monora-ai 2.0.0 → 2.1.3

package/dist/oversight.js

@@ -0,0 +1,497 @@
+"use strict";
+/**
+ * Human oversight tracking for EU AI Act Art.14 and ISO 42001 8.3 compliance.
+ *
+ * This module provides human review and override tracking for AI decisions,
+ * supporting EU AI Act Article 14 human oversight requirements and ISO 42001
+ * control 8.3.
+ *
+ * Cross-SDK Parity:
+ *   Both Python and Node.js SDKs provide identical human oversight APIs:
+ *   - recordHumanReview() / record_human_review()
+ *   - recordHumanOverride() / record_human_override()
+ *   - getPendingReviews() / get_pending_reviews()
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SqliteReviewStore = exports.MemoryReviewStore = void 0;
+exports.reviewToEventBody = reviewToEventBody;
+exports.overrideToEventBody = overrideToEventBody;
+exports.setReviewStore = setReviewStore;
+exports.recordHumanReview = recordHumanReview;
+exports.recordHumanOverride = recordHumanOverride;
+exports.requireReview = requireReview;
+exports.getPendingReviews = getPendingReviews;
+exports.getTimedOutReviews = getTimedOutReviews;
+exports.checkReviewRequired = checkReviewRequired;
+exports.getOversightSummary = getOversightSummary;
+exports.clearOversightData = clearOversightData;
+const crypto = __importStar(require("crypto"));
+/**
+ * Convert HumanReview to event body dictionary.
+ */
+function reviewToEventBody(review) {
+    const body = {
+        reviewed_event_id: review.reviewedEventId,
+        reviewer_id: review.reviewerId,
+        review_type: review.reviewType,
+        decision: review.decision,
+        timestamp: review.timestamp,
+    };
+    if (review.modifications) {
+        body.modifications = review.modifications;
+    }
+    if (review.reviewDurationMs !== undefined) {
+        body.review_duration_ms = review.reviewDurationMs;
+    }
+    if (review.reviewNotes) {
+        body.review_notes = review.reviewNotes;
+    }
+    if (review.complianceFlags.length > 0) {
+        body.compliance_flags = review.complianceFlags;
+    }
+    return body;
+}
+/**
+ * Convert HumanOverride to event body dictionary.
+ */
+function overrideToEventBody(override) {
+    const body = {
+        overridden_event_id: override.overriddenEventId,
+        override_reason: override.overrideReason,
+        timestamp: override.timestamp,
+    };
+    if (override.originalOutputHash) {
+        body.original_output_hash = override.originalOutputHash;
+    }
+    if (override.correctedOutputHash) {
+        body.corrected_output_hash = override.correctedOutputHash;
+    }
+    if (override.overrideAuthority) {
+        body.override_authority = override.overrideAuthority;
+    }
+    return body;
+}
+const DEFAULT_COMPLETED_REVIEW_TTL_MS = 30 * 24 * 60 * 60 * 1000;
+/**
+ * In-memory store for oversight reviews.
+ *
+ * Note: This is single-instance only. For production/distributed use, supply
+ * a persistent store via setReviewStore (e.g., SqliteReviewStore or Redis).
