@greenarmor/ges-policy-engine 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. package/LICENSE +21 -0
  2. package/dist/index.d.ts +12 -0
  3. package/dist/index.js +46 -0
  4. package/dist/index.js.map +1 -0
  5. package/dist/packs/ai.d.ts +2 -0
  6. package/dist/packs/ai.js +100 -0
  7. package/dist/packs/ai.js.map +1 -0
  8. package/dist/packs/blockchain.d.ts +2 -0
  9. package/dist/packs/blockchain.js +97 -0
  10. package/dist/packs/blockchain.js.map +1 -0
  11. package/dist/packs/cis.d.ts +2 -0
  12. package/dist/packs/cis.js +87 -0
  13. package/dist/packs/cis.js.map +1 -0
  14. package/dist/packs/gdpr.d.ts +2 -0
  15. package/dist/packs/gdpr.js +18 -0
  16. package/dist/packs/gdpr.js.map +1 -0
  17. package/dist/packs/government.d.ts +2 -0
  18. package/dist/packs/government.js +87 -0
  19. package/dist/packs/government.js.map +1 -0
  20. package/dist/packs/nist.d.ts +2 -0
  21. package/dist/packs/nist.js +103 -0
  22. package/dist/packs/nist.js.map +1 -0
  23. package/dist/packs/owasp.d.ts +2 -0
  24. package/dist/packs/owasp.js +106 -0
  25. package/dist/packs/owasp.js.map +1 -0
  26. package/package.json +27 -0
  27. package/src/index.ts +53 -0
  28. package/src/packs/ai.ts +102 -0
  29. package/src/packs/blockchain.ts +99 -0
  30. package/src/packs/cis.ts +89 -0
  31. package/src/packs/gdpr.ts +19 -0
  32. package/src/packs/government.ts +89 -0
  33. package/src/packs/nist.ts +105 -0
  34. package/src/packs/owasp.ts +108 -0
  35. package/tsconfig.json +12 -0
  36. package/tsconfig.tsbuildinfo +1 -0
package/dist/packs/nist.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"nist.js","sourceRoot":"","sources":["../../src/packs/nist.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,oBAAoB;IAClC,MAAM,QAAQ,GAAc;QAC1B;YACE,EAAE,EAAE,aAAa;YACjB,IAAI,EAAE,qBAAqB;YAC3B,WAAW,EAAE,2DAA2D;YACxE,QAAQ,EAAE,UAAU;YACpB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,oGAAoG;YAC7H,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,iCAAiC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACnG,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACpF;SACF;QACD;YACE,EAAE,EAAE,aAAa;YACjB,IAAI,EAAE,gBAAgB;YACtB,WAAW,EAAE,mDAAmD;YAChE,QAAQ,EAAE,SAAS;YACnB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,0EAA0E;YACnG,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,kCAAkC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACpG,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,kCAAkC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACrG;SACF;QACD;YACE,EAAE,EAAE,aAAa;YACjB,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,sCAAsC;YACnD,QAAQ,EAAE,SAAS;YACnB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,oFAAoF;YAC7G,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,yBAAyB,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAC3F,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,4BAA4B,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAC9F,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,iCAAiC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACpG;SACF;QACD;YACE,EAAE,EAAE,aAAa;YACjB,IAAI,EAAE,qBAAqB;YAC3B,WAAW,EAAE,4CAA4C;YACzD,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,8EAA8E;YACvG,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,iCAAiC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACnG,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,8BAA8B,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACjG;SACF;QACD;YACE,EAAE,EAAE,aAAa;YACjB,IAAI,EAAE,mBAAmB;YACzB,WAAW,EAAE,wDAAwD;YACrE,QAAQ,EAAE,SAAS;YACnB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,2FAA2F;YACpH,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,mCAAmC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACrG,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,oCAAoC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACtG,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,0BAA0B,EAAE,MAAM,EAAE,iBAAiB,EAAE;aAC7F;SACF;QACD;YACE,EAAE,EAAE,aAAa;YACjB,IAAI,EAAE,mBAAmB;YACzB,WAAW,EAAE,wCAAwC;YACrD,QAAQ,EAAE,SAAS;YACnB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,wFAAwF;YACjH,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,mCAAmC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACrG,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACvF,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,wBAAwB,EAAE,MAAM,EAAE,iBAAiB,EAAE;aAC3F;SACF;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,0CAA0C;QAChD,WAAW,EAAE,2EAA2E;QACxF,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE;YACb,MAAM,EAAE,mBAAmB,EAAE,yBAAyB,EAAE,mBAAmB;SAC5E;QACD,QAAQ;QACR,UAAU,EAAE,CAAC,MAAM,CAAC;KACrB,CAAC;AACJ,CAAC"}
