Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(iace): sync IACE frontend, API routes, and scope engine updates from breakpilot-pwa
All checks were successful
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-ai-compliance (push) Successful in 35s
Details
CI / test-python-backend-compliance (push) Successful in 29s
Details
CI / test-python-document-crawler (push) Successful in 24s
Details
CI / test-python-dsms-gateway (push) Successful in 21s
Details

Browse Source 
- Add IACE project pages (classification, evidence, hazards, mitigations, monitoring, tech-file, verification)
- Add IACE API catch-all route
- Update compliance-scope-engine with IACE AI Act product triggers
- Update compliance-scope-types, navigation, roles, and sidebar for IACE
- Update company-profile page
This commit is contained in:
Benjamin Boenisch
2026-02-25 23:03:03 +01:00
parent 5314db49e2
commit 03708d9e5b
18 changed files with 5565 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

337
admin-compliance/lib/navigation.ts
View File

@@ -1,11 +1,11 @@
/**
* Navigation Structure for Admin Compliance
* Navigation Structure for Admin v2
*
* Compliance-only navigation with SDK modules.
* Extracted from admin-v2, keeping only compliance-relevant modules.
* Main categories with color-coded modules.
* All DSGVO and Compliance modules are now consolidated under the SDK.
*/
export type CategoryId = 'compliance-sdk' | 'development'
export type CategoryId = 'ai' | 'education' | 'website' | 'sdk-docs'
export interface NavModule {
id: string
@@ -15,8 +15,8 @@ export interface NavModule {
purpose: string
audience: string[]
gdprArticles?: string[]
oldAdminPath?: string
subgroup?: string
oldAdminPath?: string // Reference to old admin for migration
subgroup?: string // Optional subgroup for visual grouping in sidebar
}
export interface NavCategory {
@@ -31,89 +31,253 @@ export interface NavCategory {
export const navigation: NavCategory[] = [
// =========================================================================
// Compliance SDK - Alle Datenschutz-, Compliance- und SDK-Module
// KI & Automatisierung
// =========================================================================
{
id: 'compliance-sdk',
name: 'Compliance SDK',
icon: 'shield',
color: '#8b5cf6', // Violet-500
colorClass: 'compliance-sdk',
description: 'DSGVO, Audit, GRC & SDK-Werkzeuge',
id: 'ai',
name: 'KI & Automatisierung',
icon: 'brain',
color: '#14b8a6', // Teal
colorClass: 'ai',
description: 'LLM, OCR, RAG & Machine Learning',
modules: [
// -----------------------------------------------------------------------
// KI-Daten-Pipeline: Magic Help -> OCR -> Indexierung -> Suche
// -----------------------------------------------------------------------
{
id: 'catalog-manager',
name: 'Katalogverwaltung',
href: '/dashboard/catalog-manager',
description: 'SDK-Kataloge & Auswahltabellen',
purpose: 'Zentrale Verwaltung aller Dropdown- und Auswahltabellen im SDK. Systemkataloge (Risiken, Massnahmen, Vorlagen) anzeigen und benutzerdefinierte Eintraege ergaenzen, bearbeiten und loeschen.',
audience: ['DSB', 'Compliance Officer', 'Administratoren'],
},
// --- Plattform-Verwaltung (interne Admin-Tools) ---
{
id: 'multi-tenant',
name: 'Mandantenverwaltung',
href: '/dashboard/multi-tenant',
description: 'B2B-Kundenverwaltung & Mandanten',
purpose: 'Verwaltung aller Compliance-Mandanten (B2B-Kunden). Mandanten anlegen, konfigurieren, Lizenzen zuweisen und Nutzungsstatistiken einsehen.',
audience: ['Plattform-Admins', 'Entwickler'],
subgroup: 'Plattform-Verwaltung',
id: 'magic-help',
name: 'Magic Help (TrOCR)',
href: '/ai/magic-help',
description: 'TrOCR Testing & Fine-Tuning',
