feat(phase-29): add compliance framework mapping, reports and UI (T-227 to T-229)

frontend/src/api/compliance.ts

@@ -0,0 +1,116 @@
+import client from "./client";
+
+// ── Types ────────────────────────────────────────────────────────────
+
+export interface ComplianceFrameworkSummary {
+  id: string;
+  name: string;
+  version: string | null;
+  description: string | null;
+  url: string | null;
+  is_active: boolean;
+  controls_count: number;
+}
+
+export interface ComplianceTechniqueInfo {
+  mitre_id: string;
+  name: string;
+  score: number;
+  status: string;
+}
+
+export interface ComplianceControlStatus {
+  control_id: string;
+  title: string;
+  category: string | null;
+  status: "covered" | "partially_covered" | "not_covered" | "not_evaluated";
+  score: number;
+  techniques_count: number;
+  techniques_covered: number;
+  techniques: ComplianceTechniqueInfo[];
+}
+
+export interface ComplianceSummary {
+  total_controls: number;
+  covered: number;
+  partially_covered: number;
+  not_covered: number;
+  not_evaluated: number;
+  compliance_percentage: number;
+}
+
+export interface ComplianceFrameworkStatus {
+  framework: { id: string; name: string };
+  summary: ComplianceSummary;
+  controls: ComplianceControlStatus[];
+}
+
+export interface ComplianceGapTechnique extends ComplianceTechniqueInfo {
+  templates_available: number;
+  threat_actors_using: number;
+}
+
+export interface ComplianceGap {
+  control_id: string;
+  title: string;
+  category: string | null;
+  status: string;
+  score: number;
+  uncovered_techniques: ComplianceGapTechnique[];
+}
+
+export interface ComplianceGapsResponse {
+  framework: { id: string; name: string };
+  total_gaps: number;
+  gaps: ComplianceGap[];
+}
+
+// ── API Functions ────────────────────────────────────────────────────
+
+/** List all available compliance frameworks. */
+export async function getComplianceFrameworks(): Promise<ComplianceFrameworkSummary[]> {
+  const { data } = await client.get<ComplianceFrameworkSummary[]>("/compliance/frameworks");
+  return data;
+}
+
+/** Get compliance status for a framework. */
+export async function getFrameworkStatus(
+  frameworkId: string,
+): Promise<ComplianceFrameworkStatus> {
+  const { data } = await client.get<ComplianceFrameworkStatus>(
+    `/compliance/frameworks/${frameworkId}/status`,
+  );
+  return data;
+}
+
+/** Get compliance gaps for a framework. */
+export async function getFrameworkGaps(
+  frameworkId: string,
+): Promise<ComplianceGapsResponse> {
+  const { data } = await client.get<ComplianceGapsResponse>(
+    `/compliance/frameworks/${frameworkId}/gaps`,
+  );
+  return data;
+}
+
+/** Download CSV report for a framework. */
+export async function downloadComplianceCSV(frameworkId: string): Promise<void> {
+  const { data } = await client.get(`/compliance/frameworks/${frameworkId}/report/csv`, {
+    responseType: "blob",
+  });
+  const blob = new Blob([data], { type: "text/csv" });
+  const url = URL.createObjectURL(blob);
+  const a = document.createElement("a");
+  a.href = url;
+  a.download = "compliance_report.csv";
+  document.body.appendChild(a);
+  a.click();
+  document.body.removeChild(a);
+  URL.revokeObjectURL(url);
+}
+
+/** Import NIST 800-53 mappings (admin). */
+export async function importNistMappings(): Promise<Record<string, unknown>> {
+  const { data } = await client.post("/compliance/import/nist-800-53");
+  return data;
+}