vaspera 2.8.0 → 2.9.0

package/dist/compliance/compliance-bundle.js

@@ -0,0 +1,210 @@
+/**
+ * Compliance Assessment Bundle
+ *
+ * Orchestrates compliance assessment with evidence collection and audit
+ * trail verification for any combination of frameworks.
+ *
+ * @module compliance/compliance-bundle
+ */
+import { generateComplianceReport, generateMultiFrameworkReport } from "./mapper.js";
+import { formatComplianceReportAsMarkdown, formatMultiFrameworkReportAsMarkdown, } from "./report.js";
+import { collectEvidence, storeEvidenceBundle } from "../evidence/index.js";
+import { verifyHistoryIntegrity } from "../history/verify.js";
+/**
+ * Run a compliance assessment for a single framework
+ *
+ * This function orchestrates:
+ * 1. Compliance control mapping for the framework
+ * 2. Audit trail integrity verification (optional)
+ * 3. Evidence bundle collection (optional)
+ * 4. Audit-defensible report generation
+ */
+export async function runSingleFrameworkAssessment(options) {
+    const { projectPath, findings, framework, certificationId, collectEvidence: shouldCollectEvidence = false, sign = false, verifyAuditTrail = false, storeEvidence = true, includeAttestation = true, } = options;
+    // Generate compliance report
+    const report = generateComplianceReport(findings, framework, projectPath, certificationId);
+    // Determine status
+    let status;
+    if (report.status.complianceScore >= 90 && report.status.controlsNonCompliant === 0) {
+        status = "compliant";
+    }
+    else if (report.status.complianceScore >= 70) {
+        status = "at_risk";
+    }
+    else {
+        status = "non_compliant";
+    }
+    // Verify audit trail if requested
+    let auditVerification;
+    if (verifyAuditTrail) {
+        auditVerification = await verifyHistoryIntegrity(projectPath);
+    }
+    // Collect evidence if requested
+    let evidenceBundle;
+    let evidencePath;
+    if (shouldCollectEvidence) {
+        const evidenceResult = await collectEvidence({
+            projectPath,
+            certificationId,
+            frameworks: [framework],
+            includeSbom: true,
+            includeHistory: true,
+            includeScanResults: true,
+            includeConfig: true,
+            sign,
+        });
+        if (evidenceResult.success && evidenceResult.bundle) {
+            evidenceBundle = evidenceResult.bundle;
+            // Store evidence if requested
+            if (storeEvidence) {
+                evidencePath = await storeEvidenceBundle(projectPath, evidenceBundle);
+            }
+        }
+    }
+    // Generate markdown report with audit-defensibility options
+    const reportOptions = {
+        evidenceBundle,
+        auditVerification,
+        includeAttestation,
+    };
+    const markdownReport = formatComplianceReportAsMarkdown(report, reportOptions);
+    return {
+        report,
+        markdownReport,
+        evidenceBundle,
+        auditVerification,
+        evidencePath,
+        status,
+    };
+}
+/**
+ * Run a compliance assessment for multiple frameworks
+ *
+ * This function orchestrates:
+ * 1. Compliance control mapping for all frameworks
+ * 2. Audit trail integrity verification (optional)
+ * 3. Evidence bundle collection (optional)
+ * 4. Unified audit-defensible report generation
+ */
+export async function runComplianceAssessment(options) {
+    const { projectPath, findings, frameworks, certificationId, collectEvidence: shouldCollectEvidence = false, sign = false, verifyAuditTrail = false, storeEvidence = true, includeAttestation = true, } = options;
+    // Handle single framework case
+    if (frameworks.length === 1) {
+        const singleResult = await runSingleFrameworkAssessment({
+            ...options,
+            framework: frameworks[0],
+        });
+        // Convert to multi-framework result format
+        const multiReport = generateMultiFrameworkReport(findings, frameworks, projectPath, certificationId);
+        return {
+            reports: { [frameworks[0]]: singleResult.report },
+            multiFrameworkReport: multiReport,
+            markdownReport: singleResult.markdownReport,
+            evidenceBundle: singleResult.evidenceBundle,
+            auditVerification: singleResult.auditVerification,
+            evidencePath: singleResult.evidencePath,
+            status: singleResult.status,
+            combinedScore: singleResult.report.status.complianceScore,
+        };
+    }
+    // Generate reports for all frameworks
+    const reports = {};
+    for (const framework of frameworks) {
+        reports[framework] = generateComplianceReport(findings, framework, projectPath, certificationId);
+    }
+    // Generate multi-framework report
+    const multiFrameworkReport = generateMultiFrameworkReport(findings, frameworks, projectPath, certificationId);
+    // Calculate combined score
+    const scores = Object.values(reports)
+        .filter((r) => r !== undefined)
+        .map(r => r.status.complianceScore);
+    const combinedScore = scores.length > 0
+        ? Math.round(scores.reduce((a, b) => a + b, 0) / scores.length)
+        : 0;
+    // Count non-compliant controls across all frameworks
+    const totalNonCompliant = Object.values(reports)
+        .filter((r) => r !== undefined)
+        .reduce((sum, r) => sum + r.status.controlsNonCompliant, 0);
+    // Determine overall status
+    let status;
+    if (combinedScore >= 90 && totalNonCompliant === 0) {
+        status = "compliant";
+    }
+    else if (combinedScore >= 70) {
+        status = "at_risk";
+    }
+    else {
+        status = "non_compliant";
+    }
+    // Verify audit trail if requested
+    let auditVerification;
+    if (verifyAuditTrail) {
+        auditVerification = await verifyHistoryIntegrity(projectPath);
+    }
+    // Collect evidence if requested
+    let evidenceBundle;
+    let evidencePath;
+    if (shouldCollectEvidence) {
+        const evidenceResult = await collectEvidence({
+            projectPath,
+            certificationId,
+            frameworks,
+            includeSbom: true,
+            includeHistory: true,
+            includeScanResults: true,
+            includeConfig: true,
+            sign,
+        });
+        if (evidenceResult.success && evidenceResult.bundle) {
+            evidenceBundle = evidenceResult.bundle;
+            // Store evidence if requested
+            if (storeEvidence) {
+                evidencePath = await storeEvidenceBundle(projectPath, evidenceBundle);
+            }
+        }
+    }
+    // Generate markdown report with audit-defensibility options
+    const reportOptions = {
+        evidenceBundle,
+        auditVerification,
+        includeAttestation,
+    };
+    const markdownReport = formatMultiFrameworkReportAsMarkdown(multiFrameworkReport, reportOptions);
+    return {
+        reports,
+        multiFrameworkReport,
+        markdownReport,
+        evidenceBundle,
+        auditVerification,
+        evidencePath,
+        status,
+        combinedScore,
+    };
+}
+/**
+ * Generate a quick compliance summary
+ */
+export function generateComplianceSummary(result) {
+    const statusIcon = result.status === "compliant" ? "✅" :
+        result.status === "at_risk" ? "⚠️" : "❌";
+    const frameworkNames = Object.keys(result.reports).join(", ");
+    const lines = [
+        `${statusIcon} Compliance: ${result.status.toUpperCase()}`,
+        `Frameworks: ${frameworkNames}`,
+        `Combined Score: ${result.combinedScore}%`,
+    ];
+    // Add individual framework scores
+    for (const [framework, report] of Object.entries(result.reports)) {
+        if (report) {
+            lines.push(`${framework}: ${report.status.complianceScore}%`);
+        }
+    }
+    if (result.auditVerification) {
+        lines.push(`Audit Trail: ${result.auditVerification.verified ? "Verified" : "FAILED"}`);
+    }
+    if (result.evidenceBundle) {
+        lines.push(`Evidence: ${result.evidenceBundle.id}`);
+    }
+    return lines.join(" | ");
+}
+//# sourceMappingURL=compliance-bundle.js.map

