@striae-org/striae 5.4.2 → 5.4.4

package/app/services/audit/audit-export-report.ts

@@ -1,205 +0,0 @@
-import { type AuditTrail, type ValidationAuditEntry } from '~/types';
-
-const calculateDuration = (start: string, end: string): string => {
-  const startTime = new Date(start).getTime();
-  const endTime = new Date(end).getTime();
-  const durationMs = endTime - startTime;
-
-  const hours = Math.floor(durationMs / (1000 * 60 * 60));
-  const minutes = Math.floor((durationMs % (1000 * 60 * 60)) / (1000 * 60));
-  const seconds = Math.floor((durationMs % (1000 * 60)) / 1000);
-
-  if (hours > 0) {
-    return `${hours}h ${minutes}m ${seconds}s`;
-  }
-
-  if (minutes > 0) {
-    return `${minutes}m ${seconds}s`;
-  }
-
-  return `${seconds}s`;
-};
-
-const generateSecurityAnalysis = (entries: ValidationAuditEntry[]): string => {
-  const securityEntries = entries.filter(entry => entry.details.securityChecks);
-
-  if (securityEntries.length === 0) {
-    return 'No security-sensitive operations detected.';
-  }
-
-  let selfConfirmationAttempts = 0;
-  let fileIntegrityFailures = 0;
-  let exporterValidationFailures = 0;
-  let legitimateImports = 0;
-
-  securityEntries.forEach(entry => {
-    const checks = entry.details.securityChecks!;
-
-    if (checks.selfConfirmationPrevented === true) {
-      selfConfirmationAttempts++;
-    }
-    if (checks.fileIntegrityValid === false) {
-      fileIntegrityFailures++;
-    }
-    if (checks.exporterUidValidated === false) {
-      exporterValidationFailures++;
-    }
-
-    if (
-      entry.action === 'import' &&
-      entry.details.workflowPhase === 'confirmation' &&
-      entry.result === 'success' &&
-      checks.selfConfirmationPrevented === false
-    ) {
-      legitimateImports++;
-    }
-  });
-
-  return [
-    `Total Security-Sensitive Operations: ${securityEntries.length}`,
-    `Legitimate Confirmation Imports: ${legitimateImports}`,
-    `Self-Confirmation Attempts Blocked: ${selfConfirmationAttempts}`,
-    `File Integrity Failures: ${fileIntegrityFailures}`,
-    `Exporter Validation Failures: ${exporterValidationFailures}`,
-    '',
-    selfConfirmationAttempts === 0 && fileIntegrityFailures === 0 && exporterValidationFailures === 0
-      ? '✅ No security violations detected'
-      : '⚠️ Security violations detected - review required'
-  ].join('\n');
-};
-
-const generateConfirmationSummary = (entries: ValidationAuditEntry[]): string => {
-  const confirmationEntries = entries.filter(entry =>
-    entry.details.workflowPhase === 'confirmation' ||
-    (entry.action === 'import' && entry.details.fileType === 'confirmation-data')
-  );
-
-  if (confirmationEntries.length === 0) {
-    return 'No confirmation workflow operations detected.';
-  }
-
-  const imports = confirmationEntries.filter(entry => entry.action === 'import');
-  const exports = confirmationEntries.filter(entry => entry.action === 'export');
-  const creations = confirmationEntries.filter(entry => entry.action === 'confirm');
-
-  let totalConfirmationsImported = 0;
-  let totalConfirmationsInFiles = 0;
-  const reviewingExaminers = new Map<string, { uid: string; badgeId?: string; confirmedFiles: Set<string> }>();
-  const allConfirmedFiles = new Set<string>();
-
-  imports.forEach(entry => {
-    const metrics = entry.details.performanceMetrics;
-    const caseDetails = entry.details.caseDetails;
-
-    if (metrics?.validationStepsCompleted) {
-      totalConfirmationsImported += metrics.validationStepsCompleted;
-    }
-    if (caseDetails?.totalAnnotations) {
-      totalConfirmationsInFiles += caseDetails.totalAnnotations;
