Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(dsms): tech-file DSMS archive now logs CID into IACE audit trail

Browse Source 
Before: archiveTechFile called dsms.Archive() and discarded the result. The
file was archived to IPFS but no audit-trail entry was written, so there
was no way to later prove "this CE-Akte export went to DSMS with CID X".

After:
- archiveTechFile is now a method on IACEHandler with access to store + gin
  context, and captures the CID from dsms.Archive().
- Writes an AuditAction "tech_file_export" audit entry whose new_values
  JSON carries {cid, filename, size}, mirroring the Python evidence-upload
  pattern.
- Applies to PDF, XLSX, DOCX, and Markdown exports.

Plus dsms package gets 3 unit tests pinning the contract: success-CID
extraction, gateway-unreachable returns nil, 500-response returns nil.

This closes DSMS Stufe 2 (evidence side was already wired; tech-file side
was missing the audit hook). Stufe 3 next: version chains + delta view.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-05-22 10:02:18 +02:00
parent e2be51b0aa
commit 2b1fe3713a
2 changed files with 105 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ai-compliance-sdk/internal/api/handlers/iace_handler_techfile.go
+31 -7
View File
@@ -1,6 +1,7 @@
package handlers
import (
"encoding/json"
"fmt"
"net/http"
"strings"
@@ -412,7 +413,7 @@ func (h *IACEHandler) ExportTechFile(c *gin.Context) {
c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("PDF export failed: %v", err)})
return
}
archiveTechFile(data, fmt.Sprintf("CE-Akte-%s.pdf", safeName), projectID.String())
h.archiveTechFile(c, data, fmt.Sprintf("CE-Akte-%s.pdf", safeName), projectID)
c.Header("Content-Disposition", fmt.Sprintf(`attachment; filename="CE-Akte-%s.pdf"`, safeName))
c.Data(http.StatusOK, "application/pdf", data)
@@ -422,7 +423,7 @@ func (h *IACEHandler) ExportTechFile(c *gin.Context) {
c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("Excel export failed: %v", err)})
return
}
archiveTechFile(data, fmt.Sprintf("CE-Akte-%s.xlsx", safeName), projectID.String())
h.archiveTechFile(c, data, fmt.Sprintf("CE-Akte-%s.xlsx", safeName), projectID)
c.Header("Content-Disposition", fmt.Sprintf(`attachment; filename="CE-Akte-%s.xlsx"`, safeName))
c.Data(http.StatusOK, "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", data)
@@ -432,7 +433,7 @@ func (h *IACEHandler) ExportTechFile(c *gin.Context) {
c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("DOCX export failed: %v", err)})
return
}
archiveTechFile(data, fmt.Sprintf("CE-Akte-%s.docx", safeName), projectID.String())
h.archiveTechFile(c, data, fmt.Sprintf("CE-Akte-%s.docx", safeName), projectID)
c.Header("Content-Disposition", fmt.Sprintf(`attachment; filename="CE-Akte-%s.docx"`, safeName))
c.Data(http.StatusOK, "application/vnd.openxmlformats-officedocument.wordprocessingml.document", data)
@@ -442,7 +443,7 @@ func (h *IACEHandler) ExportTechFile(c *gin.Context) {
c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("Markdown export failed: %v", err)})
return
}
archiveTechFile(data, fmt.Sprintf("CE-Akte-%s.md", safeName), projectID.String())
h.archiveTechFile(c, data, fmt.Sprintf("CE-Akte-%s.md", safeName), projectID)
c.Header("Content-Disposition", fmt.Sprintf(`attachment; filename="CE-Akte-%s.md"`, safeName))
c.Data(http.StatusOK, "text/markdown", data)
@@ -468,7 +469,30 @@ func (h *IACEHandler) ExportTechFile(c *gin.Context) {
}
}
// archiveTechFile stores a tech-file export to DSMS (best-effort, non-blocking).
func archiveTechFile(data []byte, filename, projectID string) {
dsms.Archive(data, filename, "ce_techfile", projectID, "1")
// archiveTechFile stores a tech-file export to DSMS (best-effort, non-blocking)
// AND records the resulting CID in the IACE audit trail so the export is
// traceable. The "new_values" JSON carries the CID + filename so the audit
// timeline can later resolve the CID against the DSMS gateway for verify.
func (h *IACEHandler) archiveTechFile(c *gin.Context, data []byte, filename string, projectID uuid.UUID) {
result := dsms.Archive(data, filename, "ce_techfile", projectID.String(), "1")
if result == nil || result.CID == "" {
return
}
payload := map[string]string{
"cid": result.CID,
"filename": filename,
"size": fmt.Sprintf("%d", result.Size),
}
newValues, _ := json.Marshal(payload)
userID := rbac.GetUserID(c)
_ = h.store.AddAuditEntry(
c.Request.Context(),
projectID,
"tech_file_export",
projectID,
iace.AuditActionCreate,
userID.String(),
nil,
newValues,
)
}