vaspera 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +184 -0
- package/LICENSE +21 -0
- package/README.md +809 -0
- package/dist/__tests__/integration/certification-flow.test.d.ts +5 -0
- package/dist/__tests__/integration/certification-flow.test.d.ts.map +1 -0
- package/dist/__tests__/integration/certification-flow.test.js +245 -0
- package/dist/__tests__/integration/certification-flow.test.js.map +1 -0
- package/dist/__tests__/integration/commands.test.d.ts +5 -0
- package/dist/__tests__/integration/commands.test.d.ts.map +1 -0
- package/dist/__tests__/integration/commands.test.js +93 -0
- package/dist/__tests__/integration/commands.test.js.map +1 -0
- package/dist/action/diff-mode.d.ts +34 -0
- package/dist/action/diff-mode.d.ts.map +1 -0
- package/dist/action/diff-mode.js +201 -0
- package/dist/action/diff-mode.js.map +1 -0
- package/dist/action/diff-mode.test.d.ts +5 -0
- package/dist/action/diff-mode.test.d.ts.map +1 -0
- package/dist/action/diff-mode.test.js +162 -0
- package/dist/action/diff-mode.test.js.map +1 -0
- package/dist/action/index.d.ts +10 -0
- package/dist/action/index.d.ts.map +1 -0
- package/dist/action/index.js +231 -0
- package/dist/action/index.js.map +1 -0
- package/dist/action/pr-comment.d.ts +30 -0
- package/dist/action/pr-comment.d.ts.map +1 -0
- package/dist/action/pr-comment.js +301 -0
- package/dist/action/pr-comment.js.map +1 -0
- package/dist/action/pr-comment.test.d.ts +5 -0
- package/dist/action/pr-comment.test.d.ts.map +1 -0
- package/dist/action/pr-comment.test.js +189 -0
- package/dist/action/pr-comment.test.js.map +1 -0
- package/dist/action/sarif-upload.d.ts +104 -0
- package/dist/action/sarif-upload.d.ts.map +1 -0
- package/dist/action/sarif-upload.js +188 -0
- package/dist/action/sarif-upload.js.map +1 -0
- package/dist/action/sarif-upload.test.d.ts +5 -0
- package/dist/action/sarif-upload.test.d.ts.map +1 -0
- package/dist/action/sarif-upload.test.js +206 -0
- package/dist/action/sarif-upload.test.js.map +1 -0
- package/dist/action/types.d.ts +104 -0
- package/dist/action/types.d.ts.map +1 -0
- package/dist/action/types.js +33 -0
- package/dist/action/types.js.map +1 -0
- package/dist/action/types.test.d.ts +5 -0
- package/dist/action/types.test.d.ts.map +1 -0
- package/dist/action/types.test.js +79 -0
- package/dist/action/types.test.js.map +1 -0
- package/dist/agents/agent-integrity.d.ts +111 -0
- package/dist/agents/agent-integrity.d.ts.map +1 -0
- package/dist/agents/agent-integrity.js +308 -0
- package/dist/agents/agent-integrity.js.map +1 -0
- package/dist/agents/agent-privacy.d.ts +68 -0
- package/dist/agents/agent-privacy.d.ts.map +1 -0
- package/dist/agents/agent-privacy.js +345 -0
- package/dist/agents/agent-privacy.js.map +1 -0
- package/dist/agents/exploit-chain.d.ts +64 -0
- package/dist/agents/exploit-chain.d.ts.map +1 -0
- package/dist/agents/exploit-chain.js +477 -0
- package/dist/agents/exploit-chain.js.map +1 -0
- package/dist/agents/exploit-chain.test.d.ts +5 -0
- package/dist/agents/exploit-chain.test.d.ts.map +1 -0
- package/dist/agents/exploit-chain.test.js +455 -0
- package/dist/agents/exploit-chain.test.js.map +1 -0
- package/dist/agents/index.d.ts +14 -0
- package/dist/agents/index.d.ts.map +1 -0
- package/dist/agents/index.js +19 -0
- package/dist/agents/index.js.map +1 -0
- package/dist/agents/logic-flaw-detector.d.ts +55 -0
- package/dist/agents/logic-flaw-detector.d.ts.map +1 -0
- package/dist/agents/logic-flaw-detector.js +454 -0
- package/dist/agents/logic-flaw-detector.js.map +1 -0
- package/dist/agents/zero-day-hunter.d.ts +69 -0
- package/dist/agents/zero-day-hunter.d.ts.map +1 -0
- package/dist/agents/zero-day-hunter.js +591 -0
- package/dist/agents/zero-day-hunter.js.map +1 -0
- package/dist/certification/artifacts.d.ts +21 -0
- package/dist/certification/artifacts.d.ts.map +1 -0
- package/dist/certification/artifacts.js +275 -0
- package/dist/certification/artifacts.js.map +1 -0
- package/dist/certification/autofix.d.ts +122 -0
- package/dist/certification/autofix.d.ts.map +1 -0
- package/dist/certification/autofix.js +476 -0
- package/dist/certification/autofix.js.map +1 -0
- package/dist/certification/badge.d.ts +56 -0
- package/dist/certification/badge.d.ts.map +1 -0
- package/dist/certification/badge.js +155 -0
- package/dist/certification/badge.js.map +1 -0
- package/dist/certification/cache.d.ts +121 -0
- package/dist/certification/cache.d.ts.map +1 -0
- package/dist/certification/cache.js +275 -0
- package/dist/certification/cache.js.map +1 -0
- package/dist/certification/cache.test.d.ts +5 -0
- package/dist/certification/cache.test.d.ts.map +1 -0
- package/dist/certification/cache.test.js +270 -0
- package/dist/certification/cache.test.js.map +1 -0
- package/dist/certification/consensus.d.ts +105 -0
- package/dist/certification/consensus.d.ts.map +1 -0
- package/dist/certification/consensus.js +353 -0
- package/dist/certification/consensus.js.map +1 -0
- package/dist/certification/consensus.test.d.ts +5 -0
- package/dist/certification/consensus.test.d.ts.map +1 -0
- package/dist/certification/consensus.test.js +342 -0
- package/dist/certification/consensus.test.js.map +1 -0
- package/dist/certification/index.d.ts +14 -0
- package/dist/certification/index.d.ts.map +1 -0
- package/dist/certification/index.js +14 -0
- package/dist/certification/index.js.map +1 -0
- package/dist/certification/rules.d.ts +89 -0
- package/dist/certification/rules.d.ts.map +1 -0
- package/dist/certification/rules.js +317 -0
- package/dist/certification/rules.js.map +1 -0
- package/dist/certification/sarif.d.ts +107 -0
- package/dist/certification/sarif.d.ts.map +1 -0
- package/dist/certification/sarif.js +191 -0
- package/dist/certification/sarif.js.map +1 -0
- package/dist/certification/store.d.ts +255 -0
- package/dist/certification/store.d.ts.map +1 -0
- package/dist/certification/store.js +835 -0
- package/dist/certification/store.js.map +1 -0
- package/dist/certification/store.test.d.ts +5 -0
- package/dist/certification/store.test.d.ts.map +1 -0
- package/dist/certification/store.test.js +468 -0
- package/dist/certification/store.test.js.map +1 -0
- package/dist/certification/summary.d.ts +72 -0
- package/dist/certification/summary.d.ts.map +1 -0
- package/dist/certification/summary.js +296 -0
- package/dist/certification/summary.js.map +1 -0
- package/dist/certification/types.d.ts +138 -0
- package/dist/certification/types.d.ts.map +1 -0
- package/dist/certification/types.js +34 -0
- package/dist/certification/types.js.map +1 -0
- package/dist/commands/audits/api-check.d.ts +3 -0
- package/dist/commands/audits/api-check.d.ts.map +1 -0
- package/dist/commands/audits/api-check.js +71 -0
- package/dist/commands/audits/api-check.js.map +1 -0
- package/dist/commands/audits/deadcode.d.ts +3 -0
- package/dist/commands/audits/deadcode.d.ts.map +1 -0
- package/dist/commands/audits/deadcode.js +63 -0
- package/dist/commands/audits/deadcode.js.map +1 -0
- package/dist/commands/audits/deps.d.ts +3 -0
- package/dist/commands/audits/deps.d.ts.map +1 -0
- package/dist/commands/audits/deps.js +56 -0
- package/dist/commands/audits/deps.js.map +1 -0
- package/dist/commands/audits/errors.d.ts +3 -0
- package/dist/commands/audits/errors.d.ts.map +1 -0
- package/dist/commands/audits/errors.js +65 -0
- package/dist/commands/audits/errors.js.map +1 -0
- package/dist/commands/audits/index.d.ts +3 -0
- package/dist/commands/audits/index.d.ts.map +1 -0
- package/dist/commands/audits/index.js +15 -0
- package/dist/commands/audits/index.js.map +1 -0
- package/dist/commands/audits/perf.d.ts +3 -0
