verification-layer 0.20.0 → 0.22.0

package/dist/scanners/hipaa2026/index.test.js

@@ -0,0 +1,332 @@
+/**
+ * Tests for HIPAA 2026 Security Rule Scanner
+ */
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { hipaa2026Scanner } from './index.js';
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import * as os from 'os';
+describe('HIPAA 2026 Scanner', () => {
+    let tempDir = '';
+    let testFiles = [];
+    beforeEach(async () => {
+        tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'hipaa2026-test-'));
+    });
+    afterEach(async () => {
+        // Cleanup
+        for (const file of testFiles) {
+            try {
+                await fs.unlink(file);
+            }
+            catch {
+                // Ignore
+            }
+        }
+        try {
+            await fs.rm(tempDir, { recursive: true, force: true });
+        }
+        catch {
+            // Ignore
+        }
+        testFiles = [];
+    });
+    async function createTestFile(filename, content) {
+        const filePath = path.join(tempDir, filename);
+        await fs.writeFile(filePath, content, 'utf-8');
+        testFiles.push(filePath);
+        return filePath;
+    }
+    const scanOptions = {
+        path: tempDir,
+    };
+    describe('HIPAA-MFA-001: Multi-Factor Authentication', () => {
+        it('should detect PHI access without MFA', async () => {
+            const file = await createTestFile('auth.ts', `
+app.post('/login', async (req, res) => {
+  const user = await authenticateUser(req.body);
+  if (user.role === 'doctor') {
+    accessPatientRecords(user);
+  }
+});
+        `);
+            const findings = await hipaa2026Scanner.scan([file], scanOptions);
+            const mfaFindings = findings.filter((f) => f.id === 'HIPAA-MFA-001');
+            expect(mfaFindings.length).toBeGreaterThan(0);
+            expect(mfaFindings[0].severity).toBe('critical');
+            expect(mfaFindings[0].hipaaReference).toContain('164.312(a)(2)(i)');
+        });
+        it('should not flag PHI access with MFA', async () => {
+            const file = await createTestFile('auth-secure.ts', `
+app.post('/login', async (req, res) => {
+  const user = await authenticateUser(req.body);
+  if (!user.mfaVerified) {
+    return res.status(401).json({ error: 'MFA required' });
+  }
+  if (user.role === 'doctor') {
+    accessPatientRecords(user);
+  }
+});
+        `);
+            const findings = await hipaa2026Scanner.scan([file], scanOptions);
+            const mfaFindings = findings.filter((f) => f.id === 'HIPAA-MFA-001');
+            expect(mfaFindings.length).toBe(0);
+        });
+    });
+    describe('HIPAA-ENC-REST-001: Encryption at Rest', () => {
+        it('should detect database without encryption', async () => {
+            const file = await createTestFile('db.ts', `
+import mongoose from 'mongoose';
+
+mongoose.connect('mongodb://localhost:27017/patients', {
+  useNewUrlParser: true,
+});
+        `);
+            const findings = await hipaa2026Scanner.scan([file], scanOptions);
+            const encFindings = findings.filter((f) => f.id === 'HIPAA-ENC-REST-001');
+            expect(encFindings.length).toBeGreaterThan(0);
+            expect(encFindings[0].severity).toBe('critical');
+        });
+        it('should not flag database with encryption', async () => {
+            const file = await createTestFile('db-secure.ts', `
+import mongoose from 'mongoose';
+
+mongoose.connect('mongodb://localhost:27017/patients', {
+  useNewUrlParser: true,
+  ssl: true,
+  encrypt: true,
+});
+        `);
+            const findings = await hipaa2026Scanner.scan([file], scanOptions);
+            const encFindings = findings.filter((f) => f.id === 'HIPAA-ENC-REST-001');
+            expect(encFindings.length).toBe(0);
+        });
+    });
+    describe('HIPAA-SESSION-001: Session Timeout', () => {
+        it('should detect session without timeout', async () => {
+            const file = await createTestFile('session.ts', `
+import session from 'express-session';
+
+app.use(session({
+  secret: 'my-secret',
+  resave: false,
+  saveUninitialized: false,
+}));
+        `);
+            const findings = await hipaa2026Scanner.scan([file], scanOptions);
+            const sessionFindings = findings.filter((f) => f.id === 'HIPAA-SESSION-001');
+            expect(sessionFindings.length).toBeGreaterThan(0);
+            expect(sessionFindings[0].severity).toBe('high');
+        });
+        it('should not flag session with proper timeout', async () => {
+            const file = await createTestFile('session-secure.ts', `
+import session from 'express-session';
+
+app.use(session({
+  secret: 'my-secret',
+  resave: false,
+  saveUninitialized: false,
+  cookie: { maxAge: 900000 } // 15 minutes
+}));
+        `);
+            const findings = await hipaa2026Scanner.scan([file], scanOptions);
+            const sessionFindings = findings.filter((f) => f.id === 'HIPAA-SESSION-001');
+            expect(sessionFindings.length).toBe(0);
+        });
+    });
+    describe('HIPAA-REVOKE-001: Access Revocation', () => {
+        it('should detect user deactivation without token revocation', async () => {
