@mitre/hdf-validators 2.0.0

package/LICENSE.md

@@ -0,0 +1,55 @@
+# License
+
+Copyright © 2025 The MITRE Corporation.
+
+Approved for Public Release; Distribution Unlimited. Case Number 18-3678.
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may
+not use this file except in compliance with the License. You may obtain a
+copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+License for the specific language governing permissions and limitations
+under the License.
+
+## Redistribution Terms
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+- Redistributions of source code must retain the above copyright/digital
+  rights legend, this list of conditions and the following Notice.
+- Redistributions in binary form must reproduce the above
+  copyright/digital rights legend, this list of conditions and the
+  following Notice in the documentation and/or other materials provided
+  with the distribution.
+- Neither the name of The MITRE Corporation nor the names of its contributors
+  may be used to endorse or promote products derived from this software
+  without specific prior written permission.
+
+## Notice
+
+The MITRE Corporation grants permission to reproduce, distribute, modify, and
+otherwise use this software to the extent permitted by the licensed terms
+provided in the LICENSE file included with this project.
+
+This software was produced by The MITRE Corporation for the U.S. Government
+under contract. As such the U.S. Government has certain use and data
+rights in this software. No use other than those granted to the U.S.
+Government, or to those acting on behalf of the U.S. Government, under
+these contract arrangements is authorized without the express written
+permission of The MITRE Corporation.
+
+Some files in this codebase were generated by generative AI, under the
+direction and review of The MITRE Corporation employees, for the purpose of
+development efficiency. All AI-generated code functionality was validated
+by standard quality and assurance testing.
+
+For further information, please contact The MITRE Corporation,
+Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539,
+(703) 983-6000.

package/README.md

@@ -0,0 +1,385 @@
+# @mitre/hdf-validators
+
+JSON Schema validation for Heimdall Data Format (HDF) documents. Validates HDF Results and Baselines against the official HDF schemas to ensure structural correctness and data integrity.
+
+## Scope and Responsibilities
+
+**hdf-validators** provides schema-based validation:
+- Validate HDF Results documents against the HDF Results schema
+- Validate HDF Baseline documents against the HDF Baseline schema
+- Detailed error reporting with field-level validation messages
+- Support for both TypeScript and Go implementations
+
+### hdf-validators vs. hdf-utilities
+
+| hdf-validators | hdf-utilities |
+|----------------|---------------|
+| HDF schema validation | Format syntax validation |
+| "Is this valid HDF?" | "Is this valid JSON/XML/CSV?" |
+| "Does baselines exist and is it an array?" | "Can this string be parsed as JSON?" |
+| Validates structure and types | Validates syntax only |
+| HDF-specific semantic rules | Generic format handling |
+
+**Example:**
+- `isValidJSON('{"foo": "bar"}')` → `true` (utilities - just checks JSON syntax)
+- `validateResults({foo: 'bar'})` → `false`, missing baselines field (validators - checks HDF schema)
+
+## Installation
+
+```bash
+npm install @mitre/hdf-validators
+```
+
+## Usage
+
+### TypeScript
+
+```typescript
+import { validateResults, validateBaseline } from '@mitre/hdf-validators';
+
+// Validate HDF Results
+const hdfResults = {
+  baselines: [{
+    name: 'My Baseline',
+    checksum: { algorithm: 'sha256', value: 'abc123' },
+    requirements: [{
+      id: 'REQ-001',
+      descriptions: [{ label: 'default', data: 'Test requirement' }],
+      impact: 0.7,
+      tags: { nist: ['AC-1'] },
+      results: [{
+        status: 'passed',
+        codeDesc: 'Control check',
+        startTime: '2025-01-01T00:00:00Z'
+      }]
+    }]
+  }],
+  targets: [],
+  statistics: {}
+};
+
+const result = validateResults(hdfResults);
+
+if (result.valid) {
+  console.log('✓ Valid HDF Results document');
+} else {
