compliance

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 8, 2025 License: Apache-2.0 Imports: 24 Imported by: 0

README ΒΆ

Enterprise Compliance & Audit Plugin

Comprehensive compliance management for SOC 2, HIPAA, PCI-DSS, GDPR, ISO 27001, and CCPA

Overview

The Compliance plugin provides enterprise-grade compliance management, automated policy enforcement, audit trails, and reporting capabilities for AuthSome. It enables organizations to meet regulatory requirements and maintain compliance with various industry standards.

Features

πŸ›οΈ Compliance Standards Support
  • SOC 2 Type II - Service Organization Control 2
  • HIPAA - Healthcare data protection (7-year retention)
  • PCI-DSS - Payment card data security
  • GDPR - EU data protection and privacy
  • ISO/IEC 27001 - Information security management
  • CCPA - California consumer privacy
πŸ“‹ Compliance Profiles
  • Per-Organization Configuration - Each organization gets its own compliance profile
  • Template-Based Setup - Quick start with predefined templates
  • Custom Policies - Define organization-specific requirements
  • Multi-Standard Support - Comply with multiple standards simultaneously
βœ… Automated Compliance Checks
  • MFA Coverage - Monitor MFA adoption rates
  • Password Policy - Validate password strength and expiration
  • Session Policy - Enforce session timeout and security
  • Access Review - Regular permission audits
  • Inactive Users - Identify dormant accounts
  • Data Retention - Verify audit log retention compliance
πŸ”’ Runtime Policy Enforcement
  • Password Validation - Enforce complexity requirements at signup/change
  • MFA Enforcement - Block login if MFA required but not enabled
  • Session Validation - Enforce max age, idle timeout, IP binding
  • Training Requirements - Require completion of compliance training
  • Data Residency - Enforce geographic data restrictions
πŸ“Š Compliance Reports
  • SOC 2 Reports - Audit-ready compliance documentation
  • HIPAA Audit Trails - 7-year retention with export
  • Custom Reports - Generate reports for any time period
  • Multiple Formats - PDF, JSON, CSV export
  • Evidence Collection - Attach supporting documentation
πŸŽ“ Compliance Training
  • Required Training Tracking - Security awareness, HIPAA basics, etc.
  • Completion Monitoring - Track training status per user
  • Expiration Alerts - Notify when training needs renewal
  • Per-Standard Requirements - Different training for different standards
🚨 Violation Management
  • Automatic Detection - Identify policy violations in real-time
  • Severity Levels - Critical, high, medium, low
  • Resolution Tracking - Track who resolved violations and when
  • Notifications - Alert compliance contacts immediately
πŸ“ˆ Compliance Dashboard
  • Overall Compliance Score - 0-100% compliance rating
  • Real-Time Status - Compliant, non-compliant, in-progress
  • Recent Checks - View latest automated check results
  • Open Violations - Track unresolved issues
  • Audit History - Complete compliance timeline

Installation

The plugin is located in plugins/enterprise/compliance/ and integrates automatically with AuthSome.

1. Enable in Configuration
# config.yaml
plugins:
  compliance:
    enabled: true
    defaultStandard: "SOC2"
    
    automatedChecks:
      enabled: true
      checkInterval: 24h
      
    audit:
      minRetentionDays: 90
      maxRetentionDays: 2555
      detailedTrail: true
      immutable: true
      
    notifications:
      enabled: true
      violations: true
      failedChecks: true
2. Run Database Migrations
# Migrations are automatically applied when plugin is enabled
authsome migrate up
3. Verify Installation
curl http://localhost:8080/auth/compliance/templates

Quick Start

Create Compliance Profile from Template
# Using SOC 2 template
POST /auth/compliance/profiles/from-template
{
  "organizationId": "org_123",
  "standard": "SOC2"
}

# Response
{
  "id": "prof_abc",
  "organizationId": "org_123",
  "name": "SOC 2 Type II",
  "standards": ["SOC2"],
  "mfaRequired": true,
  "passwordMinLength": 12,
  "sessionMaxAge": 86400,
  "retentionDays": 90,
  "status": "active"
}
Check Compliance Status
GET /auth/compliance/organizations/org_123/status

# Response
{
  "profileId": "prof_abc",
  "organizationId": "org_123",
  "overallStatus": "compliant",
  "score": 95,
  "checksPassed": 19,
  "checksFailed": 1,
  "violations": 2,
  "lastChecked": "2025-11-01T10:00:00Z"
}
Generate Compliance Report
POST /auth/compliance/organizations/org_123/reports
{
  "reportType": "soc2",
  "standard": "SOC2",
  "period": "2025-Q3",
  "format": "pdf"
}

# Response (202 Accepted - generating asynchronously)
{
  "id": "rep_xyz",
  "status": "generating",
  "organizationId": "org_123"
}

API Reference

Compliance Profiles
Endpoint Method Description
/profiles POST Create compliance profile
/profiles/from-template POST Create from template
/profiles/:id GET Get profile
/organizations/:orgId/profile GET Get org profile
/profiles/:id PUT Update profile
Compliance Status
Endpoint Method Description
/organizations/:orgId/status GET Get compliance status
/organizations/:orgId/dashboard GET Get dashboard data
Checks & Violations
Endpoint Method Description
/profiles/:profileId/checks POST Run compliance check
/profiles/:profileId/checks GET List checks
/organizations/:orgId/violations GET List violations
/violations/:id/resolve PUT Resolve violation
Reports
Endpoint Method Description
/organizations/:orgId/reports POST Generate report
/organizations/:orgId/reports GET List reports
/reports/:id/download GET Download report
Training
Endpoint Method Description
/organizations/:orgId/training POST Create training record
/users/:userId/training GET Get user training status
/training/:id/complete PUT Mark training complete

Compliance Templates

SOC 2 Type II
Standard: SOC 2
MFA Required: Yes
Password Min Length: 12
Session Max Age: 24 hours
Retention Days: 90
Required Policies:
  - Access Control
  - Password Policy
  - Data Classification
  - Incident Response
  - Change Management
HIPAA
Standard: HIPAA
MFA Required: Yes
Password Min Length: 14
Session Max Age: 1 hour
Retention Days: 2555 (7 years)
Data Residency: US
Required Policies:
  - Access Control
  - Audit Controls
  - Breach Notification
  - Business Associate Agreement
  - Minimum Necessary
PCI-DSS
Standard: PCI-DSS
MFA Required: Yes
Password Min Length: 15
Session Max Age: 15 minutes
Retention Days: 365
Required Policies:
  - Firewall Configuration
  - Cardholder Data Protection
  - Encryption Transmission
  - Access Control

Usage Examples

Password Policy Enforcement
// Hook automatically enforces password policy
// user.password_changed hook

func (p *Plugin) onPasswordChanged(ctx context.Context, data HookData) error {
    orgID := data.GetString("organization_id")
    password := data.GetString("new_password")
    
    // Enforces: min length, uppercase, lowercase, number, symbol
    if err := p.policyEngine.EnforcePasswordPolicy(ctx, orgID, password); err != nil {
        return err // Blocks password change
    }
    
    return nil
}
MFA Enforcement
// Hook automatically enforces MFA requirement
// user.login hook

func (p *Plugin) onUserLogin(ctx context.Context, data HookData) error {
    orgID := data.GetString("organization_id")
    userID := data.GetString("user_id")
    mfaEnabled := data.GetBool("mfa_enabled")
    
    // If org requires MFA but user doesn't have it
    if err := p.policyEngine.EnforceMFA(ctx, orgID, userID, mfaEnabled); err != nil {
        return err // Blocks login
    }
    
    return nil
}
Session Policy Enforcement
// Hook validates session on each request
// session.validated hook

func (p *Plugin) onSessionValidated(ctx context.Context, data HookData) error {
    orgID := data.GetString("organization_id")
    
    session := &Session{
        ID:             data.GetString("session_id"),
        CreatedAt:      data.GetTime("created_at"),
        LastActivityAt: data.GetTime("last_activity"),
        CreatedIP:      data.GetString("created_ip"),
        CurrentIP:      data.GetString("current_ip"),
    }
    
    // Enforces: max age, idle timeout, IP binding
    if err := p.policyEngine.EnforceSessionPolicy(ctx, orgID, session); err != nil {
        return err // Expires session
    }
    
    return nil
}

Configuration Options

Automated Checks
automatedChecks:
  enabled: true
  checkInterval: 24h
  mfaCoverage: true
  passwordPolicy: true
  sessionPolicy: true
  accessReview: true
  inactiveUsers: true
  dataRetention: true
Audit Settings
audit:
  minRetentionDays: 90      # SOC 2 minimum
  maxRetentionDays: 2555    # HIPAA 7 years
  detailedTrail: true       # Log field changes
  immutable: true           # Cannot delete logs
  exportFormat: json
  signLogs: true            # Tamper detection
Notifications
notifications:
  enabled: true
  violations: true
  failedChecks: true
  auditReminders: true
  notifyComplianceContact: true
  channels:
    email: true
    slack: false
    webhook: false

Compliance Workflow

1. Initial Setup
  1. Create organization in AuthSome
  2. Plugin creates default compliance profile (if configured)
  3. Automated checks run immediately
  4. Review compliance status
2. Ongoing Compliance
  1. Automated checks run every 24 hours
  2. Policy enforcement on all auth actions
  3. Violations logged automatically
  4. Compliance contact notified
3. Audit Preparation
  1. Run full compliance check
  2. Generate audit report for period
  3. Collect evidence (audit logs, policies)
  4. Export for auditors
4. Remediation
  1. Review open violations
  2. Resolve issues (enable MFA, update policies)
  3. Mark violations as resolved
  4. Re-run checks to verify

Best Practices

1. Choose the Right Standard
  • SaaS Product: Start with SOC 2
  • Healthcare: HIPAA required
  • Payment Processing: PCI-DSS required
  • EU Customers: GDPR required
  • California: CCPA may apply
2. Enable from Day One
  • Create compliance profile when organization is created
  • Enforce policies from the start (easier than retrofitting)
  • Run initial checks immediately
3. Monitor Regularly
  • Review compliance dashboard weekly
  • Address violations within 48 hours
  • Run manual checks before audits
4. Train Users
  • Require compliance training for all users
  • Set expiration (annual renewal)
  • Track completion in dashboard
5. Document Everything
  • Store policies as documents
  • Collect evidence continuously
  • Generate reports quarterly

