@mitre/hdf-schema 3.2.0 → 3.3.1

package/dist/ts/hdf-evidence-package.ts

@@ -1,356 +0,0 @@
-/**
- * Bundles references to all HDF documents for audit, authorization, and compliance review.
- * Each content entry references a document by type, URI, and checksum for integrity
- * verification.
- */
-export interface HdfEvidencePackage {
-    /**
-     * Summary of assessment completeness and compliance status.
-     */
-    completenessCheck?: CompletenessCheck;
-    /**
-     * References to HDF documents included in this evidence package.
-     */
-    contents: ContentReference[];
-    /**
-     * Description of the evidence package's purpose and scope.
-     */
-    description?: string;
-    /**
-     * Information about the tool that generated this document.
-     */
-    generator?: Generator;
-    /**
-     * Cryptographic integrity information for verifying this evidence package has not been
-     * tampered with.
-     */
-    integrity?: Integrity;
-    /**
-     * Optional key-value labels for grouping and querying evidence packages.
-     */
-    labels?: { [key: string]: string };
-    /**
-     * Human-readable name for this evidence package. Example: 'Enterprise Portal ATO Evidence -
-     * Q1 2026'.
-     */
-    name: string;
-    /**
-     * Unique identifier for this evidence package. Optional in casual use, expected in
-     * production ATO submissions. Auto-generated if omitted during creation.
-     */
-    packageId?: string;
-    /**
-     * URI to the hdf-plan document that drove this assessment. Used for completeness
-     * verification — every baseline in the plan should have a corresponding results document in
-     * this package.
-     */
-    planRef?: string;
-    /**
-     * When this evidence package was prepared. ISO 8601 format.
-     */
-    preparedAt?: Date;
-    /**
-     * Identity of who prepared this evidence package.
-     */
-    preparedBy?: Identity;
-    /**
-     * Digital signature covering the entire evidence package.
-     */
-    signature?: Signature;
-    /**
-     * URI to the hdf-system document this evidence package covers.
-     */
-    systemRef?: string;
-    /**
-     * Version of this evidence package.
-     */
-    version?: string;
-    [property: string]: any;
-}
-
-/**
- * Summary of assessment completeness and compliance status.
- *
- * Informational summary of assessment completeness. Not authoritative — tools should
- * compute these from the referenced documents.
- */
-export interface CompletenessCheck {
-    /**
-     * Whether all baselines referenced by system components have assessment results.
-     */
-    allBaselinesAssessed?: boolean;
-    /**
-     * Whether all system components have at least one matching target in the results.
-     */
-    allComponentsCovered?: boolean;
-    /**
-     * Overall compliance percentage across all assessments.
-     */
-    compliancePercent?: number;
-    /**
-     * Number of waivers/amendments that have expired.
-     */
-    expiredWaivers?: number;
-    /**
-     * SBOM coverage across system components.
-     */
-    sbomCoverage?: SBOMCoverage;
-    /**
-     * Number of POA&M items that are still open (not completed).
-     */
-    unresolvedPoams?: number;
-    [property: string]: any;
-}
-
-/**
- * SBOM coverage across system components.
- *
- * SBOM coverage statistics for the system.
- */
-export interface SBOMCoverage {
-    /**
-     * Number of system components that have an associated SBOM.
-     */
-    componentsWithSbom?: number;
-    /**
-     * Total number of components in the system.
-     */
-    totalComponents?: number;
-    [property: string]: any;
-}
-
-/**
- * A reference to an HDF document or SBOM included in the evidence package.
- */
-export interface ContentReference {
-    /**
-     * Cryptographic checksum for verifying the referenced document's integrity.
-     */
-    checksum?: Checksum;
-    /**
-     * componentId of the component this content entry relates to. Use to link SBOMs, results,
-     * or other documents to a specific system component.
-     */
-    componentRef?: string;
-    /**
-     * Optional description of this content entry.
-     */
-    description?: string;
-    /**
-     * The type of HDF document being referenced.
-     */
-    type: ContentType;
-    /**
-     * URI to the document. Can be a relative path or absolute URL.
-     */
-    uri: string;
-    [property: string]: any;
-}
-
-/**
- * Cryptographic checksum for verifying the referenced document's integrity.
