erosolar-cli 2.1.245 → 2.1.246

package/dist/core/unifiedFraudOrchestrator.js

@@ -2293,6 +2293,1019 @@ UnifiedFraudOrchestrator.prototype.getAttackChainReport = async function (chainI
     }
     return this.attackChainDetector.generateChainReport(chainId);
 };
+// ─────────────────────────────────────────────────────────────────────────────
+// GOOGLE GOVERNMENT & DEFENSE SYSTEMS
+// ─────────────────────────────────────────────────────────────────────────────
+export const GOOGLE_GOV_PRODUCTS = [
+    {
+        id: 'google-workspace-gov',
+        name: 'Google Workspace for Government',
+        vendor: 'google',
+        category: 'productivity',
+        description: 'Gmail, Drive, Docs, Meet, Calendar for government agencies. FedRAMP authorized cloud productivity suite.',
+        targetCustomers: ['federal', 'state_local'],
+        certifications: ['FedRAMP High', 'CJIS', 'ITAR', 'SOC 1/2/3', 'ISO 27001'],
+        dataResidency: ['US-only data centers', 'Assured Workloads regions'],
+        knownContracts: ['DOI', 'USDA', 'GSA', 'Various state governments'],
+        securityConcerns: [
+            'Google retains access to all data for "support"',
+            'AI/ML processing of government communications',
+            'Metadata collection even in "sovereign" mode',
+            'Key management controlled by Google',
+        ],
+        accessPoints: [
+            'Admin console access by Google support',
+            'Automated scanning for "security"',
+            'AI training on anonymized data',
+            'Vault/eDiscovery backdoor access',
+        ],
+        integrations: ['Google Cloud Platform', 'Chronicle SIEM', 'BeyondCorp', 'Mandiant'],
+    },
+    {
+        id: 'google-cloud-gov',
+        name: 'Google Cloud Platform for Government',
+        vendor: 'google',
+        category: 'cloud',
+        description: 'FedRAMP authorized cloud infrastructure including Compute, Storage, BigQuery, AI/ML services.',
+        targetCustomers: ['federal', 'dod', 'state_local', 'defense_contractors'],
+        certifications: ['FedRAMP High', 'FedRAMP Moderate', 'IL2', 'IL4', 'IL5', 'CJIS', 'ITAR'],
+        dataResidency: ['US regions', 'Assured Workloads', 'Sovereign Controls'],
+        knownContracts: ['JEDI follow-on work', 'VA', 'DOE National Labs'],
+        securityConcerns: [
+            'Shared infrastructure with commercial cloud',
+            'Google employee access to customer instances',
+            'AI services process sensitive data',
+            'Supply chain concerns with hardware',
+        ],
+        accessPoints: [
+            'Infrastructure-level access',
+            'Customer-managed encryption keys (CMEK) still Google-accessible',
+            'Logging and monitoring infrastructure',
+            'Break-glass emergency access',
+        ],
+        integrations: ['Anthos', 'GKE', 'BigQuery', 'Vertex AI', 'Chronicle'],
+    },
+    {
+        id: 'google-chronicle',
+        name: 'Chronicle Security Operations (Google SecOps)',
+        vendor: 'google',
+        category: 'security',
+        subcategory: 'SIEM/SOAR',
+        description: 'Cloud-native SIEM built on Google infrastructure. Ingests and analyzes security telemetry at scale.',
+        targetCustomers: ['federal', 'dod', 'ic', 'defense_contractors'],
+        certifications: ['FedRAMP High', 'SOC 2'],
+        dataResidency: ['US data centers'],
+        knownContracts: ['Multiple federal agencies'],
+        securityConcerns: [
+            'All security logs sent to Google infrastructure',
+            'Google can see all ingested security data',
+            'Detection rules and threat intel controlled by Google',
+            'Creates comprehensive visibility into customer security posture',
+        ],
+        accessPoints: [
+            'Full access to ingested security logs',
+            'Threat detection rule management',
+            'Incident response data',
+            'Network flow and endpoint telemetry',
+        ],
+        integrations: ['Mandiant', 'VirusTotal', 'Google Cloud', 'Third-party SIEM'],
+    },
+    {
+        id: 'google-mandiant',
+        name: 'Mandiant (Google Cloud Security)',
+        vendor: 'google',
+        category: 'security',
+        subcategory: 'Threat Intelligence & IR',
+        description: 'Threat intelligence, incident response, and security consulting. Acquired by Google 2022.',
+        targetCustomers: ['federal', 'dod', 'ic', 'defense_contractors', 'allied_nations'],
+        certifications: ['FedRAMP (via Google Cloud)', 'Various clearances for personnel'],
+        dataResidency: ['US-based operations', 'Global threat intel'],
+        knownContracts: ['DOD', 'DHS', 'FBI', 'Various IC agencies', 'NATO allies'],
+        securityConcerns: [
+            'Incident response gives access to breached networks',
+            'Threat intel includes sensitive attack data',
+            'Acquisition by Google centralizes security intelligence',
+            'Consultants may retain access post-engagement',
+        ],
+        accessPoints: [
+            'Incident response network access',
+            'Threat intelligence sharing',
+            'Adversary tracking data',
+            'Customer breach forensics',
+        ],
+        integrations: ['Chronicle', 'VirusTotal', 'Google Cloud', 'Siemplify'],
+    },
+    {
+        id: 'google-beyondcorp',
