@greenarmor/ges-scoring-engine 0.3.4 → 0.4.0

package/dist/index.d.ts

@@ -1,6 +1,17 @@
-import type { Control, ComplianceScore, ScoreFile, FrameworkName } from "@greenarmor/ges-core";
-export declare function scoreControls(controls: Control[]): number;
+import type { Control, ComplianceScore, ComplianceGrade, ScoreFile, FrameworkName, AuditImpact, SeverityLevel } from "@greenarmor/ges-core";
+declare const SEVERITY_WEIGHTS: Record<SeverityLevel, number>;
+declare const STATUS_CREDIT: Record<string, number>;
+declare const SEVERITY_PENALTY: Record<SeverityLevel, number>;
+declare function computeGrade(score: number): ComplianceGrade;
 export declare function scoreByFramework(controls: Control[], frameworks: FrameworkName[]): Record<string, ComplianceScore>;
+export declare function computeAuditImpact(findings: {
+    severity: string;
+}[]): AuditImpact;
 export declare function computeOverallScore(frameworkScores: Record<string, ComplianceScore>): number;
-export declare function generateScoreFile(controls: Control[], frameworks: FrameworkName[]): ScoreFile;
+export declare function generateScoreFile(controls: Control[], frameworks: FrameworkName[], findings?: {
+    severity: string;
+}[]): ScoreFile;
 export declare function formatScoreOutput(score: ScoreFile): string;
+export { SEVERITY_WEIGHTS, STATUS_CREDIT, SEVERITY_PENALTY, computeGrade };
+export declare function generateBadgeSvg(score: ScoreFile): string;
+export declare function injectBadgeIntoReadme(readmeContent: string, badgeSvgPath: string): string;

package/dist/index.js

@@ -1,59 +1,276 @@
-export function scoreControls(controls) {
+const SEVERITY_WEIGHTS = {
+    critical: 10,
+    high: 7,
+    medium: 4,
+    low: 1,
+};
+const STATUS_CREDIT = {
+    pass: 1.0,
+    warning: 0.5,
+    fail: 0,
+    "not-implemented": 0,
+    "not-applicable": 1.0,
+};
+const SEVERITY_PENALTY = {
+    critical: 12,
+    high: 7,
+    medium: 4,
+    low: 1,
+};
+function computeGrade(score) {
+    if (score >= 90)
+        return "A";
+    if (score >= 80)
+        return "B";
+    if (score >= 65)
+        return "C";
+    if (score >= 50)
+        return "D";
+    return "F";
+}
+function emptySeverityBucket() {
+    return { total: 0, passed: 0, failed: 0, warning: 0, not_implemented: 0 };
+}
+function buildSeverityBreakdown(controls) {
+    const breakdown = {
+        critical: emptySeverityBucket(),
+        high: emptySeverityBucket(),
+        medium: emptySeverityBucket(),
+        low: emptySeverityBucket(),
+    };
+    for (const c of controls) {
+        const bucket = breakdown[c.severity];
+        bucket.total++;
+        if (c.status === "pass" || c.status === "not-applicable") {
+            bucket.passed++;
+        }
+        else if (c.status === "warning") {
+            bucket.warning++;
+        }
+        else if (c.status === "fail") {
+            bucket.failed++;
+        }
+        else {
+            bucket.not_implemented++;
+        }
+    }
+    return breakdown;
+}
+function computeWeightedScore(controls) {
     if (controls.length === 0)
-        return 0;
-    const passed = controls.filter(c => c.status === "pass" || c.status === "not-applicable").length;
-    return Math.round((passed / controls.length) * 100);
+        return { score: 0, maxPossible: 0 };
+    let earned = 0;
+    let maxPossible = 0;
+    for (const c of controls) {
+        const weight = SEVERITY_WEIGHTS[c.severity];
+        const credit = STATUS_CREDIT[c.status] ?? 0;
+        earned += weight * credit;
+        maxPossible += weight;
+    }
+    const score = maxPossible > 0 ? Math.round((earned / maxPossible) * 100) : 0;
+    return { score, maxPossible };
