monora-ai 2.1.0 → 2.1.4

package/scripts/postinstall.js

@@ -1,17 +1,29 @@
 #!/usr/bin/env node
 /**
  * Postinstall script for Monora SDK
- * Automatically runs the setup wizard after npm install
- * Optionally collects registration data for telemetry
+ *
+ * Shows a non-blocking welcome message with setup instructions.
+ * Opt-in only - no interactive prompts or data collection during install.
+ *
+ * Users can register later via: npx monora-ai init
  */
 
-const { spawn } = require('child_process');
 const fs = require('fs');
 const path = require('path');
-const readline = require('readline');
 const crypto = require('crypto');
 
-// Check if we're in a CI environment or non-interactive terminal
+// ANSI color codes for terminal output
+const colors = {
+  reset: '\x1b[0m',
+  bold: '\x1b[1m',
+  dim: '\x1b[2m',
+  cyan: '\x1b[36m',
+  green: '\x1b[32m',
+  yellow: '\x1b[33m',
+  blue: '\x1b[34m',
+};
+
+// Check if we're in a CI environment
 function isCI() {
   return !!(
     process.env.CI ||
@@ -22,61 +34,29 @@ function isCI() {
     process.env.CIRCLECI ||
     process.env.TRAVIS ||
     process.env.JENKINS_URL ||
+    process.env.BUILDKITE ||
+    process.env.TF_BUILD ||
     process.env.MONORA_SKIP_POSTINSTALL
   );
 }
 
-// Generate a stable install ID (SHA256 of random UUID)
-function generateInstallId() {
-  const uuid = crypto.randomUUID();
-  return crypto.createHash('sha256').update(uuid).digest('hex').slice(0, 32);
-}
-
-function isTTY() {
-  return process.stdout.isTTY && process.stdin.isTTY;
-}
-
-function findProjectRoot() {
-  // Walk up from current directory to find package.json (the user's project)
-  let dir = process.cwd();
-  const maxLevels = 10;
-
-  for (let i = 0; i < maxLevels; i++) {
-    const pkgPath = path.join(dir, 'package.json');
-    if (fs.existsSync(pkgPath)) {
-      try {
-        const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
-        // Skip if this is the monora-ai package itself
-        if (pkg.name !== 'monora-ai') {
-          return dir;
-        }
-      } catch (e) {
-        // Continue searching
-      }
-    }
-    const parent = path.dirname(dir);
-    if (parent === dir) break;
-    dir = parent;
+// Check if terminal supports colors
+function supportsColor() {
+  if (process.env.NO_COLOR || process.env.TERM === 'dumb') {
+    return false;
   }
-  return process.cwd();
+  return process.stdout.isTTY;
 }
 
-function configExists(projectRoot) {
-  const configFiles = [
-    'monora.yml',
-    'monora.yaml',
-    'monora.json',
-    '.monora.yml',
-    '.monora.yaml',
-    '.monora.json',
-  ];
-
-  return configFiles.some(file =>
-    fs.existsSync(path.join(projectRoot, file))
-  );
+// Colorize text if supported
+function colorize(text, color) {
+  if (!supportsColor()) {
+    return text;
+  }
+  return `${color}${text}${colors.reset}`;
 }
 
-// Get the Monora data directory for storing registration
+// Get the Monora data directory
 function getMonoraDataDir() {
   const home = process.env.HOME || process.env.USERPROFILE;
   if (!home) {
@@ -85,189 +65,104 @@ function getMonoraDataDir() {
   return path.join(home, '.monora');
 }
 
-// Load existing registration data
-function loadRegistration() {
+// Record install timestamp for analytics (local only)
+function recordInstallTimestamp() {
   const dataDir = getMonoraDataDir();
   if (!dataDir) {
-    console.warn('Monora: HOME/USERPROFILE not set; skipping registration load');
-    return null;
-  }
-  const regPath = path.join(dataDir, 'registration.json');
-  try {
-    if (fs.existsSync(regPath)) {
-      return JSON.parse(fs.readFileSync(regPath, 'utf8'));
-    }
-  } catch (e) {
-    // Ignore errors
+    return;
   }
-  return null;
-}
 
-// Save registration data
-function saveRegistration(data) {
-  const dataDir = getMonoraDataDir();
-  if (!dataDir) {
-    console.warn('Monora: HOME/USERPROFILE not set; skipping registration save');
-    return false;
-  }
   try {
     if (!fs.existsSync(dataDir)) {
       fs.mkdirSync(dataDir, { recursive: true });
     }
-    const regPath = path.join(dataDir, 'registration.json');
-    fs.writeFileSync(regPath, JSON.stringify(data, null, 2));
-    return true;
-  } catch (e) {
-    return false;
-  }
-}
 
