npm - tlc-claude-code - Versions diffs - 1.4.8 → 1.4.9 - Mend

tlc-claude-code 1.4.8 → 1.4.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

package/package.json +1 -1
package/server/index.js +229 -14
package/server/lib/compliance/control-mapper.js +401 -0
package/server/lib/compliance/control-mapper.test.js +117 -0
package/server/lib/compliance/evidence-linker.js +296 -0
package/server/lib/compliance/evidence-linker.test.js +121 -0
package/server/lib/compliance/gdpr-checklist.js +416 -0
package/server/lib/compliance/gdpr-checklist.test.js +131 -0
package/server/lib/compliance/hipaa-checklist.js +277 -0
package/server/lib/compliance/hipaa-checklist.test.js +101 -0
package/server/lib/compliance/iso27001-checklist.js +287 -0
package/server/lib/compliance/iso27001-checklist.test.js +99 -0
package/server/lib/compliance/multi-framework-reporter.js +284 -0
package/server/lib/compliance/multi-framework-reporter.test.js +127 -0
package/server/lib/compliance/pci-dss-checklist.js +214 -0
package/server/lib/compliance/pci-dss-checklist.test.js +95 -0
package/server/lib/compliance/trust-centre.js +187 -0
package/server/lib/compliance/trust-centre.test.js +93 -0
package/server/lib/dashboard/api-server.js +155 -0
package/server/lib/dashboard/api-server.test.js +155 -0
package/server/lib/dashboard/health-api.js +199 -0
package/server/lib/dashboard/health-api.test.js +122 -0
package/server/lib/dashboard/notes-api.js +234 -0
package/server/lib/dashboard/notes-api.test.js +134 -0
package/server/lib/dashboard/router-api.js +176 -0
package/server/lib/dashboard/router-api.test.js +132 -0
package/server/lib/dashboard/tasks-api.js +289 -0
package/server/lib/dashboard/tasks-api.test.js +161 -0
package/server/lib/dashboard/tlc-introspection.js +197 -0
package/server/lib/dashboard/tlc-introspection.test.js +138 -0
package/server/lib/dashboard/version-api.js +222 -0
package/server/lib/dashboard/version-api.test.js +112 -0
package/server/lib/dashboard/websocket-server.js +104 -0
package/server/lib/dashboard/websocket-server.test.js +118 -0
package/server/lib/deploy/branch-classifier.js +163 -0
package/server/lib/deploy/branch-classifier.test.js +164 -0
package/server/lib/deploy/deployment-approval.js +299 -0
package/server/lib/deploy/deployment-approval.test.js +296 -0
package/server/lib/deploy/deployment-audit.js +374 -0
package/server/lib/deploy/deployment-audit.test.js +307 -0
package/server/lib/deploy/deployment-executor.js +335 -0
package/server/lib/deploy/deployment-executor.test.js +329 -0
package/server/lib/deploy/deployment-rules.js +163 -0
package/server/lib/deploy/deployment-rules.test.js +188 -0
package/server/lib/deploy/rollback-manager.js +379 -0
package/server/lib/deploy/rollback-manager.test.js +321 -0
package/server/lib/deploy/security-gates.js +236 -0
package/server/lib/deploy/security-gates.test.js +222 -0
package/server/lib/k8s/gitops-config.js +188 -0
package/server/lib/k8s/gitops-config.test.js +59 -0
package/server/lib/k8s/helm-generator.js +196 -0
package/server/lib/k8s/helm-generator.test.js +59 -0
package/server/lib/k8s/kustomize-generator.js +176 -0
package/server/lib/k8s/kustomize-generator.test.js +58 -0
package/server/lib/k8s/network-policy.js +114 -0
package/server/lib/k8s/network-policy.test.js +53 -0
package/server/lib/k8s/pod-security.js +114 -0
package/server/lib/k8s/pod-security.test.js +55 -0
package/server/lib/k8s/rbac-generator.js +132 -0
package/server/lib/k8s/rbac-generator.test.js +57 -0
package/server/lib/k8s/resource-manager.js +172 -0
package/server/lib/k8s/resource-manager.test.js +60 -0
package/server/lib/k8s/secrets-encryption.js +168 -0
package/server/lib/k8s/secrets-encryption.test.js +49 -0
package/server/lib/monitoring/alert-manager.js +238 -0
