icdev 1.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1105) hide show
  1. icdev/__init__.py +18 -0
  2. icdev/_paths.py +85 -0
  3. icdev/_version.py +3 -0
  4. icdev/data/__init__.py +1 -0
  5. icdev/data/args/__init__.py +1 -0
  6. icdev/data/args/agent_authority.yaml +61 -0
  7. icdev/data/args/agent_config.yaml +355 -0
  8. icdev/data/args/agentic_fitness.yaml +31 -0
  9. icdev/data/args/ai_governance_config.yaml +137 -0
  10. icdev/data/args/atlas_critique_config.yaml +66 -0
  11. icdev/data/args/bedrock_models.yaml +63 -0
  12. icdev/data/args/cicd_config.yaml +82 -0
  13. icdev/data/args/classification_config.yaml +232 -0
  14. icdev/data/args/cli_config.yaml +154 -0
  15. icdev/data/args/cloud_config.yaml +63 -0
  16. icdev/data/args/code_pattern_config.yaml +151 -0
  17. icdev/data/args/code_quality_config.yaml +47 -0
  18. icdev/data/args/companion_registry.yaml +202 -0
  19. icdev/data/args/context_config.yaml +82 -0
  20. icdev/data/args/csp_monitor_config.yaml +268 -0
  21. icdev/data/args/cui_markings.yaml +35 -0
  22. icdev/data/args/db_config.yaml +40 -0
  23. icdev/data/args/deployment_profiles.yaml +248 -0
  24. icdev/data/args/dev_profile_config.yaml +144 -0
  25. icdev/data/args/devsecops_config.yaml +286 -0
  26. icdev/data/args/endpoint_security_config.yaml +137 -0
  27. icdev/data/args/extension_config.yaml +79 -0
  28. icdev/data/args/file_access_tiers.yaml +88 -0
  29. icdev/data/args/framework_registry.yaml +415 -0
  30. icdev/data/args/innovation_config.yaml +431 -0
  31. icdev/data/args/installation_manifest.yaml +1087 -0
  32. icdev/data/args/llm_config.yaml +495 -0
  33. icdev/data/args/maintenance_config.yaml +55 -0
  34. icdev/data/args/memory_config.yaml +83 -0
  35. icdev/data/args/monitoring_config.yaml +127 -0
  36. icdev/data/args/mosa_config.yaml +190 -0
  37. icdev/data/args/nlq_config.yaml +35 -0
  38. icdev/data/args/observability_config.yaml +39 -0
  39. icdev/data/args/observability_tracing_config.yaml +170 -0
  40. icdev/data/args/oscal_tools_config.yaml +43 -0
  41. icdev/data/args/owasp_agentic_config.yaml +171 -0
  42. icdev/data/args/phase_registry.yaml +618 -0
  43. icdev/data/args/project_defaults.yaml +235 -0
  44. icdev/data/args/prompt_chains.yaml +163 -0
  45. icdev/data/args/resilience_config.yaml +50 -0
  46. icdev/data/args/ricoas_config.yaml +191 -0
  47. icdev/data/args/role_personas.yaml +362 -0
  48. icdev/data/args/scaling_config.yaml +176 -0
  49. icdev/data/args/security_gates.yaml +685 -0
  50. icdev/data/args/skill_injection_config.yaml +322 -0
  51. icdev/data/args/spec_config.yaml +53 -0
  52. icdev/data/args/supply_chain_config.yaml +76 -0
  53. icdev/data/args/translation_config.yaml +228 -0
  54. icdev/data/args/workflow_templates/ato_acceleration.yaml +54 -0
  55. icdev/data/args/workflow_templates/build_deploy.yaml +63 -0
  56. icdev/data/args/workflow_templates/full_compliance.yaml +43 -0
  57. icdev/data/args/workflow_templates/security_hardening.yaml +55 -0
  58. icdev/data/args/worktree_config.yaml +34 -0
  59. icdev/data/args/zta_config.yaml +247 -0
  60. icdev/data/context/__init__.py +1 -0
  61. icdev/data/context/agent/__init__.py +1 -0
  62. icdev/data/context/agent/response_schemas/__init__.py +1 -0
  63. icdev/data/context/agent/response_schemas/debate_position.json +46 -0
  64. icdev/data/context/agent/response_schemas/fitness_scorecard.json +74 -0
  65. icdev/data/context/agent/response_schemas/review_decision.json +39 -0
  66. icdev/data/context/agent/response_schemas/task_decomposition.json +82 -0
  67. icdev/data/context/agent/response_schemas/veto_decision.json +40 -0
  68. icdev/data/context/agentic/__init__.py +1 -0
  69. icdev/data/context/agentic/architecture_patterns.md +269 -0
  70. icdev/data/context/agentic/capability_registry.yaml +202 -0
  71. icdev/data/context/agentic/csp_mcp_registry.yaml +280 -0
  72. icdev/data/context/agentic/fitness_rubric.md +56 -0
  73. icdev/data/context/agentic/governance_baseline.md +205 -0
  74. icdev/data/context/ci/__init__.py +1 -0
  75. icdev/data/context/ci/worktree_templates.json +44 -0
  76. icdev/data/context/cloud/__init__.py +1 -0
  77. icdev/data/context/cloud/csp_service_registry.json +739 -0
  78. icdev/data/context/compliance/__init__.py +1 -0
  79. icdev/data/context/compliance/atlas_mitigations.json +293 -0
  80. icdev/data/context/compliance/atlas_techniques.json +833 -0
  81. icdev/data/context/compliance/cisa_sbd_requirements.json +432 -0
  82. icdev/data/context/compliance/cjis_security_policy.json +522 -0
  83. icdev/data/context/compliance/cmmc_practices.json +2494 -0
  84. icdev/data/context/compliance/cmmc_report_template.md +142 -0
  85. icdev/data/context/compliance/cnssi_1253_overlay.json +109 -0
  86. icdev/data/context/compliance/control_crosswalk.json +1914 -0
  87. icdev/data/context/compliance/control_families/__init__.py +1 -0
  88. icdev/data/context/compliance/csp_certifications.json +251 -0
  89. icdev/data/context/compliance/cssp_report_template.md +193 -0
  90. icdev/data/context/compliance/cui_templates/__init__.py +1 -0
  91. icdev/data/context/compliance/cui_templates/banner_block.txt +4 -0
  92. icdev/data/context/compliance/cui_templates/code_header.txt +8 -0
  93. icdev/data/context/compliance/cui_templates/document_template.md +35 -0
  94. icdev/data/context/compliance/data_type_framework_map.json +321 -0
  95. icdev/data/context/compliance/data_type_registry.json +147 -0
  96. icdev/data/context/compliance/dod_cssp_8530.json +463 -0
  97. icdev/data/context/compliance/eu_ai_act_annex_iii.json +108 -0
  98. icdev/data/context/compliance/export_templates/__init__.py +1 -0
  99. icdev/data/context/compliance/export_templates/emass_controls.csv.j2 +4 -0
  100. icdev/data/context/compliance/export_templates/evidence_package.md.j2 +39 -0
  101. icdev/data/context/compliance/export_templates/executive_summary.md.j2 +55 -0
  102. icdev/data/context/compliance/export_templates/poam_tracking.csv.j2 +4 -0
  103. icdev/data/context/compliance/fedramp_20x_ksi_schemas.json +133 -0
  104. icdev/data/context/compliance/fedramp_high_baseline.json +4370 -0
  105. icdev/data/context/compliance/fedramp_moderate_baseline.json +2183 -0
  106. icdev/data/context/compliance/fedramp_report_template.md +181 -0
  107. icdev/data/context/compliance/fips_200_areas.json +362 -0
  108. icdev/data/context/compliance/gao_ai_accountability.json +262 -0
  109. icdev/data/context/compliance/hipaa_security_rule.json +720 -0
  110. icdev/data/context/compliance/hitrust_csf_v11.json +930 -0
  111. icdev/data/context/compliance/impact_level_profiles.json +251 -0
  112. icdev/data/context/compliance/incident_response_template.md +1110 -0
  113. icdev/data/context/compliance/iso27001_2022_controls.json +750 -0
  114. icdev/data/context/compliance/iso27001_nist_bridge.json +382 -0
  115. icdev/data/context/compliance/iso42001_controls.json +254 -0
  116. icdev/data/context/compliance/ivv_checklist_template.md +80 -0
  117. icdev/data/context/compliance/ivv_report_template.md +116 -0
  118. icdev/data/context/compliance/ivv_requirements.json +372 -0
  119. icdev/data/context/compliance/mosa_crosswalk.json +327 -0
  120. icdev/data/context/compliance/mosa_framework.json +250 -0
  121. icdev/data/context/compliance/narrative_templates/AC.md.j2 +101 -0
  122. icdev/data/context/compliance/narrative_templates/AU.md.j2 +106 -0
  123. icdev/data/context/compliance/narrative_templates/IA.md.j2 +104 -0
  124. icdev/data/context/compliance/narrative_templates/SC.md.j2 +102 -0
  125. icdev/data/context/compliance/narrative_templates/SI.md.j2 +111 -0
  126. icdev/data/context/compliance/narrative_templates/__init__.py +1 -0
  127. icdev/data/context/compliance/narrative_templates/default.md.j2 +50 -0
  128. icdev/data/context/compliance/narrative_templates/executive_summary.j2 +27 -0
  129. icdev/data/context/compliance/narrative_templates/poam_milestone.j2 +19 -0
  130. icdev/data/context/compliance/narrative_templates/ssp_section.j2 +11 -0
  131. icdev/data/context/compliance/nist_800_171_controls.json +1552 -0
  132. icdev/data/context/compliance/nist_800_207_crosswalk.json +399 -0
  133. icdev/data/context/compliance/nist_800_207_zta.json +258 -0
  134. icdev/data/context/compliance/nist_800_53.json +324 -0
  135. icdev/data/context/compliance/nist_ai_600_1_genai.json +326 -0
  136. icdev/data/context/compliance/nist_ai_rmf.json +206 -0
  137. icdev/data/context/compliance/nist_sp_800_60_types.json +1667 -0
  138. icdev/data/context/compliance/omb_m25_21_high_impact_ai.json +248 -0
  139. icdev/data/context/compliance/omb_m26_04_unbiased_ai.json +262 -0
  140. icdev/data/context/compliance/owasp_agentic_asi.json +133 -0
  141. icdev/data/context/compliance/owasp_agentic_threats.json +285 -0
  142. icdev/data/context/compliance/owasp_llm_top10.json +274 -0
  143. icdev/data/context/compliance/pci_dss_v4.json +510 -0
  144. icdev/data/context/compliance/poam_template.md +117 -0
  145. icdev/data/context/compliance/safeai_controls.json +512 -0
  146. icdev/data/context/compliance/sbd_report_template.md +77 -0
  147. icdev/data/context/compliance/siem_config_templates/__init__.py +1 -0
  148. icdev/data/context/compliance/siem_config_templates/filebeat.yml +213 -0
  149. icdev/data/context/compliance/siem_config_templates/log_sources.json +208 -0
  150. icdev/data/context/compliance/soc2_trust_criteria.json +661 -0
  151. icdev/data/context/compliance/ssp_template.md +432 -0
  152. icdev/data/context/compliance/stig_templates/__init__.py +1 -0
  153. icdev/data/context/compliance/stig_templates/webapp_stig.json +139 -0
  154. icdev/data/context/compliance/xai_requirements.json +108 -0
  155. icdev/data/context/dashboard/__init__.py +1 -0
  156. icdev/data/context/dashboard/nlq_examples.json +50 -0
  157. icdev/data/context/dashboard/schema_descriptions.json +23 -0
  158. icdev/data/context/integration/__init__.py +1 -0
  159. icdev/data/context/integration/approval_workflows.json +32 -0
  160. icdev/data/context/integration/gitlab_field_mappings.json +33 -0
  161. icdev/data/context/integration/jira_field_mappings.json +32 -0
  162. icdev/data/context/integration/reqif_export_schema.json +23 -0
  163. icdev/data/context/integration/servicenow_field_mappings.json +22 -0
  164. icdev/data/context/languages/__init__.py +1 -0
  165. icdev/data/context/languages/framework_patterns.json +205 -0
  166. icdev/data/context/languages/language_registry.json +279 -0
  167. icdev/data/context/llm/__init__.py +1 -0
  168. icdev/data/context/llm/example_provider.py +86 -0
  169. icdev/data/context/mbse/__init__.py +1 -0
  170. icdev/data/context/mbse/des_report_template.md +162 -0
  171. icdev/data/context/mbse/des_requirements.json +411 -0
  172. icdev/data/context/mbse/digital_thread_patterns.json +403 -0
  173. icdev/data/context/mbse/reqif_schema.json +280 -0
  174. icdev/data/context/mbse/sysml_element_types.json +432 -0
  175. icdev/data/context/modernization/__init__.py +1 -0
  176. icdev/data/context/modernization/db_type_mappings.json +148 -0
  177. icdev/data/context/modernization/decomposition_patterns.json +284 -0
  178. icdev/data/context/modernization/framework_migration_patterns.json +359 -0
  179. icdev/data/context/modernization/migration_report_template.md +168 -0
  180. icdev/data/context/modernization/seven_rs_catalog.json +369 -0
  181. icdev/data/context/modernization/version_upgrade_rules.json +279 -0
  182. icdev/data/context/oscal/NIST_SP-800-53_rev5_catalog.json +254987 -0
  183. icdev/data/context/oscal/README.md +43 -0
  184. icdev/data/context/patterns/__init__.py +1 -0
  185. icdev/data/context/profiles/__init__.py +1 -0
  186. icdev/data/context/profiles/dod_baseline_v1.yaml +145 -0
  187. icdev/data/context/profiles/fedramp_baseline_v1.yaml +143 -0
  188. icdev/data/context/profiles/financial_baseline_v1.yaml +142 -0
  189. icdev/data/context/profiles/healthcare_baseline_v1.yaml +135 -0
  190. icdev/data/context/profiles/law_enforcement_v1.yaml +129 -0
  191. icdev/data/context/profiles/startup_v1.yaml +134 -0
  192. icdev/data/context/requirements/__init__.py +1 -0
  193. icdev/data/context/requirements/ambiguity_patterns.json +97 -0
  194. icdev/data/context/requirements/boundary_impact_rules.json +123 -0
  195. icdev/data/context/requirements/default_constitutions.json +67 -0
  196. icdev/data/context/requirements/document_extraction_rules.json +58 -0
  197. icdev/data/context/requirements/gap_patterns.json +108 -0
  198. icdev/data/context/requirements/readiness_rubric.json +78 -0
  199. icdev/data/context/requirements/red_alternative_patterns.json +210 -0
  200. icdev/data/context/requirements/safe_templates.json +72 -0
  201. icdev/data/context/requirements/spec_quality_checklist.json +122 -0
  202. icdev/data/context/simulation/__init__.py +1 -0
  203. icdev/data/context/simulation/architecture_patterns.json +36 -0
  204. icdev/data/context/simulation/coa_templates.json +38 -0
  205. icdev/data/context/simulation/cost_models.json +23 -0
  206. icdev/data/context/simulation/risk_categories.json +46 -0
  207. icdev/data/context/supply_chain/__init__.py +1 -0
  208. icdev/data/context/supply_chain/isa_templates.json +129 -0
  209. icdev/data/context/supply_chain/nist_800_161_controls.json +247 -0
  210. icdev/data/context/supply_chain/scrm_risk_matrix.json +147 -0
  211. icdev/data/context/templates/__init__.py +1 -0
  212. icdev/data/context/templates/ansible/__init__.py +1 -0
