oxideshield_guard/compliance/

report.rs

//! Compliance Report Generation
//!
//! Generates compliance reports mapping OxideShield controls to regulatory frameworks.
//!
//! **License**: Requires Professional tier.

use super::{available_controls, eu_ai_act, nist_ai_rmf, SecurityControl};
use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use std::collections::HashMap;

use oxide_license::{require_feature_sync, Feature, LicenseError};

/// Supported compliance frameworks.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub enum Framework {
    /// NIST AI Risk Management Framework
    NistAiRmf,
    /// EU Artificial Intelligence Act
    EuAiAct,
}

impl Framework {
    /// Get all available frameworks.
    pub fn all() -> &'static [Self] {
        &[Self::NistAiRmf, Self::EuAiAct]
    }

    /// Get the framework name.
    pub fn name(&self) -> &'static str {
        match self {
            Self::NistAiRmf => "NIST AI Risk Management Framework",
            Self::EuAiAct => "EU AI Act",
        }
    }

    /// Get the framework short code.
    pub fn code(&self) -> &'static str {
        match self {
            Self::NistAiRmf => "NIST-AI-RMF",
            Self::EuAiAct => "EU-AI-ACT",
        }
    }

    /// Get the reference URL.
    pub fn reference_url(&self) -> &'static str {
        match self {
            Self::NistAiRmf => "https://www.nist.gov/itl/ai-risk-management-framework",
            Self::EuAiAct => "https://eur-lex.europa.eu/eli/reg/2024/1689",
        }
    }
}

impl std::fmt::Display for Framework {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(f, "{}", self.name())
    }
}

/// Compliance status for a control mapping.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
pub enum ComplianceStatus {
    /// Control is fully compliant.
    Compliant,
    /// Control is partially compliant.
    Partial,
    /// Control needs attention.
    NeedsAttention,
    /// Control is not applicable.
    NotApplicable,
}

impl std::fmt::Display for ComplianceStatus {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::Compliant => write!(f, "Compliant"),
            Self::Partial => write!(f, "Partial"),
            Self::NeedsAttention => write!(f, "Needs Attention"),
            Self::NotApplicable => write!(f, "N/A"),
        }
    }
}

/// A mapping between an OxideShield control and a framework requirement.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ControlMapping {
    /// The OxideShield control.
    pub control: SecurityControl,
    /// Framework this mapping applies to.
    pub framework: Framework,
    /// Requirement IDs addressed by this control.
    pub requirements: Vec<String>,
    /// How the control addresses the requirements.
    pub rationale: String,
    /// Current compliance status.
    pub status: ComplianceStatus,
    /// Coverage percentage (0-100).
    pub coverage_percent: u8,
}

/// A compliance report for one or more frameworks.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ComplianceReport {
    /// Report title.
    pub title: String,
    /// System or deployment being assessed.
    pub system_name: String,
    /// Report generation timestamp.
    pub generated_at: DateTime<Utc>,
    /// OxideShield version.
    pub oxideshield_version: String,
    /// Frameworks included in this report.
    pub frameworks: Vec<Framework>,
    /// Control mappings.
    pub mappings: Vec<ControlMapping>,
    /// Active guards in the deployment.
    pub active_guards: Vec<String>,
    /// Summary statistics.
    pub summary: ComplianceSummary,
    /// Additional notes.
    pub notes: Vec<String>,
}

/// Summary statistics for a compliance report.
#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct ComplianceSummary {
    /// Total controls evaluated.
    pub total_controls: usize,
    /// Controls that are compliant.
    pub compliant_controls: usize,
    /// Controls that are partially compliant.
    pub partial_controls: usize,
    /// Controls needing attention.
    pub needs_attention: usize,
    /// Overall compliance percentage.
    pub overall_percentage: u8,
    /// Breakdown by framework.
    pub by_framework: HashMap<String, FrameworkSummary>,
}

/// Summary for a single framework.
#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct FrameworkSummary {
    /// Framework name.
    pub name: String,
    /// Total requirements in framework.
    pub total_requirements: usize,
    /// Requirements addressed.
    pub addressed_requirements: usize,
    /// Coverage percentage.
    pub coverage_percent: u8,
}

