npm - monora-ai - Versions diffs - 2.0.0 → 2.1.3 - Mend

monora-ai 2.0.0 → 2.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (202) hide show

package/README.md +441 -150
package/dist/aims_governance.d.ts +238 -0
package/dist/aims_governance.d.ts.map +1 -0
package/dist/aims_governance.js +922 -0
package/dist/alerts.d.ts +16 -0
package/dist/alerts.d.ts.map +1 -1
package/dist/alerts.js +16 -0
package/dist/api.d.ts +6 -0
package/dist/api.d.ts.map +1 -1
package/dist/api.js +6 -0
package/dist/assessment.d.ts +269 -0
package/dist/assessment.d.ts.map +1 -0
package/dist/assessment.js +1232 -0
package/dist/attestation.js +23 -1
package/dist/attribution.d.ts +349 -0
package/dist/attribution.d.ts.map +1 -0
package/dist/attribution.js +987 -0
package/dist/autodetect.d.ts +69 -1
package/dist/autodetect.d.ts.map +1 -1
package/dist/autodetect.js +644 -1
package/dist/bias.d.ts +130 -0
package/dist/bias.d.ts.map +1 -0
package/dist/bias.js +223 -0
package/dist/circuit_breaker.js +3 -3
package/dist/cli/diagnostics.d.ts +5 -1
package/dist/cli/diagnostics.d.ts.map +1 -1
package/dist/cli/diagnostics.js +31 -8
package/dist/cli/doctor.d.ts +25 -0
package/dist/cli/doctor.d.ts.map +1 -0
package/dist/cli/doctor.js +381 -0
package/dist/cli/fix.d.ts +16 -0
package/dist/cli/fix.d.ts.map +1 -0
package/dist/cli/fix.js +284 -0
package/dist/cli/init.d.ts +57 -0
package/dist/cli/init.d.ts.map +1 -0
package/dist/cli/init.js +205 -0
package/dist/cli.js +1611 -126
package/dist/complianceTargets.d.ts +111 -0
package/dist/complianceTargets.d.ts.map +1 -0
package/dist/complianceTargets.js +521 -0
package/dist/config.d.ts +301 -17
package/dist/config.d.ts.map +1 -1
package/dist/config.js +428 -36
package/dist/config_migrations.d.ts +41 -0
package/dist/config_migrations.d.ts.map +1 -1
package/dist/config_migrations.js +205 -0
package/dist/config_schema.d.ts +2900 -731
package/dist/config_schema.d.ts.map +1 -1
package/dist/config_schema.js +257 -55
package/dist/context.d.ts +34 -0
package/dist/context.d.ts.map +1 -1
package/dist/context.js +118 -7
package/dist/control_backbone.d.ts +122 -0
package/dist/control_backbone.d.ts.map +1 -0
package/dist/control_backbone.js +698 -0
package/dist/data-governance.d.ts +187 -0
package/dist/data-governance.d.ts.map +1 -0
package/dist/data-governance.js +424 -0
package/dist/dataResidency.d.ts +44 -0
package/dist/dataResidency.d.ts.map +1 -0
package/dist/dataResidency.js +203 -0
package/dist/dispatcher.d.ts +32 -0
package/dist/dispatcher.d.ts.map +1 -1
package/dist/dispatcher.js +91 -4
package/dist/events.d.ts.map +1 -1
package/dist/events.js +38 -0
package/dist/evidence_store.d.ts +103 -0
package/dist/evidence_store.d.ts.map +1 -0
package/dist/evidence_store.js +459 -0
package/dist/executiveSummary.d.ts +65 -8
package/dist/executiveSummary.d.ts.map +1 -1
package/dist/executiveSummary.js +289 -26
package/dist/identity.d.ts +143 -0
package/dist/identity.d.ts.map +1 -0
package/dist/identity.js +231 -0
package/dist/impact-assessment.d.ts +350 -0
package/dist/impact-assessment.d.ts.map +1 -0
package/dist/impact-assessment.js +580 -0
package/dist/index.d.ts +25 -5
package/dist/index.d.ts.map +1 -1
package/dist/index.js +300 -4
package/dist/instrumentation.d.ts +1 -1
package/dist/instrumentation.d.ts.map +1 -1
package/dist/instrumentation.js +243 -27
package/dist/integrations/anthropic.d.ts +3 -0
package/dist/integrations/anthropic.d.ts.map +1 -1
package/dist/integrations/anthropic.js +284 -79
package/dist/integrations/governance.d.ts +33 -0
package/dist/integrations/governance.d.ts.map +1 -0
package/dist/integrations/governance.js +208 -0
package/dist/integrations/langchain.d.ts +7 -0
package/dist/integrations/langchain.d.ts.map +1 -1
