import { RequestBuilder } from "../request-builder"; import type { RequestOptions } from "../base-client"; import type { LegalDocument, AccessLog, AmendmentRequest, AuditChainEntry, BreachNotification, BreachNotificationArtifact, BreachIncident, BusinessAssociateAgreement, CdeScopeReport, ComplianceDocumentTemplate, ComplianceOfficerDesignation, CompliancePolicy, ComplianceRequirement, ComplianceRequirementCompletion, ConsentRecord, DataProtectionImpactAssessment, DataSubjectRequest, DataTransferRecord, DisclosureLog, EphiAsset, EphiDataFlow, LegalAcceptance, PolicyReviewSchedule, ProcessingActivity, RetentionPolicy, RiskAssessment, ScanResult as ComplianceScanResult } from "../_internal/types.gen"; export interface ScanDetection { type: string; original: string; redacted: string; } export interface ScanResult { clean: boolean; detections: ScanDetection[]; scrubbed_preview: string; } /** Attributes accepted when creating a breach incident (admin). */ export type CreateBreachIncidentAttributes = { incident_type: "data_breach" | "unauthorized_access" | "data_loss" | "system_compromise" | "insider_threat"; description: string; affected_count?: number; discovery_date: string; status?: "identified" | "investigating" | "notifying" | "resolved" | "false_positive"; }; /** Attributes accepted when updating a breach incident's status (admin). */ export type UpdateBreachIncidentStatusAttributes = { status?: "identified" | "investigating" | "notifying" | "resolved" | "false_positive"; privacy_officer_notified?: boolean; regulator_notified?: boolean; remediation_notes?: string; }; /** Attributes accepted when creating a data subject request (admin). */ export type CreateDataSubjectRequestAttributes = { request_type: "access" | "erasure" | "portability" | "rectification" | "restriction" | "hipaa_access" | "hipaa_amendment" | "hipaa_restriction" | "hipaa_disclosure_accounting"; data_subject_email: string; requested_by: string; notes?: string; workspace_id?: string; }; /** Attributes accepted when updating a data subject request's status (admin). */ export type UpdateDataSubjectRequestStatusAttributes = { status?: "pending" | "in_progress" | "completed" | "denied" | "cancelled"; resolution_notes?: string; }; /** Attributes accepted when creating a retention policy (admin). */ export type CreateRetentionPolicyAttributes = { data_type: string; retention_days: number; action_on_expiry: "delete" | "archive" | "anonymize"; enabled?: boolean; workspace_id?: string; }; /** Attributes accepted when updating a retention policy (admin, PATCH semantics). */ export type UpdateRetentionPolicyAttributes = { retention_days?: number; action_on_expiry?: "delete" | "archive" | "anonymize"; enabled?: boolean; }; /** Attributes accepted when creating a risk assessment (admin). */ export type CreateRiskAssessmentAttributes = { workspace_id: string; /** * Risk assessment type. Must be one of the resource's `@assessment_types` * enum values (`risk_assessment.ex`): security, privacy, operational, * compliance. The SDK previously declared additional `"vendor"` and * `"hipaa"` members — both rejected by the server with `is invalid` * (F-7). */ assessment_type: "security" | "privacy" | "operational" | "compliance"; risk_level: "low" | "medium" | "high" | "critical"; status?: "draft" | "in_review" | "approved" | "expired"; findings?: { [key: string]: unknown; }; mitigations?: { [key: string]: unknown; }; /** * F-29: write-only — `reviewer_id` is `public?: false` on `RiskAssessment`. * Not returned in API responses. */ reviewer_id?: string; expires_at?: string; processing_activity_id?: string; dpia_id?: string; }; /** Attributes accepted when updating a risk assessment's status (admin). */ export type UpdateRiskAssessmentStatusAttributes = { status?: "draft" | "in_review" | "approved" | "expired"; /** * F-29: write-only — not returned in API responses. */ reviewer_id?: string; approved_at?: string; expires_at?: string; }; export type ConsentPurpose = "ai_document_processing" | "data_analytics" | "marketing_communications" | "third_party_sharing" | "session_recording"; export type LegalDocumentAcceptanceType = "terms_of_service" | "privacy_policy" | "baa" | "dpa" | "scc" | "npp" | "security_policy" | "incident_response_plan" | "contingency_plan" | "access_control_policy" | "risk_management_plan" | "training_policy" | "sanction_policy" | "breach_notification_policy" | "system_activity_review" | "data_retention_policy" | "minimum_necessary_policy" | "authorization_form"; export type LawfulBasis = "consent" | "contract" | "legal_obligation" | "vital_interests" | "public_task" | "legitimate_interest"; export type ProcessingActivityStatus = "active" | "archived"; export type ImpactAssessmentRiskLevel = "low" | "medium" | "high" | "critical"; export type ImpactAssessmentStatus = "draft" | "in_review" | "approved" | "rejected"; export type TransferMechanism = "scc" | "bcr" | "adequacy_decision" | "derogation" | "consent"; export type BreachNotificationArtifactType = "individual_notification" | "hhs_report" | "media_notice" | "state_ag_report"; export type BreachNotificationArtifactStatus = "draft" | "reviewed" | "sent"; export type BusinessAssociateAgreementCounterpartyType = "covered_entity" | "business_associate" | "subcontractor"; export type BusinessAssociateAgreementDirection = "upstream" | "downstream"; export type BusinessAssociateAgreementRenewalType = "auto_renew" | "manual_renew" | "fixed_term"; export type EphiAssetType = "database" | "application" | "api_service" | "storage" | "network" | "endpoint_device" | "backup_system"; export type EphiAssetClassification = "ephi_primary" | "ephi_secondary" | "ephi_transit" | "non_ephi"; export type EphiAssetLocation = "cloud" | "on_premise" | "hybrid"; export type EphiAssetBaaStatus = "in_place" | "needed" | "not_applicable"; export type EphiAssetStatus = "active" | "decommissioning" | "decommissioned"; export type EphiDataFlowType = "api_call" | "database_replication" | "file_transfer" | "event_stream" | "user_access"; export type EphiDataFlowEncryption = "encrypted" | "unencrypted" | "partial"; export type EphiDataFlowFrequency = "real_time" | "batch_daily" | "on_demand" | "scheduled"; export type PolicyReviewScheduleStatus = "current" | "review_due" | "overdue"; export type ComplianceTemplateType = "baa" | "npp" | "privacy_policy" | "security_policy" | "incident_response_plan" | "contingency_plan" | "access_control_policy" | "risk_management_plan" | "training_policy" | "sanction_policy" | "breach_notification_policy" | "system_activity_review" | "data_retention_policy" | "minimum_necessary_policy" | "authorization_form" | "dpa"; export type RegulatoryFramework = "hipaa" | "gdpr" | "pci_dss" | "sox"; export type ComplianceOfficerRole = "security_officer" | "privacy_officer" | "compliance_officer"; export type ComplianceRequirementType = "training" | "policy_acknowledgement" | "background_check" | "certification" | "attestation"; export type CdeScopeBoundary = "in_scope" | "out_of_scope" | "connected"; /** Attributes accepted when granting GDPR/HIPAA consent (admin). */ export type GrantConsentRecordAttributes = { user_id?: string; purpose: ConsentPurpose; description?: string; ip_address?: string; user_agent?: string; }; /** Attributes accepted when appending a HIPAA disclosure log (admin). */ export type CreateDisclosureLogAttributes = { workspace_id: string; subject_type: string; subject_id: string; resource_type: string; resource_id: string; recipient_name: string; recipient_type: "llm_provider" | "integration_partner" | "healthcare_provider" | "health_plan" | "government" | "other"; purpose: "treatment" | "payment" | "operations" | "legal" | "research" | "public_health" | "other"; phi_categories?: string[]; disclosure_method: "api_call" | "email" | "webhook" | "file_transfer" | "manual"; legal_basis?: string; disclosed_by_id?: string; disclosed_at: string; metadata?: { [key: string]: unknown; }; }; /** Attributes accepted when creating a GDPR processing activity (admin). */ export type CreateProcessingActivityAttributes = { workspace_id: string; name: string; purpose: string; data_categories?: string[]; data_subjects?: string[]; recipients?: string[]; retention_period?: string; legal_basis?: LawfulBasis; transfer_countries?: string[]; security_measures?: string; status?: ProcessingActivityStatus; ephi_classification?: "contains_ephi" | "no_ephi"; asset_ids?: string[]; minimum_necessary_justification?: string; last_reviewed_at?: string; review_frequency_days?: number; }; /** Attributes accepted when creating a DPIA (admin). */ export type CreateImpactAssessmentAttributes = { workspace_id: string; title: string; description: string; processing_activity_id?: string; risk_level: ImpactAssessmentRiskLevel; status?: ImpactAssessmentStatus; assessor?: string; findings?: string; mitigations?: string; }; /** Attributes accepted when updating a DPIA (admin). */ export type UpdateImpactAssessmentAttributes = { title?: string; description?: string; risk_level?: ImpactAssessmentRiskLevel; status?: ImpactAssessmentStatus; findings?: string; mitigations?: string; }; /** Attributes accepted when approving a DPIA (admin). */ export type ApproveImpactAssessmentAttributes = { approved_by?: string; }; /** Attributes accepted when creating a GDPR data transfer record (admin). */ export type CreateDataTransferRecordAttributes = { workspace_id: string; source_jurisdiction: string; destination_jurisdiction: string; transfer_mechanism: TransferMechanism; data_categories?: string[]; legal_basis?: string; }; /** Attributes accepted when creating a breach notification artifact (admin). */ export type CreateBreachNotificationArtifactAttributes = { workspace_id: string; breach_incident_id: string; artifact_type: BreachNotificationArtifactType; content: string; recipient_count?: number; metadata?: { [key: string]: unknown; }; }; /** Attributes accepted when updating a breach notification artifact (admin). */ export type UpdateBreachNotificationArtifactAttributes = { status?: BreachNotificationArtifactStatus; content?: string; recipient_count?: number; metadata?: { [key: string]: unknown; }; }; /** Attributes accepted when creating a Business Associate Agreement (admin). */ export type CreateBusinessAssociateAgreementAttributes = { application_id: string; workspace_id?: string; counterparty_name: string; counterparty_type: BusinessAssociateAgreementCounterpartyType; direction: BusinessAssociateAgreementDirection; effective_date: string; expiration_date?: string; renewal_type: BusinessAssociateAgreementRenewalType; renewal_reminder_days?: number; phi_scope?: string[]; ephi_asset_id?: string; counterparty_signatory?: string; legal_document_id?: string; }; /** Attributes accepted when updating a Business Associate Agreement (admin). */ export type UpdateBusinessAssociateAgreementAttributes = { counterparty_name?: string; counterparty_type?: BusinessAssociateAgreementCounterpartyType; direction?: BusinessAssociateAgreementDirection; effective_date?: string; expiration_date?: string; renewal_type?: BusinessAssociateAgreementRenewalType; renewal_reminder_days?: number; phi_scope?: string[]; counterparty_signatory?: string; legal_document_id?: string; }; /** Attributes accepted when signing a Business Associate Agreement (admin). */ export type SignBusinessAssociateAgreementAttributes = { signed_by_id?: string; counterparty_signatory?: string; }; /** Attributes accepted when terminating a Business Associate Agreement (admin). */ export type TerminateBusinessAssociateAgreementAttributes = { termination_reason?: string; }; /** Attributes accepted when creating a HIPAA amendment request (admin). */ export type CreateAmendmentRequestAttributes = { workspace_id: string; subject_type: string; subject_id: string; resource_type: string; resource_id: string; domain: string; request_reason: string; requested_changes: { [key: string]: unknown; }; }; /** Attributes accepted when beginning amendment review (admin). */ export type ReviewAmendmentRequestAttributes = { reviewed_by_id?: string; }; /** Attributes accepted when denying an amendment request (admin). */ export type DenyAmendmentRequestAttributes = { denial_reason?: string; }; /** Attributes accepted when creating an ePHI asset (admin). */ export type CreateEphiAssetAttributes = { application_id: string; workspace_id?: string; name: string; asset_type: EphiAssetType; classification: EphiAssetClassification; owner?: string; location: EphiAssetLocation; provider?: string; data_categories?: string[]; encryption_at_rest: boolean; encryption_in_transit: boolean; baa_status: EphiAssetBaaStatus; baa_document_id?: string; last_assessed_at?: string; next_assessment_due?: string; status?: EphiAssetStatus; notes?: string; metadata?: { [key: string]: unknown; }; }; /** Attributes accepted when updating an ePHI asset (admin). */ export type UpdateEphiAssetAttributes = Omit, "application_id" | "workspace_id">; /** Attributes accepted when creating an ePHI data flow (admin). */ export type CreateEphiDataFlowAttributes = { application_id: string; workspace_id?: string; source_asset_id: string; destination_asset_id: string; data_categories?: string[]; flow_type: EphiDataFlowType; protocol?: string; encryption: EphiDataFlowEncryption; frequency: EphiDataFlowFrequency; description?: string; is_active?: boolean; metadata?: { [key: string]: unknown; }; }; /** Attributes accepted when updating an ePHI data flow (admin). */ export type UpdateEphiDataFlowAttributes = Omit, "application_id" | "workspace_id">; /** Attributes accepted when creating a policy review schedule (admin). */ export type CreatePolicyReviewScheduleAttributes = { application_id: string; legal_document_id: string; review_frequency_days?: number; next_review_due: string; status?: PolicyReviewScheduleStatus; review_notes?: string; last_reviewed_at?: string; last_reviewed_by_id?: string; }; /** Attributes accepted when completing a policy review (admin). */ export type CompletePolicyReviewAttributes = { review_notes?: string; last_reviewed_by_id?: string; }; /** Attributes accepted when creating a compliance document template (admin). */ export type CreateComplianceDocumentTemplateAttributes = { template_type: ComplianceTemplateType; regulatory_framework: RegulatoryFramework; title: string; content_template: string; required_variables?: string[]; version: string; is_platform_managed?: boolean; application_id?: string; }; /** Attributes accepted when updating a compliance document template (admin). */ export type UpdateComplianceDocumentTemplateAttributes = { title?: string; content_template?: string; required_variables?: string[]; version?: string; }; /** Attributes accepted when cloning a compliance document template (admin). */ export type CloneComplianceDocumentTemplateAttributes = Omit; /** Attributes accepted when creating a compliance officer designation (admin). */ export type CreateComplianceOfficerDesignationAttributes = { application_id: string; role: ComplianceOfficerRole; user_id: string; designated_at: string; designated_by_id: string; }; /** Attributes accepted when creating a compliance requirement (admin). */ export type CreateComplianceRequirementAttributes = { application_id: string; requirement_type: ComplianceRequirementType; legal_document_id?: string; title: string; description?: string; required_for_roles?: string[]; deadline?: string; is_blocking?: boolean; recurring?: boolean; recurrence_days?: number; framework?: string; }; /** Attributes accepted when updating a compliance requirement (admin). */ export type UpdateComplianceRequirementAttributes = Omit, "application_id" | "requirement_type" | "legal_document_id">; /** Attributes accepted when creating a compliance requirement completion (admin). */ export type CreateComplianceRequirementCompletionAttributes = { user_id: string; completed_at: string; evidence?: { [key: string]: unknown; }; requirement_id: string; }; /** Attributes accepted when creating a PCI-DSS CDE scope report (admin). */ export type CreateCdeScopeReportAttributes = { workspace_id: string; scope_boundary: CdeScopeBoundary; data_flow_map?: { [key: string]: unknown; }; assessor_notes?: string; }; export type CreateLegalDocumentAttributes = { document_type: string; title: string; content: string; version: string; locale?: string; region?: string; is_active?: boolean; requires_acceptance?: boolean; application_id?: string; active_from?: string; active_until?: string; }; export type UpdateLegalDocumentAttributes = Partial>; export type CreateCompliancePolicyAttributes = { application_id: string; compliance_tag: string; strategy: "redact_before_storage" | "encrypt_and_track" | "flag_only" | "block"; }; export type UpdateCompliancePolicyAttributes = Partial>; /** Regulatory framework readiness summary. */ export interface ComplianceFrameworkReadiness { framework: string; requirements_met: number; total_requirements: number; coverage_percentage: number; gaps: string[]; } /** Aggregated compliance posture snapshot for a workspace. */ export interface CompliancePosture { workspace_id: string; open_breaches: number; total_breaches: number; breach_breakdown: Record; overdue_dsrs: number; pending_dsrs: number; total_dsrs: number; risk_assessments_by_level: Record; expiring_risk_assessments: number; active_retention_policies: number; total_retention_policies: number; pii_scans_last_30d: number; pii_scan_breakdown: Record; workspace_consents: number; total_consent_subjects: number; frameworks: ComplianceFrameworkReadiness[]; } type JsonApiQueryOptions = { filter?: Record; sort?: string; include?: string; fields?: Record; page?: number; pageSize?: number; } & RequestOptions; export declare function createComplianceNamespace(rb: RequestBuilder): { /** * Scans text for PII and PHI violations (HIPAA Safe Harbor). * * @param text - The text to scan for compliance violations * @returns Scan result with clean flag, detections, and scrubbed preview * @example * ```typescript * const result = await admin.compliance.scan('Patient DOB: 03/15/1985'); * ``` */ scan(text: string): Promise; /** * Legal document management — CRUD, publish/unpublish, locale/application filtering. * * Legal documents are versioned and locale-aware. Draft documents can be * edited freely; published documents are visible to end users and drive * the consent flow. Use `publish` / `unpublish` to control visibility. */ legalDocuments: { /** * List legal documents with optional pagination. * * @param options - Optional page number, page size, and request options. * @returns An array of `LegalDocument` records. * * @example * ```typescript * const docs = await admin.compliance.legalDocuments.list(); * ``` */ list: (options?: { page?: number; pageSize?: number; } & RequestOptions) => Promise; /** * Retrieve a single legal document by ID. * * @param id - The UUID of the legal document. * @param options - Optional request options. * @returns The matching `LegalDocument`. * * @example * ```typescript * const doc = await admin.compliance.legalDocuments.get('doc-uuid'); * ``` */ get: (id: string, options?: RequestOptions) => Promise; /** * Create a new legal document (initially in draft status). * * @param attributes - Legal document attributes. * @param options - Optional request options. * @returns The newly created `LegalDocument`. * * @example * ```typescript * const doc = await admin.compliance.legalDocuments.create({ * document_type: 'privacy_policy', * title: 'Privacy Policy v2.0', * content: '# Privacy Policy\n...', * version: '2.0.0', * }); * ``` */ create: (attributes: CreateLegalDocumentAttributes, options?: RequestOptions) => Promise; /** * Update a legal document. * * @param id - The UUID of the legal document to update. * @param attributes - Attribute map of fields to change. * @param options - Optional request options. * @returns The updated `LegalDocument`. * * @example * ```typescript * const doc = await admin.compliance.legalDocuments.update('doc-uuid', { * content: '# Updated Policy\n...', * }); * ``` */ update: (id: string, attributes: UpdateLegalDocumentAttributes, options?: RequestOptions) => Promise; /** * Delete a legal document. * * @param id - The UUID of the legal document to delete. * @param options - Optional request options. * @returns `true` on successful deletion. * * @example * ```typescript * await admin.compliance.legalDocuments.delete('doc-uuid'); * ``` */ delete: (id: string, options?: RequestOptions) => Promise; /** * Retrieve legal documents filtered by locale. * * @param locale - A BCP-47 locale string (e.g., `"en"`, `"fr-FR"`). * @param options - Optional request options. * @returns An array of published `LegalDocument` records for that locale. * * @example * ```typescript * const docs = await admin.compliance.legalDocuments.byLocale('fr-FR'); * ``` */ byLocale: (locale: string, options?: RequestOptions) => Promise; /** * Retrieve legal documents for the current application. * * @param options - Optional request options. * @returns An array of `LegalDocument` records for the current application. * * @example * ```typescript * const docs = await admin.compliance.legalDocuments.forApplication(); * ``` */ forApplication: (options?: RequestOptions) => Promise; /** * Publish a legal document, making it visible to end users. * * @param id - The UUID of the legal document to publish. * @param options - Optional request options. * @returns The updated `LegalDocument` with `is_active: true`. * * @example * ```typescript * const doc = await admin.compliance.legalDocuments.publish('doc-uuid'); * ``` */ publish: (id: string, options?: RequestOptions) => Promise; /** * Unpublish a legal document, hiding it from end users. * * @param id - The UUID of the legal document to unpublish. * @param options - Optional request options. * @returns The updated `LegalDocument` with `is_active: false`. * * @example * ```typescript * const doc = await admin.compliance.legalDocuments.unpublish('doc-uuid'); * ``` */ unpublish: (id: string, options?: RequestOptions) => Promise; }; /** * Application compliance-policy CRUD exposed through the admin controller. * * This surface is intentionally nested under `admin.compliance` rather than * introducing a separate top-level namespace. */ compliancePolicies: { /** * List compliance policies for a single application. * * @param applicationId - Application UUID filter. Required by the admin controller. * @param options - Optional request options. * @returns Compliance-policy resource objects for that application. */ list: (applicationId: string, options?: RequestOptions) => Promise; /** * Retrieve one compliance policy by ID. * * @param id - Compliance-policy UUID. * @param options - Optional request options. * @returns The matching compliance-policy resource object. */ get: (id: string, options?: RequestOptions) => Promise; /** * Create a compliance policy for an application/tag pair. * * @param attributes - JSON:API attributes for the new compliance policy. * @param options - Optional request options. * @returns The created compliance-policy resource object. * * @example * ```typescript * const policy = await admin.compliance.compliancePolicies.create({ * application_id: "application-uuid", * tag_id: "tag-uuid", * enforcement_mode: "block", * }); * ``` */ create: (attributes: CreateCompliancePolicyAttributes, options?: RequestOptions) => Promise; /** * Update an existing compliance policy. * * @param id - Compliance-policy UUID. * @param attributes - JSON:API attributes to patch. * @param options - Optional request options. * @returns The updated compliance-policy resource object. * * @example * ```typescript * const policy = await admin.compliance.compliancePolicies.update("policy-uuid", { * enforcement_mode: "warn", * }); * ``` */ update: (id: string, attributes: UpdateCompliancePolicyAttributes, options?: RequestOptions) => Promise; /** * Delete a compliance policy. * * @param id - Compliance-policy UUID. * @param options - Optional request options. * @returns `true` on successful deletion. * * @example * ```typescript * await admin.compliance.compliancePolicies.delete("policy-uuid"); * ``` */ delete: (id: string, options?: RequestOptions) => Promise; }; /** * Get aggregated compliance posture for a workspace. * * Returns breach stats, DSR metrics, risk assessments, retention policies, * PII scan coverage, consent tracking, and regulatory framework readiness * in a single call. * * @param params - Must include `workspace_id` * @param options - Request options * @returns Compliance posture snapshot * * @example * ```typescript * const posture = await admin.compliance.getPosture({ workspace_id: "..." }); * console.log(posture.open_breaches, posture.frameworks); * ``` */ getPosture: (params: { workspace_id: string; }, options?: RequestOptions) => Promise; /** * Scan Results — immutable PII/PHI scan audit records. * * Read-only admin namespace for reviewing content scan outcomes and the * strategy applied to each scanned payload. */ scanResults: { /** * List scan results with optional filtering, sorting, and pagination. * * @param options - Optional JSON:API query and request options. * @returns An array of `ScanResult` resource records. * * @example * ```typescript * const scans = await admin.compliance.scanResults.list({ * filter: { strategy_applied: "redact_before_storage" }, * pageSize: 50, * }); * ``` */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single scan result by ID. * * @param id - The UUID of the scan result. * @param options - Optional request options. * @returns The matching `ScanResult`. * * @example * ```typescript * const scan = await admin.compliance.scanResults.get("scan-uuid"); * ``` */ get: (id: string, options?: RequestOptions) => Promise; }; /** * Access Logs — HIPAA access accounting records. * * Read-only admin namespace for immutable access audit entries written by * the compliance domain. */ accessLogs: { /** * List access log entries with optional filtering, sorting, and pagination. * * @param options - Optional JSON:API query and request options. * @returns An array of `AccessLog` records. * * @example * ```typescript * const logs = await admin.compliance.accessLogs.list({ * filter: { resource_type: "patient_record" }, * pageSize: 50, * }); * ``` */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single access log entry by ID. * * @param id - The UUID of the access log entry. * @param options - Optional request options. * @returns The matching `AccessLog`. * * @example * ```typescript * const log = await admin.compliance.accessLogs.get("access-log-uuid"); * ``` */ get: (id: string, options?: RequestOptions) => Promise; }; /** * Audit Chain Entries — tamper-evident compliance audit trail. * * Read-only admin namespace for verifying hash-chain continuity and * inspecting signed compliance event payloads. */ auditChainEntries: { /** * List audit chain entries with optional filtering, sorting, and pagination. * * @param options - Optional JSON:API query and request options. * @returns An array of `AuditChainEntry` records. * * @example * ```typescript * const entries = await admin.compliance.auditChainEntries.list({ * sort: "sequence_number", * pageSize: 100, * }); * ``` */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single audit chain entry by ID. * * @param id - The UUID of the audit chain entry. * @param options - Optional request options. * @returns The matching `AuditChainEntry`. * * @example * ```typescript * const entry = await admin.compliance.auditChainEntries.get("entry-uuid"); * ``` */ get: (id: string, options?: RequestOptions) => Promise; }; /** * Disclosure Logs — HIPAA accounting of PHI disclosures. * * Append-only admin namespace for recording and reviewing disclosures to * third parties. */ disclosureLogs: { /** * List disclosure logs with optional filtering, sorting, and pagination. * * @param options - Optional JSON:API query and request options. * @returns An array of `DisclosureLog` records. * * @example * ```typescript * const disclosures = await admin.compliance.disclosureLogs.list({ * filter: { recipient_type: "llm_provider" }, * }); * ``` */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single disclosure log by ID. * * @param id - The UUID of the disclosure log. * @param options - Optional request options. * @returns The matching `DisclosureLog`. * * @example * ```typescript * const disclosure = await admin.compliance.disclosureLogs.get("disclosure-uuid"); * ``` */ get: (id: string, options?: RequestOptions) => Promise; /** * List disclosures for a specific data subject. * * @param subjectType - Subject type, such as `"patient"` or `"contact"`. * @param subjectId - Subject UUID. * @param options - Optional JSON:API query and request options. * @returns An array of matching `DisclosureLog` records. * * @example * ```typescript * const history = await admin.compliance.disclosureLogs.listBySubject( * "patient", * "patient-uuid", * ); * ``` */ listBySubject: (subjectType: string, subjectId: string, options?: JsonApiQueryOptions) => Promise; /** * Append a PHI disclosure log. * * @param attributes - Disclosure accounting attributes. * @param options - Optional request options. * @returns The newly created `DisclosureLog`. * * @example * ```typescript * const disclosure = await admin.compliance.disclosureLogs.create({ * workspace_id: "workspace-uuid", * subject_type: "patient", * subject_id: "patient-uuid", * resource_type: "clinical_note", * resource_id: "note-uuid", * recipient_name: "OpenRouter", * recipient_type: "llm_provider", * purpose: "treatment", * disclosure_method: "api_call", * disclosed_at: new Date().toISOString(), * }); * ``` */ create: (attributes: CreateDisclosureLogAttributes, options?: RequestOptions) => Promise; }; /** * Consent Records — purpose-specific GDPR/HIPAA consent lifecycle. * * Admin namespace for reviewing active consent, granting consent on behalf * of users, and withdrawing existing consent grants. */ consentRecords: { /** * List consent records with optional filtering, sorting, and pagination. * * @param options - Optional JSON:API query and request options. * @returns An array of `ConsentRecord` records. * * @example * ```typescript * const records = await admin.compliance.consentRecords.list({ * filter: { status: "granted" }, * }); * ``` */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single consent record by ID. * * @param id - The UUID of the consent record. * @param options - Optional request options. * @returns The matching `ConsentRecord`. * * @example * ```typescript * const record = await admin.compliance.consentRecords.get("consent-uuid"); * ``` */ get: (id: string, options?: RequestOptions) => Promise; /** * List active consent records for a user. * * @param userId - User UUID. * @param options - Optional JSON:API query and request options. * @returns Active `ConsentRecord` records for the user. * * @example * ```typescript * const active = await admin.compliance.consentRecords.listActive("user-uuid"); * ``` */ listActive: (userId: string, options?: JsonApiQueryOptions) => Promise; /** * Grant consent for a processing purpose. * * @param attributes - Consent grant attributes. * @param options - Optional request options. * @returns The newly created `ConsentRecord`. * * @example * ```typescript * const record = await admin.compliance.consentRecords.grant({ * user_id: "user-uuid", * purpose: "ai_document_processing", * description: "AI document processing consent", * }); * ``` */ grant: (attributes: GrantConsentRecordAttributes, options?: RequestOptions) => Promise; /** * Withdraw an existing consent grant. * * @param id - The UUID of the consent record to withdraw. * @param options - Optional request options. * @returns The withdrawn `ConsentRecord`. * * @example * ```typescript * const record = await admin.compliance.consentRecords.withdraw("consent-uuid"); * ``` */ withdraw: (id: string, options?: RequestOptions) => Promise; }; /** * Legal Acceptances — immutable ToS/privacy-policy acceptance audit trail. * * Read-only admin namespace for reviewing legal-document acceptance records. */ legalAcceptances: { /** * List legal acceptances with optional filtering, sorting, and pagination. * * @param options - Optional JSON:API query and request options. * @returns An array of `LegalAcceptance` records. * * @example * ```typescript * const acceptances = await admin.compliance.legalAcceptances.list({ * filter: { document_type: "privacy_policy" }, * }); * ``` */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single legal acceptance by ID. * * @param id - The UUID of the legal acceptance. * @param options - Optional request options. * @returns The matching `LegalAcceptance`. * * @example * ```typescript * const acceptance = await admin.compliance.legalAcceptances.get("acceptance-uuid"); * ``` */ get: (id: string, options?: RequestOptions) => Promise; /** * Retrieve the latest acceptance for a user and document type. * * @param userId - User UUID. * @param documentType - Legal document type. * @param options - Optional JSON:API query and request options. * @returns Latest matching `LegalAcceptance`. * * @example * ```typescript * const latest = await admin.compliance.legalAcceptances.listLatest( * "user-uuid", * "terms_of_service", * ); * ``` */ listLatest: (userId: string, documentType: LegalDocumentAcceptanceType, options?: JsonApiQueryOptions) => Promise; }; /** * Processing Activities — GDPR Article 30 ROPA entries. * * Admin namespace for documenting processing purposes, legal bases, data * categories, recipients, and security measures. */ processingActivities: { /** * List processing activities with optional filtering, sorting, and pagination. * * @param options - Optional JSON:API query and request options. * @returns An array of `ProcessingActivity` records. * * @example * ```typescript * const activities = await admin.compliance.processingActivities.list({ * filter: { status: "active" }, * }); * ``` */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single processing activity by ID. * * @param id - The UUID of the processing activity. * @param options - Optional request options. * @returns The matching `ProcessingActivity`. * * @example * ```typescript * const activity = await admin.compliance.processingActivities.get("activity-uuid"); * ``` */ get: (id: string, options?: RequestOptions) => Promise; /** * Create a processing activity. * * @param attributes - Processing activity attributes. * @param options - Optional request options. * @returns The newly created `ProcessingActivity`. * * @example * ```typescript * const activity = await admin.compliance.processingActivities.create({ * workspace_id: "workspace-uuid", * name: "AI document processing", * purpose: "Extract structured fields from uploaded documents", * legal_basis: "consent", * }); * ``` */ create: (attributes: CreateProcessingActivityAttributes, options?: RequestOptions) => Promise; /** * Delete a processing activity. * * @param