/// Builder for creating compliance reports.
pub struct ComplianceReportBuilder {
    system_name: String,
    frameworks: Vec<Framework>,
    active_guards: Vec<String>,
    notes: Vec<String>,
}

impl ComplianceReportBuilder {
    /// Create a new compliance report builder.
    pub fn new(system_name: impl Into<String>) -> Self {
        Self {
            system_name: system_name.into(),
            frameworks: Vec::new(),
            active_guards: Vec::new(),
            notes: Vec::new(),
        }
    }

    /// Add a framework to the report.
    pub fn with_framework(mut self, framework: Framework) -> Self {
        if !self.frameworks.contains(&framework) {
            self.frameworks.push(framework);
        }
        self
    }

    /// Add all available frameworks.
    pub fn with_all_frameworks(mut self) -> Self {
        self.frameworks = Framework::all().to_vec();
        self
    }

    /// Add an active guard.
    pub fn with_guard(mut self, guard_name: impl Into<String>) -> Self {
        self.active_guards.push(guard_name.into());
        self
    }

    /// Add multiple active guards.
    pub fn with_guards(mut self, guards: &[&str]) -> Self {
        for guard in guards {
            self.active_guards.push((*guard).to_string());
        }
        self
    }

    /// Add a note to the report.
    pub fn with_note(mut self, note: impl Into<String>) -> Self {
        self.notes.push(note.into());
        self
    }

    /// Generate the compliance report.
    ///
    /// # License Requirement
    ///
    /// ComplianceReports requires a Professional license.
    /// Returns an error if the license requirement is not met.
    pub fn generate(self) -> Result<ComplianceReport, LicenseError> {
        require_feature_sync(Feature::ComplianceReports)?;
        Ok(self.generate_unchecked())
    }

    /// Generate the compliance report without license validation.
    ///
    /// Restricted to crate-internal use.
    pub(crate) fn generate_unchecked(self) -> ComplianceReport {
        let mut mappings = Vec::new();
        let controls = available_controls();

        // If no frameworks specified, use all
        let frameworks = if self.frameworks.is_empty() {
            Framework::all().to_vec()
        } else {
            self.frameworks
        };

        // Generate mappings for each framework
        for framework in &frameworks {
            match framework {
                Framework::NistAiRmf => {
                    let nist_mappings = nist_ai_rmf::get_mappings();
                    for nm in nist_mappings {
                        if let Some(control) = controls.iter().find(|c| c.id == nm.control_id) {
                            let is_active = self.active_guards.is_empty()
                                || self
                                    .active_guards
                                    .iter()
                                    .any(|g| g.to_lowercase() == control.component.to_lowercase());

                            let status = if is_active {
                                match nm.coverage {
                                    nist_ai_rmf::CoverageLevel::Full => ComplianceStatus::Compliant,
                                    nist_ai_rmf::CoverageLevel::Partial => {
                                        ComplianceStatus::Partial
                                    }
                                    nist_ai_rmf::CoverageLevel::Supportive => {
                                        ComplianceStatus::Partial
                                    }
                                }
                            } else {
                                ComplianceStatus::NeedsAttention
                            };

                            let coverage = if is_active {
                                match nm.coverage {
                                    nist_ai_rmf::CoverageLevel::Full => 100,
                                    nist_ai_rmf::CoverageLevel::Partial => 70,
                                    nist_ai_rmf::CoverageLevel::Supportive => 50,
                                }
                            } else {
                                0
                            };

                            mappings.push(ControlMapping {
                                control: control.clone().with_enabled(is_active),
                                framework: *framework,
                                requirements: nm.subcategories,
                                rationale: nm.rationale,
                                status,
                                coverage_percent: coverage,
                            });
                        }
                    }
                }
                Framework::EuAiAct => {
                    let eu_mappings = eu_ai_act::get_mappings();
                    for em in eu_mappings {
                        if let Some(control) = controls.iter().find(|c| c.id == em.control_id) {
                            let is_active = self.active_guards.is_empty()
                                || self
                                    .active_guards
                                    .iter()
                                    .any(|g| g.to_lowercase() == control.component.to_lowercase());

                            let status = if is_active {
                                match em.contribution {
                                    eu_ai_act::ContributionLevel::Direct => {
                                        ComplianceStatus::Compliant
                                    }
                                    eu_ai_act::ContributionLevel::Supporting => {
                                        ComplianceStatus::Partial
                                    }
                                    eu_ai_act::ContributionLevel::Enabling => {
                                        ComplianceStatus::Partial
                                    }
                                }
                            } else {
                                ComplianceStatus::NeedsAttention
                            };

