Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(iace): CRA / Cyber tab — demo CRA integration on the Kistenhub project

Browse Source 
New "CRA / Cyber" tab in the IACE project (Zusatzmodule). Treats the
Kistenhubgeraet CE project as if it had an IoT module; invented cyber findings
are mapped to CRA Annex I requirements via the REAL backend mapper output
(faithful), and crucially cross-linked to the existing CE safety hazards they
re-open (cyber defeats a mechanically-mitigated guard -> CRA x Machinery Reg).
Frontend fixture for now; live wiring to the mapper endpoint follows.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-13 20:35:21 +02:00
parent a73b996381
commit cadc34dad4
4 changed files with 287 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin-compliance/app/sdk/iace/[projectId]/cra/_components/CRACyberView.tsx
+160
View File
@@ -0,0 +1,160 @@
'use client'
import { CRADemo } from '../_hooks/useCRADemo'
const RISK_BADGE: Record<string, string> = {
CRITICAL: 'bg-red-100 text-red-700 dark:bg-red-900/40 dark:text-red-300',
HIGH: 'bg-orange-100 text-orange-700 dark:bg-orange-900/40 dark:text-orange-300',
MEDIUM: 'bg-amber-100 text-amber-700 dark:bg-amber-900/40 dark:text-amber-300',
LOW: 'bg-gray-100 text-gray-600 dark:bg-gray-700 dark:text-gray-300',
}
function RiskBadge({ level }: { level: string }) {
return (
<span className={`inline-block rounded px-1.5 py-0.5 text-[10px] font-semibold ${RISK_BADGE[level] || RISK_BADGE.LOW}`}>
{level}
</span>
)
}
export function CRACyberView({ data }: { data: CRADemo }) {
return (
<div className="space-y-6">
{/* Co-Pilot framing — advisory, not alarmist */}
<div className="rounded-xl border border-purple-200 dark:border-purple-800 bg-purple-50/60 dark:bg-purple-900/20 p-4">
<h1 className="text-lg font-semibold text-gray-900 dark:text-gray-100">CRA / Cyber-Risiko</h1>
<p className="text-sm text-gray-600 dark:text-gray-300 mt-1">{data.scenario}</p>
<p className="text-xs text-gray-500 mt-2">
Wir verknüpfen die Cyber-Befunde Ihres Repo-Scans mit den CRA-Anforderungen (Annex I) und mit Ihrer
bestehenden CE-Risikobeurteilung. Die Punkte sind Handlungsfelder zur gemeinsamen Klärung mit DSB/Anwalt
keine automatische Verstoßfeststellung. <span className="italic">Demo: erfundene Findings, echtes CRA-Mapping.</span>
</p>
</div>
{/* Summary tiles */}
<div className="grid grid-cols-2 md:grid-cols-4 gap-3">
<Tile label="Cyber-Befunde" value={String(data.findings.length)} />
<Tile label="CRA-Anforderungen betroffen" value={String(data.requirements_touched.length)} sub="von 40 (Annex I)" />
<Tile label="Abdeckung" value={`${data.coverage_pct}%`} sub="Findings → Anforderung" />
<div className="rounded-xl border border-gray-200 dark:border-gray-700 bg-white dark:bg-gray-800 p-3">
<p className="text-[11px] text-gray-500 mb-1">Risiko-Verteilung</p>
<div className="flex flex-wrap gap-1">
{(['CRITICAL', 'HIGH', 'MEDIUM', 'LOW'] as const).map((lvl) =>
data.by_risk[lvl] ? (
<span key={lvl} className={`inline-flex items-center gap-1 rounded px-1.5 py-0.5 text-[10px] font-semibold ${RISK_BADGE[lvl]}`}>
{data.by_risk[lvl]} {lvl}
</span>
) : null,
)}
</div>
</div>
</div>
{/* Cyber meets Safety — the core integration idea */}
<div className="rounded-xl border border-orange-200 dark:border-orange-800 bg-white dark:bg-gray-800">
<div className="px-4 py-3 border-b border-gray-100 dark:border-gray-700">
<h2 className="text-sm font-semibold text-gray-800 dark:text-gray-200">Cyber trifft Safety</h2>
<p className="text-xs text-gray-500 mt-0.5">
Wo ein Cyber-Risiko eine bereits <span className="font-medium">mechanisch gemilderte</span> Gefährdung Ihrer
CE-Risikobeurteilung wieder öffnet (CRA × Maschinen-VO).
