compfn 0.1.0

package/cli/dist/commands/attest.js

@@ -0,0 +1,26 @@
+import { loadConfig } from "../config.js";
+import { compFn } from "@superfunctions/compfn";
+export async function attestCommand(options) {
+    try {
+        const config = await loadConfig(options.config);
+        const api = compFn(config);
+        const outcome = options.outcome ?? "pass";
+        const evidenceResult = await api.evidence.create({
+            controlId: options.controlId,
+            type: "manual_attestation",
+            actorId: options.actorId,
+            outcome,
+        });
+        if (!evidenceResult.ok) {
+            console.error(`Error creating attestation: ${evidenceResult.error.message}`);
+            process.exit(1);
+        }
+        console.log(`Attestation created: ${evidenceResult.result.id}`);
+        process.exit(0);
+    }
+    catch (error) {
+        console.error(`Error: ${error instanceof Error ? error.message : String(error)}`);
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=attest.js.map

package/cli/dist/commands/attest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"attest.js","sourceRoot":"","sources":["../../src/commands/attest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAEhD,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAKnC;IACC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;QAE3B,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,MAAM,CAAC;QAE1C,MAAM,cAAc,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC/C,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,OAAO;SACR,CAAC,CAAC;QAEH,IAAI,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC;YACvB,OAAO,CAAC,KAAK,CAAC,+BAA+B,cAAc,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,wBAAwB,cAAc,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,UAAU,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAClF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/cli/dist/commands/export.d.ts

@@ -0,0 +1,6 @@
+export declare function exportCommand(options: {
+    frameworkId?: string;
+    output?: string;
+    config?: string;
+}): Promise<void>;
+//# sourceMappingURL=export.d.ts.map

package/cli/dist/commands/export.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"export.d.ts","sourceRoot":"","sources":["../../src/commands/export.ts"],"names":[],"mappings":"AAIA,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAC3C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,OAAO,CAAC,IAAI,CAAC,CA4BhB"}

package/cli/dist/commands/export.js

@@ -0,0 +1,30 @@
+import { writeFileSync } from "fs";
+import { loadConfig } from "../config.js";
+import { compFn } from "@superfunctions/compfn";
+export async function exportCommand(options) {
+    try {
+        const config = await loadConfig(options.config);
+        const api = compFn(config);
+        const exportResult = await api.export.auditorPack({
+            frameworkId: options.frameworkId,
+        });
+        if (!exportResult.ok) {
+            console.error(`Error exporting auditor pack: ${exportResult.error.message}`);
+            process.exit(1);
+        }
+        const json = JSON.stringify(exportResult.result, null, 2);
+        if (options.output) {
+            writeFileSync(options.output, json, "utf-8");
+            console.log(`Auditor pack exported to ${options.output}`);
+        }
+        else {
+            console.log(json);
+        }
+        process.exit(0);
+    }
+    catch (error) {
+        console.error(`Error: ${error instanceof Error ? error.message : String(error)}`);
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=export.js.map

package/cli/dist/commands/export.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"export.js","sourceRoot":"","sources":["../../src/commands/export.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAEhD,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAInC;IACC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;QAE3B,MAAM,YAAY,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC;YAChD,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;YACrB,OAAO,CAAC,KAAK,CAAC,iCAAiC,YAAY,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAE1D,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,4BAA4B,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,UAAU,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAClF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/cli/dist/commands/init.d.ts

@@ -0,0 +1,4 @@
+export declare function initCommand(options: {
+    config?: string;
+}): Promise<void>;
+//# sourceMappingURL=init.d.ts.map

package/cli/dist/commands/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAGA,wBAAsB,WAAW,CAAC,OAAO,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAoB7E"}

package/cli/dist/commands/init.js

@@ -0,0 +1,22 @@
+import { loadConfig } from "../config.js";
+import { createSchemaIfSupported } from "@superfunctions/compfn";
+export async function initCommand(options) {
+    try {
+        const config = await loadConfig(options.config);
+        const result = await createSchemaIfSupported(config.database, {
+            namespace: config.namespace,
+        });
+        if (!result.success) {
+            console.error("Schema creation/migration failed:");
+            result.errors?.forEach((err) => console.error(`  - ${err}`));
+            process.exit(1);
+        }
+        console.log("CompFn initialized successfully.");
+        process.exit(0);
+    }
+    catch (error) {
+        console.error(`Error: ${error instanceof Error ? error.message : String(error)}`);
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=init.js.map

package/cli/dist/commands/init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAU,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAEzE,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,OAA4B;IAC5D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAEhD,MAAM,MAAM,GAAG,MAAM,uBAAuB,CAAC,MAAM,CAAC,QAAQ,EAAE;YAC5D,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;YACnD,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC;YAC7D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,UAAU,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAClF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/cli/dist/commands/run-checks.d.ts

