# Compliance CLI Commands # Provides comprehensive compliance features for GDPR, SOC2, and ISO 27001 # Error handling: Result pattern (hybrid, no inline try-catch) use lib_provisioning/result.nu * const ORCHESTRATOR_URL = "http://localhost:8080" # ============================================================================ # GDPR Commands # ============================================================================ # Export personal data for a user (GDPR Article 15 - Right to Access) export def "compliance gdpr export" [ user_id: string # User ID to export data for --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/gdpr/export/($user_id)" print $"Exporting personal data for user: ($user_id)" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X POST ($url) -H 'Content-Type: application/json' -d '{{}}' | jq .") (match-result $response_result {|output| $output } {|err| error make --unspanned { msg: $"Failed to export data: ($err)" } } ) } # Delete personal data for a user (GDPR Article 17 - Right to Erasure) export def "compliance gdpr delete" [ user_id: string # User ID to delete data for --reason: string = "user_request" # Deletion reason --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/gdpr/delete/($user_id)" print $"Deleting personal data for user: ($user_id)" print $"Reason: ($reason)" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X POST ($url) -H 'Content-Type: application/json' -d '{{\"reason\":\"($reason)\"}}' | jq .") (match-result $response_result {|output| print "✓ Data deletion completed" $output } {|err| error make --unspanned { msg: $"Failed to delete data: ($err)" } } ) } # Rectify personal data for a user (GDPR Article 16 - Right to Rectification) export def "compliance gdpr rectify" [ user_id: string # User ID --field: string # Field to rectify --value: string # New value --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { if ($field | is-empty) or ($value | is-empty) { error make --unspanned { msg: "Both --field and --value must be provided" } } let url = $"($orchestrator_url)/api/v1/compliance/gdpr/rectify/($user_id)" print $"Rectifying data for user: ($user_id)" print $"Field: ($field) -> ($value)" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X POST ($url) -H 'Content-Type: application/json' -d '{{\"($field)\":\"($value)\"}}' | jq .") (match-result $response_result {|output| print "✓ Data rectification completed" $output } {|err| error make --unspanned { msg: $"Failed to rectify data: ($err)" } } ) } # Export data for portability (GDPR Article 20 - Right to Data Portability) export def "compliance gdpr portability" [ user_id: string # User ID --format: string = "json" # Export format (json, csv, xml) --output: string # Output file path --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/gdpr/portability/($user_id)" print $"Exporting data for portability: ($user_id)" print $"Format: ($format)" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X POST ($url) -H 'Content-Type: application/json' -d '{{\"format\":\"($format)\"}}' | jq .") (match-result $response_result {|response| if ($output | is-empty) { $response } else { $response | save $output print $"✓ Data exported to: ($output)" } } {|err| error make --unspanned { msg: $"Failed to export data: ($err)" } } ) } # Record objection to processing (GDPR Article 21 - Right to Object) export def "compliance gdpr object" [ user_id: string # User ID processing_type: string # Type of processing to object (direct_marketing, profiling, etc.) --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/gdpr/object/($user_id)" print $"Recording objection for user: ($user_id)" print $"Processing type: ($processing_type)" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X POST ($url) -H 'Content-Type: application/json' -d '{{\"processing_type\":\"($processing_type)\"}}' | jq .") (match-result $response_result {|_| print "✓ Objection recorded" } {|err| error make --unspanned { msg: $"Failed to record objection: ($err)" } } ) } # ============================================================================ # SOC2 Commands # ============================================================================ # Generate SOC2 compliance report export def "compliance soc2 report" [ --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL --output: string # Output file path ] { let url = $"($orchestrator_url)/api/v1/compliance/soc2/report" print "Generating SOC2 compliance report..." # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X GET ($url) | jq .") (match-result $response_result {|response| if ($output | is-empty) { $response } else { $response | save $output print $"✓ SOC2 report saved to: ($output)" } } {|err| error make --unspanned { msg: $"Failed to generate SOC2 report: ($err)" } } ) } # List SOC2 Trust Service Criteria export def "compliance soc2 controls" [ --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/soc2/controls" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X GET ($url) | jq .controls") (match-result $response_result {|output| $output } {|err| error make --unspanned { msg: $"Failed to list controls: ($err)" } } ) } # ============================================================================ # ISO 27001 Commands # ============================================================================ # Generate ISO 27001 compliance report export def "compliance iso27001 report" [ --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL --output: string # Output file path ] { let url = $"($orchestrator_url)/api/v1/compliance/iso27001/report" print "Generating ISO 27001 compliance report..." # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X GET ($url) | jq .") (match-result $response_result {|response| if ($output | is-empty) { $response } else { $response | save $output print $"✓ ISO 27001 report saved to: ($output)" } } {|err| error make --unspanned { msg: $"Failed to generate ISO 27001 report: ($err)" } } ) } # List ISO 27001 Annex A controls export def "compliance iso27001 controls" [ --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/iso27001/controls" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X GET ($url) | jq .controls") (match-result $response_result {|output| $output } {|err| error make --unspanned { msg: $"Failed to list controls: ($err)" } } ) } # List identified risks export def "compliance iso27001 risks" [ --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/iso27001/risks" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X GET ($url) | jq .risks") (match-result $response_result {|output| $output } {|err| error make --unspanned { msg: $"Failed to list risks: ($err)" } } ) } # ============================================================================ # Data Protection Commands # ============================================================================ # Verify data protection controls export def "compliance protection verify" [ --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/protection/verify" print "Verifying data protection controls..." # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X GET ($url) | jq .") (match-result $response_result {|output| $output } {|err| error