npm - vaspera - Versions diffs - 2.5.0 - Mend

vaspera 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (712) hide show

package/CHANGELOG.md +184 -0
package/LICENSE +21 -0
package/README.md +809 -0
package/dist/__tests__/integration/certification-flow.test.d.ts +5 -0
package/dist/__tests__/integration/certification-flow.test.d.ts.map +1 -0
package/dist/__tests__/integration/certification-flow.test.js +245 -0
package/dist/__tests__/integration/certification-flow.test.js.map +1 -0
package/dist/__tests__/integration/commands.test.d.ts +5 -0
package/dist/__tests__/integration/commands.test.d.ts.map +1 -0
package/dist/__tests__/integration/commands.test.js +93 -0
package/dist/__tests__/integration/commands.test.js.map +1 -0
package/dist/action/diff-mode.d.ts +34 -0
package/dist/action/diff-mode.d.ts.map +1 -0
package/dist/action/diff-mode.js +201 -0
package/dist/action/diff-mode.js.map +1 -0
package/dist/action/diff-mode.test.d.ts +5 -0
package/dist/action/diff-mode.test.d.ts.map +1 -0
package/dist/action/diff-mode.test.js +162 -0
package/dist/action/diff-mode.test.js.map +1 -0
package/dist/action/index.d.ts +10 -0
package/dist/action/index.d.ts.map +1 -0
package/dist/action/index.js +231 -0
package/dist/action/index.js.map +1 -0
package/dist/action/pr-comment.d.ts +30 -0
package/dist/action/pr-comment.d.ts.map +1 -0
package/dist/action/pr-comment.js +301 -0
package/dist/action/pr-comment.js.map +1 -0
package/dist/action/pr-comment.test.d.ts +5 -0
package/dist/action/pr-comment.test.d.ts.map +1 -0
package/dist/action/pr-comment.test.js +189 -0
package/dist/action/pr-comment.test.js.map +1 -0
package/dist/action/sarif-upload.d.ts +104 -0
package/dist/action/sarif-upload.d.ts.map +1 -0
package/dist/action/sarif-upload.js +188 -0
package/dist/action/sarif-upload.js.map +1 -0
package/dist/action/sarif-upload.test.d.ts +5 -0
package/dist/action/sarif-upload.test.d.ts.map +1 -0
package/dist/action/sarif-upload.test.js +206 -0
package/dist/action/sarif-upload.test.js.map +1 -0
package/dist/action/types.d.ts +104 -0
package/dist/action/types.d.ts.map +1 -0
package/dist/action/types.js +33 -0
package/dist/action/types.js.map +1 -0
package/dist/action/types.test.d.ts +5 -0
package/dist/action/types.test.d.ts.map +1 -0
package/dist/action/types.test.js +79 -0
package/dist/action/types.test.js.map +1 -0
package/dist/agents/agent-integrity.d.ts +111 -0
package/dist/agents/agent-integrity.d.ts.map +1 -0
package/dist/agents/agent-integrity.js +308 -0
package/dist/agents/agent-integrity.js.map +1 -0
package/dist/agents/agent-privacy.d.ts +68 -0
package/dist/agents/agent-privacy.d.ts.map +1 -0
package/dist/agents/agent-privacy.js +345 -0
package/dist/agents/agent-privacy.js.map +1 -0
package/dist/agents/exploit-chain.d.ts +64 -0
package/dist/agents/exploit-chain.d.ts.map +1 -0
package/dist/agents/exploit-chain.js +477 -0
package/dist/agents/exploit-chain.js.map +1 -0
package/dist/agents/exploit-chain.test.d.ts +5 -0
package/dist/agents/exploit-chain.test.d.ts.map +1 -0
package/dist/agents/exploit-chain.test.js +455 -0
package/dist/agents/exploit-chain.test.js.map +1 -0
package/dist/agents/index.d.ts +14 -0
package/dist/agents/index.d.ts.map +1 -0
package/dist/agents/index.js +19 -0
package/dist/agents/index.js.map +1 -0
package/dist/agents/logic-flaw-detector.d.ts +55 -0
package/dist/agents/logic-flaw-detector.d.ts.map +1 -0
package/dist/agents/logic-flaw-detector.js +454 -0
package/dist/agents/logic-flaw-detector.js.map +1 -0
package/dist/agents/zero-day-hunter.d.ts +69 -0
package/dist/agents/zero-day-hunter.d.ts.map +1 -0
package/dist/agents/zero-day-hunter.js +591 -0
package/dist/agents/zero-day-hunter.js.map +1 -0
package/dist/certification/artifacts.d.ts +21 -0
package/dist/certification/artifacts.d.ts.map +1 -0
package/dist/certification/artifacts.js +275 -0
package/dist/certification/artifacts.js.map +1 -0
package/dist/certification/autofix.d.ts +122 -0
package/dist/certification/autofix.d.ts.map +1 -0
package/dist/certification/autofix.js +476 -0
package/dist/certification/autofix.js.map +1 -0
package/dist/certification/badge.d.ts +56 -0
package/dist/certification/badge.d.ts.map +1 -0
package/dist/certification/badge.js +155 -0
package/dist/certification/badge.js.map +1 -0
package/dist/certification/cache.d.ts +121 -0
package/dist/certification/cache.d.ts.map +1 -0
package/dist/certification/cache.js +275 -0
package/dist/certification/cache.js.map +1 -0
package/dist/certification/cache.test.d.ts +5 -0
package/dist/certification/cache.test.d.ts.map +1 -0
package/dist/certification/cache.test.js +270 -0
package/dist/certification/cache.test.js.map +1 -0
package/dist/certification/consensus.d.ts +105 -0
package/dist/certification/consensus.d.ts.map +1 -0
package/dist/certification/consensus.js +353 -0
package/dist/certification/consensus.js.map +1 -0
package/dist/certification/consensus.test.d.ts +5 -0
package/dist/certification/consensus.test.d.ts.map +1 -0
package/dist/certification/consensus.test.js +342 -0
package/dist/certification/consensus.test.js.map +1 -0
package/dist/certification/index.d.ts +14 -0
package/dist/certification/index.d.ts.map +1 -0
package/dist/certification/index.js +14 -0
package/dist/certification/index.js.map +1 -0
package/dist/certification/rules.d.ts +89 -0
package/dist/certification/rules.d.ts.map +1 -0
package/dist/certification/rules.js +317 -0
package/dist/certification/rules.js.map +1 -0
package/dist/certification/sarif.d.ts +107 -0
package/dist/certification/sarif.d.ts.map +1 -0
package/dist/certification/sarif.js +191 -0
package/dist/certification/sarif.js.map +1 -0
package/dist/certification/store.d.ts +255 -0
package/dist/certification/store.d.ts.map +1 -0
package/dist/certification/store.js +835 -0
package/dist/certification/store.js.map +1 -0
package/dist/certification/store.test.d.ts +5 -0
package/dist/certification/store.test.d.ts.map +1 -0
package/dist/certification/store.test.js +468 -0
package/dist/certification/store.test.js.map +1 -0
package/dist/certification/summary.d.ts +72 -0
package/dist/certification/summary.d.ts.map +1 -0
package/dist/certification/summary.js +296 -0
package/dist/certification/summary.js.map +1 -0
package/dist/certification/types.d.ts +138 -0
package/dist/certification/types.d.ts.map +1 -0
package/dist/certification/types.js +34 -0
package/dist/certification/types.js.map +1 -0
package/dist/commands/audits/api-check.d.ts +3 -0
package/dist/commands/audits/api-check.d.ts.map +1 -0
package/dist/commands/audits/api-check.js +71 -0
package/dist/commands/audits/api-check.js.map +1 -0
package/dist/commands/audits/deadcode.d.ts +3 -0
package/dist/commands/audits/deadcode.d.ts.map +1 -0
package/dist/commands/audits/deadcode.js +63 -0
package/dist/commands/audits/deadcode.js.map +1 -0
