npm - @open-agreements/open-agreements - Versions diffs - 0.2.2 → 0.3.1 - Mend

@open-agreements/open-agreements 0.2.2 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (143) hide show

package/dist/core/validation/template.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"template.js","sourceRoot":"","sources":["../../../src/core/validation/template.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,MAAM,MAAM,SAAS,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AASlE;;;;GAIG;AACH,SAAS,eAAe,CAAC,QAAgB;IACvC,MAAM,GAAG,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,WAAW,GAAG,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;IACtD,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAEpD,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,SAAS,GAAG,2BAA2B,CAAC;IAC9C,IAAI,SAAS,CAAC;IACd,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAClD,MAAM,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,2BAA2B,CAAC;QAC3C,IAAI,MAAM,CAAC;QACX,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAChD,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,WAAmB,EAAE,UAAkB;IACtE,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,QAAQ,CAAC;IACb,IAAI,CAAC;QACH,QAAQ,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,UAAU;YACV,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,CAAC,4BAA6B,GAAa,CAAC,OAAO,EAAE,CAAC;YAC9D,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;IACxD,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,OAAO;YACL,UAAU;YACV,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,CAAC,+CAA+C,CAAC;YACzD,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACvE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IAE7D,uDAAuD;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,WAAW,EAAE,mBAAmB,CAAC,CAAC;IAChE,MAAM,eAAe,GAAG,UAAU,CAAC,gBAAgB,CAAC,CAAC;IAErD,IAAI,eAAe,EAAE,CAAC;QACpB,uEAAuE;QACvE,sFAAsF;QACtF,IAAI,YAAoC,CAAC;QACzC,IAAI,CAAC;YACH,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC;QACrE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,UAAU;gBACV,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,CAAC,sCAAuC,GAAa,CAAC,OAAO,EAAE,CAAC;gBACxE,QAAQ;aACT,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;QAE/C,4DAA4D;QAC5D,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YAC5C,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;YAC1C,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBACnC,MAAM,CAAC,IAAI,CACT,oBAAoB,UAAU,8BAA8B,CAC7D,CAAC;YACJ,CAAC;QACH,CAAC;QAED,2DAA2D;QAC3D,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;QACpC,MAAM,sBAAsB,GAAG,IAAI,GAAG,EAAU,CAAC;QAEjD,iEAAiE;QACjE,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YAChD,MAAM,gBAAgB,GAAG,YAAY,CAAC;YACtC,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACvD,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;~~YAC1B~~,CAAC;YACD,MAAM,gBAAgB,GAAG,iBAAiB,CAAC;YAC3C,IAAI,SAAS,CAAC;YACd,OAAO,CAAC,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3D,sBAAsB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,8DAA8D;QAC9D,MAAM,oBAAoB,GAAG,YAAY,CAAC;QAC1C,IAAI,SAAS,CAAC;QACd,OAAO,CAAC,SAAS,GAAG,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAClE,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC;QACD,MAAM,oBAAoB,GAAG,iBAAiB,CAAC;QAC/C,IAAI,aAAa,CAAC;QAClB,OAAO,CAAC,aAAa,GAAG,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtE,sBAAsB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC;QAED,4CAA4C;QAC5C,KAAK,MAAM,SAAS,IAAI,kBAAkB,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,sBAAsB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACjF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,IAAI,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;oBACtC,MAAM,CAAC,IAAI,CACT,mBAAmB,SAAS,4EAA4E,CACzG,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,QAAQ,CAAC,IAAI,CACX,mBAAmB,SAAS,4EAA4E,CACzG,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,~~iCAAiC~~;~~QACjC~~,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;QAC7C,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;YAC5B,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YACrC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjC,QAAQ,CAAC,IAAI,CACX,gBAAgB,GAAG,~~qEAAqE~~,~~CACzF~~,CAAC;~~YACJ~~,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,wDAAwD;QACxD,MAAM,IAAI,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;QAC3C,MAAM,gBAAgB,GAAG,YAAY,CAAC;QACtC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;QACpC,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtD,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1B,CAAC;QAED,MAAM,gBAAgB,GAAG,iBAAiB,CAAC;QAC3C,MAAM,sBAAsB,GAAG,IAAI,GAAG,EAAU,CAAC;QACjD,IAAI,SAAS,CAAC;QACd,OAAO,CAAC,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC1D,sBAAsB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;QAED,qDAAqD;QACrD,MAAM,YAAY,GAAG,uBAAuB,CAAC;QAC7C,IAAI,QAAQ,CAAC;QACb,OAAO,CAAC,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACrD,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QAED,4EAA4E;QAC5E,uEAAuE;QACvE,MAAM,MAAM,GAAG,qBAAqB,CAAC,YAAY,CAAC,CAAC;QACnD,IAAI,MAAM,EAAE,CAAC;YACX,yBAAyB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC5C,CAAC;QAED,+CAA+C;QAC/C,KAAK,MAAM,SAAS,IAAI,kBAAkB,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,sBAAsB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACjF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,IAAI,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;oBACtC,MAAM,CAAC,IAAI,CACT,mBAAmB,SAAS,2CAA2C,SAAS,oBAAoB,CACrG,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,QAAQ,CAAC,IAAI,CACX,mBAAmB,SAAS,2CAA2C,SAAS,oBAAoB,CACrG,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;QAC7C,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;YAC5B,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YACrC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjC,QAAQ,CAAC,IAAI,CACX,gBAAgB,GAAG,6DAA6D,CACjF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;AACtE,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,MAAM,GAAG,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;IAChD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,OAAO,KAAK,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,GAAG,6JAA6J,CAAC;AAElL;;;;;;;;GAQG;AACH,SAAS,yBAAyB,CAAC,GAAW,EAAE,MAAgB;IAC9D,4EAA4E;IAC5E,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,SAAS,GAAG,2BAA2B,CAAC;IAC9C,IAAI,SAAS,CAAC;IACd,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAClD,MAAM,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,2BAA2B,CAAC;QAC3C,IAAI,MAAM,CAAC;QACX,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAChD,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEvC,8CAA8C;IAC9C,MAAM,UAAU,GAAG,YAAY,CAAC;IAChC,IAAI,UAAU,CAAC;IACf,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACzD,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CACT,wBAAwB,KAAK,4BAA4B;gBACzD,+EAA+E;gBAC/E,2FAA2F,CAC5F,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC"}