@@ -0,0 +1,5 @@
+export declare function runChecksCommand(options: {
+    checkId?: string;
+    config?: string;
+}): Promise<void>;
+//# sourceMappingURL=run-checks.d.ts.map

package/cli/dist/commands/run-checks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"run-checks.d.ts","sourceRoot":"","sources":["../../src/commands/run-checks.ts"],"names":[],"mappings":"AAGA,wBAAsB,gBAAgB,CAAC,OAAO,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAoDpG"}

package/cli/dist/commands/run-checks.js

@@ -0,0 +1,53 @@
+import { loadConfig } from "../config.js";
+import { compFn } from "@superfunctions/compfn";
+export async function runChecksCommand(options) {
+    try {
+        const config = await loadConfig(options.config);
+        const api = compFn(config);
+        let checksToRun = [];
+        if (options.checkId) {
+            checksToRun = [options.checkId];
+        }
+        else {
+            const listResult = await api.checks.list();
+            if (!listResult.ok) {
+                console.error(`Error listing checks: ${listResult.error.message}`);
+                process.exit(1);
+            }
+            checksToRun = listResult.result.map((check) => check.id);
+        }
+        if (checksToRun.length === 0) {
+            console.log("No checks to run.");
+            process.exit(0);
+        }
+        let passCount = 0;
+        let failCount = 0;
+        let unknownCount = 0;
+        for (const checkId of checksToRun) {
+            const runResult = await api.checks.run(checkId);
+            if (!runResult.ok) {
+                console.error(`Error running check ${checkId}: ${runResult.error.message}`);
+                failCount++;
+                continue;
+            }
+            const outcome = runResult.result.outcome;
+            if (outcome === "pass") {
+                passCount++;
+            }
+            else if (outcome === "fail") {
+                failCount++;
+            }
+            else {
+                unknownCount++;
+            }
+        }
+        const total = checksToRun.length;
+        console.log(`Ran ${total} check${total !== 1 ? "s" : ""}: ${passCount} pass, ${failCount} fail${unknownCount > 0 ? `, ${unknownCount} unknown` : ""}`);
+        process.exit(0);
+    }
+    catch (error) {
+        console.error(`Error: ${error instanceof Error ? error.message : String(error)}`);
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=run-checks.js.map

package/cli/dist/commands/run-checks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"run-checks.js","sourceRoot":"","sources":["../../src/commands/run-checks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAEhD,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAA8C;IACnF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;QAE3B,IAAI,WAAW,GAAa,EAAE,CAAC;QAE/B,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,WAAW,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAC3C,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;gBACnB,OAAO,CAAC,KAAK,CAAC,yBAAyB,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;gBACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,YAAY,GAAG,CAAC,CAAC;QAErB,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAChD,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;gBAClB,OAAO,CAAC,KAAK,CAAC,uBAAuB,OAAO,KAAK,SAAS,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC5E,SAAS,EAAE,CAAC;gBACZ,SAAS;YACX,CAAC;YAED,MAAM,OAAO,GAAG,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC;YACzC,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;gBACvB,SAAS,EAAE,CAAC;YACd,CAAC;iBAAM,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;gBAC9B,SAAS,EAAE,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,YAAY,EAAE,CAAC;YACjB,CAAC;QACH,CAAC;QAED,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,SAAS,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,SAAS,UAAU,SAAS,QAAQ,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,YAAY,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACvJ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,UAAU,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAClF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/cli/dist/config.d.ts

