vaspera 2.5.0

package/dist/compliance/frameworks/nist-ai-rmf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nist-ai-rmf.js","sourceRoot":"","sources":["../../../src/compliance/frameworks/nist-ai-rmf.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AASH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAwB;IACvD,+EAA+E;IAC/E,iDAAiD;IACjD,+EAA+E;IAE/E;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,8KAA8K;QAChL,QAAQ,EAAE;YACR,QAAQ;YACR,YAAY;YACZ,YAAY;YACZ,YAAY;YACZ,SAAS;YACT,eAAe;SAChB;QACD,iBAAiB,EAAE;YACjB,2BAA2B;YAC3B,iBAAiB;SAClB;QACD,iBAAiB,EAAE,KAAK;KACzB;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,yLAAyL;QAC3L,QAAQ,EAAE;YACR,gBAAgB;YAChB,OAAO;YACP,kBAAkB;YAClB,gBAAgB;YAChB,gBAAgB;SACjB;QACD,iBAAiB,EAAE;YACjB,kBAAkB;YAClB,uBAAuB;SACxB;QACD,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,yBAAyB;QAChC,WAAW,EACT,2JAA2J;QAC7J,QAAQ,EAAE;YACR,eAAe;YACf,gBAAgB;YAChB,WAAW;YACX,YAAY;SACb;QACD,iBAAiB,EAAE;YACjB,gBAAgB;YAChB,YAAY;SACb;QACD,iBAAiB,EAAE,KAAK;KACzB;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,iBAAiB;QACxB,WAAW,EACT,oKAAoK;QACtK,QAAQ,EAAE;YACR,cAAc;YACd,cAAc;YACd,iBAAiB;SAClB;QACD,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,KAAK;KACzB;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,uKAAuK;QACzK,QAAQ,EAAE;YACR,YAAY;YACZ,iBAAiB;YACjB,iBAAiB;SAClB;QACD,iBAAiB,EAAE;YACjB,iBAAiB;YACjB,wBAAwB;SACzB;QACD,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,+KAA+K;QACjL,QAAQ,EAAE;YACR,WAAW;YACX,iBAAiB;YACjB,aAAa;SACd;QACD,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,KAAK;KACzB;IAED,+EAA+E;IAC/E,kDAAkD;IAClD,+EAA+E;IAE/E;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,iBAAiB;QAC3B,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,qMAAqM;QACvM,QAAQ,EAAE;YACR,SAAS;YACT,YAAY;YACZ,SAAS;YACT,UAAU;SACX;QACD,iBAAiB,EAAE;YACjB,kBAAkB;SACnB;QACD,iBAAiB,EAAE,KAAK;KACzB;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,iBAAiB;QAC3B,KAAK,EAAE,0BAA0B;QACjC,WAAW,EACT,4JAA4J;QAC9J,QAAQ,EAAE;YACR,cAAc;YACd,aAAa;YACb,YAAY;SACb;QACD,iBAAiB,EAAE;YACjB,mBAAmB;YACnB,iBAAiB;YACjB,YAAY;SACb;QACD,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,qBAAqB;QAC/B,KAAK,EAAE,4BAA4B;QACnC,WAAW,EACT,uJAAuJ;QACzJ,QAAQ,EAAE;YACR,cAAc;YACd,OAAO;YACP,SAAS;YACT,UAAU;SACX;QACD,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,KAAK;KACzB;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,qBAAqB;QAC/B,KAAK,EAAE,8BAA8B;QACrC,WAAW,EACT,wJAAwJ;QAC1J,QAAQ,EAAE;YACR,iBAAiB;YACjB,kBAAkB;YAClB,SAAS;SACV;QACD,iBAAiB,EAAE;YACjB,cAAc;YACd,kBAAkB;SACnB;QACD,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,qBAAqB;QAC/B,KAAK,EAAE,4BAA4B;QACnC,WAAW,EACT,sLAAsL;QACxL,QAAQ,EAAE;YACR,kBAAkB;YAClB,MAAM;YACN,OAAO;YACP,qBAAqB;SACtB;QACD,iBAAiB,EAAE;YACjB,kBAAkB;YAClB,iBAAiB;YACjB,sBAAsB;SACvB;QACD,iBAAiB,EAAE,MAAM;KAC1B;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,qBAAqB;QAC/B,KAAK,EAAE,qCAAqC;QAC5C,WAAW,EACT,gKAAgK;QAClK,QAAQ,EAAE;YACR,YAAY;YACZ,WAAW;YACX,mBAAmB;SACpB;QACD,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,KAAK;KACzB;IACD;QACE,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,oBAAoB;QAC9B,KAAK,EAAE,+BAA+B;QACtC,WAAW,EACT,8HAA8H;QAChI,QAAQ,EAAE;YACR,WAAW;YACX,UAAU;YACV,aAAa;SACd;QACD,iBAAiB,EAAE;YACjB,iBAAiB;SAClB;QACD,iBAAiB,EAAE,QAAQ;KAC5B;IAED,+EAA+E;IAC/E,2DAA2D;IAC3D,+EAA+E;IAE/E;QACE,EAAE,EAAE,aAAa;QACjB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,kBAAkB;QAC5B,KAAK,EAAE,yBAAyB;QAChC,WAAW,EACT,uKAAuK;QACzK,QAAQ,EAAE;YACR,SAAS;YACT,aAAa;YACb,cAAc;YACd,aAAa;SACd;QACD,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,KAAK;KACzB;IACD;QACE,EAAE,EAAE,aAAa;QACjB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,kBAAkB;QAC5B,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,mKAAmK;QACrK,QAAQ,EAAE;YACR,YAAY;YACZ,eAAe;YACf,UAAU;SACX;QACD,iBAAiB,EAAE;YACjB,2BAA2B;SAC5B;QACD,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,aAAa;QACjB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,yBAAyB;QACnC,KAAK,EAAE,4BAA4B;QACnC,WAAW,EACT,qKAAqK;QACvK,QAAQ,EAAE;YACR,SAAS;YACT,YAAY;YACZ,iBAAiB;YACjB,YAAY;SACb;QACD,iBAAiB,EAAE;YACjB,kBAAkB;YAClB,yBAAyB;SAC1B;QACD,iBAAiB,EAAE,MAAM;KAC1B;IACD;QACE,EAAE,EAAE,aAAa;QACjB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,yBAAyB;QACnC,KAAK,EAAE,kBAAkB;QACzB,WAAW,EACT,mJAAmJ;QACrJ,QAAQ,EAAE;YACR,kBAAkB;YAClB,cAAc;YACd,oBAAoB;SACrB;QACD,iBAAiB,EAAE;YACjB,kBAAkB;YAClB,iBAAiB;YACjB,iBAAiB;SAClB;QACD,iBAAiB,EAAE,MAAM;KAC1B;IACD;QACE,EAAE,EAAE,aAAa;QACjB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,yBAAyB;QACnC,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