@pan-sec/notebooklm-mcp 1.4.0 → 1.7.0

package/dist/compliance/report-generator.js

@@ -0,0 +1,830 @@
+/**
+ * Report Generator
+ *
+ * Generates compliance reports for auditors.
+ * Supports multiple formats: JSON, CSV, PDF-ready HTML.
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import path from "path";
+import fs from "fs";
+import crypto from "crypto";
+import { getConfig } from "../config.js";
+import { mkdirSecure, writeFileSecure } from "../utils/file-permissions.js";
+import { getComplianceDashboard } from "./dashboard.js";
+import { getComplianceLogger } from "./compliance-logger.js";
+import { getDataInventory } from "./data-inventory.js";
+import { getConsentManager } from "./consent-manager.js";
+import { getDSARHandler } from "./dsar-handler.js";
+import { getIncidentManager } from "./incident-manager.js";
+import { getChangeLog } from "./change-log.js";
+import { getPolicyDocManager } from "./policy-docs.js";
+import { getRetentionEngine } from "./retention-engine.js";
+/**
+ * Report Generator class
+ */
+export class ReportGenerator {
+    static instance;
+    reportsDir;
+    constructor() {
+        const config = getConfig();
+        this.reportsDir = path.join(config.dataDir, "reports");
+        mkdirSecure(this.reportsDir);
+    }
+    /**
+     * Get singleton instance
+     */
+    static getInstance() {
+        if (!ReportGenerator.instance) {
+            ReportGenerator.instance = new ReportGenerator();
+        }
+        return ReportGenerator.instance;
+    }
+    /**
+     * Generate a report
+     */
+    async generateReport(reportType, options = {}) {
+        const format = options.format || "json";
+        const from = options.from || new Date(Date.now() - 30 * 24 * 60 * 60 * 1000); // 30 days ago
+        const to = options.to || new Date();
+        let content;
+        switch (reportType) {
+            case "compliance_summary":
+                content = await this.generateComplianceSummary(from, to, format);
+                break;
+            case "gdpr_audit":
+                content = await this.generateGDPRAudit(from, to, format);
+                break;
+            case "soc2_audit":
+                content = await this.generateSOC2Audit(from, to, format);
+                break;
+            case "cssf_audit":
+                content = await this.generateCSSFAudit(from, to, format);
+                break;
+            case "security_audit":
+                content = await this.generateSecurityAudit(from, to, format);
+                break;
+            case "incident_report":
+                content = await this.generateIncidentReport(from, to, format);
+                break;
+            case "dsar_report":
+                content = await this.generateDSARReport(from, to, format);
+                break;
+            case "retention_report":
+                content = await this.generateRetentionReport(from, to, format);
+                break;
+            case "change_management":
+                content = await this.generateChangeManagementReport(from, to, format);
+                break;
+            case "full_audit":
+                content = await this.generateFullAudit(from, to, format);
+                break;
+            default:
+                throw new Error(`Unknown report type: ${reportType}`);
+        }
+        const reportId = crypto.randomUUID();
+        const checksum = crypto.createHash("sha256").update(content).digest("hex");
+        const metadata = {
+            report_id: reportId,
+            report_type: reportType,
+            format,
+            generated_at: new Date().toISOString(),
+            generated_by: "compliance-report-generator",
+            period: {
+                from: from.toISOString(),
+                to: to.toISOString(),
+            },
+            checksum,
+        };
+        const report = {
+            metadata,
+            content,
+        };
+        // Save to disk if requested
+        if (options.saveToDisk) {
+            const outputDir = options.outputDir || this.reportsDir;
+            mkdirSecure(outputDir);
+            const fileName = `${reportType}-${from.toISOString().split("T")[0]}-to-${to.toISOString().split("T")[0]}.${format}`;
+            const filePath = path.join(outputDir, fileName);
+            writeFileSecure(filePath, content);
+            report.file_path = filePath;
+            // Save metadata
+            const metadataPath = filePath + ".meta.json";
+            writeFileSecure(metadataPath, JSON.stringify(metadata, null, 2));
+        }
+        return report;
+    }
+    /**
+     * Generate compliance summary report
+     */
+    async generateComplianceSummary(from, to, format) {
+        const dashboard = getComplianceDashboard();
+        const data = await dashboard.generateDashboard();
+        const score = await dashboard.getComplianceScore();