package/dist/commands/audits/deps.d.ts +3 -0
package/dist/commands/audits/deps.d.ts.map +1 -0
package/dist/commands/audits/deps.js +56 -0
package/dist/commands/audits/deps.js.map +1 -0
package/dist/commands/audits/errors.d.ts +3 -0
package/dist/commands/audits/errors.d.ts.map +1 -0
package/dist/commands/audits/errors.js +65 -0
package/dist/commands/audits/errors.js.map +1 -0
package/dist/commands/audits/index.d.ts +3 -0
package/dist/commands/audits/index.d.ts.map +1 -0
package/dist/commands/audits/index.js +15 -0
package/dist/commands/audits/index.js.map +1 -0
package/dist/commands/audits/perf.d.ts +3 -0
package/dist/commands/audits/perf.d.ts.map +1 -0
package/dist/commands/audits/perf.js +85 -0
package/dist/commands/audits/perf.js.map +1 -0
package/dist/commands/audits/secrets.d.ts +3 -0
package/dist/commands/audits/secrets.d.ts.map +1 -0
package/dist/commands/audits/secrets.js +71 -0
package/dist/commands/audits/secrets.js.map +1 -0
package/dist/commands/certification/certify.d.ts +3 -0
package/dist/commands/certification/certify.d.ts.map +1 -0
package/dist/commands/certification/certify.js +108 -0
package/dist/commands/certification/certify.js.map +1 -0
package/dist/commands/certification/index.d.ts +3 -0
package/dist/commands/certification/index.d.ts.map +1 -0
package/dist/commands/certification/index.js +17 -0
package/dist/commands/certification/index.js.map +1 -0
package/dist/commands/certification/performance.d.ts +3 -0
package/dist/commands/certification/performance.d.ts.map +1 -0
package/dist/commands/certification/performance.js +89 -0
package/dist/commands/certification/performance.js.map +1 -0
package/dist/commands/certification/quality.d.ts +3 -0
package/dist/commands/certification/quality.d.ts.map +1 -0
package/dist/commands/certification/quality.js +92 -0
package/dist/commands/certification/quality.js.map +1 -0
package/dist/commands/certification/redteam.d.ts +3 -0
package/dist/commands/certification/redteam.d.ts.map +1 -0
package/dist/commands/certification/redteam.js +114 -0
package/dist/commands/certification/redteam.js.map +1 -0
package/dist/commands/certification/reliability.d.ts +3 -0
package/dist/commands/certification/reliability.d.ts.map +1 -0
package/dist/commands/certification/reliability.js +93 -0
package/dist/commands/certification/reliability.js.map +1 -0
package/dist/commands/certification/security.d.ts +3 -0
package/dist/commands/certification/security.d.ts.map +1 -0
package/dist/commands/certification/security.js +90 -0
package/dist/commands/certification/security.js.map +1 -0
package/dist/commands/certification/typesafety.d.ts +3 -0
package/dist/commands/certification/typesafety.d.ts.map +1 -0
package/dist/commands/certification/typesafety.js +87 -0
package/dist/commands/certification/typesafety.js.map +1 -0
package/dist/commands/core/add-tests.d.ts +3 -0
package/dist/commands/core/add-tests.d.ts.map +1 -0
package/dist/commands/core/add-tests.js +29 -0
package/dist/commands/core/add-tests.js.map +1 -0
package/dist/commands/core/audit.d.ts +3 -0
package/dist/commands/core/audit.d.ts.map +1 -0
package/dist/commands/core/audit.js +64 -0
package/dist/commands/core/audit.js.map +1 -0
package/dist/commands/core/fix-critical.d.ts +3 -0
package/dist/commands/core/fix-critical.d.ts.map +1 -0
package/dist/commands/core/fix-critical.js +22 -0
package/dist/commands/core/fix-critical.js.map +1 -0
package/dist/commands/core/fix-high.d.ts +3 -0
package/dist/commands/core/fix-high.d.ts.map +1 -0
package/dist/commands/core/fix-high.js +32 -0
package/dist/commands/core/fix-high.js.map +1 -0
package/dist/commands/core/fix-medium.d.ts +3 -0
package/dist/commands/core/fix-medium.d.ts.map +1 -0
package/dist/commands/core/fix-medium.js +29 -0
package/dist/commands/core/fix-medium.js.map +1 -0
package/dist/commands/core/fix-rls.d.ts +3 -0
package/dist/commands/core/fix-rls.d.ts.map +1 -0
package/dist/commands/core/fix-rls.js +17 -0
package/dist/commands/core/fix-rls.js.map +1 -0
package/dist/commands/core/harden.d.ts +3 -0
package/dist/commands/core/harden.d.ts.map +1 -0
package/dist/commands/core/harden.js +19 -0
package/dist/commands/core/harden.js.map +1 -0
package/dist/commands/core/index.d.ts +3 -0
package/dist/commands/core/index.d.ts.map +1 -0
package/dist/commands/core/index.js +21 -0
package/dist/commands/core/index.js.map +1 -0
package/dist/commands/core/preflight.d.ts +3 -0
package/dist/commands/core/preflight.d.ts.map +1 -0
package/dist/commands/core/preflight.js +50 -0
package/dist/commands/core/preflight.js.map +1 -0
package/dist/commands/core/verify.d.ts +3 -0
package/dist/commands/core/verify.d.ts.map +1 -0
package/dist/commands/core/verify.js +32 -0
package/dist/commands/core/verify.js.map +1 -0
package/dist/commands/index.d.ts +28 -0
package/dist/commands/index.d.ts.map +1 -0
package/dist/commands/index.js +37 -0
package/dist/commands/index.js.map +1 -0
package/dist/commands/types.d.ts +9 -0
package/dist/commands/types.d.ts.map +1 -0
package/dist/commands/types.js +5 -0
package/dist/commands/types.js.map +1 -0
package/dist/compliance/cis.d.ts +29 -0
package/dist/compliance/cis.d.ts.map +1 -0
package/dist/compliance/cis.js +316 -0
package/dist/compliance/cis.js.map +1 -0
package/dist/compliance/frameworks/eu-ai-act.d.ts +55 -0
package/dist/compliance/frameworks/eu-ai-act.d.ts.map +1 -0
package/dist/compliance/frameworks/eu-ai-act.js +621 -0
package/dist/compliance/frameworks/eu-ai-act.js.map +1 -0
package/dist/compliance/frameworks/index.d.ts +67 -0
package/dist/compliance/frameworks/index.d.ts.map +1 -0
package/dist/compliance/frameworks/index.js +97 -0
package/dist/compliance/frameworks/index.js.map +1 -0
package/dist/compliance/frameworks/iso-42001.d.ts +59 -0
package/dist/compliance/frameworks/iso-42001.d.ts.map +1 -0
package/dist/compliance/frameworks/iso-42001.js +719 -0
package/dist/compliance/frameworks/iso-42001.js.map +1 -0
package/dist/compliance/frameworks/mitre-atlas.d.ts +58 -0
package/dist/compliance/frameworks/mitre-atlas.d.ts.map +1 -0
package/dist/compliance/frameworks/mitre-atlas.js +686 -0
package/dist/compliance/frameworks/mitre-atlas.js.map +1 -0
package/dist/compliance/frameworks/nist-ai-rmf.d.ts +51 -0
package/dist/compliance/frameworks/nist-ai-rmf.d.ts.map +1 -0
package/dist/compliance/frameworks/nist-ai-rmf.js +677 -0
package/dist/compliance/frameworks/nist-ai-rmf.js.map +1 -0
package/dist/compliance/frameworks/owasp-llm.d.ts +58 -0
package/dist/compliance/frameworks/owasp-llm.d.ts.map +1 -0
package/dist/compliance/frameworks/owasp-llm.js +399 -0
package/dist/compliance/frameworks/owasp-llm.js.map +1 -0
package/dist/compliance/gdpr.d.ts +34 -0
package/dist/compliance/gdpr.d.ts.map +1 -0
package/dist/compliance/gdpr.js +319 -0
package/dist/compliance/gdpr.js.map +1 -0