-// Prompt user for input
-function prompt(rl, question, defaultValue = '') {
-  const displayDefault = defaultValue ? ` [${defaultValue}]` : '';
-  return new Promise((resolve) => {
-    rl.question(`${question}${displayDefault}: `, (answer) => {
-      resolve(answer.trim() || defaultValue);
-    });
-  });
-}
-
-// Collect optional registration data
-async function collectRegistration() {
-  const existing = loadRegistration();
-  if (existing && existing.install_id) {
-    // Already registered, don't ask again
-    return existing;
+    const installPath = path.join(dataDir, 'install_info.json');
+    const existingData = fs.existsSync(installPath)
+      ? JSON.parse(fs.readFileSync(installPath, 'utf8'))
+      : {};
+
+    const installInfo = {
+      ...existingData,
+      install_id: existingData.install_id || crypto.randomUUID().replace(/-/g, '').slice(0, 32),
+      sdk: 'node',
+      first_installed_at: existingData.first_installed_at || new Date().toISOString(),
+      last_installed_at: new Date().toISOString(),
+      install_count: (existingData.install_count || 0) + 1,
+    };
+
+    fs.writeFileSync(installPath, JSON.stringify(installInfo, null, 2));
+  } catch {
+    // Silent fail - never break install
   }
+}
 
-  console.log('');
-  console.log('📋 Optional: Help us improve Monora by sharing some info');
-  console.log('   (Press Enter to skip any question)\n');
-
-  const rl = readline.createInterface({
-    input: process.stdin,
-    output: process.stdout,
-  });
-
-  try {
-    const company = await prompt(rl, '   Company/Organization');
-    const role = await prompt(rl, '   Your role (e.g., Developer, ML Engineer)');
-    const email = await prompt(rl, '   Email (for product updates, optional)');
-
-    rl.close();
+// Check if config already exists in project
+function configExists() {
+  const configFiles = [
+    'monora.yml',
+    'monora.yaml',
+    'monora.json',
+    '.monora.yml',
+    '.monora.yaml',
+    '.monora.json',
+  ];
 
-    // Only save if at least one field is provided
-    if (company || role || email) {
-      const registration = {
-        install_id: generateInstallId(),
-        company: company || undefined,
-        role: role || undefined,
-        email: email || undefined,
-        sdk_type: 'node',
-        source: 'npm',
-        registered_at: new Date().toISOString(),
-      };
-      if (saveRegistration(registration)) {
-        console.log('\n   ✓ Thanks! Your info has been saved locally.\n');
-      }
-      return registration;
-    } else {
-      // Create minimal registration with just install_id
-      const registration = {
-        install_id: generateInstallId(),
-        sdk_type: 'node',
-        source: 'npm',
-        registered_at: new Date().toISOString(),
-      };
-      saveRegistration(registration);
-      return registration;
-    }
-  } catch (e) {
-    rl.close();
-    return null;
-  }
+  return configFiles.some(file => fs.existsSync(path.join(process.cwd(), file)));
 }
 
-async function main() {
-  // Skip in CI environments
-  if (isCI()) {
-    console.log('\n📦 Monora SDK installed successfully.');
-    console.log('   Run "npx monora init" to configure.\n');
-    return;
-  }
-
-  const projectRoot = findProjectRoot();
+// Display welcome message
+function showWelcomeMessage() {
+  const hasConfig = configExists();
 
-  // Check if config already exists
-  if (configExists(projectRoot)) {
-    console.log('\n✅ Monora SDK installed. Existing configuration detected.\n');
-    return;
-  }
+  console.log('');
+  console.log(colorize('  Monora AI Governance SDK', colors.bold + colors.cyan));
+  console.log('');
 
-  // Non-interactive terminal - show quick start
-  if (!isTTY()) {
-    console.log('\n📦 Monora SDK installed successfully!');
+  if (hasConfig) {
+    console.log(colorize('  ✓ Existing configuration detected', colors.green));
     console.log('');
-    console.log('Quick Start:');
-    console.log('  1. Run: npx monora init');
-    console.log('  2. Or use zero-config:');
-    console.log('     import { init } from "monora-ai";');
-    console.log('     init();');
+  } else {
+    console.log(colorize('  Quick Start:', colors.bold));
+    console.log('');
+    console.log('  ' + colorize('Option 1:', colors.yellow) + ' Zero-config (recommended)');
+    console.log(colorize('    import { init } from "monora-ai";', colors.dim));
+    console.log(colorize('    init();', colors.dim));
+    console.log('');
+    console.log('  ' + colorize('Option 2:', colors.yellow) + ' Run setup wizard');
+    console.log(colorize('    npx monora-ai init', colors.dim));
     console.log('');
-    return;
-  }
-
-  // Interactive terminal - run setup wizard
-  console.log('\n🚀 Monora SDK installed!');
-
-  // Collect optional registration data
-  try {
-    await collectRegistration();
-  } catch {
-    // Intentionally ignore - registration is optional and should never break install
   }
 