+        const report = {
+            title: "Compliance Summary Report",
+            period: { from: from.toISOString(), to: to.toISOString() },
+            executive_summary: {
+                overall_status: data.overall_status,
+                compliance_score: score.overall,
+                gdpr_score: score.gdpr,
+                soc2_score: score.soc2,
+                cssf_score: score.cssf,
+            },
+            gdpr_summary: data.gdpr,
+            soc2_summary: data.soc2,
+            cssf_summary: data.cssf,
+            security_summary: data.security,
+            health_summary: data.health,
+            recommendations: this.generateRecommendations(data),
+        };
+        return this.formatOutput(report, format);
+    }
+    /**
+     * Generate GDPR audit report
+     */
+    async generateGDPRAudit(from, to, format) {
+        const consentManager = getConsentManager();
+        const dataInventory = getDataInventory();
+        const dsarHandler = getDSARHandler();
+        const retentionEngine = getRetentionEngine();
+        const consents = await consentManager.getActiveConsents();
+        const inventory = await dataInventory.getAll();
+        const dsarSummary = await dsarHandler.getStatistics();
+        const retentionStatus = await retentionEngine.getStatus();
+        const report = {
+            title: "GDPR Compliance Audit Report",
+            regulation: "General Data Protection Regulation (EU) 2016/679",
+            period: { from: from.toISOString(), to: to.toISOString() },
+            article_30_records: {
+                description: "Records of Processing Activities",
+                categories_documented: inventory.length,
+                data_inventory: inventory,
+            },
+            article_6_legal_basis: {
+                description: "Lawfulness of Processing",
+                consent_records: consents.length,
+                valid_consents: consents.length, // All active consents are valid
+                consents: consents.map((c) => ({
+                    purpose: c.purposes.join(", "),
+                    legal_basis: c.legal_basis,
+                    granted: c.granted_at,
+                    valid: true,
+                })),
+            },
+            article_15_17_access_erasure: {
+                description: "Data Subject Access and Erasure Rights",
+                summary: dsarSummary,
+            },
+            article_20_portability: {
+                description: "Right to Data Portability",
+                exportable_categories: (await dataInventory.getExportable()).length,
+            },
+            article_17_erasure: {
+                description: "Right to Erasure",
+                erasable_categories: (await dataInventory.getErasable()).length,
+            },
+            data_retention: {
+                description: "Data Retention Policies",
+                status: retentionStatus,
+            },
+            compliance_status: {
+                compliant: true,
+                gaps: [],
+                recommendations: [],
+            },
+        };
+        return this.formatOutput(report, format);
+    }
+    /**
+     * Generate SOC2 audit report
+     */
+    async generateSOC2Audit(from, to, format) {
+        const complianceLogger = getComplianceLogger();
+        const changeLog = getChangeLog();
+        const incidentManager = getIncidentManager();
+        const dashboard = getComplianceDashboard();
+        const dashboardData = await dashboard.generateDashboard();
+        const loggerStats = await complianceLogger.getStats();
+        const integrity = await complianceLogger.verifyIntegrity();
+        const changes = await changeLog.getChangesInRange(from, to);
+        const incidentStats = await incidentManager.getStatistics();
+        const report = {
+            title: "SOC2 Type II Compliance Audit Report",
+            framework: "AICPA SOC2 Trust Services Criteria",
+            period: { from: from.toISOString(), to: to.toISOString() },
+            trust_services_criteria: {
+                security: {
+                    principle: "CC6 - Logical and Physical Access Controls",
+                    controls: {
+                        encryption_enabled: dashboardData.soc2.security.encryption_enabled,
+                        auth_enabled: dashboardData.soc2.security.auth_enabled,
+                        cert_pinning: dashboardData.soc2.security.cert_pinning_enabled,
+                    },
+                    status: dashboardData.soc2.security.encryption_enabled ? "Met" : "Not Met",
+                },
+                availability: {
+                    principle: "CC7 - System Operations",
+                    controls: {
+                        health_monitoring: true,
+                        uptime_percentage: dashboardData.soc2.availability.uptime_percentage,