+        name: 'BeyondCorp Enterprise',
+        vendor: 'google',
+        category: 'security',
+        subcategory: 'Zero Trust',
+        description: 'Zero trust access solution. Mediates all access to applications and data.',
+        targetCustomers: ['federal', 'dod', 'defense_contractors'],
+        certifications: ['FedRAMP High'],
+        dataResidency: ['US'],
+        securityConcerns: [
+            'All access decisions routed through Google',
+            'Full visibility into who accesses what',
+            'Device posture data collected',
+            'Can deny access to any resource',
+        ],
+        accessPoints: [
+            'Access policy enforcement point',
+            'User authentication data',
+            'Device inventory and health',
+            'Application access logs',
+        ],
+        integrations: ['Google Workspace', 'Google Cloud', 'Chrome Enterprise', 'Endpoint Verification'],
+    },
+    {
+        id: 'google-distributed-cloud',
+        name: 'Google Distributed Cloud',
+        vendor: 'google',
+        category: 'infrastructure',
+        subcategory: 'Edge/On-prem',
+        description: 'Google Cloud services running on-premises or at edge locations. For air-gapped and tactical environments.',
+        targetCustomers: ['dod', 'ic', 'defense_contractors'],
+        certifications: ['IL5', 'IL6 (in progress)', 'Secret/TS environments'],
+        dataResidency: ['Customer premises', 'Tactical edge'],
+        knownContracts: ['DOD tactical edge', 'IC facilities'],
+        securityConcerns: [
+            'Google hardware in classified environments',
+            'Software updates from Google',
+            'Telemetry even in "air-gapped" mode',
+            'Hardware implant concerns',
+        ],
+        accessPoints: [
+            'Software update channel',
+            'Support access (even limited)',
+            'Hardware-level access potential',
+            'Licensing/activation systems',
+        ],
+        integrations: ['Anthos', 'GKE', 'AI/ML services'],
+    },
+    {
+        id: 'google-vertex-ai-gov',
+        name: 'Vertex AI for Government',
+        vendor: 'google',
+        category: 'ai_ml',
+        description: 'Machine learning platform for government. Includes generative AI, AutoML, and custom model training.',
+        targetCustomers: ['federal', 'dod', 'ic'],
+        certifications: ['FedRAMP High', 'IL4/IL5 (select services)'],
+        dataResidency: ['US Assured Workloads'],
+        securityConcerns: [
+            'Training data potentially used by Google',
+            'Model architectures visible to Google',
+            'AI safety concerns for defense applications',
+            'Inference data accessible',
+        ],
+        accessPoints: [
+            'Training data access',
+            'Model weights and architecture',
+            'Inference inputs/outputs',
+            'Usage analytics',
+        ],
+        integrations: ['BigQuery', 'Cloud Storage', 'Gemini', 'PaLM'],
+    },
+];
+export const GOOGLE_GOV_PROFILE = {
+    vendor: 'google',
+    govDivision: 'Google Public Sector',
+    annualGovRevenue: '$2B+ (estimated)',
+    fedRampStatus: ['FedRAMP High (multiple)', 'FedRAMP Moderate', 'IL2', 'IL4', 'IL5'],
+    primaryContracts: [
+        'DOD JEDI/JWCC participant',
+        'CBP border surveillance',
+        'VA healthcare',
+        'Various civilian agencies',
+    ],
+    products: GOOGLE_GOV_PRODUCTS,
+    dataAccessCapabilities: [
+        'Full infrastructure access to cloud-hosted data',
+        'AI/ML processing of all content',
+        'Security monitoring and logging',
+        'Incident response access',
+        'Administrative backdoors',
+    ],
+    knownBackdoors: [
+        'Vault/eDiscovery access bypasses user encryption',
+        'Admin console "support access"',
+        'Break-glass emergency procedures',
+        'Automated content scanning',
+    ],
+    lawEnforcementCooperation: 'Complies with legal process. Transparency reports show high compliance rate. FISA court orders not disclosed.',
+};
+// ─────────────────────────────────────────────────────────────────────────────
+// APPLE GOVERNMENT & DEFENSE SYSTEMS
+// ─────────────────────────────────────────────────────────────────────────────
+export const APPLE_GOV_PRODUCTS = [
+    {
+        id: 'apple-business-essentials',
+        name: 'Apple Business Essentials',
+        vendor: 'apple',
+        category: 'productivity',
+        description: 'Device management, storage, and support for businesses and government. Includes iCloud storage and MDM.',
+        targetCustomers: ['federal', 'state_local'],
+        certifications: ['FedRAMP (via partners)', 'SOC 2'],
+        dataResidency: ['US data centers', 'Limited options'],
+        securityConcerns: [
+            'iCloud data accessible by Apple',
+            'MDM profiles controlled centrally',
+            'Device telemetry collected',
+            'Limited true air-gap capability',
+        ],
+        accessPoints: [
+            'iCloud infrastructure access',
+            'MDM command and control',
+            'Device enrollment data',
+            'AppleCare support access',
+        ],
+        integrations: ['iCloud', 'Apple School Manager', 'Apple Business Manager'],
+    },
+    {
+        id: 'apple-managed-device-attestation',
+        name: 'Managed Device Attestation',
