npm - tlc-claude-code - Versions diffs - 1.4.8 → 1.4.9 - Mend

tlc-claude-code 1.4.8 → 1.4.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

package/package.json +1 -1
package/server/index.js +229 -14
package/server/lib/compliance/control-mapper.js +401 -0
package/server/lib/compliance/control-mapper.test.js +117 -0
package/server/lib/compliance/evidence-linker.js +296 -0
package/server/lib/compliance/evidence-linker.test.js +121 -0
package/server/lib/compliance/gdpr-checklist.js +416 -0
package/server/lib/compliance/gdpr-checklist.test.js +131 -0
package/server/lib/compliance/hipaa-checklist.js +277 -0
package/server/lib/compliance/hipaa-checklist.test.js +101 -0
package/server/lib/compliance/iso27001-checklist.js +287 -0
package/server/lib/compliance/iso27001-checklist.test.js +99 -0
package/server/lib/compliance/multi-framework-reporter.js +284 -0
package/server/lib/compliance/multi-framework-reporter.test.js +127 -0
package/server/lib/compliance/pci-dss-checklist.js +214 -0
package/server/lib/compliance/pci-dss-checklist.test.js +95 -0
package/server/lib/compliance/trust-centre.js +187 -0
package/server/lib/compliance/trust-centre.test.js +93 -0
package/server/lib/dashboard/api-server.js +155 -0
package/server/lib/dashboard/api-server.test.js +155 -0
package/server/lib/dashboard/health-api.js +199 -0
package/server/lib/dashboard/health-api.test.js +122 -0
package/server/lib/dashboard/notes-api.js +234 -0
package/server/lib/dashboard/notes-api.test.js +134 -0
package/server/lib/dashboard/router-api.js +176 -0
package/server/lib/dashboard/router-api.test.js +132 -0
package/server/lib/dashboard/tasks-api.js +289 -0
package/server/lib/dashboard/tasks-api.test.js +161 -0
package/server/lib/dashboard/tlc-introspection.js +197 -0
package/server/lib/dashboard/tlc-introspection.test.js +138 -0
package/server/lib/dashboard/version-api.js +222 -0
package/server/lib/dashboard/version-api.test.js +112 -0
package/server/lib/dashboard/websocket-server.js +104 -0
package/server/lib/dashboard/websocket-server.test.js +118 -0
package/server/lib/deploy/branch-classifier.js +163 -0
package/server/lib/deploy/branch-classifier.test.js +164 -0
package/server/lib/deploy/deployment-approval.js +299 -0
package/server/lib/deploy/deployment-approval.test.js +296 -0
package/server/lib/deploy/deployment-audit.js +374 -0
package/server/lib/deploy/deployment-audit.test.js +307 -0
package/server/lib/deploy/deployment-executor.js +335 -0
package/server/lib/deploy/deployment-executor.test.js +329 -0
package/server/lib/deploy/deployment-rules.js +163 -0
package/server/lib/deploy/deployment-rules.test.js +188 -0
package/server/lib/deploy/rollback-manager.js +379 -0
package/server/lib/deploy/rollback-manager.test.js +321 -0
package/server/lib/deploy/security-gates.js +236 -0
package/server/lib/deploy/security-gates.test.js +222 -0
package/server/lib/k8s/gitops-config.js +188 -0
package/server/lib/k8s/gitops-config.test.js +59 -0
package/server/lib/k8s/helm-generator.js +196 -0
package/server/lib/k8s/helm-generator.test.js +59 -0
package/server/lib/k8s/kustomize-generator.js +176 -0
package/server/lib/k8s/kustomize-generator.test.js +58 -0
package/server/lib/k8s/network-policy.js +114 -0
package/server/lib/k8s/network-policy.test.js +53 -0
package/server/lib/k8s/pod-security.js +114 -0
package/server/lib/k8s/pod-security.test.js +55 -0
package/server/lib/k8s/rbac-generator.js +132 -0
package/server/lib/k8s/rbac-generator.test.js +57 -0
package/server/lib/k8s/resource-manager.js +172 -0
package/server/lib/k8s/resource-manager.test.js +60 -0
package/server/lib/k8s/secrets-encryption.js +168 -0
package/server/lib/k8s/secrets-encryption.test.js +49 -0
package/server/lib/monitoring/alert-manager.js +238 -0
package/server/lib/monitoring/alert-manager.test.js +106 -0
package/server/lib/monitoring/health-check.js +226 -0
package/server/lib/monitoring/health-check.test.js +176 -0
package/server/lib/monitoring/incident-manager.js +230 -0
package/server/lib/monitoring/incident-manager.test.js +98 -0
