npm - monora-ai - Versions diffs - 2.1.0 → 2.1.3 - Mend

monora-ai 2.1.0 → 2.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (184) hide show

package/README.md +333 -159
package/dist/aims_governance.d.ts +238 -0
package/dist/aims_governance.d.ts.map +1 -0
package/dist/aims_governance.js +922 -0
package/dist/alerts.d.ts +16 -0
package/dist/alerts.d.ts.map +1 -1
package/dist/alerts.js +16 -0
package/dist/api.d.ts +6 -0
package/dist/api.d.ts.map +1 -1
package/dist/api.js +6 -0
package/dist/assessment.d.ts +85 -0
package/dist/assessment.d.ts.map +1 -1
package/dist/assessment.js +506 -13
package/dist/attribution.d.ts +44 -3
package/dist/attribution.d.ts.map +1 -1
package/dist/attribution.js +197 -10
package/dist/autodetect.d.ts +68 -0
package/dist/autodetect.d.ts.map +1 -1
package/dist/autodetect.js +639 -0
package/dist/bias.d.ts +130 -0
package/dist/bias.d.ts.map +1 -0
package/dist/bias.js +223 -0
package/dist/cli/diagnostics.d.ts +5 -1
package/dist/cli/diagnostics.d.ts.map +1 -1
package/dist/cli/diagnostics.js +23 -6
package/dist/cli/doctor.d.ts +25 -0
package/dist/cli/doctor.d.ts.map +1 -0
package/dist/cli/doctor.js +381 -0
package/dist/cli/fix.d.ts +16 -0
package/dist/cli/fix.d.ts.map +1 -0
package/dist/cli/fix.js +284 -0
package/dist/cli/init.d.ts +57 -0
package/dist/cli/init.d.ts.map +1 -0
package/dist/cli/init.js +205 -0
package/dist/cli.js +1550 -176
package/dist/complianceTargets.d.ts +111 -0
package/dist/complianceTargets.d.ts.map +1 -0
package/dist/complianceTargets.js +521 -0
package/dist/config.d.ts +261 -16
package/dist/config.d.ts.map +1 -1
package/dist/config.js +381 -32
package/dist/config_migrations.d.ts.map +1 -1
package/dist/config_migrations.js +38 -1
package/dist/config_schema.d.ts +2490 -1035
package/dist/config_schema.d.ts.map +1 -1
package/dist/config_schema.js +233 -64
package/dist/context.d.ts +34 -0
package/dist/context.d.ts.map +1 -1
package/dist/context.js +118 -7
package/dist/control_backbone.d.ts +122 -0
package/dist/control_backbone.d.ts.map +1 -0
package/dist/control_backbone.js +698 -0
package/dist/data-governance.d.ts +187 -0
package/dist/data-governance.d.ts.map +1 -0
package/dist/data-governance.js +424 -0
package/dist/dataResidency.d.ts +44 -0
package/dist/dataResidency.d.ts.map +1 -0
package/dist/dataResidency.js +203 -0
package/dist/dispatcher.d.ts.map +1 -1
package/dist/dispatcher.js +17 -5
package/dist/evidence_store.d.ts +103 -0
package/dist/evidence_store.d.ts.map +1 -0
package/dist/evidence_store.js +459 -0
package/dist/executiveSummary.d.ts +15 -0
package/dist/executiveSummary.d.ts.map +1 -1
package/dist/executiveSummary.js +135 -22
package/dist/identity.d.ts +143 -0
package/dist/identity.d.ts.map +1 -0
package/dist/identity.js +231 -0
package/dist/impact-assessment.d.ts +350 -0
package/dist/impact-assessment.d.ts.map +1 -0
package/dist/impact-assessment.js +580 -0
package/dist/index.d.ts +20 -4
package/dist/index.d.ts.map +1 -1
package/dist/index.js +247 -5
package/dist/instrumentation.d.ts +1 -1
package/dist/instrumentation.d.ts.map +1 -1
package/dist/instrumentation.js +123 -22
package/dist/integrations/anthropic.d.ts +3 -0
package/dist/integrations/anthropic.d.ts.map +1 -1
package/dist/integrations/anthropic.js +282 -80
package/dist/integrations/governance.d.ts +33 -0
package/dist/integrations/governance.d.ts.map +1 -0
package/dist/integrations/governance.js +208 -0
package/dist/integrations/langchain.d.ts +4 -0
package/dist/integrations/langchain.d.ts.map +1 -1
package/dist/integrations/langchain.js +362 -142
package/dist/integrations/openai.d.ts +9 -0
package/dist/integrations/openai.d.ts.map +1 -1
package/dist/integrations/openai.js +673 -73
