npm - tlc-claude-code - Versions diffs - 1.2.29 → 1.4.0 - Mend

tlc-claude-code 1.2.29 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (182) hide show

package/dashboard/dist/components/AuditPane.d.ts +30 -0
package/dashboard/dist/components/AuditPane.js +127 -0
package/dashboard/dist/components/AuditPane.test.d.ts +1 -0
package/dashboard/dist/components/AuditPane.test.js +339 -0
package/dashboard/dist/components/CompliancePane.d.ts +39 -0
package/dashboard/dist/components/CompliancePane.js +96 -0
package/dashboard/dist/components/CompliancePane.test.d.ts +1 -0
package/dashboard/dist/components/CompliancePane.test.js +183 -0
package/dashboard/dist/components/SSOPane.d.ts +36 -0
package/dashboard/dist/components/SSOPane.js +71 -0
package/dashboard/dist/components/SSOPane.test.d.ts +1 -0
package/dashboard/dist/components/SSOPane.test.js +155 -0
package/dashboard/dist/components/UsagePane.d.ts +13 -0
package/dashboard/dist/components/UsagePane.js +51 -0
package/dashboard/dist/components/UsagePane.test.d.ts +1 -0
package/dashboard/dist/components/UsagePane.test.js +142 -0
package/dashboard/dist/components/WorkspaceDocsPane.d.ts +19 -0
package/dashboard/dist/components/WorkspaceDocsPane.js +130 -0
package/dashboard/dist/components/WorkspaceDocsPane.test.d.ts +1 -0
package/dashboard/dist/components/WorkspaceDocsPane.test.js +242 -0
package/dashboard/dist/components/WorkspacePane.d.ts +18 -0
package/dashboard/dist/components/WorkspacePane.js +17 -0
package/dashboard/dist/components/WorkspacePane.test.d.ts +1 -0
package/dashboard/dist/components/WorkspacePane.test.js +84 -0
package/dashboard/dist/components/ZeroRetentionPane.d.ts +44 -0
package/dashboard/dist/components/ZeroRetentionPane.js +83 -0
package/dashboard/dist/components/ZeroRetentionPane.test.d.ts +1 -0
package/dashboard/dist/components/ZeroRetentionPane.test.js +160 -0
package/package.json +1 -1
package/server/lib/access-control-doc.js +541 -0
package/server/lib/access-control-doc.test.js +672 -0
package/server/lib/adr-generator.js +423 -0
package/server/lib/adr-generator.test.js +586 -0
package/server/lib/agent-progress-monitor.js +223 -0
package/server/lib/agent-progress-monitor.test.js +202 -0
package/server/lib/architecture-command.js +450 -0
package/server/lib/architecture-command.test.js +754 -0
package/server/lib/ast-analyzer.js +324 -0
package/server/lib/ast-analyzer.test.js +437 -0
package/server/lib/audit-attribution.js +191 -0
package/server/lib/audit-attribution.test.js +359 -0
package/server/lib/audit-classifier.js +202 -0
package/server/lib/audit-classifier.test.js +209 -0
package/server/lib/audit-command.js +275 -0
package/server/lib/audit-command.test.js +325 -0
package/server/lib/audit-exporter.js +380 -0
package/server/lib/audit-exporter.test.js +464 -0
package/server/lib/audit-logger.js +236 -0
package/server/lib/audit-logger.test.js +364 -0
package/server/lib/audit-query.js +257 -0
package/server/lib/audit-query.test.js +352 -0
package/server/lib/audit-storage.js +269 -0
package/server/lib/audit-storage.test.js +272 -0
package/server/lib/auth-system.test.js +4 -1
package/server/lib/boundary-detector.js +427 -0
package/server/lib/boundary-detector.test.js +320 -0
package/server/lib/budget-alerts.js +138 -0
package/server/lib/budget-alerts.test.js +235 -0
package/server/lib/bulk-repo-init.js +342 -0
package/server/lib/bulk-repo-init.test.js +388 -0
package/server/lib/candidates-tracker.js +210 -0
package/server/lib/candidates-tracker.test.js +300 -0
package/server/lib/checkpoint-manager.js +251 -0
package/server/lib/checkpoint-manager.test.js +474 -0
package/server/lib/circular-detector.js +337 -0
package/server/lib/circular-detector.test.js +353 -0
package/server/lib/cohesion-analyzer.js +310 -0
package/server/lib/cohesion-analyzer.test.js +447 -0
package/server/lib/compliance-checklist.js +866 -0
package/server/lib/compliance-checklist.test.js +476 -0
package/server/lib/compliance-command.js +616 -0
package/server/lib/compliance-command.test.js +551 -0
