@vibecheckai/cli 3.5.0 → 3.5.2

package/bin/runners/lib/compliance-reporter.js

@@ -1,710 +0,0 @@
-/**
- * Enterprise Compliance Reporter
- * 
- * Generates compliance reports for:
- * - SOC 2 Type II
- * - HIPAA
- * - PCI-DSS
- * - GDPR
- * - ISO 27001
- * - NIST CSF
- */
-
-"use strict";
-
-const crypto = require("crypto");
-const path = require("path");
-const fs = require("fs");
-
-// Terminal UI
-let terminalUI;
-try {
-  terminalUI = require("./terminal-ui");
-} catch {
-  terminalUI = {
-    c: { reset: "", bold: "", dim: "", red: "", yellow: "", green: "", cyan: "" },
-    rgb: () => "",
-    icons: { check: "✓", cross: "✗", warning: "⚠", info: "ℹ" },
-  };
-}
-
-const { c, rgb, icons } = terminalUI;
-
-// Colors
-const colors = {
-  critical: rgb(255, 80, 80),
-  high: rgb(255, 150, 50),
-  medium: rgb(255, 200, 0),
-  low: rgb(100, 200, 255),
-  info: rgb(150, 150, 150),
-  success: rgb(0, 255, 150),
-  accent: rgb(0, 200, 255),
-};
-
-/**
- * SOC 2 Trust Service Criteria mapping
- */
-const SOC2_CRITERIA = {
-  "CC1": {
-    name: "Control Environment",
-    description: "COSO Principle 1-5: Control environment components",
-    controls: [
-      { id: "CC1.1", name: "Integrity and ethical values", checks: ["no-hardcoded-secrets", "audit-logging"] },
-      { id: "CC1.2", name: "Board independence", checks: ["access-control"] },
-      { id: "CC1.3", name: "Management structure", checks: ["role-separation"] },
-      { id: "CC1.4", name: "Commitment to competence", checks: ["code-review"] },
-      { id: "CC1.5", name: "Accountability", checks: ["audit-trail"] },
-    ],
-  },
-  "CC2": {
-    name: "Communication and Information",
-    description: "COSO Principle 13-15: Information and communication",
-    controls: [
-      { id: "CC2.1", name: "Information quality", checks: ["data-validation", "input-sanitization"] },
-      { id: "CC2.2", name: "Internal communication", checks: ["error-handling", "logging"] },
-      { id: "CC2.3", name: "External communication", checks: ["api-documentation"] },
-    ],
-  },
-  "CC3": {
-    name: "Risk Assessment",
-    description: "COSO Principle 6-9: Risk assessment",
-    controls: [
-      { id: "CC3.1", name: "Risk identification", checks: ["vulnerability-scanning", "dependency-audit"] },
-      { id: "CC3.2", name: "Fraud risk", checks: ["authentication", "authorization"] },
-      { id: "CC3.3", name: "Change management", checks: ["version-control", "deployment-gates"] },
-      { id: "CC3.4", name: "Risk response", checks: ["incident-response", "error-handling"] },
-    ],
-  },
-  "CC4": {
-    name: "Monitoring Activities",
-    description: "COSO Principle 16-17: Monitoring",
-    controls: [
-      { id: "CC4.1", name: "Ongoing monitoring", checks: ["logging", "metrics", "alerting"] },
-      { id: "CC4.2", name: "Deficiency evaluation", checks: ["issue-tracking", "remediation"] },
-    ],
-  },
-  "CC5": {
-    name: "Control Activities",
-    description: "COSO Principle 10-12: Control activities",
-    controls: [
-      { id: "CC5.1", name: "Control selection", checks: ["security-controls", "access-control"] },
-      { id: "CC5.2", name: "Technology controls", checks: ["encryption", "secure-communication"] },
-      { id: "CC5.3", name: "Policy deployment", checks: ["policy-enforcement", "configuration-management"] },
-    ],
-  },
-  "CC6": {
-    name: "Logical and Physical Access Controls",
-    description: "Access control requirements",
-    controls: [
-      { id: "CC6.1", name: "Logical access security", checks: ["authentication", "mfa", "session-management"] },
-      { id: "CC6.2", name: "Access provisioning", checks: ["role-based-access", "least-privilege"] },
-      { id: "CC6.3", name: "Access removal", checks: ["session-invalidation", "token-expiry"] },