package/dist/packs/owasp.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import type { PolicyPack } from "@greenarmor/ges-core";
2
+ export declare function createOWASPPolicyPack(): PolicyPack;
package/dist/packs/owasp.js ADDED
@@ -0,0 +1,106 @@
1
+ export function createOWASPPolicyPack() {
2
+ const controls = [
3
+ {
4
+ id: "OWASP-ASVS-001",
5
+ name: "Input Validation",
6
+ description: "Verify that all input data is validated, filtered, or sanitized.",
7
+ category: "validation",
8
+ framework: "OWASP",
9
+ status: "not-implemented",
10
+ severity: "critical",
11
+ implementation_guidance: "Validate all inputs on the server side. Use allowlists over denylists. Implement schema validation (Zod, Joi).",
12
+ checks: [
13
+ { id: "OWASP-ASVS-001-C1", description: "Server-side input validation implemented", status: "not-implemented" },
14
+ { id: "OWASP-ASVS-001-C2", description: "Schema validation library in use", status: "not-implemented" },
15
+ ],
16
+ },
17
+ {
18
+ id: "OWASP-ASVS-002",
19
+ name: "Output Encoding",
20
+ description: "Verify that output encoding prevents XSS and injection attacks.",
21
+ category: "validation",
22
+ framework: "OWASP",
23
+ status: "not-implemented",
24
+ severity: "critical",
25
+ implementation_guidance: "Encode output appropriate to context (HTML, JavaScript, URL, CSS). Use framework-provided escaping.",
26
+ checks: [
27
+ { id: "OWASP-ASVS-002-C1", description: "Output encoding implemented", status: "not-implemented" },
28
+ { id: "OWASP-ASVS-002-C2", description: "Content-Security-Policy headers configured", status: "not-implemented" },
29
+ ],
30
+ },
31
+ {
32
+ id: "OWASP-ASVS-003",
33
+ name: "Authentication Security",
34
+ description: "Verify that authentication uses strong mechanisms.",
35
+ category: "authentication",
36
+ framework: "OWASP",
37
+ status: "not-implemented",
38
+ severity: "critical",
39
+ implementation_guidance: "Implement MFA. Use Argon2id for hashing. Implement account lockout. Use rate limiting.",
40
+ checks: [
41
+ { id: "OWASP-ASVS-003-C1", description: "MFA implemented", status: "not-implemented" },
42
+ { id: "OWASP-ASVS-003-C2", description: "Secure password hashing (Argon2id)", status: "not-implemented" },
43
+ { id: "OWASP-ASVS-003-C3", description: "Account lockout implemented", status: "not-implemented" },
44
+ { id: "OWASP-ASVS-003-C4", description: "Rate limiting on authentication endpoints", status: "not-implemented" },
45
+ ],
46
+ },
47
+ {
48
+ id: "OWASP-ASVS-004",
49
+ name: "Access Control",
50
+ description: "Verify that access controls enforce least privilege and deny by default.",
51
+ category: "authorization",
52
+ framework: "OWASP",
53
+ status: "not-implemented",
54
+ severity: "critical",
55
+ implementation_guidance: "Implement RBAC. Enforce deny-by-default. Validate authorization on every request.",
56
+ checks: [
57
+ { id: "OWASP-ASVS-004-C1", description: "RBAC implemented", status: "not-implemented" },
58
+ { id: "OWASP-ASVS-004-C2", description: "Deny-by-default enforced", status: "not-implemented" },
59
+ { id: "OWASP-ASVS-004-C3", description: "Authorization checked on every request", status: "not-implemented" },
60
+ ],
61
+ },
62
+ {
63
+ id: "OWASP-ASVS-005",
64
+ name: "Secrets Management",
65
+ description: "Verify that secrets are properly managed and never stored in source code.",
66
+ category: "secrets",
67
+ framework: "OWASP",
68
+ status: "not-implemented",
69
+ severity: "critical",
70
+ implementation_guidance: "Use vault or secret management. Never commit secrets. Use environment variables. Rotate secrets regularly.",
71
+ checks: [
72
