verification-layer 0.20.0 → 0.22.0

package/dist/scanners/hipaa2026/index.js

@@ -0,0 +1,345 @@
+/**
+ * HIPAA 2026 Security Rule Scanner
+ * Implements detection for 15 technical requirements (all now "required")
+ * Expected enforcement: May 2026
+ */
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import { ALL_HIPAA_2026_PATTERNS, } from './patterns.js';
+/**
+ * Generate asset inventory for ePHI systems
+ */
+async function generateAssetInventory(file, content, lines) {
+    const assets = [];
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        // Database assets
+        if (/(?:mongoose|sequelize|prisma|typeorm)\.(?:connect|model)/i.test(line)) {
+            assets.push({
+                type: 'database',
+                name: extractAssetName(line, 'database'),
+                file,
+                line: i + 1,
+                processesPHI: /(?:patient|phi|medical|health)/i.test(content),
+            });
+        }
+        // Storage assets
+        if (/(?:s3|azure\.storage|gcs)\./i.test(line)) {
+            assets.push({
+                type: 'storage',
+                name: extractAssetName(line, 'storage'),
+                file,
+                line: i + 1,
+                processesPHI: /(?:patient|phi|medical)/i.test(content),
+            });
+        }
+        // Third-party integrations
+        if (/(?:stripe|twilio|sendgrid|mailgun)\.(?:api|client)/i.test(line)) {
+            assets.push({
+                type: 'third-party',
+                name: extractAssetName(line, 'third-party'),
+                file,
+                line: i + 1,
+                processesPHI: /(?:patient|phi|medical)/i.test(content),
+            });
+        }
+        // API endpoints
+        if (/(?:axios|fetch|got|request)\./i.test(line)) {
+            assets.push({
+                type: 'api',
+                name: extractAssetName(line, 'api'),
+                file,
+                line: i + 1,
+                processesPHI: /(?:patient|phi|medical)/i.test(content),
+            });
+        }
+    }
+    return assets;
+}
+/**
+ * Map PHI data flow through system
+ */
+async function mapPHIFlow(file, content, lines) {
+    const flows = [];
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        // Input points
+        if (/(?:req\.body|req\.params|req\.query).*?(?:patient|phi|medical)/i.test(line)) {
+            flows.push({
+                stage: 'input',
+                file,
+                line: i + 1,
+                context: line.trim(),
+            });
+        }
+        // Processing
+        if (/(?:process|transform|validate).*?(?:patient|phi)/i.test(line)) {
+            flows.push({
+                stage: 'processing',
+                file,
+                line: i + 1,
+                context: line.trim(),
+            });
+        }
+        // Storage
+        if (/(?:save|insert|update|create).*?(?:patient|phi)/i.test(line)) {
+            flows.push({
+                stage: 'storage',
+                file,
+                line: i + 1,
+                context: line.trim(),
+            });
+        }
+        // Output
+        if (/(?:res\.(?:send|json)|return).*?(?:patient|phi)/i.test(line)) {
+            flows.push({
+                stage: 'output',
+                file,
+                line: i + 1,
+                context: line.trim(),
+            });
+        }
+    }
+    return flows;
+}
+/**
+ * Check for vulnerability scanning configuration (project-level check)
+ */
+async function checkVulnerabilityScanning(projectRoot) {
+    const configFiles = [
+        '.github/dependabot.yml',
+        '.github/dependabot.yaml',
+        '.github/workflows/security.yml',
+        '.github/workflows/security.yaml',
+        '.snyk',
+        '.semgrep.yml',
+        '.semgrep.yaml',
+        'snyk.json',
+        '.trivyignore',
+        'trivy.yaml',
+    ];
+    for (const configFile of configFiles) {
+        try {
+            await fs.access(path.join(projectRoot, configFile));
+            return true;
+        }
+        catch {
+            // File doesn't exist
+        }
+    }
+    // Check all workflow files for security-related scanning
+    try {
+        const workflowDir = path.join(projectRoot, '.github', 'workflows');
+        const entries = await fs.readdir(workflowDir);
+        for (const entry of entries) {
+            if (/security|codeql|snyk|trivy|semgrep|dependabot|vulnerability|sast|dast/i.test(entry)) {
