Merge pull request #57 from trycompai/mariano/stuff

Fix db seed
trycompai · Feb 17, 2025 · 5bf12d0 · 5bf12d0
2 parents ccf67e7 + ccf0610
commit 5bf12d0
Show file tree

Hide file tree

Showing 25 changed files with 96 additions and 42 deletions.
diff --git a/packages/data/policies/access_control.json b/packages/data/policies/access_control.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "access-control-policy",
+    "id": "access_control",
     "slug": "access-control-policy",
     "name": "Access Control Policy",
     "description": "This policy defines the requirements for granting, monitoring, and revoking access to the organization’s information systems and data based on the principle of least privilege.",

diff --git a/packages/data/policies/application.json → ...s/data/policies/application_security.json b/packages/data/policies/application.json → ...s/data/policies/application_security.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "application-security-policy",
+    "id": "application_security",
     "slug": "application-security-policy",
     "name": "Application Security Policy",
     "description": "This policy outlines the security framework and requirements for applications, notably web applications, within the organization's production environment.",

diff --git a/packages/data/policies/availability.json b/packages/data/policies/availability.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "availability-policy",
+    "id": "availability",
     "slug": "availability-policy",
     "name": "Availability Policy",
     "description": "This policy outlines the requirements for proper controls to protect the availability of the organization's information systems.",

diff --git a/packages/data/policies/business_continuity.json b/packages/data/policies/business_continuity.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "business-continuity-dr-policy",
+    "id": "business_continuity",
     "slug": "business-continuity-dr-policy",
     "name": "Business Continuity & Disaster Recovery Policy",
     "description": "This policy outlines the strategies and procedures for ensuring the availability of critical systems and data during and after a disruptive event.",

diff --git a/packages/data/policies/change_management.json b/packages/data/policies/change_management.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "change-management-policy",
+    "id": "change_management",
     "slug": "change-management-policy",
     "name": "Change Management Policy",
     "description": "This policy defines the process for requesting, reviewing, approving, and documenting changes to the organization's information systems and infrastructure.",

diff --git a/packages/data/policies/classification.json b/packages/data/policies/classification.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "data-classification-policy",
+    "id": "data_classification",
     "slug": "data-classification-policy",
     "name": "Data Classification Policy",
     "description": "This policy outlines the requirements for data classification.",

diff --git a/packages/data/policies/code_of_conduct.json b/packages/data/policies/code_of_conduct.json
@@ -1,7 +1,13 @@
 {
   "type": "doc",
   "metadata": {
-    "controls": ["CC1.1", "CC6.1"]
+    "id": "code_of_conduct",
+    "slug": "code-of-conduct",
+    "name": "Code of Conduct Policy",
+    "description": "This policy outlines the expected behavior from employees towards their colleagues, supervisors, and the organization as a whole.",
+    "usedBy": {
+      "soc2": ["CC1.1", "CC6.1"]
+    }
   },
   "content": [
     {

diff --git a/packages/data/policies/confidentiality.json b/packages/data/policies/confidentiality.json
@@ -1,7 +1,13 @@
 {
   "type": "doc",
   "metadata": {
-    "controls": ["CC9.9", "CC6.1"]
+    "id": "confidentiality",
+    "slug": "confidentiality",
+    "name": "Confidentiality Policy",
+    "description": "This policy outlines the requirements for maintaining the confidentiality of sensitive and proprietary information within the organization.",
+    "usedBy": {
+      "soc2": ["CC9.9", "CC6.1"]
+    }
   },
   "content": [
     {

diff --git a/packages/data/policies/corporate_governance.json b/packages/data/policies/corporate_governance.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "corporate-governance-policy",
+    "id": "corporate_governance",
     "slug": "corporate-governance-policy",
     "name": "Corporate Governance Policy",
     "description": "This policy defines the overall governance framework including board oversight, management responsibilities, and organizational structure to ensure effective oversight and accountability.",

diff --git a/packages/data/policies/cyber_risk.json b/packages/data/policies/cyber_risk.json
@@ -1,7 +1,13 @@
 {
   "type": "doc",
   "metadata": {
-    "controls": ["CC1.1", "CC1.2", "CC1.3", "CC1.4", "CC1.5"]
+    "id": "cyber_risk",
+    "slug": "cyber-risk",
+    "name": "Cyber Risk Assessment Policy",
+    "description": "This policy outlines the requirements for conducting cyber risk assessments to identify, evaluate, and mitigate cybersecurity threats to the organization.",
+    "usedBy": {
+      "soc2": ["CC1.1", "CC1.2", "CC1.3", "CC1.4", "CC1.5"]
+    }
   },
   "content": [
     {

