vaspera 2.8.0 → 2.9.0

package/dist/__tests__/compliance-bundle.test.js

@@ -0,0 +1,344 @@
+/**
+ * Compliance Bundle Tests
+ *
+ * Tests for universal audit-defensible compliance assessment.
+ *
+ * @module __tests__/compliance-bundle
+ */
+import { describe, it, expect } from "vitest";
+import { runSingleFrameworkAssessment, runComplianceAssessment, generateComplianceSummary, } from "../compliance/compliance-bundle.js";
+import { formatComplianceReportAsMarkdown, formatMultiFrameworkReportAsMarkdown, generateComplianceReport, generateMultiFrameworkReport, } from "../compliance/index.js";
+import { FRAMEWORK_ATTESTATIONS, getFrameworkAttestation, formatAttestationAsMarkdown, formatMultiFrameworkAttestationAsMarkdown, } from "../compliance/attestation.js";
+// Mock findings for testing
+const createMockFindings = () => [
+    {
+        id: "test-001",
+        severity: "high",
+        category: "security",
+        description: "Hardcoded credentials found",
+        confidence: 95,
+        evidence: "API key in source code",
+        verifications: [],
+        created_at: new Date().toISOString(),
+        cwe_ids: ["CWE-798"],
+    },
+    {
+        id: "test-002",
+        severity: "medium",
+        category: "logging",
+        description: "Insufficient audit logging",
+        confidence: 80,
+        evidence: "Missing audit trail for sensitive operations",
+        verifications: [],
+        created_at: new Date().toISOString(),
+    },
+    {
+        id: "test-003",
+        severity: "low",
+        category: "encryption",
+        description: "Weak cipher suite",
+        confidence: 70,
+        evidence: "TLS 1.1 still enabled",
+        verifications: [],
+        created_at: new Date().toISOString(),
+    },
+];
+describe("Framework Attestations", () => {
+    it("should have attestations for all standard frameworks", () => {
+        const standardFrameworks = [
+            "SOC2",
+            "ISO27001",
+            "PCI-DSS",
+            "HIPAA",
+            "42-CFR-PART-2",
+            "GDPR",
+            "NIST-800-53",
+            "CIS",
+        ];
+        for (const framework of standardFrameworks) {
+            const attestation = FRAMEWORK_ATTESTATIONS[framework];
+            expect(attestation).toBeDefined();
+            expect(attestation.fullName).toBeTruthy();
+            expect(attestation.methodology.length).toBeGreaterThan(0);
+            expect(attestation.scopeLimitations.length).toBeGreaterThan(0);
+            expect(attestation.auditorNote).toBeTruthy();
+        }
+    });
+    it("should have attestations for AI frameworks", () => {
+        const aiFrameworks = [
+            "OWASP-LLM",
+            "NIST-AI-RMF",
+            "MITRE-ATLAS",
+            "EU-AI-ACT",
+            "ISO-42001",
+        ];
+        for (const framework of aiFrameworks) {
+            const attestation = FRAMEWORK_ATTESTATIONS[framework];
+            expect(attestation).toBeDefined();
+            expect(attestation.fullName).toBeTruthy();
+            expect(attestation.methodology.length).toBeGreaterThan(0);
+            expect(attestation.scopeLimitations.length).toBeGreaterThan(0);
+            expect(attestation.auditorNote).toBeTruthy();
+        }
+    });
+    it("should format single-framework attestation as markdown", () => {
+        const markdown = formatAttestationAsMarkdown("SOC2");
+        expect(markdown).toContain("## Attestation");
+        expect(markdown).toContain("SOC 2 Trust Services Criteria");
+        expect(markdown).toContain("### Assessment Methodology");
+        expect(markdown).toContain("### Scope Limitations");
+        expect(markdown).toContain("### Auditor Note");
+        expect(markdown).toContain("licensed CPA firm");
+    });
+    it("should format multi-framework attestation as markdown", () => {
+        const markdown = formatMultiFrameworkAttestationAsMarkdown(["SOC2", "ISO27001"]);
+        expect(markdown).toContain("## Attestation");
+        expect(markdown).toContain("SOC 2 Trust Services Criteria");
+        expect(markdown).toContain("ISO/IEC 27001:2022");
+        expect(markdown).toContain("### Framework-Specific Notes");
+    });
+});
+describe("Audit-Defensible Report Formatting", () => {
+    const mockFindings = createMockFindings();
+    it("should format compliance report without audit options (backward compatible)", () => {
+        const report = generateComplianceReport(mockFindings, "SOC2", "/test/project");
+        const markdown = formatComplianceReportAsMarkdown(report);
+        expect(markdown).toContain("# SOC2 Compliance Report");
+        expect(markdown).toContain("## Compliance Status");
+        // Should NOT have audit sections when no options provided
+        expect(markdown).not.toContain("## Audit Trail Integrity");
+        expect(markdown).not.toContain("## Evidence Bundle");
+        expect(markdown).not.toContain("## Attestation");
+    });
+    it("should include attestation section when requested", () => {
+        const report = generateComplianceReport(mockFindings, "SOC2", "/test/project");
+        const options = {
