feat(iace): DSMS-CID-Badge im Tech-File-Export + aggregierter Bulk-Diff

Punkt 1 — UI-CID-Badge nach erfolgreichem Tech-File-Export: - archiveTechFile setzt X-DSMS-CID / X-DSMS-Filename / X-DSMS-Size response headers + Access-Control-Expose-Headers, sobald DSMS-Archive durchlief - Split iace_handler_techfile.go (war ueber 500 LOC) → archiveTechFile lebt jetzt in iace_handler_techfile_archive.go, setDSMSResponseHeaders als pure Helper mit 3 unit tests - Next.js IACE-Proxy forwarded die X-DSMS-* Header und erkennt jetzt auch XLSX/DOCX/MD als Binary-Response (vorher nur PDF/ZIP/octet-stream) - ExportCIDBadge.tsx zeigt CID, Filename, Groesse + Kopieren-Button + "Verlauf anzeigen" (oeffnet CIDHistoryModal) Punkt 2 — Bulk-Diff Report V1 → V_latest: - Neuer Endpoint GET /api/v1/documents/{cid}/bulk-diff im dsms-gateway: laeuft parent_cid-Kette ab, berechnet chronologische Step-Diffs, aggregiert Totals (added/removed lines, metadata_fields_changed, binary_steps). Edge-Cases: einzelne Version, binaere Steps, abgebrochene Kette - BulkDiffPanel.tsx zeigt 4-Stat-Header + Step-Tabelle - CIDHistoryModal bekommt Toggle-Button "Bulk-Diff V1 → V_latest anzeigen" neben dem Versions-Counter; damit auch vom IACE-Export-Badge erreichbar Tests: 3 neue Go-Tests, 4 neue pytest-Tests, alle gruen Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-09 09:07:20 +02:00
parent d3ac33d53a
commit 216c7b8eca
10 changed files with 684 additions and 42 deletions
@@ -1,12 +1,10 @@
 package handlers

 import (
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"strings"

-	"github.com/breakpilot/ai-compliance-sdk/internal/dsms"
 	"github.com/breakpilot/ai-compliance-sdk/internal/iace"
 	"github.com/breakpilot/ai-compliance-sdk/internal/rbac"
 	"github.com/gin-gonic/gin"
@@ -367,7 +365,10 @@ func (h *IACEHandler) ApproveTechFileSection(c *gin.Context) {
 }

 // ExportTechFile handles GET /projects/:id/tech-file/export?format=pdf|xlsx|docx|md|json
-// Exports all tech file sections in the requested format.
+// Exports all tech file sections in the requested format. When the archive
+// succeeds, archiveTechFile (in iace_handler_techfile_archive.go) attaches
+// X-DSMS-* response headers carrying the resulting CID so the frontend can
+// render an inline CID-badge in the export-success path.
 func (h *IACEHandler) ExportTechFile(c *gin.Context) {
 	projectID, err := uuid.Parse(c.Param("id"))
 	if err != nil {
@@ -468,31 +469,3 @@ func (h *IACEHandler) ExportTechFile(c *gin.Context) {
 		})
 	}
 }
-
-// archiveTechFile stores a tech-file export to DSMS (best-effort, non-blocking)
-// AND records the resulting CID in the IACE audit trail so the export is
-// traceable. The "new_values" JSON carries the CID + filename so the audit
-// timeline can later resolve the CID against the DSMS gateway for verify.
-func (h *IACEHandler) archiveTechFile(c *gin.Context, data []byte, filename string, projectID uuid.UUID) {
-	result := dsms.Archive(data, filename, "ce_techfile", projectID.String(), "1")
-	if result == nil || result.CID == "" {
-		return
-	}
-	payload := map[string]string{
-		"cid":      result.CID,
-		"filename": filename,
-		"size":     fmt.Sprintf("%d", result.Size),
-	}
-	newValues, _ := json.Marshal(payload)
-	userID := rbac.GetUserID(c)
-	_ = h.store.AddAuditEntry(
-		c.Request.Context(),
-		projectID,
-		"tech_file_export",
-		projectID,
-		iace.AuditActionCreate,
-		userID.String(),
-		nil,
-		newValues,
-	)
-}
@@ -0,0 +1,65 @@
+package handlers
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/breakpilot/ai-compliance-sdk/internal/dsms"
+	"github.com/breakpilot/ai-compliance-sdk/internal/iace"
+	"github.com/breakpilot/ai-compliance-sdk/internal/rbac"
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+)
+
+// archiveTechFile stores a tech-file export to DSMS (best-effort, non-blocking)
+// AND records the resulting CID in the IACE audit trail so the export is
+// traceable. The "new_values" JSON carries the CID + filename so the audit
+// timeline can later resolve the CID against the DSMS gateway for verify.
+//
+// Side-effect: when the archive succeeds, X-DSMS-CID / X-DSMS-Filename /
+// X-DSMS-Size response headers are attached so the frontend can render an
+// inline CID-badge directly in the export-success path (no separate audit
+// query needed). Headers are written before c.Data() and survive the binary
+// blob response.
+func (h *IACEHandler) archiveTechFile(c *gin.Context, data []byte, filename string, projectID uuid.UUID) {
+	result := dsms.Archive(data, filename, "ce_techfile", projectID.String(), "1")
+	if result == nil || result.CID == "" {
+		return
+	}
+
+	setDSMSResponseHeaders(c, result.CID, filename, result.Size)
+
+	if h.store == nil {
+		return
+	}
+	payload := map[string]string{
+		"cid":      result.CID,
+		"filename": filename,
+		"size":     fmt.Sprintf("%d", result.Size),
+	}
+	newValues, _ := json.Marshal(payload)
+	userID := rbac.GetUserID(c)
+	_ = h.store.AddAuditEntry(
+		c.Request.Context(),
+		projectID,
+		"tech_file_export",
+		projectID,
+		iace.AuditActionCreate,
+		userID.String(),
+		nil,
+		newValues,
+	)
+}
+
+// setDSMSResponseHeaders attaches the X-DSMS-* headers so the frontend can
+// surface the archived CID inline (export-success badge) without re-querying
+// the audit trail. Pure helper — no store, no side effects beyond headers.
+func setDSMSResponseHeaders(c *gin.Context, cid, filename string, size int) {
+	if cid == "" {
+		return
+	}
+	c.Header("X-DSMS-CID", cid)
+	c.Header("X-DSMS-Filename", filename)
+	c.Header("X-DSMS-Size", fmt.Sprintf("%d", size))
+	c.Header("Access-Control-Expose-Headers", "X-DSMS-CID, X-DSMS-Filename, X-DSMS-Size")
+}
@@ -0,0 +1,76 @@
+package handlers
+
+import (
+	"net/http/httptest"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+)
+
+func TestSetDSMSResponseHeaders_NonEmptyCID_WritesAllHeaders(t *testing.T) {
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+
+	setDSMSResponseHeaders(c, "bafytest123", "CE-Akte-FOO.pdf", 42)
+
+	if got := w.Header().Get("X-DSMS-CID"); got != "bafytest123" {
+		t.Errorf("X-DSMS-CID: want bafytest123, got %q", got)
+	}
+	if got := w.Header().Get("X-DSMS-Filename"); got != "CE-Akte-FOO.pdf" {
+		t.Errorf("X-DSMS-Filename: want CE-Akte-FOO.pdf, got %q", got)
+	}
+	if got := w.Header().Get("X-DSMS-Size"); got != "42" {
+		t.Errorf("X-DSMS-Size: want 42, got %q", got)
+	}
+	expose := w.Header().Get("Access-Control-Expose-Headers")
+	if expose == "" {
+		t.Error("Access-Control-Expose-Headers should be set so the browser surfaces the X-DSMS-* headers across same-origin proxies and CORS")
+	}
+	for _, h := range []string{"X-DSMS-CID", "X-DSMS-Filename", "X-DSMS-Size"} {
+		if !contains(expose, h) {
+			t.Errorf("Access-Control-Expose-Headers missing %s, got %q", h, expose)
+		}
+	}
+}
+
+func TestSetDSMSResponseHeaders_EmptyCID_WritesNothing(t *testing.T) {
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+
+	setDSMSResponseHeaders(c, "", "irrelevant.pdf", 100)
+
+	if got := w.Header().Get("X-DSMS-CID"); got != "" {
+		t.Errorf("X-DSMS-CID should be absent for empty CID, got %q", got)
+	}
+	if got := w.Header().Get("X-DSMS-Filename"); got != "" {
+		t.Errorf("X-DSMS-Filename should be absent for empty CID, got %q", got)
+	}
+	if got := w.Header().Get("X-DSMS-Size"); got != "" {
+		t.Errorf("X-DSMS-Size should be absent for empty CID, got %q", got)
+	}
+}
+
+func TestSetDSMSResponseHeaders_ZeroSize_StillWritesHeader(t *testing.T) {
+	// A 0-byte archive is degenerate but valid — the frontend still needs the
+	// CID badge to expose the chain to the user. Don't suppress the header.
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+
+	setDSMSResponseHeaders(c, "bafyzero", "empty.pdf", 0)
+
+	if got := w.Header().Get("X-DSMS-CID"); got != "bafyzero" {
+		t.Errorf("X-DSMS-CID: want bafyzero, got %q", got)
+	}
+	if got := w.Header().Get("X-DSMS-Size"); got != "0" {
+		t.Errorf("X-DSMS-Size: want 0, got %q", got)
+	}
+}
+
+func contains(s, sub string) bool {
+	for i := 0; i+len(sub) <= len(s); i++ {
+		if s[i:i+len(sub)] == sub {
+			return true
+		}
+	}
+	return false
+}