+  console.error('✗ Validation failed:');
+  console.error(result.getErrorMessage());
+
+  // Or access individual errors
+  result.errors.forEach(error => {
+    console.error(`  ${error.field}: ${error.message}`);
+  });
+}
+```
+
+```typescript
+// Validate HDF Baseline
+const hdfBaseline = {
+  name: 'Security Baseline',
+  title: 'Example Security Baseline',
+  version: '1.0.0',
+  checksum: { algorithm: 'sha256', value: 'def456' },
+  requirements: [{
+    id: 'REQ-001',
+    title: 'Access Control',
+    descriptions: [{ label: 'default', data: 'Requirement description' }],
+    impact: 0.7,
+    tags: { nist: ['AC-1', 'AC-2'] }
+  }]
+};
+
+const baselineResult = validateBaseline(hdfBaseline);
+
+if (!baselineResult.valid) {
+  console.error('Validation errors:', baselineResult.errors);
+}
+```
+
+```typescript
+// Auto-detect document type
+import { validate } from '@mitre/hdf-validators';
+
+const autoResult = validate(someHdfDocument);
+// Automatically determines if it's Results or Baseline and validates accordingly
+```
+
+### Go
+
+```go
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	validators "github.com/mitre/hdf-validators/go"
+)
+
+func main() {
+	// Read HDF file
+	data, err := os.ReadFile("results.json")
+	if err != nil {
+		panic(err)
+	}
+
+	// Validate HDF Results
+	result := validators.ValidateResults(data)
+
+	if result.Valid {
+		fmt.Println("✓ Valid HDF Results document")
+	} else {
+		fmt.Println("✗ Validation failed:")
+		fmt.Println(result.Error())
+
+		// Access individual errors
+		for _, e := range result.Errors {
+			fmt.Printf("  %s: %s\n", e.Field, e.Description)
+		}
+		os.Exit(1)
+	}
+}
+```
+
+```go
+// Validate HDF Baseline
+result := validators.ValidateBaseline(baselineData)
+
+// Use custom schema directory (for development/testing)
+validators.SetSchemaDir("./custom-schemas")
+result = validators.ValidateResults(data) // Will use schemas from custom directory
+
+// Reset to embedded schemas
+validators.SetSchemaDir("")
+```
+
+## API Reference
+
+### TypeScript
+
+#### `validateResults(data: unknown): ValidationResult`
+
+Validate data against the HDF Results schema.
+
+- **Parameters:**
+  - `data` - JavaScript object to validate
+- **Returns:** `ValidationResult` with validation status and errors
+
+#### `validateBaseline(data: unknown): ValidationResult`
+
+Validate data against the HDF Baseline schema.
+
+- **Parameters:**
+  - `data` - JavaScript object to validate
+- **Returns:** `ValidationResult` with validation status and errors
+
+#### `validate(data: unknown): ValidationResult`
+
+Auto-detect document type and validate.
+
+- **Parameters:**
+  - `data` - JavaScript object to validate
+- **Returns:** `ValidationResult` with validation status and errors
+
+#### `ValidationResult`
+
+```typescript
+interface ValidationResult {
+  valid: boolean;                    // True if validation passed
+  errors: ValidationError[];         // Array of validation errors (empty if valid)
+  getErrorMessage(): string;         // Formatted error message
+}
+```
+
+#### `ValidationError`
+
+```typescript
+interface ValidationError {
+  field: string;      // JSON path to the field with error
+  message: string;    // Description of the validation error
+  value?: unknown;    // The invalid value (optional)
+}
+```
+
+### Go
+
+#### `ValidateResults(data []byte) ValidationResult`
+
+Validate JSON bytes against the HDF Results schema.
+
+- **Parameters:**
+  - `data` - JSON bytes to validate
+- **Returns:** `ValidationResult` with validation status and errors
+
+#### `ValidateBaseline(data []byte) ValidationResult`
+
+Validate JSON bytes against the HDF Baseline schema.
+
+- **Parameters:**
+  - `data` - JSON bytes to validate
+- **Returns:** `ValidationResult` with validation status and errors
+
+#### `Validate(data []byte, schemaType SchemaType) ValidationResult`
+
+Validate JSON bytes against specified schema type.
+
+- **Parameters:**
+  - `data` - JSON bytes to validate
+  - `schemaType` - `TypeResults` or `TypeBaseline`
+- **Returns:** `ValidationResult` with validation status and errors
+
+#### `SetSchemaDir(dir string)`
+
+Configure package to load schemas from a directory instead of embedded schemas.