1	+ {"version":3,"file":"template.js","sourceRoot":"","sources":["../../../src/core/validation/template.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,MAAM,MAAM,SAAS,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AASlE;;;;GAIG;AACH,SAAS,eAAe,CAAC,QAAgB;IACvC,MAAM,GAAG,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,WAAW,GAAG,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;IACtD,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAEpD,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,SAAS,GAAG,2BAA2B,CAAC;IAC9C,IAAI,SAAS,CAAC;IACd,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAClD,MAAM,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,2BAA2B,CAAC;QAC3C,IAAI,MAAM,CAAC;QACX,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAChD,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,WAAmB,EAAE,UAAkB;IACtE,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,QAAQ,CAAC;IACb,IAAI,CAAC;QACH,QAAQ,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,UAAU;YACV,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,CAAC,4BAA6B,GAAa,CAAC,OAAO,EAAE,CAAC;YAC9D,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;IACxD,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,OAAO;YACL,UAAU;YACV,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,CAAC,+CAA+C,CAAC;YACzD,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACvE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IAE7D,uDAAuD;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,WAAW,EAAE,mBAAmB,CAAC,CAAC;IAChE,MAAM,eAAe,GAAG,UAAU,CAAC,gBAAgB,CAAC,CAAC;IAErD,IAAI,eAAe,EAAE,CAAC;QACpB,uEAAuE;QACvE,sFAAsF;QACtF,IAAI,YAAoC,CAAC;QACzC,IAAI,CAAC;YACH,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC;QACrE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,UAAU;gBACV,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,CAAC,sCAAuC,GAAa,CAAC,OAAO,EAAE,CAAC;gBACxE,QAAQ;aACT,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;QAE/C,4DAA4D;QAC5D,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YAC5C,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;YAC1C,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBACnC,MAAM,CAAC,IAAI,CACT,oBAAoB,UAAU,8BAA8B,CAC7D,CAAC;YACJ,CAAC;QACH,CAAC;QAED,2DAA2D;QAC3D,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;QACpC,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC,CAAC,4CAA4C;QACvF,MAAM,sBAAsB,GAAG,IAAI,GAAG,EAAU,CAAC;QAEjD,iEAAiE;QACjE,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YAChD,MAAM,gBAAgB,GAAG,YAAY,CAAC;YACtC,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACvD,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBACxB,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAChC,CAAC;YACD,MAAM,gBAAgB,GAAG,iBAAiB,CAAC;YAC3C,IAAI,SAAS,CAAC;YACd,OAAO,CAAC,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3D,sBAAsB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,8DAA8D;QAC9D,MAAM,oBAAoB,GAAG,YAAY,CAAC;QAC1C,IAAI,SAAS,CAAC;QACd,OAAO,CAAC,SAAS,GAAG,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAClE,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC;QACD,MAAM,oBAAoB,GAAG,iBAAiB,CAAC;QAC/C,IAAI,aAAa,CAAC;QAClB,OAAO,CAAC,aAAa,GAAG,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtE,sBAAsB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC;QAED,4CAA4C;QAC5C,KAAK,MAAM,SAAS,IAAI,kBAAkB,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,sBAAsB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACjF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,IAAI,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;oBACtC,MAAM,CAAC,IAAI,CACT,mBAAmB,SAAS,4EAA4E,CACzG,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,QAAQ,CAAC,IAAI,CACX,mBAAmB,SAAS,4EAA4E,CACzG,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,wEAAwE;QACxE,sEAAsE;QACtE,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;QAC7C,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;YAC5B,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YACrC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjC,IAAI,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC7B,MAAM,CAAC,IAAI,CACT,+BAA+B,GAAG,kEAAkE,CACrG,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,QAAQ,CAAC,IAAI,CACX,gBAAgB,GAAG,wDAAwD,CAC5E,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,wDAAwD;QACxD,MAAM,IAAI,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;QAC3C,MAAM,gBAAgB,GAAG,YAAY,CAAC;QACtC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;QACpC,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtD,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1B,CAAC;QAED,MAAM,gBAAgB,GAAG,iBAAiB,CAAC;QAC3C,MAAM,sBAAsB,GAAG,IAAI,GAAG,EAAU,CAAC;QACjD,IAAI,SAAS,CAAC;QACd,OAAO,CAAC,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC1D,sBAAsB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;QAED,qDAAqD;QACrD,MAAM,YAAY,GAAG,uBAAuB,CAAC;QAC7C,IAAI,QAAQ,CAAC;QACb,OAAO,CAAC,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACrD,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QAED,4EAA4E;QAC5E,uEAAuE;QACvE,MAAM,MAAM,GAAG,qBAAqB,CAAC,YAAY,CAAC,CAAC;QACnD,IAAI,MAAM,EAAE,CAAC;YACX,yBAAyB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC5C,CAAC;QAED,+CAA+C;QAC/C,KAAK,MAAM,SAAS,IAAI,kBAAkB,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,sBAAsB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACjF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,IAAI,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;oBACtC,MAAM,CAAC,IAAI,CACT,mBAAmB,SAAS,2CAA2C,SAAS,oBAAoB,CACrG,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,QAAQ,CAAC,IAAI,CACX,mBAAmB,SAAS,2CAA2C,SAAS,oBAAoB,CACrG,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;QAC7C,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;YAC5B,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YACrC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjC,QAAQ,CAAC,IAAI,CACX,gBAAgB,GAAG,6DAA6D,CACjF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;AACtE,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,MAAM,GAAG,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;IAChD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,OAAO,KAAK,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,GAAG,6JAA6J,CAAC;AAElL;;;;;;;;GAQG;AACH,SAAS,yBAAyB,CAAC,GAAW,EAAE,MAAgB;IAC9D,4EAA4E;IAC5E,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,SAAS,GAAG,2BAA2B,CAAC;IAC9C,IAAI,SAAS,CAAC;IACd,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAClD,MAAM,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,2BAA2B,CAAC;QAC3C,IAAI,MAAM,CAAC;QACX,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAChD,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEvC,8CAA8C;IAC9C,MAAM,UAAU,GAAG,YAAY,CAAC;IAChC,IAAI,UAAU,CAAC;IACf,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACzD,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CACT,wBAAwB,KAAK,4BAA4B;gBACzD,+EAA+E;gBAC/E,2FAA2F,CAC5F,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/index.d.ts CHANGED Viewed

