vaspera 2.14.0 → 2.16.0

package/dist/certification/verify-endpoint.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-endpoint.d.ts","sourceRoot":"","sources":["../../src/certification/verify-endpoint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAGL,KAAK,uBAAuB,EAC7B,MAAM,wBAAwB,CAAC;AAEhC,6EAA6E;AAC7E,MAAM,WAAW,iBAAiB;IAChC,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAC/E,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,+BAAgC,SAAQ,uBAAuB;IAC9E,4DAA4D;IAC5D,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,uDAAuD;IACvD,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,iEAAiE;IACjE,MAAM,CAAC,EAAE,iBAAiB,CAAC;IAC3B,uCAAuC;IACvC,OAAO,EAAE,MAAM,CAAC;CACjB;AAqBD;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,OAAO,EACZ,GAAG,GAAE,IAAiB,GACrB,OAAO,CAAC,+BAA+B,CAAC,CAwB1C"}

package/dist/certification/verify-endpoint.js

@@ -0,0 +1,79 @@
+/**
+ * Standalone certificate verification (Phase 3 — independent attestation).
+ *
+ * The point of an Agent Certificate is that a third party can verify it
+ * WITHOUT trusting Vaspera: re-validate the schema, recompute the content
+ * digest from the canonical body, and check the Sigstore signature. This
+ * module wraps that core (`verifyCertificate`) into a single pure handler
+ * shared by the public HTTP `/verify` endpoint and the `verify:cert` CLI,
+ * adding the things a verifier also wants to know — has it expired, and
+ * what does it actually claim — without changing the cryptographic verdict.
+ *
+ * It is intentionally read-only and stateless: it touches no secrets, no
+ * filesystem, and no server state. That is what makes it safe to expose
+ * unauthenticated.
+ *
+ * @module certification/verify-endpoint
+ */
+import { verifyCertificate, AgentCertificateSchema, } from "./agent-certificate.js";
+function extractClaims(cert) {
+    const parsed = AgentCertificateSchema.safeParse(cert);
+    if (!parsed.success)
+        return undefined;
+    const c = parsed.data;
+    return {
+        certificateId: c.certificateId,
+        subject: {
+            kind: c.subject.kind,
+            name: c.subject.name,
+            version: c.subject.version,
+            identifier: c.subject.identifier,
+        },
+        level: c.level,
+        overallScore: c.overallScore,
+        issuedAt: c.issuedAt,
+        expiresAt: c.expiresAt,
+    };
+}
+/**
+ * Verify a parsed certificate document. `now` is injectable so the result
+ * is deterministic in tests; it defaults to wall-clock time in callers.
+ */
+export async function verifyCertificatePayload(raw, now = new Date()) {
+    const result = await verifyCertificate(raw);
+    const warnings = [];
+    const claims = result.schemaValid ? extractClaims(raw) : undefined;
+    let expired;
+    if (claims) {
+        const expiresAt = Date.parse(claims.expiresAt);
+        if (!Number.isNaN(expiresAt)) {
+            expired = expiresAt < now.getTime();
+            if (expired)
+                warnings.push(`Certificate expired at ${claims.expiresAt}`);
+        }
+    }
+    if (result.schemaValid && !result.signaturePresent) {
+        warnings.push("Certificate is unsigned (digest-only; integrity is verifiable but not attributable)");
+    }
+    return {
+        ...result,
+        expired,
+        warnings,
+        claims,
+        summary: summarize(result, expired),
+    };
+}
+function summarize(result, expired) {
+    if (!result.schemaValid)
+        return "INVALID — not a well-formed agent certificate";
+    if (!result.contentDigestValid)
+        return "INVALID — content digest mismatch (tampered)";
+    if (result.signaturePresent && result.signatureValid === false) {
+        return "INVALID — signature verification failed";
+    }
+    const sig = result.signaturePresent ? "signed" : "unsigned";
+    if (expired)
+        return `VALID but EXPIRED — digest verified (${sig})`;
+    return `VALID — digest verified (${sig})`;
+}
+//# sourceMappingURL=verify-endpoint.js.map

package/dist/certification/verify-endpoint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-endpoint.js","sourceRoot":"","sources":["../../src/certification/verify-endpoint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EACL,iBAAiB,EACjB,sBAAsB,GAEvB,MAAM,wBAAwB,CAAC;AAuBhC,SAAS,aAAa,CAAC,IAAa;IAClC,MAAM,MAAM,GAAG,sBAAsB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACtD,IAAI,CAAC,MAAM,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IACtC,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC;IACtB,OAAO;QACL,aAAa,EAAE,CAAC,CAAC,aAAa;QAC9B,OAAO,EAAE;YACP,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI;YACpB,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI;YACpB,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO;YAC1B,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU;SACjC;QACD,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,SAAS,EAAE,CAAC,CAAC,SAAS;KACvB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,GAAY,EACZ,MAAY,IAAI,IAAI,EAAE;IAEtB,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEnE,IAAI,OAA4B,CAAC;IACjC,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,OAAO,GAAG,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC;YACpC,IAAI,OAAO;gBAAE,QAAQ,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,WAAW,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;QACnD,QAAQ,CAAC,IAAI,CAAC,qFAAqF,CAAC,CAAC;IACvG,CAAC;IAED,OAAO;QACL,GAAG,MAAM;QACT,OAAO;QACP,QAAQ;QACR,MAAM;QACN,OAAO,EAAE,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC;KACpC,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,MAA+B,EAAE,OAAiB;IACnE,IAAI,CAAC,MAAM,CAAC,WAAW;QAAE,OAAO,+CAA+C,CAAC;IAChF,IAAI,CAAC,MAAM,CAAC,kBAAkB;QAAE,OAAO,8CAA8C,CAAC;IACtF,IAAI,MAAM,CAAC,gBAAgB,IAAI,MAAM,CAAC,cAAc,KAAK,KAAK,EAAE,CAAC;QAC/D,OAAO,yCAAyC,CAAC;IACnD,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC;IAC5D,IAAI,OAAO;QAAE,OAAO,wCAAwC,GAAG,GAAG,CAAC;IACnE,OAAO,4BAA4B,GAAG,GAAG,CAAC;AAC5C,CAAC"}

package/dist/compliance/index.d.ts

@@ -14,6 +14,8 @@ export { CFR42_PART2_CONTROLS, CFR42_PART2_CATEGORIES, getCFR42Part2Controls, ge
 export { CIS_CONTROLS, getCISControls, getCISControlsByCategory, getCISCategories, } from "./cis.js";
 export { GDPR_CONTROLS, getGDPRControls, getGDPRControlsByCategory, getGDPRControlsByArticle, getGDPRCategories, } from "./gdpr.js";
 export { NIST_800_53_CONTROLS, getNIST80053Controls, getNIST80053ControlsByCategory, getNIST80053ControlById, getNIST80053Categories, NIST_CONTROL_FAMILIES, } from "./nist-800-53.js";
+export { ISO_42001_CONTROLS, getISO42001Controls, getISO42001ControlsByCategory, } from "./iso42001.js";
+export { NIST_AI_RMF_CONTROLS, getNISTAIRMFControls, getNISTAIRMFControlsByFunction, } from "./nist-ai-rmf.js";
 export { getControlsForFramework, findingMatchesControl, meetsSeverityThreshold, mapFindingsToControls, calculateComplianceStatus, generateRecommendations, generateComplianceReport, generateMultiFrameworkReport, } from "./mapper.js";
 export { formatComplianceReportAsMarkdown, formatMultiFrameworkReportAsMarkdown, formatComplianceReportAsJson, generateCompactComplianceSummary, formatHealthcareComplianceReportAsMarkdown, } from "./report.js";
 export type { AuditDefensibleOptions } from "./report.js";