+        vendor: 'apple',
+        category: 'security',
+        subcategory: 'Device Security',
+        description: 'Cryptographic attestation that device is genuine Apple hardware with valid security state.',
+        targetCustomers: ['federal', 'dod', 'ic'],
+        certifications: ['FIPS 140-2 (Secure Enclave)', 'Common Criteria'],
+        dataResidency: ['Apple servers for attestation'],
+        securityConcerns: [
+            'Apple servers validate every device attestation',
+            'Apple knows which devices are in use by whom',
+            'Attestation can be revoked by Apple',
+            'Creates dependency on Apple infrastructure',
+        ],
+        accessPoints: [
+            'Device attestation traffic',
+            'Hardware identity database',
+            'Security state information',
+            'Enrollment status',
+        ],
+        integrations: ['MDM solutions', 'Apple Business Manager', 'Conditional access'],
+    },
+    {
+        id: 'apple-platform-security',
+        name: 'Apple Platform Security (T2/Apple Silicon)',
+        vendor: 'apple',
+        category: 'hardware',
+        description: 'Secure Enclave, hardware encryption, secure boot on Mac and iOS devices.',
+        targetCustomers: ['federal', 'dod', 'ic', 'defense_contractors'],
+        certifications: ['FIPS 140-2/140-3', 'Common Criteria', 'Various national certifications'],
+        dataResidency: ['On-device', 'Keys may escrow to iCloud'],
+        securityConcerns: [
+            'Apple controls Secure Enclave firmware',
+            'Recovery key escrow to Apple',
+            'Activation lock controlled by Apple',
+            'Software updates can modify security behavior',
+        ],
+        accessPoints: [
+            'Firmware update channel',
+            'Activation lock servers',
+            'Recovery key escrow',
+            'Device enrollment status',
+        ],
+        integrations: ['iCloud', 'MDM', 'Apple services'],
+    },
+    {
+        id: 'apple-imessage-gov',
+        name: 'iMessage/FaceTime for Government',
+        vendor: 'apple',
+        category: 'communications',
+        description: 'Encrypted messaging and video calls. Used by government personnel on Apple devices.',
+        targetCustomers: ['federal', 'state_local'],
+        certifications: ['None specific - consumer product'],
+        dataResidency: ['Primarily US', 'Metadata on Apple servers'],
+        securityConcerns: [
+            'Key distribution controlled by Apple IDS',
+            'No independent key verification',
+            'Metadata collected and retained',
+            'MITM possible via key substitution',
+            'iCloud backup defeats E2E encryption',
+        ],
+        accessPoints: [
+            'IDS key distribution servers',
+            'Key Transparency logs (Apple controlled)',
+            'Metadata collection',
+            'iCloud message backup',
+            'Push notification infrastructure',
+        ],
+        integrations: ['iCloud', 'Apple ID', 'CarPlay', 'HomePod'],
+    },
+    {
+        id: 'apple-maps-location',
+        name: 'Apple Maps / Location Services',
+        vendor: 'apple',
+        category: 'analytics',
+        subcategory: 'Geolocation',
+        description: 'Mapping and location services used by government apps and personnel.',
+        targetCustomers: ['federal', 'state_local', 'dod'],
+        certifications: ['None specific'],
+        dataResidency: ['Apple servers globally'],
+        securityConcerns: [
+            'Location history tracked',
+            'Significant Locations feature',
+            'Find My network creates mesh tracking',
+            'Government personnel movements visible to Apple',
+        ],
+        accessPoints: [
+            'Location Services API',
+            'Find My infrastructure',
+            'Significant Locations database',
+            'Maps search history',
+        ],
+        integrations: ['Siri', 'Find My', 'CarPlay', 'Weather'],
+    },
+    {
+        id: 'apple-mdm-abm',
+        name: 'Apple Business Manager / MDM',
+        vendor: 'apple',
+        category: 'identity',
+        subcategory: 'Device Management',
+        description: 'Centralized device enrollment and management for government Apple devices.',
+        targetCustomers: ['federal', 'state_local', 'dod'],
+        certifications: ['SOC 2', 'ISO 27001'],
+        dataResidency: ['Apple servers'],
+        securityConcerns: [
+            'Apple has visibility into all managed devices',
+            'Can push profiles and configurations',
+            'Device wipe capability',
+            'App distribution controlled',
+        ],
+        accessPoints: [
+            'Device enrollment data',
+            'Management command channel',
+            'App deployment',
+            'Configuration profiles',
+        ],
+        integrations: ['MDM vendors (Jamf, Kandji, etc.)', 'Apple School Manager', 'VPP'],
+    },
+];
+export const APPLE_GOV_PROFILE = {
+    vendor: 'apple',
+    govDivision: 'Apple Federal (via partners)',
+    annualGovRevenue: '$1B+ (hardware sales, estimated)',
+    fedRampStatus: ['No direct FedRAMP', 'Partners provide FedRAMP coverage'],
+    primaryContracts: [
+        'Device purchases across federal agencies',
+        'DOD iOS device procurement',
+        'State/local education and government',
