@sethdouglasford/claude-flow
Version:
Claude Code Flow - Advanced AI-powered development workflows with SPARC methodology
459 lines • 13.5 kB
TypeScript
import { EventEmitter } from "events";
import { Logger } from "../core/logger.js";
import { ConfigManager } from "../core/config.js";
export interface AuditEntry {
id: string;
timestamp: Date;
eventType: string;
category: "authentication" | "authorization" | "data-access" | "system-change" | "security" | "compliance" | "business";
severity: "low" | "medium" | "high" | "critical";
userId?: string;
sessionId?: string;
resource: {
type: string;
id: string;
name?: string;
path?: string;
};
action: string;
outcome: "success" | "failure" | "partial" | "denied";
details: Record<string, any>;
context: {
ipAddress?: string;
userAgent?: string;
location?: string;
source: string;
requestId?: string;
};
compliance: {
frameworks: string[];
controls: string[];
retention: string;
classification: "public" | "internal" | "confidential" | "restricted";
};
integrity: {
hash: string;
signature?: string;
verified: boolean;
};
metadata: Record<string, any>;
}
export interface ComplianceFramework {
id: string;
name: string;
version: string;
description: string;
type: "regulatory" | "industry" | "internal" | "certification";
requirements: ComplianceRequirement[];
auditFrequency: "continuous" | "daily" | "weekly" | "monthly" | "quarterly" | "annually";
retentionPeriod: string;
reportingRequirements: {
frequency: string;
recipients: string[];
format: string[];
automated: boolean;
};
controls: ComplianceControl[];
status: "active" | "inactive" | "pending" | "deprecated";
implementationDate: Date;
nextReview: Date;
responsible: string;
}
export interface ComplianceRequirement {
id: string;
title: string;
description: string;
category: string;
priority: "low" | "medium" | "high" | "critical";
status: "compliant" | "non-compliant" | "partial" | "not-applicable" | "pending";
evidence: string[];
gaps: string[];
remediation: {
actions: string[];
owner: string;
dueDate: Date;
cost?: number;
effort?: string;
};
lastAssessed: Date;
nextAssessment: Date;
automatedCheck: {
enabled: boolean;
frequency: string;
query: string;
threshold?: any;
};
}
export interface ComplianceControl {
id: string;
name: string;
description: string;
type: "preventive" | "detective" | "corrective" | "compensating";
automationType: "manual" | "semi-automated" | "automated";
effectiveness: "low" | "medium" | "high";
frequency: string;
owner: string;
evidence: string[];
testingProcedure: string;
lastTested: Date;
nextTest: Date;
status: "effective" | "ineffective" | "needs-improvement" | "not-tested";
}
export interface AuditReport {
id: string;
title: string;
description: string;
type: "compliance" | "security" | "operational" | "financial" | "investigation" | "custom";
scope: {
timeRange: {
start: Date;
end: Date;
};
systems: string[];
users: string[];
events: string[];
compliance: string[];
};
findings: AuditFinding[];
recommendations: AuditRecommendation[];
summary: {
totalEvents: number;
criticalFindings: number;
complianceScore: number;
riskLevel: "low" | "medium" | "high" | "critical";
};
methodology: string;
limitations: string[];
reviewers: string[];
approvers: string[];
status: "draft" | "under-review" | "approved" | "published" | "archived";
confidentiality: "public" | "internal" | "confidential" | "restricted";
createdAt: Date;
updatedAt: Date;
createdBy: string;
publishedAt?: Date;
}
export interface AuditFinding {
id: string;
title: string;
description: string;
severity: "low" | "medium" | "high" | "critical";
category: string;
risk: string;
impact: string;
likelihood: string;
evidence: AuditEvidence[];
relatedEvents: string[];
complianceImpact: {
frameworks: string[];
violations: string[];
penalties?: string[];
};
remediation: {
priority: "low" | "medium" | "high" | "immediate";
owner: string;
actions: string[];
timeline: string;
cost?: number;
};
status: "open" | "in-progress" | "resolved" | "accepted-risk" | "false-positive";
}
export interface AuditEvidence {
id: string;
type: "log-entry" | "screenshot" | "document" | "system-output" | "witness-statement" | "data-export";
description: string;
source: string;
timestamp: Date;
hash: string;
location: string;
preservationStatus: "intact" | "modified" | "corrupted" | "missing";
chainOfCustody: ChainOfCustodyEntry[];
}
export interface ChainOfCustodyEntry {
timestamp: Date;
action: "collected" | "accessed" | "analyzed" | "transferred" | "stored" | "destroyed";
user: string;
reason: string;
hash: string;
}
export interface AuditRecommendation {
id: string;
title: string;
description: string;
priority: "low" | "medium" | "high" | "critical";
category: "policy" | "process" | "technology" | "training" | "governance";
implementation: {
effort: "low" | "medium" | "high";
cost: "low" | "medium" | "high";
timeline: string;
dependencies: string[];
risks: string[];
};
expectedBenefit: string;
owner: string;
status: "proposed" | "approved" | "in-progress" | "completed" | "rejected";
tracking: {
milestones: string[];
progress: number;
nextReview: Date;
};
}
export interface AuditTrail {
id: string;
name: string;
description: string;
category: string;
entries: AuditEntry[];
configuration: {
retention: string;
compression: boolean;
encryption: boolean;
archival: {
enabled: boolean;
location: string;
schedule: string;
};
monitoring: {
realTime: boolean;
alerting: boolean;
dashboards: string[];
};
};
