Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Payment Controls auf 445 erweitert — ZVT/OPI Protokoll komplett

Browse Source 
+37 Controls in 8 neuen Domaenen:
- TERMSYNC (2): Sync-Entscheidungen, Divergenzpruefung
- ZVT-CMD (5): Kommandoreihenfolge, Parameter, Antwortverarbeitung
- ZVT-RT (5): Timeouts, Retry, Backoff, Abbruch-Markierung
- ZVT-STATE (5): State Machine, Exit-Pfade, Recovery
- ZVT-COM (5): Nachrichtenlaenge, Checksummen, Encoding
- ZVT-REV (5): Reversal, Storno, Mehrfachschutz
- ZVT-RESP (5): Response-Codes, Fehlerinterpretation
- ZVT-SESSION (5): Session-Lifecycle, Timeout, Parallelitaet

445 Controls total, 43 Domaenen

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-04-13 12:57:05 +02:00
parent e091bbc855
commit 5c1a514b52
1 changed files with 479 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

479
ai-compliance-sdk/policies/payment_controls_v1.json
View File

@@ -192,6 +192,41 @@
"id": "TERMSYNC",
"name": "Terminal Synchronization",
"description": "Abgleich, Settlement, Offline-Sync, Konsistenz"
},
{
"id": "ZVT-CMD",
"name": "ZVT Command Flow",
"description": "ZVT-Kommandoreihenfolge, Parameter, Antwortverarbeitung"
},
{
"id": "ZVT-RT",
"name": "ZVT Retry & Timeout",
"description": "Timeout-Definitionen, Retry-Strategien, Backoff"
},
{
"id": "ZVT-STATE",
"name": "ZVT State Machine",
"description": "Zustandsmodell, Uebergaenge, Recovery, Deadlock-Vermeidung"
},
{
"id": "ZVT-COM",
"name": "ZVT Communication Integrity",
"description": "Nachrichtenlaenge, Checksummen, Encoding, Fragmentierung"
},
{
"id": "ZVT-REV",
"name": "ZVT Reversal & Cancellation",
"description": "Storno, Reversal, Zuordnung, Mehrfachschutz"
},
{
"id": "ZVT-RESP",
"name": "ZVT Response Handling",
"description": "Response-Codes, Fehlerinterpretation, Statusupdate"
},
{
"id": "ZVT-SESSION",
"name": "ZVT Session Management",
"description": "Session-Lifecycle, Timeout, Wiederaufnahme, Parallelitaet"
}
],
"controls": [
@@ -5069,6 +5104,450 @@
"db_schema"
],
"automation": "low"
},
{
"control_id": "TERMSYNC-009",
"domain": "TERMSYNC",
"title": "Sync unterscheidet fachliche Klaerung von technischer Wiederholung",
"objective": "Verhindert Wiederholung finaler Zustaende",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "TERMSYNC-010",
"domain": "TERMSYNC",
"title": "Terminal/Backend-Zustaende regelmaessig auf Divergenzen geprueft",
"objective": "Erkennt Inkonsistenzen fruehzeitig",
"check_target": "system",
"evidence": [
"reconciliation_jobs",
"audit_log_sample"
],
"automation": "medium"
},
{
"control_id": "ZVT-CMD-001",
"domain": "ZVT-CMD",
"title": "ZVT-Kommandos nur in zulaessiger Reihenfolge",
"objective": "Verhindert Protokollverletzungen",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "high"
},
{
"control_id": "ZVT-CMD-002",
"domain": "ZVT-CMD",
"title": "Ungueltige Kommandos sicher zurueckgewiesen",
"objective": "Verhindert undefined behavior",
"check_target": "code",
"evidence": [
"source_code",
"negative_tests"
],
"automation": "high"
},
{
"control_id": "ZVT-CMD-003",
"domain": "ZVT-CMD",
"title": "Verpflichtende Parameter vorhanden",
"objective": "Sichert korrekte Kommunikation",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "high"
},
{
"control_id": "ZVT-CMD-004",
"domain": "ZVT-CMD",
"title": "Optionalfelder korrekt interpretiert und validiert",
"objective": "Verhindert Fehlinterpretation",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-CMD-005",
"domain": "ZVT-CMD",
"title": "Terminalantworten vollstaendig gelesen und verarbeitet",