package/dist/compliance/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/compliance/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,YAAY,EACV,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,wBAAwB,EACxB,eAAe,EACf,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,6BAA6B,EAC7B,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,2BAA2B,EAC3B,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,sBAAsB,EACtB,qBAAqB,EACrB,+BAA+B,EAC/B,wBAAwB,EACxB,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,YAAY,EACZ,cAAc,EACd,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,wBAAwB,EACxB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,8BAA8B,EAC9B,uBAAuB,EACvB,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,qBAAqB,EACrB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,4BAA4B,GAC7B,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,gCAAgC,EAChC,oCAAoC,EACpC,4BAA4B,EAC5B,gCAAgC,EAChC,0CAA0C,GAC3C,MAAM,aAAa,CAAC;AAErB,YAAY,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAG1D,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,2BAA2B,EAC3B,yCAAyC,GAC1C,MAAM,kBAAkB,CAAC;AAE1B,YAAY,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAG7D,YAAY,EACV,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iCAAiC,EACjC,mCAAmC,GACpC,MAAM,wBAAwB,CAAC;AAGhC,YAAY,EACV,+BAA+B,EAC/B,8BAA8B,EAC9B,2BAA2B,GAC5B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,4BAA4B,EAC5B,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,wBAAwB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/compliance/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,YAAY,EACV,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,wBAAwB,EACxB,eAAe,EACf,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,6BAA6B,EAC7B,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,2BAA2B,EAC3B,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,sBAAsB,EACtB,qBAAqB,EACrB,+BAA+B,EAC/B,wBAAwB,EACxB,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,YAAY,EACZ,cAAc,EACd,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,wBAAwB,EACxB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,8BAA8B,EAC9B,uBAAuB,EACvB,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,8BAA8B,GAC/B,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,qBAAqB,EACrB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,4BAA4B,GAC7B,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,gCAAgC,EAChC,oCAAoC,EACpC,4BAA4B,EAC5B,gCAAgC,EAChC,0CAA0C,GAC3C,MAAM,aAAa,CAAC;AAErB,YAAY,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAG1D,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,2BAA2B,EAC3B,yCAAyC,GAC1C,MAAM,kBAAkB,CAAC;AAE1B,YAAY,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAG7D,YAAY,EACV,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iCAAiC,EACjC,mCAAmC,GACpC,MAAM,wBAAwB,CAAC;AAGhC,YAAY,EACV,+BAA+B,EAC/B,8BAA8B,EAC9B,2BAA2B,GAC5B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,4BAA4B,EAC5B,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,wBAAwB,CAAC"}

package/dist/compliance/index.js

@@ -21,6 +21,10 @@ export { CIS_CONTROLS, getCISControls, getCISControlsByCategory, getCISCategorie
 export { GDPR_CONTROLS, getGDPRControls, getGDPRControlsByCategory, getGDPRControlsByArticle, getGDPRCategories, } from "./gdpr.js";
 // NIST 800-53
 export { NIST_800_53_CONTROLS, getNIST80053Controls, getNIST80053ControlsByCategory, getNIST80053ControlById, getNIST80053Categories, NIST_CONTROL_FAMILIES, } from "./nist-800-53.js";
+// ISO/IEC 42001 (AI Management System)
+export { ISO_42001_CONTROLS, getISO42001Controls, getISO42001ControlsByCategory, } from "./iso42001.js";
+// NIST AI Risk Management Framework
+export { NIST_AI_RMF_CONTROLS, getNISTAIRMFControls, getNISTAIRMFControlsByFunction, } from "./nist-ai-rmf.js";
 // Mapper
 export { getControlsForFramework, findingMatchesControl, meetsSeverityThreshold, mapFindingsToControls, calculateComplianceStatus, generateRecommendations, generateComplianceReport, generateMultiFrameworkReport, } from "./mapper.js";
 // Report

package/dist/compliance/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/compliance/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAcH,QAAQ;AACR,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAEnB,YAAY;AACZ,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,6BAA6B,EAC7B,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAEvB,UAAU;AACV,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,2BAA2B,EAC3B,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,QAAQ;AACR,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB,qDAAqD;AACrD,OAAO,EACL,oBAAoB,EACpB,sBAAsB,EACtB,qBAAqB,EACrB,+BAA+B,EAC/B,wBAAwB,EACxB,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAE1B,eAAe;AACf,OAAO,EACL,YAAY,EACZ,cAAc,EACd,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAElB,OAAO;AACP,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,wBAAwB,EACxB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAEnB,cAAc;AACd,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,8BAA8B,EAC9B,uBAAuB,EACvB,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAE1B,SAAS;AACT,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,qBAAqB,EACrB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,4BAA4B,GAC7B,MAAM,aAAa,CAAC;AAErB,SAAS;AACT,OAAO,EACL,gCAAgC,EAChC,oCAAoC,EACpC,4BAA4B,EAC5B,gCAAgC,EAChC,0CAA0C,GAC3C,MAAM,aAAa,CAAC;AAIrB,cAAc;AACd,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,2BAA2B,EAC3B,yCAAyC,GAC1C,MAAM,kBAAkB,CAAC;AAU1B,OAAO,EACL,iCAAiC,EACjC,mCAAmC,GACpC,MAAM,wBAAwB,CAAC;AAShC,OAAO,EACL,4BAA4B,EAC5B,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,wBAAwB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/compliance/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAcH,QAAQ;AACR,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAEnB,YAAY;AACZ,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,6BAA6B,EAC7B,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAEvB,UAAU;AACV,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,2BAA2B,EAC3B,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,QAAQ;AACR,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB,qDAAqD;AACrD,OAAO,EACL,oBAAoB,EACpB,sBAAsB,EACtB,qBAAqB,EACrB,+BAA+B,EAC/B,wBAAwB,EACxB,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAE1B,eAAe;AACf,OAAO,EACL,YAAY,EACZ,cAAc,EACd,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAElB,OAAO;AACP,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,wBAAwB,EACxB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAEnB,cAAc;AACd,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,8BAA8B,EAC9B,uBAAuB,EACvB,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAE1B,uCAAuC;AACvC,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,eAAe,CAAC;AAEvB,oCAAoC;AACpC,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,8BAA8B,GAC/B,MAAM,kBAAkB,CAAC;AAE1B,SAAS;AACT,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,qBAAqB,EACrB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,4BAA4B,GAC7B,MAAM,aAAa,CAAC;AAErB,SAAS;AACT,OAAO,EACL,gCAAgC,EAChC,oCAAoC,EACpC,4BAA4B,EAC5B,gCAAgC,EAChC,0CAA0C,GAC3C,MAAM,aAAa,CAAC;AAIrB,cAAc;AACd,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,2BAA2B,EAC3B,yCAAyC,GAC1C,MAAM,kBAAkB,CAAC;AAU1B,OAAO,EACL,iCAAiC,EACjC,mCAAmC,GACpC,MAAM,wBAAwB,CAAC;AAShC,OAAO,EACL,4BAA4B,EAC5B,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,wBAAwB,CAAC"}

package/dist/compliance/iso42001.d.ts

@@ -0,0 +1,21 @@
+/**
+ * ISO/IEC 42001:2023 — Artificial Intelligence Management System (AIMS)
+ *
+ * Annex A controls relevant to certifying AI systems and AI-generated
+ * code, mapped to the platform's finding categories. This is the
+ * auditable "SOC 2 for AI" — the framework Vaspera leads with for Agent
+ * Certification.
+ *
+ * @module compliance/iso42001
+ */
+import type { ComplianceControl } from "./types.js";
+/**
+ * ISO 42001 Annex A controls (representative set relevant to code/agent
+ * certification — not the full management-system documentation set).
+ */
+export declare const ISO_42001_CONTROLS: ComplianceControl[];
+/** Get all ISO 42001 controls. */
+export declare function getISO42001Controls(): ComplianceControl[];
+/** Get ISO 42001 controls in a given Annex A category. */
+export declare function getISO42001ControlsByCategory(category: string): ComplianceControl[];
+//# sourceMappingURL=iso42001.d.ts.map

package/dist/compliance/iso42001.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"iso42001.d.ts","sourceRoot":"","sources":["../../src/compliance/iso42001.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD;;;GAGG;AACH,eAAO,MAAM,kBAAkB,EAAE,iBAAiB,EA2JjD,CAAC;AAEF,kCAAkC;AAClC,wBAAgB,mBAAmB,IAAI,iBAAiB,EAAE,CAEzD;AAED,0DAA0D;AAC1D,wBAAgB,6BAA6B,CAAC,QAAQ,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAEnF"}

