feat(ucca): Pflichtendatenbank v2 (325 Obligations), Trigger-Engine, TOM-Control-Mapping
All checks were successful
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 32s
CI / test-python-backend-compliance (push) Successful in 29s
CI / test-python-document-crawler (push) Successful in 20s
CI / test-python-dsms-gateway (push) Successful in 18s
All checks were successful
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 32s
CI / test-python-backend-compliance (push) Successful in 29s
CI / test-python-document-crawler (push) Successful in 20s
CI / test-python-dsms-gateway (push) Successful in 18s
- 9 Regulation-JSON-Dateien (DSGVO 80, AI Act 60, NIS2 40, BDSG 30, TTDSG 20, DSA 35, Data Act 25, EU-Maschinen 15, DORA 20) - Condition-Tree-Engine fuer automatische Pflichtenselektion (all_of/any_of, 80+ Field-Paths) - Generischer JSONRegulationModule-Loader mit YAML-Fallback - Bidirektionales TOM-Control-Mapping (291 Obligation→Control, 92 Control→Obligation) - Gap-Analyse-Engine (Compliance-%, Priority Actions, Domain Breakdown) - ScopeDecision→UnifiedFacts Bridge fuer Auto-Profiling - 4 neue API-Endpoints (assess-from-scope, tom-controls, gap-analysis, reverse-lookup) - Frontend: Auto-Profiling Button, Regulation-Filter Chips, TOM-Panel, Gap-Analyse-View - 18 Unit Tests (Condition Engine, v2 Loader, TOM Mapper) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
162
ai-compliance-sdk/policies/obligations/v2/_schema.json
Normal file
162
ai-compliance-sdk/policies/obligations/v2/_schema.json
Normal file
@@ -0,0 +1,162 @@
|
||||
{
|
||||
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
||||
"title": "Obligation v2 Schema",
|
||||
"description": "Schema fuer maschinenlesbare Compliance-Pflichten",
|
||||
"type": "object",
|
||||
"required": ["regulation", "name", "version", "obligations"],
|
||||
"properties": {
|
||||
"regulation": { "type": "string", "description": "Regulation-Key (z.B. dsgvo, ai_act, nis2)" },
|
||||
"name": { "type": "string" },
|
||||
"description": { "type": "string" },
|
||||
"version": { "type": "string" },
|
||||
"effective_date": { "type": "string", "format": "date" },
|
||||
"obligations": {
|
||||
"type": "array",
|
||||
"items": { "$ref": "#/$defs/obligation" }
|
||||
},
|
||||
"controls": {
|
||||
"type": "array",
|
||||
"items": { "$ref": "#/$defs/control" }
|
||||
},
|
||||
"incident_deadlines": {
|
||||
"type": "array",
|
||||
"items": { "$ref": "#/$defs/incident_deadline" }
|
||||
}
|
||||
},
|
||||
"$defs": {
|
||||
"obligation": {
|
||||
"type": "object",
|
||||
"required": ["id", "title", "description", "applies_when", "legal_basis", "category", "priority"],
|
||||
"properties": {
|
||||
"id": { "type": "string", "pattern": "^[A-Z0-9_-]+-OBL-[0-9]{3}$" },
|
||||
"title": { "type": "string" },
|
||||
"description": { "type": "string" },
|
||||
"applies_when": { "type": "string", "description": "Legacy condition string for backwards compat" },
|
||||
"applies_when_condition": { "$ref": "#/$defs/condition_node" },
|
||||
"legal_basis": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": ["norm", "article"],
|
||||
"properties": {
|
||||
"norm": { "type": "string" },
|
||||
"article": { "type": "string" },
|
||||
"title": { "type": "string" },
|
||||
"erwaegungsgrund": { "type": "string" }
|
||||
}
|
||||
}
|
||||
},
|
||||
"sources": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": ["type", "ref"],
|
||||
"properties": {
|
||||
"type": { "type": "string", "enum": ["article", "erwaegungsgrund", "edpb_guideline", "dsk_kurzpapier", "bsi_standard", "eu_guidance", "national_law", "case_law"] },
