monora-ai 2.1.0 → 2.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +333 -159
- package/dist/aims_governance.d.ts +238 -0
- package/dist/aims_governance.d.ts.map +1 -0
- package/dist/aims_governance.js +922 -0
- package/dist/alerts.d.ts +16 -0
- package/dist/alerts.d.ts.map +1 -1
- package/dist/alerts.js +16 -0
- package/dist/api.d.ts +6 -0
- package/dist/api.d.ts.map +1 -1
- package/dist/api.js +6 -0
- package/dist/assessment.d.ts +85 -0
- package/dist/assessment.d.ts.map +1 -1
- package/dist/assessment.js +506 -13
- package/dist/attribution.d.ts +44 -3
- package/dist/attribution.d.ts.map +1 -1
- package/dist/attribution.js +197 -10
- package/dist/autodetect.d.ts +68 -0
- package/dist/autodetect.d.ts.map +1 -1
- package/dist/autodetect.js +639 -0
- package/dist/bias.d.ts +130 -0
- package/dist/bias.d.ts.map +1 -0
- package/dist/bias.js +223 -0
- package/dist/cli/diagnostics.d.ts +5 -1
- package/dist/cli/diagnostics.d.ts.map +1 -1
- package/dist/cli/diagnostics.js +23 -6
- package/dist/cli/doctor.d.ts +25 -0
- package/dist/cli/doctor.d.ts.map +1 -0
- package/dist/cli/doctor.js +381 -0
- package/dist/cli/fix.d.ts +16 -0
- package/dist/cli/fix.d.ts.map +1 -0
- package/dist/cli/fix.js +284 -0
- package/dist/cli/init.d.ts +57 -0
- package/dist/cli/init.d.ts.map +1 -0
- package/dist/cli/init.js +205 -0
- package/dist/cli.js +1550 -176
- package/dist/complianceTargets.d.ts +111 -0
- package/dist/complianceTargets.d.ts.map +1 -0
- package/dist/complianceTargets.js +521 -0
- package/dist/config.d.ts +261 -16
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +381 -32
- package/dist/config_migrations.d.ts.map +1 -1
- package/dist/config_migrations.js +38 -1
- package/dist/config_schema.d.ts +2490 -1035
- package/dist/config_schema.d.ts.map +1 -1
- package/dist/config_schema.js +233 -64
- package/dist/context.d.ts +34 -0
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +118 -7
- package/dist/control_backbone.d.ts +122 -0
- package/dist/control_backbone.d.ts.map +1 -0
- package/dist/control_backbone.js +698 -0
- package/dist/data-governance.d.ts +187 -0
- package/dist/data-governance.d.ts.map +1 -0
- package/dist/data-governance.js +424 -0
- package/dist/dataResidency.d.ts +44 -0
- package/dist/dataResidency.d.ts.map +1 -0
- package/dist/dataResidency.js +203 -0
- package/dist/dispatcher.d.ts.map +1 -1
- package/dist/dispatcher.js +17 -5
- package/dist/evidence_store.d.ts +103 -0
- package/dist/evidence_store.d.ts.map +1 -0
- package/dist/evidence_store.js +459 -0
- package/dist/executiveSummary.d.ts +15 -0
- package/dist/executiveSummary.d.ts.map +1 -1
- package/dist/executiveSummary.js +135 -22
- package/dist/identity.d.ts +143 -0
- package/dist/identity.d.ts.map +1 -0
- package/dist/identity.js +231 -0
- package/dist/impact-assessment.d.ts +350 -0
- package/dist/impact-assessment.d.ts.map +1 -0
- package/dist/impact-assessment.js +580 -0
- package/dist/index.d.ts +20 -4
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +247 -5
- package/dist/instrumentation.d.ts +1 -1
- package/dist/instrumentation.d.ts.map +1 -1
- package/dist/instrumentation.js +123 -22
- package/dist/integrations/anthropic.d.ts +3 -0
- package/dist/integrations/anthropic.d.ts.map +1 -1
- package/dist/integrations/anthropic.js +282 -80
- package/dist/integrations/governance.d.ts +33 -0
- package/dist/integrations/governance.d.ts.map +1 -0
- package/dist/integrations/governance.js +208 -0
- package/dist/integrations/langchain.d.ts +4 -0
- package/dist/integrations/langchain.d.ts.map +1 -1
- package/dist/integrations/langchain.js +362 -142
- package/dist/integrations/openai.d.ts +9 -0
- package/dist/integrations/openai.d.ts.map +1 -1
- package/dist/integrations/openai.js +673 -73
- package/dist/iso42001_consolidation.d.ts +16 -0
