@weave_protocol/domere 1.0.13 → 1.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/README.md +278 -31
  2. package/dist/audit/index.d.ts +2 -0
  3. package/dist/audit/index.d.ts.map +1 -0
  4. package/dist/audit/index.js +2 -0
  5. package/dist/audit/index.js.map +1 -0
  6. package/dist/audit/replay.d.ts +153 -0
  7. package/dist/audit/replay.d.ts.map +1 -0
  8. package/dist/audit/replay.js +328 -0
  9. package/dist/audit/replay.js.map +1 -0
  10. package/dist/compliance/checkpoint.d.ts +183 -0
  11. package/dist/compliance/checkpoint.d.ts.map +1 -0
  12. package/dist/compliance/checkpoint.js +394 -0
  13. package/dist/compliance/checkpoint.js.map +1 -0
  14. package/dist/compliance/index.d.ts +2 -0
  15. package/dist/compliance/index.d.ts.map +1 -0
  16. package/dist/compliance/index.js +2 -0
  17. package/dist/compliance/index.js.map +1 -0
  18. package/dist/handoff/index.d.ts +2 -0
  19. package/dist/handoff/index.d.ts.map +1 -0
  20. package/dist/handoff/index.js +2 -0
  21. package/dist/handoff/index.js.map +1 -0
  22. package/dist/handoff/verification.d.ts +115 -0
  23. package/dist/handoff/verification.d.ts.map +1 -0
  24. package/dist/handoff/verification.js +285 -0
  25. package/dist/handoff/verification.js.map +1 -0
  26. package/dist/index.d.ts +3 -0
  27. package/dist/index.d.ts.map +1 -1
  28. package/dist/index.js +4 -0
  29. package/dist/index.js.map +1 -1
  30. package/package.json +1 -1
  31. package/src/audit/index.ts +1 -0
  32. package/src/audit/replay.ts +504 -0
  33. package/src/compliance/checkpoint.ts +647 -0
  34. package/src/compliance/index.ts +1 -0
  35. package/src/handoff/index.ts +1 -0
  36. package/src/handoff/verification.ts +428 -0
  37. package/src/index.ts +5 -0
package/dist/audit/replay.js ADDED
@@ -0,0 +1,328 @@
1
+ /**
2
+ * Dōmere - Execution Replay & Audit Trail
3
+ *
4
+ * Cryptographically verifiable audit trail for AI agent actions.
5
+ * Enables complete replay and forensic analysis of agent behavior.
6
+ */
7
+ import * as crypto from 'crypto';
8
+ // =============================================================================
9
+ // Execution Replay Manager
10
+ // =============================================================================
11
+ export class ExecutionReplayManager {
12
+ trails = new Map();
13
+ encryptionKey;
14
+ constructor(encryptionKey) {
15
+ if (encryptionKey) {
16
+ this.encryptionKey = crypto.scryptSync(encryptionKey, 'domere-audit', 32);
17
+ }
18
+ }
19
+ /**
20
+ * Record an action in the audit trail
21
+ */
22
+ async recordAction(params) {
23
+ const trail = this.trails.get(params.thread_id) || [];
24
+ const sequence = trail.length;
25
+ const previousHash = sequence > 0 ? trail[sequence - 1].action_hash : '0'.repeat(64);
26
+ // Hash inputs/outputs
27
+ const inputStr = JSON.stringify(params.input);
28
+ const outputStr = JSON.stringify(params.output);
29
+ const inputHash = crypto.createHash('sha256').update(inputStr).digest('hex');
30
+ const outputHash = crypto.createHash('sha256').update(outputStr).digest('hex');
31
+ // Create action record
32
+ const record = {
33
+ id: `act_${crypto.randomUUID()}`,
34
+ thread_id: params.thread_id,
35
+ sequence,
36
+ timestamp: new Date(),
37
+ agent_id: params.agent_id,
38
+ agent_type: params.agent_type,
39
+ action_type: params.action_type,
40
+ action_name: params.action_name,
41
+ input_hash: inputHash,
42
+ output_hash: outputHash,
43
+ input_size_bytes: Buffer.byteLength(inputStr),
44
+ output_size_bytes: Buffer.byteLength(outputStr),
45
+ latency_ms: params.latency_ms,
46
+ cost_usd: params.cost_usd,
47
+ tokens_in: params.tokens_in,
48
+ tokens_out: params.tokens_out,
49
+ model: params.model,
50
+ provider: params.provider,
51
+ previous_hash: previousHash,
52
+ action_hash: '', // Computed below
53
+ };
54
+ // Optionally encrypt and store raw data
55
+ if (params.store_raw && this.encryptionKey) {
56
+ record.input_encrypted = this.encrypt(inputStr);
57
+ record.output_encrypted = this.encrypt(outputStr);
58
+ }
59
+ // Compute action hash (chain integrity)
60
+ record.action_hash = this.computeActionHash(record);
61
+ // Store
62
+ trail.push(record);
63
+ this.trails.set(params.thread_id, trail);
64
+ return record;
65
+ }
66
+ /**
67
+ * Get complete execution trail for a thread
68
+ */
69
+ async getExecutionTrail(threadId, options) {
70
+ const actions = this.trails.get(threadId);
71
+ if (!actions || actions.length === 0)
72
+ return null;
73
+ let filtered = [...actions];
74
+ // Apply filters
75
+ if (options?.from_sequence !== undefined) {
76
+ filtered = filtered.filter(a => a.sequence >= options.from_sequence);
77
+ }
78