Troubleshooting

Compliance Score is Low
  1. Check which checks are failing
  2. Review open violations
  3. Run manual checks for specific areas
  4. Address violations and re-check
MFA Enforcement Blocking Users
  1. Verify mfaRequired setting in profile
  2. Give users grace period to enable MFA
  3. Send notification before enforcement
  4. Provide self-service MFA setup
Reports Not Generating
  1. Check report status (generating, failed)
  2. Review error logs
  3. Verify storage configuration
  4. Ensure sufficient permissions
Training Not Showing
  1. Verify compliance profile has standards
  2. Check template for required training
  3. Run check to create training records
  4. Assign training manually if needed

Performance

Database Indexes

All tables have optimized indexes for:

  • Organization lookups
  • Status filtering
  • Date-based queries
  • User-specific queries
Caching
  • Compliance profiles cached
  • Check results cached (1 hour)
  • Report metadata cached
Async Operations
  • Report generation
  • Automated checks
  • Violation notifications
  • Evidence collection

Security

Data Protection
  • Audit logs are immutable
  • Evidence files use SHA256 hashing
  • Sensitive data encrypted at rest
  • Access logs for compliance data
Access Control
  • Only org owners/admins can manage compliance
  • Compliance contacts get read-only access
  • Auditors get time-limited export access

Roadmap

  • Automated policy document generation
  • Integration with security scanning tools
  • Real-time compliance monitoring dashboard
  • AI-powered compliance recommendations
  • Third-party auditor portal
  • Compliance certifications marketplace

Support

For enterprise support and compliance consulting:

Built with ❀️ for enterprise security and compliance

Documentation ΒΆ

Index ΒΆ

Constants ΒΆ

View Source 
const (
	// Profile errors
	CodeProfileNotFound  = "COMPLIANCE_PROFILE_NOT_FOUND"
	CodeProfileExists    = "COMPLIANCE_PROFILE_EXISTS"
	CodeInvalidProfile   = "COMPLIANCE_INVALID_PROFILE"
	CodeTemplateNotFound = "COMPLIANCE_TEMPLATE_NOT_FOUND"

	// Check errors
	CodeCheckNotFound    = "COMPLIANCE_CHECK_NOT_FOUND"
	CodeCheckFailed      = "COMPLIANCE_CHECK_FAILED"
	CodeInvalidCheckType = "COMPLIANCE_INVALID_CHECK_TYPE"

	// Violation errors
	CodeViolationNotFound = "COMPLIANCE_VIOLATION_NOT_FOUND"
	CodeViolationExists   = "COMPLIANCE_VIOLATION_EXISTS"
	CodeCannotResolve     = "COMPLIANCE_CANNOT_RESOLVE"

	// Report errors
	CodeReportNotFound    = "COMPLIANCE_REPORT_NOT_FOUND"
	CodeReportGenerating  = "COMPLIANCE_REPORT_GENERATING"
	CodeReportFailed      = "COMPLIANCE_REPORT_FAILED"
	CodeInvalidReportType = "COMPLIANCE_INVALID_REPORT_TYPE"
	CodeInvalidFormat     = "COMPLIANCE_INVALID_FORMAT"

	// Evidence errors
	CodeEvidenceNotFound = "COMPLIANCE_EVIDENCE_NOT_FOUND"
	CodeInvalidEvidence  = "COMPLIANCE_INVALID_EVIDENCE"
	CodeEvidenceExpired  = "COMPLIANCE_EVIDENCE_EXPIRED"

	// Policy errors
	CodePolicyNotFound    = "COMPLIANCE_POLICY_NOT_FOUND"
	CodePolicyExists      = "COMPLIANCE_POLICY_EXISTS"
	CodeInvalidPolicy     = "COMPLIANCE_INVALID_POLICY"
	CodePolicyNotApproved = "COMPLIANCE_POLICY_NOT_APPROVED"

	// Training errors
	CodeTrainingNotFound   = "COMPLIANCE_TRAINING_NOT_FOUND"
	CodeTrainingIncomplete = "COMPLIANCE_TRAINING_INCOMPLETE"
	CodeTrainingExpired    = "COMPLIANCE_TRAINING_EXPIRED"

	// Policy enforcement errors
	CodeMFARequired      = "COMPLIANCE_MFA_REQUIRED"
	CodeWeakPassword     = "COMPLIANCE_WEAK_PASSWORD"
	CodeSessionExpired   = "COMPLIANCE_SESSION_EXPIRED"
	CodeAccessDenied     = "COMPLIANCE_ACCESS_DENIED"
	CodeTrainingRequired = "COMPLIANCE_TRAINING_REQUIRED"

	// General errors
	CodeNotAuthorized     = "COMPLIANCE_NOT_AUTHORIZED"
	CodeInvalidInput      = "COMPLIANCE_INVALID_INPUT"
	CodeInternalError     = "COMPLIANCE_INTERNAL_ERROR"
	CodeInvalidPagination = "COMPLIANCE_INVALID_PAGINATION"
	CodeQueryFailed       = "COMPLIANCE_QUERY_FAILED"
	CodeOperationFailed   = "COMPLIANCE_OPERATION_FAILED"
)

Error codes for compliance operations

Variables ΒΆ

View Source 
var ComplianceTemplates = map[ComplianceStandard]ComplianceTemplate{
	StandardSOC2: {
		Standard:    StandardSOC2,
		Name:        "SOC 2 Type II",
		Description: "Service Organization Control 2 - Trust Services Criteria",

		MFARequired:       true,
		PasswordMinLength: 12,
		SessionMaxAge:     86400,

		RetentionDays:      90,
		DataResidency:      "",
		AuditFrequencyDays: 90,

		RequiredPolicies: []string{
			"access_control",
			"password_policy",
			"data_classification",
			"incident_response",
			"change_management",
			"vendor_management",
			"backup_recovery",
		},

		RequiredTraining: []string{
			"security_awareness",
			"data_handling",
			"incident_reporting",
		},
	},

	StandardHIPAA: {
		Standard:    StandardHIPAA,
		Name:        "HIPAA (Health Insurance Portability and Accountability Act)",
		Description: "Healthcare data protection and privacy requirements",

		MFARequired:       true,
		PasswordMinLength: 14,
		SessionMaxAge:     3600,

		RetentionDays:      2555,
		DataResidency:      "US",
		AuditFrequencyDays: 30,

		RequiredPolicies: []string{
			"access_control",
			"password_policy",
			"data_encryption",
			"audit_controls",
			"breach_notification",
			"business_associate_agreement",
			"minimum_necessary",
			"emergency_access",
			"data_integrity",
			"transmission_security",
		},

		RequiredTraining: []string{
			"hipaa_basics",
			"phi_handling",
			"privacy_practices",
			"security_awareness",
			"breach_prevention",
		},
	},

	StandardPCIDSS: {
		Standard:    StandardPCIDSS,
		Name:        "PCI-DSS (Payment Card Industry Data Security Standard)",
		Description: "Payment card data security requirements",

		MFARequired:       true,
		PasswordMinLength: 15,
		SessionMaxAge:     900,

		RetentionDays:      365,
		DataResidency:      "",
		AuditFrequencyDays: 90,

		RequiredPolicies: []string{
			"firewall_configuration",
			"password_policy",
			"cardholder_data_protection",
			"encryption_transmission",
			"antivirus",
			"secure_systems",
			"access_control",
			"unique_ids",
			"physical_access",
			"network_monitoring",
			"security_testing",
			"information_security_policy",
		},

		RequiredTraining: []string{
			"pci_awareness",
			"cardholder_data_handling",
			"security_best_practices",
			"incident_response",
		},
	},

	StandardGDPR: {
		Standard:    StandardGDPR,
		Name:        "GDPR (General Data Protection Regulation)",
		Description: "EU data protection and privacy regulation",

		MFARequired:       true,
		PasswordMinLength: 12,
		SessionMaxAge:     86400,

		RetentionDays:      90,
		DataResidency:      "EU",
		AuditFrequencyDays: 90,

		RequiredPolicies: []string{
			"privacy_policy",
			"data_processing_agreement",
			"consent_management",
			"data_breach_notification",
			"right_to_access",
			"right_to_erasure",
			"right_to_portability",
			"data_protection_impact_assessment",
			"data_retention",
			"vendor_management",
		},

		RequiredTraining: []string{
			"gdpr_fundamentals",
			"data_subject_rights",
			"privacy_by_design",
			"breach_notification",
			"lawful_basis",
		},
	},

	StandardISO27001: {
		Standard:    StandardISO27001,
		Name:        "ISO/IEC 27001",
		Description: "Information Security Management System standard",

		MFARequired:       true,
		PasswordMinLength: 12,
		SessionMaxAge:     86400,

		RetentionDays:      180,
		DataResidency:      "",
		AuditFrequencyDays: 180,

		RequiredPolicies: []string{
			"information_security_policy",
			"access_control",
			"asset_management",
			"cryptography",
			"physical_security",
			"operations_security",
			"communications_security",
			"acquisition_development",
			"supplier_relationships",
			"incident_management",
			"business_continuity",
			"compliance",
		},

		RequiredTraining: []string{
			"security_awareness",
			"isms_overview",
			"risk_management",
			"incident_handling",
		},
	},

	StandardCCPA: {
		Standard:    StandardCCPA,
		Name:        "CCPA (California Consumer Privacy Act)",
		Description: "California privacy rights and consumer protection",

		MFARequired:       false,
		PasswordMinLength: 12,
		SessionMaxAge:     86400,

		RetentionDays:      365,
		DataResidency:      "US",
		AuditFrequencyDays: 90,

		RequiredPolicies: []string{
			"privacy_notice",
			"consumer_rights",
			"data_collection_notice",
			"opt_out_rights",
			"data_deletion",
			"data_disclosure",
			"non_discrimination",
			"authorized_agent",
		},

		RequiredTraining: []string{
			"ccpa_overview",
			"consumer_requests",
			"data_inventory",
			"privacy_rights",
		},
	},
}

