feat(dsms): Stufe 1 — Gap-Analyse Report wird in DSMS archiviert
Build + Deploy / build-admin-compliance (push) Successful in 1m41s
Build + Deploy / build-backend-compliance (push) Successful in 14s
Build + Deploy / build-ai-sdk (push) Successful in 41s
Build + Deploy / build-developer-portal (push) Successful in 10s
Build + Deploy / build-tts (push) Successful in 10s
Build + Deploy / build-document-crawler (push) Successful in 10s
Build + Deploy / build-dsms-gateway (push) Successful in 10s
Build + Deploy / build-dsms-node (push) Successful in 11s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 14s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m31s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 48s
CI / test-python-backend (push) Failing after 1s
CI / test-python-document-crawler (push) Successful in 32s
CI / test-python-dsms-gateway (push) Successful in 25s
CI / validate-canonical-controls (push) Successful in 15s
Build + Deploy / trigger-orca (push) Successful in 2m23s
Build + Deploy / build-admin-compliance (push) Successful in 1m41s
Build + Deploy / build-backend-compliance (push) Successful in 14s
Build + Deploy / build-ai-sdk (push) Successful in 41s
Build + Deploy / build-developer-portal (push) Successful in 10s
Build + Deploy / build-tts (push) Successful in 10s
Build + Deploy / build-document-crawler (push) Successful in 10s
Build + Deploy / build-dsms-gateway (push) Successful in 10s
Build + Deploy / build-dsms-node (push) Successful in 11s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 14s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m31s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 48s
CI / test-python-backend (push) Failing after 1s
CI / test-python-document-crawler (push) Successful in 32s
CI / test-python-dsms-gateway (push) Successful in 25s
CI / validate-canonical-controls (push) Successful in 15s
Build + Deploy / trigger-orca (push) Successful in 2m23s
- Go DSMS Client (internal/dsms/client.go): Archive() + Verify() - Python DSMS Client (compliance/services/dsms_client.py): archive_to_dsms() + verify_dsms() - Gap-Analyse AnalyzeProject() archiviert Report-JSON nach DSMS - Response enthält dsms_cid wenn Archivierung erfolgreich - Frontend: Grünes "Revisionssicher archiviert" Badge mit CID im GapDashboard - DSMS Proxy Route (/api/sdk/v1/dsms/[...path]) für Verify-Abfragen Stufe 2 (Evidence Upload → DSMS) und Stufe 3 (Version Chains) folgen. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -1,12 +1,16 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/google/uuid"
|
||||
"github.com/jackc/pgx/v5/pgxpool"
|
||||
|
||||
"github.com/breakpilot/ai-compliance-sdk/internal/dsms"
|
||||
"github.com/breakpilot/ai-compliance-sdk/internal/gap"
|
||||
)
|
||||
|
||||
@@ -104,7 +108,27 @@ func (h *GapHandler) AnalyzeProject(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, report)
|
||||
// Archive gap report to DSMS (non-blocking, best-effort)
|
||||
var dsmsCID string
|
||||
reportJSON, _ := json.Marshal(report)
|
||||
filename := fmt.Sprintf("gap-report-%s-%s.json", id.String()[:8], time.Now().Format("2006-01-02"))
|
||||
if result := dsms.Archive(reportJSON, filename, "gap_report", id.String(), "1"); result != nil {
|
||||
dsmsCID = result.CID
|
||||
}
|
||||
|
||||
// Return report with DSMS CID appended
|
||||
response := gin.H{
|
||||
"profile_id": report.ProfileID,
|
||||
"profile_name": report.ProfileName,
|
||||
"regulations": report.Regulations,
|
||||
"summary": report.Summary,
|
||||
"gaps": report.Gaps,
|
||||
"created_at": report.CreatedAt,
|
||||
}
|
||||
if dsmsCID != "" {
|
||||
response["dsms_cid"] = dsmsCID
|
||||
}
|
||||
c.JSON(http.StatusOK, response)
|
||||
}
|
||||
|
||||
// QuickAnalyze runs gap analysis without saving a project.
