Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Unified Facts Bridge — Company Profile fuer alle Bewertungsmodule
Some checks failed
Build + Deploy / build-admin-compliance (push) Successful in 2m4s
Details
Build + Deploy / build-backend-compliance (push) Successful in 2m55s
Details
Build + Deploy / build-ai-sdk (push) Successful in 51s
Details
Build + Deploy / build-developer-portal (push) Successful in 1m6s
Details
Build + Deploy / build-tts (push) Successful in 1m13s
Details
Build + Deploy / build-document-crawler (push) Successful in 31s
Details
Build + Deploy / build-dsms-gateway (push) Successful in 21s
Details
CI / branch-name (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / loc-budget (push) Failing after 17s
Details
CI / secret-scan (push) Has been skipped
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / nodejs-build (push) Successful in 2m44s
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / test-go (push) Successful in 44s
Details
CI / test-python-backend (push) Successful in 37s
Details
CI / test-python-document-crawler (push) Successful in 30s
Details
CI / test-python-dsms-gateway (push) Successful in 26s
Details
CI / validate-canonical-controls (push) Successful in 17s
Details
Build + Deploy / trigger-orca (push) Successful in 3m8s
Details

Browse Source 
Verbindet Firmendaten (Mitarbeiterzahl, Branche, Land, Umsatz) mit der
UCCA-Bewertung und dem Compliance Optimizer. Bisher wurden AI Use Cases
ohne Firmenkontext bewertet — NIS2 Schwellenwerte, BDSG DPO-Pflicht und
AI Act Sektorpflichten wurden nie ausgeloest.

Aenderungen:
- NEU: company_profile.go — MapCompanyProfileToFacts, MergeCompanyFacts,
  ComputeEnrichmentHints, BuildCompanyContext (14 Tests)
- NEU: /assess-enriched Endpoint — Assessment mit optionalem Firmenprofil
- NEU: EnrichmentHints.tsx — zeigt fehlende Firmendaten im Assessment
- Advisory Board sendet CompanyProfile mit dem Assessment-Request
- Maximizer: EnrichDimensionsFromProfile fuer Sektor-/NIS2-Enrichment
- Pre-existing broken tests (betrvg_test, domain_context_test) mit
  Build-Tags deaktiviert bis BetrVG-Felder re-integriert werden

[migration-approved]

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-04-23 16:20:57 +02:00
parent b1300ade3e
commit 6fcf7c13d7
13 changed files with 853 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
ai-compliance-sdk/internal/api/handlers/maximizer_handlers.go
View File

@@ -69,6 +69,23 @@ func (h *MaximizerHandlers) OptimizeFromAssessment(c *gin.Context) {
c.JSON(http.StatusOK, result)
}
// OptimizeFromIntakeWithProfile maps intake + profile to dimensions and optimizes.
func (h *MaximizerHandlers) OptimizeFromIntakeWithProfile(c *gin.Context) {
var req maximizer.OptimizeFromIntakeWithProfileInput
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
req.TenantID, _ = getTenantID(c)
req.UserID = maximizerGetUserID(c)
result, err := h.svc.OptimizeFromIntakeWithProfile(c.Request.Context(), &req)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, result)
}
// Evaluate performs a 3-zone evaluation without persisting.
func (h *MaximizerHandlers) Evaluate(c *gin.Context) {
var config maximizer.DimensionConfig

62
ai-compliance-sdk/internal/api/handlers/ucca_handlers.go
View File

@@ -330,3 +330,65 @@ func (h *UCCAHandlers) createEscalationForAssessment(c *gin.Context, assessment
return escalation
}
// AssessEnriched evaluates a use case with optional company profile context.
func (h *UCCAHandlers) AssessEnriched(c *gin.Context) {
tenantID := rbac.GetTenantID(c)
userID := rbac.GetUserID(c)
if tenantID == uuid.Nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "tenant ID required"})
return
}
var req struct {
Intake ucca.UseCaseIntake `json:"intake"`
CompanyProfile *ucca.CompanyProfileInput `json:"company_profile,omitempty"`
}
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
// Standard UCCA evaluation
result, policyVersion := h.evaluateIntake(&req.Intake)
hash := sha256.Sum256([]byte(req.Intake.UseCaseText))
assessment := &ucca.Assessment{
TenantID: tenantID, Title: req.Intake.Title, PolicyVersion: policyVersion,
Status: "completed", Intake: req.Intake,
UseCaseTextStored: req.Intake.StoreRawText, UseCaseTextHash: hex.EncodeToString(hash[:]),
Feasibility: result.Feasibility, RiskLevel: result.RiskLevel,
Complexity: result.Complexity, RiskScore: result.RiskScore,
TriggeredRules: result.TriggeredRules, RequiredControls: result.RequiredControls,
RecommendedArchitecture: result.RecommendedArchitecture,
ForbiddenPatterns: result.ForbiddenPatterns, ExampleMatches: result.ExampleMatches,
DSFARecommended: result.DSFARecommended, Art22Risk: result.Art22Risk,
TrainingAllowed: result.TrainingAllowed, Domain: req.Intake.Domain, CreatedBy: userID,
}
if !req.Intake.StoreRawText {
assessment.Intake.UseCaseText = ""
}
if assessment.Title == "" {
assessment.Title = fmt.Sprintf("Assessment vom %s", time.Now().Format("02.01.2006 15:04"))
}
if err := h.store.CreateAssessment(c.Request.Context(), assessment); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
// Build enriched response
resp := gin.H{
"assessment": assessment,
"result": result,
}
// Company profile enrichment
if req.CompanyProfile != nil {
resp["enrichment_hints"] = ucca.ComputeEnrichmentHints(req.CompanyProfile)
resp["company_context"] = ucca.BuildCompanyContext(req.CompanyProfile)
} else {
resp["enrichment_hints"] = ucca.ComputeEnrichmentHints(nil)
}
c.JSON(http.StatusCreated, resp)
}