+            const file = await createTestFile('user.ts', `
+async function deactivateUser(userId: string) {
+  await User.update({ id: userId }, { active: false });
+  console.log('User deactivated');
+}
+        `);
+            const findings = await hipaa2026Scanner.scan([file], scanOptions);
+            const revokeFindings = findings.filter((f) => f.id === 'HIPAA-REVOKE-001');
+            expect(revokeFindings.length).toBeGreaterThan(0);
+            expect(revokeFindings[0].severity).toBe('critical');
+        });
+        it('should not flag deactivation with token revocation', async () => {
+            const file = await createTestFile('user-secure.ts', `
+async function deactivateUser(userId: string) {
+  await User.update({ id: userId }, { active: false });
+  await revokeAllTokens(userId);
+  await invalidateAllSessions(userId);
+  console.log('User deactivated and tokens revoked');
+}
+        `);
+            const findings = await hipaa2026Scanner.scan([file], scanOptions);
+            const revokeFindings = findings.filter((f) => f.id === 'HIPAA-REVOKE-001');
+            expect(revokeFindings.length).toBe(0);
+        });
+    });
+    describe('HIPAA-BREACH-001: Breach Notification', () => {
+        it('should detect security errors without breach notification', async () => {
+            const file = await createTestFile('api.ts', `
+try {
+  await processPhiData(data);
+} catch (error) {
+  if (error.message.includes('unauthorized')) {
+    console.error('Security breach detected');
+  }
+}
+        `);
+            const findings = await hipaa2026Scanner.scan([file], scanOptions);
+            const breachFindings = findings.filter((f) => f.id === 'HIPAA-BREACH-001');
+            expect(breachFindings.length).toBeGreaterThan(0);
+            expect(breachFindings[0].severity).toBe('critical');
+        });
+        it('should not flag errors with breach notification', async () => {
+            const file = await createTestFile('api-secure.ts', `
+try {
+  await processPhiData(data);
+} catch (error) {
+  if (error.message.includes('unauthorized')) {
+    console.error('Security breach detected');
+    await notifyBreach(error);
+    await incidentResponse.trigger('security-breach');
+  }
+}
+        `);
+            const findings = await hipaa2026Scanner.scan([file], scanOptions);
+            const breachFindings = findings.filter((f) => f.id === 'HIPAA-BREACH-001');
+            expect(breachFindings.length).toBe(0);
+        });
+    });
+    describe('HIPAA-SEGMENT-001: Network Segmentation', () => {
+        it('should detect CORS wildcard for PHI endpoints', async () => {
+            const file = await createTestFile('cors.ts', `
+import cors from 'cors';
+
+app.use(cors({ origin: '*' }));
+
+app.get('/api/patients', async (req, res) => {
+  const patients = await getPatients();
+  res.json(patients);
+});
+        `);
+            const findings = await hipaa2026Scanner.scan([file], scanOptions);
+            const segmentFindings = findings.filter((f) => f.id === 'HIPAA-SEGMENT-001');
+            expect(segmentFindings.length).toBeGreaterThan(0);
+            expect(segmentFindings[0].severity).toBe('critical');
+        });
+        it('should not flag CORS with origin whitelist', async () => {
+            const file = await createTestFile('cors-secure.ts', `
+import cors from 'cors';
+
+app.use(cors({ origin: ['https://hospital.com', 'https://ehr.hospital.com'] }));
+
+app.get('/api/patients', async (req, res) => {
+  const patients = await getPatients();
+  res.json(patients);
+});
+        `);
+            const findings = await hipaa2026Scanner.scan([file], scanOptions);
+            const segmentFindings = findings.filter((f) => f.id === 'HIPAA-SEGMENT-001');
+            expect(segmentFindings.length).toBe(0);
+        });
+    });
+    describe('HIPAA-ASSET-001: Technology Asset Inventory', () => {
+        it('should generate asset inventory', async () => {
+            await createTestFile('services.ts', `
+import mongoose from 'mongoose';
+import { S3Client } from '@aws-sdk/client-s3';
+import axios from 'axios';
+
+mongoose.connect('mongodb://localhost/patients');
+const s3 = new S3Client({ region: 'us-east-1' });
+axios.get('https://api.external.com/patient-data');
+        `);
+            const findings = await hipaa2026Scanner.scan(testFiles, scanOptions);
+            const assetFindings = findings.filter((f) => f.id === 'HIPAA-ASSET-001');
+            expect(assetFindings.length).toBe(1);
+            expect(assetFindings[0].severity).toBe('high');
+            expect(assetFindings[0].file).toBe('ASSET-INVENTORY');
+            expect(assetFindings[0].recommendation).toContain('DATABASE');
+        });
+    });
+    describe('HIPAA-FLOW-001: PHI Flow Mapping', () => {
+        it('should generate PHI flow map', async () => {
+            await createTestFile('patient-flow.ts', `
+app.post('/api/patient', async (req, res) => {
+  const patientData = req.body.patient;
+  const validated = validatePatient(patientData);
+  await savePatient(validated);
+  return res.json({ success: true, patient: validated });