package/dist/integrations/langchain.js +387 -143
package/dist/integrations/openai.d.ts +9 -0
package/dist/integrations/openai.d.ts.map +1 -1
package/dist/integrations/openai.js +673 -73
package/dist/iso42001_consolidation.d.ts +16 -0
package/dist/iso42001_consolidation.d.ts.map +1 -0
package/dist/iso42001_consolidation.js +413 -0
package/dist/iso42001_workflows.d.ts +263 -0
package/dist/iso42001_workflows.d.ts.map +1 -0
package/dist/iso42001_workflows.js +781 -0
package/dist/lifecycle.d.ts +299 -0
package/dist/lifecycle.d.ts.map +1 -0
package/dist/lifecycle.js +624 -0
package/dist/lineage.d.ts +2 -2
package/dist/lineage.d.ts.map +1 -1
package/dist/lineage.js +12 -17
package/dist/middleware/express.d.ts.map +1 -1
package/dist/middleware/express.js +33 -3
package/dist/middleware/nextjs.d.ts.map +1 -1
package/dist/middleware/nextjs.js +42 -68
package/dist/model.d.ts +143 -0
package/dist/model.d.ts.map +1 -0
package/dist/model.js +371 -0
package/dist/onboarding.d.ts +42 -0
package/dist/onboarding.d.ts.map +1 -0
package/dist/onboarding.js +1022 -0
package/dist/oversight.d.ts +264 -0
package/dist/oversight.d.ts.map +1 -0
package/dist/oversight.js +497 -0
package/dist/pdf_report.d.ts.map +1 -1
package/dist/pdf_report.js +42 -21
package/dist/presets.d.ts +88 -0
package/dist/presets.d.ts.map +1 -0
package/dist/presets.js +520 -0
package/dist/propagation.d.ts.map +1 -1
package/dist/propagation.js +34 -2
package/dist/quotas.d.ts +171 -0
package/dist/quotas.d.ts.map +1 -0
package/dist/quotas.js +259 -0
package/dist/register.d.ts +13 -0
package/dist/register.d.ts.map +1 -0
package/dist/register.js +99 -0
package/dist/registry.d.ts +1 -0
package/dist/registry.d.ts.map +1 -1
package/dist/registry.js +7 -0
package/dist/registryData.json +43 -6
package/dist/report.d.ts +2 -1
package/dist/report.d.ts.map +1 -1
package/dist/report.js +189 -2
package/dist/reporting.d.ts +125 -0
package/dist/reporting.d.ts.map +1 -1
package/dist/reporting.js +196 -5
package/dist/resources.d.ts +285 -0
package/dist/resources.d.ts.map +1 -0
package/dist/resources.js +643 -0
package/dist/risk.d.ts +120 -0
package/dist/risk.d.ts.map +1 -0
package/dist/risk.js +220 -0
package/dist/runtime.d.ts +74 -1
package/dist/runtime.d.ts.map +1 -1
package/dist/runtime.js +598 -22
package/dist/schemaInference.d.ts +92 -0
package/dist/schemaInference.d.ts.map +1 -0
package/dist/schemaInference.js +466 -0
package/dist/schema_validation.js +2 -2
package/dist/schemas/config.schema.json +169 -6
package/dist/schemas/event.schema.json +4 -0
package/dist/security_report.js +4 -4
package/dist/signing.d.ts +1 -1
package/dist/signing.d.ts.map +1 -1
package/dist/signing.js +4 -0
package/dist/sinks/file.d.ts +19 -1
package/dist/sinks/file.d.ts.map +1 -1
package/dist/sinks/file.js +82 -13
package/dist/sinks/https.d.ts +10 -0
package/dist/sinks/https.d.ts.map +1 -1
package/dist/sinks/https.js +76 -16
package/dist/sinks/stdout.d.ts +1 -0
package/dist/sinks/stdout.d.ts.map +1 -1
package/dist/sinks/stdout.js +12 -1
package/dist/spec.d.ts +159 -0
package/dist/spec.d.ts.map +1 -0
package/dist/spec.js +391 -0
package/dist/stakeholders.d.ts +199 -0
package/dist/stakeholders.d.ts.map +1 -0
package/dist/stakeholders.js +398 -0
package/dist/standards.d.ts.map +1 -1
package/dist/standards.js +160 -2
package/dist/standards_ingest.d.ts +2 -2
package/dist/standards_ingest.d.ts.map +1 -1
package/dist/standards_ingest.js +105 -23
package/dist/streaming.d.ts.map +1 -1
package/dist/streaming.js +7 -2
package/dist/telemetry.d.ts +16 -2
package/dist/telemetry.d.ts.map +1 -1
package/dist/telemetry.js +79 -14
package/dist/templates/controls/iso42001_control_catalog.json +1443 -0
package/dist/traced_emitter.d.ts +3 -0