package/server/lib/compliance-reporter.js +692 -0
package/server/lib/compliance-reporter.test.js +707 -0
package/server/lib/contract-testing.js +625 -0
package/server/lib/contract-testing.test.js +342 -0
package/server/lib/conversion-planner.js +469 -0
package/server/lib/conversion-planner.test.js +361 -0
package/server/lib/convert-command.js +351 -0
package/server/lib/convert-command.test.js +608 -0
package/server/lib/coupling-calculator.js +189 -0
package/server/lib/coupling-calculator.test.js +509 -0
package/server/lib/data-flow-doc.js +665 -0
package/server/lib/data-flow-doc.test.js +659 -0
package/server/lib/dependency-graph.js +367 -0
package/server/lib/dependency-graph.test.js +516 -0
package/server/lib/duplication-detector.js +349 -0
package/server/lib/duplication-detector.test.js +401 -0
package/server/lib/ephemeral-storage.js +249 -0
package/server/lib/ephemeral-storage.test.js +254 -0
package/server/lib/evidence-collector.js +627 -0
package/server/lib/evidence-collector.test.js +901 -0
package/server/lib/example-service.js +616 -0
package/server/lib/example-service.test.js +397 -0
package/server/lib/flow-diagram-generator.js +474 -0
package/server/lib/flow-diagram-generator.test.js +446 -0
package/server/lib/idp-manager.js +626 -0
package/server/lib/idp-manager.test.js +587 -0
package/server/lib/impact-scorer.js +184 -0
package/server/lib/impact-scorer.test.js +211 -0
package/server/lib/memory-exclusion.js +326 -0
package/server/lib/memory-exclusion.test.js +241 -0
package/server/lib/mermaid-generator.js +358 -0
package/server/lib/mermaid-generator.test.js +301 -0
package/server/lib/messaging-patterns.js +750 -0
package/server/lib/messaging-patterns.test.js +213 -0
package/server/lib/mfa-handler.js +452 -0
package/server/lib/mfa-handler.test.js +490 -0
package/server/lib/microservice-template.js +386 -0
package/server/lib/microservice-template.test.js +325 -0
package/server/lib/new-project-microservice.js +450 -0
package/server/lib/new-project-microservice.test.js +600 -0
package/server/lib/oauth-flow.js +375 -0
package/server/lib/oauth-flow.test.js +487 -0
package/server/lib/oauth-registry.js +190 -0
package/server/lib/oauth-registry.test.js +306 -0
package/server/lib/readme-generator.js +490 -0
package/server/lib/readme-generator.test.js +493 -0
package/server/lib/refactor-command.js +326 -0
package/server/lib/refactor-command.test.js +528 -0
package/server/lib/refactor-executor.js +254 -0
package/server/lib/refactor-executor.test.js +305 -0
package/server/lib/refactor-observer.js +292 -0
package/server/lib/refactor-observer.test.js +422 -0
package/server/lib/refactor-progress.js +193 -0
package/server/lib/refactor-progress.test.js +251 -0
package/server/lib/refactor-reporter.js +237 -0
package/server/lib/refactor-reporter.test.js +247 -0
package/server/lib/repo-dependency-tracker.js +261 -0
package/server/lib/repo-dependency-tracker.test.js +350 -0
package/server/lib/retention-policy.js +281 -0
package/server/lib/retention-policy.test.js +486 -0
package/server/lib/role-mapper.js +236 -0
package/server/lib/role-mapper.test.js +395 -0
package/server/lib/saml-provider.js +765 -0
package/server/lib/saml-provider.test.js +643 -0
package/server/lib/security-policy-generator.js +682 -0
package/server/lib/security-policy-generator.test.js +544 -0
package/server/lib/semantic-analyzer.js +198 -0
package/server/lib/semantic-analyzer.test.js +474 -0
package/server/lib/sensitive-detector.js +112 -0
package/server/lib/sensitive-detector.test.js +209 -0
package/server/lib/service-interaction-diagram.js +700 -0
package/server/lib/service-interaction-diagram.test.js +638 -0
package/server/lib/service-scaffold.js +486 -0
package/server/lib/service-scaffold.test.js +373 -0
package/server/lib/service-summary.js +553 -0
package/server/lib/service-summary.test.js +619 -0
package/server/lib/session-purge.js +460 -0
package/server/lib/session-purge.test.js +312 -0
package/server/lib/shared-kernel.js +578 -0