+    ],
+    products: APPLE_GOV_PRODUCTS,
+    dataAccessCapabilities: [
+        'iCloud data access (even with ADP, metadata accessible)',
+        'Device attestation and enrollment data',
+        'IDS key distribution control',
+        'Location services data',
+        'Push notification content (briefly)',
+    ],
+    knownBackdoors: [
+        'IDS key substitution capability',
+        'iCloud backup decryption (without ADP)',
+        'Activation Lock control',
+        'MDM remote wipe',
+        'Recovery key escrow',
+    ],
+    lawEnforcementCooperation: 'Historically resisted FBI demands (San Bernardino). Complies with valid legal process. ADP makes iCloud data inaccessible but metadata still available.',
+};
+// ─────────────────────────────────────────────────────────────────────────────
+// MICROSOFT GOVERNMENT & DEFENSE SYSTEMS
+// ─────────────────────────────────────────────────────────────────────────────
+export const MICROSOFT_GOV_PRODUCTS = [
+    {
+        id: 'microsoft-365-gcc',
+        name: 'Microsoft 365 Government (GCC/GCC-High)',
+        vendor: 'microsoft',
+        category: 'productivity',
+        description: 'Office 365, Teams, SharePoint, Exchange for government. GCC-High for DoD and sensitive workloads.',
+        targetCustomers: ['federal', 'dod', 'ic', 'state_local', 'defense_contractors'],
+        certifications: ['FedRAMP High', 'DFARS', 'ITAR', 'CJIS', 'IRS 1075', 'IL2', 'IL4', 'IL5'],
+        dataResidency: ['US-only sovereign cloud', 'GCC-High isolated infrastructure'],
+        knownContracts: ['JEDI (terminated)', 'JWCC', 'DOD enterprise', 'Most federal agencies'],
+        securityConcerns: [
+            'Microsoft retains admin access',
+            'Telemetry collection even in GCC-High',
+            'AI/Copilot processing of content',
+            'Key escrow capabilities',
+            'Partner ecosystem access',
+        ],
+        accessPoints: [
+            'Exchange Online admin access',
+            'SharePoint backend access',
+            'Teams message inspection',
+            'eDiscovery and Legal Hold',
+            'Customer Lockbox (still MS access)',
+        ],
+        integrations: ['Azure Government', 'Defender', 'Sentinel', 'Intune', 'Entra ID'],
+    },
+    {
+        id: 'azure-government',
+        name: 'Azure Government',
+        vendor: 'microsoft',
+        category: 'cloud',
+        description: 'Isolated government cloud with FedRAMP High and DoD IL authorizations. Separate from commercial Azure.',
+        targetCustomers: ['federal', 'dod', 'ic', 'state_local', 'defense_contractors'],
+        certifications: ['FedRAMP High', 'IL2', 'IL4', 'IL5', 'IL6', 'CJIS', 'ITAR', 'IRS 1075'],
+        dataResidency: ['US Government regions only', 'Air-gapped options (Azure Government Secret/Top Secret)'],
+        knownContracts: ['JWCC', 'DOD enterprise', 'VA', 'DHS', 'Treasury'],
+        securityConcerns: [
+            'Still connected to Microsoft corporate',
+            'Software supply chain from commercial',
+            'Microsoft employee access with clearance',
+            'Shared codebase with commercial Azure',
+        ],
+        accessPoints: [
+            'Infrastructure-level access',
+            'Support access with clearance',
+            'Monitoring and diagnostics',
+            'Update and patch channels',
+        ],
+        integrations: ['M365 GCC-High', 'Defender for Cloud', 'Sentinel', 'Key Vault'],
+    },
+    {
+        id: 'azure-gov-secret',
+        name: 'Azure Government Secret / Top Secret',
+        vendor: 'microsoft',
+        category: 'cloud',
+        subcategory: 'Classified',
+        description: 'Air-gapped Azure for classified workloads. Secret and Top Secret enclaves.',
+        targetCustomers: ['dod', 'ic'],
+        certifications: ['IL6', 'SECRET', 'TOP SECRET/SCI'],
+        dataResidency: ['Classified US facilities', 'Air-gapped'],
+        knownContracts: ['IC agencies', 'DOD classified programs'],
+        securityConcerns: [
+            'Microsoft personnel with TS/SCI clearance',
+            'Hardware from Microsoft supply chain',
+            'Software updates through controlled channels',
+            'Potential for supply chain compromise',
+        ],
+        accessPoints: [
+            'Cleared Microsoft personnel',
+            'Software update channel',
+            'Hardware maintenance',
+            'Limited remote diagnostics',
+        ],
+        integrations: ['Classified Microsoft services', 'Partner solutions'],
+    },
+    {
+        id: 'microsoft-defender-gov',
+        name: 'Microsoft Defender for Government',
+        vendor: 'microsoft',
+        category: 'security',
+        subcategory: 'XDR/EDR',
+        description: 'Endpoint detection and response, threat protection for government. Part of M365 security stack.',
+        targetCustomers: ['federal', 'dod', 'state_local', 'defense_contractors'],
+        certifications: ['FedRAMP High', 'IL4', 'IL5'],
+        dataResidency: ['US Government cloud'],
+        securityConcerns: [
+            'All endpoint telemetry sent to Microsoft',
+            'Threat detection rules controlled by Microsoft',
+            'Response actions controllable by Microsoft',
+            'Creates complete visibility into government endpoints',
+        ],
+        accessPoints: [