package/server/lib/monitoring/log-aggregator.js +147 -0
package/server/lib/monitoring/log-aggregator.test.js +89 -0
package/server/lib/monitoring/metrics-collector.js +337 -0
package/server/lib/monitoring/metrics-collector.test.js +172 -0
package/server/lib/monitoring/status-page.js +214 -0
package/server/lib/monitoring/status-page.test.js +105 -0
package/server/lib/monitoring/uptime-monitor.js +194 -0
package/server/lib/monitoring/uptime-monitor.test.js +109 -0
package/server/lib/network/fail2ban-config.js +294 -0
package/server/lib/network/fail2ban-config.test.js +275 -0
package/server/lib/network/firewall-manager.js +252 -0
package/server/lib/network/firewall-manager.test.js +254 -0
package/server/lib/network/geoip-filter.js +282 -0
package/server/lib/network/geoip-filter.test.js +264 -0
package/server/lib/network/rate-limiter.js +229 -0
package/server/lib/network/rate-limiter.test.js +293 -0
package/server/lib/network/request-validator.js +351 -0
package/server/lib/network/request-validator.test.js +345 -0
package/server/lib/network/security-headers.js +251 -0
package/server/lib/network/security-headers.test.js +283 -0
package/server/lib/network/tls-config.js +210 -0
package/server/lib/network/tls-config.test.js +248 -0
package/server/lib/security/auth-security.js +369 -0
package/server/lib/security/auth-security.test.js +448 -0
package/server/lib/security/cis-benchmark.js +152 -0
package/server/lib/security/cis-benchmark.test.js +137 -0
package/server/lib/security/compose-templates.js +312 -0
package/server/lib/security/compose-templates.test.js +229 -0
package/server/lib/security/container-runtime.js +456 -0
package/server/lib/security/container-runtime.test.js +503 -0
package/server/lib/security/cors-validator.js +278 -0
package/server/lib/security/cors-validator.test.js +310 -0
package/server/lib/security/crypto-utils.js +253 -0
package/server/lib/security/crypto-utils.test.js +409 -0
package/server/lib/security/dockerfile-linter.js +459 -0
package/server/lib/security/dockerfile-linter.test.js +483 -0
package/server/lib/security/dockerfile-templates.js +278 -0
package/server/lib/security/dockerfile-templates.test.js +164 -0
package/server/lib/security/error-sanitizer.js +426 -0
package/server/lib/security/error-sanitizer.test.js +331 -0
package/server/lib/security/headers-generator.js +368 -0
package/server/lib/security/headers-generator.test.js +398 -0
package/server/lib/security/image-scanner.js +83 -0
package/server/lib/security/image-scanner.test.js +106 -0
package/server/lib/security/input-validator.js +352 -0
package/server/lib/security/input-validator.test.js +330 -0
package/server/lib/security/network-policy.js +174 -0
package/server/lib/security/network-policy.test.js +164 -0
package/server/lib/security/output-encoder.js +237 -0
package/server/lib/security/output-encoder.test.js +276 -0
package/server/lib/security/path-validator.js +359 -0
package/server/lib/security/path-validator.test.js +293 -0
package/server/lib/security/query-builder.js +421 -0
package/server/lib/security/query-builder.test.js +318 -0
package/server/lib/security/secret-detector.js +290 -0
package/server/lib/security/secret-detector.test.js +354 -0
package/server/lib/security/secrets-validator.js +137 -0
package/server/lib/security/secrets-validator.test.js +120 -0
package/server/lib/security-testing/dast-runner.js +154 -0
package/server/lib/security-testing/dast-runner.test.js +62 -0
package/server/lib/security-testing/dependency-scanner.js +172 -0
package/server/lib/security-testing/dependency-scanner.test.js +64 -0
package/server/lib/security-testing/pentest-runner.js +230 -0
package/server/lib/security-testing/pentest-runner.test.js +60 -0
package/server/lib/security-testing/sast-runner.js +136 -0
package/server/lib/security-testing/sast-runner.test.js +62 -0
package/server/lib/security-testing/secret-scanner.js +153 -0
package/server/lib/security-testing/secret-scanner.test.js +66 -0
package/server/lib/security-testing/security-gate.js +216 -0