EACT,oKAAoK;QACtK,QAAQ,EAAE;YACR,aAAa;YACb,UAAU;YACV,YAAY;YACZ,mBAAmB;SACpB;QACD,iBAAiB,EAAE;YACjB,kBAAkB;YAClB,iBAAiB;YACjB,aAAa;SACd;QACD,iBAAiB,EAAE,MAAM;KAC1B;IACD;QACE,EAAE,EAAE,aAAa;QACjB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EACT,iJAAiJ;QACnJ,QAAQ,EAAE;YACR,UAAU;YACV,mBAAmB;YACnB,WAAW;SACZ;QACD,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,KAAK;KACzB;IACD;QACE,EAAE,EAAE,aAAa;QACjB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,uBAAuB;QACjC,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EACT,0JAA0J;QAC5J,QAAQ,EAAE;YACR,YAAY;YACZ,YAAY;YACZ,YAAY;SACb;QACD,iBAAiB,EAAE;YACjB,gBAAgB;YAChB,YAAY;YACZ,iBAAiB;SAClB;QACD,iBAAiB,EAAE,QAAQ;KAC5B;IAED,+EAA+E;IAC/E,+DAA+D;IAC/D,+EAA+E;IAE/E;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,qBAAqB;QAC/B,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EACT,iKAAiK;QACnK,QAAQ,EAAE;YACR,gBAAgB;YAChB,kBAAkB;YAClB,aAAa;SACd;QACD,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,KAAK;KACzB;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,qBAAqB;QAC/B,KAAK,EAAE,mBAAmB;QAC1B,WAAW,EACT,yIAAyI;QAC3I,QAAQ,EAAE;YACR,WAAW;YACX,YAAY;YACZ,WAAW;SACZ;QACD,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,KAAK;KACzB;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,eAAe;QACzB,KAAK,EAAE,+BAA+B;QACtC,WAAW,EACT,iJAAiJ;QACnJ,QAAQ,EAAE;YACR,WAAW;YACX,WAAW;YACX,gBAAgB;SACjB;QACD,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,KAAK;KACzB;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,eAAe;QACzB,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,qJAAqJ;QACvJ,QAAQ,EAAE;YACR,aAAa;YACb,WAAW;YACX,mBAAmB;SACpB;QACD,iBAAiB,EAAE;YACjB,mBAAmB;YACnB,iBAAiB;SAClB;QACD,iBAAiB,EAAE,MAAM;KAC1B;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,eAAe;QACzB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,+IAA+I;QACjJ,QAAQ,EAAE;YACR,eAAe;YACf,cAAc;YACd,cAAc;SACf;QACD,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,KAAK;KACzB;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,mBAAmB;QAC7B,KAAK,EAAE,4BAA4B;QACnC,WAAW,EACT,6HAA6H;QAC/H,QAAQ,EAAE;YACR,mBAAmB;YACnB,YAAY;YACZ,UAAU;SACX;QACD,iBAAiB,EAAE;YACjB,iBAAiB;SAClB;QACD,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,mBAAmB;QAC7B,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,6JAA6J;QAC/J,QAAQ,EAAE;YACR,mBAAmB;YACnB,WAAW;YACX,iBAAiB;SAClB;QACD,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,QAAQ;KAC5B;IAED,+EAA+E;IAC/E,2CAA2C;IAC3C,+EAA+E;IAE/E;QACE,EAAE,EAAE,WAAW;QACf,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,kBAAkB;QAC5B,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,2IAA2I;QAC7I,QAAQ,EAAE;YACR,YAAY;YACZ,cAAc;YACd,wBAAwB;YACxB,eAAe;SAChB;QACD,iBAAiB,EAAE;YACjB,iBAAiB;YACjB,mBAAmB;SACpB;QACD,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,WAAW;QACf,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,kBAAkB;QAC5B,KAAK,EAAE,sBAAsB;QAC7B,WAAW,EACT,qIAAqI;QACvI,QAAQ,EAAE;YACR,gBAAgB;YAChB,gBAAgB;YAChB,eAAe;SAChB;QACD,iBAAiB,EAAE;YACjB,kBAAkB;YAClB,cAAc;SACf;QACD,iBAAiB,EAAE,KAAK;KACzB;IACD;QACE,EAAE,EAAE,WAAW;QACf,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,yIAAyI;QAC3I,QAAQ,EAAE;YACR,kBAAkB;YAClB,kBAAkB;YAClB,kBAAkB;SACnB;QACD,iBAAiB,EAAE;YACjB,kBAAkB;YAClB,WAAW;SACZ;QACD,iBAAiB,EAAE,UAAU;KAC9B;IACD;QACE,EAAE,EAAE,WAAW;QACf,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,yBAAyB;QAChC,WAAW,EACT,sIAAsI;QACxI,QAAQ,EAAE;YACR,mBAAmB;YACnB,cAAc;YACd,oBAAoB;SACrB;QACD,iBAAiB,EAAE;YACjB,iBAAiB;YACjB,KAAK;YACL,eAAe;YACf,mBAAmB;SACpB;QACD,iBAAiB,EAAE,MAAM;KAC1B;IACD;QACE,EAAE,EAAE,WAAW;QACf,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,eAAe;QACzB,KAAK,EAAE,2BAA2B;QAClC,WAAW,EACT,wHAAwH;QAC1H,QAAQ,EAAE;YACR,gBAAgB;YAChB,KAAK;YACL,iBAAiB;YACjB,YAAY;SACb;QACD,iBAAiB,EAAE;YACjB,sBAAsB;YACtB,cAAc;YACd,YAAY;SACb;QACD,iBAAiB,EAAE,MAAM;KAC1B;IACD;QACE,EAAE,EAAE,WAAW;QACf,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,eAAe;QACzB,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EACT,8HAA8H;QAChI,QAAQ,EAAE;YACR,eAAe;YACf,SAAS;YACT,eAAe;SAChB;QACD,iBAAiB,EAAE;YACjB,yBAAyB;YACzB,cAAc;SACf;QACD,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,WAAW;QACf,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,mBAAmB;QAC7B,KAAK,EAAE,0BAA0B;QACjC,WAAW,EACT,sIAAsI;QACxI,QAAQ,EAAE;YACR,eAAe;YACf,eAAe;YACf,WAAW;YACX,YAAY;SACb;QACD,iBAAiB,EAAE;YACjB,cAAc;SACf;QACD,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,WAAW;QACf,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,mBAAmB;QAC7B,KAAK,EAAE,iBAAiB;QACxB,WAAW,EACT,yIAAyI;QAC3I,QAAQ,EAAE;YACR,UAAU;YACV,SAAS;YACT,YAAY;YACZ,aAAa;SACd;QACD,iBAAiB,EAAE;YACjB,iBAAiB;YACjB,kBAAkB;YAClB,iBAAiB;YACjB,uBAAuB;SACxB;QACD,iBAAiB,EAAE,MAAM;KAC1B;IACD;QACE,EAAE,EAAE,WAAW;QACf,SAAS,EAAE,aAAoB;QAC/B,QAAQ,EAAE,mBAAmB;QAC7B,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,uIAAuI;QACzI,QAAQ,EAAE;YACR,aAAa;YACb,WAAW;YACX,cAAc;YACd,SAAS;SACV;QACD,iBAAiB,EAAE;YACjB,wBAAwB;YACxB,kBAAkB;SACnB;QACD,iBAAiB,EAAE,MAAM;KAC1B;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO,oBAAoB,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,EAAU;IAChD,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AACvD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,IAAmB;IAChE,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,QAAgB;IAC7D,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB;IACrC,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;AACtE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;AAChD,CAAC"}

package/dist/compliance/frameworks/owasp-llm.d.ts

@@ -0,0 +1,58 @@
+/**
+ * OWASP LLM Top 10 Compliance Framework
+ *
+ * Maps security findings to OWASP Top 10 for Large Language Model Applications (2025).
+ * This framework addresses AI-specific security risks in LLM-powered applications.
+ *
+ * @see https://owasp.org/www-project-top-10-for-large-language-model-applications/
+ * @module compliance/frameworks/owasp-llm
+ */
+import type { ComplianceControl } from "../types.js";
+/**
+ * AI-specific compliance framework type
+ */
+export type AIComplianceFramework = "OWASP-LLM" | "NIST-AI-RMF" | "MITRE-ATLAS" | "EU-AI-ACT" | "ISO-42001";
+/**
+ * OWASP LLM Top 10 Controls (2025 version)
+ *
+ * Each control maps to one of the OWASP LLM Top 10 risks with
+ * associated finding categories from agent scanners.
+ */
+export declare const OWASP_LLM_CONTROLS: ComplianceControl[];
+/**
+ * Cross-mapping to SOC 2 controls for integrated compliance
+ */
+export declare const OWASP_LLM_TO_SOC2_MAPPING: Record<string, string[]>;
+/**
+ * Cross-mapping to ISO 27001 controls
+ */
+export declare const OWASP_LLM_TO_ISO27001_MAPPING: Record<string, string[]>;
+/**
+ * Get all OWASP LLM Top 10 controls
+ */
+export declare function getOWASPLLMControls(): ComplianceControl[];
+/**
+ * Get OWASP LLM control by ID (LLM01-LLM10)
+ */
+export declare function getOWASPLLMControlById(id: string): ComplianceControl | undefined;
+/**
+ * Get OWASP LLM controls by category
+ */
+export declare function getOWASPLLMControlsByCategory(category: string): ComplianceControl[];
+/**
+ * Get all OWASP LLM categories
+ */
+export declare function getOWASPLLMCategories(): string[];
+/**
+ * Get cross-mapping to SOC 2 for a specific LLM control
+ */
+export declare function getSOC2MappingForLLMControl(llmControlId: string): string[];
+/**
+ * Get cross-mapping to ISO 27001 for a specific LLM control
+ */
+export declare function getISO27001MappingForLLMControl(llmControlId: string): string[];
+/**
+ * Generate remediation guidance for a specific LLM control
+ */
+export declare function getRemediationGuidance(controlId: string): string[];
+//# sourceMappingURL=owasp-llm.d.ts.map

package/dist/compliance/frameworks/owasp-llm.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"owasp-llm.d.ts","sourceRoot":"","sources":["../../../src/compliance/frameworks/owasp-llm.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAErD;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAC7B,WAAW,GACX,aAAa,GACb,aAAa,GACb,WAAW,GACX,WAAW,CAAC;AAEhB;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,EAAE,iBAAiB,EAiQjD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,yBAAyB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAW9D,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,6BAA6B,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAWlE,CAAC;AAEF;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,iBAAiB,EAAE,CAEzD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,EAAE,EAAE,MAAM,GAAG,iBAAiB,GAAG,SAAS,CAEhF;AAED;;GAEG;AACH,wBAAgB,6BAA6B,CAAC,QAAQ,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAEnF;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,MAAM,EAAE,CAEhD;AAED;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,EAAE,CAE1E;AAED;;GAEG;AACH,wBAAgB,+BAA+B,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,EAAE,CAE9E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE,CA2ElE"}

package/dist/compliance/frameworks/owasp-llm.js

@@ -0,0 +1,399 @@
+/**
+ * OWASP LLM Top 10 Compliance Framework
+ *
+ * Maps security findings to OWASP Top 10 for Large Language Model Applications (2025).