diff --git a/packages/data/policies/data_center.json b/packages/data/policies/data_center.json
@@ -1,7 +1,13 @@
 {
   "type": "doc",
   "metadata": {
-    "controls": ["CC6.1", "CC6.2", "CC8.1", "CC7.1"]
+    "id": "data_center",
+    "slug": "data-center",
+    "name": "Data Center Policy",
+    "description": "This policy outlines the requirements for the organization's data center facilities to ensure protection, availability, and reliability of critical systems and data.",
+    "usedBy": {
+      "soc2": ["CC6.1", "CC6.2", "CC8.1", "CC7.1"]
+    }
   },
   "content": [
     {

diff --git a/packages/data/policies/data_classification.json b/packages/data/policies/data_classification.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "data-classification-policy",
+    "id": "data_classification",
     "slug": "data-classification-policy",
     "name": "Data Classification Policy",
     "description": "This policy establishes a framework for classifying data based on sensitivity and defines handling requirements for each classification level.",

diff --git a/packages/data/policies/disaster_recovery.json b/packages/data/policies/disaster_recovery.json
@@ -1,7 +1,13 @@
 {
   "type": "doc",
   "metadata": {
-    "controls": ["CC9.1", "CC8.1"]
+    "id": "disaster_recovery",
+    "slug": "disaster-recovery",
+    "name": "Disaster Recovery Policy",
+    "description": "This policy outlines the requirements for disaster recovery planning to ensure that critical business operations can be resumed in the event of a disruption.",
+    "usedBy": {
+      "soc2": ["CC9.1", "CC8.1"]
+    }
   },
   "content": [
     {

diff --git a/packages/data/policies/human_resources.json b/packages/data/policies/human_resources.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "human-resources-policy",
+    "id": "human_resources",
     "slug": "human-resources-policy",
     "name": "Human Resources Policy",
     "description": "This policy outlines the principles and practices for recruitment, employee management, performance evaluations, and the enforcement of internal control responsibilities.",

diff --git a/packages/data/policies/incident_response.json b/packages/data/policies/incident_response.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "incident-response-policy",
+    "id": "incident_response",
     "slug": "incident-response-policy",
     "name": "Incident Response Policy",
     "description": "This policy establishes the framework and procedures for detecting, responding to, and recovering from security incidents.",

diff --git a/packages/data/policies/information_security.json b/packages/data/policies/information_security.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "information-security-policy",
+    "id": "information_security",
     "slug": "information-security-policy",
     "name": "Information Security Policy",
     "description": "This policy establishes the framework for protecting the organization's information assets by defining security objectives, roles, responsibilities, and controls.",

diff --git a/packages/data/policies/privacy.json b/packages/data/policies/privacy.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "privacy-policy",
+    "id": "privacy",
     "slug": "privacy-policy",
     "name": "Privacy Policy",
     "description": "This policy describes how the organization collects, uses, discloses, and protects personal information in compliance with applicable privacy regulations.",

diff --git a/packages/data/policies/risk_assessment.json b/packages/data/policies/risk_assessment.json
@@ -1,7 +1,13 @@
 {
   "type": "doc",
   "metadata": {
-    "controls": ["CC3.2", "CC3.4", "CC8.1"]
+    "id": "risk_assessment",
+    "slug": "risk-assessment",
+    "name": "Risk Assessment Policy",
+    "description": "This policy outlines the requirements for conducting risk assessments to identify, evaluate, and mitigate risks associated with the organization's information systems, operations, and assets.",
+    "usedBy": {
+      "soc2": ["CC3.2", "CC3.4", "CC8.1"]
+    }
   },
   "content": [
     {

diff --git a/packages/data/policies/risk_management.json b/packages/data/policies/risk_management.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "risk-management-policy",
+    "id": "risk_management",
     "slug": "risk-management-policy",
     "name": "Risk Management Policy",
     "description": "This policy defines the process for identifying, assessing, and mitigating risks to the organization’s objectives and information assets.",