-      { id: "CC6.6", name: "Transmission protection", checks: ["tls", "encryption-in-transit"] },
-      { id: "CC6.7", name: "Data disposal", checks: ["secure-delete", "data-retention"] },
-    ],
-  },
-  "CC7": {
-    name: "System Operations",
-    description: "System operations requirements",
-    controls: [
-      { id: "CC7.1", name: "Vulnerability management", checks: ["vulnerability-scanning", "patching"] },
-      { id: "CC7.2", name: "Security monitoring", checks: ["intrusion-detection", "anomaly-detection"] },
-      { id: "CC7.3", name: "Incident response", checks: ["incident-response", "breach-notification"] },
-      { id: "CC7.4", name: "Recovery", checks: ["backup", "disaster-recovery"] },
-    ],
-  },
-  "CC8": {
-    name: "Change Management",
-    description: "Change management requirements",
-    controls: [
-      { id: "CC8.1", name: "Change authorization", checks: ["code-review", "approval-workflow"] },
-    ],
-  },
-  "CC9": {
-    name: "Risk Mitigation",
-    description: "Risk mitigation requirements",
-    controls: [
-      { id: "CC9.1", name: "Risk identification", checks: ["risk-assessment", "threat-modeling"] },
-      { id: "CC9.2", name: "Vendor management", checks: ["dependency-audit", "sbom"] },
-    ],
-  },
-};
-
-/**
- * HIPAA Security Rule mapping
- */
-const HIPAA_CONTROLS = {
-  "Administrative Safeguards": {
-    "164.308(a)(1)": {
-      name: "Security Management Process",
-      checks: ["risk-analysis", "risk-management", "sanction-policy", "information-review"],
-    },
-    "164.308(a)(3)": {
-      name: "Workforce Security",
-      checks: ["authorization-supervision", "workforce-clearance", "termination-procedures"],
-    },
-    "164.308(a)(4)": {
-      name: "Information Access Management",
-      checks: ["access-authorization", "access-establishment", "access-modification"],
-    },
-    "164.308(a)(5)": {
-      name: "Security Awareness and Training",
-      checks: ["security-reminders", "malware-protection", "login-monitoring", "password-management"],
-    },
-    "164.308(a)(6)": {
-      name: "Security Incident Procedures",
-      checks: ["incident-response", "incident-reporting"],
-    },
-    "164.308(a)(7)": {
-      name: "Contingency Plan",
-      checks: ["data-backup", "disaster-recovery", "emergency-mode", "testing-revision"],
-    },
-    "164.308(a)(8)": {
-      name: "Evaluation",
-      checks: ["security-evaluation"],
-    },
-  },
-  "Physical Safeguards": {
-    "164.310(a)": {
-      name: "Facility Access Controls",
-      checks: ["facility-security", "access-control", "access-logs"],
-    },
-    "164.310(b)": {
-      name: "Workstation Use",
-      checks: ["workstation-policy"],
-    },
-    "164.310(c)": {
-      name: "Workstation Security",
-      checks: ["workstation-security"],
-    },
-    "164.310(d)": {
-      name: "Device and Media Controls",
-      checks: ["disposal", "media-reuse", "accountability", "data-backup"],
-    },
-  },
-  "Technical Safeguards": {
-    "164.312(a)": {
-      name: "Access Control",
-      checks: ["unique-user-id", "emergency-access", "automatic-logoff", "encryption-decryption"],
-    },
-    "164.312(b)": {
-      name: "Audit Controls",
-      checks: ["audit-logging", "audit-trail"],
-    },
-    "164.312(c)": {
-      name: "Integrity",
-      checks: ["data-integrity", "authentication-mechanism"],
-    },
-    "164.312(d)": {
-      name: "Person or Entity Authentication",
-      checks: ["authentication"],
-    },
-    "164.312(e)": {
-      name: "Transmission Security",
-      checks: ["integrity-controls", "encryption-in-transit"],
-    },
-  },
-};
-
-/**
- * PCI-DSS Requirements mapping
- */
-const PCI_DSS_REQUIREMENTS = {
-  "Requirement 1": {
