evidentia-core 0.6.0__tar.gz

evidentia_core-0.6.0/.gitignore

@@ -0,0 +1,95 @@
+# v0.4.0 — frontend build output lands in the Python package's static
+# directory at wheel-assembly time via the hatchling build hook. The
+# .gitkeep file in static/ is tracked; everything else is regenerated.
+packages/evidentia-api/src/evidentia_api/static/assets/
+packages/evidentia-api/src/evidentia_api/static/index.html
+packages/evidentia-api/src/evidentia_api/static/*.js
+packages/evidentia-api/src/evidentia_api/static/*.css
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+# NB: `lib/` and `lib64/` above would otherwise also match
+# packages/evidentia-ui/src/lib/ (TypeScript utils). Scope to top-level
+# only — there's no real Python-venv lib/ we'd fail to ignore because
+# .venv/ and venv/ below cover that case.
+!packages/evidentia-ui/src/lib/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environments
+.venv/
+venv/
+ENV/
+env/
+
+# uv
+# NOTE: uv.lock is committed for reproducible builds.
+# https://docs.astral.sh/uv/concepts/projects/sync/#locking-dependencies
+
+# Testing
+.pytest_cache/
+.coverage
+.coverage.*
+htmlcov/
+.tox/
+.cache
+coverage.xml
+*.cover
+.hypothesis/
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Ruff
+.ruff_cache/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+
+# Claude Code local state
+.claude/
+
+# Evidentia runtime — user project state (NOT bundled examples).
+# `.controlbridge/` and `/controlbridge.yaml` are kept ignored for the
+# lifetime of the shim (through v0.7.0) so legacy project workspaces
+# authored against v0.1.0 – v0.5.0 don't start leaking into git.
+.evidentia/
+.controlbridge/
+/evidentia.yaml
+/controlbridge.yaml
+*.local.yaml
+evidence/
+reports/
+risks/
+
+# Generated reports from examples (keep source files, ignore generated ones)
+examples/**/report.json
+examples/**/report.csv
+examples/**/report.md
+examples/**/report.oscal.json
+examples/**/risks.json

evidentia_core-0.6.0/PKG-INFO

@@ -0,0 +1,48 @@
+Metadata-Version: 2.4
+Name: evidentia-core
+Version: 0.6.0
+Summary: Core data models, catalog loading, and gap analysis engine for Evidentia GRC tool
+Project-URL: Homepage, https://github.com/allenfbyrd/evidentia
+Project-URL: Repository, https://github.com/allenfbyrd/evidentia
+Project-URL: Issues, https://github.com/allenfbyrd/evidentia/issues
+Project-URL: Changelog, https://github.com/allenfbyrd/evidentia/blob/main/CHANGELOG.md
+Author-email: Allen Byrd <allen@allenfbyrd.com>
+License-Expression: Apache-2.0
+Keywords: compliance,gap-analysis,grc,nist,oscal,pydantic,risk,soc2
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Typing :: Typed
+Requires-Python: >=3.12
+Requires-Dist: platformdirs>=4.3
+Requires-Dist: pydantic-settings>=2.6
+Requires-Dist: pydantic>=2.9
+Requires-Dist: python-dateutil>=2.9
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: thefuzz[speedup]>=0.22
+Description-Content-Type: text/markdown
+
+# evidentia-core
+
+Core data models, OSCAL catalog loaders, and the gap analysis engine for [Evidentia](https://github.com/allenfbyrd/evidentia).
+
+This package has no AI dependencies and can be installed standalone for environments that need only the gap analysis functionality.
+
+## Provides
+
+- **Pydantic v2 data models** for controls, evidence, risks, gaps, findings, catalogs, and system context
+- **OSCAL catalog loader** for NIST 800-53, NIST CSF, and other OSCAL-formatted frameworks
+- **Crosswalk engine** for cross-framework control mappings
+- **Gap analyzer** that compares a control inventory against framework catalogs
+- **Report formatters** for JSON, CSV, Markdown, and OSCAL Assessment Results
+
+## Install
+
+```bash
+pip install evidentia-core
+```
+
+License: Apache 2.0

