monora-ai 2.0.0 → 2.1.3

package/dist/iso42001_consolidation.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Consolidation and gap analysis helpers for ISO 42001 workflows.
+ */
+export declare function consolidateLegacyIso42001Modules(options?: {
+    ownerFallback?: string;
+}): Record<string, any>;
+export declare function identifyIso42001RemainingGaps(options?: {
+    catalog?: Record<string, any>;
+    targetCoverage?: number;
+}): Record<string, any>;
+export declare function consolidateAndIdentifyIso42001Gaps(options?: {
+    catalog?: Record<string, any>;
+    ownerFallback?: string;
+    targetCoverage?: number;
+}): Record<string, any>;
+//# sourceMappingURL=iso42001_consolidation.d.ts.map

package/dist/iso42001_consolidation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"iso42001_consolidation.d.ts","sourceRoot":"","sources":["../src/iso42001_consolidation.ts"],"names":[],"mappings":"AAAA;;GAEG;AA6DH,wBAAgB,gCAAgC,CAAC,OAAO,CAAC,EAAE;IACzD,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CA2XtB;AAED,wBAAgB,6BAA6B,CAAC,OAAO,CAAC,EAAE;IACtD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC9B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CA0BtB;AAED,wBAAgB,kCAAkC,CAAC,OAAO,CAAC,EAAE;IAC3D,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC9B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAQtB"}

package/dist/iso42001_consolidation.js

@@ -0,0 +1,413 @@
+"use strict";
+/**
+ * Consolidation and gap analysis helpers for ISO 42001 workflows.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.consolidateLegacyIso42001Modules = consolidateLegacyIso42001Modules;
+exports.identifyIso42001RemainingGaps = identifyIso42001RemainingGaps;
+exports.consolidateAndIdentifyIso42001Gaps = consolidateAndIdentifyIso42001Gaps;
+const control_backbone_1 = require("./control_backbone");
+const iso42001_workflows_1 = require("./iso42001_workflows");
+function asList(value) {
+    if (value === null || value === undefined) {
+        return [];
+    }
+    return Array.isArray(value) ? value : [value];
+}
+function text(value, fallback = '') {
+    const normalized = String(value || '').trim();
+    return normalized || fallback;
+}
+function loadLegacyModule(modulePath) {
+    try {
+        // Lazy-load legacy modules to avoid hard type-coupling in the consolidated API.
+        // eslint-disable-next-line @typescript-eslint/no-var-requires
+        return require(modulePath);
+    }
+    catch {
+        return {};
+    }
+}
+function consolidateLegacyIso42001Modules(options) {
+    const ownerFallback = options?.ownerFallback || 'AI Governance Lead';
+    const counts = {
+        impact_assessments: 0,
+        lifecycle_records: 0,
+        data_governance_records: 0,
+        stakeholder_records: 0,
+        resource_records: 0,
+    };
+    const warnings = [];
+    const impactModule = loadLegacyModule('./impact-assessment');
+    const lifecycleModule = loadLegacyModule('./lifecycle');
+    const dataGovernanceModule = loadLegacyModule('./data-governance');
+    const stakeholdersModule = loadLegacyModule('./stakeholders');
+    const resourcesModule = loadLegacyModule('./resources');
+    try {
+        const assessments = typeof impactModule.getAllAssessments === 'function' ? impactModule.getAllAssessments() : [];
+        for (const assessment of assessments) {
+            (0, iso42001_workflows_1.recordImpactAssessment)({
+                title: `Consolidated impact assessment: ${text(assessment.assessmentId, 'legacy')}`,
+                owner: text(assessment.assessor, ownerFallback),
+                systemId: text(assessment.systemId, 'unknown-system'),
+                methodology: 'legacy_impact_assessment',
+                individualImpacts: asList(assessment.individualImpacts).map((item) => text(item?.description, 'impact')),
+                societalImpacts: asList(assessment.societalImpacts).map((item) => text(item?.description, 'societal_impact')),
+                mitigations: asList(assessment.riskMitigations).map((item) => text(item?.description, 'mitigation')),
+                approvedBy: asList(assessment.approvals).length > 0 ? text(asList(assessment.approvals)[0]?.approverName) : undefined,
+                metadata: { source: 'legacy_impact_assessment', assessment },
+            });
+            counts.impact_assessments += 1;
+        }
+    }
+    catch (error) {
+        warnings.push(`impact_assessment_consolidation_failed: ${String(error)}`);
+    }
+    try {
+        const systems = typeof lifecycleModule.getAllSystems === 'function' ? lifecycleModule.getAllSystems() : [];
+        for (const system of systems) {
+            const systemId = text(system.systemId, 'legacy-system');
+            const owner = text(system.owner || system.createdBy, ownerFallback);
