Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Anti-Fake-Evidence System (Phase 1-4b)

Browse Source 
Implement full evidence integrity pipeline to prevent compliance theater:
- Confidence levels (E0-E4), truth status tracking, assertion engine
- Four-Eyes approval workflow, audit trail, reject endpoint
- Evidence distribution dashboard, LLM audit routes
- Traceability matrix (backend endpoint + Compliance Hub UI tab)
- Anti-fake badges, control status machine, normative patterns
- 2 migrations, 4 test suites, MkDocs documentation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-03-23 17:15:45 +01:00
parent 48ca0a6bef
commit e6201d5239
36 changed files with 5627 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
admin-compliance/app/api/sdk/drafting-engine/draft/route.ts
View File

@@ -591,12 +591,43 @@ async function handleV2Draft(body: Record<string, unknown>): Promise<NextRespons
cacheStats: proseCache.getStats(),
}
// Anti-Fake-Evidence: Truth label for all LLM-generated content
const truthLabel = {
generation_mode: 'draft_assistance',
truth_status: 'generated',
may_be_used_as_evidence: false,
generated_by: 'system',
}
// Fire-and-forget: persist LLM audit trail to backend
try {
const BACKEND_URL = process.env.BACKEND_COMPLIANCE_URL || 'http://backend-compliance:8002'
fetch(`${BACKEND_URL}/api/compliance/llm-audit`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
entity_type: 'document',
entity_id: null,
generation_mode: 'draft_assistance',
truth_status: 'generated',
may_be_used_as_evidence: false,
llm_model: LLM_MODEL,
llm_provider: 'ollama',
input_summary: `${documentType} draft generation`,
output_summary: draft?.sections?.length ? `${draft.sections.length} sections generated` : 'draft generated',
}),
}).catch(() => {/* fire-and-forget */})
} catch {
// LLM audit persistence failure should not block the response
}
return NextResponse.json({
draft,
constraintCheck,
tokensUsed: Math.round(totalTokens),
pipelineVersion: 'v2',
auditTrail,
truthLabel,
})
}

80
admin-compliance/app/api/sdk/drafting-engine/validate/route.ts
View File

@@ -14,6 +14,76 @@ import { buildCrossCheckPrompt } from '@/lib/sdk/drafting-engine/prompts/validat
const OLLAMA_URL = process.env.OLLAMA_URL || 'http://host.docker.internal:11434'
const LLM_MODEL = process.env.COMPLIANCE_LLM_MODEL || 'qwen2.5vl:32b'
/**
* Anti-Fake-Evidence: Verbotene Formulierungen
*
* Flags formulations that falsely claim compliance without evidence.
* Only allowed when: control_status=pass AND confidence >= E2 AND
* truth_status in (validated_internal, accepted_by_auditor).
*/
interface EvidenceContext {
controlStatus?: string
confidenceLevel?: string
truthStatus?: string
}
const FORBIDDEN_PATTERNS: Array<{
pattern: RegExp
label: string
safeAlternative: string
}> = [
{ pattern: /ist\s+compliant/gi, label: 'ist compliant', safeAlternative: 'soll compliant sein' },
{ pattern: /erfüllt\s+vollständig/gi, label: 'erfüllt vollständig', safeAlternative: 'soll vollständig erfüllt werden' },
{ pattern: /wurde\s+geprüft/gi, label: 'wurde geprüft', safeAlternative: 'soll geprüft werden' },
{ pattern: /wurde\s+umgesetzt/gi, label: 'wurde umgesetzt', safeAlternative: 'ist zur Umsetzung vorgesehen' },
{ pattern: /ist\s+auditiert/gi, label: 'ist auditiert', safeAlternative: 'soll auditiert werden' },
{ pattern: /vollständig\s+implementiert/gi, label: 'vollständig implementiert', safeAlternative: 'Implementierung ist vorgesehen' },