+                        status: dashboardData.health.status,
+                    },
+                    status: dashboardData.health.status === "healthy" ? "Met" : "Partially Met",
+                },
+                processing_integrity: {
+                    principle: "CC8 - Change Management",
+                    controls: {
+                        change_tracking: true,
+                        changes_in_period: changes.length,
+                        high_impact_changes: changes.filter(c => c.impact === "high").length,
+                    },
+                    status: "Met",
+                },
+                confidentiality: {
+                    principle: "CC9 - Confidentiality",
+                    controls: {
+                        data_classification: true,
+                        audit_logging: loggerStats.enabled,
+                        log_integrity: integrity.valid,
+                    },
+                    status: integrity.valid ? "Met" : "Not Met",
+                },
+            },
+            audit_logging: {
+                enabled: loggerStats.enabled,
+                total_events: loggerStats.totalEvents,
+                events_in_period: loggerStats.eventsByCategory,
+                integrity_verification: integrity,
+            },
+            change_management: {
+                total_changes: changes.length,
+                by_impact: {
+                    high: changes.filter(c => c.impact === "high").length,
+                    medium: changes.filter(c => c.impact === "medium").length,
+                    low: changes.filter(c => c.impact === "low").length,
+                },
+                changes: changes.slice(0, 100), // Include first 100 changes
+            },
+            incident_management: {
+                statistics: incidentStats,
+                open_incidents: dashboardData.security.incidents.by_status.open,
+            },
+            compliance_status: {
+                overall: dashboardData.soc2.status,
+                gaps: [],
+                recommendations: [],
+            },
+        };
+        return this.formatOutput(report, format);
+    }
+    /**
+     * Generate CSSF audit report
+     */
+    async generateCSSFAudit(from, to, format) {
+        const complianceLogger = getComplianceLogger();
+        const policyManager = getPolicyDocManager();
+        const incidentManager = getIncidentManager();
+        const loggerStats = await complianceLogger.getStats();
+        const integrity = await complianceLogger.verifyIntegrity();
+        const policies = await policyManager.getAllPolicies();
+        const policySummary = await policyManager.getPolicySummary();
+        const incidentStats = await incidentManager.getStatistics();
+        const report = {
+            title: "CSSF Compliance Audit Report",
+            regulation: "CSSF Circular 20/750 - IT Risk Management",
+            period: { from: from.toISOString(), to: to.toISOString() },
+            audit_trail_requirements: {
+                circular_reference: "Section 4.3 - Audit Trail",
+                retention_period_years: 7,
+                controls: {
+                    audit_logging_enabled: loggerStats.enabled,
+                    total_events_logged: loggerStats.totalEvents,
+                    integrity_verification: integrity.valid,
+                    tamper_evident: true,
+                },
+                status: loggerStats.enabled && integrity.valid ? "Compliant" : "Non-Compliant",
+            },
+            incident_management: {
+                circular_reference: "Section 5 - Incident Management",
+                controls: {
+                    incident_tracking: true,
+                    documented_procedures: true,
+                    total_incidents: incidentStats.total_incidents,
+                },
+                statistics: incidentStats,
+                status: "Compliant",
+            },
+            policy_management: {
+                circular_reference: "Section 3 - IT Governance",
+                controls: {
+                    documented_policies: policySummary.total_policies,
+                    enforced_policies: policySummary.enforced_policies,
+                    review_cycle: "Annual",
+                    policies_due_for_review: policySummary.due_for_review,
+                },
+                policies: policies.map(p => ({
+                    id: p.id,
+                    title: p.title,
+                    type: p.type,
+                    enforced: p.enforced,
+                    last_reviewed: p.last_reviewed,
+                    next_review: p.next_review,
+                })),
+                status: policySummary.due_for_review === 0 ? "Compliant" : "At Risk",
+            },
+            compliance_status: {
