🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
@greenarmor/ges-policy-engine
Advanced tools
@greenarmor/ges-policy-engine - npm Package Compare versions
| import type { PolicyPack } from "@greenarmor/ges-core"; | ||
| export declare function createGovernanceAIPolicyPack(): PolicyPack; |
| export function createGovernanceAIPolicyPack() { | ||
| const controls = [ | ||
| { | ||
| id: "GOV-AI-001", | ||
| name: "AI System Registration", | ||
| description: "Every AI system must be registered in the governance inventory with a unique record before deployment.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 30 — Records of Processing Activities", | ||
| status: "not-implemented", | ||
| severity: "critical", | ||
| implementation_guidance: "Register each AI system using 'ges governance add' or the MCP create_governance_record tool. The record must capture system name, type, version, risk level, and description. No AI system may enter production without a governance record.", | ||
| checks: [ | ||
| { id: "GOV-AI-001-C1", description: "Governance record exists for the AI system", status: "not-implemented" }, | ||
| { id: "GOV-AI-001-C2", description: "System type and version documented", status: "not-implemented" }, | ||
| { id: "GOV-AI-001-C3", description: "Initial risk level assigned", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOV-AI-002", | ||
| name: "Risk Assessment Requirement", | ||
| description: "A documented risk assessment must be linked to the governance record before approval can be granted.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 35 — Data Protection Impact Assessment", | ||
| status: "not-implemented", | ||
| severity: "critical", | ||
| implementation_guidance: "Link a RiskAssessmentRef to the governance record. The assessment must identify the assessor, methodology, risk score, identified risks, residual risk, and mitigation measures. Verify with 'ges governance verify'.", | ||
| checks: [ | ||
| { id: "GOV-AI-002-C1", description: "Risk assessment linked to governance record", status: "not-implemented" }, | ||
| { id: "GOV-AI-002-C2", description: "Risk methodology documented", status: "not-implemented" }, | ||
| { id: "GOV-AI-002-C3", description: "Residual risk documented", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOV-AI-003", | ||
| name: "Policy Basis Documentation", | ||
| description: "The governance record must reference the specific policy or standard under which the system is approved.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 5(2) — Accountability", | ||
| status: "not-implemented", | ||
| severity: "high", | ||
| implementation_guidance: "Document the policy_id, policy_name, version, applicable clauses, and standard. This provides the regulatory basis for the approval decision.", | ||
| checks: [ | ||
| { id: "GOV-AI-003-C1", description: "Policy ID and version documented", status: "not-implemented" }, | ||
| { id: "GOV-AI-003-C2", description: "Applicable clauses referenced", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOV-AI-004", | ||
| name: "Approval Authority Chain", | ||
| description: "An approval decision must be recorded with approver identity, authority, decision date, and validity period.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 32 — Security of Processing", | ||
| status: "not-implemented", | ||
| severity: "critical", | ||
| implementation_guidance: "Record the ApprovalDecision with approver name, role, email, authority level, decision (approved/rejected/conditional), decision_date, valid_from, valid_until, conditions, and rationale. No system is compliant without a recorded approval.", | ||
| checks: [ | ||
| { id: "GOV-AI-004-C1", description: "Approver name and role recorded", status: "not-implemented" }, | ||
| { id: "GOV-AI-004-C2", description: "Decision date and validity period documented", status: "not-implemented" }, | ||
| { id: "GOV-AI-004-C3", description: "Approval authority documented", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOV-AI-005", | ||
| name: "Evidence Chain Completeness", | ||
| description: "At least one evidence reference must be linked to the governance record, pointing to supporting documentation in external systems.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 5(2) — Accountability", | ||
| status: "not-implemented", | ||
| severity: "critical", | ||
| implementation_guidance: "Add EvidenceRef entries referencing tickets, documents, meeting records, or reports in Jira, Confluence, ServiceNow, SharePoint, or other GRC systems. The reference stores the location, not the content — evidence remains in its source of truth.", | ||
| checks: [ | ||
| { id: "GOV-AI-005-C1", description: "At least one evidence reference attached", status: "not-implemented" }, | ||
| { id: "GOV-AI-005-C2", description: "Evidence source system identified", status: "not-implemented" }, | ||
| { id: "GOV-AI-005-C3", description: "Evidence location described", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOV-AI-006", | ||