{ pattern: /nachweislich\s+konform/gi, label: 'nachweislich konform', safeAlternative: 'Konformität ist nachzuweisen' },
]
const CONFIDENCE_ORDER: Record<string, number> = { E0: 0, E1: 1, E2: 2, E3: 3, E4: 4 }
const VALID_TRUTH_STATUSES = new Set(['validated_internal', 'accepted_by_auditor'])
function checkForbiddenFormulations(
content: string,
evidenceContext?: EvidenceContext,
): ValidationFinding[] {
const findings: ValidationFinding[] = []
if (!content) return findings
// If evidence context shows sufficient proof, allow the formulations
if (evidenceContext) {
const { controlStatus, confidenceLevel, truthStatus } = evidenceContext
const confLevel = CONFIDENCE_ORDER[confidenceLevel ?? 'E0'] ?? 0
if (
controlStatus === 'pass' &&
confLevel >= CONFIDENCE_ORDER.E2 &&
VALID_TRUTH_STATUSES.has(truthStatus ?? '')
) {
return findings // Formulations are backed by real evidence
}
}
for (const { pattern, label, safeAlternative } of FORBIDDEN_PATTERNS) {
// Reset regex state for global patterns
pattern.lastIndex = 0
if (pattern.test(content)) {
findings.push({
id: `AFE-FORBIDDEN-${label.replace(/\s+/g, '_').toUpperCase()}`,
severity: 'error',
category: 'forbidden_formulation' as ValidationFinding['category'],
title: `Verbotene Formulierung: "${label}"`,
description: `Die Formulierung "${label}" impliziert eine nachgewiesene Compliance, die ohne ausreichenden Nachweis (Evidence >= E2, validiert) nicht verwendet werden darf.`,
documentType: 'vvt' as ScopeDocumentType,
suggestion: `Verwende stattdessen: "${safeAlternative}"`,
})
}
}
return findings
}
/**
* Stufe 1: Deterministische Pruefung
*/
@@ -221,10 +291,18 @@ export async function POST(request: NextRequest) {
// LLM unavailable, continue with deterministic results only
}
// ---------------------------------------------------------------
// Stufe 1b: Verbotene Formulierungen (Anti-Fake-Evidence)
// ---------------------------------------------------------------
const forbiddenFindings = checkForbiddenFormulations(
draftContent || '',
validationContext.evidenceContext,
)
// ---------------------------------------------------------------
// Combine results
// ---------------------------------------------------------------
const allFindings = [...deterministicFindings, ...llmFindings]
const allFindings = [...deterministicFindings, ...forbiddenFindings, ...llmFindings]
const errors = allFindings.filter(f => f.severity === 'error')
const warnings = allFindings.filter(f => f.severity === 'warning')
const suggestions = allFindings.filter(f => f.severity === 'suggestion')

468
admin-compliance/app/sdk/assertions/page.tsx Normal file
View File

@@ -0,0 +1,468 @@
'use client'
import React, { useState, useEffect } from 'react'
// =============================================================================
// TYPES
// =============================================================================
interface Assertion {
id: string
tenant_id: string | null
entity_type: string
entity_id: string
sentence_text: string
sentence_index: number
assertion_type: string // 'assertion' | 'fact' | 'rationale'
evidence_ids: string[]
confidence: number
normative_tier: string | null // 'pflicht' | 'empfehlung' | 'kann'
verified_by: string | null
verified_at: string | null
created_at: string | null
updated_at: string | null
}
interface AssertionSummary {
total_assertions: number
total_facts: number
total_rationale: number
unverified_count: number
}
// =============================================================================