+ * This framework addresses AI-specific security risks in LLM-powered applications.
+ *
+ * @see https://owasp.org/www-project-top-10-for-large-language-model-applications/
+ * @module compliance/frameworks/owasp-llm
+ */
+/**
+ * OWASP LLM Top 10 Controls (2025 version)
+ *
+ * Each control maps to one of the OWASP LLM Top 10 risks with
+ * associated finding categories from agent scanners.
+ */
+export const OWASP_LLM_CONTROLS = [
+    // LLM01: Prompt Injection
+    {
+        id: "LLM01",
+        framework: "OWASP-LLM",
+        category: "Input Validation",
+        title: "Prompt Injection",
+        description: "Prompt injection occurs when an attacker manipulates a large language model (LLM) through crafted inputs, causing the LLM to unknowingly execute the attacker's intentions. This can be done directly by 'jailbreaking' the system prompt or indirectly through manipulated external inputs, potentially leading to data exfiltration, social engineering, and other issues.",
+        keywords: [
+            "prompt injection",
+            "jailbreak",
+            "instruction override",
+            "system prompt",
+            "indirect injection",
+            "context manipulation",
+        ],
+        findingCategories: [
+            "prompt-injection",
+            "injection",
+            "insecure-plugin",
+        ],
+        cweIds: ["CWE-94", "CWE-77", "CWE-74"],
+        severityThreshold: "high",
+    },
+    // LLM02: Insecure Output Handling
+    {
+        id: "LLM02",
+        framework: "OWASP-LLM",
+        category: "Output Validation",
+        title: "Insecure Output Handling",
+        description: "Insecure Output Handling refers specifically to insufficient validation, sanitization, and handling of the outputs generated by large language models before they are passed downstream to other components and systems. Since LLM-generated content can be controlled by prompt input, this behavior is similar to providing users indirect access to additional functionality.",
+        keywords: [
+            "output validation",
+            "output sanitization",
+            "downstream injection",
+            "xss",
+            "sql injection",
+            "command injection",
+        ],
+        findingCategories: [
+            "insecure-output",
+            "xss",
+            "sql-injection",
+            "command-injection",
+            "code-injection",
+        ],
+        cweIds: ["CWE-79", "CWE-89", "CWE-78", "CWE-94", "CWE-116"],
+        severityThreshold: "high",
+    },
+    // LLM03: Training Data Poisoning
+    {
+        id: "LLM03",
+        framework: "OWASP-LLM",
+        category: "Data Integrity",
+        title: "Training Data Poisoning",
+        description: "The starting point of any machine learning approach is training data. In terms of large language models, this is 'pre-training'. Poisoning refers to manipulation of pre-training data or data involved in fine-tuning or embedding to introduce vulnerabilities, backdoors or biases that could compromise the model's security, effectiveness or ethical behavior.",
+        keywords: [
+            "training data",
+            "data poisoning",
+            "fine-tuning",
+            "backdoor",
+            "bias injection",
+            "model manipulation",
+        ],
+        findingCategories: [
+            "training-data-poisoning",
+            "integrity-failure",
+            "supply-chain-vuln",
+        ],
+        cweIds: ["CWE-1035", "CWE-829", "CWE-494"],
+        severityThreshold: "high",
+    },
+    // LLM04: Model Denial of Service
+    {
+        id: "LLM04",
+        framework: "OWASP-LLM",
+        category: "Availability",
+        title: "Model Denial of Service",
+        description: "An attacker interacts with an LLM in a method that consumes an exceptionally high amount of resources, which results in a decline in the quality of service for them and other users, as well as potentially incurring high resource costs. The model may become unresponsive or significantly slow, impacting legitimate users.",
+        keywords: [
+            "denial of service",
+            "resource exhaustion",
+            "token flooding",
+            "context overflow",
+            "recursive prompts",
+            "rate limiting",
+        ],
+        findingCategories: [
+            "model-denial-of-service",
+            "resource-exhaustion",
+        ],
+        cweIds: ["CWE-400", "CWE-770", "CWE-789"],
+        severityThreshold: "medium",
+    },
+    // LLM05: Supply Chain Vulnerabilities
+    {
+        id: "LLM05",
+        framework: "OWASP-LLM",
+        category: "Supply Chain",
+        title: "Supply Chain Vulnerabilities",
+        description: "The supply chain in LLMs can be vulnerable, impacting the integrity of training data, ML models, and deployment platforms. These vulnerabilities can lead to biased outcomes, security breaches, or system failures. Risks include outdated components, vulnerable pre-trained models, poisoned fine-tuning datasets, and insecure plugin stores.",
+        keywords: [
+            "supply chain",
+            "dependency",
+            "third-party",
+            "plugin",
+            "model hub",
+            "package vulnerability",
+            "typosquatting",