@@ -11,6 +11,8 @@ export { assessScanMetadataCoverage, type ScanMetadataCoverageInput, type ScanMe
 export { runRecipe, cleanDocument, patchDocument, verifyOutput, ensureSourceDocx, checkRecipeSourceDrift, computeSourceStructureSignature, type RecipeRunOptions, type RecipeRunResult, type VerifyResult, type VerifyCheck, } from './core/recipe/index.js';
 export { buildChecklistTemplateContext, ClosingChecklistSchema, ChecklistPatchEnvelopeSchema, ChecklistPatchApplyRequestSchema, ChecklistPatchOperationSchema, PatchCitationSchema, ChecklistPatchModeEnum, JsonPointerSchema, CHECKLIST_PATCH_VALIDATION_TTL_MS, applyChecklistPatchOperations, computeChecklistPatchHash, validateChecklistPatch, getChecklistPatchValidationArtifact, setChecklistPatchValidationStore, getChecklistPatchValidationStore, applyChecklistPatch, setChecklistAppliedPatchStore, getChecklistAppliedPatchStore, setChecklistProposedPatchStore, getChecklistProposedPatchStore, type ClosingChecklist, type ChecklistPatchEnvelope, type ChecklistPatchApplyRequest, type ChecklistPatchOperation, type PatchCitation, type ChecklistPatchMode, type JsonPointer, type ChecklistPatchValidationErrorCode, type ChecklistPatchValidationDiagnostic, type ResolvedChecklistPatchOperation, type ChecklistPatchValidationArtifact, type ChecklistPatchValidationStore, type ValidateChecklistPatchInput, type ChecklistPatchValidationSuccess, type ChecklistPatchValidationFailure, type ChecklistPatchValidationResult, type ChecklistAppliedPatchRecord, type ChecklistAppliedPatchStore, type ChecklistProposedPatchRecord, type ChecklistProposedPatchStore, type ChecklistPatchApplyErrorCode, type ChecklistPatchApplyFailure, type ChecklistPatchApplySuccess, type ChecklistPatchApplyResult, type ApplyChecklistPatchInput, } from './core/checklist/index.js';
 export { ChecklistStageEnum, ChecklistEntryStatusEnum, SignatoryStatusEnum, ChecklistItemStatusEnum, IssueStatusEnum, ResponsibilitySchema, CitationSchema, SignatureArtifactSchema, SignatorySchema, ChecklistDocumentSchema, ChecklistEntrySchema, ActionItemSchema, IssueSchema, type ChecklistStage, type ChecklistEntryStatus, type SignatoryStatus, type ChecklistItemStatus, type IssueStatus, type Responsibility, type Citation, type SignatureArtifact, type Signatory, type ChecklistDocument, type ChecklistEntry, type ActionItem, type Issue, } from './core/checklist/schemas.js';
+export { listTemplateItems, type TemplateListItem, type TemplateListField, } from './core/template-listing.js';
+export { listTemplateEntries, findTemplateDir, type ContentEntry } from './utils/paths.js';
 export type { ToolCommandAdapter } from './core/command-generation/types.js';
 export { ClaudeCodeAdapter } from './core/command-generation/adapters/claude.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,KAAK,WAAW,EAAE,KAAK,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAGnF,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,eAAe,EACf,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,WAAW,EACX,qBAAqB,EACrB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,KAAK,OAAO,GACb,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,eAAe,EACf,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,GACxB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,sBAAsB,EACtB,KAAK,gBAAgB,GACtB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,gBAAgB,EAAE,KAAK,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAChG,OAAO,EAAE,eAAe,EAAE,KAAK,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAC7F,OAAO,EAAE,cAAc,EAAE,KAAK,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAC1F,OAAO,EAAE,cAAc,EAAE,KAAK,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAC1F,OAAO,EAAE,gBAAgB,EAAE,KAAK,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAChG,OAAO,EACL,0BAA0B,EAC1B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,GAChC,MAAM,oCAAoC,CAAC;AAG5C,OAAO,EACL,SAAS,EACT,aAAa,EACb,aAAa,EACb,YAAY,EACZ,gBAAgB,EAChB,sBAAsB,EACtB,+BAA+B,EAC/B,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,WAAW,GACjB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,gCAAgC,EAChC,6BAA6B,EAC7B,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,iCAAiC,EACjC,6BAA6B,EAC7B,yBAAyB,EACzB,sBAAsB,EACtB,mCAAmC,EACnC,gCAAgC,EAChC,gCAAgC,EAChC,mBAAmB,EACnB,6BAA6B,EAC7B,6BAA6B,EAC7B,8BAA8B,EAC9B,8BAA8B,EAC9B,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,0BAA0B,EAC/B,KAAK,uBAAuB,EAC5B,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACvB,KAAK,WAAW,EAChB,KAAK,iCAAiC,EACtC,KAAK,kCAAkC,EACvC,KAAK,+BAA+B,EACpC,KAAK,gCAAgC,EACrC,KAAK,6BAA6B,EAClC,KAAK,2BAA2B,EAChC,KAAK,+BAA+B,EACpC,KAAK,+BAA+B,EACpC,KAAK,8BAA8B,EACnC,KAAK,2BAA2B,EAChC,KAAK,0BAA0B,EAC/B,KAAK,4BAA4B,EACjC,KAAK,2BAA2B,EAChC,KAAK,4BAA4B,EACjC,KAAK,0BAA0B,EAC/B,KAAK,0BAA0B,EAC/B,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,GAC9B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,wBAAwB,EACxB,mBAAmB,EACnB,uBAAuB,EACvB,eAAe,EACf,oBAAoB,EACpB,cAAc,EACd,uBAAuB,EACvB,eAAe,EACf,uBAAuB,EACvB,oBAAoB,EACpB,gBAAgB,EAChB,WAAW,EACX,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,QAAQ,EACb,KAAK,iBAAiB,EACtB,KAAK,SAAS,EACd,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,KAAK,KAAK,GACX,MAAM,6BAA6B,CAAC;AAGrC,YAAY,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AAC7E,OAAO,EAAE,iBAAiB,EAAE,MAAM,8CAA8C,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,KAAK,WAAW,EAAE,KAAK,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAGnF,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,eAAe,EACf,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,WAAW,EACX,qBAAqB,EACrB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,KAAK,OAAO,GACb,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,eAAe,EACf,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,GACxB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,sBAAsB,EACtB,KAAK,gBAAgB,GACtB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,gBAAgB,EAAE,KAAK,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAChG,OAAO,EAAE,eAAe,EAAE,KAAK,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAC7F,OAAO,EAAE,cAAc,EAAE,KAAK,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAC1F,OAAO,EAAE,cAAc,EAAE,KAAK,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAC1F,OAAO,EAAE,gBAAgB,EAAE,KAAK,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAChG,OAAO,EACL,0BAA0B,EAC1B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,GAChC,MAAM,oCAAoC,CAAC;AAG5C,OAAO,EACL,SAAS,EACT,aAAa,EACb,aAAa,EACb,YAAY,EACZ,gBAAgB,EAChB,sBAAsB,EACtB,+BAA+B,EAC/B,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,WAAW,GACjB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,gCAAgC,EAChC,6BAA6B,EAC7B,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,iCAAiC,EACjC,6BAA6B,EAC7B,yBAAyB,EACzB,sBAAsB,EACtB,mCAAmC,EACnC,gCAAgC,EAChC,gCAAgC,EAChC,mBAAmB,EACnB,6BAA6B,EAC7B,6BAA6B,EAC7B,8BAA8B,EAC9B,8BAA8B,EAC9B,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,0BAA0B,EAC/B,KAAK,uBAAuB,EAC5B,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACvB,KAAK,WAAW,EAChB,KAAK,iCAAiC,EACtC,KAAK,kCAAkC,EACvC,KAAK,+BAA+B,EACpC,KAAK,gCAAgC,EACrC,KAAK,6BAA6B,EAClC,KAAK,2BAA2B,EAChC,KAAK,+BAA+B,EACpC,KAAK,+BAA+B,EACpC,KAAK,8BAA8B,EACnC,KAAK,2BAA2B,EAChC,KAAK,0BAA0B,EAC/B,KAAK,4BAA4B,EACjC,KAAK,2BAA2B,EAChC,KAAK,4BAA4B,EACjC,KAAK,0BAA0B,EAC/B,KAAK,0BAA0B,EAC/B,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,GAC9B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,wBAAwB,EACxB,mBAAmB,EACnB,uBAAuB,EACvB,eAAe,EACf,oBAAoB,EACpB,cAAc,EACd,uBAAuB,EACvB,eAAe,EACf,uBAAuB,EACvB,oBAAoB,EACpB,gBAAgB,EAChB,WAAW,EACX,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,QAAQ,EACb,KAAK,iBAAiB,EACtB,KAAK,SAAS,EACd,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,KAAK,KAAK,GACX,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EACL,iBAAiB,EACjB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,GACvB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,KAAK,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAG3F,YAAY,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AAC7E,OAAO,EAAE,iBAAiB,EAAE,MAAM,8CAA8C,CAAC"}