// CONSTANTS
// =============================================================================
const TIER_COLORS: Record<string, string> = {
pflicht: 'bg-red-100 text-red-700',
empfehlung: 'bg-yellow-100 text-yellow-700',
kann: 'bg-blue-100 text-blue-700',
}
const TIER_LABELS: Record<string, string> = {
pflicht: 'Pflicht',
empfehlung: 'Empfehlung',
kann: 'Kann',
}
const TYPE_COLORS: Record<string, string> = {
assertion: 'bg-orange-100 text-orange-700',
fact: 'bg-green-100 text-green-700',
rationale: 'bg-purple-100 text-purple-700',
}
const TYPE_LABELS: Record<string, string> = {
assertion: 'Behauptung',
fact: 'Fakt',
rationale: 'Begruendung',
}
const API_BASE = '/api/sdk/v1/compliance'
type TabKey = 'overview' | 'list' | 'extract'
// =============================================================================
// ASSERTION CARD
// =============================================================================
function AssertionCard({
assertion,
onVerify,
}: {
assertion: Assertion
onVerify: (id: string) => void
}) {
const tierColor = assertion.normative_tier ? TIER_COLORS[assertion.normative_tier] || 'bg-gray-100 text-gray-600' : 'bg-gray-100 text-gray-600'
const tierLabel = assertion.normative_tier ? TIER_LABELS[assertion.normative_tier] || assertion.normative_tier : '—'
const typeColor = TYPE_COLORS[assertion.assertion_type] || 'bg-gray-100 text-gray-600'
const typeLabel = TYPE_LABELS[assertion.assertion_type] || assertion.assertion_type
return (
<div className="bg-white rounded-xl border border-gray-200 p-5">
<div className="flex items-start justify-between gap-3">
<div className="flex-1">
<div className="flex items-center gap-2 mb-2">
<span className={`px-2 py-0.5 text-xs rounded font-medium ${tierColor}`}>
{tierLabel}
</span>
<span className={`px-2 py-0.5 text-xs rounded ${typeColor}`}>
{typeLabel}
</span>
{assertion.entity_type && (
<span className="px-2 py-0.5 text-xs bg-gray-100 text-gray-500 rounded">
{assertion.entity_type}: {assertion.entity_id?.slice(0, 8) || '—'}
</span>
)}
{assertion.confidence > 0 && (
<span className="text-xs text-gray-400">
Konfidenz: {(assertion.confidence * 100).toFixed(0)}%
</span>
)}
</div>
<p className="text-sm text-gray-900 leading-relaxed">
&ldquo;{assertion.sentence_text}&rdquo;
</p>
<div className="mt-2 flex items-center gap-3 text-xs text-gray-400">
{assertion.verified_by && (
<span className="text-green-600">
Verifiziert von {assertion.verified_by} am {assertion.verified_at ? new Date(assertion.verified_at).toLocaleDateString('de-DE') : '—'}
</span>
)}
{assertion.evidence_ids.length > 0 && (
<span>
{assertion.evidence_ids.length} Evidence verknuepft
</span>
)}
</div>
</div>
<div className="flex flex-col gap-1">
{assertion.assertion_type !== 'fact' && (
<button
onClick={() => onVerify(assertion.id)}
className="px-3 py-1.5 text-xs bg-green-600 text-white rounded-lg hover:bg-green-700 transition-colors whitespace-nowrap"
>
Als Fakt pruefen
</button>
)}
</div>
</div>
</div>
)
}
// =============================================================================
// MAIN PAGE
// =============================================================================
export default function AssertionsPage() {
const [activeTab, setActiveTab] = useState<TabKey>('overview')
const [summary, setSummary] = useState<AssertionSummary | null>(null)
const [assertions, setAssertions] = useState<Assertion[]>([])
const [loading, setLoading] = useState(true)
