createBlockchainPolicyPack() {
+    const controls = [
+        {
+            id: "BC-001",
+            name: "Cryptographic Signatures",
+            description: "All on-chain operations must use cryptographic signatures.",
+            category: "blockchain",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Implement wallet-based transaction signing. Verify signatures before on-chain operations.",
+            checks: [
+                { id: "BC-001-C1", description: "Cryptographic signing implemented", status: "not-implemented" },
+                { id: "BC-001-C2", description: "Signature verification on all operations", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "BC-002",
+            name: "Validator Identity Verification",
+            description: "Validators must be identity-verified.",
+            category: "blockchain",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "high",
+            implementation_guidance: "Implement KYC for validators. Maintain identity verification records.",
+            checks: [
+                { id: "BC-002-C1", description: "Validator identity verification process", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "BC-003",
+            name: "Key Rotation",
+            description: "Implement regular key rotation for blockchain operations.",
+            category: "blockchain",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Define key rotation schedule. Automate rotation where possible. Maintain key history.",
+            checks: [
+                { id: "BC-003-C1", description: "Key rotation schedule defined", status: "not-implemented" },
+                { id: "BC-003-C2", description: "Rotation automation implemented", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "BC-004",
+            name: "Encrypted Payload Support",
+            description: "Support encrypted payloads for sensitive on-chain data.",
+            category: "blockchain",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Encrypt sensitive data before storing on-chain. Use hybrid encryption schemes.",
+            checks: [
+                { id: "BC-004-C1", description: "Encrypted payload support implemented", status: "not-implemented" },
+                { id: "BC-004-C2", description: "No plaintext personal data on-chain", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "BC-005",
+            name: "Immutable Audit Trails",
+            description: "Maintain immutable audit trails for all blockchain operations.",
+            category: "blockchain",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Use blockchain immutability for audit logs. Store hashes and CIDs. Keep references off-chain.",
+            checks: [
+                { id: "BC-005-C1", description: "Audit trail mechanism implemented", status: "not-implemented" },
+                { id: "BC-005-C2", description: "Hashes stored on-chain, data off-chain", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "BC-006",
+            name: "No Plaintext Personal Data On-Chain",
+            description: "Never store plaintext personal data on-chain. Store only hashes, CIDs, references, and encrypted metadata.",
+            category: "blockchain",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Store only hashes (SHA-256+), CIDs, references, or encrypted metadata on-chain. Keep actual data in encrypted off-chain storage.",
+            checks: [
+                { id: "BC-006-C1", description: "Only hashes/CIDs/references on-chain", status: "not-implemented" },
+                { id: "BC-006-C2", description: "Encrypted metadata for on-chain records", status: "not-implemented" },
+            ],
+        },
+    ];
+    return {
+        id: "blockchain",
+        name: "Blockchain Policy Pack",
+        description: "Controls for blockchain, wallets, and government ledgers.",
+        version: "1.0.0",
+        project_types: ["blockchain", "wallet"],
+        controls,
+        frameworks: ["GDPR"],
+    };
+}
+//# sourceMappingURL=blockchain.js.map

package/dist/packs/blockchain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"blockchain.js","sourceRoot":"","sources":["../../src/packs/blockchain.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,0BAA0B;IACxC,MAAM,QAAQ,GAAc;QAC1B;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,0BAA0B;YAChC,WAAW,EAAE,4DAA4D;YACzE,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,2FAA2F;YACpH,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,mCAAmC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAChG,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,0CAA0C,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACxG;SACF;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,iCAAiC;YACvC,WAAW,EAAE,uCAAuC;YACpD,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,MAAM;YAChB,uBAAuB,EAAE,uEAAuE;YAChG,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,yCAAyC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACvG;SACF;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,cAAc;YACpB,WAAW,EAAE,2DAA2D;YACxE,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,uFAAuF;YAChH,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,+BAA+B,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAC5F,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,iCAAiC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aAC/F;SACF;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,2BAA2B;YACjC,WAAW,EAAE,yDAAyD;YACtE,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,gFAAgF;YACzG,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,uCAAuC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACpG,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,qCAAqC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACnG;SACF;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,wBAAwB;YAC9B,WAAW,EAAE,gEAAgE;YAC7E,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,+FAA+F;YACxH,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,mCAAmC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAChG,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,wCAAwC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACtG;SACF;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,qCAAqC;YAC3C,WAAW,EAAE,4GAA4G;YACzH,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,kIAAkI;YAC3J,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,sCAAsC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACnG,EAAE,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,yCAAyC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACvG;SACF;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,2DAA2D;QACxE,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,CAAC,YAAY,EAAE,QAAQ,CAAC;QACvC,QAAQ;QACR,UAAU,EAAE,CAAC,MAAM,CAAC;KACrB,CAAC;AACJ,CAAC"}