+            const objectives = asList(system.developmentObjectives).map((item) => text(item?.description, 'objective'));
+            if (objectives.length > 0) {
+                (0, iso42001_workflows_1.recordResponsibleDevelopmentObjectives)({
+                    title: `Consolidated objectives: ${systemId}`,
+                    owner,
+                    objectives,
+                    linkedRisks: asList(system.riskLinks),
+                    metadata: { source: 'legacy_lifecycle', system },
+                });
+            }
+            const processSteps = asList(system.designDocuments).map((item) => text(item?.title, 'design_doc'));
+            if (processSteps.length > 0) {
+                (0, iso42001_workflows_1.recordResponsibleDevelopmentProcess)({
+                    title: `Consolidated development process: ${systemId}`,
+                    owner,
+                    processSteps,
+                    metadata: { source: 'legacy_lifecycle', system },
+                });
+            }
+            const requirements = asList(system.requirements).map((item) => text(item?.description, 'requirement'));
+            if (requirements.length > 0) {
+                (0, iso42001_workflows_1.recordRequirementsSpecification)({
+                    title: `Consolidated requirements: ${systemId}`,
+                    owner,
+                    systemId,
+                    requirements,
+                    stakeholderGroups: asList(system.stakeholders),
+                    metadata: { source: 'legacy_lifecycle', system },
+                });
+            }
+            const vvCriteria = asList(system.verificationRecords)
+                .map((item) => text(item?.method, 'verification'))
+                .concat(asList(system.validationRecords).map((item) => text(item?.method, 'validation')));
+            if (vvCriteria.length > 0) {
+                (0, iso42001_workflows_1.recordVerificationValidationPlan)({
+                    title: `Consolidated V&V: ${systemId}`,
+                    owner,
+                    criteria: vvCriteria,
+                    metadata: { source: 'legacy_lifecycle', system },
+                });
+            }
+            const deployment = system.deploymentPlan;
+            if (deployment) {
+                (0, iso42001_workflows_1.recordDeploymentPlan)({
+                    title: `Consolidated deployment plan: ${systemId}`,
+                    owner,
+                    releaseScope: text(deployment.description, systemId),
+                    rollbackPlan: text(deployment.rollbackPlan, 'legacy_rollback_plan'),
+                    approvers: asList(deployment.approvers),
+                    metadata: { source: 'legacy_lifecycle', system },
+                });
+            }
+            const transitions = asList(system.stageTransitions).map((item) => text(item?.toStage, 'stage'));
+            if (transitions.length > 0) {
+                (0, iso42001_workflows_1.recordOperationsMonitoringPlan)({
+                    title: `Consolidated operations monitoring: ${systemId}`,
+                    owner,
+                    monitoringSignals: ['stage_transitions'],
+                    maintenanceTasks: transitions,
+                    metadata: { source: 'legacy_lifecycle', system },
+                });
+            }
+            const docs = asList(system.designDocuments).map((item) => text(item?.pathOrUrl, 'doc_ref'));
+            if (docs.length > 0) {
+                (0, iso42001_workflows_1.recordStakeholderTechnicalDocumentation)({
+                    title: `Consolidated technical documentation: ${systemId}`,
+                    owner,
+                    audience: asList(system.stakeholders).length > 0 ? asList(system.stakeholders) : ['internal'],
+                    documentRefs: docs,
+                    metadata: { source: 'legacy_lifecycle', system },
+                });
+            }
+            (0, iso42001_workflows_1.recordLifecycleEventLoggingPolicy)({
+                title: `Consolidated lifecycle event logging policy: ${systemId}`,
+                owner,
+                logScope: ['lifecycle_events', 'stage_transitions'],
+                retentionDays: 365,
+                integrityControls: ['hash_chain', 'signature_verification'],
+                metadata: { source: 'legacy_lifecycle', system },
+            });
+            counts.lifecycle_records += 1;
+        }
+    }
+    catch (error) {
+        warnings.push(`lifecycle_consolidation_failed: ${String(error)}`);
+    }
+    try {
+        const datasets = typeof dataGovernanceModule.getAllDatasets === 'function' ? dataGovernanceModule.getAllDatasets() : [];
+        for (const dataset of datasets) {
+            const datasetId = text(dataset.datasetId, 'legacy-dataset');
+            const owner = text(dataset.owner || dataset.createdBy, ownerFallback);