package/dist/compliance/compliance-bundle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance-bundle.js","sourceRoot":"","sources":["../../src/compliance/compliance-bundle.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,wBAAwB,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AACrF,OAAO,EACL,gCAAgC,EAChC,oCAAoC,GAErC,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC5E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AA0F9D;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,OAA6F;IAE7F,MAAM,EACJ,WAAW,EACX,QAAQ,EACR,SAAS,EACT,eAAe,EACf,eAAe,EAAE,qBAAqB,GAAG,KAAK,EAC9C,IAAI,GAAG,KAAK,EACZ,gBAAgB,GAAG,KAAK,EACxB,aAAa,GAAG,IAAI,EACpB,kBAAkB,GAAG,IAAI,GAC1B,GAAG,OAAO,CAAC;IAEZ,6BAA6B;IAC7B,MAAM,MAAM,GAAG,wBAAwB,CACrC,QAAQ,EACR,SAAS,EACT,WAAW,EACX,eAAe,CAChB,CAAC;IAEF,mBAAmB;IACnB,IAAI,MAAiD,CAAC;IACtD,IAAI,MAAM,CAAC,MAAM,CAAC,eAAe,IAAI,EAAE,IAAI,MAAM,CAAC,MAAM,CAAC,oBAAoB,KAAK,CAAC,EAAE,CAAC;QACpF,MAAM,GAAG,WAAW,CAAC;IACvB,CAAC;SAAM,IAAI,MAAM,CAAC,MAAM,CAAC,eAAe,IAAI,EAAE,EAAE,CAAC;QAC/C,MAAM,GAAG,SAAS,CAAC;IACrB,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,eAAe,CAAC;IAC3B,CAAC;IAED,kCAAkC;IAClC,IAAI,iBAA0D,CAAC;IAC/D,IAAI,gBAAgB,EAAE,CAAC;QACrB,iBAAiB,GAAG,MAAM,sBAAsB,CAAC,WAAW,CAAC,CAAC;IAChE,CAAC;IAED,gCAAgC;IAChC,IAAI,cAA0C,CAAC;IAC/C,IAAI,YAAgC,CAAC;IACrC,IAAI,qBAAqB,EAAE,CAAC;QAC1B,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC;YAC3C,WAAW;YACX,eAAe;YACf,UAAU,EAAE,CAAC,SAAS,CAAC;YACvB,WAAW,EAAE,IAAI;YACjB,cAAc,EAAE,IAAI;YACpB,kBAAkB,EAAE,IAAI;YACxB,aAAa,EAAE,IAAI;YACnB,IAAI;SACL,CAAC,CAAC;QAEH,IAAI,cAAc,CAAC,OAAO,IAAI,cAAc,CAAC,MAAM,EAAE,CAAC;YACpD,cAAc,GAAG,cAAc,CAAC,MAAM,CAAC;YAEvC,8BAA8B;YAC9B,IAAI,aAAa,EAAE,CAAC;gBAClB,YAAY,GAAG,MAAM,mBAAmB,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,MAAM,aAAa,GAA2B;QAC5C,cAAc;QACd,iBAAiB;QACjB,kBAAkB;KACnB,CAAC;IACF,MAAM,cAAc,GAAG,gCAAgC,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAE/E,OAAO;QACL,MAAM;QACN,cAAc;QACd,cAAc;QACd,iBAAiB;QACjB,YAAY;QACZ,MAAM;KACP,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAAoC;IAEpC,MAAM,EACJ,WAAW,EACX,QAAQ,EACR,UAAU,EACV,eAAe,EACf,eAAe,EAAE,qBAAqB,GAAG,KAAK,EAC9C,IAAI,GAAG,KAAK,EACZ,gBAAgB,GAAG,KAAK,EACxB,aAAa,GAAG,IAAI,EACpB,kBAAkB,GAAG,IAAI,GAC1B,GAAG,OAAO,CAAC;IAEZ,+BAA+B;IAC/B,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,YAAY,GAAG,MAAM,4BAA4B,CAAC;YACtD,GAAG,OAAO;YACV,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC;SACzB,CAAC,CAAC;QAEH,2CAA2C;QAC3C,MAAM,WAAW,GAAG,4BAA4B,CAC9C,QAAQ,EACR,UAAU,EACV,WAAW,EACX,eAAe,CAChB,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,MAAM,EAAE;YACjD,oBAAoB,EAAE,WAAW;YACjC,cAAc,EAAE,YAAY,CAAC,cAAc;YAC3C,cAAc,EAAE,YAAY,CAAC,cAAc;YAC3C,iBAAiB,EAAE,YAAY,CAAC,iBAAiB;YACjD,YAAY,EAAE,YAAY,CAAC,YAAY;YACvC,MAAM,EAAE,YAAY,CAAC,MAAM;YAC3B,aAAa,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe;SAC1D,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,MAAM,OAAO,GAA2D,EAAE,CAAC;IAC3E,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,OAAO,CAAC,SAAS,CAAC,GAAG,wBAAwB,CAC3C,QAAQ,EACR,SAAS,EACT,WAAW,EACX,eAAe,CAChB,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,MAAM,oBAAoB,GAAG,4BAA4B,CACvD,QAAQ,EACR,UAAU,EACV,WAAW,EACX,eAAe,CAChB,CAAC;IAEF,2BAA2B;IAC3B,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;SAClC,MAAM,CAAC,CAAC,CAAC,EAAyB,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC;SACrD,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACtC,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC;QACrC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;QAC/D,CAAC,CAAC,CAAC,CAAC;IAEN,qDAAqD;IACrD,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;SAC7C,MAAM,CAAC,CAAC,CAAC,EAAyB,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC;SACrD,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC;IAE9D,2BAA2B;IAC3B,IAAI,MAAiD,CAAC;IACtD,IAAI,aAAa,IAAI,EAAE,IAAI,iBAAiB,KAAK,CAAC,EAAE,CAAC;QACnD,MAAM,GAAG,WAAW,CAAC;IACvB,CAAC;SAAM,IAAI,aAAa,IAAI,EAAE,EAAE,CAAC;QAC/B,MAAM,GAAG,SAAS,CAAC;IACrB,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,eAAe,CAAC;IAC3B,CAAC;IAED,kCAAkC;IAClC,IAAI,iBAA0D,CAAC;IAC/D,IAAI,gBAAgB,EAAE,CAAC;QACrB,iBAAiB,GAAG,MAAM,sBAAsB,CAAC,WAAW,CAAC,CAAC;IAChE,CAAC;IAED,gCAAgC;IAChC,IAAI,cAA0C,CAAC;IAC/C,IAAI,YAAgC,CAAC;IACrC,IAAI,qBAAqB,EAAE,CAAC;QAC1B,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC;YAC3C,WAAW;YACX,eAAe;YACf,UAAU;YACV,WAAW,EAAE,IAAI;YACjB,cAAc,EAAE,IAAI;YACpB,kBAAkB,EAAE,IAAI;YACxB,aAAa,EAAE,IAAI;YACnB,IAAI;SACL,CAAC,CAAC;QAEH,IAAI,cAAc,CAAC,OAAO,IAAI,cAAc,CAAC,MAAM,EAAE,CAAC;YACpD,cAAc,GAAG,cAAc,CAAC,MAAM,CAAC;YAEvC,8BAA8B;YAC9B,IAAI,aAAa,EAAE,CAAC;gBAClB,YAAY,GAAG,MAAM,mBAAmB,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,MAAM,aAAa,GAA2B;QAC5C,cAAc;QACd,iBAAiB;QACjB,kBAAkB;KACnB,CAAC;IACF,MAAM,cAAc,GAAG,oCAAoC,CAAC,oBAAoB,EAAE,aAAa,CAAC,CAAC;IAEjG,OAAO;QACL,OAAO;QACP,oBAAoB;QACpB,cAAc;QACd,cAAc;QACd,iBAAiB;QACjB,YAAY;QACZ,MAAM;QACN,aAAa;KACd,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CACvC,MAAsC;IAEtC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACtD,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;IAE3C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE9D,MAAM,KAAK,GAAG;QACZ,GAAG,UAAU,gBAAgB,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE;QAC1D,eAAe,cAAc,EAAE;QAC/B,mBAAmB,MAAM,CAAC,aAAa,GAAG;KAC3C,CAAC;IAEF,kCAAkC;IAClC,KAAK,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QACjE,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,KAAK,MAAM,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC1F,CAAC;IAED,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC"}