+ if (options?.to_sequence !== undefined) {
79
+ filtered = filtered.filter(a => a.sequence <= options.to_sequence);
80
+ }
81
+ if (options?.agent_filter?.length) {
82
+ filtered = filtered.filter(a => options.agent_filter.includes(a.agent_id));
83
+ }
84
+ if (options?.action_type_filter?.length) {
85
+ filtered = filtered.filter(a => options.action_type_filter.includes(a.action_type));
86
+ }
87
+ // Remove encrypted data if not requested
88
+ if (!options?.include_encrypted) {
89
+ filtered = filtered.map(a => {
90
+ const { input_encrypted, output_encrypted, ...rest } = a;
91
+ return rest;
92
+ });
93
+ }
94
+ // Compute stats
95
+ const totalCost = filtered.reduce((sum, a) => sum + (a.cost_usd || 0), 0);
96
+ const totalLatency = filtered.reduce((sum, a) => sum + a.latency_ms, 0);
97
+ const agents = [...new Set(filtered.map(a => a.agent_id))];
98
+ // Verify integrity
99
+ const integrityValid = this.verifyTrailIntegrity(actions);
100
+ return {
101
+ thread_id: threadId,
102
+ created_at: actions[0].timestamp,
103
+ updated_at: actions[actions.length - 1].timestamp,
104
+ action_count: filtered.length,
105
+ total_cost_usd: totalCost,
106
+ total_latency_ms: totalLatency,
107
+ agents_involved: agents,
108
+ merkle_root: this.computeMerkleRoot(actions),
109
+ actions: filtered,
110
+ integrity_valid: integrityValid,
111
+ };
112
+ }
113
+ /**
114
+ * Replay actions for debugging/analysis
115
+ */
116
+ async replayActions(threadId, options) {
117
+ const trail = await this.getExecutionTrail(threadId, options);
118
+ if (!trail) {
119
+ throw new Error(`No trail found for thread ${threadId}`);
120
+ }
121
+ const timeline = trail.actions.map(action => ({
122
+ timestamp: action.timestamp,
123
+ description: `[${action.agent_id}] ${action.action_type}: ${action.action_name} (${action.latency_ms}ms)`,
124
+ }));
125
+ const duration = trail.actions.length > 1
126
+ ? trail.actions[trail.actions.length - 1].timestamp.getTime() - trail.actions[0].timestamp.getTime()
127
+ : 0;
128
+ return {
129
+ actions: trail.actions,
130
+ timeline,
131
+ summary: {
132
+ total_actions: trail.action_count,
133
+ duration_ms: duration,
134
+ cost_usd: trail.total_cost_usd,
135
+ agents: trail.agents_involved,
136
+ },
137
+ };
138
+ }
139
+ /**
140
+ * Query actions across threads
141
+ */
142
+ async queryActions(query) {
143
+ let results = [];
144
+ for (const [threadId, actions] of this.trails) {
145
+ if (query.thread_id && threadId !== query.thread_id)
146
+ continue;
147
+ for (const action of actions) {
148
+ if (query.agent_id && action.agent_id !== query.agent_id)
149
+ continue;
150
+ if (query.action_type && action.action_type !== query.action_type)
151
+ continue;
152
+ if (query.start_time && action.timestamp < query.start_time)
153
+ continue;
154
+ if (query.end_time && action.timestamp > query.end_time)
155
+ continue;
156
+ if (query.min_cost_usd && (action.cost_usd || 0) < query.min_cost_usd)
157
+ continue;
158
+ if (query.min_latency_ms && action.latency_ms < query.min_latency_ms)
159
+ continue;
160
+ results.push(action);
161
+ }
162
+ }
163
+ // Sort by timestamp
164
+ results.sort((a, b) => a.timestamp.getTime() - b.timestamp.getTime());
165
+ // Apply limit
166
+ if (query.limit) {
167
+ results = results.slice(0, query.limit);
168
+ }
169
+ return results;
170
+ }
171
+ /**
172
+ * Generate audit report
173
+ */
174
+ async generateAuditReport(query) {
175
+ const actions = await this.queryActions(query);
176
+ const actionsByType = {};
177
+ const actionsByAgent = {};
178
+ const costByAgent = {};
179
+ let totalCost = 0;
180
+ let totalLatency = 0;
181
+ for (const action of actions) {
182
+ actionsByType[action.action_type] = (actionsByType[action.action_type] || 0) + 1;
183
+ actionsByAgent[action.agent_id] = (actionsByAgent[action.agent_id] || 0) + 1;
184
+ costByAgent[action.agent_id] = (costByAgent[action.agent_id] || 0) + (action.cost_usd || 0);
185
+ totalCost += action.cost_usd || 0;
186
+ totalLatency += action.latency_ms;
187
+ }
188
+ // Detect anomalies
189
+ const anomalies = this.detectAnomalies(actions);
190
+ return {
191
+ query,
192
+ generated_at: new Date(),
193
+ total_actions: actions.length,
194
+ total_cost_usd: totalCost,
195
+ total_latency_ms: totalLatency,
196
+ actions_by_type: actionsByType,
197
+ actions_by_agent: actionsByAgent,
198
+ cost_by_agent: costByAgent,
199
+ anomalies,
200
+ };
201
+ }
202
+ /**
203
+ * Verify trail integrity
204
+ */
205
+ verifyTrailIntegrity(actions) {
206
+ if (actions.length === 0)
207
+ return true;
208
+ for (let i = 0; i < actions.length; i++) {
209
+ const action = actions[i];
210
+ const expectedPrevHash = i === 0 ? '0'.repeat(64) : actions[i - 1].action_hash;