package/server/lib/security-testing/security-gate.test.js +115 -0
package/server/lib/security-testing/security-reporter.js +303 -0
package/server/lib/security-testing/security-reporter.test.js +114 -0
package/server/lib/standards/audit-checker.js +546 -0
package/server/lib/standards/audit-checker.test.js +415 -0
package/server/lib/standards/cleanup-executor.js +452 -0
package/server/lib/standards/cleanup-executor.test.js +293 -0
package/server/lib/standards/refactor-stepper.js +425 -0
package/server/lib/standards/refactor-stepper.test.js +298 -0
package/server/lib/standards/standards-injector.js +167 -0
package/server/lib/standards/standards-injector.test.js +232 -0
package/server/lib/user-management.test.js +284 -0
package/server/lib/vps/backup-manager.js +157 -0
package/server/lib/vps/backup-manager.test.js +59 -0
package/server/lib/vps/caddy-config.js +159 -0
package/server/lib/vps/caddy-config.test.js +48 -0
package/server/lib/vps/compose-orchestrator.js +219 -0
package/server/lib/vps/compose-orchestrator.test.js +50 -0
package/server/lib/vps/database-config.js +208 -0
package/server/lib/vps/database-config.test.js +47 -0
package/server/lib/vps/deploy-script.js +211 -0
package/server/lib/vps/deploy-script.test.js +53 -0
package/server/lib/vps/secrets-manager.js +148 -0
package/server/lib/vps/secrets-manager.test.js +58 -0
package/server/lib/vps/server-hardening.js +174 -0
package/server/lib/vps/server-hardening.test.js +70 -0
package/server/package-lock.json +19 -0
package/server/package.json +1 -0
package/server/templates/CLAUDE.md +37 -0
package/server/templates/CODING-STANDARDS.md +408 -0

package/server/lib/compliance/pci-dss-checklist.js ADDED Viewed

@@ -0,0 +1,214 @@
+/**
+ * PCI DSS v4.0 Compliance Checklist
+ * Payment Card Industry Data Security Standard requirements
+ */
+// PCI DSS v4.0 Requirements
+const REQUIREMENTS = [
+  // 12 main requirements
+  { id: 'req-1', name: 'Install and maintain network security controls', level: 'requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: null },
+  { id: 'req-2', name: 'Apply secure configurations to all system components', level: 'requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: null },
+  { id: 'req-3', name: 'Protect stored account data', level: 'requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: null },
+  { id: 'req-4', name: 'Protect cardholder data with strong cryptography during transmission', level: 'requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: null },
+  { id: 'req-5', name: 'Protect all systems and networks from malicious software', level: 'requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: null },
+  { id: 'req-6', name: 'Develop and maintain secure systems and software', level: 'requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: null },
+  { id: 'req-7', name: 'Restrict access to system components and cardholder data', level: 'requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: null },
+  { id: 'req-8', name: 'Identify users and authenticate access to system components', level: 'requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: null },
+  { id: 'req-9', name: 'Restrict physical access to cardholder data', level: 'requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: null },
+  { id: 'req-10', name: 'Log and monitor all access to system components and cardholder data', level: 'requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: null },
+  { id: 'req-11', name: 'Test security of systems and networks regularly', level: 'requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: null },
+  { id: 'req-12', name: 'Support information security with organizational policies and programs', level: 'requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: null },
+  // Sub-requirements for Requirement 1
+  { id: 'req-1.1', name: 'Processes and mechanisms for installing and maintaining network security controls are defined and understood', level: 'sub-requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: 'req-1' },
