monora-ai 2.1.0 → 2.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +339 -158
- package/dist/aims_governance.d.ts +238 -0
- package/dist/aims_governance.d.ts.map +1 -0
- package/dist/aims_governance.js +922 -0
- package/dist/alerts.d.ts +16 -0
- package/dist/alerts.d.ts.map +1 -1
- package/dist/alerts.js +16 -0
- package/dist/api.d.ts +6 -0
- package/dist/api.d.ts.map +1 -1
- package/dist/api.js +6 -0
- package/dist/assessment.d.ts +85 -0
- package/dist/assessment.d.ts.map +1 -1
- package/dist/assessment.js +525 -13
- package/dist/attribution.d.ts +44 -3
- package/dist/attribution.d.ts.map +1 -1
- package/dist/attribution.js +197 -10
- package/dist/autodetect.d.ts +68 -0
- package/dist/autodetect.d.ts.map +1 -1
- package/dist/autodetect.js +639 -0
- package/dist/bias.d.ts +130 -0
- package/dist/bias.d.ts.map +1 -0
- package/dist/bias.js +223 -0
- package/dist/cli/diagnostics.d.ts +5 -1
- package/dist/cli/diagnostics.d.ts.map +1 -1
- package/dist/cli/diagnostics.js +23 -6
- package/dist/cli/doctor.d.ts +25 -0
- package/dist/cli/doctor.d.ts.map +1 -0
- package/dist/cli/doctor.js +381 -0
- package/dist/cli/fix.d.ts +16 -0
- package/dist/cli/fix.d.ts.map +1 -0
- package/dist/cli/fix.js +284 -0
- package/dist/cli/init.d.ts +57 -0
- package/dist/cli/init.d.ts.map +1 -0
- package/dist/cli/init.js +205 -0
- package/dist/cli.js +1564 -177
- package/dist/complianceConsolidation.d.ts +17 -0
- package/dist/complianceConsolidation.d.ts.map +1 -0
- package/dist/complianceConsolidation.js +68 -0
- package/dist/complianceTargets.d.ts +111 -0
- package/dist/complianceTargets.d.ts.map +1 -0
- package/dist/complianceTargets.js +521 -0
- package/dist/config.d.ts +261 -16
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +381 -32
- package/dist/config_migrations.d.ts.map +1 -1
- package/dist/config_migrations.js +38 -1
- package/dist/config_schema.d.ts +2490 -1035
- package/dist/config_schema.d.ts.map +1 -1
- package/dist/config_schema.js +233 -64
- package/dist/context.d.ts +34 -0
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +118 -7
- package/dist/control_backbone.d.ts +128 -0
- package/dist/control_backbone.d.ts.map +1 -0
- package/dist/control_backbone.js +826 -0
- package/dist/data-governance.d.ts +187 -0
- package/dist/data-governance.d.ts.map +1 -0
- package/dist/data-governance.js +424 -0
- package/dist/dataResidency.d.ts +44 -0
- package/dist/dataResidency.d.ts.map +1 -0
- package/dist/dataResidency.js +203 -0
- package/dist/dispatcher.d.ts.map +1 -1
- package/dist/dispatcher.js +17 -5
- package/dist/evidence_store.d.ts +103 -0
- package/dist/evidence_store.d.ts.map +1 -0
- package/dist/evidence_store.js +459 -0
- package/dist/executiveSummary.d.ts +15 -0
- package/dist/executiveSummary.d.ts.map +1 -1
- package/dist/executiveSummary.js +135 -22
- package/dist/identity.d.ts +143 -0
- package/dist/identity.d.ts.map +1 -0
- package/dist/identity.js +231 -0
- package/dist/impact-assessment.d.ts +350 -0
- package/dist/impact-assessment.d.ts.map +1 -0
- package/dist/impact-assessment.js +580 -0
- package/dist/index.d.ts +21 -4
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +254 -5
- package/dist/instrumentation.d.ts +1 -1
- package/dist/instrumentation.d.ts.map +1 -1
- package/dist/instrumentation.js +123 -22
- package/dist/integrations/anthropic.d.ts +3 -0
- package/dist/integrations/anthropic.d.ts.map +1 -1
- package/dist/integrations/anthropic.js +282 -80
- package/dist/integrations/governance.d.ts +33 -0
