icdev 1.0.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- icdev/__init__.py +18 -0
- icdev/_paths.py +85 -0
- icdev/_version.py +3 -0
- icdev/data/__init__.py +1 -0
- icdev/data/args/__init__.py +1 -0
- icdev/data/args/agent_authority.yaml +61 -0
- icdev/data/args/agent_config.yaml +355 -0
- icdev/data/args/agentic_fitness.yaml +31 -0
- icdev/data/args/ai_governance_config.yaml +137 -0
- icdev/data/args/atlas_critique_config.yaml +66 -0
- icdev/data/args/bedrock_models.yaml +63 -0
- icdev/data/args/cicd_config.yaml +82 -0
- icdev/data/args/classification_config.yaml +232 -0
- icdev/data/args/cli_config.yaml +154 -0
- icdev/data/args/cloud_config.yaml +63 -0
- icdev/data/args/code_pattern_config.yaml +151 -0
- icdev/data/args/code_quality_config.yaml +47 -0
- icdev/data/args/companion_registry.yaml +202 -0
- icdev/data/args/context_config.yaml +82 -0
- icdev/data/args/csp_monitor_config.yaml +268 -0
- icdev/data/args/cui_markings.yaml +35 -0
- icdev/data/args/db_config.yaml +40 -0
- icdev/data/args/deployment_profiles.yaml +248 -0
- icdev/data/args/dev_profile_config.yaml +144 -0
- icdev/data/args/devsecops_config.yaml +286 -0
- icdev/data/args/endpoint_security_config.yaml +137 -0
- icdev/data/args/extension_config.yaml +79 -0
- icdev/data/args/file_access_tiers.yaml +88 -0
- icdev/data/args/framework_registry.yaml +415 -0
- icdev/data/args/innovation_config.yaml +431 -0
- icdev/data/args/installation_manifest.yaml +1087 -0
- icdev/data/args/llm_config.yaml +495 -0
- icdev/data/args/maintenance_config.yaml +55 -0
- icdev/data/args/memory_config.yaml +83 -0
- icdev/data/args/monitoring_config.yaml +127 -0
- icdev/data/args/mosa_config.yaml +190 -0
- icdev/data/args/nlq_config.yaml +35 -0
- icdev/data/args/observability_config.yaml +39 -0
- icdev/data/args/observability_tracing_config.yaml +170 -0
- icdev/data/args/oscal_tools_config.yaml +43 -0
- icdev/data/args/owasp_agentic_config.yaml +171 -0
- icdev/data/args/phase_registry.yaml +618 -0
- icdev/data/args/project_defaults.yaml +235 -0
- icdev/data/args/prompt_chains.yaml +163 -0
- icdev/data/args/resilience_config.yaml +50 -0
- icdev/data/args/ricoas_config.yaml +191 -0
- icdev/data/args/role_personas.yaml +362 -0
- icdev/data/args/scaling_config.yaml +176 -0
- icdev/data/args/security_gates.yaml +685 -0
- icdev/data/args/skill_injection_config.yaml +322 -0
- icdev/data/args/spec_config.yaml +53 -0
- icdev/data/args/supply_chain_config.yaml +76 -0
- icdev/data/args/translation_config.yaml +228 -0
- icdev/data/args/workflow_templates/ato_acceleration.yaml +54 -0
- icdev/data/args/workflow_templates/build_deploy.yaml +63 -0
- icdev/data/args/workflow_templates/full_compliance.yaml +43 -0
- icdev/data/args/workflow_templates/security_hardening.yaml +55 -0
- icdev/data/args/worktree_config.yaml +34 -0
- icdev/data/args/zta_config.yaml +247 -0
- icdev/data/context/__init__.py +1 -0
- icdev/data/context/agent/__init__.py +1 -0
- icdev/data/context/agent/response_schemas/__init__.py +1 -0
- icdev/data/context/agent/response_schemas/debate_position.json +46 -0
- icdev/data/context/agent/response_schemas/fitness_scorecard.json +74 -0
- icdev/data/context/agent/response_schemas/review_decision.json +39 -0
- icdev/data/context/agent/response_schemas/task_decomposition.json +82 -0
- icdev/data/context/agent/response_schemas/veto_decision.json +40 -0
- icdev/data/context/agentic/__init__.py +1 -0
- icdev/data/context/agentic/architecture_patterns.md +269 -0
- icdev/data/context/agentic/capability_registry.yaml +202 -0
- icdev/data/context/agentic/csp_mcp_registry.yaml +280 -0
- icdev/data/context/agentic/fitness_rubric.md +56 -0
- icdev/data/context/agentic/governance_baseline.md +205 -0
- icdev/data/context/ci/__init__.py +1 -0
- icdev/data/context/ci/worktree_templates.json +44 -0
- icdev/data/context/cloud/__init__.py +1 -0
- icdev/data/context/cloud/csp_service_registry.json +739 -0
- icdev/data/context/compliance/__init__.py +1 -0
- icdev/data/context/compliance/atlas_mitigations.json +293 -0
- icdev/data/context/compliance/atlas_techniques.json +833 -0
- icdev/data/context/compliance/cisa_sbd_requirements.json +432 -0
- icdev/data/context/compliance/cjis_security_policy.json +522 -0
- icdev/data/context/compliance/cmmc_practices.json +2494 -0
- icdev/data/context/compliance/cmmc_report_template.md +142 -0
- icdev/data/context/compliance/cnssi_1253_overlay.json +109 -0
- icdev/data/context/compliance/control_crosswalk.json +1914 -0
- icdev/data/context/compliance/control_families/__init__.py +1 -0
- icdev/data/context/compliance/csp_certifications.json +251 -0
- icdev/data/context/compliance/cssp_report_template.md +193 -0
- icdev/data/context/compliance/cui_templates/__init__.py +1 -0
- icdev/data/context/compliance/cui_templates/banner_block.txt +4 -0
- icdev/data/context/compliance/cui_templates/code_header.txt +8 -0
- icdev/data/context/compliance/cui_templates/document_template.md +35 -0
- icdev/data/context/compliance/data_type_framework_map.json +321 -0
- icdev/data/context/compliance/data_type_registry.json +147 -0
- icdev/data/context/compliance/dod_cssp_8530.json +463 -0
- icdev/data/context/compliance/eu_ai_act_annex_iii.json +108 -0
- icdev/data/context/compliance/export_templates/__init__.py +1 -0
- icdev/data/context/compliance/export_templates/emass_controls.csv.j2 +4 -0
- icdev/data/context/compliance/export_templates/evidence_package.md.j2 +39 -0
- icdev/data/context/compliance/export_templates/executive_summary.md.j2 +55 -0
- icdev/data/context/compliance/export_templates/poam_tracking.csv.j2 +4 -0
- icdev/data/context/compliance/fedramp_20x_ksi_schemas.json +133 -0
- icdev/data/context/compliance/fedramp_high_baseline.json +4370 -0
- icdev/data/context/compliance/fedramp_moderate_baseline.json +2183 -0
- icdev/data/context/compliance/fedramp_report_template.md +181 -0
- icdev/data/context/compliance/fips_200_areas.json +362 -0
- icdev/data/context/compliance/gao_ai_accountability.json +262 -0
- icdev/data/context/compliance/hipaa_security_rule.json +720 -0
- icdev/data/context/compliance/hitrust_csf_v11.json +930 -0
- icdev/data/context/compliance/impact_level_profiles.json +251 -0
- icdev/data/context/compliance/incident_response_template.md +1110 -0
- icdev/data/context/compliance/iso27001_2022_controls.json +750 -0
- icdev/data/context/compliance/iso27001_nist_bridge.json +382 -0
- icdev/data/context/compliance/iso42001_controls.json +254 -0
- icdev/data/context/compliance/ivv_checklist_template.md +80 -0
- icdev/data/context/compliance/ivv_report_template.md +116 -0
- icdev/data/context/compliance/ivv_requirements.json +372 -0
- icdev/data/context/compliance/mosa_crosswalk.json +327 -0
- icdev/data/context/compliance/mosa_framework.json +250 -0
- icdev/data/context/compliance/narrative_templates/AC.md.j2 +101 -0
- icdev/data/context/compliance/narrative_templates/AU.md.j2 +106 -0
- icdev/data/context/compliance/narrative_templates/IA.md.j2 +104 -0
- icdev/data/context/compliance/narrative_templates/SC.md.j2 +102 -0
- icdev/data/context/compliance/narrative_templates/SI.md.j2 +111 -0
- icdev/data/context/compliance/narrative_templates/__init__.py +1 -0
- icdev/data/context/compliance/narrative_templates/default.md.j2 +50 -0
- icdev/data/context/compliance/narrative_templates/executive_summary.j2 +27 -0
- icdev/data/context/compliance/narrative_templates/poam_milestone.j2 +19 -0
- icdev/data/context/compliance/narrative_templates/ssp_section.j2 +11 -0
- icdev/data/context/compliance/nist_800_171_controls.json +1552 -0
- icdev/data/context/compliance/nist_800_207_crosswalk.json +399 -0
- icdev/data/context/compliance/nist_800_207_zta.json +258 -0
- icdev/data/context/compliance/nist_800_53.json +324 -0
- icdev/data/context/compliance/nist_ai_600_1_genai.json +326 -0
- icdev/data/context/compliance/nist_ai_rmf.json +206 -0
- icdev/data/context/compliance/nist_sp_800_60_types.json +1667 -0
- icdev/data/context/compliance/omb_m25_21_high_impact_ai.json +248 -0
- icdev/data/context/compliance/omb_m26_04_unbiased_ai.json +262 -0
- icdev/data/context/compliance/owasp_agentic_asi.json +133 -0
- icdev/data/context/compliance/owasp_agentic_threats.json +285 -0
- icdev/data/context/compliance/owasp_llm_top10.json +274 -0
- icdev/data/context/compliance/pci_dss_v4.json +510 -0
- icdev/data/context/compliance/poam_template.md +117 -0
- icdev/data/context/compliance/safeai_controls.json +512 -0
- icdev/data/context/compliance/sbd_report_template.md +77 -0
- icdev/data/context/compliance/siem_config_templates/__init__.py +1 -0
- icdev/data/context/compliance/siem_config_templates/filebeat.yml +213 -0
- icdev/data/context/compliance/siem_config_templates/log_sources.json +208 -0
- icdev/data/context/compliance/soc2_trust_criteria.json +661 -0
- icdev/data/context/compliance/ssp_template.md +432 -0
- icdev/data/context/compliance/stig_templates/__init__.py +1 -0
- icdev/data/context/compliance/stig_templates/webapp_stig.json +139 -0
- icdev/data/context/compliance/xai_requirements.json +108 -0
- icdev/data/context/dashboard/__init__.py +1 -0
- icdev/data/context/dashboard/nlq_examples.json +50 -0
- icdev/data/context/dashboard/schema_descriptions.json +23 -0
- icdev/data/context/integration/__init__.py +1 -0
- icdev/data/context/integration/approval_workflows.json +32 -0
- icdev/data/context/integration/gitlab_field_mappings.json +33 -0
- icdev/data/context/integration/jira_field_mappings.json +32 -0
- icdev/data/context/integration/reqif_export_schema.json +23 -0
- icdev/data/context/integration/servicenow_field_mappings.json +22 -0
- icdev/data/context/languages/__init__.py +1 -0
- icdev/data/context/languages/framework_patterns.json +205 -0
- icdev/data/context/languages/language_registry.json +279 -0
- icdev/data/context/llm/__init__.py +1 -0
- icdev/data/context/llm/example_provider.py +86 -0
- icdev/data/context/mbse/__init__.py +1 -0
- icdev/data/context/mbse/des_report_template.md +162 -0
- icdev/data/context/mbse/des_requirements.json +411 -0
- icdev/data/context/mbse/digital_thread_patterns.json +403 -0
- icdev/data/context/mbse/reqif_schema.json +280 -0
- icdev/data/context/mbse/sysml_element_types.json +432 -0
- icdev/data/context/modernization/__init__.py +1 -0
- icdev/data/context/modernization/db_type_mappings.json +148 -0
- icdev/data/context/modernization/decomposition_patterns.json +284 -0
- icdev/data/context/modernization/framework_migration_patterns.json +359 -0
- icdev/data/context/modernization/migration_report_template.md +168 -0
- icdev/data/context/modernization/seven_rs_catalog.json +369 -0
- icdev/data/context/modernization/version_upgrade_rules.json +279 -0
- icdev/data/context/oscal/NIST_SP-800-53_rev5_catalog.json +254987 -0
- icdev/data/context/oscal/README.md +43 -0
- icdev/data/context/patterns/__init__.py +1 -0
- icdev/data/context/profiles/__init__.py +1 -0
- icdev/data/context/profiles/dod_baseline_v1.yaml +145 -0
- icdev/data/context/profiles/fedramp_baseline_v1.yaml +143 -0
- icdev/data/context/profiles/financial_baseline_v1.yaml +142 -0
- icdev/data/context/profiles/healthcare_baseline_v1.yaml +135 -0
- icdev/data/context/profiles/law_enforcement_v1.yaml +129 -0
- icdev/data/context/profiles/startup_v1.yaml +134 -0
- icdev/data/context/requirements/__init__.py +1 -0
- icdev/data/context/requirements/ambiguity_patterns.json +97 -0
- icdev/data/context/requirements/boundary_impact_rules.json +123 -0
- icdev/data/context/requirements/default_constitutions.json +67 -0
- icdev/data/context/requirements/document_extraction_rules.json +58 -0
- icdev/data/context/requirements/gap_patterns.json +108 -0
- icdev/data/context/requirements/readiness_rubric.json +78 -0
- icdev/data/context/requirements/red_alternative_patterns.json +210 -0
- icdev/data/context/requirements/safe_templates.json +72 -0
- icdev/data/context/requirements/spec_quality_checklist.json +122 -0
- icdev/data/context/simulation/__init__.py +1 -0
- icdev/data/context/simulation/architecture_patterns.json +36 -0
- icdev/data/context/simulation/coa_templates.json +38 -0
- icdev/data/context/simulation/cost_models.json +23 -0
- icdev/data/context/simulation/risk_categories.json +46 -0
- icdev/data/context/supply_chain/__init__.py +1 -0
- icdev/data/context/supply_chain/isa_templates.json +129 -0
- icdev/data/context/supply_chain/nist_800_161_controls.json +247 -0
- icdev/data/context/supply_chain/scrm_risk_matrix.json +147 -0
- icdev/data/context/templates/__init__.py +1 -0
- icdev/data/context/templates/ansible/__init__.py +1 -0
- icdev/data/context/templates/ansible/playbooks/__init__.py +1 -0
- icdev/data/context/templates/ansible/roles/__init__.py +1 -0
- icdev/data/context/templates/gitlab_ci/__init__.py +1 -0
- icdev/data/context/templates/grafana/__init__.py +1 -0
- icdev/data/context/templates/kubernetes/__init__.py +1 -0
- icdev/data/context/templates/project/__init__.py +1 -0
- icdev/data/context/templates/project/api/__init__.py +1 -0
- icdev/data/context/templates/project/cli/__init__.py +1 -0
- icdev/data/context/templates/project/data_pipeline/__init__.py +1 -0
- icdev/data/context/templates/project/iac/__init__.py +1 -0
- icdev/data/context/templates/project/javascript_frontend/__init__.py +1 -0
- icdev/data/context/templates/project/javascript_frontend/src/__init__.py +1 -0
- icdev/data/context/templates/project/javascript_frontend/tests/__init__.py +1 -0
- icdev/data/context/templates/project/microservice/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/src/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/tests/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/tests/features/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/tests/steps/__init__.py +1 -0
- icdev/data/context/templates/terraform/__init__.py +1 -0
- icdev/data/context/templates/terraform/govcloud_base/__init__.py +1 -0
- icdev/data/context/templates/terraform/modules/__init__.py +1 -0
- icdev/data/context/tone/__init__.py +1 -0
- icdev/data/context/translation/dependency_mappings.json +186 -0
- icdev/data/context/translation/type_mappings.json +149 -0
- icdev/data/docs/README.md +187 -0
- icdev/data/docs/__init__.py +1 -0
- icdev/data/docs/admin/gateway-guide.md +338 -0
- icdev/data/docs/admin/marketplace-guide.md +396 -0
- icdev/data/docs/admin/monitoring-guide.md +509 -0
- icdev/data/docs/architecture/compliance-framework.md +764 -0
- icdev/data/docs/architecture/database-schema.md +689 -0
- icdev/data/docs/architecture/gotcha-framework.md +518 -0
- icdev/data/docs/architecture/multi-agent-system.md +603 -0
- icdev/data/docs/dx/README.md +106 -0
- icdev/data/docs/dx/__init__.py +1 -0
- icdev/data/docs/dx/ci-cd-integration.md +378 -0
- icdev/data/docs/dx/claude-code-guide.md +213 -0
- icdev/data/docs/dx/companion-guide.md +232 -0
- icdev/data/docs/dx/dev-profiles.md +309 -0
- icdev/data/docs/dx/icdev-yaml-spec.md +219 -0
- icdev/data/docs/dx/integration-tiers.md +279 -0
- icdev/data/docs/dx/llm-routing-guide.md +456 -0
- icdev/data/docs/dx/quickstart.md +192 -0
- icdev/data/docs/dx/sdk-reference.md +356 -0
