npm - monora-ai - Versions diffs - 2.1.3 → 2.1.4 - Mend

monora-ai 2.1.3 → 2.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/README.md +15 -8
package/dist/assessment.d.ts.map +1 -1
package/dist/assessment.js +20 -1
package/dist/attribution.js +1 -1
package/dist/cli.js +18 -5
package/dist/complianceConsolidation.d.ts +17 -0
package/dist/complianceConsolidation.d.ts.map +1 -0
package/dist/complianceConsolidation.js +68 -0
package/dist/complianceTargets.d.ts +1 -1
package/dist/complianceTargets.d.ts.map +1 -1
package/dist/complianceTargets.js +2 -2
package/dist/config.js +1 -1
package/dist/config_schema.js +1 -1
package/dist/control_backbone.d.ts +9 -3
package/dist/control_backbone.d.ts.map +1 -1
package/dist/control_backbone.js +153 -25
package/dist/index.d.ts +2 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +10 -3
package/dist/onboarding.d.ts.map +1 -1
package/dist/onboarding.js +56 -3
package/dist/runtime.d.ts +1 -0
package/dist/runtime.d.ts.map +1 -1
package/dist/runtime.js +1 -0
package/dist/schemas/config.schema.json +1 -1
package/dist/templates/controls/gdpr_control_catalog.json +261 -0
package/dist/templates/controls/soc2_control_catalog.json +163 -0
package/dist/templates/standards/iso42001_claims.json +72 -0
package/dist/trust_package.d.ts +1 -0
package/dist/trust_package.d.ts.map +1 -1
package/dist/trust_package.js +2 -1
package/package.json +1 -1
package/templates/controls/gdpr_control_catalog.json +261 -0
package/templates/controls/soc2_control_catalog.json +163 -0
package/templates/standards/iso42001_claims.json +72 -0

