open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

feat(posture): add EU AI Act, NIST AI RMF, ISO 42001 compliance categories (14-16)

Browse source 
Extends posture scanner from 13 to 16 categories with three governance/compliance
checks. New categories are advisory (not in CRITICAL_CATEGORIES) — existing Grade A
projects remain Grade A. VERSION bumped to 6.0.0.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen 2026-04-10 13:17:25 +02:00
commit 51b5371d6f
2 changed files with 253 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

59
plugins/llm-security/tests/scanners/posture.test.mjs
View file

@ -42,8 +42,8 @@ describe('posture-scanner: grade-a-project', () => {
assert.equal(result.scoring.grade, 'A');
});
it('has 13 categories assessed', () => {
assert.equal(result.categories.length, 13);
it('has 16 categories assessed', () => {
assert.equal(result.categories.length, 16);
});
it('has low risk score', () => {
@ -153,6 +153,42 @@ describe('posture-scanner: grade-a-project', () => {
assert.ok(cat12.owasp.includes('ASI02'), 'Cat 12 should map to ASI02');
assert.ok(cat13.owasp.includes('ASI06'), 'Cat 13 should map to ASI06');
});
// v6.0 compliance categories
it('EU AI Act Compliance category exists', () => {
const cat = result.categories.find(c => c.id === 14);
assert.ok(cat, 'Category 14 should exist');
assert.equal(cat.name, 'EU AI Act Compliance');
});
it('NIST AI RMF Alignment category exists', () => {
const cat = result.categories.find(c => c.id === 15);
assert.ok(cat, 'Category 15 should exist');
assert.equal(cat.name, 'NIST AI RMF Alignment');
});
it('ISO 42001 Readiness category exists', () => {
const cat = result.categories.find(c => c.id === 16);
assert.ok(cat, 'Category 16 should exist');
assert.equal(cat.name, 'ISO 42001 Readiness');
});
it('compliance categories are PARTIAL for grade-a (has hooks+config but no reports/tests)', () => {
for (const id of [14, 15, 16]) {
const cat = result.categories.find(c => c.id === id);
assert.ok(
cat.status === 'PASS' || cat.status === 'PARTIAL',
`Category ${id} (${cat.name}) should be PASS or PARTIAL, got ${cat.status}`,
);
}
});
it('compliance categories have Governance OWASP mapping', () => {
for (const id of [14, 15, 16]) {
const cat = result.categories.find(c => c.id === id);
assert.ok(cat.owasp, `Category ${id} should have owasp mapping`);
}
});
});
// ---------------------------------------------------------------------------
@ -272,6 +308,25 @@ describe('posture-scanner: grade-f-project', () => {
const cat = result.categories.find(c => c.id === 13);
assert.equal(cat.status, 'FAIL');
});
// v6.0 compliance categories — grade-f has no security config → FAIL
it('EU AI Act Compliance is FAIL', () => {
const cat = result.categories.find(c => c.id === 14);
assert.ok(cat, 'Category 14 should exist');
assert.equal(cat.status, 'FAIL');
});
it('NIST AI RMF Alignment is FAIL', () => {
const cat = result.categories.find(c => c.id === 15);
assert.ok(cat, 'Category 15 should exist');
assert.equal(cat.status, 'FAIL');
});
it('ISO 42001 Readiness is FAIL', () => {
const cat = result.categories.find(c => c.id === 16);
assert.ok(cat, 'Category 16 should exist');
assert.equal(cat.status, 'FAIL');
});
});
// ---------------------------------------------------------------------------