-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathchange-management.zod.ts
More file actions
427 lines (379 loc) · 10.5 KB
/
change-management.zod.ts
File metadata and controls
427 lines (379 loc) · 10.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
import { z } from 'zod';
import { DataClassificationSchema } from './security-context.zod';
/**
* Change Type Enum
*
* Classification of change requests based on risk and approval requirements.
* Follows ITIL change management best practices.
*/
import { lazySchema } from '../shared/lazy-schema';
export const ChangeTypeSchema = lazySchema(() => z.enum([
'standard', // Pre-approved, low-risk changes
'normal', // Requires standard approval process
'emergency', // Fast-track approval for critical issues
'major', // Requires CAB (Change Advisory Board) approval
]));
/**
* Change Priority Enum
*
* Priority level for change request processing.
*/
export const ChangePrioritySchema = lazySchema(() => z.enum([
'critical',
'high',
'medium',
'low',
]));
/**
* Change Status Enum
*
* Current status of a change request in its lifecycle.
*/
export const ChangeStatusSchema = lazySchema(() => z.enum([
'draft',
'submitted',
'in-review',
'approved',
'scheduled',
'in-progress',
'completed',
'failed',
'rolled-back',
'cancelled',
]));
/**
* Change Impact Schema
*
* Assessment of the impact and scope of a change request.
* Used for risk evaluation and approval routing.
*
* @example
* ```json
* {
* "level": "high",
* "affectedSystems": ["crm-api", "customer-portal"],
* "affectedUsers": 5000,
* "downtime": {
* "required": true,
* "durationMinutes": 30
* }
* }
* ```
*/
export const ChangeImpactSchema = lazySchema(() => z.object({
/**
* Overall impact level of the change
*/
level: z.enum(['low', 'medium', 'high', 'critical']).describe('Impact level'),
/**
* List of systems affected by this change
*/
affectedSystems: z.array(z.string()).describe('Affected systems'),
/**
* Estimated number of users affected
*/
affectedUsers: z.number().optional().describe('Affected user count'),
/**
* Downtime requirements
*/
downtime: z.object({
/**
* Whether downtime is required
*/
required: z.boolean().describe('Downtime required'),
/**
* Duration of downtime in minutes
*/
durationMinutes: z.number().optional().describe('Downtime duration'),
}).optional().describe('Downtime information'),
}));
/**
* Rollback Plan Schema
*
* Detailed procedure for reverting changes if implementation fails.
* Required for all non-standard changes.
*
* @example
* ```json
* {
* "description": "Revert database schema to previous version",
* "steps": [
* {
* "order": 1,
* "description": "Stop application servers",
* "estimatedMinutes": 5
* },
* {
* "order": 2,
* "description": "Restore database backup",
* "estimatedMinutes": 15
* }
* ],
* "testProcedure": "Verify application login and basic functionality"
* }
* ```
*/
export const RollbackPlanSchema = lazySchema(() => z.object({
/**
* High-level description of the rollback approach
*/
description: z.string().describe('Rollback description'),
/**
* Sequential steps to execute rollback
*/
steps: z.array(z.object({
/**
* Step execution order
*/
order: z.number().describe('Step order'),
/**
* Detailed description of this step
*/
description: z.string().describe('Step description'),
/**
* Estimated time to complete this step
*/
estimatedMinutes: z.number().describe('Estimated duration'),
})).describe('Rollback steps'),
/**
* Testing procedure to verify successful rollback
*/
testProcedure: z.string().optional().describe('Test procedure'),
}));
/**
* Change Request Schema
*
* Comprehensive change management protocol for IT governance.
* Supports change requests, deployment tracking, and ITIL compliance.