package/dist/compliance/healthcare-bundle.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Healthcare Compliance Bundle
+ *
+ * Orchestrates HIPAA and 42 CFR Part 2 compliance assessment with
+ * evidence collection and audit trail verification.
+ *
+ * @module compliance/healthcare-bundle
+ */
+import type { Finding } from "../certification/types.js";
+import type { ComplianceReport } from "./types.js";
+import type { EvidenceBundle } from "../evidence/types.js";
+import type { IntegrityVerificationResult } from "../history/types.js";
+/**
+ * Healthcare compliance assessment result
+ */
+export interface HealthcareComplianceResult {
+    /** HIPAA compliance report */
+    hipaaReport: ComplianceReport;
+    /** 42 CFR Part 2 compliance report */
+    cfr42Report: ComplianceReport;
+    /** Combined markdown report */
+    markdownReport: string;
+    /** Evidence bundle if collected */
+    evidenceBundle?: EvidenceBundle;
+    /** Audit trail verification result */
+    auditVerification?: IntegrityVerificationResult;
+    /** Path where evidence was stored */
+    evidencePath?: string;
+    /** Overall assessment status */
+    status: "compliant" | "at_risk" | "non_compliant";
+    /** Combined compliance score (average of both frameworks) */
+    combinedScore: number;
+}
+/**
+ * Options for running healthcare compliance assessment
+ */
+export interface HealthcareComplianceOptions {
+    /** Project path to assess */
+    projectPath: string;
+    /** Security findings from certification/scanning */
+    findings: Finding[];
+    /** Certification ID to associate with */
+    certificationId?: string;
+    /** Collect evidence bundle */
+    collectEvidence?: boolean;
+    /** Sign evidence with Sigstore */
+    sign?: boolean;
+    /** Verify audit trail integrity */
+    verifyAuditTrail?: boolean;
+    /** Store evidence bundle to disk */
+    storeEvidence?: boolean;
+}
+/**
+ * Run a complete healthcare compliance assessment
+ *
+ * This function orchestrates:
+ * 1. HIPAA Security Rule compliance mapping
+ * 2. 42 CFR Part 2 compliance mapping
+ * 3. Audit trail integrity verification (optional)
+ * 4. Evidence bundle collection (optional)
+ * 5. Combined report generation
+ */
+export declare function runHealthcareComplianceAssessment(options: HealthcareComplianceOptions): Promise<HealthcareComplianceResult>;
+/**
+ * Generate a quick healthcare compliance summary
+ */
+export declare function generateHealthcareComplianceSummary(result: HealthcareComplianceResult): string;
+//# sourceMappingURL=healthcare-bundle.d.ts.map

package/dist/compliance/healthcare-bundle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"healthcare-bundle.d.ts","sourceRoot":"","sources":["../../src/compliance/healthcare-bundle.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAC;AAEvE;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,8BAA8B;IAC9B,WAAW,EAAE,gBAAgB,CAAC;IAE9B,sCAAsC;IACtC,WAAW,EAAE,gBAAgB,CAAC;IAE9B,+BAA+B;IAC/B,cAAc,EAAE,MAAM,CAAC;IAEvB,mCAAmC;IACnC,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC,sCAAsC;IACtC,iBAAiB,CAAC,EAAE,2BAA2B,CAAC;IAEhD,qCAAqC;IACrC,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,gCAAgC;IAChC,MAAM,EAAE,WAAW,GAAG,SAAS,GAAG,eAAe,CAAC;IAElD,6DAA6D;IAC7D,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,6BAA6B;IAC7B,WAAW,EAAE,MAAM,CAAC;IAEpB,oDAAoD;IACpD,QAAQ,EAAE,OAAO,EAAE,CAAC;IAEpB,yCAAyC;IACzC,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB,8BAA8B;IAC9B,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B,kCAAkC;IAClC,IAAI,CAAC,EAAE,OAAO,CAAC;IAEf,mCAAmC;IACnC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B,oCAAoC;IACpC,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;;;;;;;;GASG;AACH,wBAAsB,iCAAiC,CACrD,OAAO,EAAE,2BAA2B,GACnC,OAAO,CAAC,0BAA0B,CAAC,CA6FrC;AAED;;GAEG;AACH,wBAAgB,mCAAmC,CACjD,MAAM,EAAE,0BAA0B,GACjC,MAAM,CAoBR"}