+                return true;
+            }
+            // Also check workflow content for scanning steps
+            try {
+                const content = await fs.readFile(path.join(workflowDir, entry), 'utf-8');
+                if (/(?:snyk|trivy|semgrep|codeql|npm audit|security.scan|vulnerability)/i.test(content)) {
+                    return true;
+                }
+            }
+            catch {
+                // Skip unreadable files
+            }
+        }
+    }
+    catch {
+        // No .github/workflows directory
+    }
+    // Check package.json for security scripts
+    try {
+        const packageJson = await fs.readFile(path.join(projectRoot, 'package.json'), 'utf-8');
+        if (/(?:snyk|audit|security)/.test(packageJson)) {
+            return true;
+        }
+    }
+    catch {
+        // No package.json
+    }
+    return false;
+}
+/**
+ * Extract asset name from code line
+ */
+function extractAssetName(line, type) {
+    // Try to extract connection string or identifier
+    const match = line.match(/['"`]([^'"`]+)['"`]/);
+    if (match)
+        return match[1];
+    // Fallback to generic name
+    return `${type}-${Math.random().toString(36).substring(7)}`;
+}
+/**
+ * Format asset inventory for report
+ */
+function formatAssetInventory(assets) {
+    const byType = assets.reduce((acc, asset) => {
+        if (!acc[asset.type])
+            acc[asset.type] = [];
+        acc[asset.type].push(asset);
+        return acc;
+    }, {});
+    let report = '## ePHI Technology Asset Inventory\n\n';
+    for (const [type, items] of Object.entries(byType)) {
+        report += `### ${type.toUpperCase()}\n`;
+        for (const item of items) {
+            const phi = item.processesPHI ? '⚠️ Processes PHI' : '';
+            report += `- ${item.name} (${item.file}:${item.line}) ${phi}\n`;
+        }
+        report += '\n';
+    }
+    return report;
+}
+/**
+ * Format PHI flow map for report
+ */
+function formatPHIFlowMap(flows) {
+    const byStage = flows.reduce((acc, flow) => {
+        if (!acc[flow.stage])
+            acc[flow.stage] = [];
+        acc[flow.stage].push(flow);
+        return acc;
+    }, {});
+    let report = '## ePHI Data Flow Map\n\n';
+    const stages = ['input', 'processing', 'storage', 'output'];
+    for (const stage of stages) {
+        const items = byStage[stage] || [];
+        if (items.length === 0)
+            continue;
+        report += `### ${stage.toUpperCase()} (${items.length} points)\n`;
+        for (const item of items.slice(0, 5)) {
+            // Limit to 5 per stage
+            report += `- ${item.file}:${item.line} - ${item.context.substring(0, 60)}...\n`;
+        }
+        if (items.length > 5) {
+            report += `- ... and ${items.length - 5} more\n`;
+        }
+        report += '\n';
+    }
+    return report;
+}
+export const hipaa2026Scanner = {
+    name: 'HIPAA 2026 Security Rule Scanner',
+    category: 'access-control',
+    async scan(files, options) {
+        const findings = [];
+        const assetInventory = [];
+        const phiFlowMap = [];
+        // Filter to code files only
+        const codeFiles = files.filter((f) => /\.(js|ts|jsx|tsx|py|java|go|rb|php|cs)$/i.test(f));
+        for (const file of codeFiles) {
+            try {
+                const content = await fs.readFile(file, 'utf-8');
+                const lines = content.split('\n');
+                // Scan each HIPAA 2026 pattern
+                for (const pattern of ALL_HIPAA_2026_PATTERNS) {
+                    // Special handling for asset inventory
+                    if (pattern.id === 'HIPAA-ASSET-001') {
+                        const assets = await generateAssetInventory(file, content, lines);
+                        assetInventory.push(...assets);
+                        continue;
+                    }
+                    // Special handling for PHI flow mapping
+                    if (pattern.id === 'HIPAA-FLOW-001') {
+                        const flows = await mapPHIFlow(file, content, lines);
+                        phiFlowMap.push(...flows);
+                        continue;
+                    }
+                    // Skip project-level checks in per-file loop (handled after)
+                    if (pattern.id === 'HIPAA-PENTEST-001') {
+                        continue;
+                    }
+                    // Standard pattern matching
+                    for (let i = 0; i < lines.length; i++) {