ComplianceTemplates provides predefined compliance templates

Functions ΒΆ

func AccessDenied ΒΆ 

func AccessDenied(reason string) *errs.AuthsomeError

func CannotResolve ΒΆ 

func CannotResolve(id string, reason string) *errs.AuthsomeError

func CheckFailed ΒΆ 

func CheckFailed(checkType string, reason string) *errs.AuthsomeError

func CheckNotFound ΒΆ 

func CheckNotFound(id string) *errs.AuthsomeError

func CreateTables ΒΆ 

func CreateTables(ctx context.Context, db *bun.DB) error

CreateTables creates all compliance tables

func DropTables ΒΆ 

func DropTables(ctx context.Context, db *bun.DB) error

DropTables drops all compliance tables (for testing)

func EvidenceExpired ΒΆ 

func EvidenceExpired(id string) *errs.AuthsomeError

func EvidenceNotFound ΒΆ 

func EvidenceNotFound(id string) *errs.AuthsomeError

func GetTemplateNames ΒΆ 

func GetTemplateNames() []string

GetTemplateNames returns all available template names

func InternalError ΒΆ 

func InternalError(operation string, err error) *errs.AuthsomeError

func InvalidCheckType ΒΆ 

func InvalidCheckType(checkType string) *errs.AuthsomeError

func InvalidEvidence ΒΆ 

func InvalidEvidence(reason string) *errs.AuthsomeError

func InvalidFormat ΒΆ 

func InvalidFormat(format string) *errs.AuthsomeError

func InvalidInput ΒΆ 

func InvalidInput(field string, reason string) *errs.AuthsomeError

func InvalidPagination ΒΆ 

func InvalidPagination(reason string) *errs.AuthsomeError

func InvalidPolicy ΒΆ 

func InvalidPolicy(reason string) *errs.AuthsomeError

func InvalidProfile ΒΆ 

func InvalidProfile(reason string) *errs.AuthsomeError

func InvalidReportType ΒΆ 

func InvalidReportType(reportType string) *errs.AuthsomeError

func MFARequired ΒΆ 

func MFARequired() *errs.AuthsomeError

func NotAuthorized ΒΆ 

func NotAuthorized() *errs.AuthsomeError

func OperationFailed ΒΆ 

func OperationFailed(operation string, reason string) *errs.AuthsomeError

func PolicyExists ΒΆ 

func PolicyExists(policyType string) *errs.AuthsomeError

func PolicyNotApproved ΒΆ 

func PolicyNotApproved(id string) *errs.AuthsomeError

func PolicyNotFound ΒΆ 

func PolicyNotFound(id string) *errs.AuthsomeError

func ProfileExists ΒΆ 

func ProfileExists(appID string) *errs.AuthsomeError

func ProfileNotFound ΒΆ 

func ProfileNotFound(id string) *errs.AuthsomeError

func QueryFailed ΒΆ 

func QueryFailed(operation string, err error) *errs.AuthsomeError

func RegisterModels ΒΆ 

func RegisterModels(db *bun.DB)

RegisterModels registers compliance models with Bun

func ReportFailed ΒΆ 

func ReportFailed(id string, reason string) *errs.AuthsomeError

func ReportGenerating ΒΆ 

func ReportGenerating(id string) *errs.AuthsomeError

func ReportNotFound ΒΆ 

func ReportNotFound(id string) *errs.AuthsomeError

func SessionExpired ΒΆ 

func SessionExpired(reason string) *errs.AuthsomeError

func TemplateNotFound ΒΆ 

func TemplateNotFound(standard string) *errs.AuthsomeError

func TrainingExpired ΒΆ 

func TrainingExpired(userID string, trainingType string) *errs.AuthsomeError

func TrainingIncomplete ΒΆ 

func TrainingIncomplete(userID string, trainingType string) *errs.AuthsomeError

func TrainingNotFound ΒΆ 

func TrainingNotFound(id string) *errs.AuthsomeError

func TrainingRequired ΒΆ 

func TrainingRequired(trainingType string) *errs.AuthsomeError

func ViolationExists ΒΆ 

func ViolationExists(violationType string, userID string) *errs.AuthsomeError

func ViolationNotFound ΒΆ 

func ViolationNotFound(id string) *errs.AuthsomeError

func WeakPassword ΒΆ 

func WeakPassword(reason string) *errs.AuthsomeError

Types ΒΆ

type App ΒΆ 

type App struct {
	ID   string
	Name string
}

type AppService ΒΆ 

type AppService interface {
	Get(ctx context.Context, id string) (*App, error)
}

type AppServiceAdapter ΒΆ 

type AppServiceAdapter struct {
	// contains filtered or unexported fields
}

AppServiceAdapter adapts the app service (from multi-tenancy plugin)

func NewAppServiceAdapter ΒΆ 

func NewAppServiceAdapter(svc interface{}) *AppServiceAdapter

NewAppServiceAdapter creates a new app service adapter

func (*AppServiceAdapter) Get ΒΆ 

func (a *AppServiceAdapter) Get(ctx context.Context, id string) (*App, error)

Get retrieves an app by ID

type AuditConfig ΒΆ 

type AuditConfig struct {
	// Minimum retention days (enforced for all orgs)
	MinRetentionDays int `json:"minRetentionDays" yaml:"minRetentionDays"`

	// Maximum retention days
	MaxRetentionDays int `json:"maxRetentionDays" yaml:"maxRetentionDays"`

	// Detailed audit trail (log all field changes)
	DetailedTrail bool `json:"detailedTrail" yaml:"detailedTrail"`

	// Immutable audit logs (cannot be deleted/modified)
	Immutable bool `json:"immutable" yaml:"immutable"`

	// Audit log export format
	ExportFormat string `json:"exportFormat" yaml:"exportFormat"` // json, csv, pdf

	// Enable audit log signing (for tamper detection)
	SignLogs bool `json:"signLogs" yaml:"signLogs"`
}

AuditConfig configures audit trail settings

type AuditEvent ΒΆ 

type AuditEvent struct {
	Action     string
	AppID      string
	ResourceID string
	Metadata   map[string]interface{}
}

Helper types

type AuditLog ΒΆ 

type AuditLog struct {
	CreatedAt time.Time
}

type AuditService ΒΆ 

type AuditService interface {
	LogEvent(ctx context.Context, event *AuditEvent) error
	GetOldestLog(ctx context.Context, appID string) (*AuditLog, error)
}

External service interfaces

type AuditServiceAdapter ΒΆ 

type AuditServiceAdapter struct {
	// contains filtered or unexported fields
}

AuditServiceAdapter adapts AuthSome's audit service to compliance service expectations

func NewAuditServiceAdapter ΒΆ 

func NewAuditServiceAdapter(svc *audit.Service) *AuditServiceAdapter

NewAuditServiceAdapter creates a new audit service adapter

func (*AuditServiceAdapter) GetOldestLog ΒΆ 

func (a *AuditServiceAdapter) GetOldestLog(ctx context.Context, appID string) (*AuditLog, error)

GetOldestLog retrieves the oldest audit log for data retention checks

func (*AuditServiceAdapter) LogEvent ΒΆ 

func (a *AuditServiceAdapter) LogEvent(ctx context.Context, event *AuditEvent) error

LogEvent logs a compliance audit event

type AutomatedChecksConfig ΒΆ 

type AutomatedChecksConfig struct {
	Enabled       bool          `json:"enabled" yaml:"enabled"`
	CheckInterval time.Duration `json:"checkInterval" yaml:"checkInterval"` // e.g., 24h

	// Specific checks
	MFACoverage        bool `json:"mfaCoverage" yaml:"mfaCoverage"`
	PasswordPolicy     bool `json:"passwordPolicy" yaml:"passwordPolicy"`
	SessionPolicy      bool `json:"sessionPolicy" yaml:"sessionPolicy"`
	AccessReview       bool `json:"accessReview" yaml:"accessReview"`
	InactiveUsers      bool `json:"inactiveUsers" yaml:"inactiveUsers"`
	SuspiciousActivity bool `json:"suspiciousActivity" yaml:"suspiciousActivity"`
	DataRetention      bool `json:"dataRetention" yaml:"dataRetention"`
}

AutomatedChecksConfig configures automated compliance checks

type BunRepository ΒΆ 

type BunRepository struct {
	// contains filtered or unexported fields
}

BunRepository implements the Repository interface using Bun ORM

func (*BunRepository) CountViolations ΒΆ 

func (r *BunRepository) CountViolations(ctx context.Context, appID string, status string) (int, error)

func (*BunRepository) CreateCheck ΒΆ 

func (r *BunRepository) CreateCheck(ctx context.Context, check *ComplianceCheck) error

func (*BunRepository) CreateEvidence ΒΆ 

func (r *BunRepository) CreateEvidence(ctx context.Context, evidence *ComplianceEvidence) error

func (*BunRepository) CreatePolicy ΒΆ 

func (r *BunRepository) CreatePolicy(ctx context.Context, policy *CompliancePolicy) error

func (*BunRepository) CreateProfile ΒΆ 

func (r *BunRepository) CreateProfile(ctx context.Context, profile *ComplianceProfile) error

func (*BunRepository) CreateReport ΒΆ 

func (r *BunRepository) CreateReport(ctx context.Context, report *ComplianceReport) error

func (*BunRepository) CreateTraining ΒΆ 

func (r *BunRepository) CreateTraining(ctx context.Context, training *ComplianceTraining) error

func (*BunRepository) CreateViolation ΒΆ 

func (r *BunRepository) CreateViolation(ctx context.Context, violation *ComplianceViolation) error

func (*BunRepository) DeleteEvidence ΒΆ 

func (r *BunRepository) DeleteEvidence(ctx context.Context, id string) error

func (*BunRepository) DeletePolicy ΒΆ 

func (r *BunRepository) DeletePolicy(ctx context.Context, id string) error

func (*BunRepository) DeleteProfile ΒΆ 

func (r *BunRepository) DeleteProfile(ctx context.Context, id string) error

func (*BunRepository) DeleteReport ΒΆ 

func (r *BunRepository) DeleteReport(ctx context.Context, id string) error

func (*BunRepository) GetActivePolicies ΒΆ 

func (r *BunRepository) GetActivePolicies(ctx context.Context, appID string) ([]*CompliancePolicy, error)

func (*BunRepository) GetCheck ΒΆ 

func (r *BunRepository) GetCheck(ctx context.Context, id string) (*ComplianceCheck, error)

func (*BunRepository) GetDueChecks ΒΆ 

func (r *BunRepository) GetDueChecks(ctx context.Context) ([]*ComplianceCheck, error)

func (*BunRepository) GetEvidence ΒΆ 

func (r *BunRepository) GetEvidence(ctx context.Context, id string) (*ComplianceEvidence, error)

func (*BunRepository) GetOverdueTraining ΒΆ 

func (r *BunRepository) GetOverdueTraining(ctx context.Context, appID string) ([]*ComplianceTraining, error)

func (*BunRepository) GetPolicy ΒΆ 

func (r *BunRepository) GetPolicy(ctx context.Context, id string) (*CompliancePolicy, error)

func (*BunRepository) GetProfile ΒΆ 

func (r *BunRepository) GetProfile(ctx context.Context, id string) (*ComplianceProfile, error)