-  try {
-    // Run the wizard with --yes for smart defaults
-    // Users can run `npx monora init` later for full interactive mode
-    const cliPath = path.join(__dirname, '..', 'dist', 'cli.js');
+  console.log(colorize('  Documentation:', colors.bold) + ' https://docs.monora.ai');
+  console.log(colorize('  GitHub:', colors.bold) + '        https://github.com/monora-ai/monora');
+  console.log('');
+}
 
-    if (fs.existsSync(cliPath)) {
-      console.log('Starting setup wizard...\n');
-      // Run the CLI init command
-      const child = spawn('node', [cliPath, 'init', '--yes'], {
-        cwd: projectRoot,
-        stdio: 'inherit',
-        shell: process.platform === 'win32',
-      });
+// Display minimal CI message
+function showCIMessage() {
+  console.log('');
+  console.log('Monora SDK installed. Use init() for zero-config or run "npx monora-ai init".');
+  console.log('');
+}
 
-      child.on('error', () => {
-        console.log('\n📦 Monora SDK installed.');
-        console.log('   Run "npx monora init" to configure manually.\n');
-      });
+// Main function
+function main() {
+  // Record install timestamp (local only, non-blocking)
+  recordInstallTimestamp();
 
-      child.on('close', (code) => {
-        if (code !== 0) {
-          console.log('\n   Run "npx monora init" to configure manually.\n');
-        }
-      });
-    } else {
-      // CLI not built yet (fresh install), show manual instructions
-      console.log('Quick Start:');
-      console.log('  Option 1: Run "npx monora init" to configure');
-      console.log('  Option 2: Use zero-config in your code:');
-      console.log('     import { init } from "monora-ai";');
-      console.log('     init();');
-      console.log('');
-    }
-  } catch (err) {
-    // Silent fail - don't break npm install
-    console.log('\n📦 Monora SDK installed.');
-    console.log('   Run "npx monora init" to configure.\n');
+  // Show appropriate message based on environment
+  if (isCI()) {
+    showCIMessage();
+  } else {
+    showWelcomeMessage();
   }
 }
 
-main().catch(() => {
+// Execute
+try {
+  main();
+} catch {
   // Never fail the install
-  console.log('\n📦 Monora SDK installed.\n');
-});
+  console.log('\nMonora SDK installed.\n');
+}