  213. icdev/data/context/templates/ansible/playbooks/__init__.py +1 -0
  214. icdev/data/context/templates/ansible/roles/__init__.py +1 -0
  215. icdev/data/context/templates/gitlab_ci/__init__.py +1 -0
  216. icdev/data/context/templates/grafana/__init__.py +1 -0
  217. icdev/data/context/templates/kubernetes/__init__.py +1 -0
  218. icdev/data/context/templates/project/__init__.py +1 -0
  219. icdev/data/context/templates/project/api/__init__.py +1 -0
  220. icdev/data/context/templates/project/cli/__init__.py +1 -0
  221. icdev/data/context/templates/project/data_pipeline/__init__.py +1 -0
  222. icdev/data/context/templates/project/iac/__init__.py +1 -0
  223. icdev/data/context/templates/project/javascript_frontend/__init__.py +1 -0
  224. icdev/data/context/templates/project/javascript_frontend/src/__init__.py +1 -0
  225. icdev/data/context/templates/project/javascript_frontend/tests/__init__.py +1 -0
  226. icdev/data/context/templates/project/microservice/__init__.py +1 -0
  227. icdev/data/context/templates/project/python_backend/__init__.py +1 -0
  228. icdev/data/context/templates/project/python_backend/src/__init__.py +1 -0
  229. icdev/data/context/templates/project/python_backend/tests/__init__.py +1 -0
  230. icdev/data/context/templates/project/python_backend/tests/features/__init__.py +1 -0
  231. icdev/data/context/templates/project/python_backend/tests/steps/__init__.py +1 -0
  232. icdev/data/context/templates/terraform/__init__.py +1 -0
  233. icdev/data/context/templates/terraform/govcloud_base/__init__.py +1 -0
  234. icdev/data/context/templates/terraform/modules/__init__.py +1 -0
  235. icdev/data/context/tone/__init__.py +1 -0
  236. icdev/data/context/translation/dependency_mappings.json +186 -0
  237. icdev/data/context/translation/type_mappings.json +149 -0
  238. icdev/data/docs/README.md +187 -0
  239. icdev/data/docs/__init__.py +1 -0
  240. icdev/data/docs/admin/gateway-guide.md +338 -0
  241. icdev/data/docs/admin/marketplace-guide.md +396 -0
  242. icdev/data/docs/admin/monitoring-guide.md +509 -0
  243. icdev/data/docs/architecture/compliance-framework.md +764 -0
  244. icdev/data/docs/architecture/database-schema.md +689 -0
  245. icdev/data/docs/architecture/gotcha-framework.md +518 -0
  246. icdev/data/docs/architecture/multi-agent-system.md +603 -0
  247. icdev/data/docs/dx/README.md +106 -0
  248. icdev/data/docs/dx/__init__.py +1 -0
  249. icdev/data/docs/dx/ci-cd-integration.md +378 -0
  250. icdev/data/docs/dx/claude-code-guide.md +213 -0
  251. icdev/data/docs/dx/companion-guide.md +232 -0
  252. icdev/data/docs/dx/dev-profiles.md +309 -0
  253. icdev/data/docs/dx/icdev-yaml-spec.md +219 -0
  254. icdev/data/docs/dx/integration-tiers.md +279 -0
  255. icdev/data/docs/dx/llm-routing-guide.md +456 -0
  256. icdev/data/docs/dx/quickstart.md +192 -0
  257. icdev/data/docs/dx/sdk-reference.md +356 -0
  258. icdev/data/docs/dx/unified-mcp-setup.md +525 -0
  259. icdev/data/docs/features/__init__.py +1 -0
  260. icdev/data/docs/features/phase-01-gotcha-framework.md +249 -0
  261. icdev/data/docs/features/phase-02-atlas-build-workflow.md +223 -0
  262. icdev/data/docs/features/phase-03-tdd-bdd-testing.md +261 -0
  263. icdev/data/docs/features/phase-04-nist-compliance.md +255 -0
  264. icdev/data/docs/features/phase-05-security-scanning.md +229 -0
  265. icdev/data/docs/features/phase-06-infrastructure-deployment.md +288 -0
  266. icdev/data/docs/features/phase-07-code-review-gates.md +276 -0
  267. icdev/data/docs/features/phase-08-self-healing.md +223 -0
  268. icdev/data/docs/features/phase-09-monitoring-observability.md +230 -0
  269. icdev/data/docs/features/phase-10-dashboard-web-ui.md +218 -0
  270. icdev/data/docs/features/phase-11-multi-agent-architecture.md +272 -0
  271. icdev/data/docs/features/phase-12-integration-testing.md +228 -0
  272. icdev/data/docs/features/phase-13-cicd-integration.md +257 -0
  273. icdev/data/docs/features/phase-14-secure-by-design-ivv.md +240 -0
  274. icdev/data/docs/features/phase-15-maintenance-audit.md +192 -0
  275. icdev/data/docs/features/phase-16-ato-acceleration.md +228 -0
  276. icdev/data/docs/features/phase-17-multi-framework-compliance.md +223 -0
  277. icdev/data/docs/features/phase-18-mbse-integration.md +242 -0
  278. icdev/data/docs/features/phase-19-agentic-generation.md +202 -0
  279. icdev/data/docs/features/phase-20-fips-security-categorization.md +198 -0
  280. icdev/data/docs/features/phase-21-saas-multi-tenancy.md +273 -0
  281. icdev/data/docs/features/phase-22-federated-gotcha-marketplace.md +242 -0
  282. icdev/data/docs/features/phase-23-universal-compliance-platform.md +238 -0
  283. icdev/data/docs/features/phase-24-devsecops-pipeline-security.md +198 -0
  284. icdev/data/docs/features/phase-25-zero-trust-architecture.md +220 -0
  285. icdev/data/docs/features/phase-26-dod-mosa.md +205 -0
  286. icdev/data/docs/features/phase-27-cli-capabilities.md +222 -0
  287. icdev/data/docs/features/phase-28-remote-command-gateway.md +235 -0
  288. icdev/data/docs/features/phase-29-proactive-monitoring.md +212 -0
  289. icdev/data/docs/features/phase-30-dashboard-auth.md +215 -0
  290. icdev/data/docs/features/phase-31-dashboard-ux-low-impact.md +188 -0
  291. icdev/data/docs/features/phase-32-dashboard-ux-medium-impact.md +223 -0
  292. icdev/data/docs/features/phase-33-modular-installation.md +218 -0
  293. icdev/data/docs/features/phase-34-dev-profiles.md +239 -0
  294. icdev/data/docs/features/phase-35-innovation-engine.md +257 -0
  295. icdev/data/docs/features/phase-36-evolutionary-intelligence.md +351 -0
  296. icdev/data/docs/features/phase-37-mitre-atlas-integration.md +485 -0
  297. icdev/data/docs/features/phase-38-cloud-agnostic-architecture.md +1033 -0
  298. icdev/data/docs/features/phase-39-observability-operations.md +178 -0
  299. icdev/data/docs/features/phase-40-nlq-compliance-queries.md +176 -0
  300. icdev/data/docs/features/phase-41-parallel-cicd.md +169 -0
  301. icdev/data/docs/features/phase-42-framework-planning.md +177 -0
  302. icdev/data/docs/features/phase-43-cross-language-translation.md +225 -0
  303. icdev/data/docs/features/phase-44-innovation-adaptation.md +227 -0
  304. icdev/data/docs/features/phase-45-owasp-agentic-security.md +239 -0
  305. icdev/data/docs/features/phase-46-observability-traceability-xai.md +240 -0
  306. icdev/data/docs/features/phase-47-unified-mcp-gateway.md +257 -0
  307. icdev/data/docs/features/phase-48-ai-transparency.md +203 -0
  308. icdev/data/docs/features/phase-49-ai-accountability.md +243 -0
  309. icdev/data/docs/features/phase-50-ai-governance-intake-chat.md +195 -0
  310. icdev/data/docs/features/phase-51-unified-chat-dashboard.md +240 -0
  311. icdev/data/docs/features/phase-52-code-intelligence.md +244 -0
  312. icdev/data/docs/features/phase-53-fedramp-20x-owasp-asi.md +359 -0
  313. icdev/data/docs/features/phase-54-slsa-swft-orchestration.md +379 -0
  314. icdev/data/docs/features/phase-55-a2a-v03-mcp-oauth.md +322 -0
  315. icdev/data/docs/features/phase-56-evidence-lineage.md +352 -0
  316. icdev/data/docs/features/phase-57-eu-ai-act-iron-bank.md +319 -0
  317. icdev/data/docs/features/phase-58-creative-engine.md +370 -0
  318. icdev/data/docs/features/phase-59-govcon-intelligence.md +535 -0
  319. icdev/data/docs/features/phase-60-cpmp.md +528 -0
  320. icdev/data/docs/features/phase-61-orchestration-improvements.md +534 -0
  321. icdev/data/docs/operations/dashboard-guide.md +354 -0
  322. icdev/data/docs/operations/deployment-guide.md +556 -0
  323. icdev/data/docs/operations/saas-admin-guide.md +439 -0
  324. icdev/data/docs/operations/security-operations-guide.md +733 -0
  325. icdev/data/docs/runbooks/backup-restore.md +412 -0
  326. icdev/data/docs/runbooks/troubleshooting.md +499 -0
  327. icdev/data/features/__init__.py +1 -0
  328. icdev/data/features/cicd_integration.feature +41 -0
  329. icdev/data/features/compliance_gates.feature +46 -0
  330. icdev/data/features/dashboard.feature +72 -0
  331. icdev/data/features/environment.py +25 -0
  332. icdev/data/features/project_management.feature +32 -0
  333. icdev/data/features/requirements_intake.feature +42 -0
  334. icdev/data/features/saas_platform.feature +53 -0
  335. icdev/data/features/security_scanning.feature +36 -0
  336. icdev/data/features/steps/__init__.py +1 -0
  337. icdev/data/features/steps/cicd_steps.py +465 -0
  338. icdev/data/features/steps/compliance_steps.py +308 -0
  339. icdev/data/features/steps/dashboard_steps.py +88 -0
  340. icdev/data/features/steps/project_steps.py +126 -0
  341. icdev/data/features/steps/requirements_intake_steps.py +689 -0
  342. icdev/data/features/steps/saas_platform_steps.py +572 -0
  343. icdev/data/features/steps/security_steps.py +236 -0
  344. icdev/data/features/steps/testing_steps.py +226 -0
  345. icdev/data/features/testing_pipeline.feature +42 -0
  346. icdev/data/goals/__init__.py +1 -0
  347. icdev/data/goals/agent_management.md +144 -0
  348. icdev/data/goals/agentic_generation.md +345 -0
  349. icdev/data/goals/agentic_threat_model.md +309 -0
  350. icdev/data/goals/ai_accountability.md +90 -0
  351. icdev/data/goals/ai_governance_intake.md +132 -0
  352. icdev/data/goals/ai_transparency.md +76 -0
  353. icdev/data/goals/atlas_integration.md +405 -0
  354. icdev/data/goals/ato_acceleration.md +139 -0
  355. icdev/data/goals/boundary_supply_chain.md +206 -0
  356. icdev/data/goals/build_app.md +544 -0
  357. icdev/data/goals/cicd_integration.md +86 -0
  358. icdev/data/goals/claude_dir_maintenance.md +77 -0
  359. icdev/data/goals/cli_capabilities.md +340 -0
  360. icdev/data/goals/cloud_agnostic.md +312 -0
  361. icdev/data/goals/code_intelligence.md +197 -0
  362. icdev/data/goals/code_review.md +94 -0
  363. icdev/data/goals/compliance_workflow.md +858 -0
  364. icdev/data/goals/continuous_harmonization.md +140 -0
  365. icdev/data/goals/cross_language_translation.md +171 -0
  366. icdev/data/goals/dashboard.md +142 -0
  367. icdev/data/goals/deploy_workflow.md +390 -0
  368. icdev/data/goals/devsecops_workflow.md +408 -0
  369. icdev/data/goals/evolutionary_intelligence.md +305 -0
  370. icdev/data/goals/external_integration.md +113 -0
  371. icdev/data/goals/framework_planning.md +63 -0
  372. icdev/data/goals/init_project.md +235 -0
  373. icdev/data/goals/innovation_engine.md +199 -0
  374. icdev/data/goals/integration_testing.md +189 -0
  375. icdev/data/goals/maintenance_audit.md +196 -0
  376. icdev/data/goals/manifest.md +56 -0
  377. icdev/data/goals/mbse_integration.md +504 -0
  378. icdev/data/goals/modernization_workflow.md +618 -0
  379. icdev/data/goals/monitoring.md +126 -0
  380. icdev/data/goals/mosa_workflow.md +463 -0
  381. icdev/data/goals/multi_agent_orchestration.md +68 -0
  382. icdev/data/goals/nlq_compliance.md +63 -0
  383. icdev/data/goals/observability.md +64 -0
  384. icdev/data/goals/observability_traceability_xai.md +154 -0
  385. icdev/data/goals/owasp_agentic_security.md +395 -0
  386. icdev/data/goals/parallel_cicd.md +61 -0
  387. icdev/data/goals/requirements_intake.md +213 -0
  388. icdev/data/goals/sbd_ivv_workflow.md +195 -0
  389. icdev/data/goals/security_categorization.md +133 -0
  390. icdev/data/goals/security_scan.md +381 -0
  391. icdev/data/goals/self_healing.md +120 -0
  392. icdev/data/goals/simulation_engine.md +111 -0
  393. icdev/data/goals/tdd_workflow.md +403 -0
  394. icdev/data/goals/zero_trust_architecture.md +403 -0
  395. icdev/data/hardprompts/__init__.py +1 -0
  396. icdev/data/hardprompts/agent/__init__.py +1 -0
  397. icdev/data/hardprompts/agent/agentic_architect.md +100 -0
  398. icdev/data/hardprompts/agent/debate_prompt.md +32 -0
  399. icdev/data/hardprompts/agent/fitness_evaluation.md +48 -0
  400. icdev/data/hardprompts/agent/governance_review.md +214 -0
  401. icdev/data/hardprompts/agent/reviewer_prompt.md +34 -0
  402. icdev/data/hardprompts/agent/skill_design.md +172 -0
  403. icdev/data/hardprompts/agent/task_decomposition.md +275 -0
  404. icdev/data/hardprompts/agent/veto_check_prompt.md +33 -0
  405. icdev/data/hardprompts/architect/__init__.py +1 -0
  406. icdev/data/hardprompts/architect/api_design.md +283 -0
  407. icdev/data/hardprompts/architect/data_model.md +277 -0
  408. icdev/data/hardprompts/architect/system_design.md +180 -0
  409. icdev/data/hardprompts/builder/__init__.py +1 -0
  410. icdev/data/hardprompts/builder/code_generation.md +59 -0
  411. icdev/data/hardprompts/builder/refactor.md +58 -0
  412. icdev/data/hardprompts/builder/scaffold_project.md +69 -0
  413. icdev/data/hardprompts/builder/test_generation.md +87 -0
  414. icdev/data/hardprompts/ci/__init__.py +1 -0
  415. icdev/data/hardprompts/ci/worktree_setup.md +35 -0
  416. icdev/data/hardprompts/compliance/__init__.py +1 -0
  417. icdev/data/hardprompts/compliance/cmmc_assessment.md +63 -0
  418. icdev/data/hardprompts/compliance/cssp_assessment.md +75 -0
  419. icdev/data/hardprompts/compliance/cui_marking.md +86 -0
  420. icdev/data/hardprompts/compliance/fedramp_assessment.md +55 -0
  421. icdev/data/hardprompts/compliance/ivv_assessment.md +96 -0
  422. icdev/data/hardprompts/compliance/poam_generation.md +57 -0
  423. icdev/data/hardprompts/compliance/sbd_assessment.md +101 -0
  424. icdev/data/hardprompts/compliance/security_categorization.md +74 -0
  425. icdev/data/hardprompts/compliance/ssp_generation.md +56 -0
  426. icdev/data/hardprompts/compliance/stig_evaluation.md +63 -0