+  { id: 'req-1.2', name: 'Network security controls are configured and maintained', level: 'sub-requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: 'req-1' },
+  { id: 'req-1.3', name: 'Network access to and from the cardholder data environment is restricted', level: 'sub-requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'C-VT', 'D', 'P2PE'], parent: 'req-1' },
+  // Sub-requirements for Requirement 3
+  { id: 'req-3.4', name: 'PAN is rendered unreadable anywhere it is stored', level: 'sub-requirement', saqTypes: ['A', 'A-EP', 'B', 'B-IP', 'C', 'D', 'P2PE'], parent: 'req-3' }
+];
+// Control mappings for technical implementations
+const CONTROL_MAPPINGS = {
+  'req-1.1': [
+    { type: 'firewall', description: 'Network firewall configuration', patterns: ['firewall', 'iptables', 'security-group'] },
+    { type: 'network-segmentation', description: 'Network segmentation controls', patterns: ['vlan', 'subnet', 'network-policy'] },
+    { type: 'documentation', description: 'Network security documentation', patterns: ['network-diagram', 'data-flow'] }
+  ],
+  'req-1.2': [
+    { type: 'firewall', description: 'Firewall rule management', patterns: ['firewall-rules', 'ingress', 'egress'] },
+    { type: 'configuration', description: 'Secure configuration standards', patterns: ['config', 'settings'] }
+  ],
+  'req-3.4': [
+    { type: 'encryption', description: 'Data encryption at rest', patterns: ['encrypt', 'aes', 'crypto'] },
+    { type: 'tokenization', description: 'PAN tokenization', patterns: ['token', 'mask', 'redact'] },
+    { type: 'hashing', description: 'One-way hashing', patterns: ['hash', 'sha256'] }
+  ]
+};
+// Requirement check logic
+const REQUIREMENT_CHECKS = {
+  'req-1.1': (evidence) => {
+    const gaps = [];
+    if (!evidence.hasFirewall) gaps.push('Firewall not detected');
+    if (!evidence.firewallConfig) gaps.push('Firewall configuration not provided');
+    return { passed: gaps.length === 0, gaps };
+  }
+};
+/**
+ * Create a PCI DSS checklist instance
+ * @param {Object} options - Configuration options
+ * @param {string} options.version - PCI DSS version (default: '4.0')
+ * @returns {Object} Checklist instance
+ */
+export function createPciDssChecklist(options = {}) {
+  const version = options.version || '4.0';
+  return {
+    evaluate(evidence) {
+      const results = [];
+      const reqs = getRequirements();
+      for (const req of reqs) {
+        const result = checkRequirement(req.id, evidence);
+        results.push(result);
+      }
+      return {
+        version,
+        results,
+        compliant: results.every(r => r.status === 'compliant'),
+        score: (results.filter(r => r.status === 'compliant').length / results.length) * 100
+      };
+    },
+    getRequirements() {
+      return REQUIREMENTS.filter(r => r.id.startsWith('req-'));
+    }
+  };
+}
+/**
+ * Get PCI DSS requirements
+ * @param {Object} options - Filter options
+ * @param {boolean} options.includeSubRequirements - Include sub-requirements
+ * @param {string} options.saqType - Filter by SAQ type
+ * @returns {Array} Requirements list
+ */
+export function getRequirements(options = {}) {
+  let reqs = [...REQUIREMENTS];
+  // Filter to main requirements unless sub-requirements requested
+  if (!options.includeSubRequirements) {
+    reqs = reqs.filter(r => r.level === 'requirement');
+  }
+  // Filter by SAQ type
+  if (options.saqType) {
+    reqs = reqs.filter(r => r.saqTypes.includes(options.saqType));
+  }
+  return reqs;
+}
+/**
+ * Check compliance with a specific requirement
+ * @param {string} requirementId - Requirement identifier
+ * @param {Object} evidence - Evidence for compliance check
+ * @returns {Object} Check result with status, gaps, and remediation
+ */
+export function checkRequirement(requirementId, evidence) {
+  const requirement = REQUIREMENTS.find(r => r.id === requirementId);
+  const checkFn = REQUIREMENT_CHECKS[requirementId];
+  let status = 'non-compliant';
