feat(ucca): Pflichtendatenbank v2 (325 Obligations), Trigger-Engine, TOM-Control-Mapping
All checks were successful
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 32s
CI / test-python-backend-compliance (push) Successful in 29s
CI / test-python-document-crawler (push) Successful in 20s
CI / test-python-dsms-gateway (push) Successful in 18s
All checks were successful
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 32s
CI / test-python-backend-compliance (push) Successful in 29s
CI / test-python-document-crawler (push) Successful in 20s
CI / test-python-dsms-gateway (push) Successful in 18s
- 9 Regulation-JSON-Dateien (DSGVO 80, AI Act 60, NIS2 40, BDSG 30, TTDSG 20, DSA 35, Data Act 25, EU-Maschinen 15, DORA 20) - Condition-Tree-Engine fuer automatische Pflichtenselektion (all_of/any_of, 80+ Field-Paths) - Generischer JSONRegulationModule-Loader mit YAML-Fallback - Bidirektionales TOM-Control-Mapping (291 Obligation→Control, 92 Control→Obligation) - Gap-Analyse-Engine (Compliance-%, Priority Actions, Domain Breakdown) - ScopeDecision→UnifiedFacts Bridge fuer Auto-Profiling - 4 neue API-Endpoints (assess-from-scope, tom-controls, gap-analysis, reverse-lookup) - Frontend: Auto-Profiling Button, Regulation-Filter Chips, TOM-Panel, Gap-Analyse-View - 18 Unit Tests (Condition Engine, v2 Loader, TOM Mapper) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
128
ai-compliance-sdk/internal/ucca/scope_facts_mapper.go
Normal file
128
ai-compliance-sdk/internal/ucca/scope_facts_mapper.go
Normal file
@@ -0,0 +1,128 @@
|
||||
package ucca
|
||||
|
||||
// ScopeDecision represents the output from the frontend Scope Wizard
|
||||
type ScopeDecision struct {
|
||||
// Company profile
|
||||
EmployeeCount int `json:"employee_count"`
|
||||
AnnualRevenue float64 `json:"annual_revenue"`
|
||||
Country string `json:"country"`
|
||||
Industry string `json:"industry"`
|
||||
LegalForm string `json:"legal_form,omitempty"`
|
||||
|
||||
// Scope wizard answers
|
||||
ProcessesPersonalData bool `json:"processes_personal_data"`
|
||||
IsController bool `json:"is_controller"`
|
||||
IsProcessor bool `json:"is_processor"`
|
||||
DataArt9 bool `json:"data_art9"`
|
||||
DataMinors bool `json:"data_minors"`
|
||||
LargeScale bool `json:"large_scale"`
|
||||
SystematicMonitoring bool `json:"systematic_monitoring"`
|
||||
CrossBorderTransfer bool `json:"cross_border_transfer"`
|
||||
UsesProcessors bool `json:"uses_processors"`
|
||||
AutomatedDecisions bool `json:"automated_decisions"`
|
||||
ProcessesEmployeeData bool `json:"processes_employee_data"`
|
||||
ProcessesHealthData bool `json:"processes_health_data"`
|
||||
ProcessesFinancialData bool `json:"processes_financial_data"`
|
||||
UsesCookies bool `json:"uses_cookies"`
|
||||
UsesTracking bool `json:"uses_tracking"`
|
||||
UsesVideoSurveillance bool `json:"uses_video_surveillance"`
|
||||
OperatesPlatform bool `json:"operates_platform"`
|
||||
PlatformUserCount int `json:"platform_user_count,omitempty"`
|
||||
|
||||
// AI usage
|
||||
ProcAIUsage bool `json:"proc_ai_usage"`
|
||||
IsAIProvider bool `json:"is_ai_provider"`
|
||||
IsAIDeployer bool `json:"is_ai_deployer"`
|
||||
HighRiskAI bool `json:"high_risk_ai"`
|
||||
LimitedRiskAI bool `json:"limited_risk_ai"`
|
||||
|
||||
// Sector / NIS2
|
||||
Sector string `json:"sector,omitempty"`
|
||||
SpecialServices []string `json:"special_services,omitempty"`
|
||||
IsKRITIS bool `json:"is_kritis"`
|
||||
IsFinancialInstitution bool `json:"is_financial_institution"`
|
||||
|
||||
// Scope engine results
|
||||
DeterminedLevel string `json:"determined_level,omitempty"` // L1-L4
|
||||
TriggeredRules []string `json:"triggered_rules,omitempty"`
|
||||
RequiredDocuments []string `json:"required_documents,omitempty"`
|
||||