package/server/lib/monitoring/alert-manager.test.js +106 -0
package/server/lib/monitoring/health-check.js +226 -0
package/server/lib/monitoring/health-check.test.js +176 -0
package/server/lib/monitoring/incident-manager.js +230 -0
package/server/lib/monitoring/incident-manager.test.js +98 -0
package/server/lib/monitoring/log-aggregator.js +147 -0
package/server/lib/monitoring/log-aggregator.test.js +89 -0
package/server/lib/monitoring/metrics-collector.js +337 -0
package/server/lib/monitoring/metrics-collector.test.js +172 -0
package/server/lib/monitoring/status-page.js +214 -0
package/server/lib/monitoring/status-page.test.js +105 -0
package/server/lib/monitoring/uptime-monitor.js +194 -0
package/server/lib/monitoring/uptime-monitor.test.js +109 -0
package/server/lib/network/fail2ban-config.js +294 -0
package/server/lib/network/fail2ban-config.test.js +275 -0
package/server/lib/network/firewall-manager.js +252 -0
package/server/lib/network/firewall-manager.test.js +254 -0
package/server/lib/network/geoip-filter.js +282 -0
package/server/lib/network/geoip-filter.test.js +264 -0
package/server/lib/network/rate-limiter.js +229 -0
package/server/lib/network/rate-limiter.test.js +293 -0
package/server/lib/network/request-validator.js +351 -0
package/server/lib/network/request-validator.test.js +345 -0
package/server/lib/network/security-headers.js +251 -0
package/server/lib/network/security-headers.test.js +283 -0
package/server/lib/network/tls-config.js +210 -0
package/server/lib/network/tls-config.test.js +248 -0
package/server/lib/security/auth-security.js +369 -0
package/server/lib/security/auth-security.test.js +448 -0
package/server/lib/security/cis-benchmark.js +152 -0
package/server/lib/security/cis-benchmark.test.js +137 -0
package/server/lib/security/compose-templates.js +312 -0
package/server/lib/security/compose-templates.test.js +229 -0
package/server/lib/security/container-runtime.js +456 -0
package/server/lib/security/container-runtime.test.js +503 -0
package/server/lib/security/cors-validator.js +278 -0
package/server/lib/security/cors-validator.test.js +310 -0
package/server/lib/security/crypto-utils.js +253 -0
package/server/lib/security/crypto-utils.test.js +409 -0
package/server/lib/security/dockerfile-linter.js +459 -0
package/server/lib/security/dockerfile-linter.test.js +483 -0
package/server/lib/security/dockerfile-templates.js +278 -0
package/server/lib/security/dockerfile-templates.test.js +164 -0
package/server/lib/security/error-sanitizer.js +426 -0
package/server/lib/security/error-sanitizer.test.js +331 -0
package/server/lib/security/headers-generator.js +368 -0
package/server/lib/security/headers-generator.test.js +398 -0
package/server/lib/security/image-scanner.js +83 -0
package/server/lib/security/image-scanner.test.js +106 -0
package/server/lib/security/input-validator.js +352 -0
package/server/lib/security/input-validator.test.js +330 -0
package/server/lib/security/network-policy.js +174 -0
package/server/lib/security/network-policy.test.js +164 -0
package/server/lib/security/output-encoder.js +237 -0
package/server/lib/security/output-encoder.test.js +276 -0
package/server/lib/security/path-validator.js +359 -0
package/server/lib/security/path-validator.test.js +293 -0
package/server/lib/security/query-builder.js +421 -0
package/server/lib/security/query-builder.test.js +318 -0
package/server/lib/security/secret-detector.js +290 -0
package/server/lib/security/secret-detector.test.js +354 -0
package/server/lib/security/secrets-validator.js +137 -0
package/server/lib/security/secrets-validator.test.js +120 -0
package/server/lib/security-testing/dast-runner.js +154 -0
package/server/lib/security-testing/dast-runner.test.js +62 -0