package/dist/packs/cis.d.ts

@@ -0,0 +1,2 @@
+import type { PolicyPack } from "@greenarmor/ges-core";
+export declare function createCISPolicyPack(): PolicyPack;

package/dist/packs/cis.js

@@ -0,0 +1,87 @@
+export function createCISPolicyPack() {
+    const controls = [
+        {
+            id: "CIS-001",
+            name: "Inventory of Authorized and Unauthorized Devices",
+            description: "Maintain an inventory of all devices authorized to access organizational data.",
+            category: "asset-management",
+            framework: "CIS",
+            status: "not-implemented",
+            severity: "high",
+            implementation_guidance: "Maintain device inventory. Implement MDM. Monitor for unauthorized devices.",
+            checks: [
+                { id: "CIS-001-C1", description: "Device inventory maintained", status: "not-implemented" },
+                { id: "CIS-001-C2", description: "Unauthorized device detection", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "CIS-002",
+            name: "Inventory of Authorized and Unauthorized Software",
+            description: "Maintain a software inventory.",
+            category: "asset-management",
+            framework: "CIS",
+            status: "not-implemented",
+            severity: "high",
+            implementation_guidance: "Use package managers and lock files. Scan for unauthorized software. Maintain SBOM.",
+            checks: [
+                { id: "CIS-002-C1", description: "Software inventory (SBOM) maintained", status: "not-implemented" },
+                { id: "CIS-002-C2", description: "Dependency scanning implemented", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "CIS-003",
+            name: "Secure Configuration",
+            description: "Establish and maintain secure configuration for all hardware and software.",
+            category: "configuration",
+            framework: "CIS",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Use infrastructure-as-code. Implement configuration management. Regular configuration audits.",
+            checks: [
+                { id: "CIS-003-C1", description: "Secure baseline configurations defined", status: "not-implemented" },
+                { id: "CIS-003-C2", description: "Configuration drift detection", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "CIS-004",
+            name: "Continuous Vulnerability Management",
+            description: "Continuously assess and remediate vulnerabilities.",
+            category: "vulnerability-management",
+            framework: "CIS",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Automated vulnerability scanning in CI/CD. Regular penetration testing. Remediation SLAs defined.",
+            checks: [
+                { id: "CIS-004-C1", description: "Automated vulnerability scanning", status: "not-implemented" },
+                { id: "CIS-004-C2", description: "Remediation SLAs defined", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "CIS-005",
+            name: "Controlled Use of Administrative Privileges",
+            description: "Control and monitor access to administrative privileges.",
+            category: "access-control",
+            framework: "CIS",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Implement RBAC. Use least privilege. Audit all admin actions. Require MFA for admin access.",
+            checks: [
+                { id: "CIS-005-C1", description: "RBAC implemented", status: "not-implemented" },
+                { id: "CIS-005-C2", description: "MFA required for admin access", status: "not-implemented" },
+                { id: "CIS-005-C3", description: "Admin action audit logging", status: "not-implemented" },
+            ],
+        },
+    ];
+    return {
+        id: "cis",
+        name: "CIS Controls Policy Pack",
+        description: "Center for Internet Security Controls.",
+        version: "1.0.0",
+        project_types: [
+            "saas", "healthcare-system", "generic-web-application", "government-system",
+        ],
+        controls,
+        frameworks: ["CIS"],
+    };
+}
+//# sourceMappingURL=cis.js.map