const [error, setError] = useState<string | null>(null)
// Filters
const [filterEntityType, setFilterEntityType] = useState('')
const [filterAssertionType, setFilterAssertionType] = useState('')
// Extract tab
const [extractText, setExtractText] = useState('')
const [extractEntityType, setExtractEntityType] = useState('control')
const [extractEntityId, setExtractEntityId] = useState('')
const [extracting, setExtracting] = useState(false)
const [extractedAssertions, setExtractedAssertions] = useState<Assertion[]>([])
// Verify dialog
const [verifyingId, setVerifyingId] = useState<string | null>(null)
const [verifyEmail, setVerifyEmail] = useState('')
useEffect(() => {
loadSummary()
}, [])
useEffect(() => {
if (activeTab === 'list') loadAssertions()
}, [activeTab, filterEntityType, filterAssertionType]) // eslint-disable-line react-hooks/exhaustive-deps
const loadSummary = async () => {
try {
const res = await fetch(`${API_BASE}/assertions/summary`)
if (res.ok) setSummary(await res.json())
} catch { /* silent */ }
finally { setLoading(false) }
}
const loadAssertions = async () => {
setLoading(true)
try {
const params = new URLSearchParams()
if (filterEntityType) params.set('entity_type', filterEntityType)
if (filterAssertionType) params.set('assertion_type', filterAssertionType)
params.set('limit', '200')
const res = await fetch(`${API_BASE}/assertions?${params}`)
if (res.ok) {
const data = await res.json()
setAssertions(data.assertions || [])
}
} catch {
setError('Assertions konnten nicht geladen werden')
} finally {
setLoading(false)
}
}
const handleExtract = async () => {
if (!extractText.trim()) { setError('Bitte Text eingeben'); return }
setExtracting(true)
setError(null)
setExtractedAssertions([])
try {
const res = await fetch(`${API_BASE}/assertions/extract`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
text: extractText,
entity_type: extractEntityType || 'control',
entity_id: extractEntityId || undefined,
}),
})
if (!res.ok) {
const err = await res.json().catch(() => ({ detail: 'Extraktion fehlgeschlagen' }))
throw new Error(typeof err.detail === 'string' ? err.detail : JSON.stringify(err.detail))
}
const data = await res.json()
setExtractedAssertions(data.assertions || [])
// Refresh summary
loadSummary()
} catch (err) {
setError(err instanceof Error ? err.message : 'Extraktion fehlgeschlagen')
} finally {
setExtracting(false)
}
}
const handleVerify = async (assertionId: string) => {
setVerifyingId(assertionId)
}
const submitVerify = async () => {
if (!verifyingId || !verifyEmail.trim()) return
try {
const res = await fetch(`${API_BASE}/assertions/${verifyingId}/verify?verified_by=${encodeURIComponent(verifyEmail)}`, {
method: 'POST',
})
if (res.ok) {
setVerifyingId(null)
setVerifyEmail('')
loadAssertions()
loadSummary()
} else {
const err = await res.json().catch(() => ({ detail: 'Verifizierung fehlgeschlagen' }))
setError(typeof err.detail === 'string' ? err.detail : 'Verifizierung fehlgeschlagen')
}
} catch {
setError('Netzwerkfehler')
}
}
const tabs: { key: TabKey; label: string }[] = [
{ key: 'overview', label: 'Uebersicht' },
{ key: 'list', label: 'Assertion-Liste' },
{ key: 'extract', label: 'Extraktion' },
]
return (
<div className="space-y-6">
{/* Header */}
<div className="bg-white rounded-xl shadow-sm border p-6">
<h1 className="text-2xl font-bold text-slate-900">Assertions</h1>
<p className="text-slate-500 mt-1">
Behauptungen vs. Fakten in Compliance-Texten trennen und verifizieren.