@@ -0,0 +1,7 @@
+import type { Adapter } from "@superfunctions/db";
+import type { CompFnConfig } from "@superfunctions/compfn";
+export interface CliConfig extends Omit<CompFnConfig, 'database'> {
+    database: Adapter;
+}
+export declare function loadConfig(configPath?: string): Promise<CliConfig>;
+//# sourceMappingURL=config.d.ts.map

package/cli/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,WAAW,SAAU,SAAQ,IAAI,CAAC,YAAY,EAAE,UAAU,CAAC;IAC/D,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,wBAAsB,UAAU,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CA2BxE"}

package/cli/dist/config.js

@@ -0,0 +1,28 @@
+import { readFileSync } from "fs";
+import { resolve } from "path";
+export async function loadConfig(configPath) {
+    const path = configPath ?? process.env.COMPFN_CONFIG ?? "compfn.config.json";
+    const resolvedPath = resolve(path);
+    const content = readFileSync(resolvedPath, "utf-8");
+    const parsed = JSON.parse(content);
+    const databaseType = parsed.database?.type ?? "memory";
+    let database;
+    if (databaseType === "memory") {
+        const { memoryAdapter } = await import("@superfunctions/db/adapters");
+        database = memoryAdapter({});
+    }
+    else {
+        throw new Error(`Unsupported database type: ${databaseType}. Please implement adapter loading for ${databaseType}`);
+    }
+    return {
+        database,
+        namespace: parsed.namespace,
+        systemActorId: parsed.systemActorId,
+        readinessWindowDays: parsed.readinessWindowDays,
+        evidencePayloadMaxBytes: parsed.evidencePayloadMaxBytes,
+        retentionDays: parsed.retentionDays,
+        exportMaxBytes: parsed.exportMaxBytes,
+        adapters: parsed.adapters,
+    };
+}
+//# sourceMappingURL=config.js.map

package/cli/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAQ/B,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,UAAmB;IAClD,MAAM,IAAI,GAAG,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,oBAAoB,CAAC;IAC7E,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnC,MAAM,OAAO,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAEnC,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,EAAE,IAAI,IAAI,QAAQ,CAAC;IAEvD,IAAI,QAAiB,CAAC;IACtB,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,6BAA6B,CAAC,CAAC;QACtE,QAAQ,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;IAC/B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,8BAA8B,YAAY,0CAA0C,YAAY,EAAE,CAAC,CAAC;IACtH,CAAC;IAED,OAAO;QACL,QAAQ;QACR,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;QAC/C,uBAAuB,EAAE,MAAM,CAAC,uBAAuB;QACvD,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,QAAQ,EAAE,MAAM,CAAC,QAAQ;KAC1B,CAAC;AACJ,CAAC"}

package/cli/dist/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/cli/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/cli/dist/index.js

@@ -0,0 +1,39 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import { initCommand } from "./commands/init.js";
+import { runChecksCommand } from "./commands/run-checks.js";
+import { exportCommand } from "./commands/export.js";
+import { attestCommand } from "./commands/attest.js";
+const program = new Command();
+program
+    .name("compfn")
+    .description("CompFn CLI: compliance automation tool")
+    .version("0.1.0");
+program
+    .command("init")
+    .description("Initialize config and DB schema")
+    .option("-c, --config <path>", "Path to config file")
+    .action(initCommand);
+program
+    .command("run-checks")
+    .description("Run checks (all or one)")
+    .option("--check-id <id>", "Run a specific check by ID")
+    .option("-c, --config <path>", "Path to config file")
+    .action(runChecksCommand);
+program
+    .command("export")
+    .description("Export auditor pack")
+    .option("--framework-id <id>", "Framework ID to export")
+    .option("--output <path>", "Output file path (default: stdout)")
+    .option("-c, --config <path>", "Path to config file")
+    .action(exportCommand);
+program
+    .command("attest")
+    .description("Create manual attestation evidence")
+    .requiredOption("--control-id <id>", "Control ID")
+    .requiredOption("--actor-id <id>", "Actor ID")
+    .option("--outcome <pass|fail>", "Outcome (default: pass)")
+    .option("-c, --config <path>", "Path to config file")
+    .action(attestCommand);
+program.parse(process.argv);
+//# sourceMappingURL=index.js.map

