feat(multi-layer): complete Multi-Layer Control Architecture (Phases 1-8 + Pass 0)

Implements the full Multi-Layer Control Architecture for migrating ~25,000 Rich Controls into atomic, deduplicated Master Controls with full traceability. Architecture: Legal Source → Obligation → Control Pattern → Master Control → Customer Instance New services: - ObligationExtractor: 3-tier extraction (exact → embedding → LLM) - PatternMatcher: 2-tier matching (keyword + embedding + domain-bonus) - ControlComposer: Pattern + Obligation → Master Control - PipelineAdapter: Pipeline integration + Migration Passes 1-5 - DecompositionPass: Pass 0a/0b — Rich Control → atomic Controls - CrosswalkRoutes: 15 API endpoints under /v1/canonical/ New DB schema: - Migration 060: obligation_extractions, control_patterns, crosswalk_matrix - Migration 061: obligation_candidates, parent_control_uuid tracking Pattern Library: 50 YAML patterns (30 core + 20 IT-security) Go SDK: Pattern loader with YAML validation and indexing Documentation: MkDocs updated with full architecture overview 500 Python tests passing across all components. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 09:00:37 +01:00
parent 4f6bc8f6f6
commit 825e070ed9
23 changed files with 13553 additions and 0 deletions
--- a/ai-compliance-sdk/policies/control_patterns/_pattern_schema.json
+++ b/ai-compliance-sdk/policies/control_patterns/_pattern_schema.json
@@ -0,0 +1,128 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://breakpilot.ai/schemas/control-pattern-v1",
+  "title": "Control Pattern Schema",
+  "description": "Schema for YAML control pattern definitions. Pattern ID format: CP-{DOMAIN}-{NNN}",
+  "type": "object",
+  "required": ["version", "patterns"],
+  "properties": {
+    "version": {
+      "type": "string",
+      "pattern": "^[0-9]+\\.[0-9]+$"
+    },
+    "description": {
+      "type": "string"
+    },
+    "patterns": {
+      "type": "array",
+      "items": { "$ref": "#/$defs/ControlPattern" },
+      "minItems": 1
+    }
+  },
+  "$defs": {
+    "ControlPattern": {
+      "type": "object",
+      "required": [
+        "id", "name", "name_de", "domain", "category", "description",
+        "objective_template", "rationale_template", "requirements_template",
+        "test_procedure_template", "evidence_template", "severity_default",
+        "obligation_match_keywords", "tags"
+      ],
+      "properties": {
+        "id": {
+          "type": "string",
+          "pattern": "^CP-[A-Z]+-[0-9]{3}$",
+          "description": "Unique pattern ID. Format: CP-{DOMAIN}-{NNN}"
+        },
+        "name": {
+          "type": "string",
+          "pattern": "^[a-z][a-z0-9_]*$",
+          "description": "Machine-readable name (snake_case)"
+        },
+        "name_de": {
+          "type": "string",
+          "description": "Human-readable German name"
+        },
+        "domain": {
+          "type": "string",
+          "enum": ["AUTH", "CRYP", "NET", "DATA", "LOG", "ACC", "SEC", "INC", "AI", "COMP", "GOV", "LAB", "FIN", "TRD", "ENV", "HLT"],
+          "description": "Domain code matching DOMAIN_KEYWORDS in control_generator.py"
+        },
+        "category": {
+          "type": "string",
+          "description": "Functional category (e.g. authentication, encryption, incident)"
+        },
+        "description": {
+          "type": "string",
+          "minLength": 20,
+          "description": "Brief description of what this pattern covers"
+        },
+        "objective_template": {
+          "type": "string",
+          "minLength": 20,
+          "description": "Template for the control objective. May contain {placeholders}."
+        },
+        "rationale_template": {
+          "type": "string",
+          "minLength": 20,
+          "description": "Template explaining why this control matters."
+        },
+        "requirements_template": {
+          "type": "array",
+          "items": { "type": "string" },
+          "minItems": 2,
+          "description": "Template requirements. May contain {placeholder:default} syntax."
+        },
+        "test_procedure_template": {
+          "type": "array",
+          "items": { "type": "string" },
+          "minItems": 1
+        },
+        "evidence_template": {
+          "type": "array",
+          "items": { "type": "string" },
+          "minItems": 1
+        },
+        "severity_default": {
+          "type": "string",
+          "enum": ["low", "medium", "high", "critical"]
+        },
+        "implementation_effort_default": {
+          "type": "string",
+          "enum": ["s", "m", "l", "xl"]
+        },
+        "open_anchor_refs": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "required": ["framework", "ref"],
+            "properties": {
+              "framework": { "type": "string" },
+              "ref": { "type": "string" }
+            }
+          }
+        },
+        "obligation_match_keywords": {
+          "type": "array",
+          "items": { "type": "string" },
+          "minItems": 3,
+          "description": "Keywords for matching obligations to this pattern (de + en)"
+        },
+        "tags": {
+          "type": "array",
+          "items": { "type": "string" },
+          "minItems": 1
+        },
+        "composable_with": {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "pattern": "^CP-[A-Z]+-[0-9]{3}$"
+          },
+          "description": "Pattern IDs that combine well with this one"
+        }
+      },
+      "additionalProperties": false
+    }
+  }
+}