+            includeAttestation: true,
+        };
+        const markdown = formatComplianceReportAsMarkdown(report, options);
+        expect(markdown).toContain("## Attestation");
+        expect(markdown).toContain("SOC 2 Trust Services Criteria");
+        expect(markdown).toContain("### Assessment Methodology");
+        expect(markdown).toContain("### Scope Limitations");
+    });
+    it("should include audit trail section when verification provided", () => {
+        const report = generateComplianceReport(mockFindings, "ISO27001", "/test/project");
+        const options = {
+            auditVerification: {
+                projectPath: "/test/project",
+                verifiedAt: new Date().toISOString(),
+                verified: true,
+                totalEntries: 10,
+                entriesVerified: 10,
+                entriesPassed: 10,
+                entriesFailed: 0,
+                chainIntegrity: true,
+                failures: [],
+                genesisHash: "abc123def456789",
+                headHash: "xyz789abc123456",
+            },
+        };
+        const markdown = formatComplianceReportAsMarkdown(report, options);
+        expect(markdown).toContain("## Audit Trail Integrity");
+        expect(markdown).toContain("Verified");
+        expect(markdown).toContain("Total Entries | 10");
+        expect(markdown).toContain("Chain Integrity | Intact");
+        expect(markdown).toContain("Genesis Hash");
+    });
+    it("should show warning for failed audit verification", () => {
+        const report = generateComplianceReport(mockFindings, "PCI-DSS", "/test/project");
+        const options = {
+            auditVerification: {
+                projectPath: "/test/project",
+                verifiedAt: new Date().toISOString(),
+                verified: false,
+                totalEntries: 10,
+                entriesVerified: 8,
+                entriesPassed: 7,
+                entriesFailed: 1,
+                chainIntegrity: false,
+                failures: [],
+                firstFailure: {
+                    entryId: "entry-008",
+                    timestamp: new Date().toISOString(),
+                    hashValid: false,
+                    chainValid: false,
+                    failureReason: "Hash mismatch",
+                },
+            },
+        };
+        const markdown = formatComplianceReportAsMarkdown(report, options);
+        expect(markdown).toContain("INTEGRITY FAILURE");
+        expect(markdown).toContain("Chain Integrity | Broken");
+        expect(markdown).toContain("Audit trail integrity compromised");
+    });
+    it("should format multi-framework report with audit options", () => {
+        const report = generateMultiFrameworkReport(mockFindings, ["SOC2", "ISO27001"], "/test/project");
+        const options = {
+            includeAttestation: true,
+        };
+        const markdown = formatMultiFrameworkReportAsMarkdown(report, options);
+        expect(markdown).toContain("# Multi-Framework Compliance Report");
+        expect(markdown).toContain("## Attestation");
+        expect(markdown).toContain("### Framework-Specific Notes");
+        expect(markdown).toContain("SOC2:");
+        expect(markdown).toContain("ISO27001:");
+    });
+    it("should add audit-defensible label to footer when features used", () => {
+        const report = generateComplianceReport(mockFindings, "HIPAA", "/test/project");
+        const options = {
+            auditVerification: {
+                projectPath: "/test/project",
+                verifiedAt: new Date().toISOString(),
+                verified: true,
+                totalEntries: 5,
+                entriesVerified: 5,
+                entriesPassed: 5,
+                entriesFailed: 0,
+                chainIntegrity: true,
+                failures: [],
+            },
+        };
+        const markdown = formatComplianceReportAsMarkdown(report, options);
+        expect(markdown).toContain("Audit-Defensible");
+    });
+});
+describe("Compliance Assessment Bundle", () => {
+    const mockFindings = createMockFindings();
+    it("should run single framework assessment without audit features", async () => {
+        const result = await runSingleFrameworkAssessment({
+            projectPath: "/test/project",
+            findings: mockFindings,
+            framework: "SOC2",
+            collectEvidence: false,
+            verifyAuditTrail: false,
+            includeAttestation: true,
+        });
+        expect(result.report).toBeDefined();
+        expect(result.report.framework).toBe("SOC2");
+        expect(result.markdownReport).toContain("# SOC2 Compliance Report");
+        expect(result.markdownReport).toContain("## Attestation");
+        expect(result.status).toMatch(/compliant|at_risk|non_compliant/);
+        expect(result.evidenceBundle).toBeUndefined();
+        expect(result.auditVerification).toBeUndefined();
+    });
+    it("should run multi-framework assessment", async () => {
+        const result = await runComplianceAssessment({
+            projectPath: "/test/project",
+            findings: mockFindings,
