npm - aira-sdk - Versions diffs - 3.0.0 → 3.1.0 - Mend

aira-sdk 3.0.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/client.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { Authorization, ActionReceipt, ActionDetail, AgentDetail, AgentVersion, CosignResult, EvidencePackage, ComplianceSnapshot, EscrowAccount, EscrowTransaction, VerifyResult, PaginatedList, ComplianceReport, ComplianceReportListResponse, ComplianceReportVerification, ActionExplanation, ExplanationVerification, OutputPolicy, OutputPolicyUpdate } from "./types";
+import { Authorization, ActionReceipt, ActionDetail, AgentDetail, AgentVersion, CosignResult, EvidencePackage, ComplianceSnapshot, EscrowAccount, EscrowTransaction, VerifyResult, PaginatedList, ComplianceReport, ComplianceReportListResponse, ComplianceReportVerification, ActionExplanation, ExplanationVerification, OutputPolicy, OutputPolicyUpdate, DoraIncident, IctThirdParty, DoraTest } from "./types";
 import { AiraSession } from "./session";
 export interface AiraOptions {
     apiKey: string;
@@ -326,6 +326,103 @@ export declare class Aira {
      * required server-side.
      */
     updateOutputPolicy(updates: OutputPolicyUpdate): Promise<OutputPolicy>;
+    /** Open a new DORA ICT incident (Article 17). */
+    createDoraIncident(params: {
+        title: string;
+        description: string;
+        detectedAt: string;
+        affectedServices?: string[];
+        clientsAffectedCount?: number;
+        geographicScope?: string[];
+        relatedActionUuids?: string[];
+    }): Promise<DoraIncident>;
+    /** List DORA incidents with optional filters. */
+    listDoraIncidents(params?: {
+        status?: string;
+        severity?: string;
+        isMajor?: boolean;
+        limit?: number;
+        offset?: number;
+    }): Promise<{
+        items: DoraIncident[];
+        total: number;
+        limit: number;
+        offset: number;
+        request_id: string;
+    }>;
+    /** Get one DORA incident. */
+    getDoraIncident(incidentUuid: string): Promise<DoraIncident>;
+    /** Classify a detected incident (Article 18). */
+    classifyDoraIncident(incidentUuid: string, params: {
+        severity: "critical" | "high" | "medium" | "low";
+        category: string;
+        isMajor?: boolean;
+        rootCauseSummary?: string;
+        rootCauseClassification?: string;
+        thirdPartyUuid?: string;
+    }): Promise<DoraIncident>;
+    /** Mark an incident resolved + record post-mortem fields. */
+    resolveDoraIncident(incidentUuid: string, params: {
+        resolutionSummary: string;
+        lessonsLearned?: string;
+        resolvedAt?: string;
+    }): Promise<DoraIncident>;
+    /** Generate (if needed) and download the major-incident PDF for ESA submission. */
+    downloadDoraIncidentReport(incidentUuid: string): Promise<Uint8Array>;
+    /** Add a vendor to the ICT third-party register (Article 28). */
+    createIctThirdParty(params: {
+        vendorName: string;
+        serviceDescription: string;
+        serviceType: string;
+        criticality: "critical" | "non_critical" | "supporting";
+        contractStartDate?: string;
+        contractEndDate?: string;
+        exitStrategySummary?: string;
+        subcontractors?: string[];
+        dataCategories?: string[];
+        jurisdiction?: string;
+    }): Promise<IctThirdParty>;
+    /** List ICT third-party register entries. */
+    listIctThirdParties(params?: {
+        criticality?: string;
+        isActive?: boolean;
+        limit?: number;
+        offset?: number;
+    }): Promise<{
+        items: IctThirdParty[];
+        total: number;
+        limit: number;
+        offset: number;
+        request_id: string;
+    }>;
+    getIctThirdParty(thirdPartyUuid: string): Promise<IctThirdParty>;
+    /** PATCH semantics — only supplied fields change. */
+    updateIctThirdParty(thirdPartyUuid: string, fields: Partial<IctThirdParty> & {
+        is_active?: boolean;
+    }): Promise<IctThirdParty>;
+    /** Log a DORA resilience test (Articles 24-27). */
+    createDoraTest(params: {
+        testType: string;
+        title: string;
+        scope: string;
+        conductedAt: string;
+        conductedBy: string;
+        status: "passed" | "failed" | "partial";
+        findingsSummary?: string;
+        remediationPlan?: string;
+        remediationDueAt?: string;
+    }): Promise<DoraTest>;
+    listDoraTests(params?: {
+        testType?: string;
+        limit?: number;
+        offset?: number;
+    }): Promise<{
+        items: DoraTest[];
+        total: number;
+        limit: number;
+        offset: number;
+        request_id: string;
+    }>;
     /**
      * Article 6 right-to-explanation for a single action.
      *