</p>
</div>
{/* Tabs */}
<div className="bg-white rounded-xl shadow-sm border">
<div className="flex border-b">
{tabs.map(tab => (
<button
key={tab.key}
onClick={() => setActiveTab(tab.key)}
className={`px-6 py-3 text-sm font-medium transition-colors ${
activeTab === tab.key
? 'text-purple-600 border-b-2 border-purple-600'
: 'text-slate-500 hover:text-slate-700'
}`}
>
{tab.label}
</button>
))}
</div>
</div>
{/* Error */}
{error && (
<div className="p-4 bg-red-50 border border-red-200 rounded-lg text-red-700 flex items-center justify-between">
<span>{error}</span>
<button onClick={() => setError(null)} className="text-red-500 hover:text-red-700">&times;</button>
</div>
)}
{/* ============================================================ */}
{/* TAB: Uebersicht */}
{/* ============================================================ */}
{activeTab === 'overview' && (
<>
{loading ? (
<div className="flex justify-center py-12">
<div className="animate-spin rounded-full h-8 w-8 border-b-2 border-purple-600" />
</div>
) : summary ? (
<div className="grid grid-cols-1 md:grid-cols-4 gap-4">
<div className="bg-white rounded-xl border border-gray-200 p-6">
<div className="text-sm text-gray-500">Gesamt Assertions</div>
<div className="text-3xl font-bold text-gray-900">{summary.total_assertions}</div>
</div>
<div className="bg-white rounded-xl border border-green-200 p-6">
<div className="text-sm text-green-600">Verifizierte Fakten</div>
<div className="text-3xl font-bold text-green-600">{summary.total_facts}</div>
</div>
<div className="bg-white rounded-xl border border-purple-200 p-6">
<div className="text-sm text-purple-600">Begruendungen</div>
<div className="text-3xl font-bold text-purple-600">{summary.total_rationale}</div>
</div>
<div className="bg-white rounded-xl border border-orange-200 p-6">
<div className="text-sm text-orange-600">Unverifizizt</div>
<div className="text-3xl font-bold text-orange-600">{summary.unverified_count}</div>
</div>
</div>
) : (
<div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
<p className="text-gray-500">Keine Assertions vorhanden. Nutzen Sie die Extraktion, um Behauptungen aus Texten zu identifizieren.</p>
</div>
)}
</>
)}
{/* ============================================================ */}
{/* TAB: Assertion-Liste */}
{/* ============================================================ */}
{activeTab === 'list' && (
<>
{/* Filters */}
<div className="flex items-center gap-4 flex-wrap">
<div>
<label className="block text-xs text-gray-500 mb-1">Entity-Typ</label>
<select value={filterEntityType} onChange={e => setFilterEntityType(e.target.value)}
className="px-3 py-1.5 border border-gray-300 rounded-lg text-sm focus:ring-2 focus:ring-purple-500 focus:border-transparent">
<option value="">Alle</option>
<option value="control">Control</option>
<option value="evidence">Evidence</option>
<option value="requirement">Requirement</option>
</select>
</div>
<div>
<label className="block text-xs text-gray-500 mb-1">Assertion-Typ</label>
<select value={filterAssertionType} onChange={e => setFilterAssertionType(e.target.value)}
className="px-3 py-1.5 border border-gray-300 rounded-lg text-sm focus:ring-2 focus:ring-purple-500 focus:border-transparent">
<option value="">Alle</option>
<option value="assertion">Behauptung</option>
<option value="fact">Fakt</option>
<option value="rationale">Begruendung</option>
</select>
</div>
</div>
{loading ? (
<div className="flex justify-center py-12">
<div className="animate-spin rounded-full h-8 w-8 border-b-2 border-purple-600" />
</div>
) : assertions.length === 0 ? (
<div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
<p className="text-gray-500">Keine Assertions gefunden.</p>
</div>
) : (
<div className="space-y-3">
<p className="text-sm text-gray-500">{assertions.length} Assertions</p>
{assertions.map(a => (
<AssertionCard key={a.id} assertion={a} onVerify={handleVerify} />
))}
</div>
)}
</>
)}
{/* ============================================================ */}
{/* TAB: Extraktion */}
{/* ============================================================ */}
{activeTab === 'extract' && (
<div className="bg-white rounded-xl shadow-sm border p-6">
<h3 className="text-lg font-semibold text-gray-900 mb-4">Assertions aus Text extrahieren</h3>
<p className="text-sm text-gray-500 mb-4">
Geben Sie einen Compliance-Text ein. Das System identifiziert automatisch Behauptungen, Fakten und Begruendungen.