package/dist/traced_emitter.d.ts.map +1 -1
package/dist/traced_emitter.js +142 -25
package/dist/trust_package.d.ts +21 -1
package/dist/trust_package.d.ts.map +1 -1
package/dist/trust_package.js +101 -4
package/dist/verify.d.ts.map +1 -1
package/dist/verify.js +9 -2
package/dist/wal.d.ts.map +1 -1
package/dist/wal.js +2 -1
package/package.json +14 -1
package/scripts/postinstall.js +119 -97
package/templates/controls/iso42001_control_catalog.json +1443 -0

package/dist/evidence_store.js ADDED Viewed

@@ -0,0 +1,459 @@
+"use strict";
+/**
+ * Evidence store with hash chaining and lineage graph support.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EvidenceStore = void 0;
+exports.computeEvidenceItemHash = computeEvidenceItemHash;
+exports.verifyEvidenceHashChain = verifyEvidenceHashChain;
+exports.buildEvidenceHashChain = buildEvidenceHashChain;
+exports.buildEvidenceLineageGraph = buildEvidenceLineageGraph;
+exports.buildHashedEvidenceManifest = buildHashedEvidenceManifest;
+exports.getRuntimeEvidenceStore = getRuntimeEvidenceStore;
+exports.clearRuntimeEvidenceStore = clearRuntimeEvidenceStore;
+exports.recordRuntimeEvidence = recordRuntimeEvidence;
+exports.buildRuntimeEvidenceManifest = buildRuntimeEvidenceManifest;
+const crypto = __importStar(require("crypto"));
+function utcNow() {
+    return new Date().toISOString();
+}
+function isPlainObject(value) {
+    return Object.prototype.toString.call(value) === '[object Object]';
+}
+function canonicalizeValue(value) {
+    if (Array.isArray(value)) {
+        return value.map((item) => canonicalizeValue(item));
+    }
+    if (value && typeof value === 'object') {
+        if (!isPlainObject(value)) {
+            return value;
+        }
+        const sortedEntries = Object.entries(value).sort(([a], [b]) => a.localeCompare(b));
+        const result = {};
+        for (const [key, nestedValue] of sortedEntries) {
+            result[key] = canonicalizeValue(nestedValue);
+        }
+        return result;
+    }
+    return value;
+}
+function stableStringify(value) {
+    return JSON.stringify(canonicalizeValue(value));
+}
+function normalizeList(value) {
+    if (value === null || value === undefined) {
+        return [];
+    }
+    if (Array.isArray(value)) {
+        return value
+            .map((item) => String(item).trim())
+            .filter(Boolean);
+    }
+    return String(value)
+        .replace(/;/g, ',')
+        .split(',')
+        .map((item) => item.trim())
+        .filter(Boolean);
+}
+function validateAlgorithm(algorithm) {
+    const normalized = (algorithm || '').trim().toLowerCase() || 'sha256';
+    const supported = new Set(crypto.getHashes());
+    if (!supported.has(normalized)) {
+        throw new Error(`Invalid hash_algorithm: ${algorithm || '(empty)'}; supported algorithms: ${Array.from(supported).join(', ')}`);
+    }
+    return normalized;
+}
+function buildId(prefix, ...parts) {
+    const seed = `${prefix}:${parts.join(':')}:${utcNow()}`;
+    const digest = crypto.createHash('sha256').update(seed).digest('hex').slice(0, 12);
+    return `${prefix}_${digest}`;
+}
+function clone(value) {
+    return JSON.parse(JSON.stringify(value));
+}
+function sanitizeEvidencePayload(payload) {
+    const sanitized = clone(payload);
+    delete sanitized.evidence_hash;
+    delete sanitized.prev_hash;
+    delete sanitized.hash_chain;
+    return sanitized;
+}
+function computeEvidenceItemHash(item, options) {
+    const algorithm = validateAlgorithm(options?.algorithm);
+    const prevHash = options?.prevHash || null;
+    const payload = sanitizeEvidencePayload(item);
+    const canonical = stableStringify(payload);