package/dist/packs/cis.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cis.js","sourceRoot":"","sources":["../../src/packs/cis.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,mBAAmB;IACjC,MAAM,QAAQ,GAAc;QAC1B;YACE,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,kDAAkD;YACxD,WAAW,EAAE,gFAAgF;YAC7F,QAAQ,EAAE,kBAAkB;YAC5B,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,MAAM;YAChB,uBAAuB,EAAE,6EAA6E;YACtG,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,6BAA6B,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAC3F,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,+BAA+B,EAAE,MAAM,EAAE,iBAAiB,EAAE;aAC9F;SACF;QACD;YACE,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,mDAAmD;YACzD,WAAW,EAAE,gCAAgC;YAC7C,QAAQ,EAAE,kBAAkB;YAC5B,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,MAAM;YAChB,uBAAuB,EAAE,qFAAqF;YAC9G,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,sCAAsC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACpG,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,iCAAiC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aAChG;SACF;QACD;YACE,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,sBAAsB;YAC5B,WAAW,EAAE,4EAA4E;YACzF,QAAQ,EAAE,eAAe;YACzB,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,+FAA+F;YACxH,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,wCAAwC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACtG,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,+BAA+B,EAAE,MAAM,EAAE,iBAAiB,EAAE;aAC9F;SACF;QACD;YACE,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,qCAAqC;YAC3C,WAAW,EAAE,oDAAoD;YACjE,QAAQ,EAAE,0BAA0B;YACpC,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,mGAAmG;YAC5H,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,kCAAkC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAChG,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,0BAA0B,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACzF;SACF;QACD;YACE,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,6CAA6C;YACnD,WAAW,EAAE,0DAA0D;YACvE,QAAQ,EAAE,gBAAgB;YAC1B,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,6FAA6F;YACtH,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAChF,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,+BAA+B,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAC7F,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,4BAA4B,EAAE,MAAM,EAAE,iBAAiB,EAAE;aAC3F;SACF;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,KAAK;QACT,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,wCAAwC;QACrD,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE;YACb,MAAM,EAAE,mBAAmB,EAAE,yBAAyB,EAAE,mBAAmB;SAC5E;QACD,QAAQ;QACR,UAAU,EAAE,CAAC,KAAK,CAAC;KACpB,CAAC;AACJ,CAAC"}

package/dist/packs/gdpr.d.ts

@@ -0,0 +1,2 @@
+import type { PolicyPack } from "@greenarmor/ges-core";
+export declare function createGDPRPolicyPack(): PolicyPack;

package/dist/packs/gdpr.js

@@ -0,0 +1,18 @@
+import { createGDPRControls } from "@greenarmor/ges-compliance-engine";
+export function createGDPRPolicyPack() {
+    return {
+        id: "gdpr",
+        name: "GDPR Compliance Pack",
+        description: "General Data Protection Regulation controls covering Articles 5, 25, 30, 32, 33, and 34.",
+        version: "1.0.0",
+        project_types: [
+            "saas", "ai-application", "mcp-server", "blockchain", "wallet",
+            "government-system", "healthcare-system", "event-platform",
+            "photo-storage-platform", "vulnerability-scanner",
+            "generic-web-application", "api-backend", "mobile-application",
+        ],
+        controls: createGDPRControls(),
+        frameworks: ["GDPR"],
+    };
+}
+//# sourceMappingURL=gdpr.js.map

package/dist/packs/gdpr.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gdpr.js","sourceRoot":"","sources":["../../src/packs/gdpr.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AAEvE,MAAM,UAAU,oBAAoB;IAClC,OAAO;QACL,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,0FAA0F;QACvG,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE;YACb,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,YAAY,EAAE,QAAQ;YAC9D,mBAAmB,EAAE,mBAAmB,EAAE,gBAAgB;YAC1D,wBAAwB,EAAE,uBAAuB;YACjD,yBAAyB,EAAE,aAAa,EAAE,oBAAoB;SAC/D;QACD,QAAQ,EAAE,kBAAkB,EAAE;QAC9B,UAAU,EAAE,CAAC,MAAM,CAAC;KACrB,CAAC;AACJ,CAAC"}

package/dist/packs/government.d.ts

@@ -0,0 +1,2 @@
+import type { PolicyPack } from "@greenarmor/ges-core";
+export declare function createGovernmentPolicyPack(): PolicyPack;