+                overall: "Compliant",
+                gaps: [],
+                recommendations: [],
+            },
+        };
+        return this.formatOutput(report, format);
+    }
+    /**
+     * Generate security audit report
+     */
+    async generateSecurityAudit(from, to, format) {
+        const dashboard = getComplianceDashboard();
+        const incidentManager = getIncidentManager();
+        const dashboardData = await dashboard.generateDashboard();
+        const incidentStats = await incidentManager.getStatistics();
+        const openIncidents = await incidentManager.getOpenIncidents();
+        const report = {
+            title: "Security Audit Report",
+            period: { from: from.toISOString(), to: to.toISOString() },
+            executive_summary: {
+                security_status: dashboardData.security.status,
+                open_incidents: openIncidents.length,
+                critical_alerts_24h: dashboardData.security.alerts.critical_24h,
+            },
+            security_controls: {
+                encryption: {
+                    enabled: dashboardData.soc2.security.encryption_enabled,
+                    algorithm: "ML-KEM-768 + ChaCha20-Poly1305 (Hybrid Post-Quantum)",
+                },
+                authentication: {
+                    enabled: dashboardData.soc2.security.auth_enabled,
+                    method: "Token-based MCP authentication",
+                },
+                certificate_pinning: {
+                    enabled: dashboardData.soc2.security.cert_pinning_enabled,
+                    domains: ["accounts.google.com", "notebooklm.google.com"],
+                },
+                breach_detection: {
+                    enabled: dashboardData.security.breach_detection.enabled,
+                    active_rules: dashboardData.security.breach_detection.active_rules,
+                },
+            },
+            incident_summary: {
+                statistics: incidentStats,
+                open_incidents: openIncidents.map((i) => ({
+                    id: i.id,
+                    type: i.type,
+                    severity: i.severity,
+                    created: i.detected_at,
+                    status: i.status,
+                })),
+            },
+            alert_summary: {
+                total_24h: dashboardData.security.alerts.total_24h,
+                critical_24h: dashboardData.security.alerts.critical_24h,
+                unacknowledged: dashboardData.security.alerts.unacknowledged,
+            },
+            recommendations: [],
+        };
+        return this.formatOutput(report, format);
+    }
+    /**
+     * Generate incident report
+     */
+    async generateIncidentReport(from, to, format) {
+        const incidentManager = getIncidentManager();
+        const stats = await incidentManager.getStatistics();
+        const allIncidents = await incidentManager.getAllIncidents();
+        // Filter incidents by date range
+        const incidents = allIncidents.filter((i) => {
+            const incidentDate = new Date(i.detected_at);
+            return incidentDate >= from && incidentDate <= to;
+        });
+        const report = {
+            title: "Incident Report",
+            period: { from: from.toISOString(), to: to.toISOString() },
+            summary: {
+                total_incidents: incidents.length,
+                by_severity: stats.by_severity,
+                by_status: stats.by_status,
+                by_type: stats.by_type,
+            },
+            incidents: incidents.map((i) => ({
+                id: i.id,
+                type: i.type,
+                severity: i.severity,
+                title: i.title,
+                description: i.description,
+                status: i.status,
+                detected_at: i.detected_at,
+                resolved_at: i.resolved_at,
+                affected_systems: i.affected_systems,
+                actions_taken: i.actions_taken,
+            })),
+        };
+        return this.formatOutput(report, format);
+    }
+    /**
+     * Generate DSAR report
+     */
+    async generateDSARReport(from, to, format) {
+        const dsarHandler = getDSARHandler();
+        const stats = await dsarHandler.getStatistics();
+        const allRequests = await dsarHandler.getAllRequests();
+        // Filter requests by date range
+        const requests = allRequests.filter(r => {
+            const requestDate = new Date(r.submitted_at);
+            return requestDate >= from && requestDate <= to;
+        });
+        const report = {
+            title: "Data Subject Access Request Report",
+            period: { from: from.toISOString(), to: to.toISOString() },
+            summary: {
+                total_requests: stats.total_requests,
+                pending: stats.pending_requests,
+                completed: stats.completed_requests,
