npm - monora-ai - Versions diffs - 2.0.0 → 2.1.3 - Mend

monora-ai 2.0.0 → 2.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (202) hide show

package/README.md +441 -150
package/dist/aims_governance.d.ts +238 -0
package/dist/aims_governance.d.ts.map +1 -0
package/dist/aims_governance.js +922 -0
package/dist/alerts.d.ts +16 -0
package/dist/alerts.d.ts.map +1 -1
package/dist/alerts.js +16 -0
package/dist/api.d.ts +6 -0
package/dist/api.d.ts.map +1 -1
package/dist/api.js +6 -0
package/dist/assessment.d.ts +269 -0
package/dist/assessment.d.ts.map +1 -0
package/dist/assessment.js +1232 -0
package/dist/attestation.js +23 -1
package/dist/attribution.d.ts +349 -0
package/dist/attribution.d.ts.map +1 -0
package/dist/attribution.js +987 -0
package/dist/autodetect.d.ts +69 -1
package/dist/autodetect.d.ts.map +1 -1
package/dist/autodetect.js +644 -1
package/dist/bias.d.ts +130 -0
package/dist/bias.d.ts.map +1 -0
package/dist/bias.js +223 -0
package/dist/circuit_breaker.js +3 -3
package/dist/cli/diagnostics.d.ts +5 -1
package/dist/cli/diagnostics.d.ts.map +1 -1
package/dist/cli/diagnostics.js +31 -8
package/dist/cli/doctor.d.ts +25 -0
package/dist/cli/doctor.d.ts.map +1 -0
package/dist/cli/doctor.js +381 -0
package/dist/cli/fix.d.ts +16 -0
package/dist/cli/fix.d.ts.map +1 -0
package/dist/cli/fix.js +284 -0
package/dist/cli/init.d.ts +57 -0
package/dist/cli/init.d.ts.map +1 -0
package/dist/cli/init.js +205 -0
package/dist/cli.js +1611 -126
package/dist/complianceTargets.d.ts +111 -0
package/dist/complianceTargets.d.ts.map +1 -0
package/dist/complianceTargets.js +521 -0
package/dist/config.d.ts +301 -17
package/dist/config.d.ts.map +1 -1
package/dist/config.js +428 -36
package/dist/config_migrations.d.ts +41 -0
package/dist/config_migrations.d.ts.map +1 -1
package/dist/config_migrations.js +205 -0
package/dist/config_schema.d.ts +2900 -731
package/dist/config_schema.d.ts.map +1 -1
package/dist/config_schema.js +257 -55
package/dist/context.d.ts +34 -0
package/dist/context.d.ts.map +1 -1
package/dist/context.js +118 -7
package/dist/control_backbone.d.ts +122 -0
package/dist/control_backbone.d.ts.map +1 -0
package/dist/control_backbone.js +698 -0
package/dist/data-governance.d.ts +187 -0
package/dist/data-governance.d.ts.map +1 -0
package/dist/data-governance.js +424 -0
package/dist/dataResidency.d.ts +44 -0
package/dist/dataResidency.d.ts.map +1 -0
package/dist/dataResidency.js +203 -0
package/dist/dispatcher.d.ts +32 -0
package/dist/dispatcher.d.ts.map +1 -1
package/dist/dispatcher.js +91 -4
package/dist/events.d.ts.map +1 -1
package/dist/events.js +38 -0
package/dist/evidence_store.d.ts +103 -0
package/dist/evidence_store.d.ts.map +1 -0
package/dist/evidence_store.js +459 -0
package/dist/executiveSummary.d.ts +65 -8
package/dist/executiveSummary.d.ts.map +1 -1
package/dist/executiveSummary.js +289 -26
package/dist/identity.d.ts +143 -0
package/dist/identity.d.ts.map +1 -0
package/dist/identity.js +231 -0
package/dist/impact-assessment.d.ts +350 -0
package/dist/impact-assessment.d.ts.map +1 -0
package/dist/impact-assessment.js +580 -0
package/dist/index.d.ts +25 -5
package/dist/index.d.ts.map +1 -1
package/dist/index.js +300 -4
package/dist/instrumentation.d.ts +1 -1
package/dist/instrumentation.d.ts.map +1 -1
package/dist/instrumentation.js +243 -27
package/dist/integrations/anthropic.d.ts +3 -0
package/dist/integrations/anthropic.d.ts.map +1 -1
package/dist/integrations/anthropic.js +284 -79
package/dist/integrations/governance.d.ts +33 -0
package/dist/integrations/governance.d.ts.map +1 -0
package/dist/integrations/governance.js +208 -0