-    name: "Install and maintain network security controls",
-    controls: [
-      { id: "1.1", name: "Network security policies", checks: ["firewall-config", "network-segmentation"] },
-      { id: "1.2", name: "Network security controls", checks: ["ingress-egress", "traffic-filtering"] },
-      { id: "1.3", name: "Network access restriction", checks: ["dmz", "private-networks"] },
-    ],
-  },
-  "Requirement 2": {
-    name: "Apply secure configurations",
-    controls: [
-      { id: "2.1", name: "Change vendor defaults", checks: ["no-default-credentials", "secure-config"] },
-      { id: "2.2", name: "System hardening", checks: ["system-hardening", "service-minimization"] },
-    ],
-  },
-  "Requirement 3": {
-    name: "Protect stored account data",
-    controls: [
-      { id: "3.1", name: "Data retention policy", checks: ["data-retention", "secure-delete"] },
-      { id: "3.2", name: "Sensitive authentication data", checks: ["no-pan-storage", "no-cvv-storage"] },
-      { id: "3.4", name: "PAN rendering unreadable", checks: ["encryption-at-rest", "tokenization", "hashing"] },
-      { id: "3.5", name: "Key management", checks: ["key-management", "key-rotation"] },
-    ],
-  },
-  "Requirement 4": {
-    name: "Protect cardholder data with strong cryptography",
-    controls: [
-      { id: "4.1", name: "Strong cryptography for transmission", checks: ["tls", "encryption-in-transit"] },
-      { id: "4.2", name: "No PAN via end-user messaging", checks: ["no-pan-messaging"] },
-    ],
-  },
-  "Requirement 5": {
-    name: "Protect systems with anti-malware",
-    controls: [
-      { id: "5.1", name: "Anti-malware solutions", checks: ["malware-protection"] },
-      { id: "5.2", name: "Anti-malware updates", checks: ["security-updates"] },
-    ],
-  },
-  "Requirement 6": {
-    name: "Develop and maintain secure systems",
-    controls: [
-      { id: "6.1", name: "Security vulnerability identification", checks: ["vulnerability-scanning", "cve-monitoring"] },
-      { id: "6.2", name: "Secure development", checks: ["secure-coding", "code-review"] },
-      { id: "6.3", name: "Security in software development", checks: ["sdlc-security", "security-testing"] },
-      { id: "6.4", name: "Change management", checks: ["change-control", "deployment-gates"] },
-      { id: "6.5", name: "Common vulnerabilities", checks: ["injection-prevention", "xss-prevention", "csrf-prevention"] },
-    ],
-  },
-  "Requirement 7": {
-    name: "Restrict access by business need-to-know",
-    controls: [
-      { id: "7.1", name: "Need-to-know access", checks: ["least-privilege", "role-based-access"] },
-      { id: "7.2", name: "Access control systems", checks: ["access-control", "authorization"] },
-    ],
-  },
-  "Requirement 8": {
-    name: "Identify users and authenticate access",
-    controls: [
-      { id: "8.1", name: "User identification", checks: ["unique-user-id", "user-lifecycle"] },
-      { id: "8.2", name: "User authentication", checks: ["strong-authentication", "mfa"] },
-      { id: "8.3", name: "Strong authentication", checks: ["password-policy", "password-complexity"] },
-    ],
-  },
-  "Requirement 9": {
-    name: "Restrict physical access",
-    controls: [
-      { id: "9.1", name: "Physical access controls", checks: ["physical-access"] },
-    ],
-  },
-  "Requirement 10": {
-    name: "Log and monitor access",
-    controls: [
-      { id: "10.1", name: "Audit trails", checks: ["audit-logging", "audit-trail"] },
-      { id: "10.2", name: "Audit events", checks: ["security-events", "access-logging"] },
-      { id: "10.3", name: "Audit record content", checks: ["log-content", "timestamps"] },
-      { id: "10.4", name: "Time synchronization", checks: ["ntp", "time-sync"] },