+                        const line = lines[i];
+                        const lineNumber = i + 1;
+                        // Check if line matches violation pattern
+                        const matched = pattern.patterns.some((p) => p.test(line));
+                        if (!matched)
+                            continue;
+                        // Check if negative patterns indicate compliance
+                        const isCompliant = pattern.negativePatterns?.some((p) => {
+                            // Check current line and next 3 lines for compliance indicators
+                            const context = lines.slice(i, i + 4).join('\n');
+                            return p.test(context);
+                        }) || false;
+                        if (isCompliant)
+                            continue;
+                        // Create finding
+                        findings.push({
+                            id: pattern.id,
+                            category: pattern.category,
+                            severity: pattern.severity,
+                            title: pattern.name,
+                            description: `${pattern.description}\n\nCode: ${line.trim()}`,
+                            file: file,
+                            line: lineNumber,
+                            recommendation: pattern.autoFix ||
+                                `Address ${pattern.name} per ${pattern.hipaaReference}`,
+                            hipaaReference: pattern.hipaaReference,
+                            confidence: pattern.confidence,
+                        });
+                    }
+                }
+            }
+            catch (error) {
+                // Skip files that can't be read
+            }
+        }
+        // Project-level check: vulnerability scanning (once, not per-file)
+        const pentestPattern = ALL_HIPAA_2026_PATTERNS.find(p => p.id === 'HIPAA-PENTEST-001');
+        if (pentestPattern) {
+            const hasVulnScanning = await checkVulnerabilityScanning(options.path);
+            if (!hasVulnScanning) {
+                findings.push({
+                    id: pentestPattern.id,
+                    category: pentestPattern.category,
+                    severity: pentestPattern.severity,
+                    title: pentestPattern.name,
+                    description: pentestPattern.description,
+                    file: 'project-level',
+                    line: 1,
+                    recommendation: pentestPattern.autoFix || '',
+                    hipaaReference: pentestPattern.hipaaReference,
+                    confidence: pentestPattern.confidence,
+                });
+            }
+        }
+        // Generate asset inventory finding
+        if (assetInventory.length > 0) {
+            findings.push({
+                id: 'HIPAA-ASSET-001',
+                category: 'data-retention',
+                severity: 'high',
+                title: 'ePHI Technology Asset Inventory Generated',
+                description: `Found ${assetInventory.length} assets processing ePHI`,
+                file: 'ASSET-INVENTORY',
+                line: 1,
+                recommendation: formatAssetInventory(assetInventory),
+                hipaaReference: '45 CFR §164.308(a)(1)(ii)(A) - Risk Analysis (Required)',
+                confidence: 'high',
+            });
+        }
+        // Generate PHI flow map finding
+        if (phiFlowMap.length > 0) {
+            findings.push({
+                id: 'HIPAA-FLOW-001',
+                category: 'data-retention',
+                severity: 'high',
+                title: 'ePHI Flow Map Generated',
+                description: `Identified ${phiFlowMap.length} PHI data flow points`,
+                file: 'PHI-FLOW-MAP',
+                line: 1,
+                recommendation: formatPHIFlowMap(phiFlowMap),
+                hipaaReference: '45 CFR §164.308(a)(1)(ii)(A) - Risk Analysis (Required)',
+                confidence: 'high',
+            });
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=index.js.map

