Aegis/frontend/src/api/compliance.ts

import client from "./client";

// ── Types ────────────────────────────────────────────────────────────

export interface ComplianceFrameworkSummary {
  id: string;
  name: string;
  version: string | null;
  description: string | null;
  url: string | null;
  is_active: boolean;
  controls_count: number;
}

export interface ComplianceTechniqueInfo {
  mitre_id: string;
  name: string;
  score: number;
  status: string;
}

export interface ComplianceControlStatus {
  control_id: string;
  title: string;
  category: string | null;
  status: "covered" | "partially_covered" | "not_covered" | "not_evaluated";
  score: number;
  techniques_count: number;
  techniques_covered: number;
  techniques: ComplianceTechniqueInfo[];
}

export interface ComplianceSummary {
  total_controls: number;
  covered: number;
  partially_covered: number;
  not_covered: number;
  not_evaluated: number;
  compliance_percentage: number;
}

export interface ComplianceFrameworkStatus {
  framework: { id: string; name: string };
  summary: ComplianceSummary;
  controls: ComplianceControlStatus[];
}

export interface ComplianceGapTechnique extends ComplianceTechniqueInfo {
  templates_available: number;
  threat_actors_using: number;
}

export interface ComplianceGap {
  control_id: string;
  title: string;
  category: string | null;
  status: string;
  score: number;
  uncovered_techniques: ComplianceGapTechnique[];
}

export interface ComplianceGapsResponse {
  framework: { id: string; name: string };
  total_gaps: number;
  gaps: ComplianceGap[];
}

// ── API Functions ────────────────────────────────────────────────────

/** List all available compliance frameworks. */
export async function getComplianceFrameworks(): Promise<ComplianceFrameworkSummary[]> {
  const { data } = await client.get<ComplianceFrameworkSummary[]>("/compliance/frameworks");
  return data;
}

/** Get compliance status for a framework. */
export async function getFrameworkStatus(
  frameworkId: string,
): Promise<ComplianceFrameworkStatus> {
  const { data } = await client.get<ComplianceFrameworkStatus>(
    `/compliance/frameworks/${frameworkId}/status`,
  );
  return data;
}

/** Get compliance gaps for a framework. */
export async function getFrameworkGaps(
  frameworkId: string,
): Promise<ComplianceGapsResponse> {
  const { data } = await client.get<ComplianceGapsResponse>(
    `/compliance/frameworks/${frameworkId}/gaps`,
  );
  return data;
}

/** Download CSV report for a framework. */
export async function downloadComplianceCSV(frameworkId: string): Promise<void> {
  const { data } = await client.get(`/compliance/frameworks/${frameworkId}/report/csv`, {
    responseType: "blob",
  });
  const blob = new Blob([data], { type: "text/csv" });
  const url = URL.createObjectURL(blob);
  const a = document.createElement("a");
  a.href = url;
  a.download = "compliance_report.csv";
  document.body.appendChild(a);
  a.click();
  document.body.removeChild(a);
  URL.revokeObjectURL(url);
}

/** Import NIST 800-53 mappings (admin). */
export async function importNistMappings(): Promise<Record<string, unknown>> {
  const { data } = await client.post("/compliance/import/nist-800-53");
  return data;
}

/** Import CIS Controls v8 mappings (admin). */
export async function importCisMappings(): Promise<Record<string, unknown>> {
  const { data } = await client.post("/compliance/import/cis-controls-v8");
  return data;
}

/** Import DORA (EU 2022/2554) compliance mappings (admin). */
export async function importDoraMappings(): Promise<Record<string, unknown>> {
  const { data } = await client.post("/compliance/import/dora");
  return data;
}