package/dist/templates/controls/gdpr_control_catalog.json ADDED Viewed

@@ -0,0 +1,261 @@
+{
+  "catalog_id": "gdpr_gap_catalog_monora",
+  "standard": "GDPR",
+  "version": "0.1.0",
+  "generated_at": "2026-02-16T00:00:00+00:00",
+  "notes": "Default GDPR article coverage catalog for workflow gap analysis.",
+  "controls": [
+    {
+      "control_id": "art5",
+      "clause": "Art.5",
+      "title": "Principles Relating to Processing",
+      "requirement": "Apply lawfulness, fairness, transparency, minimization, and integrity principles.",
+      "guidance": "Maintain data handling policies and minimization controls.",
+      "evidence_types": ["data_handling_policy", "data_minimization_review"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "privacy_governance",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art6",
+      "clause": "Art.6",
+      "title": "Lawfulness of Processing",
+      "requirement": "Document lawful basis for processing.",
+      "guidance": "Track legal basis per data processing purpose.",
+      "evidence_types": ["lawful_basis_register"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "privacy_governance",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art7",
+      "clause": "Art.7",
+      "title": "Conditions for Consent",
+      "requirement": "Collect and manage valid consent where required.",
+      "guidance": "Track consent status and revocation.",
+      "evidence_types": ["consent_log", "consent_revocation_log"],
+      "frequency": "monthly",
+      "owner": "Privacy Officer",
+      "system": "consent_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art12",
+      "clause": "Art.12",
+      "title": "Transparent Information and Communication",
+      "requirement": "Provide transparent communications to data subjects.",
+      "guidance": "Maintain clear rights and request channels.",
+      "evidence_types": ["privacy_notice", "communication_record"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "transparency",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "art13",
+      "clause": "Art.13",
+      "title": "Information to Be Provided (Direct Collection)",
+      "requirement": "Provide required information when collecting data directly.",
+      "guidance": "Maintain direct collection notices and acknowledgments.",
+      "evidence_types": ["privacy_notice", "notice_acknowledgement"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "transparency",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "art14",
+      "clause": "Art.14",
+      "title": "Information to Be Provided (Indirect Collection)",
+      "requirement": "Provide required information when data is not collected directly.",
+      "guidance": "Maintain indirect collection notice process.",
+      "evidence_types": ["privacy_notice", "indirect_collection_log"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "transparency",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "art15",
+      "clause": "Art.15",
+      "title": "Right of Access",
+      "requirement": "Respond to access requests within legal timelines.",
+      "guidance": "Track request intake and fulfillment.",
+      "evidence_types": ["data_subject_request_log"],
+      "frequency": "monthly",
+      "owner": "Privacy Officer",
+      "system": "rights_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art16",
+      "clause": "Art.16",
+      "title": "Right to Rectification",
+      "requirement": "Correct inaccurate personal data.",
+      "guidance": "Track rectification workflow and completion.",
+      "evidence_types": ["rectification_log"],
+      "frequency": "monthly",
+      "owner": "Privacy Officer",
+      "system": "rights_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "art17",
+      "clause": "Art.17",
+      "title": "Right to Erasure",
+      "requirement": "Erase data when erasure conditions are met.",
+      "guidance": "Track erasure requests and outcomes.",
+      "evidence_types": ["erasure_log"],
+      "frequency": "monthly",
+      "owner": "Privacy Officer",
+      "system": "rights_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art18",
+      "clause": "Art.18",
+      "title": "Right to Restriction",
+      "requirement": "Restrict processing when requested and applicable.",
+      "guidance": "Track restriction states and enforcement.",
+      "evidence_types": ["restriction_log"],
+      "frequency": "monthly",
+      "owner": "Privacy Officer",
+      "system": "rights_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "art20",
+      "clause": "Art.20",
+      "title": "Right to Data Portability",
+      "requirement": "Provide portable personal data where applicable.",
+      "guidance": "Track portability requests and delivery.",
+      "evidence_types": ["portability_log"],
+      "frequency": "monthly",
+      "owner": "Privacy Officer",
+      "system": "rights_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "art21",
+      "clause": "Art.21",
+      "title": "Right to Object",
+      "requirement": "Honor objections to processing.",
+      "guidance": "Track objections and resulting actions.",
+      "evidence_types": ["objection_log"],
+      "frequency": "monthly",
+      "owner": "Privacy Officer",
+      "system": "rights_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "art22",
+      "clause": "Art.22",
+      "title": "Automated Decision-Making and Profiling",
+      "requirement": "Provide safeguards for automated decisions.",
+      "guidance": "Maintain human oversight and challenge workflow.",
+      "evidence_types": ["human_oversight_record", "automated_decision_review"],
+      "frequency": "monthly",
+      "owner": "Responsible AI Lead",
+      "system": "automated_decisioning",
+      "collection_method": "hybrid",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art25",
+      "clause": "Art.25",
+      "title": "Data Protection by Design and by Default",
+      "requirement": "Implement privacy by design/default safeguards.",
+      "guidance": "Document privacy design reviews.",
+      "evidence_types": ["privacy_design_review", "data_minimization_review"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "privacy_engineering",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art30",
+      "clause": "Art.30",
+      "title": "Records of Processing Activities",
+      "requirement": "Maintain records of processing activities.",
+      "guidance": "Track purposes, categories, recipients, and safeguards.",
+      "evidence_types": ["processing_activity_register"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "records_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "art32",
+      "clause": "Art.32",
+      "title": "Security of Processing",
+      "requirement": "Implement appropriate technical and organizational security.",
+      "guidance": "Demonstrate confidentiality, integrity, and resilience controls.",
+      "evidence_types": ["security_control_report", "incident_response_record"],
+      "frequency": "monthly",
+      "owner": "Security Lead",
+      "system": "security",
+      "collection_method": "hybrid",
+      "status": "gap",
+      "priority": "critical"
+    },
+    {
+      "control_id": "art33",
+      "clause": "Art.33",
+      "title": "Breach Notification to Supervisory Authority",
+      "requirement": "Notify authority within required timeframe for qualifying breaches.",
+      "guidance": "Track breach timeline and authority notifications.",
+      "evidence_types": ["breach_notification_log"],
+      "frequency": "on_incident",
+      "owner": "Security Lead",
+      "system": "incident_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "critical"
+    },
+    {
+      "control_id": "art35",
+      "clause": "Art.35",
+      "title": "Data Protection Impact Assessment",
+      "requirement": "Perform DPIA for high-risk processing.",
+      "guidance": "Maintain DPIA methodology, outcomes, and approvals.",
+      "evidence_types": ["dpia_report", "risk_register"],
+      "frequency": "per_release",
+      "owner": "Responsible AI Lead",
+      "system": "risk_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    }
+  ]
+}