- package/dist/commands/audits/perf.d.ts.map +1 -0
- package/dist/commands/audits/perf.js +85 -0
- package/dist/commands/audits/perf.js.map +1 -0
- package/dist/commands/audits/secrets.d.ts +3 -0
- package/dist/commands/audits/secrets.d.ts.map +1 -0
- package/dist/commands/audits/secrets.js +71 -0
- package/dist/commands/audits/secrets.js.map +1 -0
- package/dist/commands/certification/certify.d.ts +3 -0
- package/dist/commands/certification/certify.d.ts.map +1 -0
- package/dist/commands/certification/certify.js +108 -0
- package/dist/commands/certification/certify.js.map +1 -0
- package/dist/commands/certification/index.d.ts +3 -0
- package/dist/commands/certification/index.d.ts.map +1 -0
- package/dist/commands/certification/index.js +17 -0
- package/dist/commands/certification/index.js.map +1 -0
- package/dist/commands/certification/performance.d.ts +3 -0
- package/dist/commands/certification/performance.d.ts.map +1 -0
- package/dist/commands/certification/performance.js +89 -0
- package/dist/commands/certification/performance.js.map +1 -0
- package/dist/commands/certification/quality.d.ts +3 -0
- package/dist/commands/certification/quality.d.ts.map +1 -0
- package/dist/commands/certification/quality.js +92 -0
- package/dist/commands/certification/quality.js.map +1 -0
- package/dist/commands/certification/redteam.d.ts +3 -0
- package/dist/commands/certification/redteam.d.ts.map +1 -0
- package/dist/commands/certification/redteam.js +114 -0
- package/dist/commands/certification/redteam.js.map +1 -0
- package/dist/commands/certification/reliability.d.ts +3 -0
- package/dist/commands/certification/reliability.d.ts.map +1 -0
- package/dist/commands/certification/reliability.js +93 -0
- package/dist/commands/certification/reliability.js.map +1 -0
- package/dist/commands/certification/security.d.ts +3 -0
- package/dist/commands/certification/security.d.ts.map +1 -0
- package/dist/commands/certification/security.js +90 -0
- package/dist/commands/certification/security.js.map +1 -0
- package/dist/commands/certification/typesafety.d.ts +3 -0
- package/dist/commands/certification/typesafety.d.ts.map +1 -0
- package/dist/commands/certification/typesafety.js +87 -0
- package/dist/commands/certification/typesafety.js.map +1 -0
- package/dist/commands/core/add-tests.d.ts +3 -0
- package/dist/commands/core/add-tests.d.ts.map +1 -0
- package/dist/commands/core/add-tests.js +29 -0
- package/dist/commands/core/add-tests.js.map +1 -0
- package/dist/commands/core/audit.d.ts +3 -0
- package/dist/commands/core/audit.d.ts.map +1 -0
- package/dist/commands/core/audit.js +64 -0
- package/dist/commands/core/audit.js.map +1 -0
- package/dist/commands/core/fix-critical.d.ts +3 -0
- package/dist/commands/core/fix-critical.d.ts.map +1 -0
- package/dist/commands/core/fix-critical.js +22 -0
- package/dist/commands/core/fix-critical.js.map +1 -0
- package/dist/commands/core/fix-high.d.ts +3 -0
- package/dist/commands/core/fix-high.d.ts.map +1 -0
- package/dist/commands/core/fix-high.js +32 -0
- package/dist/commands/core/fix-high.js.map +1 -0
- package/dist/commands/core/fix-medium.d.ts +3 -0
- package/dist/commands/core/fix-medium.d.ts.map +1 -0
- package/dist/commands/core/fix-medium.js +29 -0
- package/dist/commands/core/fix-medium.js.map +1 -0
- package/dist/commands/core/fix-rls.d.ts +3 -0
- package/dist/commands/core/fix-rls.d.ts.map +1 -0
- package/dist/commands/core/fix-rls.js +17 -0
- package/dist/commands/core/fix-rls.js.map +1 -0
- package/dist/commands/core/harden.d.ts +3 -0
- package/dist/commands/core/harden.d.ts.map +1 -0
- package/dist/commands/core/harden.js +19 -0
- package/dist/commands/core/harden.js.map +1 -0
- package/dist/commands/core/index.d.ts +3 -0
- package/dist/commands/core/index.d.ts.map +1 -0
- package/dist/commands/core/index.js +21 -0
- package/dist/commands/core/index.js.map +1 -0
- package/dist/commands/core/preflight.d.ts +3 -0
- package/dist/commands/core/preflight.d.ts.map +1 -0
- package/dist/commands/core/preflight.js +50 -0
- package/dist/commands/core/preflight.js.map +1 -0
- package/dist/commands/core/verify.d.ts +3 -0
- package/dist/commands/core/verify.d.ts.map +1 -0
- package/dist/commands/core/verify.js +32 -0
- package/dist/commands/core/verify.js.map +1 -0
- package/dist/commands/index.d.ts +28 -0
- package/dist/commands/index.d.ts.map +1 -0
- package/dist/commands/index.js +37 -0
- package/dist/commands/index.js.map +1 -0
- package/dist/commands/types.d.ts +9 -0
- package/dist/commands/types.d.ts.map +1 -0
- package/dist/commands/types.js +5 -0
- package/dist/commands/types.js.map +1 -0
- package/dist/compliance/cis.d.ts +29 -0
- package/dist/compliance/cis.d.ts.map +1 -0
- package/dist/compliance/cis.js +316 -0
- package/dist/compliance/cis.js.map +1 -0
- package/dist/compliance/frameworks/eu-ai-act.d.ts +55 -0
- package/dist/compliance/frameworks/eu-ai-act.d.ts.map +1 -0
- package/dist/compliance/frameworks/eu-ai-act.js +621 -0
- package/dist/compliance/frameworks/eu-ai-act.js.map +1 -0
- package/dist/compliance/frameworks/index.d.ts +67 -0
- package/dist/compliance/frameworks/index.d.ts.map +1 -0
- package/dist/compliance/frameworks/index.js +97 -0
- package/dist/compliance/frameworks/index.js.map +1 -0
- package/dist/compliance/frameworks/iso-42001.d.ts +59 -0
- package/dist/compliance/frameworks/iso-42001.d.ts.map +1 -0
- package/dist/compliance/frameworks/iso-42001.js +719 -0
- package/dist/compliance/frameworks/iso-42001.js.map +1 -0
- package/dist/compliance/frameworks/mitre-atlas.d.ts +58 -0
- package/dist/compliance/frameworks/mitre-atlas.d.ts.map +1 -0
- package/dist/compliance/frameworks/mitre-atlas.js +686 -0
- package/dist/compliance/frameworks/mitre-atlas.js.map +1 -0
- package/dist/compliance/frameworks/nist-ai-rmf.d.ts +51 -0
- package/dist/compliance/frameworks/nist-ai-rmf.d.ts.map +1 -0
- package/dist/compliance/frameworks/nist-ai-rmf.js +677 -0
- package/dist/compliance/frameworks/nist-ai-rmf.js.map +1 -0
- package/dist/compliance/frameworks/owasp-llm.d.ts +58 -0
- package/dist/compliance/frameworks/owasp-llm.d.ts.map +1 -0
- package/dist/compliance/frameworks/owasp-llm.js +399 -0
- package/dist/compliance/frameworks/owasp-llm.js.map +1 -0
- package/dist/compliance/gdpr.d.ts +34 -0
- package/dist/compliance/gdpr.d.ts.map +1 -0
- package/dist/compliance/gdpr.js +319 -0
- package/dist/compliance/gdpr.js.map +1 -0
- package/dist/compliance/hipaa.d.ts +29 -0
- package/dist/compliance/hipaa.d.ts.map +1 -0
- package/dist/compliance/hipaa.js +205 -0
- package/dist/compliance/hipaa.js.map +1 -0
- package/dist/compliance/index.d.ts +18 -0
- package/dist/compliance/index.d.ts.map +1 -0
- package/dist/compliance/index.js +26 -0
- package/dist/compliance/index.js.map +1 -0
- package/dist/compliance/iso27001.d.ts +30 -0
- package/dist/compliance/iso27001.d.ts.map +1 -0
- package/dist/compliance/iso27001.js +332 -0
- package/dist/compliance/iso27001.js.map +1 -0
- package/dist/compliance/mapper.d.ts +42 -0
- package/dist/compliance/mapper.d.ts.map +1 -0
- package/dist/compliance/mapper.js +269 -0
- package/dist/compliance/mapper.js.map +1 -0
- package/dist/compliance/mapper.test.d.ts +5 -0
- package/dist/compliance/mapper.test.d.ts.map +1 -0
- package/dist/compliance/mapper.test.js +360 -0
- package/dist/compliance/mapper.test.js.map +1 -0
- package/dist/compliance/pci-dss.d.ts +29 -0
- package/dist/compliance/pci-dss.d.ts.map +1 -0
- package/dist/compliance/pci-dss.js +247 -0
- package/dist/compliance/pci-dss.js.map +1 -0
- package/dist/compliance/report.d.ts +25 -0