package/dist/integrations/langchain.d.ts +7 -0
package/dist/integrations/langchain.d.ts.map +1 -1
package/dist/integrations/langchain.js +387 -143
package/dist/integrations/openai.d.ts +9 -0
package/dist/integrations/openai.d.ts.map +1 -1
package/dist/integrations/openai.js +673 -73
package/dist/iso42001_consolidation.d.ts +16 -0
package/dist/iso42001_consolidation.d.ts.map +1 -0
package/dist/iso42001_consolidation.js +413 -0
package/dist/iso42001_workflows.d.ts +263 -0
package/dist/iso42001_workflows.d.ts.map +1 -0
package/dist/iso42001_workflows.js +781 -0
package/dist/lifecycle.d.ts +299 -0
package/dist/lifecycle.d.ts.map +1 -0
package/dist/lifecycle.js +624 -0
package/dist/lineage.d.ts +2 -2
package/dist/lineage.d.ts.map +1 -1
package/dist/lineage.js +12 -17
package/dist/middleware/express.d.ts.map +1 -1
package/dist/middleware/express.js +33 -3
package/dist/middleware/nextjs.d.ts.map +1 -1
package/dist/middleware/nextjs.js +42 -68
package/dist/model.d.ts +143 -0
package/dist/model.d.ts.map +1 -0
package/dist/model.js +371 -0
package/dist/onboarding.d.ts +42 -0
package/dist/onboarding.d.ts.map +1 -0
package/dist/onboarding.js +1022 -0
package/dist/oversight.d.ts +264 -0
package/dist/oversight.d.ts.map +1 -0
package/dist/oversight.js +497 -0
package/dist/pdf_report.d.ts.map +1 -1
package/dist/pdf_report.js +42 -21
package/dist/presets.d.ts +88 -0
package/dist/presets.d.ts.map +1 -0
package/dist/presets.js +520 -0
package/dist/propagation.d.ts.map +1 -1
package/dist/propagation.js +34 -2
package/dist/quotas.d.ts +171 -0
package/dist/quotas.d.ts.map +1 -0
package/dist/quotas.js +259 -0
package/dist/register.d.ts +13 -0
package/dist/register.d.ts.map +1 -0
package/dist/register.js +99 -0
package/dist/registry.d.ts +1 -0
package/dist/registry.d.ts.map +1 -1
package/dist/registry.js +7 -0
package/dist/registryData.json +43 -6
package/dist/report.d.ts +2 -1
package/dist/report.d.ts.map +1 -1
package/dist/report.js +189 -2
package/dist/reporting.d.ts +125 -0
package/dist/reporting.d.ts.map +1 -1
package/dist/reporting.js +196 -5
package/dist/resources.d.ts +285 -0
package/dist/resources.d.ts.map +1 -0
package/dist/resources.js +643 -0
package/dist/risk.d.ts +120 -0
package/dist/risk.d.ts.map +1 -0
package/dist/risk.js +220 -0
package/dist/runtime.d.ts +74 -1
package/dist/runtime.d.ts.map +1 -1
package/dist/runtime.js +598 -22
package/dist/schemaInference.d.ts +92 -0
package/dist/schemaInference.d.ts.map +1 -0
package/dist/schemaInference.js +466 -0
package/dist/schema_validation.js +2 -2
package/dist/schemas/config.schema.json +169 -6
package/dist/schemas/event.schema.json +4 -0
package/dist/security_report.js +4 -4
package/dist/signing.d.ts +1 -1
package/dist/signing.d.ts.map +1 -1
package/dist/signing.js +4 -0
package/dist/sinks/file.d.ts +19 -1
package/dist/sinks/file.d.ts.map +1 -1
package/dist/sinks/file.js +82 -13
package/dist/sinks/https.d.ts +10 -0
package/dist/sinks/https.d.ts.map +1 -1
package/dist/sinks/https.js +76 -16
package/dist/sinks/stdout.d.ts +1 -0
package/dist/sinks/stdout.d.ts.map +1 -1
package/dist/sinks/stdout.js +12 -1
package/dist/spec.d.ts +159 -0
package/dist/spec.d.ts.map +1 -0
package/dist/spec.js +391 -0
package/dist/stakeholders.d.ts +199 -0
package/dist/stakeholders.d.ts.map +1 -0
package/dist/stakeholders.js +398 -0
package/dist/standards.d.ts.map +1 -1
package/dist/standards.js +160 -2
package/dist/standards_ingest.d.ts +2 -2
package/dist/standards_ingest.d.ts.map +1 -1
package/dist/standards_ingest.js +105 -23
package/dist/streaming.d.ts.map +1 -1
package/dist/streaming.js +7 -2