- icdev/data/docs/dx/unified-mcp-setup.md +525 -0
- icdev/data/docs/features/__init__.py +1 -0
- icdev/data/docs/features/phase-01-gotcha-framework.md +249 -0
- icdev/data/docs/features/phase-02-atlas-build-workflow.md +223 -0
- icdev/data/docs/features/phase-03-tdd-bdd-testing.md +261 -0
- icdev/data/docs/features/phase-04-nist-compliance.md +255 -0
- icdev/data/docs/features/phase-05-security-scanning.md +229 -0
- icdev/data/docs/features/phase-06-infrastructure-deployment.md +288 -0
- icdev/data/docs/features/phase-07-code-review-gates.md +276 -0
- icdev/data/docs/features/phase-08-self-healing.md +223 -0
- icdev/data/docs/features/phase-09-monitoring-observability.md +230 -0
- icdev/data/docs/features/phase-10-dashboard-web-ui.md +218 -0
- icdev/data/docs/features/phase-11-multi-agent-architecture.md +272 -0
- icdev/data/docs/features/phase-12-integration-testing.md +228 -0
- icdev/data/docs/features/phase-13-cicd-integration.md +257 -0
- icdev/data/docs/features/phase-14-secure-by-design-ivv.md +240 -0
- icdev/data/docs/features/phase-15-maintenance-audit.md +192 -0
- icdev/data/docs/features/phase-16-ato-acceleration.md +228 -0
- icdev/data/docs/features/phase-17-multi-framework-compliance.md +223 -0
- icdev/data/docs/features/phase-18-mbse-integration.md +242 -0
- icdev/data/docs/features/phase-19-agentic-generation.md +202 -0
- icdev/data/docs/features/phase-20-fips-security-categorization.md +198 -0
- icdev/data/docs/features/phase-21-saas-multi-tenancy.md +273 -0
- icdev/data/docs/features/phase-22-federated-gotcha-marketplace.md +242 -0
- icdev/data/docs/features/phase-23-universal-compliance-platform.md +238 -0
- icdev/data/docs/features/phase-24-devsecops-pipeline-security.md +198 -0
- icdev/data/docs/features/phase-25-zero-trust-architecture.md +220 -0
- icdev/data/docs/features/phase-26-dod-mosa.md +205 -0
- icdev/data/docs/features/phase-27-cli-capabilities.md +222 -0
- icdev/data/docs/features/phase-28-remote-command-gateway.md +235 -0
- icdev/data/docs/features/phase-29-proactive-monitoring.md +212 -0
- icdev/data/docs/features/phase-30-dashboard-auth.md +215 -0
- icdev/data/docs/features/phase-31-dashboard-ux-low-impact.md +188 -0
- icdev/data/docs/features/phase-32-dashboard-ux-medium-impact.md +223 -0
- icdev/data/docs/features/phase-33-modular-installation.md +218 -0
- icdev/data/docs/features/phase-34-dev-profiles.md +239 -0
- icdev/data/docs/features/phase-35-innovation-engine.md +257 -0
- icdev/data/docs/features/phase-36-evolutionary-intelligence.md +351 -0
- icdev/data/docs/features/phase-37-mitre-atlas-integration.md +485 -0
- icdev/data/docs/features/phase-38-cloud-agnostic-architecture.md +1033 -0
- icdev/data/docs/features/phase-39-observability-operations.md +178 -0
- icdev/data/docs/features/phase-40-nlq-compliance-queries.md +176 -0
- icdev/data/docs/features/phase-41-parallel-cicd.md +169 -0
- icdev/data/docs/features/phase-42-framework-planning.md +177 -0
- icdev/data/docs/features/phase-43-cross-language-translation.md +225 -0
- icdev/data/docs/features/phase-44-innovation-adaptation.md +227 -0
- icdev/data/docs/features/phase-45-owasp-agentic-security.md +239 -0
- icdev/data/docs/features/phase-46-observability-traceability-xai.md +240 -0
- icdev/data/docs/features/phase-47-unified-mcp-gateway.md +257 -0
- icdev/data/docs/features/phase-48-ai-transparency.md +203 -0
- icdev/data/docs/features/phase-49-ai-accountability.md +243 -0
- icdev/data/docs/features/phase-50-ai-governance-intake-chat.md +195 -0
- icdev/data/docs/features/phase-51-unified-chat-dashboard.md +240 -0
- icdev/data/docs/features/phase-52-code-intelligence.md +244 -0
- icdev/data/docs/features/phase-53-fedramp-20x-owasp-asi.md +359 -0
- icdev/data/docs/features/phase-54-slsa-swft-orchestration.md +379 -0
- icdev/data/docs/features/phase-55-a2a-v03-mcp-oauth.md +322 -0
- icdev/data/docs/features/phase-56-evidence-lineage.md +352 -0
- icdev/data/docs/features/phase-57-eu-ai-act-iron-bank.md +319 -0
- icdev/data/docs/features/phase-58-creative-engine.md +370 -0
- icdev/data/docs/features/phase-59-govcon-intelligence.md +535 -0
- icdev/data/docs/features/phase-60-cpmp.md +528 -0
- icdev/data/docs/features/phase-61-orchestration-improvements.md +534 -0
- icdev/data/docs/operations/dashboard-guide.md +354 -0
- icdev/data/docs/operations/deployment-guide.md +556 -0
- icdev/data/docs/operations/saas-admin-guide.md +439 -0
- icdev/data/docs/operations/security-operations-guide.md +733 -0
- icdev/data/docs/runbooks/backup-restore.md +412 -0
- icdev/data/docs/runbooks/troubleshooting.md +499 -0
- icdev/data/features/__init__.py +1 -0
- icdev/data/features/cicd_integration.feature +41 -0
- icdev/data/features/compliance_gates.feature +46 -0
- icdev/data/features/dashboard.feature +72 -0
- icdev/data/features/environment.py +25 -0
- icdev/data/features/project_management.feature +32 -0
- icdev/data/features/requirements_intake.feature +42 -0
- icdev/data/features/saas_platform.feature +53 -0
- icdev/data/features/security_scanning.feature +36 -0
- icdev/data/features/steps/__init__.py +1 -0
- icdev/data/features/steps/cicd_steps.py +465 -0
- icdev/data/features/steps/compliance_steps.py +308 -0
- icdev/data/features/steps/dashboard_steps.py +88 -0
- icdev/data/features/steps/project_steps.py +126 -0
- icdev/data/features/steps/requirements_intake_steps.py +689 -0
- icdev/data/features/steps/saas_platform_steps.py +572 -0
- icdev/data/features/steps/security_steps.py +236 -0
- icdev/data/features/steps/testing_steps.py +226 -0
- icdev/data/features/testing_pipeline.feature +42 -0
- icdev/data/goals/__init__.py +1 -0
- icdev/data/goals/agent_management.md +144 -0
- icdev/data/goals/agentic_generation.md +345 -0
- icdev/data/goals/agentic_threat_model.md +309 -0
- icdev/data/goals/ai_accountability.md +90 -0
- icdev/data/goals/ai_governance_intake.md +132 -0
- icdev/data/goals/ai_transparency.md +76 -0
- icdev/data/goals/atlas_integration.md +405 -0
- icdev/data/goals/ato_acceleration.md +139 -0
- icdev/data/goals/boundary_supply_chain.md +206 -0
- icdev/data/goals/build_app.md +544 -0
- icdev/data/goals/cicd_integration.md +86 -0
- icdev/data/goals/claude_dir_maintenance.md +77 -0
- icdev/data/goals/cli_capabilities.md +340 -0
- icdev/data/goals/cloud_agnostic.md +312 -0
- icdev/data/goals/code_intelligence.md +197 -0
- icdev/data/goals/code_review.md +94 -0
- icdev/data/goals/compliance_workflow.md +858 -0
- icdev/data/goals/continuous_harmonization.md +140 -0
- icdev/data/goals/cross_language_translation.md +171 -0
- icdev/data/goals/dashboard.md +142 -0
- icdev/data/goals/deploy_workflow.md +390 -0
- icdev/data/goals/devsecops_workflow.md +408 -0
- icdev/data/goals/evolutionary_intelligence.md +305 -0
- icdev/data/goals/external_integration.md +113 -0
- icdev/data/goals/framework_planning.md +63 -0
- icdev/data/goals/init_project.md +235 -0
- icdev/data/goals/innovation_engine.md +199 -0
- icdev/data/goals/integration_testing.md +189 -0
- icdev/data/goals/maintenance_audit.md +196 -0
- icdev/data/goals/manifest.md +56 -0
- icdev/data/goals/mbse_integration.md +504 -0
- icdev/data/goals/modernization_workflow.md +618 -0
- icdev/data/goals/monitoring.md +126 -0
- icdev/data/goals/mosa_workflow.md +463 -0
- icdev/data/goals/multi_agent_orchestration.md +68 -0
- icdev/data/goals/nlq_compliance.md +63 -0
- icdev/data/goals/observability.md +64 -0
- icdev/data/goals/observability_traceability_xai.md +154 -0
- icdev/data/goals/owasp_agentic_security.md +395 -0
- icdev/data/goals/parallel_cicd.md +61 -0
- icdev/data/goals/requirements_intake.md +213 -0
- icdev/data/goals/sbd_ivv_workflow.md +195 -0
- icdev/data/goals/security_categorization.md +133 -0
- icdev/data/goals/security_scan.md +381 -0
- icdev/data/goals/self_healing.md +120 -0
- icdev/data/goals/simulation_engine.md +111 -0
- icdev/data/goals/tdd_workflow.md +403 -0
- icdev/data/goals/zero_trust_architecture.md +403 -0
- icdev/data/hardprompts/__init__.py +1 -0
- icdev/data/hardprompts/agent/__init__.py +1 -0
- icdev/data/hardprompts/agent/agentic_architect.md +100 -0
- icdev/data/hardprompts/agent/debate_prompt.md +32 -0
- icdev/data/hardprompts/agent/fitness_evaluation.md +48 -0
- icdev/data/hardprompts/agent/governance_review.md +214 -0
- icdev/data/hardprompts/agent/reviewer_prompt.md +34 -0
- icdev/data/hardprompts/agent/skill_design.md +172 -0
- icdev/data/hardprompts/agent/task_decomposition.md +275 -0
- icdev/data/hardprompts/agent/veto_check_prompt.md +33 -0
- icdev/data/hardprompts/architect/__init__.py +1 -0
- icdev/data/hardprompts/architect/api_design.md +283 -0
- icdev/data/hardprompts/architect/data_model.md +277 -0
- icdev/data/hardprompts/architect/system_design.md +180 -0
- icdev/data/hardprompts/builder/__init__.py +1 -0
- icdev/data/hardprompts/builder/code_generation.md +59 -0
- icdev/data/hardprompts/builder/refactor.md +58 -0
- icdev/data/hardprompts/builder/scaffold_project.md +69 -0
- icdev/data/hardprompts/builder/test_generation.md +87 -0
- icdev/data/hardprompts/ci/__init__.py +1 -0
- icdev/data/hardprompts/ci/worktree_setup.md +35 -0
- icdev/data/hardprompts/compliance/__init__.py +1 -0
- icdev/data/hardprompts/compliance/cmmc_assessment.md +63 -0
- icdev/data/hardprompts/compliance/cssp_assessment.md +75 -0
- icdev/data/hardprompts/compliance/cui_marking.md +86 -0
- icdev/data/hardprompts/compliance/fedramp_assessment.md +55 -0
- icdev/data/hardprompts/compliance/ivv_assessment.md +96 -0
- icdev/data/hardprompts/compliance/poam_generation.md +57 -0
- icdev/data/hardprompts/compliance/sbd_assessment.md +101 -0
- icdev/data/hardprompts/compliance/security_categorization.md +74 -0
- icdev/data/hardprompts/compliance/ssp_generation.md +56 -0
- icdev/data/hardprompts/compliance/stig_evaluation.md +63 -0
- icdev/data/hardprompts/dashboard/__init__.py +1 -0
- icdev/data/hardprompts/dashboard/nlq_system_prompt.md +26 -0
- icdev/data/hardprompts/infra/__init__.py +1 -0
- icdev/data/hardprompts/infra/k8s_manifests.md +118 -0
- icdev/data/hardprompts/infra/pipeline_generation.md +160 -0
- icdev/data/hardprompts/infra/terraform_generation.md +92 -0
- icdev/data/hardprompts/integration/__init__.py +1 -0
- icdev/data/hardprompts/integration/approval_review.md +17 -0
- icdev/data/hardprompts/integration/jira_mapping.md +25 -0
- icdev/data/hardprompts/integration/servicenow_mapping.md +14 -0
- icdev/data/hardprompts/knowledge/__init__.py +1 -0
- icdev/data/hardprompts/knowledge/pattern_detection.md +73 -0
- icdev/data/hardprompts/knowledge/recommendation_engine.md +90 -0
- icdev/data/hardprompts/knowledge/root_cause_analysis.md +91 -0
- icdev/data/hardprompts/maintenance/__init__.py +1 -0
- icdev/data/hardprompts/maintenance/maintenance_assessment.md +82 -0
- icdev/data/hardprompts/mbse/__init__.py +1 -0
- icdev/data/hardprompts/mbse/digital_thread.md +67 -0
- icdev/data/hardprompts/mbse/model_import.md +62 -0
- icdev/data/hardprompts/mbse/model_to_code.md +65 -0
- icdev/data/hardprompts/modernization/__init__.py +1 -0
- icdev/data/hardprompts/modernization/legacy_analysis.md +93 -0
- icdev/data/hardprompts/modernization/migration_planning.md +150 -0
- icdev/data/hardprompts/modernization/seven_r_assessment.md +107 -0
- icdev/data/hardprompts/requirements/__init__.py +1 -0
- icdev/data/hardprompts/requirements/bdd_generation.md +35 -0
- icdev/data/hardprompts/requirements/clarification_prioritization.md +29 -0
- icdev/data/hardprompts/requirements/decomposition.md +60 -0
- icdev/data/hardprompts/requirements/document_extraction.md +45 -0
- icdev/data/hardprompts/requirements/gap_detection.md +70 -0
- icdev/data/hardprompts/requirements/intake_conversation.md +101 -0
- icdev/data/hardprompts/requirements/readiness_assessment.md +39 -0
- icdev/data/hardprompts/requirements/spec_quality.md +33 -0
- icdev/data/hardprompts/requirements/traceability_analysis.md +23 -0
- icdev/data/hardprompts/security/__init__.py +1 -0
- icdev/data/hardprompts/security/endpoint_security.md +78 -0
- icdev/data/hardprompts/security/threat_model.md +70 -0
- icdev/data/hardprompts/security/vulnerability_assessment.md +81 -0
- icdev/data/hardprompts/simulation/__init__.py +1 -0
- icdev/data/hardprompts/simulation/architecture_impact.md +27 -0
- icdev/data/hardprompts/simulation/coa_alternative.md +27 -0
- icdev/data/hardprompts/simulation/coa_generation.md +25 -0
- icdev/data/hardprompts/simulation/compliance_impact.md +28 -0
- icdev/data/hardprompts/simulation/cost_estimation.md +33 -0
- icdev/data/hardprompts/simulation/risk_assessment.md +28 -0
- icdev/data/hardprompts/translation/code_translation.md +68 -0
- icdev/data/hardprompts/translation/dependency_suggestion.md +44 -0
- icdev/data/hardprompts/translation/test_translation.md +64 -0
- icdev/data/hardprompts/translation/translation_repair.md +59 -0
- icdev/py.typed +0 -0
- icdev/tools/__init__.py +1 -0
- icdev/tools/_gen_formatter.py +12 -0
- icdev/tools/a2a/__init__.py +1 -0
- icdev/tools/a2a/agent_cards/architect.json +43 -0
- icdev/tools/a2a/agent_cards/builder.json +50 -0
- icdev/tools/a2a/agent_cards/compliance.json +57 -0
- icdev/tools/a2a/agent_cards/devsecops.json +71 -0
- icdev/tools/a2a/agent_cards/infra.json +57 -0
- icdev/tools/a2a/agent_cards/integration.json +57 -0
- icdev/tools/a2a/agent_cards/knowledge.json +43 -0
- icdev/tools/a2a/agent_cards/mbse.json +57 -0
- icdev/tools/a2a/agent_cards/modernization.json +50 -0
- icdev/tools/a2a/agent_cards/monitor.json +43 -0
- icdev/tools/a2a/agent_cards/orchestrator.json +36 -0
- icdev/tools/a2a/agent_cards/requirements_analyst.json +64 -0
- icdev/tools/a2a/agent_cards/security.json +50 -0
- icdev/tools/a2a/agent_cards/simulation.json +57 -0
- icdev/tools/a2a/agent_cards/supply_chain.json +50 -0
- icdev/tools/a2a/agent_client.py +349 -0
- icdev/tools/a2a/agent_registry.py +412 -0
- icdev/tools/a2a/agent_server.py +579 -0
- icdev/tools/a2a/task.py +200 -0
- icdev/tools/agent/__init__.py +2 -0
- icdev/tools/agent/a2a_agent_card_generator.py +285 -0
- icdev/tools/agent/a2a_discovery_server.py +250 -0
- icdev/tools/agent/agent_executor.py +529 -0
- icdev/tools/agent/agent_memory.py +557 -0
- icdev/tools/agent/agent_models.py +51 -0
- icdev/tools/agent/atlas_critique.py +908 -0
- icdev/tools/agent/authority.py +443 -0
- icdev/tools/agent/bedrock_client.py +1075 -0
- icdev/tools/agent/collaboration.py +871 -0
- icdev/tools/agent/dispatcher_mode.py +665 -0
- icdev/tools/agent/mailbox.py +575 -0
- icdev/tools/agent/prompt_chain_executor.py +1064 -0
- icdev/tools/agent/session_purpose.py +350 -0
- icdev/tools/agent/skill_router.py +638 -0
- icdev/tools/agent/skill_selector.py +486 -0
- icdev/tools/agent/team_orchestrator.py +1108 -0
- icdev/tools/agent/token_tracker.py +290 -0
- icdev/tools/analysis/__init__.py +1 -0
- icdev/tools/analysis/code_analyzer.py +780 -0
- icdev/tools/analysis/runtime_feedback.py +389 -0
- icdev/tools/audit/__init__.py +1 -0
- icdev/tools/audit/audit_logger.py +196 -0
- icdev/tools/audit/audit_query.py +157 -0
- icdev/tools/audit/decision_recorder.py +72 -0
- icdev/tools/builder/__init__.py +1 -0