- package/dist/compliance/report.d.ts.map +1 -0
- package/dist/compliance/report.js +254 -0
- package/dist/compliance/report.js.map +1 -0
- package/dist/compliance/report.test.d.ts +5 -0
- package/dist/compliance/report.test.d.ts.map +1 -0
- package/dist/compliance/report.test.js +128 -0
- package/dist/compliance/report.test.js.map +1 -0
- package/dist/compliance/soc2.d.ts +30 -0
- package/dist/compliance/soc2.d.ts.map +1 -0
- package/dist/compliance/soc2.js +262 -0
- package/dist/compliance/soc2.js.map +1 -0
- package/dist/compliance/soc2.test.d.ts +5 -0
- package/dist/compliance/soc2.test.d.ts.map +1 -0
- package/dist/compliance/soc2.test.js +86 -0
- package/dist/compliance/soc2.test.js.map +1 -0
- package/dist/compliance/types.d.ts +125 -0
- package/dist/compliance/types.d.ts.map +1 -0
- package/dist/compliance/types.js +10 -0
- package/dist/compliance/types.js.map +1 -0
- package/dist/config/flags.d.ts +456 -0
- package/dist/config/flags.d.ts.map +1 -0
- package/dist/config/flags.js +464 -0
- package/dist/config/flags.js.map +1 -0
- package/dist/config/index.d.ts +10 -0
- package/dist/config/index.d.ts.map +1 -0
- package/dist/config/index.js +10 -0
- package/dist/config/index.js.map +1 -0
- package/dist/config/severity-overrides.d.ts +209 -0
- package/dist/config/severity-overrides.d.ts.map +1 -0
- package/dist/config/severity-overrides.js +380 -0
- package/dist/config/severity-overrides.js.map +1 -0
- package/dist/cost/index.d.ts +11 -0
- package/dist/cost/index.d.ts.map +1 -0
- package/dist/cost/index.js +12 -0
- package/dist/cost/index.js.map +1 -0
- package/dist/cost/pricing.d.ts +57 -0
- package/dist/cost/pricing.d.ts.map +1 -0
- package/dist/cost/pricing.js +196 -0
- package/dist/cost/pricing.js.map +1 -0
- package/dist/cost/pricing.test.d.ts +5 -0
- package/dist/cost/pricing.test.d.ts.map +1 -0
- package/dist/cost/pricing.test.js +195 -0
- package/dist/cost/pricing.test.js.map +1 -0
- package/dist/cost/tracker.d.ts +100 -0
- package/dist/cost/tracker.d.ts.map +1 -0
- package/dist/cost/tracker.js +366 -0
- package/dist/cost/tracker.js.map +1 -0
- package/dist/cost/tracker.test.d.ts +5 -0
- package/dist/cost/tracker.test.d.ts.map +1 -0
- package/dist/cost/tracker.test.js +360 -0
- package/dist/cost/tracker.test.js.map +1 -0
- package/dist/cost/types.d.ts +135 -0
- package/dist/cost/types.d.ts.map +1 -0
- package/dist/cost/types.js +9 -0
- package/dist/cost/types.js.map +1 -0
- package/dist/enterprise/auth/oidc.d.ts +231 -0
- package/dist/enterprise/auth/oidc.d.ts.map +1 -0
- package/dist/enterprise/auth/oidc.js +372 -0
- package/dist/enterprise/auth/oidc.js.map +1 -0
- package/dist/enterprise/auth/oidc.test.d.ts +5 -0
- package/dist/enterprise/auth/oidc.test.d.ts.map +1 -0
- package/dist/enterprise/auth/oidc.test.js +435 -0
- package/dist/enterprise/auth/oidc.test.js.map +1 -0
- package/dist/enterprise/index.d.ts +14 -0
- package/dist/enterprise/index.d.ts.map +1 -0
- package/dist/enterprise/index.js +19 -0
- package/dist/enterprise/index.js.map +1 -0
- package/dist/enterprise/integrations/chat.d.ts +205 -0
- package/dist/enterprise/integrations/chat.d.ts.map +1 -0
- package/dist/enterprise/integrations/chat.js +624 -0
- package/dist/enterprise/integrations/chat.js.map +1 -0
- package/dist/enterprise/integrations/chat.test.d.ts +5 -0
- package/dist/enterprise/integrations/chat.test.d.ts.map +1 -0
- package/dist/enterprise/integrations/chat.test.js +557 -0
- package/dist/enterprise/integrations/chat.test.js.map +1 -0
- package/dist/enterprise/integrations/ticketing.d.ts +257 -0
- package/dist/enterprise/integrations/ticketing.d.ts.map +1 -0
- package/dist/enterprise/integrations/ticketing.js +548 -0
- package/dist/enterprise/integrations/ticketing.js.map +1 -0
- package/dist/enterprise/integrations/ticketing.test.d.ts +5 -0
- package/dist/enterprise/integrations/ticketing.test.d.ts.map +1 -0
- package/dist/enterprise/integrations/ticketing.test.js +693 -0
- package/dist/enterprise/integrations/ticketing.test.js.map +1 -0
- package/dist/enterprise/policy/opa.d.ts +194 -0
- package/dist/enterprise/policy/opa.d.ts.map +1 -0
- package/dist/enterprise/policy/opa.js +385 -0
- package/dist/enterprise/policy/opa.js.map +1 -0
- package/dist/enterprise/policy/opa.test.d.ts +5 -0
- package/dist/enterprise/policy/opa.test.d.ts.map +1 -0
- package/dist/enterprise/policy/opa.test.js +702 -0
- package/dist/enterprise/policy/opa.test.js.map +1 -0
- package/dist/enterprise/signing/kms.d.ts +211 -0
- package/dist/enterprise/signing/kms.d.ts.map +1 -0
- package/dist/enterprise/signing/kms.js +480 -0
- package/dist/enterprise/signing/kms.js.map +1 -0
- package/dist/enterprise/signing/kms.test.d.ts +5 -0
- package/dist/enterprise/signing/kms.test.d.ts.map +1 -0
- package/dist/enterprise/signing/kms.test.js +511 -0
- package/dist/enterprise/signing/kms.test.js.map +1 -0
- package/dist/eval/fixtures.d.ts +58 -0
- package/dist/eval/fixtures.d.ts.map +1 -0
- package/dist/eval/fixtures.js +571 -0
- package/dist/eval/fixtures.js.map +1 -0
- package/dist/eval/fixtures.test.d.ts +5 -0
- package/dist/eval/fixtures.test.d.ts.map +1 -0
- package/dist/eval/fixtures.test.js +193 -0
- package/dist/eval/fixtures.test.js.map +1 -0
- package/dist/eval/harness.d.ts +30 -0
- package/dist/eval/harness.d.ts.map +1 -0
- package/dist/eval/harness.js +221 -0
- package/dist/eval/harness.js.map +1 -0
- package/dist/eval/harness.test.d.ts +5 -0
- package/dist/eval/harness.test.d.ts.map +1 -0
- package/dist/eval/harness.test.js +314 -0
- package/dist/eval/harness.test.js.map +1 -0
- package/dist/eval/index.d.ts +15 -0
- package/dist/eval/index.d.ts.map +1 -0
- package/dist/eval/index.js +18 -0
- package/dist/eval/index.js.map +1 -0
- package/dist/eval/metrics.d.ts +56 -0
- package/dist/eval/metrics.d.ts.map +1 -0
- package/dist/eval/metrics.js +298 -0
- package/dist/eval/metrics.js.map +1 -0
- package/dist/eval/metrics.test.d.ts +5 -0
- package/dist/eval/metrics.test.d.ts.map +1 -0
- package/dist/eval/metrics.test.js +426 -0
- package/dist/eval/metrics.test.js.map +1 -0
- package/dist/eval/report.d.ts +30 -0
- package/dist/eval/report.d.ts.map +1 -0
- package/dist/eval/report.js +333 -0
- package/dist/eval/report.js.map +1 -0
- package/dist/eval/report.test.d.ts +5 -0
- package/dist/eval/report.test.d.ts.map +1 -0
- package/dist/eval/report.test.js +275 -0
- package/dist/eval/report.test.js.map +1 -0
- package/dist/eval/types.d.ts +234 -0
- package/dist/eval/types.d.ts.map +1 -0
- package/dist/eval/types.js +27 -0
- package/dist/eval/types.js.map +1 -0
- package/dist/http-server.d.ts +3 -0
- package/dist/http-server.d.ts.map +1 -0
- package/dist/http-server.js +127 -0
- package/dist/http-server.js.map +1 -0
- package/dist/index.d.ts +33 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +4120 -0
- package/dist/index.js.map +1 -0
- package/dist/logger.d.ts +46 -0
- package/dist/logger.d.ts.map +1 -0
- package/dist/logger.js +131 -0
- package/dist/logger.js.map +1 -0
- package/dist/multimodel/consensus.d.ts +49 -0
- package/dist/multimodel/consensus.d.ts.map +1 -0
- package/dist/multimodel/consensus.js +454 -0
- package/dist/multimodel/consensus.js.map +1 -0
- package/dist/multimodel/consensus.test.d.ts +5 -0
- package/dist/multimodel/consensus.test.d.ts.map +1 -0
- package/dist/multimodel/consensus.test.js +415 -0
- package/dist/multimodel/consensus.test.js.map +1 -0
- package/dist/multimodel/index.d.ts +13 -0
- package/dist/multimodel/index.d.ts.map +1 -0
- package/dist/multimodel/index.js +14 -0
- package/dist/multimodel/index.js.map +1 -0
- package/dist/multimodel/runner.d.ts +95 -0