make --unspanned { msg: $"Failed to verify protection: ($err)" } } ) } # Classify data export def "compliance protection classify" [ data: string # Data to classify --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/protection/classify" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X POST ($url) -H 'Content-Type: application/json' -d '{{\"data\":\"($data)\"}}' | jq .classification") (match-result $response_result {|output| $output } {|err| error make --unspanned { msg: $"Failed to classify data: ($err)" } } ) } # ============================================================================ # Access Control Commands # ============================================================================ # List available roles export def "compliance access roles" [ --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/access/roles" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X GET ($url) | jq .roles") (match-result $response_result {|output| $output } {|err| error make --unspanned { msg: $"Failed to list roles: ($err)" } } ) } # Get permissions for a role export def "compliance access permissions" [ role: string # Role name --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/access/permissions/($role)" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X GET ($url) | jq .permissions") (match-result $response_result {|output| $output } {|err| error make --unspanned { msg: $"Failed to get permissions: ($err)" } } ) } # Check if role has permission export def "compliance access check" [ role: string # Role name permission: string # Permission to check --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/access/check" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X POST ($url) -H 'Content-Type: application/json' -d '{{\"role\":\"($role)\",\"permission\":\"($permission)\"}}' | jq .allowed") (match-result $response_result {|output| $output } {|err| error make --unspanned { msg: $"Failed to check permission: ($err)" } } ) } # ============================================================================ # Incident Response Commands # ============================================================================ # Report a security incident export def "compliance incident report" [ --severity: string # Incident severity (critical, high, medium, low) --type: string # Incident type (data_breach, unauthorized_access, etc.) --description: string # Incident description --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { if ($severity | is-empty) or ($type | is-empty) or ($description | is-empty) { error make --unspanned { msg: "All parameters (--severity, --type, --description) are required" } } let url = $"($orchestrator_url)/api/v1/compliance/incidents" print $"Reporting ($severity) incident of type ($type)" # Guard: HTTP request with Result pattern let payload = $"{{\"severity\":\"($severity)\",\"incident_type\":\"($type)\",\"description\":\"($description)\",\"affected_systems\":\[\],\"affected_users\":\[\],\"reported_by\":\"cli-user\"}}" let response_result = (bash-wrap $"curl -s -X POST ($url) -H 'Content-Type: application/json' -d '($payload)' | jq .") (match-result $response_result {|response| let incident_id = ($response | get incident_id) print $"✓ Incident reported: ($incident_id)" $incident_id } {|err| error make --unspanned { msg: $"Failed to report incident: ($err)" } } ) } # List security incidents export def "compliance incident list" [ --severity: string # Filter by severity --status: string # Filter by status --type: string # Filter by type --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { mut query_params = [] if not ($severity | is-empty) { $query_params = ($query_params | append $"severity=($severity)") } if not ($status | is-empty) { $query_params = ($query_params | append $"status=($status)") } if not ($type | is-empty) { $query_params = ($query_params | append $"incident_type=($type)") } let query_string = if ($query_params | length) > 0 { $"?($query_params | str join '&')" } else { "" } let url = $"($orchestrator_url)/api/v1/compliance/incidents($query_string)" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X GET ($url) | jq .") (match-result $response_result {|output| $output } {|err| error make --unspanned { msg: $"Failed to list incidents: ($err)" } } ) } # Get incident details export def "compliance incident show" [ incident_id: string # Incident ID --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/incidents/($incident_id)" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X GET ($url) | jq .") (match-result $response_result {|output| $output } {|err| error make --unspanned { msg: $"Failed to get incident: ($err)" } } ) } # ============================================================================ # Combined Reporting # ============================================================================ # Generate combined compliance report export def "compliance report" [ --format: string = "json" # Output format (json, yaml) --output: string # Output file path --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/reports/combined" print "Generating combined compliance report..." print "This includes GDPR, SOC2, and ISO 27001 compliance status" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X GET ($url) | jq .") (match-result $response_result {|response| let formatted = if $format == "yaml" { $response | to yaml } else { $response } if ($output | is-empty) { $formatted } else { $formatted | save $output print $"✓ Compliance report saved to: ($output)" } } {|err| error make --unspanned { msg: $"Failed to generate report: ($err)" } } ) } # Check compliance health status export def "compliance health" [ --orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL ] { let url = $"($orchestrator_url)/api/v1/compliance/health" # Guard: HTTP request with Result pattern let response_result = (bash-wrap $"curl -s -X GET ($url) | jq .") (match-result $response_result {|output| $output } {|err| error make --unspanned { msg: $"Failed to check health: ($err)" } } ) } # ============================================================================ # Helper Functions # ============================================================================ # Show compliance command help export def "compliance help" [] { print " Compliance CLI - GDPR, SOC2, and ISO 27001 Features Usage: compliance [options] Categories: gdpr - GDPR compliance (data subject rights) soc2 - SOC2 Trust Service Criteria iso27001 - ISO 27001 Annex A controls protection - Data protection controls access - Access control matrix incident - Incident response report - Combined compliance reporting health - Health check Examples: # Export user data (GDPR) compliance gdpr export user123 # Generate SOC2 report compliance soc2 report --output soc2-report.json # Generate ISO 27001 report compliance iso27001 report --output iso27001-report.json # Report security incident compliance incident report --severity critical --type data_breach --description \"Unauthorized access detected\" # Generate combined report compliance report --output compliance-report.json For detailed help on a specific command, use: help compliance " }