- package/dist/iso42001_consolidation.d.ts.map +1 -0
- package/dist/iso42001_consolidation.js +413 -0
- package/dist/iso42001_workflows.d.ts +263 -0
- package/dist/iso42001_workflows.d.ts.map +1 -0
- package/dist/iso42001_workflows.js +781 -0
- package/dist/lifecycle.d.ts +299 -0
- package/dist/lifecycle.d.ts.map +1 -0
- package/dist/lifecycle.js +624 -0
- package/dist/lineage.d.ts +2 -2
- package/dist/lineage.d.ts.map +1 -1
- package/dist/lineage.js +9 -16
- package/dist/middleware/express.d.ts.map +1 -1
- package/dist/middleware/express.js +18 -3
- package/dist/middleware/nextjs.js +2 -2
- package/dist/model.d.ts +143 -0
- package/dist/model.d.ts.map +1 -0
- package/dist/model.js +371 -0
- package/dist/onboarding.d.ts +42 -0
- package/dist/onboarding.d.ts.map +1 -0
- package/dist/onboarding.js +1022 -0
- package/dist/oversight.d.ts +264 -0
- package/dist/oversight.d.ts.map +1 -0
- package/dist/oversight.js +497 -0
- package/dist/presets.js +7 -7
- package/dist/quotas.d.ts +171 -0
- package/dist/quotas.d.ts.map +1 -0
- package/dist/quotas.js +259 -0
- package/dist/register.d.ts +13 -0
- package/dist/register.d.ts.map +1 -0
- package/dist/register.js +99 -0
- package/dist/registry.d.ts +1 -0
- package/dist/registry.d.ts.map +1 -1
- package/dist/registry.js +7 -0
- package/dist/registryData.json +43 -6
- package/dist/report.d.ts +2 -1
- package/dist/report.d.ts.map +1 -1
- package/dist/report.js +189 -2
- package/dist/reporting.d.ts +125 -0
- package/dist/reporting.d.ts.map +1 -1
- package/dist/reporting.js +192 -2
- package/dist/resources.d.ts +285 -0
- package/dist/resources.d.ts.map +1 -0
- package/dist/resources.js +643 -0
- package/dist/risk.d.ts +120 -0
- package/dist/risk.d.ts.map +1 -0
- package/dist/risk.js +220 -0
- package/dist/runtime.d.ts +73 -0
- package/dist/runtime.d.ts.map +1 -1
- package/dist/runtime.js +415 -18
- package/dist/schemaInference.d.ts +92 -0
- package/dist/schemaInference.d.ts.map +1 -0
- package/dist/schemaInference.js +466 -0
- package/dist/schema_validation.js +2 -2
- package/dist/schemas/config.schema.json +118 -4
- package/dist/security_report.js +4 -4
- package/dist/signing.d.ts +1 -1
- package/dist/signing.d.ts.map +1 -1
- package/dist/signing.js +4 -0
- package/dist/sinks/file.d.ts +19 -1
- package/dist/sinks/file.d.ts.map +1 -1
- package/dist/sinks/file.js +82 -13
- package/dist/sinks/https.d.ts +10 -0
- package/dist/sinks/https.d.ts.map +1 -1
- package/dist/sinks/https.js +76 -16
- package/dist/sinks/stdout.d.ts +1 -0
- package/dist/sinks/stdout.d.ts.map +1 -1
- package/dist/sinks/stdout.js +12 -1
- package/dist/spec.d.ts +159 -0
- package/dist/spec.d.ts.map +1 -0
- package/dist/spec.js +391 -0
- package/dist/stakeholders.d.ts +199 -0
- package/dist/stakeholders.d.ts.map +1 -0
- package/dist/stakeholders.js +398 -0
- package/dist/standards.d.ts.map +1 -1
- package/dist/standards.js +160 -2
- package/dist/standards_ingest.d.ts.map +1 -1
- package/dist/standards_ingest.js +1 -4
- package/dist/telemetry.d.ts +16 -2
- package/dist/telemetry.d.ts.map +1 -1
- package/dist/telemetry.js +77 -14
- package/dist/templates/controls/iso42001_control_catalog.json +1443 -0
- package/dist/traced_emitter.d.ts.map +1 -1
- package/dist/traced_emitter.js +19 -9
- package/dist/trust_package.d.ts +19 -1
- package/dist/trust_package.d.ts.map +1 -1
- package/dist/trust_package.js +89 -2
- package/dist/verify.d.ts.map +1 -1
- package/dist/verify.js +9 -2
- package/dist/wal.d.ts.map +1 -1
- package/dist/wal.js +2 -1
- package/package.json +14 -1
- package/scripts/postinstall.js +105 -210
- package/templates/controls/iso42001_control_catalog.json +1443 -0
|
@@ -0,0 +1,203 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Data residency validation for sinks.