package/cli/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAErD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,QAAQ,CAAC;KACd,WAAW,CAAC,wCAAwC,CAAC;KACrD,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,iCAAiC,CAAC;KAC9C,MAAM,CAAC,qBAAqB,EAAE,qBAAqB,CAAC;KACpD,MAAM,CAAC,WAAW,CAAC,CAAC;AAEvB,OAAO;KACJ,OAAO,CAAC,YAAY,CAAC;KACrB,WAAW,CAAC,yBAAyB,CAAC;KACtC,MAAM,CAAC,iBAAiB,EAAE,4BAA4B,CAAC;KACvD,MAAM,CAAC,qBAAqB,EAAE,qBAAqB,CAAC;KACpD,MAAM,CAAC,gBAAgB,CAAC,CAAC;AAE5B,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,qBAAqB,CAAC;KAClC,MAAM,CAAC,qBAAqB,EAAE,wBAAwB,CAAC;KACvD,MAAM,CAAC,iBAAiB,EAAE,oCAAoC,CAAC;KAC/D,MAAM,CAAC,qBAAqB,EAAE,qBAAqB,CAAC;KACpD,MAAM,CAAC,aAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,oCAAoC,CAAC;KACjD,cAAc,CAAC,mBAAmB,EAAE,YAAY,CAAC;KACjD,cAAc,CAAC,iBAAiB,EAAE,UAAU,CAAC;KAC7C,MAAM,CAAC,uBAAuB,EAAE,yBAAyB,CAAC;KAC1D,MAAM,CAAC,qBAAqB,EAAE,qBAAqB,CAAC;KACpD,MAAM,CAAC,aAAa,CAAC,CAAC;AAEzB,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC"}

package/dist/adapters/authfn.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Authfn evidence adapter: calls authfn (or mock client) for MFA/session/user info;
+ * returns AdapterEvidence with type "automated_authfn".
+ */
+import type { EvidenceAdapter } from "./types.js";
+/**
+ * Minimal authfn client interface for the adapter. Implementations may call real authfn
+ * APIs; tests can pass a mock that returns fixed data.
+ */
+export interface AuthfnClient {
+    getMfaStatus?(options?: {
+        method?: string;
+        customConfig?: Record<string, unknown>;
+    }): Promise<{
+        enforced: boolean;
+        summary?: string;
+    }>;
+    getSessionPolicy?(options?: {
+        method?: string;
+        customConfig?: Record<string, unknown>;
+    }): Promise<{
+        maxSessionAge?: number;
+        policy?: string;
+    }>;
+    getUserInfo?(options?: {
+        method?: string;
+        customConfig?: Record<string, unknown>;
+    }): Promise<{
+        count?: number;
+        mfaCoverage?: number;
+    }>;
+}
+export interface AuthfnAdapterConfig {
+    /** Authfn client (real or mock). Required for runCheck to produce evidence. */
+    client: AuthfnClient;
+}
+/**
+ * Authfn evidence adapter. runCheck() calls the configured client (e.g. getMfaStatus,
+ * getSessionPolicy based on input.method) and maps the result to AdapterEvidence
+ * with type "automated_authfn".
+ */
+export declare function createAuthfnAdapter(config: AuthfnAdapterConfig): EvidenceAdapter;
+//# sourceMappingURL=authfn.d.ts.map

package/dist/adapters/authfn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authfn.d.ts","sourceRoot":"","sources":["../../src/adapters/authfn.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAsC,MAAM,YAAY,CAAC;AAEtF;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,YAAY,CAAC,CAAC,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC;QAAE,QAAQ,EAAE,OAAO,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACvI,gBAAgB,CAAC,CAAC,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC;QAAE,aAAa,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/I,WAAW,CAAC,CAAC,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACxI;AAED,MAAM,WAAW,mBAAmB;IAClC,+EAA+E;IAC/E,MAAM,EAAE,YAAY,CAAC;CACtB;AAID;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,mBAAmB,GAAG,eAAe,CAwDhF"}