+ */
+class MemoryReviewStore {
+    constructor(options) {
+        this.pendingReviews = new Map();
+        this.completedReviews = [];
+        this.overrides = [];
+        this.completedTtlMs = options?.completedTtlMs ?? DEFAULT_COMPLETED_REVIEW_TTL_MS;
+    }
+    addPendingReview(review) {
+        this.pendingReviews.set(review.eventId, review);
+    }
+    removePendingReview(eventId) {
+        this.pendingReviews.delete(eventId);
+    }
+    listPendingReviews() {
+        return Array.from(this.pendingReviews.values());
+    }
+    listTimedOutReviews(now) {
+        return this.listPendingReviews().filter((review) => review.timeoutAt < now);
+    }
+    addCompletedReview(review) {
+        this.pruneCompletedReviews(Date.now());
+        this.completedReviews.push(review);
+    }
+    listCompletedReviews() {
+        this.pruneCompletedReviews(Date.now());
+        return [...this.completedReviews];
+    }
+    addOverride(override) {
+        this.overrides.push(override);
+    }
+    listOverrides() {
+        return [...this.overrides];
+    }
+    clear() {
+        this.pendingReviews.clear();
+        this.completedReviews = [];
+        this.overrides = [];
+    }
+    pruneCompletedReviews(now) {
+        if (this.completedTtlMs <= 0) {
+            return;
+        }
+        const cutoff = now - this.completedTtlMs;
+        this.completedReviews = this.completedReviews.filter((review) => {
+            const timestampMs = Date.parse(review.timestamp);
+            if (Number.isNaN(timestampMs)) {
+                return true;
+            }
+            return timestampMs >= cutoff;
+        });
+    }
+}
+exports.MemoryReviewStore = MemoryReviewStore;
+/**
+ * SQLite-backed persistent review store (requires better-sqlite3).
+ */
+class SqliteReviewStore {
+    constructor(dbPath, options) {
+        let Database;
+        try {
+            // eslint-disable-next-line @typescript-eslint/no-var-requires
+            Database = require('better-sqlite3');
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            throw new Error(`SqliteReviewStore requires better-sqlite3. ${message}`);
+        }
+        this.db = new Database(dbPath);
+        this.completedTtlMs = options?.completedTtlMs ?? DEFAULT_COMPLETED_REVIEW_TTL_MS;
+        this.db.exec(`
+      CREATE TABLE IF NOT EXISTS pending_reviews (
+        event_id TEXT PRIMARY KEY,
+        trace_id TEXT,
+        event_type TEXT,
+        model TEXT,
+        risk_level TEXT,
+        created_at INTEGER,
+        timeout_at INTEGER
+      );
+      CREATE TABLE IF NOT EXISTS completed_reviews (
+        reviewed_event_id TEXT,
+        reviewer_id TEXT,
+        review_type TEXT,
+        decision TEXT,
+        modifications TEXT,
+        review_duration_ms INTEGER,
+        review_notes TEXT,
+        compliance_flags TEXT,
+        timestamp TEXT,
+        timestamp_ms INTEGER
+      );
+      CREATE TABLE IF NOT EXISTS overrides (
+        overridden_event_id TEXT,
+        override_reason TEXT,
+        original_output_hash TEXT,
+        corrected_output_hash TEXT,
+        override_authority TEXT,
+        timestamp TEXT
+      );
+    `);
+    }
+    addPendingReview(review) {
+        this.db.prepare(`
+      INSERT OR REPLACE INTO pending_reviews
+      (event_id, trace_id, event_type, model, risk_level, created_at, timeout_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?)
+    `).run(review.eventId, review.traceId ?? null, review.eventType, review.model ?? null, review.riskLevel ?? null, review.createdAt, review.timeoutAt);
+    }
+    removePendingReview(eventId) {
+        this.db.prepare('DELETE FROM pending_reviews WHERE event_id = ?').run(eventId);
+    }
+    listPendingReviews() {
+        const rows = this.db.prepare('SELECT * FROM pending_reviews').all();
+        return rows.map((row) => ({
+            eventId: row.event_id,
+            traceId: row.trace_id ?? undefined,
+            eventType: row.event_type,
+            model: row.model ?? undefined,
+            riskLevel: row.risk_level ?? undefined,
+            createdAt: row.created_at,
+            timeoutAt: row.timeout_at,
+        }));
+    }
+    listTimedOutReviews(now) {
+        const rows = this.db
+            .prepare('SELECT * FROM pending_reviews WHERE timeout_at < ?')