id - The UUID of the processing activity to delete. * @param options - Optional request options. * @returns `true` on successful deletion. * * @example * ```typescript * await admin.compliance.processingActivities.delete("activity-uuid"); * ``` */ delete: (id: string, options?: RequestOptions) => Promise; }; /** * Impact Assessments — GDPR Article 35 DPIA workflow. * * Admin namespace for creating, updating, and approving data protection * impact assessments. */ impactAssessments: { /** * List impact assessments with optional filtering, sorting, and pagination. * * @param options - Optional JSON:API query and request options. * @returns An array of `DataProtectionImpactAssessment` records. * * @example * ```typescript * const dpias = await admin.compliance.impactAssessments.list({ * filter: { status: "in_review" }, * }); * ``` */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single impact assessment by ID. * * @param id - The UUID of the impact assessment. * @param options - Optional request options. * @returns The matching `DataProtectionImpactAssessment`. * * @example * ```typescript * const dpia = await admin.compliance.impactAssessments.get("dpia-uuid"); * ``` */ get: (id: string, options?: RequestOptions) => Promise; /** * Create an impact assessment. * * @param attributes - Impact assessment attributes. * @param options - Optional request options. * @returns The newly created `DataProtectionImpactAssessment`. * * @example * ```typescript * const dpia = await admin.compliance.impactAssessments.create({ * workspace_id: "workspace-uuid", * title: "AI document processing DPIA", * description: "Assessment of high-risk document processing", * risk_level: "high", * }); * ``` */ create: (attributes: CreateImpactAssessmentAttributes, options?: RequestOptions) => Promise; /** * Update an impact assessment. * * @param id - The UUID of the impact assessment. * @param attributes - Fields to update. * @param options - Optional request options. * @returns The updated `DataProtectionImpactAssessment`. * * @example * ```typescript * const dpia = await admin.compliance.impactAssessments.update("dpia-uuid", { * status: "in_review", * findings: "Residual risk documented", * }); * ``` */ update: (id: string, attributes: UpdateImpactAssessmentAttributes, options?: RequestOptions) => Promise; /** * Approve an impact assessment. * * @param id - The UUID of the impact assessment. * @param attributes - Optional approval attributes. * @param options - Optional request options. * @returns The approved `DataProtectionImpactAssessment`. * * @example * ```typescript * const dpia = await admin.compliance.impactAssessments.approve("dpia-uuid", { * approved_by: "Privacy Officer", * }); * ``` */ approve: (id: string, attributes?: ApproveImpactAssessmentAttributes, options?: RequestOptions) => Promise; }; /** * Data Transfer Records — GDPR Chapter V cross-border transfer log. * * Admin namespace for documenting source and destination jurisdictions, * legal transfer mechanisms, and data categories. */ dataTransferRecords: { /** * List data transfer records with optional filtering, sorting, and pagination. * * @param options - Optional JSON:API query and request options. * @returns An array of `DataTransferRecord` records. * * @example * ```typescript * const transfers = await admin.compliance.dataTransferRecords.list({ * filter: { destination_jurisdiction: "US" }, * }); * ``` */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single data transfer record by ID. * * @param id - The UUID of the data transfer record. * @param options - Optional request options. * @returns The matching `DataTransferRecord`. * * @example * ```typescript * const transfer = await admin.compliance.dataTransferRecords.get("transfer-uuid"); * ``` */ get: (id: string, options?: RequestOptions) => Promise; /** * Create a data transfer record. * * @param attributes - Data transfer attributes. * @param options - Optional request options. * @returns The newly created `DataTransferRecord`. * * @example * ```typescript * const transfer = await admin.compliance.dataTransferRecords.create({ * workspace_id: "workspace-uuid", * source_jurisdiction: "DE", * destination_jurisdiction: "US", * transfer_mechanism: "scc", * data_categories: ["clinical_notes"], * }); * ``` */ create: (attributes: CreateDataTransferRecordAttributes, options?: RequestOptions) => Promise; /** * Delete a data transfer record. * * @param id - The UUID of the data transfer record to delete. * @param options - Optional request options. * @returns `true` on successful deletion. * * @example * ```typescript * await admin.compliance.dataTransferRecords.delete("transfer-uuid"); * ``` */ delete: (id: string, options?: RequestOptions) => Promise; }; /** * Breach Notifications — legacy HIPAA breach notification records. * * Read-only admin namespace for historical breach notification rows. New * breach work should use breach incidents and notification artifacts. */ breachNotifications: { /** * List breach notifications with optional filtering, sorting, and pagination. * * @param options - Optional JSON:API query and request options. * @returns An array of `BreachNotification` records. * * @example * ```typescript * const notifications = await admin.compliance.breachNotifications.list(); * ``` */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single breach notification by ID. * * @param id - The UUID of the breach notification. * @param options - Optional request options. * @returns The matching `BreachNotification`. */ get: (id: string, options?: RequestOptions) => Promise; }; /** * Breach Notification Artifacts — generated HIPAA notification documents. * * Admin namespace for drafting, reviewing, and sending notification * artifacts tied to breach incidents. */ breachNotificationArtifacts: { /** * List breach notification artifacts. * * @param options - Optional JSON:API query and request options. * @returns An array of `BreachNotificationArtifact` records. */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single breach notification artifact by ID. * * @param id - Breach notification artifact UUID. * @param options - Optional request options. * @returns The matching `BreachNotificationArtifact`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Create a breach notification artifact. * * @param attributes - Artifact draft attributes. * @param options - Optional request options. * @returns The newly created `BreachNotificationArtifact`. * * @example * ```typescript * const artifact = await admin.compliance.breachNotificationArtifacts.create({ * workspace_id: "workspace-uuid", * breach_incident_id: "incident-uuid", * artifact_type: "individual_notification", * content: "Notification body", * }); * ``` */ create: (attributes: CreateBreachNotificationArtifactAttributes, options?: RequestOptions) => Promise; /** * Update a breach notification artifact. * * @param id - Artifact UUID. * @param attributes - Fields to update. * @param options - Optional request options. * @returns The updated `BreachNotificationArtifact`. * * @example * ```typescript * const artifact = await admin.compliance.breachNotificationArtifacts.update( * "artifact-uuid", * { status: "reviewed" }, * ); * ``` */ update: (id: string, attributes: UpdateBreachNotificationArtifactAttributes, options?: RequestOptions) => Promise; /** * Mark a breach notification artifact as sent. * * @param id - Artifact UUID. * @param options - Optional request options. * @returns The sent `BreachNotificationArtifact`. * * @example * ```typescript * const artifact = await admin.compliance.breachNotificationArtifacts.send("artifact-uuid"); * ``` */ send: (id: string, options?: RequestOptions) => Promise; }; /** * Business Associate Agreements — HIPAA BAA tracking. * * Admin namespace for creating, signing, updating, and terminating BAAs. */ businessAssociateAgreements: { /** * List Business Associate Agreements. * * @param options - Optional JSON:API query and request options. * @returns An array of `BusinessAssociateAgreement` records. */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single Business Associate Agreement by ID. * * @param id - Business Associate Agreement UUID. * @param options - Optional request options. * @returns The matching `BusinessAssociateAgreement`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Create a Business Associate Agreement. * * @param attributes - BAA attributes. * @param options - Optional request options. * @returns The newly created `BusinessAssociateAgreement`. * * @example * ```typescript * const baa = await admin.compliance.businessAssociateAgreements.create({ * application_id: "application-uuid", * counterparty_name: "Acme Analytics", * counterparty_type: "business_associate", * direction: "downstream", * effective_date: "2026-05-16", * renewal_type: "manual_renew", * }); * ``` */ create: (attributes: CreateBusinessAssociateAgreementAttributes, options?: RequestOptions) => Promise; /** * Update a Business Associate Agreement. * * @param id - BAA UUID. * @param attributes - Fields to update. * @param options - Optional request options. * @returns The updated `BusinessAssociateAgreement`. * * @example * ```typescript * const baa = await admin.compliance.businessAssociateAgreements.update("baa-uuid", { * renewal_reminder_days: 120, * }); * ``` */ update: (id: string, attributes: UpdateBusinessAssociateAgreementAttributes, options?: RequestOptions) => Promise; /** * Sign a Business Associate Agreement. * * @param id - BAA UUID. * @param attributes - Signature attributes. * @param options - Optional request options. * @returns The active `BusinessAssociateAgreement`. * * @example * ```typescript * const baa = await admin.compliance.businessAssociateAgreements.sign("baa-uuid", { * signed_by_id: "user-uuid", * }); * ``` */ sign: (id: string, attributes?: SignBusinessAssociateAgreementAttributes, options?: RequestOptions) => Promise; /** * Terminate a Business Associate Agreement. * * @param id - BAA UUID. * @param attributes - Termination attributes. * @param options - Optional request options. * @returns The terminated `BusinessAssociateAgreement`. * * @example * ```typescript * const baa = await admin.compliance.businessAssociateAgreements.terminate("baa-uuid", { * termination_reason: "Vendor offboarded", * }); * ``` */ terminate: (id: string, attributes?: TerminateBusinessAssociateAgreementAttributes, options?: RequestOptions) => Promise; }; /** * Amendment Requests — HIPAA PHI amendment workflow. * * Admin namespace for request, review, approval, denial, and application. */ amendmentRequests: { /** * List amendment requests. * * @param options - Optional JSON:API query and request options. * @returns An array of `AmendmentRequest` records. */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single amendment request by ID. * * @param id - Amendment request UUID. * @param options - Optional request options. * @returns The matching `AmendmentRequest`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Create an amendment request. * * @param attributes - Amendment request attributes. * @param options - Optional request options. * @returns The newly created `AmendmentRequest`. * * @example * ```typescript * const request = await admin.compliance.amendmentRequests.create({ * workspace_id: "workspace-uuid", * subject_type: "patient", * subject_id: "patient-uuid", * resource_type: "clinical_note", * resource_id: "note-uuid", * domain: "clinical", * request_reason: "Incorrect medication dosage", * requested_changes: { medication_dosage: "10mg" }, * }); * ``` */ create: (attributes: CreateAmendmentRequestAttributes, options?: RequestOptions) => Promise; /** * Begin reviewing an amendment request. * * @param id - Amendment request UUID. * @param attributes - Review attributes. * @param options - Optional request options. * @returns The reviewed `AmendmentRequest`. * * @example * ```typescript * const request = await admin.compliance.amendmentRequests.review("request-uuid", { * reviewed_by_id: "admin-user-uuid", * }); * ``` */ review: (id: string, attributes?: ReviewAmendmentRequestAttributes, options?: RequestOptions) => Promise; /** * Approve an amendment request. * * @param id - Amendment request UUID. * @param options - Optional request options. * @returns The approved `AmendmentRequest`. * * @example * ```typescript * const request = await admin.compliance.amendmentRequests.approve("request-uuid"); * ``` */ approve: (id: string, options?: RequestOptions) => Promise; /** * Deny an amendment request. * * @param id - Amendment request UUID. * @param attributes - Denial attributes. * @param options - Optional request options. * @returns The denied `AmendmentRequest`. * * @example * ```typescript * const request = await admin.compliance.amendmentRequests.deny("request-uuid", { * denial_reason: "Requested change is not supported by the source record.", * }); * ``` */ deny: (id: string, attributes?: DenyAmendmentRequestAttributes, options?: RequestOptions) => Promise; /** * Mark an approved amendment as applied. * * @param id - Amendment request UUID. * @param options - Optional request options. * @returns The applied `AmendmentRequest`. * * @example * ```typescript * const request = await admin.compliance.amendmentRequests.applyAmendment("request-uuid"); * ``` */ applyAmendment: (id: string, options?: RequestOptions) => Promise; }; /** * ePHI Assets — HIPAA technology asset inventory. */ ephiAssets: { /** * List ePHI assets. * * @param options - Optional JSON:API query and request options. * @returns An array of `EphiAsset` records. */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single ePHI asset by ID. * * @param id - ePHI asset UUID. * @param options - Optional request options. * @returns The matching `EphiAsset`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Create an ePHI asset. * * @param attributes - ePHI asset attributes. * @param options - Optional request options. * @returns The newly created `EphiAsset`. * * @example * ```typescript * const asset = await admin.compliance.ephiAssets.create({ * application_id: "application-uuid", * name: "Clinical database", * asset_type: "database", * classification: "ephi_primary", * location: "cloud", * encryption_at_rest: true, * encryption_in_transit: true, * baa_status: "in_place", * }); * ``` */ create: (attributes: CreateEphiAssetAttributes, options?: RequestOptions) => Promise; /** * Update an ePHI asset. * * @param id - ePHI asset UUID. * @param attributes - Fields to update. * @param options - Optional request options. * @returns The updated `EphiAsset`. * * @example * ```typescript * const asset = await admin.compliance.ephiAssets.update("asset-uuid", { * baa_status: "in_place", * next_assessment_due: "2027-05-16", * }); * ``` */ update: (id: string, attributes: UpdateEphiAssetAttributes, options?: RequestOptions) => Promise; }; /** * ePHI Data Flows — system-to-system PHI movement map. */ ephiDataFlows: { /** * List ePHI data flows. * * @param options - Optional JSON:API query and request options. * @returns An array of `EphiDataFlow` records. */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single ePHI data flow by ID. * * @param id - ePHI data flow UUID. * @param options - Optional request options. * @returns The matching `EphiDataFlow`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Create an ePHI data flow. * * @param attributes - ePHI data flow attributes. * @param options - Optional request options. * @returns The newly created `EphiDataFlow`. * * @example * ```typescript * const flow = await admin.compliance.ephiDataFlows.create({ * application_id: "application-uuid", * source_asset_id: "asset-source-uuid", * destination_asset_id: "asset-destination-uuid", * data_categories: ["demographics", "clinical_notes"], * flow_type: "api", * protocol: "https", * encryption: "tls_1_3", * frequency: "real_time", * }); * ``` */ create: (attributes: CreateEphiDataFlowAttributes, options?: RequestOptions) => Promise; /** * Update an ePHI data flow. * * @param id - ePHI data flow UUID. * @param attributes - Fields to update. * @param options - Optional request options. * @returns The updated `EphiDataFlow`. * * @example * ```typescript * const flow = await admin.compliance.ephiDataFlows.update("flow-uuid", { * is_active: false, * description: "Retired after vendor offboarding.", * }); * ``` */ update: (id: string, attributes: UpdateEphiDataFlowAttributes, options?: RequestOptions) => Promise; }; /** * Policy Review Schedules — HIPAA policy review cadence tracking. * * Admin namespace for scheduling, completing, and marking policy reviews. */ policyReviewSchedules: { /** * List policy review schedules. * * @param options - Optional JSON:API query and request options. * @returns An array of `PolicyReviewSchedule` records. */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single policy review schedule by ID. * * @param id - Policy review schedule UUID. * @param options - Optional request options. * @returns The matching `PolicyReviewSchedule`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Create a policy review schedule. * * @param attributes - Policy review schedule attributes. * @param options - Optional request options. * @returns The newly created `PolicyReviewSchedule`. * * @example * ```typescript * const schedule = await admin.compliance.policyReviewSchedules.create({ * application_id: "application-uuid", * legal_document_id: "document-uuid", * next_review_due: "2027-05-16", * }); * ``` */ create: (attributes: CreatePolicyReviewScheduleAttributes, options?: RequestOptions) => Promise; /** * Complete a policy review. * * @param id - Policy review schedule UUID. * @param attributes - Review completion attributes. * @param options - Optional request options. * @returns The updated `PolicyReviewSchedule`. * * @example * ```typescript * const schedule = await admin.compliance.policyReviewSchedules.completeReview( * "schedule-uuid", * { review_notes: "Reviewed without changes" }, * ); * ``` */ completeReview: (id: string, attributes?: CompletePolicyReviewAttributes, options?: RequestOptions) => Promise; /** * Mark a policy review schedule due. * * @param id - Policy review schedule UUID. * @param options - Optional request options. * @returns The updated `PolicyReviewSchedule`. * * @example * ```typescript * const schedule = await admin.compliance.policyReviewSchedules.markDue("schedule-uuid"); * ``` */ markDue: (id: string, options?: RequestOptions) => Promise; /** * Mark a policy review schedule overdue. * * @param id - Policy review schedule UUID. * @param options - Optional request options. * @returns The updated `PolicyReviewSchedule`. * * @example * ```typescript * const schedule = await admin.compliance.policyReviewSchedules.markOverdue("schedule-uuid"); * ``` */ markOverdue: (id: string, options?: RequestOptions) => Promise; }; /** * Compliance Document Templates — policy and procedure templates. * * Admin namespace for platform templates and application-specific clones. */ complianceDocumentTemplates: { /** * List compliance document templates. * * @param options - Optional JSON:API query and request options. * @returns An array of `ComplianceDocumentTemplate` records. */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a single compliance document template by ID. * * @param id - Template UUID. * @param options - Optional request options. * @returns The matching `ComplianceDocumentTemplate`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Create a compliance document template. * * @param attributes - Template attributes. * @param options - Optional request options. * @returns The newly created `ComplianceDocumentTemplate`. * * @example * ```typescript * const template = await admin.compliance.complianceDocumentTemplates.create({ * template_type: "security_policy", * regulatory_framework: "hipaa", * title: "Security Policy", * content_template: "# Security Policy", * version: "1.0.0", * }); * ``` */ create: (attributes: CreateComplianceDocumentTemplateAttributes, options?: RequestOptions) => Promise; /** * Update a compliance document template. * * @param id - Template UUID. * @param attributes - Fields to update. * @param options - Optional request options. * @returns The updated `ComplianceDocumentTemplate`. * * @example * ```typescript * const template = await admin.compliance.complianceDocumentTemplates.update( * "template-uuid", * { version: "1.0.1" }, * ); * ``` */ update: (id: string, attributes: UpdateComplianceDocumentTemplateAttributes, options?: RequestOptions) => Promise; /** * Clone a compliance document template for an application. * * @param attributes - Clone attributes. * @param options - Optional request options. * @returns The cloned `ComplianceDocumentTemplate`. * * @example * ```typescript * const template = await admin.compliance.complianceDocumentTemplates.clone({ * application_id: "application-uuid", * template_type: "npp", * regulatory_framework: "hipaa", * title: "Notice of Privacy Practices", * content_template: "# NPP", * version: "1.0.0", * }); * ``` */ clone: (attributes: CloneComplianceDocumentTemplateAttributes, options?: RequestOptions) => Promise; }; /** * Compliance Officer Designations — HIPAA officer role assignments. */ complianceOfficerDesignations: { /** * List compliance officer designations. * * @param options - Optional JSON:API query and request options. * @returns An array of `ComplianceOfficerDesignation` records. */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a compliance officer designation by ID. * * @param id - Designation UUID. * @param options - Optional request options. * @returns The matching `ComplianceOfficerDesignation`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Create a compliance officer designation. * * @param attributes - Designation attributes. * @param options - Optional request options. * @returns The newly created `ComplianceOfficerDesignation`. * * @example * ```typescript * const designation = await admin.compliance.complianceOfficerDesignations.create({ * application_id: "application-uuid", * role: "privacy_officer", * user_id: "user-uuid", * designated_at: new Date().toISOString(), * designated_by_id: "admin-user-uuid", * }); * ``` */ create: (attributes: CreateComplianceOfficerDesignationAttributes, options?: RequestOptions) => Promise; /** * Revoke a compliance officer designation. * * @param id - Designation UUID. * @param options - Optional request options. * @returns The revoked `ComplianceOfficerDesignation`. * * @example * ```typescript * const designation = await admin.compliance.complianceOfficerDesignations.revoke("designation-uuid"); * ``` */ revoke: (id: string, options?: RequestOptions) => Promise; }; /** * Compliance Requirements — workforce training and attestation rules. */ complianceRequirements: { /** * List compliance requirements. * * @param options - Optional JSON:API query and request options. * @returns An array of `ComplianceRequirement` records. */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a compliance requirement by ID. * * @param id - Requirement UUID. * @param options - Optional request options. * @returns The matching `ComplianceRequirement`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Create a compliance requirement. * * @param attributes - Requirement attributes. * @param options - Optional request options. * @returns The newly created `ComplianceRequirement`. * * @example * ```typescript * const requirement = await admin.compliance.complianceRequirements.create({ * application_id: "application-uuid", * requirement_type: "training", * title: "Annual HIPAA training", * }); * ``` */ create: (attributes: CreateComplianceRequirementAttributes, options?: RequestOptions) => Promise; /** * Update a compliance requirement. * * @param id - Requirement UUID. * @param attributes - Fields to update. * @param options - Optional request options. * @returns The updated `ComplianceRequirement`. * * @example * ```typescript * const requirement = await admin.compliance.complianceRequirements.update( * "requirement-uuid", * { is_blocking: true }, * ); * ``` */ update: (id: string, attributes: UpdateComplianceRequirementAttributes, options?: RequestOptions) => Promise; /** * Delete a compliance requirement. * * @param id - Requirement UUID. * @param options - Optional request options. * @returns `true` on successful deletion. * * @example * ```typescript * await admin.compliance.complianceRequirements.delete("requirement-uuid"); * ``` */ delete: (id: string, options?: RequestOptions) => Promise; }; /** * Compliance Requirement Completions — append-only completion records. */ complianceRequirementCompletions: { /** * List compliance requirement completions. * * @param options - Optional JSON:API query and request options. * @returns An array of `ComplianceRequirementCompletion` records. */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a compliance requirement completion by ID. * * @param id - Completion UUID. * @param options - Optional request options. * @returns The matching `ComplianceRequirementCompletion`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Create a compliance requirement completion. * * @param attributes - Completion attributes. * @param options - Optional request options. * @returns The newly created `ComplianceRequirementCompletion`. * * @example * ```typescript * const completion = await admin.compliance.complianceRequirementCompletions.create({ * user_id: "user-uuid", * requirement_id: "requirement-uuid", * completed_at: new Date().toISOString(), * }); * ``` */ create: (attributes: CreateComplianceRequirementCompletionAttributes, options?: RequestOptions) => Promise; }; /** * CDE Scope Reports — PCI-DSS Cardholder Data Environment scope reports. */ cdeScopeReports: { /** * List CDE scope reports. * * @param options - Optional JSON:API query and request options. * @returns An array of `CdeScopeReport` records. */ list: (options?: JsonApiQueryOptions) => Promise; /** * Retrieve a CDE scope report by ID. * * @param id - CDE scope report UUID. * @param options - Optional request options. * @returns The matching `CdeScopeReport`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Create a CDE scope