package/dist/packs/government.js

@@ -0,0 +1,87 @@
+export function createGovernmentPolicyPack() {
+    const controls = [
+        {
+            id: "GOV-001",
+            name: "Data Sovereignty",
+            description: "Ensure all data processing occurs within designated jurisdictions.",
+            category: "government",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Deploy infrastructure in required jurisdictions. Implement geo-fencing for data storage. Verify cloud provider compliance.",
+            checks: [
+                { id: "GOV-001-C1", description: "Infrastructure in required jurisdictions", status: "not-implemented" },
+                { id: "GOV-001-C2", description: "Geo-fencing implemented", status: "not-implemented" },
+                { id: "GOV-001-C3", description: "Cloud provider compliance verified", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "GOV-002",
+            name: "Chain of Custody",
+            description: "Maintain complete chain of custody for all data processing.",
+            category: "government",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Log all data access and transfers. Maintain custody records. Implement digital signatures on records.",
+            checks: [
+                { id: "GOV-002-C1", description: "Chain of custody logging implemented", status: "not-implemented" },
+                { id: "GOV-002-C2", description: "Digital signatures on custody records", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "GOV-003",
+            name: "Tamper Evidence",
+            description: "Implement tamper detection for all records and data.",
+            category: "government",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Use cryptographic hashing for integrity verification. Implement merkle trees for batch verification. Use write-once storage.",
+            checks: [
+                { id: "GOV-003-C1", description: "Tamper detection implemented", status: "not-implemented" },
+                { id: "GOV-003-C2", description: "Integrity verification on read", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "GOV-004",
+            name: "Record Integrity Verification",
+            description: "Enable verification of record integrity at any point.",
+            category: "government",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Store integrity hashes with records. Provide verification APIs. Schedule regular integrity checks.",
+            checks: [
+                { id: "GOV-004-C1", description: "Integrity hashes stored with records", status: "not-implemented" },
+                { id: "GOV-004-C2", description: "Verification API available", status: "not-implemented" },
+                { id: "GOV-004-C3", description: "Regular integrity checks scheduled", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "GOV-005",
+            name: "Auditability",
+            description: "Ensure all actions are fully auditable.",
+            category: "government",
+            framework: "GDPR",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Implement comprehensive audit logging. Ensure logs are immutable. Provide audit trail export capabilities.",
+            checks: [
+                { id: "GOV-005-C1", description: "Comprehensive audit logging", status: "not-implemented" },
+                { id: "GOV-005-C2", description: "Immutable log storage", status: "not-implemented" },
+                { id: "GOV-005-C3", description: "Audit trail export capability", status: "not-implemented" },
+            ],
+        },
+    ];
+    return {
+        id: "government",
+        name: "Government Policy Pack",
+        description: "Additional controls for government systems including data sovereignty and chain of custody.",
+        version: "1.0.0",
+        project_types: ["government-system"],
+        controls,
+        frameworks: ["GDPR"],
+    };
+}
+//# sourceMappingURL=government.js.map

package/dist/packs/government.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"government.js","sourceRoot":"","sources":["../../src/packs/government.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,0BAA0B;IACxC,MAAM,QAAQ,GAAc;QAC1B;YACE,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,kBAAkB;YACxB,WAAW,EAAE,oEAAoE;YACjF,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,4HAA4H;YACrJ,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,0CAA0C,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACxG,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,yBAAyB,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACvF,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,oCAAoC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACnG;SACF;QACD;YACE,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,kBAAkB;YACxB,WAAW,EAAE,6DAA6D;YAC1E,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,uGAAuG;YAChI,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,sCAAsC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACpG,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,uCAAuC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACtG;SACF;QACD;YACE,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,iBAAiB;YACvB,WAAW,EAAE,sDAAsD;YACnE,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,8HAA8H;YACvJ,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,8BAA8B,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAC5F,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,gCAAgC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aAC/F;SACF;QACD;YACE,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,+BAA+B;YACrC,WAAW,EAAE,uDAAuD;YACpE,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,oGAAoG;YAC7H,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,sCAAsC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACpG,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,4BAA4B,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAC1F,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,oCAAoC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACnG;SACF;QACD;YACE,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,cAAc;YACpB,WAAW,EAAE,yCAAyC;YACtD,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,4GAA4G;YACrI,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,6BAA6B,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAC3F,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,uBAAuB,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACrF,EAAE,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,+BAA+B,EAAE,MAAM,EAAE,iBAAiB,EAAE;aAC9F;SACF;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,6FAA6F;QAC1G,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,CAAC,mBAAmB,CAAC;QACpC,QAAQ;QACR,UAAU,EAAE,CAAC,MAAM,CAAC;KACrB,CAAC;AACJ,CAAC"}