+  let gaps = [];
+  if (checkFn) {
+    const result = checkFn(evidence);
+    status = result.passed ? 'compliant' : 'non-compliant';
+    gaps = result.gaps;
+  } else {
+    // Default check - look for related evidence
+    gaps = ['Evidence not provided or check not implemented'];
+  }
+  const remediation = getRemediationGuidance(requirementId, gaps);
+  return {
+    requirementId,
+    requirementName: requirement?.name || 'Unknown requirement',
+    status,
+    gaps,
+    remediation
+  };
+}
+/**
+ * Get remediation guidance for a requirement
+ * @param {string} requirementId - Requirement identifier
+ * @param {Array} gaps - Identified gaps
+ * @returns {string} Remediation guidance
+ */
+function getRemediationGuidance(requirementId, gaps) {
+  const guidanceMap = {
+    'req-1.1': 'Implement and document network security controls including firewalls, security groups, and network segmentation.',
+    'req-1.2': 'Configure firewall rules to restrict inbound and outbound traffic to only necessary communications.',
+    'req-3.4': 'Implement encryption, truncation, masking, or hashing to render PAN unreadable.',
+  };
+  return guidanceMap[requirementId] || 'Review PCI DSS v4.0 documentation for requirement details and implement appropriate controls.';
+}
+/**
+ * Generate a gap analysis report
+ * @param {Array} status - Array of requirement check results
+ * @returns {string} Formatted gap report
+ */
+export function generateGapReport(status) {
+  // Sort by priority - critical first
+  const sorted = [...status].sort((a, b) => {
+    const priorityOrder = { critical: 0, high: 1, medium: 2, low: 3 };
+    const aPriority = priorityOrder[a.priority] ?? 2;
+    const bPriority = priorityOrder[b.priority] ?? 2;
+    return aPriority - bPriority;
+  });
+  let report = '# PCI DSS Gap Analysis Report\n\n';
+  report += '## Summary\n\n';
+  const compliant = sorted.filter(s => s.status === 'compliant').length;
+  const nonCompliant = sorted.filter(s => s.status === 'non-compliant').length;
+  report += `- Compliant: ${compliant}\n`;
+  report += `- Non-Compliant: ${nonCompliant}\n\n`;
+  report += '## Gap Analysis\n\n';
+  for (const item of sorted) {
+    if (item.status === 'non-compliant') {
+      report += `### ${item.requirementId}\n\n`;
+      report += `**Status:** Non-Compliant\n`;
+      report += `**Priority:** ${item.priority || 'medium'}\n`;
+      if (item.gaps && item.gaps.length > 0) {
+        report += `**Gaps:**\n`;
+        for (const gap of item.gaps) {
+          report += `- ${gap}\n`;
+        }
+      }
+      report += '\n';
+    }
+  }
+  return report;
+}
+/**
+ * Map PCI DSS requirement to technical controls
+ * @param {string} requirementId - Requirement identifier
+ * @returns {Array} Technical control mappings
+ */
+export function mapToControls(requirementId) {
+  return CONTROL_MAPPINGS[requirementId] || [];
+}

package/server/lib/compliance/pci-dss-checklist.test.js ADDED Viewed

@@ -0,0 +1,95 @@
+/**
+ * PCI DSS Checklist Tests
+ */
+import { describe, it, expect, vi } from 'vitest';
+import { createPciDssChecklist, getRequirements, checkRequirement, generateGapReport, mapToControls } from './pci-dss-checklist.js';
+describe('pci-dss-checklist', () => {
+  describe('createPciDssChecklist', () => {
+    it('creates PCI DSS checklist', () => {
+      const checklist = createPciDssChecklist();
+      expect(checklist.evaluate).toBeDefined();
+      expect(checklist.getRequirements).toBeDefined();
+    });
+    it('supports PCI DSS v4.0', () => {
+      const checklist = createPciDssChecklist({ version: '4.0' });
+      const reqs = checklist.getRequirements();
+      expect(reqs.some(r => r.id.startsWith('req-'))).toBe(true);
+    });
+  });
+  describe('getRequirements', () => {
+    it('returns all PCI DSS requirements', () => {
+      const reqs = getRequirements();
+      expect(reqs.length).toBeGreaterThan(0);
+      // PCI DSS has 12 main requirements
+      expect(reqs.filter(r => r.level === 'requirement').length).toBe(12);