+
+- **Parameters:**
+  - `dir` - Directory path (empty string to revert to embedded schemas)
+
+#### `GetSchemaDir() string`
+
+Get the current schema directory (empty if using embedded schemas).
+
+- **Returns:** Current schema directory path
+
+#### `ValidationResult`
+
+```go
+type ValidationResult struct {
+    Valid  bool                `json:"valid"`    // True if validation passed
+    Errors []ValidationError   `json:"errors"`   // Validation errors (empty if valid)
+}
+
+func (r ValidationResult) Error() string  // Formatted error message
+```
+
+#### `ValidationError`
+
+```go
+type ValidationError struct {
+    Field       string `json:"field"`        // JSON path to invalid field
+    Description string `json:"description"`  // Error description
+    Value       any    `json:"value"`        // Invalid value (optional)
+}
+```
+
+## Common Validation Errors
+
+### Missing Required Fields
+
+```
+baselines: is required
+```
+
+HDF Results must have a `baselines` array.
+
+### Invalid Field Types
+
+```
+baselines: must be array
+baselines[0].name: is required
+```
+
+The `name` field is required for each baseline.
+
+### Invalid Enum Values
+
+```
+results[0].status: must be equal to one of the allowed values
+```
+
+Result status must be one of: `passed`, `failed`, `error`, `skipped`, `not_applicable`, `not_reviewed`.
+
+### Invalid Numeric Ranges
+
+```
+impact: must be >= 0 and <= 1
+```
+
+Impact scores must be between 0.0 and 1.0.
+
+## Use Cases
+
+### Converter Output Validation
+
+Validate that your converter produces valid HDF:
+
+```typescript
+import { convertNessusToHdf } from '@mitre/hdf-converters';
+import { validateResults } from '@mitre/hdf-validators';
+
+const hdf = convertNessusToHdf(nessusXml);
+const result = validateResults(JSON.parse(hdf));
+
+if (!result.valid) {
+  throw new Error(`Invalid HDF output: ${result.getErrorMessage()}`);
+}
+```
+
+### Pre-Upload Validation
+
+Validate HDF before uploading to Heimdall:
+
+```typescript
+const hdfData = JSON.parse(fs.readFileSync('scan-results.json', 'utf-8'));
+const result = validateResults(hdfData);
+
+if (result.valid) {
+  uploadToHeimdall(hdfData);
+} else {
+  console.error('Cannot upload invalid HDF:', result.getErrorMessage());
+}
+```
+
+### CI/CD Pipeline Validation
+
+```bash
+# Validate HDF file in CI
+hdf validate results.json
+
+# Exit code 0 if valid, non-zero if invalid
+if hdf validate scan.json --quiet; then
+  echo "✓ HDF validation passed"
+else
+  echo "✗ HDF validation failed"
+  exit 1
+fi
+```
+
+## Development
+
+```bash
+# Install dependencies
+pnpm install
+
+# Run TypeScript tests
+pnpm test:ts
+
+# Run Go tests
+pnpm test:go
+
+# Run all tests
+pnpm test
+
+# Run tests with coverage
+pnpm test:coverage
+
+# Build TypeScript package
+pnpm build
+
+# Lint code
+pnpm lint
+```
+
+## Test Coverage
+
+Both TypeScript and Go implementations maintain **>95% test coverage** with comprehensive validation tests covering:
+- Valid HDF Results and Baseline documents
+- Invalid documents (missing fields, wrong types, invalid values)
+- Error message formatting
+- Custom schema directory loading (Go)
+- Integration tests with real HDF fixtures
+
+## License
+
+Apache-2.0 © MITRE Corporation

package/dist/index.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Validation error details
+ */
+export interface ValidationError {
+    field: string;
+    message: string;
+    value?: unknown;
+}
+/**
+ * Result of schema validation
+ */
+export interface ValidationResult {
+    valid: boolean;
+    errors: ValidationError[];
+    getErrorMessage(): string;
+}
+/**
+ * Validate HDF Results document against schema
+ */
+export declare function validateResults(data: unknown): ValidationResult;
+/**
+ * Validate HDF Baseline document against schema
+ */
+export declare function validateBaseline(data: unknown): ValidationResult;
+/**
+ * Validate HDF Comparison document against schema
+ */