|
|
4
|
+
*
|
|
5
|
+
* Validates that endpoint URLs match configured data residency requirements
|
|
6
|
+
* based on domain patterns for different geographic regions.
|
|
7
|
+
*/
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.detectEndpointRegion = detectEndpointRegion;
|
|
10
|
+
exports.validateDataResidency = validateDataResidency;
|
|
11
|
+
exports.enforceDataResidency = enforceDataResidency;
|
|
12
|
+
const logger_1 = require("./logger");
|
|
13
|
+
/**
|
|
14
|
+
* Known GDPR-adequate region domain patterns (not limited to EU member states).
|
|
15
|
+
* These patterns indicate endpoints that may store/process data in GDPR-adequate regions.
|
|
16
|
+
*/
|
|
17
|
+
const GDPR_ADEQUATE_PATTERNS = [
|
|
18
|
+
// Explicit EU subdomains
|
|
19
|
+
/\.eu\./i,
|
|
20
|
+
/\-eu\./i,
|
|
21
|
+
/eu\-/i,
|
|
22
|
+
/\.europe\./i,
|
|
23
|
+
/\-europe\./i,
|
|
24
|
+
// Country-specific EU TLDs
|
|
25
|
+
/\.eu$/i,
|
|
26
|
+
/\.de$/i,
|
|
27
|
+
/\.fr$/i,
|
|
28
|
+
/\.nl$/i,
|
|
29
|
+
/\.ie$/i,
|
|
30
|
+
/\.it$/i,
|
|
31
|
+
/\.es$/i,
|
|
32
|
+
/\.pl$/i,
|
|
33
|
+
/\.at$/i,
|
|
34
|
+
/\.be$/i,
|
|
35
|
+
/\.se$/i,
|
|
36
|
+
/\.dk$/i,
|
|
37
|
+
/\.fi$/i,
|
|
38
|
+
/\.pt$/i,
|
|
39
|
+
/\.cz$/i,
|
|
40
|
+
/\.ro$/i,
|
|
41
|
+
/\.hu$/i,
|
|
42
|
+
/\.sk$/i,
|
|
43
|
+
/\.bg$/i,
|
|
44
|
+
/\.hr$/i,
|
|
45
|
+
/\.si$/i,
|
|
46
|
+
/\.lt$/i,
|
|
47
|
+
/\.lv$/i,
|
|
48
|
+
/\.ee$/i,
|
|
49
|
+
/\.lu$/i,
|
|
50
|
+
/\.mt$/i,
|
|
51
|
+
/\.cy$/i,
|
|
52
|
+
/\.gr$/i,
|
|
53
|
+
// Cloud provider EU regions
|
|
54
|
+
/eu-west/i,
|
|
55
|
+
/eu-central/i,
|
|
56
|
+
/eu-north/i,
|
|
57
|
+
/eu-south/i,
|
|
58
|
+
/europe-west/i,
|
|
59
|
+
/europe-north/i,
|
|
60
|
+
/europewest/i,
|
|
61
|
+
/frankfurt/i,
|
|
62
|
+
/ireland/i,
|
|
63
|
+
/london/i,
|
|
64
|
+
/paris/i,
|
|
65
|
+
/amsterdam/i,
|
|
66
|
+
/stockholm/i,
|
|
67
|
+
/milan/i,
|
|
68
|
+
/zurich/i,
|
|
69
|
+
];
|
|
70
|
+
/**
|
|
71
|
+
* Known US region domain patterns.