package/dist/templates/controls/soc2_control_catalog.json ADDED Viewed

@@ -0,0 +1,163 @@
+{
+  "catalog_id": "soc2_gap_catalog_monora",
+  "standard": "SOC2",
+  "version": "0.1.0",
+  "generated_at": "2026-02-16T00:00:00+00:00",
+  "notes": "Default SOC 2 Trust Services Criteria control catalog for workflow coverage and gap prioritization.",
+  "controls": [
+    {
+      "control_id": "CC1",
+      "clause": "CC",
+      "title": "Control Environment",
+      "requirement": "Establish integrity and ethical values.",
+      "guidance": "Document governance and accountability structure.",
+      "evidence_types": ["governance_charter", "policy_document"],
+      "frequency": "annual",
+      "owner": "Compliance Lead",
+      "system": "governance",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "CC2",
+      "clause": "CC",
+      "title": "Communication and Information",
+      "requirement": "Maintain internal/external communication for controls.",
+      "guidance": "Document control communication channels.",
+      "evidence_types": ["communication_plan", "review_minutes"],
+      "frequency": "quarterly",
+      "owner": "Compliance Lead",
+      "system": "governance",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "CC3",
+      "clause": "CC",
+      "title": "Risk Assessment",
+      "requirement": "Identify and analyze risks.",
+      "guidance": "Maintain risk register and periodic reviews.",
+      "evidence_types": ["risk_register", "risk_review_minutes"],
+      "frequency": "quarterly",
+      "owner": "Risk Lead",
+      "system": "risk_management",
+      "collection_method": "hybrid",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "CC4",
+      "clause": "CC",
+      "title": "Monitoring Activities",
+      "requirement": "Monitor controls and remediate deficiencies.",
+      "guidance": "Track monitoring outcomes and corrective actions.",
+      "evidence_types": ["monitoring_report", "corrective_action_log"],
+      "frequency": "monthly",
+      "owner": "Internal Audit Lead",
+      "system": "monitoring",
+      "collection_method": "hybrid",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "CC5",
+      "clause": "CC",
+      "title": "Control Activities",
+      "requirement": "Implement and enforce control procedures.",
+      "guidance": "Enforce policies and document exceptions.",
+      "evidence_types": ["policy_configuration", "exception_log"],
+      "frequency": "monthly",
+      "owner": "Security Lead",
+      "system": "policy_enforcement",
+      "collection_method": "hybrid",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "CC6",
+      "clause": "CC",
+      "title": "Logical and Physical Access Controls",
+      "requirement": "Restrict system access to authorized users.",
+      "guidance": "Track identity controls and least-privilege access.",
+      "evidence_types": ["identity_and_mfa_report", "access_review"],
+      "frequency": "monthly",
+      "owner": "Security Lead",
+      "system": "access_control",
+      "collection_method": "hybrid",
+      "status": "gap",
+      "priority": "critical"
+    },
+    {
+      "control_id": "CC7",
+      "clause": "CC",
+      "title": "System Operations",
+      "requirement": "Detect and respond to operational anomalies.",
+      "guidance": "Track runtime integrity and incident response.",
+      "evidence_types": ["runtime_observability_report", "incident_response_record"],
+      "frequency": "monthly",
+      "owner": "Operations Lead",
+      "system": "operations",
+      "collection_method": "hybrid",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "CC8",
+      "clause": "CC",
+      "title": "Change Management",
+      "requirement": "Manage changes through controlled workflow.",
+      "guidance": "Document approvals and deployment controls.",
+      "evidence_types": ["change_approval_record", "deployment_approval_records"],
+      "frequency": "monthly",
+      "owner": "Engineering Lead",
+      "system": "change_management",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "medium"
+    },
+    {
+      "control_id": "CC9",
+      "clause": "CC",
+      "title": "Risk Mitigation",
+      "requirement": "Mitigate identified risks with documented actions.",
+      "guidance": "Track mitigation plans and completion.",
+      "evidence_types": ["risk_register", "mitigation_plan"],
+      "frequency": "quarterly",
+      "owner": "Risk Lead",
+      "system": "risk_management",
+      "collection_method": "hybrid",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "P_SERIES",
+      "clause": "P",
+      "title": "Privacy",
+      "requirement": "Operate in accordance with privacy commitments.",
+      "guidance": "Document notices, consent, and subject rights handling.",
+      "evidence_types": ["privacy_notice", "data_subject_request_log"],
+      "frequency": "quarterly",
+      "owner": "Privacy Officer",
+      "system": "privacy_program",
+      "collection_method": "manual",
+      "status": "gap",
+      "priority": "high"
+    },
+    {
+      "control_id": "PI_SERIES",
+      "clause": "PI",
+      "title": "Processing Integrity",
+      "requirement": "Ensure complete, valid, and accurate processing.",
+      "guidance": "Track processing controls and integrity validation.",
+      "evidence_types": ["processing_integrity_report", "integrity_validation_log"],
+      "frequency": "monthly",
+      "owner": "Operations Lead",
+      "system": "processing_integrity",
+      "collection_method": "hybrid",
+      "status": "gap",
+      "priority": "high"
+    }
+  ]
+}