func (*BunRepository) GetProfileByApp ΒΆ 

func (r *BunRepository) GetProfileByApp(ctx context.Context, appID string) (*ComplianceProfile, error)

func (*BunRepository) GetReport ΒΆ 

func (r *BunRepository) GetReport(ctx context.Context, id string) (*ComplianceReport, error)

func (*BunRepository) GetTraining ΒΆ 

func (r *BunRepository) GetTraining(ctx context.Context, id string) (*ComplianceTraining, error)

func (*BunRepository) GetUserTrainingStatus ΒΆ 

func (r *BunRepository) GetUserTrainingStatus(ctx context.Context, userID string) ([]*ComplianceTraining, error)

func (*BunRepository) GetViolation ΒΆ 

func (r *BunRepository) GetViolation(ctx context.Context, id string) (*ComplianceViolation, error)

func (*BunRepository) ListChecks ΒΆ 

func (r *BunRepository) ListChecks(ctx context.Context, filter *ListChecksFilter) (*pagination.PageResponse[*ComplianceCheck], error)

func (*BunRepository) ListEvidence ΒΆ 

func (r *BunRepository) ListEvidence(ctx context.Context, filter *ListEvidenceFilter) (*pagination.PageResponse[*ComplianceEvidence], error)

func (*BunRepository) ListPolicies ΒΆ 

func (r *BunRepository) ListPolicies(ctx context.Context, filter *ListPoliciesFilter) (*pagination.PageResponse[*CompliancePolicy], error)

func (*BunRepository) ListProfiles ΒΆ 

func (r *BunRepository) ListProfiles(ctx context.Context, filter *ListProfilesFilter) (*pagination.PageResponse[*ComplianceProfile], error)

func (*BunRepository) ListReports ΒΆ 

func (r *BunRepository) ListReports(ctx context.Context, filter *ListReportsFilter) (*pagination.PageResponse[*ComplianceReport], error)

func (*BunRepository) ListTraining ΒΆ 

func (r *BunRepository) ListTraining(ctx context.Context, filter *ListTrainingFilter) (*pagination.PageResponse[*ComplianceTraining], error)

func (*BunRepository) ListViolations ΒΆ 

func (r *BunRepository) ListViolations(ctx context.Context, filter *ListViolationsFilter) (*pagination.PageResponse[*ComplianceViolation], error)

func (*BunRepository) ResolveViolation ΒΆ 

func (r *BunRepository) ResolveViolation(ctx context.Context, id, resolvedBy string) error

func (*BunRepository) UpdateCheck ΒΆ 

func (r *BunRepository) UpdateCheck(ctx context.Context, check *ComplianceCheck) error

func (*BunRepository) UpdatePolicy ΒΆ 

func (r *BunRepository) UpdatePolicy(ctx context.Context, policy *CompliancePolicy) error

func (*BunRepository) UpdateProfile ΒΆ 

func (r *BunRepository) UpdateProfile(ctx context.Context, profile *ComplianceProfile) error

func (*BunRepository) UpdateReport ΒΆ 

func (r *BunRepository) UpdateReport(ctx context.Context, report *ComplianceReport) error

func (*BunRepository) UpdateTraining ΒΆ 

func (r *BunRepository) UpdateTraining(ctx context.Context, training *ComplianceTraining) error

func (*BunRepository) UpdateViolation ΒΆ 

func (r *BunRepository) UpdateViolation(ctx context.Context, violation *ComplianceViolation) error

type CompleteTrainingRequest ΒΆ 

type CompleteTrainingRequest struct {
	Score int `json:"score"`
}

type ComplianceCheck ΒΆ 

type ComplianceCheck struct {
	ID            string                 `json:"id" bun:"id,pk,type:uuid,default:gen_random_uuid()"`
	ProfileID     string                 `json:"profileId" bun:"profile_id,notnull"`
	AppID         string                 `json:"appId" bun:"organization_id,notnull"` // Maps to organization_id column in DB
	CheckType     string                 `json:"checkType" bun:"check_type,notnull"`  // mfa_coverage, password_policy, etc.
	Status        string                 `json:"status" bun:"status,notnull"`         // passed, failed, warning
	Result        map[string]interface{} `json:"result" bun:"result,type:jsonb"`
	Evidence      []string               `json:"evidence" bun:"evidence,array"`
	LastCheckedAt time.Time              `json:"lastCheckedAt" bun:"last_checked_at,notnull"`
	NextCheckAt   time.Time              `json:"nextCheckAt" bun:"next_check_at,notnull"`
	CreatedAt     time.Time              `json:"createdAt" bun:"created_at,notnull,default:now()"`
}

ComplianceCheck represents an automated compliance check

type ComplianceCheckResponse ΒΆ 

type ComplianceCheckResponse struct {
	ID string `json:"id" example:"check_123"`
}

type ComplianceChecksResponse ΒΆ 

type ComplianceChecksResponse struct {
	Checks []interface{} `json:"checks"`
}

type ComplianceDashboardResponse ΒΆ 

type ComplianceDashboardResponse struct {
	Metrics interface{} `json:"metrics"`
}

type ComplianceEvidence ΒΆ 

type ComplianceEvidence struct {
	ID           string                 `json:"id" bun:"id,pk,type:uuid,default:gen_random_uuid()"`
	ProfileID    string                 `json:"profileId" bun:"profile_id,notnull"`
	AppID        string                 `json:"appId" bun:"organization_id,notnull"`      // Maps to organization_id column in DB
	EvidenceType string                 `json:"evidenceType" bun:"evidence_type,notnull"` // audit_log, policy_doc, etc.
	Standard     ComplianceStandard     `json:"standard" bun:"standard"`
	ControlID    string                 `json:"controlId" bun:"control_id"` // e.g., SOC2-CC6.1
	Title        string                 `json:"title" bun:"title,notnull"`
	Description  string                 `json:"description" bun:"description"`
	FileURL      string                 `json:"fileUrl" bun:"file_url"`
	FileHash     string                 `json:"fileHash" bun:"file_hash"` // SHA256 for integrity
	CollectedBy  string                 `json:"collectedBy" bun:"collected_by"`
	Metadata     map[string]interface{} `json:"metadata" bun:"metadata,type:jsonb"`
	CreatedAt    time.Time              `json:"createdAt" bun:"created_at,notnull,default:now()"`
}

ComplianceEvidence stores evidence for compliance audits

type ComplianceEvidenceResponse ΒΆ 

type ComplianceEvidenceResponse struct {
	ID string `json:"id" example:"evidence_123"`
}

type ComplianceEvidencesResponse ΒΆ 

type ComplianceEvidencesResponse struct {
	Evidence []interface{} `json:"evidence"`
}

type CompliancePoliciesResponse ΒΆ 

type CompliancePoliciesResponse struct {
	Policies []interface{} `json:"policies"`
}

type CompliancePolicy ΒΆ 

type CompliancePolicy struct {
	ID            string                 `json:"id" bun:"id,pk,type:uuid,default:gen_random_uuid()"`
	ProfileID     string                 `json:"profileId" bun:"profile_id,notnull"`
	AppID         string                 `json:"appId" bun:"organization_id,notnull"`  // Maps to organization_id column in DB
	PolicyType    string                 `json:"policyType" bun:"policy_type,notnull"` // password, access, data_retention
	Standard      ComplianceStandard     `json:"standard" bun:"standard"`
	Title         string                 `json:"title" bun:"title,notnull"`
	Version       string                 `json:"version" bun:"version,notnull"`
	Content       string                 `json:"content" bun:"content,notnull"`
	Status        string                 `json:"status" bun:"status,notnull"` // draft, active, deprecated
	ApprovedBy    string                 `json:"approvedBy" bun:"approved_by"`
	ApprovedAt    *time.Time             `json:"approvedAt" bun:"approved_at"`
	EffectiveDate time.Time              `json:"effectiveDate" bun:"effective_date,notnull"`
	ReviewDate    time.Time              `json:"reviewDate" bun:"review_date,notnull"`
	Metadata      map[string]interface{} `json:"metadata" bun:"metadata,type:jsonb"`
	CreatedAt     time.Time              `json:"createdAt" bun:"created_at,notnull,default:now()"`
	UpdatedAt     time.Time              `json:"updatedAt" bun:"updated_at,notnull,default:now()"`
}

CompliancePolicy represents a policy document

type CompliancePolicyResponse ΒΆ 

type CompliancePolicyResponse struct {
	ID string `json:"id" example:"policy_123"`
}

type ComplianceProfile ΒΆ 

type ComplianceProfile struct {
	ID        string               `json:"id" bun:"id,pk,type:uuid,default:gen_random_uuid()"`
	AppID     string               `json:"appId" bun:"organization_id,notnull"` // Maps to organization_id column in DB
	Name      string               `json:"name" bun:"name,notnull"`
	Standards []ComplianceStandard `json:"standards" bun:"standards,array"`
	Status    string               `json:"status" bun:"status,notnull"` // active, suspended, audit

	// Security Requirements
	MFARequired           bool `json:"mfaRequired" bun:"mfa_required"`
	PasswordMinLength     int  `json:"passwordMinLength" bun:"password_min_length"`
	PasswordRequireUpper  bool `json:"passwordRequireUpper" bun:"password_require_upper"`
	PasswordRequireLower  bool `json:"passwordRequireLower" bun:"password_require_lower"`
	PasswordRequireNumber bool `json:"passwordRequireNumber" bun:"password_require_number"`
	PasswordRequireSymbol bool `json:"passwordRequireSymbol" bun:"password_require_symbol"`
	PasswordExpiryDays    int  `json:"passwordExpiryDays" bun:"password_expiry_days"` // 0 = never

	// Session Requirements
	SessionMaxAge      int  `json:"sessionMaxAge" bun:"session_max_age"`           // seconds
	SessionIdleTimeout int  `json:"sessionIdleTimeout" bun:"session_idle_timeout"` // seconds
	SessionIPBinding   bool `json:"sessionIpBinding" bun:"session_ip_binding"`

	// Audit Requirements
	RetentionDays      int  `json:"retentionDays" bun:"retention_days"`
	AuditLogExport     bool `json:"auditLogExport" bun:"audit_log_export"`
	DetailedAuditTrail bool `json:"detailedAuditTrail" bun:"detailed_audit_trail"`

	// Data Requirements
	DataResidency       string `json:"dataResidency" bun:"data_residency"` // US, EU, APAC
	EncryptionAtRest    bool   `json:"encryptionAtRest" bun:"encryption_at_rest"`
	EncryptionInTransit bool   `json:"encryptionInTransit" bun:"encryption_in_transit"`