+    });
+    it('includes sub-requirements', () => {
+      const reqs = getRequirements({ includeSubRequirements: true });
+      expect(reqs.some(r => r.parent)).toBe(true);
+    });
+    it('filters by SAQ type', () => {
+      const reqs = getRequirements({ saqType: 'A' });
+      expect(reqs.every(r => r.saqTypes.includes('A'))).toBe(true);
+    });
+  });
+  describe('checkRequirement', () => {
+    it('checks requirement compliance', () => {
+      const evidence = { hasFirewall: true, firewallConfig: { rules: [] } };
+      const result = checkRequirement('req-1.1', evidence);
+      expect(result.requirementId).toBe('req-1.1');
+      expect(result.status).toBeDefined();
+    });
+    it('returns evidence gaps', () => {
+      const evidence = {};
+      const result = checkRequirement('req-1.1', evidence);
+      expect(result.gaps.length).toBeGreaterThan(0);
+    });
+    it('provides remediation guidance', () => {
+      const result = checkRequirement('req-1.1', {});
+      expect(result.remediation).toBeDefined();
+    });
+  });
+  describe('generateGapReport', () => {
+    it('generates gap analysis report', () => {
+      const status = [
+        { requirementId: 'req-1.1', status: 'compliant' },
+        { requirementId: 'req-1.2', status: 'non-compliant', gaps: ['Missing firewall docs'] }
+      ];
+      const report = generateGapReport(status);
+      expect(report).toContain('Gap Analysis');
+      expect(report).toContain('req-1.2');
+    });
+    it('prioritizes critical gaps', () => {
+      const status = [
+        { requirementId: 'req-3.4', status: 'non-compliant', priority: 'critical' },
+        { requirementId: 'req-1.2', status: 'non-compliant', priority: 'medium' }
+      ];
+      const report = generateGapReport(status);
+      const criticalPos = report.indexOf('req-3.4');
+      const mediumPos = report.indexOf('req-1.2');
+      expect(criticalPos).toBeLessThan(mediumPos);
+    });
+  });
+  describe('mapToControls', () => {
+    it('maps PCI DSS to technical controls', () => {
+      const controls = mapToControls('req-1.1');
+      expect(controls.some(c => c.type === 'firewall')).toBe(true);
+    });
+    it('maps to code patterns', () => {
+      const controls = mapToControls('req-3.4');
+      expect(controls.some(c => c.type === 'encryption')).toBe(true);
+    });
+  });
+});

package/server/lib/compliance/trust-centre.js ADDED Viewed

@@ -0,0 +1,187 @@
+/**
+ * Trust Centre Core Functionality
+ * Central hub for compliance framework management
+ */
+// Available frameworks with metadata
+const FRAMEWORKS = [
+  { id: 'pci-dss', name: 'PCI DSS', version: '4.0', controlCount: 12, description: 'Payment Card Industry Data Security Standard' },
+  { id: 'hipaa', name: 'HIPAA', version: '2013', controlCount: 54, description: 'Health Insurance Portability and Accountability Act' },
+  { id: 'iso27001', name: 'ISO 27001', version: '2022', controlCount: 93, description: 'Information Security Management System' },
+  { id: 'gdpr', name: 'GDPR', version: '2018', controlCount: 99, description: 'General Data Protection Regulation' },
+  { id: 'soc2', name: 'SOC 2', version: 'Type II', controlCount: 64, description: 'Service Organization Control 2' }
+];
+// Framework control details
+const FRAMEWORK_DETAILS = {
+  'pci-dss': {
+    id: 'pci-dss',
+    name: 'Payment Card Industry Data Security Standard',
+    version: '4.0',
+    controls: [
+      { id: 'req-1', name: 'Install and maintain network security controls' },
+      { id: 'req-2', name: 'Apply secure configurations' },
+      { id: 'req-3', name: 'Protect stored account data' },
+      { id: 'req-4', name: 'Protect cardholder data with strong cryptography' },
+      { id: 'req-5', name: 'Protect systems from malicious software' },
+      { id: 'req-6', name: 'Develop and maintain secure systems' },
+      { id: 'req-7', name: 'Restrict access to cardholder data' },
+      { id: 'req-8', name: 'Identify users and authenticate access' },