-    }
-    if (entry.details.reviewingExaminerUid) {
-      const uid = entry.details.reviewingExaminerUid;
-      const badgeId = entry.details.reviewerBadgeId;
-      const confirmedFileNames = caseDetails?.confirmedFileNames || [];
-
-      if (!reviewingExaminers.has(uid)) {
-        reviewingExaminers.set(uid, {
-          uid,
-          badgeId,
-          confirmedFiles: new Set()
-        });
-      }
-
-      const examiner = reviewingExaminers.get(uid)!;
-      confirmedFileNames.forEach(file => {
-        examiner.confirmedFiles.add(file);
-        allConfirmedFiles.add(file);
-      });
-    }
-  });
-
-  const examinersDetail = Array.from(reviewingExaminers.values())
-    .map(examiner => {
-      const badgeInfo = examiner.badgeId ? ` (Badge: ${examiner.badgeId})` : '';
-      const filesInfo = examiner.confirmedFiles.size > 0
-        ? `\n    Confirmed Files: ${Array.from(examiner.confirmedFiles).sort().join(', ')}`
-        : '';
-      return `- UID: ${examiner.uid}${badgeInfo}${filesInfo}`;
-    })
-    .join('\n');
-
-  return [
-    `Confirmation Operations: ${confirmationEntries.length}`,
-    `- Imports: ${imports.length}`,
-    `- Exports: ${exports.length}`,
-    `- Creations: ${creations.length}`,
-    '',
-    `Total Confirmations Imported: ${totalConfirmationsImported}`,
-    `Total Confirmations in Import Files: ${totalConfirmationsInFiles}`,
-    `Reviewing Examiners Involved: ${reviewingExaminers.size}`,
-    '',
-    reviewingExaminers.size > 0
-      ? `External Reviewers:\n${examinersDetail}`
-      : 'No external reviewers detected',
-    '',
-    allConfirmedFiles.size > 0
-      ? `Successfully Confirmed Files (Total: ${allConfirmedFiles.size}):\n${Array.from(allConfirmedFiles).sort().map(file => `  - ${file}`).join('\n')}`
-      : 'No files confirmed'
-  ].join('\n');
-};
-
-export const buildAuditReportContent = (auditTrail: AuditTrail, generatedAt: string): string => {
-  const summary = auditTrail.summary;
-  const successRate = ((summary.successfulEvents / summary.totalEvents) * 100).toFixed(1);
-
-  return `
-STRIAE AUDIT TRAIL REPORT
-============================
-
-Case Number: ${auditTrail.caseNumber}
-Workflow ID: ${auditTrail.workflowId}
-Report Generated: ${new Date(generatedAt).toLocaleString()}
-
-SUMMARY STATISTICS
-------------------
-Total Events: ${summary.totalEvents}
-Successful Events: ${summary.successfulEvents} (${successRate}%)
-Failed Events: ${summary.failedEvents}
-Warning Events: ${summary.warningEvents}
-Security Incidents: ${summary.securityIncidents}
-
-COMPLIANCE STATUS
------------------
-Status: ${summary.complianceStatus.toUpperCase()}
-${summary.complianceStatus === 'compliant'
-    ? '✅ All audit events completed successfully'
-    : '⚠️ Some audit events failed - requires investigation'}
-
-TIMELINE
---------
-Start Time: ${new Date(summary.startTimestamp).toLocaleString()}
-End Time: ${new Date(summary.endTimestamp).toLocaleString()}
-Duration: ${calculateDuration(summary.startTimestamp, summary.endTimestamp)}
-
-PARTICIPANTS
-------------
-Users Involved: ${summary.participatingUsers.length}
-${summary.participatingUsers.map(uid => `- User ID: ${uid}`).join('\n')}
-
-WORKFLOW PHASES
----------------
-${summary.workflowPhases.map(phase => `- ${phase}`).join('\n')}
-
-SECURITY ANALYSIS
------------------
-${generateSecurityAnalysis(auditTrail.entries)}
-
-CONFIRMATION WORKFLOW DETAILS
-------------------------------
-${generateConfirmationSummary(auditTrail.entries)}
-
----
-This report contains ${summary.totalEvents} audit entries providing complete forensic accountability.