+});
+        `);
+            const findings = await hipaa2026Scanner.scan(testFiles, scanOptions);
+            const flowFindings = findings.filter((f) => f.id === 'HIPAA-FLOW-001');
+            expect(flowFindings.length).toBe(1);
+            expect(flowFindings[0].severity).toBe('high');
+            expect(flowFindings[0].file).toBe('PHI-FLOW-MAP');
+            expect(flowFindings[0].recommendation).toContain('INPUT');
+            expect(flowFindings[0].recommendation).toContain('PROCESSING');
+            expect(flowFindings[0].recommendation).toContain('STORAGE');
+        });
+    });
+    describe('HIPAA-PENTEST-001: Vulnerability Scanning', () => {
+        it('should detect missing vulnerability scanning config exactly once', async () => {
+            // Create multiple code files to verify it only reports once
+            await createTestFile('app.ts', 'const x = 1;');
+            await createTestFile('server.ts', 'const y = 2;');
+            await createTestFile('index.ts', 'const z = 3;');
+            const findings = await hipaa2026Scanner.scan(testFiles, { path: tempDir });
+            const pentestFindings = findings.filter((f) => f.id === 'HIPAA-PENTEST-001');
+            expect(pentestFindings.length).toBe(1);
+            expect(pentestFindings[0].severity).toBe('high');
+            expect(pentestFindings[0].file).toBe('project-level');
+        });
+        it('should not flag when dependabot exists', async () => {
+            const githubDir = path.join(tempDir, '.github');
+            await fs.mkdir(githubDir, { recursive: true });
+            await fs.writeFile(path.join(githubDir, 'dependabot.yml'), 'version: 2\nupdates:\n  - package-ecosystem: npm', 'utf-8');
+            await createTestFile('app.ts', 'const x = 1;');
+            const findings = await hipaa2026Scanner.scan(testFiles, { path: tempDir });
+            const pentestFindings = findings.filter((f) => f.id === 'HIPAA-PENTEST-001');
+            expect(pentestFindings.length).toBe(0);
+        });
+        it('should not flag when semgrep config exists', async () => {
+            await fs.writeFile(path.join(tempDir, '.semgrep.yml'), 'rules: []', 'utf-8');
+            await createTestFile('app.ts', 'const x = 1;');
+            const findings = await hipaa2026Scanner.scan(testFiles, { path: tempDir });
+            const pentestFindings = findings.filter((f) => f.id === 'HIPAA-PENTEST-001');
+            expect(pentestFindings.length).toBe(0);
+        });
+        it('should not flag when workflow contains security scanning', async () => {
+            const workflowDir = path.join(tempDir, '.github', 'workflows');
+            await fs.mkdir(workflowDir, { recursive: true });
+            await fs.writeFile(path.join(workflowDir, 'ci.yml'), 'name: CI\njobs:\n  scan:\n    steps:\n      - run: npm audit', 'utf-8');
+            await createTestFile('app.ts', 'const x = 1;');
+            const findings = await hipaa2026Scanner.scan(testFiles, { path: tempDir });
+            const pentestFindings = findings.filter((f) => f.id === 'HIPAA-PENTEST-001');
+            expect(pentestFindings.length).toBe(0);
+        });
+    });
+    describe('General Scanner Behavior', () => {
+        it('should only scan code files', async () => {
+            await createTestFile('README.md', 'patient data here');
+            await createTestFile('data.json', '{"patient": "data"}');
+            await createTestFile('code.ts', 'const patient = req.body;');
+            const findings = await hipaa2026Scanner.scan(testFiles, scanOptions);
+            // Should only find findings in code.ts
+            const uniqueFiles = new Set(findings.map((f) => path.basename(f.file)));
+            expect(uniqueFiles.has('README.md')).toBe(false);
+            expect(uniqueFiles.has('data.json')).toBe(false);
+        });
+        it('should include confidence scores', async () => {
+            const file = await createTestFile('auth.ts', `
+app.post('/login', async (req) => {
+  const user = await authenticateUser(req.body);
+  accessPatientRecords(user);
+});
+        `);
+            const findings = await hipaa2026Scanner.scan([file], scanOptions);
+            for (const finding of findings) {
+                expect(finding.confidence).toBeDefined();
+                expect(['high', 'medium', 'low']).toContain(finding.confidence);
+            }
+        });
+    });
+});
+//# sourceMappingURL=index.test.js.map