package/dist/compliance/iso42001.js

@@ -0,0 +1,160 @@
+/**
+ * ISO/IEC 42001:2023 — Artificial Intelligence Management System (AIMS)
+ *
+ * Annex A controls relevant to certifying AI systems and AI-generated
+ * code, mapped to the platform's finding categories. This is the
+ * auditable "SOC 2 for AI" — the framework Vaspera leads with for Agent
+ * Certification.
+ *
+ * @module compliance/iso42001
+ */
+/**
+ * ISO 42001 Annex A controls (representative set relevant to code/agent
+ * certification — not the full management-system documentation set).
+ */
+export const ISO_42001_CONTROLS = [
+    // A.2 — Policies related to AI
+    {
+        id: "A.2.2",
+        framework: "ISO-42001",
+        category: "AI Policy",
+        title: "AI policy",
+        description: "The organization shall document a policy for the development or use of AI systems, addressing acceptable use, risk appetite, and oversight.",
+        keywords: ["ai policy", "acceptable use", "governance", "oversight"],
+        findingCategories: ["security-misconfiguration", "excessive-agency"],
+        severityThreshold: "low",
+    },
+    // A.4 — Resources for AI systems
+    {
+        id: "A.4.3",
+        framework: "ISO-42001",
+        category: "AI Resources",
+        title: "Data resources",
+        description: "The organization shall document information about the data resources used for the AI system, including provenance and quality.",
+        keywords: ["data provenance", "dataset", "training data", "data quality"],
+        findingCategories: ["training-data-poisoning", "pii-exposure"],
+        severityThreshold: "medium",
+    },
+    {
+        id: "A.4.4",
+        framework: "ISO-42001",
+        category: "AI Resources",
+        title: "Tooling and computing resources",
+        description: "Resources (tools, models, compute) used by the AI system shall be identified and their integrity assured.",
+        keywords: ["tooling", "model integrity", "supply chain", "dependency"],
+        findingCategories: ["supply-chain-vuln", "manifest-drift", "unsigned-change"],
+        severityThreshold: "medium",
+    },
+    // A.5 — Assessing impacts of AI systems
+    {
+        id: "A.5.2",
+        framework: "ISO-42001",
+        category: "AI Impact Assessment",
+        title: "AI system impact assessment",
+        description: "The organization shall assess potential consequences of the AI system to individuals and groups, including security and privacy impacts.",
+        keywords: ["impact assessment", "privacy impact", "harm", "consequences"],
+        findingCategories: ["pii-exposure", "sensitive-disclosure"],
+        severityThreshold: "medium",
+    },
+    // A.6 — AI system life cycle
+    {
+        id: "A.6.2.2",
+        framework: "ISO-42001",
+        category: "AI Life Cycle",
+        title: "Responsible AI development — secure design",
+        description: "AI systems shall be designed and developed to be secure against manipulation of inputs and prompts.",
+        keywords: ["prompt injection", "input manipulation", "secure design", "jailbreak"],
+        findingCategories: ["prompt-injection", "insecure-output", "code-injection"],
+        cweIds: ["CWE-77", "CWE-94"],
+        severityThreshold: "high",
+    },
+    {
+        id: "A.6.2.4",
+        framework: "ISO-42001",
+        category: "AI Life Cycle",
+        title: "AI system verification and validation",
+        description: "AI systems shall be verified and validated against requirements before and during deployment.",
+        keywords: ["verification", "validation", "testing", "evaluation"],
+        findingCategories: ["overreliance", "consensus-manipulation"],
+        severityThreshold: "medium",
+    },
+    {
+        id: "A.6.2.6",
+        framework: "ISO-42001",
+        category: "AI Life Cycle",
+        title: "AI system operation and monitoring",
+        description: "AI systems in operation shall be monitored, and tool/agent behavior changes shall be detected and controlled.",
+        keywords: ["monitoring", "drift", "behavior change", "operation"],
+        findingCategories: ["tool-drift", "manifest-drift"],
+        severityThreshold: "medium",
+    },
+    {
+        id: "A.6.2.8",
+        framework: "ISO-42001",
+        category: "AI Life Cycle",
+        title: "Least privilege and bounded autonomy",
+        description: "AI agents shall operate with least-privilege access to tools and data, and their autonomy shall be bounded to intended functions.",
+        keywords: ["least privilege", "excessive agency", "permission", "sandbox", "scope"],
+        findingCategories: [
+            "excessive-agency",
+            "overscoped-permission",
+            "missing-sandbox",
+            "credential-overscoped",
+        ],
+        cweIds: ["CWE-250", "CWE-269"],
+        severityThreshold: "high",
+    },
+    // A.7 — Data for AI systems
+    {
+        id: "A.7.4",
+        framework: "ISO-42001",
+        category: "AI Data",
+        title: "Data privacy and protection",
+        description: "Personal and sensitive data used by or exposed through the AI system shall be protected against unauthorized disclosure and exfiltration.",
+        keywords: ["data privacy", "exfiltration", "sensitive data", "secret"],
+        findingCategories: ["exfil-path", "sensitive-disclosure", "hardcoded-secret", "pii-exposure"],
+        severityThreshold: "high",
+    },
+    // A.8 — Information for interested parties (transparency)
+    {
+        id: "A.8.2",
+        framework: "ISO-42001",
+        category: "AI Transparency",
+        title: "System documentation and traceability",
+        description: "Documentation shall enable traceability of AI system decisions and changes, including signed provenance of artifacts.",
+        keywords: ["traceability", "provenance", "documentation", "attestation", "signature"],
+        findingCategories: ["unsigned-change"],
+        severityThreshold: "medium",
+    },
+    // A.9 — Use of AI systems
+    {
+        id: "A.9.3",
+        framework: "ISO-42001",
+        category: "AI Use",
+        title: "Intended use and output handling",
+        description: "AI system outputs shall be handled securely and used only within their intended purpose to prevent downstream injection or misuse.",
+        keywords: ["output handling", "intended use", "downstream", "insecure output"],
+        findingCategories: ["insecure-output", "insecure-plugin"],
+        severityThreshold: "high",
+    },
+    // A.10 — Third-party relationships
+    {
+        id: "A.10.2",
+        framework: "ISO-42001",
+        category: "AI Third Parties",
+        title: "Third-party and supply chain assurance",
+        description: "Risks from third-party models, tools, and components (including MCP servers) shall be assessed and controlled.",
+        keywords: ["third party", "supply chain", "mcp", "external model"],
+        findingCategories: ["supply-chain-vuln", "model-theft"],
+        severityThreshold: "medium",
+    },
+];
+/** Get all ISO 42001 controls. */
+export function getISO42001Controls() {
+    return ISO_42001_CONTROLS;
+}
+/** Get ISO 42001 controls in a given Annex A category. */
+export function getISO42001ControlsByCategory(category) {
+    return ISO_42001_CONTROLS.filter((c) => c.category === category);
+}
+//# sourceMappingURL=iso42001.js.map