- icdev/tools/builder/agentic_fitness.py +534 -0
- icdev/tools/builder/agentic_test_templates/test_a2a_callback.py +117 -0
- icdev/tools/builder/agentic_test_templates/test_a2a_lifecycle.feature +52 -0
- icdev/tools/builder/agentic_test_templates/test_agent_card.feature +37 -0
- icdev/tools/builder/agentic_test_templates/test_agent_health.py +128 -0
- icdev/tools/builder/agentic_test_templates/test_memory_system.feature +50 -0
- icdev/tools/builder/agentic_test_templates/test_skill_execution.feature +40 -0
- icdev/tools/builder/app_blueprint.py +1583 -0
- icdev/tools/builder/child_app_generator.py +2852 -0
- icdev/tools/builder/claude_md_generator.py +1734 -0
- icdev/tools/builder/code_generator.py +3703 -0
- icdev/tools/builder/db_init_generator.py +1709 -0
- icdev/tools/builder/dev_profile_manager.py +954 -0
- icdev/tools/builder/formatter.py +768 -0
- icdev/tools/builder/goal_adapter.py +592 -0
- icdev/tools/builder/gotcha_validator.py +812 -0
- icdev/tools/builder/language_support.py +441 -0
- icdev/tools/builder/linter.py +976 -0
- icdev/tools/builder/profile_detector.py +657 -0
- icdev/tools/builder/profile_md_generator.py +723 -0
- icdev/tools/builder/scaffolder.py +1590 -0
- icdev/tools/builder/scaffolder_extended.py +1771 -0
- icdev/tools/builder/test_writer.py +950 -0
- icdev/tools/ci/__init__.py +2 -0
- icdev/tools/ci/connectors/__init__.py +2 -0
- icdev/tools/ci/connectors/base_connector.py +80 -0
- icdev/tools/ci/connectors/connector_registry.py +188 -0
- icdev/tools/ci/connectors/mattermost_connector.py +159 -0
- icdev/tools/ci/connectors/slack_connector.py +197 -0
- icdev/tools/ci/core/__init__.py +2 -0
- icdev/tools/ci/core/air_gap_detector.py +115 -0
- icdev/tools/ci/core/comment_handler.py +192 -0
- icdev/tools/ci/core/conversation_manager.py +479 -0
- icdev/tools/ci/core/event_envelope.py +500 -0
- icdev/tools/ci/core/event_router.py +443 -0
- icdev/tools/ci/core/failure_parser.py +397 -0
- icdev/tools/ci/core/recovery_engine.py +527 -0
- icdev/tools/ci/modules/__init__.py +2 -0
- icdev/tools/ci/modules/agent.py +271 -0
- icdev/tools/ci/modules/git_ops.py +175 -0
- icdev/tools/ci/modules/state.py +117 -0
- icdev/tools/ci/modules/vcs.py +303 -0
- icdev/tools/ci/modules/workflow_ops.py +295 -0
- icdev/tools/ci/modules/worktree.py +340 -0
- icdev/tools/ci/pipeline_config_generator.py +558 -0
- icdev/tools/ci/triggers/__init__.py +2 -0
- icdev/tools/ci/triggers/gitlab_task_monitor.py +330 -0
- icdev/tools/ci/triggers/poll_trigger.py +237 -0
- icdev/tools/ci/triggers/webhook_server.py +356 -0
- icdev/tools/ci/workflows/__init__.py +2 -0
- icdev/tools/ci/workflows/icdev_build.py +140 -0
- icdev/tools/ci/workflows/icdev_comply.py +284 -0
- icdev/tools/ci/workflows/icdev_document.py +152 -0
- icdev/tools/ci/workflows/icdev_e2e.py +188 -0
- icdev/tools/ci/workflows/icdev_patch.py +186 -0
- icdev/tools/ci/workflows/icdev_plan.py +202 -0
- icdev/tools/ci/workflows/icdev_plan_build.py +41 -0
- icdev/tools/ci/workflows/icdev_plan_build_test.py +46 -0
- icdev/tools/ci/workflows/icdev_plan_build_test_review.py +47 -0
- icdev/tools/ci/workflows/icdev_review.py +126 -0
- icdev/tools/ci/workflows/icdev_sdlc.py +261 -0
- icdev/tools/ci/workflows/icdev_test.py +240 -0
- icdev/tools/cli/__init__.py +1 -0
- icdev/tools/cli/output_formatter.py +756 -0
- icdev/tools/cli_formatter.py +42 -0
- icdev/tools/cloud/__init__.py +11 -0
- icdev/tools/cloud/cloud_mode_manager.py +364 -0
- icdev/tools/cloud/csp_changelog.py +383 -0
- icdev/tools/cloud/csp_health_checker.py +268 -0
- icdev/tools/cloud/csp_monitor.py +951 -0
- icdev/tools/cloud/iam_provider.py +593 -0
- icdev/tools/cloud/kms_provider.py +346 -0
- icdev/tools/cloud/monitoring_provider.py +628 -0
- icdev/tools/cloud/provider_factory.py +376 -0
- icdev/tools/cloud/region_validator.py +345 -0
- icdev/tools/cloud/registry_provider.py +563 -0
- icdev/tools/cloud/secrets_provider.py +486 -0
- icdev/tools/cloud/storage_provider.py +446 -0
- icdev/tools/compat/__init__.py +21 -0
- icdev/tools/compat/cli_harmonizer.py +251 -0
- icdev/tools/compat/datetime_utils.py +18 -0
- icdev/tools/compat/db_utils.py +160 -0
- icdev/tools/compat/platform_utils.py +123 -0
- icdev/tools/compliance/__init__.py +1 -0
- icdev/tools/compliance/accountability_manager.py +397 -0
- icdev/tools/compliance/ai_accountability_audit.py +294 -0
- icdev/tools/compliance/ai_impact_assessor.py +273 -0
- icdev/tools/compliance/ai_incident_response.py +301 -0
- icdev/tools/compliance/ai_inventory_manager.py +239 -0
- icdev/tools/compliance/ai_reassessment_scheduler.py +256 -0
- icdev/tools/compliance/ai_transparency_audit.py +248 -0
- icdev/tools/compliance/atlas_assessor.py +278 -0
- icdev/tools/compliance/atlas_report_generator.py +1211 -0
- icdev/tools/compliance/base_assessor.py +597 -0
- icdev/tools/compliance/cato_monitor.py +1385 -0
- icdev/tools/compliance/cato_scheduler.py +699 -0
- icdev/tools/compliance/cjis_assessor.py +76 -0
- icdev/tools/compliance/classification_manager.py +1353 -0
- icdev/tools/compliance/cmmc_assessor.py +1491 -0
- icdev/tools/compliance/cmmc_report_generator.py +1100 -0
- icdev/tools/compliance/compliance_detector.py +463 -0
- icdev/tools/compliance/compliance_exporter.py +427 -0
- icdev/tools/compliance/compliance_status.py +825 -0
- icdev/tools/compliance/control_mapper.py +505 -0
- icdev/tools/compliance/crosswalk_engine.py +1203 -0
- icdev/tools/compliance/cssp_assessor.py +1045 -0
- icdev/tools/compliance/cssp_evidence_collector.py +729 -0
- icdev/tools/compliance/cssp_report_generator.py +1116 -0
- icdev/tools/compliance/cui_marker.py +388 -0
- icdev/tools/compliance/diagram_validator.py +600 -0
- icdev/tools/compliance/emass/__init__.py +2 -0
- icdev/tools/compliance/emass/emass_client.py +840 -0
- icdev/tools/compliance/emass/emass_export.py +777 -0
- icdev/tools/compliance/emass/emass_sync.py +826 -0
- icdev/tools/compliance/eu_ai_act_classifier.py +194 -0
- icdev/tools/compliance/evidence_collector.py +468 -0
- icdev/tools/compliance/fairness_assessor.py +316 -0
- icdev/tools/compliance/fedramp_assessor.py +1808 -0
- icdev/tools/compliance/fedramp_authorization_packager.py +137 -0
- icdev/tools/compliance/fedramp_ksi_generator.py +355 -0
- icdev/tools/compliance/fedramp_report_generator.py +1128 -0
- icdev/tools/compliance/fips199_categorizer.py +881 -0
- icdev/tools/compliance/fips200_validator.py +315 -0
- icdev/tools/compliance/gao_ai_assessor.py +231 -0
- icdev/tools/compliance/gao_evidence_builder.py +308 -0
- icdev/tools/compliance/hipaa_assessor.py +78 -0
- icdev/tools/compliance/hitrust_assessor.py +49 -0
- icdev/tools/compliance/incident_response_plan.py +718 -0
- icdev/tools/compliance/iso27001_assessor.py +92 -0
- icdev/tools/compliance/iso42001_assessor.py +114 -0
- icdev/tools/compliance/ivv_assessor.py +2327 -0
- icdev/tools/compliance/ivv_report_generator.py +1662 -0
- icdev/tools/compliance/model_card_generator.py +297 -0
- icdev/tools/compliance/mosa_assessor.py +117 -0
- icdev/tools/compliance/multi_regime_assessor.py +451 -0
- icdev/tools/compliance/narrative_generator.py +1013 -0
- icdev/tools/compliance/nist_800_207_assessor.py +191 -0
- icdev/tools/compliance/nist_ai_600_1_assessor.py +188 -0
- icdev/tools/compliance/nist_ai_rmf_assessor.py +110 -0
- icdev/tools/compliance/nist_lookup.py +245 -0
- icdev/tools/compliance/omb_m25_21_assessor.py +228 -0
- icdev/tools/compliance/omb_m26_04_assessor.py +188 -0
- icdev/tools/compliance/oscal_catalog_adapter.py +395 -0
- icdev/tools/compliance/oscal_generator.py +2170 -0
- icdev/tools/compliance/oscal_tools.py +1182 -0
- icdev/tools/compliance/owasp_agentic_assessor.py +226 -0
- icdev/tools/compliance/owasp_asi_assessor.py +200 -0
- icdev/tools/compliance/owasp_llm_assessor.py +244 -0
- icdev/tools/compliance/pci_dss_assessor.py +80 -0
- icdev/tools/compliance/pi_compliance_tracker.py +1461 -0
- icdev/tools/compliance/poam_generator.py +405 -0
- icdev/tools/compliance/resolve_marking.py +283 -0
- icdev/tools/compliance/sbd_assessor.py +2068 -0
- icdev/tools/compliance/sbd_report_generator.py +1236 -0
- icdev/tools/compliance/sbom_generator.py +1008 -0
- icdev/tools/compliance/siem_config_generator.py +674 -0
- icdev/tools/compliance/slsa_attestation_generator.py +490 -0
- icdev/tools/compliance/soc2_assessor.py +77 -0
- icdev/tools/compliance/ssp_generator.py +573 -0
- icdev/tools/compliance/stig_checker.py +727 -0
- icdev/tools/compliance/swft_evidence_bundler.py +337 -0
- icdev/tools/compliance/system_card_generator.py +309 -0
- icdev/tools/compliance/traceability_matrix.py +1281 -0
- icdev/tools/compliance/universal_classification_manager.py +1172 -0
- icdev/tools/compliance/xacta/__init__.py +2 -0
- icdev/tools/compliance/xacta/xacta_client.py +449 -0
- icdev/tools/compliance/xacta/xacta_export.py +557 -0
- icdev/tools/compliance/xacta/xacta_sync.py +333 -0
- icdev/tools/compliance/xai_assessor.py +231 -0
- icdev/tools/dashboard/__init__.py +1 -0
- icdev/tools/dashboard/api/__init__.py +1 -0
- icdev/tools/dashboard/api/_pipeline_state.py +17 -0
- icdev/tools/dashboard/api/activity.py +206 -0
- icdev/tools/dashboard/api/admin.py +176 -0
- icdev/tools/dashboard/api/agents.py +53 -0
- icdev/tools/dashboard/api/ai_accountability.py +163 -0
- icdev/tools/dashboard/api/ai_transparency.py +198 -0
- icdev/tools/dashboard/api/audit.py +58 -0
- icdev/tools/dashboard/api/batch.py +666 -0
- icdev/tools/dashboard/api/chat.py +241 -0
- icdev/tools/dashboard/api/cicd.py +219 -0
- icdev/tools/dashboard/api/code_quality.py +223 -0
- icdev/tools/dashboard/api/compliance.py +171 -0
- icdev/tools/dashboard/api/cpmp.py +915 -0
- icdev/tools/dashboard/api/diagrams.py +65 -0
- icdev/tools/dashboard/api/events.py +250 -0
- icdev/tools/dashboard/api/evidence.py +99 -0
- icdev/tools/dashboard/api/fedramp_20x.py +77 -0
- icdev/tools/dashboard/api/govcon.py +1095 -0
- icdev/tools/dashboard/api/intake.py +1171 -0
- icdev/tools/dashboard/api/lineage.py +163 -0
- icdev/tools/dashboard/api/metrics.py +155 -0
- icdev/tools/dashboard/api/nlq.py +72 -0
- icdev/tools/dashboard/api/orchestration.py +472 -0
- icdev/tools/dashboard/api/oscal.py +183 -0
- icdev/tools/dashboard/api/prod_audit.py +183 -0
- icdev/tools/dashboard/api/projects.py +191 -0
- icdev/tools/dashboard/api/proposals.py +1084 -0
- icdev/tools/dashboard/api/traces.py +363 -0
- icdev/tools/dashboard/api/usage.py +234 -0
- icdev/tools/dashboard/app.py +1986 -0
- icdev/tools/dashboard/auth.py +500 -0
- icdev/tools/dashboard/byok.py +245 -0
- icdev/tools/dashboard/chat_manager.py +675 -0
- icdev/tools/dashboard/config.py +116 -0
- icdev/tools/dashboard/diagram_definitions.py +642 -0
- icdev/tools/dashboard/nlq_processor.py +323 -0
- icdev/tools/dashboard/phase_loader.py +136 -0
- icdev/tools/dashboard/sse_manager.py +89 -0
- icdev/tools/dashboard/state_tracker.py +267 -0
- icdev/tools/dashboard/static/css/style.css +706 -0
- icdev/tools/dashboard/static/css/ux.css +2047 -0
- icdev/tools/dashboard/static/js/activity.js +322 -0
- icdev/tools/dashboard/static/js/api.js +161 -0
- icdev/tools/dashboard/static/js/batch.js +814 -0
- icdev/tools/dashboard/static/js/charts.js +618 -0
- icdev/tools/dashboard/static/js/chat.js +1514 -0
- icdev/tools/dashboard/static/js/kanban.js +113 -0
- icdev/tools/dashboard/static/js/live.js +569 -0
- icdev/tools/dashboard/static/js/mermaid-icdev.js +332 -0
- icdev/tools/dashboard/static/js/proposals.js +588 -0
- icdev/tools/dashboard/static/js/shortcuts.js +544 -0
- icdev/tools/dashboard/static/js/tables.js +652 -0
- icdev/tools/dashboard/static/js/tour.js +524 -0
- icdev/tools/dashboard/static/js/ux.js +942 -0
- icdev/tools/dashboard/templates/404.html +10 -0
- icdev/tools/dashboard/templates/activity.html +80 -0
- icdev/tools/dashboard/templates/admin/users.html +144 -0
- icdev/tools/dashboard/templates/ai_accountability.html +235 -0
- icdev/tools/dashboard/templates/ai_transparency.html +263 -0
- icdev/tools/dashboard/templates/base.html +104 -0
- icdev/tools/dashboard/templates/batch.html +23 -0
- icdev/tools/dashboard/templates/chat.html +332 -0
- icdev/tools/dashboard/templates/children.html +149 -0
- icdev/tools/dashboard/templates/cicd.html +253 -0
- icdev/tools/dashboard/templates/code_quality.html +214 -0
- icdev/tools/dashboard/templates/cpmp/cor_detail.html +220 -0
- icdev/tools/dashboard/templates/cpmp/cor_portal.html +91 -0
- icdev/tools/dashboard/templates/cpmp/deliverable_detail.html +197 -0
- icdev/tools/dashboard/templates/cpmp/detail.html +578 -0
- icdev/tools/dashboard/templates/cpmp/portfolio.html +202 -0
- icdev/tools/dashboard/templates/dev_profiles.html +304 -0
- icdev/tools/dashboard/templates/diagrams.html +224 -0
- icdev/tools/dashboard/templates/events/timeline.html +232 -0
- icdev/tools/dashboard/templates/evidence.html +134 -0
- icdev/tools/dashboard/templates/fedramp_20x.html +207 -0
- icdev/tools/dashboard/templates/gateway.html +244 -0
- icdev/tools/dashboard/templates/govcon/capabilities.html +135 -0
- icdev/tools/dashboard/templates/govcon/pipeline.html +214 -0
- icdev/tools/dashboard/templates/govcon/requirements.html +120 -0
- icdev/tools/dashboard/templates/index.html +254 -0
- icdev/tools/dashboard/templates/lineage.html +141 -0
- icdev/tools/dashboard/templates/login.html +51 -0
- icdev/tools/dashboard/templates/monitoring/overview.html +193 -0
- icdev/tools/dashboard/templates/orchestration/dashboard.html +545 -0
- icdev/tools/dashboard/templates/oscal.html +263 -0
- icdev/tools/dashboard/templates/phases.html +150 -0
- icdev/tools/dashboard/templates/prod_audit.html +280 -0
- icdev/tools/dashboard/templates/profile.html +183 -0
- icdev/tools/dashboard/templates/projects/detail.html +583 -0
- icdev/tools/dashboard/templates/projects/list.html +47 -0
- icdev/tools/dashboard/templates/proposals/detail.html +1253 -0
- icdev/tools/dashboard/templates/proposals/list.html +179 -0
- icdev/tools/dashboard/templates/proposals/section_detail.html +193 -0
- icdev/tools/dashboard/templates/provenance.html +181 -0
- icdev/tools/dashboard/templates/query/nlq.html +234 -0
- icdev/tools/dashboard/templates/quick_paths.html +69 -0
- icdev/tools/dashboard/templates/traces.html +155 -0
- icdev/tools/dashboard/templates/translation_detail.html +199 -0
- icdev/tools/dashboard/templates/translations.html +162 -0
- icdev/tools/dashboard/templates/usage.html +225 -0
- icdev/tools/dashboard/templates/wizard.html +539 -0
- icdev/tools/dashboard/templates/xai.html +208 -0
- icdev/tools/dashboard/ux_helpers.py +962 -0
- icdev/tools/dashboard/websocket.py +81 -0
- icdev/tools/db/__init__.py +1 -0
- icdev/tools/db/backup.py +312 -0
- icdev/tools/db/backup_manager.py +832 -0
- icdev/tools/db/init_icdev_db.py +5900 -0
- icdev/tools/db/migrate.py +178 -0
- icdev/tools/db/migration_runner.py +549 -0
- icdev/tools/db/migrations/001_baseline/meta.json +9 -0
- icdev/tools/db/migrations/001_baseline/up.py +68 -0
- icdev/tools/db/migrations/002_memory_enhancements/down.sql +8 -0
- icdev/tools/db/migrations/002_memory_enhancements/meta.json +9 -0