+export declare function validateComparison(data: unknown): ValidationResult;
+/**
+ * Validate HDF System document against schema
+ */
+export declare function validateSystem(data: unknown): ValidationResult;
+/**
+ * Validate HDF Plan document against schema
+ */
+export declare function validatePlan(data: unknown): ValidationResult;
+/**
+ * Validate HDF Amendments document against schema
+ */
+export declare function validateAmendments(data: unknown): ValidationResult;
+/**
+ * Validate HDF Evidence Package document against schema
+ */
+export declare function validateEvidencePackage(data: unknown): ValidationResult;
+/**
+ * Validate HDF document (auto-detect type based on structure)
+ */
+export declare function validate(data: unknown): ValidationResult;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../typescript/index.ts"],"names":[],"mappings":"AA0BA;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,eAAe,EAAE,CAAC;IAC1B,eAAe,IAAI,MAAM,CAAC;CAC3B;AAuKD;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,OAAO,GAAG,gBAAgB,CAG/D;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,OAAO,GAAG,gBAAgB,CAGhE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,OAAO,GAAG,gBAAgB,CAGlE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,OAAO,GAAG,gBAAgB,CAG9D;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,OAAO,GAAG,gBAAgB,CAG5D;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,OAAO,GAAG,gBAAgB,CAGlE;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,OAAO,GAAG,gBAAgB,CAGvE;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,OAAO,GAAG,gBAAgB,CAoDxD"}

package/dist/index.js

@@ -0,0 +1,266 @@
+import Ajv from 'ajv';
+import addFormats from 'ajv-formats';
+// Import all schemas (bare JSON imports — bundled by Vite via noExternal config)
+import hdfResultsSchema from '@mitre/hdf-schema/schemas/hdf-results.schema.json';
+import hdfBaselineSchema from '@mitre/hdf-schema/schemas/hdf-baseline.schema.json';
+import hdfComparisonSchema from '@mitre/hdf-schema/schemas/hdf-comparison.schema.json';
+import hdfSystemSchema from '@mitre/hdf-schema/schemas/hdf-system.schema.json';
+import hdfPlanSchema from '@mitre/hdf-schema/schemas/hdf-plan.schema.json';
+import hdfAmendmentsSchema from '@mitre/hdf-schema/schemas/hdf-amendments.schema.json';
+import hdfEvidencePackageSchema from '@mitre/hdf-schema/schemas/hdf-evidence-package.schema.json';
+import commonSchema from '@mitre/hdf-schema/schemas/primitives/common.schema.json';
+import extensionsSchema from '@mitre/hdf-schema/schemas/primitives/extensions.schema.json';
+import platformSchema from '@mitre/hdf-schema/schemas/primitives/platform.schema.json';
+import resultSchema from '@mitre/hdf-schema/schemas/primitives/result.schema.json';
+import runnerSchema from '@mitre/hdf-schema/schemas/primitives/runner.schema.json';
+import statisticsSchema from '@mitre/hdf-schema/schemas/primitives/statistics.schema.json';
+import targetSchema from '@mitre/hdf-schema/schemas/primitives/target.schema.json';
+import parameterSchema from '@mitre/hdf-schema/schemas/primitives/parameter.schema.json';
+import systemSchema from '@mitre/hdf-schema/schemas/primitives/system.schema.json';
+import planSchema from '@mitre/hdf-schema/schemas/primitives/plan.schema.json';
+import amendmentsSchema from '@mitre/hdf-schema/schemas/primitives/amendments.schema.json';
+import comparisonSchema from '@mitre/hdf-schema/schemas/primitives/comparison.schema.json';
+import componentSchema from '@mitre/hdf-schema/schemas/primitives/component.schema.json';
+import dataFlowSchema from '@mitre/hdf-schema/schemas/primitives/data-flow.schema.json';
+/**
+ * Create and configure Ajv instance with all HDF schemas
+ */
+function createValidator() {
+    const ajv = new Ajv({
+        allErrors: true,
+        verbose: true,
+        strict: false,
+        validateFormats: true,
+        validateSchema: false // Skip meta-schema validation for performance
+    });
+    // Add format validators (date-time, uri, etc.)