  427. icdev/data/hardprompts/dashboard/__init__.py +1 -0
  428. icdev/data/hardprompts/dashboard/nlq_system_prompt.md +26 -0
  429. icdev/data/hardprompts/infra/__init__.py +1 -0
  430. icdev/data/hardprompts/infra/k8s_manifests.md +118 -0
  431. icdev/data/hardprompts/infra/pipeline_generation.md +160 -0
  432. icdev/data/hardprompts/infra/terraform_generation.md +92 -0
  433. icdev/data/hardprompts/integration/__init__.py +1 -0
  434. icdev/data/hardprompts/integration/approval_review.md +17 -0
  435. icdev/data/hardprompts/integration/jira_mapping.md +25 -0
  436. icdev/data/hardprompts/integration/servicenow_mapping.md +14 -0
  437. icdev/data/hardprompts/knowledge/__init__.py +1 -0
  438. icdev/data/hardprompts/knowledge/pattern_detection.md +73 -0
  439. icdev/data/hardprompts/knowledge/recommendation_engine.md +90 -0
  440. icdev/data/hardprompts/knowledge/root_cause_analysis.md +91 -0
  441. icdev/data/hardprompts/maintenance/__init__.py +1 -0
  442. icdev/data/hardprompts/maintenance/maintenance_assessment.md +82 -0
  443. icdev/data/hardprompts/mbse/__init__.py +1 -0
  444. icdev/data/hardprompts/mbse/digital_thread.md +67 -0
  445. icdev/data/hardprompts/mbse/model_import.md +62 -0
  446. icdev/data/hardprompts/mbse/model_to_code.md +65 -0
  447. icdev/data/hardprompts/modernization/__init__.py +1 -0
  448. icdev/data/hardprompts/modernization/legacy_analysis.md +93 -0
  449. icdev/data/hardprompts/modernization/migration_planning.md +150 -0
  450. icdev/data/hardprompts/modernization/seven_r_assessment.md +107 -0
  451. icdev/data/hardprompts/requirements/__init__.py +1 -0
  452. icdev/data/hardprompts/requirements/bdd_generation.md +35 -0
  453. icdev/data/hardprompts/requirements/clarification_prioritization.md +29 -0
  454. icdev/data/hardprompts/requirements/decomposition.md +60 -0
  455. icdev/data/hardprompts/requirements/document_extraction.md +45 -0
  456. icdev/data/hardprompts/requirements/gap_detection.md +70 -0
  457. icdev/data/hardprompts/requirements/intake_conversation.md +101 -0
  458. icdev/data/hardprompts/requirements/readiness_assessment.md +39 -0
  459. icdev/data/hardprompts/requirements/spec_quality.md +33 -0
  460. icdev/data/hardprompts/requirements/traceability_analysis.md +23 -0
  461. icdev/data/hardprompts/security/__init__.py +1 -0
  462. icdev/data/hardprompts/security/endpoint_security.md +78 -0
  463. icdev/data/hardprompts/security/threat_model.md +70 -0
  464. icdev/data/hardprompts/security/vulnerability_assessment.md +81 -0
  465. icdev/data/hardprompts/simulation/__init__.py +1 -0
  466. icdev/data/hardprompts/simulation/architecture_impact.md +27 -0
  467. icdev/data/hardprompts/simulation/coa_alternative.md +27 -0
  468. icdev/data/hardprompts/simulation/coa_generation.md +25 -0
  469. icdev/data/hardprompts/simulation/compliance_impact.md +28 -0
  470. icdev/data/hardprompts/simulation/cost_estimation.md +33 -0
  471. icdev/data/hardprompts/simulation/risk_assessment.md +28 -0
  472. icdev/data/hardprompts/translation/code_translation.md +68 -0
  473. icdev/data/hardprompts/translation/dependency_suggestion.md +44 -0
  474. icdev/data/hardprompts/translation/test_translation.md +64 -0
  475. icdev/data/hardprompts/translation/translation_repair.md +59 -0
  476. icdev/py.typed +0 -0
  477. icdev/tools/__init__.py +1 -0
  478. icdev/tools/_gen_formatter.py +12 -0
  479. icdev/tools/a2a/__init__.py +1 -0
  480. icdev/tools/a2a/agent_cards/architect.json +43 -0
  481. icdev/tools/a2a/agent_cards/builder.json +50 -0
  482. icdev/tools/a2a/agent_cards/compliance.json +57 -0
  483. icdev/tools/a2a/agent_cards/devsecops.json +71 -0
  484. icdev/tools/a2a/agent_cards/infra.json +57 -0
  485. icdev/tools/a2a/agent_cards/integration.json +57 -0
  486. icdev/tools/a2a/agent_cards/knowledge.json +43 -0
  487. icdev/tools/a2a/agent_cards/mbse.json +57 -0
  488. icdev/tools/a2a/agent_cards/modernization.json +50 -0
  489. icdev/tools/a2a/agent_cards/monitor.json +43 -0
  490. icdev/tools/a2a/agent_cards/orchestrator.json +36 -0
  491. icdev/tools/a2a/agent_cards/requirements_analyst.json +64 -0
  492. icdev/tools/a2a/agent_cards/security.json +50 -0
  493. icdev/tools/a2a/agent_cards/simulation.json +57 -0
  494. icdev/tools/a2a/agent_cards/supply_chain.json +50 -0
  495. icdev/tools/a2a/agent_client.py +349 -0
  496. icdev/tools/a2a/agent_registry.py +412 -0
  497. icdev/tools/a2a/agent_server.py +579 -0
  498. icdev/tools/a2a/task.py +200 -0
  499. icdev/tools/agent/__init__.py +2 -0
  500. icdev/tools/agent/a2a_agent_card_generator.py +285 -0
  501. icdev/tools/agent/a2a_discovery_server.py +250 -0
  502. icdev/tools/agent/agent_executor.py +529 -0
  503. icdev/tools/agent/agent_memory.py +557 -0
  504. icdev/tools/agent/agent_models.py +51 -0
  505. icdev/tools/agent/atlas_critique.py +908 -0
  506. icdev/tools/agent/authority.py +443 -0
  507. icdev/tools/agent/bedrock_client.py +1075 -0
  508. icdev/tools/agent/collaboration.py +871 -0
  509. icdev/tools/agent/dispatcher_mode.py +665 -0
  510. icdev/tools/agent/mailbox.py +575 -0
  511. icdev/tools/agent/prompt_chain_executor.py +1064 -0
  512. icdev/tools/agent/session_purpose.py +350 -0
  513. icdev/tools/agent/skill_router.py +638 -0
  514. icdev/tools/agent/skill_selector.py +486 -0
  515. icdev/tools/agent/team_orchestrator.py +1108 -0
  516. icdev/tools/agent/token_tracker.py +290 -0
  517. icdev/tools/analysis/__init__.py +1 -0
  518. icdev/tools/analysis/code_analyzer.py +780 -0
  519. icdev/tools/analysis/runtime_feedback.py +389 -0
  520. icdev/tools/audit/__init__.py +1 -0
  521. icdev/tools/audit/audit_logger.py +196 -0
  522. icdev/tools/audit/audit_query.py +157 -0
  523. icdev/tools/audit/decision_recorder.py +72 -0
  524. icdev/tools/builder/__init__.py +1 -0
  525. icdev/tools/builder/agentic_fitness.py +534 -0
  526. icdev/tools/builder/agentic_test_templates/test_a2a_callback.py +117 -0
  527. icdev/tools/builder/agentic_test_templates/test_a2a_lifecycle.feature +52 -0
  528. icdev/tools/builder/agentic_test_templates/test_agent_card.feature +37 -0
  529. icdev/tools/builder/agentic_test_templates/test_agent_health.py +128 -0
  530. icdev/tools/builder/agentic_test_templates/test_memory_system.feature +50 -0
  531. icdev/tools/builder/agentic_test_templates/test_skill_execution.feature +40 -0
  532. icdev/tools/builder/app_blueprint.py +1583 -0
  533. icdev/tools/builder/child_app_generator.py +2852 -0
  534. icdev/tools/builder/claude_md_generator.py +1734 -0
  535. icdev/tools/builder/code_generator.py +3703 -0
  536. icdev/tools/builder/db_init_generator.py +1709 -0
  537. icdev/tools/builder/dev_profile_manager.py +954 -0
  538. icdev/tools/builder/formatter.py +768 -0
  539. icdev/tools/builder/goal_adapter.py +592 -0
  540. icdev/tools/builder/gotcha_validator.py +812 -0
  541. icdev/tools/builder/language_support.py +441 -0
  542. icdev/tools/builder/linter.py +976 -0
  543. icdev/tools/builder/profile_detector.py +657 -0
  544. icdev/tools/builder/profile_md_generator.py +723 -0
  545. icdev/tools/builder/scaffolder.py +1590 -0
  546. icdev/tools/builder/scaffolder_extended.py +1771 -0
  547. icdev/tools/builder/test_writer.py +950 -0
  548. icdev/tools/ci/__init__.py +2 -0
  549. icdev/tools/ci/connectors/__init__.py +2 -0
  550. icdev/tools/ci/connectors/base_connector.py +80 -0
  551. icdev/tools/ci/connectors/connector_registry.py +188 -0
  552. icdev/tools/ci/connectors/mattermost_connector.py +159 -0
  553. icdev/tools/ci/connectors/slack_connector.py +197 -0
  554. icdev/tools/ci/core/__init__.py +2 -0
  555. icdev/tools/ci/core/air_gap_detector.py +115 -0
  556. icdev/tools/ci/core/comment_handler.py +192 -0
  557. icdev/tools/ci/core/conversation_manager.py +479 -0
  558. icdev/tools/ci/core/event_envelope.py +500 -0
  559. icdev/tools/ci/core/event_router.py +443 -0
  560. icdev/tools/ci/core/failure_parser.py +397 -0
  561. icdev/tools/ci/core/recovery_engine.py +527 -0
  562. icdev/tools/ci/modules/__init__.py +2 -0
  563. icdev/tools/ci/modules/agent.py +271 -0
  564. icdev/tools/ci/modules/git_ops.py +175 -0
  565. icdev/tools/ci/modules/state.py +117 -0
  566. icdev/tools/ci/modules/vcs.py +303 -0
  567. icdev/tools/ci/modules/workflow_ops.py +295 -0
  568. icdev/tools/ci/modules/worktree.py +340 -0
  569. icdev/tools/ci/pipeline_config_generator.py +558 -0
  570. icdev/tools/ci/triggers/__init__.py +2 -0
  571. icdev/tools/ci/triggers/gitlab_task_monitor.py +330 -0
  572. icdev/tools/ci/triggers/poll_trigger.py +237 -0
  573. icdev/tools/ci/triggers/webhook_server.py +356 -0
  574. icdev/tools/ci/workflows/__init__.py +2 -0
  575. icdev/tools/ci/workflows/icdev_build.py +140 -0
  576. icdev/tools/ci/workflows/icdev_comply.py +284 -0
  577. icdev/tools/ci/workflows/icdev_document.py +152 -0
  578. icdev/tools/ci/workflows/icdev_e2e.py +188 -0
  579. icdev/tools/ci/workflows/icdev_patch.py +186 -0
  580. icdev/tools/ci/workflows/icdev_plan.py +202 -0
  581. icdev/tools/ci/workflows/icdev_plan_build.py +41 -0
  582. icdev/tools/ci/workflows/icdev_plan_build_test.py +46 -0
  583. icdev/tools/ci/workflows/icdev_plan_build_test_review.py +47 -0
  584. icdev/tools/ci/workflows/icdev_review.py +126 -0
  585. icdev/tools/ci/workflows/icdev_sdlc.py +261 -0
  586. icdev/tools/ci/workflows/icdev_test.py +240 -0
  587. icdev/tools/cli/__init__.py +1 -0
  588. icdev/tools/cli/output_formatter.py +756 -0
  589. icdev/tools/cli_formatter.py +42 -0
  590. icdev/tools/cloud/__init__.py +11 -0
  591. icdev/tools/cloud/cloud_mode_manager.py +364 -0
  592. icdev/tools/cloud/csp_changelog.py +383 -0
  593. icdev/tools/cloud/csp_health_checker.py +268 -0
  594. icdev/tools/cloud/csp_monitor.py +951 -0
  595. icdev/tools/cloud/iam_provider.py +593 -0
  596. icdev/tools/cloud/kms_provider.py +346 -0
  597. icdev/tools/cloud/monitoring_provider.py +628 -0
  598. icdev/tools/cloud/provider_factory.py +376 -0
  599. icdev/tools/cloud/region_validator.py +345 -0
  600. icdev/tools/cloud/registry_provider.py +563 -0
  601. icdev/tools/cloud/secrets_provider.py +486 -0
  602. icdev/tools/cloud/storage_provider.py +446 -0
  603. icdev/tools/compat/__init__.py +21 -0
  604. icdev/tools/compat/cli_harmonizer.py +251 -0
  605. icdev/tools/compat/datetime_utils.py +18 -0
  606. icdev/tools/compat/db_utils.py +160 -0
  607. icdev/tools/compat/platform_utils.py +123 -0
  608. icdev/tools/compliance/__init__.py +1 -0
  609. icdev/tools/compliance/accountability_manager.py +397 -0
  610. icdev/tools/compliance/ai_accountability_audit.py +294 -0
  611. icdev/tools/compliance/ai_impact_assessor.py +273 -0
  612. icdev/tools/compliance/ai_incident_response.py +301 -0
  613. icdev/tools/compliance/ai_inventory_manager.py +239 -0
  614. icdev/tools/compliance/ai_reassessment_scheduler.py +256 -0
  615. icdev/tools/compliance/ai_transparency_audit.py +248 -0
  616. icdev/tools/compliance/atlas_assessor.py +278 -0
  617. icdev/tools/compliance/atlas_report_generator.py +1211 -0
  618. icdev/tools/compliance/base_assessor.py +597 -0
  619. icdev/tools/compliance/cato_monitor.py +1385 -0
  620. icdev/tools/compliance/cato_scheduler.py +699 -0
  621. icdev/tools/compliance/cjis_assessor.py +76 -0
  622. icdev/tools/compliance/classification_manager.py +1353 -0
  623. icdev/tools/compliance/cmmc_assessor.py +1491 -0
  624. icdev/tools/compliance/cmmc_report_generator.py +1100 -0
  625. icdev/tools/compliance/compliance_detector.py +463 -0
  626. icdev/tools/compliance/compliance_exporter.py +427 -0
  627. icdev/tools/compliance/compliance_status.py +825 -0
  628. icdev/tools/compliance/control_mapper.py +505 -0
  629. icdev/tools/compliance/crosswalk_engine.py +1203 -0
  630. icdev/tools/compliance/cssp_assessor.py +1045 -0
  631. icdev/tools/compliance/cssp_evidence_collector.py +729 -0
  632. icdev/tools/compliance/cssp_report_generator.py +1116 -0
  633. icdev/tools/compliance/cui_marker.py +388 -0
  634. icdev/tools/compliance/diagram_validator.py +600 -0
  635. icdev/tools/compliance/emass/__init__.py +2 -0
  636. icdev/tools/compliance/emass/emass_client.py +840 -0
  637. icdev/tools/compliance/emass/emass_export.py +777 -0
  638. icdev/tools/compliance/emass/emass_sync.py +826 -0
  639. icdev/tools/compliance/eu_ai_act_classifier.py +194 -0
  640. icdev/tools/compliance/evidence_collector.py +468 -0
  641. icdev/tools/compliance/fairness_assessor.py +316 -0
  642. icdev/tools/compliance/fedramp_assessor.py +1808 -0
  643. icdev/tools/compliance/fedramp_authorization_packager.py +137 -0
  644. icdev/tools/compliance/fedramp_ksi_generator.py +355 -0
  645. icdev/tools/compliance/fedramp_report_generator.py +1128 -0
  646. icdev/tools/compliance/fips199_categorizer.py +881 -0
  647. icdev/tools/compliance/fips200_validator.py +315 -0
  648. icdev/tools/compliance/gao_ai_assessor.py +231 -0
  649. icdev/tools/compliance/gao_evidence_builder.py +308 -0
  650. icdev/tools/compliance/hipaa_assessor.py +78 -0
  651. icdev/tools/compliance/hitrust_assessor.py +49 -0
  652. icdev/tools/compliance/incident_response_plan.py +718 -0
  653. icdev/tools/compliance/iso27001_assessor.py +92 -0
  654. icdev/tools/compliance/iso42001_assessor.py +114 -0
  655. icdev/tools/compliance/ivv_assessor.py +2327 -0
  656. icdev/tools/compliance/ivv_report_generator.py +1662 -0
  657. icdev/tools/compliance/model_card_generator.py +297 -0
  658. icdev/tools/compliance/mosa_assessor.py +117 -0
  659. icdev/tools/compliance/multi_regime_assessor.py +451 -0