+}
+function countCriticalFailures(controls) {
+    return controls.filter((c) => c.severity === "critical" && (c.status === "fail" || c.status === "not-implemented")).length;
 }
 export function scoreByFramework(controls, frameworks) {
     const result = {};
     for (const fw of frameworks) {
-        const fwControls = controls.filter(c => c.framework === fw);
-        const total = fwControls.length;
-        const passed = fwControls.filter(c => c.status === "pass").length;
-        const failed = fwControls.filter(c => c.status === "fail").length;
-        const warning = fwControls.filter(c => c.status === "warning").length;
-        const notApplicable = fwControls.filter(c => c.status === "not-applicable").length;
-        const score = total > 0 ? Math.round(((passed + notApplicable) / total) * 100) : 0;
+        const fwControls = controls.filter((c) => c.framework === fw);
+        const { score, maxPossible } = computeWeightedScore(fwControls);
+        const breakdown = buildSeverityBreakdown(fwControls);
+        const passed = fwControls.filter((c) => c.status === "pass" || c.status === "not-applicable").length;
+        const failed = fwControls.filter((c) => c.status === "fail").length;
+        const warning = fwControls.filter((c) => c.status === "warning").length;
+        const notApplicable = fwControls.filter((c) => c.status === "not-applicable").length;
+        const notImplemented = fwControls.filter((c) => c.status === "not-implemented").length;
+        const criticalFailures = countCriticalFailures(fwControls);
+        let adjustedScore = score;
+        if (criticalFailures > 0 && adjustedScore > 0) {
+            const cap = Math.max(0, 75 - criticalFailures * 8);
+            adjustedScore = Math.min(adjustedScore, cap);
+        }
         result[fw] = {
             framework: fw,
-            score,
-            total_controls: total,
+            score: adjustedScore,
+            grade: computeGrade(adjustedScore),
+            total_controls: fwControls.length,
             passed_controls: passed,
             failed_controls: failed,
             warning_controls: warning,
             not_applicable: notApplicable,
+            not_implemented: notImplemented,
+            severity_breakdown: breakdown,
+            critical_failures: criticalFailures,
+            max_possible_score: maxPossible,
             evaluated_at: new Date().toISOString(),
         };
     }
     return result;
 }
+export function computeAuditImpact(findings) {
+    const critical = findings.filter((f) => f.severity === "critical").length;
+    const high = findings.filter((f) => f.severity === "high").length;
+    const medium = findings.filter((f) => f.severity === "medium").length;
+    const low = findings.filter((f) => f.severity === "low").length;
+    const totalDeduction = Math.min(100, critical * SEVERITY_PENALTY.critical +
+        high * SEVERITY_PENALTY.high +
+        medium * SEVERITY_PENALTY.medium +
+        low * SEVERITY_PENALTY.low);
+    return {
+        total_deduction: totalDeduction,
+        critical_findings: critical,
+        high_findings: high,
+        medium_findings: medium,
+        low_findings: low,
+    };
+}
 export function computeOverallScore(frameworkScores) {
     const scores = Object.values(frameworkScores);
     if (scores.length === 0)
         return 0;
-    const total = scores.reduce((sum, s) => sum + s.score, 0);
-    return Math.round(total / scores.length);
+    let totalWeight = 0;
+    let weightedSum = 0;
+    for (const s of scores) {
+        const weight = Math.max(1, s.total_controls);
+        weightedSum += s.score * weight;