- package/dist/integrations/governance.d.ts.map +1 -0
- package/dist/integrations/governance.js +208 -0
- package/dist/integrations/langchain.d.ts +4 -0
- package/dist/integrations/langchain.d.ts.map +1 -1
- package/dist/integrations/langchain.js +362 -142
- package/dist/integrations/openai.d.ts +9 -0
- package/dist/integrations/openai.d.ts.map +1 -1
- package/dist/integrations/openai.js +673 -73
- package/dist/iso42001_consolidation.d.ts +16 -0
- package/dist/iso42001_consolidation.d.ts.map +1 -0
- package/dist/iso42001_consolidation.js +413 -0
- package/dist/iso42001_workflows.d.ts +263 -0
- package/dist/iso42001_workflows.d.ts.map +1 -0
- package/dist/iso42001_workflows.js +781 -0
- package/dist/lifecycle.d.ts +299 -0
- package/dist/lifecycle.d.ts.map +1 -0
- package/dist/lifecycle.js +624 -0
- package/dist/lineage.d.ts +2 -2
- package/dist/lineage.d.ts.map +1 -1
- package/dist/lineage.js +9 -16
- package/dist/middleware/express.d.ts.map +1 -1
- package/dist/middleware/express.js +18 -3
- package/dist/middleware/nextjs.js +2 -2
- package/dist/model.d.ts +143 -0
- package/dist/model.d.ts.map +1 -0
- package/dist/model.js +371 -0
- package/dist/onboarding.d.ts +42 -0
- package/dist/onboarding.d.ts.map +1 -0
- package/dist/onboarding.js +1075 -0
- package/dist/oversight.d.ts +264 -0
- package/dist/oversight.d.ts.map +1 -0
- package/dist/oversight.js +497 -0
- package/dist/presets.js +7 -7
- package/dist/quotas.d.ts +171 -0
- package/dist/quotas.d.ts.map +1 -0
- package/dist/quotas.js +259 -0
- package/dist/register.d.ts +13 -0
- package/dist/register.d.ts.map +1 -0
- package/dist/register.js +99 -0
- package/dist/registry.d.ts +1 -0
- package/dist/registry.d.ts.map +1 -1
- package/dist/registry.js +7 -0
- package/dist/registryData.json +43 -6
- package/dist/report.d.ts +2 -1
- package/dist/report.d.ts.map +1 -1
- package/dist/report.js +189 -2
- package/dist/reporting.d.ts +125 -0
- package/dist/reporting.d.ts.map +1 -1
- package/dist/reporting.js +192 -2
- package/dist/resources.d.ts +285 -0
- package/dist/resources.d.ts.map +1 -0
- package/dist/resources.js +643 -0
- package/dist/risk.d.ts +120 -0
- package/dist/risk.d.ts.map +1 -0
- package/dist/risk.js +220 -0
- package/dist/runtime.d.ts +74 -0
- package/dist/runtime.d.ts.map +1 -1
- package/dist/runtime.js +416 -18
- package/dist/schemaInference.d.ts +92 -0
- package/dist/schemaInference.d.ts.map +1 -0
- package/dist/schemaInference.js +466 -0
- package/dist/schema_validation.js +2 -2
- package/dist/schemas/config.schema.json +118 -4
- package/dist/security_report.js +4 -4
- package/dist/signing.d.ts +1 -1
- package/dist/signing.d.ts.map +1 -1
- package/dist/signing.js +4 -0
- package/dist/sinks/file.d.ts +19 -1
- package/dist/sinks/file.d.ts.map +1 -1
- package/dist/sinks/file.js +82 -13
- package/dist/sinks/https.d.ts +10 -0
- package/dist/sinks/https.d.ts.map +1 -1
- package/dist/sinks/https.js +76 -16
- package/dist/sinks/stdout.d.ts +1 -0
- package/dist/sinks/stdout.d.ts.map +1 -1
- package/dist/sinks/stdout.js +12 -1
- package/dist/spec.d.ts +159 -0
- package/dist/spec.d.ts.map +1 -0
- package/dist/spec.js +391 -0
- package/dist/stakeholders.d.ts +199 -0
- package/dist/stakeholders.d.ts.map +1 -0
- package/dist/stakeholders.js +398 -0
- package/dist/standards.d.ts.map +1 -1
- package/dist/standards.js +160 -2
- package/dist/standards_ingest.d.ts.map +1 -1
- package/dist/standards_ingest.js +1 -4
- package/dist/telemetry.d.ts +16 -2
- package/dist/telemetry.d.ts.map +1 -1
- package/dist/telemetry.js +77 -14