| name: "Committee Approval Record", | ||
| description: "If approval requires committee review, the committee name, meeting reference, date, and attendees must be documented.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 35 — DPIA Consultation", | ||
| status: "not-implemented", | ||
| severity: "high", | ||
| implementation_guidance: "Record the CommitteeApprovalRef with committee_name, meeting_date, meeting_reference, attendees list, and decision summary. Required for high-risk systems.", | ||
| checks: [ | ||
| { id: "GOV-AI-006-C1", description: "Committee name and meeting reference documented", status: "not-implemented" }, | ||
| { id: "GOV-AI-006-C2", description: "Attendees recorded", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOV-AI-007", | ||
| name: "Review Cycle Monitoring", | ||
| description: "A defined review cycle with frequency and next review date must be established for continuous compliance.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 32(1)(d) — Regular Testing", | ||
| status: "not-implemented", | ||
| severity: "high", | ||
| implementation_guidance: "Define the ReviewCycle with frequency (quarterly/semi-annual/annual/biennial), last_review, next_review date, and maintain review_history entries for each review cycle.", | ||
| checks: [ | ||
| { id: "GOV-AI-007-C1", description: "Review frequency defined", status: "not-implemented" }, | ||
| { id: "GOV-AI-007-C2", description: "Next review date set", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOV-AI-008", | ||
| name: "Approval Expiry Enforcement", | ||
| description: "Approval validity must be time-bound and monitored for expiry.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 25 — Data Protection by Design", | ||
| status: "not-implemented", | ||
| severity: "critical", | ||
| implementation_guidance: "Set valid_until on the ApprovalDecision. The verification system automatically detects expired approvals. Systems with expired approvals must not remain in production without renewal.", | ||
| checks: [ | ||
| { id: "GOV-AI-008-C1", description: "Approval has a validity end date", status: "not-implemented" }, | ||
| { id: "GOV-AI-008-C2", description: "Expiry monitored via governance verification", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOV-AI-009", | ||
| name: "Data Inventory for Governance", | ||
| description: "The governance record must include a data inventory documenting personal data categories, processing purposes, and data subjects.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 30 — Records of Processing Activities", | ||
| status: "not-implemented", | ||
| severity: "high", | ||
| implementation_guidance: "Populate GovernanceDataInventory with personal_data_categories, processing_purposes, data_subjects, cross_border_transfers, and retention_period. This connects the governance record to the data protection requirements.", | ||
| checks: [ | ||
| { id: "GOV-AI-009-C1", description: "Personal data categories documented", status: "not-implemented" }, | ||
| { id: "GOV-AI-009-C2", description: "Processing purposes documented", status: "not-implemented" }, | ||
| { id: "GOV-AI-009-C3", description: "Cross-border transfers identified", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOV-AI-010", | ||
| name: "Compliance Framework Mapping", | ||
| description: "The governance record must link to applicable compliance frameworks and controls satisfied.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 5(2) — Accountability", | ||
| status: "not-implemented", | ||
| severity: "medium", | ||
| implementation_guidance: "Populate GovernanceComplianceLinks with frameworks, controls_satisfied, and control_pack_ids. This enables cross-referencing between governance records and the compliance scoring system.", | ||
| checks: [ | ||
| { id: "GOV-AI-010-C1", description: "Applicable frameworks listed", status: "not-implemented" }, | ||
| { id: "GOV-AI-010-C2", description: "Controls satisfied referenced", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOV-AI-011", | ||
| name: "Provenance Chain Verification", | ||
| description: "The governance record must pass automated verification of the full provenance chain.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 5(2) — Accountability", | ||
| status: "not-implemented", | ||
| severity: "critical", | ||
| implementation_guidance: "Run 'ges governance verify' or the MCP verify_governance_record tool. Verification checks all dimensions: approval exists and is current, risk assessment present, evidence attached, review cycle defined. The result provides a single defensible answer for auditors.", | ||
| checks: [ | ||
| { id: "GOV-AI-011-C1", description: "Verification returns valid=true", status: "not-implemented" }, | ||
| { id: "GOV-AI-011-C2", description: "No blocking issues in verification result", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOV-AI-012", | ||
| name: "Dashboard Auditor Access", | ||