  660. icdev/tools/compliance/narrative_generator.py +1013 -0
  661. icdev/tools/compliance/nist_800_207_assessor.py +191 -0
  662. icdev/tools/compliance/nist_ai_600_1_assessor.py +188 -0
  663. icdev/tools/compliance/nist_ai_rmf_assessor.py +110 -0
  664. icdev/tools/compliance/nist_lookup.py +245 -0
  665. icdev/tools/compliance/omb_m25_21_assessor.py +228 -0
  666. icdev/tools/compliance/omb_m26_04_assessor.py +188 -0
  667. icdev/tools/compliance/oscal_catalog_adapter.py +395 -0
  668. icdev/tools/compliance/oscal_generator.py +2170 -0
  669. icdev/tools/compliance/oscal_tools.py +1182 -0
  670. icdev/tools/compliance/owasp_agentic_assessor.py +226 -0
  671. icdev/tools/compliance/owasp_asi_assessor.py +200 -0
  672. icdev/tools/compliance/owasp_llm_assessor.py +244 -0
  673. icdev/tools/compliance/pci_dss_assessor.py +80 -0
  674. icdev/tools/compliance/pi_compliance_tracker.py +1461 -0
  675. icdev/tools/compliance/poam_generator.py +405 -0
  676. icdev/tools/compliance/resolve_marking.py +283 -0
  677. icdev/tools/compliance/sbd_assessor.py +2068 -0
  678. icdev/tools/compliance/sbd_report_generator.py +1236 -0
  679. icdev/tools/compliance/sbom_generator.py +1008 -0
  680. icdev/tools/compliance/siem_config_generator.py +674 -0
  681. icdev/tools/compliance/slsa_attestation_generator.py +490 -0
  682. icdev/tools/compliance/soc2_assessor.py +77 -0
  683. icdev/tools/compliance/ssp_generator.py +573 -0
  684. icdev/tools/compliance/stig_checker.py +727 -0
  685. icdev/tools/compliance/swft_evidence_bundler.py +337 -0
  686. icdev/tools/compliance/system_card_generator.py +309 -0
  687. icdev/tools/compliance/traceability_matrix.py +1281 -0
  688. icdev/tools/compliance/universal_classification_manager.py +1172 -0
  689. icdev/tools/compliance/xacta/__init__.py +2 -0
  690. icdev/tools/compliance/xacta/xacta_client.py +449 -0
  691. icdev/tools/compliance/xacta/xacta_export.py +557 -0
  692. icdev/tools/compliance/xacta/xacta_sync.py +333 -0
  693. icdev/tools/compliance/xai_assessor.py +231 -0
  694. icdev/tools/dashboard/__init__.py +1 -0
  695. icdev/tools/dashboard/api/__init__.py +1 -0
  696. icdev/tools/dashboard/api/_pipeline_state.py +17 -0
  697. icdev/tools/dashboard/api/activity.py +206 -0
  698. icdev/tools/dashboard/api/admin.py +176 -0
  699. icdev/tools/dashboard/api/agents.py +53 -0
  700. icdev/tools/dashboard/api/ai_accountability.py +163 -0
  701. icdev/tools/dashboard/api/ai_transparency.py +198 -0
  702. icdev/tools/dashboard/api/audit.py +58 -0
  703. icdev/tools/dashboard/api/batch.py +666 -0
  704. icdev/tools/dashboard/api/chat.py +241 -0
  705. icdev/tools/dashboard/api/cicd.py +219 -0
  706. icdev/tools/dashboard/api/code_quality.py +223 -0
  707. icdev/tools/dashboard/api/compliance.py +171 -0
  708. icdev/tools/dashboard/api/cpmp.py +915 -0
  709. icdev/tools/dashboard/api/diagrams.py +65 -0
  710. icdev/tools/dashboard/api/events.py +250 -0
  711. icdev/tools/dashboard/api/evidence.py +99 -0
  712. icdev/tools/dashboard/api/fedramp_20x.py +77 -0
  713. icdev/tools/dashboard/api/govcon.py +1095 -0
  714. icdev/tools/dashboard/api/intake.py +1171 -0
  715. icdev/tools/dashboard/api/lineage.py +163 -0
  716. icdev/tools/dashboard/api/metrics.py +155 -0
  717. icdev/tools/dashboard/api/nlq.py +72 -0
  718. icdev/tools/dashboard/api/orchestration.py +472 -0
  719. icdev/tools/dashboard/api/oscal.py +183 -0
  720. icdev/tools/dashboard/api/prod_audit.py +183 -0
  721. icdev/tools/dashboard/api/projects.py +191 -0
  722. icdev/tools/dashboard/api/proposals.py +1084 -0
  723. icdev/tools/dashboard/api/traces.py +363 -0
  724. icdev/tools/dashboard/api/usage.py +234 -0
  725. icdev/tools/dashboard/app.py +1986 -0
  726. icdev/tools/dashboard/auth.py +500 -0
  727. icdev/tools/dashboard/byok.py +245 -0
  728. icdev/tools/dashboard/chat_manager.py +675 -0
  729. icdev/tools/dashboard/config.py +116 -0
  730. icdev/tools/dashboard/diagram_definitions.py +642 -0
  731. icdev/tools/dashboard/nlq_processor.py +323 -0
  732. icdev/tools/dashboard/phase_loader.py +136 -0
  733. icdev/tools/dashboard/sse_manager.py +89 -0
  734. icdev/tools/dashboard/state_tracker.py +267 -0
  735. icdev/tools/dashboard/static/css/style.css +706 -0
  736. icdev/tools/dashboard/static/css/ux.css +2047 -0
  737. icdev/tools/dashboard/static/js/activity.js +322 -0
  738. icdev/tools/dashboard/static/js/api.js +161 -0
  739. icdev/tools/dashboard/static/js/batch.js +814 -0
  740. icdev/tools/dashboard/static/js/charts.js +618 -0
  741. icdev/tools/dashboard/static/js/chat.js +1514 -0
  742. icdev/tools/dashboard/static/js/kanban.js +113 -0
  743. icdev/tools/dashboard/static/js/live.js +569 -0
  744. icdev/tools/dashboard/static/js/mermaid-icdev.js +332 -0
  745. icdev/tools/dashboard/static/js/proposals.js +588 -0
  746. icdev/tools/dashboard/static/js/shortcuts.js +544 -0
  747. icdev/tools/dashboard/static/js/tables.js +652 -0
  748. icdev/tools/dashboard/static/js/tour.js +524 -0
  749. icdev/tools/dashboard/static/js/ux.js +942 -0
  750. icdev/tools/dashboard/templates/404.html +10 -0
  751. icdev/tools/dashboard/templates/activity.html +80 -0
  752. icdev/tools/dashboard/templates/admin/users.html +144 -0
  753. icdev/tools/dashboard/templates/ai_accountability.html +235 -0
  754. icdev/tools/dashboard/templates/ai_transparency.html +263 -0
  755. icdev/tools/dashboard/templates/base.html +104 -0
  756. icdev/tools/dashboard/templates/batch.html +23 -0
  757. icdev/tools/dashboard/templates/chat.html +332 -0
  758. icdev/tools/dashboard/templates/children.html +149 -0
  759. icdev/tools/dashboard/templates/cicd.html +253 -0
  760. icdev/tools/dashboard/templates/code_quality.html +214 -0
  761. icdev/tools/dashboard/templates/cpmp/cor_detail.html +220 -0
  762. icdev/tools/dashboard/templates/cpmp/cor_portal.html +91 -0
  763. icdev/tools/dashboard/templates/cpmp/deliverable_detail.html +197 -0
  764. icdev/tools/dashboard/templates/cpmp/detail.html +578 -0
  765. icdev/tools/dashboard/templates/cpmp/portfolio.html +202 -0
  766. icdev/tools/dashboard/templates/dev_profiles.html +304 -0
  767. icdev/tools/dashboard/templates/diagrams.html +224 -0
  768. icdev/tools/dashboard/templates/events/timeline.html +232 -0
  769. icdev/tools/dashboard/templates/evidence.html +134 -0
  770. icdev/tools/dashboard/templates/fedramp_20x.html +207 -0
  771. icdev/tools/dashboard/templates/gateway.html +244 -0
  772. icdev/tools/dashboard/templates/govcon/capabilities.html +135 -0
  773. icdev/tools/dashboard/templates/govcon/pipeline.html +214 -0
  774. icdev/tools/dashboard/templates/govcon/requirements.html +120 -0
  775. icdev/tools/dashboard/templates/index.html +254 -0
  776. icdev/tools/dashboard/templates/lineage.html +141 -0
  777. icdev/tools/dashboard/templates/login.html +51 -0
  778. icdev/tools/dashboard/templates/monitoring/overview.html +193 -0
  779. icdev/tools/dashboard/templates/orchestration/dashboard.html +545 -0
  780. icdev/tools/dashboard/templates/oscal.html +263 -0
  781. icdev/tools/dashboard/templates/phases.html +150 -0
  782. icdev/tools/dashboard/templates/prod_audit.html +280 -0
  783. icdev/tools/dashboard/templates/profile.html +183 -0
  784. icdev/tools/dashboard/templates/projects/detail.html +583 -0
  785. icdev/tools/dashboard/templates/projects/list.html +47 -0
  786. icdev/tools/dashboard/templates/proposals/detail.html +1253 -0
  787. icdev/tools/dashboard/templates/proposals/list.html +179 -0
  788. icdev/tools/dashboard/templates/proposals/section_detail.html +193 -0
  789. icdev/tools/dashboard/templates/provenance.html +181 -0
  790. icdev/tools/dashboard/templates/query/nlq.html +234 -0
  791. icdev/tools/dashboard/templates/quick_paths.html +69 -0
  792. icdev/tools/dashboard/templates/traces.html +155 -0
  793. icdev/tools/dashboard/templates/translation_detail.html +199 -0
  794. icdev/tools/dashboard/templates/translations.html +162 -0
  795. icdev/tools/dashboard/templates/usage.html +225 -0
  796. icdev/tools/dashboard/templates/wizard.html +539 -0
  797. icdev/tools/dashboard/templates/xai.html +208 -0
  798. icdev/tools/dashboard/ux_helpers.py +962 -0
  799. icdev/tools/dashboard/websocket.py +81 -0
  800. icdev/tools/db/__init__.py +1 -0
  801. icdev/tools/db/backup.py +312 -0
  802. icdev/tools/db/backup_manager.py +832 -0
  803. icdev/tools/db/init_icdev_db.py +5900 -0
  804. icdev/tools/db/migrate.py +178 -0
  805. icdev/tools/db/migration_runner.py +549 -0
  806. icdev/tools/db/migrations/001_baseline/meta.json +9 -0
  807. icdev/tools/db/migrations/001_baseline/up.py +68 -0
  808. icdev/tools/db/migrations/002_memory_enhancements/down.sql +8 -0
  809. icdev/tools/db/migrations/002_memory_enhancements/meta.json +9 -0
  810. icdev/tools/db/migrations/002_memory_enhancements/up.py +118 -0
  811. icdev/tools/db/migrations/003_dev_profiles/meta.json +8 -0
  812. icdev/tools/db/migrations/003_dev_profiles/up.py +93 -0
  813. icdev/tools/db/migrations/004_innovation_engine/down.py +19 -0
  814. icdev/tools/db/migrations/004_innovation_engine/up.py +227 -0
  815. icdev/tools/db/migrations/005_phase_37_ai_security/down.py +19 -0
  816. icdev/tools/db/migrations/005_phase_37_ai_security/up.py +258 -0
  817. icdev/tools/db/migrations/006_phase_36_evolution/down.py +21 -0
  818. icdev/tools/db/migrations/006_phase_36_evolution/up.py +323 -0
  819. icdev/tools/db/migrations/007_phase_38_cloud/down.py +14 -0
  820. icdev/tools/db/migrations/007_phase_38_cloud/up.py +110 -0
  821. icdev/tools/db/migrations/008_phase36_37_integration/up.py +55 -0
  822. icdev/tools/db/migrations/__init__.py +2 -0
  823. icdev/tools/devsecops/__init__.py +2 -0
  824. icdev/tools/devsecops/attestation_manager.py +458 -0
  825. icdev/tools/devsecops/network_segmentation_generator.py +614 -0
  826. icdev/tools/devsecops/pdp_config_generator.py +1256 -0
  827. icdev/tools/devsecops/pipeline_security_generator.py +484 -0
  828. icdev/tools/devsecops/policy_generator.py +653 -0
  829. icdev/tools/devsecops/profile_manager.py +388 -0
  830. icdev/tools/devsecops/service_mesh_generator.py +1073 -0
  831. icdev/tools/devsecops/zta_maturity_scorer.py +368 -0
  832. icdev/tools/devsecops/zta_terraform_generator.py +1303 -0
  833. icdev/tools/dx/__init__.py +3 -0
  834. icdev/tools/dx/companion.py +266 -0
  835. icdev/tools/dx/instruction_generator.py +753 -0
  836. icdev/tools/dx/mcp_config_generator.py +282 -0
  837. icdev/tools/dx/skill_translator.py +425 -0
  838. icdev/tools/dx/tool_detector.py +144 -0
  839. icdev/tools/extensions/__init__.py +21 -0
  840. icdev/tools/extensions/builtins/010_ai_governance_chat.py +277 -0
  841. icdev/tools/extensions/builtins/__init__.py +2 -0
  842. icdev/tools/extensions/extension_manager.py +455 -0
  843. icdev/tools/infra/__init__.py +1 -0
  844. icdev/tools/infra/ansible_generator.py +869 -0
  845. icdev/tools/infra/dockerfile_generator.py +361 -0
  846. icdev/tools/infra/infra_status.py +393 -0
  847. icdev/tools/infra/ironbank_metadata_generator.py +411 -0
  848. icdev/tools/infra/k8s_generator.py +1002 -0
  849. icdev/tools/infra/pipeline_generator.py +832 -0
  850. icdev/tools/infra/rollback.py +400 -0
  851. icdev/tools/infra/terraform_generator.py +1142 -0
  852. icdev/tools/infra/terraform_generator_azure.py +1254 -0
  853. icdev/tools/infra/terraform_generator_gcp.py +953 -0
  854. icdev/tools/infra/terraform_generator_ibm.py +360 -0
  855. icdev/tools/infra/terraform_generator_oci.py +919 -0
  856. icdev/tools/infra/terraform_generator_onprem.py +319 -0
  857. icdev/tools/innovation/__init__.py +8 -0
  858. icdev/tools/innovation/competitive_intel.py +492 -0
  859. icdev/tools/innovation/innovation_manager.py +681 -0
  860. icdev/tools/innovation/introspective_analyzer.py +774 -0
  861. icdev/tools/innovation/register_external_patterns.py +440 -0
  862. icdev/tools/innovation/signal_ranker.py +1038 -0
  863. icdev/tools/innovation/solution_generator.py +697 -0
  864. icdev/tools/innovation/standards_monitor.py +466 -0
  865. icdev/tools/innovation/trend_detector.py +1046 -0
  866. icdev/tools/innovation/triage_engine.py +1149 -0
  867. icdev/tools/innovation/web_scanner.py +894 -0
  868. icdev/tools/installer/__init__.py +1 -0
  869. icdev/tools/installer/compliance_configurator.py +637 -0
  870. icdev/tools/installer/installer.py +1711 -0
  871. icdev/tools/installer/module_registry.py +805 -0
  872. icdev/tools/installer/platform_setup.py +961 -0
  873. icdev/tools/integration/__init__.py +2 -0
  874. icdev/tools/integration/approval_manager.py +561 -0
  875. icdev/tools/integration/doors_exporter.py +627 -0
  876. icdev/tools/integration/gitlab_connector.py +784 -0
  877. icdev/tools/integration/jira_connector.py +774 -0
  878. icdev/tools/integration/servicenow_connector.py +693 -0
  879. icdev/tools/knowledge/__init__.py +1 -0
  880. icdev/tools/knowledge/knowledge_ingest.py +293 -0
  881. icdev/tools/knowledge/pattern_detector.py +693 -0
  882. icdev/tools/knowledge/recommendation_engine.py +461 -0
  883. icdev/tools/knowledge/self_heal_analyzer.py +504 -0
  884. icdev/tools/llm/__init__.py +72 -0
  885. icdev/tools/llm/anthropic_provider.py +170 -0
  886. icdev/tools/llm/azure_openai_provider.py +338 -0
  887. icdev/tools/llm/bedrock_provider.py +315 -0
  888. icdev/tools/llm/embedding_provider.py +438 -0
  889. icdev/tools/llm/gemini_provider.py +381 -0
  890. icdev/tools/llm/ibm_watsonx_provider.py +232 -0
  891. icdev/tools/llm/oci_genai_provider.py +462 -0
  892. icdev/tools/llm/ollama_provider.py +340 -0