-Generated by Striae
-    `.trim();
-};

package/app/services/audit/audit-export.service.ts

@@ -1,333 +0,0 @@
-import { type ValidationAuditEntry, type AuditTrail } from '~/types';
-import { calculateSHA256Secure, type AuditExportType } from '~/utils/forensics';
-import { AUDIT_CSV_ENTRY_HEADERS, entryToCSVRow } from './audit-export-csv';
-import { buildAuditReportContent } from './audit-export-report';
-import { type AuditExportContext, signAuditExport } from './audit-export-signing';
-
-/**
- * Audit Export Service
- * Handles exporting audit trails to various formats for compliance and forensic analysis
- */
-class AuditExportService {
-  private static instance: AuditExportService;
-
-  private constructor() {}
-
-  public static getInstance(): AuditExportService {
-    if (!AuditExportService.instance) {
-      AuditExportService.instance = new AuditExportService();
-    }
-    return AuditExportService.instance;
-  }
-
-  /**
-   * Export audit entries to CSV format
-   */
-  public async exportToCSV(
-    entries: ValidationAuditEntry[],
-    filename: string,
-    context: AuditExportContext
-  ): Promise<void> {
-    const csvData = [
-      AUDIT_CSV_ENTRY_HEADERS.join(','),
-      ...entries.map(entry => entryToCSVRow(entry))
-    ].join('\n');
-
-    const generatedAt = new Date().toISOString();
-    const hash = await calculateSHA256Secure(csvData);
-    const signaturePayload = await signAuditExport(
-      {
-        exportFormat: 'csv',
-        exportType: 'entries',
-        generatedAt,
-        totalEntries: entries.length,
-        hash: hash.toUpperCase()
-      },
-      context
-    );
-    
-    // Add hash metadata header
-    const csvContent = [
-      `# Striae Audit Export - Generated: ${generatedAt}`,
-      `# Total Entries: ${entries.length}`,
-      `# SHA-256 Hash: ${hash.toUpperCase()}`,
-      `# Audit Signature Metadata: ${JSON.stringify(signaturePayload.signatureMetadata)}`,
-      `# Audit Signature: ${JSON.stringify(signaturePayload.signature)}`,
-      `# Verification: Recalculate SHA-256 of data rows only (excluding these comment lines)`,
-      '',
-      csvData
-    ].join('\n');
-
-    this.downloadFile(csvContent, filename, 'text/csv');
-  }
-
-  /**
-   * Export audit trail to detailed CSV with summary
-   */
-  public async exportAuditTrailToCSV(
-    auditTrail: AuditTrail,
-    filename: string,
-    context: AuditExportContext
-  ): Promise<void> {
-    const summaryHeaders = [
-      'Case Number',
-      'Workflow ID',
-      'Total Events',
-      'Successful Events',
-      'Failed Events',
-      'Warning Events',
-      'Compliance Status',
-      'Security Incidents',
-      'Start Time',
-      'End Time',
-      'Participating Users'
-    ];
-
-    const summaryRow = [
-      auditTrail.caseNumber,
-      auditTrail.workflowId,
-      auditTrail.summary.totalEvents,
-      auditTrail.summary.successfulEvents,
-      auditTrail.summary.failedEvents,
-      auditTrail.summary.warningEvents,
-      auditTrail.summary.complianceStatus.toUpperCase(),
-      auditTrail.summary.securityIncidents,
-      auditTrail.summary.startTimestamp,
-      auditTrail.summary.endTimestamp,
-      auditTrail.summary.participatingUsers.join('; ')
-    ].join(',');
-
-    const csvData = [
-      summaryHeaders.join(','),
-      summaryRow,
-      '',
-      AUDIT_CSV_ENTRY_HEADERS.join(','),
-      ...auditTrail.entries.map(entry => entryToCSVRow(entry))
-    ].join('\n');
-
-    const generatedAt = new Date().toISOString();
-    const hash = await calculateSHA256Secure(csvData);
-    const signaturePayload = await signAuditExport(