+            (0, iso42001_workflows_1.recordDataAcquisition)({
+                title: `Consolidated data acquisition: ${datasetId}`,
+                owner,
+                dataSources: asList(dataset.sources).length > 0 ? asList(dataset.sources) : [text(dataset.name, datasetId)],
+                consentBasis: asList(dataset.consentBasis).length > 0 ? asList(dataset.consentBasis) : ['legacy_basis'],
+                owners: asList(dataset.dataOwners).length > 0 ? asList(dataset.dataOwners) : [owner],
+                metadata: { source: 'legacy_data_governance', dataset },
+            });
+            const quality = (dataset.qualityMetrics || {});
+            if (Object.keys(quality).length > 0) {
+                (0, iso42001_workflows_1.recordDataQualityCriteria)({
+                    title: `Consolidated data quality criteria: ${datasetId}`,
+                    owner,
+                    qualityDimensions: Object.keys(quality),
+                    thresholds: quality,
+                    validationSchedule: text(dataset.qualityCheckSchedule, 'legacy'),
+                    metadata: { source: 'legacy_data_governance', dataset },
+                });
+            }
+            const lineage = asList(dataset.lineageParents);
+            if (lineage.length > 0) {
+                (0, iso42001_workflows_1.recordDataProvenanceProcess)({
+                    title: `Consolidated data provenance process: ${datasetId}`,
+                    owner,
+                    lineageMethod: 'legacy_lineage',
+                    systems: lineage,
+                    metadata: { source: 'legacy_data_governance', dataset },
+                });
+            }
+            const preparationSteps = asList(dataset.preparationSteps).map((item) => text(item?.description, 'prep_step'));
+            if (preparationSteps.length > 0) {
+                (0, iso42001_workflows_1.recordDataPreparationCriteria)({
+                    title: `Consolidated data preparation criteria: ${datasetId}`,
+                    owner,
+                    preparationSteps,
+                    acceptanceCriteria: asList(dataset.acceptanceCriteria).length > 0 ? asList(dataset.acceptanceCriteria) : ['legacy_criteria'],
+                    metadata: { source: 'legacy_data_governance', dataset },
+                });
+            }
+            counts.data_governance_records += 1;
+        }
+    }
+    catch (error) {
+        warnings.push(`data_governance_consolidation_failed: ${String(error)}`);
+    }
+    try {
+        const stakeholders = typeof stakeholdersModule.getAllStakeholders === 'function' ? stakeholdersModule.getAllStakeholders() : [];
+        for (const stakeholder of stakeholders) {
+            const owner = text(stakeholder.owner || stakeholder.name, ownerFallback);
+            const requirements = asList(stakeholder.informationRequirements);
+            (0, iso42001_workflows_1.recordTransparencyDisclosure)({
+                title: `Consolidated stakeholder disclosure: ${text(stakeholder.partyId, 'stakeholder')}`,
+                owner,
+                channels: [text(stakeholder.communicationChannel, 'email')],
+                disclosureScope: text(stakeholder.type, 'stakeholder_disclosure'),
+                metadata: { source: 'legacy_stakeholders', stakeholder },
+            });
+            (0, iso42001_workflows_1.recordResponsibleUseProcess)({
+                title: `Consolidated responsible use process: ${text(stakeholder.partyId, 'stakeholder')}`,
+                owner,
+                processSteps: requirements.length > 0 ? requirements : ['legacy_responsible_use_process'],
+                metadata: { source: 'legacy_stakeholders', stakeholder },
+            });
+            (0, iso42001_workflows_1.recordResponsibleUseObjectives)({
+                title: `Consolidated responsible use objectives: ${text(stakeholder.partyId, 'stakeholder')}`,
+                owner,
+                objectives: requirements.length > 0 ? requirements : ['legacy_responsible_use_objective'],
+                metadata: { source: 'legacy_stakeholders', stakeholder },
+            });
+            (0, iso42001_workflows_1.recordIntendedUseStatement)({
+                title: `Consolidated intended use statement: ${text(stakeholder.partyId, 'stakeholder')}`,
+                owner,
+                intendedUses: requirements.length > 0 ? requirements : ['legacy_intended_use'],
+                prohibitedUses: ['unspecified_out_of_scope_use'],
+                enforcementHooks: ['legacy_policy_enforcement'],
+                metadata: { source: 'legacy_stakeholders', stakeholder },
+            });
+            counts.stakeholder_records += 1;
+        }
+        const suppliers = typeof stakeholdersModule.getAllSuppliers === 'function' ? stakeholdersModule.getAllSuppliers() : [];