211
+ if (action.previous_hash !== expectedPrevHash) {
212
+ return false;
213
+ }
214
+ const computedHash = this.computeActionHash(action);
215
+ if (action.action_hash !== computedHash) {
216
+ return false;
217
+ }
218
+ }
219
+ return true;
220
+ }
221
+ /**
222
+ * Export trail for external storage/verification
223
+ */
224
+ async exportTrail(threadId) {
225
+ const trail = await this.getExecutionTrail(threadId, { include_encrypted: true });
226
+ if (!trail)
227
+ throw new Error(`No trail found for thread ${threadId}`);
228
+ return JSON.stringify(trail, null, 2);
229
+ }
230
+ /**
231
+ * Import trail from external source
232
+ */
233
+ async importTrail(data) {
234
+ const trail = JSON.parse(data);
235
+ // Verify integrity
236
+ const valid = this.verifyTrailIntegrity(trail.actions);
237
+ // Store
238
+ this.trails.set(trail.thread_id, trail.actions);
239
+ return {
240
+ thread_id: trail.thread_id,
241
+ actions_imported: trail.actions.length,
242
+ valid,
243
+ };
244
+ }
245
+ // ===========================================================================
246
+ // Private Methods
247
+ // ===========================================================================
248
+ computeActionHash(action) {
249
+ const data = [
250
+ action.thread_id,
251
+ action.sequence.toString(),
252
+ action.agent_id,
253
+ action.action_type,
254
+ action.action_name,
255
+ action.input_hash,
256
+ action.output_hash,
257
+ action.timestamp.toISOString(),
258
+ action.previous_hash,
259
+ ].join('|');
260
+ return crypto.createHash('sha256').update(data).digest('hex');
261
+ }
262
+ computeMerkleRoot(actions) {
263
+ if (actions.length === 0)
264
+ return '0'.repeat(64);
265
+ let hashes = actions.map(a => a.action_hash);
266
+ while (hashes.length > 1) {
267
+ const newHashes = [];
268
+ for (let i = 0; i < hashes.length; i += 2) {
269
+ const left = hashes[i];
270
+ const right = hashes[i + 1] || left;
271
+ const combined = crypto.createHash('sha256').update(left + right).digest('hex');
272
+ newHashes.push(combined);
273
+ }
274
+ hashes = newHashes;
275
+ }
276
+ return hashes[0];
277
+ }
278
+ encrypt(data) {
279
+ if (!this.encryptionKey)
280
+ throw new Error('Encryption key not set');
281
+ const iv = crypto.randomBytes(16);
282
+ const cipher = crypto.createCipheriv('aes-256-gcm', this.encryptionKey, iv);
283
+ let encrypted = cipher.update(data, 'utf8', 'hex');
284
+ encrypted += cipher.final('hex');
285
+ const authTag = cipher.getAuthTag();
286
+ return iv.toString('hex') + ':' + authTag.toString('hex') + ':' + encrypted;
287
+ }
288
+ decrypt(encrypted) {
289
+ if (!this.encryptionKey)
290
+ throw new Error('Encryption key not set');
291
+ const [ivHex, authTagHex, data] = encrypted.split(':');
292
+ const iv = Buffer.from(ivHex, 'hex');
293
+ const authTag = Buffer.from(authTagHex, 'hex');
294
+ const decipher = crypto.createDecipheriv('aes-256-gcm', this.encryptionKey, iv);
295
+ decipher.setAuthTag(authTag);
296
+ let decrypted = decipher.update(data, 'hex', 'utf8');
297
+ decrypted += decipher.final('utf8');
298
+ return decrypted;
299
+ }
300
+ detectAnomalies(actions) {
301
+ const anomalies = [];
302
+ // High latency detection (>10s)
303
+ const highLatency = actions.filter(a => a.latency_ms > 10000);
304
+ if (highLatency.length > 0) {
305
+ anomalies.push({
306
+ type: 'high_latency',
307
+ severity: 'medium',
308
+ description: `${highLatency.length} actions exceeded 10s latency`,
309
+ action_ids: highLatency.map(a => a.id),
310
+ detected_at: new Date(),
311
+ });
312
+ }
313
+ // High cost detection (>$1 per action)
314
+ const highCost = actions.filter(a => (a.cost_usd || 0) > 1);
315
+ if (highCost.length > 0) {
316
+ anomalies.push({
317
+ type: 'high_cost',
318
+ severity: 'high',
319
+ description: `${highCost.length} actions exceeded $1 cost`,
320
+ action_ids: highCost.map(a => a.id),
321
+ detected_at: new Date(),
322
+ });
323
+ }
324
+ return anomalies;
325
+ }
326
+ }
327
+ export default ExecutionReplayManager;
328
+ //# sourceMappingURL=replay.js.map