package/server/lib/shared-kernel.test.js +255 -0
package/server/lib/sso-command.js +544 -0
package/server/lib/sso-command.test.js +552 -0
package/server/lib/sso-session.js +492 -0
package/server/lib/sso-session.test.js +670 -0
package/server/lib/traefik-config.js +282 -0
package/server/lib/traefik-config.test.js +312 -0
package/server/lib/usage-command.js +218 -0
package/server/lib/usage-command.test.js +391 -0
package/server/lib/usage-formatter.js +192 -0
package/server/lib/usage-formatter.test.js +267 -0
package/server/lib/usage-history.js +122 -0
package/server/lib/usage-history.test.js +206 -0
package/server/lib/workspace-command.js +249 -0
package/server/lib/workspace-command.test.js +264 -0
package/server/lib/workspace-config.js +270 -0
package/server/lib/workspace-config.test.js +312 -0
package/server/lib/workspace-docs-command.js +547 -0
package/server/lib/workspace-docs-command.test.js +692 -0
package/server/lib/workspace-memory.js +451 -0
package/server/lib/workspace-memory.test.js +403 -0
package/server/lib/workspace-scanner.js +452 -0
package/server/lib/workspace-scanner.test.js +677 -0
package/server/lib/workspace-test-runner.js +315 -0
package/server/lib/workspace-test-runner.test.js +294 -0
package/server/lib/zero-retention-command.js +439 -0
package/server/lib/zero-retention-command.test.js +448 -0
package/server/lib/zero-retention.js +322 -0
package/server/lib/zero-retention.test.js +258 -0
package/server/package-lock.json +14 -0
package/server/package.json +1 -0

package/server/lib/compliance-command.test.js ADDED Viewed

@@ -0,0 +1,551 @@
+import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest';
+describe('compliance-command', () => {
+  let ComplianceCommand;
+  let parseArgs;
+  let complianceCommand;
+  let mockChecklist;
+  let mockReporter;
+  let mockEvidenceCollector;
+  let mockPolicyGenerator;
+  beforeEach(async () => {
+    // Reset modules to ensure clean state
+    vi.resetModules();
+    // Create mock checklist
+    mockChecklist = {
+      controls: [
+        {
+          id: 'CC1.1',
+          category: 'Security',
+          name: 'Control Environment',
+          description: 'The entity demonstrates commitment to integrity.',
+          status: 'implemented',
+          evidence: ['ev-001'],
+          gapSeverity: 'high',
+          estimatedEffort: '2 weeks',
+        },
+        {
+          id: 'CC6.1',
+          category: 'Security',
+          name: 'Access Control',
+          description: 'Logical access security software.',
+          status: 'not_implemented',
+          evidence: [],
+          gapSeverity: 'high',
+          estimatedEffort: '4 weeks',
+        },
+        {
+          id: 'CC6.2',
+          category: 'Security',
+          name: 'User Registration',
+          description: 'Register and authorize new users.',
+          status: 'partial',
+          evidence: ['ev-002'],
+          gapSeverity: 'high',
+          estimatedEffort: '2 weeks',
+        },
+        {
+          id: 'A1.1',
+          category: 'Availability',
+          name: 'Capacity Planning',
+          description: 'Maintain and monitor capacity requirements.',
+          status: 'not_implemented',
+          evidence: [],
+          gapSeverity: 'high',
+          estimatedEffort: '3 weeks',
+        },
+        {
+          id: 'C1.1',
+          category: 'Confidentiality',
+          name: 'Information Classification',
+          description: 'Identify and maintain classifications.',
+          status: 'implemented',
+          evidence: ['ev-003'],
+          gapSeverity: 'high',
+          estimatedEffort: '2 weeks',
+        },
+      ],
+    };
+    // Create mock reporter
+    mockReporter = {
+      generateReadinessReport: vi.fn().mockReturnValue({
+        title: 'SOC 2 Type II Readiness Report',
+        generatedAt: '2026-02-02T10:00:00.000Z',
+        period: { start: '2026-01-01', end: '2026-02-01' },
+        summary: {
+          overallScore: 85,
+          riskLevel: 'medium',