package/dist/index.js CHANGED Viewed

@@ -19,5 +19,9 @@ export { runRecipe, cleanDocument, patchDocument, verifyOutput, ensureSourceDocx
 // Closing checklist
 export { buildChecklistTemplateContext, ClosingChecklistSchema, ChecklistPatchEnvelopeSchema, ChecklistPatchApplyRequestSchema, ChecklistPatchOperationSchema, PatchCitationSchema, ChecklistPatchModeEnum, JsonPointerSchema, CHECKLIST_PATCH_VALIDATION_TTL_MS, applyChecklistPatchOperations, computeChecklistPatchHash, validateChecklistPatch, getChecklistPatchValidationArtifact, setChecklistPatchValidationStore, getChecklistPatchValidationStore, applyChecklistPatch, setChecklistAppliedPatchStore, getChecklistAppliedPatchStore, setChecklistProposedPatchStore, getChecklistProposedPatchStore, } from './core/checklist/index.js';
 export { ChecklistStageEnum, ChecklistEntryStatusEnum, SignatoryStatusEnum, ChecklistItemStatusEnum, IssueStatusEnum, ResponsibilitySchema, CitationSchema, SignatureArtifactSchema, SignatorySchema, ChecklistDocumentSchema, ChecklistEntrySchema, ActionItemSchema, IssueSchema, } from './core/checklist/schemas.js';
+// Template listing
+export { listTemplateItems, } from './core/template-listing.js';
+// Template discovery
+export { listTemplateEntries, findTemplateDir } from './utils/paths.js';
 export { ClaudeCodeAdapter } from './core/command-generation/adapters/claude.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,qBAAqB;AAErB,kBAAkB;AAClB,OAAO,EAAE,YAAY,EAAqC,MAAM,kBAAkB,CAAC;AAEnF,+BAA+B;AAC/B,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,eAAe,EACf,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,WAAW,EACX,qBAAqB,GAMtB,MAAM,oBAAoB,CAAC;AAE5B,2BAA2B;AAC3B,OAAO,EACL,eAAe,GAGhB,MAAM,0BAA0B,CAAC;AAElC,0CAA0C;AAC1C,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,sBAAsB,GAEvB,MAAM,oBAAoB,CAAC;AAE5B,sBAAsB;AACtB,OAAO,EAAE,gBAAgB,EAAiC,MAAM,+BAA+B,CAAC;AAChG,OAAO,EAAE,eAAe,EAAgC,MAAM,8BAA8B,CAAC;AAC7F,OAAO,EAAE,cAAc,EAA+B,MAAM,6BAA6B,CAAC;AAC1F,OAAO,EAAE,cAAc,EAA+B,MAAM,6BAA6B,CAAC;AAC1F,OAAO,EAAE,gBAAgB,EAAiC,MAAM,+BAA+B,CAAC;AAChG,OAAO,EACL,0BAA0B,GAG3B,MAAM,oCAAoC,CAAC;AAE5C,gBAAgB;AAChB,OAAO,EACL,SAAS,EACT,aAAa,EACb,aAAa,EACb,YAAY,EACZ,gBAAgB,EAChB,sBAAsB,EACtB,+BAA+B,GAKhC,MAAM,wBAAwB,CAAC;AAEhC,oBAAoB;AACpB,OAAO,EACL,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,gCAAgC,EAChC,6BAA6B,EAC7B,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,iCAAiC,EACjC,6BAA6B,EAC7B,yBAAyB,EACzB,sBAAsB,EACtB,mCAAmC,EACnC,gCAAgC,EAChC,gCAAgC,EAChC,mBAAmB,EACnB,6BAA6B,EAC7B,6BAA6B,EAC7B,8BAA8B,EAC9B,8BAA8B,GA0B/B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,wBAAwB,EACxB,mBAAmB,EACnB,uBAAuB,EACvB,eAAe,EACf,oBAAoB,EACpB,cAAc,EACd,uBAAuB,EACvB,eAAe,EACf,uBAAuB,EACvB,oBAAoB,EACpB,gBAAgB,EAChB,WAAW,GAcZ,MAAM,6BAA6B,CAAC;~~AAIrC~~,OAAO,EAAE,iBAAiB,EAAE,MAAM,8CAA8C,CAAC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,qBAAqB;AAErB,kBAAkB;AAClB,OAAO,EAAE,YAAY,EAAqC,MAAM,kBAAkB,CAAC;AAEnF,+BAA+B;AAC/B,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,eAAe,EACf,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,WAAW,EACX,qBAAqB,GAMtB,MAAM,oBAAoB,CAAC;AAE5B,2BAA2B;AAC3B,OAAO,EACL,eAAe,GAGhB,MAAM,0BAA0B,CAAC;AAElC,0CAA0C;AAC1C,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,sBAAsB,GAEvB,MAAM,oBAAoB,CAAC;AAE5B,sBAAsB;AACtB,OAAO,EAAE,gBAAgB,EAAiC,MAAM,+BAA+B,CAAC;AAChG,OAAO,EAAE,eAAe,EAAgC,MAAM,8BAA8B,CAAC;AAC7F,OAAO,EAAE,cAAc,EAA+B,MAAM,6BAA6B,CAAC;AAC1F,OAAO,EAAE,cAAc,EAA+B,MAAM,6BAA6B,CAAC;AAC1F,OAAO,EAAE,gBAAgB,EAAiC,MAAM,+BAA+B,CAAC;AAChG,OAAO,EACL,0BAA0B,GAG3B,MAAM,oCAAoC,CAAC;AAE5C,gBAAgB;AAChB,OAAO,EACL,SAAS,EACT,aAAa,EACb,aAAa,EACb,YAAY,EACZ,gBAAgB,EAChB,sBAAsB,EACtB,+BAA+B,GAKhC,MAAM,wBAAwB,CAAC;AAEhC,oBAAoB;AACpB,OAAO,EACL,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,gCAAgC,EAChC,6BAA6B,EAC7B,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,iCAAiC,EACjC,6BAA6B,EAC7B,yBAAyB,EACzB,sBAAsB,EACtB,mCAAmC,EACnC,gCAAgC,EAChC,gCAAgC,EAChC,mBAAmB,EACnB,6BAA6B,EAC7B,6BAA6B,EAC7B,8BAA8B,EAC9B,8BAA8B,GA0B/B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,wBAAwB,EACxB,mBAAmB,EACnB,uBAAuB,EACvB,eAAe,EACf,oBAAoB,EACpB,cAAc,EACd,uBAAuB,EACvB,eAAe,EACf,uBAAuB,EACvB,oBAAoB,EACpB,gBAAgB,EAChB,WAAW,GAcZ,MAAM,6BAA6B,CAAC;AAErC,mBAAmB;AACnB,OAAO,EACL,iBAAiB,GAGlB,MAAM,4BAA4B,CAAC;AAEpC,qBAAqB;AACrB,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAqB,MAAM,kBAAkB,CAAC;AAI3F,OAAO,EAAE,iBAAiB,EAAE,MAAM,8CAA8C,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@open-agreements/open-agreements",
-  "version": "0.2.2",
+  "version": "0.3.1",
   "workspaces": [
     "packages/allure-test-factory",
     "packages/contract-templates-mcp",
@@ -106,7 +106,13 @@
     "nvca",
     "template-engine",
     "document-generation",
-    "contract-automation"
+    "contract-automation",
+    "iso-27001",
+    "soc-2",
+    "compliance",
+    "audit",
+    "grc",
+    "evidence-collection"
   ],
   "author": "UseJunior <steven@usejunior.com>",
   "license": "MIT",