CertTarget string `json:"cert_target,omitempty"`
|
||||
}
|
||||
|
||||
// MapScopeToFacts converts a ScopeDecision to UnifiedFacts
|
||||
func MapScopeToFacts(scope *ScopeDecision) *UnifiedFacts {
|
||||
facts := NewUnifiedFacts()
|
||||
|
||||
// Organization
|
||||
facts.Organization.EmployeeCount = scope.EmployeeCount
|
||||
facts.Organization.AnnualRevenue = scope.AnnualRevenue
|
||||
facts.Organization.Country = scope.Country
|
||||
facts.Organization.LegalForm = scope.LegalForm
|
||||
if scope.Country != "" {
|
||||
facts.Organization.EUMember = isEUCountryScope(scope.Country)
|
||||
}
|
||||
|
||||
// Data Protection
|
||||
facts.DataProtection.ProcessesPersonalData = scope.ProcessesPersonalData
|
||||
facts.DataProtection.IsController = scope.IsController
|
||||
facts.DataProtection.IsProcessor = scope.IsProcessor
|
||||
facts.DataProtection.ProcessesSpecialCategories = scope.DataArt9
|
||||
facts.DataProtection.ProcessesMinorData = scope.DataMinors
|
||||
facts.DataProtection.LargeScaleProcessing = scope.LargeScale
|
||||
facts.DataProtection.SystematicMonitoring = scope.SystematicMonitoring
|
||||
facts.DataProtection.TransfersToThirdCountries = scope.CrossBorderTransfer
|
||||
facts.DataProtection.CrossBorderProcessing = scope.CrossBorderTransfer
|
||||
facts.DataProtection.UsesExternalProcessor = scope.UsesProcessors
|
||||
facts.DataProtection.AutomatedDecisionMaking = scope.AutomatedDecisions
|
||||
facts.DataProtection.AutomatedDecisions = scope.AutomatedDecisions
|
||||
facts.DataProtection.ProcessesEmployeeData = scope.ProcessesEmployeeData
|
||||
facts.DataProtection.ProcessesHealthData = scope.ProcessesHealthData
|
||||
facts.DataProtection.ProcessesFinancialData = scope.ProcessesFinancialData
|
||||
facts.DataProtection.UsesCookies = scope.UsesCookies
|
||||
facts.DataProtection.UsesTracking = scope.UsesTracking
|
||||
facts.DataProtection.UsesVideoSurveillance = scope.UsesVideoSurveillance
|
||||
facts.DataProtection.OperatesPlatform = scope.OperatesPlatform
|
||||
facts.DataProtection.PlatformUserCount = scope.PlatformUserCount
|
||||
|
||||
// DPO requirement (German law: >= 20 employees processing personal data)
|
||||
if scope.EmployeeCount >= 20 && scope.ProcessesPersonalData {
|
||||
facts.DataProtection.RequiresDSBByLaw = true
|
||||
}
|
||||
|
||||
// AI Usage
|
||||
facts.AIUsage.UsesAI = scope.ProcAIUsage
|
||||
facts.AIUsage.IsAIProvider = scope.IsAIProvider
|
||||
facts.AIUsage.IsAIDeployer = scope.IsAIDeployer
|
||||
facts.AIUsage.HasHighRiskAI = scope.HighRiskAI
|
||||
facts.AIUsage.HasLimitedRiskAI = scope.LimitedRiskAI
|
||||
|
||||
// Sector
|
||||
if scope.Sector != "" {
|
||||
facts.Sector.PrimarySector = scope.Sector
|
||||
} else if scope.Industry != "" {
|
||||
facts.MapDomainToSector(scope.Industry)
|
||||
}
|
||||
facts.Sector.SpecialServices = scope.SpecialServices
|
||||
facts.Sector.IsKRITIS = scope.IsKRITIS
|
||||
facts.Sector.KRITISThresholdMet = scope.IsKRITIS
|
||||
facts.Sector.IsFinancialInstitution = scope.IsFinancialInstitution
|
||||
|
||||
// Financial
|
||||
if scope.IsFinancialInstitution {
|
||||
facts.Financial.IsRegulated = true
|
||||
facts.Financial.DORAApplies = true
|
||||
}
|
||||
|
||||
return facts
|
||||
}
|
||||
|
||||
func isEUCountryScope(country string) bool {
|
||||
euCountries := map[string]bool{
|
||||
"DE": true, "AT": true, "BE": true, "BG": true, "HR": true, "CY": true,
|
||||
"CZ": true, "DK": true, "EE": true, "FI": true, "FR": true, "GR": true,
|
||||
"HU": true, "IE": true, "IT": true, "LV": true, "LT": true, "LU": true,
|
||||
"MT": true, "NL": true, "PL": true, "PT": true, "RO": true, "SK": true,
|
||||
"SI": true, "ES": true, "SE": true,
|
||||
}
|
||||
return euCountries[country]
|
||||
}
|
||||
Reference in New Issue
Block a user