evidentia_core-0.6.0/README.md

@@ -0,0 +1,21 @@
+# evidentia-core
+
+Core data models, OSCAL catalog loaders, and the gap analysis engine for [Evidentia](https://github.com/allenfbyrd/evidentia).
+
+This package has no AI dependencies and can be installed standalone for environments that need only the gap analysis functionality.
+
+## Provides
+
+- **Pydantic v2 data models** for controls, evidence, risks, gaps, findings, catalogs, and system context
+- **OSCAL catalog loader** for NIST 800-53, NIST CSF, and other OSCAL-formatted frameworks
+- **Crosswalk engine** for cross-framework control mappings
+- **Gap analyzer** that compares a control inventory against framework catalogs
+- **Report formatters** for JSON, CSV, Markdown, and OSCAL Assessment Results
+
+## Install
+
+```bash
+pip install evidentia-core
+```
+
+License: Apache 2.0

evidentia_core-0.6.0/pyproject.toml

@@ -0,0 +1,39 @@
+[project]
+name = "evidentia-core"
+version = "0.6.0"
+description = "Core data models, catalog loading, and gap analysis engine for Evidentia GRC tool"
+readme = "README.md"
+authors = [{name = "Allen Byrd", email = "allen@allenfbyrd.com"}]
+license = "Apache-2.0"
+requires-python = ">=3.12"
+keywords = ["grc", "compliance", "oscal", "nist", "soc2", "risk", "gap-analysis", "pydantic"]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Intended Audience :: Information Technology",
+    "License :: OSI Approved :: Apache Software License",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Software Development :: Libraries :: Python Modules",
+    "Typing :: Typed",
+]
+dependencies = [
+    "pydantic>=2.9",
+    "pydantic-settings>=2.6",
+    "pyyaml>=6.0",
+    "python-dateutil>=2.9",
+    "thefuzz[speedup]>=0.22",
+    "platformdirs>=4.3",
+]
+
+[project.urls]
+Homepage = "https://github.com/allenfbyrd/evidentia"
+Repository = "https://github.com/allenfbyrd/evidentia"
+Issues = "https://github.com/allenfbyrd/evidentia/issues"
+Changelog = "https://github.com/allenfbyrd/evidentia/blob/main/CHANGELOG.md"
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/evidentia_core"]

evidentia_core-0.6.0/src/evidentia_core/__init__.py

@@ -0,0 +1,9 @@
+"""Evidentia core: data models, OSCAL catalog loaders, and gap analysis engine."""
+
+from importlib.metadata import PackageNotFoundError
+from importlib.metadata import version as _pkg_version
+
+try:
+    __version__ = _pkg_version("evidentia-core")
+except PackageNotFoundError:  # pragma: no cover — only hit in editable repos without install
+    __version__ = "0.0.0+unknown"

evidentia_core-0.6.0/src/evidentia_core/catalogs/__init__.py

@@ -0,0 +1,17 @@
+"""Framework catalog loading, crosswalks, and registry."""
+
+from evidentia_core.catalogs.crosswalk import CrosswalkEngine
+from evidentia_core.catalogs.loader import (
+    load_catalog,
+    load_evidentia_catalog,
+    load_oscal_catalog,
+)
+from evidentia_core.catalogs.registry import FrameworkRegistry
+
+__all__ = [
+    "CrosswalkEngine",
+    "FrameworkRegistry",
+    "load_catalog",
+    "load_evidentia_catalog",
+    "load_oscal_catalog",
+]