+            frameworks: ["SOC2", "ISO27001"],
+            collectEvidence: false,
+            verifyAuditTrail: false,
+            includeAttestation: true,
+        });
+        expect(result.reports).toBeDefined();
+        expect(result.reports["SOC2"]).toBeDefined();
+        expect(result.reports["ISO27001"]).toBeDefined();
+        expect(result.multiFrameworkReport).toBeDefined();
+        expect(result.markdownReport).toContain("# Multi-Framework Compliance Report");
+        expect(result.combinedScore).toBeGreaterThanOrEqual(0);
+        expect(result.combinedScore).toBeLessThanOrEqual(100);
+        expect(result.status).toMatch(/compliant|at_risk|non_compliant/);
+    });
+    it("should handle single framework in multi-assessment", async () => {
+        const result = await runComplianceAssessment({
+            projectPath: "/test/project",
+            findings: mockFindings,
+            frameworks: ["PCI-DSS"],
+            collectEvidence: false,
+            verifyAuditTrail: false,
+        });
+        // When single framework, should still work correctly
+        expect(result.reports["PCI-DSS"]).toBeDefined();
+        expect(result.combinedScore).toBe(result.reports["PCI-DSS"]?.status.complianceScore);
+    });
+    it("should generate compliance summary", async () => {
+        const result = await runComplianceAssessment({
+            projectPath: "/test/project",
+            findings: mockFindings,
+            frameworks: ["SOC2", "HIPAA"],
+            collectEvidence: false,
+            verifyAuditTrail: false,
+        });
+        const summary = generateComplianceSummary(result);
+        expect(summary).toContain("Compliance:");
+        expect(summary).toContain("Frameworks: SOC2, HIPAA");
+        expect(summary).toContain("Combined Score:");
+        expect(summary).toContain("SOC2:");
+        expect(summary).toContain("HIPAA:");
+    });
+    it("should determine status based on findings severity", async () => {
+        const criticalFindings = [
+            {
+                id: "crit-001",
+                severity: "critical",
+                category: "security",
+                description: "Critical vulnerability",
+                confidence: 100,
+                evidence: "Test",
+                verifications: [],
+                created_at: new Date().toISOString(),
+            },
+        ];
+        const result = await runSingleFrameworkAssessment({
+            projectPath: "/test/project",
+            findings: criticalFindings,
+            framework: "GDPR",
+            collectEvidence: false,
+            verifyAuditTrail: false,
+        });
+        // Critical findings should result in at_risk or non_compliant status
+        expect(["at_risk", "non_compliant"]).toContain(result.status);
+    });
+    it("should be compliant with no findings", async () => {
+        const result = await runSingleFrameworkAssessment({
+            projectPath: "/test/project",
+            findings: [],
+            framework: "CIS",
+            collectEvidence: false,
+            verifyAuditTrail: false,
+        });
+        expect(result.status).toBe("compliant");
+        expect(result.report.status.complianceScore).toBe(100);
+    });
+});
+describe("All Frameworks Support", () => {
+    const mockFindings = createMockFindings();
+    const allFrameworks = [
+        "SOC2",
+        "ISO27001",
+        "PCI-DSS",
+        "HIPAA",
+        "42-CFR-PART-2",
+        "GDPR",
+        "NIST-800-53",
+        "CIS",
+        "OWASP-LLM",
+        "NIST-AI-RMF",
+        "MITRE-ATLAS",
+        "EU-AI-ACT",
+        "ISO-42001",
+    ];
+    it.each(allFrameworks)("should generate report for %s framework", async (framework) => {
+        const result = await runSingleFrameworkAssessment({
+            projectPath: "/test/project",
+            findings: mockFindings,
+            framework,
+            collectEvidence: false,
+            verifyAuditTrail: false,
+            includeAttestation: true,
+        });
+        expect(result.report).toBeDefined();
+        expect(result.report.framework).toBe(framework);
+        expect(result.markdownReport).toContain(`# ${framework} Compliance Report`);
+        expect(result.markdownReport).toContain("## Attestation");
+    });
+    it("should generate attestation for all frameworks", () => {
+        for (const framework of allFrameworks) {
+            const attestation = getFrameworkAttestation(framework);
+            expect(attestation).toBeDefined();
+            expect(attestation.fullName.length).toBeGreaterThan(0);
+        }
+    });
+});
+//# sourceMappingURL=compliance-bundle.test.js.map