package/dist/compliance/hipaa.d.ts +29 -0
package/dist/compliance/hipaa.d.ts.map +1 -0
package/dist/compliance/hipaa.js +205 -0
package/dist/compliance/hipaa.js.map +1 -0
package/dist/compliance/index.d.ts +18 -0
package/dist/compliance/index.d.ts.map +1 -0
package/dist/compliance/index.js +26 -0
package/dist/compliance/index.js.map +1 -0
package/dist/compliance/iso27001.d.ts +30 -0
package/dist/compliance/iso27001.d.ts.map +1 -0
package/dist/compliance/iso27001.js +332 -0
package/dist/compliance/iso27001.js.map +1 -0
package/dist/compliance/mapper.d.ts +42 -0
package/dist/compliance/mapper.d.ts.map +1 -0
package/dist/compliance/mapper.js +269 -0
package/dist/compliance/mapper.js.map +1 -0
package/dist/compliance/mapper.test.d.ts +5 -0
package/dist/compliance/mapper.test.d.ts.map +1 -0
package/dist/compliance/mapper.test.js +360 -0
package/dist/compliance/mapper.test.js.map +1 -0
package/dist/compliance/pci-dss.d.ts +29 -0
package/dist/compliance/pci-dss.d.ts.map +1 -0
package/dist/compliance/pci-dss.js +247 -0
package/dist/compliance/pci-dss.js.map +1 -0
package/dist/compliance/report.d.ts +25 -0
package/dist/compliance/report.d.ts.map +1 -0
package/dist/compliance/report.js +254 -0
package/dist/compliance/report.js.map +1 -0
package/dist/compliance/report.test.d.ts +5 -0
package/dist/compliance/report.test.d.ts.map +1 -0
package/dist/compliance/report.test.js +128 -0
package/dist/compliance/report.test.js.map +1 -0
package/dist/compliance/soc2.d.ts +30 -0
package/dist/compliance/soc2.d.ts.map +1 -0
package/dist/compliance/soc2.js +262 -0
package/dist/compliance/soc2.js.map +1 -0
package/dist/compliance/soc2.test.d.ts +5 -0
package/dist/compliance/soc2.test.d.ts.map +1 -0
package/dist/compliance/soc2.test.js +86 -0
package/dist/compliance/soc2.test.js.map +1 -0
package/dist/compliance/types.d.ts +125 -0
package/dist/compliance/types.d.ts.map +1 -0
package/dist/compliance/types.js +10 -0
package/dist/compliance/types.js.map +1 -0
package/dist/config/flags.d.ts +456 -0
package/dist/config/flags.d.ts.map +1 -0
package/dist/config/flags.js +464 -0
package/dist/config/flags.js.map +1 -0
package/dist/config/index.d.ts +10 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +10 -0
package/dist/config/index.js.map +1 -0
package/dist/config/severity-overrides.d.ts +209 -0
package/dist/config/severity-overrides.d.ts.map +1 -0
package/dist/config/severity-overrides.js +380 -0
package/dist/config/severity-overrides.js.map +1 -0
package/dist/cost/index.d.ts +11 -0
package/dist/cost/index.d.ts.map +1 -0
package/dist/cost/index.js +12 -0
package/dist/cost/index.js.map +1 -0
package/dist/cost/pricing.d.ts +57 -0
package/dist/cost/pricing.d.ts.map +1 -0
package/dist/cost/pricing.js +196 -0
package/dist/cost/pricing.js.map +1 -0
package/dist/cost/pricing.test.d.ts +5 -0
package/dist/cost/pricing.test.d.ts.map +1 -0
package/dist/cost/pricing.test.js +195 -0
package/dist/cost/pricing.test.js.map +1 -0
package/dist/cost/tracker.d.ts +100 -0
package/dist/cost/tracker.d.ts.map +1 -0
package/dist/cost/tracker.js +366 -0
package/dist/cost/tracker.js.map +1 -0
package/dist/cost/tracker.test.d.ts +5 -0
package/dist/cost/tracker.test.d.ts.map +1 -0
package/dist/cost/tracker.test.js +360 -0
package/dist/cost/tracker.test.js.map +1 -0
package/dist/cost/types.d.ts +135 -0
package/dist/cost/types.d.ts.map +1 -0
package/dist/cost/types.js +9 -0
package/dist/cost/types.js.map +1 -0
package/dist/enterprise/auth/oidc.d.ts +231 -0
package/dist/enterprise/auth/oidc.d.ts.map +1 -0
package/dist/enterprise/auth/oidc.js +372 -0
package/dist/enterprise/auth/oidc.js.map +1 -0
package/dist/enterprise/auth/oidc.test.d.ts +5 -0
package/dist/enterprise/auth/oidc.test.d.ts.map +1 -0
package/dist/enterprise/auth/oidc.test.js +435 -0
package/dist/enterprise/auth/oidc.test.js.map +1 -0
package/dist/enterprise/index.d.ts +14 -0
package/dist/enterprise/index.d.ts.map +1 -0
package/dist/enterprise/index.js +19 -0
package/dist/enterprise/index.js.map +1 -0
package/dist/enterprise/integrations/chat.d.ts +205 -0
package/dist/enterprise/integrations/chat.d.ts.map +1 -0
package/dist/enterprise/integrations/chat.js +624 -0
package/dist/enterprise/integrations/chat.js.map +1 -0
package/dist/enterprise/integrations/chat.test.d.ts +5 -0
package/dist/enterprise/integrations/chat.test.d.ts.map +1 -0
package/dist/enterprise/integrations/chat.test.js +557 -0
package/dist/enterprise/integrations/chat.test.js.map +1 -0
package/dist/enterprise/integrations/ticketing.d.ts +257 -0
package/dist/enterprise/integrations/ticketing.d.ts.map +1 -0
package/dist/enterprise/integrations/ticketing.js +548 -0
package/dist/enterprise/integrations/ticketing.js.map +1 -0
package/dist/enterprise/integrations/ticketing.test.d.ts +5 -0
package/dist/enterprise/integrations/ticketing.test.d.ts.map +1 -0
package/dist/enterprise/integrations/ticketing.test.js +693 -0
package/dist/enterprise/integrations/ticketing.test.js.map +1 -0
package/dist/enterprise/policy/opa.d.ts +194 -0
package/dist/enterprise/policy/opa.d.ts.map +1 -0
package/dist/enterprise/policy/opa.js +385 -0
package/dist/enterprise/policy/opa.js.map +1 -0
package/dist/enterprise/policy/opa.test.d.ts +5 -0
package/dist/enterprise/policy/opa.test.d.ts.map +1 -0
package/dist/enterprise/policy/opa.test.js +702 -0
package/dist/enterprise/policy/opa.test.js.map +1 -0
package/dist/enterprise/signing/kms.d.ts +211 -0
package/dist/enterprise/signing/kms.d.ts.map +1 -0
package/dist/enterprise/signing/kms.js +480 -0
package/dist/enterprise/signing/kms.js.map +1 -0
package/dist/enterprise/signing/kms.test.d.ts +5 -0
package/dist/enterprise/signing/kms.test.d.ts.map +1 -0
package/dist/enterprise/signing/kms.test.js +511 -0
package/dist/enterprise/signing/kms.test.js.map +1 -0
package/dist/eval/fixtures.d.ts +58 -0
package/dist/eval/fixtures.d.ts.map +1 -0
package/dist/eval/fixtures.js +571 -0
package/dist/eval/fixtures.js.map +1 -0
package/dist/eval/fixtures.test.d.ts +5 -0
package/dist/eval/fixtures.test.d.ts.map +1 -0
package/dist/eval/fixtures.test.js +193 -0
package/dist/eval/fixtures.test.js.map +1 -0
package/dist/eval/harness.d.ts +30 -0
package/dist/eval/harness.d.ts.map +1 -0
package/dist/eval/harness.js +221 -0
package/dist/eval/harness.js.map +1 -0
package/dist/eval/harness.test.d.ts +5 -0
package/dist/eval/harness.test.d.ts.map +1 -0
package/dist/eval/harness.test.js +314 -0
package/dist/eval/harness.test.js.map +1 -0
package/dist/eval/index.d.ts +15 -0
package/dist/eval/index.d.ts.map +1 -0
package/dist/eval/index.js +18 -0
package/dist/eval/index.js.map +1 -0
package/dist/eval/metrics.d.ts +56 -0
package/dist/eval/metrics.d.ts.map +1 -0
package/dist/eval/metrics.js +298 -0
package/dist/eval/metrics.js.map +1 -0
package/dist/eval/metrics.test.d.ts +5 -0