package/dist/iso42001_consolidation.d.ts +16 -0
package/dist/iso42001_consolidation.d.ts.map +1 -0
package/dist/iso42001_consolidation.js +413 -0
package/dist/iso42001_workflows.d.ts +263 -0
package/dist/iso42001_workflows.d.ts.map +1 -0
package/dist/iso42001_workflows.js +781 -0
package/dist/lifecycle.d.ts +299 -0
package/dist/lifecycle.d.ts.map +1 -0
package/dist/lifecycle.js +624 -0
package/dist/lineage.d.ts +2 -2
package/dist/lineage.d.ts.map +1 -1
package/dist/lineage.js +9 -16
package/dist/middleware/express.d.ts.map +1 -1
package/dist/middleware/express.js +18 -3
package/dist/middleware/nextjs.js +2 -2
package/dist/model.d.ts +143 -0
package/dist/model.d.ts.map +1 -0
package/dist/model.js +371 -0
package/dist/onboarding.d.ts +42 -0
package/dist/onboarding.d.ts.map +1 -0
package/dist/onboarding.js +1022 -0
package/dist/oversight.d.ts +264 -0
package/dist/oversight.d.ts.map +1 -0
package/dist/oversight.js +497 -0
package/dist/presets.js +7 -7
package/dist/quotas.d.ts +171 -0
package/dist/quotas.d.ts.map +1 -0
package/dist/quotas.js +259 -0
package/dist/register.d.ts +13 -0
package/dist/register.d.ts.map +1 -0
package/dist/register.js +99 -0
package/dist/registry.d.ts +1 -0
package/dist/registry.d.ts.map +1 -1
package/dist/registry.js +7 -0
package/dist/registryData.json +43 -6
package/dist/report.d.ts +2 -1
package/dist/report.d.ts.map +1 -1
package/dist/report.js +189 -2
package/dist/reporting.d.ts +125 -0
package/dist/reporting.d.ts.map +1 -1
package/dist/reporting.js +192 -2
package/dist/resources.d.ts +285 -0
package/dist/resources.d.ts.map +1 -0
package/dist/resources.js +643 -0
package/dist/risk.d.ts +120 -0
package/dist/risk.d.ts.map +1 -0
package/dist/risk.js +220 -0
package/dist/runtime.d.ts +73 -0
package/dist/runtime.d.ts.map +1 -1
package/dist/runtime.js +415 -18
package/dist/schemaInference.d.ts +92 -0
package/dist/schemaInference.d.ts.map +1 -0
package/dist/schemaInference.js +466 -0
package/dist/schema_validation.js +2 -2
package/dist/schemas/config.schema.json +118 -4
package/dist/security_report.js +4 -4
package/dist/signing.d.ts +1 -1
package/dist/signing.d.ts.map +1 -1
package/dist/signing.js +4 -0
package/dist/sinks/file.d.ts +19 -1
package/dist/sinks/file.d.ts.map +1 -1
package/dist/sinks/file.js +82 -13
package/dist/sinks/https.d.ts +10 -0
package/dist/sinks/https.d.ts.map +1 -1
package/dist/sinks/https.js +76 -16
package/dist/sinks/stdout.d.ts +1 -0
package/dist/sinks/stdout.d.ts.map +1 -1
package/dist/sinks/stdout.js +12 -1
package/dist/spec.d.ts +159 -0
package/dist/spec.d.ts.map +1 -0
package/dist/spec.js +391 -0
package/dist/stakeholders.d.ts +199 -0
package/dist/stakeholders.d.ts.map +1 -0
package/dist/stakeholders.js +398 -0
package/dist/standards.d.ts.map +1 -1
package/dist/standards.js +160 -2
package/dist/standards_ingest.d.ts.map +1 -1
package/dist/standards_ingest.js +1 -4
package/dist/telemetry.d.ts +16 -2
package/dist/telemetry.d.ts.map +1 -1
package/dist/telemetry.js +77 -14
package/dist/templates/controls/iso42001_control_catalog.json +1443 -0
package/dist/traced_emitter.d.ts.map +1 -1
package/dist/traced_emitter.js +19 -9
package/dist/trust_package.d.ts +19 -1
package/dist/trust_package.d.ts.map +1 -1
package/dist/trust_package.js +89 -2
package/dist/verify.d.ts.map +1 -1
package/dist/verify.js +9 -2
package/dist/wal.d.ts.map +1 -1
package/dist/wal.js +2 -1
package/package.json +14 -1
package/scripts/postinstall.js +105 -210
package/templates/controls/iso42001_control_catalog.json +1443 -0

package/dist/complianceTargets.d.ts ADDED Viewed

@@ -0,0 +1,111 @@
+/**
+ * Compliance Targets - Framework targeting and enrichment mapping.