package/skills/iso-27001-evidence-collection/CONNECTORS.md CHANGED Viewed

@@ -2,22 +2,38 @@
 ## How tool references work
-This skill uses `~~category` placeholders for optional integrations. The skill works without any connectors configured — they enhance the experience when available.
+This skill uses `~~compliance` placeholders for the Internal ISO Audit MCP server. The skill works without the server configured — it falls back to embedded checklists and CLI command reference.
 ## Connectors for this skill
-| Category | Placeholder | Recommended server | Other options |
-|----------|-------------|-------------------|---------------|
-| Compliance data | `~~compliance` | Compliance MCP server (planned — not yet available) | Local `compliance/` directory files |
+| Category | Placeholder | Server | Endpoint |
+|----------|-------------|--------|----------|
+| Compliance data | `~~compliance` | Internal ISO Audit MCP | `https://internalisoaudit.com/api/mcp` |
-### Local compliance data (current default)
+### Internal ISO Audit MCP server
-If the `compliance/` directory exists with evidence status files, the skill reads those directly. No MCP server needed — just ensure evidence files in `compliance/evidence/*.md` are up to date.
+The MCP server at `internalisoaudit.com/api/mcp` provides ISO 27001 control guidance via JSON-RPC 2.0 (streamable HTTP). Add it to your MCP client configuration:
-### Compliance MCP server (planned)
+```json
+{
+  "mcpServers": {
+    "internalisoaudit": {
+      "type": "url",
+      "url": "https://internalisoaudit.com/api/mcp"
+    }
+  }
+}
+```
-A dedicated compliance MCP server with automated gap detection and evidence freshness tracking is planned but not yet available. When released, it will be installable as a standard MCP server. Until then, the skill operates in local-data or reference-only mode.
+#### Available tools
+| Tool | Description | Key arguments |
+|------|-------------|---------------|
+| `get_control_guidance` | Full audit guidance for a specific control | `control_id` (e.g. `"A.5.15"`, `"Clause 9.2"`) |
+| `list_controls` | List all controls, optionally filtered by domain | `domain?` (`organizational`, `people`, `physical`, `technological`, `isms`) |
+| `get_nist_mapping` | ISO 27001 ↔ NIST SP 800-53 cross-reference | `control_id`, `direction?` (`iso_to_nist`, `nist_to_iso`) |
+| `search_guidance` | Full-text search across control guidance | `query`, `domain?`, `limit?` (1-50) |
 ### Fallback: Reference only
-Without any connector, the skill uses embedded checklists and CLI command reference. No organization-specific evidence status is available in this mode.
+Without the MCP server configured, the skill uses embedded checklists and CLI command reference in the `rules/` directory. No live control lookup is available in this mode.