package/server/lib/security-testing/dependency-scanner.js +172 -0
package/server/lib/security-testing/dependency-scanner.test.js +64 -0
package/server/lib/security-testing/pentest-runner.js +230 -0
package/server/lib/security-testing/pentest-runner.test.js +60 -0
package/server/lib/security-testing/sast-runner.js +136 -0
package/server/lib/security-testing/sast-runner.test.js +62 -0
package/server/lib/security-testing/secret-scanner.js +153 -0
package/server/lib/security-testing/secret-scanner.test.js +66 -0
package/server/lib/security-testing/security-gate.js +216 -0
package/server/lib/security-testing/security-gate.test.js +115 -0
package/server/lib/security-testing/security-reporter.js +303 -0
package/server/lib/security-testing/security-reporter.test.js +114 -0
package/server/lib/standards/audit-checker.js +546 -0
package/server/lib/standards/audit-checker.test.js +415 -0
package/server/lib/standards/cleanup-executor.js +452 -0
package/server/lib/standards/cleanup-executor.test.js +293 -0
package/server/lib/standards/refactor-stepper.js +425 -0
package/server/lib/standards/refactor-stepper.test.js +298 -0
package/server/lib/standards/standards-injector.js +167 -0
package/server/lib/standards/standards-injector.test.js +232 -0
package/server/lib/user-management.test.js +284 -0
package/server/lib/vps/backup-manager.js +157 -0
package/server/lib/vps/backup-manager.test.js +59 -0
package/server/lib/vps/caddy-config.js +159 -0
package/server/lib/vps/caddy-config.test.js +48 -0
package/server/lib/vps/compose-orchestrator.js +219 -0
package/server/lib/vps/compose-orchestrator.test.js +50 -0
package/server/lib/vps/database-config.js +208 -0
package/server/lib/vps/database-config.test.js +47 -0
package/server/lib/vps/deploy-script.js +211 -0
package/server/lib/vps/deploy-script.test.js +53 -0
package/server/lib/vps/secrets-manager.js +148 -0
package/server/lib/vps/secrets-manager.test.js +58 -0
package/server/lib/vps/server-hardening.js +174 -0
package/server/lib/vps/server-hardening.test.js +70 -0
package/server/package-lock.json +19 -0
package/server/package.json +1 -0
package/server/templates/CLAUDE.md +37 -0
package/server/templates/CODING-STANDARDS.md +408 -0

package/server/lib/compliance/iso27001-checklist.test.js ADDED Viewed

@@ -0,0 +1,99 @@
+/**
+ * ISO 27001 Checklist Tests
+ */
+import { describe, it, expect, vi } from 'vitest';
+import { createIso27001Checklist, getControls, checkControl, generateSoa, mapAnnexAControls } from './iso27001-checklist.js';
+describe('iso27001-checklist', () => {
+  describe('createIso27001Checklist', () => {
+    it('creates ISO 27001 checklist', () => {
+      const checklist = createIso27001Checklist();
+      expect(checklist.evaluate).toBeDefined();
+      expect(checklist.getControls).toBeDefined();
+    });
+    it('supports ISO 27001:2022', () => {
+      const checklist = createIso27001Checklist({ version: '2022' });
+      const controls = checklist.getControls();
+      // 2022 version has 93 controls in 4 themes
+      expect(controls.some(c => c.theme === 'organizational')).toBe(true);
+    });
+  });
+  describe('getControls', () => {
+    it('returns all Annex A controls', () => {
+      const controls = getControls();
+      expect(controls.length).toBeGreaterThan(0);
+    });
+    it('groups by control theme', () => {
+      const controls = getControls({ groupBy: 'theme' });
+      expect(controls.organizational).toBeDefined();
+      expect(controls.people).toBeDefined();
+      expect(controls.physical).toBeDefined();
+      expect(controls.technological).toBeDefined();
+    });
+    it('includes control attributes', () => {
+      const controls = getControls();
+      const control = controls[0];