+            .all(now);
+        return rows.map((row) => ({
+            eventId: row.event_id,
+            traceId: row.trace_id ?? undefined,
+            eventType: row.event_type,
+            model: row.model ?? undefined,
+            riskLevel: row.risk_level ?? undefined,
+            createdAt: row.created_at,
+            timeoutAt: row.timeout_at,
+        }));
+    }
+    addCompletedReview(review) {
+        const timestampMs = Date.parse(review.timestamp);
+        this.db.prepare(`
+      INSERT INTO completed_reviews
+      (reviewed_event_id, reviewer_id, review_type, decision, modifications, review_duration_ms,
+       review_notes, compliance_flags, timestamp, timestamp_ms)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `).run(review.reviewedEventId, review.reviewerId, review.reviewType, review.decision, review.modifications ?? null, review.reviewDurationMs ?? null, review.reviewNotes ?? null, JSON.stringify(review.complianceFlags || []), review.timestamp, Number.isNaN(timestampMs) ? null : timestampMs);
+        this.pruneCompletedReviews(Date.now());
+    }
+    listCompletedReviews() {
+        this.pruneCompletedReviews(Date.now());
+        const rows = this.db.prepare('SELECT * FROM completed_reviews').all();
+        return rows.map((row) => ({
+            reviewedEventId: row.reviewed_event_id,
+            reviewerId: row.reviewer_id,
+            reviewType: row.review_type,
+            decision: row.decision,
+            modifications: row.modifications ?? undefined,
+            reviewDurationMs: row.review_duration_ms ?? undefined,
+            reviewNotes: row.review_notes ?? undefined,
+            complianceFlags: this.parseComplianceFlags(row.compliance_flags),
+            timestamp: row.timestamp,
+        }));
+    }
+    addOverride(override) {
+        this.db.prepare(`
+      INSERT INTO overrides
+      (overridden_event_id, override_reason, original_output_hash, corrected_output_hash,
+       override_authority, timestamp)
+      VALUES (?, ?, ?, ?, ?, ?)
+    `).run(override.overriddenEventId, override.overrideReason, override.originalOutputHash ?? null, override.correctedOutputHash ?? null, override.overrideAuthority ?? null, override.timestamp);
+    }
+    listOverrides() {
+        const rows = this.db.prepare('SELECT * FROM overrides').all();
+        return rows.map((row) => ({
+            overriddenEventId: row.overridden_event_id,
+            overrideReason: row.override_reason,
+            originalOutputHash: row.original_output_hash ?? undefined,
+            correctedOutputHash: row.corrected_output_hash ?? undefined,
+            overrideAuthority: row.override_authority ?? undefined,
+            timestamp: row.timestamp,
+        }));
+    }
+    clear() {
+        this.db.exec('DELETE FROM pending_reviews; DELETE FROM completed_reviews; DELETE FROM overrides;');
+    }
+    pruneCompletedReviews(now) {
+        if (this.completedTtlMs <= 0) {
+            return;
+        }
+        const cutoff = now - this.completedTtlMs;
+        this.db.prepare('DELETE FROM completed_reviews WHERE timestamp_ms IS NOT NULL AND timestamp_ms < ?')
+            .run(cutoff);
+    }
+    parseComplianceFlags(value) {
+        if (!value) {
+            return [];
+        }
+        try {
+            const parsed = JSON.parse(value);
+            return Array.isArray(parsed) ? parsed : [];
+        }
+        catch {
+            return [];
+        }
+    }
+}
+exports.SqliteReviewStore = SqliteReviewStore;
+let reviewStore = new MemoryReviewStore();
+function setReviewStore(store) {
+    reviewStore = store;
+}
+/**
+ * Record a human review of an AI decision.
+ *
+ * @param reviewedEventId - ID of the event being reviewed.
+ * @param reviewerId - ID of the human reviewer.
+ * @param reviewType - Type of review (approval, rejection, modification, escalation).
+ * @param decision - Review decision (approved, rejected, modified, escalated).
+ * @param options - Additional options.
+ * @returns The created HumanReview.