package/dist/compliance/iso42001.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"iso42001.js","sourceRoot":"","sources":["../../src/compliance/iso42001.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH;;;GAGG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAwB;IACrD,+BAA+B;IAC/B;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE,WAAW;QACrB,KAAK,EAAE,WAAW;QAClB,WAAW,EACT,6IAA6I;QAC/I,QAAQ,EAAE,CAAC,WAAW,EAAE,gBAAgB,EAAE,YAAY,EAAE,WAAW,CAAC;QACpE,iBAAiB,EAAE,CAAC,2BAA2B,EAAE,kBAAkB,CAAC;QACpE,iBAAiB,EAAE,KAAK;KACzB;IAED,iCAAiC;IACjC;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE,cAAc;QACxB,KAAK,EAAE,gBAAgB;QACvB,WAAW,EACT,gIAAgI;QAClI,QAAQ,EAAE,CAAC,iBAAiB,EAAE,SAAS,EAAE,eAAe,EAAE,cAAc,CAAC;QACzE,iBAAiB,EAAE,CAAC,yBAAyB,EAAE,cAAc,CAAC;QAC9D,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE,cAAc;QACxB,KAAK,EAAE,iCAAiC;QACxC,WAAW,EACT,2GAA2G;QAC7G,QAAQ,EAAE,CAAC,SAAS,EAAE,iBAAiB,EAAE,cAAc,EAAE,YAAY,CAAC;QACtE,iBAAiB,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,EAAE,iBAAiB,CAAC;QAC7E,iBAAiB,EAAE,QAAQ;KAC5B;IAED,wCAAwC;IACxC;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,0IAA0I;QAC5I,QAAQ,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,EAAE,cAAc,CAAC;QACzE,iBAAiB,EAAE,CAAC,cAAc,EAAE,sBAAsB,CAAC;QAC3D,iBAAiB,EAAE,QAAQ;KAC5B;IAED,6BAA6B;IAC7B;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE,eAAe;QACzB,KAAK,EAAE,4CAA4C;QACnD,WAAW,EACT,qGAAqG;QACvG,QAAQ,EAAE,CAAC,kBAAkB,EAAE,oBAAoB,EAAE,eAAe,EAAE,WAAW,CAAC;QAClF,iBAAiB,EAAE,CAAC,kBAAkB,EAAE,iBAAiB,EAAE,gBAAgB,CAAC;QAC5E,MAAM,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAC5B,iBAAiB,EAAE,MAAM;KAC1B;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE,eAAe;QACzB,KAAK,EAAE,uCAAuC;QAC9C,WAAW,EACT,+FAA+F;QACjG,QAAQ,EAAE,CAAC,cAAc,EAAE,YAAY,EAAE,SAAS,EAAE,YAAY,CAAC;QACjE,iBAAiB,EAAE,CAAC,cAAc,EAAE,wBAAwB,CAAC;QAC7D,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE,eAAe;QACzB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,+GAA+G;QACjH,QAAQ,EAAE,CAAC,YAAY,EAAE,OAAO,EAAE,iBAAiB,EAAE,WAAW,CAAC;QACjE,iBAAiB,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;QACnD,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE,eAAe;QACzB,KAAK,EAAE,sCAAsC;QAC7C,WAAW,EACT,mIAAmI;QACrI,QAAQ,EAAE,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,YAAY,EAAE,SAAS,EAAE,OAAO,CAAC;QACnF,iBAAiB,EAAE;YACjB,kBAAkB;YAClB,uBAAuB;YACvB,iBAAiB;YACjB,uBAAuB;SACxB;QACD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QAC9B,iBAAiB,EAAE,MAAM;KAC1B;IAED,4BAA4B;IAC5B;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,2IAA2I;QAC7I,QAAQ,EAAE,CAAC,cAAc,EAAE,cAAc,EAAE,gBAAgB,EAAE,QAAQ,CAAC;QACtE,iBAAiB,EAAE,CAAC,YAAY,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,cAAc,CAAC;QAC7F,iBAAiB,EAAE,MAAM;KAC1B;IAED,0DAA0D;IAC1D;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE,iBAAiB;QAC3B,KAAK,EAAE,uCAAuC;QAC9C,WAAW,EACT,uHAAuH;QACzH,QAAQ,EAAE,CAAC,cAAc,EAAE,YAAY,EAAE,eAAe,EAAE,aAAa,EAAE,WAAW,CAAC;QACrF,iBAAiB,EAAE,CAAC,iBAAiB,CAAC;QACtC,iBAAiB,EAAE,QAAQ;KAC5B;IAED,0BAA0B;IAC1B;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,oIAAoI;QACtI,QAAQ,EAAE,CAAC,iBAAiB,EAAE,cAAc,EAAE,YAAY,EAAE,iBAAiB,CAAC;QAC9E,iBAAiB,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;QACzD,iBAAiB,EAAE,MAAM;KAC1B;IAED,mCAAmC;IACnC;QACE,EAAE,EAAE,QAAQ;QACZ,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE,kBAAkB;QAC5B,KAAK,EAAE,wCAAwC;QAC/C,WAAW,EACT,gHAAgH;QAClH,QAAQ,EAAE,CAAC,aAAa,EAAE,cAAc,EAAE,KAAK,EAAE,gBAAgB,CAAC;QAClE,iBAAiB,EAAE,CAAC,mBAAmB,EAAE,aAAa,CAAC;QACvD,iBAAiB,EAAE,QAAQ;KAC5B;CACF,CAAC;AAEF,kCAAkC;AAClC,MAAM,UAAU,mBAAmB;IACjC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,6BAA6B,CAAC,QAAgB;IAC5D,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AACnE,CAAC"}

package/dist/compliance/mapper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mapper.d.ts","sourceRoot":"","sources":["../../src/compliance/mapper.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAY,MAAM,2BAA2B,CAAC;AACnE,OAAO,KAAK,EACV,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,wBAAwB,EACxB,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAiCpB;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,mBAAmB,GAAG,iBAAiB,EAAE,CAqB3F;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAoB3F;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAG5F;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,OAAO,EAAE,EACnB,SAAS,EAAE,mBAAmB,GAC7B,mBAAmB,EAAE,CAoCvB;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,SAAS,EAAE,mBAAmB,EAC9B,eAAe,EAAE,mBAAmB,EAAE,GACrC,gBAAgB,CAkClB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,eAAe,EAAE,mBAAmB,EAAE,GACrC,wBAAwB,EAAE,CA4C5B;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,OAAO,EAAE,EACnB,SAAS,EAAE,mBAAmB,EAC9B,WAAW,EAAE,MAAM,EACnB,eAAe,CAAC,EAAE,MAAM,GACvB,gBAAgB,CA0BlB;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAC1C,QAAQ,EAAE,OAAO,EAAE,EACnB,UAAU,EAAE,mBAAmB,EAAE,EACjC,WAAW,EAAE,MAAM,EACnB,eAAe,CAAC,EAAE,MAAM,GACvB,oBAAoB,CA+BtB"}
+{"version":3,"file":"mapper.d.ts","sourceRoot":"","sources":["../../src/compliance/mapper.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAY,MAAM,2BAA2B,CAAC;AACnE,OAAO,KAAK,EACV,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,wBAAwB,EACxB,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAuCpB;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,mBAAmB,GAAG,iBAAiB,EAAE,CA2B3F;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAoB3F;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAG5F;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,OAAO,EAAE,EACnB,SAAS,EAAE,mBAAmB,GAC7B,mBAAmB,EAAE,CAoCvB;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,SAAS,EAAE,mBAAmB,EAC9B,eAAe,EAAE,mBAAmB,EAAE,GACrC,gBAAgB,CAkClB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,eAAe,EAAE,mBAAmB,EAAE,GACrC,wBAAwB,EAAE,CA4C5B;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,OAAO,EAAE,EACnB,SAAS,EAAE,mBAAmB,EAC9B,WAAW,EAAE,MAAM,EACnB,eAAe,CAAC,EAAE,MAAM,GACvB,gBAAgB,CA0BlB;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAC1C,QAAQ,EAAE,OAAO,EAAE,EACnB,UAAU,EAAE,mBAAmB,EAAE,EACjC,WAAW,EAAE,MAAM,EACnB,eAAe,CAAC,EAAE,MAAM,GACvB,oBAAoB,CA+BtB"}

package/dist/compliance/mapper.js

@@ -13,6 +13,12 @@ import { CIS_CONTROLS } from "./cis.js";
 import { GDPR_CONTROLS } from "./gdpr.js";
 import { NIST_800_53_CONTROLS } from "./nist-800-53.js";
 import { CFR42_PART2_CONTROLS } from "./cfr42-part2.js";
+import { ISO_42001_CONTROLS } from "./iso42001.js";
+import { NIST_AI_RMF_CONTROLS } from "./nist-ai-rmf.js";
+// EU AI Act controls live under frameworks/ (authored there with the same
+// ComplianceControl shape); wire them into the canonical mapper so the
+// certificate / compliance_report path resolves "EU-AI-ACT".
+import { EU_AI_ACT_CONTROLS } from "./frameworks/eu-ai-act.js";
 import { randomUUID } from "crypto";
 /**
  * Severity weight for scoring
@@ -55,6 +61,12 @@ export function getControlsForFramework(framework) {
             return GDPR_CONTROLS;
         case "NIST-800-53":
             return NIST_800_53_CONTROLS;
+        case "ISO-42001":
+            return ISO_42001_CONTROLS;
+        case "NIST-AI-RMF":
+            return NIST_AI_RMF_CONTROLS;
+        case "EU-AI-ACT":
+            return EU_AI_ACT_CONTROLS;
         default:
             return [];
     }