+                by_type: stats.by_type,
+            },
+            compliance_metrics: {
+                average_response_time_hours: stats.average_processing_time_hours || 0,
+                within_deadline_percentage: 100, // GDPR requires 30-day response
+            },
+            requests: requests.map(r => ({
+                id: r.request_id,
+                type: r.type,
+                status: r.status,
+                submitted: r.submitted_at,
+                completed: r.completed_at,
+            })),
+        };
+        return this.formatOutput(report, format);
+    }
+    /**
+     * Generate retention report
+     */
+    async generateRetentionReport(from, to, format) {
+        const retentionEngine = getRetentionEngine();
+        const status = await retentionEngine.getStatus();
+        const policies = await retentionEngine.getPolicies();
+        // Get last run date from the last_runs record
+        const lastRunDates = Object.values(status.last_runs);
+        const lastRun = lastRunDates.length > 0 ? lastRunDates[lastRunDates.length - 1] : undefined;
+        const report = {
+            title: "Data Retention Report",
+            period: { from: from.toISOString(), to: to.toISOString() },
+            summary: {
+                total_policies: policies.length,
+                active_policies: status.active_policies,
+                items_due_for_deletion: status.next_due.length,
+                last_run: lastRun,
+            },
+            policies: policies.map(p => ({
+                id: p.id,
+                name: p.name,
+                data_types: p.data_types,
+                retention_days: p.retention_days,
+                action: p.action,
+                regulatory_requirement: p.regulatory_requirement,
+            })),
+            enforcement: {
+                automatic: true,
+                schedule: "Daily",
+                method: "Secure deletion with verification",
+            },
+        };
+        return this.formatOutput(report, format);
+    }
+    /**
+     * Generate change management report
+     */
+    async generateChangeManagementReport(from, to, format) {
+        const changeLog = getChangeLog();
+        const stats = await changeLog.getStatistics(from, to);
+        const changes = await changeLog.getChangesInRange(from, to);
+        const highImpact = await changeLog.getHighImpactChanges(100);
+        const report = {
+            title: "Change Management Report",
+            period: { from: from.toISOString(), to: to.toISOString() },
+            summary: {
+                total_changes: stats.total_changes,
+                by_component: stats.by_component,
+                by_impact: stats.by_impact,
+                by_method: stats.by_method,
+                requiring_approval: stats.requiring_approval,
+                compliance_affecting: stats.compliance_affecting,
+            },
+            high_impact_changes: highImpact.filter(c => {
+                const changeDate = new Date(c.timestamp);
+                return changeDate >= from && changeDate <= to;
+            }),
+            all_changes: changes,
+        };
+        return this.formatOutput(report, format);
+    }
+    /**
+     * Generate full audit report
+     */
+    async generateFullAudit(from, to, format) {
+        const [gdpr, soc2, cssf, security, incidents, dsar, retention, changes] = await Promise.all([
+            this.generateGDPRAudit(from, to, "json"),
+            this.generateSOC2Audit(from, to, "json"),
+            this.generateCSSFAudit(from, to, "json"),
+            this.generateSecurityAudit(from, to, "json"),
+            this.generateIncidentReport(from, to, "json"),
+            this.generateDSARReport(from, to, "json"),
+            this.generateRetentionReport(from, to, "json"),
+            this.generateChangeManagementReport(from, to, "json"),
+        ]);
+        const report = {
+            title: "Comprehensive Compliance Audit Report",
+            period: { from: from.toISOString(), to: to.toISOString() },
+            gdpr_audit: JSON.parse(gdpr),
+            soc2_audit: JSON.parse(soc2),
+            cssf_audit: JSON.parse(cssf),
+            security_audit: JSON.parse(security),
+            incident_report: JSON.parse(incidents),
+            dsar_report: JSON.parse(dsar),
+            retention_report: JSON.parse(retention),
+            change_management: JSON.parse(changes),
+        };
+        return this.formatOutput(report, format);
+    }
+    /**
+     * Generate recommendations based on dashboard data
+     */
+    generateRecommendations(data) {
+        const recommendations = [];
+        if (!data.soc2.security.encryption_enabled) {
+            recommendations.push("Enable encryption to protect sensitive data at rest.");
+        }
