Initial commit: breakpilot-compliance - Compliance SDK Platform

Services: Admin-Compliance, Backend-Compliance, AI-Compliance-SDK, Consent-SDK, Developer-Portal, PCA-Platform, DSMS Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-11 23:47:28 +01:00
commit 4435e7ea0a
734 changed files with 251369 additions and 0 deletions
--- a/admin-compliance/app/api/sdk/drafting-engine/validate/route.ts
+++ b/admin-compliance/app/api/sdk/drafting-engine/validate/route.ts
@@ -0,0 +1,188 @@
+/**
+ * Drafting Engine - Validate API
+ *
+ * Stufe 1: Deterministische Pruefung gegen DOCUMENT_SCOPE_MATRIX
+ * Stufe 2: LLM Cross-Consistency Check
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+import { DOCUMENT_SCOPE_MATRIX, DOCUMENT_TYPE_LABELS, getDepthLevelNumeric } from '@/lib/sdk/compliance-scope-types'
+import type { ScopeDocumentType, ComplianceDepthLevel } from '@/lib/sdk/compliance-scope-types'
+import type { ValidationContext, ValidationResult, ValidationFinding } from '@/lib/sdk/drafting-engine/types'
+import { buildCrossCheckPrompt } from '@/lib/sdk/drafting-engine/prompts/validate-cross-check'
+
+const OLLAMA_URL = process.env.OLLAMA_URL || 'http://host.docker.internal:11434'
+const LLM_MODEL = process.env.COMPLIANCE_LLM_MODEL || 'qwen2.5vl:32b'
+
+/**
+ * Stufe 1: Deterministische Pruefung
+ */
+function deterministicCheck(
+  documentType: ScopeDocumentType,
+  validationContext: ValidationContext
+): ValidationFinding[] {
+  const findings: ValidationFinding[] = []
+  const level = validationContext.scopeLevel
+  const levelNumeric = getDepthLevelNumeric(level)
+  const req = DOCUMENT_SCOPE_MATRIX[documentType]?.[level]
+
+  // Check 1: Ist das Dokument auf diesem Level erforderlich?
+  if (req && !req.required && levelNumeric < 3) {
+    findings.push({
+      id: `DET-OPT-${documentType}`,
+      severity: 'suggestion',
+      category: 'scope_violation',
+      title: `${DOCUMENT_TYPE_LABELS[documentType] ?? documentType} ist optional`,
+      description: `Auf Level ${level} ist dieses Dokument nicht verpflichtend.`,
+      documentType,
+    })
+  }
+
+  // Check 2: VVT vorhanden wenn erforderlich?
+  const vvtReq = DOCUMENT_SCOPE_MATRIX.vvt[level]
+  if (vvtReq.required && validationContext.crossReferences.vvtCategories.length === 0) {
+    findings.push({
+      id: 'DET-VVT-MISSING',
+      severity: 'error',
+      category: 'missing_content',
+      title: 'VVT fehlt',
+      description: `Auf Level ${level} ist ein VVT Pflicht, aber keine Eintraege vorhanden.`,
+      documentType: 'vvt',
+      legalReference: 'Art. 30 DSGVO',
+    })
+  }
+
+  // Check 3: TOM vorhanden wenn VVT existiert?