package/dist/compliance/mapper.js.map

@@ -1 +1 @@
-{"version":3,"file":"mapper.js","sourceRoot":"","sources":["../../src/compliance/mapper.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAYH,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC;;GAEG;AACH,MAAM,eAAe,GAA6B;IAChD,QAAQ,EAAE,GAAG;IACb,IAAI,EAAE,EAAE;IACR,MAAM,EAAE,EAAE;IACV,GAAG,EAAE,EAAE;IACP,IAAI,EAAE,EAAE;CACT,CAAC;AAEF;;GAEG;AACH,MAAM,cAAc,GAA6B;IAC/C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,CAAC;CACR,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAA8B;IACpE,QAAQ,SAAS,EAAE,CAAC;QAClB,KAAK,MAAM;YACT,OAAO,aAAa,CAAC;QACvB,KAAK,UAAU;YACb,OAAO,iBAAiB,CAAC;QAC3B,KAAK,SAAS;YACZ,OAAO,gBAAgB,CAAC;QAC1B,KAAK,OAAO;YACV,OAAO,cAAc,CAAC;QACxB,KAAK,eAAe;YAClB,OAAO,oBAAoB,CAAC;QAC9B,KAAK,KAAK;YACR,OAAO,YAAY,CAAC;QACtB,KAAK,MAAM;YACT,OAAO,aAAa,CAAC;QACvB,KAAK,aAAa;YAChB,OAAO,oBAAoB,CAAC;QAC9B;YACE,OAAO,EAAE,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAgB,EAAE,OAA0B;IAChF,uBAAuB;IACvB,IAAI,OAAO,CAAC,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+BAA+B;IAC/B,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpE,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,OAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5G,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;IACpD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;QACxE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAgB,EAAE,OAA0B;IACjF,IAAI,CAAC,OAAO,CAAC,iBAAiB;QAAE,OAAO,IAAI,CAAC;IAC5C,OAAO,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;AACvF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,QAAmB,EACnB,SAA8B;IAE9B,MAAM,QAAQ,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;IACpD,MAAM,MAAM,GAA0B,EAAE,CAAC;IAEzC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CACrC,CAAC,CAAC,EAAE,EAAE,CAAC,qBAAqB,CAAC,CAAC,EAAE,OAAO,CAAC,IAAI,sBAAsB,CAAC,CAAC,EAAE,OAAO,CAAC,CAC/E,CAAC;QAEF,qCAAqC;QACrC,IAAI,MAAM,GAAkC,WAAW,CAAC;QACxD,IAAI,SAAS,GAAqC,KAAK,CAAC;QAExD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,WAAW,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;gBACpD,OAAO,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;YAC7E,CAAC,EAAE,MAAkB,CAAC,CAAC;YAEvB,IAAI,WAAW,KAAK,UAAU,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;gBACzD,MAAM,GAAG,eAAe,CAAC;gBACzB,SAAS,GAAG,WAAW,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;YAC/D,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,SAAS,CAAC;gBACnB,SAAS,GAAG,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;YAC1D,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CAAC;YACV,OAAO;YACP,QAAQ,EAAE,eAAe;YACzB,MAAM;YACN,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CACvC,SAA8B,EAC9B,eAAsC;IAEtC,MAAM,aAAa,GAAG,eAAe,CAAC,MAAM,CAAC;IAC7C,MAAM,SAAS,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,MAAM,CAAC;IACjF,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;IAC5E,MAAM,YAAY,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,eAAe,CAAC,CAAC,MAAM,CAAC;IAExF,wEAAwE;IACxE,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,GAAG,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,GAAG,CAAC,CAAC;IAEjF,kDAAkD;IAClD,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,OAAO,IAAI,eAAe,CAAC,QAAQ,CAAC;QACpC,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,kBAAkB,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;gBAC5D,OAAO,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;YAC/E,CAAC,EAAE,MAAkB,CAAC,CAAC;YACvB,SAAS,IAAI,eAAe,CAAC,kBAAkB,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5E,OAAO;QACL,SAAS;QACT,aAAa;QACb,eAAe,EAAE,SAAS;QAC1B,cAAc,EAAE,MAAM;QACtB,oBAAoB,EAAE,YAAY;QAClC,eAAe;QACf,SAAS;KACV,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CACrC,eAAsC;IAEtC,MAAM,eAAe,GAA+B,EAAE,CAAC;IAEvD,qBAAqB;IACrB,MAAM,MAAM,GAAG,CAAC,GAAG,eAAe,CAAC;SAChC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC;SACvC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACb,MAAM,SAAS,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC9D,OAAO,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEL,KAAK,MAAM,OAAO,IAAI,MAAM,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,OAAO,CAAC,SAAmD,CAAC;QAE7E,mDAAmD;QACnD,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAEzE,MAAM,gBAAgB,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;YACxE,OAAO,WAAW,KAAK,IAAI,GAAG,oCAAoC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,gBAAgB,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QACrE,CAAC;QAED,MAAM,MAAM,GACV,OAAO,CAAC,SAAS,KAAK,UAAU,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;YAC7D,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,OAAO,CAAC,SAAS,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;gBAC3D,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,OAAO,CAAC;QAEhB,eAAe,CAAC,IAAI,CAAC;YACnB,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE;YAC7B,QAAQ;YACR,KAAK,EAAE,aAAa,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE;YAC3C,WAAW,EAAE,WAAW,OAAO,CAAC,OAAO,CAAC,EAAE,QAAQ,OAAO,CAAC,QAAQ,CAAC,MAAM,8BAA8B,OAAO,CAAC,MAAM,KAAK,eAAe,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,GAAG;YACxK,gBAAgB;YAChB,eAAe,EAAE,MAAM;SACxB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CACtC,QAAmB,EACnB,SAA8B,EAC9B,WAAmB,EACnB,eAAwB;IAExB,MAAM,eAAe,GAAG,qBAAqB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACnE,MAAM,MAAM,GAAG,yBAAyB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IACrE,MAAM,eAAe,GAAG,uBAAuB,CAAC,eAAe,CAAC,CAAC;IAEjE,MAAM,iBAAiB,GAAG,eAAe;SACtC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC;SACvC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAEzB,MAAM,cAAc,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAE7E,MAAM,oBAAoB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,eAAe,CAAC,CAAC;IAEzF,OAAO;QACL,EAAE,EAAE,cAAc,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;QAC5C,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,WAAW;QACX,eAAe;QACf,SAAS;QACT,MAAM;QACN,QAAQ,EAAE,eAAe;QACzB,iBAAiB;QACjB,cAAc;QACd,oBAAoB;QACpB,eAAe;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,4BAA4B,CAC1C,QAAmB,EACnB,UAAiC,EACjC,WAAmB,EACnB,eAAwB;IAExB,MAAM,iBAAiB,GAA2D,EAAE,CAAC;IACrF,MAAM,kBAAkB,GAA+B,EAAE,CAAC;IAE1D,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,eAAe,GAAG,qBAAqB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QACnE,iBAAiB,CAAC,SAAS,CAAC,GAAG,yBAAyB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;QACrF,kBAAkB,CAAC,IAAI,CAAC,GAAG,uBAAuB,CAAC,eAAe,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,6CAA6C;IAC7C,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,MAAM,0BAA0B,GAAG,kBAAkB;SAClD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACb,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAClE,OAAO,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC/D,CAAC,CAAC;SACD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QACZ,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YAAE,OAAO,KAAK,CAAC;QAChD,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;IAEL,OAAO;QACL,EAAE,EAAE,oBAAoB,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;QAClD,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,WAAW;QACX,eAAe;QACf,UAAU,EAAE,iBAAiB;QAC7B,0BAA0B;KAC3B,CAAC;AACJ,CAAC"}