package/dist/scanners/hipaa2026/index.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.test.js","sourceRoot":"","sources":["../../../src/scanners/hipaa2026/index.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,OAAO,KAAK,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AAEzB,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,IAAI,OAAO,GAAW,EAAE,CAAC;IACzB,IAAI,SAAS,GAAa,EAAE,CAAC;IAE7B,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,iBAAiB,CAAC,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,UAAU;QACV,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACxB,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;QACH,CAAC;QACD,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,SAAS,GAAG,EAAE,CAAC;IACjB,CAAC,CAAC,CAAC;IAEH,KAAK,UAAU,cAAc,CAAC,QAAgB,EAAE,OAAe;QAC7D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC9C,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAC/C,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,WAAW,GAAgB;QAC/B,IAAI,EAAE,OAAO;KACd,CAAC;IAEF,QAAQ,CAAC,4CAA4C,EAAE,GAAG,EAAE;QAC1D,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;YACpD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,SAAS,EACT;;;;;;;SAOC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAClE,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;YAErE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAC9C,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACjD,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,gBAAgB,EAChB;;;;;;;;;;SAUC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAClE,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;YAErE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,wCAAwC,EAAE,GAAG,EAAE;QACtD,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;YACzD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,OAAO,EACP;;;;;;SAMC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAClE,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC;YAE1E,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAC9C,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;YACxD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,cAAc,EACd;;;;;;;;SAQC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAClE,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC;YAE1E,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAClD,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,YAAY,EACZ;;;;;;;;SAQC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAClE,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,mBAAmB,CAAC,CAAC;YAE7E,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAClD,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC3D,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,mBAAmB,EACnB;;;;;;;;;SASC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAClE,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,mBAAmB,CAAC,CAAC;YAE7E,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qCAAqC,EAAE,GAAG,EAAE;QACnD,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;YACxE,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,SAAS,EACT;;;;;SAKC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAClE,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,kBAAkB,CAAC,CAAC;YAE3E,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,gBAAgB,EAChB;;;;;;;SAOC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAClE,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,kBAAkB,CAAC,CAAC;YAE3E,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uCAAuC,EAAE,GAAG,EAAE;QACrD,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;YACzE,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,QAAQ,EACR;;;;;;;;SAQC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAClE,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,kBAAkB,CAAC,CAAC;YAE3E,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;YAC/D,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,eAAe,EACf;;;;;;;;;;SAUC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAClE,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,kBAAkB,CAAC,CAAC;YAE3E,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACvD,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,SAAS,EACT;;;;;;;;;SASC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAClE,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,mBAAmB,CAAC,CAAC;YAE7E,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAClD,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,gBAAgB,EAChB;;;;;;;;;SASC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAClE,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,mBAAmB,CAAC,CAAC;YAE7E,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,6CAA6C,EAAE,GAAG,EAAE;QAC3D,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;YAC/C,MAAM,cAAc,CAClB,aAAa,EACb;;;;;;;;SAQC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;YACrE,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,iBAAiB,CAAC,CAAC;YAEzE,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACrC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC/C,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACtD,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAChD,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC5C,MAAM,cAAc,CAClB,iBAAiB,EACjB;;;;;;;SAOC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;YACrE,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,gBAAgB,CAAC,CAAC;YAEvE,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACpC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC9C,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAClD,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAC1D,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YAC/D,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACzD,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;YAChF,4DAA4D;YAC5D,MAAM,cAAc,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;YAC/C,MAAM,cAAc,