package/dist/__tests__/compliance-bundle.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance-bundle.test.js","sourceRoot":"","sources":["../../src/__tests__/compliance-bundle.test.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,4BAA4B,EAC5B,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EACL,gCAAgC,EAChC,oCAAoC,EACpC,wBAAwB,EACxB,4BAA4B,GAE7B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,2BAA2B,EAC3B,yCAAyC,GAC1C,MAAM,8BAA8B,CAAC;AAGtC,4BAA4B;AAC5B,MAAM,kBAAkB,GAAG,GAAc,EAAE,CAAC;IAC1C;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,6BAA6B;QAC1C,UAAU,EAAE,EAAE;QACd,QAAQ,EAAE,wBAAwB;QAClC,aAAa,EAAE,EAAE;QACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,OAAO,EAAE,CAAC,SAAS,CAAC;KACrB;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,4BAA4B;QACzC,UAAU,EAAE,EAAE;QACd,QAAQ,EAAE,8CAA8C;QACxD,aAAa,EAAE,EAAE;QACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,YAAY;QACtB,WAAW,EAAE,mBAAmB;QAChC,UAAU,EAAE,EAAE;QACd,QAAQ,EAAE,uBAAuB;QACjC,aAAa,EAAE,EAAE;QACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC;CACF,CAAC;AAEF,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,kBAAkB,GAAG;YACzB,MAAM;YACN,UAAU;YACV,SAAS;YACT,OAAO;YACP,eAAe;YACf,MAAM;YACN,aAAa;YACb,KAAK;SACG,CAAC;QAEX,KAAK,MAAM,SAAS,IAAI,kBAAkB,EAAE,CAAC;YAC3C,MAAM,WAAW,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAC;YACtD,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YAClC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,UAAU,EAAE,CAAC;YAC1C,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAC1D,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAC/D,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,UAAU,EAAE,CAAC;QAC/C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,YAAY,GAAG;YACnB,WAAW;YACX,aAAa;YACb,aAAa;YACb,WAAW;YACX,WAAW;SACH,CAAC;QAEX,KAAK,MAAM,SAAS,IAAI,YAAY,EAAE,CAAC;YACrC,MAAM,WAAW,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAC;YACtD,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YAClC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,UAAU,EAAE,CAAC;YAC1C,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAC1D,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAC/D,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,UAAU,EAAE,CAAC;QAC/C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,QAAQ,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;QAErD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAC7C,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,+BAA+B,CAAC,CAAC;QAC5D,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;QACzD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;QACpD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;QAC/C,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,MAAM,QAAQ,GAAG,yCAAyC,CAAC,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;QAEjF,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAC7C,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,+BAA+B,CAAC,CAAC;QAC5D,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QACjD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,8BAA8B,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAClD,MAAM,YAAY,GAAG,kBAAkB,EAAE,CAAC;IAE1C,EAAE,CAAC,6EAA6E,EAAE,GAAG,EAAE;QACrF,MAAM,MAAM,GAAG,wBAAwB,CAAC,YAAY,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QAC/E,MAAM,QAAQ,GAAG,gCAAgC,CAAC,MAAM,CAAC,CAAC;QAE1D,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;QACnD,0DAA0D;QAC1D,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QAC3D,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QACrD,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,MAAM,GAAG,wBAAwB,CAAC,YAAY,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QAC/E,MAAM,OAAO,GAA2B;YACtC,kBAAkB,EAAE,IAAI;SACzB,CAAC;QACF,MAAM,QAAQ,GAAG,gCAAgC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAEnE,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAC7C,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,+BAA+B,CAAC,CAAC;QAC5D,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;QACzD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,MAAM,GAAG,wBAAwB,CAAC,YAAY,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC;QACnF,MAAM,OAAO,GAA2B;YACtC,iBAAiB,EAAE;gBACjB,WAAW,EAAE,eAAe;gBAC5B,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACpC,QAAQ,EAAE,IAAI;gBACd,YAAY,EAAE,EAAE;gBAChB,eAAe,EAAE,EAAE;gBACnB,aAAa,EAAE,EAAE;gBACjB,aAAa,EAAE,CAAC;gBAChB,cAAc,EAAE,IAAI;gBACpB,QAAQ,EAAE,EAAE;gBACZ,WAAW,EAAE,iBAAiB;gBAC9B,QAAQ,EAAE,iBAAiB;aAC5B;SACF,CAAC;QACF,MAAM,QAAQ,GAAG,gCAAgC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAEnE,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACvC,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QACjD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,MAAM,GAAG,wBAAwB,CAAC,YAAY,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;QAClF,MAAM,OAAO,GAA2B;YACtC,iBAAiB,EAAE;gBACjB,WAAW,EAAE,eAAe;gBAC5B,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACpC,QAAQ,EAAE,KAAK;gBACf,YAAY,EAAE,EAAE;gBAChB,eAAe,EAAE,CAAC;gBAClB,aAAa,EAAE,CAAC;gBAChB,aAAa,EAAE,CAAC;gBAChB,cAAc,EAAE,KAAK;gBACrB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE;oBACZ,OAAO,EAAE,WAAW;oBACpB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,SAAS,EAAE,KAAK;oBAChB,UAAU,EAAE,KAAK;oBACjB,aAAa,EAAE,eAAe;iBAC/B;aACF;SACF,CAAC;QACF,MAAM,QAAQ,GAAG,gCAAgC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAEnE,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;QAChD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,MAAM,GAAG,4BAA4B,CACzC,YAAY,EACZ,CAAC,MAAM,EAAE,UAAU,CAAC,EACpB,eAAe,CAChB,CAAC;QACF,MAAM,OAAO,GAA2B;YACtC,kBAAkB,EAAE,IAAI;SACzB,CAAC;QACF,MAAM,QAAQ,GAAG,oCAAoC