+  if (validationContext.crossReferences.vvtCategories.length > 0
+      && validationContext.crossReferences.tomControls.length === 0) {
+    findings.push({
+      id: 'DET-TOM-MISSING-FOR-VVT',
+      severity: 'warning',
+      category: 'cross_reference',
+      title: 'TOM fehlt bei vorhandenem VVT',
+      description: 'VVT-Eintraege existieren, aber keine TOM-Massnahmen sind definiert.',
+      documentType: 'tom',
+      crossReferenceType: 'vvt',
+      legalReference: 'Art. 32 DSGVO',
+      suggestion: 'TOM-Massnahmen erstellen, die die VVT-Taetigkeiten absichern.',
+    })
+  }
+
+  // Check 4: Loeschfristen fuer VVT-Kategorien
+  if (validationContext.crossReferences.vvtCategories.length > 0
+      && validationContext.crossReferences.retentionCategories.length === 0) {
+    findings.push({
+      id: 'DET-LF-MISSING-FOR-VVT',
+      severity: 'warning',
+      category: 'cross_reference',
+      title: 'Loeschfristen fehlen',
+      description: 'VVT-Eintraege existieren, aber keine Loeschfristen sind definiert.',
+      documentType: 'lf',
+      crossReferenceType: 'vvt',
+      legalReference: 'Art. 17 DSGVO',
+      suggestion: 'Loeschfristen fuer alle VVT-Datenkategorien definieren.',
+    })
+  }
+
+  return findings
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+    const { documentType, draftContent, validationContext } = body
+
+    if (!documentType || !validationContext) {
+      return NextResponse.json(
+        { error: 'documentType und validationContext sind erforderlich' },
+        { status: 400 }
+      )
+    }
+
+    // ---------------------------------------------------------------
+    // Stufe 1: Deterministische Pruefung
+    // ---------------------------------------------------------------
+    const deterministicFindings = deterministicCheck(documentType, validationContext)
+
+    // ---------------------------------------------------------------
+    // Stufe 2: LLM Cross-Consistency Check
+    // ---------------------------------------------------------------
+    let llmFindings: ValidationFinding[] = []
+
+    try {
+      const crossCheckPrompt = buildCrossCheckPrompt({
+        context: validationContext,
+      })
+
+      const ollamaResponse = await fetch(`${OLLAMA_URL}/api/chat`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          model: LLM_MODEL,
+          messages: [
+            {
+              role: 'system',
+              content: 'Du bist ein DSGVO-Compliance-Validator. Antworte NUR im JSON-Format.',
+            },
+            { role: 'user', content: crossCheckPrompt },
+          ],
+          stream: false,
+          options: { temperature: 0.1, num_predict: 8192 },
+          format: 'json',
+        }),
+        signal: AbortSignal.timeout(120000),
+      })
+
+      if (ollamaResponse.ok) {
+        const result = await ollamaResponse.json()
+        try {
+          const parsed = JSON.parse(result.message?.content || '{}')
+          llmFindings = [
+            ...(parsed.errors || []),
+            ...(parsed.warnings || []),
+            ...(parsed.suggestions || []),
+          ].map((f: Record<string, unknown>, i: number) => ({
+            id: String(f.id || `LLM-${i}`),
+            severity: (String(f.severity || 'suggestion')) as 'error' | 'warning' | 'suggestion',
+            category: (String(f.category || 'inconsistency')) as ValidationFinding['category'],
+            title: String(f.title || ''),
+            description: String(f.description || ''),
+            documentType: (String(f.documentType || documentType)) as ScopeDocumentType,
+            crossReferenceType: f.crossReferenceType ? String(f.crossReferenceType) as ScopeDocumentType : undefined,
+            legalReference: f.legalReference ? String(f.legalReference) : undefined,
+            suggestion: f.suggestion ? String(f.suggestion) : undefined,
+          }))
+        } catch {
+          // LLM response not parseable, skip
+        }
+      }
+    } catch {
+      // LLM unavailable, continue with deterministic results only
+    }
+
+    // ---------------------------------------------------------------
+    // Combine results
+    // ---------------------------------------------------------------
+    const allFindings = [...deterministicFindings, ...llmFindings]
+    const errors = allFindings.filter(f => f.severity === 'error')
+    const warnings = allFindings.filter(f => f.severity === 'warning')
+    const suggestions = allFindings.filter(f => f.severity === 'suggestion')
+
+    const result: ValidationResult = {
+      passed: errors.length === 0,
+      timestamp: new Date().toISOString(),
+      scopeLevel: validationContext.scopeLevel,
+      errors,
+      warnings,
+      suggestions,
+    }
+
+    return NextResponse.json(result)
+  } catch (error) {
+    console.error('Validation error:', error)
+    return NextResponse.json(
+      { error: 'Validierung fehlgeschlagen.' },
+      { status: 503 }
+    )
+  }
+}