- *
- * Cryptographic checksum for baseline integrity verification.
- */
-export interface Checksum {
-    /**
-     * The hash algorithm used for the checksum.
-     */
-    algorithm: HashAlgorithm;
-    /**
-     * The checksum value.
-     */
-    value: string;
-    [property: string]: any;
-}
-
-/**
- * The hash algorithm used for the checksum.
- *
- * Supported cryptographic hash algorithms for checksums and integrity verification.
- */
-export enum HashAlgorithm {
-    Sha256 = "sha256",
-    Sha384 = "sha384",
-    Sha512 = "sha512",
-}
-
-/**
- * The type of HDF document being referenced.
- *
- * The type of document referenced in the evidence package.
- */
-export enum ContentType {
-    HdfAmendments = "hdf-amendments",
-    HdfBaseline = "hdf-baseline",
-    HdfComparison = "hdf-comparison",
-    HdfPlan = "hdf-plan",
-    HdfResults = "hdf-results",
-    HdfSystem = "hdf-system",
-    Sbom = "sbom",
-}
-
-/**
- * Information about the tool that generated this document.
- *
- * Information about the tool that generated this HDF file.
- */
-export interface Generator {
-    /**
-     * The name of the software that produced this HDF file. Example: 'gosec-to-hdf'.
-     */
-    name: string;
-    /**
-     * The version of the tool. Example: '5.22.3'.
-     */
-    version: string;
-    [property: string]: any;
-}
-
-/**
- * Cryptographic integrity information for verifying this evidence package has not been
- * tampered with.
- *
- * Cryptographic integrity information for verifying the HDF file has not been tampered
- * with. If algorithm is provided, checksum must also be provided, and vice versa.
- */
-export interface Integrity {
-    /**
-     * The hash algorithm used for the checksum.
-     */
-    algorithm?: HashAlgorithm;
-    /**
-     * The checksum value.
-     */
-    checksum?: string;
-    /**
-     * Optional cryptographic signature.
-     */
-    signature?: string;
-    /**
-     * Identifier of who signed this file.
-     */
-    signedBy?: string;
-    [property: string]: any;
-}
-
-/**
- * Identity of who prepared this evidence package.
- *
- * Represents an identity that performed an action, such as capturing evidence or applying
- * an override.
- *
- * The identity that created this signature.
- */
-export interface Identity {
-    /**
-     * Optional description of the identity or identity system, particularly useful when type is
-     * 'other'.
-     */
-    description?: string;
-    /**
-     * The identifier value. Example: 'user@example.com', 'jdoe', 'automated-scanner-01'.
-     */
-    identifier: string;
-    /**
-     * The type of identifier. Use 'email' for email addresses, 'username' for user accounts,
-     * 'system' for automated systems, 'simple' for basic string identifiers without additional
-     * classification, or 'other' for custom identity systems.
-     */
-    type: Type;
-    [property: string]: any;
-}
-
-/**
- * The type of identifier. Use 'email' for email addresses, 'username' for user accounts,
- * 'system' for automated systems, 'simple' for basic string identifiers without additional
- * classification, or 'other' for custom identity systems.
- */
-export enum Type {
-    Email = "email",
-    Other = "other",
-    Simple = "simple",
-    System = "system",
-    Username = "username",
-}
-
-/**
- * Digital signature covering the entire evidence package.
- *
- * A digital signature following W3C Data Integrity Proofs pattern. Supports hardware
- * security tokens (PKCS#11/PKCS#12), Yubikeys, GPG keys, passkeys, and other cryptographic
- * signing methods via JWK, PEM, or Base58 key formats.
- */
-export interface Signature {
-    /**
-     * Challenge value from the verifier, used in challenge-response authentication.
-     */
-    challenge?: string;
-    /**
-     * When the signature was created. ISO 8601 format.
-     */
-    created: Date;
-    /**
-     * The identity that created this signature.
-     */
-    creator: Identity;
-    /**
-     * Domain restriction for the signature, prevents cross-domain replay attacks.
-     */
-    domain?: string;
-    /**
-     * Random value to prevent replay attacks.