+        ],
+        findingCategories: [
+            "supply-chain-vuln",
+            "dependency-vuln",
+            "vulnerable-component",
+            "insecure-plugin",
+        ],
+        cweIds: ["CWE-1035", "CWE-829", "CWE-494", "CWE-937"],
+        severityThreshold: "high",
+    },
+    // LLM06: Sensitive Information Disclosure
+    {
+        id: "LLM06",
+        framework: "OWASP-LLM",
+        category: "Data Protection",
+        title: "Sensitive Information Disclosure",
+        description: "LLM applications have the potential to reveal sensitive information, proprietary algorithms, or other confidential details through their output. This can result in unauthorized access to sensitive data, intellectual property, privacy violations, and other security breaches. Consumers of LLM applications should be aware of how to safely interact with LLMs.",
+        keywords: [
+            "sensitive data",
+            "data leakage",
+            "pii exposure",
+            "confidential information",
+            "system prompt extraction",
+            "model memorization",
+        ],
+        findingCategories: [
+            "sensitive-disclosure",
+            "pii-exposure",
+            "hardcoded-secret",
+            "exfil-path",
+        ],
+        cweIds: ["CWE-200", "CWE-359", "CWE-532", "CWE-538"],
+        severityThreshold: "high",
+    },
+    // LLM07: Insecure Plugin Design
+    {
+        id: "LLM07",
+        framework: "OWASP-LLM",
+        category: "Plugin Security",
+        title: "Insecure Plugin Design",
+        description: "LLM plugins are extensions that, when enabled, are called automatically by the model during user interactions. They are driven by the model, and there is no application control over the execution. Plugins can process inputs from untrusted sources with insufficient validation, increasing the risk of data exfiltration, remote code execution, and privilege escalation.",
+        keywords: [
+            "plugin",
+            "tool",
+            "extension",
+            "mcp",
+            "function calling",
+            "tool execution",
+            "sandbox escape",
+        ],
+        findingCategories: [
+            "insecure-plugin",
+            "excessive-agency",
+            "missing-sandbox",
+            "manifest-drift",
+            "tool-drift",
+        ],
+        cweIds: ["CWE-20", "CWE-918", "CWE-78", "CWE-250"],
+        severityThreshold: "high",
+    },
+    // LLM08: Excessive Agency
+    {
+        id: "LLM08",
+        framework: "OWASP-LLM",
+        category: "Access Control",
+        title: "Excessive Agency",
+        description: "An LLM-based system is often granted a degree of agency by its developer – the ability to interface with other systems and undertake actions in response to a prompt. Excessive Agency is the vulnerability that enables damaging actions to be performed in response to unexpected/ambiguous outputs from an LLM. This could be due to excessive functionality, permissions, or autonomy granted to the LLM.",
+        keywords: [
+            "excessive permissions",
+            "over-privileged",
+            "autonomy",
+            "destructive actions",
+            "uncontrolled execution",
+            "permission minimization",
+        ],
+        findingCategories: [
+            "excessive-agency",
+            "overscoped-permission",
+            "credential-overscoped",
+            "broken-access-control",
+        ],
+        cweIds: ["CWE-269", "CWE-250", "CWE-266", "CWE-732"],
+        severityThreshold: "high",
+    },
+    // LLM09: Overreliance
+    {
+        id: "LLM09",
+        framework: "OWASP-LLM",
+        category: "Operational Risk",
+        title: "Overreliance",
+        description: "Overreliance occurs when systems or people depend on LLMs for decision-making or content generation without sufficient oversight. LLMs can produce authoritative-sounding but incorrect or inappropriate content, leading to misinformation, security vulnerabilities, or legal issues if outputs are not validated by human reviewers.",
+        keywords: [
+            "overreliance",
+            "hallucination",
+            "misinformation",
+            "human oversight",
+            "validation",
+            "autonomous decision",
+        ],
+        findingCategories: [
+            "overreliance",
+            "consensus-manipulation",
+        ],
+        cweIds: ["CWE-807", "CWE-352"],
+        severityThreshold: "medium",
+    },
+    // LLM10: Model Theft
+    {
+        id: "LLM10",
+        framework: "OWASP-LLM",
+        category: "Intellectual Property",
+        title: "Model Theft",
+        description: "Model theft involves unauthorized access, copying, or exfiltration of proprietary LLM models. This can lead to economic losses, erosion of competitive advantage, and unauthorized access to sensitive information contained in the model. Risks include model extraction through API abuse, side-channel attacks, and insider threats.",
+        keywords: [
+            "model theft",
+            "model extraction",
+            "intellectual property",
+            "model weights",
+            "api abuse",
+            "side-channel",
+        ],
+        findingCategories: [