  893. icdev/tools/llm/openai_provider.py +225 -0
  894. icdev/tools/llm/provider.py +355 -0
  895. icdev/tools/llm/provider_sdk.py +175 -0
  896. icdev/tools/llm/router.py +780 -0
  897. icdev/tools/llm/vertex_ai_provider.py +374 -0
  898. icdev/tools/maintenance/__init__.py +2 -0
  899. icdev/tools/maintenance/dependency_scanner.py +1030 -0
  900. icdev/tools/maintenance/maintenance_auditor.py +815 -0
  901. icdev/tools/maintenance/remediation_engine.py +966 -0
  902. icdev/tools/maintenance/vulnerability_checker.py +987 -0
  903. icdev/tools/mbse/__init__.py +3 -0
  904. icdev/tools/mbse/des_assessor.py +1186 -0
  905. icdev/tools/mbse/des_report_generator.py +800 -0
  906. icdev/tools/mbse/diagram_extractor.py +811 -0
  907. icdev/tools/mbse/digital_thread.py +1665 -0
  908. icdev/tools/mbse/model_code_generator.py +1122 -0
  909. icdev/tools/mbse/model_control_mapper.py +420 -0
  910. icdev/tools/mbse/pi_model_tracker.py +1093 -0
  911. icdev/tools/mbse/reqif_parser.py +1483 -0
  912. icdev/tools/mbse/sync_engine.py +1805 -0
  913. icdev/tools/mbse/xmi_parser.py +1573 -0
  914. icdev/tools/mcp/__init__.py +1 -0
  915. icdev/tools/mcp/base_server.py +535 -0
  916. icdev/tools/mcp/builder_server.py +725 -0
  917. icdev/tools/mcp/compliance_server.py +1407 -0
  918. icdev/tools/mcp/context_indexer.py +199 -0
  919. icdev/tools/mcp/context_server.py +305 -0
  920. icdev/tools/mcp/core_server.py +679 -0
  921. icdev/tools/mcp/devsecops_server.py +432 -0
  922. icdev/tools/mcp/gap_handlers.py +1079 -0
  923. icdev/tools/mcp/gateway_server.py +339 -0
  924. icdev/tools/mcp/generate_registry.py +623 -0
  925. icdev/tools/mcp/infra_server.py +264 -0
  926. icdev/tools/mcp/innovation_server.py +316 -0
  927. icdev/tools/mcp/integration_server.py +527 -0
  928. icdev/tools/mcp/knowledge_server.py +429 -0
  929. icdev/tools/mcp/maintenance_server.py +248 -0
  930. icdev/tools/mcp/marketplace_server.py +499 -0
  931. icdev/tools/mcp/mbse_server.py +398 -0
  932. icdev/tools/mcp/modernization_server.py +496 -0
  933. icdev/tools/mcp/observability_server.py +354 -0
  934. icdev/tools/mcp/requirements_server.py +415 -0
  935. icdev/tools/mcp/simulation_server.py +468 -0
  936. icdev/tools/mcp/standalone/__init__.py +2 -0
  937. icdev/tools/mcp/standalone/builder.py +59 -0
  938. icdev/tools/mcp/standalone/compliance.py +59 -0
  939. icdev/tools/mcp/standalone/core.py +59 -0
  940. icdev/tools/mcp/standalone/knowledge.py +59 -0
  941. icdev/tools/mcp/standalone/maintenance.py +59 -0
  942. icdev/tools/mcp/supply_chain_server.py +476 -0
  943. icdev/tools/mcp/tool_registry.py +2008 -0
  944. icdev/tools/mcp/unified_server.py +158 -0
  945. icdev/tools/memory/__init__.py +2 -0
  946. icdev/tools/memory/auto_capture.py +347 -0
  947. icdev/tools/memory/embed_memory.py +158 -0
  948. icdev/tools/memory/history_compressor.py +334 -0
  949. icdev/tools/memory/hybrid_search.py +236 -0
  950. icdev/tools/memory/maintenance_cron.py +289 -0
  951. icdev/tools/memory/memory_consolidation.py +444 -0
  952. icdev/tools/memory/memory_db.py +133 -0
  953. icdev/tools/memory/memory_read.py +102 -0
  954. icdev/tools/memory/memory_write.py +222 -0
  955. icdev/tools/memory/semantic_search.py +139 -0
  956. icdev/tools/memory/time_decay.py +435 -0
  957. icdev/tools/modernization/__init__.py +3 -0
  958. icdev/tools/modernization/architecture_extractor.py +734 -0
  959. icdev/tools/modernization/compliance_bridge.py +1499 -0
  960. icdev/tools/modernization/db_migration_planner.py +1385 -0
  961. icdev/tools/modernization/doc_generator.py +1428 -0
  962. icdev/tools/modernization/framework_migrator.py +1525 -0
  963. icdev/tools/modernization/legacy_analyzer.py +1948 -0
  964. icdev/tools/modernization/migration_code_generator.py +1639 -0
  965. icdev/tools/modernization/migration_report_generator.py +1653 -0
  966. icdev/tools/modernization/migration_tracker.py +1726 -0
  967. icdev/tools/modernization/monolith_decomposer.py +1508 -0
  968. icdev/tools/modernization/seven_r_assessor.py +1658 -0
  969. icdev/tools/modernization/strangler_fig_manager.py +1705 -0
  970. icdev/tools/modernization/ui_analyzer.py +771 -0
  971. icdev/tools/modernization/version_migrator.py +1392 -0
  972. icdev/tools/monitor/__init__.py +1 -0
  973. icdev/tools/monitor/alert_correlator.py +495 -0
  974. icdev/tools/monitor/auto_resolver.py +612 -0
  975. icdev/tools/monitor/health_checker.py +509 -0
  976. icdev/tools/monitor/heartbeat_daemon.py +792 -0
  977. icdev/tools/monitor/log_analyzer.py +516 -0
  978. icdev/tools/monitor/metric_collector.py +496 -0
  979. icdev/tools/mosa/__init__.py +10 -0
  980. icdev/tools/mosa/icd_generator.py +370 -0
  981. icdev/tools/mosa/modular_design_analyzer.py +683 -0
  982. icdev/tools/mosa/mosa_code_enforcer.py +349 -0
  983. icdev/tools/mosa/tsp_generator.py +265 -0
  984. icdev/tools/observability/__init__.py +100 -0
  985. icdev/tools/observability/genai_attributes.py +88 -0
  986. icdev/tools/observability/instrumentation.py +140 -0
  987. icdev/tools/observability/mlflow_exporter.py +194 -0
  988. icdev/tools/observability/otel_tracer.py +168 -0
  989. icdev/tools/observability/provenance/__init__.py +3 -0
  990. icdev/tools/observability/provenance/prov_recorder.py +324 -0
  991. icdev/tools/observability/shap/__init__.py +3 -0
  992. icdev/tools/observability/shap/agent_shap.py +275 -0
  993. icdev/tools/observability/sqlite_tracer.py +361 -0
  994. icdev/tools/observability/trace_context.py +205 -0
  995. icdev/tools/observability/tracer.py +230 -0
  996. icdev/tools/orchestration/__init__.py +2 -0
  997. icdev/tools/orchestration/workflow_composer.py +361 -0
  998. icdev/tools/project/__init__.py +1 -0
  999. icdev/tools/project/manifest_loader.py +418 -0
  1000. icdev/tools/project/project_create.py +350 -0
  1001. icdev/tools/project/project_list.py +174 -0
  1002. icdev/tools/project/project_scaffold.py +1715 -0
  1003. icdev/tools/project/project_status.py +479 -0
  1004. icdev/tools/project/session_context_builder.py +757 -0
  1005. icdev/tools/project/validate_manifest.py +55 -0
  1006. icdev/tools/registry/__init__.py +10 -0
  1007. icdev/tools/registry/absorption_engine.py +832 -0
  1008. icdev/tools/registry/capability_evaluator.py +668 -0
  1009. icdev/tools/registry/child_registry.py +617 -0
  1010. icdev/tools/registry/cross_pollinator.py +1065 -0
  1011. icdev/tools/registry/genome_manager.py +671 -0
  1012. icdev/tools/registry/learning_collector.py +912 -0
  1013. icdev/tools/registry/propagation_manager.py +942 -0
  1014. icdev/tools/registry/staging_manager.py +742 -0
  1015. icdev/tools/registry/telemetry_collector.py +423 -0
  1016. icdev/tools/requirements/__init__.py +1 -0
  1017. icdev/tools/requirements/ai_governance_scorer.py +208 -0
  1018. icdev/tools/requirements/boundary_analyzer.py +1293 -0
  1019. icdev/tools/requirements/clarification_engine.py +618 -0
  1020. icdev/tools/requirements/complexity_scorer.py +387 -0
  1021. icdev/tools/requirements/consistency_analyzer.py +803 -0
  1022. icdev/tools/requirements/constitution_manager.py +605 -0
  1023. icdev/tools/requirements/decomposition_engine.py +778 -0
  1024. icdev/tools/requirements/document_extractor.py +1016 -0
  1025. icdev/tools/requirements/elicitation_techniques.py +519 -0
  1026. icdev/tools/requirements/gap_detector.py +271 -0
  1027. icdev/tools/requirements/intake_engine.py +2188 -0
  1028. icdev/tools/requirements/prd_generator.py +847 -0
  1029. icdev/tools/requirements/prd_validator.py +595 -0
  1030. icdev/tools/requirements/readiness_scorer.py +313 -0
  1031. icdev/tools/requirements/spec_organizer.py +1029 -0
  1032. icdev/tools/requirements/spec_quality_checker.py +1097 -0
  1033. icdev/tools/requirements/traceability_builder.py +579 -0
  1034. icdev/tools/resilience/__init__.py +34 -0
  1035. icdev/tools/resilience/circuit_breaker.py +340 -0
  1036. icdev/tools/resilience/correlation.py +150 -0
  1037. icdev/tools/resilience/errors.py +81 -0
  1038. icdev/tools/resilience/retry.py +95 -0
  1039. icdev/tools/schemas/__init__.py +27 -0
  1040. icdev/tools/schemas/chat.py +61 -0
  1041. icdev/tools/schemas/compliance.py +56 -0
  1042. icdev/tools/schemas/core.py +85 -0
  1043. icdev/tools/schemas/innovation.py +37 -0
  1044. icdev/tools/schemas/validation.py +109 -0
  1045. icdev/tools/sdk/__init__.py +3 -0
  1046. icdev/tools/sdk/icdev_client.py +218 -0
  1047. icdev/tools/security/__init__.py +1 -0
  1048. icdev/tools/security/agent_output_validator.py +330 -0
  1049. icdev/tools/security/agent_trust_scorer.py +466 -0
  1050. icdev/tools/security/ai_bom_generator.py +725 -0
  1051. icdev/tools/security/ai_telemetry_logger.py +469 -0
  1052. icdev/tools/security/atlas_red_team.py +543 -0
  1053. icdev/tools/security/code_pattern_scanner.py +378 -0
  1054. icdev/tools/security/confabulation_detector.py +271 -0
  1055. icdev/tools/security/container_scanner.py +491 -0
  1056. icdev/tools/security/dependency_auditor.py +944 -0
  1057. icdev/tools/security/endpoint_security_scanner.py +579 -0
  1058. icdev/tools/security/mcp_tool_authorizer.py +243 -0
  1059. icdev/tools/security/prompt_injection_detector.py +737 -0
  1060. icdev/tools/security/sast_runner.py +948 -0
  1061. icdev/tools/security/secret_detector.py +378 -0
  1062. icdev/tools/security/tool_chain_validator.py +357 -0
  1063. icdev/tools/security/vuln_scanner.py +539 -0
  1064. icdev/tools/simulation/__init__.py +2 -0
  1065. icdev/tools/simulation/coa_generator.py +1552 -0
  1066. icdev/tools/simulation/monte_carlo.py +758 -0
  1067. icdev/tools/simulation/scenario_manager.py +1073 -0
  1068. icdev/tools/simulation/simulation_engine.py +1104 -0
  1069. icdev/tools/supply_chain/__init__.py +2 -0
  1070. icdev/tools/supply_chain/cve_triager.py +705 -0
  1071. icdev/tools/supply_chain/dependency_graph.py +645 -0
  1072. icdev/tools/supply_chain/isa_manager.py +540 -0
  1073. icdev/tools/supply_chain/scrm_assessor.py +546 -0
  1074. icdev/tools/testing/__init__.py +2 -0
  1075. icdev/tools/testing/acceptance_validator.py +411 -0
  1076. icdev/tools/testing/claude_dir_validator.py +831 -0
  1077. icdev/tools/testing/data_types.py +199 -0
  1078. icdev/tools/testing/e2e_runner.py +715 -0
  1079. icdev/tools/testing/fuzz_cli.py +306 -0
  1080. icdev/tools/testing/health_check.py +483 -0
  1081. icdev/tools/testing/platform_check.py +143 -0
  1082. icdev/tools/testing/production_audit.py +1862 -0
  1083. icdev/tools/testing/production_remediate.py +804 -0
  1084. icdev/tools/testing/screenshot_validator.py +539 -0
  1085. icdev/tools/testing/smoke_test.py +283 -0
  1086. icdev/tools/testing/test_agent_models.py +117 -0
  1087. icdev/tools/testing/test_orchestrator.py +957 -0
  1088. icdev/tools/testing/utils.py +229 -0
  1089. icdev/tools/translation/__init__.py +17 -0
  1090. icdev/tools/translation/code_translator.py +550 -0
  1091. icdev/tools/translation/dependency_mapper.py +277 -0
  1092. icdev/tools/translation/feature_map.py +395 -0
  1093. icdev/tools/translation/project_assembler.py +439 -0
  1094. icdev/tools/translation/source_extractor.py +609 -0
  1095. icdev/tools/translation/test_translator.py +333 -0
  1096. icdev/tools/translation/translation_manager.py +582 -0
  1097. icdev/tools/translation/translation_validator.py +662 -0
  1098. icdev/tools/translation/type_checker.py +371 -0
  1099. icdev-1.0.0.dist-info/METADATA +868 -0
  1100. icdev-1.0.0.dist-info/RECORD +1105 -0
  1101. icdev-1.0.0.dist-info/WHEEL +5 -0
  1102. icdev-1.0.0.dist-info/entry_points.txt +9 -0
  1103. icdev-1.0.0.dist-info/licenses/LICENSE +254 -0
  1104. icdev-1.0.0.dist-info/licenses/NOTICE +268 -0
  1105. icdev-1.0.0.dist-info/top_level.txt +1 -0
icdev/data/context/compliance/dod_cssp_8530.json ADDED
@@ -0,0 +1,463 @@
1
+ {
2
+ "metadata": {
3
+ "title": "DoD Instruction 8530.01 - Cybersecurity Service Provider (CSSP) Requirements",
4
+ "revision": "2020-07-25 (Change 1)",
5
+ "source": "Department of Defense, Office of the DoD CIO",
6
+ "classification": "CUI // SP-CTI",
7
+ "last_updated": "2026-02-15",
8
+ "description": "CSSP requirements catalog aligned to DoDI 8530.01 Cybersecurity Activities Support to DoD Information Network Operations. Covers the five CSSP functional areas: Identify, Protect, Detect, Respond, and Sustain. Each requirement maps to NIST 800-53 controls and includes automation level for ICDEV integration."
9
+ },
10
+ "requirements": [
11
+ {
12
+ "id": "ID-1",
13
+ "functional_area": "Identify",
14
+ "functional_area_code": "ID",
15
+ "title": "Hardware Asset Inventory",
16
+ "description": "Maintain a current, accurate inventory of all hardware assets connected to the network and within the authorization boundary. The inventory must include device type, serial number, network address, owner, location, and operational status. Hardware assets must be reconciled against authorized baselines at least quarterly.",
17
+ "evidence_required": "Asset inventory database or spreadsheet with hardware details, reconciliation records, and automated discovery scan results.",
18
+ "automation_level": "auto",
19
+ "nist_controls": ["CM-8"],
20
+ "priority": "high"
21
+ },
22
+ {
23
+ "id": "ID-2",
24
+ "functional_area": "Identify",
25
+ "functional_area_code": "ID",
26
+ "title": "Software Asset Inventory",
27