package/dist/compliance/healthcare-bundle.js

@@ -0,0 +1,104 @@
+/**
+ * Healthcare Compliance Bundle
+ *
+ * Orchestrates HIPAA and 42 CFR Part 2 compliance assessment with
+ * evidence collection and audit trail verification.
+ *
+ * @module compliance/healthcare-bundle
+ */
+import { generateComplianceReport } from "./mapper.js";
+import { formatHealthcareComplianceReportAsMarkdown } from "./report.js";
+import { collectEvidence, storeEvidenceBundle } from "../evidence/index.js";
+import { verifyHistoryIntegrity } from "../history/verify.js";
+/**
+ * Run a complete healthcare compliance assessment
+ *
+ * This function orchestrates:
+ * 1. HIPAA Security Rule compliance mapping
+ * 2. 42 CFR Part 2 compliance mapping
+ * 3. Audit trail integrity verification (optional)
+ * 4. Evidence bundle collection (optional)
+ * 5. Combined report generation
+ */
+export async function runHealthcareComplianceAssessment(options) {
+    const { projectPath, findings, certificationId, collectEvidence: shouldCollectEvidence = true, sign = false, verifyAuditTrail = true, storeEvidence = true, } = options;
+    // Generate HIPAA report
+    const hipaaReport = generateComplianceReport(findings, "HIPAA", projectPath, certificationId);
+    // Generate 42 CFR Part 2 report
+    const cfr42Report = generateComplianceReport(findings, "42-CFR-PART-2", projectPath, certificationId);
+    // Calculate combined score
+    const combinedScore = Math.round((hipaaReport.status.complianceScore + cfr42Report.status.complianceScore) / 2);
+    // Determine overall status
+    let status;
+    if (combinedScore >= 90 &&
+        hipaaReport.status.controlsNonCompliant === 0 &&
+        cfr42Report.status.controlsNonCompliant === 0) {
+        status = "compliant";
+    }
+    else if (combinedScore >= 70) {
+        status = "at_risk";
+    }
+    else {
+        status = "non_compliant";
+    }
+    // Verify audit trail if requested
+    let auditVerification;
+    if (verifyAuditTrail) {
+        auditVerification = await verifyHistoryIntegrity(projectPath);
+    }
+    // Collect evidence if requested
+    let evidenceBundle;
+    let evidencePath;
+    if (shouldCollectEvidence) {
+        const evidenceResult = await collectEvidence({
+            projectPath,
+            certificationId,
+            frameworks: ["HIPAA", "42-CFR-PART-2"],
+            includeSbom: true,
+            includeHistory: true,
+            includeScanResults: true,
+            includeConfig: true,
+            sign,
+        });
+        if (evidenceResult.success && evidenceResult.bundle) {
+            evidenceBundle = evidenceResult.bundle;
+            // Store evidence if requested
+            if (storeEvidence) {
+                evidencePath = await storeEvidenceBundle(projectPath, evidenceBundle);
+            }
+        }
+    }
+    // Generate combined markdown report
+    const markdownReport = formatHealthcareComplianceReportAsMarkdown(hipaaReport, cfr42Report, evidenceBundle, auditVerification);
+    return {
+        hipaaReport,
+        cfr42Report,
+        markdownReport,
+        evidenceBundle,
+        auditVerification,
+        evidencePath,
+        status,
+        combinedScore,
+    };
+}
+/**
+ * Generate a quick healthcare compliance summary
+ */
+export function generateHealthcareComplianceSummary(result) {
+    const statusIcon = result.status === "compliant" ? "✅" :
+        result.status === "at_risk" ? "⚠️" : "❌";
+    const lines = [
+        `${statusIcon} Healthcare Compliance: ${result.status.toUpperCase()}`,
+        `Combined Score: ${result.combinedScore}%`,
+        `HIPAA: ${result.hipaaReport.status.complianceScore}%`,
+        `42 CFR Part 2: ${result.cfr42Report.status.complianceScore}%`,
+    ];
+    if (result.auditVerification) {
+        lines.push(`Audit Trail: ${result.auditVerification.verified ? "Verified" : "FAILED"}`);
+    }
+    if (result.evidenceBundle) {
+        lines.push(`Evidence: ${result.evidenceBundle.id}`);
+    }
+    return lines.join(" | ");
+}
+//# sourceMappingURL=healthcare-bundle.js.map

package/dist/compliance/healthcare-bundle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"healthcare-bundle.js","sourceRoot":"","sources":["../../src/compliance/healthcare-bundle.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,EAAE,0CAA0C,EAAE,MAAM,aAAa,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC5E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AA6D9D;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,iCAAiC,CACrD,OAAoC;IAEpC,MAAM,EACJ,WAAW,EACX,QAAQ,EACR,eAAe,EACf,eAAe,EAAE,qBAAqB,GAAG,IAAI,EAC7C,IAAI,GAAG,KAAK,EACZ,gBAAgB,GAAG,IAAI,EACvB,aAAa,GAAG,IAAI,GACrB,GAAG,OAAO,CAAC;IAEZ,wBAAwB;IACxB,MAAM,WAAW,GAAG,wBAAwB,CAC1C,QAAQ,EACR,OAAO,EACP,WAAW,EACX,eAAe,CAChB,CAAC;IAEF,gCAAgC;IAChC,MAAM,WAAW,GAAG,wBAAwB,CAC1C,QAAQ,EACR,eAAe,EACf,WAAW,EACX,eAAe,CAChB,CAAC;IAEF,2BAA2B;IAC3B,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAC9B,CAAC,WAAW,CAAC,MAAM,CAAC,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAC9E,CAAC;IAEF,2BAA2B;IAC3B,IAAI,MAAiD,CAAC;IACtD,IAAI,aAAa,IAAI,EAAE;QACnB,WAAW,CAAC,MAAM,CAAC,oBAAoB,KAAK,CAAC;QAC7C,WAAW,CAAC,MAAM,CAAC,oBAAoB,KAAK,CAAC,EAAE,CAAC;QAClD,MAAM,GAAG,WAAW,CAAC;IACvB,CAAC;SAAM,IAAI,aAAa,IAAI,EAAE,EAAE,CAAC;QAC/B,MAAM,GAAG,SAAS,CAAC;IACrB,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,eAAe,CAAC;IAC3B,CAAC;IAED,kCAAkC;IAClC,IAAI,iBAA0D,CAAC;IAC/D,IAAI,gBAAgB,EAAE,CAAC;QACrB,iBAAiB,GAAG,MAAM,sBAAsB,CAAC,WAAW,CAAC,CAAC;IAChE,CAAC;IAED,gCAAgC;IAChC,IAAI,cAA0C,CAAC;IAC/C,IAAI,YAAgC,CAAC;IACrC,IAAI,qBAAqB,EAAE,CAAC;QAC1B,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC;YAC3C,WAAW;YACX,eAAe;YACf,UAAU,EAAE,CAAC,OAAO,EAAE,eAAe,CAAC;YACtC,WAAW,EAAE,IAAI;YACjB,cAAc,EAAE,IAAI;YACpB,kBAAkB,EAAE,IAAI;YACxB,aAAa,EAAE,IAAI;YACnB,IAAI;SACL,CAAC,CAAC;QAEH,IAAI,cAAc,CAAC,OAAO,IAAI,cAAc,CAAC,MAAM,EAAE,CAAC;YACpD,cAAc,GAAG,cAAc,CAAC,MAAM,CAAC;YAEvC,8BAA8B;YAC9B,IAAI,aAAa,EAAE,CAAC;gBAClB,YAAY,GAAG,MAAM,mBAAmB,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,MAAM,cAAc,GAAG,0CAA0C,CAC/D,WAAW,EACX,WAAW,EACX,cAAc,EACd,iBAAiB,CAClB,CAAC;IAEF,OAAO;QACL,WAAW;QACX,WAAW;QACX,cAAc;QACd,cAAc;QACd,iBAAiB;QACjB,YAAY;QACZ,MAAM;QACN,aAAa;KACd,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mCAAmC,CACjD,MAAkC;IAElC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACtD,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;IAE3C,MAAM,KAAK,GAAG;QACZ,GAAG,UAAU,2BAA2B,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE;QACrE,mBAAmB,MAAM,CAAC,aAAa,GAAG;QAC1C,UAAU,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,eAAe,GAAG;QACtD,kBAAkB,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,eAAe,GAAG;KAC/D,CAAC;IAEF,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC1F,CAAC;IAED,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC"}