+            "model-theft",
+            "auth-bypass",
+            "broken-access-control",
+        ],
+        cweIds: ["CWE-284", "CWE-200", "CWE-863"],
+        severityThreshold: "critical",
+    },
+];
+/**
+ * Cross-mapping to SOC 2 controls for integrated compliance
+ */
+export const OWASP_LLM_TO_SOC2_MAPPING = {
+    LLM01: ["CC6.6", "CC6.8", "PI1.2"], // Prompt Injection → Security Boundaries, Malicious Software, Input Controls
+    LLM02: ["CC6.8", "PI1.1", "PI1.2"], // Insecure Output → Malicious Software, Processing Accuracy, Input Controls
+    LLM03: ["CC9.2", "C1.1"], // Training Data Poisoning → Vendor Risk, Confidentiality
+    LLM04: ["A1.1"], // Model DoS → Capacity Management
+    LLM05: ["CC9.1", "CC9.2"], // Supply Chain → Risk Management, Vendor Risk
+    LLM06: ["C1.1", "C1.2", "CC6.7"], // Sensitive Disclosure → Confidentiality, Transmission Protection
+    LLM07: ["CC6.6", "CC6.8", "CC8.1"], // Insecure Plugin → Security Boundaries, Change Management
+    LLM08: ["CC6.1", "CC6.3"], // Excessive Agency → Access Control, Access Removal
+    LLM09: ["CC7.3", "CC7.4"], // Overreliance → Security Event Analysis, Response
+    LLM10: ["CC6.1", "C1.1"], // Model Theft → Access Control, Confidentiality
+};
+/**
+ * Cross-mapping to ISO 27001 controls
+ */
+export const OWASP_LLM_TO_ISO27001_MAPPING = {
+    LLM01: ["A.14.2.5", "A.14.1.2"], // Input validation, Application security
+    LLM02: ["A.14.2.5", "A.14.1.3"], // Input validation, Application security
+    LLM03: ["A.15.2.1", "A.14.2.7"], // Supplier service monitoring, Outsourced development
+    LLM04: ["A.17.2.1", "A.12.1.3"], // Availability, Capacity management
+    LLM05: ["A.15.1.1", "A.15.2.1"], // Supplier relationships
+    LLM06: ["A.18.1.4", "A.8.2.3"], // Privacy, Data handling
+    LLM07: ["A.14.2.1", "A.14.2.5"], // Development policy, Input validation
+    LLM08: ["A.9.2.3", "A.9.4.1"], // Access management
+    LLM09: ["A.12.4.1", "A.16.1.1"], // Logging, Incident management
+    LLM10: ["A.9.1.1", "A.18.1.2"], // Access control, IP protection
+};
+/**
+ * Get all OWASP LLM Top 10 controls
+ */
+export function getOWASPLLMControls() {
+    return OWASP_LLM_CONTROLS;
+}
+/**
+ * Get OWASP LLM control by ID (LLM01-LLM10)
+ */
+export function getOWASPLLMControlById(id) {
+    return OWASP_LLM_CONTROLS.find((c) => c.id === id);
+}
+/**
+ * Get OWASP LLM controls by category
+ */
+export function getOWASPLLMControlsByCategory(category) {
+    return OWASP_LLM_CONTROLS.filter((c) => c.category === category);
+}
+/**
+ * Get all OWASP LLM categories
+ */
+export function getOWASPLLMCategories() {
+    return [...new Set(OWASP_LLM_CONTROLS.map((c) => c.category))];
+}
+/**
+ * Get cross-mapping to SOC 2 for a specific LLM control
+ */
+export function getSOC2MappingForLLMControl(llmControlId) {
+    return OWASP_LLM_TO_SOC2_MAPPING[llmControlId] || [];
+}
+/**
+ * Get cross-mapping to ISO 27001 for a specific LLM control
+ */
+export function getISO27001MappingForLLMControl(llmControlId) {
+    return OWASP_LLM_TO_ISO27001_MAPPING[llmControlId] || [];
+}
+/**
+ * Generate remediation guidance for a specific LLM control
+ */
+export function getRemediationGuidance(controlId) {
+    const guidance = {
+        LLM01: [
+            "Implement strict input validation on all user-provided prompts",
+            "Use prompt injection detection classifiers",
+            "Enforce privilege separation between system prompts and user inputs",
+            "Apply output filtering to detect instruction override attempts",
+            "Use sandboxed execution environments for LLM tools",
+        ],
+        LLM02: [
+            "Encode and sanitize all LLM outputs before use in downstream systems",
+            "Apply context-aware output validation (SQL, HTML, command shells)",
+            "Implement parameterized queries for database operations",
+            "Use Content Security Policy for web outputs",
+            "Log and monitor output patterns for anomalies",
+        ],
+        LLM03: [
+            "Verify training data provenance and integrity",
+            "Implement data validation pipelines with anomaly detection",
+            "Use secure fine-tuning environments with access controls",
+            "Maintain data lineage and audit trails",
+            "Apply differential privacy where appropriate",
+        ],
+        LLM04: [
+            "Implement rate limiting on API endpoints",
+            "Set token limits and context window bounds",
+            "Use request queuing with timeout thresholds",
+            "Monitor resource consumption patterns",
+            "Implement circuit breakers for cascading failures",
+        ],
+        LLM05: [
+            "Audit and verify all model dependencies",
+            "Use signed and verified model artifacts",
+            "Scan plugins/tools for vulnerabilities",
+            "Maintain SBOM for AI components",
+            "Implement continuous monitoring for supply chain risks",
+        ],
+        LLM06: [
+            "Implement output filtering for sensitive patterns (PII, secrets)",
+            "Apply data classification and access controls",
+            "Use differential privacy for training data protection",
+            "Implement guardrails against system prompt disclosure",