"objective": "Verhindert Zustandsverlust",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "ZVT-RT-001",
"domain": "ZVT-RT",
"title": "Timeouts fuer Terminalkommunikation definiert",
"objective": "Verhindert blockierende Prozesse",
"check_target": "config",
"evidence": [
"config",
"source_code"
],
"automation": "high"
},
{
"control_id": "ZVT-RT-002",
"domain": "ZVT-RT",
"title": "Retries unterscheiden idempotent/nicht-idempotent",
"objective": "Verhindert doppelte Buchungen",
"check_target": "code",
"evidence": [
"source_code",
"retry_logic"
],
"automation": "medium"
},
{
"control_id": "ZVT-RT-003",
"domain": "ZVT-RT",
"title": "Retry-Anzahl begrenzt",
"objective": "Verhindert Endlosschleifen",
"check_target": "config",
"evidence": [
"config",
"source_code"
],
"automation": "high"
},
{
"control_id": "ZVT-RT-004",
"domain": "ZVT-RT",
"title": "Backoff-Strategien implementiert",
"objective": "Verhindert Ueberlastung",
"check_target": "code",
"evidence": [
"source_code",
"retry_logic"
],
"automation": "medium"
},
{
"control_id": "ZVT-RT-005",
"domain": "ZVT-RT",
"title": "Abgebrochene Transaktionen eindeutig markiert",
"objective": "Erleichtert Recovery",
"check_target": "system",
"evidence": [
"db_schema",
"source_code"
],
"automation": "medium"
},
{
"control_id": "ZVT-STATE-001",
"domain": "ZVT-STATE",
"title": "Zahlungszustaende als explizite State Machine",
"objective": "Verhindert implizite Zustaende",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-STATE-002",
"domain": "ZVT-STATE",
"title": "Ungueltige Zustandsuebergaenge nicht moeglich",
"objective": "Verhindert inkonsistente Zustaende",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "high"
},
{
"control_id": "ZVT-STATE-003",
"domain": "ZVT-STATE",
"title": "Jeder Zustand hat definierten Exit-Pfad",
"objective": "Verhindert Deadlocks",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-STATE-004",
"domain": "ZVT-STATE",
"title": "Terminal- und Backendzustand abgeglichen",
"objective": "Verhindert Divergenzen",
"check_target": "system",
"evidence": [
"integration_test",
"reconciliation_jobs"
],
"automation": "medium"
},
{
"control_id": "ZVT-STATE-005",
"domain": "ZVT-STATE",
"title": "Recovery-Zustaende explizit modelliert",
"objective": "Erhoeht Robustheit",
"check_target": "code",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-COM-001",
"domain": "ZVT-COM",
"title": "Nachrichtenlaengen validiert",
"objective": "Verhindert Parsing-Fehler",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "high"
},
{
"control_id": "ZVT-COM-002",
"domain": "ZVT-COM",
"title": "Checksummen/Integritaet geprueft",
"objective": "Verhindert manipulierte Daten",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-COM-003",
"domain": "ZVT-COM",
"title": "Teilweise empfangene Nachrichten nicht verarbeitet",
"objective": "Verhindert inkonsistente Verarbeitung",
"check_target": "code",
"evidence": [
"source_code",
"negative_tests"
],
"automation": "high"
},
{
"control_id": "ZVT-COM-004",
"domain": "ZVT-COM",
"title": "Nachrichten in korrektem Encoding interpretiert",
"objective": "Verhindert Datenfehler",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-COM-005",
"domain": "ZVT-COM",
"title": "Protokollverletzungen erkannt und geloggt",
"objective": "Erhoeht Diagnosefaehigkeit",
"check_target": "system",
"evidence": [
"source_code",
"log_samples"
],
"automation": "medium"
},
{
"control_id": "ZVT-REV-001",
"domain": "ZVT-REV",
"title": "Reversal nur fuer geeignete Transaktionen",
"objective": "Verhindert unzulaessige Rueckabwicklung",