+ { id: "OWASP-ASVS-005-C1", description: "No secrets in source code", status: "not-implemented" },
73
+ { id: "OWASP-ASVS-005-C2", description: "Secret management solution in use", status: "not-implemented" },
74
+ { id: "OWASP-ASVS-005-C3", description: "Secret rotation policy defined", status: "not-implemented" },
75
+ ],
76
+ },
77
+ {
78
+ id: "OWASP-ASVS-006",
79
+ name: "Secure Communications",
80
+ description: "Verify that all communications use TLS 1.2+.",
81
+ category: "encryption",
82
+ framework: "OWASP",
83
+ status: "not-implemented",
84
+ severity: "critical",
85
+ implementation_guidance: "Enforce TLS 1.2 minimum. Configure HSTS. Disable insecure protocols.",
86
+ checks: [
87
+ { id: "OWASP-ASVS-006-C1", description: "TLS 1.2+ enforced", status: "not-implemented" },
88
+ { id: "OWASP-ASVS-006-C2", description: "HSTS configured", status: "not-implemented" },
89
+ ],
90
+ },
91
+ ];
92
+ return {
93
+ id: "owasp",
94
+ name: "OWASP ASVS Policy Pack",
95
+ description: "OWASP Application Security Verification Standard controls.",
96
+ version: "1.0.0",
97
+ project_types: [
98
+ "saas", "ai-application", "healthcare-system", "event-platform",
99
+ "photo-storage-platform", "vulnerability-scanner",
100
+ "generic-web-application", "api-backend", "mobile-application",
101
+ ],
102
+ controls,
103
+ frameworks: ["OWASP"],
104
+ };
105
+ }
106
+ //# sourceMappingURL=owasp.js.map
package/dist/packs/owasp.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"owasp.js","sourceRoot":"","sources":["../../src/packs/owasp.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,qBAAqB;IACnC,MAAM,QAAQ,GAAc;QAC1B;YACE,EAAE,EAAE,gBAAgB;YACpB,IAAI,EAAE,kBAAkB;YACxB,WAAW,EAAE,kEAAkE;YAC/E,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,OAAO;YAClB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,gHAAgH;YACzI,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,0CAA0C,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAC/G,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,kCAAkC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACxG;SACF;QACD;YACE,EAAE,EAAE,gBAAgB;YACpB,IAAI,EAAE,iBAAiB;YACvB,WAAW,EAAE,iEAAiE;YAC9E,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,OAAO;YAClB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,qGAAqG;YAC9H,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,6BAA6B,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAClG,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,4CAA4C,EAAE,MAAM,EAAE,iBAAiB,EAAE;aAClH;SACF;QACD;YACE,EAAE,EAAE,gBAAgB;YACpB,IAAI,EAAE,yBAAyB;YAC/B,WAAW,EAAE,oDAAoD;YACjE,QAAQ,EAAE,gBAAgB;YAC1B,SAAS,EAAE,OAAO;YAClB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,wFAAwF;YACjH,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACtF,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,oCAAoC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACzG,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,6BAA6B,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAClG,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,2CAA2C,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACjH;SACF;QACD;YACE,EAAE,EAAE,gBAAgB;YACpB,IAAI,EAAE,gBAAgB;YACtB,WAAW,EAAE,0EAA0E;YACvF,QAAQ,EAAE,eAAe;YACzB,SAAS,EAAE,OAAO;YAClB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,mFAAmF;YAC5G,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACvF,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,0BAA0B,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAC/F,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,wCAAwC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aAC9G;SACF;QACD;YACE,EAAE,EAAE,gBAAgB;YACpB,IAAI,EAAE,oBAAoB;YAC1B,WAAW,EAAE,2EAA2E;YACxF,QAAQ,EAAE,SAAS;YACnB,SAAS,EAAE,OAAO;YAClB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,4GAA4G;YACrI,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,2BAA2B,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBAChG,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,mCAAmC,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACxG,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,gCAAgC,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACtG;SACF;QACD;YACE,EAAE,EAAE,gBAAgB;YACpB,IAAI,EAAE,uBAAuB;YAC7B,WAAW,EAAE,8CAA8C;YAC3D,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,OAAO;YAClB,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,UAAU;YACpB,uBAAuB,EAAE,sEAAsE;YAC/F,MAAM,EAAE;gBACN,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACxF,EAAE,EAAE,EAAE,mBAAmB,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,EAAE,iBAAiB,EAAE;aACvF;SACF;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,4DAA4D;QACzE,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE;YACb,MAAM,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,gBAAgB;YAC/D,wBAAwB,EAAE,uBAAuB;YACjD,yBAAyB,EAAE,aAAa,EAAE,oBAAoB;SAC/D;QACD,QAAQ;QACR,UAAU,EAAE,CAAC,OAAO,CAAC;KACtB,CAAC;AACJ,CAAC"}
package/package.json ADDED
@@ -0,0 +1,27 @@
1
+ {
2
+ "name": "@greenarmor/ges-policy-engine",
3
+ "version": "0.1.0",
4
+ "type": "module",
5
+ "description": "GESF Policy Engine - Policy packs management and enforcement",
6
+ "main": "./dist/index.js",
7
+ "types": "./dist/index.d.ts",
8
+ "exports": {
9
+ ".": {
10
+ "types": "./dist/index.d.ts",
11
+ "default": "./dist/index.js"
12
+ }
13
+ },
14
+ "dependencies": {
15
+ "@greenarmor/ges-core": "0.1.0",
16
+ "@greenarmor/ges-compliance-engine": "0.1.0"
17
+ },
18
+ "devDependencies": {
19
+ "typescript": "^6.0.0",
20
+ "@types/node": "^22.0.0"
21
+ },
22
+ "scripts": {
23
+ "build": "tsc",
24
+ "clean": "rm -rf dist tsconfig.tsbuildinfo",
25
+ "test": "echo \"no tests yet\""
26
+ }
27
+ }
package/src/index.ts ADDED
@@ -0,0 +1,53 @@
1
+ import type { PolicyPack, ProjectType } from "@greenarmor/ges-core";
2
+ import { createGDPRPolicyPack } from "./packs/gdpr.js";
3
+ import { createOWASPPolicyPack } from "./packs/owasp.js";
4
+ import { createAIPolicyPack } from "./packs/ai.js";
5
+ import { createBlockchainPolicyPack } from "./packs/blockchain.js";
6
+ import { createGovernmentPolicyPack } from "./packs/government.js";
7
+ import { createCISPolicyPack } from "./packs/cis.js";
8
+ import { createNISTPolicyPack } from "./packs/nist.js";
9
+
10
+ const ALL_PACKS: (() => PolicyPack)[] = [
11
+ createGDPRPolicyPack,
12
+ createOWASPPolicyPack,
13
+ createAIPolicyPack,
14
+ createBlockchainPolicyPack,
15
+ createGovernmentPolicyPack,
16
+ createCISPolicyPack,
17
+ createNISTPolicyPack,
18
+ ];
19
+
20
+ const PACK_MAP: Record<string, () => PolicyPack> = {
21
+ gdpr: createGDPRPolicyPack,
22
+ owasp: createOWASPPolicyPack,
23
+ ai: createAIPolicyPack,
24
+ blockchain: createBlockchainPolicyPack,
25
+ government: createGovernmentPolicyPack,
26
+ cis: createCISPolicyPack,
27
+ nist: createNISTPolicyPack,
28
+ };
29
+
30
+ export function getAllPacks(): PolicyPack[] {
31
+ return ALL_PACKS.map(fn => fn());
32
+ }
33
+
34
+ export function getPack(id: string): PolicyPack | undefined {
35
+ const factory = PACK_MAP[id];
36
+ return factory ? factory() : undefined;
37
+ }
38
+
39
+ export function getPacksForProjectType(projectType: ProjectType): PolicyPack[] {
40
+ return getAllPacks().filter(pack => pack.project_types.includes(projectType));
41
+ }
42
+
43
+ export function listPackIds(): string[] {
44
+ return Object.keys(PACK_MAP);
45
+ }
46
+
47
+ export { createGDPRPolicyPack } from "./packs/gdpr.js";
48
+ export { createOWASPPolicyPack } from "./packs/owasp.js";
49
+ export { createAIPolicyPack } from "./packs/ai.js";
50
+ export { createBlockchainPolicyPack } from "./packs/blockchain.js";
51
+ export { createGovernmentPolicyPack } from "./packs/government.js";
52
+ export { createCISPolicyPack } from "./packs/cis.js";
53
+ export { createNISTPolicyPack } from "./packs/nist.js";
package/src/packs/ai.ts ADDED
@@ -0,0 +1,102 @@
1
+ import type { PolicyPack, Control } from "@greenarmor/ges-core";
2
+
3
+ export function createAIPolicyPack(): PolicyPack {
4
+ const controls: Control[] = [
5
+ {
6
+ id: "AI-001",
7
+ name: "Prompt Logging",
8
+ description: "Log all AI prompts and interactions for audit purposes.",
9
+ category: "ai-governance",
10
+ framework: "GDPR",
11
+ status: "not-implemented",
12
+ severity: "critical",
13
+ implementation_guidance: "Implement logging of all prompts sent to AI models. Store prompts securely with access controls. Define retention periods.",