package/skills/iso-27001-evidence-collection/SKILL.md CHANGED Viewed

@@ -86,8 +86,10 @@ Examples:
 Determine what evidence is missing or stale.
 ```
-# If compliance MCP is available:
-list_evidence_gaps(framework="iso27001_2022", tier="critical")
+# If Internal ISO Audit MCP server is available:
+search_guidance(query="evidence", domain="organizational")  # Find controls needing evidence
+list_controls(domain="technological")                       # List all tech controls to assess gaps
+get_control_guidance(control_id="A.5.15")                   # Get evidence requirements for a specific control
 # If reading local compliance data:
 # Check compliance/evidence/*.md files for upload_status != "OK"
@@ -230,8 +232,10 @@ Check completeness before submitting to auditor:
 5. **Coverage**: Critical-tier controls have at least 2 forms of evidence?
 ```
-# If compliance MCP is available:
-list_evidence_gaps(framework="iso27001_2022")  # Should return empty for complete package
+# If Internal ISO Audit MCP server is available:
+list_controls()                                             # Get all controls to verify evidence coverage
+get_control_guidance(control_id="A.8.8")                    # Check specific control's evidence expectations
+search_guidance(query="vulnerability scanning evidence")    # Find controls related to specific evidence types
 ```
 ### Step 5: Generate Evidence Index
@@ -295,6 +299,6 @@ Evidence collection procedures and control guidance developed with [Internal ISO
 ## Runtime Detection
-1. **Compliance MCP server available** (best) — Automated gap detection, evidence freshness tracking
+1. **Internal ISO Audit MCP server available** (best) — Live control guidance lookup, NIST cross-reference, full-text search across all control evidence expectations. Server: `internalisoaudit.com/api/mcp`
 2. **Local compliance data available** (good) — Reads evidence status from `compliance/evidence/*.md`
-3. **Reference only** (baseline) — Uses embedded checklists and command reference
+3. **Reference only** (baseline) — Uses embedded checklists and command reference in `rules/`

package/skills/iso-27001-internal-audit/CONNECTORS.md CHANGED Viewed

@@ -2,22 +2,38 @@
 ## How tool references work
-This skill uses `~~category` placeholders for optional integrations. The skill works without any connectors configured — they enhance the experience when available.
+This skill uses `~~compliance` placeholders for the Internal ISO Audit MCP server. The skill works without the server configured — it falls back to embedded `rules/` files for procedural guidance.
 ## Connectors for this skill
-| Category | Placeholder | Recommended server | Other options |
-|----------|-------------|-------------------|---------------|
-| Compliance data | `~~compliance` | Compliance MCP server (planned — not yet available) | Local `compliance/` directory files |
+| Category | Placeholder | Server | Endpoint |
+|----------|-------------|--------|----------|
+| Compliance data | `~~compliance` | Internal ISO Audit MCP | `https://internalisoaudit.com/api/mcp` |
-### Local compliance data (current default)
+### Internal ISO Audit MCP server
-If the `compliance/` directory exists with status and evidence files, the skill reads those directly. No MCP server needed — just ensure `compliance/status/last_refresh.yaml` is current.
+The MCP server at `internalisoaudit.com/api/mcp` provides ISO 27001 control guidance via JSON-RPC 2.0 (streamable HTTP). Add it to your MCP client configuration:
-### Compliance MCP server (planned)
+```json
+{
+  "mcpServers": {
+    "internalisoaudit": {
+      "type": "url",
+      "url": "https://internalisoaudit.com/api/mcp"
+    }
+  }
+}
+```
-A dedicated compliance MCP server with live test results, evidence freshness tracking, and real-time gap analysis is planned but not yet available. When released, it will be installable as a standard MCP server. Until then, the skill operates in local-data or reference-only mode.
+#### Available tools
+| Tool | Description | Key arguments |
+|------|-------------|---------------|
+| `get_control_guidance` | Full audit guidance for a specific control | `control_id` (e.g. `"A.5.15"`, `"Clause 9.2"`) |
+| `list_controls` | List all controls, optionally filtered by domain | `domain?` (`organizational`, `people`, `physical`, `technological`, `isms`) |
+| `get_nist_mapping` | ISO 27001 ↔ NIST SP 800-53 cross-reference | `control_id`, `direction?` (`iso_to_nist`, `nist_to_iso`) |
+| `search_guidance` | Full-text search across control guidance | `query`, `domain?`, `limit?` (1-50) |
 ### Fallback: Reference only
-Without any connector, the skill uses embedded `rules/` files for procedural guidance, control descriptions, and evidence checklists. No organization-specific status data is available in this mode.
+Without the MCP server configured, the skill uses embedded `rules/` files for procedural guidance, control descriptions, and evidence checklists. No live control lookup is available in this mode.

package/skills/iso-27001-internal-audit/SKILL.md CHANGED Viewed

@@ -97,8 +97,9 @@ For detailed per-control guidance, load `rules/<domain>.md`.
 4. **Check data freshness** — If using a monitoring dashboard or automated testing system, verify data is < 7 days old
 ```
-# If compliance MCP is available:
-check_compliance_status(framework="iso27001_2022")
+# If Internal ISO Audit MCP server is available:
+list_controls()                                    # Get all controls with tier classifications
+get_control_guidance(control_id="Clause 9.2")      # Check specific ISMS clause requirements
 # If reading local files:
 # Check compliance/status/last_refresh.yaml for staleness
@@ -137,10 +138,11 @@ Work through controls by domain, prioritizing Critical tier:
    - Record as conforming or note exception
 ```
-# If compliance MCP is available:
-get_domain_overview(domain="organizational")
-get_control_guidance(control_id="A.5.15")
-list_evidence_gaps(framework="iso27001_2022", tier="critical")
+# If Internal ISO Audit MCP server is available:
+list_controls(domain="organizational")                      # List all controls in a domain with tiers
+get_control_guidance(control_id="A.5.15")                   # Full guidance: auditor hints, pitfalls, evidence
+search_guidance(query="access review", domain="organizational")  # Find related controls by keyword
+get_nist_mapping(control_id="A.5.15")                       # Cross-reference to NIST SP 800-53
 ```
 ### Step 4: Evidence Collection
@@ -258,9 +260,10 @@ Audit procedures and control guidance developed with [Internal ISO Audit](https:
 This skill operates in three modes, detected automatically:
-1. **Compliance MCP server available** (best) — Live dashboard data, automated test results, real-time gap analysis
-   - Detected by: `check_compliance_status()` returns data
-   - Benefits: Current test pass/fail status, evidence freshness, SLA tracking
+1. **Internal ISO Audit MCP server available** (best) — Live control guidance lookup with auditor hints, NIST cross-references, and full-text search
+   - Detected by: `internalisoaudit` MCP server configured in client
+   - Tools: `get_control_guidance`, `list_controls`, `get_nist_mapping`, `search_guidance`
+   - Server: `internalisoaudit.com/api/mcp`
 2. **Local compliance data available** (good) — Reads `compliance/` directory directly
    - Detected by: `compliance/status/last_refresh.yaml` exists

package/skills/soc2-readiness/CONNECTORS.md CHANGED Viewed

@@ -2,22 +2,38 @@
 ## How tool references work
-This skill uses `~~category` placeholders for optional integrations. The skill works without any connectors configured — they enhance the experience when available.
+This skill uses `~~compliance` placeholders for the Internal ISO Audit MCP server. The skill works without the server configured — it falls back to embedded criteria mappings and checklists.
 ## Connectors for this skill
-| Category | Placeholder | Recommended server | Other options |
-|----------|-------------|-------------------|---------------|
-| Compliance data | `~~compliance` | Compliance MCP server (planned — not yet available) | Local `compliance/` directory files |
+| Category | Placeholder | Server | Endpoint |
+|----------|-------------|--------|----------|
+| Compliance data | `~~compliance` | Internal ISO Audit MCP | `https://internalisoaudit.com/api/mcp` |
-### Local compliance data (current default)
+### Internal ISO Audit MCP server
-If the `compliance/` directory exists with SOC 2 test metadata, the skill reads those directly. No MCP server needed.
+The MCP server at `internalisoaudit.com/api/mcp` provides ISO 27001 control guidance via JSON-RPC 2.0 (streamable HTTP). SOC 2 criteria map to ISO 27001 Annex A controls — use `get_nist_mapping` and `search_guidance` to cross-reference. Add it to your MCP client configuration:
-### Compliance MCP server (planned)
+```json
+{
+  "mcpServers": {
+    "internalisoaudit": {
+      "type": "url",
+      "url": "https://internalisoaudit.com/api/mcp"
+    }
+  }
+}
+```
-A dedicated compliance MCP server with live SOC 2 test pass/fail data and readiness scores is planned but not yet available. When released, it will be installable as a standard MCP server. Until then, the skill operates in local-data or reference-only mode.
+#### Available tools
+| Tool | Description | Key arguments |
+|------|-------------|---------------|
+| `get_control_guidance` | Full audit guidance for a specific control | `control_id` (e.g. `"A.5.15"`, `"Clause 9.2"`) |
+| `list_controls` | List all controls, optionally filtered by domain | `domain?` (`organizational`, `people`, `physical`, `technological`, `isms`) |
+| `get_nist_mapping` | ISO 27001 ↔ NIST SP 800-53 cross-reference | `control_id`, `direction?` (`iso_to_nist`, `nist_to_iso`) |
+| `search_guidance` | Full-text search across control guidance | `query`, `domain?`, `limit?` (1-50) |
 ### Fallback: Reference only
-Without any connector, the skill uses embedded criteria mapping and checklists. No organization-specific status data is available in this mode.
+Without the MCP server configured, the skill uses embedded criteria mappings and checklists in the `rules/` directory. No live control lookup is available in this mode.