+ *
+ * @example
+ * ```typescript
+ * recordHumanReview(
+ *   'evt_123',
+ *   'usr_456',
+ *   'approval',
+ *   'approved',
+ *   { notes: 'Verified output accuracy' }
+ * );
+ * ```
+ */
+function recordHumanReview(reviewedEventId, reviewerId, reviewType, decision, options = {}) {
+    const review = {
+        reviewedEventId,
+        reviewerId,
+        reviewType,
+        decision,
+        modifications: options.modifications,
+        reviewDurationMs: options.reviewDurationMs,
+        reviewNotes: options.notes,
+        complianceFlags: options.complianceFlags || [],
+        timestamp: new Date().toISOString(),
+    };
+    reviewStore.addCompletedReview(review);
+    reviewStore.removePendingReview(reviewedEventId);
+    return review;
+}
+/**
+ * Record a human override of an AI output.
+ *
+ * @param overriddenEventId - ID of the event being overridden.
+ * @param overrideReason - Reason for the override.
+ * @param options - Additional options.
+ * @returns The created HumanOverride.
+ *
+ * @example
+ * ```typescript
+ * recordHumanOverride(
+ *   'evt_123',
+ *   'Incorrect recommendation',
+ *   { overrideAuthority: 'supervisor' }
+ * );
+ * ```
+ */
+function recordHumanOverride(overriddenEventId, overrideReason, options = {}) {
+    let originalHash;
+    let correctedHash;
+    if (options.originalOutput) {
+        const hash = crypto.createHash('sha256').update(options.originalOutput).digest('hex');
+        originalHash = `sha256:${hash}`;
+    }
+    if (options.correctedOutput) {
+        const hash = crypto.createHash('sha256').update(options.correctedOutput).digest('hex');
+        correctedHash = `sha256:${hash}`;
+    }
+    const override = {
+        overriddenEventId,
+        overrideReason,
+        originalOutputHash: originalHash,
+        correctedOutputHash: correctedHash,
+        overrideAuthority: options.overrideAuthority,
+        timestamp: new Date().toISOString(),
+    };
+    reviewStore.addOverride(override);
+    return override;
+}
+/**
+ * Mark an event as requiring human review.
+ *
+ * @param eventId - ID of the event requiring review.
+ * @param options - Additional options.
+ * @returns The created PendingReview.
+ */
+function requireReview(eventId, options = {}) {
+    const config = options.config || {};
+    const oversightConfig = config.human_oversight || {};
+    const timeoutHours = oversightConfig.review_timeout_hours ?? 24;
+    const now = Date.now();
+    const pending = {
+        eventId,
+        traceId: options.traceId,
+        eventType: options.eventType || 'llm_call',
+        model: options.model,
+        riskLevel: options.riskLevel,
+        createdAt: now,
+        timeoutAt: now + timeoutHours * 3600 * 1000,
+    };
+    reviewStore.addPendingReview(pending);
+    return pending;
+}
+/**
+ * Get all events pending human review.
+ */
+function getPendingReviews() {
+    return reviewStore.listPendingReviews();
+}
+/**
+ * Get reviews that have timed out.
+ */
+function getTimedOutReviews() {
+    return reviewStore.listTimedOutReviews(Date.now());
+}
+/**
+ * Check if an event requires human review based on config.
+ *
+ * @param eventType - Type of event.
+ * @param model - Model used.
+ * @param riskLevel - Risk level of the event.
+ * @param config - Optional config.
+ * @returns True if review is required.
+ */
+function checkReviewRequired(eventType, model, riskLevel, config) {
+    const oversightConfig = config?.human_oversight;
+    if (!oversightConfig?.enabled) {
+        return false;
+    }
+    const requireFor = oversightConfig.require_review_for || [];
+    if (requireFor.length === 0) {
+        return false;
+    }
+    for (const condition of requireFor) {
+        if (condition.risk_level && riskLevel !== condition.risk_level) {
+            continue;
+        }
+        if (condition.event_type && eventType !== condition.event_type) {
+            continue;
+        }
+        if (condition.tool_name && model !== condition.tool_name) {
+            continue;
+        }
+        return true;
+    }
+    return false;
+}
+/**
+ * Get summary of human oversight for reporting.