- package/dist/multimodel/runner.d.ts.map +1 -0
- package/dist/multimodel/runner.js +312 -0
- package/dist/multimodel/runner.js.map +1 -0
- package/dist/multimodel/runner.test.d.ts +5 -0
- package/dist/multimodel/runner.test.d.ts.map +1 -0
- package/dist/multimodel/runner.test.js +224 -0
- package/dist/multimodel/runner.test.js.map +1 -0
- package/dist/multimodel/types.d.ts +202 -0
- package/dist/multimodel/types.d.ts.map +1 -0
- package/dist/multimodel/types.js +10 -0
- package/dist/multimodel/types.js.map +1 -0
- package/dist/observability/index.d.ts +9 -0
- package/dist/observability/index.d.ts.map +1 -0
- package/dist/observability/index.js +9 -0
- package/dist/observability/index.js.map +1 -0
- package/dist/observability/otel.d.ts +102 -0
- package/dist/observability/otel.d.ts.map +1 -0
- package/dist/observability/otel.js +284 -0
- package/dist/observability/otel.js.map +1 -0
- package/dist/plugins/index.d.ts +10 -0
- package/dist/plugins/index.d.ts.map +1 -0
- package/dist/plugins/index.js +10 -0
- package/dist/plugins/index.js.map +1 -0
- package/dist/plugins/loader.d.ts +78 -0
- package/dist/plugins/loader.d.ts.map +1 -0
- package/dist/plugins/loader.js +470 -0
- package/dist/plugins/loader.js.map +1 -0
- package/dist/plugins/types.d.ts +304 -0
- package/dist/plugins/types.d.ts.map +1 -0
- package/dist/plugins/types.js +100 -0
- package/dist/plugins/types.js.map +1 -0
- package/dist/sbom/cyclonedx.d.ts +30 -0
- package/dist/sbom/cyclonedx.d.ts.map +1 -0
- package/dist/sbom/cyclonedx.js +392 -0
- package/dist/sbom/cyclonedx.js.map +1 -0
- package/dist/sbom/cyclonedx.test.d.ts +5 -0
- package/dist/sbom/cyclonedx.test.d.ts.map +1 -0
- package/dist/sbom/cyclonedx.test.js +244 -0
- package/dist/sbom/cyclonedx.test.js.map +1 -0
- package/dist/sbom/index.d.ts +13 -0
- package/dist/sbom/index.d.ts.map +1 -0
- package/dist/sbom/index.js +15 -0
- package/dist/sbom/index.js.map +1 -0
- package/dist/sbom/provenance.d.ts +37 -0
- package/dist/sbom/provenance.d.ts.map +1 -0
- package/dist/sbom/provenance.js +268 -0
- package/dist/sbom/provenance.js.map +1 -0
- package/dist/sbom/provenance.test.d.ts +5 -0
- package/dist/sbom/provenance.test.d.ts.map +1 -0
- package/dist/sbom/provenance.test.js +189 -0
- package/dist/sbom/provenance.test.js.map +1 -0
- package/dist/sbom/signing.d.ts +87 -0
- package/dist/sbom/signing.d.ts.map +1 -0
- package/dist/sbom/signing.js +354 -0
- package/dist/sbom/signing.js.map +1 -0
- package/dist/sbom/signing.test.d.ts +5 -0
- package/dist/sbom/signing.test.d.ts.map +1 -0
- package/dist/sbom/signing.test.js +170 -0
- package/dist/sbom/signing.test.js.map +1 -0
- package/dist/sbom/types.d.ts +384 -0
- package/dist/sbom/types.d.ts.map +1 -0
- package/dist/sbom/types.js +17 -0
- package/dist/sbom/types.js.map +1 -0
- package/dist/scanners/agent/credential-scope-audit.d.ts +40 -0
- package/dist/scanners/agent/credential-scope-audit.d.ts.map +1 -0
- package/dist/scanners/agent/credential-scope-audit.js +404 -0
- package/dist/scanners/agent/credential-scope-audit.js.map +1 -0
- package/dist/scanners/agent/exfil-path-graph.d.ts +50 -0
- package/dist/scanners/agent/exfil-path-graph.d.ts.map +1 -0
- package/dist/scanners/agent/exfil-path-graph.js +764 -0
- package/dist/scanners/agent/exfil-path-graph.js.map +1 -0
- package/dist/scanners/agent/index.d.ts +43 -0
- package/dist/scanners/agent/index.d.ts.map +1 -0
- package/dist/scanners/agent/index.js +616 -0
- package/dist/scanners/agent/index.js.map +1 -0
- package/dist/scanners/agent/manifest-audit.d.ts +43 -0
- package/dist/scanners/agent/manifest-audit.d.ts.map +1 -0
- package/dist/scanners/agent/manifest-audit.js +403 -0
- package/dist/scanners/agent/manifest-audit.js.map +1 -0
- package/dist/scanners/agent/payloads/index.d.ts +44 -0
- package/dist/scanners/agent/payloads/index.d.ts.map +1 -0
- package/dist/scanners/agent/payloads/index.js +184 -0
- package/dist/scanners/agent/payloads/index.js.map +1 -0
- package/dist/scanners/agent/permission-minimiser.d.ts +48 -0
- package/dist/scanners/agent/permission-minimiser.d.ts.map +1 -0
- package/dist/scanners/agent/permission-minimiser.js +551 -0
- package/dist/scanners/agent/permission-minimiser.js.map +1 -0
- package/dist/scanners/agent/prompt-injection-fuzzer.d.ts +39 -0
- package/dist/scanners/agent/prompt-injection-fuzzer.d.ts.map +1 -0
- package/dist/scanners/agent/prompt-injection-fuzzer.js +720 -0
- package/dist/scanners/agent/prompt-injection-fuzzer.js.map +1 -0
- package/dist/scanners/agent/sandbox-audit.d.ts +44 -0
- package/dist/scanners/agent/sandbox-audit.d.ts.map +1 -0
- package/dist/scanners/agent/sandbox-audit.js +425 -0
- package/dist/scanners/agent/sandbox-audit.js.map +1 -0
- package/dist/scanners/agent/supply-chain-mcp.d.ts +53 -0
- package/dist/scanners/agent/supply-chain-mcp.d.ts.map +1 -0
- package/dist/scanners/agent/supply-chain-mcp.js +479 -0
- package/dist/scanners/agent/supply-chain-mcp.js.map +1 -0
- package/dist/scanners/agent/tool-description-drift.d.ts +62 -0
- package/dist/scanners/agent/tool-description-drift.d.ts.map +1 -0
- package/dist/scanners/agent/tool-description-drift.js +365 -0
- package/dist/scanners/agent/tool-description-drift.js.map +1 -0
- package/dist/scanners/agent/types.d.ts +840 -0
- package/dist/scanners/agent/types.d.ts.map +1 -0
- package/dist/scanners/agent/types.js +149 -0
- package/dist/scanners/agent/types.js.map +1 -0
- package/dist/scanners/bandit.d.ts +25 -0
- package/dist/scanners/bandit.d.ts.map +1 -0
- package/dist/scanners/bandit.js +129 -0
- package/dist/scanners/bandit.js.map +1 -0
- package/dist/scanners/binary-analysis.d.ts +41 -0
- package/dist/scanners/binary-analysis.d.ts.map +1 -0
- package/dist/scanners/binary-analysis.js +587 -0
- package/dist/scanners/binary-analysis.js.map +1 -0
- package/dist/scanners/binary-analysis.test.d.ts +5 -0
- package/dist/scanners/binary-analysis.test.d.ts.map +1 -0
- package/dist/scanners/binary-analysis.test.js +291 -0
- package/dist/scanners/binary-analysis.test.js.map +1 -0
- package/dist/scanners/brakeman.d.ts +30 -0
- package/dist/scanners/brakeman.d.ts.map +1 -0
- package/dist/scanners/brakeman.js +271 -0
- package/dist/scanners/brakeman.js.map +1 -0
- package/dist/scanners/dependencies.d.ts +22 -0
- package/dist/scanners/dependencies.d.ts.map +1 -0
- package/dist/scanners/dependencies.js +202 -0
- package/dist/scanners/dependencies.js.map +1 -0
- package/dist/scanners/dependencies.test.d.ts +5 -0
- package/dist/scanners/dependencies.test.d.ts.map +1 -0
- package/dist/scanners/dependencies.test.js +185 -0
- package/dist/scanners/dependencies.test.js.map +1 -0
- package/dist/scanners/eslint.d.ts +25 -0
- package/dist/scanners/eslint.d.ts.map +1 -0
- package/dist/scanners/eslint.js +220 -0
- package/dist/scanners/eslint.js.map +1 -0
- package/dist/scanners/gosec.d.ts +25 -0
- package/dist/scanners/gosec.d.ts.map +1 -0
- package/dist/scanners/gosec.js +128 -0
- package/dist/scanners/gosec.js.map +1 -0
- package/dist/scanners/index.d.ts +128 -0
- package/dist/scanners/index.d.ts.map +1 -0
- package/dist/scanners/index.js +811 -0
- package/dist/scanners/index.js.map +1 -0
- package/dist/scanners/index.test.d.ts +5 -0
- package/dist/scanners/index.test.d.ts.map +1 -0
- package/dist/scanners/index.test.js +424 -0
- package/dist/scanners/index.test.js.map +1 -0
- package/dist/scanners/memory-safety.d.ts +44 -0
- package/dist/scanners/memory-safety.d.ts.map +1 -0
- package/dist/scanners/memory-safety.js +571 -0
- package/dist/scanners/memory-safety.js.map +1 -0
- package/dist/scanners/memory-safety.test.d.ts +5 -0