package/dist/compliance/hipaa.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"hipaa.d.ts","sourceRoot":"","sources":["../../src/compliance/hipaa.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD;;GAEG;AACH,eAAO,MAAM,gBAAgB,uFAInB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,iBAAiB,EAwL7C,CAAC;AAEF;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,iBAAiB,EAAE,CAEtD;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,MAAM,GACf,iBAAiB,EAAE,CAErB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,SAAS,MAAM,EAAE,CAEtD"}
+{"version":3,"file":"hipaa.d.ts","sourceRoot":"","sources":["../../src/compliance/hipaa.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD;;GAEG;AACH,eAAO,MAAM,gBAAgB,uFAInB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,iBAAiB,EA2L7C,CAAC;AAEF;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,iBAAiB,EAAE,CAEtD;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,MAAM,GACf,iBAAiB,EAAE,CAErB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,SAAS,MAAM,EAAE,CAEtD"}

package/dist/compliance/hipaa.js

@@ -24,8 +24,9 @@ export const HIPAA_CONTROLS = [
         category: "Administrative Safeguards",
         title: "Security Management Process",
         description: "Implement policies and procedures to prevent, detect, contain, and correct security violations.",
-        keywords: ["security-management", "policy", "procedures"],
-        findingCategories: ["security", "policy"],
+        keywords: ["security-management", "policy", "procedures", "PHI", "ePHI"],
+        findingCategories: ["security", "policy", "phi-exposure", "consent-bypass", "audit-gap"],
+        cweIds: ["CWE-200", "CWE-359"],
     },
     {
         id: "164.308(a)(3)",
@@ -43,9 +44,9 @@ export const HIPAA_CONTROLS = [
         category: "Administrative Safeguards",
         title: "Information Access Management",
         description: "Implement policies and procedures for authorizing access to ePHI.",
-        keywords: ["access-management", "authorization", "PHI"],
-        findingCategories: ["authorization", "data-exposure"],
-        cweIds: ["CWE-284", "CWE-285"],
+        keywords: ["access-management", "authorization", "PHI", "ePHI", "minimum necessary"],
+        findingCategories: ["authorization", "data-exposure", "phi-exposure", "consent-bypass", "broken-access-control"],
+        cweIds: ["CWE-284", "CWE-285", "CWE-862"],
     },
     {
         id: "164.308(a)(5)",
@@ -111,9 +112,10 @@ export const HIPAA_CONTROLS = [
         category: "Technical Safeguards",
         title: "Encryption and Decryption",
         description: "Implement a mechanism to encrypt and decrypt ePHI.",
-        keywords: ["encryption", "decryption", "cryptography"],
-        findingCategories: ["encryption", "data-protection"],
-        cweIds: ["CWE-311", "CWE-312"],
+        keywords: ["encryption", "decryption", "cryptography", "PHI", "at rest", "in transit"],
+        findingCategories: ["encryption", "data-protection", "missing-encryption", "phi-exposure", "cryptographic-failure"],
+        cweIds: ["CWE-311", "CWE-312", "CWE-326"],
+        severityThreshold: "high",
     },
     {
         id: "164.312(b)",
@@ -121,9 +123,10 @@ export const HIPAA_CONTROLS = [
         category: "Technical Safeguards",
         title: "Audit Controls",
         description: "Implement hardware, software, and/or procedural mechanisms to record and examine activity.",
-        keywords: ["audit", "logging", "monitoring"],
-        findingCategories: ["logging", "audit"],
-        cweIds: ["CWE-778"],
+        keywords: ["audit", "logging", "monitoring", "access log", "PHI access"],
+        findingCategories: ["logging", "audit", "audit-gap", "phi-in-logs", "insufficient-logging"],
+        cweIds: ["CWE-778", "CWE-532", "CWE-223"],
+        severityThreshold: "medium",
     },
     {
         id: "164.312(c)(1)",

