UNPKG

@dtifx/audit

Version:

Policy-driven governance engine with audit runners, evidence capture, and actionable compliance reports.

dtifx.lapidist.net/audit

bylapidist/dtifx

80 lines (58 loc) 2.24 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<!-- markdownlint-disable MD041 --> <!-- markdownlint-disable MD033 --> <div align="left"> <a href="https://dtifx.lapidist.net/audit/" target="_blank" rel="noopener"> <img src="logo.svg" alt="DTIFx Audit logomark" width="72" height="72" /> </a> </div> <h1>@dtifx/audit</h1> <!-- markdownlint-enable MD033 --> <!-- markdownlint-enable MD041 --> ## Overview `@dtifx/audit` is the governance engine for the DTIFx Toolkit. It evaluates policy manifests against resolved DTIF tokens, surfaces structured violations, and integrates with the shared CLI for repeatable compliance checks. ## Installation ```bash pnpm add -D @dtifx/cli @dtifx/audit # or npm install --save-dev @dtifx/cli @dtifx/audit ``` The package supports Node.js 22 or later. Pair it with `@dtifx/build` when policies need to inspect resolved artefacts from the build pipeline. ## Usage ### Command line ```bash pnpm exec dtifx audit run --config ./dtifx.config.mjs pnpm exec dtifx audit run --reporter markdown --reporter json pnpm exec dtifx audit run --json-logs --telemetry stdout ``` Manifest configuration defines policy registries, reporter plans, and telemetry exporters. The `stdout` telemetry exporter streams runtime metrics to standard output for local inspection or CLI composition. See the [Audit governance guide](../../docs/guides/audit-governance.md) for a complete walkthrough. ### Node.js API ```ts import { createAuditRuntime, createPolicyConfiguration } from '@dtifx/audit'; const configuration = createPolicyConfiguration({ policies: [ /* policy factories */ ], reporters: [ /* reporter entries */ ], }); const runtime = createAuditRuntime({ configuration }); const report = await runtime.run(); console.log(report.summary.totalFindings); ``` The runtime emits structured diagnostics, making it straightforward to plug results into logging or observability pipelines. ## Examples - [Audit governance guide](../../docs/guides/audit-governance.md) - [Quickstart](../../docs/guides/getting-started.md) ## Further reading - [Audit configuration reference](https://dtifx.lapidist.net/reference/audit-config) - [Audit runtime reference](https://dtifx.lapidist.net/reference/audit-runtime) ## License [MIT](LICENSE)