+    addFormats(ajv);
+    // Add all primitive schemas so they can be referenced
+    ajv.addSchema(commonSchema);
+    ajv.addSchema(platformSchema);
+    ajv.addSchema(resultSchema);
+    ajv.addSchema(runnerSchema);
+    ajv.addSchema(statisticsSchema);
+    ajv.addSchema(targetSchema);
+    ajv.addSchema(parameterSchema);
+    ajv.addSchema(amendmentsSchema); // before extensions (extensions $refs amendments Override_Type)
+    ajv.addSchema(extensionsSchema);
+    ajv.addSchema(systemSchema);
+    ajv.addSchema(planSchema);
+    ajv.addSchema(comparisonSchema);
+    ajv.addSchema(componentSchema);
+    ajv.addSchema(dataFlowSchema);
+    return ajv;
+}
+// Singleton Ajv instance
+const ajv = createValidator();
+// Compile schemas once (lazy initialization)
+let resultsValidator = null;
+let baselineValidator = null;
+let comparisonValidator = null;
+let systemValidator = null;
+let planValidator = null;
+let amendmentsValidator = null;
+let evidencePackageValidator = null;
+function getResultsValidator() {
+    if (!resultsValidator) {
+        resultsValidator = ajv.compile(hdfResultsSchema);
+    }
+    return resultsValidator;
+}
+function getBaselineValidator() {
+    if (!baselineValidator) {
+        baselineValidator = ajv.compile(hdfBaselineSchema);
+    }
+    return baselineValidator;
+}
+function getComparisonValidator() {
+    if (!comparisonValidator) {
+        comparisonValidator = ajv.compile(hdfComparisonSchema);
+    }
+    return comparisonValidator;
+}
+function getSystemValidator() {
+    if (!systemValidator) {
+        systemValidator = ajv.compile(hdfSystemSchema);
+    }
+    return systemValidator;
+}
+function getPlanValidator() {
+    if (!planValidator) {
+        planValidator = ajv.compile(hdfPlanSchema);
+    }
+    return planValidator;
+}
+function getAmendmentsValidator() {
+    if (!amendmentsValidator) {
+        amendmentsValidator = ajv.compile(hdfAmendmentsSchema);
+    }
+    return amendmentsValidator;
+}
+function getEvidencePackageValidator() {
+    if (!evidencePackageValidator) {
+        evidencePackageValidator = ajv.compile(hdfEvidencePackageSchema);
+    }
+    return evidencePackageValidator;
+}
+/**
+ * Convert Ajv errors to ValidationError format
+ */
+function formatErrors(errors) {
+    if (!errors || errors.length === 0) {
+        return [];
+    }
+    return errors.map(err => {
+        // Clean up field path (remove leading slash, use dot notation)
+        let field = err.instancePath
+            .replace(/^\//, '')
+            .replace(/\//g, '.');
+        // If field is empty, use the data path from the error
+        if (!field && err.schemaPath) {
+            const pathParts = err.schemaPath.split('/');
+            field = pathParts[pathParts.length - 1] || '(root)';
+        }
+        // Build message
+        let message = err.message || 'validation failed';
+        if (err.params) {
+            // Add parameter info for more context
+            if ('missingProperty' in err.params) {
+                field = field ? `${field}.${err.params.missingProperty}` : err.params.missingProperty;
+                message = 'is required';
+            }
+            else if ('additionalProperty' in err.params) {
+                field = field ? `${field}.${err.params.additionalProperty}` : err.params.additionalProperty;
+                message = 'is not allowed';
+            }
+            else if ('limit' in err.params) {
+                message = `${message} (limit: ${err.params.limit})`;
+            }
+        }
+        return {
+            field: field || '(root)',
+            message,
+            value: err.data
+        };
+    });
+}
+/**
+ * Create ValidationResult from validator output
+ */
+function createResult(validator, data) {
+    const valid = validator(data);
+    const errors = formatErrors(validator.errors);
+    return {
+        valid: valid === true,
+        errors,
+        getErrorMessage() {