package/dist/adapters/authfn.js

@@ -0,0 +1,67 @@
+/**
+ * Authfn evidence adapter: calls authfn (or mock client) for MFA/session/user info;
+ * returns AdapterEvidence with type "automated_authfn".
+ */
+const ADAPTER_NAME = "authfn";
+/**
+ * Authfn evidence adapter. runCheck() calls the configured client (e.g. getMfaStatus,
+ * getSessionPolicy based on input.method) and maps the result to AdapterEvidence
+ * with type "automated_authfn".
+ */
+export function createAuthfnAdapter(config) {
+    const { client } = config;
+    return {
+        name: ADAPTER_NAME,
+        async runCheck(input) {
+            const method = input.method ?? "getMfaStatus";
+            const opts = { method: input.method, customConfig: input.customConfig };
+            try {
+                if (method === "getSessionPolicy" && client.getSessionPolicy) {
+                    const policy = await client.getSessionPolicy(opts);
+                    return {
+                        type: "automated_authfn",
+                        outcome: "unknown",
+                        timestamp: Date.now(),
+                        payload: { sessionPolicy: policy, method },
+                    };
+                }
+                if (method === "getUserInfo" && client.getUserInfo) {
+                    const info = await client.getUserInfo(opts);
+                    return {
+                        type: "automated_authfn",
+                        outcome: "unknown",
+                        timestamp: Date.now(),
+                        payload: { userInfo: info, method },
+                    };
+                }
+                // Default: getMfaStatus
+                if (client.getMfaStatus) {
+                    const mfaResult = await client.getMfaStatus(opts);
+                    const outcome = mfaResult.enforced === true ? "pass" : mfaResult.enforced === false ? "fail" : "unknown";
+                    return {
+                        type: "automated_authfn",
+                        outcome,
+                        timestamp: Date.now(),
+                        payload: { mfa: mfaResult, method },
+                    };
+                }
+                return {
+                    type: "automated_authfn",
+                    outcome: "unknown",
+                    timestamp: Date.now(),
+                    payload: { reason: "no client method available", method },
+                };
+            }
+            catch (err) {
+                const message = err instanceof Error ? err.message : String(err);
+                return {
+                    type: "automated_authfn",
+                    outcome: "fail",
+                    timestamp: Date.now(),
+                    payload: { error: message, method },
+                };
+            }
+        },
+    };
+}
+//# sourceMappingURL=authfn.js.map

package/dist/adapters/authfn.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authfn.js","sourceRoot":"","sources":["../../src/adapters/authfn.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAmBH,MAAM,YAAY,GAAG,QAAQ,CAAC;AAE9B;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAA2B;IAC7D,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAE1B,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,KAAK,CAAC,QAAQ,CAAC,KAAwB;YACrC,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,cAAc,CAAC;YAC9C,MAAM,IAAI,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,KAAK,CAAC,YAAY,EAAE,CAAC;YAExE,IAAI,CAAC;gBACH,IAAI,MAAM,KAAK,kBAAkB,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;oBAC7D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;oBACnD,OAAO;wBACL,IAAI,EAAE,kBAAkB;wBACxB,OAAO,EAAE,SAAS;wBAClB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;wBACrB,OAAO,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE;qBAC3C,CAAC;gBACJ,CAAC;gBACD,IAAI,MAAM,KAAK,aAAa,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;oBACnD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;oBAC5C,OAAO;wBACL,IAAI,EAAE,kBAAkB;wBACxB,OAAO,EAAE,SAAS;wBAClB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;wBACrB,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE;qBACpC,CAAC;gBACJ,CAAC;gBACD,wBAAwB;gBACxB,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;oBACxB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;oBAClD,MAAM,OAAO,GAAG,SAAS,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;oBACzG,OAAO;wBACL,IAAI,EAAE,kBAAkB;wBACxB,OAAO;wBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;wBACrB,OAAO,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE;qBACpC,CAAC;gBACJ,CAAC;gBACD,OAAO;oBACL,IAAI,EAAE,kBAAkB;oBACxB,OAAO,EAAE,SAAS;oBAClB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,OAAO,EAAE,EAAE,MAAM,EAAE,4BAA4B,EAAE,MAAM,EAAE;iBAC1D,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACjE,OAAO;oBACL,IAAI,EAAE,kBAAkB;oBACxB,OAAO,EAAE,MAAM;oBACf,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE;iBACpC,CAAC;YACJ,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/adapters/secfn.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Secfn evidence adapter: calls secfn (or mock client) for RBAC status, secret-scan
+ * summary, or security events; returns AdapterEvidence with type "automated_secfn".
+ */
+import type { EvidenceAdapter } from "./types.js";
+/**
+ * Minimal secfn client interface for the adapter. Implementations may call real secfn
+ * APIs; tests can pass a mock that returns fixed data.
+ */
+export interface SecfnClient {
+    getRbacStatus?(options?: {
+        method?: string;
+        customConfig?: Record<string, unknown>;
+    }): Promise<{
+        enabled: boolean;
+        summary?: string;
+    }>;
+    getSecretScanSummary?(options?: {
+        method?: string;
+        customConfig?: Record<string, unknown>;
+    }): Promise<{
+        lastScanAt?: number;
+        findings?: number;
+        status?: string;
+    }>;
+    getSecurityEvents?(options?: {
+        method?: string;
+        customConfig?: Record<string, unknown>;
+    }): Promise<{
+        count?: number;
+        recent?: unknown[];
+    }>;
+}
+export interface SecfnAdapterConfig {
+    /** Secfn client (real or mock). Required for runCheck to produce evidence. */
+    client: SecfnClient;
+}
+/**
+ * Secfn evidence adapter. runCheck() calls the configured client (e.g. getRbacStatus,
+ * getSecretScanSummary, or getSecurityEvents based on input.method) and maps the
+ * result to AdapterEvidence with type "automated_secfn".
+ */
+export declare function createSecfnAdapter(config: SecfnAdapterConfig): EvidenceAdapter;
+//# sourceMappingURL=secfn.d.ts.map