+      expect(control.id).toBeDefined();
+      expect(control.name).toBeDefined();
+      expect(control.purpose).toBeDefined();
+    });
+  });
+  describe('checkControl', () => {
+    it('checks control implementation', () => {
+      const evidence = { policies: { informationSecurity: true } };
+      const result = checkControl('A.5.1', evidence);
+      expect(result.controlId).toBe('A.5.1');
+      expect(result.implemented).toBeDefined();
+    });
+    it('evaluates control effectiveness', () => {
+      const evidence = {
+        accessControl: { implemented: true, tested: true, documented: true }
+      };
+      const result = checkControl('A.5.15', evidence);
+      expect(result.effectiveness).toBeDefined();
+    });
+    it('identifies missing evidence', () => {
+      const result = checkControl('A.5.1', {});
+      expect(result.missingEvidence.length).toBeGreaterThan(0);
+    });
+  });
+  describe('generateSoa', () => {
+    it('generates Statement of Applicability', () => {
+      const assessments = [
+        { controlId: 'A.5.1', applicable: true, implemented: true },
+        { controlId: 'A.5.2', applicable: false, justification: 'No cloud services' }
+      ];
+      const soa = generateSoa(assessments);
+      expect(soa).toContain('Statement of Applicability');
+      expect(soa).toContain('A.5.1');
+    });
+    it('includes justification for excluded controls', () => {
+      const assessments = [
+        { controlId: 'A.7.1', applicable: false, justification: 'Remote-only company' }
+      ];
+      const soa = generateSoa(assessments);
+      expect(soa).toContain('Remote-only company');
+    });
+  });
+  describe('mapAnnexAControls', () => {
+    it('maps to technical implementations', () => {
+      const mappings = mapAnnexAControls('A.8.24');
+      expect(mappings.some(m => m.type === 'encryption')).toBe(true);
+    });
+    it('maps to code patterns', () => {
+      const mappings = mapAnnexAControls('A.8.3');
+      expect(mappings.some(m => m.type === 'access-control')).toBe(true);
+    });
+  });
+});

package/server/lib/compliance/multi-framework-reporter.js ADDED Viewed

@@ -0,0 +1,284 @@
+/**
+ * Multi-Framework Reporter - Multi-framework compliance reporting
+ */
+// Framework display names
+const FRAMEWORK_NAMES = {
+  'pci-dss': 'PCI DSS',
+  'iso27001': 'ISO 27001',
+  'hipaa': 'HIPAA',
+  'gdpr': 'GDPR',
+  'soc2': 'SOC 2'
+};
+// Unique requirements per framework
+const UNIQUE_REQUIREMENTS = {
+  'pci-dss': [
+    'Payment card data handling',
+    'PAN masking requirements',
+    'Quarterly vulnerability scans',
+    'Annual penetration testing'
+  ],
+  'hipaa': [
+    'Protected Health Information (PHI) handling',
+    'Business Associate Agreements',
+    'Patient access rights',
+    'Breach notification within 60 days'
+  ],
+  'iso27001': [
+    'Information Security Management System (ISMS)',
+    'Statement of Applicability',
+    'Risk treatment plan',
+    'Management review'
+  ]
+};
+/**
+ * Create a multi-framework reporter instance
+ */
+export function createMultiFrameworkReporter() {
+  const frameworks = [];
+  return {
+    generate: (status, options) => generateConsolidatedReport(status, options),
+    compare: (status, options) => compareFrameworks(status, options),
+    addFramework: (framework) => {
+      if (!frameworks.includes(framework)) {
+        frameworks.push(framework);
+      }
+    },
+    getFrameworks: () => [...frameworks]
+  };
+}
+/**
+ * Generate a consolidated compliance report across frameworks
+ */
+export function generateConsolidatedReport(status, options = {}) {
+  let report = `# Compliance Dashboard\n\n`;
+  // Executive summary if requested