purpose: 'Testen und verbessern Sie die TrOCR-Handschrifterkennung. Laden Sie Bilder hoch, um die OCR-Qualitaet zu pruefen, und trainieren Sie das Modell mit LoRA Fine-Tuning. Bidirektionaler Austausch mit OCR-Labeling.',
audience: ['Entwickler', 'Administratoren', 'QA'],
oldAdminPath: '/admin/magic-help',
subgroup: 'KI-Daten-Pipeline',
},
{
id: 'sso',
name: 'SSO-Konfiguration',
href: '/dashboard/sso',
description: 'Single Sign-On & Authentifizierung',
purpose: 'Konfiguration der Authentifizierung fuer Mandanten. SAML/OIDC-Provider anbinden, SSO-Policies verwalten und Login-Flows testen.',
audience: ['Plattform-Admins', 'Entwickler'],
subgroup: 'Plattform-Verwaltung',
id: 'ocr-labeling',
name: 'OCR-Labeling',
href: '/ai/ocr-labeling',
description: 'Handschrift-Training & Labels',
purpose: 'Labeln Sie Handschrift-Samples fuer das Training von TrOCR-Modellen. Erstellen Sie Ground Truth Daten, die zur RAG Pipeline exportiert werden koennen.',
audience: ['Entwickler', 'Data Scientists', 'QA'],
oldAdminPath: '/admin/ocr-labeling',
subgroup: 'KI-Daten-Pipeline',
},
{
id: 'dsb-portal',
name: 'DSB Portal',
href: '/dashboard/dsb-portal',
description: 'Datenschutzbeauftragter-Arbeitsbereich',
purpose: 'Zentraler Arbeitsbereich fuer den externen Datenschutzbeauftragten (DSB). Aufgabenverwaltung, Beratungsprotokolle, Taetigkeitsbericht und mandantenuebergreifende Uebersicht gemaess Art. 37-39 DSGVO.',
audience: ['DSB', 'Plattform-Admins'],
gdprArticles: ['Art. 37', 'Art. 38', 'Art. 39'],
subgroup: 'Plattform-Verwaltung',
id: 'rag-pipeline',
name: 'RAG Pipeline',
href: '/ai/rag-pipeline',
description: 'Dokument-Indexierung',
purpose: 'RAG-Pipeline fuer Bildungsdokumente: NiBiS Erwartungshorizonte, Schulordnungen, Custom EH. OCR, Chunking und Vektor-Indexierung in Qdrant.',
audience: ['Entwickler', 'Data Scientists', 'Bildungs-Admins'],
oldAdminPath: '/admin/training',
subgroup: 'KI-Daten-Pipeline',
},
{
id: 'rag',
name: 'Daten & RAG',
href: '/ai/rag',
description: 'Vektor-Suche & Collections',
purpose: 'Verwalten und durchsuchen Sie indexierte Dokumente. Zeigt Status aller Qdrant Collections und ermoeglicht semantische Suche.',
audience: ['Entwickler', 'Data Scientists', 'Compliance Officer'],
oldAdminPath: '/admin/rag',
subgroup: 'KI-Daten-Pipeline',
},
// -----------------------------------------------------------------------
// KI-Werkzeuge: Standalone-Tools fuer Entwicklung & QA
// -----------------------------------------------------------------------
{
id: 'llm-compare',
name: 'LLM Vergleich',
href: '/ai/llm-compare',
description: 'KI-Provider Vergleich',
purpose: 'Vergleichen Sie verschiedene LLM-Anbieter (Ollama, OpenAI, Anthropic) hinsichtlich Qualitaet, Geschwindigkeit und Kosten. Standalone-Werkzeug fuer Modell-Evaluation.',
audience: ['Entwickler', 'Data Scientists'],
oldAdminPath: '/admin/llm-compare',
subgroup: 'KI-Werkzeuge',
},
{
id: 'ocr-compare',
name: 'OCR Vergleich',
href: '/ai/ocr-compare',
description: 'OCR-Methoden & Vokabel-Extraktion',
purpose: 'Vergleichen Sie verschiedene OCR-Methoden (lokales LLM, Vision LLM, PaddleOCR, Tesseract, Anthropic) fuer Vokabel-Extraktion. Grid-Overlay, Block-Review und LLM-Vergleich.',
audience: ['Entwickler', 'Data Scientists', 'Lehrer'],
subgroup: 'KI-Werkzeuge',
},
{
id: 'test-quality',
name: 'Test Quality (BQAS)',
href: '/ai/test-quality',
description: 'Golden Suite, RAG & Synthetic Tests',
purpose: 'BQAS Dashboard mit Golden Suite (97 Referenz-Tests), RAG/Korrektur Tests und Synthetic Test Generierung. Ueberwacht die Qualitaet der KI-Ausgaben.',
audience: ['Entwickler', 'Data Scientists', 'QA'],
oldAdminPath: '/admin/quality',
subgroup: 'KI-Werkzeuge',
},
{
id: 'gpu',
name: 'GPU Infrastruktur',
href: '/ai/gpu',
description: 'vast.ai GPU Management',
purpose: 'Verwalten Sie GPU-Instanzen auf vast.ai fuer ML-Training und Inferenz.',
audience: ['DevOps', 'Entwickler'],