+            'Endpoint telemetry collection',
+            'Threat detection and response',
+            'Security posture data',
+            'Incident investigation access',
+        ],
+        integrations: ['Microsoft 365', 'Sentinel', 'Intune', 'Entra ID'],
+    },
+    {
+        id: 'microsoft-sentinel-gov',
+        name: 'Microsoft Sentinel for Government',
+        vendor: 'microsoft',
+        category: 'security',
+        subcategory: 'SIEM/SOAR',
+        description: 'Cloud-native SIEM/SOAR on Azure Government. Ingests security logs from across the enterprise.',
+        targetCustomers: ['federal', 'dod', 'ic', 'defense_contractors'],
+        certifications: ['FedRAMP High', 'IL4', 'IL5'],
+        dataResidency: ['Azure Government'],
+        knownContracts: ['CISA', 'DOD components', 'Civilian agencies'],
+        securityConcerns: [
+            'All security logs visible to Microsoft',
+            'AI/ML analysis of security data',
+            'Detection rules from Microsoft',
+            'Integration with commercial threat intel',
+        ],
+        accessPoints: [
+            'Security log ingestion',
+            'Threat detection analytics',
+            'Incident response data',
+            'Automation playbooks',
+        ],
+        integrations: ['Defender', 'M365', 'Azure Arc', 'Third-party connectors'],
+    },
+    {
+        id: 'microsoft-intune-gov',
+        name: 'Microsoft Intune for Government',
+        vendor: 'microsoft',
+        category: 'identity',
+        subcategory: 'Device Management',
+        description: 'Mobile device and endpoint management for government. Controls policy and app deployment.',
+        targetCustomers: ['federal', 'dod', 'state_local'],
+        certifications: ['FedRAMP High', 'IL4', 'IL5'],
+        dataResidency: ['US Government cloud'],
+        securityConcerns: [
+            'Microsoft controls device policy enforcement',
+            'Can push apps and configurations',
+            'Device wipe capability',
+            'Telemetry collection',
+        ],
+        accessPoints: [
+            'Device enrollment and inventory',
+            'Policy deployment',
+            'App distribution',
+            'Compliance data',
+        ],
+        integrations: ['Entra ID', 'Defender', 'Autopilot', 'Configuration Manager'],
+    },
+    {
+        id: 'microsoft-teams-gov',
+        name: 'Microsoft Teams for Government',
+        vendor: 'microsoft',
+        category: 'communications',
+        description: 'Collaboration and communications platform for government. Chat, meetings, calls, and file sharing.',
+        targetCustomers: ['federal', 'dod', 'state_local', 'defense_contractors'],
+        certifications: ['FedRAMP High', 'IL4', 'IL5', 'CJIS'],
+        dataResidency: ['US Government cloud'],
+        securityConcerns: [
+            'All communications visible to Microsoft',
+            'Meeting recordings stored in Microsoft cloud',
+            'Transcription and AI processing',
+            'eDiscovery access to all content',
+        ],
+        accessPoints: [
+            'Message content and metadata',
+            'Meeting recordings and transcripts',
+            'File sharing and collaboration',
+            'Presence and activity data',
+        ],
+        integrations: ['SharePoint', 'OneDrive', 'Outlook', 'Power Platform'],
+    },
+    {
+        id: 'microsoft-copilot-gov',
+        name: 'Microsoft Copilot for Government (Preview)',
+        vendor: 'microsoft',
+        category: 'ai_ml',
+        description: 'AI assistant integrated into M365 Government. Processes documents, emails, meetings.',
+        targetCustomers: ['federal', 'state_local'],
+        certifications: ['FedRAMP (in progress)', 'GCC availability'],
+        dataResidency: ['US - processing location TBD'],
+        securityConcerns: [
+            'AI processes all user content',
+            'Training on government data (even if anonymized)',
+            'Prompt injection vulnerabilities',
+            'Data leakage through AI responses',
+        ],
+        accessPoints: [
+            'Full access to user content for AI processing',
+            'Meeting transcriptions',
+            'Document analysis',
+            'Email content',
+        ],
+        integrations: ['M365 suite', 'Azure OpenAI', 'Graph API'],
+    },
+];
+export const MICROSOFT_GOV_PROFILE = {
+    vendor: 'microsoft',
+    govDivision: 'Microsoft Federal',
+    annualGovRevenue: '$20B+ (estimated, largest gov IT vendor)',
+    fedRampStatus: ['FedRAMP High (many services)', 'IL2-IL6', 'SECRET', 'TOP SECRET'],
+    primaryContracts: [
+        'JWCC (multi-billion)',
+        'DOD Enterprise agreements',
+        'VA healthcare',
+        'Most federal agencies',
+        'State/local enterprise',
+    ],
+    products: MICROSOFT_GOV_PRODUCTS,
+    dataAccessCapabilities: [
+        'Administrative access to all cloud services',
+        'eDiscovery and Legal Hold across M365',
+        'Endpoint telemetry via Defender',
+        'Security logs via Sentinel',
+        'AI processing of all content via Copilot',
+    ],
+    knownBackdoors: [
+        'Customer Lockbox (still allows access)',
+        'eDiscovery admin access',
+        'Defender response actions',
+        'Intune device wipe',
+        'Global admin account recovery',
+    ],