14
+ checks: [
15
+ { id: "AI-001-C1", description: "Prompt logging system implemented", status: "not-implemented" },
16
+ { id: "AI-001-C2", description: "Logs stored securely", status: "not-implemented" },
17
+ { id: "AI-001-C3", description: "Retention period defined", status: "not-implemented" },
18
+ ],
19
+ },
20
+ {
21
+ id: "AI-002",
22
+ name: "Output Validation",
23
+ description: "Validate AI outputs before presenting to users or taking actions.",
24
+ category: "ai-governance",
25
+ framework: "GDPR",
26
+ status: "not-implemented",
27
+ severity: "critical",
28
+ implementation_guidance: "Implement output filtering and validation. Check for PII leakage. Validate against safety guidelines.",
29
+ checks: [
30
+ { id: "AI-002-C1", description: "Output validation pipeline implemented", status: "not-implemented" },
31
+ { id: "AI-002-C2", description: "PII detection on outputs", status: "not-implemented" },
32
+ ],
33
+ },
34
+ {
35
+ id: "AI-003",
36
+ name: "PII Detection",
37
+ description: "Detect and protect personal data in AI inputs and outputs.",
38
+ category: "ai-governance",
39
+ framework: "GDPR",
40
+ status: "not-implemented",
41
+ severity: "critical",
42
+ implementation_guidance: "Implement PII detection before sending to external AI providers. Redact or pseudonymise detected PII.",
43
+ checks: [
44
+ { id: "AI-003-C1", description: "PII detection on inputs", status: "not-implemented" },
45
+ { id: "AI-003-C2", description: "PII redaction/pseudonymisation implemented", status: "not-implemented" },
46
+ ],
47
+ },
48
+ {
49
+ id: "AI-004",
50
+ name: "AI Rate Limiting",
51
+ description: "Implement rate limiting on AI endpoints.",
52
+ category: "ai-governance",
53
+ framework: "GDPR",
54
+ status: "not-implemented",
55
+ severity: "high",
56
+ implementation_guidance: "Implement per-user and per-IP rate limiting on AI endpoints. Define usage quotas.",
57
+ checks: [
58
+ { id: "AI-004-C1", description: "Rate limiting on AI endpoints", status: "not-implemented" },
59
+ { id: "AI-004-C2", description: "Usage quotas defined", status: "not-implemented" },
60
+ ],
61
+ },
62
+ {
63
+ id: "AI-005",
64
+ name: "Data Classification for AI",
65
+ description: "Classify data before processing through AI systems.",
66
+ category: "ai-governance",
67
+ framework: "GDPR",
68
+ status: "not-implemented",
69
+ severity: "critical",
70
+ implementation_guidance: "Implement data classification checks before AI processing. Restrict restricted/confidential data from external AI providers.",
71
+ checks: [
72
+ { id: "AI-005-C1", description: "Data classification before AI processing", status: "not-implemented" },
73
+ { id: "AI-005-C2", description: "Restricted data blocked from external AI", status: "not-implemented" },
74
+ ],
75
+ },
76
+ {
77
+ id: "AI-006",
78
+ name: "Prevent Unauthorized Data Transfer to External AI",
79
+ description: "Prevent unauthorized transfer of personal data to external AI providers.",
80
+ category: "ai-governance",
81
+ framework: "GDPR",
82
+ status: "not-implemented",
83
+ severity: "critical",
84
+ implementation_guidance: "Implement data loss prevention for AI API calls. Review and approve AI providers. Document data processing agreements.",
85
+ checks: [
86
+ { id: "AI-006-C1", description: "DLP controls for AI API calls", status: "not-implemented" },
87
+ { id: "AI-006-C2", description: "AI providers reviewed and approved", status: "not-implemented" },
88
+ { id: "AI-006-C3", description: "DPAs with AI providers signed", status: "not-implemented" },
89
+ ],
90
+ },
91
+ ];
92
+
93
+ return {
94
+ id: "ai",
95
+ name: "AI System Policy Pack",
96
+ description: "Controls for LLMs, Agents, MCP, and RAG systems.",
97
+ version: "1.0.0",
98
+ project_types: ["ai-application", "mcp-server"],
99
+ controls,
100
+ frameworks: ["GDPR"],
101
+ };
102
+ }
package/src/packs/blockchain.ts ADDED
@@ -0,0 +1,99 @@
1
+ import type { PolicyPack, Control } from "@greenarmor/ges-core";
2
+
3
+ export function createBlockchainPolicyPack(): PolicyPack {
4
+ const controls: Control[] = [
5
+ {
6
+ id: "BC-001",
7
+ name: "Cryptographic Signatures",