+    const hasher = crypto.createHash(algorithm);
+    if (prevHash) {
+        hasher.update(prevHash);
+    }
+    hasher.update(canonical);
+    return `${algorithm}:${hasher.digest('hex')}`;
+}
+function verifyEvidenceHashChain(evidenceItems, records, algorithm) {
+    const normalized = validateAlgorithm(algorithm);
+    const byId = new Map();
+    for (const item of evidenceItems) {
+        const evidenceId = String(item.evidence_id || '').trim();
+        if (evidenceId) {
+            byId.set(evidenceId, item);
+        }
+    }
+    let prevHash = null;
+    for (let index = 0; index < records.length; index += 1) {
+        const record = records[index];
+        const evidenceId = String(record.evidence_id || '').trim();
+        if (!evidenceId) {
+            return { valid: false, error: `Missing evidence_id at index ${index}` };
+        }
+        const item = byId.get(evidenceId);
+        if (!item) {
+            return { valid: false, error: `Evidence item ${evidenceId} missing for hash verification` };
+        }
+        if ((record.prev_hash || null) !== prevHash) {
+            return {
+                valid: false,
+                error: `Chain break at index ${index}: prev_hash=${record.prev_hash} expected ${prevHash}`,
+            };
+        }
+        const computed = computeEvidenceItemHash(item, { prevHash, algorithm: normalized });
+        if (computed !== record.evidence_hash) {
+            return { valid: false, error: `Hash mismatch at index ${index} for evidence ${evidenceId}` };
+        }
+        prevHash = record.evidence_hash;
+    }
+    return { valid: true };
+}
+function buildEvidenceHashChain(evidenceItems, options) {
+    const algorithm = validateAlgorithm(options?.algorithm);
+    const sortBy = options?.sortBy || ((item) => {
+        const collected = item.collected_at || '';
+        const evidenceId = item.evidence_id || '';
+        return `${collected}:${evidenceId}`;
+    });
+    const ordered = [...evidenceItems].sort((a, b) => {
+        const left = sortBy(a);
+        const right = sortBy(b);
+        return left.localeCompare(right);
+    });
+    const records = [];
+    let prevHash = null;
+    for (const item of ordered) {
+        const evidenceHash = computeEvidenceItemHash(item, { prevHash, algorithm });
+        records.push({
+            evidence_id: String(item.evidence_id || ''),
+            evidence_hash: evidenceHash,
+            prev_hash: prevHash,
+            recorded_at: utcNow(),
+            collected_at: item.collected_at || null,
+        });
+        prevHash = evidenceHash;
+    }
+    const verification = verifyEvidenceHashChain(evidenceItems, records, algorithm);
+    return {
+        chain_type: 'evidence_hash_chain',
+        algorithm,
+        generated_at: utcNow(),
+        item_count: records.length,
+        first_hash: records.length > 0 ? records[0].evidence_hash : null,
+        last_hash: records.length > 0 ? records[records.length - 1].evidence_hash : null,
+        verification_status: verification.valid ? 'verified' : 'invalid',
+        verification_error: verification.error || null,
+        records,
+    };
+}
+function extractMetadataValues(metadata, keys) {
+    const values = [];
+    for (const key of keys) {
+        if (key in metadata) {
+            values.push(...normalizeList(metadata[key]));
+        }
+    }
+    return values;
+}
+function buildEvidenceLineageGraph(evidenceItems) {
+    const nodes = [];
+    const edges = [];
+    const nodeIndex = new Map();
+    const edgeKeys = new Set();
+    const addNode = (id, type, attrs) => {
+        if (nodeIndex.has(id)) {
+            return;
+        }