-      { id: "10.5", name: "Audit log protection", checks: ["log-integrity", "log-retention"] },
-      { id: "10.6", name: "Audit log review", checks: ["log-review", "anomaly-detection"] },
-    ],
-  },
-  "Requirement 11": {
-    name: "Test security regularly",
-    controls: [
-      { id: "11.1", name: "Wireless access point detection", checks: ["wireless-scanning"] },
-      { id: "11.2", name: "Vulnerability scanning", checks: ["vulnerability-scanning", "external-scanning"] },
-      { id: "11.3", name: "Penetration testing", checks: ["penetration-testing"] },
-      { id: "11.4", name: "Intrusion detection", checks: ["ids", "ips"] },
-      { id: "11.5", name: "Change detection", checks: ["file-integrity-monitoring"] },
-    ],
-  },
-  "Requirement 12": {
-    name: "Support information security with policies",
-    controls: [
-      { id: "12.1", name: "Information security policy", checks: ["security-policy"] },
-      { id: "12.3", name: "Usage policies", checks: ["acceptable-use"] },
-      { id: "12.6", name: "Security awareness", checks: ["security-training"] },
-      { id: "12.8", name: "Service provider management", checks: ["vendor-management", "sbom"] },
-      { id: "12.10", name: "Incident response plan", checks: ["incident-response"] },
-    ],
-  },
-};
-
-/**
- * Map findings to compliance controls
- */
-function mapFindingsToControls(findings, framework) {
-  const mapping = {
-    "no-hardcoded-secrets": ["hardcoded", "secret", "credential", "password", "api-key"],
-    "audit-logging": ["audit", "logging", "trail"],
-    "authentication": ["auth", "login", "session"],
-    "authorization": ["permission", "access", "role"],
-    "encryption": ["encrypt", "cipher", "tls", "ssl"],
-    "input-sanitization": ["inject", "xss", "sanitize", "validate"],
-    "error-handling": ["error", "catch", "exception"],
-    "vulnerability-scanning": ["vulnerab", "cve", "security"],
-    "dependency-audit": ["dependency", "package", "npm", "supply-chain"],
-    "code-review": ["review", "approve"],
-    "data-validation": ["validat", "schema"],
-    "access-control": ["access", "control", "rbac"],
-    "logging": ["log", "console"],
-    "secure-communication": ["tls", "https", "encrypt"],
-  };
-
-  const controlResults = {};
-  
-  for (const [control, patterns] of Object.entries(mapping)) {
-    const related = findings.filter(f => {
-      const category = (f.category || "").toLowerCase();
-      const type = (f.type || "").toLowerCase();
-      return patterns.some(p => category.includes(p) || type.includes(p));
-    });
-    
-    controlResults[control] = {
-      issues: related.length,
-      critical: related.filter(f => f.severity === "critical" || f.type === "critical").length,
-      findings: related,
-      status: related.length === 0 ? "pass" : 
-              related.some(f => f.severity === "critical") ? "fail" : "warning",
-    };
-  }
-  
-  return controlResults;
-}
-
-/**
- * Generate SOC 2 compliance report
- */
-function generateSOC2Report(findings, options = {}) {
-  const controlResults = mapFindingsToControls(findings, "soc2");
-  const report = {
-    framework: "SOC 2 Type II",
-    generatedAt: new Date().toISOString(),
-    projectName: options.projectName || "Unknown Project",
-    auditPeriod: options.auditPeriod || "Point-in-time",
-    criteria: {},
-    summary: {
-      totalControls: 0,
-      passed: 0,
-      warnings: 0,
-      failed: 0,
-      notApplicable: 0,
-    },
-  };
-
-  for (const [criteriaId, criteria] of Object.entries(SOC2_CRITERIA)) {
-    report.criteria[criteriaId] = {
-      name: criteria.name,
-      description: criteria.description,
-      controls: [],
-    };
-
-    for (const control of criteria.controls) {
-      const controlStatus = {
-        id: control.id,
-        name: control.name,