8
+ description: "All on-chain operations must use cryptographic signatures.",
9
+ category: "blockchain",
10
+ framework: "GDPR",
11
+ status: "not-implemented",
12
+ severity: "critical",
13
+ implementation_guidance: "Implement wallet-based transaction signing. Verify signatures before on-chain operations.",
14
+ checks: [
15
+ { id: "BC-001-C1", description: "Cryptographic signing implemented", status: "not-implemented" },
16
+ { id: "BC-001-C2", description: "Signature verification on all operations", status: "not-implemented" },
17
+ ],
18
+ },
19
+ {
20
+ id: "BC-002",
21
+ name: "Validator Identity Verification",
22
+ description: "Validators must be identity-verified.",
23
+ category: "blockchain",
24
+ framework: "GDPR",
25
+ status: "not-implemented",
26
+ severity: "high",
27
+ implementation_guidance: "Implement KYC for validators. Maintain identity verification records.",
28
+ checks: [
29
+ { id: "BC-002-C1", description: "Validator identity verification process", status: "not-implemented" },
30
+ ],
31
+ },
32
+ {
33
+ id: "BC-003",
34
+ name: "Key Rotation",
35
+ description: "Implement regular key rotation for blockchain operations.",
36
+ category: "blockchain",
37
+ framework: "GDPR",
38
+ status: "not-implemented",
39
+ severity: "critical",
40
+ implementation_guidance: "Define key rotation schedule. Automate rotation where possible. Maintain key history.",
41
+ checks: [
42
+ { id: "BC-003-C1", description: "Key rotation schedule defined", status: "not-implemented" },
43
+ { id: "BC-003-C2", description: "Rotation automation implemented", status: "not-implemented" },
44
+ ],
45
+ },
46
+ {
47
+ id: "BC-004",
48
+ name: "Encrypted Payload Support",
49
+ description: "Support encrypted payloads for sensitive on-chain data.",
50
+ category: "blockchain",
51
+ framework: "GDPR",
52
+ status: "not-implemented",
53
+ severity: "critical",
54
+ implementation_guidance: "Encrypt sensitive data before storing on-chain. Use hybrid encryption schemes.",
55
+ checks: [
56
+ { id: "BC-004-C1", description: "Encrypted payload support implemented", status: "not-implemented" },
57
+ { id: "BC-004-C2", description: "No plaintext personal data on-chain", status: "not-implemented" },
58
+ ],
59
+ },
60
+ {
61
+ id: "BC-005",
62
+ name: "Immutable Audit Trails",
63
+ description: "Maintain immutable audit trails for all blockchain operations.",
64
+ category: "blockchain",
65
+ framework: "GDPR",
66
+ status: "not-implemented",
67
+ severity: "critical",
68
+ implementation_guidance: "Use blockchain immutability for audit logs. Store hashes and CIDs. Keep references off-chain.",
69
+ checks: [
70
+ { id: "BC-005-C1", description: "Audit trail mechanism implemented", status: "not-implemented" },
71
+ { id: "BC-005-C2", description: "Hashes stored on-chain, data off-chain", status: "not-implemented" },
72
+ ],
73
+ },
74
+ {
75
+ id: "BC-006",
76
+ name: "No Plaintext Personal Data On-Chain",
77
+ description: "Never store plaintext personal data on-chain. Store only hashes, CIDs, references, and encrypted metadata.",
78
+ category: "blockchain",
79
+ framework: "GDPR",
80
+ status: "not-implemented",
81
+ severity: "critical",
82
+ implementation_guidance: "Store only hashes (SHA-256+), CIDs, references, or encrypted metadata on-chain. Keep actual data in encrypted off-chain storage.",
83
+ checks: [
84
+ { id: "BC-006-C1", description: "Only hashes/CIDs/references on-chain", status: "not-implemented" },
85
+ { id: "BC-006-C2", description: "Encrypted metadata for on-chain records", status: "not-implemented" },
86
+ ],
87
+ },
88
+ ];
89
+
90
+ return {
91
+ id: "blockchain",
92
+ name: "Blockchain Policy Pack",
93
+ description: "Controls for blockchain, wallets, and government ledgers.",
94
+ version: "1.0.0",
95
+ project_types: ["blockchain", "wallet"],
96
+ controls,
97
+ frameworks: ["GDPR"],
98
+ };
99
+ }
package/src/packs/cis.ts ADDED
@@ -0,0 +1,89 @@
1
+ import type { PolicyPack, Control } from "@greenarmor/ges-core";
2
+
3
+ export function createCISPolicyPack(): PolicyPack {
4
+ const controls: Control[] = [
5
+ {
6
+ id: "CIS-001",
7
+ name: "Inventory of Authorized and Unauthorized Devices",