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAEvE,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,qCAAqC,CAAC,CAAC;QAClE,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAC7C,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,8BAA8B,CAAC,CAAC;QAC3D,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,MAAM,MAAM,GAAG,wBAAwB,CAAC,YAAY,EAAE,OAAO,EAAE,eAAe,CAAC,CAAC;QAChF,MAAM,OAAO,GAA2B;YACtC,iBAAiB,EAAE;gBACjB,WAAW,EAAE,eAAe;gBAC5B,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACpC,QAAQ,EAAE,IAAI;gBACd,YAAY,EAAE,CAAC;gBACf,eAAe,EAAE,CAAC;gBAClB,aAAa,EAAE,CAAC;gBAChB,aAAa,EAAE,CAAC;gBAChB,cAAc,EAAE,IAAI;gBACpB,QAAQ,EAAE,EAAE;aACb;SACF,CAAC;QACF,MAAM,QAAQ,GAAG,gCAAgC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAEnE,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;IAC5C,MAAM,YAAY,GAAG,kBAAkB,EAAE,CAAC;IAE1C,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC7E,MAAM,MAAM,GAAG,MAAM,4BAA4B,CAAC;YAChD,WAAW,EAAE,eAAe;YAC5B,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,MAAM;YACjB,eAAe,EAAE,KAAK;YACtB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,IAAI;SACzB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QACpE,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAC1D,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAAC;QACjE,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,aAAa,EAAE,CAAC;QAC9C,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,aAAa,EAAE,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,MAAM,GAAG,MAAM,uBAAuB,CAAC;YAC3C,WAAW,EAAE,eAAe;YAC5B,QAAQ,EAAE,YAAY;YACtB,UAAU,EAAE,CAAC,MAAM,EAAE,UAAU,CAAC;YAChC,eAAe,EAAE,KAAK;YACtB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,IAAI;SACzB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACjD,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,WAAW,EAAE,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,qCAAqC,CAAC,CAAC;QAC/E,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;QACvD,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;QACtD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,MAAM,GAAG,MAAM,uBAAuB,CAAC;YAC3C,WAAW,EAAE,eAAe;YAC5B,QAAQ,EAAE,YAAY;YACtB,UAAU,EAAE,CAAC,SAAS,CAAC;YACvB,eAAe,EAAE,KAAK;YACtB,gBAAgB,EAAE,KAAK;SACxB,CAAC,CAAC;QAEH,qDAAqD;QACrD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QAChD,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IACvF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,MAAM,GAAG,MAAM,uBAAuB,CAAC;YAC3C,WAAW,EAAE,eAAe;YAC5B,QAAQ,EAAE,YAAY;YACtB,UAAU,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;YAC7B,eAAe,EAAE,KAAK;YACtB,gBAAgB,EAAE,KAAK;SACxB,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QACzC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAC7C,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,gBAAgB,GAAc;YAClC;gBACE,EAAE,EAAE,UAAU;gBACd,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,UAAU;gBACpB,WAAW,EAAE,wBAAwB;gBACrC,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,MAAM;gBAChB,aAAa,EAAE,EAAE;gBACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACrC;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,4BAA4B,CAAC;YAChD,WAAW,EAAE,eAAe;YAC5B,QAAQ,EAAE,gBAAgB;YAC1B,SAAS,EAAE,MAAM;YACjB,eAAe,EAAE,KAAK;YACtB,gBAAgB,EAAE,KAAK;SACxB,CAAC,CAAC;QAEH,qEAAqE;QACrE,MAAM,CAAC,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,MAAM,GAAG,MAAM,4BAA4B,CAAC;YAChD,WAAW,EAAE,eAAe;YAC5B,QAAQ,EAAE,EAAE;YACZ,SAAS,EAAE,KAAK;YAChB,eAAe,EAAE,KAAK;YACtB,gBAAgB,EAAE,KAAK;SACxB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,MAAM,YAAY,GAAG,kBAAkB,EAAE,CAAC;IAE1C,MAAM,aAAa,GAAG;QACpB,MAAM;QACN,UAAU;QACV,SAAS;QACT,OAAO;QACP,eAAe;QACf,MAAM;QACN,aAAa;QACb,KAAK;QACL,WAAW;QACX,aAAa;QACb,aAAa;QACb,WAAW;QACX,WAAW;KACH,CAAC;IAEX,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,yCAAyC,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE;QACpF,MAAM,MAAM,GAAG,MAAM,4BAA4B,CAAC;YAChD,WAAW,EAAE,eAAe;YAC5B,QAAQ,EAAE,YAAY;YACtB,SAAS;YACT,eAAe,EAAE,KAAK;YACtB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,IAAI;SACzB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,KAAK,SAAS,oBAAoB,CAAC,CAAC;QAC5E,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,KAAK,MAAM,SAAS,IAAI,aAAa,EAAE,CAAC;YACtC,MAAM,WAAW,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;YACvD,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YAClC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACzD,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/healthcare-compliance.test.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Healthcare Compliance Tests
+ *
+ * Integration tests for HIPAA and 42 CFR Part 2 compliance assessment.
+ *
+ * @module __tests__/healthcare-compliance
+ */
+export {};
+//# sourceMappingURL=healthcare-compliance.test.d.ts.map

package/dist/__tests__/healthcare-compliance.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"healthcare-compliance.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/healthcare-compliance.test.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG"}

package/dist/__tests__/healthcare-compliance.test.js

@@ -0,0 +1,233 @@
+/**
+ * Healthcare Compliance Tests
+ *
+ * Integration tests for HIPAA and 42 CFR Part 2 compliance assessment.