-        checks: [],
-        status: "pass",
-      };
-
-      for (const check of control.checks) {
-        const result = controlResults[check] || { status: "not-implemented", issues: 0 };
-        controlStatus.checks.push({
-          name: check,
-          status: result.status,
-          issues: result.issues,
-        });
-        
-        if (result.status === "fail") controlStatus.status = "fail";
-        else if (result.status === "warning" && controlStatus.status !== "fail") {
-          controlStatus.status = "warning";
-        }
-      }
-
-      report.criteria[criteriaId].controls.push(controlStatus);
-      report.summary.totalControls++;
-      
-      if (controlStatus.status === "pass") report.summary.passed++;
-      else if (controlStatus.status === "warning") report.summary.warnings++;
-      else if (controlStatus.status === "fail") report.summary.failed++;
-    }
-  }
-
-  report.summary.complianceScore = Math.round(
-    ((report.summary.passed + report.summary.warnings * 0.5) / report.summary.totalControls) * 100
-  );
-
-  return report;
-}
-
-/**
- * Generate HIPAA compliance report
- */
-function generateHIPAAReport(findings, options = {}) {
-  const controlResults = mapFindingsToControls(findings, "hipaa");
-  const report = {
-    framework: "HIPAA Security Rule",
-    generatedAt: new Date().toISOString(),
-    projectName: options.projectName || "Unknown Project",
-    safeguards: {},
-    summary: {
-      totalControls: 0,
-      passed: 0,
-      warnings: 0,
-      failed: 0,
-      addressable: 0,
-      required: 0,
-    },
-  };
-
-  for (const [safeguardType, requirements] of Object.entries(HIPAA_CONTROLS)) {
-    report.safeguards[safeguardType] = [];
-
-    for (const [reqId, requirement] of Object.entries(requirements)) {
-      const reqStatus = {
-        id: reqId,
-        name: requirement.name,
-        checks: [],
-        status: "pass",
-      };
-
-      for (const check of requirement.checks) {
-        const result = controlResults[check] || { status: "not-implemented", issues: 0 };
-        reqStatus.checks.push({
-          name: check,
-          status: result.status,
-          issues: result.issues,
-        });
-        
-        if (result.status === "fail") reqStatus.status = "fail";
-        else if (result.status === "warning" && reqStatus.status !== "fail") {
-          reqStatus.status = "warning";
-        }
-      }
-
-      report.safeguards[safeguardType].push(reqStatus);
-      report.summary.totalControls++;
-      
-      if (reqStatus.status === "pass") report.summary.passed++;
-      else if (reqStatus.status === "warning") report.summary.warnings++;
-      else if (reqStatus.status === "fail") report.summary.failed++;
-    }
-  }
-
-  report.summary.complianceScore = Math.round(
-    ((report.summary.passed + report.summary.warnings * 0.5) / report.summary.totalControls) * 100
-  );
-
-  return report;
-}
-
-/**
- * Generate PCI-DSS compliance report
- */
-function generatePCIDSSReport(findings, options = {}) {
-  const controlResults = mapFindingsToControls(findings, "pci-dss");
-  const report = {
-    framework: "PCI-DSS v4.0",
-    generatedAt: new Date().toISOString(),
-    projectName: options.projectName || "Unknown Project",
-    requirements: {},
-    summary: {
-      totalControls: 0,
-      passed: 0,
-      warnings: 0,
-      failed: 0,
-      compensating: 0,
-    },
-  };
-
-  for (const [reqId, requirement] of Object.entries(PCI_DSS_REQUIREMENTS)) {
-    report.requirements[reqId] = {
-      name: requirement.name,
-      controls: [],
-      status: "pass",
-    };
-
-    for (const control of requirement.controls) {
-      const controlStatus = {
-        id: control.id,
-        name: control.name,
-        checks: [],