</p>
</div>
<div className="p-4 space-y-3">
{data.cross_links.map((cl, i) => (
<div key={i} className="rounded-lg border border-orange-200 dark:border-orange-800/60 bg-orange-50/50 dark:bg-orange-900/10 p-3">
<p className="text-sm font-medium text-gray-800 dark:text-gray-200">{cl.safety_hazard}</p>
<p className="text-[11px] text-gray-500 mt-0.5">{cl.safety_ref}</p>
<div className="mt-2 grid md:grid-cols-2 gap-2 text-xs">
<div className="text-gray-600 dark:text-gray-300">
<span className="text-gray-400">Bisherige Maßnahme:</span> {cl.original_measure}
</div>
<div className="text-gray-600 dark:text-gray-300">
<span className="text-gray-400">Cyber-Befunde:</span> {cl.cyber_finding_ids.join(', ')}
</div>
</div>
<p className="text-xs text-gray-700 dark:text-gray-300 mt-2">{cl.cyber_breaks_it}</p>
<span className="inline-block mt-2 rounded px-1.5 py-0.5 text-[10px] font-semibold bg-red-100 text-red-700 dark:bg-red-900/40 dark:text-red-300">
Restrisiko: {cl.residual}
</span>
</div>
))}
</div>
</div>
{/* Findings -> CRA requirement */}
<div className="rounded-xl border border-gray-200 dark:border-gray-700 bg-white dark:bg-gray-800">
<div className="px-4 py-3 border-b border-gray-100 dark:border-gray-700">
<h2 className="text-sm font-semibold text-gray-800 dark:text-gray-200">Befunde CRA-Anforderung</h2>
</div>
<div className="overflow-x-auto">
<table className="w-full text-xs">
<thead>
<tr className="text-gray-500 border-b border-gray-200 dark:border-gray-700 text-left">
<th className="py-2 px-4">Cyber-Befund</th>
<th className="py-2 px-3">CRA-Anforderung</th>
<th className="py-2 px-3">Annex I</th>
<th className="py-2 px-3">Risiko</th>
<th className="py-2 px-4">Maßnahmen</th>
</tr>
</thead>
<tbody>
{data.findings.map((f) => (
<tr key={f.id} className="border-b border-gray-100 dark:border-gray-700/50 align-top">
<td className="py-2 px-4 max-w-xs">
<div className="text-gray-800 dark:text-gray-200">{f.title}</div>
<div className="text-[10px] text-gray-400">{f.id} · {f.cwe} · {f.location}</div>
</td>
<td className="py-2 px-3 text-gray-600 dark:text-gray-300">
<span className="font-medium">{f.primary_requirement}</span> {f.requirement_title}
{f.requirement_ids.length > 1 && (
<span className="text-[10px] text-gray-400"> +{f.requirement_ids.length - 1}</span>
)}
</td>
<td className="py-2 px-3 text-gray-500">{f.annex_anchor}</td>
<td className="py-2 px-3"><RiskBadge level={f.risk_level} /></td>
<td className="py-2 px-4 text-gray-600 dark:text-gray-300">
{f.measures.length ? f.measures.map((me) => me.id).join(', ') : <span className="text-gray-400"></span>}
</td>
</tr>
))}
</tbody>
</table>
</div>
</div>
{/* Measures + deadlines */}
<div className="grid md:grid-cols-2 gap-3">
<div className="rounded-xl border border-gray-200 dark:border-gray-700 bg-white dark:bg-gray-800 p-4">
<h2 className="text-sm font-semibold text-gray-800 dark:text-gray-200 mb-2">Empfohlene Maßnahmen</h2>
<ul className="space-y-1.5">
{data.open_measures.map((me) => (
<li key={me.id} className="text-xs text-gray-600 dark:text-gray-300">
<span className="font-medium text-gray-700 dark:text-gray-200">{me.id}</span> {me.description}
</li>
))}
</ul>
</div>
<div className="rounded-xl border border-gray-200 dark:border-gray-700 bg-white dark:bg-gray-800 p-4">
<h2 className="text-sm font-semibold text-gray-800 dark:text-gray-200 mb-2">CRA-Fristen</h2>
<ul className="space-y-1.5">
{data.deadlines.map((d) => (
<li key={d.date} className="text-xs text-gray-600 dark:text-gray-300 flex gap-2">
<span className="font-mono text-gray-500">{d.date}</span> {d.label}
</li>
))}
</ul>
</div>
</div>
</div>
)
}
function Tile({ label, value, sub }: { label: string; value: string; sub?: string }) {
return (
<div className="rounded-xl border border-gray-200 dark:border-gray-700 bg-white dark:bg-gray-800 p-3">
<p className="text-[11px] text-gray-500">{label}</p>
<p className="text-xl font-semibold text-gray-900 dark:text-gray-100">{value}</p>
{sub && <p className="text-[10px] text-gray-400">{sub}</p>}
</div>
)
}
admin-compliance/app/sdk/iace/[projectId]/cra/_hooks/useCRADemo.ts
+117
View File
@@ -0,0 +1,117 @@
'use client'
// DEMO data layer for the CRA / Cyber tab. The Kistenhubgeraet (crate lift) CE
// project is treated AS IF it had an internet-connected IoT module. The cyber
// findings are invented, but the CRA mapping below is the REAL output of the
// deterministic backend mapper (compliance/services/cra_finding_mapper.py) run
// on these findings — so the integration concept is faithful. The cross_links
// (cyber re-opens a mechanically-mitigated safety hazard) are the core idea we
// want to validate visually. Live wiring replaces this fixture later.