</p>
<div className="grid grid-cols-2 gap-4 mb-4">
<div>
<label className="block text-sm font-medium text-gray-700 mb-1">Entity-Typ</label>
<select value={extractEntityType} onChange={e => setExtractEntityType(e.target.value)}
className="w-full border border-gray-300 rounded-lg px-3 py-2 text-sm focus:ring-2 focus:ring-purple-500 focus:border-transparent">
<option value="control">Control</option>
<option value="evidence">Evidence</option>
<option value="requirement">Requirement</option>
<option value="policy">Policy</option>
</select>
</div>
<div>
<label className="block text-sm font-medium text-gray-700 mb-1">Entity-ID (optional)</label>
<input type="text" value={extractEntityId} onChange={e => setExtractEntityId(e.target.value)}
placeholder="z.B. GOV-001 oder UUID"
className="w-full border border-gray-300 rounded-lg px-3 py-2 text-sm focus:ring-2 focus:ring-purple-500 focus:border-transparent" />
</div>
</div>
<div className="mb-4">
<label className="block text-sm font-medium text-gray-700 mb-1">Text</label>
<textarea
value={extractText}
onChange={e => setExtractText(e.target.value)}
placeholder="Die Organisation muss ein ISMS gemaess ISO 27001 implementieren. Es sollte regelmaessig ein internes Audit durchgefuehrt werden. Optional kann ein externer Auditor hinzugezogen werden."
rows={6}
className="w-full border border-gray-300 rounded-lg px-3 py-2 text-sm focus:ring-2 focus:ring-purple-500 focus:border-transparent resize-none"
/>
</div>
<button
onClick={handleExtract}
disabled={extracting || !extractText.trim()}
className={`px-5 py-2 rounded-lg font-medium transition-colors ${
extracting || !extractText.trim()
? 'bg-gray-200 text-gray-400 cursor-not-allowed'
: 'bg-purple-600 text-white hover:bg-purple-700'
}`}
>
{extracting ? 'Extrahiere...' : 'Extrahieren'}
</button>
{/* Extracted results */}
{extractedAssertions.length > 0 && (
<div className="mt-6">
<h4 className="text-sm font-semibold text-gray-800 mb-3">{extractedAssertions.length} Assertions extrahiert:</h4>
<div className="space-y-3">
{extractedAssertions.map(a => (
<AssertionCard key={a.id} assertion={a} onVerify={handleVerify} />
))}
</div>
</div>
)}
</div>
)}
{/* Verify Dialog */}
{verifyingId && (
<div className="fixed inset-0 z-50 flex items-center justify-center bg-black/50" onClick={() => setVerifyingId(null)}>
<div className="bg-white rounded-2xl shadow-xl w-full max-w-md mx-4 p-6" onClick={e => e.stopPropagation()}>
<h2 className="text-lg font-bold text-gray-900 mb-4">Als Fakt verifizieren</h2>
<div className="mb-4">
<label className="block text-sm font-medium text-gray-700 mb-1">Verifiziert von (E-Mail)</label>
<input type="email" value={verifyEmail} onChange={e => setVerifyEmail(e.target.value)}
placeholder="auditor@unternehmen.de"
className="w-full border border-gray-300 rounded-lg px-3 py-2 text-sm focus:ring-2 focus:ring-purple-500 focus:border-transparent" />
</div>
<div className="flex justify-end gap-3">
<button onClick={() => setVerifyingId(null)} className="px-4 py-2 text-sm text-gray-600 hover:bg-gray-100 rounded-lg transition-colors">
Abbrechen
</button>
<button onClick={submitVerify} disabled={!verifyEmail.trim()}
className="px-4 py-2 text-sm bg-green-600 text-white rounded-lg hover:bg-green-700 transition-colors disabled:opacity-50">
Verifizieren
</button>
</div>
</div>
</div>
)}
</div>
)
}

430
admin-compliance/app/sdk/compliance-hub/page.tsx
View File

@@ -12,6 +12,7 @@
import { useState, useEffect } from 'react'
import Link from 'next/link'