                            let coverage = if is_active {
                                match em.contribution {
                                    eu_ai_act::ContributionLevel::Direct => 100,
                                    eu_ai_act::ContributionLevel::Supporting => 70,
                                    eu_ai_act::ContributionLevel::Enabling => 50,
                                }
                            } else {
                                0
                            };

                            mappings.push(ControlMapping {
                                control: control.clone().with_enabled(is_active),
                                framework: *framework,
                                requirements: em.requirements,
                                rationale: em.rationale,
                                status,
                                coverage_percent: coverage,
                            });
                        }
                    }
                }
            }
        }

        // Calculate summary
        let summary = calculate_summary(&mappings, &frameworks);

        ComplianceReport {
            title: format!("OxideShield Compliance Report - {}", self.system_name),
            system_name: self.system_name,
            generated_at: Utc::now(),
            oxideshield_version: env!("CARGO_PKG_VERSION").to_string(),
            frameworks,
            mappings,
            active_guards: self.active_guards,
            summary,
            notes: self.notes,
        }
    }
}

fn calculate_summary(mappings: &[ControlMapping], frameworks: &[Framework]) -> ComplianceSummary {
    let total_controls = mappings.len();
    let compliant_controls = mappings
        .iter()
        .filter(|m| m.status == ComplianceStatus::Compliant)
        .count();
    let partial_controls = mappings
        .iter()
        .filter(|m| m.status == ComplianceStatus::Partial)
        .count();
    let needs_attention = mappings
        .iter()
        .filter(|m| m.status == ComplianceStatus::NeedsAttention)
        .count();

    let overall_percentage = if total_controls > 0 {
        let total_coverage: usize = mappings.iter().map(|m| m.coverage_percent as usize).sum();
        (total_coverage / total_controls) as u8
    } else {
        0
    };

    let mut by_framework = HashMap::new();

    for framework in frameworks {
        let fw_mappings: Vec<_> = mappings
            .iter()
            .filter(|m| m.framework == *framework)
            .collect();
        let addressed: usize = fw_mappings.iter().map(|m| m.requirements.len()).sum();

        let total_reqs = match framework {
            Framework::NistAiRmf => nist_ai_rmf::get_subcategories().len(),
            Framework::EuAiAct => eu_ai_act::get_requirements().len(),
        };

        let coverage = if total_reqs > 0 {
            ((addressed.min(total_reqs) * 100) / total_reqs) as u8
        } else {
            0
        };

        by_framework.insert(
            framework.code().to_string(),
            FrameworkSummary {
                name: framework.name().to_string(),
                total_requirements: total_reqs,
                addressed_requirements: addressed,
                coverage_percent: coverage.min(100),
            },
        );
    }

    ComplianceSummary {
        total_controls,
        compliant_controls,
        partial_controls,
        needs_attention,
        overall_percentage,
        by_framework,
    }
}

impl ComplianceReport {
    /// Create a new report builder.
    pub fn builder(system_name: impl Into<String>) -> ComplianceReportBuilder {
        ComplianceReportBuilder::new(system_name)
    }

    /// Render the report as JSON.
    pub fn to_json(&self) -> Result<String, serde_json::Error> {
        serde_json::to_string_pretty(self)
    }

    /// Render the report as Markdown.
    pub fn to_markdown(&self) -> String {
        let mut md = String::new();

        // Title
        md.push_str(&format!("# {}\n\n", self.title));

        // Metadata
        md.push_str("## Report Information\n\n");
        md.push_str(&format!("- **System:** {}\n", self.system_name));
        md.push_str(&format!(
            "- **Generated:** {}\n",
            self.generated_at.format("%Y-%m-%d %H:%M:%S UTC")
        ));
        md.push_str(&format!(
            "- **OxideShield Version:** {}\n",
            self.oxideshield_version
        ));
        md.push_str(&format!(
            "- **Frameworks:** {}\n\n",
            self.frameworks
                .iter()
                .map(|f| f.name())
                .collect::<Vec<_>>()
                .join(", ")
        ));