- package/dist/scanners/memory-safety.test.d.ts.map +1 -0
- package/dist/scanners/memory-safety.test.js +321 -0
- package/dist/scanners/memory-safety.test.js.map +1 -0
- package/dist/scanners/race-condition.d.ts +25 -0
- package/dist/scanners/race-condition.d.ts.map +1 -0
- package/dist/scanners/race-condition.js +443 -0
- package/dist/scanners/race-condition.js.map +1 -0
- package/dist/scanners/race-condition.test.d.ts +5 -0
- package/dist/scanners/race-condition.test.d.ts.map +1 -0
- package/dist/scanners/race-condition.test.js +428 -0
- package/dist/scanners/race-condition.test.js.map +1 -0
- package/dist/scanners/secrets.d.ts +25 -0
- package/dist/scanners/secrets.d.ts.map +1 -0
- package/dist/scanners/secrets.js +367 -0
- package/dist/scanners/secrets.js.map +1 -0
- package/dist/scanners/secrets.test.d.ts +5 -0
- package/dist/scanners/secrets.test.d.ts.map +1 -0
- package/dist/scanners/secrets.test.js +160 -0
- package/dist/scanners/secrets.test.js.map +1 -0
- package/dist/scanners/semgrep.d.ts +33 -0
- package/dist/scanners/semgrep.d.ts.map +1 -0
- package/dist/scanners/semgrep.js +350 -0
- package/dist/scanners/semgrep.js.map +1 -0
- package/dist/scanners/semgrep.test.d.ts +8 -0
- package/dist/scanners/semgrep.test.d.ts.map +1 -0
- package/dist/scanners/semgrep.test.js +254 -0
- package/dist/scanners/semgrep.test.js.map +1 -0
- package/dist/scanners/trivy.d.ts +26 -0
- package/dist/scanners/trivy.d.ts.map +1 -0
- package/dist/scanners/trivy.js +187 -0
- package/dist/scanners/trivy.js.map +1 -0
- package/dist/scanners/types.d.ts +210 -0
- package/dist/scanners/types.d.ts.map +1 -0
- package/dist/scanners/types.js +106 -0
- package/dist/scanners/types.js.map +1 -0
- package/dist/scanners/types.test.d.ts +5 -0
- package/dist/scanners/types.test.d.ts.map +1 -0
- package/dist/scanners/types.test.js +103 -0
- package/dist/scanners/types.test.js.map +1 -0
- package/dist/scanners/typescript.d.ts +32 -0
- package/dist/scanners/typescript.d.ts.map +1 -0
- package/dist/scanners/typescript.js +300 -0
- package/dist/scanners/typescript.js.map +1 -0
- package/dist/scanners/typescript.test.d.ts +5 -0
- package/dist/scanners/typescript.test.d.ts.map +1 -0
- package/dist/scanners/typescript.test.js +296 -0
- package/dist/scanners/typescript.test.js.map +1 -0
- package/dist/transcripts/index.d.ts +13 -0
- package/dist/transcripts/index.d.ts.map +1 -0
- package/dist/transcripts/index.js +17 -0
- package/dist/transcripts/index.js.map +1 -0
- package/dist/transcripts/logger.d.ts +190 -0
- package/dist/transcripts/logger.d.ts.map +1 -0
- package/dist/transcripts/logger.js +385 -0
- package/dist/transcripts/logger.js.map +1 -0
- package/dist/transcripts/logger.test.d.ts +5 -0
- package/dist/transcripts/logger.test.d.ts.map +1 -0
- package/dist/transcripts/logger.test.js +227 -0
- package/dist/transcripts/logger.test.js.map +1 -0
- package/dist/transcripts/redaction.d.ts +125 -0
- package/dist/transcripts/redaction.d.ts.map +1 -0
- package/dist/transcripts/redaction.js +416 -0
- package/dist/transcripts/redaction.js.map +1 -0
- package/dist/transcripts/redaction.test.d.ts +5 -0
- package/dist/transcripts/redaction.test.d.ts.map +1 -0
- package/dist/transcripts/redaction.test.js +267 -0
- package/dist/transcripts/redaction.test.js.map +1 -0
- package/dist/transcripts/signing.d.ts +108 -0
- package/dist/transcripts/signing.d.ts.map +1 -0
- package/dist/transcripts/signing.js +173 -0
- package/dist/transcripts/signing.js.map +1 -0
- package/dist/transcripts/verifier.d.ts +133 -0
- package/dist/transcripts/verifier.d.ts.map +1 -0
- package/dist/transcripts/verifier.js +489 -0
- package/dist/transcripts/verifier.js.map +1 -0
- package/dist/transcripts/verifier.test.d.ts +5 -0
- package/dist/transcripts/verifier.test.d.ts.map +1 -0
- package/dist/transcripts/verifier.test.js +330 -0
- package/dist/transcripts/verifier.test.js.map +1 -0
- package/dist/util/concurrency.d.ts +221 -0
- package/dist/util/concurrency.d.ts.map +1 -0
- package/dist/util/concurrency.js +339 -0
- package/dist/util/concurrency.js.map +1 -0
- package/dist/util/index.d.ts +12 -0
- package/dist/util/index.d.ts.map +1 -0
- package/dist/util/index.js +12 -0
- package/dist/util/index.js.map +1 -0
- package/dist/util/json.d.ts +63 -0
- package/dist/util/json.d.ts.map +1 -0
- package/dist/util/json.js +134 -0
- package/dist/util/json.js.map +1 -0
- package/dist/util/paths.d.ts +56 -0
- package/dist/util/paths.d.ts.map +1 -0
- package/dist/util/paths.js +128 -0
- package/dist/util/paths.js.map +1 -0
- package/dist/util/retry.d.ts +185 -0
- package/dist/util/retry.d.ts.map +1 -0
- package/dist/util/retry.js +338 -0
- package/dist/util/retry.js.map +1 -0
- package/package.json +79 -0
|
@@ -0,0 +1,702 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Tests for OPA/Rego Policy Evaluation
|
|
3
|
+
*/
|
|
4
|
+
import { describe, it, expect, beforeEach, vi, afterEach } from "vitest";
|
|
5
|
+
import { writeFile, unlink, mkdir } from "fs/promises";
|
|
6
|
+
import { join } from "path";
|
|
7
|
+
import { tmpdir } from "os";
|
|
8
|
+
import { OPAClient, createOPAClient, createLocalOPAClient, createRemoteOPAClient, generateDefaultPolicy, generateSOC2Policy, policyResultToFindings, } from "./opa.js";
|
|
9
|
+
// Mock fetch
|
|
10
|
+
const mockFetch = vi.fn();
|
|
11
|
+
global.fetch = mockFetch;
|
|
12
|
+
describe("OPAClient", () => {
|
|
13
|
+
let tempDir;
|
|
14
|
+
beforeEach(async () => {
|
|
15
|
+
vi.clearAllMocks();
|
|
16
|
+
tempDir = join(tmpdir(), `opa-test-${Date.now()}`);
|
|
17
|
+
await mkdir(tempDir, { recursive: true });
|
|
18
|
+
});
|
|
19
|
+
afterEach(async () => {
|
|
20
|
+
// Cleanup temp files
|
|
21
|
+
try {
|
|
22
|
+
await unlink(join(tempDir, "policy.json"));
|
|
23
|
+
}
|
|
24
|
+
catch {
|
|
25
|
+
// Ignore
|
|
26
|
+
}
|
|
27
|
+
});
|
|
28
|
+
describe("local evaluation", () => {
|
|
29
|
+
it("evaluates policy from local bundle", async () => {
|
|
30
|
+
const policy = {
|
|
31
|
+
version: "1.0.0",
|
|
32
|
+
rules: {
|
|
33
|
+
minScore: 70,
|
|
34
|
+
maxCriticalFindings: 0,
|
|
35
|
+
},
|
|
36
|
+
complianceChecks: [],
|
|
37
|
+
};
|
|
38
|
+
const policyPath = join(tempDir, "policy.json");
|
|
39
|
+
await writeFile(policyPath, JSON.stringify(policy));
|
|
40
|
+
const client = new OPAClient({
|
|
41
|
+
mode: "local",
|
|
42
|
+
bundlePath: policyPath,
|
|
43
|
+
});
|
|
44
|
+
const input = {
|
|
45
|
+
certification: {
|
|
46
|
+
id: "cert-123",
|
|
47
|
+
target: "test-repo",
|
|
48
|
+
status: "completed",
|
|
49
|
+
score: 85,
|
|
50
|
+
findings: [],
|
|
51
|
+
frameworks: ["SOC2"],
|
|
52
|
+
startedAt: new Date().toISOString(),
|
|
53
|
+
},
|
|
54
|
+
};
|
|
55
|
+
const result = await client.evaluate(input);
|
|
56
|
+
expect(result.allow).toBe(true);
|
|
57
|
+
expect(result.evaluatedAt).toBeDefined();
|
|
58
|
+
expect(result.policyVersion).toBe("1.0.0");
|
|
59
|
+
});
|
|
60
|
+
it("denies when score below minimum", async () => {
|
|
61
|
+
const policy = {
|
|
62
|
+
version: "1.0.0",
|
|
63
|
+
rules: {
|
|
64
|
+
minScore: 80,
|
|
65
|
+
},
|
|
66
|
+
};
|
|
67
|
+
const policyPath = join(tempDir, "policy.json");
|
|
68
|
+
await writeFile(policyPath, JSON.stringify(policy));
|
|
69
|
+
const client = new OPAClient({
|
|
70
|
+
mode: "local",
|
|
71
|
+
bundlePath: policyPath,
|
|
72
|
+
});
|
|
73
|
+
const input = {
|
|
74
|
+
certification: {
|
|
75
|
+
id: "cert-123",
|
|
76
|
+
target: "test-repo",
|
|
77
|
+
status: "completed",
|
|
78
|
+
score: 65,
|
|
79
|
+
findings: [],
|
|
80
|
+
frameworks: [],
|
|
81
|
+
