Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(audit): P8 — MC-Severity raus, Email nur harte Findings, MC-Audit als Checkliste
CI / detect-changes (push) Successful in 10s
Details
CI / branch-name (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / secret-scan (push) Has been skipped
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / validate-canonical-controls (push) Successful in 17s
Details
CI / loc-budget (push) Failing after 17s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / nodejs-build (push) Successful in 2m48s
Details
CI / test-go (push) Has been skipped
Details
CI / iace-gt-coverage (push) Has been skipped
Details
CI / test-python-backend (push) Successful in 40s
Details
CI / test-python-document-crawler (push) Has been skipped
Details
CI / test-python-dsms-gateway (push) Has been skipped
Details

Browse Source 
Email-Hardening (mc_scorecard.top_fails):
  Neue _is_hard_finding-Heuristik filtert konditionale MCs ohne
  Negativ-Beleg aus den Top-Auffaelligkeiten. matched_text leer + Label
  enthaelt "falls/sofern/wenn/soweit/ggf." -> raus, landet nur noch im
  MC-Audit als "selbst pruefen". DATA-2066-A05 (kostenfreie Abschaltung
  Standortdaten) ist das prototypische Beispiel.

MC-Audit-Frontend (audit/[checkId]/page.tsx):
  Severity-Spalte (CRITICAL/HIGH/MEDIUM/LOW) entfernt — der MC-Audit
  ist eine Checkliste, keine Severity-Drohung. Stattdessen:
   - Spalte "Prioritaet" mit 3-Tier aus regulation-Mapping:
     Gesetz (DSGVO/ePrivacy/TDDDG/...) / Behoerden-Leitlinie
     (EDPB/DSK/EuGH/...) / Best-Practice (ISO/NIST/BSI)
   - 3-Status: erfuellt (✓) / nicht erfuellt (✗) / selbst pruefen (?)
     / nicht anwendbar (—). rowReviewStatus() leitet "selbst pruefen"
     aus matched_text-leer + konditionalem Label ab.
   - Filter umgebaut auf 5 Stati statt 4
   - Default-Filter "Nicht erfuellt" (vorher "Nur Fail")

Bonus: f.payload.risk_label TS-Cast im FindingsTab clean gemacht
(unknown -> string).

Effekt:
  - Email an die GF zeigt nur noch echte Belege ("DSB fehlt",
    "Gebuehr fuer Widerruf")
  - MC-Audit ist eine sachliche Pruefliste fuer den Compliance-Officer