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;YAClD,MAAM,cAAc,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YAEjD,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAC3E,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,mBAAmB,CAAC,CAAC;YAE7E,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACvC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;YACtD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAChD,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/C,MAAM,EAAE,CAAC,SAAS,CAChB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,gBAAgB,CAAC,EACtC,kDAAkD,EAClD,OAAO,CACR,CAAC;YAEF,MAAM,cAAc,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;YAE/C,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAC3E,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,mBAAmB,CAAC,CAAC;YAE7E,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM,EAAE,CAAC,SAAS,CAChB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,EAClC,WAAW,EACX,OAAO,CACR,CAAC;YAEF,MAAM,cAAc,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;YAE/C,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAC3E,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,mBAAmB,CAAC,CAAC;YAE7E,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;YACxE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACjD,MAAM,EAAE,CAAC,SAAS,CAChB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,EAChC,8DAA8D,EAC9D,OAAO,CACR,CAAC;YAEF,MAAM,cAAc,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;YAE/C,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAC3E,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,mBAAmB,CAAC,CAAC;YAE7E,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;QACxC,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;YAC3C,MAAM,cAAc,CAAC,WAAW,EAAE,mBAAmB,CAAC,CAAC;YACvD,MAAM,cAAc,CAAC,WAAW,EAAE,qBAAqB,CAAC,CAAC;YACzD,MAAM,cAAc,CAAC,SAAS,EAAE,2BAA2B,CAAC,CAAC;YAE7D,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;YAErE,uCAAuC;YACvC,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACxE,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACjD,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YAChD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,SAAS,EACT;;;;;SAKC,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAElE,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;gBACzC,MAAM,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAClE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/scanners/hipaa2026/patterns.d.ts

@@ -0,0 +1,57 @@
+/**
+ * HIPAA 2026 Security Rule Detection Patterns
+ * Covers 15 technical requirements (all now "required" instead of "addressable")
+ * Expected enforcement: May 2026
+ */
+export interface HIPAA2026Pattern {
+    id: string;
+    name: string;
+    description: string;
+    severity: 'critical' | 'high';
+    hipaaReference: string;
+    patterns: RegExp[];
+    negativePatterns?: RegExp[];
+    autoFix?: string;
+    confidence: 'high' | 'medium' | 'low';
+    category: string;
+}
+/**
+ * HIPAA-MFA-001: Multi-Factor Authentication Enforcement
+ */
+export declare const MFA_PATTERNS: HIPAA2026Pattern;
+/**
+ * HIPAA-ENC-REST-001: Encryption at Rest
+ */
+export declare const ENCRYPTION_AT_REST_PATTERNS: HIPAA2026Pattern;
+/**
+ * HIPAA-SESSION-001: Automatic Session Timeout
+ */
+export declare const SESSION_TIMEOUT_PATTERNS: HIPAA2026Pattern;
+/**
+ * HIPAA-REVOKE-001: Immediate Access Revocation
+ */
+export declare const ACCESS_REVOCATION_PATTERNS: HIPAA2026Pattern;
+/**
+ * HIPAA-BREACH-001: 24-Hour Breach Notification
+ */
+export declare const BREACH_NOTIFICATION_PATTERNS: HIPAA2026Pattern;
+/**
+ * HIPAA-SEGMENT-001: Network Segmentation
+ */
+export declare const NETWORK_SEGMENTATION_PATTERNS: HIPAA2026Pattern;
+/**
+ * HIPAA-ASSET-001: Technology Asset Inventory
+ * Special pattern - triggers asset inventory generation
+ */
+export declare const ASSET_INVENTORY_PATTERNS: HIPAA2026Pattern;
+/**
+ * HIPAA-FLOW-001: ePHI Flow Mapping
+ * Special pattern - triggers flow map generation
+ */
+export declare const PHI_FLOW_MAPPING_PATTERNS: HIPAA2026Pattern;
+/**
+ * HIPAA-PENTEST-001: Vulnerability Scanning Configuration
+ */
+export declare const VULNERABILITY_SCANNING_PATTERNS: HIPAA2026Pattern;
+export declare const ALL_HIPAA_2026_PATTERNS: HIPAA2026Pattern[];
+//# sourceMappingURL=patterns.d.ts.map

package/dist/scanners/hipaa2026/patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../../src/scanners/hipaa2026/patterns.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,gBA2B1B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,2BAA2B,EAAE,gBA6BzC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wBAAwB,EAAE,gBA0BtC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,EAAE,gBAyBxC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,4BAA4B,EAAE,gBAuB1C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,6BAA6B,EAAE,gBAyB3C,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,wBAAwB,EAAE,gBAmBtC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,yBAAyB,EAAE,gBAmBvC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,+BAA+B,EAAE,gBAoB7C,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,gBAAgB,EAUrD,CAAC"}