8
+ description: "Maintain an inventory of all devices authorized to access organizational data.",
9
+ category: "asset-management",
10
+ framework: "CIS",
11
+ status: "not-implemented",
12
+ severity: "high",
13
+ implementation_guidance: "Maintain device inventory. Implement MDM. Monitor for unauthorized devices.",
14
+ checks: [
15
+ { id: "CIS-001-C1", description: "Device inventory maintained", status: "not-implemented" },
16
+ { id: "CIS-001-C2", description: "Unauthorized device detection", status: "not-implemented" },
17
+ ],
18
+ },
19
+ {
20
+ id: "CIS-002",
21
+ name: "Inventory of Authorized and Unauthorized Software",
22
+ description: "Maintain a software inventory.",
23
+ category: "asset-management",
24
+ framework: "CIS",
25
+ status: "not-implemented",
26
+ severity: "high",
27
+ implementation_guidance: "Use package managers and lock files. Scan for unauthorized software. Maintain SBOM.",
28
+ checks: [
29
+ { id: "CIS-002-C1", description: "Software inventory (SBOM) maintained", status: "not-implemented" },
30
+ { id: "CIS-002-C2", description: "Dependency scanning implemented", status: "not-implemented" },
31
+ ],
32
+ },
33
+ {
34
+ id: "CIS-003",
35
+ name: "Secure Configuration",
36
+ description: "Establish and maintain secure configuration for all hardware and software.",
37
+ category: "configuration",
38
+ framework: "CIS",
39
+ status: "not-implemented",
40
+ severity: "critical",
41
+ implementation_guidance: "Use infrastructure-as-code. Implement configuration management. Regular configuration audits.",
42
+ checks: [
43
+ { id: "CIS-003-C1", description: "Secure baseline configurations defined", status: "not-implemented" },
44
+ { id: "CIS-003-C2", description: "Configuration drift detection", status: "not-implemented" },
45
+ ],
46
+ },
47
+ {
48
+ id: "CIS-004",
49
+ name: "Continuous Vulnerability Management",
50
+ description: "Continuously assess and remediate vulnerabilities.",
51
+ category: "vulnerability-management",
52
+ framework: "CIS",
53
+ status: "not-implemented",
54
+ severity: "critical",
55
+ implementation_guidance: "Automated vulnerability scanning in CI/CD. Regular penetration testing. Remediation SLAs defined.",
56
+ checks: [
57
+ { id: "CIS-004-C1", description: "Automated vulnerability scanning", status: "not-implemented" },
58
+ { id: "CIS-004-C2", description: "Remediation SLAs defined", status: "not-implemented" },
59
+ ],
60
+ },
61
+ {
62
+ id: "CIS-005",
63
+ name: "Controlled Use of Administrative Privileges",
64
+ description: "Control and monitor access to administrative privileges.",
65
+ category: "access-control",
66
+ framework: "CIS",
67
+ status: "not-implemented",
68
+ severity: "critical",
69
+ implementation_guidance: "Implement RBAC. Use least privilege. Audit all admin actions. Require MFA for admin access.",
70
+ checks: [
71
+ { id: "CIS-005-C1", description: "RBAC implemented", status: "not-implemented" },
72
+ { id: "CIS-005-C2", description: "MFA required for admin access", status: "not-implemented" },
73
+ { id: "CIS-005-C3", description: "Admin action audit logging", status: "not-implemented" },
74
+ ],
75
+ },
76
+ ];
77
+
78
+ return {
79
+ id: "cis",
80
+ name: "CIS Controls Policy Pack",
81
+ description: "Center for Internet Security Controls.",
82
+ version: "1.0.0",
83
+ project_types: [
84
+ "saas", "healthcare-system", "generic-web-application", "government-system",
85
+ ],
86
+ controls,
87
+ frameworks: ["CIS"],
88
+ };
89
+ }
package/src/packs/gdpr.ts ADDED
@@ -0,0 +1,19 @@
1
+ import type { PolicyPack, Control, ProjectType } from "@greenarmor/ges-core";
2
+ import { createGDPRControls } from "@greenarmor/ges-compliance-engine";
3
+
4
+ export function createGDPRPolicyPack(): PolicyPack {
5
+ return {
6
+ id: "gdpr",
7
+ name: "GDPR Compliance Pack",
8
+ description: "General Data Protection Regulation controls covering Articles 5, 25, 30, 32, 33, and 34.",
9
+ version: "1.0.0",
10
+ project_types: [
11
+ "saas", "ai-application", "mcp-server", "blockchain", "wallet",
12
+ "government-system", "healthcare-system", "event-platform",
13
+ "photo-storage-platform", "vulnerability-scanner",