package/dist/compliance/hipaa.js.map

@@ -1 +1 @@
-{"version":3,"file":"hipaa.js","sourceRoot":"","sources":["../../src/compliance/hipaa.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,2BAA2B;IAC3B,qBAAqB;IACrB,sBAAsB;CACd,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAwB;IACjD,uCAAuC;IACvC;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,iGAAiG;QACnG,QAAQ,EAAE,CAAC,qBAAqB,EAAE,QAAQ,EAAE,YAAY,CAAC;QACzD,iBAAiB,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC;KAC1C;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,yEAAyE;QAC3E,QAAQ,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,eAAe,CAAC;QAClD,iBAAiB,EAAE,CAAC,eAAe,EAAE,gBAAgB,CAAC;QACtD,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,+BAA+B;QACtC,WAAW,EACT,mEAAmE;QACrE,QAAQ,EAAE,CAAC,mBAAmB,EAAE,eAAe,EAAE,KAAK,CAAC;QACvD,iBAAiB,EAAE,CAAC,eAAe,EAAE,eAAe,CAAC;QACrD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,iCAAiC;QACxC,WAAW,EACT,4EAA4E;QAC9E,QAAQ,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,UAAU,CAAC;QAC/C,iBAAiB,EAAE,CAAC,UAAU,CAAC;KAChC;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,8BAA8B;QACrC,WAAW,EACT,kEAAkE;QACpE,QAAQ,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC;QAC9C,iBAAiB,EAAE,CAAC,UAAU,EAAE,SAAS,CAAC;KAC3C;IAED,kCAAkC;IAClC;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,gBAAgB;QACvB,WAAW,EACT,oGAAoG;QACtG,QAAQ,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,eAAe,CAAC;QAC/D,iBAAiB,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;QACtD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,4BAA4B;QACnC,WAAW,EAAE,gFAAgF;QAC7F,QAAQ,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,CAAC;QAC7C,iBAAiB,EAAE,CAAC,gBAAgB,EAAE,UAAU,CAAC;QACjD,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,4BAA4B;QACnC,WAAW,EACT,wEAAwE;QAC1E,QAAQ,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,WAAW,CAAC;QAC9C,iBAAiB,EAAE,CAAC,cAAc,EAAE,gBAAgB,CAAC;KACtD;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,kBAAkB;QACzB,WAAW,EACT,gHAAgH;QAClH,QAAQ,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC;QAC1C,iBAAiB,EAAE,CAAC,gBAAgB,EAAE,oBAAoB,CAAC;QAC3D,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,2BAA2B;QAClC,WAAW,EACT,oDAAoD;QACtD,QAAQ,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,cAAc,CAAC;QACtD,iBAAiB,EAAE,CAAC,YAAY,EAAE,iBAAiB,CAAC;QACpD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,gBAAgB;QACvB,WAAW,EACT,4FAA4F;QAC9F,QAAQ,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,YAAY,CAAC;QAC5C,iBAAiB,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;QACvC,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,WAAW;QAClB,WAAW,EACT,4FAA4F;QAC9F,QAAQ,EAAE,CAAC,WAAW,EAAE,iBAAiB,EAAE,WAAW,CAAC;QACvD,iBAAiB,EAAE,CAAC,WAAW,EAAE,iBAAiB,CAAC;QACnD,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,6FAA6F;QAC/F,QAAQ,EAAE,CAAC,gBAAgB,EAAE,WAAW,EAAE,cAAc,CAAC;QACzD,iBAAiB,EAAE,CAAC,WAAW,EAAE,gBAAgB,CAAC;KACnD;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,iCAAiC;QACxC,WAAW,EACT,sFAAsF;QACxF,QAAQ,EAAE,CAAC,gBAAgB,EAAE,cAAc,EAAE,UAAU,CAAC;QACxD,iBAAiB,EAAE,CAAC,gBAAgB,CAAC;QACrC,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EACT,+GAA+G;QACjH,QAAQ,EAAE,CAAC,cAAc,EAAE,SAAS,EAAE,YAAY,EAAE,KAAK,CAAC;QAC1D,iBAAiB,EAAE,CAAC,oBAAoB,EAAE,YAAY,CAAC;QACvD,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,qCAAqC;QAC5C,WAAW,EACT,mGAAmG;QACrG,QAAQ,EAAE,CAAC,cAAc,EAAE,WAAW,EAAE,cAAc,CAAC;QACvD,iBAAiB,EAAE,CAAC,oBAAoB,EAAE,WAAW,CAAC;KACvD;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,oEAAoE;QACtE,QAAQ,EAAE,CAAC,YAAY,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC;QACxD,iBAAiB,EAAE,CAAC,YAAY,EAAE,oBAAoB,CAAC;QACvD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,QAAgB;IAEhB,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,gBAAgB,CAAC;AAC1B,CAAC"}
+{"version":3,"file":"hipaa.js","sourceRoot":"","sources":["../../src/compliance/hipaa.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,2BAA2B;IAC3B,qBAAqB;IACrB,sBAAsB;CACd,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAwB;IACjD,uCAAuC;IACvC;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,iGAAiG;QACnG,QAAQ,EAAE,CAAC,qBAAqB,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,CAAC;QACxE,iBAAiB,EAAE,CAAC,UAAU,EAAE,QAAQ,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,CAAC;QACxF,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,yEAAyE;QAC3E,QAAQ,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,eAAe,CAAC;QAClD,iBAAiB,EAAE,CAAC,eAAe,EAAE,gBAAgB,CAAC;QACtD,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,+BAA+B;QACtC,WAAW,EACT,mEAAmE;QACrE,QAAQ,EAAE,CAAC,mBAAmB,EAAE,eAAe,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,CAAC;QACpF,iBAAiB,EAAE,CAAC,eAAe,EAAE,eAAe,EAAE,cAAc,EAAE,gBAAgB,EAAE,uBAAuB,CAAC;QAChH,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;KAC1C;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,iCAAiC;QACxC,WAAW,EACT,4EAA4E;QAC9E,QAAQ,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,UAAU,CAAC;QAC/C,iBAAiB,EAAE,CAAC,UAAU,CAAC;KAChC;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,2BAA2B;QACrC,KAAK,EAAE,8BAA8B;QACrC,WAAW,EACT,kEAAkE;QACpE,QAAQ,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC;QAC9C,iBAAiB,EAAE,CAAC,UAAU,EAAE,SAAS,CAAC;KAC3C;IAED,kCAAkC;IAClC;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,gBAAgB;QACvB,WAAW,EACT,oGAAoG;QACtG,QAAQ,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,eAAe,CAAC;QAC/D,iBAAiB,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;QACtD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,4BAA4B;QACnC,WAAW,EAAE,gFAAgF;QAC7F,QAAQ,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,CAAC;QAC7C,iBAAiB,EAAE,CAAC,gBAAgB,EAAE,UAAU,CAAC;QACjD,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,4BAA4B;QACnC,WAAW,EACT,wEAAwE;QAC1E,QAAQ,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,WAAW,CAAC;QAC9C,iBAAiB,EAAE,CAAC,cAAc,EAAE,gBAAgB,CAAC;KACtD;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,kBAAkB;QACzB,WAAW,EACT,gHAAgH;QAClH,QAAQ,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC;QAC1C,iBAAiB,EAAE,CAAC,gBAAgB,EAAE,oBAAoB,CAAC;QAC3D,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,2BAA2B;QAClC,WAAW,EACT,oDAAoD;QACtD,QAAQ,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,KAAK,EAAE,SAAS,EAAE,YAAY,CAAC;QACtF,iBAAiB,EAAE,CAAC,YAAY,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,cAAc,EAAE,uBAAuB,CAAC;QACnH,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;QACzC,iBAAiB,EAAE,MAAM;KAC1B;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,gBAAgB;QACvB,WAAW,EACT,4FAA4F;QAC9F,QAAQ,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,CAAC;QACxE,iBAAiB,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,sBAAsB,CAAC;QAC3F,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;QACzC,iBAAiB,EAAE,QAAQ;KAC5B;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,WAAW;QAClB,WAAW,EACT,4FAA4F;QAC9F,QAAQ,EAAE,CAAC,WAAW,EAAE,iBAAiB,EAAE,WAAW,CAAC;QACvD,iBAAiB,EAAE,CAAC,WAAW,EAAE,iBAAiB,CAAC;QACnD,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,6FAA6F;QAC/F,QAAQ,EAAE,CAAC,gBAAgB,EAAE,WAAW,EAAE,cAAc,CAAC;QACzD,iBAAiB,EAAE,CAAC,WAAW,EAAE,gBAAgB,CAAC;KACnD;IACD;QACE,EAAE,EAAE,YAAY;QAChB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,iCAAiC;QACxC,WAAW,EACT,sFAAsF;QACxF,QAAQ,EAAE,CAAC,gBAAgB,EAAE,cAAc,EAAE,UAAU,CAAC;QACxD,iBAAiB,EAAE,CAAC,gBAAgB,CAAC;QACrC,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;IACD;QACE,EAAE,EAAE,eAAe;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EACT,+GAA+G;QACjH,QAAQ,EAAE,CAAC,cAAc,EAAE,SAAS,EAAE,YAAY,EAAE,KAAK,CAAC;QAC1D,iBAAiB,EAAE,CAAC,oBAAoB,EAAE,YAAY,CAAC;QACvD,MAAM,EAAE,CAAC,SAAS,CAAC;KACpB;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,qCAAqC;QAC5C,WAAW,EACT,mGAAmG;QACrG,QAAQ,EAAE,CAAC,cAAc,EAAE,WAAW,EAAE,cAAc,CAAC;QACvD,iBAAiB,EAAE,CAAC,oBAAoB,EAAE,WAAW,CAAC;KACvD;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,6BAA6B;QACpC,WAAW,EACT,oEAAoE;QACtE,QAAQ,EAAE,CAAC,YAAY,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC;QACxD,iBAAiB,EAAE,CAAC,YAAY,EAAE,oBAAoB,CAAC;QACvD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;KAC/B;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,QAAgB;IAEhB,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,gBAAgB,CAAC;AAC1B,CAAC"}