package/dist/audit/replay.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"replay.js","sourceRoot":"","sources":["../../src/audit/replay.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AAgGjC,gFAAgF;AAChF,2BAA2B;AAC3B,gFAAgF;AAEhF,MAAM,OAAO,sBAAsB;IACzB,MAAM,GAAgC,IAAI,GAAG,EAAE,CAAC;IAChD,aAAa,CAAU;IAE/B,YAAY,aAAsB;QAChC,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC,aAAa,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,MAelB;QACC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QACtD,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC;QAC9B,MAAM,YAAY,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAErF,sBAAsB;QACtB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC7E,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE/E,uBAAuB;QACvB,MAAM,MAAM,GAAiB;YAC3B,EAAE,EAAE,OAAO,MAAM,CAAC,UAAU,EAAE,EAAE;YAChC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ;YACR,SAAS,EAAE,IAAI,IAAI,EAAE;YAErB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,UAAU,EAAE,MAAM,CAAC,UAAU;YAE7B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,WAAW,EAAE,MAAM,CAAC,WAAW;YAE/B,UAAU,EAAE,SAAS;YACrB,WAAW,EAAE,UAAU;YACvB,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC;YAC7C,iBAAiB,EAAE,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC;YAE/C,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YAEzB,aAAa,EAAE,YAAY;YAC3B,WAAW,EAAE,EAAE,EAAE,iBAAiB;SACnC,CAAC;QAEF,wCAAwC;QACxC,IAAI,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC3C,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAChD,MAAM,CAAC,gBAAgB,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACpD,CAAC;QAED,wCAAwC;QACxC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAEpD,QAAQ;QACR,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAEzC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,QAAgB,EAAE,OAAuB;QAC/D,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAElD,IAAI,QAAQ,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC;QAE5B,gBAAgB;QAChB,IAAI,OAAO,EAAE,aAAa,KAAK,SAAS,EAAE,CAAC;YACzC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,OAAO,CAAC,aAAc,CAAC,CAAC;QACxE,CAAC;QACD,IAAI,OAAO,EAAE,WAAW,KAAK,SAAS,EAAE,CAAC;YACvC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAY,CAAC,CAAC;QACtE,CAAC;QACD,IAAI,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;YAClC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,YAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,CAAC;YACxC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,kBAAmB,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QACvF,CAAC;QAED,yCAAyC;QACzC,IAAI,CAAC,OAAO,EAAE,iBAAiB,EAAE,CAAC;YAChC,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;gBAC1B,MAAM,EAAE,eAAe,EAAE,gBAAgB,EAAE,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC;gBACzD,OAAO,IAAoB,CAAC;YAC9B,CAAC,CAAC,CAAC;QACL,CAAC;QAED,gBAAgB;QAChB,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1E,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QACxE,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAE3D,mBAAmB;QACnB,MAAM,cAAc,GAAG,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAE1D,OAAO;YACL,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;YAChC,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,SAAS;YACjD,YAAY,EAAE,QAAQ,CAAC,MAAM;YAC7B,cAAc,EAAE,SAAS;YACzB,gBAAgB,EAAE,YAAY;YAC9B,eAAe,EAAE,MAAM;YACvB,WAAW,EAAE,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC;YAC5C,OAAO,EAAE,QAAQ;YACjB,eAAe,EAAE,cAAc;SAChC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,QAAgB,EAAE,OAAuB;QAU3D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC5C,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,WAAW,EAAE,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,WAAW,KAAK,MAAM,CAAC,WAAW,KAAK,MAAM,CAAC,UAAU,KAAK;SAC1G,CAAC,CAAC,CAAC;QAEJ,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;YACvC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE;YACpG,CAAC,CAAC,CAAC,CAAC;QAEN,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,QAAQ;YACR,OAAO,EAAE;gBACP,aAAa,EAAE,KAAK,CAAC,YAAY;gBACjC,WAAW,EAAE,QAAQ;gBACrB,QAAQ,EAAE,KAAK,CAAC,cAAc;gBAC9B,MAAM,EAAE,KAAK,CAAC,eAAe;aAC9B;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,KAAiB;QAClC,IAAI,OAAO,GAAmB,EAAE,CAAC;QAEjC,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAC9C,IAAI,KAAK,CAAC,SAAS,IAAI,QAAQ,KAAK,KAAK,CAAC,SAAS;gBAAE,SAAS;YAE9D,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,IAAI,KAAK,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,KAAK,CAAC,QAAQ;oBAAE,SAAS;gBACnE,IAAI,KAAK,CAAC,WAAW,IAAI,MAAM,CAAC,WAAW,KAAK,KAAK,CAAC,WAAW;oBAAE,SAAS;gBAC5E,IAAI,KAAK,CAAC,UAAU,IAAI,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC,UAAU;oBAAE,SAAS;gBACtE,IAAI,KAAK,CAAC,QAAQ,IAAI,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC,QAAQ;oBAAE,SAAS;gBAClE,IAAI,KAAK,CAAC,YAAY,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC,YAAY;oBAAE,SAAS;gBAChF,IAAI,KAAK,CAAC,cAAc,IAAI,MAAM,CAAC,UAAU,GAAG,KAAK,CAAC,cAAc;oBAAE,SAAS;gBAE/E,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;QAEtE,cAAc;QACd,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,mBAAmB,CAAC,KAAiB;QACzC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAE/C,MAAM,aAAa,GAA2B,EAAE,CAAC;QACjD,MAAM,cAAc,GAA2B,EAAE,CAAC;QAClD,MAAM,WAAW,GAA2B,EAAE,CAAC;QAC/C,