# loc-exceptions.txt — files allowed to exceed the 500-line hard cap.
#
# Format: one repo-relative path per line. Comments start with '#' and are ignored.
# Each exception MUST be preceded by a comment explaining why splitting is not viable.
#
# Phase 0 baseline: this list is initially empty. Phases 1-4 will add grandfathered
# entries as we encounter legitimate exceptions (e.g. large generated data tables).
# The goal is for this list to SHRINK over time, never grow.

# --- admin-compliance: static data catalogs (Phase 3) ---
# Splitting these would fragment lookup tables without improving readability.
admin-compliance/lib/sdk/tom-generator/controls/loader.ts
admin-compliance/lib/sdk/vendor-compliance/risk/controls-library.ts
admin-compliance/lib/sdk/compliance-scope-triggers.ts
admin-compliance/lib/sdk/vendor-compliance/catalog/processing-activities.ts
admin-compliance/lib/sdk/catalog-manager/catalog-registry.ts
admin-compliance/lib/sdk/dsfa/mitigation-library.ts
admin-compliance/lib/sdk/vvt-baseline-catalog.ts
admin-compliance/lib/sdk/dsfa/eu-legal-frameworks.ts
admin-compliance/lib/sdk/dsfa/risk-catalog.ts
admin-compliance/lib/sdk/loeschfristen-baseline-catalog.ts
admin-compliance/lib/sdk/vendor-compliance/catalog/vendor-templates.ts
admin-compliance/lib/sdk/vendor-compliance/catalog/legal-basis.ts
admin-compliance/lib/sdk/vendor-compliance/contract-review/findings.ts
admin-compliance/lib/sdk/vendor-compliance/contract-review/checklists.ts
admin-compliance/lib/sdk/compliance-scope-types/document-scope-matrix-core.ts
admin-compliance/lib/sdk/compliance-scope-types/document-scope-matrix-extended.ts
admin-compliance/lib/sdk/demo-data/index.ts
admin-compliance/lib/sdk/tom-generator/demo-data/index.ts

# --- admin-compliance: self-contained export generators (Phase 3) ---
# Each file generates a complete document format. Splitting mid-generation
# logic would create artificial module boundaries without benefit.
admin-compliance/lib/sdk/tom-generator/export/zip.ts
admin-compliance/lib/sdk/tom-generator/export/docx.ts
admin-compliance/lib/sdk/tom-generator/export/pdf.ts
admin-compliance/lib/sdk/einwilligungen/export/pdf.ts
admin-compliance/lib/sdk/einwilligungen/generator/privacy-policy-sections.ts

# --- backend-compliance: legacy utility services (Phase 1) ---
# Pre-refactor utility modules not yet split. Phase 5 targets.
backend-compliance/compliance/services/control_generator.py
backend-compliance/compliance/services/audit_pdf_generator.py
backend-compliance/compliance/services/regulation_scraper.py
backend-compliance/compliance/services/llm_provider.py
backend-compliance/compliance/services/export_generator.py
backend-compliance/compliance/services/pdf_extractor.py
backend-compliance/compliance/services/ai_compliance_assistant.py

# --- backend-compliance: Phase 1 code refactor backlog ---
# These are the remaining oversized route/service/data/auth files that Phase 1
# did not reach. Each entry is a tracked refactor debt item — the list must shrink.
backend-compliance/compliance/services/decomposition_pass.py
backend-compliance/compliance/api/schemas.py
backend-compliance/compliance/api/canonical_control_routes.py
backend-compliance/compliance/db/repository.py
backend-compliance/compliance/db/models.py
backend-compliance/compliance/api/evidence_check_routes.py
backend-compliance/compliance/api/control_generator_routes.py
backend-compliance/compliance/api/process_task_routes.py
backend-compliance/compliance/api/evidence_routes.py
backend-compliance/compliance/api/crosswalk_routes.py
backend-compliance/compliance/api/dashboard_routes.py
backend-compliance/compliance/api/dsfa_routes.py
backend-compliance/compliance/api/routes.py
backend-compliance/compliance/api/tom_mapping_routes.py
backend-compliance/compliance/services/control_dedup.py
backend-compliance/compliance/services/framework_decomposition.py
backend-compliance/compliance/services/pipeline_adapter.py
backend-compliance/compliance/services/batch_dedup_runner.py
backend-compliance/compliance/services/obligation_extractor.py
backend-compliance/compliance/services/control_composer.py
backend-compliance/compliance/services/pattern_matcher.py
backend-compliance/compliance/data/iso27001_annex_a.py
backend-compliance/compliance/data/service_modules.py
backend-compliance/compliance/data/controls.py
backend-compliance/services/pdf_service.py
backend-compliance/services/file_processor.py
backend-compliance/auth/keycloak_auth.py

# --- scripts: one-off ingestion, QA, and migration scripts ---
# These are operational scripts, not production application code.
# LOC rules don't apply in the same way to single-purpose scripts.
scripts/ingest-legal-corpus.sh
scripts/ingest-ce-corpus.sh
scripts/ingest-dsfa-bundesland.sh
scripts/edpb-crawler.py
scripts/apply_templates_023.py
scripts/qa/phase74_generate_gap_controls.py
scripts/qa/pdf_qa_all.py
scripts/qa/benchmark_llm_controls.py
backend-compliance/scripts/seed_policy_templates.py