import { ConfidenceLevelBadge } from '../evidence/components/anti-fake-badges'
// Types
interface DashboardData {
@@ -25,6 +26,15 @@ interface DashboardData {
evidence_by_status: Record<string, number>
total_risks: number
risks_by_level: Record<string, number>
multi_score?: {
requirement_coverage: number
evidence_strength: number
validation_quality: number
evidence_freshness: number
control_effectiveness: number
overall_readiness: number
hard_blocks: string[]
} | null
}
interface Regulation {
@@ -106,7 +116,46 @@ interface ScoreSnapshot {
created_at: string
}
type TabKey = 'overview' | 'roadmap' | 'modules' | 'trend'
interface TraceabilityAssertion {
id: string
sentence_text: string
assertion_type: string
confidence: number
verified: boolean
}
interface TraceabilityEvidence {
id: string
title: string
evidence_type: string
confidence_level: string
status: string
assertions: TraceabilityAssertion[]
}
interface TraceabilityCoverage {
has_evidence: boolean
has_assertions: boolean
all_assertions_verified: boolean
min_confidence_level: string | null
}
interface TraceabilityControl {
id: string
control_id: string
title: string
status: string
domain: string
evidence: TraceabilityEvidence[]
coverage: TraceabilityCoverage
}
interface TraceabilityMatrixData {
controls: TraceabilityControl[]
summary: Record<string, number>
}
type TabKey = 'overview' | 'roadmap' | 'modules' | 'trend' | 'traceability'
const DOMAIN_LABELS: Record<string, string> = {
gov: 'Governance',
@@ -148,6 +197,17 @@ export default function ComplianceHubPage() {
const [error, setError] = useState<string | null>(null)
const [seeding, setSeeding] = useState(false)
const [savingSnapshot, setSavingSnapshot] = useState(false)
const [evidenceDistribution, setEvidenceDistribution] = useState<{
by_confidence: Record<string, number>
four_eyes_pending: number
total: number
} | null>(null)
const [traceabilityMatrix, setTraceabilityMatrix] = useState<TraceabilityMatrixData | null>(null)
const [traceabilityLoading, setTraceabilityLoading] = useState(false)
const [traceabilityFilter, setTraceabilityFilter] = useState<'all' | 'covered' | 'uncovered' | 'fully_verified'>('all')
const [traceabilityDomainFilter, setTraceabilityDomainFilter] = useState<string>('all')
const [expandedControls, setExpandedControls] = useState<Set<string>>(new Set())
const [expandedEvidence, setExpandedEvidence] = useState<Set<string>>(new Set())
useEffect(() => {
loadData()
@@ -157,6 +217,7 @@ export default function ComplianceHubPage() {
if (activeTab === 'roadmap' && !roadmap) loadRoadmap()
if (activeTab === 'modules' && !moduleStatus) loadModuleStatus()
if (activeTab === 'trend' && scoreHistory.length === 0) loadScoreHistory()
if (activeTab === 'traceability' && !traceabilityMatrix) loadTraceabilityMatrix()
}, [activeTab]) // eslint-disable-line react-hooks/exhaustive-deps
const loadData = async () => {
@@ -182,6 +243,12 @@ export default function ComplianceHubPage() {
const data = await actionsRes.json()
setNextActions(data.actions || [])
}
// Evidence distribution (Anti-Fake-Evidence Phase 3)
try {
const evidenceDistRes = await fetch('/api/sdk/v1/compliance/dashboard/evidence-distribution')
if (evidenceDistRes.ok) setEvidenceDistribution(await evidenceDistRes.json())
} catch { /* silent */ }
} catch (err) {
console.error('Failed to load compliance data:', err)
setError('Verbindung zum Backend fehlgeschlagen')
@@ -214,6 +281,31 @@ export default function ComplianceHubPage() {
} catch { /* silent */ }
}
const loadTraceabilityMatrix = async () => {