        // Summary
        md.push_str("## Executive Summary\n\n");
        md.push_str(&format!(
            "**Overall Compliance: {}%**\n\n",
            self.summary.overall_percentage
        ));
        md.push_str("| Metric | Value |\n");
        md.push_str("|--------|-------|\n");
        md.push_str(&format!(
            "| Total Controls Evaluated | {} |\n",
            self.summary.total_controls
        ));
        md.push_str(&format!(
            "| Compliant | {} |\n",
            self.summary.compliant_controls
        ));
        md.push_str(&format!(
            "| Partial | {} |\n",
            self.summary.partial_controls
        ));
        md.push_str(&format!(
            "| Needs Attention | {} |\n\n",
            self.summary.needs_attention
        ));

        // Framework summaries
        md.push_str("### Framework Coverage\n\n");
        md.push_str("| Framework | Requirements Addressed | Coverage |\n");
        md.push_str("|-----------|----------------------|----------|\n");
        for (code, summary) in &self.summary.by_framework {
            md.push_str(&format!(
                "| {} | {} / {} | {}% |\n",
                code,
                summary.addressed_requirements,
                summary.total_requirements,
                summary.coverage_percent
            ));
        }
        md.push('\n');

        // Active guards
        if !self.active_guards.is_empty() {
            md.push_str("## Active Security Controls\n\n");
            for guard in &self.active_guards {
                md.push_str(&format!("- {}\n", guard));
            }
            md.push('\n');
        }

        // Detailed mappings by framework
        for framework in &self.frameworks {
            md.push_str(&format!("## {} Mappings\n\n", framework.name()));
            md.push_str(&format!(
                "Reference: [{}]({})\n\n",
                framework.code(),
                framework.reference_url()
            ));

            let fw_mappings: Vec<_> = self
                .mappings
                .iter()
                .filter(|m| m.framework == *framework)
                .collect();

            md.push_str("| Control | Requirements | Status | Coverage |\n");
            md.push_str("|---------|--------------|--------|----------|\n");

            for mapping in fw_mappings {
                let reqs = mapping.requirements.join(", ");
                let status_icon = match mapping.status {
                    ComplianceStatus::Compliant => "✅",
                    ComplianceStatus::Partial => "⚠️",
                    ComplianceStatus::NeedsAttention => "❌",
                    ComplianceStatus::NotApplicable => "➖",
                };
                md.push_str(&format!(
                    "| {} | {} | {} {} | {}% |\n",
                    mapping.control.name,
                    reqs,
                    status_icon,
                    mapping.status,
                    mapping.coverage_percent
                ));
            }
            md.push('\n');

            // Detailed rationale
            md.push_str("### Control Details\n\n");
            for mapping in self.mappings.iter().filter(|m| m.framework == *framework) {
                md.push_str(&format!(
                    "#### {} ({})\n\n",
                    mapping.control.name, mapping.control.id
                ));
                md.push_str(&format!("**Component:** {}\n\n", mapping.control.component));
                md.push_str(&format!(
                    "**Description:** {}\n\n",
                    mapping.control.description
                ));
                md.push_str(&format!(
                    "**Requirements Addressed:** {}\n\n",
                    mapping.requirements.join(", ")
                ));
                md.push_str(&format!("**Rationale:** {}\n\n", mapping.rationale));
                md.push_str(&format!(
                    "**Status:** {} ({}% coverage)\n\n",
                    mapping.status, mapping.coverage_percent
                ));
                md.push_str("---\n\n");
            }
        }

        // Notes
        if !self.notes.is_empty() {
            md.push_str("## Notes\n\n");
            for note in &self.notes {
                md.push_str(&format!("- {}\n", note));
            }
            md.push('\n');
        }

        // Footer
        md.push_str("---\n\n");
        md.push_str("*Generated by OxideShield. OxideShield is a trading name of Toasteez Limited, a UK registered company.*\n");

        md
    }

    /// Render the report as HTML.
    pub fn to_html(&self) -> String {
        let mut html = String::new();