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-05-19 00:30:04 +02:00
parent 6c223c7c9b
commit 575644c9c5
3 changed files with 88 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin-compliance/app/sdk/agent/audit/[checkId]/FindingsTab.tsx
+9 -8
View File
@@ -214,15 +214,16 @@ export default function FindingsTab({ checkId }: { checkId: string }) {
· {f.vendor_name}
</span>
)}
{f.payload?.risk_label && (
<span className={`ml-2 px-1.5 py-0.5 rounded text-[10px] font-medium ${
f.payload.risk_label === 'kritisch' ? 'bg-red-600 text-white' :
f.payload.risk_label === 'hoch' ? 'bg-red-100 text-red-800' :
f.payload.risk_label === 'mittel' ? 'bg-amber-100 text-amber-800' :
f.payload.risk_label === 'gering' ? 'bg-green-50 text-green-700' :
{(() => {
const rl = String(f.payload?.risk_label ?? '')
if (!rl) return null
const cls = rl === 'kritisch' ? 'bg-red-600 text-white' :
rl === 'hoch' ? 'bg-red-100 text-red-800' :
rl === 'mittel' ? 'bg-amber-100 text-amber-800' :
rl === 'gering' ? 'bg-green-50 text-green-700' :
'bg-gray-100 text-gray-500'
}`}>Risk: {String(f.payload.risk_label)}</span>
)}
return <span className={`ml-2 px-1.5 py-0.5 rounded text-[10px] font-medium ${cls}`}>Risk: {rl}</span>
})()}
</td>
</tr>
{expanded === f.id && (
admin-compliance/app/sdk/agent/audit/[checkId]/page.tsx
+51 -24
View File
@@ -42,19 +42,43 @@ type AuditResponse = {
results?: MCRow[]
}
const SEVERITY_COLOR: Record<string, string> = {
CRITICAL: 'bg-red-600 text-white',
HIGH: 'bg-red-100 text-red-800',
MEDIUM: 'bg-amber-100 text-amber-800',
LOW: 'bg-blue-100 text-blue-800',
INFO: 'bg-gray-100 text-gray-600',
// P8: MC-Audit ist eine Checkliste, KEINE Severity-Drohung. Statt
// rotem HIGH-Badge zeigen wir die Quellen-Prioritaet (Gesetz vs.
// Behoerden-Leitlinie vs. Best-Practice) und einen 3-Tier-Status
// (erfuellt / nicht erfuellt / selbst pruefen).
const PRIORITY_BADGE: Record<string, string> = {
Gesetz: 'bg-slate-800 text-white',
'Behoerden-Leitlinie': 'bg-blue-100 text-blue-800',
'Best-Practice': 'bg-gray-100 text-gray-600',
'—': 'bg-gray-50 text-gray-400',
}
function regulationToPriority(reg: string): keyof typeof PRIORITY_BADGE {
const r = (reg || '').toLowerCase()
if (/dsgvo|gdpr|eprivacy|tdddg|tkg|bdsg|ttdsg/.test(r)) return 'Gesetz'
if (/edpb|dsk|cnil|lfdi|eugh|orientierungshilfe|leitlinie|guideline/.test(r))
return 'Behoerden-Leitlinie'
if (/iso|nist|bsi|cobit|sox/.test(r)) return 'Best-Practice'
return '—'
}
const _CONDITIONAL_RE = /\b(falls|sofern|wenn|soweit|ggf\.|gegebenenfalls)\b/i
function rowReviewStatus(r: MCRow): 'pass' | 'fail' | 'review' | 'na' {
if (r.passed) return 'pass'
if (r.skipped) return 'na'
// failed: harter Fail nur bei matched_text-Beleg ODER nicht-konditionalem Label
if (!r.matched_text && _CONDITIONAL_RE.test(r.label || '')) return 'review'
return 'fail'
}
const STATUS_FILTERS = [
{ value: 'all', label: 'Alle' },
{ value: 'failed', label: 'Nur Fail' },
{ value: 'passed', label: 'Nur Pass' },
{ value: 'skipped', label: 'Nur Skipped' },
{ value: 'fail', label: 'Nicht erfuellt' },
{ value: 'review', label: 'Selbst pruefen' },
{ value: 'pass', label: 'Erfuellt' },
{ value: 'na', label: 'Nicht anwendbar' },
] as const
export default function AuditPage(
@@ -64,7 +88,7 @@ export default function AuditPage(
const [data, setData] = useState<AuditResponse | null>(null)
const [loading, setLoading] = useState(true)
const [error, setError] = useState<string | null>(null)
const [filterStatus, setFilterStatus] = useState<typeof STATUS_FILTERS[number]['value']>('failed')
const [filterStatus, setFilterStatus] = useState<typeof STATUS_FILTERS[number]['value']>('fail')
const [filterReg, setFilterReg] = useState<string>('')
const [filterDoc, setFilterDoc] = useState<string>('')
const [expanded, setExpanded] = useState<number | null>(null)
@@ -92,9 +116,7 @@ export default function AuditPage(
)
const filtered = allRows.filter(r => {