package/dist/templates/standards/iso42001_claims.json ADDED Viewed

@@ -0,0 +1,72 @@
+{
+  "report": {
+    "standard": "ISO42001",
+    "title": "ISO/IEC 42001 AIMS Claims Report",
+    "version": "2026-01",
+    "source": "Customer-provided report"
+  },
+  "excerpts": [],
+  "claims": [
+    {
+      "id": "ISO42001-A5",
+      "standard": "ISO42001",
+      "section": "A.5",
+      "statement": "AI risk and impact assessment workflows are enabled.",
+      "requires_excerpts": true,
+      "evidence_excerpts": [],
+      "checks": [
+        { "type": "config_required", "path": "risk_register.enabled", "equals": true },
+        { "type": "config_required", "path": "bias.enabled", "equals": true }
+      ]
+    },
+    {
+      "id": "ISO42001-A6",
+      "standard": "ISO42001",
+      "section": "A.6",
+      "statement": "Lifecycle and operational controls are tracked with immutable evidence.",
+      "requires_excerpts": true,
+      "evidence_excerpts": [],
+      "checks": [
+        { "type": "config_required", "path": "lifecycle.enabled", "equals": true },
+        { "type": "hash_chain_status", "status": "verified" },
+        { "type": "sequence_gaps_max", "max": 0 }
+      ]
+    },
+    {
+      "id": "ISO42001-A7",
+      "standard": "ISO42001",
+      "section": "A.7",
+      "statement": "Data governance controls are enabled for AI system data.",
+      "requires_excerpts": true,
+      "evidence_excerpts": [],
+      "checks": [
+        { "type": "config_required", "path": "data_governance.enabled", "equals": true },
+        { "type": "config_required", "path": "data_handling.enabled", "equals": true }
+      ]
+    },
+    {
+      "id": "ISO42001-A8",
+      "standard": "ISO42001",
+      "section": "A.8",
+      "statement": "Human oversight and policy governance are documented.",
+      "requires_excerpts": true,
+      "evidence_excerpts": [],
+      "checks": [
+        { "type": "config_required", "path": "human_oversight.enabled", "equals": true },
+        { "type": "config_required", "path": "policies.enforce", "equals": true }
+      ]
+    },
+    {
+      "id": "ISO42001-AIMS-INTEGRITY",
+      "standard": "ISO42001",
+      "section": "Clause 9/10",
+      "statement": "Governance evidence supports verifiable integrity for audit reporting.",
+      "requires_excerpts": true,
+      "evidence_excerpts": [],
+      "checks": [
+        { "type": "signatures_status", "status": "verified" },
+        { "type": "errors_max", "max": 0 }
+      ]
+    }
+  ]
+}