+ *
+ * Provides compliance framework definitions and automatic configuration
+ * based on selected compliance targets (ISO 42001, SOC 2, GDPR).
+ */
+import { EnrichmentConfig } from './spec';
+/**
+ * Supported compliance frameworks.
+ */
+export type ComplianceFramework = 'gdpr' | 'soc2' | 'iso42001' | 'eu_ai_act' | 'hipaa' | 'iso27001' | 'pci_dss' | 'nist_ai_rmf';
+/**
+ * SOC 2 Trust Services Criteria categories.
+ * Based on AICPA Trust Services Criteria (2017).
+ */
+export type Soc2TrustPrinciple = 'security' | 'availability' | 'processing_integrity' | 'confidentiality' | 'privacy';
+/**
+ * SOC 2 Common Criteria control families.
+ */
+export type Soc2ControlFamily = 'CC1' | 'CC2' | 'CC3' | 'CC4' | 'CC5' | 'CC6' | 'CC7' | 'CC8' | 'CC9';
+/**
+ * GDPR Articles relevant to AI systems.
+ */
+export type GdprArticle = 'art5' | 'art6' | 'art7' | 'art12' | 'art13' | 'art14' | 'art15' | 'art16' | 'art17' | 'art18' | 'art20' | 'art21' | 'art22' | 'art25' | 'art30' | 'art32' | 'art33' | 'art35';
+/**
+ * ISO 42001 Annex A control areas.
+ */
+export type Iso42001ControlArea = 'A2' | 'A3' | 'A4' | 'A5' | 'A6' | 'A7' | 'A8' | 'A9' | 'A10';
+/**
+ * Framework metadata including descriptions and control mappings.
+ */
+export interface FrameworkMetadata {
+    name: string;
+    description: string;
+    version: string;
+    enforcementDate?: string;
+    controlAreas: string[];
+    enrichments: Partial<EnrichmentConfig>;
+    configRequirements: Record<string, any>;
+}
+/**
+ * SOC 2 control to enrichment mapping.
+ */
+export declare const SOC2_CONTROL_MAPPINGS: Record<Soc2ControlFamily, string[]>;
+/**
+ * GDPR article to enrichment mapping.
+ */
+export declare const GDPR_ARTICLE_MAPPINGS: Record<GdprArticle, string[]>;
+/**
+ * ISO 42001 control area to enrichment mapping.
+ */
+export declare const ISO42001_CONTROL_MAPPINGS: Record<Iso42001ControlArea, string[]>;
+/**
+ * Compliance targets configuration.
+ */
+export interface ComplianceTargets {
+    /** Selected compliance frameworks */
+    frameworks: ComplianceFramework[];
+    /** Report output formats */
+    reportFormats?: ('json' | 'markdown' | 'pdf')[];
+    /** Report generation frequency */
+    reportFrequency?: 'per_trace' | 'daily' | 'weekly' | 'monthly';
+    /** Output directory for reports */
+    outputDirectory?: string;
+    /** SOC 2 specific: Trust principles to include */
+    soc2Principles?: Soc2TrustPrinciple[];
+    /** GDPR specific: Articles to prioritize */
+    gdprArticles?: GdprArticle[];
+    /** ISO 42001 specific: Control areas to focus on */
+    iso42001ControlAreas?: Iso42001ControlArea[];
+}
+/**
+ * Create default compliance targets configuration.
+ */
+export declare function createComplianceTargets(options?: Partial<ComplianceTargets>): ComplianceTargets;
+/**
+ * Get framework metadata.
+ */
+export declare function getFrameworkMetadata(framework: ComplianceFramework): FrameworkMetadata;
+/**
+ * Get all available frameworks.
+ */
+export declare function getAllFrameworks(): ComplianceFramework[];
+/**
+ * Get required enrichments for selected compliance targets.
+ */
+export declare function getRequiredEnrichments(targets: ComplianceTargets): EnrichmentConfig;
+/**
+ * Validate that a config meets compliance requirements.
+ */
+export declare function validateComplianceConfig(config: Record<string, any>, targets: ComplianceTargets): string[];
+/**
+ * Generate config sections required for compliance.
+ */
+export declare function generateComplianceConfig(targets: ComplianceTargets): Record<string, any>;
+/**
+ * Suggest frameworks based on industry.
+ */
+export declare function suggestFrameworksForIndustry(industry: string): {
+    frameworks: ComplianceFramework[];
+    reasoning: string;
+}[];
+/**
+ * Get control mapping details for a framework.
+ */
+export declare function getControlMappings(framework: ComplianceFramework): Record<string, string[]> | undefined;
+/**
+ * Check if a framework is supported.