+ *
+ * @module __tests__/healthcare-compliance
+ */
+import { describe, it, expect } from "vitest";
+import { getHIPAAControls, getHIPAACategories, getCFR42Part2Controls, getCFR42Part2Categories, CFR42_TO_HIPAA_MAPPING, mapFindingsToControls, generateComplianceReport, runHealthcareComplianceAssessment, generateHealthcareComplianceSummary, } from "../compliance/index.js";
+describe("HIPAA Controls", () => {
+    it("should have at least 15 controls", () => {
+        const controls = getHIPAAControls();
+        expect(controls.length).toBeGreaterThanOrEqual(15);
+    });
+    it("should have controls in expected categories", () => {
+        const categories = getHIPAACategories();
+        expect(categories).toContain("Administrative Safeguards");
+        expect(categories).toContain("Technical Safeguards");
+    });
+    it("should have healthcare-specific finding categories", () => {
+        const controls = getHIPAAControls();
+        const allCategories = controls.flatMap((c) => c.findingCategories);
+        expect(allCategories).toContain("phi-exposure");
+        expect(allCategories).toContain("audit-gap");
+        expect(allCategories).toContain("consent-bypass");
+    });
+    it("should map encryption control to CWE-311", () => {
+        const controls = getHIPAAControls();
+        const encryptionControl = controls.find((c) => c.id === "164.312(a)(2)(iv)");
+        expect(encryptionControl).toBeDefined();
+        expect(encryptionControl.cweIds).toContain("CWE-311");
+    });
+});
+describe("42 CFR Part 2 Controls", () => {
+    it("should have at least 15 controls", () => {
+        const controls = getCFR42Part2Controls();
+        expect(controls.length).toBeGreaterThanOrEqual(15);
+    });
+    it("should have controls in expected categories", () => {
+        const categories = getCFR42Part2Categories();
+        expect(categories).toContain("General Provisions");
+        expect(categories).toContain("Disclosures With Consent");
+        expect(categories).toContain("Security Safeguards");
+    });
+    it("should have SUD-specific finding categories", () => {
+        const controls = getCFR42Part2Controls();
+        const allCategories = controls.flatMap((c) => c.findingCategories);
+        expect(allCategories).toContain("sud-disclosure");
+        expect(allCategories).toContain("consent-bypass");
+        expect(allCategories).toContain("redisclosure-violation");
+        expect(allCategories).toContain("qsoa-violation");
+    });
+    it("should have prohibition on disclosure control", () => {
+        const controls = getCFR42Part2Controls();
+        const prohibition = controls.find((c) => c.id === "2.12");
+        expect(prohibition).toBeDefined();
+        expect(prohibition.title).toBe("Prohibition on Disclosure");
+        expect(prohibition.findingCategories).toContain("sud-disclosure");
+    });
+});
+describe("CFR42 to HIPAA Mapping", () => {
+    it("should map CFR42 controls to HIPAA controls", () => {
+        expect(CFR42_TO_HIPAA_MAPPING["2.12"]).toBeDefined();
+        expect(CFR42_TO_HIPAA_MAPPING["2.12"]).toContain("164.308(a)(1)");
+    });
+    it("should map consent requirements to HIPAA authorization", () => {
+        expect(CFR42_TO_HIPAA_MAPPING["2.31"]).toBeDefined();
+        expect(CFR42_TO_HIPAA_MAPPING["2.31"]).toContain("164.508");
+    });
+});
+describe("Finding to Control Mapping", () => {
+    const createFinding = (id, severity, category, description) => ({
+        id,
+        severity,
+        category,
+        description,
+        confidence: 100,
+        evidence: "Test evidence",
+        verifications: [],
+        created_at: new Date().toISOString(),
+    });
+    it("should map phi-exposure findings to HIPAA controls", () => {
+        const findings = [
+            createFinding("phi-001", "critical", "phi-exposure", "SSN found in logs"),
+        ];
+        const mappings = mapFindingsToControls(findings, "HIPAA");
+        const affectedControls = mappings.filter((m) => m.findings.length > 0);
+        expect(affectedControls.length).toBeGreaterThan(0);
+        expect(affectedControls.some((m) => m.control.id === "164.308(a)(1)")).toBe(true);
+    });
+    it("should map consent-bypass findings to 42 CFR Part 2 controls", () => {
+        const findings = [
+            createFinding("consent-001", "high", "consent-bypass", "Consent not validated before data access"),
+        ];
+        const mappings = mapFindingsToControls(findings, "42-CFR-PART-2");
+        const affectedControls = mappings.filter((m) => m.findings.length > 0);
+        expect(affectedControls.length).toBeGreaterThan(0);
+        expect(affectedControls.some((m) => m.control.id === "2.31")).toBe(true);
+    });
+    it("should map audit-gap findings to audit controls", () => {
+        const findings = [
+            createFinding("audit-001", "high", "audit-gap", "PHI access not logged"),
+        ];
+        const hipaaMapping = mapFindingsToControls(findings, "HIPAA");
+        const cfr42Mapping = mapFindingsToControls(findings, "42-CFR-PART-2");
+        expect(hipaaMapping.some((m) => m.findings.length > 0 && m.control.id === "164.312(b)")).toBe(true);
+        expect(cfr42Mapping.some((m) => m.findings.length > 0 && m.control.id === "2.52")).toBe(true);
+    });
+});
+describe("Compliance Report Generation", () => {
+    const mockFindings = [
+        {
+            id: "test-001",
+            severity: "high",
+            category: "phi-exposure",
+            description: "PHI data exposed in API response",
+            confidence: 100,
+            evidence: "Response contains SSN field",
+            verifications: [],