package/dist/trust_package.d.ts CHANGED Viewed

@@ -28,6 +28,7 @@ export interface TrustPackageBuildOptions {
     evidenceManifestIncludeAimsState?: boolean;
     controlCatalog?: Record<string, any>;
     controlCatalogPath?: string;
+    controlCatalogStandard?: string;
     controlWorkflowState?: Record<string, any>;
     controlWorkflowStatePath?: string;
     controlCoverageTarget?: number;

package/dist/trust_package.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"trust_package.d.ts","sourceRoot":"","sources":["../src/trust_package.ts"],"names":[],"mappings":"AAAA;;GAEG;AAOH,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAQxC,MAAM,WAAW,YAAY;IAC3B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACvC,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACtC,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACrC,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACrC,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACxC,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACrC,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3C,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,sBAAsB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC9C;AAED,MAAM,WAAW,wBAAwB;IACvC,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACvC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,8BAA8B,CAAC,EAAE,OAAO,CAAC;IACzC,gCAAgC,CAAC,EAAE,OAAO,CAAC;IAC3C,oCAAoC,CAAC,EAAE,OAAO,CAAC;IAC/C,gCAAgC,CAAC,EAAE,OAAO,CAAC;IAC3C,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACrC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3C,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EAClC,MAAM,EAAE,YAAY,EACpB,OAAO,CAAC,EAAE,wBAAwB,GACjC,YAAY,~~CA2Fd~~;AAED,wBAAgB,iBAAiB,CAC/B,YAAY,EAAE,YAAY,EAC1B,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC9C,YAAY,CAQd;AAED,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,YAAY,GAAG,IAAI,CAOtF;AAED,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EAClC,OAAO,EAAE,MAAM,GACd,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAS5B"}
1	+ {"version":3,"file":"trust_package.d.ts","sourceRoot":"","sources":["../src/trust_package.ts"],"names":[],"mappings":"AAAA;;GAEG;AAOH,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAQxC,MAAM,WAAW,YAAY;IAC3B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACvC,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACtC,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACrC,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACrC,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACxC,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACrC,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3C,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,sBAAsB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC9C;AAED,MAAM,WAAW,wBAAwB;IACvC,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACvC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,8BAA8B,CAAC,EAAE,OAAO,CAAC;IACzC,gCAAgC,CAAC,EAAE,OAAO,CAAC;IAC3C,oCAAoC,CAAC,EAAE,OAAO,CAAC;IAC/C,gCAAgC,CAAC,EAAE,OAAO,CAAC;IAC3C,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACrC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3C,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EAClC,MAAM,EAAE,YAAY,EACpB,OAAO,CAAC,EAAE,wBAAwB,GACjC,YAAY,CA4Fd;AAED,wBAAgB,iBAAiB,CAC/B,YAAY,EAAE,YAAY,EAC1B,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC9C,YAAY,CAQd;AAED,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,YAAY,GAAG,IAAI,CAOtF;AAED,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EAClC,OAAO,EAAE,MAAM,GACd,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAS5B"}

package/dist/trust_package.js CHANGED Viewed

@@ -103,7 +103,7 @@ function buildTrustPackage(traceId, events, config, options) {
         }
         if (!catalog) {
             try {
-                catalog = (0, control_backbone_1.loadDefaultIso42001Catalog)();
+                catalog = (0, control_backbone_1.loadDefaultControlCatalog)(options?.controlCatalogStandard || 'ISO42001');
             }
             catch (_err) {
                 catalog = null;
@@ -118,6 +118,7 @@ function buildTrustPackage(traceId, events, config, options) {
                 targetCoverage: typeof options?.controlCoverageTarget === 'number'
                     ? options.controlCoverageTarget
                     : 0.9,
+                standard: options?.controlCatalogStandard,
             });
             trustPackage.control_coverage = coverage;
             if (options?.controlCoveragePath) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "monora-ai",
-  "version": "2.1.3",
+  "version": "2.1.4",
   "description": "Lightweight governance and trace SDK for AI systems",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",