-     */
-    nonce?: string;
-    /**
-     * The purpose of this signature. Example: 'attestation', 'authentication',
-     * 'assertionMethod'.
-     */
-    proofPurpose: string;
-    /**
-     * The base64-encoded or base58-encoded signature value.
-     */
-    signatureValue: string;
-    /**
-     * The signature suite type. Example: 'JsonWebSignature2020', 'RsaSignature2018',
-     * 'Ed25519Signature2020'.
-     */
-    type: string;
-    /**
-     * The verification method containing the public key for signature verification.
-     */
-    verificationMethod: VerificationMethod;
-    [property: string]: any;
-}
-
-/**
- * The verification method containing the public key for signature verification.
- *
- * Verification method containing the public key needed to verify a digital signature.
- * Supports multiple key formats including JWK (for RSA, EC), PEM, and Base58.
- */
-export interface VerificationMethod {
-    /**
-     * The entity that controls this verification method. Can be a DID, URI, or other identifier.
-     */
-    controller: string;
-    /**
-     * Public key in Base58 format, commonly used with Ed25519 keys.
-     */
-    publicKeyBase58?: string;
-    /**
-     * Public key in JSON Web Key format.
-     */
-    publicKeyJwk?: { [key: string]: any };
-    /**
-     * Public key in PEM format. Example: '-----BEGIN PUBLIC KEY-----...-----END PUBLIC
-     * KEY-----'.
-     */
-    publicKeyPem?: string;
-    /**
-     * The type of verification method. Example: 'JsonWebKey2020', 'RsaVerificationKey2018',
-     * 'Ed25519VerificationKey2020'.
-     */
-    type: string;
-    [property: string]: any;
-}

package/dist/ts/hdf-plan.d.ts

@@ -1,204 +0,0 @@
-/**
- * Defines an assessment plan — what baselines to run against which targets, with resolved
- * inputs and scheduling. Maps to OSCAL Assessment Plan.
- */
-export interface HdfPlan {
-    /**
-     * The assessments to perform. Each assessment pairs a baseline with targets and resolved
-     * inputs.
-     */
-    assessments: Assessment[];
-    /**
-     * Description of the plan's purpose and scope.
-     */
-    description?: string;
-    /**
-     * Information about the tool that generated this plan.
-     */
-    generator?: Generator;
-    /**
-     * Cryptographic integrity information for verifying this plan document has not been
-     * tampered with.
-     */
-    integrity?: Integrity;
-    /**
-     * Optional key-value labels for grouping and querying plans.
-     */
-    labels?: {
-        [key: string]: string;
-    };
-    /**
-     * Human-readable plan name. Example: 'Portal Monthly Assessment'.
-     */
-    name: string;
-    /**
-     * Unique identifier for this plan. Optional in casual use, expected in production
-     * documents. Auto-generated if omitted during creation.
-     */
-    planId?: string;
-    /**
-     * Optional scheduling configuration for recurring assessments.
-     */
-    schedule?: Schedule;
-    /**
-     * URI to the hdf-system document this plan targets. Example: 'portal-prod.hdf-system.json'.
-     */
-    systemRef?: string;
-    /**
-     * The type of assessment plan.
-     */
-    type?: PlanType;
-    /**
-     * Version of this plan document.
-     */
-    version?: string;
-    [property: string]: any;
-}
-/**
- * A single assessment within a plan — defines which baseline to run against which targets
- * with what configuration.
- */
-export interface Assessment {
-    /**
-     * Reference to the baseline to evaluate. May be a baseline name (e.g. 'RHEL9-STIG'), a
-     * relative path to an HDF Baseline document (e.g. 'rhel9-stig.hdf-baseline.json'), or an
-     * absolute URI.
-     */
-    baselineRef: string;
-    /**
-     * componentId of the system component this assessment targets. Use for direct component
-     * binding. Alternative to targetSelector.
-     */
-    componentRef?: string;
-    /**
-     * Description of this assessment's purpose.
-     */
-    description?: string;
-    /**
-     * Resolved input values for this assessment. Keys are input names, values are the final
-     * resolved values (after baseline defaults + system overrides).
-     */
-    inputs?: {
-        [key: string]: any;
-    };
-    /**
-     * Runner/scanner configuration for this assessment.