+ *
+ * @returns Summary dict for compliance reports.
+ */
+function getOversightSummary() {
+    const completed = reviewStore.listCompletedReviews();
+    const pending = reviewStore.listPendingReviews();
+    const overrides = reviewStore.listOverrides();
+    const timedOut = reviewStore.listTimedOutReviews(Date.now());
+    const reviewTimes = completed
+        .filter((r) => r.reviewDurationMs !== undefined)
+        .map((r) => r.reviewDurationMs);
+    const avgReviewTime = reviewTimes.length > 0
+        ? reviewTimes.reduce((a, b) => a + b, 0) / reviewTimes.length
+        : null;
+    return {
+        reviews_completed: completed.length,
+        reviews_pending: pending.length,
+        overrides: overrides.length,
+        average_review_time_ms: avgReviewTime,
+        timed_out_reviews: timedOut.length,
+    };
+}
+/**
+ * Clear all oversight tracking data.
+ */
+function clearOversightData() {
+    reviewStore.clear();
+}

package/dist/pdf_report.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pdf_report.d.ts","sourceRoot":"","sources":["../src/pdf_report.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAUH,QAAA,IAAI,mBAAmB,SAAQ,CAAC;AAWhC,OAAO,EAAE,mBAAmB,EAAE,CAAC;AAE/B;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,EAAE,MAAM;CAI5B;AAkMD,UAAU,gBAAgB;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAC9C,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,UAAU,CAAC,EAAE,KAAK,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC,CAAC;IACH,WAAW,CAAC,EAAE;QACZ,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,uBAAuB,CAAC,EAAE,MAAM,CAAC;KAClC,CAAC;IACF,gBAAgB,CAAC,EAAE;QACjB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC/B,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;QACpC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;KAChC,CAAC;CACH;AAED,UAAU,WAAW;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7C,UAAU,CAAC,EAAE,KAAK,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;KACzB,CAAC,CAAC;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,uBAAuB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjD,uBAAuB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClD;AAED,UAAU,SAAS;IACjB,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AA4XD;;;;;;;;GAQG;AACH,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,gBAAgB,EACxB,UAAU,EAAE,MAAM,EAClB,MAAM,CAAC,EAAE,SAAS,GACjB,OAAO,CAAC,MAAM,CAAC,CAiDjB;AAED;;;;;;;GAOG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,WAAW,EACnB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC,CAiDjB;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAIxD"}
+{"version":3,"file":"pdf_report.d.ts","sourceRoot":"","sources":["../src/pdf_report.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAUH,QAAA,IAAI,mBAAmB,SAAQ,CAAC;AAWhC,OAAO,EAAE,mBAAmB,EAAE,CAAC;AAE/B;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,EAAE,MAAM;CAI5B;AAkMD,UAAU,gBAAgB;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAC9C,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,UAAU,CAAC,EAAE,KAAK,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC,CAAC;IACH,WAAW,CAAC,EAAE;QACZ,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,uBAAuB,CAAC,EAAE,MAAM,CAAC;KAClC,CAAC;IACF,gBAAgB,CAAC,EAAE;QACjB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC/B,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;QACpC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;KAChC,CAAC;CACH;AAED,UAAU,WAAW;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7C,UAAU,CAAC,EAAE,KAAK,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;KACzB,CAAC,CAAC;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,uBAAuB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjD,uBAAuB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClD;AAED,UAAU,SAAS;IACjB,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAoZD;;;;;;;;GAQG;AACH,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,gBAAgB,EACxB,UAAU,EAAE,MAAM,EAClB,MAAM,CAAC,EAAE,SAAS,GACjB,OAAO,CAAC,MAAM,CAAC,CAiDjB;AAED;;;;;;;GAOG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,WAAW,EACnB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC,CAiDjB;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAIxD"}

package/dist/pdf_report.js

@@ -275,11 +275,19 @@ function formatDate(isoDate) {
         return isoDate;
     }
 }
+function htmlEscape(value) {
+    return value
+        .replace(/&/g, '&')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;')
+        .replace(/'/g, '&#39;');
+}
 /**
  * Generate HTML for compliance report.