package/dist/adapters/secfn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secfn.d.ts","sourceRoot":"","sources":["../../src/adapters/secfn.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAsC,MAAM,YAAY,CAAC;AAEtF;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,aAAa,CAAC,CAAC,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACvI,oBAAoB,CAAC,CAAC,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACnK,iBAAiB,CAAC,CAAC,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAA;KAAE,CAAC,CAAC;CAC5I;AAED,MAAM,WAAW,kBAAkB;IACjC,8EAA8E;IAC9E,MAAM,EAAE,WAAW,CAAC;CACrB;AAID;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,kBAAkB,GAAG,eAAe,CAyD9E"}

package/dist/adapters/secfn.js

@@ -0,0 +1,68 @@
+/**
+ * Secfn evidence adapter: calls secfn (or mock client) for RBAC status, secret-scan
+ * summary, or security events; returns AdapterEvidence with type "automated_secfn".
+ */
+const ADAPTER_NAME = "secfn";
+/**
+ * Secfn evidence adapter. runCheck() calls the configured client (e.g. getRbacStatus,
+ * getSecretScanSummary, or getSecurityEvents based on input.method) and maps the
+ * result to AdapterEvidence with type "automated_secfn".
+ */
+export function createSecfnAdapter(config) {
+    const { client } = config;
+    return {
+        name: ADAPTER_NAME,
+        async runCheck(input) {
+            const method = input.method ?? "getRbacStatus";
+            const opts = { method: input.method, customConfig: input.customConfig };
+            try {
+                if (method === "getSecretScanSummary" && client.getSecretScanSummary) {
+                    const summary = await client.getSecretScanSummary(opts);
+                    const outcome = summary.findings === 0 ? "pass" : summary.findings != null && summary.findings > 0 ? "fail" : "unknown";
+                    return {
+                        type: "automated_secfn",
+                        outcome,
+                        timestamp: summary.lastScanAt ?? Date.now(),
+                        payload: { summary, method },
+                    };
+                }
+                if (method === "getSecurityEvents" && client.getSecurityEvents) {
+                    const events = await client.getSecurityEvents(opts);
+                    return {
+                        type: "automated_secfn",
+                        outcome: "unknown",
+                        timestamp: Date.now(),
+                        payload: { count: events.count, method },
+                    };
+                }
+                // Default: getRbacStatus
+                if (client.getRbacStatus) {
+                    const rbacResult = await client.getRbacStatus(opts);
+                    const outcome = rbacResult.enabled === true ? "pass" : rbacResult.enabled === false ? "fail" : "unknown";
+                    return {
+                        type: "automated_secfn",
+                        outcome,
+                        timestamp: Date.now(),
+                        payload: { rbac: rbacResult, method },
+                    };
+                }
+                return {
+                    type: "automated_secfn",
+                    outcome: "unknown",
+                    timestamp: Date.now(),
+                    payload: { reason: "no client method available", method },
+                };
+            }
+            catch (err) {
+                const message = err instanceof Error ? err.message : String(err);
+                return {
+                    type: "automated_secfn",
+                    outcome: "fail",
+                    timestamp: Date.now(),
+                    payload: { error: message, method },
+                };
+            }
+        },
+    };
+}
+//# sourceMappingURL=secfn.js.map