+ */
+export declare function isFrameworkSupported(framework: string): framework is ComplianceFramework;
+//# sourceMappingURL=complianceTargets.d.ts.map

package/dist/complianceTargets.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"complianceTargets.d.ts","sourceRoot":"","sources":["../src/complianceTargets.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,gBAAgB,EAAkD,MAAM,QAAQ,CAAC;AAE1F;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAC3B,MAAM,GACN,MAAM,GACN,UAAU,GACV,WAAW,GACX,OAAO,GACP,UAAU,GACV,SAAS,GACT,aAAa,CAAC;AAElB;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAC1B,UAAU,GACV,cAAc,GACd,sBAAsB,GACtB,iBAAiB,GACjB,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,iBAAiB,GACzB,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,CAAA;AAET;;GAEG;AACH,MAAM,MAAM,WAAW,GACnB,MAAM,GACN,MAAM,GACN,MAAM,GACN,OAAO,GACP,OAAO,GACP,OAAO,GACP,OAAO,GACP,OAAO,GACP,OAAO,GACP,OAAO,GACP,OAAO,GACP,OAAO,GACP,OAAO,GACP,OAAO,GACP,OAAO,GACP,OAAO,GACP,OAAO,GACP,OAAO,CAAC;AAEZ;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAC3B,IAAI,GACJ,IAAI,GACJ,IAAI,GACJ,IAAI,GACJ,IAAI,GACJ,IAAI,GACJ,IAAI,GACJ,IAAI,GACJ,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACvC,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CACzC;AAgRD;;GAEG;AACH,eAAO,MAAM,qBAAqB,EAAE,MAAM,CAAC,iBAAiB,EAAE,MAAM,EAAE,CAgBrE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,EAAE,CAmB/D,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,yBAAyB,EAAE,MAAM,CAAC,mBAAmB,EAAE,MAAM,EAAE,CAU3E,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,qCAAqC;IACrC,UAAU,EAAE,mBAAmB,EAAE,CAAC;IAClC,4BAA4B;IAC5B,aAAa,CAAC,EAAE,CAAC,MAAM,GAAG,UAAU,GAAG,KAAK,CAAC,EAAE,CAAC;IAChD,kCAAkC;IAClC,eAAe,CAAC,EAAE,WAAW,GAAG,OAAO,GAAG,QAAQ,GAAG,SAAS,CAAC;IAC/D,mCAAmC;IACnC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kDAAkD;IAClD,cAAc,CAAC,EAAE,kBAAkB,EAAE,CAAC;IACtC,4CAA4C;IAC5C,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,oDAAoD;IACpD,oBAAoB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC9C;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,GAAE,OAAO,CAAC,iBAAiB,CAAM,GACvC,iBAAiB,CAUnB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,mBAAmB,GAAG,iBAAiB,CAEtF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,mBAAmB,EAAE,CAExD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,iBAAiB,GAAG,gBAAgB,CAWnF;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,OAAO,EAAE,iBAAiB,GACzB,MAAM,EAAE,CAyBV;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,iBAAiB,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAqBxF;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAC1C,QAAQ,EAAE,MAAM,GACf;IAAE,UAAU,EAAE,mBAAmB,EAAE,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,EAAE,CAqD5D;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,SAAS,EAAE,mBAAmB,GAC7B,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,GAAG,SAAS,CAWtC;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG,SAAS,IAAI,mBAAmB,CAExF"}

package/dist/complianceTargets.js ADDED Viewed

@@ -0,0 +1,521 @@
+"use strict";
+/**
+ * Compliance Targets - Framework targeting and enrichment mapping.
+ *
+ * Provides compliance framework definitions and automatic configuration
+ * based on selected compliance targets (ISO 42001, SOC 2, GDPR).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ISO42001_CONTROL_MAPPINGS = exports.GDPR_ARTICLE_MAPPINGS = exports.SOC2_CONTROL_MAPPINGS = void 0;
+exports.createComplianceTargets = createComplianceTargets;
+exports.getFrameworkMetadata = getFrameworkMetadata;
+exports.getAllFrameworks = getAllFrameworks;
+exports.getRequiredEnrichments = getRequiredEnrichments;
+exports.validateComplianceConfig = validateComplianceConfig;
+exports.generateComplianceConfig = generateComplianceConfig;
+exports.suggestFrameworksForIndustry = suggestFrameworksForIndustry;
+exports.getControlMappings = getControlMappings;
+exports.isFrameworkSupported = isFrameworkSupported;
+const spec_1 = require("./spec");
+/**
+ * SOC 2 framework metadata based on Trust Services Criteria.