        html.push_str(r#"<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>OxideShield Compliance Report</title>
    <style>
        :root {
            --compliant: #16a34a;
            --partial: #ca8a04;
            --attention: #dc2626;
            --na: #6b7280;
        }
        body {
            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
            line-height: 1.6;
            max-width: 1200px;
            margin: 0 auto;
            padding: 20px;
            background: #f8fafc;
            color: #1e293b;
        }
        h1 { color: #0f172a; border-bottom: 3px solid #3b82f6; padding-bottom: 10px; }
        h2 { color: #1e40af; margin-top: 30px; }
        h3 { color: #374151; }
        .summary-card { background: white; padding: 20px; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.1); margin-bottom: 20px; }
        .summary-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 15px; margin-top: 15px; }
        .stat-box { background: #f1f5f9; padding: 15px; border-radius: 6px; text-align: center; }
        .stat-box .value { font-size: 2rem; font-weight: 700; color: #1e40af; }
        .stat-box .label { color: #64748b; font-size: 0.875rem; }
        .overall { font-size: 3rem; font-weight: 700; }
        .overall.good { color: var(--compliant); }
        .overall.medium { color: var(--partial); }
        .overall.low { color: var(--attention); }
        table { width: 100%; border-collapse: collapse; margin: 15px 0; background: white; border-radius: 8px; overflow: hidden; }
        th, td { padding: 12px; text-align: left; border-bottom: 1px solid #e2e8f0; }
        th { background: #f1f5f9; font-weight: 600; }
        .status-compliant { color: var(--compliant); font-weight: 600; }
        .status-partial { color: var(--partial); font-weight: 600; }
        .status-attention { color: var(--attention); font-weight: 600; }
        .status-na { color: var(--na); }
        .framework-section { background: white; padding: 20px; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.1); margin-bottom: 20px; }
        .control-detail { background: #f8fafc; padding: 15px; border-radius: 6px; margin: 10px 0; border-left: 4px solid #3b82f6; }
        footer { margin-top: 30px; padding-top: 20px; border-top: 1px solid #e2e8f0; color: #64748b; font-size: 0.875rem; text-align: center; }
    </style>
</head>
<body>
"#);

        // Title
        html.push_str(&format!("    <h1>{}</h1>\n", self.title));

        // Metadata
        html.push_str("    <div class=\"summary-card\">\n");
        html.push_str("        <h2>Report Information</h2>\n");
        html.push_str(&format!(
            "        <p><strong>System:</strong> {}</p>\n",
            self.system_name
        ));
        html.push_str(&format!(
            "        <p><strong>Generated:</strong> {}</p>\n",
            self.generated_at.format("%Y-%m-%d %H:%M:%S UTC")
        ));
        html.push_str(&format!(
            "        <p><strong>OxideShield Version:</strong> {}</p>\n",
            self.oxideshield_version
        ));
        html.push_str("    </div>\n\n");

        // Summary
        html.push_str("    <div class=\"summary-card\">\n");
        html.push_str("        <h2>Executive Summary</h2>\n");
        let overall_class = if self.summary.overall_percentage >= 80 {
            "good"
        } else if self.summary.overall_percentage >= 50 {
            "medium"
        } else {
            "low"
        };
        html.push_str(&format!(
            "        <p class=\"overall {}\">{}% Compliant</p>\n",
            overall_class, self.summary.overall_percentage
        ));

        html.push_str("        <div class=\"summary-grid\">\n");
        html.push_str(&format!("            <div class=\"stat-box\"><span class=\"value\">{}</span><span class=\"label\">Total Controls</span></div>\n",
            self.summary.total_controls));
        html.push_str(&format!("            <div class=\"stat-box\"><span class=\"value\" style=\"color:var(--compliant)\">{}</span><span class=\"label\">Compliant</span></div>\n",
            self.summary.compliant_controls));
        html.push_str(&format!("            <div class=\"stat-box\"><span class=\"value\" style=\"color:var(--partial)\">{}</span><span class=\"label\">Partial</span></div>\n",
            self.summary.partial_controls));
        html.push_str(&format!("            <div class=\"stat-box\"><span class=\"value\" style=\"color:var(--attention)\">{}</span><span class=\"label\">Needs Attention</span></div>\n",
            self.summary.needs_attention));
        html.push_str("        </div>\n");
        html.push_str("    </div>\n\n");