|
||||
|
||||
@@ -0,0 +1,103 @@
|
||||
// Package dsms provides a client for archiving compliance artifacts to the
|
||||
// DSMS gateway (IPFS-backed tamper-proof document storage).
|
||||
package dsms
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"mime/multipart"
|
||||
"net/http"
|
||||
"os"
|
||||
"time"
|
||||
)
|
||||
|
||||
// ArchiveResult is the response from a successful DSMS archive operation.
|
||||
type ArchiveResult struct {
|
||||
CID string `json:"cid"`
|
||||
Size int `json:"size"`
|
||||
GatewayURL string `json:"gateway_url"`
|
||||
}
|
||||
|
||||
var gatewayURL = getEnv("DSMS_GATEWAY_URL", "http://dsms-gateway:8082")
|
||||
|
||||
func getEnv(key, fallback string) string {
|
||||
if v := os.Getenv(key); v != "" {
|
||||
return v
|
||||
}
|
||||
return fallback
|
||||
}
|
||||
|
||||
// Archive stores content in DSMS and returns the CID.
|
||||
// Non-critical: returns nil on failure (logs warning).
|
||||
func Archive(content []byte, filename, documentType, documentID, version string) *ArchiveResult {
|
||||
var buf bytes.Buffer
|
||||
w := multipart.NewWriter(&buf)
|
||||
|
||||
part, err := w.CreateFormFile("file", filename)
|
||||
if err != nil {
|
||||
log.Printf("[dsms] multipart error: %v", err)
|
||||
return nil
|
||||
}
|
||||
if _, err := part.Write(content); err != nil {
|
||||
log.Printf("[dsms] write error: %v", err)
|
||||
return nil
|
||||
}
|
||||
|
||||
_ = w.WriteField("document_type", documentType)
|
||||
_ = w.WriteField("document_id", documentID)
|
||||
_ = w.WriteField("version", version)
|
||||
_ = w.WriteField("language", "de")
|
||||
w.Close()
|
||||
|
||||
client := &http.Client{Timeout: 60 * time.Second}
|
||||
req, err := http.NewRequest("POST", gatewayURL+"/api/v1/documents", &buf)
|
||||
if err != nil {
|
||||
log.Printf("[dsms] request error: %v", err)
|
||||
return nil
|
||||
}
|
||||
req.Header.Set("Content-Type", w.FormDataContentType())
|
||||
req.Header.Set("Authorization", "Bearer system-backend")
|
||||
|
||||
resp, err := client.Do(req)
|
||||
if err != nil {
|
||||
log.Printf("[dsms] unavailable: %v", err)
|
||||
return nil
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
body, _ := io.ReadAll(resp.Body)
|
||||
if resp.StatusCode != 200 {
|
||||
log.Printf("[dsms] archive failed (%d): %s", resp.StatusCode, string(body[:min(len(body), 200)]))
|
||||
return nil
|
||||
}
|
||||
|
||||
var result ArchiveResult
|
||||
if err := json.Unmarshal(body, &result); err != nil {
|
||||
log.Printf("[dsms] parse error: %v", err)
|
||||
return nil
|
||||
}
|
||||
|
||||
log.Printf("[dsms] archived: %s → CID %s (%d bytes)", filename, result.CID, result.Size)
|
||||
return &result
|
||||
}
|
||||
|
||||
// Verify checks document integrity by CID.
|
||||
func Verify(cid string) (bool, error) {
|
||||
client := &http.Client{Timeout: 15 * time.Second}
|
||||
resp, err := client.Get(fmt.Sprintf("%s/api/v1/verify/%s", gatewayURL, cid))
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
return resp.StatusCode == 200, nil
|
||||
}
|
||||
|
||||
func min(a, b int) int {
|
||||
if a < b {
|
||||
return a
|
||||
}
|
||||
return b
|
||||
}
|
||||
Reference in New Issue
Block a user