+    lawEnforcementCooperation: 'Complies with legal process. Transparency reports published. CLOUD Act agreements with allies. Known cooperation with national security requests.',
+};
+// ─────────────────────────────────────────────────────────────────────────────
+// AMAZON GOVERNMENT & DEFENSE SYSTEMS
+// ─────────────────────────────────────────────────────────────────────────────
+export const AMAZON_GOV_PRODUCTS = [
+    {
+        id: 'aws-govcloud',
+        name: 'AWS GovCloud (US)',
+        vendor: 'amazon',
+        category: 'cloud',
+        description: 'Isolated AWS regions for government workloads. FedRAMP High and DoD authorizations.',
+        targetCustomers: ['federal', 'dod', 'ic', 'state_local', 'defense_contractors'],
+        certifications: ['FedRAMP High', 'IL2', 'IL4', 'IL5', 'CJIS', 'ITAR', 'IRS 1075'],
+        dataResidency: ['US-only regions', 'Isolated from commercial AWS'],
+        knownContracts: ['CIA $600M (historic)', 'JWCC', 'NSA', 'DOD components'],
+        securityConcerns: [
+            'AWS employees with clearances have access',
+            'Shared codebase with commercial AWS',
+            'Software supply chain from commercial',
+            'Hardware from AWS supply chain',
+        ],
+        accessPoints: [
+            'Infrastructure-level access',
+            'Support access with clearance',
+            'Monitoring and CloudWatch',
+            'Service control plane',
+        ],
+        integrations: ['All AWS services (subset)', 'AWS Marketplace', 'Partner solutions'],
+    },
+    {
+        id: 'aws-secret-region',
+        name: 'AWS Secret Region',
+        vendor: 'amazon',
+        category: 'cloud',
+        subcategory: 'Classified',
+        description: 'Air-gapped AWS for SECRET classified workloads. Operated for IC community.',
+        targetCustomers: ['ic', 'dod'],
+        certifications: ['SECRET', 'ICD 503'],
+        dataResidency: ['Classified US facilities'],
+        knownContracts: ['CIA', 'IC agencies'],
+        securityConcerns: [
+            'AWS cleared personnel',
+            'Hardware in classified facilities',
+            'Limited oversight of operations',
+            'Supply chain for classified infrastructure',
+        ],
+        accessPoints: [
+            'Cleared AWS employees',
+            'Controlled software updates',
+            'Hardware maintenance',
+            'Limited diagnostics',
+        ],
+        integrations: ['IC-specific services', 'C2S'],
+    },
+    {
+        id: 'aws-c2s',
+        name: 'AWS Commercial Cloud Services (C2S)',
+        vendor: 'amazon',
+        category: 'cloud',
+        subcategory: 'Classified',
+        description: 'Top Secret cloud for IC. $600M+ contract with CIA, now expanded.',
+        targetCustomers: ['ic'],
+        certifications: ['TOP SECRET/SCI', 'ICD 503'],
+        dataResidency: ['TS/SCI facilities'],
+        knownContracts: ['CIA (original $600M)', 'Expanded IC community'],
+        securityConcerns: [
+            'Most sensitive government data on commercial vendor infrastructure',
+            'AWS personnel with TS/SCI',
+            'Concentration of IC data',
+            'Single vendor risk',
+        ],
+        accessPoints: [
+            'Cleared AWS personnel',
+            'Infrastructure operations',
+            'Software and hardware supply chain',
+        ],
+        integrations: ['IC-specific tools', 'AWS services subset'],
+    },
+    {
+        id: 'amazon-rekognition-gov',
+        name: 'Amazon Rekognition for Government',
+        vendor: 'amazon',
+        category: 'ai_ml',
+        subcategory: 'Computer Vision',
+        description: 'Facial recognition and image analysis. Used by law enforcement and government.',
+        targetCustomers: ['federal', 'state_local', 'dod'],
+        certifications: ['FedRAMP (via GovCloud)'],
+        dataResidency: ['US GovCloud'],
+        knownContracts: ['ICE (controversial)', 'Law enforcement agencies', 'DOD programs'],
+        securityConcerns: [
+            'Facial recognition accuracy concerns',
+            'Bias in AI models',
+            'Mass surveillance capability',
+            'Data retention and sharing',
+        ],
+        accessPoints: [
+            'Image and video processing',
+            'Facial recognition database',
+            'Analysis results',
+            'Model training data',
+        ],
+        integrations: ['S3', 'Lambda', 'Kinesis Video Streams'],
+    },
+    {
+        id: 'amazon-ring-gov',
+        name: 'Ring (Amazon) Law Enforcement Partnerships',
+        vendor: 'amazon',
+        category: 'security',
+        subcategory: 'Surveillance',
+        description: 'Doorbell cameras and neighborhood surveillance. Partnerships with 2000+ police departments.',
+        targetCustomers: ['state_local'],
+        certifications: ['None specific'],
+        dataResidency: ['AWS US'],
+        knownContracts: ['2000+ police department partnerships'],
+        securityConcerns: [
+            'Mass neighborhood surveillance network',
+            'Police can request footage without warrant',
+            'Neighbors app creates tip network',
+            'Facial recognition integration',
+        ],
+        accessPoints: [
+            'Video footage access',
+            'Location data',
+            'Audio recordings',
+            'Request portal for law enforcement',
+        ],