        // Framework sections
        for framework in &self.frameworks {
            html.push_str("    <div class=\"framework-section\">\n");
            html.push_str(&format!("        <h2>{}</h2>\n", framework.name()));
            html.push_str(&format!(
                "        <p>Reference: <a href=\"{}\">{}</a></p>\n",
                framework.reference_url(),
                framework.code()
            ));

            html.push_str("        <table>\n");
            html.push_str("            <tr><th>Control</th><th>Requirements</th><th>Status</th><th>Coverage</th></tr>\n");

            for mapping in self.mappings.iter().filter(|m| m.framework == *framework) {
                let status_class = match mapping.status {
                    ComplianceStatus::Compliant => "status-compliant",
                    ComplianceStatus::Partial => "status-partial",
                    ComplianceStatus::NeedsAttention => "status-attention",
                    ComplianceStatus::NotApplicable => "status-na",
                };
                let reqs = mapping.requirements.join(", ");
                html.push_str(&format!("            <tr><td>{}</td><td>{}</td><td class=\"{}\">{}</td><td>{}%</td></tr>\n",
                    mapping.control.name, reqs, status_class, mapping.status, mapping.coverage_percent));
            }

            html.push_str("        </table>\n");
            html.push_str("    </div>\n\n");
        }

        // Footer
        html.push_str(&format!(
            "    <footer>Generated by OxideShield v{} | {} | OxideShield is a trading name of Toasteez Limited</footer>\n",
            self.oxideshield_version,
            Utc::now().format("%Y-%m-%d %H:%M:%S UTC")
        ));

        html.push_str("</body>\n</html>\n");

        html
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_framework_basics() {
        assert_eq!(Framework::NistAiRmf.code(), "NIST-AI-RMF");
        assert_eq!(Framework::EuAiAct.code(), "EU-AI-ACT");
        assert_eq!(Framework::all().len(), 2);
    }

    #[test]
    fn test_compliance_status_display() {
        assert_eq!(format!("{}", ComplianceStatus::Compliant), "Compliant");
        assert_eq!(format!("{}", ComplianceStatus::Partial), "Partial");
        assert_eq!(
            format!("{}", ComplianceStatus::NeedsAttention),
            "Needs Attention"
        );
    }

    #[test]
    fn test_report_builder_basic() {
        let report = ComplianceReport::builder("Test System")
            .with_all_frameworks()
            .generate_unchecked();

        assert_eq!(report.system_name, "Test System");
        assert_eq!(report.frameworks.len(), 2);
        assert!(!report.mappings.is_empty());
    }

    #[test]
    fn test_report_builder_with_guards() {
        let report = ComplianceReport::builder("Test System")
            .with_framework(Framework::NistAiRmf)
            .with_guards(&["PatternGuard", "PIIGuard"])
            .generate_unchecked();

        assert_eq!(report.active_guards.len(), 2);

        // Check that specified guards are marked as enabled
        let pattern_mappings: Vec<_> = report
            .mappings
            .iter()
            .filter(|m| m.control.component == "PatternGuard")
            .collect();
        assert!(pattern_mappings.iter().all(|m| m.control.enabled));
    }

    #[test]
    fn test_report_builder_with_note() {
        let report = ComplianceReport::builder("Test System")
            .with_framework(Framework::EuAiAct)
            .with_note("This is a test note")
            .generate_unchecked();

        assert_eq!(report.notes.len(), 1);
        assert!(report.notes[0].contains("test note"));
    }

    #[test]
    fn test_report_to_json() {
        let report = ComplianceReport::builder("Test System")
            .with_framework(Framework::NistAiRmf)
            .generate_unchecked();

        let json = report.to_json().unwrap();
        assert!(json.contains("Test System"));
        assert!(json.contains("NIST-AI-RMF"));
    }

    #[test]
    fn test_report_to_markdown() {
        let report = ComplianceReport::builder("Test System")
            .with_all_frameworks()
            .generate_unchecked();

        let md = report.to_markdown();
        assert!(md.contains("# OxideShield Compliance Report"));
        assert!(md.contains("NIST AI Risk Management Framework"));
        assert!(md.contains("EU AI Act"));
        assert!(md.contains("Executive Summary"));
    }

    #[test]
    fn test_report_to_html() {
        let report = ComplianceReport::builder("Test System")
            .with_framework(Framework::EuAiAct)
            .generate_unchecked();

        let html = report.to_html();
        assert!(html.contains("<!DOCTYPE html>"));
        assert!(html.contains("EU AI Act"));
        assert!(html.contains("Test System"));
    }

    #[test]
    fn test_summary_calculation() {
        let report = ComplianceReport::builder("Test System")
            .with_all_frameworks()
            .generate_unchecked();

        assert!(report.summary.total_controls > 0);
        assert!(report.summary.overall_percentage <= 100);
        assert_eq!(report.summary.by_framework.len(), 2);
    }
}