Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Silent Knowledge Pass — recognise before asking (Phase 0, before the endpoint)

Browse Source 
Not the endpoint yet — the bigger knowledge lever first. The Advisor can say "I need 5 answers" but
does not yet decide what it can find out by ITSELF. The Silent Knowledge Pass runs in front of the
Advisor and, from signals existing scanners/parsers already produce (website, repository, documents,
product data), deterministically derives capabilities the company demonstrably HAS + product facts
that drive scope — so every recognised item shrinks the delta and removes a question.

compliance/onboarding/silent_intake.py: silent_intake(signals, signal_map) -> detected_capabilities
(+ evidence already in hand) + product_facts. The signal->conclusion map is curated DATA
(knowledge/onboarding/intake_signal_map.yaml), signals are injected (scanners are upstream). Pure,
deterministic, no LLM. advisor_start gains detected_capabilities (folded into the profile at HIGH
confidence -> covered, not asked) and an auto_detected result + headline.

The experience flips from a question wall to "we already recognised 4 capabilities, 2 product facts
and have 4 pieces of evidence in hand — only these few remain". Order now: Silent Pass -> #58
endpoint/frontend -> #59 empirical loop. NOT new architecture, just an orchestration step in front.
Non-runtime (no app caller) -> no deploy. 15 onboarding tests pass, mypy --strict clean, check-loc 0.
This commit is contained in:
Benjamin Admin
2026-06-28 14:34:27 +02:00
parent 23d977e26b
commit 9c33582412
8 changed files with 290 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend-compliance/knowledge/onboarding/intake_signal_map.yaml
+31
View File
@@ -0,0 +1,31 @@
# Silent Knowledge Pass — signal -> conclusion map (curated DATA, injected).
#
# What a scanner finding lets us conclude WITHOUT asking the user. A signal yields either a capability
# the company demonstrably has (with the evidence already in hand) or a product fact that drives scope.
# `relationship: detected` = a concrete artifact (strong, no question); `partial` = indicative (still
# verify, but lower priority). The scanners (website crawler, repo scanner, doc parser, product intake)
# are UPSTREAM and produce the signals; this file only interprets them. No norm text, no real names.
mappings:
# ── website ───────────────────────────────────────────────────────────────────────────────
- {signal: security_txt_or_cvd_policy, capability: coordinated_vulnerability_disclosure, relationship: detected, evidence: cvd_policy}
- {signal: ce_marking_on_site, capability: ce_conformity_assessment_and_technical_documentation, relationship: partial, evidence: ce_declaration}
- {signal: support_lifecycle_page, capability: security_update_support_period, relationship: partial, evidence: support_policy}
- {signal: security_policy_page, capability: information_security_management, relationship: partial}
# ── repository ────────────────────────────────────────────────────────────────────────────
- {signal: sbom_file_found, capability: sbom_creation, relationship: detected, evidence: sbom}
- {signal: signed_releases, capability: secure_signed_update_distribution, relationship: detected, evidence: signing_config}
- {signal: github_actions_ci, capability: secure_development_lifecycle, relationship: partial, evidence: ci_pipeline}
- {signal: dependency_scanning, capability: technical_vulnerability_management, relationship: partial, evidence: vuln_scanning_config}
# ── documents ─────────────────────────────────────────────────────────────────────────────
- {signal: ce_conformity_doc, capability: ce_conformity_assessment_and_technical_documentation, relationship: detected, evidence: technical_documentation}
- {signal: product_risk_assessment_doc, capability: product_cyber_risk_assessment, relationship: detected, evidence: product_risk_assessment}
- {signal: patch_policy_doc, capability: secure_signed_update_distribution, relationship: partial, evidence: patch_policy}
- {signal: incident_response_plan_doc, capability: incident_management, relationship: detected, evidence: incident_procedure}
# ── product facts (drive scope / target applicability) ──────────────────────────────────────
- {signal: cloud_connectivity, product_fact: connected_to_internet}
- {signal: plc_sps, product_fact: is_machine}
- {signal: embedded_software, product_fact: has_embedded_software}
- {signal: wireless_radio, product_fact: has_radio_equipment}
- {signal: remote_access, product_fact: has_remote_access}
- {signal: generates_usage_data, product_fact: generates_usage_data}