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,YAAY,GAAG,CAAC,CAAC;QAErB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,aAAa,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACjF,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YAC7E,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;YAC5F,SAAS,IAAI,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;YAClC,YAAY,IAAI,MAAM,CAAC,UAAU,CAAC;QACpC,CAAC;QAED,mBAAmB;QACnB,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QAEhD,OAAO;YACL,KAAK;YACL,YAAY,EAAE,IAAI,IAAI,EAAE;YACxB,aAAa,EAAE,OAAO,CAAC,MAAM;YAC7B,cAAc,EAAE,SAAS;YACzB,gBAAgB,EAAE,YAAY;YAC9B,eAAe,EAAE,aAAa;YAC9B,gBAAgB,EAAE,cAAc;YAChC,aAAa,EAAE,WAAW;YAC1B,SAAS;SACV,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,OAAuB;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,gBAAgB,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC;YAE/E,IAAI,MAAM,CAAC,aAAa,KAAK,gBAAgB,EAAE,CAAC;gBAC9C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YACpD,IAAI,MAAM,CAAC,WAAW,KAAK,YAAY,EAAE,CAAC;gBACxC,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,QAAgB;QAChC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAC,CAAC;QAClF,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,EAAE,CAAC,CAAC;QAErE,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,IAAY;QAC5B,MAAM,KAAK,GAAmB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE/C,mBAAmB;QACnB,MAAM,KAAK,GAAG,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEvD,QAAQ;QACR,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QAEhD,OAAO;YACL,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,gBAAgB,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM;YACtC,KAAK;SACN,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAEtE,iBAAiB,CAAC,MAAoB;QAC5C,MAAM,IAAI,GAAG;YACX,MAAM,CAAC,SAAS;YAChB,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE;YAC1B,MAAM,CAAC,QAAQ;YACf,MAAM,CAAC,WAAW;YAClB,MAAM,CAAC,WAAW;YAClB,MAAM,CAAC,UAAU;YACjB,MAAM,CAAC,WAAW;YAClB,MAAM,CAAC,SAAS,CAAC,WAAW,EAAE;YAC9B,MAAM,CAAC,aAAa;SACrB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEZ,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAChE,CAAC;IAEO,iBAAiB,CAAC,OAAuB;QAC/C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAEhD,IAAI,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QAE7C,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,SAAS,GAAa,EAAE,CAAC;YAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;gBACvB,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC;gBACpC,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAChF,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC3B,CAAC;YACD,MAAM,GAAG,SAAS,CAAC;QACrB,CAAC;QAED,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;IACnB,CAAC;IAEO,OAAO,CAAC,IAAY;QAC1B,IAAI,CAAC,IAAI,CAAC,aAAa;YAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAEnE,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAE5E,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QACnD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEjC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,OAAO,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,SAAS,CAAC;IAC9E,CAAC;IAEO,OAAO,CAAC,SAAiB;QAC/B,IAAI,CAAC,IAAI,CAAC,aAAa;YAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAEnE,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACvD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACrC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAE/C,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAChF,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE7B,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QACrD,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEpC,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,eAAe,CAAC,OAAuB;QAC7C,MAAM,SAAS,GAAmB,EAAE,CAAC;QAErC,gCAAgC;QAChC,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,GAAG,KAAK,CAAC,CAAC;QAC9D,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,SAAS,CAAC,IAAI,CAAC;gBACb,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,WAAW,EAAE,GAAG,WAAW,CAAC,MAAM,+BAA+B;gBACjE,UAAU,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtC,WAAW,EAAE,IAAI,IAAI,EAAE;aACxB,CAAC,CAAC;QACL,CAAC;QAED,uCAAuC;QACvC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,SAAS,CAAC,IAAI,CAAC;gBACb,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,GAAG,QAAQ,CAAC,MAAM,2BAA2B;gBAC1D,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnC,WAAW,EAAE,IAAI,IAAI,EAAE;aACxB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AAED,eAAe,sBAAsB,CAAC"}
package/dist/compliance/checkpoint.d.ts ADDED
@@ -0,0 +1,183 @@
1
+ /**
2
+ * Dōmere - Compliance Checkpoints (SOC2/HIPAA)
3
+ *
4
+ * Automated compliance tracking and reporting for AI systems.