startedAt: new Date().toISOString(),
|
|
82
|
+
},
|
|
83
|
+
};
|
|
84
|
+
const result = await client.evaluate(input);
|
|
85
|
+
expect(result.allow).toBe(false);
|
|
86
|
+
expect(result.denialReasons).toContain("Certification score 65 below minimum 80");
|
|
87
|
+
});
|
|
88
|
+
it("denies when too many critical findings", async () => {
|
|
89
|
+
const policy = {
|
|
90
|
+
version: "1.0.0",
|
|
91
|
+
rules: {
|
|
92
|
+
maxCriticalFindings: 0,
|
|
93
|
+
},
|
|
94
|
+
};
|
|
95
|
+
const policyPath = join(tempDir, "policy.json");
|
|
96
|
+
await writeFile(policyPath, JSON.stringify(policy));
|
|
97
|
+
const client = new OPAClient({
|
|
98
|
+
mode: "local",
|
|
99
|
+
bundlePath: policyPath,
|
|
100
|
+
});
|
|
101
|
+
const input = {
|
|
102
|
+
certification: {
|
|
103
|
+
id: "cert-123",
|
|
104
|
+
target: "test-repo",
|
|
105
|
+
status: "completed",
|
|
106
|
+
score: 85,
|
|
107
|
+
findings: [
|
|
108
|
+
{ id: "f1", severity: "critical", category: "vuln", confidence: 95 },
|
|
109
|
+
],
|
|
110
|
+
frameworks: [],
|
|
111
|
+
startedAt: new Date().toISOString(),
|
|
112
|
+
},
|
|
113
|
+
};
|
|
114
|
+
const result = await client.evaluate(input);
|
|
115
|
+
expect(result.allow).toBe(false);
|
|
116
|
+
expect(result.denialReasons?.[0]).toContain("critical findings exceed");
|
|
117
|
+
});
|
|
118
|
+
it("denies when too many high-severity findings", async () => {
|
|
119
|
+
const policy = {
|
|
120
|
+
version: "1.0.0",
|
|
121
|
+
rules: {
|
|
122
|
+
maxHighFindings: 2,
|
|
123
|
+
},
|
|
124
|
+
};
|
|
125
|
+
const policyPath = join(tempDir, "policy.json");
|
|
126
|
+
await writeFile(policyPath, JSON.stringify(policy));
|
|
127
|
+
const client = new OPAClient({
|
|
128
|
+
mode: "local",
|
|
129
|
+
bundlePath: policyPath,
|
|
130
|
+
});
|
|
131
|
+
const input = {
|
|
132
|
+
certification: {
|
|
133
|
+
id: "cert-123",
|
|
134
|
+
target: "test-repo",
|
|
135
|
+
status: "completed",
|
|
136
|
+
score: 75,
|
|
137
|
+
findings: [
|
|
138
|
+
{ id: "f1", severity: "high", category: "vuln", confidence: 90 },
|
|
139
|
+
{ id: "f2", severity: "high", category: "vuln", confidence: 85 },
|
|
140
|
+
{ id: "f3", severity: "high", category: "vuln", confidence: 80 },
|
|
141
|
+
],
|
|
142
|
+
frameworks: [],
|
|
143
|
+
startedAt: new Date().toISOString(),
|
|
144
|
+
},
|
|
145
|
+
};
|
|
146
|
+
const result = await client.evaluate(input);
|
|
147
|
+
expect(result.allow).toBe(false);
|
|
148
|
+
expect(result.denialReasons?.[0]).toContain("high-severity findings exceed");
|
|
149
|
+
});
|
|
150
|
+
it("denies when required framework missing", async () => {
|
|
151
|
+
const policy = {
|
|
152
|
+
version: "1.0.0",
|
|
153
|
+
rules: {
|
|
154
|
+
requiredFrameworks: ["SOC2", "ISO27001"],
|
|
155
|
+
},
|
|
156
|
+
};
|
|
157
|
+
const policyPath = join(tempDir, "policy.json");
|
|
158
|
+
await writeFile(policyPath, JSON.stringify(policy));
|
|
159
|
+
const client = new OPAClient({
|
|
160
|
+
mode: "local",
|
|
161
|
+
bundlePath: policyPath,
|
|
162
|
+
});
|
|
163
|
+
const input = {
|
|
164
|
+
certification: {
|
|
165
|
+
id: "cert-123",
|
|
166
|
+
target: "test-repo",
|
|
167
|
+
status: "completed",
|
|
168
|
+
score: 90,
|
|
169
|
+
findings: [],
|
|
170
|
+
frameworks: ["SOC2"],
|
|
171
|
+
startedAt: new Date().toISOString(),
|
|
172
|
+
},
|
|
173
|
+
};
|
|
174
|
+
const result = await client.evaluate(input);
|
|
175
|
+
expect(result.allow).toBe(false);
|
|
176
|
+
expect(result.denialReasons?.[0]).toContain("ISO27001");
|
|
177
|
+
});
|
|
178
|
+
it("denies findings in blocked categories", async () => {
|
|
179
|
+
const policy = {
|
|
180
|
+
version: "1.0.0",
|
|
181
|
+
rules: {
|
|
182
|
+
blockedCategories: ["sql-injection", "xss"],
|
|
183
|
+
},
|
|
184
|
+
};
|
|
185
|
+
const policyPath = join(tempDir, "policy.json");
|
|
186
|
+
await writeFile(policyPath, JSON.stringify(policy));
|
|
187
|
+
const client = new OPAClient({
|
|
188
|
+
mode: "local",
|
|
189
|
+
bundlePath: policyPath,
|
|
190
|
+
});
|
|
191
|
+
const input = {
|
|
192
|
+
certification: {
|
|
193
|
+
id: "cert-123",
|
|
194
|
+
target: "test-repo",
|
|
195
|
+
status: "completed",
|
|
196
|
+
score: 80,
|
|
197
|
+
findings: [
|
|
198
|
+
{ id: "f1", severity: "high", category: "sql-injection", confidence: 95 },
|
|
199
|
+
],
|
|
200
|
+
frameworks: [],
|
|
201
|
+
startedAt: new Date().toISOString(),
|
|
202
|
+
},
|
|
203
|
+
};
|
|
204
|
+
const result = await client.evaluate(input);
|
|
205
|
+
expect(result.allow).toBe(false);
|
|
206
|
+
expect(result.denialReasons?.[0]).toContain("blocked category");
|
|
207
|
+
});
|
|
208
|
+
it("generates required remediations", async () => {
|
|
209
|
+
const policy = {
|
|
210
|
+
version: "1.0.0",
|
|
211
|
+
rules: {
|
|
212
|
+
requireRemediationFor: ["critical", "high"],
|
|
213
|
+
},
|
|
214
|
+
};
|
|
215
|
+
const policyPath = join(tempDir, "policy.json");
|
|
216
|
+
await writeFile(policyPath, JSON.stringify(policy));
|
|
217
|
+
const client = new OPAClient({
|
|
218
|
+
mode: "local",
|
|
219
|
+
bundlePath: policyPath,
|
|
220
|
+
});
|
|
221
|
+
const input = {
|
|
222
|
+
certification: {
|
|
223
|
+
id: "cert-123",
|
|
224
|
+
target: "test-repo",
|
|
225
|
+
status: "completed",
|
|
226
|
+
score: 80,
|
|
227
|
+
findings: [
|
|
228
|
+
{ id: "f1", severity: "critical", category: "vuln", confidence: 95 },
|
|
229
|
+
{ id: "f2", severity: "low", category: "style", confidence: 90 },
|
|
230
|
+
],
|
|
231
|
+
frameworks: [],
|
|
232
|
+
startedAt: new Date().toISOString(),
|
|
233
|
+
},
|
|
234
|
+
};
|
|
235
|
+
const result = await client.evaluate(input);
|
|
236
|
+
expect(result.requiredRemediations).toBeDefined();
|
|
237
|
+
expect(result.requiredRemediations?.[0]).toContain("f1");
|
|
238
|
+
});
|
|
239
|
+
it("generates warnings for warn categories", async () => {
|
|
240
|
+
const policy = {
|
|
241
|
+
version: "1.0.0",
|
|
242
|
+
rules: {
|
|
243
|
+
warnOnCategories: ["dependency-vuln"],
|
|
244
|
+
},
|
|
245
|
+
};
|
|
246
|
+
const policyPath = join(tempDir, "policy.json");
|
|
247
|
+
await writeFile(policyPath, JSON.stringify(policy));
|
|
248
|
+
const client = new OPAClient({
|
|
249
|
+
mode: "local",
|
|
250
|
+
bundlePath: policyPath,
|
|
251
|
+
});
|
|
252
|
+
const input = {
|
|
253
|
+
certification: {
|
|
254
|
+
id: "cert-123",
|
|
255
|
+
target: "test-repo",
|
|
256
|
+
status: "completed",
|
|
257
|
+
score: 80,
|
|
258
|
+
findings: [
|
|
259
|
+
{ id: "f1", severity: "medium", category: "dependency-vuln", confidence: 85 },
|
|
260
|
+
],
|
|
261
|
+
frameworks: [],
|
|
262
|
+
startedAt: new Date().toISOString(),
|
|
263
|
+
},
|
|
264
|
+
};
|
|
265
|
+
const result = await client.evaluate(input);
|
|
266
|
+
expect(result.allow).toBe(true);
|
|
267
|
+
expect(result.warnings).toBeDefined();
|
|
268
|
+
expect(result.warnings?.[0]).toContain("dependency-vuln");
|
|
269
|
+
});
|
|
270
|
+
it("throws when bundle path not found", async () => {
|
|
271
|
+
const client = new OPAClient({
|
|
272
|
+
mode: "local",
|
|
273
|
+
bundlePath: "/nonexistent/path/policy.json",
|
|
274
|
+
});
|
|
275
|
+
const input = {
|
|
276
|
+
certification: {
|
|
277
|
+
id: "cert-123",
|
|
278
|
+
target: "test-repo",
|
|
279
|
+
status: "completed",
|
|
280
|
+
score: 80,
|
|
281
|
+
findings: [],
|
|
282
|
+
frameworks: [],
|
|
283
|
+
startedAt: new Date().toISOString(),
|
|
284
|
+
},
|
|
285
|
+
};
|
|
286
|
+
await expect(client.evaluate(input)).rejects.toThrow("Policy bundle not found");
|
|
287
|
+
});
|
|
288
|
+