+            if (this.valid) {
+                return '';
+            }
+            return this.errors
+                .map(e => {
+                if (e.field === '(root)') {
+                    return e.message;
+                }
+                return `${e.field}: ${e.message}`;
+            })
+                .join('; ');
+        }
+    };
+}
+/**
+ * Validate HDF Results document against schema
+ */
+export function validateResults(data) {
+    const validator = getResultsValidator();
+    return createResult(validator, data);
+}
+/**
+ * Validate HDF Baseline document against schema
+ */
+export function validateBaseline(data) {
+    const validator = getBaselineValidator();
+    return createResult(validator, data);
+}
+/**
+ * Validate HDF Comparison document against schema
+ */
+export function validateComparison(data) {
+    const validator = getComparisonValidator();
+    return createResult(validator, data);
+}
+/**
+ * Validate HDF System document against schema
+ */
+export function validateSystem(data) {
+    const validator = getSystemValidator();
+    return createResult(validator, data);
+}
+/**
+ * Validate HDF Plan document against schema
+ */
+export function validatePlan(data) {
+    const validator = getPlanValidator();
+    return createResult(validator, data);
+}
+/**
+ * Validate HDF Amendments document against schema
+ */
+export function validateAmendments(data) {
+    const validator = getAmendmentsValidator();
+    return createResult(validator, data);
+}
+/**
+ * Validate HDF Evidence Package document against schema
+ */
+export function validateEvidencePackage(data) {
+    const validator = getEvidencePackageValidator();
+    return createResult(validator, data);
+}
+/**
+ * Validate HDF document (auto-detect type based on structure)
+ */
+export function validate(data) {
+    if (typeof data === 'object' && data !== null) {
+        const obj = data;
+        // HDF Results has 'baselines' array at root
+        if ('baselines' in obj) {
+            return validateResults(data);
+        }
+        // HDF Baseline has 'name' and 'requirements' at root
+        if ('name' in obj && 'requirements' in obj) {
+            return validateBaseline(data);
+        }
+        // HDF System has 'name' and 'components' at root
+        if ('name' in obj && 'components' in obj) {
+            return validateSystem(data);
+        }
+        // HDF Plan has 'name' and 'assessments' at root
+        if ('name' in obj && 'assessments' in obj) {
+            return validatePlan(data);
+        }
+        // HDF Amendments has 'name' and 'overrides' at root
+        if ('name' in obj && 'overrides' in obj) {
+            return validateAmendments(data);
+        }
+        // HDF Comparison has 'mode' and 'sources' at root
+        if ('mode' in obj && 'sources' in obj) {
+            return validateComparison(data);
+        }
+        // HDF Evidence Package has 'name' and 'contents' at root
+        if ('name' in obj && 'contents' in obj) {
+            return validateEvidencePackage(data);
+        }
+    }
+    // Cannot determine type, try results first (most common)
+    const resultsResult = validateResults(data);
+    if (resultsResult.valid) {
+        return resultsResult;
+    }
+    const baselineResult = validateBaseline(data);
+    if (baselineResult.valid) {
+        return baselineResult;
+    }
+    return resultsResult;