package/dist/adapters/secfn.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secfn.js","sourceRoot":"","sources":["../../src/adapters/secfn.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAmBH,MAAM,YAAY,GAAG,OAAO,CAAC;AAE7B;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAA0B;IAC3D,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAE1B,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,KAAK,CAAC,QAAQ,CAAC,KAAwB;YACrC,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,eAAe,CAAC;YAC/C,MAAM,IAAI,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,KAAK,CAAC,YAAY,EAAE,CAAC;YAExE,IAAI,CAAC;gBACH,IAAI,MAAM,KAAK,sBAAsB,IAAI,MAAM,CAAC,oBAAoB,EAAE,CAAC;oBACrE,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;oBACxD,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,IAAI,IAAI,IAAI,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;oBACxH,OAAO;wBACL,IAAI,EAAE,iBAAiB;wBACvB,OAAO;wBACP,SAAS,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,EAAE;wBAC3C,OAAO,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE;qBAC7B,CAAC;gBACJ,CAAC;gBACD,IAAI,MAAM,KAAK,mBAAmB,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;oBAC/D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;oBACpD,OAAO;wBACL,IAAI,EAAE,iBAAiB;wBACvB,OAAO,EAAE,SAAS;wBAClB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;wBACrB,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE;qBACzC,CAAC;gBACJ,CAAC;gBACD,yBAAyB;gBACzB,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;oBACzB,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;oBACpD,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;oBACzG,OAAO;wBACL,IAAI,EAAE,iBAAiB;wBACvB,OAAO;wBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;wBACrB,OAAO,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE;qBACtC,CAAC;gBACJ,CAAC;gBACD,OAAO;oBACL,IAAI,EAAE,iBAAiB;oBACvB,OAAO,EAAE,SAAS;oBAClB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,OAAO,EAAE,EAAE,MAAM,EAAE,4BAA4B,EAAE,MAAM,EAAE;iBAC1D,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACjE,OAAO;oBACL,IAAI,EAAE,iBAAiB;oBACvB,OAAO,EAAE,MAAM;oBACf,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE;iBACpC,CAAC;YACJ,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/adapters/types.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Evidence adapter contract: types and interface for pluggable evidence adapters.
+ * Adapters translate external systems (secfn, authfn, etc.) into AdapterEvidence
+ * which CompFn persists via evidence.create() when checks.run() is invoked.
+ */
+import type { EvidenceType } from "../evidence.js";
+/**
+ * Input passed to EvidenceAdapter.runCheck() when a check is run.
+ * checkId and controlId come from the CheckDefinition; method and customConfig
+ * are optional and may be used by the adapter to select behavior.
+ */
+export interface AdapterCheckInput {
+    checkId: string;
+    controlId: string;
+    /** From CheckDefinition.adapterMethod (e.g. "getRbacStatus", "getMfaStatus"). */
+    method?: string;
+    /** From CheckDefinition.customConfig. */
+    customConfig?: Record<string, unknown>;
+}
+/**
+ * Evidence-shaped result returned by an adapter. CompFn sets controlId, sourceId,
+ * and actorId when persisting; the adapter supplies type, outcome, and optional
+ * timestamp, payload, artifactRef, frameworkRequirementId.
+ */
+export interface AdapterEvidence {
+    type: EvidenceType;
+    outcome: "pass" | "fail" | "unknown";
+    timestamp?: number;
+    payload?: Record<string, unknown>;
+    artifactRef?: string;
+    frameworkRequirementId?: string;
+}
+/**
+ * Evidence adapter contract. Implementations must have:
+ * - name: string (e.g. "secfn", "authfn")
+ * - runCheck(input): Promise<AdapterEvidence>
+ *
+ * When a check with adapterName is run, config.adapters[adapterName] is looked up;
+ * if present, runCheck({ checkId, controlId, method, customConfig }) is called.
+ * The returned AdapterEvidence is persisted as one evidence record via evidence.create().
+ */
+export interface EvidenceAdapter {
+    name: string;
+    runCheck(input: AdapterCheckInput): Promise<AdapterEvidence>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/adapters/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/adapters/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnD;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,iFAAiF;IACjF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yCAAyC;IACzC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACxC;AAED;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,YAAY,CAAC;IACnB,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;CAC9D"}

package/dist/adapters/types.js

@@ -0,0 +1,7 @@
+/**
+ * Evidence adapter contract: types and interface for pluggable evidence adapters.
+ * Adapters translate external systems (secfn, authfn, etc.) into AdapterEvidence
+ * which CompFn persists via evidence.create() when checks.run() is invoked.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/adapters/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/adapters/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}