14
+ "generic-web-application", "api-backend", "mobile-application",
15
+ ],
16
+ controls: createGDPRControls(),
17
+ frameworks: ["GDPR"],
18
+ };
19
+ }
package/src/packs/government.ts ADDED
@@ -0,0 +1,89 @@
1
+ import type { PolicyPack, Control } from "@greenarmor/ges-core";
2
+
3
+ export function createGovernmentPolicyPack(): PolicyPack {
4
+ const controls: Control[] = [
5
+ {
6
+ id: "GOV-001",
7
+ name: "Data Sovereignty",
8
+ description: "Ensure all data processing occurs within designated jurisdictions.",
9
+ category: "government",
10
+ framework: "GDPR",
11
+ status: "not-implemented",
12
+ severity: "critical",
13
+ implementation_guidance: "Deploy infrastructure in required jurisdictions. Implement geo-fencing for data storage. Verify cloud provider compliance.",
14
+ checks: [
15
+ { id: "GOV-001-C1", description: "Infrastructure in required jurisdictions", status: "not-implemented" },
16
+ { id: "GOV-001-C2", description: "Geo-fencing implemented", status: "not-implemented" },
17
+ { id: "GOV-001-C3", description: "Cloud provider compliance verified", status: "not-implemented" },
18
+ ],
19
+ },
20
+ {
21
+ id: "GOV-002",
22
+ name: "Chain of Custody",
23
+ description: "Maintain complete chain of custody for all data processing.",
24
+ category: "government",
25
+ framework: "GDPR",
26
+ status: "not-implemented",
27
+ severity: "critical",
28
+ implementation_guidance: "Log all data access and transfers. Maintain custody records. Implement digital signatures on records.",
29
+ checks: [
30
+ { id: "GOV-002-C1", description: "Chain of custody logging implemented", status: "not-implemented" },
31
+ { id: "GOV-002-C2", description: "Digital signatures on custody records", status: "not-implemented" },
32
+ ],
33
+ },
34
+ {
35
+ id: "GOV-003",
36
+ name: "Tamper Evidence",
37
+ description: "Implement tamper detection for all records and data.",
38
+ category: "government",
39
+ framework: "GDPR",
40
+ status: "not-implemented",
41
+ severity: "critical",
42
+ implementation_guidance: "Use cryptographic hashing for integrity verification. Implement merkle trees for batch verification. Use write-once storage.",
43
+ checks: [
44
+ { id: "GOV-003-C1", description: "Tamper detection implemented", status: "not-implemented" },
45
+ { id: "GOV-003-C2", description: "Integrity verification on read", status: "not-implemented" },
46
+ ],
47
+ },
48
+ {
49
+ id: "GOV-004",
50
+ name: "Record Integrity Verification",
51
+ description: "Enable verification of record integrity at any point.",
52
+ category: "government",
53
+ framework: "GDPR",
54
+ status: "not-implemented",
55
+ severity: "critical",
56
+ implementation_guidance: "Store integrity hashes with records. Provide verification APIs. Schedule regular integrity checks.",
57
+ checks: [
58
+ { id: "GOV-004-C1", description: "Integrity hashes stored with records", status: "not-implemented" },
59
+ { id: "GOV-004-C2", description: "Verification API available", status: "not-implemented" },
60
+ { id: "GOV-004-C3", description: "Regular integrity checks scheduled", status: "not-implemented" },
61
+ ],
62
+ },
63
+ {
64
+ id: "GOV-005",
65
+ name: "Auditability",
66
+ description: "Ensure all actions are fully auditable.",
67
+ category: "government",
68
+ framework: "GDPR",
69
+ status: "not-implemented",
70
+ severity: "critical",
71
+ implementation_guidance: "Implement comprehensive audit logging. Ensure logs are immutable. Provide audit trail export capabilities.",
72
+ checks: [
73
+ { id: "GOV-005-C1", description: "Comprehensive audit logging", status: "not-implemented" },
74
+ { id: "GOV-005-C2", description: "Immutable log storage", status: "not-implemented" },
75
+ { id: "GOV-005-C3", description: "Audit trail export capability", status: "not-implemented" },
76
+ ],
77
+ },
78
+ ];
79
+
80
+ return {
81
+ id: "government",
82
+ name: "Government Policy Pack",
83
+ description: "Additional controls for government systems including data sovereignty and chain of custody.",
84
+ version: "1.0.0",
85
+ project_types: ["government-system"],
86
+ controls,
87
+ frameworks: ["GDPR"],
88
+ };
89
+ }