-        status: "pass",
-      };
-
-      for (const check of control.checks) {
-        const result = controlResults[check] || { status: "not-implemented", issues: 0 };
-        controlStatus.checks.push({
-          name: check,
-          status: result.status,
-          issues: result.issues,
-        });
-        
-        if (result.status === "fail") controlStatus.status = "fail";
-        else if (result.status === "warning" && controlStatus.status !== "fail") {
-          controlStatus.status = "warning";
-        }
-      }
-
-      report.requirements[reqId].controls.push(controlStatus);
-      report.summary.totalControls++;
-      
-      if (controlStatus.status === "pass") report.summary.passed++;
-      else if (controlStatus.status === "warning") report.summary.warnings++;
-      else if (controlStatus.status === "fail") report.summary.failed++;
-      
-      if (controlStatus.status === "fail") {
-        report.requirements[reqId].status = "fail";
-      } else if (controlStatus.status === "warning" && report.requirements[reqId].status !== "fail") {
-        report.requirements[reqId].status = "warning";
-      }
-    }
-  }
-
-  report.summary.complianceScore = Math.round(
-    ((report.summary.passed + report.summary.warnings * 0.5) / report.summary.totalControls) * 100
-  );
-
-  return report;
-}
-
-/**
- * Render compliance summary for terminal
- */
-function renderComplianceSummary(report) {
-  const lines = [];
-  
-  lines.push(`  ${c.dim}╭${"─".repeat(60)}╮${c.reset}`);
-  lines.push(`  ${c.dim}│${c.reset} ${colors.accent}${c.bold}📋 ${report.framework} COMPLIANCE REPORT${c.reset}`.padEnd(73) + `${c.dim}│${c.reset}`);
-  lines.push(`  ${c.dim}├${"─".repeat(60)}┤${c.reset}`);
-  
-  const { summary } = report;
-  const scoreColor = summary.complianceScore >= 80 ? colors.success : 
-                     summary.complianceScore >= 60 ? colors.medium : colors.critical;
-  
-  lines.push(`  ${c.dim}│${c.reset} Compliance Score: ${scoreColor}${c.bold}${summary.complianceScore}%${c.reset}                                   ${c.dim}│${c.reset}`);
-  lines.push(`  ${c.dim}├${"─".repeat(60)}┤${c.reset}`);
-  
-  lines.push(`  ${c.dim}│${c.reset} ${colors.success}✓${c.reset} Passed:   ${String(summary.passed).padStart(3)}                                         ${c.dim}│${c.reset}`);
-  lines.push(`  ${c.dim}│${c.reset} ${colors.medium}⚠${c.reset} Warnings: ${String(summary.warnings).padStart(3)}                                         ${c.dim}│${c.reset}`);
-  lines.push(`  ${c.dim}│${c.reset} ${colors.critical}✗${c.reset} Failed:   ${String(summary.failed).padStart(3)}                                         ${c.dim}│${c.reset}`);
-  lines.push(`  ${c.dim}│${c.reset} Total Controls: ${summary.totalControls}                                       ${c.dim}│${c.reset}`);
-  lines.push(`  ${c.dim}╰${"─".repeat(60)}╯${c.reset}`);
-  
-  return lines.join("\n");
-}
-
-/**
- * Export compliance report as PDF-ready HTML
- */
-function exportComplianceHTML(report) {
-  const { framework, summary, generatedAt, projectName } = report;
-  const scoreColor = summary.complianceScore >= 80 ? "#22c55e" : 
-                     summary.complianceScore >= 60 ? "#f59e0b" : "#ef4444";
-
-  let criteriaHTML = "";
-  
-  if (report.criteria) {
-    // SOC 2 format
-    for (const [id, criteria] of Object.entries(report.criteria)) {
-      criteriaHTML += `
-        <div class="criteria">
-          <h3>${id}: ${criteria.name}</h3>
-          <p class="description">${criteria.description}</p>
-          <table>
-            <thead>
-              <tr><th>Control</th><th>Status</th><th>Issues</th></tr>
-            </thead>
-            <tbody>
-              ${criteria.controls.map(c => `
-                <tr class="${c.status}">