|
|
72
|
+
* These patterns indicate endpoints that store/process data in the US.
|
|
73
|
+
*/
|
|
74
|
+
const US_PATTERNS = [
|
|
75
|
+
// Explicit US subdomains
|
|
76
|
+
/\.us\./i,
|
|
77
|
+
/\-us\./i,
|
|
78
|
+
/us\-/i,
|
|
79
|
+
/\.usa\./i,
|
|
80
|
+
/\-usa\./i,
|
|
81
|
+
// US TLD
|
|
82
|
+
/\.us$/i,
|
|
83
|
+
// Cloud provider US regions
|
|
84
|
+
/us-east/i,
|
|
85
|
+
/us-west/i,
|
|
86
|
+
/us-central/i,
|
|
87
|
+
/useast/i,
|
|
88
|
+
/uswest/i,
|
|
89
|
+
/america/i,
|
|
90
|
+
/virginia/i,
|
|
91
|
+
/ohio/i,
|
|
92
|
+
/oregon/i,
|
|
93
|
+
/california/i,
|
|
94
|
+
/n-virginia/i,
|
|
95
|
+
// Common US-based service patterns
|
|
96
|
+
/\.com$/i, // Treated as potentially US unless EU pattern matches
|
|
97
|
+
];
|
|
98
|
+
/**
|
|
99
|
+
* Extract the hostname from a URL.
|
|
100
|
+
*/
|
|
101
|
+
function extractHostname(url) {
|
|
102
|
+
try {
|
|
103
|
+
const parsed = new URL(url);
|
|
104
|
+
return parsed.hostname.toLowerCase();
|
|
105
|
+
}
|
|
106
|
+
catch {
|
|
107
|
+
// If URL parsing fails, try to extract hostname manually
|
|
108
|
+
const match = url.match(/^(?:https?:\/\/)?([^\/\?#:]+)/i);
|
|
109
|
+
return match ? match[1].toLowerCase() : url.toLowerCase();
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
/**
|
|
113
|
+
* Detect the likely data residency region of an endpoint URL.
|
|
114
|
+
*/
|
|
115
|
+
function detectEndpointRegion(endpoint) {
|
|
116
|
+
const hostname = extractHostname(endpoint);
|
|
117
|
+
const fullUrl = endpoint.toLowerCase();
|
|
118
|
+
// Check GDPR-adequate patterns first (more specific)
|
|
119
|
+
for (const pattern of GDPR_ADEQUATE_PATTERNS) {
|
|
120
|
+
if (pattern.test(hostname) || pattern.test(fullUrl)) {
|
|
121
|
+
return 'eu';
|
|
122
|
+
}
|
|
123
|
+
}
|
|
124
|
+
// Check US patterns
|
|
125
|
+
for (const pattern of US_PATTERNS) {
|
|
126
|
+
if (pattern.test(hostname) || pattern.test(fullUrl)) {
|
|
127
|
+
// .com is ambiguous - only count as US if no EU indicators
|
|
128
|
+
if (pattern.source === '\\.com$') {
|
|
129
|
+
continue; // Skip .com as it's too ambiguous
|
|
130
|
+
}
|
|
131
|
+
return 'us';
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
return 'unknown';
|
|
135
|
+
}
|
|
136
|
+
/**
|
|
137
|
+
* Validate that an endpoint URL matches the required data residency.