-      {
-        exportFormat: 'csv',
-        exportType: 'trail',
-        generatedAt,
-        totalEntries: auditTrail.summary.totalEvents,
-        hash: hash.toUpperCase()
-      },
-      context
-    );
-    
-    const csvContent = [
-      '# Striae Audit Trail Export - Generated: ' + generatedAt,
-      `# Case: ${auditTrail.caseNumber} | Workflow: ${auditTrail.workflowId}`,
-      `# Total Events: ${auditTrail.summary.totalEvents}`,
-      `# SHA-256 Hash: ${hash.toUpperCase()}`,
-      `# Audit Signature Metadata: ${JSON.stringify(signaturePayload.signatureMetadata)}`,
-      `# Audit Signature: ${JSON.stringify(signaturePayload.signature)}`,
-      '# Verification: Recalculate SHA-256 of data rows only (excluding these comment lines)',
-      '',
-      '# AUDIT TRAIL SUMMARY',
-      csvData
-    ].join('\n');
-
-    this.downloadFile(csvContent, filename, 'text/csv');
-  }
-
-  /**
-   * Generate filename with timestamp
-   */
-  public generateFilename(type: 'case' | 'user', identifier: string, format: 'csv' | 'json'): string {
-    const timestamp = new Date().toISOString().slice(0, 19).replace(/[:.]/g, '-');
-    const sanitizedId = identifier.replace(/[^a-zA-Z0-9-_]/g, '_');
-    return `striae-audit-${type}-${sanitizedId}-${timestamp}.${format}`;
-  }
-
-  /**
-   * Download file helper
-   */
-  private downloadFile(content: string, filename: string, mimeType: string): void {
-    const blob = new Blob([content], { type: mimeType });
-    const url = URL.createObjectURL(blob);
-    
-    const link = document.createElement('a');
-    link.href = url;
-    link.download = filename;
-    link.style.display = 'none';
-    
-    document.body.appendChild(link);
-    link.click();
-    document.body.removeChild(link);
-    
-    // Clean up the URL object
-    setTimeout(() => URL.revokeObjectURL(url), 100);
-  }
-
-  /**
-   * Export audit entries to JSON format (for technical analysis)
-   */
-  public async exportToJSON(
-    entries: ValidationAuditEntry[],
-    filename: string,
-    context: AuditExportContext
-  ): Promise<void> {
-    const generatedAt = new Date().toISOString();
-
-    const exportData = {
-      metadata: {
-        exportTimestamp: generatedAt,
-        exportVersion: '1.0',
-        totalEntries: entries.length,
-        application: 'Striae',
-        exportType: 'entries' as AuditExportType,
-        scopeType: context.scopeType,
-        scopeIdentifier: context.scopeIdentifier
-      },
-      auditEntries: entries
-    };
-
-    const jsonContent = JSON.stringify(exportData, null, 2);
-    
-    // Calculate hash for integrity verification
-    const hash = await calculateSHA256Secure(jsonContent);
-    const signaturePayload = await signAuditExport(
-      {
-        exportFormat: 'json',
-        exportType: exportData.metadata.exportType,
-        generatedAt,
-        totalEntries: entries.length,
-        hash: hash.toUpperCase()
-      },
-      context
-    );
-    
-    // Create final export with hash included
-    const finalExportData = {
-      metadata: {
-        ...exportData.metadata,
-        hash: hash.toUpperCase(),
-        integrityNote: 'Verify hash and signature before trusting this export',
-        signatureVersion: signaturePayload.signatureMetadata.signatureVersion,
-        signature: signaturePayload.signature
-      },
-      auditEntries: entries
-    };
-
-    const finalJsonContent = JSON.stringify(finalExportData, null, 2);
-    this.downloadFile(finalJsonContent, filename.replace('.csv', '.json'), 'application/json');
-  }
-
-  /**
-   * Export full audit trail to JSON
-   */
