fix(ai-sdk): national-law subsidiarity in authority rerank (DSGVO > BDSG for general questions)
CI / detect-changes (pull_request) Successful in 11s
CI / branch-name (pull_request) Successful in 2s
CI / guardrail-integrity (pull_request) Successful in 9s
CI / secret-scan (pull_request) Successful in 11s
CI / dep-audit (pull_request) Failing after 54s
CI / sbom-scan (pull_request) Failing after 59s
CI / build-sha-integrity (pull_request) Successful in 8s
CI / validate-canonical-controls (pull_request) Successful in 8s
CI / loc-budget (pull_request) Successful in 23s
CI / go-lint (pull_request) Successful in 57s
CI / python-lint (pull_request) Failing after 16s
CI / nodejs-lint (pull_request) Failing after 1m11s
CI / nodejs-build (pull_request) Successful in 3m4s
CI / test-go (pull_request) Successful in 1m1s
CI / iace-gt-coverage (pull_request) Successful in 18s
CI / test-python-backend (pull_request) Successful in 25s
CI / test-python-document-crawler (pull_request) Successful in 14s
CI / test-python-dsms-gateway (pull_request) Successful in 12s
CI / detect-changes (pull_request) Successful in 11s
CI / branch-name (pull_request) Successful in 2s
CI / guardrail-integrity (pull_request) Successful in 9s
CI / secret-scan (pull_request) Successful in 11s
CI / dep-audit (pull_request) Failing after 54s
CI / sbom-scan (pull_request) Failing after 59s
CI / build-sha-integrity (pull_request) Successful in 8s
CI / validate-canonical-controls (pull_request) Successful in 8s
CI / loc-budget (pull_request) Successful in 23s
CI / go-lint (pull_request) Successful in 57s
CI / python-lint (pull_request) Failing after 16s
CI / nodejs-lint (pull_request) Failing after 1m11s
CI / nodejs-build (pull_request) Successful in 3m4s
CI / test-go (pull_request) Successful in 1m1s
CI / iace-gt-coverage (pull_request) Successful in 18s
CI / test-python-backend (pull_request) Successful in 25s
CI / test-python-document-crawler (pull_request) Successful in 14s
CI / test-python-dsms-gateway (pull_request) Successful in 12s
The authority reranker (wired in legal_rag_client.go:168) had no national-subsidiarity dimension, so a general BDSG paragraph could outrank the primary DSGVO article. Surfaced by the KB-2026.1 BDSG pilot (dp_05/08/11 + cr_07). - authorityScore: DE binding_law in an EU-primary domain WITHOUT a co-primary topic match -> soft demote (subsidiarityPen 0.18), not exclusion. National special rules stay co-primary via the topic ontology (DSB Art.37+§38, special categories Art.9+§22, ...). - queryDomain: fall back to a regulation-name mention (DSGVO/BDSG/CRA) so a question phrased around the act is domain-scoped even without a topical keyword (fixes cr_07: BDSG Teil-3 §64). - data_protection keyword stem 'auftragsverarbeit' (catches Auftragsverarbeitungsvertrag). Pure ranking logic, no data manipulation; soft demotes keep national rules visible. Build result (DSGVO+BDSG): degraded=0, must_not=0. go build/vet/test ./... green; 6 new table tests. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -112,7 +112,7 @@ var domains = []domainDef{
|
||||
{"data_protection",
|
||||
[]string{"DSGVO", "GDPR", "BDSG", "EDPB", "DSK", "BfDI", "BayLfD", "DPF"},
|
||||
[]string{"personenbezogen", "betroffene", "datenschutz", "datenschutzbeauftrag", "dsb",
|
||||
"datenpanne", "auskunft", "loesch", "lösch", "einwilligung", "besondere kategorien", "auftragsverarbeiter"}},
|
||||
"datenpanne", "auskunft", "loesch", "lösch", "einwilligung", "besondere kategorien", "auftragsverarbeit"}},
|
||||
{"cyber",
|
||||
[]string{"CRA", "NIS2", "NIS-2", "ENISA", "DORA", "EUCC"},
|
||||
[]string{"security update", "sicherheitsupdate", "sicherheitsaktualisierung", "schwachstelle", "sbom",
|
||||
@@ -126,6 +126,16 @@ var domains = []domainDef{
|
||||
nil},
|
||||
}
|
||||
|
||||
// euPrimaryDomains are domains whose PRIMARY binding act is an EU regulation/directive
|
||||
// (DSGVO, CRA/NIS2, AI Act, MaschinenVO). In these domains a NATIONAL implementing law
|
||||
// (e.g. BDSG) is subsidiary for general questions — see nationalSubsidiarityPenalty.
|
||||
var euPrimaryDomains = map[string]bool{
|
||||
"data_protection": true,
|
||||
"cyber": true,
|
||||
"ai": true,
|
||||
"product_safety": true,
|
||||
}
|
||||
|
||||
func queryDomain(query string) string {
|
||||
ql := strings.ToLower(query)
|
||||
for _, d := range domains {
|
||||
@@ -135,6 +145,16 @@ func queryDomain(query string) string {
|
||||
}
|
||||
}
|
||||
}
|
||||
// Fallback: an explicit regulation mention (e.g. "DSGVO", "BDSG", "CRA") also signals the
|
||||
// domain — so a question phrased around the act ("... gilt die DSGVO ...") is scoped even
|
||||
// without a topical keyword. Keyword match wins first (more specific).
|
||||
for _, d := range domains {
|
||||
for _, reg := range d.regs {
|
||||
if strings.Contains(ql, strings.ToLower(reg)) {
|
||||
return d.name
|
||||
}
|
||||
}
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user