package/templates/controls/gdpr_control_catalog.json

@@ -0,0 +1,261 @@
+{
+  "catalog_id": "gdpr_gap_catalog_monora",
+  "standard": "GDPR",
+  "version": "0.1.0",
+  "generated_at": "2026-02-16T00:00:00+00:00",
+  "notes": "Default GDPR article coverage catalog for workflow gap analysis.",
+  "controls": [
+    {
+      "control_id": "art5",
+      "clause": "Art.5",
+      "title": "Principles Relating to Processing",
+      "requirement": "Apply lawfulness, fairness, transparency, minimization, and integrity principles.",
+      "guidance": "Maintain data handling policies and minimization controls.",
+      "evidence_types": ["data_handling_policy", "data_minimization_review"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "privacy_governance",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art6",
+      "clause": "Art.6",
+      "title": "Lawfulness of Processing",
+      "requirement": "Document lawful basis for processing.",
+      "guidance": "Track legal basis per data processing purpose.",
+      "evidence_types": ["lawful_basis_register"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "privacy_governance",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art7",
+      "clause": "Art.7",
+      "title": "Conditions for Consent",
+      "requirement": "Collect and manage valid consent where required.",
+      "guidance": "Track consent status and revocation.",
+      "evidence_types": ["consent_log", "consent_revocation_log"],
+      "frequency": "monthly",
+      "owner": "Privacy Officer",
+      "system": "consent_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art12",
+      "clause": "Art.12",
+      "title": "Transparent Information and Communication",
+      "requirement": "Provide transparent communications to data subjects.",
+      "guidance": "Maintain clear rights and request channels.",
+      "evidence_types": ["privacy_notice", "communication_record"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "transparency",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "art13",
+      "clause": "Art.13",
+      "title": "Information to Be Provided (Direct Collection)",
+      "requirement": "Provide required information when collecting data directly.",
+      "guidance": "Maintain direct collection notices and acknowledgments.",
+      "evidence_types": ["privacy_notice", "notice_acknowledgement"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "transparency",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "art14",
+      "clause": "Art.14",
+      "title": "Information to Be Provided (Indirect Collection)",
+      "requirement": "Provide required information when data is not collected directly.",
+      "guidance": "Maintain indirect collection notice process.",
+      "evidence_types": ["privacy_notice", "indirect_collection_log"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "transparency",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "art15",
+      "clause": "Art.15",
+      "title": "Right of Access",
+      "requirement": "Respond to access requests within legal timelines.",
+      "guidance": "Track request intake and fulfillment.",
+      "evidence_types": ["data_subject_request_log"],
+      "frequency": "monthly",
+      "owner": "Privacy Officer",
+      "system": "rights_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art16",
+      "clause": "Art.16",
+      "title": "Right to Rectification",
+      "requirement": "Correct inaccurate personal data.",
+      "guidance": "Track rectification workflow and completion.",
+      "evidence_types": ["rectification_log"],
+      "frequency": "monthly",
+      "owner": "Privacy Officer",
+      "system": "rights_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "art17",
+      "clause": "Art.17",
+      "title": "Right to Erasure",
+      "requirement": "Erase data when erasure conditions are met.",
+      "guidance": "Track erasure requests and outcomes.",
+      "evidence_types": ["erasure_log"],
+      "frequency": "monthly",
+      "owner": "Privacy Officer",
+      "system": "rights_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art18",
+      "clause": "Art.18",
+      "title": "Right to Restriction",
+      "requirement": "Restrict processing when requested and applicable.",
+      "guidance": "Track restriction states and enforcement.",
+      "evidence_types": ["restriction_log"],
+      "frequency": "monthly",
+      "owner": "Privacy Officer",
+      "system": "rights_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "art20",
+      "clause": "Art.20",
+      "title": "Right to Data Portability",
+      "requirement": "Provide portable personal data where applicable.",
+      "guidance": "Track portability requests and delivery.",
+      "evidence_types": ["portability_log"],
+      "frequency": "monthly",
+      "owner": "Privacy Officer",
+      "system": "rights_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "art21",
+      "clause": "Art.21",
+      "title": "Right to Object",
+      "requirement": "Honor objections to processing.",
+      "guidance": "Track objections and resulting actions.",
+      "evidence_types": ["objection_log"],
+      "frequency": "monthly",
+      "owner": "Privacy Officer",
+      "system": "rights_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "art22",
+      "clause": "Art.22",
+      "title": "Automated Decision-Making and Profiling",
+      "requirement": "Provide safeguards for automated decisions.",
+      "guidance": "Maintain human oversight and challenge workflow.",
+      "evidence_types": ["human_oversight_record", "automated_decision_review"],
+      "frequency": "monthly",
+      "owner": "Responsible AI Lead",
+      "system": "automated_decisioning",
+      "collection_method": "hybrid",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art25",
+      "clause": "Art.25",
+      "title": "Data Protection by Design and by Default",
+      "requirement": "Implement privacy by design/default safeguards.",
+      "guidance": "Document privacy design reviews.",
+      "evidence_types": ["privacy_design_review", "data_minimization_review"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "privacy_engineering",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art30",
+      "clause": "Art.30",
+      "title": "Records of Processing Activities",
+      "requirement": "Maintain records of processing activities.",
+      "guidance": "Track purposes, categories, recipients, and safeguards.",
+      "evidence_types": ["processing_activity_register"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "records_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art32",
+      "clause": "Art.32",
+      "title": "Security of Processing",
+      "requirement": "Implement appropriate technical and organizational security.",
+      "guidance": "Demonstrate confidentiality, integrity, and resilience controls.",
+      "evidence_types": ["security_control_report", "incident_response_record"],
+      "frequency": "monthly",
+      "owner": "Security Lead",
+      "system": "security",
+      "collection_method": "hybrid",
+      "status": "gap",
+      "priority": "critical"
+    },
+    {
+      "control_id": "art33",
+      "clause": "Art.33",
+      "title": "Breach Notification to Supervisory Authority",
+      "requirement": "Notify authority within required timeframe for qualifying breaches.",
+      "guidance": "Track breach timeline and authority notifications.",
+      "evidence_types": ["breach_notification_log"],
+      "frequency": "on_incident",
+      "owner": "Security Lead",
+      "system": "incident_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "critical"
+    },
+    {
+      "control_id": "art35",
+      "clause": "Art.35",
+      "title": "Data Protection Impact Assessment",
+      "requirement": "Perform DPIA for high-risk processing.",
+      "guidance": "Maintain DPIA methodology, outcomes, and approvals.",
+      "evidence_types": ["dpia_report", "risk_register"],
+      "frequency": "per_release",
+      "owner": "Responsible AI Lead",
+      "system": "risk_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    }
+  ]
+}