package/dist/client.js CHANGED Viewed

@@ -624,6 +624,146 @@ class Aira {
         }
         return this.patch("/output-policies", body);
     }
+    // ==================== DORA (EU 2022/2554) ====================
+    /** Open a new DORA ICT incident (Article 17). */
+    async createDoraIncident(params) {
+        const body = buildBody({
+            title: params.title,
+            description: params.description,
+            detected_at: params.detectedAt,
+            affected_services: params.affectedServices,
+            clients_affected_count: params.clientsAffectedCount,
+            geographic_scope: params.geographicScope,
+            related_action_uuids: params.relatedActionUuids,
+        });
+        return this.post("/dora/incidents", body);
+    }
+    /** List DORA incidents with optional filters. */
+    async listDoraIncidents(params) {
+        const qs = new URLSearchParams();
+        if (params?.status)
+            qs.append("status", params.status);
+        if (params?.severity)
+            qs.append("severity", params.severity);
+        if (params?.isMajor !== undefined)
+            qs.append("is_major", String(params.isMajor));
+        if (params?.limit !== undefined)
+            qs.append("limit", String(params.limit));
+        if (params?.offset !== undefined)
+            qs.append("offset", String(params.offset));
+        const path = qs.toString() ? `/dora/incidents?${qs}` : "/dora/incidents";
+        return this.get(path);
+    }
+    /** Get one DORA incident. */
+    async getDoraIncident(incidentUuid) {
+        return this.get(`/dora/incidents/${incidentUuid}`);
+    }
+    /** Classify a detected incident (Article 18). */
+    async classifyDoraIncident(incidentUuid, params) {
+        const body = buildBody({
+            severity: params.severity,
+            category: params.category,
+            is_major: params.isMajor,
+            root_cause_summary: params.rootCauseSummary,
+            root_cause_classification: params.rootCauseClassification,
+            third_party_uuid: params.thirdPartyUuid,
+        });
+        return this.put(`/dora/incidents/${incidentUuid}/classify`, body);
+    }
+    /** Mark an incident resolved + record post-mortem fields. */
+    async resolveDoraIncident(incidentUuid, params) {
+        const body = buildBody({
+            resolution_summary: params.resolutionSummary,
+            lessons_learned: params.lessonsLearned,
+            resolved_at: params.resolvedAt,
+        });
+        return this.put(`/dora/incidents/${incidentUuid}/resolve`, body);
+    }
+    /** Generate (if needed) and download the major-incident PDF for ESA submission. */
+    async downloadDoraIncidentReport(incidentUuid) {
+        if (this.queue) {
+            throw new types_1.AiraError(0, "OFFLINE", "Downloads not available offline");
+        }
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), this.timeout);
+        try {
+            const res = await fetchWithRetry(() => fetch(`${this.baseUrl}/dora/incidents/${incidentUuid}/report`, {
+                method: "GET",
+                headers: { Authorization: `Bearer ${this.apiKey}` },
+                signal: controller.signal,
+            }));
+            if (!res.ok) {
+                throw new types_1.AiraError(res.status, "DOWNLOAD_FAILED", res.statusText);
+            }
+            return new Uint8Array(await res.arrayBuffer());
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    }
+    /** Add a vendor to the ICT third-party register (Article 28). */
+    async createIctThirdParty(params) {
+        const body = buildBody({
+            vendor_name: params.vendorName,
+            service_description: params.serviceDescription,
+            service_type: params.serviceType,
+            criticality: params.criticality,
+            contract_start_date: params.contractStartDate,
+            contract_end_date: params.contractEndDate,
+            exit_strategy_summary: params.exitStrategySummary,
+            subcontractors: params.subcontractors,
+            data_categories: params.dataCategories,
+            jurisdiction: params.jurisdiction,
+        });
+        return this.post("/dora/third-parties", body);
+    }
+    /** List ICT third-party register entries. */
+    async listIctThirdParties(params) {
+        const qs = new URLSearchParams();
+        if (params?.criticality)
+            qs.append("criticality", params.criticality);
+        if (params?.isActive !== undefined)
+            qs.append("is_active", String(params.isActive));
+        if (params?.limit !== undefined)
+            qs.append("limit", String(params.limit));
+        if (params?.offset !== undefined)
+            qs.append("offset", String(params.offset));
+        const path = qs.toString() ? `/dora/third-parties?${qs}` : "/dora/third-parties";
+        return this.get(path);
+    }
+    async getIctThirdParty(thirdPartyUuid) {
+        return this.get(`/dora/third-parties/${thirdPartyUuid}`);
+    }
+    /** PATCH semantics — only supplied fields change. */
+    async updateIctThirdParty(thirdPartyUuid, fields) {
+        return this.put(`/dora/third-parties/${thirdPartyUuid}`, fields);
+    }
+    /** Log a DORA resilience test (Articles 24-27). */
+    async createDoraTest(params) {
+        const body = buildBody({
+            test_type: params.testType,
+            title: params.title,
+            scope: params.scope,
+            conducted_at: params.conductedAt,
+            conducted_by: params.conductedBy,
+            status: params.status,
+            findings_summary: params.findingsSummary,
+            remediation_plan: params.remediationPlan,
+            remediation_due_at: params.remediationDueAt,
+        });
+        return this.post("/dora/tests", body);
+    }
+    async listDoraTests(params) {
+        const qs = new URLSearchParams();
+        if (params?.testType)
+            qs.append("test_type", params.testType);
+        if (params?.limit !== undefined)
+            qs.append("limit", String(params.limit));
+        if (params?.offset !== undefined)
+            qs.append("offset", String(params.offset));
+        const path = qs.toString() ? `/dora/tests?${qs}` : "/dora/tests";
+        return this.get(path);
+    }
     /**
      * Article 6 right-to-explanation for a single action.
      *