5
+ * Supports SOC2, HIPAA, GDPR, and custom frameworks.
6
+ */
7
+ export type ComplianceFramework = 'SOC2' | 'HIPAA' | 'GDPR' | 'PCI-DSS' | 'ISO27001' | 'CUSTOM';
8
+ export type SOC2Control = 'CC1.1' | 'CC1.2' | 'CC1.3' | 'CC1.4' | 'CC1.5' | 'CC2.1' | 'CC2.2' | 'CC2.3' | 'CC3.1' | 'CC3.2' | 'CC3.3' | 'CC3.4' | 'CC4.1' | 'CC4.2' | 'CC5.1' | 'CC5.2' | 'CC5.3' | 'CC6.1' | 'CC6.2' | 'CC6.3' | 'CC6.4' | 'CC6.5' | 'CC6.6' | 'CC6.7' | 'CC6.8' | 'CC7.1' | 'CC7.2' | 'CC7.3' | 'CC7.4' | 'CC7.5' | 'CC8.1' | 'CC9.1' | 'CC9.2';
9
+ export type HIPAAControl = 'ACCESS_CONTROL' | 'AUDIT_CONTROLS' | 'INTEGRITY' | 'PERSON_AUTH' | 'TRANSMISSION_SECURITY' | 'PRIVACY_RULE' | 'BREACH_NOTIFICATION' | 'MINIMUM_NECESSARY';
10
+ export interface ComplianceCheckpointRecord {
11
+ id: string;
12
+ thread_id: string;
13
+ timestamp: Date;
14
+ framework: ComplianceFramework;
15
+ control: string;
16
+ control_description: string;
17
+ event_type: 'access' | 'modification' | 'disclosure' | 'deletion' | 'transmission' | 'authentication' | 'authorization' | 'audit';
18
+ event_description: string;
19
+ data_classification: 'public' | 'internal' | 'confidential' | 'restricted' | 'phi' | 'pii';
20
+ data_categories: string[];
21
+ agent_id: string;
22
+ user_id?: string;
23
+ data_subject_id?: string;
24
+ legal_basis?: 'consent' | 'contract' | 'legal_obligation' | 'vital_interests' | 'public_task' | 'legitimate_interests' | 'treatment' | 'payment' | 'operations';
25
+ retention_days?: number;
26
+ retention_policy?: string;
27
+ risk_level: 'low' | 'medium' | 'high' | 'critical';
28
+ mitigations_applied: string[];
29
+ checkpoint_hash: string;
30
+ signed: boolean;
31
+ signature?: string;
32
+ }
33
+ export interface ComplianceViolationRecord {
34
+ id: string;
35
+ checkpoint_id: string;
36
+ thread_id: string;
37
+ timestamp: Date;
38
+ framework: ComplianceFramework;
39
+ control: string;
40
+ violation_type: 'unauthorized_access' | 'data_breach' | 'policy_violation' | 'retention_violation' | 'consent_violation' | 'audit_gap' | 'encryption_failure';
41
+ severity: 'low' | 'medium' | 'high' | 'critical';
42
+ description: string;
43
+ affected_records: number;
44
+ affected_subjects: string[];
45
+ remediation_required: boolean;
46
+ remediation_deadline?: Date;
47
+ remediation_status: 'pending' | 'in_progress' | 'completed' | 'waived';
48
+ remediation_notes?: string;
49
+ }
50
+ export interface ComplianceReportOutput {
51
+ id: string;
52
+ generated_at: Date;
53
+ period_start: Date;
54
+ period_end: Date;
55
+ framework: ComplianceFramework;
56
+ total_checkpoints: number;
57
+ checkpoints_by_control: Record<string, number>;
58
+ checkpoints_by_event_type: Record<string, number>;
59
+ checkpoints_by_risk_level: Record<string, number>;
60
+ total_violations: number;
61
+ violations_by_severity: Record<string, number>;
62
+ open_violations: number;
63
+ remediated_violations: number;
64
+ unique_data_subjects: number;
65
+ data_access_count: number;
66
+ compliance_score: number;
67
+ control_coverage: Record<string, {
68
+ covered: boolean;
69
+ checkpoint_count: number;
70
+ }>;
71
+ attestation?: {
72
+ attester: string;
73
+ attested_at: Date;
74
+ statement: string;
75
+ signature: string;
76
+ };
77
+ }
78
+ export interface RetentionPolicy {
79
+ name: string;
80
+ data_categories: string[];
81
+ retention_days: number;
82
+ deletion_method: 'soft' | 'hard' | 'anonymize';
83
+ legal_hold_exempt: boolean;
84
+ }
85
+ export declare const SOC2_CONTROLS: Record<SOC2Control, string>;
86
+ export declare const HIPAA_CONTROLS: Record<HIPAAControl, string>;
87
+ export declare class ComplianceManager {
88
+ private checkpoints;
89
+ private violations;
90
+ private retentionPolicies;
91
+ private signingKey;
92
+ constructor(signingKey: string);
93
+ /**
94
+ * Record a compliance checkpoint
95
+ */
96
+ checkpoint(params: {
97
+ thread_id: string;
98
+ framework: ComplianceFramework;
99
+ control: string;
100
+ event_type: ComplianceCheckpointRecord['event_type'];
101
+ event_description: string;
102