+      { id: 'req-9', name: 'Restrict physical access to cardholder data' },
+      { id: 'req-10', name: 'Log and monitor all access' },
+      { id: 'req-11', name: 'Test security of systems regularly' },
+      { id: 'req-12', name: 'Support information security with policies' }
+    ]
+  },
+  'hipaa': {
+    id: 'hipaa',
+    name: 'Health Insurance Portability and Accountability Act',
+    version: '2013',
+    controls: [
+      { id: 'admin-1', name: 'Security Management Process' },
+      { id: 'admin-2', name: 'Assigned Security Responsibility' },
+      { id: 'physical-1', name: 'Facility Access Controls' },
+      { id: 'technical-1', name: 'Access Control' },
+      { id: 'technical-2', name: 'Audit Controls' },
+      { id: 'technical-3', name: 'Integrity Controls' },
+      { id: 'technical-4', name: 'Transmission Security' }
+    ]
+  },
+  'iso27001': {
+    id: 'iso27001',
+    name: 'ISO/IEC 27001:2022',
+    version: '2022',
+    controls: [
+      { id: 'A.5.1', name: 'Policies for information security' },
+      { id: 'A.5.2', name: 'Information security roles and responsibilities' },
+      { id: 'A.6.1', name: 'Screening' },
+      { id: 'A.7.1', name: 'Physical security perimeters' },
+      { id: 'A.8.1', name: 'User endpoint devices' }
+    ]
+  },
+  'gdpr': {
+    id: 'gdpr',
+    name: 'General Data Protection Regulation',
+    version: '2018',
+    controls: [
+      { id: 'art-5', name: 'Principles relating to processing' },
+      { id: 'art-6', name: 'Lawfulness of processing' },
+      { id: 'art-7', name: 'Conditions for consent' }
+    ]
+  },
+  'soc2': {
+    id: 'soc2',
+    name: 'SOC 2 Type II',
+    version: 'Type II',
+    controls: [
+      { id: 'cc-1', name: 'Control Environment' },
+      { id: 'cc-2', name: 'Communication and Information' }
+    ]
+  }
+};
+/**
+ * Create a trust centre instance
+ * @param {Object} options - Configuration options
+ * @param {boolean} options.defaults - Whether to initialize with default frameworks
+ * @returns {Object} Trust centre instance
+ */
+export function createTrustCentre(options = {}) {
+  const frameworks = options.defaults
+    ? ['pci-dss', 'hipaa', 'iso27001', 'gdpr']
+    : [];
+  return {
+    getStatus() {
+      return {
+        frameworks: frameworks.map(id => {
+          const fw = FRAMEWORKS.find(f => f.id === id);
+          return { id, name: fw?.name, compliant: false, score: 0 };
+        }),
+        overallScore: 0
+      };
+    },
+    addFramework(frameworkId) {
+      if (!frameworks.includes(frameworkId)) {
+        frameworks.push(frameworkId);
+      }
+    },
+    listFrameworks() {
+      return [...frameworks];
+    },
+    generateReport() {
+      return {
+        generatedAt: new Date().toISOString(),
+        frameworks: frameworks.map(id => ({
+          id,
+          status: 'pending',
+          score: 0
+        })),
+        summary: 'Trust centre compliance report'
+      };
+    }
+  };
+}
+/**
+ * Get compliance status for a framework
+ * @param {Object} options - Options including framework and controls
+ * @returns {Object} Compliance status
+ */
+export function getComplianceStatus({ framework, controls }) {
+  const compliantCount = controls.filter(c => c.status === 'compliant').length;
+  const totalCount = controls.length;
+  const score = totalCount > 0 ? (compliantCount / totalCount) * 100 : 0;
+  return {
+    framework,
+    compliant: compliantCount === totalCount && totalCount > 0,
+    score,
+    controlsAssessed: totalCount,
+    controlsCompliant: compliantCount
+  };
+}
+/**
+ * List available compliance frameworks
+ * @returns {Array} List of framework metadata
+ */
+export function listFrameworks() {
+  return FRAMEWORKS.map(f => ({
+    id: f.id,
+    name: f.name,
+    version: f.version,
+    controlCount: f.controlCount,
+    description: f.description
+  }));
+}
+/**
+ * Get detailed information about a framework
+ * @param {string} frameworkId - Framework identifier
