feat: Control Library UI, dedup migration, QA tooling, docs

- Control Library: parent control display, ObligationTypeBadge, GenerationStrategyBadge variants, evidence string fallback - API: expose parent_control_uuid/id/title in canonical controls - Fix: DSFA SQLAlchemy 2.0 Row._mapping compatibility - Migration 074: control_parent_links + control_dedup_reviews tables - QA scripts: benchmark, gap analysis, OSCAL import, OWASP cleanup, phase5 normalize, phase74 gap fill, sync_db, run_job - Docs: dedup engine, RAG benchmark, lessons learned, pipeline docs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-21 11:56:08 +01:00
parent c52dbdb8f1
commit 643b26618f
28 changed files with 5781 additions and 75 deletions
--- a/backend-compliance/compliance/api/canonical_control_routes.py
+++ b/backend-compliance/compliance/api/canonical_control_routes.py
@@ -174,6 +174,9 @@ _CONTROL_COLS = """id, framework_id, control_id, title, objective, rationale,
                   customer_visible, verification_method, category,
                   target_audience, generation_metadata, generation_strategy,
                   applicable_industries, applicable_company_size, scope_conditions,
+                   parent_control_uuid, decomposition_method, pipeline_version,
+                   (SELECT p.control_id FROM canonical_controls p WHERE p.id = canonical_controls.parent_control_uuid) AS parent_control_id,
+                   (SELECT p.title FROM canonical_controls p WHERE p.id = canonical_controls.parent_control_uuid) AS parent_control_title,
                   created_at, updated_at"""


@@ -798,6 +801,11 @@ def _control_row(r) -> dict:
        "applicable_industries": getattr(r, "applicable_industries", None),
        "applicable_company_size": getattr(r, "applicable_company_size", None),
        "scope_conditions": getattr(r, "scope_conditions", None),
+        "parent_control_uuid": str(r.parent_control_uuid) if getattr(r, "parent_control_uuid", None) else None,
+        "parent_control_id": getattr(r, "parent_control_id", None),
+        "parent_control_title": getattr(r, "parent_control_title", None),
+        "decomposition_method": getattr(r, "decomposition_method", None),
+        "pipeline_version": getattr(r, "pipeline_version", None),
        "created_at": r.created_at.isoformat() if r.created_at else None,
        "updated_at": r.updated_at.isoformat() if r.updated_at else None,
    }
--- a/backend-compliance/compliance/api/dsfa_routes.py
+++ b/backend-compliance/compliance/api/dsfa_routes.py
@@ -200,6 +200,9 @@ def _get_tenant_id(tenant_id: Optional[str]) -> str:
 def _dsfa_to_response(row) -> dict:
    """Convert a DB row to a JSON-serializable dict."""
    import json
+    # SQLAlchemy 2.0: Row objects need ._mapping for string-key access
+    if hasattr(row, "_mapping"):
+        row = row._mapping

    def _parse_arr(val):
        """Parse a JSONB array field → list."""
@@ -558,8 +561,9 @@ async def create_dsfa(
    ).fetchone()

    db.flush()
+    row_id = row._mapping["id"] if hasattr(row, "_mapping") else row[0]
    _log_audit(
-        db, tid, row["id"], "CREATE", request.created_by,
+        db, tid, row_id, "CREATE", request.created_by,
        new_values={"title": request.title, "status": request.status},
    )
    db.commit()