+{"version":3,"file":"mapper.js","sourceRoot":"","sources":["../../src/compliance/mapper.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAYH,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxD,0EAA0E;AAC1E,uEAAuE;AACvE,6DAA6D;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC;;GAEG;AACH,MAAM,eAAe,GAA6B;IAChD,QAAQ,EAAE,GAAG;IACb,IAAI,EAAE,EAAE;IACR,MAAM,EAAE,EAAE;IACV,GAAG,EAAE,EAAE;IACP,IAAI,EAAE,EAAE;CACT,CAAC;AAEF;;GAEG;AACH,MAAM,cAAc,GAA6B;IAC/C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,CAAC;CACR,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAA8B;IACpE,QAAQ,SAAS,EAAE,CAAC;QAClB,KAAK,MAAM;YACT,OAAO,aAAa,CAAC;QACvB,KAAK,UAAU;YACb,OAAO,iBAAiB,CAAC;QAC3B,KAAK,SAAS;YACZ,OAAO,gBAAgB,CAAC;QAC1B,KAAK,OAAO;YACV,OAAO,cAAc,CAAC;QACxB,KAAK,eAAe;YAClB,OAAO,oBAAoB,CAAC;QAC9B,KAAK,KAAK;YACR,OAAO,YAAY,CAAC;QACtB,KAAK,MAAM;YACT,OAAO,aAAa,CAAC;QACvB,KAAK,aAAa;YAChB,OAAO,oBAAoB,CAAC;QAC9B,KAAK,WAAW;YACd,OAAO,kBAAkB,CAAC;QAC5B,KAAK,aAAa;YAChB,OAAO,oBAAoB,CAAC;QAC9B,KAAK,WAAW;YACd,OAAO,kBAAkB,CAAC;QAC5B;YACE,OAAO,EAAE,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAgB,EAAE,OAA0B;IAChF,uBAAuB;IACvB,IAAI,OAAO,CAAC,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+BAA+B;IAC/B,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpE,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,OAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5G,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;IACpD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;QACxE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAgB,EAAE,OAA0B;IACjF,IAAI,CAAC,OAAO,CAAC,iBAAiB;QAAE,OAAO,IAAI,CAAC;IAC5C,OAAO,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;AACvF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,QAAmB,EACnB,SAA8B;IAE9B,MAAM,QAAQ,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;IACpD,MAAM,MAAM,GAA0B,EAAE,CAAC;IAEzC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CACrC,CAAC,CAAC,EAAE,EAAE,CAAC,qBAAqB,CAAC,CAAC,EAAE,OAAO,CAAC,IAAI,sBAAsB,CAAC,CAAC,EAAE,OAAO,CAAC,CAC/E,CAAC;QAEF,qCAAqC;QACrC,IAAI,MAAM,GAAkC,WAAW,CAAC;QACxD,IAAI,SAAS,GAAqC,KAAK,CAAC;QAExD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,WAAW,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;gBACpD,OAAO,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;YAC7E,CAAC,EAAE,MAAkB,CAAC,CAAC;YAEvB,IAAI,WAAW,KAAK,UAAU,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;gBACzD,MAAM,GAAG,eAAe,CAAC;gBACzB,SAAS,GAAG,WAAW,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;YAC/D,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,SAAS,CAAC;gBACnB,SAAS,GAAG,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;YAC1D,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CAAC;YACV,OAAO;YACP,QAAQ,EAAE,eAAe;YACzB,MAAM;YACN,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CACvC,SAA8B,EAC9B,eAAsC;IAEtC,MAAM,aAAa,GAAG,eAAe,CAAC,MAAM,CAAC;IAC7C,MAAM,SAAS,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,MAAM,CAAC;IACjF,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;IAC5E,MAAM,YAAY,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,eAAe,CAAC,CAAC,MAAM,CAAC;IAExF,wEAAwE;IACxE,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,GAAG,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,GAAG,CAAC,CAAC;IAEjF,kDAAkD;IAClD,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,OAAO,IAAI,eAAe,CAAC,QAAQ,CAAC;QACpC,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,kBAAkB,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;gBAC5D,OAAO,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;YAC/E,CAAC,EAAE,MAAkB,CAAC,CAAC;YACvB,SAAS,IAAI,eAAe,CAAC,kBAAkB,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5E,OAAO;QACL,SAAS;QACT,aAAa;QACb,eAAe,EAAE,SAAS;QAC1B,cAAc,EAAE,MAAM;QACtB,oBAAoB,EAAE,YAAY;QAClC,eAAe;QACf,SAAS;KACV,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CACrC,eAAsC;IAEtC,MAAM,eAAe,GAA+B,EAAE,CAAC;IAEvD,qBAAqB;IACrB,MAAM,MAAM,GAAG,CAAC,GAAG,eAAe,CAAC;SAChC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC;SACvC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACb,MAAM,SAAS,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC9D,OAAO,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEL,KAAK,MAAM,OAAO,IAAI,MAAM,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,OAAO,CAAC,SAAmD,CAAC;QAE7E,mDAAmD;QACnD,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAEzE,MAAM,gBAAgB,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;YACxE,OAAO,WAAW,KAAK,IAAI,GAAG,oCAAoC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,gBAAgB,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QACrE,CAAC;QAED,MAAM,MAAM,GACV,OAAO,CAAC,SAAS,KAAK,UAAU,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;YAC7D,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,OAAO,CAAC,SAAS,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;gBAC3D,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,OAAO,CAAC;QAEhB,eAAe,CAAC,IAAI,CAAC;YACnB,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE;YAC7B,QAAQ;YACR,KAAK,EAAE,aAAa,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE;YAC3C,WAAW,EAAE,WAAW,OAAO,CAAC,OAAO,CAAC,EAAE,QAAQ,OAAO,CAAC,QAAQ,CAAC,MAAM,8BAA8B,OAAO,CAAC,MAAM,KAAK,eAAe,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,GAAG;YACxK,gBAAgB;YAChB,eAAe,EAAE,MAAM;SACxB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CACtC,QAAmB,EACnB,SAA8B,EAC9B,WAAmB,EACnB,eAAwB;IAExB,MAAM,eAAe,GAAG,qBAAqB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACnE,MAAM,MAAM,GAAG,yBAAyB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IACrE,MAAM,eAAe,GAAG,uBAAuB,CAAC,eAAe,CAAC,CAAC;IAEjE,MAAM,iBAAiB,GAAG,eAAe;SACtC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC;SACvC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAEzB,MAAM,cAAc,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAE7E,MAAM,oBAAoB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,eAAe,CAAC,CAAC;IAEzF,OAAO;QACL,EAAE,EAAE,cAAc,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;QAC5C,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,WAAW;QACX,eAAe;QACf,SAAS;QACT,MAAM;QACN,QAAQ,EAAE,eAAe;QACzB,iBAAiB;QACjB,cAAc;QACd,oBAAoB;QACpB,eAAe;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,4BAA4B,CAC1C,QAAmB,EACnB,UAAiC,EACjC,WAAmB,EACnB,eAAwB;IAExB,MAAM,iBAAiB,GAA2D,EAAE,CAAC;IACrF,MAAM,kBAAkB,GAA+B,EAAE,CAAC;IAE1D,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,eAAe,GAAG,qBAAqB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QACnE,iBAAiB,CAAC,SAAS,CAAC,GAAG,yBAAyB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;QACrF,kBAAkB,CAAC,IAAI,CAAC,GAAG,uBAAuB,CAAC,eAAe,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,6CAA6C;IAC7C,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,MAAM,0BAA0B,GAAG,kBAAkB;SAClD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACb,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAClE,OAAO,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC/D,CAAC,CAAC;SACD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QACZ,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YAAE,OAAO,KAAK,CAAC;QAChD,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;IAEL,OAAO;QACL,EAAE,EAAE,oBAAoB,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;QAClD,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,WAAW;QACX,eAAe;QACf,UAAU,EAAE,iBAAiB;QAC7B,0BAA0B;KAC3B,CAAC;AACJ,CAAC"}