+          riskScore: 25,
+          totalControls: 5,
+          implemented: 2,
+          partial: 1,
+          gaps: 2,
+        },
+        categories: {
+          Security: { score: 50, implemented: 1, partial: 1, gaps: 1, total: 3 },
+          Availability: { score: 0, implemented: 0, partial: 0, gaps: 1, total: 1 },
+          Confidentiality: { score: 100, implemented: 1, partial: 0, gaps: 0, total: 1 },
+        },
+        findings: [],
+        recommendations: [],
+      }),
+      formatReportMarkdown: vi.fn().mockReturnValue('# SOC 2 Report\n\nContent here'),
+      formatReportHTML: vi.fn().mockReturnValue('<html><body>Report</body></html>'),
+    };
+    // Create mock evidence collector
+    mockEvidenceCollector = {
+      collectAll: vi.fn().mockResolvedValue({
+        items: [
+          { id: 'ev-001', type: 'policy', title: 'Access Control Policy' },
+          { id: 'ev-002', type: 'audit_log', title: 'User Access Logs' },
+          { id: 'ev-003', type: 'config', title: 'Security Config' },
+        ],
+        summary: {
+          totalItems: 3,
+          byType: { policy: 1, audit_log: 1, config: 1 },
+        },
+      }),
+      getAll: vi.fn().mockReturnValue([
+        { id: 'ev-001', type: 'policy', title: 'Access Control Policy' },
+        { id: 'ev-002', type: 'audit_log', title: 'User Access Logs' },
+      ]),
+    };
+    // Create mock policy generator
+    mockPolicyGenerator = {
+      generateAccessControlPolicy: vi.fn().mockReturnValue({
+        title: 'Access Control Policy',
+        sections: [{ heading: 'Purpose', content: 'Test content' }],
+      }),
+      generateDataProtectionPolicy: vi.fn().mockReturnValue({
+        title: 'Data Protection Policy',
+        sections: [{ heading: 'Purpose', content: 'Test content' }],
+      }),
+      generateIncidentResponsePolicy: vi.fn().mockReturnValue({
+        title: 'Incident Response Policy',
+        sections: [{ heading: 'Purpose', content: 'Test content' }],
+      }),
+      generateAuthPolicy: vi.fn().mockReturnValue({
+        title: 'Authentication Policy',
+        sections: [{ heading: 'Purpose', content: 'Test content' }],
+      }),
+      generateAcceptableUsePolicy: vi.fn().mockReturnValue({
+        title: 'Acceptable Use Policy',
+        sections: [{ heading: 'Purpose', content: 'Test content' }],
+      }),
+    };
+    // Mock the checklist module
+    vi.doMock('./compliance-checklist.js', () => ({
+      createComplianceChecklist: vi.fn().mockReturnValue(mockChecklist),
+      getSOC2Checklist: vi.fn().mockReturnValue(mockChecklist.controls),
+      getCompliancePercentage: vi.fn().mockReturnValue({
+        percentage: 50,
+        implemented: 2,
+        partial: 1,
+        notImplemented: 2,
+        notApplicable: 0,
+        total: 5,
+        byCategory: {
+          Security: { percentage: 50, implemented: 1, total: 3 },
+          Availability: { percentage: 0, implemented: 0, total: 1 },
+          Confidentiality: { percentage: 100, implemented: 1, total: 1 },
+        },
+      }),
+      getComplianceGaps: vi.fn().mockReturnValue([
+        {
+          id: 'CC6.1',
+          category: 'Security',
+          name: 'Access Control',
+          status: 'not_implemented',
+          gapSeverity: 'high',
+          estimatedEffort: '4 weeks',
+        },
+        {
+          id: 'CC6.2',
+          category: 'Security',
+          name: 'User Registration',
+          status: 'partial',
+          gapSeverity: 'high',
+          estimatedEffort: '2 weeks',
+        },
+        {
+          id: 'A1.1',
+          category: 'Availability',
+          name: 'Capacity Planning',
+          status: 'not_implemented',
+          gapSeverity: 'high',
+          estimatedEffort: '3 weeks',
+        },
+      ]),
+      getControlsByCategory: vi.fn().mockReturnValue({
+        Security: mockChecklist.controls.filter((c) => c.category === 'Security'),