- package/dist/templates/controls/gdpr_control_catalog.json +261 -0
- package/dist/templates/controls/iso42001_control_catalog.json +1443 -0
- package/dist/templates/controls/soc2_control_catalog.json +163 -0
- package/dist/templates/standards/iso42001_claims.json +72 -0
- package/dist/traced_emitter.d.ts.map +1 -1
- package/dist/traced_emitter.js +19 -9
- package/dist/trust_package.d.ts +20 -1
- package/dist/trust_package.d.ts.map +1 -1
- package/dist/trust_package.js +90 -2
- package/dist/verify.d.ts.map +1 -1
- package/dist/verify.js +9 -2
- package/dist/wal.d.ts.map +1 -1
- package/dist/wal.js +2 -1
- package/package.json +14 -1
- package/scripts/postinstall.js +105 -210
- package/templates/controls/gdpr_control_catalog.json +261 -0
- package/templates/controls/iso42001_control_catalog.json +1443 -0
- package/templates/controls/soc2_control_catalog.json +163 -0
- package/templates/standards/iso42001_claims.json +72 -0
|
@@ -0,0 +1,163 @@
|
|
|
1
|
+
{
|
|
2
|
+
"catalog_id": "soc2_gap_catalog_monora",
|
|
3
|
+
"standard": "SOC2",
|
|
4
|
+
"version": "0.1.0",
|
|
5
|
+
"generated_at": "2026-02-16T00:00:00+00:00",
|
|
6
|
+
"notes": "Default SOC 2 Trust Services Criteria control catalog for workflow coverage and gap prioritization.",
|
|
7
|
+
"controls": [
|
|
8
|
+
{
|
|
9
|
+
"control_id": "CC1",
|
|
10
|
+
"clause": "CC",
|
|
11
|
+
"title": "Control Environment",
|
|
12
|
+
"requirement": "Establish integrity and ethical values.",
|
|
13
|
+
"guidance": "Document governance and accountability structure.",
|
|
14
|
+
"evidence_types": ["governance_charter", "policy_document"],
|
|
15
|
+
"frequency": "annual",
|
|
16
|
+
"owner": "Compliance Lead",
|
|
17
|
+
"system": "governance",
|
|
18
|
+
"collection_method": "manual",
|
|
19
|
+
"status": "gap",
|
|
20
|
+
"priority": "high"
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"control_id": "CC2",
|
|
24
|
+
"clause": "CC",
|
|
25
|
+
"title": "Communication and Information",
|
|
26
|
+
"requirement": "Maintain internal/external communication for controls.",
|
|
27
|
+
"guidance": "Document control communication channels.",
|
|
28
|
+
"evidence_types": ["communication_plan", "review_minutes"],
|
|
29
|
+
"frequency": "quarterly",
|
|
30
|
+
"owner": "Compliance Lead",
|
|
31
|
+
"system": "governance",
|
|
32
|
+
"collection_method": "manual",
|
|
33
|
+
"status": "gap",
|
|
34
|
+
"priority": "medium"
|
|
35
|
+
},
|
|
36
|
+
{
|
|
37
|
+
"control_id": "CC3",
|
|
38
|
+
"clause": "CC",
|
|
39
|
+
"title": "Risk Assessment",
|
|
40
|
+
"requirement": "Identify and analyze risks.",
|
|
41
|
+
"guidance": "Maintain risk register and periodic reviews.",
|
|
42
|
+
"evidence_types": ["risk_register", "risk_review_minutes"],
|
|
43
|
+
"frequency": "quarterly",
|
|
44
|
+
"owner": "Risk Lead",
|
|
45
|
+
"system": "risk_management",
|
|
46
|
+
"collection_method": "hybrid",
|
|
47
|
+
"status": "gap",
|
|
48
|
+
"priority": "high"
|
|
49
|
+
},
|
|
50
|
+
{
|
|
51
|
+
"control_id": "CC4",
|
|
52
|
+
"clause": "CC",
|
|
53
|
+
"title": "Monitoring Activities",
|
|
54
|
+
"requirement": "Monitor controls and remediate deficiencies.",
|
|
55
|
+
"guidance": "Track monitoring outcomes and corrective actions.",
|
|
56
|
+
"evidence_types": ["monitoring_report", "corrective_action_log"],
|
|
57
|
+
"frequency": "monthly",
|
|
58
|
+
"owner": "Internal Audit Lead",
|
|
59
|
+
"system": "monitoring",
|
|
60
|
+
"collection_method": "hybrid",
|
|
61
|
+
"status": "gap",
