staisix-cli 1.0.0 β 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +89 -0
- package/package.json +7 -2
package/README.md
ADDED
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
# staisix-cli π‘
|
|
2
|
+
|
|
3
|
+
[](https://npmjs.com)
|
|
4
|
+
[](https://opensource.org)
|
|
5
|
+
|
|
6
|
+
> **Continuous Policy-as-Code AI Governance.** Shift compliance left by embedding automated regulatory guardrails directly inside your local developer GitOps pipelines.
|
|
7
|
+
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
## π Overview
|
|
11
|
+
|
|
12
|
+
**STAISIX** turns complex international AI regulations (including the **EU AI Act**, **NIST AI RMF**, and **ISO/IEC 42001**) into deterministic, automated filesystem inspection checks.
|
|
13
|
+
|
|
14
|
+
The `staisix-cli` binary intercepts non-compliant model repository builds directly within your local CI/CD engine runtimesβhalting code promotions before non-compliant systems reach live production networks, while delivering 15-minute diagnostic self-remediation logs directly in the developer terminal console.
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## π οΈ Installation
|
|
19
|
+
|
|
20
|
+
Install the compliance scanning engine globally on your system path via the Node Package Manager:
|
|
21
|
+
|
|
22
|
+
```bash
|
|
23
|
+
npm install -g staisix-cli
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
---
|
|
27
|
+
|
|
28
|
+
## π Quick Start: 3-Step Repository Initialization
|
|
29
|
+
|
|
30
|
+
### 1. Provision Your Local Configuration File
|
|
31
|
+
Create a new file named exactly `staisix.config.json` right inside your root repository folder path to define your tenant identification parameters:
|
|
32
|
+
|
|
33
|
+
```json
|
|
34
|
+
{
|
|
35
|
+
"organization": "Your Company Name",
|
|
36
|
+
"aiSystemName": "your_repository_microservice_name"
|
|
37
|
+
}
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
### 2. Establish Your Evidence Asset Folder Tree
|
|
41
|
+
STAISIX evaluates your framework controls locally through decoupled evidence artifacts. Create your local subfolder structure:
|
|
42
|
+
|
|
43
|
+
```bash
|
|
44
|
+
mkdir -p .staisix/evidence
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
### 3. Execute Your First Compliance Scan
|
|
48
|
+
To evaluate your repository filesystem against active global compliance guardrails, run the binary scanner natively:
|
|
49
|
+
|
|
50
|
+
```bash
|
|
51
|
+
staisix scan
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
---
|
|
55
|
+
|
|
56
|
+
## π Evaluated Framework Controls Mapping
|
|
57
|
+
|
|
58
|
+
| Control Token ID | Checked Repository File Asset | Cross-Regulatory Legal Alignments |
|
|
59
|
+
| :--- | :--- | :--- |
|
|
60
|
+
| **`STX-OVERSIGHT-01`** | `.staisix/evidence/oversight_policy.md` | β’ **EU AI Act:** Article 14 (Human Oversight)<br>β’ **NIST AI RMF:** GOVERN 1.2 (Roles & Responsibilities)<br>β’ **ISO 42001:** Annex A.7.4 (Human Supervision) |
|
|
61
|
+
| **`STX-DATA-02`** | `.staisix/evidence/data_manifest.csv` | β’ **EU AI Act:** Article 10 (Data Governance)<br>β’ **NIST AI RMF:** MEASURE 2.1 (Data Lineage Tracing)<br>β’ **ISO 42001:** Annex A.8.2 (Data for AI Systems) |
|
|
62
|
+
|
|
63
|
+
---
|
|
64
|
+
|
|
65
|
+
## π Self-Remediation Workflow (How to Clear Blocker Gates)
|
|
66
|
+
|
|
67
|
+
If an automated scan intercepts your build layout and returns a hard exit code `1` (`π [BUILD ERROR]`), read your terminal output logs to identify the missing documentation.
|
|
68
|
+
|
|
69
|
+
To "self-heal" the pipeline and unblock your release timeline, populate your nested `.staisix/evidence/` folder path with the required framework compliance artifacts:
|
|
70
|
+
|
|
71
|
+
* **To clear `STX-OVERSIGHT-01`:** Document your human-in-the-loop oversight mechanisms inside `.staisix/evidence/oversight_policy.md`.
|
|
72
|
+
* **To clear `STX-DATA-02`:** Document your training dataset characteristics, data provenance parameters, and compliance hashes inside `.staisix/evidence/data_manifest.csv`.
|
|
73
|
+
|
|
74
|
+
Once the missing evidence files exist in the repository, re-running `staisix scan` will pass instantly, print a green success log, and authorize a successful production code promotion with exit code `0`.
|
|
75
|
+
|
|
76
|
+
---
|
|
77
|
+
|
|
78
|
+
## π Data Privacy & Multi-Tenant Security Blueprint
|
|
79
|
+
|
|
80
|
+
The `staisix-cli` utility respects strict corporate data privacy standards. **Our scanner never accesses, views, or ingests your proprietary model weights or source code files.**
|
|
81
|
+
|
|
82
|
+
The scanning engine performs all logical evaluation loops completely within your local system's isolated runtime runtime memory. Only a passing/blocked status flag, your system identification tokens, and the triggered failure Control IDs are transmitted over the web to our secure multi-tenant ledger.
|
|
83
|
+
|
|
84
|
+
---
|
|
85
|
+
|
|
86
|
+
## β‘ Support & Beta Pilot Access
|
|
87
|
+
To acquire a verified corporate registration key or gain access to your cloud GRC Executive Summary Monitoring dashboards, visit your portal at [staisix.com](https://staisix.com).
|
|
88
|
+
|
|
89
|
+
*For priority technical support channels, connect with your assigned Technical Account Manager directly inside your team's dedicated Slack connect channel.*
|
package/package.json
CHANGED
|
@@ -1,13 +1,18 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "staisix-cli",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.1",
|
|
4
4
|
"description": "Automated Policy-as-Code continuous pipeline gatekeeper for AI model deployments.",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"type": "module",
|
|
7
7
|
"bin": {
|
|
8
8
|
"staisix": "index.js"
|
|
9
9
|
},
|
|
10
|
-
"keywords": [
|
|
10
|
+
"keywords": [
|
|
11
|
+
"devsecops",
|
|
12
|
+
"ai-governance",
|
|
13
|
+
"compliance",
|
|
14
|
+
"gitops"
|
|
15
|
+
],
|
|
11
16
|
"author": "STAISIX",
|
|
12
17
|
"license": "MIT",
|
|
13
18
|
"dependencies": {
|