it("throws when bundle path not specified", async () => {
|
|
289
|
+
const client = new OPAClient({
|
|
290
|
+
mode: "local",
|
|
291
|
+
});
|
|
292
|
+
const input = {
|
|
293
|
+
certification: {
|
|
294
|
+
id: "cert-123",
|
|
295
|
+
target: "test-repo",
|
|
296
|
+
status: "completed",
|
|
297
|
+
score: 80,
|
|
298
|
+
findings: [],
|
|
299
|
+
frameworks: [],
|
|
300
|
+
startedAt: new Date().toISOString(),
|
|
301
|
+
},
|
|
302
|
+
};
|
|
303
|
+
await expect(client.evaluate(input)).rejects.toThrow("Bundle path required");
|
|
304
|
+
});
|
|
305
|
+
});
|
|
306
|
+
describe("compliance checks", () => {
|
|
307
|
+
it("evaluates no_findings check", async () => {
|
|
308
|
+
const policy = {
|
|
309
|
+
version: "1.0.0",
|
|
310
|
+
rules: {},
|
|
311
|
+
complianceChecks: [
|
|
312
|
+
{
|
|
313
|
+
control: "SEC-001",
|
|
314
|
+
framework: "internal",
|
|
315
|
+
message: "No critical vulns",
|
|
316
|
+
blocking: true,
|
|
317
|
+
type: "no_findings",
|
|
318
|
+
category: "critical-vuln",
|
|
319
|
+
},
|
|
320
|
+
],
|
|
321
|
+
};
|
|
322
|
+
const policyPath = join(tempDir, "policy.json");
|
|
323
|
+
await writeFile(policyPath, JSON.stringify(policy));
|
|
324
|
+
const client = new OPAClient({
|
|
325
|
+
mode: "local",
|
|
326
|
+
bundlePath: policyPath,
|
|
327
|
+
});
|
|
328
|
+
const input = {
|
|
329
|
+
certification: {
|
|
330
|
+
id: "cert-123",
|
|
331
|
+
target: "test-repo",
|
|
332
|
+
status: "completed",
|
|
333
|
+
score: 80,
|
|
334
|
+
findings: [
|
|
335
|
+
{ id: "f1", severity: "high", category: "critical-vuln", confidence: 95 },
|
|
336
|
+
],
|
|
337
|
+
frameworks: [],
|
|
338
|
+
startedAt: new Date().toISOString(),
|
|
339
|
+
},
|
|
340
|
+
};
|
|
341
|
+
const result = await client.evaluate(input);
|
|
342
|
+
expect(result.allow).toBe(false);
|
|
343
|
+
expect(result.complianceFindings).toBeDefined();
|
|
344
|
+
expect(result.complianceFindings?.[0].status).toBe("fail");
|
|
345
|
+
});
|
|
346
|
+
it("evaluates max_findings check", async () => {
|
|
347
|
+
const policy = {
|
|
348
|
+
version: "1.0.0",
|
|
349
|
+
rules: {},
|
|
350
|
+
complianceChecks: [
|
|
351
|
+
{
|
|
352
|
+
control: "SEC-002",
|
|
353
|
+
framework: "internal",
|
|
354
|
+
message: "Max 2 medium findings",
|
|
355
|
+
blocking: false,
|
|
356
|
+
type: "max_findings",
|
|
357
|
+
category: "medium-issue",
|
|
358
|
+
maxCount: 2,
|
|
359
|
+
},
|
|
360
|
+
],
|
|
361
|
+
};
|
|
362
|
+
const policyPath = join(tempDir, "policy.json");
|
|
363
|
+
await writeFile(policyPath, JSON.stringify(policy));
|
|
364
|
+
const client = new OPAClient({
|
|
365
|
+
mode: "local",
|
|
366
|
+
bundlePath: policyPath,
|
|
367
|
+
});
|
|
368
|
+
const input = {
|
|
369
|
+
certification: {
|
|
370
|
+
id: "cert-123",
|
|
371
|
+
target: "test-repo",
|
|
372
|
+
status: "completed",
|
|
373
|
+
score: 80,
|
|
374
|
+
findings: [
|
|
375
|
+
{ id: "f1", severity: "medium", category: "medium-issue", confidence: 85 },
|
|
376
|
+
{ id: "f2", severity: "medium", category: "medium-issue", confidence: 80 },
|
|
377
|
+
],
|
|
378
|
+
frameworks: [],
|
|
379
|
+
startedAt: new Date().toISOString(),
|
|
380
|
+
},
|
|
381
|
+
};
|
|
382
|
+
const result = await client.evaluate(input);
|
|
383
|
+
expect(result.allow).toBe(true);
|
|
384
|
+
expect(result.complianceFindings?.[0].status).toBe("pass");
|
|
385
|
+
});
|
|
386
|
+
it("evaluates min_score check", async () => {
|
|
387
|
+
const policy = {
|
|
388
|
+
version: "1.0.0",
|
|
389
|
+
rules: {},
|
|
390
|
+
complianceChecks: [
|
|
391
|
+
{
|
|
392
|
+
control: "SEC-003",
|
|
393
|
+
framework: "internal",
|
|
394
|
+
message: "Min score 80",
|
|
395
|
+
blocking: true,
|
|
396
|
+
type: "min_score",
|
|
397
|
+
minScore: 80,
|
|
398
|
+
},
|
|
399
|
+
],
|
|
400
|
+
};
|
|
401
|
+
const policyPath = join(tempDir, "policy.json");
|
|
402
|
+
await writeFile(policyPath, JSON.stringify(policy));
|
|
403
|
+
const client = new OPAClient({
|
|
404
|
+
mode: "local",
|
|
405
|
+
bundlePath: policyPath,
|
|
406
|
+
});
|
|
407
|
+
const input = {
|
|
408
|
+
certification: {
|
|
409
|
+
id: "cert-123",
|
|
410
|
+
target: "test-repo",
|
|
411
|
+
status: "completed",
|
|
412
|
+
score: 75,
|
|
413
|
+
findings: [],
|
|
414
|
+
frameworks: [],
|
|
415
|
+
startedAt: new Date().toISOString(),
|
|
416
|
+
},
|
|
417
|
+
};
|
|
418
|
+
const result = await client.evaluate(input);
|
|
419
|
+
expect(result.allow).toBe(false);
|
|
420
|
+
expect(result.complianceFindings?.[0].status).toBe("fail");
|
|
421
|
+
});
|
|
422
|
+
it("evaluates has_framework check", async () => {
|
|
423
|
+
const policy = {
|
|
424
|
+
version: "1.0.0",
|
|
425
|
+
rules: {},
|
|
426
|
+
complianceChecks: [
|
|
427
|
+
{
|
|
428
|
+
control: "SEC-004",
|
|
429
|
+
framework: "SOC2",
|
|
430
|
+
message: "SOC2 required",
|
|
431
|
+
blocking: true,
|
|
432
|
+
type: "has_framework",
|
|
433
|
+
requiredFramework: "SOC2",
|
|
434
|
+
},
|
|
435
|
+
],
|
|
436
|
+
};
|
|
437
|
+
const policyPath = join(tempDir, "policy.json");
|
|
438
|
+
await writeFile(policyPath, JSON.stringify(policy));
|
|
439
|
+
const client = new OPAClient({
|
|
440
|
+
mode: "local",
|
|
441
|
+
bundlePath: policyPath,
|
|
442
|
+
});
|
|
443
|
+
const input = {
|
|
444
|
+
certification: {
|
|
445
|
+
id: "cert-123",
|
|
446
|
+
target: "test-repo",
|
|
447
|
+
status: "completed",
|
|
448
|
+
score: 90,
|
|
449
|
+
findings: [],
|
|
450
|
+
frameworks: ["SOC2"],
|
|
451
|
+
startedAt: new Date().toISOString(),
|
|
452
|
+
},
|
|
453
|
+
};
|
|
454
|
+
const result = await client.evaluate(input);
|
|
455
|
+
expect(result.allow).toBe(true);
|
|
456
|
+
expect(result.complianceFindings?.[0].status).toBe("pass");
|
|
457
|
+
});
|
|
458
|
+
});
|
|
459
|
+
describe("remote evaluation", () => {
|
|
460
|
+
it("calls OPA server", async () => {
|
|
461
|
+
mockFetch.mockResolvedValueOnce({
|
|
462
|
+
ok: true,
|
|
463
|
+
json: async () => ({
|
|
464
|
+
result: {
|
|
465
|
+
allow: true,
|
|
466
|
+
policy_version: "remote-1.0",
|
|
467
|
+
},
|
|
468
|
+
}),
|
|
469
|
+
});
|
|
470
|
+
const client = new OPAClient({
|
|
471
|
+
mode: "remote",
|
|
472
|
+
serverUrl: "https://opa.example.com",
|
|
473
|
+
decisionPath: "vaspera/certification/allow",
|
|
474
|
+
});
|
|
475
|
+
const input = {
|
|
476
|
+
certification: {
|
|
477
|
+
id: "cert-123",
|
|
478
|
+
target: "test-repo",
|
|
479
|
+
status: "completed",
|
|
480
|
+
score: 85,
|
|
481
|
+
findings: [],
|
|
482
|
+
frameworks: [],
|
|
483
|
+
startedAt: new Date().toISOString(),
|
|
484
|
+
},
|
|
485
|
+
};
|
|
486
|
+
const result = await client.evaluate(input);
|
|
487
|
+
expect(result.allow).toBe(true);
|
|
488
|
+
expect(result.policyVersion).toBe("remote-1.0");
|
|
489
|
+
expect(mockFetch).toHaveBeenCalledWith(expect.stringContaining("opa.example.com"), expect.objectContaining({
|
|
490
|
+
method: "POST",
|
|
491
|
+
}));
|
|
492
|
+
});
|
|
493
|
+
it("throws when server URL not provided", async () => {
|
|
494
|
+
const client = new OPAClient({
|
|
495
|
+
mode: "remote",
|
|
496
|
+
});
|
|
497
|
+
const input = {
|
|
498
|
+
certification: {
|
|
499
|
+
id: "cert-123",
|
|
500
|
+
target: "test-repo",
|
|
501
|
+
status: "completed",
|
|
502
|
+
score: 85,
|
|
503
|
+
findings: [],
|
|
504
|
+
frameworks: [],
|
|
505
|
+
startedAt: new Date().toISOString(),
|
|
506
|
+
},
|
|
507
|
+
};
|
|
508
|
+
await expect(client.evaluate(input)).rejects.toThrow("OPA server URL required");
|
|
509
|
+
});
|
|
510
|
+
it("handles server errors", async () => {
|
|
511
|
+
