feat(knowledge): add compliance-mapping document — EU AI Act, NIST AI RMF, ISO 42001

2026-04-10 12:29:14 +02:00 · 2026-04-10 12:29:14 +02:00 · 5bb9d5bd11
commit 5bb9d5bd11
parent 589711e29b
2 changed files with 187 additions and 0 deletions
--- a/plugins/llm-security/tests/scanners/compliance-mapping.test.mjs
+++ b/plugins/llm-security/tests/scanners/compliance-mapping.test.mjs
@ -0,0 +1,68 @@
+// compliance-mapping.test.mjs — Tests for knowledge/compliance-mapping.md content
+// Verifies: file exists, contains expected framework headers, all 13 posture categories, verification log
+
+import { describe, it } from 'node:test';
+import assert from 'node:assert/strict';
+import { readFileSync } from 'node:fs';
+import { resolve } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const __dirname = fileURLToPath(new URL('.', import.meta.url));
+const ROOT = resolve(__dirname, '../..');
+const COMPLIANCE_PATH = resolve(ROOT, 'knowledge/compliance-mapping.md');
+
+let content;
+try {
+  content = readFileSync(COMPLIANCE_PATH, 'utf-8');
+} catch {
+  content = null;
+}
+
+describe('knowledge/compliance-mapping.md', () => {
+  it('file exists', () => {
+    assert.ok(content !== null, 'compliance-mapping.md should exist');
+  });
+
+  it('contains EU AI Act header', () => {
+    assert.ok(content.includes('EU AI Act'), 'Should reference EU AI Act');
+  });
+
+  it('contains NIST AI RMF header', () => {
+    assert.ok(content.includes('NIST AI RMF'), 'Should reference NIST AI RMF');
+  });
+
+  it('contains ISO 42001 header', () => {
+    assert.ok(content.includes('ISO 42001'), 'Should reference ISO 42001');
+  });
+
+  // All 13 existing posture category names must appear
+  const categories = [
+    'Deny-First Configuration',
+    'Secrets Protection',
+    'Path Guarding',
+    'MCP Server Trust',
+    'Destructive Command Blocking',
+    'Sandbox Configuration',
+    'Human Review Requirements',
+    'Skill and Plugin Sources',
+    'Session Isolation',
+    'Cognitive State Security',
+    'Prompt Injection Hardening',
+    'Rule of Two',
+    'Long-Horizon Monitoring',
+  ];
+
+  for (const cat of categories) {
+    it(`contains posture category: ${cat}`, () => {
+      assert.ok(content.includes(cat), `Should reference posture category "${cat}"`);
+    });
+  }
+
+  it('contains Verification Log section', () => {
+    assert.ok(content.includes('Verification Log'), 'Should have a Verification Log section');
+  });
+
+  it('contains at least one source URL', () => {
+    assert.ok(/https?:\/\//.test(content), 'Should contain at least one verification URL');
+  });
+});