+ data_classification: ComplianceCheckpointRecord['data_classification'];
103
+ data_categories?: string[];
104
+ agent_id: string;
105
+ user_id?: string;
106
+ data_subject_id?: string;
107
+ legal_basis?: ComplianceCheckpointRecord['legal_basis'];
108
+ retention_days?: number;
109
+ risk_level?: ComplianceCheckpointRecord['risk_level'];
110
+ mitigations_applied?: string[];
111
+ sign?: boolean;
112
+ }): Promise<ComplianceCheckpointRecord>;
113
+ /**
114
+ * Record a compliance violation
115
+ */
116
+ recordViolation(params: {
117
+ checkpoint_id?: string;
118
+ thread_id: string;
119
+ framework: ComplianceFramework;
120
+ control: string;
121
+ violation_type: ComplianceViolationRecord['violation_type'];
122
+ severity: ComplianceViolationRecord['severity'];
123
+ description: string;
124
+ affected_records?: number;
125
+ affected_subjects?: string[];
126
+ remediation_deadline?: Date;
127
+ }): Promise<ComplianceViolationRecord>;
128
+ /**
129
+ * Update remediation status
130
+ */
131
+ updateRemediation(violationId: string, status: ComplianceViolationRecord['remediation_status'], notes?: string): Promise<ComplianceViolationRecord | null>;
132
+ /**
133
+ * Generate compliance report
134
+ */
135
+ generateReport(params: {
136
+ framework: ComplianceFramework;
137
+ period_start: Date;
138
+ period_end: Date;
139
+ attester?: string;
140
+ }): Promise<ComplianceReportOutput>;
141
+ /**
142
+ * Get checkpoints for a thread
143
+ */
144
+ getCheckpoints(threadId: string): Promise<ComplianceCheckpointRecord[]>;
145
+ /**
146
+ * Get violations for a thread
147
+ */
148
+ getViolations(threadId: string): Promise<ComplianceViolationRecord[]>;
149
+ /**
150
+ * Add retention policy
151
+ */
152
+ addRetentionPolicy(policy: RetentionPolicy): void;
153
+ /**
154
+ * HIPAA-specific: Log PHI access
155
+ */
156
+ logPHIAccess(params: {
157
+ thread_id: string;
158
+ agent_id: string;
159
+ patient_id: string;
160
+ access_reason: string;
161
+ data_accessed: string[];
162
+ legal_basis: 'treatment' | 'payment' | 'operations';
163
+ }): Promise<ComplianceCheckpointRecord>;
164
+ /**
165
+ * SOC2-specific: Log access control event
166
+ */
167
+ logAccessControl(params: {
168
+ thread_id: string;
169
+ agent_id: string;
170
+ user_id?: string;
171
+ resource: string;
172
+ action: 'grant' | 'revoke' | 'modify' | 'review';
173
+ success: boolean;
174
+ }): Promise<ComplianceCheckpointRecord>;
175
+ private initDefaultPolicies;
176
+ private assessRisk;
177
+ private getRetentionDays;
178
+ private checkViolations;
179
+ private computeCheckpointHash;
180
+ private sign;
181
+ }
182
+ export default ComplianceManager;
183
+ //# sourceMappingURL=checkpoint.d.ts.map
package/dist/compliance/checkpoint.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"checkpoint.d.ts","sourceRoot":"","sources":["../../src/compliance/checkpoint.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,UAAU,GAAG,QAAQ,CAAC;AAEhG,MAAM,MAAM,WAAW,GACnB,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAC/C,OAAO,GAAG,OAAO,GAAG,OAAO,GAC3B,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GACrC,OAAO,GAAG,OAAO,GACjB,OAAO,GAAG,OAAO,GAAG,OAAO,GAC3B,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAC7E,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAC/C,OAAO,GACP,OAAO,GAAG,OAAO,CAAC;AAEtB,MAAM,MAAM,YAAY,GACpB,gBAAgB,GAChB,gBAAgB,GAChB,WAAW,GACX,aAAa,GACb,uBAAuB,GACvB,cAAc,GACd,qBAAqB,GACrB,mBAAmB,CAAC;AAExB,MAAM,WAAW,0BAA0B;IACzC,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAGhB,SAAS,EAAE,mBAAmB,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,mBAAmB,EAAE,MAAM,CAAC;IAG5B,UAAU,EAAE,QAAQ,GAAG,cAAc,GAAG,YAAY,GAAG,UAAU,GAAG,cAAc,GAAG,gBAAgB,GAAG,eAAe,GAAG,OAAO,CAAC;IAClI,iBAAiB,EAAE,MAAM,CAAC;IAG1B,mBAAmB,EAAE,QAAQ,GAAG,UAAU,GAAG,cAAc,GAAG,YAAY,GAAG,KAAK,GAAG,KAAK,CAAC;IAC3F,eAAe,EAAE,MAAM,EAAE,CAAC;IAG1B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;IAGzB,WAAW,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,kBAAkB,GAAG,iBAAiB,GAAG,aAAa,GAAG,sBAAsB,GAAG,WAAW,GAAG,SAAS,GAAG,YAAY,CAAC;IAGhK,