evidentia_core-0.6.0/src/evidentia_core/catalogs/crosswalk.py

@@ -0,0 +1,162 @@
+"""Cross-framework mapping engine.
+
+Loads crosswalk definitions and provides bidirectional mapping between
+framework controls. The mapping graph is built at startup and cached
+for fast lookups during gap analysis.
+"""
+
+from __future__ import annotations
+
+import json
+import logging
+from pathlib import Path
+
+from evidentia_core.models.catalog import (
+    CrosswalkDefinition,
+    FrameworkMapping,
+)
+
+logger = logging.getLogger(__name__)
+
+MAPPINGS_DIR = Path(__file__).parent / "data" / "mappings"
+
+
+class CrosswalkEngine:
+    """Bidirectional cross-framework control mapping engine.
+
+    Loads all available crosswalk definitions and builds an in-memory
+    mapping graph for fast lookups.
+    """
+
+    def __init__(self, mappings_dir: Path | None = None) -> None:
+        self._dir = mappings_dir or MAPPINGS_DIR
+        # Forward index: (source_fw, source_ctl, target_fw) → [FrameworkMapping]
+        self._forward: dict[tuple[str, str, str], list[FrameworkMapping]] = {}
+        # Reverse index built from each forward entry
+        self._reverse: dict[tuple[str, str, str], list[FrameworkMapping]] = {}
+        self._crosswalks: list[CrosswalkDefinition] = []
+
+    def load_all(self) -> None:
+        """Load all crosswalk JSON files from the mappings directory."""
+        if not self._dir.exists():
+            logger.warning("Mappings directory not found: %s", self._dir)
+            return
+
+        for json_file in sorted(self._dir.glob("*.json")):
+            self.load_crosswalk(json_file)
+
+        logger.info(
+            "Loaded %d crosswalks with %d total mappings",
+            len(self._crosswalks),
+            sum(len(c.mappings) for c in self._crosswalks),
+        )
+
+    def load_crosswalk(self, path: Path) -> CrosswalkDefinition:
+        """Load a single crosswalk definition and index it."""
+        with open(path, encoding="utf-8") as f:
+            data = json.load(f)
+
+        crosswalk = CrosswalkDefinition(**data)
+        self._crosswalks.append(crosswalk)
+
+        for mapping in crosswalk.mappings:
+            src_key = (
+                crosswalk.source_framework,
+                mapping.source_control_id.upper(),
+                crosswalk.target_framework,
+            )
+            self._forward.setdefault(src_key, []).append(mapping)
+
+            # Reverse mapping (swap source/target)
+            rev_mapping = FrameworkMapping(
+                source_control_id=mapping.target_control_id,
+                source_control_title=mapping.target_control_title,
+                target_control_id=mapping.source_control_id,
+                target_control_title=mapping.source_control_title,
+                relationship=mapping.relationship,
+                notes=mapping.notes,
+            )
+            rev_key = (
+                crosswalk.target_framework,
+                mapping.target_control_id.upper(),
+                crosswalk.source_framework,
+            )
+            self._reverse.setdefault(rev_key, []).append(rev_mapping)
+
+        return crosswalk
+
+    def get_mapped_controls(
+        self,
+        source_framework: str,
+        source_control_id: str,
+        target_framework: str,
+    ) -> list[FrameworkMapping]:
+        """Get controls in target_framework that map from source_control_id.
+
+        Checks both forward and reverse indexes.
+        """
+        ctl = source_control_id.strip().upper()
+
+        forward_key = (source_framework, ctl, target_framework)
+        forward_results = self._forward.get(forward_key, [])
+
+        reverse_key = (source_framework, ctl, target_framework)
+        reverse_results = self._reverse.get(reverse_key, [])
+
+        # Deduplicate by target_control_id
+        seen: set[str] = set()
+        results: list[FrameworkMapping] = []
+        for m in forward_results + reverse_results:
+            if m.target_control_id.upper() not in seen:
+                seen.add(m.target_control_id.upper())
+                results.append(m)
+
+        return results
+
+    def get_all_mapped_controls(
+        self,
+        framework: str,
+        control_id: str,
+    ) -> dict[str, list[FrameworkMapping]]:
+        """Get all controls across ALL frameworks that map to/from this control.
+
+        Returns a dict keyed by target framework ID.
+        """
+        ctl = control_id.strip().upper()
+        results: dict[str, list[FrameworkMapping]] = {}
+
+        for (src_fw, src_ctl, tgt_fw), mappings in self._forward.items():
+            if src_fw == framework and src_ctl == ctl:
+                results.setdefault(tgt_fw, []).extend(mappings)
+
+        for (src_fw, src_ctl, tgt_fw), mappings in self._reverse.items():
+            if src_fw == framework and src_ctl == ctl:
+                results.setdefault(tgt_fw, []).extend(mappings)
+
+        return results
+
+    def get_cross_framework_value(
+        self,
+        framework: str,
+        control_id: str,
+    ) -> list[str]:
+        """Get a flat list of 'framework:control_id' pairs that this control maps to.
+
+        Used for gap prioritization — controls that satisfy more frameworks
+        are higher value to implement.
+        """
+        all_mappings = self.get_all_mapped_controls(framework, control_id)
+        result: list[str] = []
+        for target_fw, mappings in all_mappings.items():
+            for m in mappings:
+                result.append(f"{target_fw}:{m.target_control_id}")
+        return result
+
+    @property
+    def available_frameworks(self) -> set[str]:
+        """All framework IDs that appear in loaded crosswalks."""
+        frameworks: set[str] = set()
+        for crosswalk in self._crosswalks:
+            frameworks.add(crosswalk.source_framework)
+            frameworks.add(crosswalk.target_framework)
+        return frameworks