package/dist/compliance/index.d.ts

@@ -10,9 +10,17 @@ export { SOC2_CONTROLS, getSOC2Controls, getSOC2ControlsByCategory, getSOC2Contr
 export { ISO27001_CONTROLS, getISO27001Controls, getISO27001ControlsByCategory, getISO27001ControlById, getISO27001Categories, } from "./iso27001.js";
 export { PCI_DSS_CONTROLS, getPCIDSSControls, getPCIDSSControlsByCategory, getPCIDSSCategories, } from "./pci-dss.js";
 export { HIPAA_CONTROLS, getHIPAAControls, getHIPAAControlsByCategory, getHIPAACategories, } from "./hipaa.js";
+export { CFR42_PART2_CONTROLS, CFR42_PART2_CATEGORIES, getCFR42Part2Controls, getCFR42Part2ControlsByCategory, getCFR42Part2ControlById, getCFR42Part2Categories, CFR42_TO_HIPAA_MAPPING, } from "./cfr42-part2.js";
 export { CIS_CONTROLS, getCISControls, getCISControlsByCategory, getCISCategories, } from "./cis.js";
 export { GDPR_CONTROLS, getGDPRControls, getGDPRControlsByCategory, getGDPRControlsByArticle, getGDPRCategories, } from "./gdpr.js";
-export * from "./frameworks/index.js";
+export { NIST_800_53_CONTROLS, getNIST80053Controls, getNIST80053ControlsByCategory, getNIST80053ControlById, getNIST80053Categories, NIST_CONTROL_FAMILIES, } from "./nist-800-53.js";
 export { getControlsForFramework, findingMatchesControl, meetsSeverityThreshold, mapFindingsToControls, calculateComplianceStatus, generateRecommendations, generateComplianceReport, generateMultiFrameworkReport, } from "./mapper.js";
-export { formatComplianceReportAsMarkdown, formatMultiFrameworkReportAsMarkdown, formatComplianceReportAsJson, generateCompactComplianceSummary, } from "./report.js";
+export { formatComplianceReportAsMarkdown, formatMultiFrameworkReportAsMarkdown, formatComplianceReportAsJson, generateCompactComplianceSummary, formatHealthcareComplianceReportAsMarkdown, } from "./report.js";
+export type { AuditDefensibleOptions } from "./report.js";
+export { FRAMEWORK_ATTESTATIONS, getFrameworkAttestation, formatAttestationAsMarkdown, formatMultiFrameworkAttestationAsMarkdown, } from "./attestation.js";
+export type { FrameworkAttestation } from "./attestation.js";
+export type { HealthcareComplianceResult, HealthcareComplianceOptions, } from "./healthcare-bundle.js";
+export { runHealthcareComplianceAssessment, generateHealthcareComplianceSummary, } from "./healthcare-bundle.js";
+export type { SingleFrameworkAssessmentResult, MultiFrameworkAssessmentResult, ComplianceAssessmentOptions, } from "./compliance-bundle.js";
+export { runSingleFrameworkAssessment, runComplianceAssessment, generateComplianceSummary, } from "./compliance-bundle.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/compliance/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/compliance/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,YAAY,EACV,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,wBAAwB,EACxB,eAAe,EACf,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,6BAA6B,EAC7B,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,2BAA2B,EAC3B,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,YAAY,EACZ,cAAc,EACd,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,wBAAwB,EACxB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAGnB,cAAc,uBAAuB,CAAC;AAGtC,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,qBAAqB,EACrB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,4BAA4B,GAC7B,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,gCAAgC,EAChC,oCAAoC,EACpC,4BAA4B,EAC5B,gCAAgC,GACjC,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/compliance/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,YAAY,EACV,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,wBAAwB,EACxB,eAAe,EACf,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,6BAA6B,EAC7B,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,2BAA2B,EAC3B,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,sBAAsB,EACtB,qBAAqB,EACrB,+BAA+B,EAC/B,wBAAwB,EACxB,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,YAAY,EACZ,cAAc,EACd,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,wBAAwB,EACxB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,8BAA8B,EAC9B,uBAAuB,EACvB,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,qBAAqB,EACrB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,4BAA4B,GAC7B,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,gCAAgC,EAChC,oCAAoC,EACpC,4BAA4B,EAC5B,gCAAgC,EAChC,0CAA0C,GAC3C,MAAM,aAAa,CAAC;AAErB,YAAY,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAG1D,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,2BAA2B,EAC3B,yCAAyC,GAC1C,MAAM,kBAAkB,CAAC;AAE1B,YAAY,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAG7D,YAAY,EACV,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iCAAiC,EACjC,mCAAmC,GACpC,MAAM,wBAAwB,CAAC;AAGhC,YAAY,EACV,+BAA+B,EAC/B,8BAA8B,EAC9B,2BAA2B,GAC5B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,4BAA4B,EAC5B,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,wBAAwB,CAAC"}

package/dist/compliance/index.js

@@ -13,14 +13,20 @@ export { ISO27001_CONTROLS, getISO27001Controls, getISO27001ControlsByCategory,
 export { PCI_DSS_CONTROLS, getPCIDSSControls, getPCIDSSControlsByCategory, getPCIDSSCategories, } from "./pci-dss.js";
 // HIPAA
 export { HIPAA_CONTROLS, getHIPAAControls, getHIPAAControlsByCategory, getHIPAACategories, } from "./hipaa.js";
+// 42 CFR Part 2 (SUD Patient Record Confidentiality)
+export { CFR42_PART2_CONTROLS, CFR42_PART2_CATEGORIES, getCFR42Part2Controls, getCFR42Part2ControlsByCategory, getCFR42Part2ControlById, getCFR42Part2Categories, CFR42_TO_HIPAA_MAPPING, } from "./cfr42-part2.js";
 // CIS Controls
 export { CIS_CONTROLS, getCISControls, getCISControlsByCategory, getCISCategories, } from "./cis.js";
 // GDPR
 export { GDPR_CONTROLS, getGDPRControls, getGDPRControlsByCategory, getGDPRControlsByArticle, getGDPRCategories, } from "./gdpr.js";
-// M6: AI Compliance Frameworks
-export * from "./frameworks/index.js";
+// NIST 800-53
+export { NIST_800_53_CONTROLS, getNIST80053Controls, getNIST80053ControlsByCategory, getNIST80053ControlById, getNIST80053Categories, NIST_CONTROL_FAMILIES, } from "./nist-800-53.js";
 // Mapper
 export { getControlsForFramework, findingMatchesControl, meetsSeverityThreshold, mapFindingsToControls, calculateComplianceStatus, generateRecommendations, generateComplianceReport, generateMultiFrameworkReport, } from "./mapper.js";
 // Report
-export { formatComplianceReportAsMarkdown, formatMultiFrameworkReportAsMarkdown, formatComplianceReportAsJson, generateCompactComplianceSummary, } from "./report.js";
+export { formatComplianceReportAsMarkdown, formatMultiFrameworkReportAsMarkdown, formatComplianceReportAsJson, generateCompactComplianceSummary, formatHealthcareComplianceReportAsMarkdown, } from "./report.js";
+// Attestation
+export { FRAMEWORK_ATTESTATIONS, getFrameworkAttestation, formatAttestationAsMarkdown, formatMultiFrameworkAttestationAsMarkdown, } from "./attestation.js";
+export { runHealthcareComplianceAssessment, generateHealthcareComplianceSummary, } from "./healthcare-bundle.js";
+export { runSingleFrameworkAssessment, runComplianceAssessment, generateComplianceSummary, } from "./compliance-bundle.js";
 //# sourceMappingURL=index.js.map