+            created_at: new Date().toISOString(),
+        },
+        {
+            id: "test-002",
+            severity: "medium",
+            category: "audit-gap",
+            description: "Missing audit log for patient data access",
+            confidence: 80,
+            evidence: "No audit log call found",
+            verifications: [],
+            created_at: new Date().toISOString(),
+        },
+    ];
+    it("should generate HIPAA compliance report", () => {
+        const report = generateComplianceReport(mockFindings, "HIPAA", "/test/project");
+        expect(report.framework).toBe("HIPAA");
+        expect(report.status.totalControls).toBeGreaterThan(0);
+        expect(report.nonCompliantControls.length).toBeGreaterThanOrEqual(0);
+    });
+    it("should generate 42 CFR Part 2 compliance report", () => {
+        const report = generateComplianceReport(mockFindings, "42-CFR-PART-2", "/test/project");
+        expect(report.framework).toBe("42-CFR-PART-2");
+        expect(report.status.totalControls).toBeGreaterThan(0);
+    });
+    it("should generate recommendations for non-compliant controls", () => {
+        const report = generateComplianceReport(mockFindings, "HIPAA", "/test/project");
+        if (report.nonCompliantControls.length > 0 || report.atRiskControls.length > 0) {
+            expect(report.recommendations.length).toBeGreaterThan(0);
+        }
+    });
+});
+describe("Healthcare Compliance Assessment", () => {
+    const mockFindings = [
+        {
+            id: "hc-001",
+            severity: "critical",
+            category: "sud-disclosure",
+            description: "SUD patient data shared without consent",
+            confidence: 100,
+            evidence: "API returns SUD records without authorization check",
+            verifications: [],
+            created_at: new Date().toISOString(),
+        },
+    ];
+    it("should run combined assessment", async () => {
+        const result = await runHealthcareComplianceAssessment({
+            projectPath: "/test/project",
+            findings: mockFindings,
+            collectEvidence: false,
+            verifyAuditTrail: false,
+            storeEvidence: false,
+        });
+        expect(result.hipaaReport).toBeDefined();
+        expect(result.cfr42Report).toBeDefined();
+        expect(result.combinedScore).toBeGreaterThanOrEqual(0);
+        expect(result.combinedScore).toBeLessThanOrEqual(100);
+    });
+    it("should generate markdown report", async () => {
+        const result = await runHealthcareComplianceAssessment({
+            projectPath: "/test/project",
+            findings: mockFindings,
+            collectEvidence: false,
+            verifyAuditTrail: false,
+            storeEvidence: false,
+        });
+        expect(result.markdownReport).toContain("Healthcare Compliance Assessment");
+        expect(result.markdownReport).toContain("HIPAA");
+        expect(result.markdownReport).toContain("42 CFR Part 2");
+    });
+    it("should generate summary", async () => {
+        const result = await runHealthcareComplianceAssessment({
+            projectPath: "/test/project",
+            findings: mockFindings,
+            collectEvidence: false,
+            verifyAuditTrail: false,
+            storeEvidence: false,
+        });
+        const summary = generateHealthcareComplianceSummary(result);
+        expect(summary).toContain("Healthcare Compliance");
+        expect(summary).toContain("HIPAA");
+        expect(summary).toContain("42 CFR Part 2");
+    });
+    it("should determine status based on findings", async () => {
+        const criticalFindings = [
+            {
+                id: "crit-001",
+                severity: "critical",
+                category: "phi-exposure",
+                description: "Critical PHI exposure",
+                confidence: 100,
+                evidence: "Test",
+                verifications: [],
+                created_at: new Date().toISOString(),
+            },
+        ];
+        const result = await runHealthcareComplianceAssessment({
+            projectPath: "/test/project",
+            findings: criticalFindings,
+            collectEvidence: false,
+            verifyAuditTrail: false,
+            storeEvidence: false,
+        });
+        // Critical findings should result in at_risk or non_compliant status
+        expect(["at_risk", "non_compliant"]).toContain(result.status);
+    });
+});
+describe("Healthcare Scanner Types", () => {
+    it("should include healthcare in scanner types", async () => {
+        const { toFindingId } = await import("../scanners/types.js");
+        const findingId = toFindingId("healthcare", "phi-exposure", 0);
+        expect(findingId).toBe("hc-001");
+    });
+});
+//# sourceMappingURL=healthcare-compliance.test.js.map

package/dist/__tests__/healthcare-compliance.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"healthcare-compliance.test.js","sourceRoot":"","sources":["../../src/__tests__/healthcare-compliance.test.