integrity: {
verified: boolean;
lastVerification: Date;
checksum: string;
tamperEvidence: TamperEvidence[];
};
access: {
viewers: string[];
admins: string[];
readonly: boolean;
auditAccess: boolean;
};
compliance: {
frameworks: string[];
retention: string;
exportRequirements: string[];
immutable: boolean;
};
createdAt: Date;
updatedAt: Date;
}
export interface TamperEvidence {
timestamp: Date;
type: "checksum-mismatch" | "unauthorized-access" | "missing-entries" | "timestamp-anomaly";
description: string;
severity: "low" | "medium" | "high" | "critical";
investigationStatus: "pending" | "investigating" | "resolved" | "false-alarm";
evidence: string[];
}
export interface AuditConfiguration {
general: {
enabled: boolean;
defaultRetention: string;
compressionEnabled: boolean;
encryptionEnabled: boolean;
realTimeProcessing: boolean;
};
collection: {
automaticCapture: boolean;
bufferSize: number;
batchSize: number;
flushInterval: number;
failureHandling: "ignore" | "retry" | "alert" | "stop";
};
storage: {
primaryLocation: string;
backupLocation?: string;
archivalLocation?: string;
partitioning: "daily" | "weekly" | "monthly";
indexing: boolean;
};
integrity: {
checksumAlgorithm: "sha256" | "sha512" | "blake2b";
verificationFrequency: string;
digitalSignatures: boolean;
immutableStorage: boolean;
};
compliance: {
frameworks: string[];
automaticClassification: boolean;
retentionPolicies: Record<string, string>;
exportFormats: string[];
};
monitoring: {
alerting: {
enabled: boolean;
channels: string[];
thresholds: {
failedLogins: number;
privilegedAccess: number;
dataExfiltration: number;
configChanges: number;
};
};
reporting: {
automated: boolean;
frequency: string;
recipients: string[];
dashboards: string[];
};
};
privacy: {
piiDetection: boolean;
anonymization: boolean;
masking: {
enabled: boolean;
patterns: string[];
};
consent: {
required: boolean;
tracking: boolean;
};
};
}
export interface AuditMetrics {
volume: {
totalEntries: number;
dailyAverage: number;
peakHourly: number;
byCategory: Record<string, number>;
bySeverity: Record<string, number>;
};
compliance: {
overallScore: number;
byFramework: Record<string, {
score: number;
compliant: number;
nonCompliant: number;
total: number;
}>;
trending: "improving" | "stable" | "declining";
};
integrity: {
verificationSuccess: number;
tamperAttempts: number;
dataLoss: number;
corruptionEvents: number;
};
performance: {
ingestionRate: number;
queryResponseTime: number;
storageEfficiency: number;
availabilityPercentage: number;
};
security: {
unauthorizedAccess: number;
privilegedActions: number;
suspiciousPatterns: number;
escalatedIncidents: number;
};
}
export declare class AuditManager extends EventEmitter {
private auditTrails;
private frameworks;
private reports;
private auditBuffer;
private auditPath;
private logger;
private config;
private configuration;
constructor(auditPath?: string, logger?: Logger, config?: ConfigManager);
initialize(): Promise<void>;
logAuditEvent(eventData: {
eventType: string;
category: AuditEntry["category"];
severity?: AuditEntry["severity"];
userId?: string;
sessionId?: string;
resource: AuditEntry["resource"];
action: string;
outcome: AuditEntry["outcome"];
details: Record<string, any>;
context: Partial<AuditEntry["context"]>;
compliance?: {
frameworks?: string[];
controls?: string[];
classification?: AuditEntry["compliance"]["classification"];
};
}): Promise<AuditEntry>;
createComplianceFramework(frameworkData: {
name: string;
version: string;
description: string;
type: ComplianceFramework["type"];
requirements: Omit<ComplianceRequirement, "id">[];
controls: Omit<ComplianceControl, "id">[];
auditFrequency: ComplianceFramework["auditFrequency"];
retentionPeriod: string;
responsible: string;
}): Promise<ComplianceFramework>;
generateAuditReport(reportConfig: {
title: string;
description: string;
type: AuditReport["type"];
scope: AuditReport["scope"];
includeRecommendations?: boolean;
confidentiality?: AuditReport["confidentiality"];
}): Promise<AuditReport>;
exportAuditData(exportConfig: {
format: "json" | "csv" | "xml" | "pdf";
scope: {
timeRange: {
start: Date;
end: Date;
};
categories?: string[];
severity?: string[];
users?: string[];
};
destination: string;
encryption?: boolean;
compression?: boolean;
}): Promise<string>;
verifyAuditIntegrity(trailId?: string): Promise<{
verified: boolean;
issues: TamperEvidence[];
summary: {
totalEntries: number;
verifiedEntries: number;
corruptedEntries: number;
missingEntries: number;
};
}>;
getAuditMetrics(timeRange?: {
start: Date;
end: Date;
}): Promise<AuditMetrics>;
private getDefaultConfiguration;
private loadConfigurations;
private initializeDefaultFrameworks;
private startAuditProcessing;
private flushAuditBuffer;
private processAuditEntry;
private determineAuditTrail;
private createAuditTrail;
private calculateHash;
private calculateTrailChecksum;
private calculateRetentionPeriod;
private parseRetentionPeriod;
private queryAuditEntries;
private analyzeAuditEntries;
private calculateComplianceScore;
private checkAutomatedRequirement;
private calculateRiskLevel;
private generateRecommendations;
private checkComplianceViolations;
private checkSecurityAlerts;
private generateSecurityAlert;
private calculatePeakHourly;
private groupBy;
private convertToCSV;
private convertToXML;
private convertToPDF;
private saveFramework;
private saveAuditTrail;
private saveReport;
}
//# sourceMappingURL=audit-manager.d.ts.map