package/dist/eval/metrics.test.d.ts.map +1 -0
package/dist/eval/metrics.test.js +426 -0
package/dist/eval/metrics.test.js.map +1 -0
package/dist/eval/report.d.ts +30 -0
package/dist/eval/report.d.ts.map +1 -0
package/dist/eval/report.js +333 -0
package/dist/eval/report.js.map +1 -0
package/dist/eval/report.test.d.ts +5 -0
package/dist/eval/report.test.d.ts.map +1 -0
package/dist/eval/report.test.js +275 -0
package/dist/eval/report.test.js.map +1 -0
package/dist/eval/types.d.ts +234 -0
package/dist/eval/types.d.ts.map +1 -0
package/dist/eval/types.js +27 -0
package/dist/eval/types.js.map +1 -0
package/dist/http-server.d.ts +3 -0
package/dist/http-server.d.ts.map +1 -0
package/dist/http-server.js +127 -0
package/dist/http-server.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +4120 -0
package/dist/index.js.map +1 -0
package/dist/logger.d.ts +46 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +131 -0
package/dist/logger.js.map +1 -0
package/dist/multimodel/consensus.d.ts +49 -0
package/dist/multimodel/consensus.d.ts.map +1 -0
package/dist/multimodel/consensus.js +454 -0
package/dist/multimodel/consensus.js.map +1 -0
package/dist/multimodel/consensus.test.d.ts +5 -0
package/dist/multimodel/consensus.test.d.ts.map +1 -0
package/dist/multimodel/consensus.test.js +415 -0
package/dist/multimodel/consensus.test.js.map +1 -0
package/dist/multimodel/index.d.ts +13 -0
package/dist/multimodel/index.d.ts.map +1 -0
package/dist/multimodel/index.js +14 -0
package/dist/multimodel/index.js.map +1 -0
package/dist/multimodel/runner.d.ts +95 -0
package/dist/multimodel/runner.d.ts.map +1 -0
package/dist/multimodel/runner.js +312 -0
package/dist/multimodel/runner.js.map +1 -0
package/dist/multimodel/runner.test.d.ts +5 -0
package/dist/multimodel/runner.test.d.ts.map +1 -0
package/dist/multimodel/runner.test.js +224 -0
package/dist/multimodel/runner.test.js.map +1 -0
package/dist/multimodel/types.d.ts +202 -0
package/dist/multimodel/types.d.ts.map +1 -0
package/dist/multimodel/types.js +10 -0
package/dist/multimodel/types.js.map +1 -0
package/dist/observability/index.d.ts +9 -0
package/dist/observability/index.d.ts.map +1 -0
package/dist/observability/index.js +9 -0
package/dist/observability/index.js.map +1 -0
package/dist/observability/otel.d.ts +102 -0
package/dist/observability/otel.d.ts.map +1 -0
package/dist/observability/otel.js +284 -0
package/dist/observability/otel.js.map +1 -0
package/dist/plugins/index.d.ts +10 -0
package/dist/plugins/index.d.ts.map +1 -0
package/dist/plugins/index.js +10 -0
package/dist/plugins/index.js.map +1 -0
package/dist/plugins/loader.d.ts +78 -0
package/dist/plugins/loader.d.ts.map +1 -0
package/dist/plugins/loader.js +470 -0
package/dist/plugins/loader.js.map +1 -0
package/dist/plugins/types.d.ts +304 -0
package/dist/plugins/types.d.ts.map +1 -0
package/dist/plugins/types.js +100 -0
package/dist/plugins/types.js.map +1 -0
package/dist/sbom/cyclonedx.d.ts +30 -0
package/dist/sbom/cyclonedx.d.ts.map +1 -0
package/dist/sbom/cyclonedx.js +392 -0
package/dist/sbom/cyclonedx.js.map +1 -0
package/dist/sbom/cyclonedx.test.d.ts +5 -0
package/dist/sbom/cyclonedx.test.d.ts.map +1 -0
package/dist/sbom/cyclonedx.test.js +244 -0
package/dist/sbom/cyclonedx.test.js.map +1 -0
package/dist/sbom/index.d.ts +13 -0
package/dist/sbom/index.d.ts.map +1 -0
package/dist/sbom/index.js +15 -0
package/dist/sbom/index.js.map +1 -0
package/dist/sbom/provenance.d.ts +37 -0
package/dist/sbom/provenance.d.ts.map +1 -0
package/dist/sbom/provenance.js +268 -0
package/dist/sbom/provenance.js.map +1 -0
package/dist/sbom/provenance.test.d.ts +5 -0
package/dist/sbom/provenance.test.d.ts.map +1 -0
package/dist/sbom/provenance.test.js +189 -0
package/dist/sbom/provenance.test.js.map +1 -0
package/dist/sbom/signing.d.ts +87 -0
package/dist/sbom/signing.d.ts.map +1 -0
package/dist/sbom/signing.js +354 -0
package/dist/sbom/signing.js.map +1 -0
package/dist/sbom/signing.test.d.ts +5 -0
package/dist/sbom/signing.test.d.ts.map +1 -0
package/dist/sbom/signing.test.js +170 -0
package/dist/sbom/signing.test.js.map +1 -0
package/dist/sbom/types.d.ts +384 -0
package/dist/sbom/types.d.ts.map +1 -0
package/dist/sbom/types.js +17 -0
package/dist/sbom/types.js.map +1 -0
package/dist/scanners/agent/credential-scope-audit.d.ts +40 -0
package/dist/scanners/agent/credential-scope-audit.d.ts.map +1 -0
package/dist/scanners/agent/credential-scope-audit.js +404 -0
package/dist/scanners/agent/credential-scope-audit.js.map +1 -0
package/dist/scanners/agent/exfil-path-graph.d.ts +50 -0
package/dist/scanners/agent/exfil-path-graph.d.ts.map +1 -0
package/dist/scanners/agent/exfil-path-graph.js +764 -0
package/dist/scanners/agent/exfil-path-graph.js.map +1 -0
package/dist/scanners/agent/index.d.ts +43 -0
package/dist/scanners/agent/index.d.ts.map +1 -0
package/dist/scanners/agent/index.js +616 -0
package/dist/scanners/agent/index.js.map +1 -0
package/dist/scanners/agent/manifest-audit.d.ts +43 -0
package/dist/scanners/agent/manifest-audit.d.ts.map +1 -0
package/dist/scanners/agent/manifest-audit.js +403 -0
package/dist/scanners/agent/manifest-audit.js.map +1 -0
package/dist/scanners/agent/payloads/index.d.ts +44 -0
package/dist/scanners/agent/payloads/index.d.ts.map +1 -0
package/dist/scanners/agent/payloads/index.js +184 -0
package/dist/scanners/agent/payloads/index.js.map +1 -0
package/dist/scanners/agent/permission-minimiser.d.ts +48 -0
package/dist/scanners/agent/permission-minimiser.d.ts.map +1 -0
package/dist/scanners/agent/permission-minimiser.js +551 -0
package/dist/scanners/agent/permission-minimiser.js.map +1 -0
package/dist/scanners/agent/prompt-injection-fuzzer.d.ts +39 -0
package/dist/scanners/agent/prompt-injection-fuzzer.d.ts.map +1 -0
package/dist/scanners/agent/prompt-injection-fuzzer.js +720 -0
package/dist/scanners/agent/prompt-injection-fuzzer.js.map +1 -0
package/dist/scanners/agent/sandbox-audit.d.ts +44 -0
package/dist/scanners/agent/sandbox-audit.d.ts.map +1 -0
package/dist/scanners/agent/sandbox-audit.js +425 -0
package/dist/scanners/agent/sandbox-audit.js.map +1 -0
package/dist/scanners/agent/supply-chain-mcp.d.ts +53 -0
package/dist/scanners/agent/supply-chain-mcp.d.ts.map +1 -0
package/dist/scanners/agent/supply-chain-mcp.js +479 -0
package/dist/scanners/agent/supply-chain-mcp.js.map +1 -0
package/dist/scanners/agent/tool-description-drift.d.ts +62 -0
package/dist/scanners/agent/tool-description-drift.d.ts.map +1 -0
package/dist/scanners/agent/tool-description-drift.js +365 -0
package/dist/scanners/agent/tool-description-drift.js.map +1 -0
package/dist/scanners/agent/types.d.ts +840 -0
package/dist/scanners/agent/types.d.ts.map +1 -0
package/dist/scanners/agent/types.js +149 -0
package/dist/scanners/agent/types.js.map +1 -0
package/dist/scanners/bandit.d.ts +25 -0