oldAdminPath: '/admin/gpu',
subgroup: 'KI-Werkzeuge',
},
// -----------------------------------------------------------------------
// KI-Anwendungen: Endnutzer-orientierte KI-Module
// -----------------------------------------------------------------------
{
id: 'agents',
name: 'Agent Management',
href: '/ai/agents',
description: 'Multi-Agent System & SOUL-Editor',
purpose: 'Verwaltung des Multi-Agent-Systems. Bearbeiten Sie Agent-Persoenlichkeiten (SOUL-Files), ueberwachen Sie Sessions und analysieren Sie Agent-Statistiken. Architektur-Dokumentation fuer Entwickler.',
audience: ['Entwickler', 'Lehrer', 'Admins'],
subgroup: 'KI-Anwendungen',
},
],
},
// =========================================================================
// Development - Entwickler-Tools und Dokumentation
// Bildung & Schule
// =========================================================================
{
id: 'development',
name: 'Entwicklung & Produkte',
icon: 'code',
color: '#64748b', // Slate-500
colorClass: 'development',
description: 'Dokumentation, Screenflow & Brandbook',
id: 'education',
name: 'Bildung & Schule',
icon: 'graduation',
color: '#3b82f6', // Blue
colorClass: 'education',
description: 'Bildungsquellen & Lehrplaene',
modules: [
{
id: 'docs',
name: 'Developer Docs',
href: '/development/docs',
description: 'MkDocs Projekt-Dokumentation',
purpose: 'Technische Dokumentation der Compliance-Plattform mit Architektur, API-Referenz und Entwickler-Guides.',
audience: ['Entwickler', 'Architekten'],
id: 'edu-search',
name: 'Education Search',
href: '/education/edu-search',
description: 'Bildungsquellen & Crawler',
purpose: 'Verwalten Sie Bildungsquellen und konfigurieren Sie Crawler fuer neue Inhalte.',
audience: ['Content Manager'],
oldAdminPath: '/admin/edu-search',
},
{
id: 'screen-flow',
name: 'Screen Flow',
href: '/development/screen-flow',
description: 'UI Screen-Verbindungen & Navigation',
purpose: 'Visualisierung aller SDK-Screens und deren Verbindungen mit interaktivem ReactFlow-Diagramm.',
audience: ['Entwickler', 'Designer'],
id: 'zeugnisse-crawler',
name: 'Zeugnisse-Crawler',
href: '/education/zeugnisse-crawler',
description: 'Zeugnis-Daten',
purpose: 'Verwalten Sie gecrawlte Zeugnis-Strukturen und -Formate.',
audience: ['Entwickler'],
oldAdminPath: '/admin/zeugnisse-crawler',
},
{
id: 'brandbook',
name: 'Brandbook',
href: '/development/brandbook',
description: 'Corporate Design & Styleguide',
purpose: 'Compliance SDK Design-System mit Farben, Typografie, Komponenten und Tonalitaet.',
audience: ['Entwickler', 'Designer'],
id: 'abitur-archiv',
name: 'Abitur-Archiv',
href: '/education/abitur-archiv',
description: 'Zentralabitur-Materialien 2021-2025',
purpose: 'Durchsuchen und filtern Sie Abitur-Aufgaben und Erwartungshorizonte. Themensuche mit semantischer Suche via RAG. Integration mit Klausur-Korrektur fuer schnelle Vorlagen-Nutzung.',
audience: ['Lehrer', 'Entwickler'],
},
{
id: 'klausur-korrektur',
name: 'Klausur-Korrektur',
href: '/education/klausur-korrektur',
description: 'Abitur-Korrektur mit KI',
purpose: 'KI-gestuetzte Korrektur von Abitur- und Vorabitur-Klausuren. Nutzt die RAG-Pipeline fuer Erwartungshorizont-Vorschlaege.',
audience: ['Lehrer', 'Entwickler'],
oldAdminPath: '/admin/klausur-korrektur',
},
],
},
// =========================================================================
// Website
// =========================================================================
{
id: 'website',
name: 'Website',
icon: 'globe',
color: '#0ea5e9', // Sky-500
colorClass: 'website',
description: 'Website Content & Management',
modules: [
{
id: 'uebersetzungen',
name: 'Uebersetzungen',
href: '/website/uebersetzungen',
description: 'Website Content & Sprachen',
purpose: 'Verwalten Sie Website-Inhalte und Uebersetzungen.',