package/dist/scanners/hipaa2026/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scanners/hipaa2026/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EACL,uBAAuB,GAExB,MAAM,eAAe,CAAC;AAiBvB;;GAEG;AACH,KAAK,UAAU,sBAAsB,CACnC,IAAY,EACZ,OAAe,EACf,KAAe;IAEf,MAAM,MAAM,GAAyB,EAAE,CAAC;IAExC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,kBAAkB;QAClB,IAAI,2DAA2D,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3E,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,gBAAgB,CAAC,IAAI,EAAE,UAAU,CAAC;gBACxC,IAAI;gBACJ,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,YAAY,EAAE,iCAAiC,CAAC,IAAI,CAAC,OAAO,CAAC;aAC9D,CAAC,CAAC;QACL,CAAC;QAED,iBAAiB;QACjB,IAAI,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9C,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC;gBACvC,IAAI;gBACJ,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,YAAY,EAAE,0BAA0B,CAAC,IAAI,CAAC,OAAO,CAAC;aACvD,CAAC,CAAC;QACL,CAAC;QAED,2BAA2B;QAC3B,IAAI,qDAAqD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACrE,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,aAAa;gBACnB,IAAI,EAAE,gBAAgB,CAAC,IAAI,EAAE,aAAa,CAAC;gBAC3C,IAAI;gBACJ,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,YAAY,EAAE,0BAA0B,CAAC,IAAI,CAAC,OAAO,CAAC;aACvD,CAAC,CAAC;QACL,CAAC;QAED,gBAAgB;QAChB,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,KAAK;gBACX,IAAI,EAAE,gBAAgB,CAAC,IAAI,EAAE,KAAK,CAAC;gBACnC,IAAI;gBACJ,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,YAAY,EAAE,0BAA0B,CAAC,IAAI,CAAC,OAAO,CAAC;aACvD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,UAAU,CACvB,IAAY,EACZ,OAAe,EACf,KAAe;IAEf,MAAM,KAAK,GAAkB,EAAE,CAAC;IAEhC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,eAAe;QACf,IAAI,iEAAiE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjF,KAAK,CAAC,IAAI,CAAC;gBACT,KAAK,EAAE,OAAO;gBACd,IAAI;gBACJ,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE;aACrB,CAAC,CAAC;QACL,CAAC;QAED,aAAa;QACb,IAAI,mDAAmD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnE,KAAK,CAAC,IAAI,CAAC;gBACT,KAAK,EAAE,YAAY;gBACnB,IAAI;gBACJ,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE;aACrB,CAAC,CAAC;QACL,CAAC;QAED,UAAU;QACV,IAAI,kDAAkD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC;gBACT,KAAK,EAAE,SAAS;gBAChB,IAAI;gBACJ,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE;aACrB,CAAC,CAAC;QACL,CAAC;QAED,SAAS;QACT,IAAI,kDAAkD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC;gBACT,KAAK,EAAE,QAAQ;gBACf,IAAI;gBACJ,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE;aACrB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,0BAA0B,CAAC,WAAmB;IAC3D,MAAM,WAAW,GAAG;QAClB,wBAAwB;QACxB,yBAAyB;QACzB,gCAAgC;QAChC,iCAAiC;QACjC,OAAO;QACP,cAAc;QACd,eAAe;QACf,WAAW;QACX,cAAc;QACd,YAAY;KACb,CAAC;IAEF,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC,CAAC;YACpD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB;QACvB,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;QACnE,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAC9C,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,wEAAwE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzF,OAAO,IAAI,CAAC;YACd,CAAC;YACD,iDAAiD;YACjD,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,EAAE,OAAO,CAAC,CAAC;gBAC1E,IAAI,sEAAsE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBACzF,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iCAAiC;IACnC,CAAC;IAED,0CAA0C;IAC1C,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,QAAQ,CACnC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,EACtC,OAAO,CACR,CAAC;QACF,IAAI,yBAAyB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAChD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,kBAAkB;IACpB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,IAAY,EAAE,IAAY;IAClD,iDAAiD;IACjD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAChD,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;IAE3B,2BAA2B;IAC3B,OAAO,GAAG,IAAI,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,MAA4B;IACxD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAC1B,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QACb,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QAC3C,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5B,OAAO,GAAG,CAAC;IACb,CAAC,EACD,EAA0C,CAC3C,CAAC;IAEF,IAAI,MAAM,GAAG,wCAAwC,CAAC;IAEtD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,OAAO,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC;QACxC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,GAAG,IAAI,CAAC;QAClE,CAAC;QACD,MAAM,IAAI,IAAI,CAAC;IACjB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,KAAoB;IAC5C,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAC1B,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;QACZ,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QAC3C,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3B,OAAO,GAAG,CAAC;IACb,CAAC,EACD,EAAmC,CACpC,CAAC;IAEF,IAAI,MAAM,GAAG,2BAA2B,CAAC;IACzC,MAAM,MAAM,GAAG,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAU,CAAC;IAErE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEjC,MAAM,IAAI,OAAO,KAAK,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,MAAM,YAAY,CAAC;QAClE,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACrC,uBAAuB;YACvB,MAAM,IAAI,KAAK,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC;QAClF,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,aAAa,KAAK,CAAC,MAAM,GAAG,CAAC,SAAS,CAAC;QACnD,CAAC;QACD,MAAM,IAAI,IAAI,CAAC;IACjB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAY;IACvC,IAAI,EAAE,kCAAkC;IACxC,QAAQ,EAAE,gBAAgB;IAE1B,KAAK,CAAC,IAAI,CAAC,KAAe,EAAE,OAAoB;QAC9C,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAyB,EAAE,CAAC;QAChD,MAAM,UAAU,GAAkB,EAAE,CAAC;QAErC,4BAA4B;QAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACnC,0CAA0C,CAAC,IAAI,CAAC,CAAC,CAAC,CACnD,CAAC;QAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBACjD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAElC,+BAA+B;gBAC/B,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;oBAC9C,uCAAuC;oBACvC,IAAI,OAAO,CAAC,EAAE,KAAK,iBAAiB,EAAE,CAAC;wBACrC,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;wBAClE,cAAc,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;wBAC/B,SAAS;oBACX,CAAC;oBAED,wCAAwC;oBACxC,IAAI,OAAO,CAAC,EAAE,KAAK,gBAAgB,EAAE,CAAC;wBACpC,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;wBACrD,UAAU,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;wBAC1B,SAAS;oBACX,CAAC;oBAED,6DAA6D;oBAC7D,IAAI,OAAO,CAAC,EAAE,KAAK,mBAAmB,EAAE,CAAC;wBACvC,SAAS;oBACX,CAAC;oBAED,4BAA4B;oBAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;wBACtB,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,CAAC;wBAEzB,0CAA0C;wBAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;wBAC3D,IAAI,CAAC,OAAO;4BAAE,SAAS;wBAEvB,iDAAiD;wBACjD,MAAM,WAAW,GACf,OAAO,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;4BACnC,gEAAgE;4BAChE,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;4BACjD,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;wBACzB,CAAC,CAAC,IAAI,KAAK,CAAC;wBAEd,IAAI,WAAW;4BAAE,SAAS;wBAE1B,iBAAiB;wBACjB,QAAQ,CAAC,IAAI,CAAC;4BACZ,EAAE,EAAE,OAAO,CAAC,EAAE;4BACd,QAAQ,EAAE,OAAO,CAAC,QAAe;4BACjC,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,KAAK,EAAE,OAAO,CAAC,IAAI;4BACnB,WAAW,EAAE,GAAG,OAAO,CAAC,WAAW,aAAa,IAAI,CAAC,IAAI,EAAE,EAAE;4BAC7D,IAAI,EAAE,IAAI;4BACV,IAAI,EAAE,UAAU;4BAChB,cAAc,EACZ,OAAO,CAAC,OAAO;gCACf,WAAW,OAAO,CAAC,IAAI,QAAQ,OAAO,CAAC,cAAc,EAAE;4BACzD,cAAc,EAAE,OAAO,CAAC,cAAc;4BACtC,UAAU,EAAE,OAAO,CAAC,UAAU;yBAC/B,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,gCAAgC;YAClC,CAAC;QACH,CAAC;QAED,mEAAmE;QACnE,MAAM,cAAc,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,mBAAmB,CAAC,CAAC;QACvF,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,eAAe,GAAG,MAAM,0BAA0B,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACvE,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,cAAc,CAAC,EAAE;oBACrB,QAAQ,EAAE,cAAc,CAAC,QAAe;oBACxC,QAAQ,EAAE,cAAc,CAAC,QAAQ;oBACjC,KAAK,EAAE,cAAc,CAAC,IAAI;oBAC1B,WAAW,EAAE,cAAc,CAAC,WAAW;oBACvC,IAAI,EAAE,eAAe;oBACrB,IAAI,EAAE,CAAC;oBACP,cAAc,EAAE,cAAc,CAAC,OAAO,IAAI,EAAE;oBAC5C,cAAc,EAAE,cAAc,CAAC,cAAc;oBAC7C,UAAU,EAAE,cAAc,CAAC,UAAU;iBACtC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,mCAAmC;QACnC,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,iBAAiB;gBACrB,QAAQ,EAAE,gBAAgB;gBAC1B,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,2CAA2C;gBAClD,WAAW,EAAE,SAAS,cAAc,CAAC,MAAM,yBAAyB;gBACpE,IAAI,EAAE,iBAAiB;gBACvB,IAAI,EAAE,CAAC;gBACP,cAAc,EAAE,oBAAoB,CAAC,cAAc,CAAC;gBACpD,cAAc,EACZ,yDAAyD;gBAC3D,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAED,gCAAgC;QAChC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,gBAAgB;gBACpB,QAAQ,EAAE,gBAAgB;gBAC1B,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,yBAAyB;gBAChC,WAAW,EAAE,cAAc,UAAU,CAAC,MAAM,uBAAuB;gBACnE,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,CAAC;gBACP,cAAc,EAAE,gBAAgB,CAAC,UAAU,CAAC;gBAC5C,cAAc,EACZ,yDAAyD;gBAC3D,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/scanners/hipaa2026/index.test.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Tests for HIPAA 2026 Security Rule Scanner
+ */
+export {};
+//# sourceMappingURL=index.test.d.ts.map

package/dist/scanners/hipaa2026/index.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.test.d.ts","sourceRoot":"","sources":["../../../src/scanners/hipaa2026/index.test.ts"],"names":[],"mappings":"AAAA;;GAEG"}