report. * * @param attributes - CDE scope report attributes. * @param options - Optional request options. * @returns The newly created `CdeScopeReport`. * * @example * ```typescript * const report = await admin.compliance.cdeScopeReports.create({ * workspace_id: "workspace-uuid", * scope_boundary: "connected", * data_flow_map: { payments: ["tokenized_checkout"] }, * }); * ``` */ create: (attributes: CreateCdeScopeReportAttributes, options?: RequestOptions) => Promise; /** * Delete a CDE scope report. * * @param id - CDE scope report UUID. * @param options - Optional request options. * @returns `true` on successful deletion. * * @example * ```typescript * await admin.compliance.cdeScopeReports.delete("report-uuid"); * ``` */ delete: (id: string, options?: RequestOptions) => Promise; }; /** * Breach Incidents — data breach tracking for ISV administrators. * * Provides the same lifecycle management as the client namespace, but * scoped to the ISV's admin surface (`/admin/breach-incidents/`). */ breachIncidents: { /** * List breach incidents. * * @param options - Optional page number, page size, and request options. * @returns An array of `BreachIncident` records. */ list: (options?: { page?: number; pageSize?: number; } & RequestOptions) => Promise; /** * Retrieve a single breach incident by ID. * * @param id - The UUID of the breach incident. * @param options - Optional request options. * @returns The matching `BreachIncident`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Report a new breach incident. * * @param attributes - Incident details. `incident_type` and `discovery_date` are required. * @param options - Optional request options. * @returns The newly created `BreachIncident`. * * @example * ```typescript * const incident = await admin.compliance.breachIncidents.create({ * workspace_id: "workspace-uuid", * incident_type: "unauthorized_access", * severity: "high", * discovery_date: new Date().toISOString(), * description: "Unauthorized read of patient records from internal IP.", * affected_count: 12, * }); * ``` */ create: (attributes: CreateBreachIncidentAttributes, options?: RequestOptions) => Promise; /** * Update the status of a breach incident. * * @param id - The UUID of the breach incident. * @param attributes - Status update fields. * @param options - Optional request options. * @returns The updated `BreachIncident`. * * @example * ```typescript * const incident = await admin.compliance.breachIncidents.updateStatus("incident-uuid", { * status: "contained", * }); * ``` */ updateStatus: (id: string, attributes: UpdateBreachIncidentStatusAttributes, options?: RequestOptions) => Promise; }; /** * Data Subject Requests — GDPR/HIPAA DSR lifecycle for ISV administrators. * * Manage data subject access, erasure, and other rights requests from the * admin surface (`/admin/data-subject-requests/`). */ dataSubjectRequests: { /** * List data subject requests. * * @param options - Optional page number, page size, and request options. * @returns An array of `DataSubjectRequest` records. */ list: (options?: { page?: number; pageSize?: number; } & RequestOptions) => Promise; /** * Retrieve a single data subject request by ID. * * @param id - The UUID of the data subject request. * @param options - Optional request options. * @returns The matching `DataSubjectRequest`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Open a new data subject request. * * @param attributes - Request details. `request_type`, `data_subject_email`, and `requested_by` are required. * @param options - Optional request options. * @returns The newly created `DataSubjectRequest`. * * @example * ```typescript * const request = await admin.compliance.dataSubjectRequests.create({ * workspace_id: "workspace-uuid", * request_type: "access", * data_subject_email: "patient@example.com", * requested_by: "privacy-officer@example.com", * due_date: "2026-06-15", * }); * ``` */ create: (attributes: CreateDataSubjectRequestAttributes, options?: RequestOptions) => Promise; /** * Update the status of a data subject request. * * @param id - The UUID of the data subject request. * @param attributes - Status update fields. * @param options - Optional request options. * @returns The updated `DataSubjectRequest`. * * @example * ```typescript * const request = await admin.compliance.dataSubjectRequests.updateStatus("request-uuid", { * status: "completed", * }); * ``` */ updateStatus: (id: string, attributes: UpdateDataSubjectRequestStatusAttributes, options?: RequestOptions) => Promise; }; /** * Retention Policies — data lifecycle rules for ISV administrators. * * Create and manage retention policies from the admin surface * (`/admin/retention-policies/`). */ retentionPolicies: { /** * List retention policies. * * @param options - Optional page number, page size, and request options. * @returns An array of `RetentionPolicy` records. */ list: (options?: { page?: number; pageSize?: number; } & RequestOptions) => Promise; /** * Retrieve a single retention policy by ID. * * @param id - The UUID of the retention policy. * @param options - Optional request options. * @returns The matching `RetentionPolicy`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Create a new retention policy. * * @param attributes - Policy attributes. `data_type`, `retention_days`, and `action_on_expiry` are required. * @param options - Optional request options. * @returns The newly created `RetentionPolicy`. * * @example * ```typescript * const policy = await admin.compliance.retentionPolicies.create({ * workspace_id: "workspace-uuid", * data_type: "clinical_notes", * retention_days: 2555, * action_on_expiry: "archive", * }); * ``` */ create: (attributes: CreateRetentionPolicyAttributes, options?: RequestOptions) => Promise; /** * Update a retention policy. * * @param id - The UUID of the retention policy to update. * @param attributes - Fields to change. * @param options - Optional request options. * @returns The updated `RetentionPolicy`. * * @example * ```typescript * const policy = await admin.compliance.retentionPolicies.update("policy-uuid", { * retention_days: 3650, * }); * ``` */ update: (id: string, attributes: UpdateRetentionPolicyAttributes, options?: RequestOptions) => Promise; /** * Delete a retention policy. * * @param id - The UUID of the retention policy to delete. * @param options - Optional request options. * @returns `true` on successful deletion. * * @example * ```typescript * await admin.compliance.retentionPolicies.delete("policy-uuid"); * ``` */ delete: (id: string, options?: RequestOptions) => Promise; }; /** * Risk Assessments — formal risk evaluation for ISV administrators. * * Create, review, and manage risk assessments from the admin surface * (`/admin/risk-assessments/`). */ riskAssessments: { /** * List risk assessments. * * @param options - Optional page number, page size, and request options. * @returns An array of `RiskAssessment` records. */ list: (options?: { page?: number; pageSize?: number; } & RequestOptions) => Promise; /** * Retrieve a single risk assessment by ID. * * @param id - The UUID of the risk assessment. * @param options - Optional request options. * @returns The matching `RiskAssessment`. */ get: (id: string, options?: RequestOptions) => Promise; /** * Create a new risk assessment. * * @param attributes - Assessment attributes. `workspace_id`, `assessment_type`, and `risk_level` are required. * @param options - Optional request options. * @returns The newly created `RiskAssessment`. * * @example * ```typescript * const assessment = await admin.compliance.riskAssessments.create({ * workspace_id: "workspace-uuid", * assessment_type: "hipaa_security_risk", * risk_level: "medium", * title: "Annual HIPAA security risk assessment", * }); * ``` */ create: (attributes: CreateRiskAssessmentAttributes, options?: RequestOptions) => Promise; /** * Update the status of a risk assessment. * * @param id - The UUID of the risk assessment. * @param attributes - Status update fields. * @param options - Optional request options. * @returns The updated `RiskAssessment`. * * @example * ```typescript * const assessment = await admin.compliance.riskAssessments.updateStatus("assessment-uuid", { * status: "reviewed", * }); * ``` */ updateStatus: (id: string, attributes: UpdateRiskAssessmentStatusAttributes, options?: RequestOptions) => Promise; /** * Delete a risk assessment. * * @param id - The UUID of the risk assessment to delete. * @param options - Optional request options. * @returns `true` on successful deletion. * * @example * ```typescript * await admin.compliance.riskAssessments.delete("assessment-uuid"); * ``` */ delete: (id: string, options?: RequestOptions) => Promise; }; }; export {}; //# sourceMappingURL=compliance.d.ts.map