- icdev/tools/db/migrations/002_memory_enhancements/up.py +118 -0
- icdev/tools/db/migrations/003_dev_profiles/meta.json +8 -0
- icdev/tools/db/migrations/003_dev_profiles/up.py +93 -0
- icdev/tools/db/migrations/004_innovation_engine/down.py +19 -0
- icdev/tools/db/migrations/004_innovation_engine/up.py +227 -0
- icdev/tools/db/migrations/005_phase_37_ai_security/down.py +19 -0
- icdev/tools/db/migrations/005_phase_37_ai_security/up.py +258 -0
- icdev/tools/db/migrations/006_phase_36_evolution/down.py +21 -0
- icdev/tools/db/migrations/006_phase_36_evolution/up.py +323 -0
- icdev/tools/db/migrations/007_phase_38_cloud/down.py +14 -0
- icdev/tools/db/migrations/007_phase_38_cloud/up.py +110 -0
- icdev/tools/db/migrations/008_phase36_37_integration/up.py +55 -0
- icdev/tools/db/migrations/__init__.py +2 -0
- icdev/tools/devsecops/__init__.py +2 -0
- icdev/tools/devsecops/attestation_manager.py +458 -0
- icdev/tools/devsecops/network_segmentation_generator.py +614 -0
- icdev/tools/devsecops/pdp_config_generator.py +1256 -0
- icdev/tools/devsecops/pipeline_security_generator.py +484 -0
- icdev/tools/devsecops/policy_generator.py +653 -0
- icdev/tools/devsecops/profile_manager.py +388 -0
- icdev/tools/devsecops/service_mesh_generator.py +1073 -0
- icdev/tools/devsecops/zta_maturity_scorer.py +368 -0
- icdev/tools/devsecops/zta_terraform_generator.py +1303 -0
- icdev/tools/dx/__init__.py +3 -0
- icdev/tools/dx/companion.py +266 -0
- icdev/tools/dx/instruction_generator.py +753 -0
- icdev/tools/dx/mcp_config_generator.py +282 -0
- icdev/tools/dx/skill_translator.py +425 -0
- icdev/tools/dx/tool_detector.py +144 -0
- icdev/tools/extensions/__init__.py +21 -0
- icdev/tools/extensions/builtins/010_ai_governance_chat.py +277 -0
- icdev/tools/extensions/builtins/__init__.py +2 -0
- icdev/tools/extensions/extension_manager.py +455 -0
- icdev/tools/infra/__init__.py +1 -0
- icdev/tools/infra/ansible_generator.py +869 -0
- icdev/tools/infra/dockerfile_generator.py +361 -0
- icdev/tools/infra/infra_status.py +393 -0
- icdev/tools/infra/ironbank_metadata_generator.py +411 -0
- icdev/tools/infra/k8s_generator.py +1002 -0
- icdev/tools/infra/pipeline_generator.py +832 -0
- icdev/tools/infra/rollback.py +400 -0
- icdev/tools/infra/terraform_generator.py +1142 -0
- icdev/tools/infra/terraform_generator_azure.py +1254 -0
- icdev/tools/infra/terraform_generator_gcp.py +953 -0
- icdev/tools/infra/terraform_generator_ibm.py +360 -0
- icdev/tools/infra/terraform_generator_oci.py +919 -0
- icdev/tools/infra/terraform_generator_onprem.py +319 -0
- icdev/tools/innovation/__init__.py +8 -0
- icdev/tools/innovation/competitive_intel.py +492 -0
- icdev/tools/innovation/innovation_manager.py +681 -0
- icdev/tools/innovation/introspective_analyzer.py +774 -0
- icdev/tools/innovation/register_external_patterns.py +440 -0
- icdev/tools/innovation/signal_ranker.py +1038 -0
- icdev/tools/innovation/solution_generator.py +697 -0
- icdev/tools/innovation/standards_monitor.py +466 -0
- icdev/tools/innovation/trend_detector.py +1046 -0
- icdev/tools/innovation/triage_engine.py +1149 -0
- icdev/tools/innovation/web_scanner.py +894 -0
- icdev/tools/installer/__init__.py +1 -0
- icdev/tools/installer/compliance_configurator.py +637 -0
- icdev/tools/installer/installer.py +1711 -0
- icdev/tools/installer/module_registry.py +805 -0
- icdev/tools/installer/platform_setup.py +961 -0
- icdev/tools/integration/__init__.py +2 -0
- icdev/tools/integration/approval_manager.py +561 -0
- icdev/tools/integration/doors_exporter.py +627 -0
- icdev/tools/integration/gitlab_connector.py +784 -0
- icdev/tools/integration/jira_connector.py +774 -0
- icdev/tools/integration/servicenow_connector.py +693 -0
- icdev/tools/knowledge/__init__.py +1 -0
- icdev/tools/knowledge/knowledge_ingest.py +293 -0
- icdev/tools/knowledge/pattern_detector.py +693 -0
- icdev/tools/knowledge/recommendation_engine.py +461 -0
- icdev/tools/knowledge/self_heal_analyzer.py +504 -0
- icdev/tools/llm/__init__.py +72 -0
- icdev/tools/llm/anthropic_provider.py +170 -0
- icdev/tools/llm/azure_openai_provider.py +338 -0
- icdev/tools/llm/bedrock_provider.py +315 -0
- icdev/tools/llm/embedding_provider.py +438 -0
- icdev/tools/llm/gemini_provider.py +381 -0
- icdev/tools/llm/ibm_watsonx_provider.py +232 -0
- icdev/tools/llm/oci_genai_provider.py +462 -0
- icdev/tools/llm/ollama_provider.py +340 -0
- icdev/tools/llm/openai_provider.py +225 -0
- icdev/tools/llm/provider.py +355 -0
- icdev/tools/llm/provider_sdk.py +175 -0
- icdev/tools/llm/router.py +780 -0
- icdev/tools/llm/vertex_ai_provider.py +374 -0
- icdev/tools/maintenance/__init__.py +2 -0
- icdev/tools/maintenance/dependency_scanner.py +1030 -0
- icdev/tools/maintenance/maintenance_auditor.py +815 -0
- icdev/tools/maintenance/remediation_engine.py +966 -0
- icdev/tools/maintenance/vulnerability_checker.py +987 -0
- icdev/tools/mbse/__init__.py +3 -0
- icdev/tools/mbse/des_assessor.py +1186 -0
- icdev/tools/mbse/des_report_generator.py +800 -0
- icdev/tools/mbse/diagram_extractor.py +811 -0
- icdev/tools/mbse/digital_thread.py +1665 -0
- icdev/tools/mbse/model_code_generator.py +1122 -0
- icdev/tools/mbse/model_control_mapper.py +420 -0
- icdev/tools/mbse/pi_model_tracker.py +1093 -0
- icdev/tools/mbse/reqif_parser.py +1483 -0
- icdev/tools/mbse/sync_engine.py +1805 -0
- icdev/tools/mbse/xmi_parser.py +1573 -0
- icdev/tools/mcp/__init__.py +1 -0
- icdev/tools/mcp/base_server.py +535 -0
- icdev/tools/mcp/builder_server.py +725 -0
- icdev/tools/mcp/compliance_server.py +1407 -0
- icdev/tools/mcp/context_indexer.py +199 -0
- icdev/tools/mcp/context_server.py +305 -0
- icdev/tools/mcp/core_server.py +679 -0
- icdev/tools/mcp/devsecops_server.py +432 -0
- icdev/tools/mcp/gap_handlers.py +1079 -0
- icdev/tools/mcp/gateway_server.py +339 -0
- icdev/tools/mcp/generate_registry.py +623 -0
- icdev/tools/mcp/infra_server.py +264 -0
- icdev/tools/mcp/innovation_server.py +316 -0
- icdev/tools/mcp/integration_server.py +527 -0
- icdev/tools/mcp/knowledge_server.py +429 -0
- icdev/tools/mcp/maintenance_server.py +248 -0
- icdev/tools/mcp/marketplace_server.py +499 -0
- icdev/tools/mcp/mbse_server.py +398 -0
- icdev/tools/mcp/modernization_server.py +496 -0
- icdev/tools/mcp/observability_server.py +354 -0
- icdev/tools/mcp/requirements_server.py +415 -0
- icdev/tools/mcp/simulation_server.py +468 -0
- icdev/tools/mcp/standalone/__init__.py +2 -0
- icdev/tools/mcp/standalone/builder.py +59 -0
- icdev/tools/mcp/standalone/compliance.py +59 -0
- icdev/tools/mcp/standalone/core.py +59 -0
- icdev/tools/mcp/standalone/knowledge.py +59 -0
- icdev/tools/mcp/standalone/maintenance.py +59 -0
- icdev/tools/mcp/supply_chain_server.py +476 -0
- icdev/tools/mcp/tool_registry.py +2008 -0
- icdev/tools/mcp/unified_server.py +158 -0
- icdev/tools/memory/__init__.py +2 -0
- icdev/tools/memory/auto_capture.py +347 -0
- icdev/tools/memory/embed_memory.py +158 -0
- icdev/tools/memory/history_compressor.py +334 -0
- icdev/tools/memory/hybrid_search.py +236 -0
- icdev/tools/memory/maintenance_cron.py +289 -0
- icdev/tools/memory/memory_consolidation.py +444 -0
- icdev/tools/memory/memory_db.py +133 -0
- icdev/tools/memory/memory_read.py +102 -0
- icdev/tools/memory/memory_write.py +222 -0
- icdev/tools/memory/semantic_search.py +139 -0
- icdev/tools/memory/time_decay.py +435 -0
- icdev/tools/modernization/__init__.py +3 -0
- icdev/tools/modernization/architecture_extractor.py +734 -0
- icdev/tools/modernization/compliance_bridge.py +1499 -0
- icdev/tools/modernization/db_migration_planner.py +1385 -0
- icdev/tools/modernization/doc_generator.py +1428 -0
- icdev/tools/modernization/framework_migrator.py +1525 -0
- icdev/tools/modernization/legacy_analyzer.py +1948 -0
- icdev/tools/modernization/migration_code_generator.py +1639 -0
- icdev/tools/modernization/migration_report_generator.py +1653 -0
- icdev/tools/modernization/migration_tracker.py +1726 -0
- icdev/tools/modernization/monolith_decomposer.py +1508 -0
- icdev/tools/modernization/seven_r_assessor.py +1658 -0
- icdev/tools/modernization/strangler_fig_manager.py +1705 -0
- icdev/tools/modernization/ui_analyzer.py +771 -0
- icdev/tools/modernization/version_migrator.py +1392 -0
- icdev/tools/monitor/__init__.py +1 -0
- icdev/tools/monitor/alert_correlator.py +495 -0
- icdev/tools/monitor/auto_resolver.py +612 -0
- icdev/tools/monitor/health_checker.py +509 -0
- icdev/tools/monitor/heartbeat_daemon.py +792 -0
- icdev/tools/monitor/log_analyzer.py +516 -0
- icdev/tools/monitor/metric_collector.py +496 -0
- icdev/tools/mosa/__init__.py +10 -0
- icdev/tools/mosa/icd_generator.py +370 -0
- icdev/tools/mosa/modular_design_analyzer.py +683 -0
- icdev/tools/mosa/mosa_code_enforcer.py +349 -0
- icdev/tools/mosa/tsp_generator.py +265 -0
- icdev/tools/observability/__init__.py +100 -0
- icdev/tools/observability/genai_attributes.py +88 -0
- icdev/tools/observability/instrumentation.py +140 -0
- icdev/tools/observability/mlflow_exporter.py +194 -0
- icdev/tools/observability/otel_tracer.py +168 -0
- icdev/tools/observability/provenance/__init__.py +3 -0
- icdev/tools/observability/provenance/prov_recorder.py +324 -0
- icdev/tools/observability/shap/__init__.py +3 -0
- icdev/tools/observability/shap/agent_shap.py +275 -0
- icdev/tools/observability/sqlite_tracer.py +361 -0
- icdev/tools/observability/trace_context.py +205 -0
- icdev/tools/observability/tracer.py +230 -0
- icdev/tools/orchestration/__init__.py +2 -0
- icdev/tools/orchestration/workflow_composer.py +361 -0
- icdev/tools/project/__init__.py +1 -0
- icdev/tools/project/manifest_loader.py +418 -0
- icdev/tools/project/project_create.py +350 -0
- icdev/tools/project/project_list.py +174 -0
- icdev/tools/project/project_scaffold.py +1715 -0
- icdev/tools/project/project_status.py +479 -0
- icdev/tools/project/session_context_builder.py +757 -0
- icdev/tools/project/validate_manifest.py +55 -0
- icdev/tools/registry/__init__.py +10 -0
- icdev/tools/registry/absorption_engine.py +832 -0
- icdev/tools/registry/capability_evaluator.py +668 -0
- icdev/tools/registry/child_registry.py +617 -0
- icdev/tools/registry/cross_pollinator.py +1065 -0
- icdev/tools/registry/genome_manager.py +671 -0
- icdev/tools/registry/learning_collector.py +912 -0
- icdev/tools/registry/propagation_manager.py +942 -0
- icdev/tools/registry/staging_manager.py +742 -0
- icdev/tools/registry/telemetry_collector.py +423 -0
- icdev/tools/requirements/__init__.py +1 -0
- icdev/tools/requirements/ai_governance_scorer.py +208 -0
- icdev/tools/requirements/boundary_analyzer.py +1293 -0
- icdev/tools/requirements/clarification_engine.py +618 -0
- icdev/tools/requirements/complexity_scorer.py +387 -0
- icdev/tools/requirements/consistency_analyzer.py +803 -0
- icdev/tools/requirements/constitution_manager.py +605 -0
- icdev/tools/requirements/decomposition_engine.py +778 -0
- icdev/tools/requirements/document_extractor.py +1016 -0
- icdev/tools/requirements/elicitation_techniques.py +519 -0
- icdev/tools/requirements/gap_detector.py +271 -0
- icdev/tools/requirements/intake_engine.py +2188 -0
- icdev/tools/requirements/prd_generator.py +847 -0
- icdev/tools/requirements/prd_validator.py +595 -0
- icdev/tools/requirements/readiness_scorer.py +313 -0
- icdev/tools/requirements/spec_organizer.py +1029 -0
- icdev/tools/requirements/spec_quality_checker.py +1097 -0
- icdev/tools/requirements/traceability_builder.py +579 -0
- icdev/tools/resilience/__init__.py +34 -0
- icdev/tools/resilience/circuit_breaker.py +340 -0
- icdev/tools/resilience/correlation.py +150 -0
- icdev/tools/resilience/errors.py +81 -0
- icdev/tools/resilience/retry.py +95 -0
- icdev/tools/schemas/__init__.py +27 -0
- icdev/tools/schemas/chat.py +61 -0
- icdev/tools/schemas/compliance.py +56 -0
- icdev/tools/schemas/core.py +85 -0
- icdev/tools/schemas/innovation.py +37 -0
- icdev/tools/schemas/validation.py +109 -0
- icdev/tools/sdk/__init__.py +3 -0
- icdev/tools/sdk/icdev_client.py +218 -0
- icdev/tools/security/__init__.py +1 -0
- icdev/tools/security/agent_output_validator.py +330 -0
- icdev/tools/security/agent_trust_scorer.py +466 -0
- icdev/tools/security/ai_bom_generator.py +725 -0
- icdev/tools/security/ai_telemetry_logger.py +469 -0
- icdev/tools/security/atlas_red_team.py +543 -0
- icdev/tools/security/code_pattern_scanner.py +378 -0
- icdev/tools/security/confabulation_detector.py +271 -0
- icdev/tools/security/container_scanner.py +491 -0
- icdev/tools/security/dependency_auditor.py +944 -0
- icdev/tools/security/endpoint_security_scanner.py +579 -0
- icdev/tools/security/mcp_tool_authorizer.py +243 -0
- icdev/tools/security/prompt_injection_detector.py +737 -0
- icdev/tools/security/sast_runner.py +948 -0
- icdev/tools/security/secret_detector.py +378 -0
- icdev/tools/security/tool_chain_validator.py +357 -0
- icdev/tools/security/vuln_scanner.py +539 -0
- icdev/tools/simulation/__init__.py +2 -0
- icdev/tools/simulation/coa_generator.py +1552 -0
- icdev/tools/simulation/monte_carlo.py +758 -0
- icdev/tools/simulation/scenario_manager.py +1073 -0
- icdev/tools/simulation/simulation_engine.py +1104 -0
- icdev/tools/supply_chain/__init__.py +2 -0
- icdev/tools/supply_chain/cve_triager.py +705 -0
- icdev/tools/supply_chain/dependency_graph.py +645 -0
- icdev/tools/supply_chain/isa_manager.py +540 -0
- icdev/tools/supply_chain/scrm_assessor.py +546 -0
- icdev/tools/testing/__init__.py +2 -0
- icdev/tools/testing/acceptance_validator.py +411 -0
- icdev/tools/testing/claude_dir_validator.py +831 -0
- icdev/tools/testing/data_types.py +199 -0
- icdev/tools/testing/e2e_runner.py +715 -0
- icdev/tools/testing/fuzz_cli.py +306 -0
- icdev/tools/testing/health_check.py +483 -0
- icdev/tools/testing/platform_check.py +143 -0
- icdev/tools/testing/production_audit.py +1862 -0
- icdev/tools/testing/production_remediate.py +804 -0
- icdev/tools/testing/screenshot_validator.py +539 -0
- icdev/tools/testing/smoke_test.py +283 -0
- icdev/tools/testing/test_agent_models.py +117 -0
- icdev/tools/testing/test_orchestrator.py +957 -0
- icdev/tools/testing/utils.py +229 -0
- icdev/tools/translation/__init__.py +17 -0
- icdev/tools/translation/code_translator.py +550 -0
- icdev/tools/translation/dependency_mapper.py +277 -0
- icdev/tools/translation/feature_map.py +395 -0
- icdev/tools/translation/project_assembler.py +439 -0
- icdev/tools/translation/source_extractor.py +609 -0
- icdev/tools/translation/test_translator.py +333 -0
- icdev/tools/translation/translation_manager.py +582 -0
- icdev/tools/translation/translation_validator.py +662 -0
- icdev/tools/translation/type_checker.py +371 -0
- icdev-1.0.0.dist-info/METADATA +868 -0
- icdev-1.0.0.dist-info/RECORD +1105 -0
- icdev-1.0.0.dist-info/WHEEL +5 -0
- icdev-1.0.0.dist-info/entry_points.txt +9 -0
- icdev-1.0.0.dist-info/licenses/LICENSE +254 -0
- icdev-1.0.0.dist-info/licenses/NOTICE +268 -0
- icdev-1.0.0.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,1236 @@
|
|
|
1
|
+
#!/usr/bin/env python3
|
|
2
|
+
# CUI // SP-CTI
|
|
3
|
+
"""Secure by Design (SbD) report generator.