+  if (options.includeSummary) {
+    report += `## Executive Summary\n\n`;
+    const frameworks = Object.keys(status);
+    const scores = frameworks.map(f => status[f]?.score || 0);
+    const avgScore = scores.length > 0 ? Math.round(scores.reduce((a, b) => a + b, 0) / scores.length) : 0;
+    report += `- **Frameworks assessed:** ${frameworks.length}\n`;
+    report += `- **Average compliance score:** ${avgScore}%\n`;
+    report += `- **Assessment date:** ${new Date().toISOString().split('T')[0]}\n\n`;
+  }
+  // Framework scores table
+  report += `## Framework Compliance Status\n\n`;
+  report += `| Framework | Score | Gaps | Status |\n`;
+  report += `|-----------|-------|------|--------|\n`;
+  for (const [framework, data] of Object.entries(status)) {
+    if (data && typeof data === 'object') {
+      const name = FRAMEWORK_NAMES[framework] || framework;
+      const score = data.score || 0;
+      const gaps = Array.isArray(data.gaps) ? data.gaps.length : (data.gaps || 0);
+      const statusIcon = score >= 80 ? 'Compliant' : score >= 60 ? 'Partial' : 'Non-compliant';
+      report += `| ${name} | ${score}% | ${gaps} | ${statusIcon} |\n`;
+    }
+  }
+  report += '\n';
+  // Common gaps if requested
+  if (options.highlightCommon) {
+    report += `## Common Gaps\n\n`;
+    const gapAreas = {};
+    for (const [framework, data] of Object.entries(status)) {
+      if (data?.gaps && Array.isArray(data.gaps)) {
+        for (const gap of data.gaps) {
+          const area = gap.area || gap.control || 'unknown';
+          if (!gapAreas[area]) {
+            gapAreas[area] = [];
+          }
+          gapAreas[area].push(framework);
+        }
+      }
+    }
+    const commonGaps = Object.entries(gapAreas).filter(([, frameworks]) => frameworks.length > 1);
+    if (commonGaps.length > 0) {
+      report += `The following gaps appear across multiple frameworks:\n\n`;
+      for (const [area, frameworks] of commonGaps) {
+        report += `- **${area}**: Affects ${frameworks.map(f => FRAMEWORK_NAMES[f] || f).join(', ')}\n`;
+      }
+    } else {
+      report += `No common gaps identified across frameworks.\n`;
+    }
+    report += '\n';
+  }
+  return report;
+}
+/**
+ * Generate a report for a single framework
+ */
+export function generateFrameworkReport(status, options = {}) {
+  const framework = status.framework;
+  const name = FRAMEWORK_NAMES[framework] || framework;
+  const score = status.score || 0;
+  let report = `# ${name} Compliance Report\n\n`;
+  report += `**Compliance Score:** ${score}%\n\n`;
+  // Group controls if requested
+  if (options.groupBy === 'category' && status.controls) {
+    const groups = {};
+    for (const control of status.controls) {
+      const category = control.category || 'uncategorized';
+      if (!groups[category]) {
+        groups[category] = [];
+      }
+      groups[category].push(control);
+    }
+    for (const [category, controls] of Object.entries(groups)) {
+      const categoryName = category.charAt(0).toUpperCase() + category.slice(1);
+      report += `## ${categoryName}\n\n`;
+      report += `| Control | Status |\n`;
+      report += `|---------|--------|\n`;
+      for (const control of controls) {
+        report += `| ${control.id} | ${control.status || '-'} |\n`;
+      }
+      report += '\n';
+    }
+  } else if (status.controls) {
+    report += `## Controls\n\n`;
+    report += `| Control | Status |\n`;
+    report += `|---------|--------|\n`;
+    for (const control of status.controls) {
+      report += `| ${control.id} | ${control.status || '-'} |\n`;
+    }
+    report += '\n';
+  }
+  return report;
+}
+/**
+ * Compare compliance across frameworks
+ */
