Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(iace): scan ZoneDE in domain gate (catches zone-only domain hints)
CI / detect-changes (push) Successful in 6s
Details
CI / branch-name (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / nodejs-build (push) Has been skipped
Details
CI / test-go (push) Failing after 37s
Details
CI / iace-gt-coverage (push) Successful in 23s
Details
CI / secret-scan (push) Has been skipped
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / build-sha-integrity (push) Failing after 4s
Details
CI / validate-canonical-controls (push) Successful in 11s
Details
CI / loc-budget (push) Successful in 14s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / test-python-backend (push) Has been skipped
Details
CI / test-python-dsms-gateway (push) Has been skipped
Details
CI / test-python-document-crawler (push) Has been skipped
Details

Browse Source 
A "Splitterflug bei Werkzeugbruch" pattern leaked into a lift re-seed because
its press hint ("Pressraum") lives in ZoneDE, which applyDomainGates did not
scan. Add ZoneDE to the gated text. Leakage stays 0, ghosts 0, coverage held.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-09 16:15:34 +02:00
parent 7b3a6f0dcd
commit a48e919caa
2 changed files with 20 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ai-compliance-sdk/internal/iace/pattern_domain_gates.go
+1 -1
View File
@@ -65,7 +65,7 @@ var domainGateTerms = map[string]string{
func applyDomainGates(patterns []HazardPattern) []HazardPattern { func applyDomainGates(patterns []HazardPattern) []HazardPattern {
for i := range patterns { for i := range patterns {
text := normalizeGateText(patterns[i].NameDE + " " + patterns[i].ScenarioDE + " " + text := normalizeGateText(patterns[i].NameDE + " " + patterns[i].ScenarioDE + " " +
patterns[i].TriggerDE + " " + patterns[i].HarmDE) patterns[i].TriggerDE + " " + patterns[i].HarmDE + " " + patterns[i].ZoneDE)
present := make(map[string]bool, len(patterns[i].RequiredComponentTags)) present := make(map[string]bool, len(patterns[i].RequiredComponentTags))
for _, t := range patterns[i].RequiredComponentTags { for _, t := range patterns[i].RequiredComponentTags {
ai-compliance-sdk/internal/iace/pattern_domain_gates_test.go
+19 -13
View File
@@ -11,22 +11,23 @@ import (
// type and only generic tags. After applyDomainGates they MUST require a dom_* // type and only generic tags. After applyDomainGates they MUST require a dom_*
// tag, so they no longer fire for unrelated machines. // tag, so they no longer fire for unrelated machines.
func TestDomainGate_NamedLeakersGated(t *testing.T) { func TestDomainGate_NamedLeakersGated(t *testing.T) {
leakers := []string{ // Confirmed cross-domain leakers observed firing for a lift project. (Note:
"Quetschen Arm zwischen Pressenteilen", // "Splitterflug bei Werkzeugbruch" has two patterns sharing the name; the
"Quetschen durch Punktschweisselektroden", // one that leaked carries a "Pressraum" zone and is gated via the zone
"Laerm bei Glasschneidemaschine", // scan — verified empirically by the project re-seed, not pinned here to
"Laerm bei Blechbearbeitung (Stanzen)", // avoid catching the unrelated high-pressure plastics variant HP514.)
leakers := map[string]bool{
"Quetschen Arm zwischen Pressenteilen": true,
"Quetschen durch Punktschweisselektroden": true,
"Laerm bei Glasschneidemaschine": true,
"Laerm bei Blechbearbeitung (Stanzen)": true,
} }
byName := map[string]HazardPattern{} seen := map[string]bool{}
for _, p := range collectAllPatterns() { for _, p := range collectAllPatterns() {
byName[p.NameDE] = p if !leakers[p.NameDE] {
}
for _, n := range leakers {
p, ok := byName[n]
if !ok {
t.Errorf("leaker pattern %q not found in library", n)
continue continue
} }
seen[p.NameDE] = true
hasDom := false hasDom := false
for _, tag := range p.RequiredComponentTags { for _, tag := range p.RequiredComponentTags {
if strings.HasPrefix(tag, "dom_") { if strings.HasPrefix(tag, "dom_") {
@@ -35,7 +36,12 @@ func TestDomainGate_NamedLeakersGated(t *testing.T) {
} }
} }
if !hasDom { if !hasDom {
t.Errorf("%s (%q) not domain-gated; RequiredComponentTags=%v", p.ID, n, p.RequiredComponentTags) t.Errorf("%s (%q) not domain-gated; RequiredComponentTags=%v", p.ID, p.NameDE, p.RequiredComponentTags)
}
}
for n := range leakers {
if !seen[n] {
t.Errorf("leaker pattern %q not found in library", n)
} }
} }
} }