|
|
138
|
+
*
|
|
139
|
+
* @param endpoint - The endpoint URL to validate
|
|
140
|
+
* @param requiredResidency - The required data residency ('us', 'eu', 'any', or null)
|
|
141
|
+
* @returns Validation result with details
|
|
142
|
+
*/
|
|
143
|
+
function validateDataResidency(endpoint, requiredResidency) {
|
|
144
|
+
// No requirement means always valid
|
|
145
|
+
if (!requiredResidency || requiredResidency === 'any') {
|
|
146
|
+
return {
|
|
147
|
+
valid: true,
|
|
148
|
+
detectedRegion: detectEndpointRegion(endpoint),
|
|
149
|
+
requiredRegion: requiredResidency,
|
|
150
|
+
endpoint,
|
|
151
|
+
message: 'No data residency requirement configured',
|
|
152
|
+
};
|
|
153
|
+
}
|
|
154
|
+
const detectedRegion = detectEndpointRegion(endpoint);
|
|
155
|
+
// If we can't determine the region, we can't validate
|
|
156
|
+
if (detectedRegion === 'unknown') {
|
|
157
|
+
return {
|
|
158
|
+
valid: false,
|
|
159
|
+
detectedRegion,
|
|
160
|
+
requiredRegion: requiredResidency,
|
|
161
|
+
endpoint,
|
|
162
|
+
message: `Cannot determine data residency for endpoint '${endpoint}'. Required: ${requiredResidency.toUpperCase()}. Consider using an endpoint with explicit region indicators.`,
|
|
163
|
+
};
|
|
164
|
+
}
|
|
165
|
+
// Check if detected region matches required
|
|
166
|
+
if (detectedRegion === requiredResidency) {
|
|
167
|
+
return {
|
|
168
|
+
valid: true,
|
|
169
|
+
detectedRegion,
|
|
170
|
+
requiredRegion: requiredResidency,
|
|
171
|
+
endpoint,
|
|
172
|
+
message: `Endpoint matches ${requiredResidency.toUpperCase()} data residency requirement`,
|
|
173
|
+
};
|
|
174
|
+
}
|
|
175
|
+
// Mismatch
|
|
176
|
+
return {
|
|
177
|
+
valid: false,
|
|
178
|
+
detectedRegion,
|
|
179
|
+
requiredRegion: requiredResidency,
|
|
180
|
+
endpoint,
|
|
181
|
+
message: `Data residency mismatch: endpoint '${endpoint}' appears to be in ${detectedRegion.toUpperCase()}, but ${requiredResidency.toUpperCase()} is required`,
|
|
182
|
+
};
|
|
183
|
+
}
|
|
184
|
+
/**
|
|
185
|
+
* Enforce data residency requirements for a sink endpoint.
|
|
186
|
+
*
|
|
187
|
+
* @param endpoint - The endpoint URL to validate
|
|
188
|
+
* @param residency - The required data residency
|
|
189
|
+
* @param action - Action on failure: 'block' throws error, 'warn' logs warning
|
|
190
|
+
* @throws Error if action is 'block' and validation fails
|
|
191
|
+
*/
|
|
192
|
+
function enforceDataResidency(endpoint, residency, action = 'warn') {
|
|
193
|
+
const result = validateDataResidency(endpoint, residency);
|
|
194
|
+
if (!result.valid) {
|
|
195
|
+
if (action === 'block') {
|
|
196
|
+
throw new Error(`Data residency enforcement failed: ${result.message}`);
|
|
197
|
+
}
|
|
198
|
+
else {
|
|
199
|
+
logger_1.logger.warning('Data residency warning: %s', result.message);
|
|
200
|
+
}
|
|
201
|
+
}
|
|
202
|
+
return result;
|
|
203
|
+
}
|
package/dist/dispatcher.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dispatcher.d.ts","sourceRoot":"","sources":["../src/dispatcher.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,IAAI,EAAa,MAAM,cAAc,CAAC;AAG/C,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AASxC;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAKrF;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,OAAO,CAAC,QAAQ,EAAE,aAAa,GAAG,MAAM,IAAI,CAQ3D;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAE1C;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C;
|
|
1
|
+