+ */
+const SOC2_METADATA = {
+    name: 'SOC 2',
+    description: 'AICPA Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy',
+    version: '2017',
+    controlAreas: [
+        'CC1 Organization & Management',
+        'CC2 Communication',
+        'CC3 Risk Assessment',
+        'CC4 Monitoring Activities',
+        'CC5 Control Activities',
+        'CC6 Logical & Physical Access',
+        'CC7 System Operations',
+        'CC8 Change Management',
+        'CC9 Risk Mitigation',
+        'P Series Privacy',
+        'PI Series Processing Integrity',
+    ],
+    enrichments: {
+        // Security (CC1-CC9)
+        identityTracking: true, // CC6.1 - Logical access security
+        riskTracking: true, // CC3.1-CC3.4 - Risk assessment
+        immutability: true, // CC6.7 - Data integrity
+        signing: true, // CC6.6 - Encryption/authenticity
+        // Availability
+        lifecycleTracking: true, // CC7.1 - System monitoring
+        // Privacy (P Series)
+        dataRedaction: true, // P4 - Data minimization
+        dataGovernance: true, // P1 - Privacy notices
+    },
+    configRequirements: {
+        'identity.enabled': true,
+        'identity.require_user_id': true,
+        'policies.enforce': true,
+        'immutability.enabled': true,
+        'immutability.verify_on_emit': true,
+        'signing.enabled': true,
+        'wal.enabled': true,
+        'wal.sync_mode': 'fsync',
+        'reporting.enabled': true,
+    },
+};
+/**
+ * GDPR framework metadata based on regulation requirements.
+ */
+const GDPR_METADATA = {
+    name: 'GDPR',
+    description: 'EU General Data Protection Regulation',
+    version: '2018',
+    enforcementDate: '2018-05-25',
+    controlAreas: [
+        'Art 5 - Data Processing Principles',
+        'Art 6 - Lawfulness of Processing',
+        'Art 7 - Consent',
+        'Art 12-14 - Transparency',
+        'Art 15-22 - Data Subject Rights',
+        'Art 25 - Privacy by Design',
+        'Art 30 - Records of Processing',
+        'Art 32 - Security of Processing',
+        'Art 33-34 - Breach Notification',
+        'Art 35 - Impact Assessment',
+    ],
+    enrichments: {
+        // Art 5 - Lawfulness, fairness, transparency
+        dataRedaction: true, // Art 5(1)(c) - Data minimization
+        dataGovernance: true, // Art 5(1)(e) - Storage limitation
+        // Art 6/7 - Consent tracking
+        identityTracking: true, // Track data subjects
+        // Art 22 - Automated decision-making
+        humanOversight: true, // Right to human review
+        biasDetection: true, // Fairness in automated decisions
+        // Art 25 - Privacy by design
+        dataResidency: true, // Art 44-49 - Data transfers
+        // Art 30 - Records of processing
+        immutability: true, // Audit trail
+        lifecycleTracking: true, // Data retention
+    },
+    configRequirements: {
+        'data_handling.enabled': true,
+        'data_handling.mode': 'redact',
+        'data_governance.enabled': true,
+        'identity.enabled': true,
+        'human_oversight.enabled': true,
+        'immutability.enabled': true,
+        'reporting.enabled': true,
+        'reporting.include_privacy_report': true,
+    },
+};
+/**
+ * ISO 42001 framework metadata based on AIMS requirements.
+ */
+const ISO42001_METADATA = {
+    name: 'ISO/IEC 42001',
+    description: 'AI Management System Standard',
+    version: '2023',
+    controlAreas: [
+        'A.2 AI Policy',
+        'A.3 Internal Organization',
+        'A.4 Resources for AI Systems',
+        'A.5 AI System Impact Assessment',
+        'A.6 AI System Lifecycle',
+        'A.7 Data for AI Systems',
+        'A.8 Information for Interested Parties',
+        'A.9 Use of AI Systems',
+        'A.10 Third Party Relationships',
+    ],
+    enrichments: {
+        // A.5 - Impact assessment
+        riskTracking: true,
+        biasDetection: true,
+        // A.6 - Lifecycle management
+        lifecycleTracking: true,
+        // A.7 - Data governance
+        dataGovernance: true,
+        dataRedaction: true,
+        // A.8 - Transparency
+        humanOversight: true,
+        // Security baseline
+        immutability: true,
+        signing: true,
+        identityTracking: true,
+    },
+    configRequirements: {
+        'ai_act.enabled': true,
+        'risk_register.enabled': true,
+        'bias.enabled': true,
+        'human_oversight.enabled': true,
+        'lifecycle.enabled': true,
+        'data_governance.enabled': true,
+        'immutability.enabled': true,
+        'signing.enabled': true,
+        'identity.enabled': true,
+        'reporting.enabled': true,
+        'reporting.include_ai_act_report': true,
+    },
+};
+/**
+ * EU AI Act framework metadata.