|
|
4
|
+
|
|
5
|
+
Loads sbd_report_template.md, queries sbd_assessments table, builds domain scores
|
|
6
|
+
and CISA commitment status, generates a comprehensive SbD assessment report with
|
|
7
|
+
CUI markings."""
|
|
8
|
+
|
|
9
|
+
import argparse
|
|
10
|
+
import json
|
|
11
|
+
import re
|
|
12
|
+
import sqlite3
|
|
13
|
+
import sys
|
|
14
|
+
from datetime import datetime, timedelta, timezone
|
|
15
|
+
from pathlib import Path
|
|
16
|
+
from icdev._paths import get_project_root
|
|
17
|
+
|
|
18
|
+
BASE_DIR = get_project_root()
|
|
19
|
+
DB_PATH = BASE_DIR / "data" / "icdev.db"
|
|
20
|
+
SBD_TEMPLATE_PATH = BASE_DIR / "context" / "compliance" / "sbd_report_template.md"
|
|
21
|
+
SBD_REQUIREMENTS_PATH = BASE_DIR / "context" / "compliance" / "cisa_sbd_requirements.json"
|
|
22
|
+
|
|
23
|
+
# SbD domains as defined in the CISA requirements catalog
|
|
24
|
+
SBD_DOMAINS = [
|
|
25
|
+
"Authentication",
|
|
26
|
+
"Memory Safety",
|
|
27
|
+
"Vulnerability Management",
|
|
28
|
+
"Intrusion Evidence",
|
|
29
|
+
"Cryptography",
|
|
30
|
+
"Access Control",
|
|
31
|
+
"Input Handling",
|
|
32
|
+
"Error Handling",
|
|
33
|
+
"Supply Chain",
|
|
34
|
+
"Threat Modeling",
|
|
35
|
+
"Defense in Depth",
|
|
36
|
+
"Secure Defaults",
|
|
37
|
+
"CUI Compliance",
|
|
38
|
+
"DoD Software Assurance",
|
|
39
|
+
]
|
|
40
|
+
|
|
41
|
+
# CISA Secure by Design commitments (7 pledges)
|
|
42
|
+
CISA_COMMITMENTS = {
|
|
43
|
+
1: "Multi-Factor Authentication",
|
|
44
|
+
2: "Default Password Elimination",
|
|
45
|
+
3: "Vulnerability Class Reduction",
|
|
46
|
+
4: "Security Patch Deployment",
|
|
47
|
+
5: "Vulnerability Disclosure Policy",
|
|
48
|
+
6: "CVE Transparency",
|
|
49
|
+
7: "Intrusion Evidence Collection",
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
# Priority ordering for remediation
|
|
53
|
+
PRIORITY_ORDER = ["critical", "high", "medium", "low"]
|
|
54
|
+
|
|
55
|
+
|
|
56
|
+
# ---------------------------------------------------------------------------
|
|
57
|
+
# Helper functions
|
|
58
|
+
# ---------------------------------------------------------------------------
|
|
59
|
+
|
|
60
|
+
def _get_connection(db_path=None):
|
|
61
|
+
"""Get a database connection with Row factory."""
|
|
62
|
+
path = db_path or DB_PATH
|
|
63
|
+
if not path.exists():
|
|
64
|
+
raise FileNotFoundError(
|
|
65
|
+
f"Database not found: {path}\n"
|
|
66
|
+
"Run: python tools/db/init_icdev_db.py"
|
|
67
|
+
)
|
|
68
|
+
conn = sqlite3.connect(str(path))
|
|
69
|
+
conn.row_factory = sqlite3.Row
|
|
70
|
+
return conn
|
|
71
|
+
|
|
72
|
+
|
|
73
|
+
def _load_template(template_path=None):
|
|
74
|
+
"""Load the SbD report template markdown.
|
|
75
|
+
|
|
76
|
+
If the template file does not exist a minimal built-in template is
|
|
77
|
+
returned so the generator can still produce a useful report.
|
|
78
|
+
"""
|
|
79
|
+
path = template_path or SBD_TEMPLATE_PATH
|
|
80
|
+
if path.exists():
|
|
81
|
+
with open(path, "r", encoding="utf-8") as f:
|
|
82
|
+
return f.read()
|
|
83
|
+
|
|
84
|
+
# Fallback minimal template when file is missing
|
|
85
|
+
return _builtin_template()
|
|
86
|
+
|
|
87
|
+
|
|
88
|
+
def _builtin_template():
|
|
89
|
+
"""Return a minimal built-in SbD report template."""
|
|
90
|
+
return (
|
|
91
|
+
"{{cui_banner_top}}\n\n"
|
|
92
|
+
"# Secure by Design Assessment Report\n\n"
|
|
93
|
+
"**Project:** {{project_name}}\n"
|
|
94
|
+
"**Project ID:** {{project_id}}\n"
|
|
95
|
+
"**Classification:** {{classification}}\n"
|
|
96
|
+
"**Assessment Date:** {{assessment_date}}\n"
|
|
97
|
+
"**Report Version:** {{version}}\n"
|
|
98
|
+
"**Assessor:** {{assessor}}\n"
|
|
99
|
+
"**Framework:** CISA Secure by Design + DoDI 5000.87 + NIST SP 800-218 SSDF\n\n"
|
|
100
|
+
"---\n\n"
|
|
101
|
+
"## 1. Executive Summary\n\n"
|
|
102
|
+
"**Overall SbD Score:** {{overall_score}}%\n"
|
|
103
|
+
"**Gate Result:** {{gate_result}}\n"
|
|
104
|
+
"**Domains Assessed:** {{domains_assessed}} / 14\n"
|
|
105
|
+
"**Critical Requirements Not Satisfied:** {{critical_not_satisfied}}\n\n"
|
|
106
|
+
"{{executive_summary}}\n\n"
|
|
107
|
+
"## 2. CISA Secure by Design Commitment Status\n\n"
|
|
108
|
+
"The following table shows compliance with the 7 CISA Secure by Design commitments:\n\n"
|
|
109
|
+
"{{cisa_commitment_table}}\n\n"
|
|
110
|
+
"## 3. Domain Assessment Summary\n\n"
|
|
111
|
+
"{{domain_scores_table}}\n\n"
|
|
112
|
+
"## 4. Detailed Domain Assessments\n\n"
|
|
113
|
+
"{{domain_details}}\n\n"
|
|
114
|
+
"## 5. Auto-Check Results\n\n"
|
|
115
|
+
"{{auto_check_results}}\n\n"
|
|
116
|
+
"## 6. Manual Review Items\n\n"
|
|
117
|
+
"The following requirements require manual verification:\n\n"
|
|
118
|
+
"{{manual_review_items}}\n\n"
|
|
119
|
+
"## 7. Findings and Remediation\n\n"
|
|
120
|
+
"### Critical Findings\n"
|
|
121
|
+
"{{critical_findings}}\n\n"
|
|
122
|
+
"### Remediation Recommendations\n"
|
|
123
|
+
"{{remediation_table}}\n\n"
|
|
124
|
+
"## 8. Evidence Artifacts\n\n"
|
|
125
|
+
"{{evidence_summary}}\n\n"
|
|
126
|
+
"## 9. NIST 800-53 Control Mapping\n\n"
|
|
127
|
+
"{{nist_control_mapping}}\n\n"
|
|
128
|
+
"## 10. Assessment Methodology\n\n"
|
|
129
|
+
"This assessment was conducted using the ICDEV SbD Assessor tool against the "
|
|
130
|
+
"CISA Secure by Design requirements catalog (35 requirements across 14 domains). "
|
|
131
|
+
"Automated checks were performed where possible; requirements marked as \"semi\" "
|
|
132
|
+
"or \"manual\" are flagged for human review.\n\n"
|
|
133
|
+
"**Scoring Formula:** Score = 100 x (satisfied + partially_satisfied x 0.5 + "
|
|
134
|
+
"risk_accepted x 0.75) / assessable_count\n\n"
|
|
135
|
+
"**Gate Logic:** PASS if 0 critical-priority requirements have status "
|
|
136
|
+
"\"not_satisfied\"\n\n"
|
|
137
|
+
"---\n\n"
|
|
138
|
+
"**Prepared by:** {{assessor}}\n"
|
|
139
|
+
"**Date:** {{assessment_date}}\n\n"
|
|
140
|
+
"{{cui_banner_bottom}}\n"
|
|
141
|
+
)
|
|
142
|
+
|
|
143
|
+
|
|
144
|
+
def _get_project_data(conn, project_id):
|
|
145
|
+
"""Load project record from database."""
|
|
146
|
+
row = conn.execute(
|
|
147
|
+
"SELECT * FROM projects WHERE id = ?", (project_id,)
|
|
148
|
+
).fetchone()
|
|
149
|
+
if not row:
|
|
150
|
+
raise ValueError(f"Project '{project_id}' not found in database.")
|
|
151
|
+
return dict(row)
|
|
152
|
+
|
|
153
|
+
|
|
154
|
+
def _load_cui_config():
|
|
155
|
+
"""Load CUI marking configuration.
|
|
156
|
+
|
|
157
|
+
Attempts to import load_cui_config from the cui_marker module;
|
|
158
|
+
falls back to sensible defaults if unavailable.
|
|
159
|
+
"""
|
|
160
|
+
try:
|
|
161
|
+
from icdev.tools.compliance.cui_marker import load_cui_config as _load
|
|
162
|
+
return _load()
|
|
163
|
+
except Exception:
|
|
164
|
+
pass
|
|
165
|
+
|
|
166
|
+
# Try relative import
|
|
167
|
+
try:
|
|
168
|
+
cui_marker_path = Path(__file__).resolve().parent / "cui_marker.py"
|
|
169
|
+
if cui_marker_path.exists():
|
|
170
|
+
import importlib.util
|
|
171
|
+
spec = importlib.util.spec_from_file_location("cui_marker", cui_marker_path)
|
|
172
|
+
mod = importlib.util.module_from_spec(spec)
|
|
173
|
+
spec.loader.exec_module(mod)
|
|
174
|
+
return mod.load_cui_config()
|
|
175
|
+
except Exception:
|
|
176
|
+
pass
|
|
177
|
+
|
|
178
|
+
return {
|
|
179
|
+
"banner_top": "CUI // SP-CTI",
|
|
180
|
+
"banner_bottom": "CUI // SP-CTI",
|
|
181
|
+
"document_header": (
|
|
182
|
+
"////////////////////////////////////////////////////////////////////\n"
|
|
183
|
+
"CONTROLLED UNCLASSIFIED INFORMATION (CUI) // SP-CTI\n"
|
|
184
|
+
"Distribution: Distribution D -- Authorized DoD Personnel Only\n"
|
|
185
|
+
"////////////////////////////////////////////////////////////////////"
|
|
186
|
+
),
|
|
187
|
+
"document_footer": (
|
|
188
|
+
"////////////////////////////////////////////////////////////////////\n"
|
|
189
|
+
"CUI // SP-CTI | Department of Defense\n"
|
|
190
|
+
"////////////////////////////////////////////////////////////////////"
|
|
191
|
+
),
|
|
192
|
+
}
|
|
193
|
+
|
|
194
|
+
|
|
195
|
+
def _load_sbd_requirements():
|
|
196
|
+
"""Load the CISA SbD requirements catalog for reference data.
|
|
197
|
+
|
|
198
|
+
Returns a dict keyed by requirement ID with full requirement metadata
|
|
199
|
+
including domain, cisa_commitment, priority, nist_controls, etc.
|
|
200
|
+
Falls back to an empty dict if the file is unavailable.
|
|
201
|
+
"""
|
|
202
|
+
path = SBD_REQUIREMENTS_PATH
|
|
203
|
+
if not path.exists():
|
|
204
|
+
return {}
|
|
205
|
+
|
|
206
|
+
try:
|
|
207
|
+
with open(path, "r", encoding="utf-8") as f:
|
|
208
|
+
data = json.load(f)
|
|
209
|
+
requirements = {}
|
|
210
|
+
for req in data.get("requirements", []):
|
|
211
|
+
requirements[req["id"]] = req
|
|
212
|
+
return requirements
|
|
213
|
+
except (json.JSONDecodeError, KeyError, TypeError) as e:
|
|
214
|
+
print(f"Warning: Could not load SbD requirements catalog: {e}", file=sys.stderr)
|
|
215
|
+
return {}
|
|
216
|
+
|
|
217
|
+
|
|
218
|
+
# ---------------------------------------------------------------------------
|
|
219
|
+
# Data retrieval
|
|
220
|
+
# ---------------------------------------------------------------------------
|
|
221
|
+
|
|
222
|
+
def _get_sbd_assessments(conn, project_id):
|
|
223
|
+
"""Retrieve all SbD assessment results for a project."""
|
|
224
|
+
rows = conn.execute(
|
|
225
|
+
"""SELECT * FROM sbd_assessments
|
|
226
|
+
WHERE project_id = ?
|
|
227
|
+
ORDER BY domain, requirement_id""",
|
|
228
|
+
(project_id,),
|
|
229
|
+
).fetchall()
|
|
230
|
+
return [dict(r) for r in rows]
|
|
231
|
+
|
|
232
|
+
|
|
233
|
+
def _get_stig_findings(conn, project_id):
|
|
234
|
+
"""Retrieve STIG finding counts grouped by severity and status for cross-reference."""
|
|
235
|
+
rows = conn.execute(
|
|
236
|
+
"""SELECT severity, status, COUNT(*) as cnt
|
|
237
|
+
FROM stig_findings WHERE project_id = ?
|
|
238
|
+
GROUP BY severity, status""",
|
|
239
|
+
(project_id,),
|
|
240
|
+
).fetchall()
|
|
241
|
+
return [dict(r) for r in rows]
|
|
242
|
+
|
|
243
|
+
|
|
244
|
+
def _get_sbom_records(conn, project_id):
|
|
245
|
+
"""Retrieve SBOM records for supply chain status cross-reference."""
|
|
246
|
+
rows = conn.execute(
|
|
247
|
+
"""SELECT * FROM sbom_records
|
|
248
|
+
WHERE project_id = ?
|
|
249
|
+
ORDER BY generated_at DESC""",
|
|
250
|
+
(project_id,),
|
|
251
|
+
).fetchall()
|
|
252
|
+
return [dict(r) for r in rows]
|
|
253
|
+
|
|
254
|
+
|
|
255
|
+
# ---------------------------------------------------------------------------
|
|
256
|
+
# Score calculation
|
|
257
|
+
# ---------------------------------------------------------------------------
|
|
258
|
+
|
|
259
|
+
def _calculate_domain_scores(assessments):
|
|
260
|
+
"""Calculate a compliance score for each SbD domain.
|
|
261
|
+
|
|
262
|
+
Score formula:
|
|
263
|
+
score = 100 * (satisfied + partially_satisfied*0.5 + risk_accepted*0.75)
|
|
264
|
+
/ total (excluding not_applicable)
|
|
265
|
+
|
|
266
|
+
Returns:
|
|
267
|
+
dict mapping domain name to a dict with score, total, and
|
|
268
|
+
per-status counts.