# --- ai-compliance-sdk: IACE hazard pattern data tables ---
# Each file is a flat list of HazardPattern structs (pure data, no logic).
# 85 patterns × 12 lines/pattern = ~1020 lines. Cannot be split meaningfully.
ai-compliance-sdk/internal/iace/hazard_patterns_extended3.go
ai-compliance-sdk/internal/iace/hazard_patterns_final_a.go
ai-compliance-sdk/internal/iace/hazard_patterns_final_b.go
ai-compliance-sdk/internal/iace/hazard_patterns_final_c.go
ai-compliance-sdk/internal/iace/hazard_patterns_final_d.go
ai-compliance-sdk/internal/iace/hazard_patterns_cyber_extended.go
ai-compliance-sdk/internal/iace/hazard_patterns_workshop.go
ai-compliance-sdk/internal/iace/norms_library_c_process.go
ai-compliance-sdk/internal/iace/norms_library_c_food_pkg.go

# --- docs-src: copies of backend source for documentation rendering ---
# These are not production code; they are rendered into the static docs site.
docs-src/control_generator.py
docs-src/control_generator_routes.py

# --- consent-sdk: platform-native mobile SDKs (Swift / Dart) ---
# Flutter and iOS SDKs follow platform conventions (verbose verbose) that make
# splitting into multiple files awkward without sacrificing single-import ergonomics.
consent-sdk/src/mobile/flutter/consent_sdk.dart
consent-sdk/src/mobile/ios/ConsentManager.swift

# --- consent-tester: DSI discovery orchestrator ---
# Single Playwright session with sequential steps (banner dismiss, self-extract,
# link follow, accordion expand, inline sections). Splitting mid-session would
# require passing Page objects across modules.
consent-tester/services/dsi_discovery.py

# --- backend-compliance: unified compliance check orchestrator ---
# Sequential 7-step pipeline (text resolve, profile detect, check documents,
# banner scan, cross-check, profile extract, report). Phase 5 split target.
backend-compliance/compliance/api/agent_compliance_check_routes.py

# --- docs-src: binary office files (not source code) ---
# (Also excluded by extension in scripts/check-loc.sh — kept here for legibility.)
docs-src/Breakpilot ComplAI Finanzplan.xlsm

# --- admin-compliance: oversized component refactor backlog ---
# Phase 5+ target for splitting into smaller subcomponents per wizard step.
admin-compliance/components/sdk/ai-act/DecisionTreeWizard.tsx

# --- ai-compliance-sdk: oversized handler refactor backlog ---
# Phase 5+ target for splitting handler groups into per-resource files.
ai-compliance-sdk/internal/api/handlers/tender_handlers.go

# --- merge grandfathered (2026-05-13) — Phase 5+ refactor backlog ---
# Files imported via team work that crossed the hard cap; tracked for splitting.
consent-tester/checks/banner_checks.py
consent-tester/services/banner_detector.py
backend-compliance/compliance/api/agent_doc_check_routes.py
backend-compliance/compliance/services/service_registry.py
backend-compliance/compliance/services/dsr_workflow_service.py
ai-compliance-sdk/internal/iace/hazard_patterns_forestry_conveyor.go
admin-compliance/app/sdk/compliance-scope/page.tsx

# --- zeroclaw: ground-truth corpus (test fixture data, not source) ---
zeroclaw/docs/ground-truth/06-spiegel-dsi-fulltext.txt

# --- IACE data tables and orchestration files (Phase 16-18 refactor backlog) ---
# Each file grew during the IACE polish phases (Stufe-A manufacturer library,
# Klärungen Phase 3 PDF export + methodology, app routes). Phase 5+ split
# targets — splitting now would fragment unrelated cohesive logic.
ai-compliance-sdk/internal/iace/manufacturer_safety_features.go
ai-compliance-sdk/internal/api/handlers/iace_handler_clarifications.go
ai-compliance-sdk/internal/app/routes.go

# --- 2026-05-19 Coolify-Unblocker: 4 grandfathered files ---
# Diese 4 Dateien sind Pre-Existing-Tech-Debt und blockierten den
# Coolify-Build. Splits sind als P9.5 Tech-Debt-Sprint geplant, bis
# dahin als Exceptions getragen damit Deploy laeuft.
#
# cra_routes.py (1714): CRA-Phase-5-Router mit Annex-V/VII Generator —
# Split nach Endpoint-Gruppen (vuln/post-market/tech-doc/doc) sinnvoll.
backend-compliance/compliance/api/cra_routes.py
# vendor_redundancy.py (727): Cost-Lookup-Tabellen (DSP/SaaS/Self-Service)
# + Multi-Function-Tools + Engine. Tabellen-Splits nach Lookup-Klasse.
backend-compliance/compliance/services/vendor_redundancy.py
# cookie_knowledge_db.py (608): Basis-KB — Ergaenzung via
# cookie_knowledge_extended.py + Facade laeuft bereits (P2). Split der
# Base-KB nach Vendor-Familie ist Phase-2-Ziel.
backend-compliance/compliance/services/cookie_knowledge_db.py
# cookie-banner-embed.ts (558): Banner-Embed-Bundle fuer CDN-Auslieferung
# — selbst-kontainierter Code-Generator, Split wuerde Generator-Logik
# fragmentieren ohne Nutzen.
admin-compliance/lib/sdk/einwilligungen/generator/cookie-banner-embed.ts