audience: ['Content Manager'],
oldAdminPath: '/admin/content',
},
{
id: 'manager',
name: 'Website Manager',
href: '/website/manager',
description: 'CMS Dashboard',
purpose: 'Visuelles CMS-Dashboard fuer die BreakPilot Website. Alle Sektionen bearbeiten mit Live-Preview.',
audience: ['Content Manager', 'Entwickler'],
},
],
},
// =========================================================================
// SDK Dokumentation
// =========================================================================
{
id: 'sdk-docs',
name: 'SDK Dokumentation',
icon: 'code-2',
color: '#06b6d4', // Cyan
colorClass: 'sdk-docs',
description: 'Consent SDK Dokumentation & Integration',
modules: [
{
id: 'consent-sdk',
name: 'Consent SDK',
href: '/developers/sdk/consent',
description: 'DSGVO/TTDSG-konformes Consent Management',
purpose: 'Vollstaendige Dokumentation des Consent SDK fuer Web, PWA und Mobile Apps. Inklusive Framework-Integrationen (React, Vue, Angular) und Mobile SDKs (iOS, Android, Flutter).',
audience: ['Entwickler', 'Frontend-Entwickler', 'Mobile-Entwickler'],
gdprArticles: ['Art. 6', 'Art. 7', 'Art. 13', 'Art. 14', 'Art. 17', 'Art. 20'],
},
{
id: 'sdk-installation',
name: 'Installation',
href: '/developers/sdk/consent/installation',
description: 'SDK Installation & Setup',
purpose: 'Schritt-fuer-Schritt Anleitung zur Installation des Consent SDK in verschiedenen Umgebungen.',
audience: ['Entwickler'],
},
{
id: 'sdk-frameworks',
name: 'Frameworks',
href: '/developers/sdk/consent/frameworks',
description: 'React, Vue, Angular Integration',
purpose: 'Framework-spezifische Integrationen mit Hooks, Composables und Services.',
audience: ['Frontend-Entwickler'],
},
{
id: 'sdk-mobile',
name: 'Mobile SDKs',
href: '/developers/sdk/consent/mobile',
description: 'iOS, Android, Flutter',
purpose: 'Native Mobile SDKs fuer iOS (Swift), Android (Kotlin) und Flutter (Dart).',
audience: ['Mobile-Entwickler'],
},
{
id: 'sdk-api',
name: 'API Referenz',
href: '/developers/sdk/consent/api-reference',
description: 'Vollstaendige API-Dokumentation',
purpose: 'Detaillierte Dokumentation aller Methoden, Konfigurationsoptionen und Events.',
audience: ['Entwickler'],
},
{
id: 'sdk-security',
name: 'Sicherheit',
href: '/developers/sdk/consent/security',
description: 'Security Best Practices',
purpose: 'Sicherheits-Features, DSGVO/TTDSG Compliance-Hinweise und Best Practices.',
audience: ['Entwickler', 'DSB', 'Security'],
gdprArticles: ['Art. 6', 'Art. 7', '§ 25 TTDSG'],
},
],
},
@@ -130,6 +294,41 @@ export const metaModules: NavModule[] = [
audience: ['Alle'],
oldAdminPath: '/admin',
},
{
id: 'architecture',
name: 'Architektur',
href: '/architecture',
description: 'Backend-Module & Datenfluss',
purpose: 'Uebersicht aller Backend-Module und deren Verbindung zum Frontend. Essentiell fuer Migration und Audit.',
audience: ['Entwickler', 'DevOps', 'Auditoren', 'Manager'],
},
{
id: 'onboarding',
name: 'Onboarding',
href: '/onboarding',
description: 'Lern-Wizards',
purpose: 'Gefuehrte Tutorials fuer neue Benutzer.',
audience: ['Alle'],
oldAdminPath: '/admin/onboarding',
},
{
id: 'backlog',
name: 'Production Backlog',
href: '/backlog',
description: 'Go-Live Checkliste',
purpose: 'Verfolgen Sie den Fortschritt zum Production-Launch.',
audience: ['Entwickler', 'Manager'],
oldAdminPath: '/admin/backlog',
},
{
id: 'rbac',
name: 'RBAC',
href: '/rbac',
description: 'Rollen & Berechtigungen',
purpose: 'Verwalten Sie Benutzerrollen und Zugriffsrechte.',
audience: ['Admins', 'DSB'],
oldAdminPath: '/admin/rbac',
},
]
// Helper function to get category by ID

17
admin-compliance/lib/roles.ts
View File

@@ -1,8 +1,7 @@
/**
* Role-based Access System for Admin Compliance
* Role-based Access System for Admin v2
*
* Roles determine which categories and modules are visible.
