feat: evidence_type Feld (code/process/hybrid) fuer Controls

Neues Feld auf canonical_controls klassifiziert, ob ein Control technisch im Source Code (code), organisatorisch via Dokumente (process) oder beides (hybrid) nachgewiesen wird. Inklusive Backfill-Endpoint, Frontend-Badge/Filter und MkDocs-Dokumentation. - Migration 079: evidence_type VARCHAR(20) + Index - Backend: Filter, Backfill-Endpoint mit Domain-Heuristik, CRUD - Frontend: EvidenceTypeBadge (sky/amber/violet), Nachweisart-Dropdown - Proxy: evidence_type Passthrough fuer controls + controls-count - Tests: 22 Tests fuer Klassifikations-Heuristik - Docs: Eigenes MkDocs-Kapitel mit Mermaid-Diagramm Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 21:53:40 +01:00
parent a29bfdd588
commit 5e9cab6ab5
9 changed files with 390 additions and 11 deletions
--- a/backend-compliance/migrations/079_evidence_type.sql
+++ b/backend-compliance/migrations/079_evidence_type.sql
@@ -0,0 +1,16 @@
+-- Migration 079: Add evidence_type to canonical_controls
+-- Classifies HOW a control is evidenced:
+--   code    = Technical control, verifiable in source code / IaC / CI-CD
+--   process = Organizational / governance control, verified via documents / policies
+--   hybrid  = Both code and process evidence required
+
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM information_schema.tables
+               WHERE table_schema = 'compliance' AND table_name = 'canonical_controls') THEN
+        ALTER TABLE canonical_controls ADD COLUMN IF NOT EXISTS
+            evidence_type VARCHAR(20) DEFAULT NULL
+            CHECK (evidence_type IN ('code', 'process', 'hybrid'));
+        CREATE INDEX IF NOT EXISTS idx_cc_evidence_type ON canonical_controls(evidence_type);
+    END IF;
+END $$;