package/skills/soc2-readiness/SKILL.md CHANGED Viewed

@@ -106,8 +106,11 @@ For each applicable Common Criterion (CC), assess whether controls are:
 - **Effective** — control achieves its objective (evidence exists)
 ```
-# If compliance MCP is available:
-check_compliance_status(framework="soc2")
+# If Internal ISO Audit MCP server is available (SOC 2 maps to ISO 27001 Annex A):
+list_controls(domain="technological")                       # List tech controls (maps to CC 6-8)
+get_control_guidance(control_id="A.5.15")                   # Get guidance for ISO control mapped from CC 6.1
+get_nist_mapping(control_id="AC-2", direction="nist_to_iso")  # Find ISO controls from NIST reference
+search_guidance(query="incident response")                  # Search for controls matching SOC 2 criteria
 ```
 ### Step 3: Map Controls to Criteria
@@ -276,7 +279,16 @@ For detailed SOC 2-specific guidance:
 | File | Coverage |
 |------|----------|
-| `rules/trust-services.md` | Detailed per-criterion guidance for all 5 trust service categories |
+| `rules/logical-access.md` | CC 6.1–6.8 — access control, provisioning, physical, threat detection |
+| `rules/system-operations.md` | CC 7.1–7.5 — monitoring, anomaly detection, incident response, recovery |
+| `rules/change-vendor-management.md` | CC 8.1, CC 9.1–9.2 — change control, risk mitigation, vendor management |
+| `rules/control-environment.md` | CC 1.1–1.5 — governance, ethics, org structure, competence, accountability |
+| `rules/risk-assessment.md` | CC 3.1–3.4 — risk objectives, identification, fraud risk, change impact |
+| `rules/control-activities.md` | CC 5.1–5.3 — risk mitigation selection, technology controls, policy deployment |
+| `rules/communication-info.md` | CC 2.1–2.3 — internal/external communication, information quality |
+| `rules/monitoring-activities.md` | CC 4.1–4.2 — ongoing monitoring, deficiency evaluation |
+| `rules/optional-categories.md` | A 1.x, PI 1.x, C 1.x — Availability, Processing Integrity, Confidentiality |
+| `rules/privacy-criteria.md` | P 1.x–8.x — Privacy criteria (when PII in scope) |
 ## Attribution
@@ -284,6 +296,6 @@ SOC 2 criteria mapping and readiness procedures developed with [Internal ISO Aud
 ## Runtime Detection
-1. **Compliance MCP server available** (best) — Live SOC 2 status, test pass/fail data, evidence gaps
+1. **Internal ISO Audit MCP server available** (best) — Live ISO 27001 control guidance with NIST cross-references. SOC 2 criteria map to ISO 27001 Annex A controls (~70% overlap); use `get_nist_mapping` for bidirectional lookup. Server: `internalisoaudit.com/api/mcp`
 2. **Local compliance data available** (good) — Reads `compliance/` directory with SOC 2 test metadata
-3. **Reference only** (baseline) — Uses embedded criteria mapping and checklists
+3. **Reference only** (baseline) — Uses embedded criteria mapping and checklists in `rules/`