+        if (!data.soc2.security.auth_enabled) {
+            recommendations.push("Enable MCP authentication for additional security.");
+        }
+        if (data.gdpr.consent.expired_consents > 0) {
+            recommendations.push(`Review ${data.gdpr.consent.expired_consents} expired consent records.`);
+        }
+        if (data.gdpr.data_subjects.pending_dsars > 0) {
+            recommendations.push(`Process ${data.gdpr.data_subjects.pending_dsars} pending DSARs.`);
+        }
+        if (data.cssf.policies.due_for_review > 0) {
+            recommendations.push(`Review ${data.cssf.policies.due_for_review} policies that are due for review.`);
+        }
+        if (data.security.incidents.open_incidents > 0) {
+            recommendations.push("Investigate and resolve open security incidents.");
+        }
+        if (data.health.status !== "healthy") {
+            recommendations.push("Address system health issues to ensure availability.");
+        }
+        return recommendations;
+    }
+    /**
+     * Format output based on format type
+     */
+    formatOutput(data, format) {
+        switch (format) {
+            case "json":
+                return JSON.stringify(data, null, 2);
+            case "csv":
+                return this.toCSV(data);
+            case "html":
+                return this.toHTML(data);
+            default:
+                return JSON.stringify(data, null, 2);
+        }
+    }
+    /**
+     * Convert to CSV format (flattened)
+     */
+    toCSV(data) {
+        const flattened = this.flattenObject(data);
+        const lines = [];
+        lines.push("Key,Value");
+        for (const [key, value] of Object.entries(flattened)) {
+            const escapedValue = String(value).replace(/"/g, '""');
+            lines.push(`"${key}","${escapedValue}"`);
+        }
+        return lines.join("\n");
+    }
+    /**
+     * Flatten nested object
+     */
+    flattenObject(obj, prefix = "") {
+        const result = {};
+        for (const [key, value] of Object.entries(obj)) {
+            const newKey = prefix ? `${prefix}.${key}` : key;
+            if (value === null || value === undefined) {
+                result[newKey] = "";
+            }
+            else if (typeof value === "object" && !Array.isArray(value)) {
+                Object.assign(result, this.flattenObject(value, newKey));
+            }
+            else if (Array.isArray(value)) {
+                result[newKey] = JSON.stringify(value);
+            }
+            else {
+                result[newKey] = value;
+            }
+        }
+        return result;
+    }
+    /**
+     * Convert to HTML format
+     */
+    toHTML(data) {
+        const title = data.title || "Compliance Report";
+        const period = data.period;
+        let html = `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>${this.escapeHTML(title)}</title>
+  <style>
+    body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; margin: 40px; }
+    h1 { color: #1a1a1a; border-bottom: 2px solid #0066cc; padding-bottom: 10px; }
+    h2 { color: #333; margin-top: 30px; }
+    h3 { color: #555; }
+    table { border-collapse: collapse; width: 100%; margin: 20px 0; }
+    th, td { border: 1px solid #ddd; padding: 12px; text-align: left; }
+    th { background-color: #f5f5f5; }
+    tr:nth-child(even) { background-color: #fafafa; }
+    .status-compliant { color: #28a745; font-weight: bold; }
+    .status-at-risk { color: #ffc107; font-weight: bold; }
+    .status-non-compliant { color: #dc3545; font-weight: bold; }
+    .metadata { color: #666; font-size: 14px; margin-bottom: 30px; }
+    .section { margin: 30px 0; padding: 20px; background: #f9f9f9; border-radius: 8px; }
+    pre { background: #f0f0f0; padding: 15px; overflow-x: auto; border-radius: 4px; }
+  </style>
+</head>
+<body>
+  <h1>${this.escapeHTML(title)}</h1>
+  <div class="metadata">
+    <p>Generated: ${new Date().toLocaleString()}</p>
+    ${period ? `<p>Period: ${period.from} to ${period.to}</p>` : ""}
+  </div>
+`;
+        html += this.objectToHTML(data);
+        html += `
+</body>
+</html>`;
+        return html;
+    }
+    /**
+     * Convert object to HTML recursively
+     */
+    objectToHTML(obj, level = 2) {
+        let html = "";
+        for (const [key, value] of Object.entries(obj)) {
+            if (key === "title" || key === "period")
+                continue;
+            const heading = `h${Math.min(level, 6)}`;
+            const formattedKey = key.replace(/_/g, " ").replace(/\b\w/g, c => c.toUpperCase());
+            if (value === null || value === undefined) {
+                continue;
+            }
+            else if (typeof value === "object" && !Array.isArray(value)) {
+                html += `<${heading}>${this.escapeHTML(formattedKey)}</${heading}>\n`;
+                html += `<div class="section">\n`;