+export function compareFrameworks(status, options = {}) {
+  const result = {
+    highest: null,
+    lowest: null,
+    uniqueRequirements: {}
+  };
+  // Find highest and lowest scores
+  let highestScore = -1;
+  let lowestScore = 101;
+  for (const [framework, data] of Object.entries(status)) {
+    const score = data?.score || 0;
+    if (score > highestScore) {
+      highestScore = score;
+      result.highest = framework;
+    }
+    if (score < lowestScore) {
+      lowestScore = score;
+      result.lowest = framework;
+    }
+  }
+  // Get unique requirements for specified frameworks
+  const frameworks = options.frameworks || Object.keys(status);
+  for (const framework of frameworks) {
+    result.uniqueRequirements[framework] = UNIQUE_REQUIREMENTS[framework] || [];
+  }
+  return result;
+}
+/**
+ * Export report in various formats
+ * Returns a Promise for PDF (async), synchronous result for other formats
+ */
+export function exportReport(report, options = {}) {
+  const format = options.format || 'json';
+  switch (format) {
+    case 'pdf':
+      if (options.pdfGenerator) {
+        // PDF generation is async
+        return options.pdfGenerator(report).then(pdfContent => ({
+          format: 'pdf',
+          content: pdfContent
+        }));
+      }
+      throw new Error('PDF generator function required');
+    case 'html':
+      return {
+        format: 'html',
+        content: generateHtml(report)
+      };
+    case 'json':
+      return {
+        format: 'json',
+        content: JSON.stringify(report)
+      };
+    case 'markdown':
+      return {
+        format: 'markdown',
+        content: generateMarkdown(report)
+      };
+    default:
+      throw new Error(`Unsupported export format: ${format}`);
+  }
+}
+/**
+ * Generate HTML from report
+ */
+function generateHtml(report) {
+  const title = report.title || 'Compliance Report';
+  const content = report.content || JSON.stringify(report);
+  return `<!DOCTYPE html>
+<html>
+<head>
+  <title>${title}</title>
+  <style>
+    body { font-family: Arial, sans-serif; margin: 40px; }
+    h1 { color: #333; }
+    table { border-collapse: collapse; width: 100%; }
+    th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
+    th { background-color: #f4f4f4; }
+  </style>
+</head>
+<body>
+  <h1>${title}</h1>
+  <div>${content}</div>
+</body>
+</html>`;
+}
+/**
+ * Generate Markdown from report
+ */
+function generateMarkdown(report) {
+  const title = report.title || 'Compliance Report';
+  const content = report.content || JSON.stringify(report, null, 2);
+  return `# ${title}\n\n${content}`;
+}
+export default {
+  createMultiFrameworkReporter,
+  generateConsolidatedReport,
+  generateFrameworkReport,
+  compareFrameworks,
+  exportReport
+};

package/server/lib/compliance/multi-framework-reporter.test.js ADDED Viewed

@@ -0,0 +1,127 @@
+/**
+ * Multi-Framework Reporter Tests
+ */
+import { describe, it, expect, vi } from 'vitest';
+import { createMultiFrameworkReporter, generateConsolidatedReport, generateFrameworkReport, compareFrameworks, exportReport } from './multi-framework-reporter.js';
+describe('multi-framework-reporter', () => {
+  describe('createMultiFrameworkReporter', () => {
+    it('creates multi-framework reporter', () => {
+      const reporter = createMultiFrameworkReporter();
+      expect(reporter.generate).toBeDefined();
+      expect(reporter.compare).toBeDefined();
+    });
+    it('supports multiple frameworks', () => {
+      const reporter = createMultiFrameworkReporter();
+      reporter.addFramework('pci-dss');
+      reporter.addFramework('hipaa');
+      reporter.addFramework('iso27001');
+      expect(reporter.getFrameworks().length).toBe(3);
+    });
+  });