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../typescript/index.ts"],"names":[],"mappings":"AAAA,OAAO,GAAgD,MAAM,KAAK,CAAC;AACnE,OAAO,UAAU,MAAM,aAAa,CAAC;AAErC,iFAAiF;AACjF,OAAO,gBAAgB,MAAM,mDAAmD,CAAC;AACjF,OAAO,iBAAiB,MAAM,oDAAoD,CAAC;AACnF,OAAO,mBAAmB,MAAM,sDAAsD,CAAC;AACvF,OAAO,eAAe,MAAM,kDAAkD,CAAC;AAC/E,OAAO,aAAa,MAAM,gDAAgD,CAAC;AAC3E,OAAO,mBAAmB,MAAM,sDAAsD,CAAC;AACvF,OAAO,wBAAwB,MAAM,4DAA4D,CAAC;AAClG,OAAO,YAAY,MAAM,yDAAyD,CAAC;AACnF,OAAO,gBAAgB,MAAM,6DAA6D,CAAC;AAC3F,OAAO,cAAc,MAAM,2DAA2D,CAAC;AACvF,OAAO,YAAY,MAAM,yDAAyD,CAAC;AACnF,OAAO,YAAY,MAAM,yDAAyD,CAAC;AACnF,OAAO,gBAAgB,MAAM,6DAA6D,CAAC;AAC3F,OAAO,YAAY,MAAM,yDAAyD,CAAC;AACnF,OAAO,eAAe,MAAM,4DAA4D,CAAC;AACzF,OAAO,YAAY,MAAM,yDAAyD,CAAC;AACnF,OAAO,UAAU,MAAM,uDAAuD,CAAC;AAC/E,OAAO,gBAAgB,MAAM,6DAA6D,CAAC;AAC3F,OAAO,gBAAgB,MAAM,6DAA6D,CAAC;AAC3F,OAAO,eAAe,MAAM,4DAA4D,CAAC;AACzF,OAAO,cAAc,MAAM,4DAA4D,CAAC;AAoBxF;;GAEG;AACH,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC;QAClB,SAAS,EAAE,IAAI;QACf,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,KAAK;QACb,eAAe,EAAE,IAAI;QACrB,cAAc,EAAE,KAAK,CAAC,8CAA8C;KACrE,CAAC,CAAC;IAEH,+CAA+C;IAC/C,UAAU,CAAC,GAAG,CAAC,CAAC;IAEhB,sDAAsD;IACtD,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC5B,GAAG,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IAC9B,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC5B,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC5B,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IAChC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC5B,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IAC/B,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC,CAAG,gEAAgE;IACnG,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IAChC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC5B,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC1B,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IAChC,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IAC/B,GAAG,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IAE9B,OAAO,GAAG,CAAC;AACb,CAAC;AAED,yBAAyB;AACzB,MAAM,GAAG,GAAG,eAAe,EAAE,CAAC;AAE9B,6CAA6C;AAC7C,IAAI,gBAAgB,GAA4B,IAAI,CAAC;AACrD,IAAI,iBAAiB,GAA4B,IAAI,CAAC;AACtD,IAAI,mBAAmB,GAA4B,IAAI,CAAC;AACxD,IAAI,eAAe,GAA4B,IAAI,CAAC;AACpD,IAAI,aAAa,GAA4B,IAAI,CAAC;AAClD,IAAI,mBAAmB,GAA4B,IAAI,CAAC;AACxD,IAAI,wBAAwB,GAA4B,IAAI,CAAC;AAE7D,SAAS,mBAAmB;IAC1B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,gBAAgB,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,SAAS,oBAAoB;IAC3B,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,iBAAiB,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED,SAAS,sBAAsB;IAC7B,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,mBAAmB,GAAG,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAED,SAAS,kBAAkB;IACzB,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,SAAS,gBAAgB;IACvB,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,sBAAsB;IAC7B,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,mBAAmB,GAAG,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAED,SAAS,2BAA2B;IAClC,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAC9B,wBAAwB,GAAG,GAAG,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;IACnE,CAAC;IACD,OAAO,wBAAwB,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,MAAwC;IAC5D,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;QACtB,+DAA+D;QAC/D,IAAI,KAAK,GAAG,GAAG,CAAC,YAAY;aACzB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;aAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAEvB,sDAAsD;QACtD,IAAI,CAAC,KAAK,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC5C,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,QAAQ,CAAC;QACtD,CAAC;QAED,gBAAgB;QAChB,IAAI,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,mBAAmB,CAAC;QACjD,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;YACf,sCAAsC;YACtC,IAAI,iBAAiB,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBACpC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC;gBACtF,OAAO,GAAG,aAAa,CAAC;YAC1B,CAAC;iBAAM,IAAI,oBAAoB,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBAC9C,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,kBAAkB,CAAC;gBAC5F,OAAO,GAAG,gBAAgB,CAAC;YAC7B,CAAC;iBAAM,IAAI,OAAO,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBACjC,OAAO,GAAG,GAAG,OAAO,YAAY,GAAG,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC;YACtD,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,KAAK,IAAI,QAAQ;YACxB,OAAO;YACP,KAAK,EAAE,GAAG,CAAC,IAAI;SAChB,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