+ */
+const EU_AI_ACT_METADATA = {
+    name: 'EU AI Act',
+    description: 'European Union Artificial Intelligence Act',
+    version: '2024',
+    enforcementDate: '2025-08-02',
+    controlAreas: [
+        'Art 9 - Risk Management',
+        'Art 10 - Data Governance',
+        'Art 11 - Technical Documentation',
+        'Art 12 - Record-keeping',
+        'Art 13 - Transparency',
+        'Art 14 - Human Oversight',
+        'Art 15 - Accuracy, Robustness, Cybersecurity',
+    ],
+    enrichments: {
+        riskTracking: true, // Art 9 - Risk management
+        dataGovernance: true, // Art 10 - Data governance
+        lifecycleTracking: true, // Art 11-12 - Documentation
+        humanOversight: true, // Art 14 - Human oversight
+        biasDetection: true, // Art 10 - Data quality
+        immutability: true, // Art 12 - Record-keeping
+        signing: true, // Art 15 - Cybersecurity
+    },
+    configRequirements: {
+        'ai_act.enabled': true,
+        'ai_act.default_risk_category': 'limited',
+        'risk_register.enabled': true,
+        'human_oversight.enabled': true,
+        'bias.enabled': true,
+        'lifecycle.enabled': true,
+        'data_governance.enabled': true,
+        'immutability.enabled': true,
+        'reporting.enabled': true,
+    },
+};
+/**
+ * Complete framework registry.
+ */
+const FRAMEWORK_REGISTRY = {
+    soc2: SOC2_METADATA,
+    gdpr: GDPR_METADATA,
+    iso42001: ISO42001_METADATA,
+    eu_ai_act: EU_AI_ACT_METADATA,
+    hipaa: {
+        name: 'HIPAA',
+        description: 'Health Insurance Portability and Accountability Act',
+        version: '1996',
+        controlAreas: ['Privacy Rule', 'Security Rule', 'Breach Notification Rule'],
+        enrichments: {
+            dataRedaction: true,
+            identityTracking: true,
+            immutability: true,
+            signing: true,
+            dataGovernance: true,
+        },
+        configRequirements: {
+            'data_handling.enabled': true,
+            'data_handling.mode': 'redact',
+            'identity.enabled': true,
+            'immutability.enabled': true,
+            'signing.enabled': true,
+            'wal.enabled': true,
+        },
+    },
+    iso27001: {
+        name: 'ISO/IEC 27001',
+        description: 'Information Security Management System',
+        version: '2022',
+        controlAreas: ['A.5-A.18 Control Domains'],
+        enrichments: {
+            immutability: true,
+            signing: true,
+            identityTracking: true,
+            riskTracking: true,
+        },
+        configRequirements: {
+            'immutability.enabled': true,
+            'immutability.verify_on_emit': true,
+            'signing.enabled': true,
+            'identity.enabled': true,
+            'wal.enabled': true,
+            'wal.sync_mode': 'fsync',
+            'reporting.include_security_report': true,
+        },
+    },
+    pci_dss: {
+        name: 'PCI DSS',
+        description: 'Payment Card Industry Data Security Standard',
+        version: '4.0',
+        controlAreas: ['12 Requirements'],
+        enrichments: {
+            dataRedaction: true,
+            immutability: true,
+            signing: true,
+            identityTracking: true,
+        },
+        configRequirements: {
+            'data_handling.enabled': true,
+            'data_handling.mode': 'redact',
+            'immutability.enabled': true,
+            'signing.enabled': true,
+            'identity.enabled': true,
+        },
+    },
+    nist_ai_rmf: {
+        name: 'NIST AI RMF',
+        description: 'NIST AI Risk Management Framework',
+        version: '1.0',
+        controlAreas: ['Govern', 'Map', 'Measure', 'Manage'],
+        enrichments: {
+            riskTracking: true,
+            humanOversight: true,
+            biasDetection: true,
+            lifecycleTracking: true,
+        },
+        configRequirements: {
+            'risk_register.enabled': true,
+            'human_oversight.enabled': true,
+            'bias.enabled': true,
+            'lifecycle.enabled': true,
+            'reporting.enabled': true,
+        },
+    },
+};
+/**
+ * SOC 2 control to enrichment mapping.