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,uBAAuB,EACvB,sBAAsB,EACtB,qBAAqB,EACrB,wBAAwB,EACxB,iCAAiC,EACjC,mCAAmC,GACpC,MAAM,wBAAwB,CAAC;AAGhC,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;QACpC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;QACxC,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,2BAA2B,CAAC,CAAC;QAC1D,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;QACpC,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC;QAEnE,MAAM,CAAC,aAAa,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QAChD,MAAM,CAAC,aAAa,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC7C,MAAM,CAAC,aAAa,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;QACpC,MAAM,iBAAiB,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,mBAAmB,CAAC,CAAC;QAE7E,MAAM,CAAC,iBAAiB,CAAC,CAAC,WAAW,EAAE,CAAC;QACxC,MAAM,CAAC,iBAAkB,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,QAAQ,GAAG,qBAAqB,EAAE,CAAC;QACzC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,UAAU,GAAG,uBAAuB,EAAE,CAAC;QAC7C,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QACnD,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QACzD,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,QAAQ,GAAG,qBAAqB,EAAE,CAAC;QACzC,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC;QAEnE,MAAM,CAAC,aAAa,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAClD,MAAM,CAAC,aAAa,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAClD,MAAM,CAAC,aAAa,CAAC,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC;QAC1D,MAAM,CAAC,aAAa,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,QAAQ,GAAG,qBAAqB,EAAE,CAAC;QACzC,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;QAE1D,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,CAAC,WAAY,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAC7D,MAAM,CAAC,WAAY,CAAC,iBAAiB,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACrD,MAAM,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IACpE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACrD,MAAM,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;IAC1C,MAAM,aAAa,GAAG,CACpB,EAAU,EACV,QAAyD,EACzD,QAAgB,EAChB,WAAmB,EACV,EAAE,CAAC,CAAC;QACb,EAAE;QACF,QAAQ;QACR,QAAQ;QACR,WAAW;QACX,UAAU,EAAE,GAAG;QACf,QAAQ,EAAE,eAAe;QACzB,aAAa,EAAE,EAAE;QACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,QAAQ,GAAc;YAC1B,aAAa,CAAC,SAAS,EAAE,UAAU,EAAE,cAAc,EAAE,mBAAmB,CAAC;SAC1E,CAAC;QAEF,MAAM,QAAQ,GAAG,qBAAqB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC1D,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEvE,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACnD,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACtE,MAAM,QAAQ,GAAc;YAC1B,aAAa,CAAC,aAAa,EAAE,MAAM,EAAE,gBAAgB,EAAE,0CAA0C,CAAC;SACnG,CAAC;QAEF,MAAM,QAAQ,GAAG,qBAAqB,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;QAClE,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEvE,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACnD,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,QAAQ,GAAc;YAC1B,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,uBAAuB,CAAC;SACzE,CAAC;QAEF,MAAM,YAAY,GAAG,qBAAqB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,qBAAqB,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;QAEtE,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChG,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;IAC5C,MAAM,YAAY,GAAc;QAC9B;YACE,EAAE,EAAE,UAAU;YACd,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,cAAc;YACxB,WAAW,EAAE,kCAAkC;YAC/C,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,6BAA6B;YACvC,aAAa,EAAE,EAAE;YACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACrC;QACD;YACE,EAAE,EAAE,UAAU;YACd,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,WAAW;YACrB,WAAW,EAAE,2CAA2C;YACxD,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE,yBAAyB;YACnC,aAAa,EAAE,EAAE;YACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACrC;KACF,CAAC;IAEF,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,MAAM,GAAG,wBAAwB,CAAC,YAAY,EAAE,OAAO,EAAE,eAAe,CAAC,CAAC;QAEhF,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACvD,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,MAAM,GAAG,wBAAwB,CAAC,YAAY,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;QAExF,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;QACpE,MAAM,MAAM,GAAG,wBAAwB,CAAC,YAAY,EAAE,OAAO,EAAE,eAAe,CAAC,CAAC;QAEhF,IAAI,MAAM,CAAC,oBAAoB,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/E,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,kCAAkC,EAAE,GAAG,EAAE;IAChD,MAAM,YAAY,GAAc;QAC9B;YACE,EAAE,EAAE,QAAQ;YACZ,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,gBAAgB;YAC1B,WAAW,EAAE,yCAAyC;YACtD,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,qDAAqD;YAC/D,aAAa,EAAE,EAAE;YACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACrC;KACF,CAAC;IAEF,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,MAAM,GAAG,MAAM,iCAAiC,CAAC;YACrD,WAAW,EAAE,eAAe;YAC5B,QAAQ,EAAE,YAAY;YACtB,eAAe,EAAE,KAAK;YACtB,gBAAgB,EAAE,KAAK;YACvB,aAAa,EAAE,KAAK;SACrB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;QACvD,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,MAAM,GAAG,MAAM,iCAAiC,CAAC;YACrD,WAAW,EAAE,eAAe;YAC5B,QAAQ,EAAE,YAAY;YACtB,eAAe,EAAE,KAAK;YACtB,gBAAgB,EAAE,KAAK;YACvB,aAAa,EAAE,KAAK;SACrB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,kCAAkC,CAAC,CAAC;QAC5E,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;QACvC,MAAM,MAAM,GAAG,MAAM,iCAAiC,CAAC;YACrD,WAAW,EAAE,eAAe;YAC5B,QAAQ,EAAE,YAAY;YACtB,eAAe,EAAE,KAAK;YACtB,gBAAgB,EAAE,KAAK;YACvB,aAAa,EAAE,KAAK;SACrB,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,mCAAmC,CAAC,MAAM,CAAC,CAAC;QAC5D,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;QACnD,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;QACzD,MAAM,gBAAgB,GAAc;YAClC;gBACE,EAAE,EAAE,UAAU;gBACd,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,cAAc;gBACxB,WAAW,EAAE,uBAAuB;gBACpC,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,MAAM;gBAChB,aAAa,EAAE,EAAE;gBACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACrC;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,iCAAiC,CAAC;YACrD,WAAW,EAAE,eAAe;YAC5B,QAAQ,EAAE,gBAAgB;YAC1B,eAAe,EAAE,KAAK;YACtB,gBAAgB,EAAE,KAAK;YACvB,aAAa,EAAE,KAAK;SACrB,CAAC,CAAC;QAEH,qEAAqE;QACrE,MAAM,CAAC,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,WAAW,CAAC,YAAY,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;QAC/D,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}