+ "description": "Maintain a current inventory of all software installed or deployed within the system, including version numbers, patch levels, license status, and approval status. Software Bill of Materials (SBOM) must be generated for all custom-developed and deployed applications. Unauthorized software must be identified and removed or documented with a waiver.",
28
+ "evidence_required": "Software Bill of Materials (SBOM), package manifests (requirements.txt, package.json, etc.), software inventory reports, and license compliance records.",
29
+ "automation_level": "auto",
30
+ "nist_controls": ["CM-8"],
31
+ "priority": "high"
32
+ },
33
+ {
34
+ "id": "ID-3",
35
+ "functional_area": "Identify",
36
+ "functional_area_code": "ID",
37
+ "title": "Risk Assessment",
38
+ "description": "Conduct periodic risk assessments identifying threats, vulnerabilities, and potential impacts to the system and its data. Risk assessments must consider insider threats, advanced persistent threats, supply chain risks, and environmental threats. Results must inform the security posture and drive remediation priorities. Assessments must be updated when significant changes occur or at least annually.",
39
+ "evidence_required": "Risk assessment document, threat model file (STRIDE or PASTA methodology), risk register with likelihood and impact ratings, and risk acceptance documentation for residual risks.",
40
+ "automation_level": "semi",
41
+ "nist_controls": ["RA-3", "RA-5"],
42
+ "priority": "critical"
43
+ },
44
+ {
45
+ "id": "ID-4",
46
+ "functional_area": "Identify",
47
+ "functional_area_code": "ID",
48
+ "title": "Data Classification",
49
+ "description": "Classify all data handled, processed, stored, or transmitted by the system according to DoD data classification categories and CUI marking requirements. All artifacts generated by the system must bear appropriate CUI markings including banner markings (top and bottom), portion markings, and designation indicators per DoDI 5200.48 and 32 CFR Part 2002.",
50
+ "evidence_required": "Data classification matrix mapping data types to classification levels, CUI markings present on all generated artifacts, and CUI registry entries for applicable categories.",
51
+ "automation_level": "auto",
52
+ "nist_controls": ["SC-16", "MP-3"],
53
+ "priority": "critical"
54
+ },
55
+ {
56
+ "id": "ID-5",
57
+ "functional_area": "Identify",
58
+ "functional_area_code": "ID",
59
+ "title": "Supply Chain Risk Management",
60
+ "description": "Assess and manage supply chain risks for all third-party components, libraries, and services used within the system. Maintain awareness of known vulnerabilities in dependencies, verify the provenance of software components, and implement controls to mitigate risks from compromised or counterfeit components. Third-party vendor security assessments must be conducted and documented.",
61
+ "evidence_required": "SBOM with vulnerability status for all dependencies, dependency audit reports, vendor security assessment records, and supply chain risk management plan.",
62
+ "automation_level": "semi",
63
+ "nist_controls": ["SA-12", "SR-1", "SR-3"],
64
+ "priority": "high"
65
+ },
66
+ {
67
+ "id": "ID-6",
68
+ "functional_area": "Identify",
69
+ "functional_area_code": "ID",
70
+ "title": "System Boundary Definition",
71
+ "description": "Define and document the authorization boundary for the system, including all components, interconnections, data flows, and external interfaces. The boundary documentation must clearly delineate what is within scope for authorization and what is inherited from or connected to external systems. Boundary definitions must be reviewed and updated when system architecture changes.",
72
+ "evidence_required": "System architecture diagram, authorization boundary documentation, interconnection security agreements (ISAs), memoranda of understanding (MOUs), and data flow diagrams.",
73
+ "automation_level": "manual",
74
+ "nist_controls": ["CA-3", "PL-2"],
75
+ "priority": "critical"
76
+ },
77
+ {
78
+ "id": "ID-7",
79
+ "functional_area": "Identify",
80
+ "functional_area_code": "ID",
81
+ "title": "Threat Intelligence Integration",
82
+ "description": "Consume and act on relevant threat intelligence feeds including DISA STIGS, US-CERT advisories, CVE databases, and DoD-specific threat indicators. Threat intelligence must be integrated into monitoring, detection, and response processes. Indicators of compromise (IOCs) must be operationalized within detection systems in a timely manner.",
83
+ "evidence_required": "Threat intelligence feed configuration, indicator of compromise (IOC) processing logs, threat intel integration with SIEM/IDS, and documentation of actions taken based on threat intel.",
84
+ "automation_level": "semi",
85
+ "nist_controls": ["PM-16", "RA-3"],
86
+ "priority": "medium"
87
+ },
88
+ {
89
+ "id": "PR-1",
90
+ "functional_area": "Protect",
91
+ "functional_area_code": "PR",
92
+ "title": "PKI/CAC Authentication",
93
+ "description": "Implement DoD Public Key Infrastructure (PKI) and Common Access Card (CAC) based authentication for all user access to the system. Multi-factor authentication using CAC certificates must be enforced for privileged and non-privileged users. Authentication mechanisms must validate certificate chains against the DoD certificate authority hierarchy and check certificate revocation status via OCSP or CRL.",
94
+ "evidence_required": "CAC authentication module configuration, PKI certificate validation settings, OCSP/CRL configuration, authentication flow documentation, and test results demonstrating CAC-based login.",
95
+ "automation_level": "auto",
96
+ "nist_controls": ["IA-2", "IA-5", "IA-8"],
97
+ "priority": "critical"
98
+ },
99
+ {
100
+ "id": "PR-2",
101
+ "functional_area": "Protect",
102
+ "functional_area_code": "PR",
103
+ "title": "Encryption at Rest",
104
+ "description": "Encrypt all CUI data at rest using FIPS 140-2 or FIPS 140-3 validated cryptographic modules. Encryption must cover databases, file systems, backups, and any persistent storage containing CUI. Key management procedures must ensure keys are protected, rotated on schedule, and recoverable through authorized means.",
105
+ "evidence_required": "Encryption configuration for databases and file systems, FIPS 140-2/3 validation certificate numbers, key management documentation, and key rotation logs.",
106
+ "automation_level": "auto",
107
+ "nist_controls": ["SC-28", "SC-13"],
108
+ "priority": "critical"
109
+ },
110
+ {
111
+ "id": "PR-3",
112
+ "functional_area": "Protect",
113
+ "functional_area_code": "PR",
114
+ "title": "Encryption in Transit",
115
+ "description": "Encrypt all data in transit using TLS 1.2 or higher with FIPS-approved cipher suites. All internal service-to-service communication must use mutual TLS (mTLS) within the Kubernetes cluster. External-facing endpoints must present valid certificates from a DoD-approved certificate authority. Weak cipher suites and protocols (SSLv3, TLS 1.0, TLS 1.1) must be explicitly disabled.",
116
+ "evidence_required": "TLS configuration files, certificate management documentation, cipher suite configuration, mTLS settings for inter-service communication, and TLS scan results showing compliance.",
117
+ "automation_level": "auto",
118
+ "nist_controls": ["SC-8", "SC-13", "SC-23"],
119
+ "priority": "critical"
120
+ },
121
+ {
122
+ "id": "PR-4",
123
+ "functional_area": "Protect",
124
+ "functional_area_code": "PR",
125
+ "title": "Endpoint Protection",
126
+ "description": "Deploy and maintain Host-Based Security System (HBSS) or equivalent endpoint protection on all hosts and endpoints. Endpoint protection must include antivirus, host-based intrusion detection, application whitelisting, and device control. Agents must be configured to receive automatic signature updates and report to a centralized management console.",
127
+ "evidence_required": "HBSS or endpoint protection agent configuration, agent deployment status across all hosts, signature update schedule, and centralized management console access logs.",
128
+ "automation_level": "semi",
129
+ "nist_controls": ["SI-3", "SI-4"],
130
+ "priority": "high"
131
+ },
132
+ {
133
+ "id": "PR-5",
134
+ "functional_area": "Protect",
135
+ "functional_area_code": "PR",
136
+ "title": "Network Segmentation",
137
+ "description": "Implement network segmentation with firewall rules and network policies restricting traffic to the minimum necessary for operational requirements. Kubernetes NetworkPolicies must enforce default-deny ingress and egress, with explicit allow rules for authorized traffic flows only. DMZ architectures must separate publicly accessible components from internal networks.",
138
+ "evidence_required": "Network architecture diagram, firewall rule sets, Kubernetes NetworkPolicy manifests, traffic flow documentation, and network segmentation test results.",
139
+ "automation_level": "auto",
140
+ "nist_controls": ["SC-7", "AC-4"],
141
+ "priority": "critical"
142
+ },
143
+ {
144
+ "id": "PR-6",
145
+ "functional_area": "Protect",
146
+ "functional_area_code": "PR",
147
+ "title": "Configuration Baselines",
148
+ "description": "Establish and maintain secure configuration baselines for all system components based on applicable DISA STIGs, SRGs, and vendor hardening guides. Container images must be built from STIG-hardened base images with minimal packages, non-root execution, read-only root filesystems, and dropped capabilities. Configuration drift from baselines must be detected and remediated.",
149
+ "evidence_required": "STIG checklist results (CKL files), baseline configuration documentation, STIG-hardened Dockerfile contents, configuration drift detection reports, and remediation records.",
150
+ "automation_level": "auto",
151
+ "nist_controls": ["CM-2", "CM-6", "CM-7"],
152
+ "priority": "high"
153
+ },
154
+ {
155
+ "id": "PR-7",
156
+ "functional_area": "Protect",
157
+ "functional_area_code": "PR",
158
+ "title": "Patch Management",
159
+ "description": "Maintain a formal patch management program with defined SLAs for patch application based on severity. Critical patches must be applied within 72 hours, high within 30 days, and moderate within 90 days. Patch status must be tracked and reported. Emergency patches must have an expedited process. All patches must be tested before deployment to production.",
160
+ "evidence_required": "Patch management policy document, patch status reports showing SLA compliance, patch testing records, and automated dependency version checking results.",
161
+ "automation_level": "semi",
162
+ "nist_controls": ["SI-2", "CM-3"],
163
+ "priority": "high"
164
+ },
165
+ {
166
+ "id": "PR-8",
167
+ "functional_area": "Protect",
168
+ "functional_area_code": "PR",
169
+ "title": "Access Control / Least Privilege",
170
+ "description": "Implement role-based access control (RBAC) enforcing the principle of least privilege across all system components. Users and service accounts must be granted only the minimum permissions required to perform their assigned duties. Privileged access must be tightly controlled with additional authentication requirements. Access reviews must be conducted at least quarterly to remove unnecessary permissions.",
171
+ "evidence_required": "RBAC configuration files, access control matrix documenting roles and permissions, Kubernetes RBAC manifests, access review records, and privileged access audit logs.",
172
+ "automation_level": "auto",
173
+ "nist_controls": ["AC-2", "AC-3", "AC-6"],
174
+ "priority": "high"
175
+ },
176
+ {
177
+ "id": "PR-9",
178
+ "functional_area": "Protect",
179
+ "functional_area_code": "PR",
180
+ "title": "Security Awareness Training",
181
+ "description": "Ensure all personnel with access to the system complete initial and annual security awareness training covering CUI handling, phishing awareness, insider threat indicators, incident reporting procedures, and acceptable use policies. Role-based training must be provided for personnel with specialized security responsibilities including system administrators, developers, and security analysts.",
182
+ "evidence_required": "Training completion records for all personnel, training curriculum documentation, role-based training materials, and annual training compliance reports.",
183
+ "automation_level": "manual",
184
+ "nist_controls": ["AT-2", "AT-3"],
185
+ "priority": "medium"
186
+ },
187
+ {
188
+ "id": "PR-10",
189
+ "functional_area": "Protect",
190
+ "functional_area_code": "PR",
191
+ "title": "Physical Security",
192
+ "description": "Implement physical security controls for data centers, server rooms, and equipment housing system components. Physical access must be restricted to authorized personnel using multi-factor authentication (badge + PIN). Visitor access must be escorted and logged. Physical security monitoring including CCTV and intrusion detection must be operational and monitored.",
193
+ "evidence_required": "Physical security plan, physical access control system logs, visitor access logs, CCTV monitoring documentation, and physical security assessment reports.",
194
+ "automation_level": "manual",
195
+ "nist_controls": ["PE-2", "PE-3", "PE-6"],
196
+ "priority": "medium"
197
+ },
198
+ {
199
+ "id": "DE-1",
200
+ "functional_area": "Detect",
201
+ "functional_area_code": "DE",
202
+ "title": "Continuous Monitoring Strategy",
203