|
||||
"ref": { "type": "string" }
|
||||
}
|
||||
}
|
||||
},
|
||||
"category": { "type": "string", "enum": ["Governance", "Technisch", "Organisatorisch", "Meldepflicht", "Dokumentation", "Schulung", "Audit", "Compliance"] },
|
||||
"responsible": { "type": "string" },
|
||||
"deadline": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"type": { "type": "string", "enum": ["absolute", "relative", "recurring", "on_event"] },
|
||||
"date": { "type": "string", "format": "date" },
|
||||
"duration": { "type": "string" },
|
||||
"interval": { "type": "string" },
|
||||
"event": { "type": "string" }
|
||||
}
|
||||
},
|
||||
"sanctions": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"max_fine": { "type": "string" },
|
||||
"min_fine": { "type": "string" },
|
||||
"personal_liability": { "type": "boolean" },
|
||||
"criminal_liability": { "type": "boolean" },
|
||||
"description": { "type": "string" }
|
||||
}
|
||||
},
|
||||
"evidence": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"oneOf": [
|
||||
{ "type": "string" },
|
||||
{
|
||||
"type": "object",
|
||||
"required": ["name"],
|
||||
"properties": {
|
||||
"name": { "type": "string" },
|
||||
"required": { "type": "boolean" },
|
||||
"format": { "type": "string" }
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"priority": { "type": "string", "enum": ["kritisch", "hoch", "mittel", "niedrig"] },
|
||||
"tom_control_ids": {
|
||||
"type": "array",
|
||||
"items": { "type": "string", "pattern": "^TOM\\.[A-Z]+\\.[0-9]{2}$" }
|
||||
},
|
||||
"breakpilot_feature": { "type": "string", "description": "Link to SDK module (e.g. /sdk/dsfa)" },
|
||||
"valid_from": { "type": "string", "format": "date" },
|
||||
"valid_until": { "type": ["string", "null"], "format": "date" },
|
||||
"version": { "type": "string" },
|
||||
"iso27001_mapping": { "type": "array", "items": { "type": "string" } },
|
||||
"how_to_implement": { "type": "string" }
|
||||
}
|
||||
},
|
||||
"condition_node": {
|
||||
"type": "object",
|
||||
"oneOf": [
|
||||
{
|
||||
"properties": {
|
||||
"all_of": { "type": "array", "items": { "$ref": "#/$defs/condition_node" } }
|
||||
},
|
||||
"required": ["all_of"]
|
||||
},
|
||||
{
|
||||
"properties": {
|
||||
"any_of": { "type": "array", "items": { "$ref": "#/$defs/condition_node" } }
|
||||
},
|
||||
"required": ["any_of"]
|
||||
},
|
||||
{
|
||||
"properties": {
|
||||
"field": { "type": "string" },
|
||||
"operator": { "type": "string", "enum": ["EQUALS", "NOT_EQUALS", "GREATER_THAN", "LESS_THAN", "GREATER_OR_EQUAL", "LESS_OR_EQUAL", "IN", "NOT_IN", "CONTAINS", "EXISTS"] },
|
||||
"value": {}
|
||||
},
|
||||
"required": ["field", "operator", "value"]
|
||||
}
|
||||
]
|
||||
},
|
||||
"control": {
|
||||
"type": "object",
|
||||
"required": ["id", "name", "category"],
|
||||
"properties": {
|
||||
"id": { "type": "string" },
|
||||
"name": { "type": "string" },
|
||||
"description": { "type": "string" },
|
||||
"category": { "type": "string" },
|
||||
"what_to_do": { "type": "string" },
|
||||
"iso27001_mapping": { "type": "array", "items": { "type": "string" } },
|
||||
"priority": { "type": "string" }
|
||||
}
|
||||
},
|
||||
"incident_deadline": {
|
||||
"type": "object",
|
||||
"required": ["phase", "deadline"],
|
||||
"properties": {
|
||||
"phase": { "type": "string" },
|
||||
"deadline": { "type": "string" },
|
||||
"content": { "type": "string" },
|
||||
"recipient": { "type": "string" },
|
||||
"legal_basis": { "type": "array", "items": { "type": "object" } }
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user