+        const payload = { id, type, ...(attrs || {}) };
+        nodeIndex.set(id, payload);
+        nodes.push(payload);
+    };
+    const addEdge = (from, to, type, attrs) => {
+        const key = `${from}|${to}|${type}`;
+        if (edgeKeys.has(key)) {
+            return;
+        }
+        edgeKeys.add(key);
+        edges.push({ from, to, type, ...(attrs || {}) });
+    };
+    for (const item of evidenceItems) {
+        const evidenceId = String(item.evidence_id || '').trim();
+        if (!evidenceId) {
+            continue;
+        }
+        const evidenceNodeId = `evidence:${evidenceId}`;
+        addNode(evidenceNodeId, 'evidence', {
+            evidence_id: evidenceId,
+            title: item.title,
+            source: item.source,
+            category: item.category,
+            collected_at: item.collected_at,
+            status: item.status,
+        });
+        for (const controlId of normalizeList(item.control_ids)) {
+            const controlNodeId = `control:${controlId}`;
+            addNode(controlNodeId, 'control', { control_id: controlId });
+            addEdge(evidenceNodeId, controlNodeId, 'satisfies');
+        }
+        const metadata = item.metadata && typeof item.metadata === 'object'
+            ? item.metadata
+            : {};
+        const nestedMeta = metadata.metadata && typeof metadata.metadata === 'object'
+            ? metadata.metadata
+            : {};
+        const workflowIds = [
+            ...extractMetadataValues(metadata, ['workflow_id']),
+            ...extractMetadataValues(nestedMeta, ['workflow_id']),
+        ];
+        for (const workflowId of new Set(workflowIds)) {
+            const workflowNodeId = `workflow:${workflowId}`;
+            addNode(workflowNodeId, 'workflow', { workflow_id: workflowId });
+            addEdge(evidenceNodeId, workflowNodeId, 'workflow');
+        }
+        const systemIds = [
+            ...extractMetadataValues(metadata, ['system_id', 'system']),
+            ...extractMetadataValues(nestedMeta, ['system_id', 'system', 'systems']),
+        ];
+        if (item.system_id) {
+            systemIds.push(String(item.system_id));
+        }
+        else if (item.system) {
+            systemIds.push(String(item.system));
+        }
+        for (const systemId of new Set(systemIds)) {
+            const systemNodeId = `system:${systemId}`;
+            addNode(systemNodeId, 'system', { system_id: systemId });
+            addEdge(evidenceNodeId, systemNodeId, 'system');
+        }
+        const eventIds = [
+            ...extractMetadataValues(metadata, ['event_id', 'event_ids', 'evidence_event_ids', 'source_event_ids']),
+            ...extractMetadataValues(nestedMeta, ['event_id', 'event_ids', 'evidence_event_ids', 'source_event_ids']),
+        ];
+        const traceIds = [
+            ...extractMetadataValues(metadata, ['trace_id', 'trace_ids']),
+            ...extractMetadataValues(nestedMeta, ['trace_id', 'trace_ids']),
+        ];
+        for (const eventId of new Set(eventIds)) {
+            const eventNodeId = `event:${eventId}`;
+            addNode(eventNodeId, 'event', { event_id: eventId });
+            addEdge(evidenceNodeId, eventNodeId, 'evidence_event');
+            for (const traceId of new Set(traceIds)) {
+                const traceNodeId = `trace:${traceId}`;
+                addNode(traceNodeId, 'trace', { trace_id: traceId });
+                addEdge(eventNodeId, traceNodeId, 'trace');
+            }
+        }
+        for (const traceId of new Set(traceIds)) {
+            const traceNodeId = `trace:${traceId}`;
+            addNode(traceNodeId, 'trace', { trace_id: traceId });