|
|
269
|
+
"""
|
|
270
|
+
area_data = {domain: [] for domain in SBD_DOMAINS}
|
|
271
|
+
for a in assessments:
|
|
272
|
+
dom = a.get("domain")
|
|
273
|
+
if dom in area_data:
|
|
274
|
+
area_data[dom].append(a)
|
|
275
|
+
|
|
276
|
+
results = {}
|
|
277
|
+
for domain in SBD_DOMAINS:
|
|
278
|
+
items = area_data[domain]
|
|
279
|
+
total = len(items)
|
|
280
|
+
if total == 0:
|
|
281
|
+
results[domain] = {
|
|
282
|
+
"score": 0.0,
|
|
283
|
+
"total": 0,
|
|
284
|
+
"satisfied": 0,
|
|
285
|
+
"partially_satisfied": 0,
|
|
286
|
+
"not_satisfied": 0,
|
|
287
|
+
"not_applicable": 0,
|
|
288
|
+
"not_assessed": 0,
|
|
289
|
+
"risk_accepted": 0,
|
|
290
|
+
}
|
|
291
|
+
continue
|
|
292
|
+
|
|
293
|
+
satisfied = sum(1 for i in items if i["status"] == "satisfied")
|
|
294
|
+
partially = sum(1 for i in items if i["status"] == "partially_satisfied")
|
|
295
|
+
not_satisfied = sum(1 for i in items if i["status"] == "not_satisfied")
|
|
296
|
+
not_applicable = sum(1 for i in items if i["status"] == "not_applicable")
|
|
297
|
+
not_assessed = sum(1 for i in items if i["status"] == "not_assessed")
|
|
298
|
+
risk_accepted = sum(1 for i in items if i["status"] == "risk_accepted")
|
|
299
|
+
|
|
300
|
+
# Denominator excludes not_applicable
|
|
301
|
+
scoreable = total - not_applicable
|
|
302
|
+
if scoreable > 0:
|
|
303
|
+
score = 100.0 * (
|
|
304
|
+
satisfied + partially * 0.5 + risk_accepted * 0.75
|
|
305
|
+
) / scoreable
|
|
306
|
+
else:
|
|
307
|
+
score = 100.0 # All N/A means fully compliant for this domain
|
|
308
|
+
|
|
309
|
+
results[domain] = {
|
|
310
|
+
"score": round(score, 1),
|
|
311
|
+
"total": total,
|
|
312
|
+
"satisfied": satisfied,
|
|
313
|
+
"partially_satisfied": partially,
|
|
314
|
+
"not_satisfied": not_satisfied,
|
|
315
|
+
"not_applicable": not_applicable,
|
|
316
|
+
"not_assessed": not_assessed,
|
|
317
|
+
"risk_accepted": risk_accepted,
|
|
318
|
+
}
|
|
319
|
+
|
|
320
|
+
return results
|
|
321
|
+
|
|
322
|
+
|
|
323
|
+
def _calculate_cisa_commitment_status(assessments, requirements):
|
|
324
|
+
"""Map each of 7 CISA commitments to a compliance status.
|
|
325
|
+
|
|
326
|
+
Uses the requirements catalog to determine which requirements map to
|
|
327
|
+
each CISA commitment number. For each commitment, gathers assessments
|
|
328
|
+
for the matching requirements and determines overall status.
|
|
329
|
+
|
|
330
|
+
Status logic:
|
|
331
|
+
- All satisfied -> "Compliant"
|
|
332
|
+
- Any partially_satisfied (none not_satisfied) -> "Partially Compliant"
|
|
333
|
+
- Any not_satisfied -> "Non-Compliant"
|
|
334
|
+
- No assessments -> "Not Assessed"
|
|
335
|
+
|
|
336
|
+
Returns:
|
|
337
|
+
list of dicts with commitment_num, title, status, count,
|
|
338
|
+
satisfied_count.
|
|
339
|
+
"""
|
|
340
|
+
# Build mapping: commitment_num -> list of requirement IDs
|
|
341
|
+
commitment_reqs = {num: [] for num in range(1, 8)}
|
|
342
|
+
for req_id, req_data in requirements.items():
|
|
343
|
+
cisa_num = req_data.get("cisa_commitment")
|
|
344
|
+
if cisa_num and cisa_num in commitment_reqs:
|
|
345
|
+
commitment_reqs[cisa_num].append(req_id)
|
|
346
|
+
|
|
347
|
+
# Build mapping: requirement_id -> assessment
|
|
348
|
+
assessment_map = {}
|
|
349
|
+
for a in assessments:
|
|
350
|
+
assessment_map[a.get("requirement_id")] = a
|
|
351
|
+
|
|
352
|
+
results = []
|
|
353
|
+
for num in range(1, 8):
|
|
354
|
+
title = CISA_COMMITMENTS.get(num, f"Commitment {num}")
|
|
355
|
+
req_ids = commitment_reqs[num]
|
|
356
|
+
count = len(req_ids)
|
|
357
|
+
|
|
358
|
+
if count == 0:
|
|
359
|
+
results.append({
|
|
360
|
+
"commitment_num": num,
|
|
361
|
+
"title": title,
|
|
362
|
+
"status": "Not Assessed",
|
|
363
|
+
"count": 0,
|
|
364
|
+
"satisfied_count": 0,
|
|
365
|
+
})
|
|
366
|
+
continue
|
|
367
|
+
|
|
368
|
+
# Gather statuses for this commitment's requirements
|
|
369
|
+
statuses = []
|
|
370
|
+
satisfied_count = 0
|
|
371
|
+
for req_id in req_ids:
|
|
372
|
+
a = assessment_map.get(req_id)
|
|
373
|
+
if a:
|
|
374
|
+
st = a.get("status", "not_assessed")
|
|
375
|
+
statuses.append(st)
|
|
376
|
+
if st == "satisfied":
|
|
377
|
+
satisfied_count += 1
|
|
378
|
+
else:
|
|
379
|
+
statuses.append("not_assessed")
|
|
380
|
+
|
|
381
|
+
# Determine commitment status
|
|
382
|
+
if all(s == "satisfied" for s in statuses):
|
|
383
|
+
status = "Compliant"
|
|
384
|
+
elif all(s in ("satisfied", "risk_accepted") for s in statuses):
|
|
385
|
+
status = "Compliant"
|
|
386
|
+
elif any(s == "not_satisfied" for s in statuses):
|
|
387
|
+
status = "Non-Compliant"
|
|
388
|
+
elif any(s == "partially_satisfied" for s in statuses):
|
|
389
|
+
status = "Partially Compliant"
|
|
390
|
+
elif any(s == "not_assessed" for s in statuses):
|
|
391
|
+
status = "Not Assessed"
|
|
392
|
+
else:
|
|
393
|
+
status = "Partially Compliant"
|
|
394
|
+
|
|
395
|
+
results.append({
|
|
396
|
+
"commitment_num": num,
|
|
397
|
+
"title": title,
|
|
398
|
+
"status": status,
|
|
399
|
+
"count": count,
|
|
400
|
+
"satisfied_count": satisfied_count,
|
|
401
|
+
})
|
|
402
|
+
|
|
403
|
+
return results
|
|
404
|
+
|
|
405
|
+
|
|
406
|
+
def _calculate_overall_status(domain_scores):
|
|
407
|
+
"""Determine overall status from domain scores.
|
|
408
|
+
|
|
409
|
+
Returns:
|
|
410
|
+
tuple of (overall_score, overall_status_label)
|
|
411
|
+
"""
|
|
412
|
+
scoreable_domains = [v for v in domain_scores.values() if v["total"] > 0]
|
|
413
|
+
if not scoreable_domains:
|
|
414
|
+
return 0.0, "Non-Compliant"
|
|
415
|
+
|
|
416
|
+
overall = sum(d["score"] for d in scoreable_domains) / len(scoreable_domains)
|
|
417
|
+
overall = round(overall, 1)
|
|
418
|
+
|
|
419
|
+
if overall >= 80:
|
|
420
|
+
status = "Compliant"
|
|
421
|
+
elif overall >= 50:
|
|
422
|
+
status = "Partially Compliant"
|
|
423
|
+
else:
|
|
424
|
+
status = "Non-Compliant"
|
|
425
|
+
|
|
426
|
+
return overall, status
|
|
427
|
+
|
|
428
|
+
|
|
429
|
+
# ---------------------------------------------------------------------------
|
|
430
|
+
# Section builder functions
|
|
431
|
+
# ---------------------------------------------------------------------------
|
|
432
|
+
|
|
433
|
+
def _build_domain_scores_table(domain_scores):
|
|
434
|
+
"""Build a markdown table summarising per-domain scores."""
|
|
435
|
+
lines = [
|
|
436
|
+
"| Domain | Score | Satisfied | Partial | Not Satisfied | Not Assessed | N/A | Risk Accepted |",
|
|
437
|
+
"|--------|------:|----------:|--------:|--------------:|-------------:|----:|--------------:|",
|
|
438
|
+
]
|
|
439
|
+
for domain in SBD_DOMAINS:
|
|
440
|
+
s = domain_scores.get(domain, {})
|
|
441
|
+
if s.get("total", 0) == 0:
|
|
442
|
+
continue
|
|
443
|
+
lines.append(
|
|
444
|
+
f"| {domain} | {s.get('score', 0.0):.1f}% "
|
|
445
|
+
f"| {s.get('satisfied', 0)} "
|
|
446
|
+
f"| {s.get('partially_satisfied', 0)} "
|
|
447
|
+
f"| {s.get('not_satisfied', 0)} "
|
|
448
|
+
f"| {s.get('not_assessed', 0)} "
|
|
449
|
+
f"| {s.get('not_applicable', 0)} "
|
|
450
|
+
f"| {s.get('risk_accepted', 0)} |"
|
|
451
|
+
)
|
|
452
|
+
|
|
453
|
+
return "\n".join(lines)
|
|
454
|
+
|
|
455
|
+
|
|
456
|
+
def _build_cisa_commitment_table(cisa_status):
|
|
457
|
+
"""Build a markdown table of CISA commitment statuses."""
|
|
458
|
+
lines = [
|
|
459
|
+
"| # | Commitment | Status | Requirements | Satisfied |",
|
|
460
|
+
"|---|-----------|--------|-------------:|----------:|",
|
|
461
|
+
]
|
|
462
|
+
for c in cisa_status:
|
|
463
|
+
num = c["commitment_num"]
|
|
464
|
+
title = c["title"]
|
|
465
|
+
status = c["status"]
|
|
466
|
+
count = c["count"]
|
|
467
|
+
satisfied = c["satisfied_count"]
|
|
468
|
+
lines.append(
|
|
469
|
+
f"| {num} | {title} | {status} | {count} | {satisfied} |"
|
|
470
|
+
)
|
|
471
|
+
|
|
472
|
+
return "\n".join(lines)
|
|
473
|
+
|
|
474
|
+
|
|
475
|
+
def _build_domain_details(assessments, domain_scores):
|
|
476
|
+
"""Build markdown detail sections for each assessed domain.
|
|
477
|
+
|
|
478
|
+
Each domain gets a sub-heading and a table listing every requirement
|
|
479
|
+
with its status, evidence description, and notes.
|
|
480
|
+
"""
|
|
481
|
+
domain_data = {domain: [] for domain in SBD_DOMAINS}
|
|
482
|
+
for a in assessments:
|
|
483
|
+
dom = a.get("domain")
|
|
484
|
+
if dom in domain_data:
|
|
485
|
+
domain_data[dom].append(a)
|
|
486
|
+
|
|
487
|
+
sections = []
|
|
488
|
+
for domain in SBD_DOMAINS:
|
|
489
|
+
items = domain_data[domain]
|
|
490
|
+
s = domain_scores.get(domain, {})
|
|
491
|
+
score = s.get("score", 0.0)
|
|
492
|
+
|
|
493
|
+
# Skip domains with no assessments
|
|
494
|
+
if not items and s.get("total", 0) == 0:
|
|
495
|
+
continue
|
|
496
|
+
|
|
497
|
+
sections.append(f"### {domain} ({score:.1f}%)")
|
|
498
|
+
sections.append("")
|
|
499
|
+
|
|
500
|
+
if not items:
|
|
501
|
+
sections.append("*No assessments recorded for this domain.*")
|
|
502
|
+
sections.append("")
|
|
503
|
+
continue
|
|
504
|
+
|
|
505
|
+
sections.append(
|
|
506
|
+
"| Requirement ID | Status | Automation | Evidence | Notes |"
|
|
507
|
+
)
|
|
508
|
+
sections.append(
|
|
509
|
+
"|----------------|--------|------------|----------|-------|"
|
|
510
|
+
)
|
|
511
|
+
for item in sorted(items, key=lambda x: x.get("requirement_id", "")):
|
|
512
|
+
req_id = item.get("requirement_id", "N/A")
|
|
513
|
+
status = item.get("status", "not_assessed")
|
|
514
|
+
automation = item.get("automation_result", "N/A") or "N/A"
|
|
515
|
+
evidence = (item.get("evidence_description") or "").replace("\n", " ").strip()
|
|
516
|
+
notes = (item.get("notes") or "").replace("\n", " ").strip()
|
|
517
|
+
# Truncate long fields for table readability
|
|
518
|
+
if len(evidence) > 80:
|
|
519
|
+
evidence = evidence[:77] + "..."
|
|
520
|
+
if len(notes) > 80:
|
|
521
|
+
notes = notes[:77] + "..."
|
|
522
|
+
if len(automation) > 30:
|
|
523
|
+
automation = automation[:27] + "..."
|
|
524
|
+
sections.append(
|
|
525
|
+
f"| {req_id} | {status} | {automation} | {evidence} | {notes} |"
|
|
526
|
+
)
|
|
527
|
+
sections.append("")
|
|
528
|
+
|
|
529
|
+
return "\n".join(sections)
|
|
530
|
+
|
|
531
|
+
|
|
532
|
+
def _build_findings_table(assessments):
|
|
533
|
+
"""Build a table of not_satisfied requirements grouped by domain.
|
|
534
|
+
|
|
535
|
+
Lists all findings that are not satisfied, ordered by domain then
|
|
536
|
+
requirement ID.
|
|
537
|
+
"""
|
|
538
|
+
findings = [
|
|
539
|
+
a for a in assessments if a.get("status") == "not_satisfied"
|
|
540
|
+
]
|
|
541
|
+
if not findings:
|
|
542
|
+
return "*No findings requiring remediation.*"
|
|
543
|
+
|
|
544
|
+
lines = [
|
|
545
|
+
"| Domain | Requirement ID | Evidence | Notes |",
|
|
546
|
+
"|--------|----------------|----------|-------|",
|
|
547
|
+
]
|
|
548
|
+
for domain in SBD_DOMAINS:
|
|
549
|
+
domain_findings = [f for f in findings if f.get("domain") == domain]
|
|
550
|
+
for f in sorted(domain_findings, key=lambda x: x.get("requirement_id", "")):
|
|
551
|
+
evidence = (f.get("evidence_description") or "").replace("\n", " ").strip()
|
|
552
|
+
notes = (f.get("notes") or "").replace("\n", " ").strip()
|
|
553
|
+
if len(evidence) > 60:
|
|
554
|
+
evidence = evidence[:57] + "..."
|
|
555
|
+
if len(notes) > 60:
|
|
556
|
+
notes = notes[:57] + "..."
|
|
557
|
+
lines.append(
|
|
558
|
+
f"| {domain} | {f.get('requirement_id', 'N/A')} "
|
|
559
|
+
f"| {evidence} | {notes} |"
|
|
560
|
+
)
|
|
561
|
+
|
|
562
|
+
return "\n".join(lines)
|
|
563
|
+
|
|
564
|
+
|
|
565
|
+
def _build_remediation_table(assessments):
|
|
566
|
+
"""Build table of findings needing remediation with priority.
|
|
567
|
+
|
|
568
|
+
Priority is derived from the requirement priority in the catalog.
|
|
569
|
+
Default remediation windows: critical=14 days, high=30 days,
|
|
570
|
+
medium=60 days, low=90 days.
|
|
571
|
+
"""
|
|
572
|
+
DEFAULT_WINDOWS = {
|
|
573
|
+
"critical": 14,
|
|
574
|
+
"high": 30,
|
|
575
|
+
"medium": 60,
|
|
576
|
+
"low": 90,
|
|
577
|
+
}
|
|
578
|
+
|
|
579
|
+
# Load requirements for priority data
|
|
580
|
+
requirements = _load_sbd_requirements()
|
|
581
|
+
|
|
582
|
+
needing_remediation = [
|
|
583
|
+
a for a in assessments
|
|
584
|
+
if a.get("status") in ("not_satisfied", "partially_satisfied")
|
|
585
|
+
]
|
|
586
|
+
if not needing_remediation:
|
|
587
|
+
return "*No items require remediation at this time.*"
|
|
588
|
+
|
|
589
|
+
now = datetime.now(timezone.utc)
|
|
590
|
+
lines = [
|
|
591
|
+
"| Requirement ID | Domain | Current Status | Priority | Target Date | Remediation |",
|
|
592
|
+
"|----------------|--------|----------------|----------|-------------|-------------|",
|
|
593
|
+
]
|
|
594
|
+
|
|
595
|
+
for item in sorted(needing_remediation,
|
|
596
|
+
key=lambda x: (
|
|
597
|
+
PRIORITY_ORDER.index(
|
|
598
|
+
requirements.get(x.get("requirement_id", ""), {}).get("priority", "low")
|
|
599
|
+
) if requirements.get(x.get("requirement_id", ""), {}).get("priority", "low") in PRIORITY_ORDER else 99,
|
|
600
|
+
x.get("domain", ""),
|
|
601
|
+
x.get("requirement_id", ""),
|
|
602
|
+
)):
|
|
603
|
+
req_id = item.get("requirement_id", "N/A")
|
|
604
|
+
domain = item.get("domain", "N/A")
|
|
605
|
+
status = item.get("status", "N/A")
|
|
606
|
+
|
|
607
|
+
# Get priority from requirements catalog
|
|
608
|
+
req_data = requirements.get(req_id, {})
|
|
609
|
+
priority = req_data.get("priority", "medium")
|
|
610
|
+
title = req_data.get("title", "")
|
|
611
|
+
|
|
612
|
+
# Determine target date based on priority
|
|
613
|
+
window_days = DEFAULT_WINDOWS.get(priority, 60)
|
|
614
|
+
target = (now + timedelta(days=window_days)).strftime("%Y-%m-%d")
|
|
615
|
+
|
|
616
|
+
# Remediation suggestion
|
|
617
|
+
if status == "not_satisfied":
|
|
618
|
+
remediation = f"Implement {title}" if title else "Full implementation required"
|
|
619
|
+
else:
|
|
620
|
+
remediation = f"Complete {title}" if title else "Complete partial implementation"
|
|
621
|
+
|
|
622
|
+
if len(remediation) > 50:
|
|
623
|
+
remediation = remediation[:47] + "..."