| description: "Governance records must be accessible via the web dashboard for auditor and regulator review.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 15 — Right of Access (Transparency)", | ||
| status: "not-implemented", | ||
| severity: "medium", | ||
| implementation_guidance: "The governance dashboard tab provides a visual provenance chain: system → risk → policy → approval → evidence → review. Auditors can verify any system's compliance status without navigating multiple GRC platforms.", | ||
| checks: [ | ||
| { id: "GOV-AI-012-C1", description: "Dashboard governance tab accessible", status: "not-implemented" }, | ||
| { id: "GOV-AI-012-C2", description: "Provenance chain visible for each record", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| ]; | ||
| return { | ||
| id: "governance-ai", | ||
| name: "AI Governance Provenance Pack", | ||
| description: "Controls for approval provenance chains — end-to-end traceability from AI system registration to approval, evidence, and review cycle.", | ||
| version: "1.0.0", | ||
| project_types: ["ai-application", "mcp-server", "saas", "government-system"], | ||
| controls, | ||
| frameworks: ["GDPR"], | ||
| }; | ||
| } |
| import type { PolicyPack } from "@greenarmor/ges-core"; | ||
| export declare function createGovernancePolicyPack(): PolicyPack; |
| export function createGovernancePolicyPack() { | ||
| const controls = [ | ||
| { | ||
| id: "GOVP-001", | ||
| name: "System Registration", | ||
| description: "Every system must be registered in the governance inventory with a unique record before deployment.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 30 — Records of Processing Activities", | ||
| status: "not-implemented", | ||
| severity: "critical", | ||
| implementation_guidance: "Register each system using 'ges governance add' or the MCP create_governance_record tool. The record must capture system name, type (ai-system, application, data-process, api, model, infrastructure, third-party-service), version, risk level, and description. No system may enter production without a governance record.", | ||
| checks: [ | ||
| { id: "GOVP-001-C1", description: "Governance record exists for the system", status: "not-implemented" }, | ||
| { id: "GOVP-001-C2", description: "System type and version documented", status: "not-implemented" }, | ||
| { id: "GOVP-001-C3", description: "Initial risk level assigned", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOVP-002", | ||
| name: "Risk Assessment Requirement", | ||
| description: "A documented risk assessment must be linked to the governance record before approval can be granted.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 35 — Data Protection Impact Assessment", | ||
| status: "not-implemented", | ||
| severity: "critical", | ||
| implementation_guidance: "Link a RiskAssessmentRef to the governance record. The assessment must identify the assessor, methodology, risk score, identified risks, residual risk, and mitigation measures. Verify with 'ges governance verify'.", | ||
| checks: [ | ||
| { id: "GOVP-002-C1", description: "Risk assessment linked to governance record", status: "not-implemented" }, | ||
| { id: "GOVP-002-C2", description: "Risk methodology documented", status: "not-implemented" }, | ||
| { id: "GOVP-002-C3", description: "Residual risk documented", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOVP-003", | ||
| name: "Policy Basis Documentation", | ||
| description: "The governance record must reference the specific policy or standard under which the system is approved.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 5(2) — Accountability", | ||
| status: "not-implemented", | ||
| severity: "high", | ||
| implementation_guidance: "Document the policy_id, policy_name, version, applicable clauses, and standard. This provides the regulatory basis for the approval decision.", | ||
| checks: [ | ||
| { id: "GOVP-003-C1", description: "Policy ID and version documented", status: "not-implemented" }, | ||
| { id: "GOVP-003-C2", description: "Applicable clauses referenced", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOVP-004", | ||
| name: "Approval Authority Chain", | ||
| description: "An approval decision must be recorded with approver identity, authority, decision date, and validity period.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 32 — Security of Processing", | ||
| status: "not-implemented", | ||
| severity: "critical", | ||
| implementation_guidance: "Record the ApprovalDecision with approver name, role, email, authority level, decision (approved/rejected/conditional), decision_date, valid_from, valid_until, conditions, and rationale. No system is compliant without a recorded approval.", | ||
| checks: [ | ||
| { id: "GOVP-004-C1", description: "Approver name and role recorded", status: "not-implemented" }, | ||
| { id: "GOVP-004-C2", description: "Decision date and validity period documented", status: "not-implemented" }, | ||
| { id: "GOVP-004-C3", description: "Approval authority documented", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOVP-005", | ||