export interface CRAFinding {
id: string
title: string
location: string
scanner_severity: string
cwe: string
primary_requirement: string
requirement_title: string
requirement_ids: string[]
annex_anchor: string
iso27001_ref: string[]
risk_level: string
measures: { id: string; description: string }[]
}
export interface CrossLink {
cyber_finding_ids: string[]
safety_hazard: string
safety_ref: string
original_measure: string
cyber_breaks_it: string
residual: string
}
export interface CRADemo {
scenario: string
findings: CRAFinding[]
by_risk: Record<string, number>
coverage_pct: number
requirements_touched: string[]
open_measures: { id: string; description: string }[]
cross_links: CrossLink[]
deadlines: { date: string; label: string }[]
}
const MEASURE_DESC: Record<string, string> = {
M541: 'Signierte Software- und Firmware-Updates mit Rollback-Schutz',
M542: 'Initiale Default-Passwoerter beim ersten Start erzwungen aendern',
M545: 'Cybersecurity-Hardening-Guide fuer den Anwender beilegen',
M547: 'Updates ueber authentisierten Kanal mit Integritaetspruefung',
}
const m = (...ids: string[]) => ids.map((id) => ({ id, description: MEASURE_DESC[id] || '' }))
const DEMO: CRADemo = {
scenario:
'Kistenhubgeraet mit (angenommenem) IoT-Modul / Internetanschluss — Fernsteuerung, Telemetrie und Remote-Updates.',
findings: [
{ id: 'KH-CY-1', title: 'Fernsteuer-Weboberflaeche mit universellem Default-Passwort', location: 'remote-ui/login',
scanner_severity: 'critical', cwe: 'CWE-259', primary_requirement: 'CRA-AI-8',
requirement_title: 'Keine Default-Passwoerter', requirement_ids: ['CRA-AI-8'],
annex_anchor: 'Annex I, 1(3)(d)', iso27001_ref: ['A.8.5'], risk_level: 'CRITICAL', measures: m('M542') },
{ id: 'KH-CY-2', title: 'IoT-Telemetrie unverschluesselt ueber MQTT', location: 'telemetry/mqtt',
scanner_severity: 'high', cwe: 'CWE-319', primary_requirement: 'CRA-AI-15',
requirement_title: 'Transport-Schutz (Data in Transit)', requirement_ids: ['CRA-AI-15', 'CRA-AI-13'],
annex_anchor: 'Annex I, 1(3)(e)', iso27001_ref: ['A.8.24'], risk_level: 'HIGH', measures: [] },
{ id: 'KH-CY-3', title: 'Firmware-Updates ohne Signaturpruefung', location: 'updater',
scanner_severity: 'high', cwe: 'CWE-494', primary_requirement: 'CRA-AI-30',
requirement_title: 'Update-Integritaet', requirement_ids: ['CRA-AI-30', 'CRA-AI-28', 'CRA-AI-6'],
annex_anchor: 'Annex I, 1(4)', iso27001_ref: ['A.8.24'], risk_level: 'HIGH', measures: m('M547', 'M541') },
{ id: 'KH-CY-4', title: 'Offener Debug-Port (telnet) am Controller', location: 'controller:23',
scanner_severity: 'medium', cwe: 'CWE-1188', primary_requirement: 'CRA-AI-1',
requirement_title: 'Secure-by-Default-Konfiguration', requirement_ids: ['CRA-AI-1'],
annex_anchor: 'Annex I, 1(1)', iso27001_ref: ['A.8.9'], risk_level: 'HIGH', measures: m('M545') },
{ id: 'KH-CY-5', title: 'Gebundelte libmodbus mit bekannter CVE (veraltet)', location: 'deps/libmodbus',