+        integrations: ['Alexa', 'AWS', 'Neighbors app'],
+    },
+    {
+        id: 'aws-nitro-enclaves',
+        name: 'AWS Nitro Enclaves',
+        vendor: 'amazon',
+        category: 'security',
+        subcategory: 'Confidential Computing',
+        description: 'Isolated compute environments for processing sensitive data.',
+        targetCustomers: ['federal', 'dod', 'defense_contractors'],
+        certifications: ['FedRAMP (via GovCloud)'],
+        dataResidency: ['US GovCloud'],
+        securityConcerns: [
+            'AWS controls Nitro hypervisor',
+            'Side-channel attack potential',
+            'Key management complexity',
+            'Limited third-party attestation',
+        ],
+        accessPoints: [
+            'Hypervisor-level access',
+            'Attestation infrastructure',
+            'Enclave management',
+        ],
+        integrations: ['EC2', 'KMS', 'ACM'],
+    },
+    {
+        id: 'aws-workspaces-gov',
+        name: 'Amazon WorkSpaces for Government',
+        vendor: 'amazon',
+        category: 'infrastructure',
+        subcategory: 'VDI',
+        description: 'Virtual desktops in the cloud. Provides access to government applications.',
+        targetCustomers: ['federal', 'dod', 'state_local'],
+        certifications: ['FedRAMP High', 'IL4', 'IL5'],
+        dataResidency: ['US GovCloud'],
+        securityConcerns: [
+            'All desktop activity on AWS infrastructure',
+            'Session recording capability',
+            'Clipboard and file transfer monitoring',
+            'AWS admin access to desktops',
+        ],
+        accessPoints: [
+            'Desktop session data',
+            'User activity',
+            'File access',
+            'Application usage',
+        ],
+        integrations: ['Active Directory', 'WorkDocs', 'AppStream'],
+    },
+];
+export const AMAZON_GOV_PROFILE = {
+    vendor: 'amazon',
+    govDivision: 'AWS Public Sector / Amazon Web Services Government',
+    annualGovRevenue: '$10B+ (estimated)',
+    fedRampStatus: ['FedRAMP High', 'IL2-IL5', 'SECRET', 'TOP SECRET/SCI'],
+    primaryContracts: [
+        'CIA C2S ($600M+)',
+        'JWCC participant',
+        'NSA',
+        'DOD components',
+        'Most federal agencies',
+    ],
+    products: AMAZON_GOV_PRODUCTS,
+    dataAccessCapabilities: [
+        'Infrastructure-level access to all workloads',
+        'CloudWatch and logging access',
+        'Support access with clearances',
+        'Rekognition facial data',
+        'Ring video network',
+    ],
+    knownBackdoors: [
+        'AWS support access',
+        'CloudWatch log access',
+        'S3 bucket policy override (with warrant)',
+        'Ring law enforcement portal',
+        'Rekognition database',
+    ],
+    lawEnforcementCooperation: 'Complies with legal process. Ring partnerships with 2000+ police departments. Transparency reports published.',
+};
+// ─────────────────────────────────────────────────────────────────────────────
+// META GOVERNMENT & DEFENSE SYSTEMS
+// ─────────────────────────────────────────────────────────────────────────────
+export const META_GOV_PRODUCTS = [
+    {
+        id: 'meta-workplace-gov',
+        name: 'Workplace from Meta for Government',
+        vendor: 'meta',
+        category: 'productivity',
+        description: 'Enterprise collaboration platform. Chat, video, and intranet for organizations.',
+        targetCustomers: ['federal', 'state_local'],
+        certifications: ['FedRAMP (limited)', 'SOC 2'],
+        dataResidency: ['US data centers'],
+        securityConcerns: [
+            'All communications on Meta infrastructure',
+            'AI processing of content',
+            'Integration with consumer Facebook',
+            'Limited government-specific isolation',
+        ],
+        accessPoints: [
+            'Chat and messaging content',
+            'Video call data',
+            'File sharing',
+            'Employee directory',
+        ],
+        integrations: ['Microsoft 365', 'Google Workspace', 'ServiceNow'],
+    },
+    {
+        id: 'meta-llama-gov',
+        name: 'Llama AI Models for Government',
+        vendor: 'meta',
+        category: 'ai_ml',
+        description: 'Open-source LLM available for government use. Various sizes from 7B to 70B+ parameters.',
+        targetCustomers: ['federal', 'dod', 'defense_contractors'],
+        certifications: ['None - open source', 'Self-hosted options'],
+        dataResidency: ['Self-hosted capability'],
+        securityConcerns: [
+            'Model weights from Meta',
+            'Unknown training data composition',
+            'Fine-tuning may leak data',
+            'Dual-use concerns for adversaries',
+        ],
+        accessPoints: [
+            'Model weights download',
+            'Usage telemetry (if using Meta cloud)',
+            'Research access program data',
+        ],
+        integrations: ['Various ML frameworks', 'Cloud platforms'],
+    },
+    {
+        id: 'meta-whatsapp-gov',
+        name: 'WhatsApp for Government Use',
+        vendor: 'meta',
+        category: 'communications',
+        description: 'Not officially supported, but used by many government personnel worldwide.',
+        targetCustomers: ['allied_nations', 'state_local'],
+        certifications: ['None - consumer product'],
+        dataResidency: ['Meta global infrastructure'],