* Extracted from admin-v2, keeping only SDK/compliance roles.
* Roles determine which categories and modules are visible
*/
import { CategoryId } from './navigation'
@@ -22,9 +21,9 @@ export const roles: Role[] = [
{
id: 'developer',
name: 'Entwickler',
description: 'Voller Zugriff auf alle Compliance-Bereiche',
description: 'Voller Zugriff auf alle Bereiche',
icon: 'code',
visibleCategories: ['compliance-sdk', 'development'],
visibleCategories: ['ai', 'education', 'website'],
color: 'bg-primary-100 border-primary-300 text-primary-700',
},
{
@@ -32,7 +31,7 @@ export const roles: Role[] = [
name: 'Manager',
description: 'Executive Uebersicht',
icon: 'chart',
visibleCategories: ['compliance-sdk', 'development'],
visibleCategories: ['website'],
color: 'bg-blue-100 border-blue-300 text-blue-700',
},
{
@@ -40,7 +39,7 @@ export const roles: Role[] = [
name: 'Auditor',
description: 'Compliance Pruefung',
icon: 'clipboard',
visibleCategories: ['compliance-sdk', 'development'],
visibleCategories: [],
color: 'bg-amber-100 border-amber-300 text-amber-700',
},
{
@@ -48,13 +47,13 @@ export const roles: Role[] = [
name: 'DSB',
description: 'Datenschutzbeauftragter',
icon: 'shield',
visibleCategories: ['compliance-sdk', 'development'],
visibleCategories: [],
color: 'bg-purple-100 border-purple-300 text-purple-700',
},
]
// Storage key for localStorage
const ROLE_STORAGE_KEY = 'admin-compliance-selected-role'
const ROLE_STORAGE_KEY = 'admin-v2-selected-role'
// Get role by ID
export function getRoleById(id: RoleId): Role | undefined {

232
admin-compliance/lib/sdk/compliance-scope-engine.ts
View File

@@ -13,6 +13,7 @@ import type {
ScopeDocumentType,
DocumentScopeRequirement,
} from './compliance-scope-types'
import type { CompanyProfile, MachineBuilderProfile } from './types'
import {
getDepthLevelNumeric,
depthLevelFromNumeric,
@@ -786,6 +787,176 @@ export const HARD_TRIGGER_RULES: HardTriggerRule[] = [
legalReference: 'Art. 39 Abs. 1 lit. b DSGVO',
description: 'Fehlende Schulungen zum Datenschutz',
},
// ========== J: IACE — AI Act Produkt-Triggers (3 rules) ==========
{
id: 'HT-J01',
category: 'iace_ai_act_product',
questionId: 'machineBuilder.containsAI',
condition: 'EQUALS',
conditionValue: true,
minimumLevel: 'L3',
requiresDSFA: false,
mandatoryDocuments: ['VVT', 'TOM'],
legalReference: 'EU AI Act Annex I + EU Maschinenverordnung 2023/1230',
description: 'KI mit Sicherheitsfunktion in Maschine → AI Act High-Risk',
combineWithMachineBuilder: { field: 'hasSafetyFunction', value: true },
riskWeight: 9,
},
{
id: 'HT-J02',
category: 'iace_ai_act_product',
questionId: 'machineBuilder.containsAI',
condition: 'EQUALS',
conditionValue: true,
minimumLevel: 'L3',
requiresDSFA: false,
mandatoryDocuments: ['VVT', 'TOM'],
legalReference: 'EU AI Act + EU Maschinenverordnung 2023/1230',
description: 'Autonome KI in Maschine → AI Act + Maschinenverordnung',
combineWithMachineBuilder: { field: 'autonomousBehavior', value: true },
riskWeight: 8,
},
{
id: 'HT-J03',
category: 'iace_ai_act_product',
questionId: 'machineBuilder.hasSafetyFunction',
condition: 'EQUALS',
conditionValue: true,
minimumLevel: 'L3',
requiresDSFA: false,
mandatoryDocuments: ['VVT', 'TOM'],