|
|
62
|
+
"priority": "high"
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
"control_id": "CC5",
|
|
66
|
+
"clause": "CC",
|
|
67
|
+
"title": "Control Activities",
|
|
68
|
+
"requirement": "Implement and enforce control procedures.",
|
|
69
|
+
"guidance": "Enforce policies and document exceptions.",
|
|
70
|
+
"evidence_types": ["policy_configuration", "exception_log"],
|
|
71
|
+
"frequency": "monthly",
|
|
72
|
+
"owner": "Security Lead",
|
|
73
|
+
"system": "policy_enforcement",
|
|
74
|
+
"collection_method": "hybrid",
|
|
75
|
+
"status": "gap",
|
|
76
|
+
"priority": "high"
|
|
77
|
+
},
|
|
78
|
+
{
|
|
79
|
+
"control_id": "CC6",
|
|
80
|
+
"clause": "CC",
|
|
81
|
+
"title": "Logical and Physical Access Controls",
|
|
82
|
+
"requirement": "Restrict system access to authorized users.",
|
|
83
|
+
"guidance": "Track identity controls and least-privilege access.",
|
|
84
|
+
"evidence_types": ["identity_and_mfa_report", "access_review"],
|
|
85
|
+
"frequency": "monthly",
|
|
86
|
+
"owner": "Security Lead",
|
|
87
|
+
"system": "access_control",
|
|
88
|
+
"collection_method": "hybrid",
|
|
89
|
+
"status": "gap",
|
|
90
|
+
"priority": "critical"
|
|
91
|
+
},
|
|
92
|
+
{
|
|
93
|
+
"control_id": "CC7",
|
|
94
|
+
"clause": "CC",
|
|
95
|
+
"title": "System Operations",
|
|
96
|
+
"requirement": "Detect and respond to operational anomalies.",
|
|
97
|
+
"guidance": "Track runtime integrity and incident response.",
|
|
98
|
+
"evidence_types": ["runtime_observability_report", "incident_response_record"],
|
|
99
|
+
"frequency": "monthly",
|
|
100
|
+
"owner": "Operations Lead",
|
|
101
|
+
"system": "operations",
|
|
102
|
+
"collection_method": "hybrid",
|
|
103
|
+
"status": "gap",
|
|
104
|
+
"priority": "high"
|
|
105
|
+
},
|
|
106
|
+
{
|
|
107
|
+
"control_id": "CC8",
|
|
108
|
+
"clause": "CC",
|
|
109
|
+
"title": "Change Management",
|
|
110
|
+
"requirement": "Manage changes through controlled workflow.",
|
|
111
|
+
"guidance": "Document approvals and deployment controls.",
|
|
112
|
+
"evidence_types": ["change_approval_record", "deployment_approval_records"],
|
|
113
|
+
"frequency": "monthly",
|
|
114
|
+
"owner": "Engineering Lead",
|
|
115
|
+
"system": "change_management",
|
|
116
|
+
"collection_method": "manual",
|
|
117
|
+
"status": "gap",
|
|
118
|
+
"priority": "medium"
|
|
119
|
+
},
|
|
120
|
+
{
|
|
121
|
+
"control_id": "CC9",
|
|
122
|
+
"clause": "CC",
|
|
123
|
+
"title": "Risk Mitigation",
|
|
124
|
+
"requirement": "Mitigate identified risks with documented actions.",
|
|
125
|
+
"guidance": "Track mitigation plans and completion.",
|
|
126
|
+
"evidence_types": ["risk_register", "mitigation_plan"],
|
|
127
|
+
"frequency": "quarterly",
|
|
128
|
+
"owner": "Risk Lead",
|
|
129
|
+
"system": "risk_management",
|
|
130
|
+
"collection_method": "hybrid",
|
|
131
|
+
"status": "gap",
|
|
132
|
+
"priority": "high"
|
|
133
|
+
},
|
|
134
|
+
{
|
|
135
|
+
"control_id": "P_SERIES",
|
|
136
|
+
"clause": "P",
|
|
137
|
+
"title": "Privacy",
|
|
138
|
+
"requirement": "Operate in accordance with privacy commitments.",
|
|
139
|
+
"guidance": "Document notices, consent, and subject rights handling.",
|
|
140
|
+
"evidence_types": ["privacy_notice", "data_subject_request_log"],
|
|
141
|
+
"frequency": "quarterly",
|
|
142
|
+
"owner": "Privacy Officer",
|
|
143
|
+
"system": "privacy_program",
|
|
144
|
+
"collection_method": "manual",
|
|
145
|
+
"status": "gap",
|
|
146
|
+