	// Access Control
	RBACRequired        bool `json:"rbacRequired" bun:"rbac_required"`
	LeastPrivilege      bool `json:"leastPrivilege" bun:"least_privilege"`
	RegularAccessReview bool `json:"regularAccessReview" bun:"regular_access_review"`

	// Contact
	ComplianceContact string `json:"complianceContact" bun:"compliance_contact"`
	DPOContact        string `json:"dpoContact" bun:"dpo_contact"` // Data Protection Officer

	// Metadata
	Metadata  map[string]interface{} `json:"metadata" bun:"metadata,type:jsonb"`
	CreatedAt time.Time              `json:"createdAt" bun:"created_at,notnull,default:now()"`
	UpdatedAt time.Time              `json:"updatedAt" bun:"updated_at,notnull,default:now()"`
}

ComplianceProfile defines compliance requirements for an app

func CreateProfileFromTemplate ΒΆ 

func CreateProfileFromTemplate(appID string, standard ComplianceStandard) (*ComplianceProfile, error)

CreateProfileFromTemplate creates a compliance profile from a template

type ComplianceProfileResponse ΒΆ 

type ComplianceProfileResponse struct {
	ID string `json:"id" example:"profile_123"`
}

type ComplianceReport ΒΆ 

type ComplianceReport struct {
	ID          string                 `json:"id" bun:"id,pk,type:uuid,default:gen_random_uuid()"`
	ProfileID   string                 `json:"profileId" bun:"profile_id,notnull"`
	AppID       string                 `json:"appId" bun:"organization_id,notnull"`  // Maps to organization_id column in DB
	ReportType  string                 `json:"reportType" bun:"report_type,notnull"` // soc2, hipaa, audit_export
	Standard    ComplianceStandard     `json:"standard" bun:"standard"`
	Period      string                 `json:"period" bun:"period,notnull"` // 2025-Q1, 2025-11
	Format      string                 `json:"format" bun:"format,notnull"` // pdf, json, csv
	Status      string                 `json:"status" bun:"status,notnull"` // generating, ready, failed
	FileURL     string                 `json:"fileUrl" bun:"file_url"`
	FileSize    int64                  `json:"fileSize" bun:"file_size"`
	Summary     map[string]interface{} `json:"summary" bun:"summary,type:jsonb"`
	GeneratedBy string                 `json:"generatedBy" bun:"generated_by"`
	CreatedAt   time.Time              `json:"createdAt" bun:"created_at,notnull,default:now()"`
	ExpiresAt   time.Time              `json:"expiresAt" bun:"expires_at"`
}

ComplianceReport represents a generated compliance report

type ComplianceReportFileResponse ΒΆ 

type ComplianceReportFileResponse struct {
	ContentType string `json:"content_type" example:"application/pdf"`
	Data        []byte `json:"data"`
}

type ComplianceReportResponse ΒΆ 

type ComplianceReportResponse struct {
	ID string `json:"id" example:"report_123"`
}

type ComplianceReportsResponse ΒΆ 

type ComplianceReportsResponse struct {
	Reports []interface{} `json:"reports"`
}

type ComplianceStandard ΒΆ 

type ComplianceStandard string

ComplianceStandard represents different compliance frameworks 

const (
	StandardSOC2     ComplianceStandard = "SOC2"
	StandardHIPAA    ComplianceStandard = "HIPAA"
	StandardPCIDSS   ComplianceStandard = "PCI-DSS"
	StandardGDPR     ComplianceStandard = "GDPR"
	StandardISO27001 ComplianceStandard = "ISO27001"
	StandardCCPA     ComplianceStandard = "CCPA"
)

type ComplianceStatus ΒΆ 

type ComplianceStatus struct {
	ProfileID     string             `json:"profileId"`
	AppID         string             `json:"appId"`
	Standard      ComplianceStandard `json:"standard"`
	OverallStatus string             `json:"overallStatus"` // compliant, non_compliant, in_progress
	Score         int                `json:"score"`         // 0-100
	ChecksPassed  int                `json:"checksPassed"`
	ChecksFailed  int                `json:"checksFailed"`
	ChecksWarning int                `json:"checksWarning"`
	Violations    int                `json:"violations"`
	LastChecked   time.Time          `json:"lastChecked"`
	NextAudit     time.Time          `json:"nextAudit"`
}

ComplianceStatus represents overall compliance status

type ComplianceStatusDetailsResponse ΒΆ 

type ComplianceStatusDetailsResponse struct {
	Status string `json:"status" example:"compliant"`
}

type ComplianceStatusResponse ΒΆ 

type ComplianceStatusResponse struct {
	Status string `json:"status" example:"success"`
}

DTOs for compliance routes

type ComplianceTemplate ΒΆ 

type ComplianceTemplate struct {
	Standard           ComplianceStandard `json:"standard"`
	Name               string             `json:"name"`
	Description        string             `json:"description"`
	MFARequired        bool               `json:"mfaRequired"`
	PasswordMinLength  int                `json:"passwordMinLength"`
	SessionMaxAge      int                `json:"sessionMaxAge"`
	RetentionDays      int                `json:"retentionDays"`
	DataResidency      string             `json:"dataResidency"`
	RequiredPolicies   []string           `json:"requiredPolicies"`
	RequiredTraining   []string           `json:"requiredTraining"`
	AuditFrequencyDays int                `json:"auditFrequencyDays"`
}

ComplianceTemplate represents a predefined compliance template

func GetTemplate ΒΆ 

func GetTemplate(standard ComplianceStandard) (ComplianceTemplate, bool)

GetTemplate returns a compliance template for a standard

type ComplianceTemplateResponse ΒΆ 

type ComplianceTemplateResponse struct {
	Standard string `json:"standard" example:"GDPR"`
}

type ComplianceTemplatesResponse ΒΆ 

type ComplianceTemplatesResponse struct {
	Templates []interface{} `json:"templates"`
}

type ComplianceTraining ΒΆ 

type ComplianceTraining struct {
	ID           string                 `json:"id" bun:"id,pk,type:uuid,default:gen_random_uuid()"`
	ProfileID    string                 `json:"profileId" bun:"profile_id,notnull"`
	AppID        string                 `json:"appId" bun:"organization_id,notnull"` // Maps to organization_id column in DB
	UserID       string                 `json:"userId" bun:"user_id,notnull"`
	TrainingType string                 `json:"trainingType" bun:"training_type,notnull"` // security_awareness, hipaa_basics
	Standard     ComplianceStandard     `json:"standard" bun:"standard"`
	Status       string                 `json:"status" bun:"status,notnull"` // required, in_progress, completed
	CompletedAt  *time.Time             `json:"completedAt" bun:"completed_at"`
	ExpiresAt    *time.Time             `json:"expiresAt" bun:"expires_at"`
	Score        int                    `json:"score" bun:"score"` // percentage
	Metadata     map[string]interface{} `json:"metadata" bun:"metadata,type:jsonb"`
	CreatedAt    time.Time              `json:"createdAt" bun:"created_at,notnull,default:now()"`
}

ComplianceTraining tracks compliance training completion

type ComplianceTrainingResponse ΒΆ 

type ComplianceTrainingResponse struct {
	ID string `json:"id" example:"training_123"`
}

type ComplianceTrainingsResponse ΒΆ 

type ComplianceTrainingsResponse struct {
	Training []interface{} `json:"training"`
}

type ComplianceUserTrainingResponse ΒΆ 

type ComplianceUserTrainingResponse struct {
	UserID string `json:"user_id" example:"user_123"`
}

type ComplianceViolation ΒΆ 

type ComplianceViolation struct {
	ID            string                 `json:"id" bun:"id,pk,type:uuid,default:gen_random_uuid()"`
	ProfileID     string                 `json:"profileId" bun:"profile_id,notnull"`
	AppID         string                 `json:"appId" bun:"organization_id,notnull"` // Maps to organization_id column in DB
	UserID        string                 `json:"userId" bun:"user_id"`
	ViolationType string                 `json:"violationType" bun:"violation_type,notnull"` // mfa_not_enabled, weak_password, etc.
	Severity      string                 `json:"severity" bun:"severity,notnull"`            // low, medium, high, critical
	Description   string                 `json:"description" bun:"description,notnull"`
	Status        string                 `json:"status" bun:"status,notnull"` // open, resolved, acknowledged
	ResolvedAt    *time.Time             `json:"resolvedAt" bun:"resolved_at"`
	ResolvedBy    string                 `json:"resolvedBy" bun:"resolved_by"`
	Metadata      map[string]interface{} `json:"metadata" bun:"metadata,type:jsonb"`
	CreatedAt     time.Time              `json:"createdAt" bun:"created_at,notnull,default:now()"`
}

ComplianceViolation represents a policy violation

type ComplianceViolationResponse ΒΆ 

type ComplianceViolationResponse struct {
	ID string `json:"id" example:"violation_123"`
}

type ComplianceViolationsResponse ΒΆ 

type ComplianceViolationsResponse struct {
	Violations []interface{} `json:"violations"`
}

type Config ΒΆ 

type Config struct {
	// Enable compliance plugin
	Enabled bool `json:"enabled" yaml:"enabled"`

	// Default compliance standard for new organizations
	DefaultStandard ComplianceStandard `json:"defaultStandard" yaml:"defaultStandard"`

	// Automated checks configuration
	AutomatedChecks AutomatedChecksConfig `json:"automatedChecks" yaml:"automatedChecks"`

	// Audit configuration
	Audit AuditConfig `json:"audit" yaml:"audit"`

	// Report configuration
	Reports ReportsConfig `json:"reports" yaml:"reports"`

	// Retention configuration
	Retention RetentionConfig `json:"retention" yaml:"retention"`

	// Notifications
	Notifications NotificationsConfig `json:"notifications" yaml:"notifications"`

	// Dashboard configuration
	Dashboard DashboardConfig `json:"dashboard" yaml:"dashboard"`
}

Config holds the compliance plugin configuration

func DefaultConfig ΒΆ 

func DefaultConfig() *Config

DefaultConfig returns the default configuration

func (*Config) Validate ΒΆ 

func (c *Config) Validate()