{"version":3,"file":"dispatcher.d.ts","sourceRoot":"","sources":["../src/dispatcher.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,IAAI,EAAa,MAAM,cAAc,CAAC;AAG/C,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AASxC;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAKrF;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,OAAO,CAAC,QAAQ,EAAE,aAAa,GAAG,MAAM,IAAI,CAQ3D;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAE1C;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C;AA4BD,qBAAa,eAAe;IAC1B,OAAO,CAAC,KAAK,CAAS;IACtB,OAAO,CAAC,KAAK,CAAc;IAC3B,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,gBAAgB,CAAC,CAAS;IAClC,OAAO,CAAC,eAAe,CAA8B;IACrD,OAAO,CAAC,aAAa,CAA6B;IAClD,OAAO,CAAC,YAAY,CAAC,CAAS;IAC9B,OAAO,CAAC,YAAY,CAAC,CAAW;IAChC,OAAO,CAAC,mBAAmB,CAAC,CAA6B;IACzD,OAAO,CAAC,SAAS,CAAe;IAChC,OAAO,CAAC,MAAM,CAAC,CAAiB;IAChC,OAAO,CAAC,UAAU,CAAC,CAAQ;IAC3B,OAAO,CAAC,KAAK,CAA6B;IAC1C,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,OAAO,CAAU;IACzB,OAAO,CAAC,iBAAiB,CAAC,CAAa;IACvC,OAAO,CAAC,gBAAgB,CAAU;IAClC,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,YAAY,CAAS;gBAEjB,KAAK,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,YAAY;IAyD/C,KAAK,IAAI,IAAI;IAkBb,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,IAAI;IAoCtC,OAAO,CAAC,iBAAiB;IA4BzB,KAAK,IAAI,IAAI;IAoBb,KAAK,IAAI,IAAI;IA8Db,OAAO,CAAC,wBAAwB;IAoBhC,OAAO,CAAC,iBAAiB,CAAa;IAEtC,OAAO,CAAC,YAAY;IA+BpB,OAAO,CAAC,UAAU;IAmBlB,OAAO,CAAC,WAAW;IA8BnB,OAAO,CAAC,eAAe;IAiBvB,OAAO,CAAC,eAAe;IAmBvB,OAAO,CAAC,cAAc;CAwBvB"}
|
package/dist/dispatcher.js
CHANGED
|
@@ -61,7 +61,8 @@ function getAuditCallbackCount() {
|
|
|
61
61
|
* Errors are logged but don't propagate.
|
|
62
62
|
*/
|
|
63
63
|
function invokeAuditCallbacks(event) {
|
|
64
|
-
|
|
64
|
+
const callbacks = auditCallbacks.slice();
|
|
65
|
+
for (const callback of callbacks) {
|
|
65
66
|
try {
|
|
66
67
|
const result = callback(event);
|
|
67
68
|
if (result && typeof result === 'object' && 'then' in result) {
|
|
@@ -85,10 +86,12 @@ class EventDispatcher {
|
|
|
85
86
|
this.maxQueueSize = buffering.queue_size || 1000;
|
|
86
87
|
this.batchSize = buffering.batch_size || 50;
|
|
87
88
|
this.flushInterval = buffering.flush_interval_sec || 1.0;
|
|
88
|
-
this.queueFullTimeout = buffering.queue_full_timeout_sec !== null
|
|
89
|
+
this.queueFullTimeout = buffering.queue_full_timeout_sec !== null
|
|
90
|
+
? buffering.queue_full_timeout_sec
|
|
91
|
+
: undefined;
|
|
89
92
|
this.sinkFailureMode = errorHandling.sink_failure_mode || 'warn';
|
|
90
93
|
this.queueFullMode = errorHandling.queue_full_mode || 'warn';
|
|
91
|
-
this.fallbackPath = errorHandling.fallback_path;
|
|
94
|
+
this.fallbackPath = errorHandling.fallback_path ?? undefined;
|
|
92
95
|
const alerts = config.alerts || {};
|
|
93
96
|
if (alerts.violation_webhook) {
|
|
94
97
|
// ViolationWebhookDispatcher doesn't support 'block' mode, map to 'warn'
|
|
@@ -111,8 +114,17 @@ class EventDispatcher {
|
|
|
111
114
|
this.running = false;
|
|
112
115
|
// Adaptive batching config
|
|
113
116
|
this.adaptiveBatching = buffering.adaptive_batching ?? true;
|
|
114
|
-
|
|
115
|
-
|
|
117
|
+
const minBatchSize = buffering.min_batch_size ?? 10;
|
|
118
|
+
const maxBatchSize = buffering.max_batch_size ?? 500;
|
|
119
|
+
if (!Number.isInteger(minBatchSize)
|
|
120
|
+
|| !Number.isInteger(maxBatchSize)
|
|
121
|
+
|| minBatchSize <= 0
|
|
122
|
+
|| maxBatchSize <= 0
|
|
123
|
+
|| minBatchSize > maxBatchSize) {
|
|
124
|
+
throw new Error(`Invalid adaptive batching configuration: minBatchSize (${minBatchSize}) and maxBatchSize (${maxBatchSize}) must be positive integers with minBatchSize <= maxBatchSize.`);
|
|
125
|
+
}
|
|
126
|
+
this.minBatchSize = minBatchSize;
|
|
127
|
+
this.maxBatchSize = maxBatchSize;
|
|
116
128
|
}
|
|
117
129
|
start() {
|
|
118
130
|
if (this.running) {
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Evidence store with hash chaining and lineage graph support.