+ * @returns {Object} Framework details including controls
+ */
+export function getFrameworkDetails(frameworkId) {
+  const details = FRAMEWORK_DETAILS[frameworkId];
+  if (!details) {
+    throw new Error(`Unknown framework: ${frameworkId}`);
+  }
+  return details;
+}
+/**
+ * Calculate overall compliance score from multiple frameworks
+ * @param {Array} scores - Array of framework scores with optional weights
+ * @returns {number} Weighted overall score
+ */
+export function calculateOverallScore(scores) {
+  if (scores.length === 0) return 0;
+  const totalWeight = scores.reduce((sum, s) => sum + (s.weight || 1), 0);
+  const weightedSum = scores.reduce((sum, s) => sum + s.score * (s.weight || 1), 0);
+  return weightedSum / totalWeight;
+}

package/server/lib/compliance/trust-centre.test.js ADDED Viewed

@@ -0,0 +1,93 @@
+/**
+ * Trust Centre Tests
+ */
+import { describe, it, expect, vi } from 'vitest';
+import { createTrustCentre, getComplianceStatus, listFrameworks, getFrameworkDetails, calculateOverallScore } from './trust-centre.js';
+describe('trust-centre', () => {
+  describe('createTrustCentre', () => {
+    it('creates trust centre instance', () => {
+      const centre = createTrustCentre();
+      expect(centre.getStatus).toBeDefined();
+      expect(centre.addFramework).toBeDefined();
+      expect(centre.generateReport).toBeDefined();
+    });
+    it('initializes with default frameworks', () => {
+      const centre = createTrustCentre({ defaults: true });
+      const frameworks = centre.listFrameworks();
+      expect(frameworks).toContain('pci-dss');
+      expect(frameworks).toContain('hipaa');
+      expect(frameworks).toContain('iso27001');
+      expect(frameworks).toContain('gdpr');
+    });
+  });
+  describe('getComplianceStatus', () => {
+    it('returns compliance status for framework', () => {
+      const status = getComplianceStatus({ framework: 'pci-dss', controls: [] });
+      expect(status.framework).toBe('pci-dss');
+      expect(status.compliant).toBeDefined();
+      expect(status.score).toBeDefined();
+    });
+    it('calculates score from controls', () => {
+      const controls = [
+        { id: 'req-1', status: 'compliant' },
+        { id: 'req-2', status: 'compliant' },
+        { id: 'req-3', status: 'non-compliant' }
+      ];
+      const status = getComplianceStatus({ framework: 'custom', controls });
+      expect(status.score).toBeCloseTo(66.67, 1);
+    });
+  });
+  describe('listFrameworks', () => {
+    it('lists available frameworks', () => {
+      const frameworks = listFrameworks();
+      expect(frameworks.length).toBeGreaterThan(0);
+      expect(frameworks[0].id).toBeDefined();
+      expect(frameworks[0].name).toBeDefined();
+    });
+    it('includes framework metadata', () => {
+      const frameworks = listFrameworks();
+      const pci = frameworks.find(f => f.id === 'pci-dss');
+      expect(pci.version).toBeDefined();
+      expect(pci.controlCount).toBeDefined();
+    });
+  });
+  describe('getFrameworkDetails', () => {
+    it('returns framework details', () => {
+      const details = getFrameworkDetails('pci-dss');
+      expect(details.id).toBe('pci-dss');
+      expect(details.name).toBeDefined();
+      expect(details.controls).toBeDefined();
+    });
+    it('throws for unknown framework', () => {
+      expect(() => getFrameworkDetails('unknown')).toThrow();
+    });
+  });
+  describe('calculateOverallScore', () => {
+    it('calculates weighted overall score', () => {
+      const scores = [
+        { framework: 'pci-dss', score: 80, weight: 2 },
+        { framework: 'hipaa', score: 90, weight: 1 }
+      ];
+      const overall = calculateOverallScore(scores);
+      expect(overall).toBeCloseTo(83.33, 1);
+    });
+    it('handles equal weights', () => {
+      const scores = [
+        { framework: 'pci-dss', score: 80 },
+        { framework: 'hipaa', score: 90 }
+      ];
+      const overall = calculateOverallScore(scores);
+      expect(overall).toBe(85);
+    });
+  });
+});