vaultace-cli
Version:
AI-powered security scanner that detects vulnerabilities in AI-generated code. Proactive scanning, autonomous fixing, and emergency response for modern development teams.
303 lines (256 loc) ā¢ 9.2 kB
JavaScript
/**
* Compliance Command - Audit trails and compliance reporting
*/
const { Command } = require('commander')
const chalk = require('chalk')
const ora = require('ora')
const { table } = require('table')
const fs = require('fs-extra')
const { getAPIClient } = require('../services/api-client')
const complianceCommand = new Command('compliance')
.alias('audit')
.description('š Compliance reporting and audit trails')
// Generate compliance reports
complianceCommand
.command('report <framework>')
.description('Generate compliance report (sox|gdpr|hipaa|pci-dss|iso27001)')
.option('--period <days>', 'reporting period in days', '90')
.option('--format <format>', 'output format (pdf|html|json)', 'html')
.option('--output <file>', 'output file path')
.action(async (framework, options) => {
const spinner = ora(`Generating ${framework.toUpperCase()} compliance report...`).start()
const apiClient = getAPIClient()
try {
if (!apiClient.isAuthenticated()) {
spinner.fail('Authentication required')
console.log(chalk.yellow('Please login first: vaultace auth login'))
return
}
const reportData = {
framework: framework.toLowerCase(),
period_days: parseInt(options.period),
format: options.format,
include_evidence: true,
include_remediation: true
}
// Call your backend compliance API
const result = await apiClient.generateComplianceReport ?
await apiClient.generateComplianceReport(reportData) :
await mockComplianceReport(framework, options.period)
if (!result.success) {
spinner.fail('Report generation failed')
console.error(chalk.red(result.error))
return
}
const report = result.report
const fileName = options.output || `${framework}-compliance-report.${options.format}`
if (options.format === 'json') {
await fs.writeFile(fileName, JSON.stringify(report, null, 2))
} else {
await generateHTMLReport(report, fileName, framework)
}
spinner.succeed('Compliance report generated')
console.log(chalk.green(`\nā
${framework.toUpperCase()} Compliance Report`))
console.log(`File: ${fileName}`)
console.log(`Period: ${options.period} days`)
console.log(`Compliance Score: ${report.compliance_score}/100`)
if (report.critical_gaps?.length > 0) {
console.log(chalk.red(`Critical Gaps: ${report.critical_gaps.length}`))
}
} catch (error) {
spinner.fail('Report generation failed')
console.error(chalk.red(`Error: ${error.message}`))
}
})
// Audit trail analysis
complianceCommand
.command('audit-trail')
.description('Analyze security audit trails')
.option('--user <email>', 'filter by user')
.option('--action <action>', 'filter by action type')
.option('--days <days>', 'days to analyze', '30')
.action(async (options) => {
const spinner = ora('Analyzing audit trails...').start()
const apiClient = getAPIClient()
try {
if (!apiClient.isAuthenticated()) {
spinner.fail('Authentication required')
console.log(chalk.yellow('Please login first: vaultace auth login'))
return
}
const filters = {
user_email: options.user,
action_type: options.action,
days: parseInt(options.days)
}
const result = await apiClient.getAuditTrail ?
await apiClient.getAuditTrail(filters) :
mockAuditTrail()
if (!result.success) {
spinner.fail('Audit trail analysis failed')
console.error(chalk.red(result.error))
return
}
spinner.succeed('Audit trail analysis complete')
const auditData = result.audit_data
console.log(chalk.bold.blue('\nš Security Audit Trail Analysis\n'))
const auditTable = [
['Timestamp', 'User', 'Action', 'Resource', 'Result']
]
auditData.entries.forEach(entry => {
auditTable.push([
new Date(entry.timestamp).toLocaleString(),
entry.user_email || 'System',
entry.action,
entry.resource_type || 'N/A',
entry.result === 'success' ? 'ā
' : 'ā'
])
})
console.log(table(auditTable))
console.log(chalk.bold.yellow('\nSummary:'))
console.log(`Total Events: ${auditData.total_events}`)
console.log(`Failed Actions: ${auditData.failed_actions}`)
console.log(`Unique Users: ${auditData.unique_users}`)
} catch (error) {
spinner.fail('Audit trail analysis failed')
console.error(chalk.red(`Error: ${error.message}`))
}
})
// Evidence collection
complianceCommand
.command('collect-evidence')
.description('Collect compliance evidence')
.option('--type <type>', 'evidence type (security|access|workflow)', 'security')
.option('--days <days>', 'collection period', '30')
.action(async (options) => {
const spinner = ora('Collecting compliance evidence...').start()
const apiClient = getAPIClient()
try {
if (!apiClient.isAuthenticated()) {
spinner.fail('Authentication required')
console.log(chalk.yellow('Please login first: vaultace auth login'))
return
}
const evidenceData = {
evidence_type: options.type,
collection_period_days: parseInt(options.days),
include_automated_actions: true,
include_manual_reviews: true
}
const result = await apiClient.collectEvidence ?