+        Availability: mockChecklist.controls.filter((c) => c.category === 'Availability'),
+        Confidentiality: mockChecklist.controls.filter((c) => c.category === 'Confidentiality'),
+      }),
+      TSC_CATEGORIES: {
+        SECURITY: 'Security',
+        AVAILABILITY: 'Availability',
+        PROCESSING_INTEGRITY: 'Processing Integrity',
+        CONFIDENTIALITY: 'Confidentiality',
+        PRIVACY: 'Privacy',
+      },
+    }));
+    // Mock the reporter module
+    vi.doMock('./compliance-reporter.js', () => ({
+      createReporter: vi.fn().mockReturnValue(mockReporter),
+      generateReadinessReport: vi.fn().mockImplementation(() => mockReporter.generateReadinessReport()),
+      formatReportMarkdown: vi.fn().mockImplementation(() => mockReporter.formatReportMarkdown()),
+      formatReportHTML: vi.fn().mockImplementation(() => mockReporter.formatReportHTML()),
+      calculateCategoryScores: vi.fn().mockReturnValue({
+        Security: { score: 50, implemented: 1, partial: 1, gaps: 1, total: 3 },
+        Availability: { score: 0, implemented: 0, partial: 0, gaps: 1, total: 1 },
+        Confidentiality: { score: 100, implemented: 1, partial: 0, gaps: 0, total: 1 },
+      }),
+    }));
+    // Mock the evidence collector module
+    vi.doMock('./evidence-collector.js', () => ({
+      createEvidenceCollector: vi.fn().mockReturnValue(mockEvidenceCollector),
+      collectPolicyDocuments: vi.fn().mockResolvedValue({
+        type: 'policy',
+        content: { policies: [] },
+      }),
+      collectConfigSnapshot: vi.fn().mockResolvedValue({
+        type: 'config',
+        content: {},
+      }),
+      collectAuditLogs: vi.fn().mockResolvedValue({
+        type: 'audit_log',
+        content: { entries: [] },
+      }),
+    }));
+    // Mock the policy generator module
+    vi.doMock('./security-policy-generator.js', () => ({
+      generateAccessControlPolicy: mockPolicyGenerator.generateAccessControlPolicy,
+      generateDataProtectionPolicy: mockPolicyGenerator.generateDataProtectionPolicy,
+      generateIncidentResponsePolicy: mockPolicyGenerator.generateIncidentResponsePolicy,
+      generateAuthPolicy: mockPolicyGenerator.generateAuthPolicy,
+      generateAcceptableUsePolicy: mockPolicyGenerator.generateAcceptableUsePolicy,
+      exportAsMarkdown: vi.fn().mockReturnValue('# Policy\n\nContent'),
+    }));
+    // Import module after mocks are set up
+    const module = await import('./compliance-command.js');
+    ComplianceCommand = module.ComplianceCommand;
+    parseArgs = module.parseArgs;
+    // Create instance with mocks
+    complianceCommand = new ComplianceCommand({
+      checklist: mockChecklist,
+      reporter: mockReporter,
+      evidenceCollector: mockEvidenceCollector,
+      policyGenerator: mockPolicyGenerator,
+    });
+  });
+  afterEach(() => {
+    vi.resetAllMocks();
+  });
+  describe('parseArgs', () => {
+    it('parses empty args', () => {
+      const result = parseArgs([]);
+      expect(result).toEqual({
+        subcommand: null,
+        category: null,
+        format: 'text',
+        output: null,
+        unknownSubcommand: null,
+      });
+    });
+    it('parses status subcommand', () => {
+      const result = parseArgs(['status']);
+      expect(result.subcommand).toBe('status');
+    });
+    it('parses checklist subcommand', () => {
+      const result = parseArgs(['checklist']);
+      expect(result.subcommand).toBe('checklist');
+    });
+    it('parses evidence subcommand', () => {
+      const result = parseArgs(['evidence']);
+      expect(result.subcommand).toBe('evidence');
+    });
+    it('parses report subcommand', () => {
+      const result = parseArgs(['report']);
+      expect(result.subcommand).toBe('report');
+    });
+    it('parses policies subcommand', () => {
+      const result = parseArgs(['policies']);
+      expect(result.subcommand).toBe('policies');
+    });
+    it('parses gaps subcommand', () => {
+      const result = parseArgs(['gaps']);
