Complete Compliance Engine Project Structure
# Complete Compliance Engine Project Structure ## Full Production-Ready Structure for `/common_npm/compliance-engine/`
compliance-engine/ .agents/ # OSSA v0.1.9 agent definitions orchestrators/ compliance-orchestrator/ agent.yml openapi.yml behaviors/ compliance-orchestrator.behavior.yml policy-enforcement.behavior.yml audit-coordination.behavior.yml data/ compliance-config.yml active-policies.yml state/ handlers/ compliance.handlers.ts policy.handlers.ts integrations/ regulatory/ standards/ frameworks/ schemas/ input/ output/ audit-orchestrator/ [same structure]
workers/
policy-enforcer/
[full agent structure]
audit-executor/
[full agent structure]
violation-detector/
[full agent structure]
remediation-worker/
[full agent structure]
monitors/
compliance-monitor/
[full agent structure]
policy-monitor/
[full agent structure]
drift-monitor/
[full agent structure]
validators/
ossa-validator/
[full agent structure]
security-validator/
[full agent structure]
data-validator/
[full agent structure]
governors/
policy-governor/
[full agent structure]
critics/
compliance-reviewer/
[full agent structure]
registry.yml # Central agent registry
frontend/ # Next.js 14+ App Router (Compliance Dashboard) app/ (compliance)/ layout.tsx dashboard/ page.tsx policies/ page.tsx [id]/ page.tsx edit/ page.tsx create/ page.tsx audits/ page.tsx [auditId]/ page.tsx violations/ page.tsx [violationId]/ page.tsx reports/ page.tsx (frameworks)/ sox/ page.tsx gdpr/ page.tsx hipaa/ page.tsx fedramp/ page.tsx api/ proxy/[...path]/ route.ts layout.tsx page.tsx error.tsx
components/
ui/
compliance-score.tsx
policy-card.tsx
audit-timeline.tsx
violation-alert.tsx
risk-matrix.tsx
forms/
policy-form.tsx
audit-config-form.tsx
exception-form.tsx
layouts/
compliance-layout.tsx
features/
compliance-dashboard.tsx
policy-manager.tsx
audit-viewer.tsx
violation-tracker.tsx
remediation-workflow.tsx
hooks/
use-compliance.ts
use-policies.ts
use-audits.ts
lib/
compliance-client.ts
policy-engine.ts
risk-calculator.ts
next.config.js
package.json
backend/ # Express 5 API (Compliance Server) src/ api/ http/ routes/ v1/ compliance.routes.ts policies.routes.ts audits.routes.ts violations.routes.ts remediation.routes.ts reports.routes.ts controllers/ compliance.controller.ts policies.controller.ts audits.controller.ts violations.controller.ts middleware/ auth.middleware.ts compliance.middleware.ts rate-limit.middleware.ts error.middleware.ts websocket/ server.ts handlers/ audit.handler.ts violation.handler.ts adapters/ compliance-to-dto.adapter.ts response.adapter.ts
cli/
commands/
audit.command.ts
scan.command.ts
validate.command.ts
report.command.ts
utils/
scanner.ts
cli.util.ts
compliance/ # Compliance core implementations
engine/
compliance-engine.ts
policy-engine.ts
rule-engine.ts
enforcement/
policy-enforcer.ts
rule-evaluator.ts
action-executor.ts
auditing/
audit-manager.ts
evidence-collector.ts
trail-recorder.ts
validation/
ossa-validator.ts
schema-validator.ts
data-validator.ts
frameworks/
sox/
sox-compliance.ts
gdpr/
gdpr-compliance.ts
hipaa/
hipaa-compliance.ts
fedramp/
fedramp-compliance.ts
services/
domain/
compliance.service.ts
policy.service.ts
audit.service.ts
violation.service.ts
remediation.service.ts
adapters/
postgres.adapter.ts
redis.adapter.ts
elasticsearch.adapter.ts
vault.adapter.ts
splunk.adapter.ts
ports/
compliance.repository.ts
policy.repository.ts
audit.repository.ts
config/
env/
compliance.env.ts
frameworks.env.ts
schemas/
compliance.schema.ts
defaults/
compliance.defaults.ts
types/
dto/
compliance.dto.ts
policy.dto.ts
audit.dto.ts
models/
compliance.model.ts
policy.model.ts
violation.model.ts
errors/
compliance.error.ts
utils/
validation/
policy.validator.ts
scoring/
risk-scorer.ts
compliance-scorer.ts
logging/
logger.factory.ts
index.ts # Bootstrap
tests/
unit/
compliance/
services/
setup/
integration/
policies/
setup/
e2e/
specs/
package.json
lib/ # NPM Package Exports (Compliance SDK) index.ts client/ compliance-client.ts policy-client.ts audit-client.ts server/ compliance-server.ts policy-engine.ts audit-logger.ts validators/ ossa-validator.ts schema-validator.ts types.ts
shared/ # Shared between frontend/backend types/ compliance.types.ts policy.types.ts audit.types.ts constants/ compliance.constants.ts
policies/ # Policy definitions ossa/ agent-compliance.yml gold-standard.yml security/ access-control.yml data-protection.yml operational/ sla-compliance.yml backup-policy.yml
templates/ # Compliance templates audits/ quarterly-audit.yml security-audit.yml reports/ compliance-report.md violation-report.md
infrastructure/ docker/ frontend.Dockerfile backend.Dockerfile scanner.Dockerfile compose/ docker-compose.yml k8s/ [kubernetes configs]
docs/ architecture/ compliance-architecture.md policy-engine.md guides/ policy-creation.md audit-setup.md api/ openapi.yaml
examples/ basic/ simple-policy.ts basic-audit.ts advanced/ complex-policy.ts automated-remediation.ts
openapi/ compliance-engine.openapi.yml schemas/ compliance.schema.yml
bin/ compliance-engine.js
.gitlab-ci.yml ossa.config.yaml package.json tsconfig.json README.md LICENSE
## Key Configuration Files
### `ossa.config.yaml`
```yaml
ossa:
version: "0.1.9"
compliance_level: "gold"
namespace: "compliance-engine"
registry:
url: "https://ossa-registry.bluefly.io"
agents:
base_path: ".agents"
auto_discover: true
compliance:
enforcement: strict
frameworks:
- ossa
- sox
- gdpr
- hipaa
- fedramp
audit:
interval: quarterly
retention: 7y
scoring:
algorithm: weighted
threshold: 85
[object Object]
// Bootstrap - wiring only import express from 'express'; import { createServer } from 'http'; import { WebSocketServer } from './api/websocket/server'; import { configureRoutes } from './api/http/routes'; import { ComplianceEngine } from './compliance/engine/compliance-engine'; import { PolicyEngine } from './compliance/engine/policy-engine'; import { AuditManager } from './compliance/auditing/audit-manager'; const app = express(); const httpServer = createServer(app); // Initialize compliance engines ComplianceEngine.getInstance().initialize(); PolicyEngine.getInstance().loadPolicies(); AuditManager.getInstance().startScheduler(); // Start WebSocket for real-time violations new WebSocketServer(httpServer); // Configure routes configureRoutes(app); httpServer.listen(3000);
This structure provides:
- OSSA v0.1.9 compliance validation
- Policy definition and enforcement
- Automated auditing and reporting
- Violation detection and tracking
- Remediation workflows
- Multi-framework support (SOX, GDPR, HIPAA, FedRAMP)
- Risk scoring and assessment
- Evidence collection and audit trails
- Real-time compliance monitoring
- Integration with the entire agent ecosystem