legalReference: 'EU AI Act Annex III',
description: 'KI-Bildverarbeitung mit Sicherheitsbezug',
combineWithMachineBuilder: { field: 'aiIntegrationType', includes: 'vision' },
riskWeight: 8,
},
// ========== K: IACE — CRA Triggers (3 rules) ==========
{
id: 'HT-K01',
category: 'iace_cra',
questionId: 'machineBuilder.isNetworked',
condition: 'EQUALS',
conditionValue: true,
minimumLevel: 'L2',
requiresDSFA: false,
mandatoryDocuments: ['TOM'],
legalReference: 'EU Cyber Resilience Act (CRA)',
description: 'Vernetztes Produkt → Cyber Resilience Act',
riskWeight: 6,
},
{
id: 'HT-K02',
category: 'iace_cra',
questionId: 'machineBuilder.hasRemoteAccess',
condition: 'EQUALS',
conditionValue: true,
minimumLevel: 'L2',
requiresDSFA: false,
mandatoryDocuments: ['TOM'],
legalReference: 'CRA + NIS2 Art. 21',
description: 'Remote-Zugriff → CRA + NIS2 Supply Chain',
riskWeight: 7,
},
{
id: 'HT-K03',
category: 'iace_cra',
questionId: 'machineBuilder.hasOTAUpdates',
condition: 'EQUALS',
conditionValue: true,
minimumLevel: 'L2',
requiresDSFA: false,
mandatoryDocuments: ['TOM'],
legalReference: 'CRA Art. 10 - Patch Management',
description: 'OTA-Updates → CRA Patch Management Pflicht',
riskWeight: 7,
},
// ========== L: IACE — NIS2 indirekt (2 rules) ==========
{
id: 'HT-L01',
category: 'iace_nis2_indirect',
questionId: 'machineBuilder.criticalSectorClients',
condition: 'EQUALS',
conditionValue: true,
minimumLevel: 'L2',
requiresDSFA: false,
mandatoryDocuments: ['TOM'],
legalReference: 'NIS2 Art. 21 - Supply Chain',
description: 'Lieferant an KRITIS → NIS2 Supply Chain Anforderungen',
riskWeight: 7,
},
{
id: 'HT-L02',
category: 'iace_nis2_indirect',
questionId: 'machineBuilder.oemClients',
condition: 'EQUALS',
conditionValue: true,
minimumLevel: 'L2',
requiresDSFA: false,
mandatoryDocuments: [],
legalReference: 'NIS2 + EU Maschinenverordnung',
description: 'OEM-Zulieferer → Compliance-Nachweispflicht',
riskWeight: 5,
},
// ========== M: IACE — Maschinenverordnung Triggers (4 rules) ==========
{
id: 'HT-M01',
category: 'iace_machinery_regulation',
questionId: 'machineBuilder.containsSoftware',
condition: 'EQUALS',
conditionValue: true,
minimumLevel: 'L3',
requiresDSFA: false,
mandatoryDocuments: ['TOM'],
legalReference: 'EU Maschinenverordnung 2023/1230 Anhang III',
description: 'Software als Sicherheitskomponente → Maschinenverordnung',
combineWithMachineBuilder: { field: 'hasSafetyFunction', value: true },
riskWeight: 9,
},
{
id: 'HT-M02',
category: 'iace_machinery_regulation',
questionId: 'machineBuilder.ceMarkingRequired',
condition: 'EQUALS',
conditionValue: true,
minimumLevel: 'L2',
requiresDSFA: false,
mandatoryDocuments: [],
legalReference: 'EU Maschinenverordnung 2023/1230',
description: 'CE-Kennzeichnung erforderlich',
riskWeight: 6,
},
{
id: 'HT-M03',
category: 'iace_machinery_regulation',
questionId: 'machineBuilder.ceMarkingRequired',
condition: 'EQUALS',
conditionValue: true,
minimumLevel: 'L3',
requiresDSFA: false,
mandatoryDocuments: [],
legalReference: 'EU Maschinenverordnung 2023/1230 Art. 10',
description: 'CE ohne bestehende Risikobeurteilung → Dringend!',
combineWithMachineBuilder: { field: 'hasRiskAssessment', value: false },
riskWeight: 9,