diff --git a/packages/data/policies/software_development.json b/packages/data/policies/software_development.json
@@ -1,7 +1,13 @@
 {
   "type": "doc",
   "metadata": {
-    "controls": ["CC6.2", "CC7.1", "CC7.2", "CC8.1"]
+    "id": "software_development",
+    "slug": "software-development",
+    "name": "Software Development Lifecycle Policy",
+    "description": "This policy outlines the requirements for the software development lifecycle to ensure secure, reliable, and high-quality software development practices.",
+    "usedBy": {
+      "soc2": ["CC6.2", "CC7.1", "CC7.2", "CC8.1"]
+    }
   },
   "content": [
     {

diff --git a/packages/data/policies/change.json → packages/data/policies/system_change.json b/packages/data/policies/change.json → packages/data/policies/system_change.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "system-change-policy",
+    "id": "system_change",
     "slug": "system-change-policy",
     "name": "System Change Policy",
     "description": "This policy outlines the requirements for system changes.",

diff --git a/packages/data/policies/thirdparty.json b/packages/data/policies/thirdparty.json
@@ -1,7 +1,13 @@
 {
   "type": "doc",
   "metadata": {
-    "controls": ["CC2.3", "CC7.3", "CC8.1"]
+    "id": "thirdparty",
+    "slug": "thirdparty",
+    "name": "Third-Party Management Policy",
+    "description": "This policy defines the rules for relationships with the organization’s Information Technology (IT) third-parties and partners.",
+    "usedBy": {
+      "soc2": ["CC2.3", "CC7.3", "CC8.1"]
+    }
   },
   "content": [
     {

diff --git a/packages/data/policies/vendor_risk_management.json b/packages/data/policies/vendor_risk_management.json
@@ -1,7 +1,7 @@
 {
   "type": "doc",
   "metadata": {
-    "id": "vendor-risk-management-policy",
+    "id": "vendor_risk_management",
     "slug": "vendor-risk-management-policy",
     "name": "Vendor Risk Management Policy",
     "description": "This policy outlines the criteria and procedures for evaluating, selecting, and monitoring third-party vendors to manage risks associated with external service providers.",

diff --git a/packages/data/policies/workstation.json b/packages/data/policies/workstation.json
@@ -1,7 +1,13 @@
 {
   "type": "doc",
   "metadata": {
-    "controls": ["CC6.2", "CC6.7", "CC7.2"]
+    "id": "workstation",
+    "slug": "workstation",
+    "name": "Workstation Policy",
+    "description": "This policy outlines the requirements for workstations to ensure secure, reliable, and high-quality software development practices.",
+    "usedBy": {
+      "soc2": ["CC6.2", "CC6.7", "CC7.2"]
+    }
   },
   "content": [
     {

diff --git a/packages/db/prisma/seed.ts b/packages/db/prisma/seed.ts
@@ -9,28 +9,28 @@ import type {
   Control,
   Policy,
 } from "./seedTypes";
-import type { JsonValue } from "@prisma/client/runtime/library";
 
 const prisma = new PrismaClient();
 
 async function main() {
-  // console.log("\n🗑️  Cleaning up existing data...");
-  // Delete in order of dependencies
-  // await prisma.organizationFramework.deleteMany();
-  // await prisma.organizationCategory.deleteMany();
-  // await prisma.organizationControl.deleteMany();
-  // await prisma.organizationPolicy.deleteMany();
-
-  // await prisma.policy.deleteMany();
-  // await prisma.policyControl.deleteMany();
-  // await prisma.policyFramework.deleteMany();
-
-  // await prisma.control.deleteMany();
-  // await prisma.controlRequirement.deleteMany();
-
-  // await prisma.framework.deleteMany();
-  // await prisma.frameworkCategory.deleteMany();
-  // console.log("✅ Database cleaned");
+  if (process.env.NODE_ENV === "development") {
+    console.log("\n🗑️  Cleaning up existing data...");
+    await prisma.organizationFramework.deleteMany();
+    await prisma.organizationCategory.deleteMany();
+    await prisma.organizationControl.deleteMany();
+    await prisma.organizationPolicy.deleteMany();
+
+    await prisma.policy.deleteMany();
+    await prisma.policyControl.deleteMany();
+    await prisma.policyFramework.deleteMany();
+
+    await prisma.control.deleteMany();
+    await prisma.controlRequirement.deleteMany();
+
+    await prisma.framework.deleteMany();
+    await prisma.frameworkCategory.deleteMany();
+    console.log("✅ Database cleaned");
+  }
 
   console.log("\n📋 Seeding policies...");
   await seedPolicies();