+ */
+exports.SOC2_CONTROL_MAPPINGS = {
+    CC1: ['identity.enabled'], // Organization ethics & integrity
+    CC2: ['reporting.enabled'], // Communication
+    CC3: ['risk_register.enabled'], // Risk assessment
+    CC4: ['immutability.verify_on_emit'], // Monitoring
+    CC5: ['policies.enforce'], // Control activities
+    CC6: [
+        'identity.enabled',
+        'identity.require_user_id',
+        'signing.enabled',
+        'immutability.enabled',
+        'data_handling.enabled',
+    ],
+    CC7: ['wal.enabled', 'lifecycle.enabled'], // System operations
+    CC8: ['immutability.enabled'], // Change management
+    CC9: ['risk_register.enabled'], // Risk mitigation
+};
+/**
+ * GDPR article to enrichment mapping.
+ */
+exports.GDPR_ARTICLE_MAPPINGS = {
+    art5: ['data_handling.enabled', 'data_governance.enabled'],
+    art6: ['identity.enabled'],
+    art7: ['identity.enabled'],
+    art12: ['reporting.enabled'],
+    art13: ['reporting.enabled'],
+    art14: ['reporting.enabled'],
+    art15: ['reporting.enabled'],
+    art16: ['data_governance.enabled'],
+    art17: ['data_governance.enabled'],
+    art18: ['data_governance.enabled'],
+    art20: ['data_governance.enabled'],
+    art21: ['human_oversight.enabled'],
+    art22: ['human_oversight.enabled', 'bias.enabled'],
+    art25: ['data_handling.enabled', 'immutability.enabled'],
+    art30: ['immutability.enabled', 'reporting.enabled'],
+    art32: ['signing.enabled', 'wal.enabled'],
+    art33: ['reporting.enabled'],
+    art35: ['risk_register.enabled'],
+};
+/**
+ * ISO 42001 control area to enrichment mapping.
+ */
+exports.ISO42001_CONTROL_MAPPINGS = {
+    A2: ['policies.enforce'], // AI Policy
+    A3: ['identity.enabled'], // Internal Organization
+    A4: ['lifecycle.enabled'], // Resources
+    A5: ['risk_register.enabled', 'bias.enabled'], // Impact Assessment
+    A6: ['lifecycle.enabled', 'immutability.enabled'], // Lifecycle
+    A7: ['data_governance.enabled', 'data_handling.enabled'], // Data
+    A8: ['human_oversight.enabled', 'reporting.enabled'], // Transparency
+    A9: ['human_oversight.enabled'], // Use of AI
+    A10: ['identity.enabled', 'reporting.enabled'], // Third parties
+};
+/**
+ * Create default compliance targets configuration.
+ */
+function createComplianceTargets(options = {}) {
+    return {
+        frameworks: options.frameworks ?? [],
+        reportFormats: options.reportFormats ?? ['json', 'markdown'],
+        reportFrequency: options.reportFrequency ?? 'per_trace',
+        outputDirectory: options.outputDirectory ?? './monora_reports',
+        soc2Principles: options.soc2Principles,
+        gdprArticles: options.gdprArticles,
+        iso42001ControlAreas: options.iso42001ControlAreas,
+    };
+}
+/**
+ * Get framework metadata.
+ */
+function getFrameworkMetadata(framework) {
+    return FRAMEWORK_REGISTRY[framework];
+}
+/**
+ * Get all available frameworks.
+ */
+function getAllFrameworks() {
+    return Object.keys(FRAMEWORK_REGISTRY);
+}
+/**
+ * Get required enrichments for selected compliance targets.
+ */
+function getRequiredEnrichments(targets) {
+    let combined = (0, spec_1.createEnrichmentConfig)();
+    for (const framework of targets.frameworks) {
+        const metadata = FRAMEWORK_REGISTRY[framework];
+        if (metadata?.enrichments) {
+            combined = (0, spec_1.mergeEnrichmentConfigs)(combined, (0, spec_1.createEnrichmentConfig)(metadata.enrichments));
+        }
+    }
+    return combined;
+}
+/**
+ * Validate that a config meets compliance requirements.
+ */
+function validateComplianceConfig(config, targets) {
+    const errors = [];
+    for (const framework of targets.frameworks) {
+        const metadata = FRAMEWORK_REGISTRY[framework];
+        if (!metadata?.configRequirements)
+            continue;
+        for (const [path, expectedValue] of Object.entries(metadata.configRequirements)) {
+            const actualValue = getConfigPath(config, path);
+            if (actualValue === undefined || actualValue === null) {
+                errors.push(`${metadata.name}: Missing required config '${path}'`);
+            }
+            else if (typeof expectedValue === 'boolean' && actualValue !== expectedValue) {
+                errors.push(`${metadata.name}: Config '${path}' should be ${expectedValue}, got ${actualValue}`);
+            }
+            else if (typeof expectedValue === 'string' && actualValue !== expectedValue) {
+                errors.push(`${metadata.name}: Config '${path}' should be '${expectedValue}', got '${actualValue}'`);
+            }
+        }
+    }
+    return errors;
+}
+/**
+ * Generate config sections required for compliance.