+            "Log and audit data access patterns",
+        ],
+        LLM07: [
+            "Validate all plugin inputs with strict schemas",
+            "Apply least-privilege principles to tool permissions",
+            "Use sandboxing for plugin execution",
+            "Implement plugin allowlisting and code signing",
+            "Monitor plugin behavior for anomalies",
+        ],
+        LLM08: [
+            "Apply principle of least privilege to LLM capabilities",
+            "Require human approval for destructive actions",
+            "Implement action rate limiting and spending caps",
+            "Use explicit scope declarations for tools",
+            "Monitor and alert on unusual action patterns",
+        ],
+        LLM09: [
+            "Implement human-in-the-loop for critical decisions",
+            "Display confidence scores and uncertainty indicators",
+            "Require verification for high-stakes outputs",
+            "Educate users on LLM limitations",
+            "Implement multi-agent verification for important outputs",
+        ],
+        LLM10: [
+            "Implement strong API authentication and rate limiting",
+            "Use query obfuscation and response fuzzing",
+            "Monitor for model extraction patterns",
+            "Apply access controls to model artifacts",
+            "Use watermarking for model output attribution",
+        ],
+    };
+    return guidance[controlId] || ["Implement controls appropriate to the specific risk"];
+}
+//# sourceMappingURL=owasp-llm.js.map

package/dist/compliance/frameworks/owasp-llm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"owasp-llm.js","sourceRoot":"","sources":["../../../src/compliance/frameworks/owasp-llm.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAcH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAwB;IACrD,0BAA0B;IAC1B;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAkB;QAC7B,QAAQ,EAAE,kBAAkB;QAC5B,KAAK,EAAE,kBAAkB;QACzB,WAAW,EACT,8WAA8W;QAChX,QAAQ,EAAE;YACR,kBAAkB;YAClB,WAAW;YACX,sBAAsB;YACtB,eAAe;YACf,oBAAoB;YACpB,sBAAsB;SACvB;QACD,iBAAiB,EAAE;YACjB,kBAAkB;YAClB,WAAW;YACX,iBAAiB;SAClB;QACD,MAAM,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;QACtC,iBAAiB,EAAE,MAAM;KAC1B;IAED,kCAAkC;IAClC;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAkB;QAC7B,QAAQ,EAAE,mBAAmB;QAC7B,KAAK,EAAE,0BAA0B;QACjC,WAAW,EACT,kXAAkX;QACpX,QAAQ,EAAE;YACR,mBAAmB;YACnB,qBAAqB;YACrB,sBAAsB;YACtB,KAAK;YACL,eAAe;YACf,mBAAmB;SACpB;QACD,iBAAiB,EAAE;YACjB,iBAAiB;YACjB,KAAK;YACL,eAAe;YACf,mBAAmB;YACnB,gBAAgB;SACjB;QACD,MAAM,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC;QAC3D,iBAAiB,EAAE,MAAM;KAC1B;IAED,iCAAiC;IACjC;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAkB;QAC7B,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,yBAAyB;QAChC,WAAW,EACT,sWAAsW;QACxW,QAAQ,EAAE;YACR,eAAe;YACf,gBAAgB;YAChB,aAAa;YACb,UAAU;YACV,gBAAgB;YAChB,oBAAoB;SACrB;QACD,iBAAiB,EAAE;YACjB,yBAAyB;YACzB,mBAAmB;YACnB,mBAAmB;SACpB;QACD,MAAM,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,SAAS,CAAC;QAC1C,iBAAiB,EAAE,MAAM;KAC1B;IAED,iCAAiC;IACjC;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAkB;QAC7B,QAAQ,EAAE,cAAc;QACxB,KAAK,EAAE,yBAAyB;QAChC,WAAW,EACT,kUAAkU;QACpU,QAAQ,EAAE;YACR,mBAAmB;YACnB,qBAAqB;YACrB,gBAAgB;YAChB,kBAAkB;YAClB,mBAAmB;YACnB,eAAe;SAChB;QACD,iBAAiB,EAAE;YACjB,yBAAyB;YACzB,qBAAqB;SACtB;QACD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;QACzC,iBAAiB,EAAE,QAAQ;KAC5B;IAED,sCAAsC;IACtC;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAkB;QAC7B,QAAQ,EAAE,cAAc;QACxB,KAAK,EAAE,8BAA8B;QACrC,WAAW,EACT,mVAAmV;QACrV,QAAQ,EAAE;YACR,cAAc;YACd,YAAY;YACZ,aAAa;YACb,QAAQ;YACR,WAAW;YACX,uBAAuB;YACvB,eAAe;SAChB;QACD,iBAAiB,EAAE;YACjB,mBAAmB;YACnB,iBAAiB;YACjB,sBAAsB;YACtB,iBAAiB;SAClB;QACD,MAAM,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;QACrD,iBAAiB,EAAE,MAAM;KAC1B;IAED,0CAA0C;IAC1C;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAkB;QAC7B,QAAQ,EAAE,iBAAiB;QAC3B,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,uWAAuW;QACzW,QAAQ,EAAE;YACR,gBAAgB;YAChB,cAAc;YACd,cAAc;YACd,0BAA0B;YAC1B,0BAA0B;YAC1B,oBAAoB;SACrB;QACD,iBAAiB,EAAE;YACjB,sBAAsB;YACtB,cAAc;YACd,kBAAkB;YAClB,YAAY;SACb;QACD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;QACpD,iBAAiB,EAAE,MAAM;KAC1B;IAED,gCAAgC;IAChC;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAkB;QAC7B,QAAQ,EAAE,iBAAiB;QAC3B,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,iXAAiX;QACnX,QAAQ,EAAE;YACR,QAAQ;YACR,MAAM;YACN,WAAW;YACX,KAAK;YACL,kBAAkB;YAClB,gBAAgB;YAChB,gBAAgB;SACjB;QACD,iBAAiB,EAAE;YACjB,iBAAiB;YACjB,kBAAkB;YAClB,iBAAiB;YACjB,gBAAgB;YAChB,YAAY;SACb;QACD,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC;QAClD,iBAAiB,EAAE,MAAM;KAC1B;IAED,0BAA0B;IAC1B;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAkB;QAC7B,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,kBAAkB;QACzB,WAAW,EACT,+YAA+Y;QACjZ,QAAQ,EAAE;YACR,uBAAuB;YACvB,iBAAiB;YACjB,UAAU;YACV,qBAAqB;YACrB,wBAAwB;YACxB,yBAAyB;SAC1B;QACD,iBAAiB,EAAE;YACjB,kBAAkB;YAClB,uBAAuB;YACvB,uBAAuB;YACvB,uBAAuB;SACxB;QACD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;QACpD,iBAAiB,EAAE,MAAM;KAC1B;IAED,sBAAsB;IACtB;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAkB;QAC7B,QAAQ,EAAE,kBAAkB;QAC5B,KAAK,EAAE,cAAc;QACrB,WAAW,EACT,yUAAyU;QAC3U,QAAQ,EAAE;YACR,cAAc;YACd,eAAe;YACf,