+      expect(result.subcommand).toBe('gaps');
+    });
+    it('parses --category flag', () => {
+      const result = parseArgs(['checklist', '--category', 'Security']);
+      expect(result.category).toBe('Security');
+    });
+    it('parses --category= syntax', () => {
+      const result = parseArgs(['checklist', '--category=Availability']);
+      expect(result.category).toBe('Availability');
+    });
+    it('parses --format flag', () => {
+      const result = parseArgs(['report', '--format', 'markdown']);
+      expect(result.format).toBe('markdown');
+    });
+    it('parses --format= syntax', () => {
+      const result = parseArgs(['report', '--format=html']);
+      expect(result.format).toBe('html');
+    });
+    it('parses --output flag', () => {
+      const result = parseArgs(['report', '--output', '/path/to/report.md']);
+      expect(result.output).toBe('/path/to/report.md');
+    });
+    it('handles all subcommands', () => {
+      const subcommands = ['status', 'checklist', 'evidence', 'report', 'policies', 'gaps'];
+      for (const cmd of subcommands) {
+        const result = parseArgs([cmd]);
+        expect(result.subcommand).toBe(cmd);
+      }
+    });
+  });
+  describe('execute status', () => {
+    it('shows compliance percentage', async () => {
+      const result = await complianceCommand.execute(['status']);
+      expect(result.success).toBe(true);
+      expect(result.output).toContain('50%');
+    });
+    it('shows category breakdown', async () => {
+      const result = await complianceCommand.execute(['status']);
+      expect(result.success).toBe(true);
+      expect(result.output).toContain('Security');
+      expect(result.output).toContain('Availability');
+      expect(result.output).toContain('Confidentiality');
+    });
+    it('shows risk level', async () => {
+      const result = await complianceCommand.execute(['status']);
+      expect(result.success).toBe(true);
+      // Should contain some indicator of risk
+      expect(result.output.toLowerCase()).toMatch(/risk|gap/i);
+    });
+    it('shows gaps count', async () => {
+      const result = await complianceCommand.execute(['status']);
+      expect(result.success).toBe(true);
+      expect(result.output).toMatch(/\d+\s*(gap|control)/i);
+    });
+  });
+  describe('execute checklist', () => {
+    it('shows all controls', async () => {
+      const result = await complianceCommand.execute(['checklist']);
+      expect(result.success).toBe(true);
+      expect(result.output).toContain('CC1.1');
+      expect(result.output).toContain('CC6.1');
+    });
+    it('filters by category', async () => {
+      const result = await complianceCommand.execute(['checklist', '--category', 'Availability']);
+      expect(result.success).toBe(true);
+      expect(result.output).toContain('A1.1');
+    });
+    it('shows control status', async () => {
+      const result = await complianceCommand.execute(['checklist']);
+      expect(result.success).toBe(true);
+      // Should show status indicators
+      expect(result.output).toMatch(/implement|partial|not/i);
+    });
+  });
+  describe('execute evidence', () => {
+    it('collects all evidence', async () => {
+      const result = await complianceCommand.execute(['evidence']);
+      expect(result.success).toBe(true);
+    });
+    it('shows collection summary', async () => {
+      const result = await complianceCommand.execute(['evidence']);
+      expect(result.success).toBe(true);
+      expect(result.output).toMatch(/evidence|collected|item/i);
+    });
+    it('lists evidence items', async () => {
+      const result = await complianceCommand.execute(['evidence']);
+      expect(result.success).toBe(true);
+      // Should show evidence types or IDs
+      expect(result.output).toMatch(/policy|audit|config|ev-/i);
+    });
+  });
+  describe('execute report', () => {
+    it('generates full report', async () => {
+      const result = await complianceCommand.execute(['report']);