+ "description": "Implement and maintain a comprehensive continuous monitoring (ConMon) strategy that defines monitoring objectives, metrics, frequencies, and responsible parties. The strategy must cover security control effectiveness, vulnerability management, threat detection, and compliance status. Monitoring data must be aggregated into dashboards providing real-time security posture visibility to authorized stakeholders.",
204
+ "evidence_required": "Continuous monitoring plan document, monitoring metrics definitions, monitoring dashboard configuration, and periodic ConMon status reports.",
205
+ "automation_level": "semi",
206
+ "nist_controls": ["CA-7", "SI-4"],
207
+ "priority": "critical"
208
+ },
209
+ {
210
+ "id": "DE-2",
211
+ "functional_area": "Detect",
212
+ "functional_area_code": "DE",
213
+ "title": "SIEM Log Forwarding",
214
+ "description": "Forward all security-relevant logs to the CSSP Security Information and Event Management (SIEM) system (Splunk or ELK stack). Log sources must include operating system events, application logs, authentication events, network traffic logs, firewall logs, IDS/IPS alerts, and audit trail records. Log forwarding must be configured with guaranteed delivery and tamper-evident mechanisms.",
215
+ "evidence_required": "SIEM forwarding configuration (Splunk forwarder, Filebeat, or equivalent), log source inventory mapping all sources to SIEM inputs, log delivery verification records, and SIEM ingestion dashboards.",
216
+ "automation_level": "auto",
217
+ "nist_controls": ["AU-6", "SI-4"],
218
+ "priority": "critical"
219
+ },
220
+ {
221
+ "id": "DE-3",
222
+ "functional_area": "Detect",
223
+ "functional_area_code": "DE",
224
+ "title": "Audit Log Generation",
225
+ "description": "Generate comprehensive audit logs for all security-relevant events including authentication attempts (success and failure), authorization decisions, data access, configuration changes, administrative actions, and system errors. Audit logs must include timestamp, source, actor, action, target, and outcome fields. Audit logs must be append-only and immutable to satisfy NIST AU controls.",
226
+ "evidence_required": "Logging configuration showing event types captured, sample audit log entries demonstrating required fields, append-only audit trail implementation, and log integrity verification mechanisms.",
227
+ "automation_level": "auto",
228
+ "nist_controls": ["AU-2", "AU-3", "AU-12"],
229
+ "priority": "critical"
230
+ },
231
+ {
232
+ "id": "DE-4",
233
+ "functional_area": "Detect",
234
+ "functional_area_code": "DE",
235
+ "title": "Anomaly Detection",
236
+ "description": "Implement automated anomaly detection capabilities for identifying unusual or suspicious security events. Detection mechanisms must cover abnormal login patterns, unusual data access volumes, unexpected network traffic, privilege escalation attempts, and deviations from established behavioral baselines. Alert thresholds must be tuned to minimize false positives while maintaining detection effectiveness.",
237
+ "evidence_required": "Anomaly detection rule configuration, alert threshold settings, behavioral baseline documentation, false positive rate metrics, and sample alert notifications.",
238
+ "automation_level": "semi",
239
+ "nist_controls": ["SI-4", "IR-4"],
240
+ "priority": "high"
241
+ },
242
+ {
243
+ "id": "DE-5",
244
+ "functional_area": "Detect",
245
+ "functional_area_code": "DE",
246
+ "title": "Intrusion Detection/Prevention",
247
+ "description": "Deploy network-based and host-based intrusion detection and prevention systems (IDS/IPS) at key network boundaries and on critical hosts. Detection signatures and rules must be updated regularly. IDS/IPS must be configured to detect known attack patterns, protocol anomalies, and policy violations. Alerts must be forwarded to the SIEM for correlation and analysis.",
248
+ "evidence_required": "IDS/IPS deployment architecture, detection rule configuration, signature update schedule, alert forwarding configuration to SIEM, and detection effectiveness metrics.",
249
+ "automation_level": "semi",
250
+ "nist_controls": ["SI-4", "SC-7"],
251
+ "priority": "high"
252
+ },
253
+ {
254
+ "id": "DE-6",
255
+ "functional_area": "Detect",
256
+ "functional_area_code": "DE",
257
+ "title": "Security Event Correlation",
258
+ "description": "Correlate security events across multiple sources including network logs, host logs, application logs, authentication systems, and threat intelligence to identify complex attack patterns and multi-stage intrusions. Correlation rules must be defined for common attack scenarios and updated based on emerging threats and lessons learned from incidents.",
259
+ "evidence_required": "SIEM correlation rule definitions, cross-source event correlation examples, alert correlation dashboard configuration, and correlation rule update records.",
260
+ "automation_level": "semi",
261
+ "nist_controls": ["AU-6", "SI-4"],
262
+ "priority": "high"
263
+ },
264
+ {
265
+ "id": "DE-7",
266
+ "functional_area": "Detect",
267
+ "functional_area_code": "DE",
268
+ "title": "Vulnerability Scanning",
269
+ "description": "Conduct regular vulnerability scanning of all system components per a defined schedule. Scanning must include infrastructure vulnerability scans, web application scans (DAST), static application security testing (SAST), and dependency/container image scanning. Scan results must be triaged, prioritized, and tracked through remediation. Credentialed scans must be performed for comprehensive coverage.",
270
+ "evidence_required": "Vulnerability scan schedule documentation, scan reports (SAST, DAST, infrastructure), scan result triage and remediation tracking records, and scan coverage metrics.",
271
+ "automation_level": "auto",
272
+ "nist_controls": ["RA-5", "SI-2"],
273
+ "priority": "critical"
274
+ },
275
+ {
276
+ "id": "DE-8",
277
+ "functional_area": "Detect",
278
+ "functional_area_code": "DE",
279
+ "title": "Malware Detection",
280
+ "description": "Implement malware detection capabilities across all endpoints, servers, and network entry points. Detection mechanisms must include signature-based and heuristic/behavioral analysis. Container images must be scanned for malware before deployment. Email and web gateways must include malware scanning. Detection signatures must be updated at least daily.",
281
+ "evidence_required": "Antivirus/antimalware configuration across all endpoints, container image scanning configuration, gateway malware scanning settings, signature update verification records, and malware detection incident logs.",
282
+ "automation_level": "semi",
283
+ "nist_controls": ["SI-3"],
284
+ "priority": "high"
285
+ },
286
+ {
287
+ "id": "RS-1",
288
+ "functional_area": "Respond",
289
+ "functional_area_code": "RS",
290
+ "title": "Incident Response Plan",
291
+ "description": "Maintain a documented incident response plan that defines incident categories, severity levels, roles and responsibilities, escalation procedures, communication protocols, and coordination with external entities including the CSSP SOC and US-CERT. The plan must be reviewed and updated at least annually and after each significant incident. All IR team members must be trained on the plan.",
292
+ "evidence_required": "Incident response plan document with review dates, IR team roster with roles and contact information, plan distribution records, and annual review/update evidence.",
293
+ "automation_level": "auto",
294
+ "nist_controls": ["IR-1", "IR-8"],
295
+ "priority": "critical"
296
+ },
297
+ {
298
+ "id": "RS-2",
299
+ "functional_area": "Respond",
300
+ "functional_area_code": "RS",
301
+ "title": "SOC Coordination",
302
+ "description": "Establish and maintain procedures for coordination with the CSSP Security Operations Center (SOC) during security incidents. Coordination procedures must include primary and alternate communication channels, escalation criteria, information sharing protocols, and joint response procedures. Regular coordination exercises must be conducted to validate procedures.",
303
+ "evidence_required": "SOC contact matrix with primary and alternate contacts, escalation procedure documentation, communication channel configuration, and coordination exercise records.",
304
+ "automation_level": "manual",
305
+ "nist_controls": ["IR-6", "IR-7"],
306
+ "priority": "critical"
307
+ },
308
+ {
309
+ "id": "RS-3",
310
+ "functional_area": "Respond",
311
+ "functional_area_code": "RS",
312
+ "title": "Incident Reporting Timelines",
313
+ "description": "Meet mandatory incident reporting timelines as defined by DoD policy: critical incidents must be reported within 1 hour, high-severity incidents within 24 hours, and moderate incidents within 72 hours. Reports must be submitted to the CSSP SOC and appropriate authorities using approved reporting formats. Automated alerting must be configured to ensure timeline compliance.",
314
+ "evidence_required": "Incident reports with timestamps demonstrating timeline compliance, automated alerting configuration for reporting deadlines, reporting timeline compliance metrics, and escalation records for missed timelines.",
315
+ "automation_level": "semi",
316
+ "nist_controls": ["IR-6"],
317
+ "priority": "critical"
318
+ },
319
+ {
320
+ "id": "RS-4",
321
+ "functional_area": "Respond",
322
+ "functional_area_code": "RS",
323
+ "title": "Containment Procedures",
324
+ "description": "Document and test containment procedures for each category of security incident including malware outbreak, unauthorized access, data exfiltration, denial of service, and insider threat. Containment procedures must include both short-term (immediate isolation) and long-term (sustained containment) actions. Procedures must be tested through tabletop exercises or simulations at least annually.",
325
+ "evidence_required": "Containment playbooks for each incident category, containment procedure test results, tabletop exercise records, and lessons learned from containment actions.",
326
+ "automation_level": "manual",
327
+ "nist_controls": ["IR-4"],
328
+ "priority": "high"
329
+ },
330
+ {
331
+ "id": "RS-5",
332
+ "functional_area": "Respond",
333
+ "functional_area_code": "RS",
334
+ "title": "Evidence Preservation",
335
+ "description": "Implement forensic evidence preservation procedures ensuring that digital evidence is collected, handled, and stored in a manner that maintains its integrity and admissibility. Chain of custody must be maintained for all evidence. Evidence preservation procedures must comply with DoD forensic standards and be coordinated with law enforcement and counterintelligence as appropriate.",
336
+ "evidence_required": "Evidence handling standard operating procedures, chain of custody form templates, forensic tool inventory, evidence storage configuration, and evidence preservation training records.",
337
+ "automation_level": "manual",
338
+ "nist_controls": ["IR-4", "AU-9"],
339
+ "priority": "high"
340
+ },
341
+ {
342
+ "id": "RS-6",
343
+ "functional_area": "Respond",
344
+ "functional_area_code": "RS",
345
+ "title": "Eradication and Recovery",
346
+ "description": "Document eradication and recovery procedures for restoring systems to a known-good state after security incidents. Procedures must include malware removal, vulnerability remediation, system rebuild from trusted media, data restoration from verified backups, and validation testing before returning systems to production. Recovery time objectives (RTOs) must be defined for each system criticality level.",
347
+ "evidence_required": "Recovery playbooks for each incident category, backup verification records, system rebuild procedures, recovery test results, and RTO compliance documentation.",
348
+ "automation_level": "semi",
349
+ "nist_controls": ["IR-4", "CP-10"],
350
+ "priority": "high"
351
+ },
352
+ {
353
+ "id": "RS-7",
354
+ "functional_area": "Respond",
355
+ "functional_area_code": "RS",
356
+ "title": "Lessons Learned",
357
+ "description": "Conduct post-incident lessons learned reviews after each significant security incident. Reviews must identify what worked well, what needs improvement, and specific actions to prevent recurrence. Findings must be fed back into incident response plans, detection rules, security controls, and training programs. A lessons learned repository must be maintained for knowledge sharing.",
358
+ "evidence_required": "Lessons learned reports for each significant incident, action item tracking from reviews, evidence of control updates based on findings, and lessons learned repository.",
359
+ "automation_level": "manual",
360
+ "nist_controls": ["IR-4"],
361
+ "priority": "medium"
362
+ },
363
+ {
364
+ "id": "RS-8",
365
+ "functional_area": "Respond",
366
+ "functional_area_code": "RS",
367
+ "title": "Incident Communication",
368
+ "description": "Establish a communication plan for incident notification to all relevant stakeholders including system owners, data owners, affected users, CSSP SOC, chain of command, legal counsel, and public affairs as appropriate. Communication templates must be pre-approved for common incident types to expedite notifications. Communication channels must include both primary and backup methods.",
369
+ "evidence_required": "Incident communication plan, stakeholder notification matrix, pre-approved communication templates, communication channel documentation, and notification log records.",
370
+ "automation_level": "manual",
371
+ "nist_controls": ["IR-6", "IR-7"],
372
+ "priority": "high"
373
+ },
374
+ {
375
+ "id": "SU-1",
376
+ "functional_area": "Sustain",
377