package/dist/telemetry.d.ts +16 -2
package/dist/telemetry.d.ts.map +1 -1
package/dist/telemetry.js +79 -14
package/dist/templates/controls/iso42001_control_catalog.json +1443 -0
package/dist/traced_emitter.d.ts +3 -0
package/dist/traced_emitter.d.ts.map +1 -1
package/dist/traced_emitter.js +142 -25
package/dist/trust_package.d.ts +21 -1
package/dist/trust_package.d.ts.map +1 -1
package/dist/trust_package.js +101 -4
package/dist/verify.d.ts.map +1 -1
package/dist/verify.js +9 -2
package/dist/wal.d.ts.map +1 -1
package/dist/wal.js +2 -1
package/package.json +14 -1
package/scripts/postinstall.js +119 -97
package/templates/controls/iso42001_control_catalog.json +1443 -0

package/dist/config_migrations.js CHANGED Viewed

@@ -2,6 +2,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.LATEST_CONFIG_VERSION = void 0;
 exports.applyConfigMigrations = applyConfigMigrations;
+exports.validateProductionReadiness = validateProductionReadiness;
+exports.checkPresetEnvironmentMismatch = checkPresetEnvironmentMismatch;
+exports.logProductionWarnings = logProductionWarnings;
 const logger_1 = require("./logger");
 exports.LATEST_CONFIG_VERSION = '1.0.0';
 function applyConfigMigrations(config) {
@@ -15,12 +18,14 @@ function applyConfigMigrations(config) {
         if (!config.config_version) {
             config.config_version = exports.LATEST_CONFIG_VERSION;
         }
+        normalizeOnboarding(config);
         return config;
     }
     if (compareVersions(version, '1.0.0') < 0) {
         migrate000To100(config);
         config.config_version = exports.LATEST_CONFIG_VERSION;
     }
+    normalizeOnboarding(config);
     return config;
 }
 function compareVersions(left, right) {
@@ -159,3 +164,203 @@ function normalizeErrorHandling(config) {
         }
     }
 }
+function normalizeOnboarding(config) {
+    const cfg = config;
+    if (!cfg.onboarding && cfg.onboard && typeof cfg.onboard === 'object') {
+        cfg.onboarding = cfg.onboard;
+        delete cfg.onboard;
+    }
+    if (cfg.onboarding && typeof cfg.onboarding === 'object') {
+        const onboarding = cfg.onboarding;
+        if (onboarding.require_in_production !== undefined && onboarding.required_in_production === undefined) {
+            onboarding.required_in_production = onboarding.require_in_production;
+        }
+        if (typeof onboarding.status === 'string') {
+            const status = onboarding.status.toLowerCase();
+            if (['draft', 'validated', 'completed'].includes(status)) {
+                onboarding.status = status;
+            }
+            else {
+                onboarding.status = 'draft';
+            }
+        }
+        const artifacts = onboarding.artifacts;
+        if (artifacts && typeof artifacts === 'object') {
+            if (artifacts.input_path && !artifacts.production_logs_path) {
+                artifacts.production_logs_path = artifacts.input_path;
+            }
+            if (artifacts.schema_path && !artifacts.schema_contract_path) {
+                artifacts.schema_contract_path = artifacts.schema_path;
+            }
+        }
+    }
+    if (!cfg.enrichments && cfg.enrichment && typeof cfg.enrichment === 'object') {
+        cfg.enrichments = cfg.enrichment;
+        delete cfg.enrichment;
+    }
+}
+/**
+ * Validate configuration against production best practices.
+ *
+ * Returns a list of warnings for settings that may not be appropriate
+ * for production use.
+ *
+ * @param config - The Monora configuration object.
+ * @returns List of ProductionReadinessWarning objects.