package/dist/index.d.ts CHANGED Viewed

@@ -3,4 +3,4 @@ export type { AiraOptions } from "./client";
 export { AiraSession } from "./session";
 export { OfflineQueue } from "./offline";
 export type { QueuedRequest } from "./offline";
-export { AiraError, FRAMEWORK_ANNEX_IV, FRAMEWORK_ART12, FRAMEWORK_ART9, FRAMEWORK_ART6, type Authorization, type ActionReceipt, type ActionDetail, type AgentDetail, type AgentVersion, type CosignResult, type EvidencePackage, type ComplianceSnapshot, type EscrowAccount, type EscrowTransaction, type VerifyResult, type PaginatedList, type ComplianceReport, type ComplianceReportListResponse, type ComplianceReportVerification, type ActionExplanation, type ExplanationEnvelope, type ExplanationVerification, type OutputPolicy, type OutputPolicyUpdate, type OutputScanFlags, type OutputScanHit, } from "./types";
+export { AiraError, FRAMEWORK_ANNEX_IV, FRAMEWORK_ART12, FRAMEWORK_ART9, FRAMEWORK_ART6, type Authorization, type ActionReceipt, type ActionDetail, type AgentDetail, type AgentVersion, type CosignResult, type EvidencePackage, type ComplianceSnapshot, type EscrowAccount, type EscrowTransaction, type VerifyResult, type PaginatedList, type ComplianceReport, type ComplianceReportListResponse, type ComplianceReportVerification, type ActionExplanation, type ExplanationEnvelope, type ExplanationVerification, type OutputPolicy, type OutputPolicyUpdate, type OutputScanFlags, type OutputScanHit, type DoraIncident, type IctThirdParty, type DoraTest, } from "./types";

package/dist/types.d.ts CHANGED Viewed

@@ -72,6 +72,62 @@ export interface OutputPolicy {
     redact_severity_threshold: "info" | "warning" | "critical";
     request_id: string;
 }
+export interface DoraIncident {
+    uuid: string;
+    title: string;
+    status: "detected" | "classified" | "resolved" | "reported";
+    severity: "critical" | "high" | "medium" | "low" | null;
+    category: string | null;
+    is_major: boolean;
+    detected_at: string;
+    classified_at: string | null;
+    resolved_at: string | null;
+    reported_at: string | null;
+    clients_affected_count: number;
+    has_report: boolean;
+    created_at: string;
+    org_uuid?: string | null;
+    description?: string | null;
+    affected_services?: string[] | null;
+    geographic_scope?: string[] | null;
+    root_cause_summary?: string | null;
+    root_cause_classification?: string | null;
+    third_party_uuid?: string | null;
+    resolution_summary?: string | null;
+    lessons_learned?: string | null;
+    related_action_uuids?: string[] | null;
+    report_content_hash?: string | null;
+    report_signature?: string | null;
+    report_signing_key_id?: string | null;
+    report_signed_at?: string | null;
+    report_pdf_size_bytes?: number | null;
+    request_id?: string;
+}
+export interface IctThirdParty {
+    uuid: string;
+    org_uuid: string;
+    vendor_name: string;
+    service_description: string;
+    service_type: string;
+    criticality: "critical" | "non_critical" | "supporting";
+    contract_start_date: string | null;
+    contract_end_date: string | null;
+    exit_strategy_summary: string | null;
+    subcontractors: string[] | null;
+    data_categories: string[] | null;
+    jurisdiction: string | null;
+    is_active: boolean;
+    created_at: string;
+    request_id?: string;
+}
+export interface DoraTest {
+    uuid: string;
+    test_type: string;
+    title: string;
+    conducted_at: string;
+    conducted_by: string;
+    status: "passed" | "failed" | "partial";
+}
 export interface OutputPolicyUpdate {
     enabled?: boolean;
     mode?: "flag" | "deny" | "redact";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "aira-sdk",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "description": "The authorization and audit layer for AI agents",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",