package/dist/scanners/bandit.d.ts.map +1 -0
package/dist/scanners/bandit.js +129 -0
package/dist/scanners/bandit.js.map +1 -0
package/dist/scanners/binary-analysis.d.ts +41 -0
package/dist/scanners/binary-analysis.d.ts.map +1 -0
package/dist/scanners/binary-analysis.js +587 -0
package/dist/scanners/binary-analysis.js.map +1 -0
package/dist/scanners/binary-analysis.test.d.ts +5 -0
package/dist/scanners/binary-analysis.test.d.ts.map +1 -0
package/dist/scanners/binary-analysis.test.js +291 -0
package/dist/scanners/binary-analysis.test.js.map +1 -0
package/dist/scanners/brakeman.d.ts +30 -0
package/dist/scanners/brakeman.d.ts.map +1 -0
package/dist/scanners/brakeman.js +271 -0
package/dist/scanners/brakeman.js.map +1 -0
package/dist/scanners/dependencies.d.ts +22 -0
package/dist/scanners/dependencies.d.ts.map +1 -0
package/dist/scanners/dependencies.js +202 -0
package/dist/scanners/dependencies.js.map +1 -0
package/dist/scanners/dependencies.test.d.ts +5 -0
package/dist/scanners/dependencies.test.d.ts.map +1 -0
package/dist/scanners/dependencies.test.js +185 -0
package/dist/scanners/dependencies.test.js.map +1 -0
package/dist/scanners/eslint.d.ts +25 -0
package/dist/scanners/eslint.d.ts.map +1 -0
package/dist/scanners/eslint.js +220 -0
package/dist/scanners/eslint.js.map +1 -0
package/dist/scanners/gosec.d.ts +25 -0
package/dist/scanners/gosec.d.ts.map +1 -0
package/dist/scanners/gosec.js +128 -0
package/dist/scanners/gosec.js.map +1 -0
package/dist/scanners/index.d.ts +128 -0
package/dist/scanners/index.d.ts.map +1 -0
package/dist/scanners/index.js +811 -0
package/dist/scanners/index.js.map +1 -0
package/dist/scanners/index.test.d.ts +5 -0
package/dist/scanners/index.test.d.ts.map +1 -0
package/dist/scanners/index.test.js +424 -0
package/dist/scanners/index.test.js.map +1 -0
package/dist/scanners/memory-safety.d.ts +44 -0
package/dist/scanners/memory-safety.d.ts.map +1 -0
package/dist/scanners/memory-safety.js +571 -0
package/dist/scanners/memory-safety.js.map +1 -0
package/dist/scanners/memory-safety.test.d.ts +5 -0
package/dist/scanners/memory-safety.test.d.ts.map +1 -0
package/dist/scanners/memory-safety.test.js +321 -0
package/dist/scanners/memory-safety.test.js.map +1 -0
package/dist/scanners/race-condition.d.ts +25 -0
package/dist/scanners/race-condition.d.ts.map +1 -0
package/dist/scanners/race-condition.js +443 -0
package/dist/scanners/race-condition.js.map +1 -0
package/dist/scanners/race-condition.test.d.ts +5 -0
package/dist/scanners/race-condition.test.d.ts.map +1 -0
package/dist/scanners/race-condition.test.js +428 -0
package/dist/scanners/race-condition.test.js.map +1 -0
package/dist/scanners/secrets.d.ts +25 -0
package/dist/scanners/secrets.d.ts.map +1 -0
package/dist/scanners/secrets.js +367 -0
package/dist/scanners/secrets.js.map +1 -0
package/dist/scanners/secrets.test.d.ts +5 -0
package/dist/scanners/secrets.test.d.ts.map +1 -0
package/dist/scanners/secrets.test.js +160 -0
package/dist/scanners/secrets.test.js.map +1 -0
package/dist/scanners/semgrep.d.ts +33 -0
package/dist/scanners/semgrep.d.ts.map +1 -0
package/dist/scanners/semgrep.js +350 -0
package/dist/scanners/semgrep.js.map +1 -0
package/dist/scanners/semgrep.test.d.ts +8 -0
package/dist/scanners/semgrep.test.d.ts.map +1 -0
package/dist/scanners/semgrep.test.js +254 -0
package/dist/scanners/semgrep.test.js.map +1 -0
package/dist/scanners/trivy.d.ts +26 -0
package/dist/scanners/trivy.d.ts.map +1 -0
package/dist/scanners/trivy.js +187 -0
package/dist/scanners/trivy.js.map +1 -0
package/dist/scanners/types.d.ts +210 -0
package/dist/scanners/types.d.ts.map +1 -0
package/dist/scanners/types.js +106 -0
package/dist/scanners/types.js.map +1 -0
package/dist/scanners/types.test.d.ts +5 -0
package/dist/scanners/types.test.d.ts.map +1 -0
package/dist/scanners/types.test.js +103 -0
package/dist/scanners/types.test.js.map +1 -0
package/dist/scanners/typescript.d.ts +32 -0
package/dist/scanners/typescript.d.ts.map +1 -0
package/dist/scanners/typescript.js +300 -0
package/dist/scanners/typescript.js.map +1 -0
package/dist/scanners/typescript.test.d.ts +5 -0
package/dist/scanners/typescript.test.d.ts.map +1 -0
package/dist/scanners/typescript.test.js +296 -0
package/dist/scanners/typescript.test.js.map +1 -0
package/dist/transcripts/index.d.ts +13 -0
package/dist/transcripts/index.d.ts.map +1 -0
package/dist/transcripts/index.js +17 -0
package/dist/transcripts/index.js.map +1 -0
package/dist/transcripts/logger.d.ts +190 -0
package/dist/transcripts/logger.d.ts.map +1 -0
package/dist/transcripts/logger.js +385 -0
package/dist/transcripts/logger.js.map +1 -0
package/dist/transcripts/logger.test.d.ts +5 -0
package/dist/transcripts/logger.test.d.ts.map +1 -0
package/dist/transcripts/logger.test.js +227 -0
package/dist/transcripts/logger.test.js.map +1 -0
package/dist/transcripts/redaction.d.ts +125 -0
package/dist/transcripts/redaction.d.ts.map +1 -0
package/dist/transcripts/redaction.js +416 -0
package/dist/transcripts/redaction.js.map +1 -0
package/dist/transcripts/redaction.test.d.ts +5 -0
package/dist/transcripts/redaction.test.d.ts.map +1 -0
package/dist/transcripts/redaction.test.js +267 -0
package/dist/transcripts/redaction.test.js.map +1 -0
package/dist/transcripts/signing.d.ts +108 -0
package/dist/transcripts/signing.d.ts.map +1 -0
package/dist/transcripts/signing.js +173 -0
package/dist/transcripts/signing.js.map +1 -0
package/dist/transcripts/verifier.d.ts +133 -0
package/dist/transcripts/verifier.d.ts.map +1 -0
package/dist/transcripts/verifier.js +489 -0
package/dist/transcripts/verifier.js.map +1 -0
package/dist/transcripts/verifier.test.d.ts +5 -0
package/dist/transcripts/verifier.test.d.ts.map +1 -0
package/dist/transcripts/verifier.test.js +330 -0
package/dist/transcripts/verifier.test.js.map +1 -0
package/dist/util/concurrency.d.ts +221 -0
package/dist/util/concurrency.d.ts.map +1 -0
package/dist/util/concurrency.js +339 -0
package/dist/util/concurrency.js.map +1 -0
package/dist/util/index.d.ts +12 -0
package/dist/util/index.d.ts.map +1 -0
package/dist/util/index.js +12 -0
package/dist/util/index.js.map +1 -0
package/dist/util/json.d.ts +63 -0
package/dist/util/json.d.ts.map +1 -0
package/dist/util/json.js +134 -0
package/dist/util/json.js.map +1 -0
package/dist/util/paths.d.ts +56 -0
package/dist/util/paths.d.ts.map +1 -0
package/dist/util/paths.js +128 -0
package/dist/util/paths.js.map +1 -0
package/dist/util/retry.d.ts +185 -0
package/dist/util/retry.d.ts.map +1 -0
package/dist/util/retry.js +338 -0
package/dist/util/retry.js.map +1 -0
package/package.json +79 -0

package/dist/compliance/frameworks/nist-ai-rmf.js ADDED Viewed

@@ -0,0 +1,677 @@
+/**
+ * NIST AI Risk Management Framework (AI RMF) Compliance
+ *
+ * Maps security findings to NIST AI RMF 1.0 controls.