package/dist/compliance/nist-ai-rmf.d.ts

@@ -0,0 +1,20 @@
+/**
+ * NIST AI Risk Management Framework (AI RMF 1.0) + Generative AI Profile
+ *
+ * The four functions — GOVERN, MAP, MEASURE, MANAGE — and their key
+ * subcategories, mapped to the platform's finding categories. US-friendly
+ * and becoming the de facto AI governance baseline.
+ *
+ * @module compliance/nist-ai-rmf
+ */
+import type { ComplianceControl } from "./types.js";
+/**
+ * NIST AI RMF controls (representative subcategories relevant to
+ * certifying AI systems and AI-generated code).
+ */
+export declare const NIST_AI_RMF_CONTROLS: ComplianceControl[];
+/** Get all NIST AI RMF controls. */
+export declare function getNISTAIRMFControls(): ComplianceControl[];
+/** Get NIST AI RMF controls for a given function (GOVERN/MAP/MEASURE/MANAGE). */
+export declare function getNISTAIRMFControlsByFunction(fn: string): ComplianceControl[];
+//# sourceMappingURL=nist-ai-rmf.d.ts.map

package/dist/compliance/nist-ai-rmf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nist-ai-rmf.d.ts","sourceRoot":"","sources":["../../src/compliance/nist-ai-rmf.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD;;;GAGG;AACH,eAAO,MAAM,oBAAoB,EAAE,iBAAiB,EAmInD,CAAC;AAEF,oCAAoC;AACpC,wBAAgB,oBAAoB,IAAI,iBAAiB,EAAE,CAE1D;AAED,iFAAiF;AACjF,wBAAgB,8BAA8B,CAAC,EAAE,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAE9E"}

package/dist/compliance/nist-ai-rmf.js

@@ -0,0 +1,140 @@
+/**
+ * NIST AI Risk Management Framework (AI RMF 1.0) + Generative AI Profile
+ *
+ * The four functions — GOVERN, MAP, MEASURE, MANAGE — and their key
+ * subcategories, mapped to the platform's finding categories. US-friendly
+ * and becoming the de facto AI governance baseline.
+ *
+ * @module compliance/nist-ai-rmf
+ */
+/**
+ * NIST AI RMF controls (representative subcategories relevant to
+ * certifying AI systems and AI-generated code).
+ */
+export const NIST_AI_RMF_CONTROLS = [
+    // GOVERN — policies, accountability, culture
+    {
+        id: "GOVERN-1.1",
+        framework: "NIST-AI-RMF",
+        category: "GOVERN",
+        title: "Legal and policy requirements are understood and managed",
+        description: "Policies, processes, and practices for AI risk management are in place, transparent, and implemented.",
+        keywords: ["policy", "governance", "accountability", "compliance"],
+        findingCategories: ["security-misconfiguration"],
+        severityThreshold: "low",
+    },
+    {
+        id: "GOVERN-1.5",
+        framework: "NIST-AI-RMF",
+        category: "GOVERN",
+        title: "Ongoing monitoring and periodic review are planned",
+        description: "Mechanisms exist to monitor AI systems and detect drift in tools, models, and agent behavior over time.",
+        keywords: ["monitoring", "review", "drift", "ongoing"],
+        findingCategories: ["tool-drift", "manifest-drift"],
+        severityThreshold: "medium",
+    },
+    {
+        id: "GOVERN-6.1",
+        framework: "NIST-AI-RMF",
+        category: "GOVERN",
+        title: "Third-party risks are managed",
+        description: "Risks associated with third-party models, datasets, tools, and software (including MCP servers) are identified and managed.",
+        keywords: ["third party", "supply chain", "vendor", "external"],
+        findingCategories: ["supply-chain-vuln", "unsigned-change"],
+        severityThreshold: "medium",
+    },
+    // MAP — context and risk identification
+    {
+        id: "MAP-1.1",
+        framework: "NIST-AI-RMF",
+        category: "MAP",
+        title: "Intended purpose and context are established",
+        description: "The AI system's intended purpose, scope, and operating context — including the bounds of agent autonomy — are documented.",
+        keywords: ["intended use", "context", "scope", "autonomy"],
+        findingCategories: ["excessive-agency", "overreliance"],
+        severityThreshold: "medium",
+    },
+    {
+        id: "MAP-5.1",
+        framework: "NIST-AI-RMF",
+        category: "MAP",
+        title: "Impacts to individuals and society are characterized",
+        description: "Likelihood and magnitude of impacts, including privacy and data-exposure harms, are identified.",
+        keywords: ["impact", "privacy", "harm", "exposure"],
+        findingCategories: ["pii-exposure", "sensitive-disclosure"],
+        severityThreshold: "medium",
+    },
+    // MEASURE — trustworthiness characteristics
+    {
+        id: "MEASURE-2.6",
+        framework: "NIST-AI-RMF",
+        category: "MEASURE",
+        title: "AI system is evaluated for safety and security/resilience",
+        description: "The AI system is tested for resistance to adversarial manipulation, including prompt injection and insecure output handling.",
+        keywords: ["security", "resilience", "adversarial", "prompt injection", "robustness"],
+        findingCategories: ["prompt-injection", "insecure-output", "model-denial-of-service"],
+        cweIds: ["CWE-77", "CWE-94"],
+        severityThreshold: "high",
+    },
+    {
+        id: "MEASURE-2.7",
+        framework: "NIST-AI-RMF",
+        category: "MEASURE",
+        title: "AI system security and data exfiltration risks are assessed",
+        description: "Paths by which secrets or sensitive data could be exfiltrated through the AI system are assessed and mitigated.",
+        keywords: ["exfiltration", "data leak", "secret", "credential"],
+        findingCategories: ["exfil-path", "hardcoded-secret", "credential-overscoped"],
+        severityThreshold: "high",
+    },
+    {
+        id: "MEASURE-2.9",
+        framework: "NIST-AI-RMF",
+        category: "MEASURE",
+        title: "AI model is explainable and decisions are traceable",
+        description: "Mechanisms exist to trace and explain AI system decisions, supported by tamper-evident records.",
+        keywords: ["explainability", "traceability", "provenance", "audit"],
+        findingCategories: ["unsigned-change", "consensus-manipulation"],
+        severityThreshold: "medium",
+    },
+    {
+        id: "MEASURE-2.10",
+        framework: "NIST-AI-RMF",
+        category: "MEASURE",
+        title: "Privacy risk is assessed",
+        description: "Privacy risks, including exposure of personal data through model inputs or outputs, are measured.",
+        keywords: ["privacy", "pii", "personal data"],
+        findingCategories: ["pii-exposure"],
+        severityThreshold: "high",
+    },
+    // MANAGE — risk treatment and response
+    {
+        id: "MANAGE-2.2",
+        framework: "NIST-AI-RMF",
+        category: "MANAGE",
+        title: "Mechanisms to mitigate identified risks are applied",
+        description: "Controls (least privilege, sandboxing, scoping) are applied to mitigate risks from agent tools and permissions.",
+        keywords: ["mitigation", "least privilege", "sandbox", "scope", "permission"],
+        findingCategories: ["overscoped-permission", "missing-sandbox", "excessive-agency"],
+        cweIds: ["CWE-250", "CWE-269"],
+        severityThreshold: "high",
+    },
+    {
+        id: "MANAGE-4.1",
+        framework: "NIST-AI-RMF",
+        category: "MANAGE",
+        title: "Post-deployment monitoring and incident response are in place",
+        description: "AI systems are monitored after deployment for emergent risks, with response mechanisms for detected issues.",
+        keywords: ["post-deployment", "incident response", "monitoring", "emergent"],
+        findingCategories: ["insecure-plugin", "model-theft"],
+        severityThreshold: "medium",
+    },
+];
+/** Get all NIST AI RMF controls. */
+export function getNISTAIRMFControls() {
+    return NIST_AI_RMF_CONTROLS;
+}
+/** Get NIST AI RMF controls for a given function (GOVERN/MAP/MEASURE/MANAGE). */
+export function getNISTAIRMFControlsByFunction(fn) {
+    return NIST_AI_RMF_CONTROLS.filter((c) => c.category === fn);
+}
+//# sourceMappingURL=nist-ai-rmf.js.map