},
{
id: 'HT-M04',
category: 'iace_machinery_regulation',
questionId: 'machineBuilder.containsFirmware',
condition: 'EQUALS',
conditionValue: true,
minimumLevel: 'L2',
requiresDSFA: false,
mandatoryDocuments: ['TOM'],
legalReference: 'EU Maschinenverordnung + CRA',
description: 'Firmware mit Remote-Update → Change Management Pflicht',
combineWithMachineBuilder: { field: 'hasOTAUpdates', value: true },
riskWeight: 7,
},
]
// ============================================================================
@@ -795,15 +966,16 @@ export const HARD_TRIGGER_RULES: HardTriggerRule[] = [
export class ComplianceScopeEngine {
/**
* Haupteinstiegspunkt: Evaluiert alle Profiling-Antworten und produziert eine ScopeDecision
* Optional: companyProfile fuer machineBuilder-basierte IACE Triggers
*/
evaluate(answers: ScopeProfilingAnswer[]): ScopeDecision {
evaluate(answers: ScopeProfilingAnswer[], companyProfile?: CompanyProfile | null): ScopeDecision {
const decision = createEmptyScopeDecision()
// 1. Scores berechnen
decision.scores = this.calculateScores(answers)
// 2. Hard Triggers prüfen
decision.triggeredHardTriggers = this.evaluateHardTriggers(answers)
// 2. Hard Triggers prüfen (inkl. IACE machineBuilder Triggers)
decision.triggeredHardTriggers = this.evaluateHardTriggers(answers, companyProfile)
// 3. Finales Level bestimmen
decision.determinedLevel = this.determineLevel(
@@ -934,13 +1106,14 @@ export class ComplianceScopeEngine {
/**
* Evaluiert Hard Trigger Rules
* Optional: companyProfile fuer machineBuilder-basierte IACE Triggers
*/
evaluateHardTriggers(answers: ScopeProfilingAnswer[]): TriggeredHardTrigger[] {
evaluateHardTriggers(answers: ScopeProfilingAnswer[], companyProfile?: CompanyProfile | null): TriggeredHardTrigger[] {
const triggered: TriggeredHardTrigger[] = []
const answerMap = new Map(answers.map((a) => [a.questionId, a.answerValue]))
for (const rule of HARD_TRIGGER_RULES) {
const isTriggered = this.checkTriggerCondition(rule, answerMap, answers)
const isTriggered = this.checkTriggerCondition(rule, answerMap, answers, companyProfile)
if (isTriggered) {
triggered.push({
@@ -958,14 +1131,61 @@ export class ComplianceScopeEngine {
return triggered
}
/**
* Liest einen Wert aus dem MachineBuilderProfile anhand eines Feldnamens
*/
private getMachineBuilderValue(mb: MachineBuilderProfile, field: string): unknown {
return (mb as Record<string, unknown>)[field]
}
/**
* Prüft, ob eine Trigger-Regel erfüllt ist
*/
private checkTriggerCondition(
rule: HardTriggerRule,
answerMap: Map<string, any>,
answers: ScopeProfilingAnswer[]
answers: ScopeProfilingAnswer[],
companyProfile?: CompanyProfile | null,
): boolean {
// IACE machineBuilder-basierte Triggers
if (rule.questionId.startsWith('machineBuilder.')) {
const mb = companyProfile?.machineBuilder
if (!mb) return false
const fieldName = rule.questionId.replace('machineBuilder.', '')
const fieldValue = this.getMachineBuilderValue(mb, fieldName)
if (fieldValue === undefined) return false
let baseCondition = false
switch (rule.condition) {
case 'EQUALS':
baseCondition = fieldValue === rule.conditionValue
break
case 'CONTAINS':
if (Array.isArray(fieldValue)) {
baseCondition = fieldValue.includes(rule.conditionValue)