+  describe('generateConsolidatedReport', () => {
+    it('generates consolidated compliance report', () => {
+      const status = {
+        'pci-dss': { score: 85, gaps: 5 },
+        'hipaa': { score: 90, gaps: 3 },
+        'iso27001': { score: 78, gaps: 10 }
+      };
+      const report = generateConsolidatedReport(status);
+      expect(report).toContain('Compliance Dashboard');
+      expect(report).toContain('PCI DSS');
+      expect(report).toContain('HIPAA');
+    });
+    it('highlights common gaps', () => {
+      const status = {
+        'pci-dss': { gaps: [{ area: 'encryption' }] },
+        'iso27001': { gaps: [{ area: 'encryption' }] }
+      };
+      const report = generateConsolidatedReport(status, { highlightCommon: true });
+      expect(report).toContain('Common Gaps');
+      expect(report).toContain('encryption');
+    });
+    it('includes executive summary', () => {
+      const report = generateConsolidatedReport({}, { includeSummary: true });
+      expect(report).toContain('Executive Summary');
+    });
+  });
+  describe('generateFrameworkReport', () => {
+    it('generates single framework report', () => {
+      const status = {
+        framework: 'pci-dss',
+        score: 85,
+        controls: [
+          { id: 'req-1.1', status: 'compliant' },
+          { id: 'req-3.4', status: 'non-compliant' }
+        ]
+      };
+      const report = generateFrameworkReport(status);
+      expect(report).toContain('PCI DSS');
+      expect(report).toContain('85%');
+    });
+    it('groups by control category', () => {
+      const status = {
+        framework: 'iso27001',
+        controls: [
+          { id: 'A.5.1', category: 'organizational' },
+          { id: 'A.8.1', category: 'technological' }
+        ]
+      };
+      const report = generateFrameworkReport(status, { groupBy: 'category' });
+      expect(report).toContain('Organizational');
+      expect(report).toContain('Technological');
+    });
+  });
+  describe('compareFrameworks', () => {
+    it('compares compliance across frameworks', () => {
+      const status = {
+        'pci-dss': { score: 85 },
+        'hipaa': { score: 90 }
+      };
+      const comparison = compareFrameworks(status);
+      expect(comparison.highest).toBe('hipaa');
+      expect(comparison.lowest).toBe('pci-dss');
+    });
+    it('identifies unique requirements', () => {
+      const comparison = compareFrameworks({}, { frameworks: ['pci-dss', 'hipaa'] });
+      expect(comparison.uniqueRequirements['pci-dss']).toBeDefined();
+      expect(comparison.uniqueRequirements['hipaa']).toBeDefined();
+    });
+  });
+  describe('exportReport', () => {
+    it('exports as PDF', async () => {
+      const report = { content: 'Test report' };
+      const mockPdfGenerator = vi.fn().mockResolvedValue(Buffer.from('PDF'));
+      const result = await exportReport(report, { format: 'pdf', pdfGenerator: mockPdfGenerator });
+      expect(result.format).toBe('pdf');
+      expect(mockPdfGenerator).toHaveBeenCalled();
+    });
+    it('exports as HTML', () => {
+      const report = { content: 'Test report' };
+      const result = exportReport(report, { format: 'html' });
+      expect(result.content).toContain('<html');
+    });
+    it('exports as JSON', () => {
+      const report = { score: 85, gaps: [] };
+      const result = exportReport(report, { format: 'json' });
+      expect(JSON.parse(result.content)).toEqual(report);
+    });
+    it('exports as markdown', () => {
+      const report = { content: 'Test report', title: 'Compliance Report' };
+      const result = exportReport(report, { format: 'markdown' });
+      expect(result.content).toContain('# Compliance Report');
+    });
+  });
+});