| name: "Evidence Chain Completeness", | ||
| description: "At least one evidence reference must be linked to the governance record, pointing to supporting documentation in external systems.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 5(2) — Accountability", | ||
| status: "not-implemented", | ||
| severity: "critical", | ||
| implementation_guidance: "Add EvidenceRef entries referencing tickets, documents, meeting records, or reports in Jira, Confluence, ServiceNow, SharePoint, or other GRC systems. The reference stores the location, not the content — evidence remains in its source of truth.", | ||
| checks: [ | ||
| { id: "GOVP-005-C1", description: "At least one evidence reference attached", status: "not-implemented" }, | ||
| { id: "GOVP-005-C2", description: "Evidence source system identified", status: "not-implemented" }, | ||
| { id: "GOVP-005-C3", description: "Evidence location described", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOVP-006", | ||
| name: "Committee Approval Record", | ||
| description: "If approval requires committee review, the committee name, meeting reference, date, and attendees must be documented.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 35 — DPIA Consultation", | ||
| status: "not-implemented", | ||
| severity: "high", | ||
| implementation_guidance: "Record the CommitteeApprovalRef with committee_name, meeting_date, meeting_reference, attendees list, and decision summary. Required for high-risk systems.", | ||
| checks: [ | ||
| { id: "GOVP-006-C1", description: "Committee name and meeting reference documented", status: "not-implemented" }, | ||
| { id: "GOVP-006-C2", description: "Attendees recorded", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOVP-007", | ||
| name: "Review Cycle Monitoring", | ||
| description: "A defined review cycle with frequency and next review date must be established for continuous compliance.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 32(1)(d) — Regular Testing", | ||
| status: "not-implemented", | ||
| severity: "high", | ||
| implementation_guidance: "Define the ReviewCycle with frequency (quarterly/semi-annual/annual/biennial), last_review, next_review date, and maintain review_history entries for each review cycle.", | ||
| checks: [ | ||
| { id: "GOVP-007-C1", description: "Review frequency defined", status: "not-implemented" }, | ||
| { id: "GOVP-007-C2", description: "Next review date set", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOVP-008", | ||
| name: "Approval Expiry Enforcement", | ||
| description: "Approval validity must be time-bound and monitored for expiry.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 25 — Data Protection by Design", | ||
| status: "not-implemented", | ||
| severity: "critical", | ||
| implementation_guidance: "Set valid_until on the ApprovalDecision. The verification system automatically detects expired approvals. Systems with expired approvals must not remain in production without renewal.", | ||
| checks: [ | ||
| { id: "GOVP-008-C1", description: "Approval has a validity end date", status: "not-implemented" }, | ||
| { id: "GOVP-008-C2", description: "Expiry monitored via governance verification", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOVP-009", | ||
| name: "Data Inventory for Governance", | ||
| description: "The governance record must include a data inventory documenting personal data categories, processing purposes, and data subjects.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 30 — Records of Processing Activities", | ||
| status: "not-implemented", | ||
| severity: "high", | ||
| implementation_guidance: "Populate GovernanceDataInventory with personal_data_categories, processing_purposes, data_subjects, cross_border_transfers, and retention_period. This connects the governance record to the data protection requirements.", | ||
| checks: [ | ||
| { id: "GOVP-009-C1", description: "Personal data categories documented", status: "not-implemented" }, | ||
| { id: "GOVP-009-C2", description: "Processing purposes documented", status: "not-implemented" }, | ||
| { id: "GOVP-009-C3", description: "Cross-border transfers identified", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOVP-010", | ||
| name: "Compliance Framework Mapping", | ||
| description: "The governance record must link to applicable compliance frameworks and controls satisfied.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 5(2) — Accountability", | ||
| status: "not-implemented", | ||
| severity: "medium", | ||
| implementation_guidance: "Populate GovernanceComplianceLinks with frameworks, controls_satisfied, and control_pack_ids. This enables cross-referencing between governance records and the compliance scoring system.", | ||
| checks: [ | ||
| { id: "GOVP-010-C1", description: "Applicable frameworks listed", status: "not-implemented" }, | ||
| { id: "GOVP-010-C2", description: "Controls satisfied referenced", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOVP-011", | ||
| name: "Provenance Chain Verification", | ||
