feat: evidence_type Feld (code/process/hybrid) fuer Controls

Neues Feld auf canonical_controls klassifiziert, ob ein Control technisch im Source Code (code), organisatorisch via Dokumente (process) oder beides (hybrid) nachgewiesen wird. Inklusive Backfill-Endpoint, Frontend-Badge/Filter und MkDocs-Dokumentation. - Migration 079: evidence_type VARCHAR(20) + Index - Backend: Filter, Backfill-Endpoint mit Domain-Heuristik, CRUD - Frontend: EvidenceTypeBadge (sky/amber/violet), Nachweisart-Dropdown - Proxy: evidence_type Passthrough fuer controls + controls-count - Tests: 22 Tests fuer Klassifikations-Heuristik - Docs: Eigenes MkDocs-Kapitel mit Mermaid-Diagramm Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 21:53:40 +01:00
parent a29bfdd588
commit 5e9cab6ab5
9 changed files with 390 additions and 11 deletions
--- a/backend-compliance/tests/test_evidence_type.py
+++ b/backend-compliance/tests/test_evidence_type.py
@@ -0,0 +1,79 @@
+"""Tests for evidence_type classification heuristic."""
+import sys
+sys.path.insert(0, ".")
+
+from compliance.api.canonical_control_routes import _classify_evidence_type
+
+
+class TestClassifyEvidenceType:
+    """Tests for _classify_evidence_type()."""
+
+    # --- Code domains ---
+    def test_sec_is_code(self):
+        assert _classify_evidence_type("SEC-042", None) == "code"
+
+    def test_auth_is_code(self):
+        assert _classify_evidence_type("AUTH-001", None) == "code"
+
+    def test_crypt_is_code(self):
+        assert _classify_evidence_type("CRYPT-003", None) == "code"
+
+    def test_cryp_is_code(self):
+        assert _classify_evidence_type("CRYP-010", None) == "code"
+
+    def test_net_is_code(self):
+        assert _classify_evidence_type("NET-015", None) == "code"
+
+    def test_log_is_code(self):
+        assert _classify_evidence_type("LOG-007", None) == "code"
+
+    def test_acc_is_code(self):
+        assert _classify_evidence_type("ACC-012", None) == "code"
+
+    def test_api_is_code(self):
+        assert _classify_evidence_type("API-001", None) == "code"
+
+    # --- Process domains ---
+    def test_gov_is_process(self):
+        assert _classify_evidence_type("GOV-001", None) == "process"
+
+    def test_comp_is_process(self):
+        assert _classify_evidence_type("COMP-001", None) == "process"
+
+    def test_fin_is_process(self):
+        assert _classify_evidence_type("FIN-001", None) == "process"
+
+    def test_hr_is_process(self):
+        assert _classify_evidence_type("HR-001", None) == "process"
+
+    def test_org_is_process(self):
+        assert _classify_evidence_type("ORG-001", None) == "process"
+
+    def test_env_is_process(self):
+        assert _classify_evidence_type("ENV-001", None) == "process"
+
+    # --- Hybrid domains ---
+    def test_data_is_hybrid(self):
+        assert _classify_evidence_type("DATA-005", None) == "hybrid"
+
+    def test_ai_is_hybrid(self):
+        assert _classify_evidence_type("AI-001", None) == "hybrid"
+
+    def test_inc_is_hybrid(self):
+        assert _classify_evidence_type("INC-003", None) == "hybrid"
+
+    def test_iam_is_hybrid(self):
+        assert _classify_evidence_type("IAM-001", None) == "hybrid"
+
+    # --- Category fallback ---
+    def test_unknown_domain_encryption_category(self):
+        assert _classify_evidence_type("XYZ-001", "encryption") == "code"
+
+    def test_unknown_domain_governance_category(self):
+        assert _classify_evidence_type("XYZ-001", "governance") == "process"
+
+    def test_unknown_domain_no_category(self):
+        assert _classify_evidence_type("XYZ-001", None) == "process"
+
+    def test_empty_control_id(self):
+        assert _classify_evidence_type("", None) == "process"