+        totalWeight += weight;
+    }
+    return totalWeight > 0 ? Math.round(weightedSum / totalWeight) : 0;
 }
-export function generateScoreFile(controls, frameworks) {
+export function generateScoreFile(controls, frameworks, findings) {
     const frameworkScores = scoreByFramework(controls, frameworks);
-    const overall = computeOverallScore(frameworkScores);
+    let overall = computeOverallScore(frameworkScores);
+    let auditImpact;
+    if (findings && findings.length > 0) {
+        auditImpact = computeAuditImpact(findings);
+        overall = Math.max(0, overall - auditImpact.total_deduction);
+    }
     return {
         overall,
+        overall_grade: computeGrade(overall),
         frameworks: frameworkScores,
+        audit_impact: auditImpact,
         evaluated_at: new Date().toISOString(),
     };
 }
 export function formatScoreOutput(score) {
     const lines = [];
     lines.push("");
+    lines.push("  ╔══════════════════════════════════════════════╗");
+    lines.push("  ║         COMPLIANCE SCORE REPORT              ║");
+    lines.push("  ╚══════════════════════════════════════════════╝");
+    lines.push("");
     for (const [fw, data] of Object.entries(score.frameworks)) {
         const padding = Math.max(1, 20 - fw.length);
         const dots = ".".repeat(padding);
-        lines.push(`  ${fw} ${dots} ${data.score}%`);
+        const gradeTag = `[${data.grade}]`;
+        lines.push(`  ${fw} ${dots} ${String(data.score).padStart(3)}%  ${gradeTag}`);
+        if (data.critical_failures > 0) {
+            lines.push(`    ⚠  ${data.critical_failures} critical control(s) failed`);
+        }
+        const sb = data.severity_breakdown;
+        const parts = [];
+        if (sb.critical.total > 0)
+            parts.push(`${sb.critical.passed}/${sb.critical.total} critical`);
+        if (sb.high.total > 0)
+            parts.push(`${sb.high.passed}/${sb.high.total} high`);
+        if (sb.medium.total > 0)
+            parts.push(`${sb.medium.passed}/${sb.medium.total} medium`);
+        if (sb.low.total > 0)
+            parts.push(`${sb.low.passed}/${sb.low.total} low`);
+        if (parts.length > 0)
+            lines.push(`    ${parts.join(" · ")}`);
     }
+    lines.push("  ──────────────────────────────────────────────");
     const overallPadding = Math.max(1, 20 - "Overall".length);
     const overallDots = ".".repeat(overallPadding);
-    lines.push(`  Overall ${overallDots} ${score.overall}%`);
+    lines.push(`  Overall ${overallDots} ${String(score.overall).padStart(3)}%  [${score.overall_grade}]`);
+    if (score.audit_impact) {
+        const ai = score.audit_impact;
+        lines.push("");
+        lines.push("  Audit Findings Impact:");
+        lines.push(`    Critical: ${ai.critical_findings}  ·  High: ${ai.high_findings}  ·  Medium: ${ai.medium_findings}  ·  Low: ${ai.low_findings}`);
+        lines.push(`    Score deduction: -${ai.total_deduction}%`);
+    }
     lines.push("");
     return lines.join("\n");
 }
+export { SEVERITY_WEIGHTS, STATUS_CREDIT, SEVERITY_PENALTY, computeGrade };
+const GRADE_COLORS = {
+    A: "#2ea44f",
+    B: "#84b6eb",
+    C: "#e3b341",
+    D: "#d29922",
+    F: "#cf222e",
+};
+function escapeXml(s) {
+    return s
+        .replace(/&/g, "&")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;")
+        .replace(/"/g, "&quot;");
+}
+function measureTextWidth(text) {
+    let w = 0;
+    for (const ch of text) {
+        if (ch >= "0" && ch <= "9")
+            w += 7;
+        else if (ch === " ")
+            w += 4;
+        else if (ch === "%")
+            w += 9;
+        else
+            w += 7.5;
+    }
+    return Math.ceil(w);