  */
 function generateComplianceHtml(report, config) {
-    const orgName = config?.organization_name || 'Organization';
+    const orgName = htmlEscape(String(config?.organization_name || 'Organization'));
     const totalEvents = report.total_events || 0;
     const traces = report.traces || 0;
     const dateRange = report.date_range || {};
@@ -288,8 +296,8 @@ function generateComplianceHtml(report, config) {
     const violations = report.violations || [];
     const tokenUsage = report.token_usage || {};
     const modelCompliance = report.model_compliance || {};
-    const startDate = formatDate(dateRange.start);
-    const endDate = formatDate(dateRange.end);
+    const startDate = htmlEscape(formatDate(dateRange.start));
+    const endDate = htmlEscape(formatDate(dateRange.end));
     // Build event type rows
     let eventTypeRows = '';
     const sortedEventTypes = Object.entries(byEventType).sort((a, b) => b[1] - a[1]);
@@ -297,7 +305,7 @@ function generateComplianceHtml(report, config) {
         const pct = totalEvents > 0 ? (count / totalEvents) * 100 : 0;
         eventTypeRows += `
       <tr>
-        <td>${eventType}</td>
+        <td>${htmlEscape(String(eventType))}</td>
         <td>${formatNumber(count)}</td>
         <td>
           <div class="metric-bar">
@@ -314,7 +322,7 @@ function generateComplianceHtml(report, config) {
     for (const [model, count] of sortedModels) {
         modelRows += `
       <tr>
-        <td>${model}</td>
+        <td>${htmlEscape(String(model))}</td>
         <td>${formatNumber(count)}</td>
       </tr>
     `;
@@ -324,12 +332,16 @@ function generateComplianceHtml(report, config) {
     if (violations.length > 0) {
         violationsHtml = '<div class="violation-list"><h4>Policy Violations</h4>';
         for (const v of violations.slice(0, 20)) {
+            const safeTimestamp = htmlEscape(String(v.timestamp || 'N/A'));
+            const safeModel = htmlEscape(String(v.model || 'N/A'));
+            const safePolicy = htmlEscape(String(v.policy || 'N/A'));
+            const safeMessage = htmlEscape(String(v.message || ''));
             violationsHtml += `
         <div class="violation-item">
-          <strong>${v.timestamp || 'N/A'}</strong> -
-          Model: <code>${v.model || 'N/A'}</code> |
-          Policy: ${v.policy || 'N/A'} |
-          ${v.message || ''}
+          <strong>${safeTimestamp}</strong> -
+          Model: <code>${safeModel}</code> |
+          Policy: ${safePolicy} |
+          ${safeMessage}
         </div>
       `;
         }
@@ -344,6 +356,12 @@ function generateComplianceHtml(report, config) {
     const allowedModels = modelCompliance.allowed_models_used || [];
     const forbiddenBlocked = modelCompliance.forbidden_models_blocked || [];
     const unknownModels = modelCompliance.unknown_models_used || [];
+    const allowedModelsLabel = allowedModels.length
+        ? allowedModels.map((model) => htmlEscape(String(model))).join(', ')
+        : 'None';
+    const unknownModelsLabel = unknownModels.length
+        ? unknownModels.map((model) => htmlEscape(String(model))).join(', ')
+        : 'None';
     const complianceStatus = violations.length === 0 && forbiddenBlocked.length === 0
         ? 'success'
         : violations.length < 5
@@ -447,11 +465,11 @@ function generateComplianceHtml(report, config) {
       <div class="two-column">
         <div class="card">
           <h4>Allowed Models Used</h4>
-          <p>${allowedModels.join(', ') || 'None'}</p>
+          <p>${allowedModelsLabel}</p>
         </div>
         <div class="card">
           <h4>Unknown Models</h4>
-          <p>${unknownModels.join(', ') || 'None'}</p>
+          <p>${unknownModelsLabel}</p>
         </div>
       </div>
 
@@ -467,9 +485,9 @@ function generateComplianceHtml(report, config) {
  * Generate HTML for AI Act transparency report.