-     */
-    runner?: RunnerConfig;
-    /**
-     * Label selector to match targets for this assessment. Overrides the system component's
-     * targetSelector if provided.
-     */
-    targetSelector?: {
-        [key: string]: string;
-    };
-    [property: string]: any;
-}
-/**
- * Runner/scanner configuration for this assessment.
- *
- * Configuration for the assessment runner/scanner.
- */
-export interface RunnerConfig {
-    /**
-     * Name of the assessment runner. Example: 'cinc-auditor', 'inspec', 'openscap'.
-     */
-    name?: string;
-    /**
-     * Version of the runner.
-     */
-    version?: string;
-    [property: string]: any;
-}
-/**
- * Information about the tool that generated this plan.
- *
- * Information about the tool that generated this HDF file.
- */
-export interface Generator {
-    /**
-     * The name of the software that produced this HDF file. Example: 'gosec-to-hdf'.
-     */
-    name: string;
-    /**
-     * The version of the tool. Example: '5.22.3'.
-     */
-    version: string;
-    [property: string]: any;
-}
-/**
- * Cryptographic integrity information for verifying this plan document has not been
- * tampered with.
- *
- * Cryptographic integrity information for verifying the HDF file has not been tampered
- * with. If algorithm is provided, checksum must also be provided, and vice versa.
- */
-export interface Integrity {
-    /**
-     * The hash algorithm used for the checksum.
-     */
-    algorithm?: HashAlgorithm;
-    /**
-     * The checksum value.
-     */
-    checksum?: string;
-    /**
-     * Optional cryptographic signature.
-     */
-    signature?: string;
-    /**
-     * Identifier of who signed this file.
-     */
-    signedBy?: string;
-    [property: string]: any;
-}
-/**
- * The hash algorithm used for the checksum.
- *
- * Supported cryptographic hash algorithms for checksums and integrity verification.
- */
-export declare enum HashAlgorithm {
-    Sha256 = "sha256",
-    Sha384 = "sha384",
-    Sha512 = "sha512"
-}
-/**
- * Optional scheduling configuration for recurring assessments.
- *
- * Scheduling configuration for recurring assessments.
- */
-export interface Schedule {
-    /**
-     * Cron expression for recurring assessments. Example: '0 2 1 * *' (2 AM on the 1st of each
-     * month).
-     */
-    cron?: string;
-    /**
-     * Date after which assessments should no longer run. ISO 8601 format.
-     */
-    endDate?: Date;
-    /**
-     * Email addresses or notification endpoints to alert when assessments complete.
-     */
-    notifyOnCompletion?: string[];
-    /**
-     * Email addresses or notification endpoints to alert when regressions are detected.
-     */
-    notifyOnRegression?: string[];
-    /**
-     * Earliest date to begin assessments. ISO 8601 format.
-     */
-    startDate?: Date;
-    [property: string]: any;
-}
-/**
- * The type of assessment plan.
- *
- * The type of assessment. 'automated' for scanner-driven, 'manual' for human-performed,
- * 'hybrid' for both.
- */
-export declare enum PlanType {
-    Automated = "automated",
-    Hybrid = "hybrid",
-    Manual = "manual"
-}

package/dist/ts/hdf-plan.js

@@ -1,23 +0,0 @@
-/**
- * The hash algorithm used for the checksum.
- *
- * Supported cryptographic hash algorithms for checksums and integrity verification.
- */
-export var HashAlgorithm;
-(function (HashAlgorithm) {
-    HashAlgorithm["Sha256"] = "sha256";
-    HashAlgorithm["Sha384"] = "sha384";
-    HashAlgorithm["Sha512"] = "sha512";
-})(HashAlgorithm || (HashAlgorithm = {}));
-/**
- * The type of assessment plan.
- *
- * The type of assessment. 'automated' for scanner-driven, 'manual' for human-performed,
- * 'hybrid' for both.
- */
-export var PlanType;
-(function (PlanType) {
-    PlanType["Automated"] = "automated";
-    PlanType["Hybrid"] = "hybrid";
-    PlanType["Manual"] = "manual";
-})(PlanType || (PlanType = {}));