Validate ensures the configuration has sensible defaults

type CreateEvidenceRequest ΒΆ 

type CreateEvidenceRequest struct {
	EvidenceType string             `json:"evidenceType" validate:"required"`
	Standard     ComplianceStandard `json:"standard"`
	ControlID    string             `json:"controlId"`
	Title        string             `json:"title" validate:"required"`
	Description  string             `json:"description"`
	FileURL      string             `json:"fileUrl"`
}

type CreatePolicyRequest ΒΆ 

type CreatePolicyRequest struct {
	PolicyType string             `json:"policyType" validate:"required"`
	Standard   ComplianceStandard `json:"standard"`
	Title      string             `json:"title" validate:"required"`
	Version    string             `json:"version" validate:"required"`
	Content    string             `json:"content" validate:"required"`
}

type CreateProfileFromTemplateRequest ΒΆ 

type CreateProfileFromTemplateRequest struct {
	Standard ComplianceStandard `json:"standard" validate:"required"`
}

type CreateProfileRequest ΒΆ 

type CreateProfileRequest struct {
	AppID                 string                 `json:"appId"`
	Name                  string                 `json:"name" validate:"required"`
	Standards             []ComplianceStandard   `json:"standards"`
	MFARequired           bool                   `json:"mfaRequired"`
	PasswordMinLength     int                    `json:"passwordMinLength"`
	PasswordRequireUpper  bool                   `json:"passwordRequireUpper"`
	PasswordRequireLower  bool                   `json:"passwordRequireLower"`
	PasswordRequireNumber bool                   `json:"passwordRequireNumber"`
	PasswordRequireSymbol bool                   `json:"passwordRequireSymbol"`
	PasswordExpiryDays    int                    `json:"passwordExpiryDays"`
	SessionMaxAge         int                    `json:"sessionMaxAge"`
	SessionIdleTimeout    int                    `json:"sessionIdleTimeout"`
	SessionIPBinding      bool                   `json:"sessionIpBinding"`
	RetentionDays         int                    `json:"retentionDays"`
	AuditLogExport        bool                   `json:"auditLogExport"`
	DetailedAuditTrail    bool                   `json:"detailedAuditTrail"`
	DataResidency         string                 `json:"dataResidency"`
	EncryptionAtRest      bool                   `json:"encryptionAtRest"`
	EncryptionInTransit   bool                   `json:"encryptionInTransit"`
	RBACRequired          bool                   `json:"rbacRequired"`
	LeastPrivilege        bool                   `json:"leastPrivilege"`
	RegularAccessReview   bool                   `json:"regularAccessReview"`
	ComplianceContact     string                 `json:"complianceContact"`
	DPOContact            string                 `json:"dpoContact"`
	Metadata              map[string]interface{} `json:"metadata"`
}

Helper structs and interfaces

type CreateTrainingRequest ΒΆ 

type CreateTrainingRequest struct {
	UserID       string             `json:"userId" validate:"required"`
	TrainingType string             `json:"trainingType" validate:"required"`
	Standard     ComplianceStandard `json:"standard"`
}

type DashboardConfig ΒΆ 

type DashboardConfig struct {
	// Enable compliance dashboard
	Enabled bool `json:"enabled" yaml:"enabled"`

	// Dashboard path
	Path string `json:"path" yaml:"path"` // e.g., /auth/compliance

	// Show overall compliance score
	ShowScore bool `json:"showScore" yaml:"showScore"`

	// Show violations
	ShowViolations bool `json:"showViolations" yaml:"showViolations"`

	// Show recent checks
	ShowRecentChecks bool `json:"showRecentChecks" yaml:"showRecentChecks"`

	// Show reports
	ShowReports bool `json:"showReports" yaml:"showReports"`
}

DashboardConfig configures the compliance dashboard

type Email ΒΆ 

type Email struct {
	To      string
	Subject string
	Body    string
}

type EmailService ΒΆ 

type EmailService interface {
	SendEmail(ctx context.Context, email *Email) error
}

type EmailServiceAdapter ΒΆ 

type EmailServiceAdapter struct {
	// contains filtered or unexported fields
}

EmailServiceAdapter adapts the notification service for email sending

func NewEmailServiceAdapter ΒΆ 

func NewEmailServiceAdapter(svc *notification.Service) *EmailServiceAdapter

NewEmailServiceAdapter creates a new email service adapter

func (*EmailServiceAdapter) SendCheckFailure ΒΆ 

func (a *EmailServiceAdapter) SendCheckFailure(ctx context.Context, check *ComplianceCheck, recipients []string) error

SendCheckFailure sends an alert about a failed compliance check

func (*EmailServiceAdapter) SendCompliance ΒΆ 

func (a *EmailServiceAdapter) SendCompliance(ctx context.Context, to []string, subject, body string) error

SendCompliance sends a compliance-related email (convenience method)

func (*EmailServiceAdapter) SendEmail ΒΆ 

func (a *EmailServiceAdapter) SendEmail(ctx context.Context, email *Email) error

SendEmail sends an email using the notification service

func (*EmailServiceAdapter) SendViolationAlert ΒΆ 

func (a *EmailServiceAdapter) SendViolationAlert(ctx context.Context, violation *ComplianceViolation, recipients []string) error

SendViolationAlert sends an alert about a compliance violation

type ErrorResponse ΒΆ 

type ErrorResponse = responses.ErrorResponse

Response types - use shared responses from core

type GenerateReportRequest ΒΆ 

type GenerateReportRequest struct {
	ReportType string             `json:"reportType" validate:"required"`
	Standard   ComplianceStandard `json:"standard"`
	Period     string             `json:"period" validate:"required"`
	Format     string             `json:"format" validate:"required"`
}

type Handler ΒΆ 

type Handler struct {
	// contains filtered or unexported fields
}

Handler handles HTTP requests for compliance endpoints

func NewHandler ΒΆ 

func NewHandler(service *Service, policyEngine *PolicyEngine) *Handler

NewHandler creates a new compliance handler

func (*Handler) CompleteTraining ΒΆ 

func (h *Handler) CompleteTraining(c forge.Context) error

CompleteTraining marks training as completed PUT /auth/compliance/training/:id/complete

func (*Handler) CreateEvidence ΒΆ 

func (h *Handler) CreateEvidence(c forge.Context) error

CreateEvidence creates compliance evidence POST /auth/compliance/apps/:appId/evidence

func (*Handler) CreatePolicy ΒΆ 

func (h *Handler) CreatePolicy(c forge.Context) error

CreatePolicy creates a compliance policy POST /auth/compliance/apps/:appId/policies

func (*Handler) CreateProfile ΒΆ 

func (h *Handler) CreateProfile(c forge.Context) error

CreateProfile creates a new compliance profile POST /auth/compliance/profiles

func (*Handler) CreateProfileFromTemplate ΒΆ 

func (h *Handler) CreateProfileFromTemplate(c forge.Context) error

CreateProfileFromTemplate creates a profile from a template POST /auth/compliance/profiles/from-template

func (*Handler) CreateTraining ΒΆ 

func (h *Handler) CreateTraining(c forge.Context) error

CreateTraining creates a training record POST /auth/compliance/apps/:appId/training

func (*Handler) DeleteEvidence ΒΆ 

func (h *Handler) DeleteEvidence(c forge.Context) error

DeleteEvidence deletes compliance evidence DELETE /auth/compliance/evidence/:id

func (*Handler) DeletePolicy ΒΆ 

func (h *Handler) DeletePolicy(c forge.Context) error

DeletePolicy deletes a compliance policy DELETE /auth/compliance/policies/:id

func (*Handler) DeleteProfile ΒΆ 

func (h *Handler) DeleteProfile(c forge.Context) error

DeleteProfile deletes a compliance profile DELETE /auth/compliance/profiles/:id

func (*Handler) DownloadReport ΒΆ 

func (h *Handler) DownloadReport(c forge.Context) error

DownloadReport downloads a compliance report file GET /auth/compliance/reports/:id/download

func (*Handler) GenerateReport ΒΆ 

func (h *Handler) GenerateReport(c forge.Context) error

GenerateReport generates a compliance report POST /auth/compliance/apps/:appId/reports

func (*Handler) GetAppProfile ΒΆ 

func (h *Handler) GetAppProfile(c forge.Context) error

GetAppProfile retrieves the compliance profile for an app GET /auth/compliance/apps/:appId/profile

func (*Handler) GetCheck ΒΆ 

func (h *Handler) GetCheck(c forge.Context) error

GetCheck retrieves a compliance check GET /auth/compliance/checks/:id

func (*Handler) GetComplianceStatus ΒΆ 

func (h *Handler) GetComplianceStatus(c forge.Context) error

GetComplianceStatus gets overall compliance status for an app GET /auth/compliance/apps/:appId/status

func (*Handler) GetDashboard ΒΆ 

func (h *Handler) GetDashboard(c forge.Context) error

GetDashboard gets compliance dashboard data GET /auth/compliance/apps/:appId/dashboard

func (*Handler) GetEvidence ΒΆ 

func (h *Handler) GetEvidence(c forge.Context) error

GetEvidence retrieves compliance evidence GET /auth/compliance/evidence/:id

func (*Handler) GetPolicy ΒΆ 

func (h *Handler) GetPolicy(c forge.Context) error

GetPolicy retrieves a compliance policy GET /auth/compliance/policies/:id

func (*Handler) GetProfile ΒΆ 

func (h *Handler) GetProfile(c forge.Context) error

GetProfile retrieves a compliance profile GET /auth/compliance/profiles/:id

func (*Handler) GetReport ΒΆ 

func (h *Handler) GetReport(c forge.Context) error

GetReport retrieves a compliance report GET /auth/compliance/reports/:id

func (*Handler) GetTemplate ΒΆ 

func (h *Handler) GetTemplate(c forge.Context) error

GetTemplate retrieves a compliance template GET /auth/compliance/templates/:standard

func (*Handler) GetUserTraining ΒΆ 

func (h *Handler) GetUserTraining(c forge.Context) error

GetUserTraining gets training status for a user GET /auth/compliance/users/:userId/training

func (*Handler) GetViolation ΒΆ 

func (h *Handler) GetViolation(c forge.Context) error

GetViolation retrieves a compliance violation GET /auth/compliance/violations/:id

func (*Handler) ListChecks ΒΆ 

func (h *Handler) ListChecks(c forge.Context) error

ListChecks lists compliance checks GET /auth/compliance/profiles/:profileId/checks

func (*Handler) ListEvidence ΒΆ 

func (h *Handler) ListEvidence(c forge.Context) error

ListEvidence lists compliance evidence GET /auth/compliance/apps/:appId/evidence

func (*Handler) ListPolicies ΒΆ 

func (h *Handler) ListPolicies(c forge.Context) error

ListPolicies lists compliance policies GET /auth/compliance/apps/:appId/policies

func (*Handler) ListReports ΒΆ 

func (h *Handler) ListReports(c forge.Context) error

ListReports lists compliance reports GET /auth/compliance/apps/:appId/reports

func (*Handler) ListTemplates ΒΆ 

func (h *Handler) ListTemplates(c forge.Context) error

ListTemplates lists available compliance templates GET /auth/compliance/templates