+        for (const supplier of suppliers) {
+            const owner = text(supplier.owner || supplier.name, ownerFallback);
+            const responsibilities = asList(supplier.responsibilities).map((item) => text(item?.description, 'responsibility'));
+            (0, iso42001_workflows_1.recordThirdPartyResponsibilityMatrix)({
+                title: `Consolidated third-party matrix: ${text(supplier.supplierId, 'supplier')}`,
+                owner,
+                responsibilityAllocations: responsibilities.length > 0 ? responsibilities : ['legacy_supplier_responsibility'],
+                metadata: { source: 'legacy_stakeholders', supplier },
+            });
+            (0, iso42001_workflows_1.recordSupplierAssurance)({
+                title: `Consolidated supplier assurance: ${text(supplier.supplierId, 'supplier')}`,
+                owner,
+                supplier: text(supplier.name, 'legacy_supplier'),
+                assuranceChecks: asList(supplier.assuranceChecks).length > 0 ? asList(supplier.assuranceChecks) : ['legacy_supplier_check'],
+                reviewOutcome: text(supplier.status, 'legacy_status'),
+                metadata: { source: 'legacy_stakeholders', supplier },
+            });
+            counts.stakeholder_records += 1;
+        }
+        const customers = typeof stakeholdersModule.getAllCustomers === 'function' ? stakeholdersModule.getAllCustomers() : [];
+        for (const customer of customers) {
+            const owner = text(customer.owner || customer.name, ownerFallback);
+            (0, iso42001_workflows_1.recordCustomerExpectationAlignment)({
+                title: `Consolidated customer alignment: ${text(customer.customerId, 'customer')}`,
+                owner,
+                customerSegments: asList(customer.segments).length > 0 ? asList(customer.segments) : [text(customer.name, 'customer')],
+                requirementMappings: asList(customer.requirements).length > 0 ? asList(customer.requirements) : ['legacy_customer_requirement'],
+                metadata: { source: 'legacy_stakeholders', customer },
+            });
+            counts.stakeholder_records += 1;
+        }
+        if (counts.stakeholder_records > 0) {
+            (0, iso42001_workflows_1.recordAdverseImpactReporting)({
+                title: 'Consolidated adverse impact reporting',
+                owner: ownerFallback,
+                channels: ['legacy_reporting_channel'],
+                triageSla: 'legacy_sla',
+                metadata: { source: 'legacy_stakeholders' },
+            });
+            (0, iso42001_workflows_1.recordIncidentCommunicationPlan)({
+                title: 'Consolidated incident communication plan',
+                owner: ownerFallback,
+                communicationMatrix: ['legacy_incident_matrix'],
+                escalationContacts: ['legacy_oncall'],
+                metadata: { source: 'legacy_stakeholders' },
+            });
+            (0, iso42001_workflows_1.recordReportingObligations)({
+                title: 'Consolidated reporting obligations',
+                owner: ownerFallback,
+                obligations: ['legacy_reporting_obligation'],
+                recipients: ['interested_parties'],
+                metadata: { source: 'legacy_stakeholders' },
+            });
+            (0, iso42001_workflows_1.recordPolicyAlignment)({
+                title: 'Consolidated policy alignment',
+                owner: ownerFallback,
+                alignedPolicies: ['legacy_policy'],
+                rationale: 'legacy consolidation',
+                metadata: { source: 'legacy_stakeholders' },
+            });
+        }
+    }
+    catch (error) {
+        warnings.push(`stakeholder_consolidation_failed: ${String(error)}`);
+    }
+    try {
+        const registry = typeof resourcesModule.getRegistry === 'function' ? resourcesModule.getRegistry() : null;
+        const inventories = registry && typeof registry.listInventories === 'function' ? registry.listInventories() : [];
+        for (const inventory of inventories) {
+            const owner = text(inventory.owner || inventory.name, ownerFallback);
+            (0, iso42001_workflows_1.recordResourceInventory)({
+                title: `Consolidated resource inventory: ${text(inventory.inventoryId, 'inventory')}`,
+                owner,
+                dataResources: asList(inventory.dataResources),
+                toolingResources: asList(inventory.toolingResources).map((item) => text(item?.name, 'tooling')),
+                computeResources: asList(inventory.computeResources).map((item) => text(item?.provider, 'compute')),
+                humanResources: asList(inventory.humanResources).map((item) => text(item?.role, 'role')),
+                metadata: { source: 'legacy_resources', inventory },