+ * Includes GenAI Profile (NIST AI 600-1) extensions.
+ *
+ * @see https://www.nist.gov/itl/ai-risk-management-framework
+ * @see https://airc.nist.gov/AI_RMF_Knowledge_Base/AI_RMF
+ * @module compliance/frameworks/nist-ai-rmf
+ */
+/**
+ * NIST AI RMF Controls
+ *
+ * Based on NIST AI RMF 1.0 (January 2023) with GenAI Profile extensions.
+ * Controls are organized by the four core functions: GOVERN, MAP, MEASURE, MANAGE.
+ */
+export const NIST_AI_RMF_CONTROLS = [
+    // ============================================================================
+    // GOVERN: Cultivate a culture of risk management
+    // ============================================================================
+    {
+        id: "GOVERN-1.1",
+        framework: "NIST-AI-RMF",
+        category: "Governance",
+        title: "AI Risk Management Policies",
+        description: "Legal and regulatory requirements involving AI are understood, managed, and documented. Organizational policies and procedures are established to address AI-specific risks.",
+        keywords: [
+            "policy",
+            "governance",
+            "compliance",
+            "regulatory",
+            "ai risk",
+            "documentation",
+        ],
+        findingCategories: [
+            "security-misconfiguration",
+            "logging-failure",
+        ],
+        severityThreshold: "low",
+    },
+    {
+        id: "GOVERN-1.2",
+        framework: "NIST-AI-RMF",
+        category: "Governance",
+        title: "AI Risk Accountability",
+        description: "The characteristics of trustworthy AI are integrated into organizational policies, processes, procedures, and practices. Roles and responsibilities for AI risk management are defined.",
+        keywords: [
+            "accountability",
+            "roles",
+            "responsibilities",
+            "trustworthy ai",
+            "organizational",
+        ],
+        findingCategories: [
+            "excessive-agency",
+            "overscoped-permission",
+        ],
+        severityThreshold: "medium",
+    },
+    {
+        id: "GOVERN-1.3",
+        framework: "NIST-AI-RMF",
+        category: "Governance",
+        title: "AI System Documentation",
+        description: "Processes, procedures, and practices are in place to determine the needed level of risk management activities based on the organization's risk tolerance.",
+        keywords: [
+            "documentation",
+            "risk tolerance",
+            "processes",
+            "procedures",
+        ],
+        findingCategories: [
+            "manifest-drift",
+            "tool-drift",
+        ],
+        severityThreshold: "low",
+    },
+    {
+        id: "GOVERN-1.4",
+        framework: "NIST-AI-RMF",
+        category: "Governance",
+        title: "AI Risk Culture",
+        description: "The risk management process and its outcomes are established through transparent policies, procedures, and other controls based on organizational risk priorities.",
+        keywords: [
+            "risk culture",
+            "transparency",
+            "risk priorities",
+        ],
+        findingCategories: [],
+        severityThreshold: "low",
+    },
+    {
+        id: "GOVERN-1.5",
+        framework: "NIST-AI-RMF",
+        category: "Governance",
+        title: "Ongoing Monitoring",
+        description: "Ongoing monitoring and periodic review of the risk management process and its outcomes are planned and organizational roles and responsibilities are clearly defined.",
+        keywords: [
+            "monitoring",
+            "periodic review",
+            "risk management",
+        ],
+        findingCategories: [
+            "logging-failure",
+            "consensus-manipulation",
+        ],
+        severityThreshold: "medium",
+    },
+    {
+        id: "GOVERN-1.6",
+        framework: "NIST-AI-RMF",
+        category: "Governance",
+        title: "Risk Management Integration",
+        description: "Mechanisms are in place to inventory AI systems and are resourced according to organizational risk priorities. AI risk management is integrated into broader enterprise risk.",
+        keywords: [
+            "inventory",
+            "enterprise risk",
+            "integration",
+        ],
+        findingCategories: [],
+        severityThreshold: "low",
+    },
+    // ============================================================================
+    // MAP: Contextualize risks in real-world settings
+    // ============================================================================
+    {
+        id: "MAP-1.1",
+        framework: "NIST-AI-RMF",
+        category: "Context Mapping",
+        title: "Intended Purpose Definition",
+        description: "Intended purposes, potentially beneficial uses, context of use, and deployment setting of the AI system are documented. This includes assumptions about users, tasks, and operational environments.",
+        keywords: [
+            "purpose",
+            "deployment",
+            "context",
+            "use case",
+        ],
+        findingCategories: [
+            "excessive-agency",
+        ],
+        severityThreshold: "low",
+    },
+    {
+        id: "MAP-1.2",
+        framework: "NIST-AI-RMF",
+        category: "Context Mapping",
+        title: "Interdependency Analysis",
+        description: "Inter-dependencies among AI components, systems, and human actors are mapped. This includes data dependencies, model dependencies, and integration points.",
+        keywords: [
+            "dependencies",
+            "integration",
+            "components",
+        ],
+        findingCategories: [
+            "supply-chain-vuln",
+            "dependency-vuln",
+            "exfil-path",
+        ],
+        severityThreshold: "medium",
+    },
+    {
+        id: "MAP-2.1",
+        framework: "NIST-AI-RMF",
+        category: "Stakeholder Mapping",
+        title: "Stakeholder Identification",
+        description: "The specific tasks and methods used to implement the tasks that the AI system will support are defined. Scientific validity of methods is documented.",
+        keywords: [
+            "stakeholders",
+            "tasks",
+            "methods",
+            "validity",
+        ],
+        findingCategories: [],
+        severityThreshold: "low",
+    },
+    {
+        id: "MAP-2.2",
+        framework: "NIST-AI-RMF",
+        category: "Stakeholder Mapping",
+        title: "Human Oversight Requirements",
+        description: "Information about the AI system's knowledge limits and how system outputs may be utilized is documented. Human oversight requirements are established.",
+        keywords: [
+            "human oversight",
+            "knowledge limits",
+            "outputs",
+        ],
+        findingCategories: [
+            "overreliance",
+            "excessive-agency",
+        ],
+        severityThreshold: "medium",
+    },
+    {
+        id: "MAP-3.1",
+        framework: "NIST-AI-RMF",
+        category: "Risk Identification",
+        title: "Potential Negative Impacts",
+        description: "Potential negative impacts of AI systems — to individuals, groups, communities, organizations, and society — are documented. Potential costs from problematic outputs are evaluated.",
+        keywords: [
+            "negative impacts",
+            "harm",
+            "costs",
+            "problematic outputs",
+        ],
+        findingCategories: [
+            "prompt-injection",
+            "insecure-output",
+            "sensitive-disclosure",
+        ],
+        severityThreshold: "high",
+    },
+    {
+        id: "MAP-3.2",
+        framework: "NIST-AI-RMF",
+        category: "Risk Identification",
+        title: "Likelihood and Magnitude Assessment",
+        description: "Likelihood and magnitude of each identified impact based on expected use, past uses, or similar AI systems, including downstream system impacts, are assessed.",