package/dist/compliance/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/compliance/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAcH,QAAQ;AACR,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAEnB,YAAY;AACZ,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,6BAA6B,EAC7B,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAEvB,UAAU;AACV,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,2BAA2B,EAC3B,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,QAAQ;AACR,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB,eAAe;AACf,OAAO,EACL,YAAY,EACZ,cAAc,EACd,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAElB,OAAO;AACP,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,wBAAwB,EACxB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAEnB,+BAA+B;AAC/B,cAAc,uBAAuB,CAAC;AAEtC,SAAS;AACT,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,qBAAqB,EACrB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,4BAA4B,GAC7B,MAAM,aAAa,CAAC;AAErB,SAAS;AACT,OAAO,EACL,gCAAgC,EAChC,oCAAoC,EACpC,4BAA4B,EAC5B,gCAAgC,GACjC,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/compliance/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAcH,QAAQ;AACR,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAEnB,YAAY;AACZ,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,6BAA6B,EAC7B,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAEvB,UAAU;AACV,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,2BAA2B,EAC3B,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,QAAQ;AACR,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB,qDAAqD;AACrD,OAAO,EACL,oBAAoB,EACpB,sBAAsB,EACtB,qBAAqB,EACrB,+BAA+B,EAC/B,wBAAwB,EACxB,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAE1B,eAAe;AACf,OAAO,EACL,YAAY,EACZ,cAAc,EACd,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAElB,OAAO;AACP,OAAO,EACL,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,wBAAwB,EACxB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AAEnB,cAAc;AACd,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,8BAA8B,EAC9B,uBAAuB,EACvB,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAE1B,SAAS;AACT,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,qBAAqB,EACrB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,4BAA4B,GAC7B,MAAM,aAAa,CAAC;AAErB,SAAS;AACT,OAAO,EACL,gCAAgC,EAChC,oCAAoC,EACpC,4BAA4B,EAC5B,gCAAgC,EAChC,0CAA0C,GAC3C,MAAM,aAAa,CAAC;AAIrB,cAAc;AACd,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,2BAA2B,EAC3B,yCAAyC,GAC1C,MAAM,kBAAkB,CAAC;AAU1B,OAAO,EACL,iCAAiC,EACjC,mCAAmC,GACpC,MAAM,wBAAwB,CAAC;AAShC,OAAO,EACL,4BAA4B,EAC5B,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,wBAAwB,CAAC"}

package/dist/compliance/mapper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mapper.d.ts","sourceRoot":"","sources":["../../src/compliance/mapper.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAY,MAAM,2BAA2B,CAAC;AACnE,OAAO,KAAK,EACV,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,wBAAwB,EACxB,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAsCpB;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,mBAAmB,GAAG,iBAAiB,EAAE,CA8B3F;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAoB3F;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAG5F;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,OAAO,EAAE,EACnB,SAAS,EAAE,mBAAmB,GAC7B,mBAAmB,EAAE,CAoCvB;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,SAAS,EAAE,mBAAmB,EAC9B,eAAe,EAAE,mBAAmB,EAAE,GACrC,gBAAgB,CAkClB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,eAAe,EAAE,mBAAmB,EAAE,GACrC,wBAAwB,EAAE,CA4C5B;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,OAAO,EAAE,EACnB,SAAS,EAAE,mBAAmB,EAC9B,WAAW,EAAE,MAAM,EACnB,eAAe,CAAC,EAAE,MAAM,GACvB,gBAAgB,CA0BlB;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAC1C,QAAQ,EAAE,OAAO,EAAE,EACnB,UAAU,EAAE,mBAAmB,EAAE,EACjC,WAAW,EAAE,MAAM,EACnB,eAAe,CAAC,EAAE,MAAM,GACvB,oBAAoB,CA+BtB"}
+{"version":3,"file":"mapper.d.ts","sourceRoot":"","sources":["../../src/compliance/mapper.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAY,MAAM,2BAA2B,CAAC;AACnE,OAAO,KAAK,EACV,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,wBAAwB,EACxB,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAiCpB;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,mBAAmB,GAAG,iBAAiB,EAAE,CAqB3F;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAoB3F;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAG5F;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,OAAO,EAAE,EACnB,SAAS,EAAE,mBAAmB,GAC7B,mBAAmB,EAAE,CAoCvB;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,SAAS,EAAE,mBAAmB,EAC9B,eAAe,EAAE,mBAAmB,EAAE,GACrC,gBAAgB,CAkClB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,eAAe,EAAE,mBAAmB,EAAE,GACrC,wBAAwB,EAAE,CA4C5B;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,OAAO,EAAE,EACnB,SAAS,EAAE,mBAAmB,EAC9B,WAAW,EAAE,MAAM,EACnB,eAAe,CAAC,EAAE,MAAM,GACvB,gBAAgB,CA0BlB;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAC1C,QAAQ,EAAE,OAAO,EAAE,EACnB,UAAU,EAAE,mBAAmB,EAAE,EACjC,WAAW,EAAE,MAAM,EACnB,eAAe,CAAC,EAAE,MAAM,GACvB,oBAAoB,CA+BtB"}

package/dist/compliance/mapper.js

@@ -12,12 +12,7 @@ import { HIPAA_CONTROLS } from "./hipaa.js";
 import { CIS_CONTROLS } from "./cis.js";
 import { GDPR_CONTROLS } from "./gdpr.js";
 import { NIST_800_53_CONTROLS } from "./nist-800-53.js";
-// M6: AI compliance frameworks
-import { OWASP_LLM_CONTROLS } from "./frameworks/owasp-llm.js";
-import { NIST_AI_RMF_CONTROLS } from "./frameworks/nist-ai-rmf.js";
-import { MITRE_ATLAS_CONTROLS } from "./frameworks/mitre-atlas.js";
-import { EU_AI_ACT_CONTROLS } from "./frameworks/eu-ai-act.js";
-import { ISO_42001_CONTROLS } from "./frameworks/iso-42001.js";
+import { CFR42_PART2_CONTROLS } from "./cfr42-part2.js";
 import { randomUUID } from "crypto";
 /**
  * Severity weight for scoring
@@ -52,23 +47,14 @@ export function getControlsForFramework(framework) {
             return PCI_DSS_CONTROLS;
         case "HIPAA":
             return HIPAA_CONTROLS;
+        case "42-CFR-PART-2":
+            return CFR42_PART2_CONTROLS;
         case "CIS":
             return CIS_CONTROLS;
         case "GDPR":
             return GDPR_CONTROLS;
         case "NIST-800-53":
             return NIST_800_53_CONTROLS;
-        // M6: AI compliance frameworks
-        case "OWASP-LLM":
-            return OWASP_LLM_CONTROLS;
-        case "NIST-AI-RMF":
-            return NIST_AI_RMF_CONTROLS;
-        case "MITRE-ATLAS":
-            return MITRE_ATLAS_CONTROLS;
-        case "EU-AI-ACT":
-            return EU_AI_ACT_CONTROLS;
-        case "ISO-42001":
-            return ISO_42001_CONTROLS;
         default:
             return [];
     }