+            });
+            (0, iso42001_workflows_1.recordResourceCompetency)({
+                title: `Consolidated resource competency: ${text(inventory.inventoryId, 'inventory')}`,
+                owner,
+                roles: asList(inventory.humanResources).map((item) => text(item?.role, 'role')).length > 0
+                    ? asList(inventory.humanResources).map((item) => text(item?.role, 'role'))
+                    : ['legacy_role'],
+                requiredCompetencies: ['legacy_competency'],
+                trainingPlan: ['legacy_training_plan'],
+                metadata: { source: 'legacy_resources', inventory },
+            });
+            counts.resource_records += 1;
+        }
+        const policyReviews = registry && typeof registry.listPolicyReviews === 'function' ? registry.listPolicyReviews() : [];
+        for (const review of policyReviews) {
+            const owner = text(review.reviewer || review.policyName, ownerFallback);
+            const findings = asList(review.findings);
+            const recommendations = asList(review.recommendations);
+            const actions = asList(review.actionItems);
+            (0, iso42001_workflows_1.recordInternalAuditReport)({
+                title: `Consolidated internal audit: ${text(review.reviewId, 'review')}`,
+                owner,
+                auditScope: text(review.policyName, 'legacy_policy_scope'),
+                findings: findings.length > 0 ? findings : ['legacy_policy_review_finding'],
+                nonconformities: asList(review.nonconformities),
+                recommendations,
+                metadata: { source: 'legacy_resources', policy_review: review },
+            });
+            (0, iso42001_workflows_1.recordManagementReviewMinutes)({
+                title: `Consolidated management review: ${text(review.reviewId, 'review')}`,
+                owner,
+                attendees: [ownerFallback],
+                reviewTopics: [text(review.policyType, 'legacy_policy_review_topic')],
+                decisions: [text(review.policyStatus, 'legacy_policy_decision')],
+                actionItems: actions,
+                metadata: { source: 'legacy_resources', policy_review: review },
+            });
+            if (actions.length > 0) {
+                (0, iso42001_workflows_1.recordCorrectiveActionLog)({
+                    title: `Consolidated corrective action: ${text(review.reviewId, 'review')}`,
+                    owner,
+                    issueReference: text(review.reviewId, 'legacy_review_issue'),
+                    rootCause: text(review.policyStatus, 'legacy_root_cause'),
+                    correctiveActions: actions,
+                    preventiveActions: recommendations,
+                    status: text(review.status) === 'completed' ? 'closed' : 'open',
+                    metadata: { source: 'legacy_resources', policy_review: review },
+                });
+            }
+        }
+    }
+    catch (error) {
+        warnings.push(`resource_consolidation_failed: ${String(error)}`);
+    }
+    return {
+        consolidated_counts: counts,
+        total_consolidated: Object.values(counts).reduce((total, value) => total + value, 0),
+        warnings,
+    };
+}
+function identifyIso42001RemainingGaps(options) {
+    const catalog = options?.catalog || (0, control_backbone_1.loadDefaultIso42001Catalog)();
+    const targetCoverage = options?.targetCoverage ?? 0.9;
+    const report = (0, control_backbone_1.generateControlCoverageReport)({ catalog, targetCoverage });
+    const remainingRows = Array.isArray(report.controls)
+        ? report.controls.filter((row) => !row?.reportable)
+        : [];
+    const remainingControls = remainingRows
+        .map((row) => String(row.control_id || '').trim())
+        .filter(Boolean);
+    return {
+        summary: {
+            ...(report.summary || {}),
+            remaining_control_count: remainingControls.length,
+            target_coverage: targetCoverage,
+        },
+        remaining_controls: remainingRows.map((row) => ({
+            control_id: row.control_id,
+            status: row.status,
+            gaps: Array.isArray(row.gaps) ? row.gaps : [],
+            missing_evidence_types: Array.isArray(row.missing_evidence_types) ? row.missing_evidence_types : [],
+        })),
+        prioritized_missing_modules: (0, control_backbone_1.prioritizeMissingWorkflowModules)(remainingControls),
+    };
+}
+function consolidateAndIdentifyIso42001Gaps(options) {
+    return {
+        consolidation: consolidateLegacyIso42001Modules({ ownerFallback: options?.ownerFallback }),
+        gaps: identifyIso42001RemainingGaps({
+            catalog: options?.catalog,
+            targetCoverage: options?.targetCoverage,
+        }),
+    };
+}