package/skills/soc2-readiness/rules/change-vendor-management.md ADDED Viewed

@@ -0,0 +1,104 @@
+# Change and Vendor Management — CC 8.1, CC 9.1–9.2
+Per-criterion audit guidance for change control, risk mitigation, and third-party management.
+## CC 8.1 — Change control
+**Priority**: Critical | **NIST**: CM-3, CM-5, SA-3 | **ISO**: A.8.9, A.8.25, A.8.32
+Auditors assess whether changes to production systems follow a documented, consistent process — authorization, testing, approval, and deployment. This is one of the top 5 most-tested criteria. Expect auditors to select a sample of production changes and trace each through the full lifecycle.
+**What auditors test**:
+- Sample 10-15 production deployments: verify each had a code review, testing evidence, and approval before merge
+- Segregation of duties: the person who writes code cannot be the sole approver and deployer
+- Emergency change process: hotfixes still require documentation (even if retroactive)
+- Rollback capability: evidence that changes can be reverted if issues arise
+- Branch protection: direct pushes to production branch are blocked; force-push is disabled
+**Evidence to prepare**:
+```bash
+# GitHub: merged PRs with review status
+gh pr list --state merged --limit 20 --json number,title,author,reviewDecision,mergedAt,mergedBy
+# GitHub: branch protection rules
+gh api repos/{owner}/{repo}/branches/main/protection | jq '{
+  required_reviews: .required_pull_request_reviews.required_approving_review_count,
+  dismiss_stale: .required_pull_request_reviews.dismiss_stale_reviews,
+  enforce_admins: .enforce_admins.enabled,
+  required_status_checks: .required_status_checks.contexts
+}'
+# GitHub: check for direct pushes bypassing PR process
+gh api repos/{owner}/{repo}/commits --per-page=20 | \
+  jq '[.[] | select(.parents | length == 1)] | .[] | {sha: .sha[0:8], message: .commit.message[0:60], author: .author.login}'
+# CI/CD: verify automated tests run on PRs
+gh api repos/{owner}/{repo}/actions/workflows --jq '.workflows[] | {name, state}'
+```
+- Change management policy document
+- Emergency change procedure (when and how hotfixes are handled)
+- Deployment runbook or CI/CD pipeline documentation
+**Startup pitfalls**:
+- Founders bypass branch protection using admin override — auditors see this in the commit history
+- "We review in Slack" — verbal approvals aren't auditable; use PR reviews
+- No emergency change process — every hotfix is undocumented and unreviewed
+- Testing means "it works on my machine" — no automated test suite or staging environment
+---
+## CC 9.1 — Risk mitigation activities
+**Priority**: High | **NIST**: CP-2, RA-7 | **ISO**: A.5.30, C.6.1.3
+Auditors verify that identified risks have corresponding mitigation activities — controls, insurance, transfer, or documented acceptance. A risk register without linked mitigations is incomplete. The connection between risk assessment (CC 3) and concrete risk treatment is what auditors evaluate here.
+**What auditors test**:
+- Risk register entries include treatment decisions: mitigate, transfer, accept, or avoid
+- Accepted risks have documented justification and management sign-off
+- Mitigation controls are mapped to specific risks (traceability from risk to control)
+- Business continuity plan addresses the organization's top operational risks
+- Insurance coverage reviewed annually (cyber insurance, E&O, D&O as applicable)
+**Evidence to prepare**:
+- Risk register with treatment column (mitigate/transfer/accept/avoid) and control mapping
+- Risk acceptance forms signed by management for accepted risks
+- Business continuity plan covering top-5 operational risk scenarios
+- Cyber insurance certificate of coverage (current policy period)
+- Management review minutes where risk treatment decisions were discussed
+---
+## CC 9.2 — Vendor and third-party management
+**Priority**: Critical | **NIST**: AC-20, SA-9 | **ISO**: A.5.19, A.5.22
+Auditors verify that the organization identifies, assesses, and monitors third-party vendors who access, store, or process data on its behalf. This includes cloud providers, SaaS tools, payment processors, and contractors with system access. The vendor management program should be proportionate to risk.
+**What auditors test**:
+- Vendor inventory: comprehensive list of vendors with data access, criticality rating, and review dates
+- Risk assessment for critical vendors: documented evaluation of security posture before onboarding
+- SOC 2 or equivalent reports collected annually from critical vendors (cloud providers, data processors)
+- Vendor contracts include security requirements, data handling terms, and breach notification clauses
+- Ongoing monitoring: critical vendor reviews at least annually, not just at initial onboarding
+**Evidence to prepare**:
+```bash
+# GitHub: list third-party integrations
+gh api orgs/{org}/installations --jq '.installations[] | {app_slug, permissions, events}'
+# GCP: list external service accounts with access
+gcloud projects get-iam-policy {project} --format=json | \
+  jq '.bindings[] | .members[] | select(contains("serviceAccount")) | select(contains("gserviceaccount.com") | not)'
+```
+- Vendor register (name, service, data access level, criticality, last review date)
+- Vendor SOC 2 Type II reports for critical vendors (AWS, GCP, Azure, Stripe, etc.)
+- Vendor security assessment questionnaire template
+- Data processing agreements (DPAs) with vendors handling personal data
+- Vendor onboarding and offboarding procedures
+**Startup pitfalls**:
+- No vendor inventory — dozens of SaaS tools adopted without tracking who has data access
+- Relying on "they're a big company, they must be secure" instead of collecting SOC 2 reports
+- No DPAs with vendors processing personal data — GDPR and SOC 2 both require this
+- Vendor review is one-and-done at onboarding — no annual reassessment

package/skills/soc2-readiness/rules/communication-info.md ADDED Viewed

@@ -0,0 +1,85 @@
+# Communication and Information — CC 2.1–2.3
+Per-criterion audit guidance for information quality, internal communication, and external communication.
+## CC 2.1 — Internal information quality
+**Priority**: Medium | **NIST**: AU-2, SI-5 | **ISO**: C.7.5.1
+Auditors assess whether the organization generates and uses quality information to support the functioning of internal controls. This means security-relevant information — logs, metrics, reports, alerts — is accurate, timely, and available to the people who need it for decision-making.
+**What auditors test**:
+- Security-relevant information is generated: audit logs, access reports, vulnerability scans, incident records
+- Information is accurate and complete: logs capture required fields (who, what, when, where)
+- Information is timely: reports and dashboards are current, not stale exports from months ago
+- Information systems are protected: audit logs cannot be modified or deleted by the users they track
+- Data used for control monitoring is validated (e.g., access review data matches actual system state)
+**Evidence to prepare**:
+```bash
+# GCP: verify audit logging is enabled
+gcloud projects get-iam-policy {project} --format=json | jq '.auditConfigs'
+# GCP: verify log integrity (export to separate project or write-once sink)
+gcloud logging sinks list --format=json | jq '.[] | {name, destination}'
+# GitHub: audit log availability
+gh api orgs/{org}/audit-log --jq '.[0:3] | .[] | {action, actor, created_at}'
+```
+- List of security reports and dashboards with update frequency
+- Audit log configuration showing required event types are captured
+- Log integrity controls (separate storage account, write-once policies)
+---
+## CC 2.2 — Internal communication
+**Priority**: Medium | **NIST**: PM-2, AT-2 | **ISO**: C.7.4, A.6.3
+Auditors verify that security-related information — policies, responsibilities, changes, and expectations — is communicated effectively to all personnel. Internal communication isn't just "we have a wiki"; it's demonstrating that people actually receive and understand security requirements.
+**What auditors test**:
+- Security policies are communicated to all employees (not just published and forgotten)
+- Onboarding includes security expectations, reporting procedures, and acceptable use
+- Changes to security policies or procedures are communicated when they occur
+- Regular security updates: newsletters, all-hands mentions, Slack announcements
+- Employees in interviews can describe their security responsibilities and reporting channels
+**Evidence to prepare**:
+- Onboarding checklist showing security communication steps
+- Security awareness communication records (email announcements, Slack messages, all-hands slides)
+- Policy change communication evidence (email or message notifying staff of updates)
+- Security training materials covering roles and responsibilities
+- Internal security FAQ or knowledge base
+**Startup pitfalls**:
+- Security policies exist but nobody outside the security/compliance function knows about them
+- Onboarding mentions security verbally but nothing is documented or acknowledged
+- Policy changes happen silently — no communication when procedures are updated
+---
+## CC 2.3 — External communication
+**Priority**: Medium | **NIST**: PM-1 | **ISO**: A.5.14
+Auditors verify that the organization communicates security-relevant information to external parties — customers, regulators, vendors, and the public — through appropriate channels. This includes the system description, security practices, incident notifications, and contractual commitments.
+**What auditors test**:
+- Security practices communicated to customers: security page, trust center, or documentation
+- SOC 2 report distribution process: how customers request and receive the report
+- Incident notification: contractual obligations met for customer communication during incidents
+- Regulatory reporting: process for notifying regulators of security events when required
+- Vendor communication: security requirements communicated to third parties in contracts and onboarding
+**Evidence to prepare**:
+- Security page or trust center URL (public-facing security information)
+- NDA or report request process for SOC 2 report distribution
+- Customer-facing incident communication templates and procedures
+- Contractual breach notification obligations inventory
+- Vendor security requirements (contract clauses, questionnaire, or onboarding materials)
+**Startup pitfalls**:
+- No public security page — customers can't find any information about security practices
+- SOC 2 report shared openly without NDA — report is meant to be restricted use
+- Incident notification process undefined — scrambling to communicate during an actual incident