package/dist/compliance/nist-ai-rmf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nist-ai-rmf.js","sourceRoot":"","sources":["../../src/compliance/nist-ai-rmf.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAwB;IACvD,6CAA6C;IAC7C;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAa;QACxB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,0DAA0D;QACjE,WAAW,EACT,uGAAuG;QACzG,QAAQ,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,gBAAgB,EAAE,YAAY,CAAC;QAClE,iBAAiB,EAAE,CAAC,2BAA2B,CAAC;QAChD,iBAAiB,EAAE,KAAK;KACzB;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAa;QACxB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oDAAoD;QAC3D,WAAW,EACT,yGAAyG;QAC3G,QAAQ,EAAE,CAAC,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC;QACtD,iBAAiB,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;QACnD,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAa;QACxB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,+BAA+B;QACtC,WAAW,EACT,6HAA6H;QAC/H,QAAQ,EAAE,CAAC,aAAa,EAAE,cAAc,EAAE,QAAQ,EAAE,UAAU,CAAC;QAC/D,iBAAiB,EAAE,CAAC,mBAAmB,EAAE,iBAAiB,CAAC;QAC3D,iBAAiB,EAAE,QAAQ;KAC5B;IAED,wCAAwC;IACxC;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,aAAa;QACxB,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,8CAA8C;QACrD,WAAW,EACT,2HAA2H;QAC7H,QAAQ,EAAE,CAAC,cAAc,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,CAAC;QAC1D,iBAAiB,EAAE,CAAC,kBAAkB,EAAE,cAAc,CAAC;QACvD,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,aAAa;QACxB,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,sDAAsD;QAC7D,WAAW,EACT,iGAAiG;QACnG,QAAQ,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;QACnD,iBAAiB,EAAE,CAAC,cAAc,EAAE,sBAAsB,CAAC;QAC3D,iBAAiB,EAAE,QAAQ;KAC5B;IAED,4CAA4C;IAC5C;QACE,EAAE,EAAE,aAAa;QACjB,SAAS,EAAE,aAAa;QACxB,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,2DAA2D;QAClE,WAAW,EACT,8HAA8H;QAChI,QAAQ,EAAE,CAAC,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,kBAAkB,EAAE,YAAY,CAAC;QACrF,iBAAiB,EAAE,CAAC,kBAAkB,EAAE,iBAAiB,EAAE,yBAAyB,CAAC;QACrF,MAAM,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAC5B,iBAAiB,EAAE,MAAM;KAC1B;IACD;QACE,EAAE,EAAE,aAAa;QACjB,SAAS,EAAE,aAAa;QACxB,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,6DAA6D;QACpE,WAAW,EACT,iHAAiH;QACnH,QAAQ,EAAE,CAAC,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,CAAC;QAC/D,iBAAiB,EAAE,CAAC,YAAY,EAAE,kBAAkB,EAAE,uBAAuB,CAAC;QAC9E,iBAAiB,EAAE,MAAM;KAC1B;IACD;QACE,EAAE,EAAE,aAAa;QACjB,SAAS,EAAE,aAAa;QACxB,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,qDAAqD;QAC5D,WAAW,EACT,iGAAiG;QACnG,QAAQ,EAAE,CAAC,gBAAgB,EAAE,cAAc,EAAE,YAAY,EAAE,OAAO,CAAC;QACnE,iBAAiB,EAAE,CAAC,iBAAiB,EAAE,wBAAwB,CAAC;QAChE,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,cAAc;QAClB,SAAS,EAAE,aAAa;QACxB,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,0BAA0B;QACjC,WAAW,EACT,mGAAmG;QACrG,QAAQ,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,eAAe,CAAC;QAC7C,iBAAiB,EAAE,CAAC,cAAc,CAAC;QACnC,iBAAiB,EAAE,MAAM;KAC1B;IAED,uCAAuC;IACvC;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAa;QACxB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,qDAAqD;QAC5D,WAAW,EACT,iHAAiH;QACnH,QAAQ,EAAE,CAAC,YAAY,EAAE,iBAAiB,EAAE,SAAS,EAAE,OAAO,EAAE,YAAY,CAAC;QAC7E,iBAAiB,EAAE,CAAC,uBAAuB,EAAE,iBAAiB,EAAE,kBAAkB,CAAC;QACnF,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QAC9B,iBAAiB,EAAE,MAAM;KAC1B;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAa;QACxB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,+DAA+D;QACtE,WAAW,EACT,6GAA6G;QAC/G,QAAQ,EAAE,CAAC,iBAAiB,EAAE,mBAAmB,EAAE,YAAY,EAAE,UAAU,CAAC;QAC5E,iBAAiB,EAAE,CAAC,iBAAiB,EAAE,aAAa,CAAC;QACrD,iBAAiB,EAAE,QAAQ;KAC5B;CACF,CAAC;AAEF,oCAAoC;AACpC,MAAM,UAAU,oBAAoB;IAClC,OAAO,oBAAoB,CAAC;AAC9B,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,8BAA8B,CAAC,EAAU;IACvD,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,EAAE,CAAC,CAAC;AAC/D,CAAC"}

package/dist/config/flags.d.ts

@@ -306,14 +306,14 @@ export declare const VasperaConfigSchema: z.ZodObject<{
         configs: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodRecord<z.ZodString, z.ZodUnknown>>>;
     }, "strip", z.ZodTypeAny, {
         configs: Record<string, Record<string, unknown>>;
+        sandbox: boolean;
         loadLocal: boolean;
         loadNpm: boolean;
-        sandbox: boolean;
     }, {
         configs?: Record<string, Record<string, unknown>> | undefined;
+        sandbox?: boolean | undefined;
         loadLocal?: boolean | undefined;
         loadNpm?: boolean | undefined;
-        sandbox?: boolean | undefined;
     }>>;
 }, "strip", z.ZodTypeAny, {
     version: 1;
@@ -332,9 +332,9 @@ export declare const VasperaConfigSchema: z.ZodObject<{
     }>;
     plugins: {
         configs: Record<string, Record<string, unknown>>;
+        sandbox: boolean;
         loadLocal: boolean;
         loadNpm: boolean;
-        sandbox: boolean;
     };
     cost: {
         warningThreshold: number;
@@ -380,9 +380,9 @@ export declare const VasperaConfigSchema: z.ZodObject<{
     }> | undefined;
     plugins?: {
         configs?: Record<string, Record<string, unknown>> | undefined;
+        sandbox?: boolean | undefined;
         loadLocal?: boolean | undefined;
         loadNpm?: boolean | undefined;
-        sandbox?: boolean | undefined;
     } | undefined;
     cost?: {
         maxBudget?: number | undefined;

package/dist/eval/fixtures.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"fixtures.d.ts","sourceRoot":"","sources":["../../src/eval/fixtures.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C;;GAEG;AACH,eAAO,MAAM,oBAAoB,EAAE,WAAW,EA0F7C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,WAAW,EAAE,WAAW,EA2GpC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,eAAe,EAAE,WAAW,EAmGxC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,EAAE,WAAW,EA+F3C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,WAAW,EA6CrC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,EAAE,WAAW,EAyD9C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wBAAwB,EAAE,WAAW,EA4EjD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,WAAW,EAsFrC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,WAAW,EAAE,WAAW,EA6CpC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,+BAA+B,EAAE,WAAW,EA0FxD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,WAAW,EA4G1C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,WAAW,EAYrC,CAAC;AAEF;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,EAAE,CAErE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,EAAE,CAE3D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS,CAElE;AAED;;GAEG;AACH,wBAAgB,eAAe,IAAI;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,aAAa,EAAE,MAAM,CAAC;CACvB,CAcA"}
+{"version":3,"file":"fixtures.d.ts","sourceRoot":"","sources":["../../src/eval/fixtures.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C;;GAEG;AACH,eAAO,MAAM,oBAAoB,EAAE,WAAW,EAgG7C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,WAAW,EAAE,WAAW,EA+HpC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,eAAe,EAAE,WAAW,EAmGxC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,EAAE,WAAW,EA+F3C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,WAAW,EA6CrC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,EAAE,WAAW,EA4D9C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wBAAwB,EAAE,WAAW,EAmFjD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,WAAW,EA4FrC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,WAAW,EAAE,WAAW,EA6CpC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,+BAA+B,EAAE,WAAW,EA0FxD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,WAAW,EA4G1C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,WAAW,EAYrC,CAAC;AAEF;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,EAAE,CAErE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,EAAE,CAE3D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS,CAElE;AAED;;GAEG;AACH,wBAAgB,eAAe,IAAI;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,aAAa,EAAE,MAAM,CAAC;CACvB,CAcA"}