+}
+export function generateBadgeSvg(score) {
+    const scoreText = `${score.overall}%`;
+    const grade = score.overall_grade ?? computeGrade(score.overall);
+    const color = GRADE_COLORS[grade];
+    const leftText = "compliance";
+    const rightText = `${scoreText} (${grade})`;
+    const leftWidth = measureTextWidth(leftText) + 20;
+    const rightWidth = measureTextWidth(rightText) + 20;
+    const totalWidth = leftWidth + rightWidth;
+    const height = 20;
+    const fwLines = Object.entries(score.frameworks)
+        .map(([fw, data]) => `${fw}: ${data.score}% (${data.grade ?? computeGrade(data.score)})`)
+        .join("&#10;");
+    return `<svg xmlns="http://www.w3.org/2000/svg" width="${totalWidth}" height="${height}" role="img" aria-label="Compliance: ${scoreText} Grade ${grade}">
+  <title>Compliance Score: ${scoreText} (Grade ${grade})&#10;${fwLines}</title>
+  <linearGradient id="s" x2="0" y2="100%">
+    <stop offset="0" stop-color="#bbb" stop-opacity=".1"/>
+    <stop offset="1" stop-opacity=".1"/>
+  </linearGradient>
+  <clipPath id="r">
+    <rect width="${totalWidth}" height="${height}" rx="3" fill="#fff"/>
+  </clipPath>
+  <g clip-path="url(#r)">
+    <rect width="${leftWidth}" height="${height}" fill="#555"/>
+    <rect x="${leftWidth}" width="${rightWidth}" height="${height}" fill="${color}"/>
+    <rect width="${totalWidth}" height="${height}" fill="url(#s)"/>
+  </g>
+  <g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110">
+    <text x="${Math.round(leftWidth / 2 * 10)}" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="${(leftWidth - 12) * 10}" lengthAdjust="spacing">${escapeXml(leftText)}</text>
+    <text x="${Math.round(leftWidth / 2 * 10)}" y="140" transform="scale(.1)" textLength="${(leftWidth - 12) * 10}" lengthAdjust="spacing">${escapeXml(leftText)}</text>
+    <text x="${Math.round((leftWidth + rightWidth / 2) * 10)}" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="${(rightWidth - 12) * 10}" lengthAdjust="spacing">${escapeXml(rightText)}</text>
+    <text x="${Math.round((leftWidth + rightWidth / 2) * 10)}" y="140" transform="scale(.1)" textLength="${(rightWidth - 12) * 10}" lengthAdjust="spacing">${escapeXml(rightText)}</text>
+  </g>
+</svg>`;
+}
+export function injectBadgeIntoReadme(readmeContent, badgeSvgPath) {
+    const badgeLine = `![GESF Compliance](${badgeSvgPath})`;
+    const existingPattern = /!\[GESF Compliance\]\([^)]*\)/;
+    if (existingPattern.test(readmeContent)) {
+        return readmeContent.replace(existingPattern, badgeLine);
+    }
+    const headingMatch = readmeContent.match(/^#\s+.+$/m);
+    if (headingMatch && headingMatch.index !== undefined) {
+        const afterHeading = headingMatch.index + headingMatch[0].length;
+        const insertion = `\n\n${badgeLine}`;
+        return readmeContent.slice(0, afterHeading) + insertion + readmeContent.slice(afterHeading);
+    }
+    return badgeLine + "\n\n" + readmeContent;
+}

package/dist/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@greenarmor/ges-scoring-engine",
-  "version": "0.3.4",
+  "version": "0.4.0",
   "type": "module",
   "description": "GESF Scoring Engine - Compliance scoring across frameworks",
   "main": "./dist/index.js",
@@ -12,15 +12,16 @@
     }
   },
   "dependencies": {
-    "@greenarmor/ges-core": "0.3.4"
+    "@greenarmor/ges-core": "0.4.0"
   },
   "devDependencies": {
+    "@types/node": "^22.0.0",
     "typescript": "^6.0.0",
-    "@types/node": "^22.0.0"
+    "vitest": "^4.1.8"
   },
   "scripts": {
     "build": "tsc",
     "clean": "rm -rf dist tsconfig.tsbuildinfo",
-    "test": "echo \"no tests yet\""
+    "test": "vitest run"
   }
 }