scanner_severity: 'high', cwe: 'CWE-1104', primary_requirement: 'CRA-AI-22',
requirement_title: 'Dependency-Monitoring', requirement_ids: ['CRA-AI-22'],
annex_anchor: 'Annex I, 1(5)', iso27001_ref: ['A.8.8', 'A.8.25'], risk_level: 'HIGH', measures: [] },
{ id: 'KH-CY-6', title: 'Keine Sicherheits-Protokollierung der Remote-Befehle', location: 'remote-ui',
scanner_severity: 'medium', cwe: 'CWE-778', primary_requirement: 'CRA-AI-24',
requirement_title: 'Security-Logging', requirement_ids: ['CRA-AI-24'],
annex_anchor: 'Annex I, 1(3)(g)', iso27001_ref: ['A.8.15'], risk_level: 'MEDIUM', measures: [] },
],
by_risk: { CRITICAL: 1, HIGH: 4, MEDIUM: 1, LOW: 0 },
coverage_pct: 100.0,
requirements_touched: ['CRA-AI-1', 'CRA-AI-6', 'CRA-AI-8', 'CRA-AI-13', 'CRA-AI-15', 'CRA-AI-22', 'CRA-AI-24', 'CRA-AI-28', 'CRA-AI-30'],
open_measures: m('M542', 'M547', 'M541', 'M545'),
cross_links: [
{
cyber_finding_ids: ['KH-CY-1', 'KH-CY-3'],
safety_hazard: 'Unerwarteter Anlauf des Hubwerks → Quetschen zwischen Last und Rahmen',
safety_ref: 'Risikobeurteilung: Quetschen Hubwerk',
original_measure: 'Zweihandschaltung + trennende Schutzeinrichtung (mechanisch, PL d)',
cyber_breaks_it:
'Über die Fernsteuerung (Default-Passwort) oder manipulierte Firmware kann der Hub ohne Zweihandbedienung remote ausgelöst werden — die mechanisch gemilderte Quetsch-Gefährdung ist wieder offen.',
residual: 'offen',
},
{
cyber_finding_ids: ['KH-CY-2'],
safety_hazard: 'Überlast / Lastabsturz durch manipulierte Lastgrenze',
safety_ref: 'Risikobeurteilung: Lastabsturz',
original_measure: 'Überlastsicherung / Lastmomentbegrenzer',
cyber_breaks_it:
'Unverschlüsselte MQTT-Telemetrie und -Befehle erlauben die Manipulation der Lastgrenz-Parameter — der Überlastschutz kann ausgehebelt werden.',
residual: 'offen',
},
],
deadlines: [
{ date: '2026-06-11', label: 'Conformity Bodies benannt' },
{ date: '2026-09-11', label: 'Vulnerability-Reporting-Pflicht aktiv (24h/72h)' },
{ date: '2027-12-11', label: 'CE-Marking nach CRA verpflichtend' },
],
}
export function useCRADemo() {
return { data: DEMO }
}
admin-compliance/app/sdk/iace/[projectId]/cra/page.tsx
+9
View File
@@ -0,0 +1,9 @@
'use client'
import { useCRADemo } from './_hooks/useCRADemo'
import { CRACyberView } from './_components/CRACyberView'
export default function CRAPage() {
const { data } = useCRADemo()
return <CRACyberView data={data} />
}
admin-compliance/app/sdk/iace/layout.tsx
+1
View File
@@ -24,6 +24,7 @@ const IACE_NAV_ITEMS = [
]
const IACE_EXTRA_ITEMS = [
{ id: 'cra', label: 'CRA / Cyber', href: '/cra', icon: 'shield' },
{ id: 'fmea', label: 'FMEA', href: '/fmea', icon: 'grid' },
{ id: 'knowledge-graph', label: 'Knowledge Graph', href: '/knowledge-graph', icon: 'activity' },
{ id: 'classification', label: 'Klassifikation', href: '/classification', icon: 'tag' },