+        keywords: [
+            "likelihood",
+            "magnitude",
+            "impact assessment",
+        ],
+        findingCategories: [],
+        severityThreshold: "low",
+    },
+    {
+        id: "MAP-4.1",
+        framework: "NIST-AI-RMF",
+        category: "Benefits and Costs",
+        title: "Deployment Decision Framework",
+        description: "Approaches for mapping, measuring, and managing AI risks take into account learning from incidents, errors, and near-misses.",
+        keywords: [
+            "incidents",
+            "learning",
+            "near-misses",
+        ],
+        findingCategories: [
+            "logging-failure",
+        ],
+        severityThreshold: "medium",
+    },
+    // ============================================================================
+    // MEASURE: Analyze, assess, benchmark, and monitor AI risk
+    // ============================================================================
+    {
+        id: "MEASURE-1.1",
+        framework: "NIST-AI-RMF",
+        category: "Risk Measurement",
+        title: "Risk Metrics Definition",
+        description: "Approaches and metrics for measurement of AI risks are defined. Measurement includes quantitative, qualitative, or mixed-method tools, techniques, and methodologies.",
+        keywords: [
+            "metrics",
+            "measurement",
+            "quantitative",
+            "qualitative",
+        ],
+        findingCategories: [],
+        severityThreshold: "low",
+    },
+    {
+        id: "MEASURE-1.2",
+        framework: "NIST-AI-RMF",
+        category: "Risk Measurement",
+        title: "Risk Assessment Methodology",
+        description: "Appropriateness of AI metrics and effectiveness of existing controls are regularly assessed. Metrics are documented and used to inform risk management decisions.",
+        keywords: [
+            "assessment",
+            "effectiveness",
+            "controls",
+        ],
+        findingCategories: [
+            "security-misconfiguration",
+        ],
+        severityThreshold: "medium",
+    },
+    {
+        id: "MEASURE-2.1",
+        framework: "NIST-AI-RMF",
+        category: "Trustworthiness Testing",
+        title: "Trustworthiness Evaluation",
+        description: "Test sets, metrics, and details about the tools used during the evaluation are documented. Testing includes robustness, security, privacy, and fairness evaluation.",
+        keywords: [
+            "testing",
+            "evaluation",
+            "trustworthiness",
+            "robustness",
+        ],
+        findingCategories: [
+            "prompt-injection",
+            "model-denial-of-service",
+        ],
+        severityThreshold: "high",
+    },
+    {
+        id: "MEASURE-2.2",
+        framework: "NIST-AI-RMF",
+        category: "Trustworthiness Testing",
+        title: "Security Testing",
+        description: "Evaluations are conducted regularly to assess and benchmark AI system trustworthiness characteristics, including security, privacy, and accuracy.",
+        keywords: [
+            "security testing",
+            "benchmarking",
+            "regular evaluation",
+        ],
+        findingCategories: [
+            "prompt-injection",
+            "insecure-plugin",
+            "missing-sandbox",
+        ],
+        severityThreshold: "high",
+    },
+    {
+        id: "MEASURE-2.3",
+        framework: "NIST-AI-RMF",
+        category: "Trustworthiness Testing",
+        title: "Adversarial Testing",
+        description: "AI system performance or assurance criteria are measured qualitatively or quantitatively through adversarial testing. Red team exercises assess system resilience.",
+        keywords: [
+            "adversarial",
+            "red team",
+            "resilience",
+            "attack simulation",
+        ],
+        findingCategories: [
+            "prompt-injection",
+            "insecure-output",
+            "model-theft",
+        ],
+        severityThreshold: "high",
+    },
+    {
+        id: "MEASURE-3.1",
+        framework: "NIST-AI-RMF",
+        category: "External Input",
+        title: "Feedback Mechanisms",
+        description: "Feedback about efficacy of measurement is gathered and integrated into system improvements. Mechanisms exist for stakeholders to report issues.",
+        keywords: [
+            "feedback",
+            "stakeholder input",
+            "reporting",
+        ],
+        findingCategories: [],
+        severityThreshold: "low",
+    },
+    {
+        id: "MEASURE-4.1",
+        framework: "NIST-AI-RMF",
+        category: "Continuous Monitoring",
+        title: "Deployment Monitoring",
+        description: "Measurement approaches for identifying AI risks are connected to deployment, operation, and monitoring procedures. Continuous monitoring is implemented.",
+        keywords: [
+            "monitoring",
+            "deployment",
+            "operations",
+        ],
+        findingCategories: [
+            "manifest-drift",
+            "tool-drift",
+            "unsigned-change",
+        ],
+        severityThreshold: "medium",
+    },
+    // ============================================================================
+    // MANAGE: Allocate risk resources to mapped and measured risks
+    // ============================================================================
+    {
+        id: "MANAGE-1.1",
+        framework: "NIST-AI-RMF",
+        category: "Risk Prioritization",
+        title: "Risk Prioritization",
+        description: "A determination is made as to whether the AI system achieves its intended purposes and supports the goals of risk management. Risks are prioritized for action.",
+        keywords: [
+            "prioritization",
+            "intended purpose",
+            "risk action",
+        ],
+        findingCategories: [],
+        severityThreshold: "low",
+    },
+    {
+        id: "MANAGE-1.2",
+        framework: "NIST-AI-RMF",
+        category: "Risk Prioritization",
+        title: "Treatment Options",
+        description: "Treatment of documented AI risks is prioritized based on impact, likelihood, and available resources. Mitigation options are evaluated.",
+        keywords: [
+            "treatment",
+            "mitigation",
+            "resources",
+        ],
+        findingCategories: [],
+        severityThreshold: "low",
+    },
+    {
+        id: "MANAGE-2.1",
+        framework: "NIST-AI-RMF",
+        category: "Risk Response",
+        title: "Risk Treatment Implementation",
+        description: "Resources are allocated for risk treatment, including mitigation, transfer, acceptance, or avoidance. Implementation timelines are established.",
+        keywords: [
+            "treatment",
+            "resources",
+            "implementation",
+        ],
+        findingCategories: [],
+        severityThreshold: "low",
+    },
+    {
+        id: "MANAGE-2.2",
+        framework: "NIST-AI-RMF",
+        category: "Risk Response",
+        title: "Third-Party Risk Management",
+        description: "Mechanisms are in place and applied to sustain the value of deployed AI systems. Third-party AI risks are managed through contracts and agreements.",
+        keywords: [
+            "third-party",
+            "contracts",
+            "vendor management",
+        ],
+        findingCategories: [
+            "supply-chain-vuln",
+            "insecure-plugin",
+        ],
+        severityThreshold: "high",
+    },
+    {
+        id: "MANAGE-3.1",
+        framework: "NIST-AI-RMF",
+        category: "Communication",
+        title: "Risk Communication",
+        description: "AI risks are communicated internally and externally. Stakeholders are informed about relevant AI system capabilities, limitations, and risks.",
+        keywords: [
+            "communication",
+            "transparency",
+            "stakeholders",
+        ],