,SAA2B,EAAE,IAAa;IAC9D,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAE9B,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAE9C,OAAO;QACL,KAAK,EAAE,KAAK,KAAK,IAAI;QACrB,MAAM;QACN,eAAe;YACb,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,OAAO,IAAI,CAAC,MAAM;iBACf,GAAG,CAAC,CAAC,CAAC,EAAE;gBACP,IAAI,CAAC,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACzB,OAAO,CAAC,CAAC,OAAO,CAAC;gBACnB,CAAC;gBACD,OAAO,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;YACpC,CAAC,CAAC;iBACD,IAAI,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAa;IAC3C,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IACxC,OAAO,YAAY,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAa;IAC5C,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;IACzC,OAAO,YAAY,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAa;IAC9C,MAAM,SAAS,GAAG,sBAAsB,EAAE,CAAC;IAC3C,OAAO,YAAY,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,IAAa;IAC1C,MAAM,SAAS,GAAG,kBAAkB,EAAE,CAAC;IACvC,OAAO,YAAY,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,IAAa;IACxC,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;IACrC,OAAO,YAAY,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAa;IAC9C,MAAM,SAAS,GAAG,sBAAsB,EAAE,CAAC;IAC3C,OAAO,YAAY,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAa;IACnD,MAAM,SAAS,GAAG,2BAA2B,EAAE,CAAC;IAChD,OAAO,YAAY,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,IAAa;IACpC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAC9C,MAAM,GAAG,GAAG,IAA+B,CAAC;QAE5C,4CAA4C;QAC5C,IAAI,WAAW,IAAI,GAAG,EAAE,CAAC;YACvB,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;QAED,qDAAqD;QACrD,IAAI,MAAM,IAAI,GAAG,IAAI,cAAc,IAAI,GAAG,EAAE,CAAC;YAC3C,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;QAED,iDAAiD;QACjD,IAAI,MAAM,IAAI,GAAG,IAAI,YAAY,IAAI,GAAG,EAAE,CAAC;YACzC,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC;QAC9B,CAAC;QAED,gDAAgD;QAChD,IAAI,MAAM,IAAI,GAAG,IAAI,aAAa,IAAI,GAAG,EAAE,CAAC;YAC1C,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC;QAED,oDAAoD;QACpD,IAAI,MAAM,IAAI,GAAG,IAAI,WAAW,IAAI,GAAG,EAAE,CAAC;YACxC,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC;QAED,kDAAkD;QAClD,IAAI,MAAM,IAAI,GAAG,IAAI,SAAS,IAAI,GAAG,EAAE,CAAC;YACtC,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC;QAED,yDAAyD;QACzD,IAAI,MAAM,IAAI,GAAG,IAAI,UAAU,IAAI,GAAG,EAAE,CAAC;YACvC,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,MAAM,aAAa,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IAC5C,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,MAAM,cAAc,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IAC9C,IAAI,cAAc,CAAC,KAAK,EAAE,CAAC;QACzB,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,OAAO,aAAa,CAAC;AACvB,CAAC"}

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "@mitre/hdf-validators",
+  "version": "2.0.0",
+  "description": "JSON Schema validation for HDF documents (Results and Baselines)",
+  "publishConfig": {
+    "access": "public"
+  },
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "development": "./typescript/index.ts",
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mitre/hdf-libs.git",
+    "directory": "hdf-validators"
+  },
+  "author": "MITRE Corporation",
+  "license": "Apache-2.0",
+  "dependencies": {
+    "ajv": "^8.17.1",
+    "ajv-formats": "^3.0.1",
+    "@mitre/hdf-schema": "2.0.0"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "keywords": [
+    "hdf",
+    "heimdall",
+    "validation",
+    "json-schema"
+  ],
+  "devDependencies": {
+    "@stryker-mutator/core": "^9.5.1",
+    "@stryker-mutator/vitest-runner": "^9.5.1"
+  },
+  "scripts": {
+    "build": "pnpm clean && tsc",
+    "clean": "rimraf dist",
+    "test": "pnpm run test:ts && pnpm run test:go",
+    "test:ts": "vitest run",
+    "test:go": "cd go && go test ./...",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "type-check": "tsc --noEmit",
+    "lint": "eslint typescript",
+    "lint:fix": "eslint typescript --fix"
+  }
+}