|
|
624
|
+
|
|
625
|
+
lines.append(
|
|
626
|
+
f"| {req_id} | {domain} | {status} | {priority} | {target} | {remediation} |"
|
|
627
|
+
)
|
|
628
|
+
|
|
629
|
+
return "\n".join(lines)
|
|
630
|
+
|
|
631
|
+
|
|
632
|
+
def _build_evidence_summary(assessments):
|
|
633
|
+
"""Count evidence artifacts by domain."""
|
|
634
|
+
domain_counts = {domain: {"with_evidence": 0, "without_evidence": 0, "total": 0}
|
|
635
|
+
for domain in SBD_DOMAINS}
|
|
636
|
+
|
|
637
|
+
for a in assessments:
|
|
638
|
+
dom = a.get("domain")
|
|
639
|
+
if dom not in domain_counts:
|
|
640
|
+
continue
|
|
641
|
+
domain_counts[dom]["total"] += 1
|
|
642
|
+
if a.get("evidence_path") or a.get("evidence_description"):
|
|
643
|
+
domain_counts[dom]["with_evidence"] += 1
|
|
644
|
+
else:
|
|
645
|
+
domain_counts[dom]["without_evidence"] += 1
|
|
646
|
+
|
|
647
|
+
lines = [
|
|
648
|
+
"| Domain | Total Requirements | With Evidence | Without Evidence | Coverage |",
|
|
649
|
+
"|--------|-------------------:|--------------:|-----------------:|---------:|",
|
|
650
|
+
]
|
|
651
|
+
for domain in SBD_DOMAINS:
|
|
652
|
+
c = domain_counts[domain]
|
|
653
|
+
if c["total"] == 0:
|
|
654
|
+
continue
|
|
655
|
+
coverage = (
|
|
656
|
+
f"{100.0 * c['with_evidence'] / c['total']:.0f}%"
|
|
657
|
+
if c["total"] > 0 else "N/A"
|
|
658
|
+
)
|
|
659
|
+
lines.append(
|
|
660
|
+
f"| {domain} | {c['total']} | {c['with_evidence']} "
|
|
661
|
+
f"| {c['without_evidence']} | {coverage} |"
|
|
662
|
+
)
|
|
663
|
+
|
|
664
|
+
total_all = sum(c["total"] for c in domain_counts.values())
|
|
665
|
+
total_with = sum(c["with_evidence"] for c in domain_counts.values())
|
|
666
|
+
total_without = sum(c["without_evidence"] for c in domain_counts.values())
|
|
667
|
+
total_cov = f"{100.0 * total_with / total_all:.0f}%" if total_all > 0 else "N/A"
|
|
668
|
+
lines.append(
|
|
669
|
+
f"| **Total** | **{total_all}** | **{total_with}** "
|
|
670
|
+
f"| **{total_without}** | **{total_cov}** |"
|
|
671
|
+
)
|
|
672
|
+
|
|
673
|
+
return "\n".join(lines)
|
|
674
|
+
|
|
675
|
+
|
|
676
|
+
def _build_nist_mapping(assessments, requirements):
|
|
677
|
+
"""Build NIST 800-53 control mapping table.
|
|
678
|
+
|
|
679
|
+
Maps each assessed requirement to its corresponding NIST controls
|
|
680
|
+
from the requirements catalog.
|
|
681
|
+
"""
|
|
682
|
+
if not requirements:
|
|
683
|
+
return "*NIST control mapping unavailable (requirements catalog not loaded).*"
|
|
684
|
+
|
|
685
|
+
# Collect unique requirement IDs from assessments
|
|
686
|
+
assessed_reqs = set()
|
|
687
|
+
assessment_map = {}
|
|
688
|
+
for a in assessments:
|
|
689
|
+
req_id = a.get("requirement_id")
|
|
690
|
+
if req_id:
|
|
691
|
+
assessed_reqs.add(req_id)
|
|
692
|
+
assessment_map[req_id] = a
|
|
693
|
+
|
|
694
|
+
if not assessed_reqs:
|
|
695
|
+
return "*No assessed requirements to map.*"
|
|
696
|
+
|
|
697
|
+
lines = [
|
|
698
|
+
"| Requirement ID | Domain | NIST Controls | Status |",
|
|
699
|
+
"|----------------|--------|---------------|--------|",
|
|
700
|
+
]
|
|
701
|
+
|
|
702
|
+
for req_id in sorted(assessed_reqs):
|
|
703
|
+
req_data = requirements.get(req_id, {})
|
|
704
|
+
domain = req_data.get("domain", "N/A")
|
|
705
|
+
nist_controls = req_data.get("nist_controls", [])
|
|
706
|
+
nist_str = ", ".join(nist_controls) if nist_controls else "N/A"
|
|
707
|
+
status = assessment_map.get(req_id, {}).get("status", "not_assessed")
|
|
708
|
+
lines.append(
|
|
709
|
+
f"| {req_id} | {domain} | {nist_str} | {status} |"
|
|
710
|
+
)
|
|
711
|
+
|
|
712
|
+
return "\n".join(lines)
|
|
713
|
+
|
|
714
|
+
|
|
715
|
+
def _build_auto_check_results(assessments, requirements):
|
|
716
|
+
"""Build table of automated check results.
|
|
717
|
+
|
|
718
|
+
Filters for requirements with automation_level 'auto' and shows
|
|
719
|
+
their automation_result field from the assessment.
|
|
720
|
+
"""
|
|
721
|
+
# Identify which requirements are auto-checkable
|
|
722
|
+
auto_req_ids = set()
|
|
723
|
+
for req_id, req_data in requirements.items():
|
|
724
|
+
if req_data.get("automation_level") == "auto":
|
|
725
|
+
auto_req_ids.add(req_id)
|
|
726
|
+
|
|
727
|
+
auto_assessments = [
|
|
728
|
+
a for a in assessments
|
|
729
|
+
if a.get("requirement_id") in auto_req_ids
|
|
730
|
+
]
|
|
731
|
+
|
|
732
|
+
if not auto_assessments:
|
|
733
|
+
return "*No automated check results available.*"
|
|
734
|
+
|
|
735
|
+
lines = [
|
|
736
|
+
"| Requirement ID | Domain | Status | Automation Result |",
|
|
737
|
+
"|----------------|--------|--------|-------------------|",
|
|
738
|
+
]
|
|
739
|
+
for a in sorted(auto_assessments, key=lambda x: x.get("requirement_id", "")):
|
|
740
|
+
req_id = a.get("requirement_id", "N/A")
|
|
741
|
+
domain = a.get("domain", "N/A")
|
|
742
|
+
status = a.get("status", "not_assessed")
|
|
743
|
+
result = (a.get("automation_result") or "N/A").replace("\n", " ").strip()
|
|
744
|
+
if len(result) > 60:
|
|
745
|
+
result = result[:57] + "..."
|
|
746
|
+
lines.append(
|
|
747
|
+
f"| {req_id} | {domain} | {status} | {result} |"
|
|
748
|
+
)
|
|
749
|
+
|
|
750
|
+
return "\n".join(lines)
|
|
751
|
+
|
|
752
|
+
|
|
753
|
+
def _build_manual_review_items(assessments, requirements):
|
|
754
|
+
"""Build table of requirements needing manual review.
|
|
755
|
+
|
|
756
|
+
Filters for requirements with automation_level 'semi' or 'manual'.
|
|
757
|
+
"""
|
|
758
|
+
# Identify which requirements need manual/semi review
|
|
759
|
+
manual_req_ids = set()
|
|
760
|
+
for req_id, req_data in requirements.items():
|
|
761
|
+
if req_data.get("automation_level") in ("semi", "manual"):
|
|
762
|
+
manual_req_ids.add(req_id)
|
|
763
|
+
|
|
764
|
+
manual_assessments = [
|
|
765
|
+
a for a in assessments
|
|
766
|
+
if a.get("requirement_id") in manual_req_ids
|
|
767
|
+
]
|
|
768
|
+
|
|
769
|
+
if not manual_assessments:
|
|
770
|
+
return "*No manual review items.*"
|
|
771
|
+
|
|
772
|
+
lines = [
|
|
773
|
+
"| Requirement ID | Domain | Automation Level | Status | Notes |",
|
|
774
|
+
"|----------------|--------|------------------|--------|-------|",
|
|
775
|
+
]
|
|
776
|
+
for a in sorted(manual_assessments, key=lambda x: x.get("requirement_id", "")):
|
|
777
|
+
req_id = a.get("requirement_id", "N/A")
|
|
778
|
+
domain = a.get("domain", "N/A")
|
|
779
|
+
status = a.get("status", "not_assessed")
|
|
780
|
+
req_data = requirements.get(req_id, {})
|
|
781
|
+
auto_level = req_data.get("automation_level", "manual")
|
|
782
|
+
notes = (a.get("notes") or "").replace("\n", " ").strip()
|
|
783
|
+
if len(notes) > 60:
|
|
784
|
+
notes = notes[:57] + "..."
|
|
785
|
+
lines.append(
|
|
786
|
+
f"| {req_id} | {domain} | {auto_level} | {status} | {notes} |"
|
|
787
|
+
)
|
|
788
|
+
|
|
789
|
+
return "\n".join(lines)
|
|
790
|
+
|
|
791
|
+
|
|
792
|
+
def _build_executive_summary(overall_score, overall_status, gate_result,
|
|
793
|
+
domain_scores, cisa_status, assessments,
|
|
794
|
+
requirements):
|
|
795
|
+
"""Build the executive summary paragraph.
|
|
796
|
+
|
|
797
|
+
Provides a high-level overview of the assessment results including
|
|
798
|
+
key metrics, gate status, and notable findings.
|
|
799
|
+
"""
|
|
800
|
+
total_assessed = len(assessments)
|
|
801
|
+
total_satisfied = sum(1 for a in assessments if a.get("status") == "satisfied")
|
|
802
|
+
total_not_satisfied = sum(1 for a in assessments if a.get("status") == "not_satisfied")
|
|
803
|
+
total_partial = sum(1 for a in assessments if a.get("status") == "partially_satisfied")
|
|
804
|
+
total_na = sum(1 for a in assessments if a.get("status") == "not_applicable")
|
|
805
|
+
total_not_assessed = sum(1 for a in assessments if a.get("status") == "not_assessed")
|
|
806
|
+
|
|
807
|
+
# Count domains with assessments
|
|
808
|
+
domains_with_data = sum(
|
|
809
|
+
1 for d in domain_scores.values() if d.get("total", 0) > 0
|
|
810
|
+
)
|
|
811
|
+
|
|
812
|
+
# Count critical not_satisfied
|
|
813
|
+
critical_not_satisfied = 0
|
|
814
|
+
for a in assessments:
|
|
815
|
+
if a.get("status") == "not_satisfied":
|
|
816
|
+
req_data = requirements.get(a.get("requirement_id", ""), {})
|
|
817
|
+
if req_data.get("priority") == "critical":
|
|
818
|
+
critical_not_satisfied += 1
|
|
819
|
+
|
|
820
|
+
# Count CISA commitments by status
|
|
821
|
+
cisa_compliant = sum(1 for c in cisa_status if c["status"] == "Compliant")
|
|
822
|
+
cisa_total = len(cisa_status)
|
|
823
|
+
|
|
824
|
+
# Identify weakest domain
|
|
825
|
+
scored_domains = {
|
|
826
|
+
d: s for d, s in domain_scores.items()
|
|
827
|
+
if s.get("total", 0) > 0 and s.get("total", 0) != s.get("not_applicable", 0)
|
|
828
|
+
}
|
|
829
|
+
weakest_domain = ""
|
|
830
|
+
weakest_score = 100.0
|
|
831
|
+
for d, s in scored_domains.items():
|
|
832
|
+
if s["score"] < weakest_score:
|
|
833
|
+
weakest_score = s["score"]
|
|
834
|
+
weakest_domain = d
|
|
835
|
+
|
|
836
|
+
lines = []
|
|
837
|
+
lines.append(
|
|
838
|
+
f"This Secure by Design assessment evaluated {total_assessed} requirements "
|
|
839
|
+
f"across {domains_with_data} domains. The overall score is **{overall_score:.1f}%** "
|
|
840
|
+
f"with a gate result of **{gate_result}**."
|
|
841
|
+
)
|
|
842
|
+
lines.append("")
|
|
843
|
+
lines.append(
|
|
844
|
+
f"- **{total_satisfied}** requirements satisfied, "
|
|
845
|
+
f"**{total_partial}** partially satisfied, "
|
|
846
|
+
f"**{total_not_satisfied}** not satisfied, "
|
|
847
|
+
f"**{total_not_assessed}** not assessed, "
|
|
848
|
+
f"**{total_na}** not applicable."
|
|
849
|
+
)
|
|
850
|
+
lines.append(
|
|
851
|
+
f"- **{cisa_compliant}/{cisa_total}** CISA Secure by Design commitments are compliant."
|
|
852
|
+
)
|
|
853
|
+
if critical_not_satisfied > 0:
|
|
854
|
+
lines.append(
|
|
855
|
+
f"- **{critical_not_satisfied} critical-priority requirement(s) not satisfied** "
|
|
856
|
+
f"-- immediate remediation required."
|
|
857
|
+
)
|
|
858
|
+
if weakest_domain:
|
|
859
|
+
lines.append(
|
|
860
|
+
f"- Weakest domain: **{weakest_domain}** ({weakest_score:.1f}%)."
|
|
861
|
+
)
|
|
862
|
+
|
|
863
|
+
return "\n".join(lines), critical_not_satisfied
|
|
864
|
+
|
|
865
|
+
|
|
866
|
+
# ---------------------------------------------------------------------------
|
|
867
|
+
# Variable substitution & CUI markings
|
|
868
|
+
# ---------------------------------------------------------------------------
|
|
869
|
+
|
|
870
|
+
def _apply_cui_markings(content, cui_config):
|
|
871
|
+
"""Apply CUI header and footer banners to the report content."""
|
|
872
|
+
header = cui_config.get("document_header", "").strip()
|
|
873
|
+
footer = cui_config.get("document_footer", "").strip()
|
|
874
|
+
banner_top = cui_config.get("banner_top", "CUI // SP-CTI")
|
|
875
|
+
|
|
876
|
+
# If the content already contains the banner, skip
|
|
877
|
+
if banner_top in content:
|
|
878
|
+
return content
|
|
879
|
+
|
|
880
|
+
return f"{header}\n\n{content.strip()}\n\n{footer}\n"
|
|
881
|
+
|
|
882
|
+
|
|
883
|
+
def _substitute_variables(template, variables):
|
|
884
|
+
"""Replace {{variable_name}} placeholders in the template."""
|
|
885
|
+
def replacer(match):
|
|
886
|
+
key = match.group(1).strip()
|
|
887
|
+
return str(variables.get(key, match.group(0)))
|
|
888
|
+
return re.sub(r"\{\{(\w+)\}\}", replacer, template)
|
|
889
|
+
|
|
890
|
+
|
|
891
|
+
# ---------------------------------------------------------------------------
|
|
892
|
+
# Audit logging
|
|
893
|
+
# ---------------------------------------------------------------------------
|
|
894
|
+
|
|
895
|
+
def _log_audit_event(conn, project_id, action, details, file_path):
|
|
896
|
+
"""Log an audit trail event for SbD report generation."""
|
|
897
|
+
try:
|
|
898
|
+
conn.execute(
|
|
899
|
+
"""INSERT INTO audit_trail
|
|
900
|
+
(project_id, event_type, actor, action, details,
|
|
901
|
+
affected_files, classification)
|
|
902
|
+
VALUES (?, ?, ?, ?, ?, ?, ?)""",
|
|
903
|
+
(
|
|
904
|
+
project_id,
|
|
905
|
+
"sbd_report_generated",
|
|
906
|
+
"icdev-compliance-engine",
|
|
907
|
+
action,
|
|
908
|
+
json.dumps(details),
|
|
909
|
+
json.dumps([str(file_path)]),
|
|
910
|
+
"CUI",
|
|
911
|
+
),
|
|
912
|
+
)
|
|
913
|
+
conn.commit()
|
|
914
|
+
except Exception as e:
|
|
915
|
+
print(f"Warning: Could not log audit event: {e}", file=sys.stderr)
|
|
916
|
+
|
|
917
|
+
|
|
918
|
+
# ---------------------------------------------------------------------------
|
|
919
|
+
# Main generator
|
|
920
|
+
# ---------------------------------------------------------------------------
|
|
921
|
+
|
|
922
|
+
def generate_sbd_report(project_id, output_path=None, db_path=None):
|
|
923
|
+
"""Generate a Secure by Design assessment report for a project.
|
|
924
|
+
|
|
925
|
+
Args:
|
|
926
|
+
project_id: The project identifier.
|
|
927
|
+
output_path: Override output directory or file path.
|
|
928
|
+
db_path: Override database path.
|
|
929
|
+
|
|
930
|
+
Returns:
|
|
931
|
+
dict with ``output_file`` path and metadata about the generated report.