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAG1B,UAAU,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACnD,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAG9B,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,yBAAyB;IACxC,EAAE,EAAE,MAAM,CAAC;IACX,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAEhB,SAAS,EAAE,mBAAmB,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;IAEhB,cAAc,EAAE,qBAAqB,GAAG,aAAa,GAAG,kBAAkB,GAAG,qBAAqB,GAAG,mBAAmB,GAAG,WAAW,GAAG,oBAAoB,CAAC;IAC9J,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,WAAW,EAAE,MAAM,CAAC;IAEpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAE5B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,oBAAoB,CAAC,EAAE,IAAI,CAAC;IAC5B,kBAAkB,EAAE,SAAS,GAAG,aAAa,GAAG,WAAW,GAAG,QAAQ,CAAC;IACvE,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,IAAI,CAAC;IACnB,YAAY,EAAE,IAAI,CAAC;IACnB,UAAU,EAAE,IAAI,CAAC;IAEjB,SAAS,EAAE,mBAAmB,CAAC;IAG/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/C,yBAAyB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClD,yBAAyB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAGlD,gBAAgB,EAAE,MAAM,CAAC;IACzB,sBAAsB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/C,eAAe,EAAE,MAAM,CAAC;IACxB,qBAAqB,EAAE,MAAM,CAAC;IAG9B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,iBAAiB,EAAE,MAAM,CAAC;IAG1B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAGjF,WAAW,CAAC,EAAE;QACZ,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,IAAI,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,GAAG,MAAM,GAAG,WAAW,CAAC;IAC/C,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAMD,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAkCrD,CAAC;AAEF,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CASvD,CAAC;AAMF,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,WAAW,CAAsD;IACzE,OAAO,CAAC,UAAU,CAAqD;IACvE,OAAO,CAAC,iBAAiB,CAA2C;IACpE,OAAO,CAAC,UAAU,CAAS;gBAEf,UAAU,EAAE,MAAM;IAK9B;;OAEG;IACG,UAAU,CAAC,MAAM,EAAE;QACvB,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,mBAAmB,CAAC;QAC/B,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,0BAA0B,CAAC,YAAY,CAAC,CAAC;QACrD,iBAAiB,EAAE,MAAM,CAAC;QAC1B,mBAAmB,EAAE,0BAA0B,CAAC,qBAAqB,CAAC,CAAC;QACvE,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAC3B,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,WAAW,CAAC,EAAE,0BAA0B,CAAC,aAAa,CAAC,CAAC;QACxD,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,UAAU,CAAC,EAAE,0BAA0B,CAAC,YAAY,CAAC,CAAC;QACtD,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC/B,IAAI,CAAC,EAAE,OAAO,CAAC;KAChB,GAAG,OAAO,CAAC,0BAA0B,CAAC;IA+DvC;;OAEG;IACG,eAAe,CAAC,MAAM,EAAE;QAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,mBAAmB,CAAC;QAC/B,OAAO,EAAE,MAAM,CAAC;QAChB,cAAc,EAAE,yBAAyB,CAAC,gBAAgB,CAAC,CAAC;QAC5D,QAAQ,EAAE,yBAAyB,CAAC,UAAU,CAAC,CAAC;QAChD,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC7B,oBAAoB,CAAC,EAAE,IAAI,CAAC;KAC7B,GAAG,OAAO,CAAC,yBAAyB,CAAC;IA6BtC;;OAEG;IACG,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,yBAAyB,CAAC,oBAAoB,CAAC,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,GAAG,IAAI,CAAC;IAUhK;;OAEG;IACG,cAAc,CAAC,MAAM,EAAE;QAC3B,SAAS,EAAE,mBAAmB,CAAC;QAC/B,YAAY,EAAE,IAAI,CAAC;QACnB,UAAU,EAAE,IAAI,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAuGnC;;OAEG;IACG,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAM7E;;OAEG;IACG,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,EAAE,CAAC;IAM3E;;OAEG;IACH,kBAAkB,CAAC,MAAM,EAAE,eAAe,GAAG,IAAI;IAIjD;;OAEG;IACG,YAAY,CAAC,MAAM,EAAE;QACzB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,EAAE,MAAM,CAAC;QACnB,aAAa,EAAE,MAAM,CAAC;QACtB,aAAa,EAAE,MAAM,EAAE,CAAC;QACxB,WAAW,EAAE,WAAW,GAAG,SAAS,GAAG,YAAY,CAAC;KACrD,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAgBvC;;OAEG;IACG,gBAAgB,CAAC,MAAM,EAAE;QAC7B,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;QACjD,OAAO,EAAE,OAAO,CAAC;KAClB,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAqBvC,OAAO,CAAC,mBAAmB;IA0B3B,OAAO,CAAC,UAAU;IAelB,OAAO,CAAC,gBAAgB;YAYV,eAAe;IA8B7B,OAAO,CAAC,qBAAqB;IAgB7B,OAAO,CAAC,IAAI;CAKb;AAED,eAAe,iBAAiB,CAAC"}