}
break
default:
baseCondition = fieldValue === rule.conditionValue
}
if (!baseCondition) return false
// combineWithMachineBuilder: additional AND condition on another MB field
const combine = (rule as any).combineWithMachineBuilder
if (combine) {
const combineVal = this.getMachineBuilderValue(mb, combine.field)
if (combine.value !== undefined && combineVal !== combine.value) return false
if (combine.includes !== undefined) {
if (!Array.isArray(combineVal) || !combineVal.includes(combine.includes)) return false
}
}
return true
}
// Standard answer-based triggers
const answerValue = answerMap.get(rule.questionId)
if (answerValue === undefined) return false

53
admin-compliance/lib/sdk/compliance-scope-types.ts
View File

@@ -183,7 +183,8 @@ export type ScopeDocumentType =
| 'risikoanalyse' // Risikoanalyse
| 'notfallplan' // Notfall- & Krisenplan
| 'zertifizierung' // Zertifizierungsvorbereitung
| 'datenschutzmanagement'; // Datenschutzmanagement-System (DSMS)
| 'datenschutzmanagement' // Datenschutzmanagement-System (DSMS)
| 'iace_ce_assessment'; // CE-Risikobeurteilung SW/FW/KI (IACE)
// ============================================================================
// Decision & Output Types
@@ -412,6 +413,7 @@ export const DOCUMENT_TYPE_LABELS: Record<ScopeDocumentType, string> = {
notfallplan: 'Notfall- & Krisenplan',
zertifizierung: 'Zertifizierungsvorbereitung',
datenschutzmanagement: 'Datenschutzmanagement-System (DSMS)',
iace_ce_assessment: 'CE-Risikobeurteilung SW/FW/KI (IACE)',
};
/**
@@ -1246,6 +1248,54 @@ export const DOCUMENT_SCOPE_MATRIX: Record<ScopeDocumentType, DocumentScopeRequi
estimatedEffort: '24-40 Stunden',
},
},
iace_ce_assessment: {
L1: {
required: false,
depth: 'Minimal',
detailItems: [
'Regulatorischer Quick-Check fuer SW/FW/KI',
'Grundlegende Identifikation relevanter Vorschriften',
],
estimatedEffort: '2 Stunden',
},
L2: {
required: true,
depth: 'Standard',
detailItems: [
'CE-Risikobeurteilung fuer SW/FW-Komponenten',
'Hazard Log mit S×E×P Bewertung',
'CRA-Konformitaetspruefung',
'Grundlegende Massnahmendokumentation',
],
estimatedEffort: '8 Stunden',
},
L3: {
required: true,
depth: 'Detailliert',
detailItems: [
'Alle L2-Anforderungen',
'Vollstaendige CE-Akte inkl. KI-Dossier',
'AI Act High-Risk Konformitaetsbewertung',
'Maschinenverordnung Anhang III Nachweis',
'Verifikationsplan mit Akzeptanzkriterien',
'Evidence-Management fuer Testnachweise',
],
estimatedEffort: '16 Stunden',
},
L4: {
required: true,
depth: 'Audit-Ready',
detailItems: [
'Alle L3-Anforderungen',
'Zertifizierungsfertige CE-Dokumentation',
'Benannte-Stelle-tauglicher Nachweis',
'Revisionssichere Audit Trails',
'Post-Market Monitoring Plan',
'Continuous Compliance Framework',
],
estimatedEffort: '24 Stunden',
},
},
};
// ============================================================================
@@ -1273,6 +1323,7 @@ export const DOCUMENT_SDK_STEP_MAP: Partial<Record<ScopeDocumentType, string>> =
notfallplan: '/sdk/notfallplan',
zertifizierung: '/sdk/zertifizierung',
datenschutzmanagement: '/sdk/dsms',
iace_ce_assessment: '/sdk/iace',
};
// ============================================================================