|
|
3
|
+
*/
|
|
4
|
+
export interface EvidenceHashRecord {
|
|
5
|
+
evidence_id: string;
|
|
6
|
+
evidence_hash: string;
|
|
7
|
+
prev_hash: string | null;
|
|
8
|
+
recorded_at: string;
|
|
9
|
+
collected_at?: string | null;
|
|
10
|
+
}
|
|
11
|
+
export interface EvidenceHashChain {
|
|
12
|
+
chain_type: 'evidence_hash_chain';
|
|
13
|
+
algorithm: string;
|
|
14
|
+
generated_at: string;
|
|
15
|
+
item_count: number;
|
|
16
|
+
first_hash: string | null;
|
|
17
|
+
last_hash: string | null;
|
|
18
|
+
verification_status: 'verified' | 'invalid';
|
|
19
|
+
verification_error?: string | null;
|
|
20
|
+
records: EvidenceHashRecord[];
|
|
21
|
+
}
|
|
22
|
+
export interface EvidenceLineageGraph {
|
|
23
|
+
graph_type: 'evidence_lineage';
|
|
24
|
+
generated_at: string;
|
|
25
|
+
node_counts: Record<string, number>;
|
|
26
|
+
nodes: Array<Record<string, any>>;
|
|
27
|
+
edges: Array<Record<string, any>>;
|
|
28
|
+
}
|
|
29
|
+
export interface EvidenceManifest {
|
|
30
|
+
manifest_type: 'evidence_manifest';
|
|
31
|
+
manifest_version: string;
|
|
32
|
+
standard: string;
|
|
33
|
+
generated_at: string;
|
|
34
|
+
scope?: string | null;
|
|
35
|
+
generated_by?: string | null;
|
|
36
|
+
notes?: string | null;
|
|
37
|
+
evidence_items: Array<Record<string, any>>;
|
|
38
|
+
hash_chain?: EvidenceHashChain;
|
|
39
|
+
lineage_graph?: EvidenceLineageGraph;
|
|
40
|
+
control_workflow_state?: Record<string, any>;
|
|
41
|
+
aims_governance_state?: Record<string, any>;
|
|
42
|
+
}
|
|
43
|
+
export interface EvidenceStoreOptions {
|
|
44
|
+
hashAlgorithm?: string;
|
|
45
|
+
}
|
|
46
|
+
export declare function computeEvidenceItemHash(item: Record<string, any>, options?: {
|
|
47
|
+
prevHash?: string | null;
|
|
48
|
+
algorithm?: string;
|
|
49
|
+
}): string;
|
|
50
|
+
export declare function verifyEvidenceHashChain(evidenceItems: Array<Record<string, any>>, records: EvidenceHashRecord[], algorithm?: string): {
|
|
51
|
+
valid: boolean;
|
|
52
|
+
error?: string;
|
|
53
|
+
};
|
|
54
|
+
export declare function buildEvidenceHashChain(evidenceItems: Array<Record<string, any>>, options?: {
|
|
55
|
+
algorithm?: string;
|
|
56
|
+
sortBy?: (item: Record<string, any>) => string;
|
|
57
|
+
}): EvidenceHashChain;
|
|
58
|
+
export declare function buildEvidenceLineageGraph(evidenceItems: Array<Record<string, any>>): EvidenceLineageGraph;
|
|
59
|
+
export declare function buildHashedEvidenceManifest(options: {
|
|
60
|
+
standard: string;
|
|
61
|
+
evidenceItems: Array<Record<string, any>>;
|
|
62
|
+
scope?: string;
|
|
63
|
+
generatedBy?: string;
|
|
64
|
+
notes?: string;
|
|
65
|
+
generatedAt?: string;
|
|
66
|
+
includeLineage?: boolean;
|
|
67
|
+
includeHashChain?: boolean;
|
|
68
|
+
hashAlgorithm?: string;
|
|
69
|
+
}): EvidenceManifest;
|
|
70
|
+
export declare class EvidenceStore {
|
|
71
|
+
private items;
|
|
72
|
+
private algorithm;
|
|
73
|
+
constructor(options?: EvidenceStoreOptions);
|
|
74
|
+
clear(): void;
|
|
75
|
+
addEvidence(item: Record<string, any>): Record<string, any>;
|
|
76
|
+
addMany(items: Array<Record<string, any>>): Array<Record<string, any>>;
|
|
77
|
+
listItems(): Array<Record<string, any>>;
|
|
78
|
+
get(evidenceId: string): Record<string, any> | null;
|
|
79
|
+
buildManifest(options: {
|
|
80
|
+
standard: string;
|
|
81
|
+
scope?: string;
|
|
82
|
+
generatedBy?: string;
|
|
83
|
+
notes?: string;
|
|
84
|
+
includeLineage?: boolean;
|