+ *
+ * @example
+ * ```typescript
+ * const warnings = validateProductionReadiness(config);
+ * for (const w of warnings) {
+ *   console.log(`[${w.category}] ${w.message}`);
+ *   console.log(`  Recommendation: ${w.recommendation}`);
+ * }
+ * ```
+ */
+function validateProductionReadiness(config) {
+    const warnings = [];
+    // Check environment
+    const defaults = config.defaults || {};
+    const environment = defaults.environment || 'development';
+    // Only run these checks in production
+    if (environment !== 'production') {
+        return warnings;
+    }
+    // Check immutability settings
+    const immutability = config.immutability || {};
+    if (immutability.enabled === false) {
+        warnings.push({
+            category: 'security',
+            message: 'Immutability (hash chaining) is disabled',
+            recommendation: 'Enable immutability.enabled=true for tamper-evident audit trails',
+        });
+    }
+    if (!immutability.verify_on_emit) {
+        warnings.push({
+            category: 'security',
+            message: 'Hash verification on emit is disabled',
+            recommendation: 'Enable immutability.verify_on_emit=true to detect chain tampering',
+        });
+    }
+    // Check signing settings
+    const signing = config.signing || {};
+    if (!signing.enabled) {
+        warnings.push({
+            category: 'security',
+            message: 'Event signing is disabled',
+            recommendation: 'Enable signing.enabled=true with Ed25519 or HMAC-SHA256 for cryptographic integrity',
+        });
+    }
+    // Check sinks configuration
+    const sinks = config.sinks || [];
+    const hasPersistentSink = sinks.some((sink) => sink.type === 'file' || sink.type === 'https');
+    if (!hasPersistentSink) {
+        warnings.push({
+            category: 'durability',
+            message: 'No persistent sink configured (only stdout)',
+            recommendation: 'Add a file or https sink to ensure events are persisted',
+        });
+    }
+    // Check WAL settings
+    const wal = config.wal || {};
+    if (!wal.enabled) {
+        warnings.push({
+            category: 'durability',
+            message: 'Write-ahead log (WAL) is disabled',
+            recommendation: 'Enable wal.enabled=true for crash recovery',
+        });
+    }
+    else if (wal.sync_mode === 'none') {
+        warnings.push({
+            category: 'durability',
+            message: "WAL sync mode is 'none' (data may be lost on crash)",
+            recommendation: "Set wal.sync_mode='fsync' (avoid 'none') for durability",
+        });
+    }
+    // Check error handling
+    const errorHandling = config.error_handling || {};
+    if (errorHandling.sink_failure_mode === 'silent') {
+        warnings.push({
+            category: 'observability',
+            message: 'Sink failures are silently ignored',
+            recommendation: "Set error_handling.sink_failure_mode='warn' or 'raise'",
+        });
+    }
+    // Check reporting
+    const reporting = config.reporting || {};
+    if (reporting.enabled === false) {
+        warnings.push({
+            category: 'compliance',
+            message: 'Trust summary reporting is disabled',
+            recommendation: 'Enable reporting.enabled=true for compliance documentation',
+        });
+    }
+    // Check data handling for sensitive data
+    const dataHandling = config.data_handling || {};
+    if (!dataHandling.enabled) {
+        warnings.push({
+            category: 'privacy',
+            message: 'Data handling/redaction is disabled',
+            recommendation: 'Enable data_handling.enabled=true to prevent PII leakage',
+        });
+    }
+    // Check policies
+    const policies = config.policies || {};
+    if (!policies.enforce) {
+        warnings.push({
+            category: 'governance',
+            message: 'Model policy enforcement is disabled',
+            recommendation: 'Enable policies.enforce=true with model_allowlist for governance',
+        });
+    }
+    return warnings;
+}
+/**
+ * Check if a preset is appropriate for the given environment.
+ *
+ * @param presetName - Name of the preset being used.
+ * @param environment - Target environment.
+ * @returns Warning if there's a mismatch, null otherwise.
+ */
+function checkPresetEnvironmentMismatch(presetName, environment) {
+    if (!presetName) {
+        return null;
+    }
+    const presetLower = presetName.toLowerCase();
+    const envLower = environment.toLowerCase();
+    // Development/POC presets in production
+    if (envLower === 'production' && ['development', 'dev', 'poc', 'experimental'].includes(presetLower)) {
+        return {
+            category: 'configuration',
+            message: `Using '${presetName}' preset in production environment`,
+            recommendation: "Switch to 'production' or 'strict_enterprise' preset for production use",
+        };
+    }
+    // Strict enterprise in development (overkill warning)
+    if (['development', 'dev'].includes(envLower) && presetLower === 'strict_enterprise') {
+        return {
+            category: 'configuration',
+            message: `Using '${presetName}' preset in development - may slow iteration`,
+            recommendation: "Consider 'development' or 'poc' preset for faster local development",
+        };
+    }
+    return null;
+}
+/**
+ * Log production readiness warnings.
+ *
+ * @param warnings - List of warnings to log.
+ */
+function logProductionWarnings(warnings) {
+    if (warnings.length === 0) {
+        return;
+    }
+    logger_1.logger.warning('='.repeat(60));
+    logger_1.logger.warning('PRODUCTION READINESS WARNINGS (%d issues)', warnings.length);
+    logger_1.logger.warning('='.repeat(60));
+    for (const w of warnings) {
+        logger_1.logger.warning('[%s] %s', w.category.toUpperCase(), w.message);
+        logger_1.logger.warning('  → %s', w.recommendation);
+    }
+    logger_1.logger.warning('='.repeat(60));
+}