func (*Handler) ListTraining ΒΆ 

func (h *Handler) ListTraining(c forge.Context) error

ListTraining lists training records GET /auth/compliance/apps/:appId/training

func (*Handler) ListViolations ΒΆ 

func (h *Handler) ListViolations(c forge.Context) error

ListViolations lists compliance violations GET /auth/compliance/apps/:appId/violations

func (*Handler) ResolveViolation ΒΆ 

func (h *Handler) ResolveViolation(c forge.Context) error

ResolveViolation resolves a compliance violation PUT /auth/compliance/violations/:id/resolve

func (*Handler) RunCheck ΒΆ 

func (h *Handler) RunCheck(c forge.Context) error

RunCheck executes a compliance check POST /auth/compliance/profiles/:profileId/checks

func (*Handler) UpdatePolicy ΒΆ 

func (h *Handler) UpdatePolicy(c forge.Context) error

UpdatePolicy updates a compliance policy PUT /auth/compliance/policies/:id

func (*Handler) UpdateProfile ΒΆ 

func (h *Handler) UpdateProfile(c forge.Context) error

UpdateProfile updates a compliance profile PUT /auth/compliance/profiles/:id

type ListChecksFilter ΒΆ 

type ListChecksFilter struct {
	pagination.PaginationParams

	ProfileID   *string    `json:"profileId,omitempty" query:"profile_id"`
	AppID       *string    `json:"appId,omitempty" query:"app_id"`
	CheckType   *string    `json:"checkType,omitempty" query:"check_type"`
	Status      *string    `json:"status,omitempty" query:"status"`
	SinceBefore *time.Time `json:"sinceBefore,omitempty" query:"since_before"`
}

ListChecksFilter defines filters for listing compliance checks with pagination

type ListEvidenceFilter ΒΆ 

type ListEvidenceFilter struct {
	pagination.PaginationParams

	AppID        *string             `json:"appId,omitempty" query:"app_id"`
	ProfileID    *string             `json:"profileId,omitempty" query:"profile_id"`
	EvidenceType *string             `json:"evidenceType,omitempty" query:"evidence_type"`
	Standard     *ComplianceStandard `json:"standard,omitempty" query:"standard"`
	ControlID    *string             `json:"controlId,omitempty" query:"control_id"`
}

ListEvidenceFilter defines filters for listing compliance evidence with pagination

type ListPoliciesFilter ΒΆ 

type ListPoliciesFilter struct {
	pagination.PaginationParams

	AppID      *string             `json:"appId,omitempty" query:"app_id"`
	ProfileID  *string             `json:"profileId,omitempty" query:"profile_id"`
	PolicyType *string             `json:"policyType,omitempty" query:"policy_type"`
	Standard   *ComplianceStandard `json:"standard,omitempty" query:"standard"`
	Status     *string             `json:"status,omitempty" query:"status"`
}

ListPoliciesFilter defines filters for listing compliance policies with pagination

type ListProfilesFilter ΒΆ 

type ListProfilesFilter struct {
	pagination.PaginationParams

	AppID    *string             `json:"appId,omitempty" query:"app_id"`
	Status   *string             `json:"status,omitempty" query:"status"`
	Standard *ComplianceStandard `json:"standard,omitempty" query:"standard"`
}

ListProfilesFilter defines filters for listing compliance profiles with pagination

type ListReportsFilter ΒΆ 

type ListReportsFilter struct {
	pagination.PaginationParams

	AppID      *string             `json:"appId,omitempty" query:"app_id"`
	ProfileID  *string             `json:"profileId,omitempty" query:"profile_id"`
	ReportType *string             `json:"reportType,omitempty" query:"report_type"`
	Standard   *ComplianceStandard `json:"standard,omitempty" query:"standard"`
	Status     *string             `json:"status,omitempty" query:"status"`
	Format     *string             `json:"format,omitempty" query:"format"`
}

ListReportsFilter defines filters for listing compliance reports with pagination

type ListTrainingFilter ΒΆ 

type ListTrainingFilter struct {
	pagination.PaginationParams

	AppID        *string             `json:"appId,omitempty" query:"app_id"`
	ProfileID    *string             `json:"profileId,omitempty" query:"profile_id"`
	UserID       *string             `json:"userId,omitempty" query:"user_id"`
	TrainingType *string             `json:"trainingType,omitempty" query:"training_type"`
	Standard     *ComplianceStandard `json:"standard,omitempty" query:"standard"`
	Status       *string             `json:"status,omitempty" query:"status"`
}

ListTrainingFilter defines filters for listing compliance training with pagination

type ListViolationsFilter ΒΆ 

type ListViolationsFilter struct {
	pagination.PaginationParams

	AppID         *string `json:"appId,omitempty" query:"app_id"`
	ProfileID     *string `json:"profileId,omitempty" query:"profile_id"`
	UserID        *string `json:"userId,omitempty" query:"user_id"`
	ViolationType *string `json:"violationType,omitempty" query:"violation_type"`
	Severity      *string `json:"severity,omitempty" query:"severity"`
	Status        *string `json:"status,omitempty" query:"status"`
}

ListViolationsFilter defines filters for listing compliance violations with pagination

type MessageResponse ΒΆ 

type MessageResponse = responses.MessageResponse

type NotificationChannels ΒΆ 

type NotificationChannels struct {
	Email   bool `json:"email" yaml:"email"`
	Slack   bool `json:"slack" yaml:"slack"`
	Webhook bool `json:"webhook" yaml:"webhook"`
}

NotificationChannels defines notification delivery channels

type NotificationsConfig ΒΆ 

type NotificationsConfig struct {
	// Enable notifications
	Enabled bool `json:"enabled" yaml:"enabled"`

	// Notify on violations
	Violations bool `json:"violations" yaml:"violations"`

	// Notify on failed checks
	FailedChecks bool `json:"failedChecks" yaml:"failedChecks"`

	// Notify before audit
	AuditReminders bool `json:"auditReminders" yaml:"auditReminders"`

	// Notify compliance contact
	NotifyComplianceContact bool `json:"notifyComplianceContact" yaml:"notifyComplianceContact"`

	// Notify organization owners
	NotifyOwners bool `json:"notifyOwners" yaml:"notifyOwners"`

	// Notification channels
	Channels NotificationChannels `json:"channels" yaml:"channels"`
}

NotificationsConfig configures compliance notifications

type Plugin ΒΆ 

type Plugin struct {
	// contains filtered or unexported fields
}

Plugin implements the AuthSome plugin interface for compliance

func NewPlugin ΒΆ 

func NewPlugin() *Plugin

NewPlugin creates a new compliance plugin

func (*Plugin) Description ΒΆ 

func (p *Plugin) Description() string

Description returns the plugin description

func (*Plugin) ID ΒΆ 

func (p *Plugin) ID() string

ID returns the plugin identifier

func (*Plugin) Init ΒΆ 

func (p *Plugin) Init(authInst core.Authsome) error

Init initializes the plugin with AuthSome dependencies

func (*Plugin) Migrate ΒΆ 

func (p *Plugin) Migrate() error

Migrate performs database migrations

func (*Plugin) Name ΒΆ 

func (p *Plugin) Name() string

Name returns the plugin name

func (*Plugin) PolicyEngine ΒΆ 

func (p *Plugin) PolicyEngine() *PolicyEngine

PolicyEngine returns the policy engine for direct access (optional public method)

func (*Plugin) RegisterHooks ΒΆ 

func (p *Plugin) RegisterHooks(hookRegistry *hooks.HookRegistry) error

RegisterHooks registers plugin hooks with the hook registry (implements Plugin interface)

func (*Plugin) RegisterRoutes ΒΆ 

func (p *Plugin) RegisterRoutes(router forge.Router) error

RegisterRoutes registers HTTP routes for the plugin

func (*Plugin) RegisterServiceDecorators ΒΆ 

func (p *Plugin) RegisterServiceDecorators(services *registry.ServiceRegistry) error

RegisterServiceDecorators allows plugins to replace core services with decorated versions

func (*Plugin) Service ΒΆ 

func (p *Plugin) Service() *Service

Service returns the compliance service for direct access (optional public method)

func (*Plugin) Version ΒΆ 

func (p *Plugin) Version() string

Version returns the plugin version

type PolicyEngine ΒΆ 

type PolicyEngine struct {
	// contains filtered or unexported fields
}

PolicyEngine enforces compliance policies at runtime

func NewPolicyEngine ΒΆ 

func NewPolicyEngine(service *Service) *PolicyEngine

NewPolicyEngine creates a new policy engine

func (*PolicyEngine) CheckPasswordExpiry ΒΆ 

func (e *PolicyEngine) CheckPasswordExpiry(ctx context.Context, appID string, passwordChangedAt time.Time) (bool, error)

CheckPasswordExpiry checks if user's password has expired

func (*PolicyEngine) EnforceAccessControl ΒΆ 

func (e *PolicyEngine) EnforceAccessControl(ctx context.Context, appID, userID string, resource string, action string) error

EnforceAccessControl checks if user has proper access

func (*PolicyEngine) EnforceDataResidency ΒΆ 

func (e *PolicyEngine) EnforceDataResidency(ctx context.Context, appID, region string) error

EnforceDataResidency checks if data access complies with residency requirements

func (*PolicyEngine) EnforceMFA ΒΆ 

func (e *PolicyEngine) EnforceMFA(ctx context.Context, appID, userID string, mfaEnabled bool) error

EnforceMFA checks if MFA is required and enabled

func (*PolicyEngine) EnforcePasswordPolicy ΒΆ 

func (e *PolicyEngine) EnforcePasswordPolicy(ctx context.Context, appID, password string) error

EnforcePasswordPolicy validates password against compliance requirements

func (*PolicyEngine) EnforceSessionPolicy ΒΆ 

func (e *PolicyEngine) EnforceSessionPolicy(ctx context.Context, appID string, session *Session) error

EnforceSessionPolicy validates session against compliance requirements

func (*PolicyEngine) EnforceTraining ΒΆ 

func (e *PolicyEngine) EnforceTraining(ctx context.Context, appID, userID string) error

EnforceTraining checks if user has completed required training

type ReportsConfig ΒΆ 

type ReportsConfig struct {
	// Enable automated report generation
	Enabled bool `json:"enabled" yaml:"enabled"`

	// Report generation schedule
	Schedule string `json:"schedule" yaml:"schedule"` // cron format