|
|
932
|
+
"""
|
|
933
|
+
conn = _get_connection(db_path)
|
|
934
|
+
try:
|
|
935
|
+
# 1. Load project data
|
|
936
|
+
project = _get_project_data(conn, project_id)
|
|
937
|
+
project_name = project.get("name", project_id)
|
|
938
|
+
|
|
939
|
+
# 2. Load template (with fallback)
|
|
940
|
+
template = _load_template()
|
|
941
|
+
|
|
942
|
+
# 3. Query sbd_assessments
|
|
943
|
+
assessments = _get_sbd_assessments(conn, project_id)
|
|
944
|
+
|
|
945
|
+
# Cross-reference data for enrichment
|
|
946
|
+
stig_findings = _get_stig_findings(conn, project_id)
|
|
947
|
+
sbom_records = _get_sbom_records(conn, project_id)
|
|
948
|
+
|
|
949
|
+
# 4. Load requirements catalog for CISA commitment mapping
|
|
950
|
+
requirements = _load_sbd_requirements()
|
|
951
|
+
|
|
952
|
+
# 5. Calculate domain scores, CISA status, overall status
|
|
953
|
+
domain_scores = _calculate_domain_scores(assessments)
|
|
954
|
+
overall_score, overall_status = _calculate_overall_status(domain_scores)
|
|
955
|
+
cisa_status = _calculate_cisa_commitment_status(assessments, requirements)
|
|
956
|
+
|
|
957
|
+
# Determine gate result: PASS if 0 critical-priority reqs are not_satisfied
|
|
958
|
+
critical_not_sat = 0
|
|
959
|
+
for a in assessments:
|
|
960
|
+
if a.get("status") == "not_satisfied":
|
|
961
|
+
req_data = requirements.get(a.get("requirement_id", ""), {})
|
|
962
|
+
if req_data.get("priority") == "critical":
|
|
963
|
+
critical_not_sat += 1
|
|
964
|
+
gate_result = "PASS" if critical_not_sat == 0 else "FAIL"
|
|
965
|
+
|
|
966
|
+
# 6. Build all section content
|
|
967
|
+
domain_scores_table = _build_domain_scores_table(domain_scores)
|
|
968
|
+
cisa_commitment_table = _build_cisa_commitment_table(cisa_status)
|
|
969
|
+
domain_details = _build_domain_details(assessments, domain_scores)
|
|
970
|
+
findings_table = _build_findings_table(assessments)
|
|
971
|
+
remediation_table = _build_remediation_table(assessments)
|
|
972
|
+
evidence_summary = _build_evidence_summary(assessments)
|
|
973
|
+
nist_mapping = _build_nist_mapping(assessments, requirements)
|
|
974
|
+
auto_check_results = _build_auto_check_results(assessments, requirements)
|
|
975
|
+
manual_review_items = _build_manual_review_items(assessments, requirements)
|
|
976
|
+
executive_summary, critical_not_satisfied = _build_executive_summary(
|
|
977
|
+
overall_score, overall_status, gate_result,
|
|
978
|
+
domain_scores, cisa_status, assessments, requirements,
|
|
979
|
+
)
|
|
980
|
+
|
|
981
|
+
# Count domains with data
|
|
982
|
+
domains_assessed = sum(
|
|
983
|
+
1 for d in domain_scores.values() if d.get("total", 0) > 0
|
|
984
|
+
)
|
|
985
|
+
|
|
986
|
+
# Load CUI config for banner variables
|
|
987
|
+
cui_config = _load_cui_config()
|
|
988
|
+
|
|
989
|
+
# Determine version number by counting existing SbD audit events
|
|
990
|
+
report_count_row = conn.execute(
|
|
991
|
+
"""SELECT COUNT(*) as cnt FROM audit_trail
|
|
992
|
+
WHERE project_id = ? AND event_type = 'sbd_report_generated'""",
|
|
993
|
+
(project_id,),
|
|
994
|
+
).fetchone()
|
|
995
|
+
report_count = report_count_row["cnt"] if report_count_row else 0
|
|
996
|
+
new_version = f"{report_count + 1}.0"
|
|
997
|
+
|
|
998
|
+
now = datetime.now(timezone.utc)
|
|
999
|
+
|
|
1000
|
+
# Determine assessor from most recent assessment
|
|
1001
|
+
assessor = "icdev-compliance-engine"
|
|
1002
|
+
if assessments:
|
|
1003
|
+
assessor = assessments[0].get("assessor", assessor)
|
|
1004
|
+
|
|
1005
|
+
# 7. Create substitution dict with all {{variables}}
|
|
1006
|
+
variables = {
|
|
1007
|
+
# Project info
|
|
1008
|
+
"project_name": project_name,
|
|
1009
|
+
"project_id": project_id,
|
|
1010
|
+
"classification": project.get("classification", "CUI"),
|
|
1011
|
+
|
|
1012
|
+
# Report metadata
|
|
1013
|
+
"version": new_version,
|
|
1014
|
+
"report_version": new_version,
|
|
1015
|
+
"assessment_date": now.strftime("%Y-%m-%d"),
|
|
1016
|
+
"date_prepared": now.strftime("%Y-%m-%d"),
|
|
1017
|
+
"assessor": assessor,
|
|
1018
|
+
"generation_timestamp": now.strftime("%Y-%m-%d %H:%M UTC"),
|
|
1019
|
+
"icdev_version": "1.0",
|
|
1020
|
+
|
|
1021
|
+
# Overall scores
|
|
1022
|
+
"overall_score": f"{overall_score:.1f}",
|
|
1023
|
+
"overall_status": overall_status,
|
|
1024
|
+
"gate_result": gate_result,
|
|
1025
|
+
"domains_assessed": str(domains_assessed),
|
|
1026
|
+
"critical_not_satisfied": str(critical_not_satisfied),
|
|
1027
|
+
|
|
1028
|
+
# Executive summary
|
|
1029
|
+
"executive_summary": executive_summary,
|
|
1030
|
+
|
|
1031
|
+
# CISA commitments
|
|
1032
|
+
"cisa_commitment_table": cisa_commitment_table,
|
|
1033
|
+
|
|
1034
|
+
# Domain scores
|
|
1035
|
+
"domain_scores_table": domain_scores_table,
|
|
1036
|
+
|
|
1037
|
+
# Domain details
|
|
1038
|
+
"domain_details": domain_details,
|
|
1039
|
+
|
|
1040
|
+
# Auto-check and manual review
|
|
1041
|
+
"auto_check_results": auto_check_results,
|
|
1042
|
+
"manual_review_items": manual_review_items,
|
|
1043
|
+
|
|
1044
|
+
# Findings and remediation
|
|
1045
|
+
"critical_findings": findings_table,
|
|
1046
|
+
"findings_table": findings_table,
|
|
1047
|
+
"remediation_table": remediation_table,
|
|
1048
|
+
|
|
1049
|
+
# Evidence
|
|
1050
|
+
"evidence_summary": evidence_summary,
|
|
1051
|
+
|
|
1052
|
+
# NIST mapping
|
|
1053
|
+
"nist_control_mapping": nist_mapping,
|
|
1054
|
+
|
|
1055
|
+
# Assessment counts
|
|
1056
|
+
"total_assessments": str(len(assessments)),
|
|
1057
|
+
"assessments_satisfied": str(sum(
|
|
1058
|
+
1 for a in assessments if a.get("status") == "satisfied"
|
|
1059
|
+
)),
|
|
1060
|
+
"assessments_not_satisfied": str(sum(
|
|
1061
|
+
1 for a in assessments if a.get("status") == "not_satisfied"
|
|
1062
|
+
)),
|
|
1063
|
+
"assessments_partial": str(sum(
|
|
1064
|
+
1 for a in assessments if a.get("status") == "partially_satisfied"
|
|
1065
|
+
)),
|
|
1066
|
+
"assessments_na": str(sum(
|
|
1067
|
+
1 for a in assessments if a.get("status") == "not_applicable"
|
|
1068
|
+
)),
|
|
1069
|
+
"assessments_not_assessed": str(sum(
|
|
1070
|
+
1 for a in assessments if a.get("status") == "not_assessed"
|
|
1071
|
+
)),
|
|
1072
|
+
"assessments_risk_accepted": str(sum(
|
|
1073
|
+
1 for a in assessments if a.get("status") == "risk_accepted"
|
|
1074
|
+
)),
|
|
1075
|
+
|
|
1076
|
+
# Cross-reference data
|
|
1077
|
+
"stig_findings_count": str(sum(r.get("cnt", 0) for r in stig_findings)),
|
|
1078
|
+
"sbom_records_count": str(len(sbom_records)),
|
|
1079
|
+
"sbom_latest_date": (
|
|
1080
|
+
sbom_records[0].get("generated_at", "N/A") if sbom_records else "N/A"
|
|
1081
|
+
),
|
|
1082
|
+
|
|
1083
|
+
# CUI banners
|
|
1084
|
+
"cui_banner_top": cui_config.get(
|
|
1085
|
+
"document_header", cui_config.get("banner_top", "CUI // SP-CTI")
|
|
1086
|
+
),
|
|
1087
|
+
"cui_banner_bottom": cui_config.get(
|
|
1088
|
+
"document_footer", cui_config.get("banner_bottom", "CUI // SP-CTI")
|
|
1089
|
+
),
|
|
1090
|
+
}
|
|
1091
|
+
|
|
1092
|
+
# Per-domain score variables (e.g., authentication_score, etc.)
|
|
1093
|
+
for domain in SBD_DOMAINS:
|
|
1094
|
+
key_prefix = domain.lower().replace(" ", "_")
|
|
1095
|
+
s = domain_scores.get(domain, {})
|
|
1096
|
+
variables[f"{key_prefix}_score"] = f"{s.get('score', 0.0):.1f}"
|
|
1097
|
+
variables[f"{key_prefix}_total"] = str(s.get("total", 0))
|
|
1098
|
+
variables[f"{key_prefix}_satisfied"] = str(s.get("satisfied", 0))
|
|
1099
|
+
variables[f"{key_prefix}_not_satisfied"] = str(s.get("not_satisfied", 0))
|
|
1100
|
+
variables[f"{key_prefix}_partial"] = str(s.get("partially_satisfied", 0))
|
|
1101
|
+
variables[f"{key_prefix}_na"] = str(s.get("not_applicable", 0))
|
|
1102
|
+
|
|
1103
|
+
# Per-CISA commitment variables
|
|
1104
|
+
for c in cisa_status:
|
|
1105
|
+
num = c["commitment_num"]
|
|
1106
|
+
variables[f"cisa_{num}_status"] = c["status"]
|
|
1107
|
+
variables[f"cisa_{num}_title"] = c["title"]
|
|
1108
|
+
variables[f"cisa_{num}_count"] = str(c["count"])
|
|
1109
|
+
variables[f"cisa_{num}_satisfied"] = str(c["satisfied_count"])
|
|
1110
|
+
|
|
1111
|
+
# 8. Apply regex substitution
|
|
1112
|
+
report_content = _substitute_variables(template, variables)
|
|
1113
|
+
|
|
1114
|
+
# 9. Apply CUI markings (header/footer banners)
|
|
1115
|
+
report_content = _apply_cui_markings(report_content, cui_config)
|
|
1116
|
+
|
|
1117
|
+
# 10. Determine output path
|
|
1118
|
+
if output_path:
|
|
1119
|
+
out_path = Path(output_path)
|
|
1120
|
+
if out_path.is_dir() or str(output_path).endswith("/") or str(output_path).endswith("\\"):
|
|
1121
|
+
out_dir = out_path
|
|
1122
|
+
out_file = out_dir / f"sbd-report-v{new_version}.md"
|
|
1123
|
+
else:
|
|
1124
|
+
out_file = out_path
|
|
1125
|
+
else:
|
|
1126
|
+
dir_path = project.get("directory_path", "")
|
|
1127
|
+
if dir_path:
|
|
1128
|
+
out_dir = Path(dir_path) / "compliance"
|
|
1129
|
+
else:
|
|
1130
|
+
out_dir = BASE_DIR / "projects" / project_name / "compliance"
|
|
1131
|
+
out_file = out_dir / f"sbd-report-v{new_version}.md"
|
|
1132
|
+
|
|
1133
|
+
out_file.parent.mkdir(parents=True, exist_ok=True)
|
|
1134
|
+
|
|
1135
|
+
# 11. Write file
|
|
1136
|
+
with open(out_file, "w", encoding="utf-8") as f:
|
|
1137
|
+
f.write(report_content)
|
|
1138
|
+
|
|
1139
|
+
# 12. Log audit event
|
|
1140
|
+
audit_details = {
|
|
1141
|
+
"version": new_version,
|
|
1142
|
+
"overall_score": overall_score,
|
|
1143
|
+
"overall_status": overall_status,
|
|
1144
|
+
"gate_result": gate_result,
|
|
1145
|
+
"domains_assessed": domains_assessed,
|
|
1146
|
+
"total_assessments": len(assessments),
|
|
1147
|
+
"critical_not_satisfied": critical_not_satisfied,
|
|
1148
|
+
"cisa_commitments_compliant": sum(
|
|
1149
|
+
1 for c in cisa_status if c["status"] == "Compliant"
|
|
1150
|
+
),
|
|
1151
|
+
"stig_findings": sum(r.get("cnt", 0) for r in stig_findings),
|
|
1152
|
+
"sbom_records": len(sbom_records),
|
|
1153
|
+
"output_file": str(out_file),
|
|
1154
|
+
}
|
|
1155
|
+
_log_audit_event(
|
|
1156
|
+
conn, project_id,
|
|
1157
|
+
f"SbD report v{new_version} generated",
|
|
1158
|
+
audit_details,
|
|
1159
|
+
out_file,
|
|
1160
|
+
)
|
|
1161
|
+
|
|
1162
|
+
# Print summary
|
|
1163
|
+
print("SbD assessment report generated successfully:")
|
|
1164
|
+
print(f" File: {out_file}")
|
|
1165
|
+
print(f" Version: {new_version}")
|
|
1166
|
+
print(f" Project: {project_name}")
|
|
1167
|
+
print(f" Overall Score: {overall_score:.1f}%")
|
|
1168
|
+
print(f" Overall Status: {overall_status}")
|
|
1169
|
+
print(f" Gate Result: {gate_result}")
|
|
1170
|
+
print(f" Domains Assessed: {domains_assessed} / {len(SBD_DOMAINS)}")
|
|
1171
|
+
print(f" Total Assessments: {len(assessments)}")
|
|
1172
|
+
print(f" Critical Not Satisfied:{critical_not_satisfied}")
|
|
1173
|
+
print(f" CISA Commitments: {sum(1 for c in cisa_status if c['status'] == 'Compliant')}/7 Compliant")
|
|
1174
|
+
|
|
1175
|
+
# 13. Return output metadata
|
|
1176
|
+
return {
|
|
1177
|
+
"output_file": str(out_file),
|
|
1178
|
+
"version": new_version,
|
|
1179
|
+
"project_id": project_id,
|
|
1180
|
+
"project_name": project_name,
|
|
1181
|
+
"overall_score": overall_score,
|
|
1182
|
+
"overall_status": overall_status,
|
|
1183
|
+
"gate_result": gate_result,
|
|
1184
|
+
"domain_scores": {
|
|
1185
|
+
domain: domain_scores[domain]["score"] for domain in SBD_DOMAINS
|
|
1186
|
+
if domain_scores[domain]["total"] > 0
|
|
1187
|
+
},
|
|
1188
|
+
"cisa_status": [
|
|
1189
|
+
{
|
|
1190
|
+
"commitment": c["commitment_num"],
|
|
1191
|
+
"title": c["title"],
|
|
1192
|
+
"status": c["status"],
|
|
1193
|
+
}
|
|
1194
|
+
for c in cisa_status
|
|
1195
|
+
],
|
|
1196
|
+
"domains_assessed": domains_assessed,
|
|
1197
|
+
"total_assessments": len(assessments),
|
|
1198
|
+
"critical_not_satisfied": critical_not_satisfied,
|
|
1199
|
+
"generated_at": now.isoformat(),
|
|
1200
|
+
}
|
|
1201
|
+
|
|
1202
|
+
finally:
|
|
1203
|
+
conn.close()
|
|
1204
|
+
|
|
1205
|
+
|
|
1206
|
+
# ---------------------------------------------------------------------------
|
|
1207
|
+
# CLI entry point
|
|
1208
|
+
# ---------------------------------------------------------------------------
|
|
1209
|
+
|
|
1210
|
+
if __name__ == "__main__":
|
|
1211
|
+
parser = argparse.ArgumentParser(
|
|
1212
|
+
description="Generate SbD assessment report"
|
|
1213
|
+
)
|
|
1214
|
+
parser.add_argument("--project-id", required=True, help="Project ID")
|
|
1215
|
+
parser.add_argument("--output-dir", help="Output directory")
|
|
1216
|
+
parser.add_argument(
|
|
1217
|
+
"--db-path", type=Path, default=DB_PATH, help="Database path"
|
|
1218
|
+
)
|
|
1219
|
+
parser.add_argument(
|
|
1220
|
+
"--format", choices=["text", "json"], default="text",
|
|
1221
|
+
help="Output format: text (default) or json"
|
|
1222
|
+
)
|
|
1223
|
+
parser.add_argument("--json", action="store_true", dest="json_output", help="JSON output")
|
|
1224
|
+
args = parser.parse_args()
|
|
1225
|
+
|
|
1226
|
+
try:
|
|
1227
|
+
result = generate_sbd_report(
|
|
1228
|
+
args.project_id, args.output_dir, args.db_path
|
|
1229
|
+
)
|
|
1230
|
+
if args.format == "json":
|
|
1231
|
+
print(json.dumps(result, indent=2))
|
|
1232
|
+
else:
|
|
1233
|
+
print(f"\nSbD report generated: {result['output_file']}")
|
|
1234
|
+
except (FileNotFoundError, ValueError) as e:
|
|
1235
|
+
print(f"ERROR: {e}", file=sys.stderr)
|
|
1236
|
+
sys.exit(1)
|