if (filterStatus === 'failed' && (r.passed || r.skipped)) return false
if (filterStatus === 'passed' && !r.passed) return false
if (filterStatus === 'skipped' && !r.skipped) return false
if (filterStatus !== 'all' && rowReviewStatus(r) !== filterStatus) return false
if (filterReg && r.regulation !== filterReg) return false
if (filterDoc && r.doc_type !== filterDoc) return false
return true
@@ -233,7 +255,7 @@ export default function AuditPage(
<th className="px-3 py-2 text-left">Doc</th>
<th className="px-3 py-2 text-left">Regulation</th>
<th className="px-3 py-2 text-left">MC</th>
<th className="px-3 py-2 text-left">Severity</th>
<th className="px-3 py-2 text-left">Prioritaet</th>
</tr>
</thead>
<tbody>
@@ -242,21 +264,26 @@ export default function AuditPage(
<tr className="border-t cursor-pointer hover:bg-gray-50"
onClick={() => setExpanded(expanded === row.id ? null : row.id)}>
<td className="px-3 py-2">
{row.passed ? (
<span className="text-green-600"></span>
) : row.skipped ? (
<span className="text-gray-400"></span>
) : (
<span className="text-red-600"></span>
)}
{(() => {
const st = rowReviewStatus(row)
if (st === 'pass') return <span className="text-green-600" title="Erfuellt"></span>
if (st === 'na') return <span className="text-gray-400" title="Nicht anwendbar"></span>
if (st === 'review') return <span className="text-amber-600" title="Selbst pruefen">?</span>
return <span className="text-red-600" title="Nicht erfuellt"></span>
})()}
</td>
<td className="px-3 py-2 text-gray-700">{row.doc_type}</td>
<td className="px-3 py-2 text-gray-500">{row.regulation || '—'}</td>
<td className="px-3 py-2 text-gray-900">{row.label}</td>
<td className="px-3 py-2">
<span className={`px-2 py-0.5 rounded text-[10px] font-medium ${
SEVERITY_COLOR[row.severity] || 'bg-gray-100'
}`}>{row.severity || '—'}</span>
{(() => {
const prio = regulationToPriority(row.regulation)
return (
<span className={`px-2 py-0.5 rounded text-[10px] font-medium ${PRIORITY_BADGE[prio]}`}>
{prio}
</span>
)
})()}
</td>
</tr>
{expanded === row.id && (
backend-compliance/compliance/services/mc_scorecard.py
+28 -1
View File
@@ -121,11 +121,37 @@ def _dedup_key(label: str) -> str:
return label
_CONDITIONAL_MARKERS = ("falls ", "sofern ", "wenn ", "soweit ",
"bei bedarf", "ggf.", "gegebenenfalls")
def _is_hard_finding(r: dict) -> bool:
"""Echtes Finding = wir haben einen positiven Treffer im Text der den
Verstoss belegt. Stille im Text reicht NICHT — das wandert ins MC-Audit
als "selbst pruefen", nicht ins Email als HIGH-Drohung.
Heuristik:
- matched_text nicht leer = textuelle Evidenz vorhanden → hart
- konditionales Label ("falls / sofern / wenn") UND matched_text leer
→ weich (Pre-Condition nicht belegt) → raus aus Top-Fails
- sonst: hart (klassische Pflichtangaben-Lücke wie "DSB fehlt")
"""
mt = (r.get("matched_text") or "").strip()
if mt:
return True
label_low = (r.get("label") or "").lower()
if any(m in label_low for m in _CONDITIONAL_MARKERS):
return False
return True
def top_fails(check_results: list[dict], n: int = 10) -> list[dict]:
"""Return top-N failing MCs sorted by severity then label.
Skipped + passed MCs are excluded. INFO severity is excluded by
default since those are guidance, not findings.
default since those are guidance, not findings. Konditionale MCs
ohne Negativ-Beleg (P8) werden ebenfalls ausgesteuert — sie
erscheinen nur noch im MC-Audit als "selbst pruefen".
Near-duplicates (multiple MCs that all complain about "einfache
Sprache" / "Einwilligungsaufforderung" / ...) are collapsed to ONE
@@ -136,6 +162,7 @@ def top_fails(check_results: list[dict], n: int = 10) -> list[dict]:
r for r in (check_results or [])
if not r.get("passed") and not r.get("skipped")
and (r.get("severity") or "").upper() != "INFO"
and _is_hard_finding(r)
]
fails.sort(key=lambda r: (
_SEV_RANK.get((r.get("severity") or "MEDIUM").upper(), 5),