+            addEdge(evidenceNodeId, traceNodeId, 'trace');
+        }
+        const artifacts = Array.isArray(item.artifacts) ? item.artifacts : [];
+        for (const artifact of artifacts) {
+            const artifactId = artifact.sha256 || artifact.path;
+            if (!artifactId) {
+                continue;
+            }
+            const artifactNodeId = `artifact:${artifactId}`;
+            addNode(artifactNodeId, 'artifact', {
+                sha256: artifact.sha256,
+                path: artifact.path,
+                size_bytes: artifact.size_bytes,
+                content_type: artifact.content_type,
+                collected_at: artifact.collected_at,
+            });
+            addEdge(evidenceNodeId, artifactNodeId, 'artifact');
+        }
+    }
+    const nodeCounts = {};
+    for (const node of nodes) {
+        const type = String(node.type || 'unknown');
+        nodeCounts[type] = (nodeCounts[type] || 0) + 1;
+    }
+    return {
+        graph_type: 'evidence_lineage',
+        generated_at: utcNow(),
+        node_counts: nodeCounts,
+        nodes,
+        edges,
+    };
+}
+function buildHashedEvidenceManifest(options) {
+    const includeLineage = options.includeLineage !== false;
+    const includeHashChain = options.includeHashChain !== false;
+    const manifest = {
+        manifest_type: 'evidence_manifest',
+        manifest_version: '1.0.0',
+        standard: options.standard,
+        generated_at: options.generatedAt || utcNow(),
+        scope: options.scope,
+        generated_by: options.generatedBy,
+        notes: options.notes,
+        evidence_items: options.evidenceItems,
+    };
+    if (includeHashChain) {
+        manifest.hash_chain = buildEvidenceHashChain(options.evidenceItems, {
+            algorithm: options.hashAlgorithm,
+        });
+    }
+    if (includeLineage) {
+        manifest.lineage_graph = buildEvidenceLineageGraph(options.evidenceItems);
+    }
+    return manifest;
+}
+function ensureEvidenceRecord(payload) {
+    const evidence = clone(payload || {});
+    if (!evidence.evidence_id) {
+        evidence.evidence_id = buildId('evd', evidence.title || 'evidence');
+    }
+    if (!evidence.title) {
+        evidence.title = `Evidence for ${evidence.evidence_id}`;
+    }
+    if (!evidence.source) {
+        evidence.source = 'manual';
+    }
+    if (!evidence.category) {
+        evidence.category = 'evidence';
+    }
+    if (!evidence.collection_method) {
+        evidence.collection_method = 'manual';
+    }
+    if (!evidence.collected_at) {
+        evidence.collected_at = utcNow();
+    }
+    const controlIds = new Set(normalizeList(evidence.control_ids));
+    evidence.control_ids = Array.from(controlIds).sort();
+    if (!evidence.metadata || typeof evidence.metadata !== 'object') {
+        evidence.metadata = {};
+    }
+    if (!evidence.status) {
+        evidence.status = 'collected';
+    }
+    return evidence;
+}
+class EvidenceStore {
+    constructor(options) {
+        this.algorithm = validateAlgorithm(options?.hashAlgorithm);
+        this.items = new Map();
+    }
+    clear() {
+        this.items = new Map();
+    }
+    addEvidence(item) {
+        const evidence = ensureEvidenceRecord(item);
+        this.items.set(String(evidence.evidence_id), clone(evidence));
+        return clone(evidence);
+    }
+    addMany(items) {
+        return items.map((item) => this.addEvidence(item));
+    }
+    listItems() {
+        return Array.from(this.items.values()).map((item) => clone(item));
+    }
+    get(evidenceId) {
+        const stored = this.items.get(evidenceId);
+        return stored ? clone(stored) : null;
+    }
+    buildManifest(options) {