"check_target": "code",
"evidence": [
"source_code",
"authorization_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-REV-002",
"domain": "ZVT-REV",
"title": "Reversal eindeutig einer Transaktion zugeordnet",
"objective": "Verhindert falsche Zuordnung",
"check_target": "code",
"evidence": [
"source_code",
"db_schema"
],
"automation": "high"
},
{
"control_id": "ZVT-REV-003",
"domain": "ZVT-REV",
"title": "Mehrfach-Reversal verhindert",
"objective": "Verhindert doppelte Rueckbuchung",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "high"
},
{
"control_id": "ZVT-REV-004",
"domain": "ZVT-REV",
"title": "Reversal vollstaendig dokumentiert",
"objective": "Ermoeglicht Audit",
"check_target": "system",
"evidence": [
"audit_log_sample",
"db_schema"
],
"automation": "medium"
},
{
"control_id": "ZVT-REV-005",
"domain": "ZVT-REV",
"title": "Fehlgeschlagene Reversals erneut geprueft oder eskaliert",
"objective": "Verhindert offene Transaktionen",
"check_target": "system",
"evidence": [
"source_code",
"ops_docs"
],
"automation": "low"
},
{
"control_id": "ZVT-RESP-001",
"domain": "ZVT-RESP",
"title": "Alle Terminal-Response-Codes vollstaendig abgedeckt",
"objective": "Verhindert unhandled states",
"check_target": "code",
"evidence": [
"source_code",
"error_mapping"
],
"automation": "high"
},
{
"control_id": "ZVT-RESP-002",
"domain": "ZVT-RESP",
"title": "Fehlercodes korrekt interpretiert",
"objective": "Verhindert falsche Verarbeitung",
"check_target": "code",
"evidence": [
"source_code",
"protocol_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-RESP-003",
"domain": "ZVT-RESP",
"title": "Unbekannte Response-Codes sicher behandelt",
"objective": "Erhoeht Robustheit",
"check_target": "code",
"evidence": [
"source_code",
"negative_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-RESP-004",
"domain": "ZVT-RESP",
"title": "Response-Daten validiert",
"objective": "Verhindert Inkonsistenzen",
"check_target": "code",
"evidence": [
"source_code",
"validation_tests"
],
"automation": "high"
},
{
"control_id": "ZVT-RESP-005",
"domain": "ZVT-RESP",
"title": "Terminalstatus nach Response aktualisiert",
"objective": "Synchronisiert Zustaende",
"check_target": "system",
"evidence": [
"source_code",
"state_machine_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-SESSION-001",
"domain": "ZVT-SESSION",
"title": "Terminal-Sessions explizit geoeffnet und geschlossen",
"objective": "Verhindert Zombie-Sessions",
"check_target": "code",
"evidence": [
"source_code",
"integration_test"
],
"automation": "medium"
},
{
"control_id": "ZVT-SESSION-002",
"domain": "ZVT-SESSION",
"title": "Session-Timeouts definiert",
"objective": "Verhindert haengende Sessions",
"check_target": "config",
"evidence": [
"config",
"source_code"
],
"automation": "high"
},
{
"control_id": "ZVT-SESSION-003",
"domain": "ZVT-SESSION",
"title": "Session-Abbrueche erkannt",
"objective": "Erhoeht Stabilitaet",
"check_target": "system",
"evidence": [
"source_code",
"monitoring_config"
],
"automation": "medium"
},
{
"control_id": "ZVT-SESSION-004",
"domain": "ZVT-SESSION",
"title": "Session-Wiederaufnahme kontrolliert",
"objective": "Verhindert Inkonsistenzen",
"check_target": "code",
"evidence": [
"source_code",
"reconnect_tests"
],
"automation": "medium"
},
{
"control_id": "ZVT-SESSION-005",
"domain": "ZVT-SESSION",
"title": "Parallele Sessions kontrolliert",
"objective": "Verhindert Race Conditions",
"check_target": "code",
"evidence": [
"source_code",
"concurrency_tests"
],
"automation": "medium"
}
]
}