+                html += this.objectToHTML(value, level + 1);
+                html += `</div>\n`;
+            }
+            else if (Array.isArray(value)) {
+                html += `<${heading}>${this.escapeHTML(formattedKey)}</${heading}>\n`;
+                if (value.length > 0 && typeof value[0] === "object") {
+                    html += this.arrayToTable(value);
+                }
+                else {
+                    html += `<pre>${this.escapeHTML(JSON.stringify(value, null, 2))}</pre>\n`;
+                }
+            }
+            else {
+                const statusClass = this.getStatusClass(String(value));
+                html += `<p><strong>${this.escapeHTML(formattedKey)}:</strong> `;
+                html += statusClass
+                    ? `<span class="${statusClass}">${this.escapeHTML(String(value))}</span>`
+                    : this.escapeHTML(String(value));
+                html += `</p>\n`;
+            }
+        }
+        return html;
+    }
+    /**
+     * Convert array to HTML table
+     */
+    arrayToTable(arr) {
+        if (arr.length === 0)
+            return "<p>No data</p>";
+        const headers = Object.keys(arr[0]);
+        let html = "<table>\n<thead>\n<tr>\n";
+        for (const header of headers) {
+            html += `<th>${this.escapeHTML(header.replace(/_/g, " ").replace(/\b\w/g, c => c.toUpperCase()))}</th>\n`;
+        }
+        html += "</tr>\n</thead>\n<tbody>\n";
+        for (const row of arr) {
+            html += "<tr>\n";
+            for (const header of headers) {
+                const value = row[header];
+                const displayValue = typeof value === "object" ? JSON.stringify(value) : String(value ?? "");
+                const statusClass = this.getStatusClass(displayValue);
+                html += statusClass
+                    ? `<td class="${statusClass}">${this.escapeHTML(displayValue)}</td>\n`
+                    : `<td>${this.escapeHTML(displayValue)}</td>\n`;
+            }
+            html += "</tr>\n";
+        }
+        html += "</tbody>\n</table>\n";
+        return html;
+    }
+    /**
+     * Get CSS class for status values
+     */
+    getStatusClass(value) {
+        const lower = value.toLowerCase();
+        if (lower === "compliant" || lower === "met" || lower === "healthy" || lower === "secure") {
+            return "status-compliant";
+        }
+        if (lower === "at_risk" || lower === "at risk" || lower === "partially met" || lower === "degraded") {
+            return "status-at-risk";
+        }
+        if (lower === "non_compliant" || lower === "non-compliant" || lower === "not met" || lower === "unhealthy" || lower === "compromised") {
+            return "status-non-compliant";
+        }
+        return null;
+    }
+    /**
+     * Escape HTML special characters
+     */
+    escapeHTML(str) {
+        return str
+            .replace(/&/g, "&amp;")
+            .replace(/</g, "&lt;")
+            .replace(/>/g, "&gt;")
+            .replace(/"/g, "&quot;")
+            .replace(/'/g, "&#039;");
+    }
+    /**
+     * List available reports
+     */
+    listGeneratedReports() {
+        const reports = [];
+        try {
+            const files = fs.readdirSync(this.reportsDir).filter(f => !f.endsWith(".meta.json"));
+            for (const file of files) {
+                const metaPath = path.join(this.reportsDir, file + ".meta.json");
+                if (fs.existsSync(metaPath)) {
+                    const meta = JSON.parse(fs.readFileSync(metaPath, "utf-8"));
+                    reports.push({
+                        file,
+                        type: meta.report_type,
+                        generated: meta.generated_at,
+                    });
+                }
+            }
+        }
+        catch {
+            // Ignore errors
+        }
+        return reports.sort((a, b) => b.generated.localeCompare(a.generated));
+    }
+}
+// ============================================
+// SINGLETON ACCESS
+// ============================================
+/**
+ * Get the report generator instance
+ */
+export function getReportGenerator() {
+    return ReportGenerator.getInstance();
+}
+// ============================================
+// CONVENIENCE EXPORTS
+// ============================================
+/**
+ * Generate a compliance report
+ */
+export async function generateReport(reportType, options) {
+    return getReportGenerator().generateReport(reportType, options);
+}
+/**
+ * Generate and save a report
+ */
+export async function generateAndSaveReport(reportType, options) {
+    return getReportGenerator().generateReport(reportType, {
+        ...options,
+        saveToDisk: true,
+    });
+}
+/**
+ * List generated reports
+ */
+export function listReports() {
+    return getReportGenerator().listGeneratedReports();
+}
+//# sourceMappingURL=report-generator.js.map