+        return buildHashedEvidenceManifest({
+            standard: options.standard,
+            evidenceItems: this.listItems(),
+            scope: options.scope,
+            generatedBy: options.generatedBy,
+            notes: options.notes,
+            includeLineage: options.includeLineage,
+            includeHashChain: options.includeHashChain,
+            hashAlgorithm: this.algorithm,
+        });
+    }
+    getHashAlgorithm() {
+        return this.algorithm;
+    }
+}
+exports.EvidenceStore = EvidenceStore;
+let runtimeEvidenceStore = new EvidenceStore();
+function getRuntimeEvidenceStore() {
+    return runtimeEvidenceStore;
+}
+function clearRuntimeEvidenceStore() {
+    runtimeEvidenceStore.clear();
+}
+function recordRuntimeEvidence(item) {
+    return runtimeEvidenceStore.addEvidence(item);
+}
+function buildRuntimeEvidenceManifest(options) {
+    const manifest = buildHashedEvidenceManifest({
+        standard: options?.standard || 'ISO42001',
+        evidenceItems: runtimeEvidenceStore.listItems(),
+        scope: options?.scope,
+        generatedBy: options?.generatedBy,
+        notes: options?.notes,
+        includeLineage: options?.includeLineage !== false,
+        includeHashChain: options?.includeHashChain !== false,
+        hashAlgorithm: runtimeEvidenceStore.getHashAlgorithm(),
+    });
+    if (options?.includeControlWorkflowState !== false) {
+        // Lazy require to avoid circular imports
+        // eslint-disable-next-line @typescript-eslint/no-var-requires
+        const { buildWorkflowStatePayload } = require('./control_backbone');
+        manifest.control_workflow_state = buildWorkflowStatePayload({
+            catalog: options?.controlCatalog,
+            evidenceItems: manifest.evidence_items,
+        });
+    }
+    if (options?.includeAimsGovernanceState !== false) {
+        // eslint-disable-next-line @typescript-eslint/no-var-requires
+        const { buildAimsGovernanceStatePayload } = require('./aims_governance');
+        manifest.aims_governance_state = buildAimsGovernanceStatePayload();
+    }
+    return manifest;
+}

package/dist/executiveSummary.d.ts CHANGED Viewed

@@ -9,23 +9,80 @@ export interface ComplianceScoreResult {
     grade: string;
     breakdown: Record<string, number>;
     max_score: number;
+    framework?: string;
 }
+/**
+ * Framework-specific compliance weighting profiles.
+ *
+ * Each framework has different priorities for governance controls.
+ */
+export interface FrameworkWeights {
+    /** Weight for policy violations (default: 10 per violation) */
+    policyViolation: number;
+    /** Maximum penalty for policy violations */
+    maxPolicyPenalty: number;
+    /** Penalty for failed chain integrity */
+    chainIntegrityFailed: number;
+    /** Penalty for disabled chain integrity */
+    chainIntegrityDisabled: number;
+    /** Bonus for enabled signing */
+    signingEnabled: number;
+    /** Penalty for disabled signing */
+    signingDisabled: number;
+    /** Bonus for enabled WAL */
+    walEnabled: number;
+    /** Penalty for disabled WAL */
+    walDisabled: number;
+    /** Penalty per unknown model */
+    unknownModel: number;
+    /** Maximum penalty for unknown models */
+    maxUnknownPenalty: number;
+    /** Bonus for enabled data handling */
+    dataHandlingEnabled: number;
+    /** Penalty for disabled data handling */
+    dataHandlingDisabled: number;
+    /** Bonus for enabled AI Act compliance */
+    aiActEnabled: number;
+}
+/**
+ * Framework-specific weight profiles.
+ */
+export declare const FRAMEWORK_WEIGHTS: Record<string, FrameworkWeights>;
+/**
+ * Get weights for a specific compliance framework.