+        securityConcerns: [
+            'Metadata collection by Meta',
+            'Device backup defeats E2E encryption',
+            'Key distribution controlled by Meta',
+            'Business API allows message inspection',
+        ],
+        accessPoints: [
+            'Metadata and contact lists',
+            'Backup encryption keys',
+            'Business API access',
+            'Device registration data',
+        ],
+        integrations: ['Facebook', 'Instagram', 'Meta Business Suite'],
+    },
+    {
+        id: 'meta-oculus-gov',
+        name: 'Meta Quest for Enterprise/Government',
+        vendor: 'meta',
+        category: 'hardware',
+        subcategory: 'VR/AR',
+        description: 'VR headsets for training and simulation. Used by military for training programs.',
+        targetCustomers: ['dod', 'federal'],
+        certifications: ['Limited government certifications'],
+        dataResidency: ['Meta servers'],
+        knownContracts: ['Military training programs', 'VA therapy'],
+        securityConcerns: [
+            'Extensive sensor data collection',
+            'Biometric data (eye tracking, movement)',
+            'Room mapping and environment capture',
+            'Required Meta/Facebook account (historically)',
+        ],
+        accessPoints: [
+            'VR session telemetry',
+            'Biometric data',
+            'Environment mapping',
+            'User behavior analytics',
+        ],
+        integrations: ['Meta Horizon', 'Unity', 'Unreal Engine'],
+    },
+];
+export const META_GOV_PROFILE = {
+    vendor: 'meta',
+    govDivision: 'Meta for Business / Public Sector',
+    annualGovRevenue: '<$500M (estimated, smaller gov footprint)',
+    fedRampStatus: ['Limited FedRAMP (Workplace only)'],
+    primaryContracts: [
+        'Workplace deployments',
+        'VR training programs',
+        'Research partnerships',
+    ],
+    products: META_GOV_PRODUCTS,
+    dataAccessCapabilities: [
+        'Workplace communications access',
+        'WhatsApp metadata',
+        'VR biometric and sensor data',
+        'Llama usage data (if cloud)',
+    ],
+    knownBackdoors: [
+        'Workplace admin access',
+        'WhatsApp backup access',
+        'Business API message access',
+        'Quest telemetry',
+    ],
+    lawEnforcementCooperation: 'Complies with legal process. Large volume of law enforcement requests. Transparency reports published. Signal protocol messaging limits access to content.',
+};
+// ─────────────────────────────────────────────────────────────────────────────
+// COMPLETE VENDOR REGISTRY
+// ─────────────────────────────────────────────────────────────────────────────
+export const GOV_DEFENSE_VENDOR_REGISTRY = [
+    GOOGLE_GOV_PROFILE,
+    APPLE_GOV_PROFILE,
+    MICROSOFT_GOV_PROFILE,
+    AMAZON_GOV_PROFILE,
+    META_GOV_PROFILE,
+];
+export const ALL_GOV_DEFENSE_PRODUCTS = [
+    ...GOOGLE_GOV_PRODUCTS,
+    ...APPLE_GOV_PRODUCTS,
+    ...MICROSOFT_GOV_PRODUCTS,
+    ...AMAZON_GOV_PRODUCTS,
+    ...META_GOV_PRODUCTS,
+];
+/**
+ * Get all government products for a specific vendor.
+ */
+export function getGovProductsByVendor(vendor) {
+    return ALL_GOV_DEFENSE_PRODUCTS.filter(p => p.vendor === vendor);
+}
+/**
+ * Get government vendor profile.
+ */
+export function getGovVendorProfile(vendor) {
+    return GOV_DEFENSE_VENDOR_REGISTRY.find(p => p.vendor === vendor);
+}
+/**
+ * Get all products matching a category.
+ */
+export function getGovProductsByCategory(category) {
+    return ALL_GOV_DEFENSE_PRODUCTS.filter(p => p.category === category);
+}
+/**
+ * Get all products with specific certification.
+ */
+export function getGovProductsByCertification(certification) {
+    return ALL_GOV_DEFENSE_PRODUCTS.filter(p => p.certifications.some(c => c.toLowerCase().includes(certification.toLowerCase())));
+}
+/**
+ * Get all products targeting specific customer type.
+ */
+export function getGovProductsByCustomerType(customerType) {
+    return ALL_GOV_DEFENSE_PRODUCTS.filter(p => p.targetCustomers.includes(customerType));
+}
+/**
+ * Get security concerns summary across all vendors.
+ */
+export function getSecurityConcernsSummary() {
+    const summary = {};
+    for (const product of ALL_GOV_DEFENSE_PRODUCTS) {
+        if (!summary[product.vendor]) {
+            summary[product.vendor] = [];
+        }
+        for (const concern of product.securityConcerns) {
+            if (!summary[product.vendor].includes(concern)) {
+                summary[product.vendor].push(concern);
+            }
+        }
+    }
+    return summary;
+}
+/**
+ * Get access points summary - how vendors can access government data.
+ */
+export function getAccessPointsSummary() {
+    const summary = {};
+    for (const product of ALL_GOV_DEFENSE_PRODUCTS) {
+        if (!summary[product.vendor]) {
+            summary[product.vendor] = [];
+        }
+        for (const access of product.accessPoints) {
+            if (!summary[product.vendor].includes(access)) {
+                summary[product.vendor].push(access);
+            }
+        }
+    }
+    return summary;
+}
 // ═══════════════════════════════════════════════════════════════════════════════
 // EXPORTS (note: GOOGLE_GMAIL_CLAIMS and GOOGLE_CHROME_CLAIMS are already exported inline)
 // ═══════════════════════════════════════════════════════════════════════════════