|
85
|
+
includeHashChain?: boolean;
|
|
86
|
+
}): EvidenceManifest;
|
|
87
|
+
getHashAlgorithm(): string;
|
|
88
|
+
}
|
|
89
|
+
export declare function getRuntimeEvidenceStore(): EvidenceStore;
|
|
90
|
+
export declare function clearRuntimeEvidenceStore(): void;
|
|
91
|
+
export declare function recordRuntimeEvidence(item: Record<string, any>): Record<string, any>;
|
|
92
|
+
export declare function buildRuntimeEvidenceManifest(options?: {
|
|
93
|
+
standard?: string;
|
|
94
|
+
scope?: string;
|
|
95
|
+
generatedBy?: string;
|
|
96
|
+
notes?: string;
|
|
97
|
+
includeLineage?: boolean;
|
|
98
|
+
includeHashChain?: boolean;
|
|
99
|
+
includeControlWorkflowState?: boolean;
|
|
100
|
+
includeAimsGovernanceState?: boolean;
|
|
101
|
+
controlCatalog?: Record<string, any> | null;
|
|
102
|
+
}): EvidenceManifest;
|
|
103
|
+
//# sourceMappingURL=evidence_store.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"evidence_store.d.ts","sourceRoot":"","sources":["../src/evidence_store.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,qBAAqB,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,mBAAmB,EAAE,UAAU,GAAG,SAAS,CAAC;IAC5C,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,OAAO,EAAE,kBAAkB,EAAE,CAAC;CAC/B;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,kBAAkB,CAAC;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;IAClC,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,mBAAmB,CAAC;IACnC,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,cAAc,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;IAC3C,UAAU,CAAC,EAAE,iBAAiB,CAAC;IAC/B,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC,sBAAsB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7C,qBAAqB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC7C;AAED,MAAM,WAAW,oBAAoB;IACnC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AA6ED,wBAAgB,uBAAuB,CACrC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,OAAO,CAAC,EAAE;IAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,GACzD,MAAM,CAWR;AAED,wBAAgB,uBAAuB,CACrC,aAAa,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EACzC,OAAO,EAAE,kBAAkB,EAAE,EAC7B,SAAS,CAAC,EAAE,MAAM,GACjB;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAmCpC;AAED,wBAAgB,sBAAsB,CACpC,aAAa,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EACzC,OAAO,CAAC,EAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,MAAM,CAAA;CAAE,GAC/E,iBAAiB,CAuCnB;AAYD,wBAAgB,yBAAyB,CACvC,aAAa,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,GACxC,oBAAoB,CAsItB;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,GAAG,gBAAgB,CAwBnB;AAiCD,qBAAa,aAAa;IACxB,OAAO,CAAC,KAAK,CAAmC;IAChD,OAAO,CAAC,SAAS,CAAS;gBAEd,OAAO,CAAC,EAAE,oBAAoB;IAK1C,KAAK,IAAI,IAAI;IAIb,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IAM3D,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAItE,SAAS,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAIvC,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,IAAI;IAKnD,aAAa,CAAC,OAAO,EAAE;QACrB,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,gBAAgB,CAAC,EAAE,OAAO,CAAC;KAC5B,GAAG,gBAAgB;IAapB,gBAAgB,IAAI,MAAM;CAG3B;AAID,wBAAgB,uBAAuB,IAAI,aAAa,CAEvD;AAED,wBAAgB,yBAAyB,IAAI,IAAI,CAEhD;AAED,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAEpF;AAED,wBAAgB,4BAA4B,CAAC,OAAO,CAAC,EAAE;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,2BAA2B,CAAC,EAAE,OAAO,CAAC;IACtC,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,IAAI,CAAC;CAC7C,GAAG,gBAAgB,CA6BnB"}
|