*
* @example
* ```json
* {
* "id": "CHG-2024-001",
* "title": "Upgrade CRM Database Schema",
* "description": "Migrate customer database to new schema version 2.0",
* "type": "normal",
* "priority": "high",
* "status": "approved",
* "requestedBy": "user_123",
* "requestedAt": 1704067200000,
* "impact": {
* "level": "high",
* "affectedSystems": ["crm-api", "customer-portal"],
* "affectedUsers": 5000,
* "downtime": {
* "required": true,
* "durationMinutes": 30
* }
* },
* "implementation": {
* "description": "Execute database migration scripts",
* "steps": [
* {
* "order": 1,
* "description": "Backup current database",
* "estimatedMinutes": 10
* }
* ],
* "testing": "Run integration test suite"
* },
* "rollbackPlan": {
* "description": "Restore from backup",
* "steps": [
* {
* "order": 1,
* "description": "Restore backup",
* "estimatedMinutes": 15
* }
* ]
* },
* "schedule": {
* "plannedStart": 1704153600000,
* "plannedEnd": 1704155400000
* }
* }
* ```
*/
export const ChangeRequestSchema = lazySchema(() => z.object({
/**
* Unique change request identifier
*/
id: z.string().describe('Change request ID'),
/**
* Short descriptive title of the change
*/
title: z.string().describe('Change title'),
/**
* Detailed description of the change and its purpose
*/
description: z.string().describe('Change description'),
/**
* Change classification type
*/
type: ChangeTypeSchema.describe('Change type'),
/**
* Priority level for processing
*/
priority: ChangePrioritySchema.describe('Change priority'),
/**
* Current status in the change lifecycle
*/
status: ChangeStatusSchema.describe('Change status'),
/**
* User ID of the change requester
*/
requestedBy: z.string().describe('Requester user ID'),
/**
* Timestamp when change was requested (Unix milliseconds)
*/
requestedAt: z.number().describe('Request timestamp'),
/**
* Impact assessment of the change
*/
impact: ChangeImpactSchema.describe('Impact assessment'),
/**
* Implementation plan and procedures
*/
implementation: z.object({
/**
* High-level implementation description
*/
description: z.string().describe('Implementation description'),
/**
* Sequential implementation steps
*/
steps: z.array(z.object({
/**
* Step execution order
*/
order: z.number().describe('Step order'),
/**
* Detailed description of this step
*/
description: z.string().describe('Step description'),
/**
* Estimated time to complete this step
*/
estimatedMinutes: z.number().describe('Estimated duration'),
})).describe('Implementation steps'),
/**
* Testing procedures to verify successful implementation
*/
testing: z.string().optional().describe('Testing procedure'),
}).describe('Implementation plan'),
/**
* Rollback plan in case of failure
*/
rollbackPlan: RollbackPlanSchema.describe('Rollback plan'),
/**
* Change schedule and timing
*/
schedule: z.object({
/**
* Planned start time (Unix milliseconds)
*/
plannedStart: z.number().describe('Planned start time'),
/**
* Planned end time (Unix milliseconds)
*/
plannedEnd: z.number().describe('Planned end time'),
/**
* Actual start time (Unix milliseconds)
*/
actualStart: z.number().optional().describe('Actual start time'),
/**
* Actual end time (Unix milliseconds)
*/
actualEnd: z.number().optional().describe('Actual end time'),
}).optional().describe('Schedule'),
/**
* Security impact assessment for the change (A.8.32)
*/
securityImpact: z.object({
/**
* Whether a security impact assessment has been performed
*/
assessed: z.boolean().describe('Whether security impact has been assessed'),
/**
* Security risk level of this change
*/
riskLevel: z.enum(['none', 'low', 'medium', 'high', 'critical']).optional()
.describe('Security risk level'),
/**
* Data classifications affected by this change
*/
affectedDataClassifications: z.array(DataClassificationSchema)
.optional().describe('Affected data classifications'),
/**
* Whether the change requires security team approval
*/
requiresSecurityApproval: z.boolean().default(false)
.describe('Whether security team approval is required'),
/**
* Security reviewer user ID
*/
reviewedBy: z.string().optional()
.describe('Security reviewer user ID'),
/**
* Security review completion timestamp (Unix milliseconds)
*/
reviewedAt: z.number().optional()
.describe('Security review timestamp'),
/**
* Security review notes or conditions
*/
reviewNotes: z.string().optional()
.describe('Security review notes or conditions'),
}).optional().describe('Security impact assessment per ISO 27001:2022 A.8.32'),
/**
* Approval workflow configuration
*/
approval: z.object({
/**
* Whether approval is required for this change
*/
required: z.boolean().describe('Approval required'),
/**
* List of approvers and their approval status
*/
approvers: z.array(z.object({
/**
* Approver user ID
*/
userId: z.string().describe('Approver user ID'),
/**
* Timestamp when approval was granted (Unix milliseconds)
*/
approvedAt: z.number().optional().describe('Approval timestamp'),
/**
* Comments from the approver
*/
comments: z.string().optional().describe('Approver comments'),
})).describe('Approvers'),
}).optional().describe('Approval workflow'),
/**
* Supporting documentation and files
*/
attachments: z.array(z.object({
/**
* Attachment file name
*/
name: z.string().describe('Attachment name'),
/**
* URL to download the attachment
*/
url: z.string().url().describe('Attachment URL'),
})).optional().describe('Attachments'),
/**
* Custom metadata key-value pairs for extensibility
*/
metadata: z.record(z.string(), z.unknown()).optional().describe('Custom metadata key-value pairs for extensibility'),
}));
// Type exports
export type ChangeRequest = z.infer<typeof ChangeRequestSchema>;
export type ChangeType = z.infer<typeof ChangeTypeSchema>;
export type ChangeStatus = z.infer<typeof ChangeStatusSchema>;
export type ChangePriority = z.infer<typeof ChangePrioritySchema>;
export type ChangeImpact = z.infer<typeof ChangeImpactSchema>;
export type RollbackPlan = z.infer<typeof RollbackPlanSchema>;