+ */
+export declare function getFrameworkWeights(framework?: string): FrameworkWeights;
 /**
  * Calculate compliance score (0-100) based on governance controls.
  *
- * Scoring breakdown:
- * - Base score: 100
- * - Policy violations: -10 per violation (max -50)
- * - Chain integrity: -30 if failed, -10 if disabled
- * - Signing enabled: +10 bonus (if disabled: -5)
- * - WAL enabled: +5 bonus (if disabled: -5)
- * - Unknown models used: -5 per model (max -15)
+ * Scoring uses framework-specific weights when a compliance framework is specified.
+ * Supported frameworks: soc2, gdpr, hipaa, ai_act, iso27001, pci_dss
+ *
+ * @param report - The compliance report data
+ * @param chainStatus - Status of hash chain ('verified', 'failed', 'disabled')
+ * @param config - Monora configuration
+ * @param framework - Optional compliance framework for weighted scoring
  */
-export declare function calculateComplianceScore(report: Record<string, any>, chainStatus: string, config: MonoraConfig): ComplianceScoreResult;
+export declare function calculateComplianceScore(report: Record<string, any>, chainStatus: string, config: MonoraConfig, framework?: string): ComplianceScoreResult;
 /**
  * Generate a one-page Markdown executive summary.
  */
 export declare function generateExecutiveSummary(report: Record<string, any>, events: Array<Record<string, any>>, chainStatus: string, config: MonoraConfig, traceId?: string): string;
+/**
+ * Compliance control evidence mapping.
+ */
+export interface ComplianceControlEvidence {
+    controlId: string;
+    controlName: string;
+    framework: string;
+    eventTypes: string[];
+    eventCount: number;
+    sampleEventIds: string[];
+}
+/**
+ * Generate evidence mapping for compliance controls.
+ */
+export declare function generateEvidenceMapping(events: Array<Record<string, any>>, framework?: string): ComplianceControlEvidence[];
 /**
  * Write executive summary to a file.
  */

package/dist/executiveSummary.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"executiveSummary.d.ts","sourceRoot":"","sources":["../src/executiveSummary.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;~~CACnB~~;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,YAAY,~~GACnB~~,qBAAqB,~~CA4EvB~~;AA4CD;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EAClC,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,YAAY,EACpB,OAAO,CAAC,EAAE,MAAM,GACf,MAAM,~~CA2LR~~;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EAClC,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,YAAY,EACpB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,GACf,MAAM,GAAG,IAAI,CAcf"}
1	+ {"version":3,"file":"executiveSummary.d.ts","sourceRoot":"","sources":["../src/executiveSummary.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,+DAA+D;IAC/D,eAAe,EAAE,MAAM,CAAC;IACxB,4CAA4C;IAC5C,gBAAgB,EAAE,MAAM,CAAC;IACzB,yCAAyC;IACzC,oBAAoB,EAAE,MAAM,CAAC;IAC7B,2CAA2C;IAC3C,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gCAAgC;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,mCAAmC;IACnC,eAAe,EAAE,MAAM,CAAC;IACxB,4BAA4B;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,+BAA+B;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,yCAAyC;IACzC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sCAAsC;IACtC,mBAAmB,EAAE,MAAM,CAAC;IAC5B,yCAAyC;IACzC,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0CAA0C;IAC1C,YAAY,EAAE,MAAM,CAAC;CACtB;AAqBD;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAwG9D,CAAC;AAEF;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,gBAAgB,CAMxE;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,YAAY,EACpB,SAAS,CAAC,EAAE,MAAM,GACjB,qBAAqB,CAsGvB;AA4CD;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EAClC,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,YAAY,EACpB,OAAO,CAAC,EAAE,MAAM,GACf,MAAM,CA+LR;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AA0CD;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EAClC,SAAS,CAAC,EAAE,MAAM,GACjB,yBAAyB,EAAE,CAoD7B;AAsCD;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EAClC,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,YAAY,EACpB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,GACf,MAAM,GAAG,IAAI,CAcf"}