+ */
+function generateComplianceConfig(targets) {
+    const config = {};
+    for (const framework of targets.frameworks) {
+        const metadata = FRAMEWORK_REGISTRY[framework];
+        if (!metadata?.configRequirements)
+            continue;
+        for (const [path, value] of Object.entries(metadata.configRequirements)) {
+            setConfigPath(config, path, value);
+        }
+    }
+    // Add compliance targets section
+    config.compliance_targets = {
+        frameworks: targets.frameworks,
+        report_formats: targets.reportFormats,
+        report_frequency: targets.reportFrequency,
+        output_directory: targets.outputDirectory,
+    };
+    return config;
+}
+/**
+ * Suggest frameworks based on industry.
+ */
+function suggestFrameworksForIndustry(industry) {
+    const suggestions = [];
+    const industryLower = industry.toLowerCase();
+    // Healthcare
+    if (industryLower.includes('health') || industryLower.includes('medical') || industryLower.includes('pharma')) {
+        suggestions.push({
+            frameworks: ['hipaa', 'gdpr', 'iso42001'],
+            reasoning: 'Healthcare requires HIPAA compliance, GDPR for EU patients, and ISO 42001 for AI governance',
+        });
+    }
+    // Finance
+    if (industryLower.includes('finance') || industryLower.includes('bank') || industryLower.includes('payment')) {
+        suggestions.push({
+            frameworks: ['soc2', 'pci_dss', 'gdpr'],
+            reasoning: 'Financial services require SOC 2 for security, PCI DSS for payment data, GDPR for EU customers',
+        });
+    }
+    // Technology/SaaS
+    if (industryLower.includes('tech') || industryLower.includes('saas') || industryLower.includes('software')) {
+        suggestions.push({
+            frameworks: ['soc2', 'gdpr', 'iso42001'],
+            reasoning: 'Tech companies need SOC 2 for customer trust, GDPR for EU users, ISO 42001 for AI systems',
+        });
+    }
+    // EU-based or serving EU
+    if (industryLower.includes('eu') || industryLower.includes('europe')) {
+        suggestions.push({
+            frameworks: ['gdpr', 'eu_ai_act', 'iso42001'],
+            reasoning: 'EU operations require GDPR and EU AI Act compliance, ISO 42001 provides AIMS framework',
+        });
+    }
+    // AI/ML focused
+    if (industryLower.includes('ai') || industryLower.includes('ml') || industryLower.includes('machine learning')) {
+        suggestions.push({
+            frameworks: ['iso42001', 'eu_ai_act', 'nist_ai_rmf'],
+            reasoning: 'AI companies should follow ISO 42001, EU AI Act, and NIST AI RMF for comprehensive governance',
+        });
+    }
+    // Default recommendation
+    if (suggestions.length === 0) {
+        suggestions.push({
+            frameworks: ['soc2', 'gdpr', 'iso42001'],
+            reasoning: 'Standard recommendation: SOC 2 for security, GDPR for privacy, ISO 42001 for AI governance',
+        });
+    }
+    return suggestions;
+}
+/**
+ * Get control mapping details for a framework.
+ */
+function getControlMappings(framework) {
+    switch (framework) {
+        case 'soc2':
+            return exports.SOC2_CONTROL_MAPPINGS;
+        case 'gdpr':
+            return exports.GDPR_ARTICLE_MAPPINGS;
+        case 'iso42001':
+            return exports.ISO42001_CONTROL_MAPPINGS;
+        default:
+            return undefined;
+    }
+}
+/**
+ * Check if a framework is supported.
+ */
+function isFrameworkSupported(framework) {
+    return framework.toLowerCase() in FRAMEWORK_REGISTRY;
+}
+// Helper: Get value from nested config path
+function getConfigPath(config, path) {
+    const parts = path.split('.');
+    let current = config;
+    for (const part of parts) {
+        if (current === undefined || current === null)
+            return undefined;
+        current = current[part];
+    }
+    return current;
+}
+// Helper: Set value at nested config path
+function setConfigPath(config, path, value) {
+    const parts = path.split('.');
+    let current = config;
+    for (let i = 0; i < parts.length - 1; i++) {
+        const part = parts[i];
+        if (!(part in current) || typeof current[part] !== 'object') {
+            current[part] = {};
+        }
+        current = current[part];
+    }
+    current[parts[parts.length - 1]] = value;
+}