gBAAgB;YAChB,iBAAiB;YACjB,YAAY;YACZ,qBAAqB;SACtB;QACD,iBAAiB,EAAE;YACjB,cAAc;YACd,wBAAwB;SACzB;QACD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QAC9B,iBAAiB,EAAE,QAAQ;KAC5B;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,OAAO;QACX,SAAS,EAAE,WAAkB;QAC7B,QAAQ,EAAE,uBAAuB;QACjC,KAAK,EAAE,aAAa;QACpB,WAAW,EACT,yUAAyU;QAC3U,QAAQ,EAAE;YACR,aAAa;YACb,kBAAkB;YAClB,uBAAuB;YACvB,eAAe;YACf,WAAW;YACX,cAAc;SACf;QACD,iBAAiB,EAAE;YACjB,aAAa;YACb,aAAa;YACb,uBAAuB;SACxB;QACD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;QACzC,iBAAiB,EAAE,UAAU;KAC9B;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAA6B;IACjE,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,6EAA6E;IACjH,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,4EAA4E;IAChH,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,yDAAyD;IACnF,KAAK,EAAE,CAAC,MAAM,CAAC,EAAE,kCAAkC;IACnD,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,8CAA8C;IACzE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,kEAAkE;IACpG,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,2DAA2D;IAC/F,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,oDAAoD;IAC/E,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,mDAAmD;IAC9E,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,gDAAgD;CAC3E,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAA6B;IACrE,KAAK,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE,yCAAyC;IAC1E,KAAK,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE,yCAAyC;IAC1E,KAAK,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE,sDAAsD;IACvF,KAAK,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE,oCAAoC;IACrE,KAAK,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE,yBAAyB;IAC1D,KAAK,EAAE,CAAC,UAAU,EAAE,SAAS,CAAC,EAAE,yBAAyB;IACzD,KAAK,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE,uCAAuC;IACxE,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE,oBAAoB;IACnD,KAAK,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE,+BAA+B;IAChE,KAAK,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,gCAAgC;CACjE,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,EAAU;IAC/C,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AACrD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,6BAA6B,CAAC,QAAgB;IAC5D,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;AACjE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,YAAoB;IAC9D,OAAO,yBAAyB,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;AACvD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,+BAA+B,CAAC,YAAoB;IAClE,OAAO,6BAA6B,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,SAAiB;IACtD,MAAM,QAAQ,GAA6B;QACzC,KAAK,EAAE;YACL,gEAAgE;YAChE,4CAA4C;YAC5C,qEAAqE;YACrE,gEAAgE;YAChE,oDAAoD;SACrD;QACD,KAAK,EAAE;YACL,sEAAsE;YACtE,mEAAmE;YACnE,yDAAyD;YACzD,6CAA6C;YAC7C,+CAA+C;SAChD;QACD,KAAK,EAAE;YACL,+CAA+C;YAC/C,4DAA4D;YAC5D,0DAA0D;YAC1D,wCAAwC;YACxC,8CAA8C;SAC/C;QACD,KAAK,EAAE;YACL,0CAA0C;YAC1C,4CAA4C;YAC5C,6CAA6C;YAC7C,uCAAuC;YACvC,mDAAmD;SACpD;QACD,KAAK,EAAE;YACL,yCAAyC;YACzC,yCAAyC;YACzC,wCAAwC;YACxC,iCAAiC;YACjC,wDAAwD;SACzD;QACD,KAAK,EAAE;YACL,kEAAkE;YAClE,+CAA+C;YAC/C,uDAAuD;YACvD,uDAAuD;YACvD,oCAAoC;SACrC;QACD,KAAK,EAAE;YACL,gDAAgD;YAChD,sDAAsD;YACtD,qCAAqC;YACrC,gDAAgD;YAChD,uCAAuC;SACxC;QACD,KAAK,EAAE;YACL,wDAAwD;YACxD,gDAAgD;YAChD,kDAAkD;YAClD,2CAA2C;YAC3C,8CAA8C;SAC/C;QACD,KAAK,EAAE;YACL,oDAAoD;YACpD,sDAAsD;YACtD,8CAA8C;YAC9C,kCAAkC;YAClC,0DAA0D;SAC3D;QACD,KAAK,EAAE;YACL,uDAAuD;YACvD,4CAA4C;YAC5C,uCAAuC;YACvC,0CAA0C;YAC1C,+CAA+C;SAChD;KACF,CAAC;IAEF,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;AACxF,CAAC"}

package/dist/compliance/gdpr.d.ts

@@ -0,0 +1,34 @@
+/**
+ * GDPR Controls
+ *
+ * General Data Protection Regulation (EU 2016/679)
+ * Articles relevant to software security and data protection.
+ *
+ * @module compliance/gdpr
+ */
+import type { ComplianceControl } from "./types.js";
+/**
+ * GDPR article categories relevant to software security
+ */
+export declare const GDPR_CATEGORIES: readonly ["Principles", "Data Subject Rights", "Controller Obligations", "Security", "Breach Notification", "Data Protection by Design"];
+/**
+ * GDPR controls relevant to code security and data protection
+ */
+export declare const GDPR_CONTROLS: ComplianceControl[];
+/**
+ * Get all GDPR controls
+ */
+export declare function getGDPRControls(): ComplianceControl[];
+/**
+ * Get GDPR controls by category
+ */
+export declare function getGDPRControlsByCategory(category: string): ComplianceControl[];
+/**
+ * Get GDPR controls by article
+ */
+export declare function getGDPRControlsByArticle(article: string): ComplianceControl[];
+/**
+ * Get GDPR categories
+ */
+export declare function getGDPRCategories(): readonly string[];
+//# sourceMappingURL=gdpr.d.ts.map

package/dist/compliance/gdpr.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gdpr.d.ts","sourceRoot":"","sources":["../../src/compliance/gdpr.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD;;GAEG;AACH,eAAO,MAAM,eAAe,0IAOlB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,aAAa,EAAE,iBAAiB,EAiT5C,CAAC;AAEF;;GAEG;AACH,wBAAgB,eAAe,IAAI,iBAAiB,EAAE,CAErD;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,QAAQ,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAE/E;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAE7E;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,SAAS,MAAM,EAAE,CAErD"}