  */
 function generateAIActHtml(report) {
-    const orgName = report.organizationName || 'Organization';
-    const periodStart = report.reportingPeriodStart || 'N/A';
-    const periodEnd = report.reportingPeriodEnd || 'N/A';
+    const orgName = htmlEscape(String(report.organizationName || 'Organization'));
+    const periodStart = htmlEscape(String(report.reportingPeriodStart || 'N/A'));
+    const periodEnd = htmlEscape(String(report.reportingPeriodEnd || 'N/A'));
     const totalInteractions = report.totalAiInteractions || 0;
     const uniqueModels = report.uniqueModelsUsed || 0;
     const uniqueTraces = report.uniqueTraces || 0;
@@ -494,12 +512,15 @@ function generateAIActHtml(report) {
     let modelRows = '';
     for (const model of modelsUsed) {
         const riskCat = model.riskCategory || 'limited';
-        const caps = (model.capabilities || []).slice(0, 3).join(', ') || 'N/A';
+        const riskLabel = htmlEscape(String(riskCat).toUpperCase());
+        const safeModel = htmlEscape(String(model.model || 'N/A'));
+        const safeProvider = htmlEscape(String(model.provider || 'N/A'));
+        const caps = htmlEscape(String((model.capabilities || []).slice(0, 3).join(', ') || 'N/A'));
         modelRows += `
       <tr>
-        <td>${model.model || 'N/A'}</td>
-        <td>${model.provider || 'N/A'}</td>
-        <td><span class="status-badge risk-${riskCat}">${riskCat.toUpperCase()}</span></td>
+        <td>${safeModel}</td>
+        <td>${safeProvider}</td>
+        <td><span class="status-badge risk-${riskCat}">${riskLabel}</span></td>
         <td>${formatNumber(model.callCount || 0)}</td>
         <td>${caps}</td>
       </tr>
@@ -511,7 +532,7 @@ function generateAIActHtml(report) {
     for (const [classification, count] of sortedClassifications) {
         classificationRows += `
       <tr>
-        <td>${classification}</td>
+        <td>${htmlEscape(String(classification))}</td>
         <td>${formatNumber(count)}</td>
       </tr>
     `;
@@ -521,10 +542,10 @@ function generateAIActHtml(report) {
     if (highRisk.length > 0 || unacceptableRisk.length > 0) {
         warningsHtml = '<div class="violation-list"><h4>⚠️ Risk Warnings</h4>';
         if (unacceptableRisk.length > 0) {
-            warningsHtml += `<p class="status-badge status-error">UNACCEPTABLE RISK: ${unacceptableRisk.join(', ')}</p>`;
+            warningsHtml += `<p class="status-badge status-error">UNACCEPTABLE RISK: ${unacceptableRisk.map((model) => htmlEscape(String(model))).join(', ')}</p>`;
         }
         if (highRisk.length > 0) {
-            warningsHtml += `<p class="status-badge status-warning">HIGH RISK: ${highRisk.join(', ')}</p>`;
+            warningsHtml += `<p class="status-badge status-warning">HIGH RISK: ${highRisk.map((model) => htmlEscape(String(model))).join(', ')}</p>`;
         }
         warningsHtml += '</div>';
     }