await apiClient.collectEvidence(evidenceData) :
mockEvidence(options.type)
if (!result.success) {
spinner.fail('Evidence collection failed')
console.error(chalk.red(result.error))
return
}
spinner.succeed('Evidence collection complete')
const evidence = result.evidence
console.log(chalk.green('\nš Compliance Evidence Collected'))
console.log(`Type: ${options.type}`)
console.log(`Period: ${options.days} days`)
console.log(`Evidence Items: ${evidence.items.length}`)
const fileName = `compliance-evidence-${options.type}-${Date.now()}.json`
await fs.writeFile(fileName, JSON.stringify(evidence, null, 2))
console.log(chalk.blue(`\nEvidence package: ${fileName}`))
} catch (error) {
spinner.fail('Evidence collection failed')
console.error(chalk.red(`Error: ${error.message}`))
}
})
// Mock functions for development
async function mockComplianceReport(framework, period) {
return {
success: true,
report: {
framework,
period_days: period,
compliance_score: 87,
critical_gaps: ['Access control documentation', 'Incident response testing'],
controls_implemented: 24,
controls_total: 28,
last_assessment: new Date().toISOString(),
evidence_collected: 156
}
}
}
function mockAuditTrail() {
return {
success: true,
audit_data: {
total_events: 1247,
failed_actions: 23,
unique_users: 12,
entries: [
{
timestamp: new Date().toISOString(),
user_email: 'developer@company.com',
action: 'vulnerability_scan',
resource_type: 'repository',
result: 'success'
},
{
timestamp: new Date(Date.now() - 3600000).toISOString(),
user_email: 'admin@company.com',
action: 'workflow_execution',
resource_type: 'workflow',
result: 'success'
}
]
}
}
}
function mockEvidence(type) {
return {
success: true,
evidence: {
type,
collection_date: new Date().toISOString(),
items: [
{ id: '1', type: 'scan_result', timestamp: new Date().toISOString() },
{ id: '2', type: 'fix_application', timestamp: new Date().toISOString() }
]
}
}
}
async function generateHTMLReport(report, fileName, framework) {
const html = `<!DOCTYPE html>
<html>
<head>
<title>${framework.toUpperCase()} Compliance Report</title>
<style>
body { font-family: Arial, sans-serif; margin: 40px; }
.header { border-bottom: 2px solid #007acc; padding-bottom: 20px; }
.score { font-size: 24px; color: ${report.compliance_score >= 80 ? 'green' : 'orange'}; }
.gaps { color: red; margin: 20px 0; }
</style>
</head>
<body>
<div class="header">
<h1>${framework.toUpperCase()} Compliance Report</h1>
<p>Generated: ${new Date().toLocaleString()}</p>
</div>
<div class="score">
<h2>Compliance Score: ${report.compliance_score}/100</h2>
</div>
<div>
<h3>Controls Status</h3>
<p>Implemented: ${report.controls_implemented}/${report.controls_total}</p>
</div>
${report.critical_gaps?.length > 0 ? `
<div class="gaps">
<h3>Critical Gaps</h3>
<ul>
${report.critical_gaps.map(gap => `<li>${gap}</li>`).join('')}
</ul>
</div>` : ''}
<div>
<h3>Evidence Collected</h3>
<p>${report.evidence_collected} compliance evidence items</p>
</div>
</body>
</html>`
await fs.writeFile(fileName, html)
}
module.exports = complianceCommand