+      expect(result.success).toBe(true);
+      expect(result.output).toBeTruthy();
+    });
+    it('supports format flag for markdown', async () => {
+      const result = await complianceCommand.execute(['report', '--format', 'markdown']);
+      expect(result.success).toBe(true);
+    });
+    it('supports format flag for html', async () => {
+      const result = await complianceCommand.execute(['report', '--format', 'html']);
+      expect(result.success).toBe(true);
+    });
+    it('supports text format by default', async () => {
+      const result = await complianceCommand.execute(['report']);
+      expect(result.success).toBe(true);
+    });
+  });
+  describe('execute policies', () => {
+    it('generates all policies', async () => {
+      const result = await complianceCommand.execute(['policies']);
+      expect(result.success).toBe(true);
+      expect(result.output).toContain('Access Control');
+    });
+    it('lists available policy types', async () => {
+      const result = await complianceCommand.execute(['policies']);
+      expect(result.success).toBe(true);
+      // Should mention different policy types
+      expect(result.output).toMatch(/access|data|incident|auth|acceptable/i);
+    });
+  });
+  describe('execute gaps', () => {
+    it('shows unimplemented controls', async () => {
+      const result = await complianceCommand.execute(['gaps']);
+      expect(result.success).toBe(true);
+      expect(result.output).toContain('CC6.1');
+    });
+    it('shows partial controls', async () => {
+      const result = await complianceCommand.execute(['gaps']);
+      expect(result.success).toBe(true);
+      expect(result.output).toContain('CC6.2');
+    });
+    it('groups by priority', async () => {
+      const result = await complianceCommand.execute(['gaps']);
+      expect(result.success).toBe(true);
+      expect(result.output.toLowerCase()).toMatch(/high|priority/i);
+    });
+    it('shows gap severity', async () => {
+      const result = await complianceCommand.execute(['gaps']);
+      expect(result.success).toBe(true);
+      expect(result.output).toMatch(/not_implemented|partial|high/i);
+    });
+  });
+  describe('formatStatus', () => {
+    it('returns readable output', () => {
+      const status = {
+        percentage: 85,
+        implemented: 34,
+        partial: 4,
+        notImplemented: 2,
+        total: 40,
+        byCategory: {
+          Security: { percentage: 90, implemented: 20, total: 22 },
+          Availability: { percentage: 80, implemented: 3, total: 4 },
+        },
+      };
+      const output = complianceCommand.formatStatus(status);
+      expect(output).toContain('85%');
+      expect(output).toContain('Security');
+      expect(output).toContain('Availability');
+    });
+    it('includes progress bar', () => {
+      const status = {
+        percentage: 50,
+        implemented: 5,
+        partial: 0,
+        notImplemented: 5,
+        total: 10,
+        byCategory: {},
+      };
+      const output = complianceCommand.formatStatus(status);
+      // Should have some visual progress indicator
+      expect(output.length).toBeGreaterThan(0);
+    });
+  });
+  describe('error handling', () => {
+    it('handles unknown subcommand', async () => {
+      const result = await complianceCommand.execute(['unknown']);
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('unknown');
+    });
+    it('handles missing subcommand gracefully', async () => {
+      const result = await complianceCommand.execute([]);
+      // Should either show help or status by default
+      expect(result.success).toBe(true);
+    });
+    it('handles errors gracefully', async () => {
+      // Override to throw an error
+      complianceCommand.handleStatus = vi.fn().mockRejectedValue(new Error('Test error'));
+      const result = await complianceCommand.execute(['status']);
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('Test error');
+    });
+  });
+});