| description: "The governance record must pass automated verification of the full provenance chain.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 5(2) — Accountability", | ||
| status: "not-implemented", | ||
| severity: "critical", | ||
| implementation_guidance: "Run 'ges governance verify' or the MCP verify_governance_record tool. Verification checks all dimensions: approval exists and is current, risk assessment present, evidence attached, review cycle defined. The result provides a single defensible answer for auditors and examiners.", | ||
| checks: [ | ||
| { id: "GOVP-011-C1", description: "Verification returns valid=true", status: "not-implemented" }, | ||
| { id: "GOVP-011-C2", description: "No blocking issues in verification result", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| { | ||
| id: "GOVP-012", | ||
| name: "Dashboard Auditor Access", | ||
| description: "Governance records must be accessible via the web dashboard for auditor, examiner, and developer review.", | ||
| category: "governance-provenance", | ||
| framework: "GDPR", | ||
| article: "Article 15 — Right of Access (Transparency)", | ||
| status: "not-implemented", | ||
| severity: "medium", | ||
| implementation_guidance: "The governance dashboard tab provides a visual provenance chain: system → risk → policy → approval → evidence → review. Auditors, examiners, and developers can verify any system's compliance status without navigating multiple GRC platforms — the dashboard is a one-stop shop.", | ||
| checks: [ | ||
| { id: "GOVP-012-C1", description: "Dashboard governance tab accessible", status: "not-implemented" }, | ||
| { id: "GOVP-012-C2", description: "Provenance chain visible for each record", status: "not-implemented" }, | ||
| ], | ||
| }, | ||
| ]; | ||
| const allProjectTypes = [ | ||
| "saas", "ai-application", "mcp-server", "blockchain", "wallet", | ||
| "government-system", "healthcare-system", "event-platform", | ||
| "photo-storage-platform", "vulnerability-scanner", | ||
| "generic-web-application", "api-backend", "mobile-application", | ||
| ]; | ||
| return { | ||
| id: "governance", | ||
| name: "Governance Provenance Pack", | ||
| description: "Controls for approval provenance chains — end-to-end traceability from system registration to approval, evidence, and review cycle. Applicable to any system type: AI systems, applications, data processes, APIs, models, infrastructure, and third-party services.", | ||
| version: "1.0.0", | ||
| project_types: allProjectTypes, | ||
| controls, | ||
| frameworks: ["GDPR"], | ||
| }; | ||
| } |
+1
-0
@@ -22,3 +22,4 @@ import type { PolicyPack, ProjectType } from "@greenarmor/ges-core"; | ||
| export { createSouthAfricaPOPIAPolicyPack, createUAEPDPLPolicyPack, createSaudiArabiaPDPLPolicyPack } from "./packs/privacy-africa-me.js"; | ||
| export { createGovernancePolicyPack } from "./packs/governance.js"; | ||
| export { PRIVACY_COUNTRIES, getCountryByCode, getCountryPackId, getCountriesByRegion } from "./packs/countries.js"; | ||
| export type { CountryPrivacyPack } from "./packs/countries.js"; |
+6
-0
@@ -17,2 +17,3 @@ import { createGDPRPolicyPack } from "./packs/gdpr.js"; | ||
| import { createSouthAfricaPOPIAPolicyPack, createUAEPDPLPolicyPack, createSaudiArabiaPDPLPolicyPack } from "./packs/privacy-africa-me.js"; | ||
| import { createGovernancePolicyPack } from "./packs/governance.js"; | ||
| const ALL_PACKS = [ | ||
@@ -50,2 +51,4 @@ createGDPRPolicyPack, | ||
| createSaudiArabiaPDPLPolicyPack, | ||
| // Governance | ||
| createGovernancePolicyPack, | ||
| ]; | ||
@@ -84,2 +87,4 @@ const PACK_MAP = { | ||
| "sa-pdpl": createSaudiArabiaPDPLPolicyPack, | ||
| // Governance | ||
| "governance": createGovernancePolicyPack, | ||
| }; | ||
@@ -115,2 +120,3 @@ export function getAllPacks() { | ||
| export { createSouthAfricaPOPIAPolicyPack, createUAEPDPLPolicyPack, createSaudiArabiaPDPLPolicyPack } from "./packs/privacy-africa-me.js"; | ||
| export { createGovernancePolicyPack } from "./packs/governance.js"; | ||
| export { PRIVACY_COUNTRIES, getCountryByCode, getCountryPackId, getCountriesByRegion } from "./packs/countries.js"; |
+3
-3
| { | ||
| "dependencies": { | ||
| "@greenarmor/ges-compliance-engine": "1.3.0", | ||
| "@greenarmor/ges-core": "1.3.0" | ||
| "@greenarmor/ges-compliance-engine": "1.4.0", | ||
| "@greenarmor/ges-core": "1.4.0" | ||
| }, | ||
@@ -28,3 +28,3 @@ "description": "GESF Policy Engine - Policy packs management and enforcement", | ||
| "types": "./dist/index.d.ts", | ||
| "version": "1.3.0", | ||
| "version": "1.4.0", | ||
| "scripts": { | ||
@@ -31,0 +31,0 @@ "build": "tsc", |
No alert changes
Improved metrics
- Total package byte prevSize
509958
5.43%- Number of package files
45
9.76%- Lines of code
7512
5.88%Dependency changes
+ Added
@greenarmor/ges-compliance-engine@1.4.0(transitive)+ Added
@greenarmor/ges-core@1.4.0(transitive)- Removed
@greenarmor/ges-compliance-engine@1.3.0(transitive)- Removed
@greenarmor/ges-core@1.3.0(transitive)Updated
@greenarmor/ges-core@1.4.0