"priority": "high"
|
|
147
|
+
},
|
|
148
|
+
{
|
|
149
|
+
"control_id": "PI_SERIES",
|
|
150
|
+
"clause": "PI",
|
|
151
|
+
"title": "Processing Integrity",
|
|
152
|
+
"requirement": "Ensure complete, valid, and accurate processing.",
|
|
153
|
+
"guidance": "Track processing controls and integrity validation.",
|
|
154
|
+
"evidence_types": ["processing_integrity_report", "integrity_validation_log"],
|
|
155
|
+
"frequency": "monthly",
|
|
156
|
+
"owner": "Operations Lead",
|
|
157
|
+
"system": "processing_integrity",
|
|
158
|
+
"collection_method": "hybrid",
|
|
159
|
+
"status": "gap",
|
|
160
|
+
"priority": "high"
|
|
161
|
+
}
|
|
162
|
+
]
|
|
163
|
+
}
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
{
|
|
2
|
+
"report": {
|
|
3
|
+
"standard": "ISO42001",
|
|
4
|
+
"title": "ISO/IEC 42001 AIMS Claims Report",
|
|
5
|
+
"version": "2026-01",
|
|
6
|
+
"source": "Customer-provided report"
|
|
7
|
+
},
|
|
8
|
+
"excerpts": [],
|
|
9
|
+
"claims": [
|
|
10
|
+
{
|
|
11
|
+
"id": "ISO42001-A5",
|
|
12
|
+
"standard": "ISO42001",
|
|
13
|
+
"section": "A.5",
|
|
14
|
+
"statement": "AI risk and impact assessment workflows are enabled.",
|
|
15
|
+
"requires_excerpts": true,
|
|
16
|
+
"evidence_excerpts": [],
|
|
17
|
+
"checks": [
|
|
18
|
+
{ "type": "config_required", "path": "risk_register.enabled", "equals": true },
|
|
19
|
+
{ "type": "config_required", "path": "bias.enabled", "equals": true }
|
|
20
|
+
]
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"id": "ISO42001-A6",
|
|
24
|
+
"standard": "ISO42001",
|
|
25
|
+
"section": "A.6",
|
|
26
|
+
"statement": "Lifecycle and operational controls are tracked with immutable evidence.",
|
|
27
|
+
"requires_excerpts": true,
|
|
28
|
+
"evidence_excerpts": [],
|
|
29
|
+
"checks": [
|
|
30
|
+
{ "type": "config_required", "path": "lifecycle.enabled", "equals": true },
|
|
31
|
+
{ "type": "hash_chain_status", "status": "verified" },
|
|
32
|
+
{ "type": "sequence_gaps_max", "max": 0 }
|
|
33
|
+
]
|
|
34
|
+
},
|
|
35
|
+
{
|
|
36
|
+
"id": "ISO42001-A7",
|
|
37
|
+
"standard": "ISO42001",
|
|
38
|
+
"section": "A.7",
|
|
39
|
+
"statement": "Data governance controls are enabled for AI system data.",
|
|
40
|
+
"requires_excerpts": true,
|
|
41
|
+
"evidence_excerpts": [],
|
|
42
|
+
"checks": [
|
|
43
|
+
{ "type": "config_required", "path": "data_governance.enabled", "equals": true },
|
|
44
|
+
{ "type": "config_required", "path": "data_handling.enabled", "equals": true }
|
|
45
|
+
]
|
|
46
|
+
},
|
|
47
|
+
{
|
|
48
|
+
"id": "ISO42001-A8",
|
|
49
|
+
"standard": "ISO42001",
|
|
50
|
+
"section": "A.8",
|
|
51
|
+
"statement": "Human oversight and policy governance are documented.",
|
|
52
|
+
"requires_excerpts": true,
|
|
53
|
+
"evidence_excerpts": [],
|
|
54
|
+
"checks": [
|
|
55
|
+
{ "type": "config_required", "path": "human_oversight.enabled", "equals": true },
|
|
56
|
+
{ "type": "config_required", "path": "policies.enforce", "equals": true }
|
|
57
|
+
]
|
|
58
|
+
},
|
|
59
|
+
{
|
|
60
|
+
"id": "ISO42001-AIMS-INTEGRITY",
|
|
61
|
+
"standard": "ISO42001",
|
|
62
|
+
"section": "Clause 9/10",
|
|
63
|
+
"statement": "Governance evidence supports verifiable integrity for audit reporting.",
|
|
64
|
+
"requires_excerpts": true,
|
|
65
|
+
"evidence_excerpts": [],
|
|
66
|
+
"checks": [
|
|
67
|
+
{ "type": "signatures_status", "status": "verified" },
|
|
68
|
+
{ "type": "errors_max", "max": 0 }
|
|
69
|
+
]
|
|
70
|
+
}
|
|
71
|
+
]
|
|
72
|
+
}
|