	// Report formats
	Formats []string `json:"formats" yaml:"formats"` // pdf, json, csv

	// Report storage location
	StoragePath string `json:"storagePath" yaml:"storagePath"`

	// Report retention days
	RetentionDays int `json:"retentionDays" yaml:"retentionDays"`

	// Include evidence in reports
	IncludeEvidence bool `json:"includeEvidence" yaml:"includeEvidence"`
}

ReportsConfig configures compliance reporting

type Repository ΒΆ 

type Repository interface {
	// Compliance Profiles
	CreateProfile(ctx context.Context, profile *ComplianceProfile) error
	GetProfile(ctx context.Context, id string) (*ComplianceProfile, error)
	GetProfileByApp(ctx context.Context, appID string) (*ComplianceProfile, error)
	UpdateProfile(ctx context.Context, profile *ComplianceProfile) error
	DeleteProfile(ctx context.Context, id string) error
	ListProfiles(ctx context.Context, filter *ListProfilesFilter) (*pagination.PageResponse[*ComplianceProfile], error)

	// Compliance Checks
	CreateCheck(ctx context.Context, check *ComplianceCheck) error
	GetCheck(ctx context.Context, id string) (*ComplianceCheck, error)
	ListChecks(ctx context.Context, filter *ListChecksFilter) (*pagination.PageResponse[*ComplianceCheck], error)
	UpdateCheck(ctx context.Context, check *ComplianceCheck) error
	GetDueChecks(ctx context.Context) ([]*ComplianceCheck, error)

	// Violations
	CreateViolation(ctx context.Context, violation *ComplianceViolation) error
	GetViolation(ctx context.Context, id string) (*ComplianceViolation, error)
	ListViolations(ctx context.Context, filter *ListViolationsFilter) (*pagination.PageResponse[*ComplianceViolation], error)
	UpdateViolation(ctx context.Context, violation *ComplianceViolation) error
	ResolveViolation(ctx context.Context, id, resolvedBy string) error
	CountViolations(ctx context.Context, appID string, status string) (int, error)

	// Reports
	CreateReport(ctx context.Context, report *ComplianceReport) error
	GetReport(ctx context.Context, id string) (*ComplianceReport, error)
	ListReports(ctx context.Context, filter *ListReportsFilter) (*pagination.PageResponse[*ComplianceReport], error)
	UpdateReport(ctx context.Context, report *ComplianceReport) error
	DeleteReport(ctx context.Context, id string) error

	// Evidence
	CreateEvidence(ctx context.Context, evidence *ComplianceEvidence) error
	GetEvidence(ctx context.Context, id string) (*ComplianceEvidence, error)
	ListEvidence(ctx context.Context, filter *ListEvidenceFilter) (*pagination.PageResponse[*ComplianceEvidence], error)
	DeleteEvidence(ctx context.Context, id string) error

	// Policies
	CreatePolicy(ctx context.Context, policy *CompliancePolicy) error
	GetPolicy(ctx context.Context, id string) (*CompliancePolicy, error)
	GetActivePolicies(ctx context.Context, appID string) ([]*CompliancePolicy, error)
	ListPolicies(ctx context.Context, filter *ListPoliciesFilter) (*pagination.PageResponse[*CompliancePolicy], error)
	UpdatePolicy(ctx context.Context, policy *CompliancePolicy) error
	DeletePolicy(ctx context.Context, id string) error

	// Training
	CreateTraining(ctx context.Context, training *ComplianceTraining) error
	GetTraining(ctx context.Context, id string) (*ComplianceTraining, error)
	ListTraining(ctx context.Context, filter *ListTrainingFilter) (*pagination.PageResponse[*ComplianceTraining], error)
	UpdateTraining(ctx context.Context, training *ComplianceTraining) error
	GetUserTrainingStatus(ctx context.Context, userID string) ([]*ComplianceTraining, error)
	GetOverdueTraining(ctx context.Context, appID string) ([]*ComplianceTraining, error)
}

Repository defines the data access interface for compliance

func NewBunRepository ΒΆ 

func NewBunRepository(db interface{}) Repository

NewBunRepository creates a new Bun repository

type ResolveViolationRequest ΒΆ 

type ResolveViolationRequest struct {
	Resolution string `json:"resolution"`
	Notes      string `json:"notes"`
}

type RetentionConfig ΒΆ 

type RetentionConfig struct {
	// Enable automated data retention
	Enabled bool `json:"enabled" yaml:"enabled"`

	// Purge schedule (cron format)
	PurgeSchedule string `json:"purgeSchedule" yaml:"purgeSchedule"`

	// Grace period before purging (days)
	GracePeriodDays int `json:"gracePeriodDays" yaml:"gracePeriodDays"`

	// Archive before purging
	ArchiveBeforePurge bool `json:"archiveBeforePurge" yaml:"archiveBeforePurge"`

	// Archive location
	ArchivePath string `json:"archivePath" yaml:"archivePath"`
}

RetentionConfig configures data retention policies

type RunCheckRequest ΒΆ 

type RunCheckRequest struct {
	CheckType string `json:"checkType" validate:"required"`
}

type Service ΒΆ 

type Service struct {
	// contains filtered or unexported fields
}

Service handles compliance business logic

func NewService ΒΆ 

func NewService(
	repo Repository,
	config *Config,
	auditSvc AuditService,
	userSvc UserService,
	appSvc AppService,
	emailSvc EmailService,
) *Service

NewService creates a new compliance service

func (*Service) CreateProfile ΒΆ 

func (s *Service) CreateProfile(ctx context.Context, req *CreateProfileRequest) (*ComplianceProfile, error)

CreateProfile creates a new compliance profile

func (*Service) CreateProfileFromTemplate ΒΆ 

func (s *Service) CreateProfileFromTemplate(ctx context.Context, appID string, standard ComplianceStandard) (*ComplianceProfile, error)

CreateProfileFromTemplate creates a profile from a compliance template

func (*Service) GetComplianceStatus ΒΆ 

func (s *Service) GetComplianceStatus(ctx context.Context, appID string) (*ComplianceStatus, error)

GetComplianceStatus returns overall compliance status for an app

func (*Service) GetProfile ΒΆ 

func (s *Service) GetProfile(ctx context.Context, id string) (*ComplianceProfile, error)

GetProfile retrieves a compliance profile

func (*Service) GetProfileByApp ΒΆ 

func (s *Service) GetProfileByApp(ctx context.Context, appID string) (*ComplianceProfile, error)

GetProfileByApp retrieves a profile by app ID

func (*Service) ListChecks ΒΆ 

func (s *Service) ListChecks(ctx context.Context, filter *ListChecksFilter) (*pagination.PageResponse[*ComplianceCheck], error)

ListChecks lists compliance checks with pagination

func (*Service) ListEvidence ΒΆ 

func (s *Service) ListEvidence(ctx context.Context, filter *ListEvidenceFilter) (*pagination.PageResponse[*ComplianceEvidence], error)

ListEvidence lists compliance evidence with pagination

func (*Service) ListPolicies ΒΆ 

func (s *Service) ListPolicies(ctx context.Context, filter *ListPoliciesFilter) (*pagination.PageResponse[*CompliancePolicy], error)

ListPolicies lists compliance policies with pagination

func (*Service) ListProfiles ΒΆ 

func (s *Service) ListProfiles(ctx context.Context, filter *ListProfilesFilter) (*pagination.PageResponse[*ComplianceProfile], error)

ListProfiles lists compliance profiles with pagination

func (*Service) ListReports ΒΆ 

func (s *Service) ListReports(ctx context.Context, filter *ListReportsFilter) (*pagination.PageResponse[*ComplianceReport], error)

ListReports lists compliance reports with pagination

func (*Service) ListTraining ΒΆ 

func (s *Service) ListTraining(ctx context.Context, filter *ListTrainingFilter) (*pagination.PageResponse[*ComplianceTraining], error)

ListTraining lists compliance training with pagination

func (*Service) ListViolations ΒΆ 

func (s *Service) ListViolations(ctx context.Context, filter *ListViolationsFilter) (*pagination.PageResponse[*ComplianceViolation], error)

ListViolations lists compliance violations with pagination

func (*Service) RunCheck ΒΆ 

func (s *Service) RunCheck(ctx context.Context, profileID, checkType string) (*ComplianceCheck, error)

RunCheck executes a compliance check

func (*Service) UpdateProfile ΒΆ 

func (s *Service) UpdateProfile(ctx context.Context, id string, req *UpdateProfileRequest) (*ComplianceProfile, error)

UpdateProfile updates a compliance profile

type Session ΒΆ 

type Session struct {
	ID             string
	UserID         string
	CreatedAt      time.Time
	LastActivityAt time.Time
	CreatedIP      string
	CurrentIP      string
}

Session represents a user session

type StatusResponse ΒΆ 

type StatusResponse = responses.StatusResponse

type SuccessResponse ΒΆ 

type SuccessResponse = responses.SuccessResponse

type UpdatePolicyRequest ΒΆ 

type UpdatePolicyRequest struct {
	Title   *string `json:"title"`
	Version *string `json:"version"`
	Content *string `json:"content"`
	Status  *string `json:"status"`
}

type UpdateProfileRequest ΒΆ 

type UpdateProfileRequest struct {
	Name          *string `json:"name"`
	Status        *string `json:"status"`
	MFARequired   *bool   `json:"mfaRequired"`
	RetentionDays *int    `json:"retentionDays"`
}

type User ΒΆ 

type User struct {
	ID                string
	MFAEnabled        bool
	PasswordChangedAt time.Time
	LastLoginAt       time.Time
}

type UserService ΒΆ 

type UserService interface {
	ListByApp(ctx context.Context, appID string) ([]*User, error)
}

type UserServiceAdapter ΒΆ 

type UserServiceAdapter struct {
	// contains filtered or unexported fields
}

UserServiceAdapter adapts AuthSome's user service to compliance service expectations

func NewUserServiceAdapter ΒΆ 

func NewUserServiceAdapter(svc user.ServiceInterface) *UserServiceAdapter

NewUserServiceAdapter creates a new user service adapter

func (*UserServiceAdapter) GetMFAStatus ΒΆ 

func (a *UserServiceAdapter) GetMFAStatus(ctx context.Context, userID string) (bool, error)

GetMFAStatus checks if a user has MFA enabled

func (*UserServiceAdapter) ListByApp ΒΆ 

func (a *UserServiceAdapter) ListByApp(ctx context.Context, appID string) ([]*User, error)

ListByApp retrieves all users in an app

Source Files ΒΆ

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.