-  public async exportAuditTrailToJSON(
-    auditTrail: AuditTrail,
-    filename: string,
-    context: AuditExportContext
-  ): Promise<void> {
-    const generatedAt = new Date().toISOString();
-
-    const exportData = {
-      metadata: {
-        exportTimestamp: generatedAt,
-        exportVersion: '1.0',
-        totalEntries: auditTrail.summary.totalEvents,
-        application: 'Striae',
-        exportType: 'trail' as AuditExportType,
-        scopeType: context.scopeType,
-        scopeIdentifier: context.scopeIdentifier
-      },
-      auditTrail
-    };
-
-    const jsonContent = JSON.stringify(exportData, null, 2);
-    
-    // Calculate hash for integrity verification
-    const hash = await calculateSHA256Secure(jsonContent);
-    const signaturePayload = await signAuditExport(
-      {
-        exportFormat: 'json',
-        exportType: exportData.metadata.exportType,
-        generatedAt,
-        totalEntries: auditTrail.summary.totalEvents,
-        hash: hash.toUpperCase()
-      },
-      context
-    );
-    
-    // Create final export with hash included
-    const finalExportData = {
-      metadata: {
-        ...exportData.metadata,
-        hash: hash.toUpperCase(),
-        integrityNote: 'Verify hash and signature before trusting this export',
-        signatureVersion: signaturePayload.signatureMetadata.signatureVersion,
-        signature: signaturePayload.signature
-      },
-      auditTrail
-    };
-
-    const finalJsonContent = JSON.stringify(finalExportData, null, 2);
-    this.downloadFile(finalJsonContent, filename.replace('.csv', '.json'), 'application/json');
-  }
-
-  /**
-   * Generate audit report summary text
-   */
-  public async generateReportSummary(auditTrail: AuditTrail, context: AuditExportContext): Promise<string> {
-    const summary = auditTrail.summary;
-    const generatedAt = new Date().toISOString();
-
-    const reportContent = buildAuditReportContent(auditTrail, generatedAt);
-
-    return this.appendSignedReportIntegrity(
-      reportContent,
-      context,
-      summary.totalEvents,
-      generatedAt
-    );
-  }
-
-  /**
-   * Append signed integrity metadata to a plain-text audit report.
-   */
-  public async appendSignedReportIntegrity(
-    reportContent: string,
-    context: AuditExportContext,
-    totalEntries: number,
-    generatedAt: string = new Date().toISOString()
-  ): Promise<string> {
-    const hash = await calculateSHA256Secure(reportContent);
-    const signaturePayload = await signAuditExport(
-      {
-        exportFormat: 'txt',
-        exportType: 'report',
-        generatedAt,
-        totalEntries,
-        hash: hash.toUpperCase()
-      },
-      context
-    );
-
-    return reportContent + `
-
-============================
-INTEGRITY VERIFICATION
-============================
-Report Content SHA-256 Hash: ${hash.toUpperCase()}
-Audit Signature Metadata: ${JSON.stringify(signaturePayload.signatureMetadata)}
-Audit Signature: ${JSON.stringify(signaturePayload.signature)}
-
-Verification Instructions:
-1. Copy the entire report content above the "INTEGRITY VERIFICATION" section
-2. Calculate SHA256 hash of that content (excluding this verification section)
-3. Validate audit signature metadata and signature with your signature verification workflow (for example OpenSSL or an internal verifier)
-4. Confirm both hash and signature validation pass before relying on this report
-
-This report requires both hash and signature validation for tamper detection.
-Generated by Striae`;
-  }
-}
-
-// Export singleton instance
-export const auditExportService = AuditExportService.getInstance();