Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(cra): IACE-Create id-Wrapper + MaschinenVO eigene Sektion
CI / detect-changes (push) Successful in 16s
Details
CI / branch-name (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / secret-scan (push) Has been skipped
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / build-sha-integrity (push) Successful in 12s
Details
CI / validate-canonical-controls (push) Successful in 11s
Details
CI / loc-budget (push) Successful in 24s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / nodejs-build (push) Successful in 3m10s
Details
CI / test-go (push) Has been skipped
Details
CI / iace-gt-coverage (push) Has been skipped
Details
CI / test-python-backend (push) Successful in 32s
Details
CI / test-python-document-crawler (push) Has been skipped
Details
CI / test-python-dsms-gateway (push) Has been skipped
Details

Browse Source 
1) createProject las proj.id, der Create-Response ist aber {project:{id}} →
   'Projekt anlegen' war kaputt. Jetzt proj.project?.id. E2E verifiziert
   (create→put limits_form→get→delete = 200).
2) MaschinenVO-Sicherheitspflichten wurden in die CRA-Cyber-Buckets
   (Code/Prozess/Doku) gemischt → fehl-kategorisiert (Maschinen-Safety ≠
   CRA-Annex-I-Cyber). Jetzt eigene Response-Liste machinery_guideline +
   eigener Frontend-Abschnitt 'Maschinensicherheit (MaschinenVO 2023/1230)';
   geklebtes 'MaschVO'-Badge entfaellt damit.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-17 00:12:52 +02:00
parent 72117c447f
commit 9e2655bfef
3 changed files with 27 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend-compliance/compliance/api/cra_assess_routes.py
+6 -4
View File
@@ -274,6 +274,7 @@ async def readiness(body: ReadinessRequest):
classification, rationale = _classify(intake)
in_scope = classification != "NOT_IN_SCOPE"
groups = {"code": [], "process": [], "document": []}
machinery_guideline = []
regulations = []
if in_scope:
regulations.append("CRA")
@@ -286,14 +287,14 @@ async def readiness(body: ReadinessRequest):
"measures": [{"id": m, "name": MEASURES.get(m, m)} for m in req.get("mapped_measures", [])],
"source": "CRA",
})
# Machine/plant builders are ALSO hit by the new Machinery Regulation's
# cyber-with-safety essential requirements (Annex III) — show the combination.
# Machinery-Regulation safety obligations are NOT CRA Annex-I cyber controls
# — keep them in their OWN section, not mixed into the Code/Process/Document
# cyber buckets (machine safety != cybersecurity).
if body.is_machinery or machine_integrator:
machinery = _machinery_obligations()
if machinery:
regulations.append("Maschinen-VO 2023/1230")
for bucket, item in machinery:
groups[bucket].append(item)
machinery_guideline = [item for _bucket, item in machinery]
total_effort = sum(r["effort_days"] for g in groups.values() for r in g if r.get("effort_days"))
verdict = compute_verdict(
classification, body.placed_on_market_after_2027,
@@ -306,6 +307,7 @@ async def readiness(body: ReadinessRequest):
"conformity_path_hint": _PATH_HINT.get(classification, ""),
"regulations": regulations,
"guideline": groups,
"machinery_guideline": machinery_guideline,
"counts": {k: len(v) for k, v in groups.items()},
"total_effort_days": total_effort,
"deadlines": list(DEADLINES),