package/dist/packs/nist.d.ts

@@ -0,0 +1,2 @@
+import type { PolicyPack } from "@greenarmor/ges-core";
+export declare function createNISTPolicyPack(): PolicyPack;

package/dist/packs/nist.js

@@ -0,0 +1,103 @@
+export function createNISTPolicyPack() {
+    const controls = [
+        {
+            id: "NIST-ID-001",
+            name: "Identity Management",
+            description: "Manage identities and access to organizational resources.",
+            category: "identify",
+            framework: "NIST",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Implement centralized identity management. Use SSO. Automate user provisioning and deprovisioning.",
+            checks: [
+                { id: "NIST-ID-001-C1", description: "Centralized identity management", status: "not-implemented" },
+                { id: "NIST-ID-001-C2", description: "SSO implemented", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "NIST-PR-001",
+            name: "Access Control",
+            description: "Implement access control policies and mechanisms.",
+            category: "protect",
+            framework: "NIST",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Implement RBAC or ABAC. Enforce least privilege. Regular access reviews.",
+            checks: [
+                { id: "NIST-PR-001-C1", description: "Access control model implemented", status: "not-implemented" },
+                { id: "NIST-PR-001-C2", description: "Regular access reviews scheduled", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "NIST-PR-002",
+            name: "Data Security",
+            description: "Protect data at rest and in transit.",
+            category: "protect",
+            framework: "NIST",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Encrypt data at rest (AES-256). Encrypt data in transit (TLS 1.2+). Classify data.",
+            checks: [
+                { id: "NIST-PR-002-C1", description: "Data encryption at rest", status: "not-implemented" },
+                { id: "NIST-PR-002-C2", description: "Data encryption in transit", status: "not-implemented" },
+                { id: "NIST-PR-002-C3", description: "Data classification implemented", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "NIST-DE-001",
+            name: "Security Monitoring",
+            description: "Monitor for security events and anomalies.",
+            category: "detect",
+            framework: "NIST",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Implement centralized logging. Use SIEM or similar. Define alert thresholds.",
+            checks: [
+                { id: "NIST-DE-001-C1", description: "Centralized logging implemented", status: "not-implemented" },
+                { id: "NIST-DE-001-C2", description: "Security alerting configured", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "NIST-RS-001",
+            name: "Incident Response",
+            description: "Establish and maintain incident response capabilities.",
+            category: "respond",
+            framework: "NIST",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Create incident response plan. Define roles and responsibilities. Conduct regular drills.",
+            checks: [
+                { id: "NIST-RS-001-C1", description: "Incident response plan documented", status: "not-implemented" },
+                { id: "NIST-RS-001-C2", description: "Roles and responsibilities defined", status: "not-implemented" },
+                { id: "NIST-RS-001-C3", description: "Regular drills conducted", status: "not-implemented" },
+            ],
+        },
+        {
+            id: "NIST-RC-001",
+            name: "Recovery Planning",
+            description: "Establish and maintain recovery plans.",
+            category: "recover",
+            framework: "NIST",
+            status: "not-implemented",
+            severity: "critical",
+            implementation_guidance: "Create disaster recovery plan. Define RTO and RPO. Test recovery procedures regularly.",
+            checks: [
+                { id: "NIST-RC-001-C1", description: "Disaster recovery plan documented", status: "not-implemented" },
+                { id: "NIST-RC-001-C2", description: "RTO and RPO defined", status: "not-implemented" },
+                { id: "NIST-RC-001-C3", description: "Regular recovery tests", status: "not-implemented" },
+            ],
+        },
+    ];
+    return {
+        id: "nist",
+        name: "NIST Cybersecurity Framework Policy Pack",
+        description: "NIST CSF controls across Identify, Protect, Detect, Respond, and Recover.",
+        version: "1.0.0",
+        project_types: [
+            "saas", "healthcare-system", "generic-web-application", "government-system",
+        ],
+        controls,
+        frameworks: ["NIST"],
+    };
+}
+//# sourceMappingURL=nist.js.map