+        findingCategories: [],
+        severityThreshold: "low",
+    },
+    {
+        id: "MANAGE-4.1",
+        framework: "NIST-AI-RMF",
+        category: "Incident Response",
+        title: "Incident Response Planning",
+        description: "Post-deployment AI system monitoring plans are established. Mechanisms are established to track identified risks over time.",
+        keywords: [
+            "incident response",
+            "monitoring",
+            "tracking",
+        ],
+        findingCategories: [
+            "logging-failure",
+        ],
+        severityThreshold: "medium",
+    },
+    {
+        id: "MANAGE-4.2",
+        framework: "NIST-AI-RMF",
+        category: "Incident Response",
+        title: "Incident Response Execution",
+        description: "Measurable activities are routinely performed during the AI system's lifecycle. Responses to incidents are documented and lessons learned are incorporated.",
+        keywords: [
+            "incident response",
+            "lifecycle",
+            "lessons learned",
+        ],
+        findingCategories: [],
+        severityThreshold: "medium",
+    },
+    // ============================================================================
+    // GenAI Profile Extensions (NIST AI 600-1)
+    // ============================================================================
+    {
+        id: "GenAI-1.1",
+        framework: "NIST-AI-RMF",
+        category: "GenAI Governance",
+        title: "Generative AI Content Provenance",
+        description: "Systems are in place to track the provenance of AI-generated content. Content watermarking and authentication mechanisms are implemented.",
+        keywords: [
+            "provenance",
+            "watermarking",
+            "content authentication",
+            "generative ai",
+        ],
+        findingCategories: [
+            "unsigned-change",
+            "integrity-failure",
+        ],
+        severityThreshold: "medium",
+    },
+    {
+        id: "GenAI-1.2",
+        framework: "NIST-AI-RMF",
+        category: "GenAI Governance",
+        title: "GenAI Usage Policies",
+        description: "Policies governing the use of generative AI are documented. Acceptable use, prohibited uses, and escalation procedures are defined.",
+        keywords: [
+            "usage policies",
+            "acceptable use",
+            "generative ai",
+        ],
+        findingCategories: [
+            "excessive-agency",
+            "overreliance",
+        ],
+        severityThreshold: "low",
+    },
+    {
+        id: "GenAI-2.1",
+        framework: "NIST-AI-RMF",
+        category: "GenAI Security",
+        title: "Prompt Injection Prevention",
+        description: "Controls are implemented to prevent prompt injection attacks. Input validation, output filtering, and privilege separation are applied.",
+        keywords: [
+            "prompt injection",
+            "input validation",
+            "output filtering",
+        ],
+        findingCategories: [
+            "prompt-injection",
+            "injection",
+        ],
+        severityThreshold: "critical",
+    },
+    {
+        id: "GenAI-2.2",
+        framework: "NIST-AI-RMF",
+        category: "GenAI Security",
+        title: "Model Output Validation",
+        description: "All model outputs are validated before use in downstream systems. Context-aware sanitization is applied based on output destination.",
+        keywords: [
+            "output validation",
+            "sanitization",
+            "downstream systems",
+        ],
+        findingCategories: [
+            "insecure-output",
+            "xss",
+            "sql-injection",
+            "command-injection",
+        ],
+        severityThreshold: "high",
+    },
+    {
+        id: "GenAI-3.1",
+        framework: "NIST-AI-RMF",
+        category: "GenAI Privacy",
+        title: "Sensitive Data Protection",
+        description: "Controls prevent disclosure of sensitive information through model outputs. PII detection and masking are implemented.",
+        keywords: [
+            "sensitive data",
+            "pii",
+            "data protection",
+            "disclosure",
+        ],
+        findingCategories: [
+            "sensitive-disclosure",
+            "pii-exposure",
+            "exfil-path",
+        ],
+        severityThreshold: "high",
+    },
+    {
+        id: "GenAI-3.2",
+        framework: "NIST-AI-RMF",
+        category: "GenAI Privacy",
+        title: "Training Data Privacy",
+        description: "Privacy-preserving techniques are applied during model training. Differential privacy and data anonymization are considered.",
+        keywords: [
+            "training data",
+            "privacy",
+            "anonymization",
+        ],
+        findingCategories: [
+            "training-data-poisoning",
+            "pii-exposure",
+        ],
+        severityThreshold: "medium",
+    },
+    {
+        id: "GenAI-4.1",
+        framework: "NIST-AI-RMF",
+        category: "GenAI Reliability",
+        title: "Hallucination Mitigation",
+        description: "Controls are in place to detect and mitigate model hallucinations. Fact-checking, grounding, and confidence scoring are implemented.",
+        keywords: [
+            "hallucination",
+            "fact-checking",
+            "grounding",
+            "confidence",
+        ],
+        findingCategories: [
+            "overreliance",
+        ],
+        severityThreshold: "medium",
+    },
+    {
+        id: "GenAI-4.2",
+        framework: "NIST-AI-RMF",
+        category: "GenAI Reliability",
+        title: "Tool Use Safety",
+        description: "Controls govern the safe use of tools and plugins by generative AI systems. Permission scoping, sandboxing, and monitoring are applied.",
+        keywords: [
+            "tool use",
+            "plugins",
+            "sandboxing",
+            "permissions",
+        ],
+        findingCategories: [
+            "insecure-plugin",
+            "excessive-agency",
+            "missing-sandbox",
+            "overscoped-permission",
+        ],
+        severityThreshold: "high",
+    },
+    {
+        id: "GenAI-4.3",
+        framework: "NIST-AI-RMF",
+        category: "GenAI Reliability",
+        title: "Multi-Agent Safety",
+        description: "Controls ensure safe operation of multi-agent systems. Consensus mechanisms, agent isolation, and cascade prevention are implemented.",
+        keywords: [
+            "multi-agent",
+            "consensus",
+            "agent safety",
+            "cascade",
+        ],
+        findingCategories: [
+            "consensus-manipulation",
+            "excessive-agency",
+        ],
+        severityThreshold: "high",
+    },
+];
+/**
+ * Get all NIST AI RMF controls
+ */
+export function getNISTAIRMFControls() {
+    return NIST_AI_RMF_CONTROLS;
+}
+/**
+ * Get NIST AI RMF control by ID
+ */
+export function getNISTAIRMFControlById(id) {
+    return NIST_AI_RMF_CONTROLS.find((c) => c.id === id);
+}
+/**
+ * Get NIST AI RMF controls by function (GOVERN, MAP, MEASURE, MANAGE)
+ */
+export function getNISTAIRMFControlsByFunction(func) {
+    return NIST_AI_RMF_CONTROLS.filter((c) => c.id.startsWith(func));
+}
+/**
+ * Get NIST AI RMF controls by category
+ */
+export function getNISTAIRMFControlsByCategory(category) {
+    return NIST_AI_RMF_CONTROLS.filter((c) => c.category === category);
+}
+/**
+ * Get all NIST AI RMF categories
+ */
+export function getNISTAIRMFCategories() {
+    return [...new Set(NIST_AI_RMF_CONTROLS.map((c) => c.category))];
+}
+/**
+ * Get GenAI Profile controls only
+ */
+export function getGenAIProfileControls() {
+    return NIST_AI_RMF_CONTROLS.filter((c) => c.id.startsWith("GenAI"));
+}
+/**
+ * Get all NIST AI RMF functions
+ */
+export function getNISTAIRMFFunctions() {
+    return ["GOVERN", "MAP", "MEASURE", "MANAGE"];
+}
+//# sourceMappingURL=nist-ai-rmf.js.map