+ "functional_area_code": "SU",
378
+ "title": "Vulnerability Management Program",
379
+ "description": "Maintain a formal vulnerability management program with defined processes for vulnerability identification, assessment, prioritization, remediation, and verification. Remediation SLAs must be enforced: critical vulnerabilities within 72 hours, high within 30 days, moderate within 90 days, and low within 180 days. Vulnerability metrics must be tracked and reported to leadership monthly.",
380
+ "evidence_required": "Vulnerability management policy document, remediation SLA definitions and compliance metrics, monthly vulnerability status reports, and vulnerability trending analysis.",
381
+ "automation_level": "semi",
382
+ "nist_controls": ["RA-5", "SI-2"],
383
+ "priority": "critical"
384
+ },
385
+ {
386
+ "id": "SU-2",
387
+ "functional_area": "Sustain",
388
+ "functional_area_code": "SU",
389
+ "title": "Patch Cadence Compliance",
390
+ "description": "Meet defined patching SLAs for all system components: critical patches applied within 72 hours, high-severity patches within 30 days, and moderate patches within 90 days. Patch compliance must be measured and reported. Exceptions must be documented with risk acceptance and compensating controls. Automated patch management tools must be used where feasible.",
391
+ "evidence_required": "Patch status reports showing SLA compliance percentages, automated dependency version checking results, patch exception documentation with risk acceptance, and patch deployment verification records.",
392
+ "automation_level": "semi",
393
+ "nist_controls": ["SI-2", "CM-3"],
394
+ "priority": "high"
395
+ },
396
+ {
397
+ "id": "SU-3",
398
+ "functional_area": "Sustain",
399
+ "functional_area_code": "SU",
400
+ "title": "Configuration Management",
401
+ "description": "Maintain a configuration management program with formal change control processes. All changes must be documented, reviewed, approved, tested, and tracked. Infrastructure as Code (IaC) must be used for reproducible deployments. Configuration baselines must be maintained and configuration drift detected and remediated. Change records must include rollback procedures.",
402
+ "evidence_required": "Configuration management plan, change control records, Infrastructure as Code repositories (Terraform, Ansible), configuration drift detection reports, and rollback procedure documentation.",
403
+ "automation_level": "auto",
404
+ "nist_controls": ["CM-1", "CM-2", "CM-3"],
405
+ "priority": "high"
406
+ },
407
+ {
408
+ "id": "SU-4",
409
+ "functional_area": "Sustain",
410
+ "functional_area_code": "SU",
411
+ "title": "Business Continuity/DR Plan",
412
+ "description": "Maintain and regularly test business continuity and disaster recovery plans ensuring the system can be recovered within defined recovery time objectives (RTO) and recovery point objectives (RPO). Plans must address multiple failure scenarios including single component failure, site failure, and regional disaster. DR tests must be conducted at least annually with results documented.",
413
+ "evidence_required": "Business continuity plan (BCP), disaster recovery plan (DRP), RTO/RPO definitions for each system component, DR test results and after-action reports, and plan update records.",
414
+ "automation_level": "manual",
415
+ "nist_controls": ["CP-1", "CP-2", "CP-4"],
416
+ "priority": "high"
417
+ },
418
+ {
419
+ "id": "SU-5",
420
+ "functional_area": "Sustain",
421
+ "functional_area_code": "SU",
422
+ "title": "Security Assessment Schedule",
423
+ "description": "Maintain a schedule for periodic security assessments including annual security control assessments, penetration testing, red team exercises, and compliance audits. Assessment findings must be tracked through resolution via Plan of Action and Milestones (POA&M). Assessment results must inform continuous monitoring and risk management decisions.",
424
+ "evidence_required": "Security assessment schedule with planned and completed dates, assessment reports, penetration test results, POA&M tracking for findings, and assessment closure verification records.",
425
+ "automation_level": "semi",
426
+ "nist_controls": ["CA-2", "CA-5"],
427
+ "priority": "high"
428
+ },
429
+ {
430
+ "id": "SU-6",
431
+ "functional_area": "Sustain",
432
+ "functional_area_code": "SU",
433
+ "title": "Authorization Maintenance",
434
+ "description": "Maintain system authorization (Authority to Operate - ATO) currency through continuous monitoring, ongoing authorization activities, and timely reauthorization. The ATO package must be kept current including System Security Plan (SSP), POA&M, security assessment report, and continuous monitoring reports. Significant changes must trigger reauthorization assessment.",
435
+ "evidence_required": "Current ATO letter with expiration date, up-to-date SSP, active POA&M with remediation progress, continuous monitoring reports, and significant change assessment records.",
436
+ "automation_level": "semi",
437
+ "nist_controls": ["CA-6", "CA-7"],
438
+ "priority": "critical"
439
+ },
440
+ {
441
+ "id": "SU-7",
442
+ "functional_area": "Sustain",
443
+ "functional_area_code": "SU",
444
+ "title": "Key Management",
445
+ "description": "Implement and maintain a cryptographic key management program covering the full key lifecycle: generation, distribution, storage, rotation, revocation, and destruction. Keys must be generated using FIPS-approved methods and stored in hardware security modules (HSMs) or equivalent secure storage. Key rotation must occur on defined schedules and immediately upon suspected compromise.",
446
+ "evidence_required": "Key management plan document, key inventory with rotation schedules, key rotation execution logs, HSM or secure key storage configuration, and key destruction records.",
447
+ "automation_level": "semi",
448
+ "nist_controls": ["SC-12", "SC-13"],
449
+ "priority": "high"
450
+ },
451
+ {
452
+ "id": "SU-8",
453
+ "functional_area": "Sustain",
454
+ "functional_area_code": "SU",
455
+ "title": "Backup and Recovery",
456
+ "description": "Implement regular backup procedures for all critical system data, configurations, and code with defined backup schedules based on data criticality. Backups must be encrypted, stored in geographically separate locations, and tested for recoverability at least quarterly. Recovery procedures must be documented and recovery tests must verify that data can be restored within defined RPO targets.",
457
+ "evidence_required": "Backup schedule documentation, backup encryption configuration, backup storage location documentation, recovery test results with RPO compliance verification, and backup monitoring/alerting configuration.",
458
+ "automation_level": "semi",
459
+ "nist_controls": ["CP-9", "CP-10"],
460
+ "priority": "high"
461
+ }
462
+ ]
463
+ }
icdev/data/context/compliance/eu_ai_act_annex_iii.json ADDED
@@ -0,0 +1,108 @@
1
+ {
2
+ "framework_id": "eu_ai_act",
3
+ "framework_name": "EU Artificial Intelligence Act (Regulation 2024/1689)",
4
+ "version": "2024",
5
+ "description": "EU AI Act risk classification and requirements for AI systems placed on the EU market.",
6
+ "requirements": [
7
+ {
8
+ "id": "EUAI-01",
9
+ "title": "Risk Classification",
10
+ "family": "classification",
11
+ "description": "AI system must be classified into risk categories: unacceptable, high-risk, limited, or minimal risk.",
12
+ "nist_800_53_crosswalk": ["RA-2", "RA-3"]
13
+ },
14
+ {
15
+ "id": "EUAI-02",
16
+ "title": "Data Governance",
17
+ "family": "data_governance",
18
+ "description": "High-risk AI systems must use training, validation, and testing data sets subject to appropriate data governance practices.",
19
+ "nist_800_53_crosswalk": ["SA-3", "SI-12"]
20
+ },
21
+ {
22
+ "id": "EUAI-03",
23
+ "title": "Technical Documentation",
24
+ "family": "documentation",
25
+ "description": "Technical documentation must be drawn up and kept up to date before the AI system is placed on the market.",
26
+ "nist_800_53_crosswalk": ["SA-5", "PL-2"]
27
+ },
28
+ {
29
+ "id": "EUAI-04",
30
+ "title": "Record-Keeping",
31
+ "family": "logging",
32
+ "description": "High-risk AI systems must allow for automatic recording of events (logging) throughout the AI system lifecycle.",
33
+ "nist_800_53_crosswalk": ["AU-2", "AU-3", "AU-6"]
34
+ },
35
+ {
36
+ "id": "EUAI-05",
37
+ "title": "Transparency",
38
+ "family": "transparency",
39
+ "description": "High-risk AI systems must be designed to ensure appropriate transparency to deployers.",
40
+ "nist_800_53_crosswalk": ["PL-4", "AT-2"]
41
+ },
42
+ {
43
+ "id": "EUAI-06",
44
+ "title": "Human Oversight",
45
+ "family": "oversight",
46
+ "description": "High-risk AI systems must be designed to allow effective human oversight during use.",
47
+ "nist_800_53_crosswalk": ["CA-7", "SI-4"]
48
+ },
49
+ {
50
+ "id": "EUAI-07",
51
+ "title": "Accuracy, Robustness, Cybersecurity",
52
+ "family": "technical",
53
+ "description": "High-risk AI systems must achieve appropriate levels of accuracy, robustness, and cybersecurity.",
54
+ "nist_800_53_crosswalk": ["SA-11", "SI-2", "SC-7"]
55
+ },
56
+ {
57
+ "id": "EUAI-08",
58
+ "title": "Risk Management System",
59
+ "family": "risk_management",
60
+ "description": "A risk management system must be established, implemented, documented and maintained for high-risk AI systems.",
61
+ "nist_800_53_crosswalk": ["RA-1", "RA-2", "PM-9"]
62
+ },
63
+ {
64
+ "id": "EUAI-09",
65
+ "title": "Conformity Assessment",
66
+ "family": "conformity",
67
+ "description": "High-risk AI systems must undergo conformity assessment before being placed on the market.",
68
+ "nist_800_53_crosswalk": ["CA-2", "CA-6"]
69
+ },
70
+ {
71
+ "id": "EUAI-10",
72
+ "title": "Post-Market Monitoring",
73
+ "family": "monitoring",
74
+ "description": "Providers must establish a post-market monitoring system proportionate to the risk level.",
75
+ "nist_800_53_crosswalk": ["CA-7", "SI-4", "PM-14"]
76
+ },
77
+ {
78
+ "id": "EUAI-11",
79
+ "title": "Incident Reporting",
80
+ "family": "incident",
81
+ "description": "Providers of high-risk AI systems must report serious incidents and malfunctions to market surveillance authorities.",
82
+ "nist_800_53_crosswalk": ["IR-6", "SI-5"]
83
+ },
84
+ {
85
+ "id": "EUAI-12",
86
+ "title": "Fundamental Rights Impact Assessment",
87
+ "family": "rights",
88
+ "description": "Deployers of high-risk AI systems must perform a fundamental rights impact assessment before deployment.",
89
+ "nist_800_53_crosswalk": ["RA-5", "PM-9"]
90
+ }
91
+ ],
92
+ "annex_iii_categories": [
93
+ {"id": "AX3-1", "title": "Biometric identification and categorisation of natural persons"},
94
+ {"id": "AX3-2", "title": "Management and operation of critical infrastructure"},
95
+ {"id": "AX3-3", "title": "Education and vocational training"},
96
+ {"id": "AX3-4", "title": "Employment, workers management and access to self-employment"},
97
+ {"id": "AX3-5", "title": "Access to essential private and public services"},
98
+ {"id": "AX3-6", "title": "Law enforcement"},
99
+ {"id": "AX3-7", "title": "Migration, asylum and border control management"},
100
+ {"id": "AX3-8", "title": "Administration of justice and democratic processes"}
101
+ ],
102
+ "risk_levels": [
103
+ {"level": "unacceptable", "description": "Banned AI practices (social scoring, real-time biometric identification)"},
104
+ {"level": "high_risk", "description": "AI systems in Annex III areas requiring full compliance"},
105
+ {"level": "limited_risk", "description": "AI systems with transparency obligations (chatbots, deepfakes)"},
106
+ {"level": "minimal_risk", "description": "AI systems with no specific requirements (spam filters, games)"}
107
+ ]
108
+ }
icdev/data/context/compliance/export_templates/__init__.py ADDED
@@ -0,0 +1 @@
1
+ # Package marker for PyPI distribution
icdev/data/context/compliance/export_templates/emass_controls.csv.j2 ADDED
@@ -0,0 +1,4 @@
1
+ Control Number,Control Name,Implementation Status,Implementation Description,Responsible Role,Assessment Date
2
+ {% for ctrl in controls %}
3
+ "{{ ctrl.control_id }}","{{ ctrl.control_name }}","{{ ctrl.status }}","{{ ctrl.description }}","{{ ctrl.responsible_role }}","{{ ctrl.assessment_date }}"
4
+ {% endfor %}
icdev/data/context/compliance/export_templates/evidence_package.md.j2 ADDED
@@ -0,0 +1,39 @@
1
+ <!-- [TEMPLATE: CUI // SP-CTI] -->
2
+ # {{ framework_name }} — Evidence Package
3
+
4
+ **Project:** {{ project_id }}
5
+ **Assessment Date:** {{ assessment_date }}
6
+ **Classification:** CUI // SP-CTI
7
+
8
+ ---
9
+
10
+ ## Assessment Evidence
11
+
12
+ {% for result in results %}
13
+ ### {{ result.requirement_id }} — {{ result.title | default("Untitled") }}
14
+
15
+ - **Status:** {{ result.status }}
16
+ - **Category:** {{ result.category | default("General") }}
17
+ {% if result.implementation_detail %}
18
+ - **Implementation:** {{ result.implementation_detail }}
19
+ {% endif %}
20
+ {% if result.evidence %}
21
+ - **Evidence:** {{ result.evidence }}
22
+ {% endif %}
23
+ {% if result.last_assessed %}
24
+ - **Last Assessed:** {{ result.last_assessed }}
25
+ {% endif %}
26
+
27
+ {% endfor %}
28
+
29
+ ---
30
+
31
+ ## Summary Statistics
32
+
33
+ - **Total Assessed:** {{ total_requirements }}
34
+ - **Coverage:** {{ coverage_pct }}%
35
+ - **Gate Status:** {{ gate_status }}
36
+
37
+ ---
38
+
39
+ *Generated by ICDEV Compliance Exporter — CUI // SP-CTI*