mockFetch.mockResolvedValueOnce({
|
|
512
|
+
ok: false,
|
|
513
|
+
status: 500,
|
|
514
|
+
});
|
|
515
|
+
const client = new OPAClient({
|
|
516
|
+
mode: "remote",
|
|
517
|
+
serverUrl: "https://opa.example.com",
|
|
518
|
+
});
|
|
519
|
+
const input = {
|
|
520
|
+
certification: {
|
|
521
|
+
id: "cert-123",
|
|
522
|
+
target: "test-repo",
|
|
523
|
+
status: "completed",
|
|
524
|
+
score: 85,
|
|
525
|
+
findings: [],
|
|
526
|
+
frameworks: [],
|
|
527
|
+
startedAt: new Date().toISOString(),
|
|
528
|
+
},
|
|
529
|
+
};
|
|
530
|
+
await expect(client.evaluate(input)).rejects.toThrow("OPA server returned 500");
|
|
531
|
+
});
|
|
532
|
+
it("handles timeout", async () => {
|
|
533
|
+
mockFetch.mockImplementationOnce(() => new Promise((_, reject) => {
|
|
534
|
+
const error = new Error("Aborted");
|
|
535
|
+
error.name = "AbortError";
|
|
536
|
+
reject(error);
|
|
537
|
+
}));
|
|
538
|
+
const client = new OPAClient({
|
|
539
|
+
mode: "remote",
|
|
540
|
+
serverUrl: "https://opa.example.com",
|
|
541
|
+
timeout: 100,
|
|
542
|
+
});
|
|
543
|
+
const input = {
|
|
544
|
+
certification: {
|
|
545
|
+
id: "cert-123",
|
|
546
|
+
target: "test-repo",
|
|
547
|
+
status: "completed",
|
|
548
|
+
score: 85,
|
|
549
|
+
findings: [],
|
|
550
|
+
frameworks: [],
|
|
551
|
+
startedAt: new Date().toISOString(),
|
|
552
|
+
},
|
|
553
|
+
};
|
|
554
|
+
await expect(client.evaluate(input)).rejects.toThrow("OPA evaluation timed out");
|
|
555
|
+
});
|
|
556
|
+
it("handles empty result", async () => {
|
|
557
|
+
mockFetch.mockResolvedValueOnce({
|
|
558
|
+
ok: true,
|
|
559
|
+
json: async () => ({}),
|
|
560
|
+
});
|
|
561
|
+
const client = new OPAClient({
|
|
562
|
+
mode: "remote",
|
|
563
|
+
serverUrl: "https://opa.example.com",
|
|
564
|
+
});
|
|
565
|
+
const input = {
|
|
566
|
+
certification: {
|
|
567
|
+
id: "cert-123",
|
|
568
|
+
target: "test-repo",
|
|
569
|
+
status: "completed",
|
|
570
|
+
score: 85,
|
|
571
|
+
findings: [],
|
|
572
|
+
frameworks: [],
|
|
573
|
+
startedAt: new Date().toISOString(),
|
|
574
|
+
},
|
|
575
|
+
};
|
|
576
|
+
const result = await client.evaluate(input);
|
|
577
|
+
expect(result.allow).toBe(false);
|
|
578
|
+
expect(result.denialReasons).toContain("No policy result returned");
|
|
579
|
+
});
|
|
580
|
+
});
|
|
581
|
+
describe("isAvailable", () => {
|
|
582
|
+
it("returns true when remote server is healthy", async () => {
|
|
583
|
+
mockFetch.mockResolvedValueOnce({
|
|
584
|
+
ok: true,
|
|
585
|
+
});
|
|
586
|
+
const client = new OPAClient({
|
|
587
|
+
mode: "remote",
|
|
588
|
+
serverUrl: "https://opa.example.com",
|
|
589
|
+
});
|
|
590
|
+
const available = await client.isAvailable();
|
|
591
|
+
expect(available).toBe(true);
|
|
592
|
+
});
|
|
593
|
+
it("returns false when remote server is down", async () => {
|
|
594
|
+
mockFetch.mockRejectedValueOnce(new Error("Connection failed"));
|
|
595
|
+
const client = new OPAClient({
|
|
596
|
+
mode: "remote",
|
|
597
|
+
serverUrl: "https://opa.example.com",
|
|
598
|
+
});
|
|
599
|
+
const available = await client.isAvailable();
|
|
600
|
+
expect(available).toBe(false);
|
|
601
|
+
});
|
|
602
|
+
it("returns true when local bundle exists", async () => {
|
|
603
|
+
const policyPath = join(tempDir, "policy.json");
|
|
604
|
+
await writeFile(policyPath, JSON.stringify({ version: "1.0.0", rules: {} }));
|
|
605
|
+
const client = new OPAClient({
|
|
606
|
+
mode: "local",
|
|
607
|
+
bundlePath: policyPath,
|
|
608
|
+
});
|
|
609
|
+
const available = await client.isAvailable();
|
|
610
|
+
expect(available).toBe(true);
|
|
611
|
+
});
|
|
612
|
+
it("returns false when local bundle missing", async () => {
|
|
613
|
+
const client = new OPAClient({
|
|
614
|
+
mode: "local",
|
|
615
|
+
bundlePath: "/nonexistent/policy.json",
|
|
616
|
+
});
|
|
617
|
+
const available = await client.isAvailable();
|
|
618
|
+
expect(available).toBe(false);
|
|
619
|
+
});
|
|
620
|
+
it("returns false when no bundle path specified", async () => {
|
|
621
|
+
const client = new OPAClient({
|
|
622
|
+
mode: "local",
|
|
623
|
+
});
|
|
624
|
+
const available = await client.isAvailable();
|
|
625
|
+
expect(available).toBe(false);
|
|
626
|
+
});
|
|
627
|
+
});
|
|
628
|
+
});
|
|
629
|
+
describe("Policy Templates", () => {
|
|
630
|
+
describe("generateDefaultPolicy", () => {
|
|
631
|
+
it("generates valid default policy", () => {
|
|
632
|
+
const policy = generateDefaultPolicy();
|
|
633
|
+
expect(policy.version).toBe("1.0.0");
|
|
634
|
+
expect(policy.rules.minScore).toBe(70);
|
|
635
|
+
expect(policy.rules.maxCriticalFindings).toBe(0);
|
|
636
|
+
expect(policy.rules.maxHighFindings).toBe(3);
|
|
637
|
+
expect(policy.complianceChecks).toBeDefined();
|
|
638
|
+
expect(policy.complianceChecks?.length).toBeGreaterThan(0);
|
|
639
|
+
});
|
|
640
|
+
});
|
|
641
|
+
describe("generateSOC2Policy", () => {
|
|
642
|
+
it("generates valid SOC2 policy", () => {
|
|
643
|
+
const policy = generateSOC2Policy();
|
|
644
|
+
expect(policy.version).toContain("soc2");
|
|
645
|
+
expect(policy.rules.minScore).toBe(85);
|
|
646
|
+
expect(policy.rules.maxCriticalFindings).toBe(0);
|
|
647
|
+
expect(policy.rules.maxHighFindings).toBe(0);
|
|
648
|
+
expect(policy.rules.requiredFrameworks).toContain("SOC2");
|
|
649
|
+
});
|
|
650
|
+
});
|
|
651
|
+
});
|
|
652
|
+
describe("policyResultToFindings", () => {
|
|
653
|
+
it("converts denial reasons to critical findings", () => {
|
|
654
|
+
const result = {
|
|
655
|
+
allow: false,
|
|
656
|
+
denialReasons: ["Score too low", "Too many critical findings"],
|
|
657
|
+
evaluatedAt: new Date().toISOString(),
|
|
658
|
+
policyVersion: "1.0.0",
|
|
659
|
+
};
|
|
660
|
+
const findings = policyResultToFindings(result);
|
|
661
|
+
expect(findings).toHaveLength(2);
|
|
662
|
+
expect(findings[0].severity).toBe("critical");
|
|
663
|
+
expect(findings[0].category).toBe("policy-violation");
|
|
664
|
+
});
|
|
665
|
+
it("converts warnings to low findings", () => {
|
|
666
|
+
const result = {
|
|
667
|
+
allow: true,
|
|
668
|
+
warnings: ["Dependency warning"],
|
|
669
|
+
evaluatedAt: new Date().toISOString(),
|
|
670
|
+
};
|
|
671
|
+
const findings = policyResultToFindings(result);
|
|
672
|
+
expect(findings).toHaveLength(1);
|
|
673
|
+
expect(findings[0].severity).toBe("low");
|
|
674
|
+
expect(findings[0].category).toBe("policy-warning");
|
|
675
|
+
});
|
|
676
|
+
it("returns empty array for passing policy", () => {
|
|
677
|
+
const result = {
|
|
678
|
+
allow: true,
|
|
679
|
+
evaluatedAt: new Date().toISOString(),
|
|
680
|
+
};
|
|
681
|
+
const findings = policyResultToFindings(result);
|
|
682
|
+
expect(findings).toHaveLength(0);
|
|
683
|
+
});
|
|
684
|
+
});
|
|
685
|
+
describe("Factory Functions", () => {
|
|
686
|
+
it("createOPAClient creates OPAClient", () => {
|
|
687
|
+
const client = createOPAClient({
|
|
688
|
+
mode: "remote",
|
|
689
|
+
serverUrl: "https://opa.example.com",
|
|
690
|
+
});
|
|
691
|
+
expect(client).toBeInstanceOf(OPAClient);
|
|
692
|
+
});
|
|
693
|
+
it("createLocalOPAClient creates local client", () => {
|
|
694
|
+
const client = createLocalOPAClient("/path/to/bundle.json");
|
|
695
|
+
expect(client).toBeInstanceOf(OPAClient);
|
|
696
|
+
});
|
|
697
|
+
it("createRemoteOPAClient creates remote client", () => {
|
|
698
|
+
const client = createRemoteOPAClient("https://opa.example.com");
|
|
699
|
+
expect(client).toBeInstanceOf(OPAClient);
|
|
700
|
+
});
|
|
701
|
+
});
|
|
702
|
+
//# sourceMappingURL=opa.test.js.map
|