-                  <td>${c.id}: ${c.name}</td>
-                  <td class="status">${c.status.toUpperCase()}</td>
-                  <td>${c.checks.reduce((sum, ch) => sum + ch.issues, 0)}</td>
-                </tr>
-              `).join("")}
-            </tbody>
-          </table>
-        </div>
-      `;
-    }
-  } else if (report.requirements) {
-    // PCI-DSS format
-    for (const [id, req] of Object.entries(report.requirements)) {
-      criteriaHTML += `
-        <div class="criteria">
-          <h3>${id}: ${req.name}</h3>
-          <table>
-            <thead>
-              <tr><th>Control</th><th>Status</th><th>Issues</th></tr>
-            </thead>
-            <tbody>
-              ${req.controls.map(c => `
-                <tr class="${c.status}">
-                  <td>${c.id}: ${c.name}</td>
-                  <td class="status">${c.status.toUpperCase()}</td>
-                  <td>${c.checks.reduce((sum, ch) => sum + ch.issues, 0)}</td>
-                </tr>
-              `).join("")}
-            </tbody>
-          </table>
-        </div>
-      `;
-    }
-  }
-
-  return `<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <title>${framework} Compliance Report - ${projectName}</title>
-  <style>
-    body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; max-width: 1200px; margin: 0 auto; padding: 20px; }
-    .header { text-align: center; padding: 40px; background: linear-gradient(135deg, #1e3a5f 0%, #0f172a 100%); color: white; border-radius: 12px; margin-bottom: 30px; }
-    .score { font-size: 72px; font-weight: bold; color: ${scoreColor}; }
-    .summary { display: grid; grid-template-columns: repeat(4, 1fr); gap: 20px; margin-bottom: 30px; }
-    .summary-card { padding: 20px; background: #f8fafc; border-radius: 8px; text-align: center; }
-    .summary-card.pass { border-left: 4px solid #22c55e; }
-    .summary-card.warning { border-left: 4px solid #f59e0b; }
-    .summary-card.fail { border-left: 4px solid #ef4444; }
-    .criteria { margin-bottom: 30px; }
-    .criteria h3 { background: #1e3a5f; color: white; padding: 10px 15px; border-radius: 4px; }
-    table { width: 100%; border-collapse: collapse; }
-    th, td { padding: 12px; text-align: left; border-bottom: 1px solid #e2e8f0; }
-    th { background: #f1f5f9; }
-    tr.pass .status { color: #22c55e; }
-    tr.warning .status { color: #f59e0b; }
-    tr.fail .status { color: #ef4444; font-weight: bold; }
-    .footer { text-align: center; padding: 20px; color: #64748b; font-size: 12px; }
-  </style>
-</head>
-<body>
-  <div class="header">
-    <h1>${framework}</h1>
-    <h2>Compliance Report</h2>
-    <div class="score">${summary.complianceScore}%</div>
-    <p>Project: ${projectName} | Generated: ${new Date(generatedAt).toLocaleDateString()}</p>
-  </div>
-  
-  <div class="summary">
-    <div class="summary-card pass">
-      <h3>${summary.passed}</h3>
-      <p>Passed</p>
-    </div>
-    <div class="summary-card warning">
-      <h3>${summary.warnings}</h3>
-      <p>Warnings</p>
-    </div>
-    <div class="summary-card fail">
-      <h3>${summary.failed}</h3>
-      <p>Failed</p>
-    </div>
-    <div class="summary-card">
-      <h3>${summary.totalControls}</h3>
-      <p>Total Controls</p>
-    </div>
-  </div>
-  
-  ${criteriaHTML}
-  
-  <div class="footer">
-    <p>Generated by VibeCheck Enterprise Compliance Engine</p>
-    <p>This report is provided for informational purposes and does not constitute legal or compliance advice.</p>
-  </div>
-</body>
-</html>`;
-}
-
-module.exports = {
-  generateSOC2Report,
-  generateHIPAAReport,
-  generatePCIDSSReport,
-  renderComplianceSummary,
-  exportComplianceHTML,
-  mapFindingsToControls,
-  SOC2_CRITERIA,
-  HIPAA_CONTROLS,
-  PCI_DSS_REQUIREMENTS,
-};