setTraceabilityLoading(true)
try {
const res = await fetch('/api/sdk/v1/compliance/dashboard/traceability-matrix')
if (res.ok) setTraceabilityMatrix(await res.json())
} catch { /* silent */ }
finally { setTraceabilityLoading(false) }
}
const toggleControlExpanded = (id: string) => {
setExpandedControls(prev => {
const next = new Set(prev)
if (next.has(id)) next.delete(id); else next.add(id)
return next
})
}
const toggleEvidenceExpanded = (id: string) => {
setExpandedEvidence(prev => {
const next = new Set(prev)
if (next.has(id)) next.delete(id); else next.add(id)
return next
})
}
const saveSnapshot = async () => {
setSavingSnapshot(true)
try {
@@ -259,6 +351,7 @@ export default function ComplianceHubPage() {
{ key: 'roadmap', label: 'Roadmap' },
{ key: 'modules', label: 'Module' },
{ key: 'trend', label: 'Trend' },
{ key: 'traceability', label: 'Traceability' },
]
return (
@@ -411,6 +504,115 @@ export default function ComplianceHubPage() {
))}
</div>
{/* Anti-Fake-Evidence Section (Phase 3) */}
{dashboard && (
<div className="bg-white rounded-xl shadow-sm border p-6">
<h3 className="text-lg font-semibold text-slate-900 mb-4">Anti-Fake-Evidence Status</h3>
{/* Confidence Distribution Bar */}
{evidenceDistribution && evidenceDistribution.total > 0 && (
<div className="mb-6">
<p className="text-sm text-slate-500 mb-2">Confidence-Verteilung ({evidenceDistribution.total} Nachweise)</p>
<div className="flex h-6 rounded-full overflow-hidden">
{(['E0', 'E1', 'E2', 'E3', 'E4'] as const).map(level => {
const count = evidenceDistribution.by_confidence[level] || 0
const pct = (count / evidenceDistribution.total) * 100
if (pct === 0) return null
const colors: Record<string, string> = {
E0: 'bg-red-400', E1: 'bg-yellow-400', E2: 'bg-blue-400', E3: 'bg-green-400', E4: 'bg-emerald-400'
}
return (
<div key={level} className={`${colors[level]} flex items-center justify-center text-xs text-white font-medium`}
style={{ width: `${pct}%` }} title={`${level}: ${count}`}>
{pct >= 10 ? `${level} (${count})` : ''}
</div>
)
})}
</div>
<div className="flex items-center gap-4 mt-2 text-xs text-slate-500">
{(['E0', 'E1', 'E2', 'E3', 'E4'] as const).map(level => {
const count = evidenceDistribution.by_confidence[level] || 0
const dotColors: Record<string, string> = {
E0: 'bg-red-400', E1: 'bg-yellow-400', E2: 'bg-blue-400', E3: 'bg-green-400', E4: 'bg-emerald-400'
}
return (
<span key={level} className="flex items-center gap-1">
<span className={`w-2 h-2 rounded-full ${dotColors[level]}`} />
{level}: {count}
</span>
)
})}
</div>
</div>
)}
{/* Multi-Score Dimensions */}
{dashboard.multi_score && (
<div className="mb-6">
<p className="text-sm text-slate-500 mb-2">Multi-dimensionaler Score</p>
<div className="space-y-2">
{([
{ key: 'requirement_coverage', label: 'Anforderungsabdeckung', color: 'bg-blue-500' },
{ key: 'evidence_strength', label: 'Evidence-Staerke', color: 'bg-green-500' },
{ key: 'validation_quality', label: 'Validierungsqualitaet', color: 'bg-purple-500' },
{ key: 'evidence_freshness', label: 'Aktualitaet', color: 'bg-yellow-500' },
{ key: 'control_effectiveness', label: 'Control-Wirksamkeit', color: 'bg-indigo-500' },
] as const).map(dim => {
const value = (dashboard.multi_score as Record<string, number>)[dim.key] || 0
return (
<div key={dim.key} className="flex items-center gap-3">
<span className="text-xs text-slate-600 w-44 truncate">{dim.label}</span>
<div className="flex-1 h-2 bg-slate-200 rounded-full overflow-hidden">
<div className={`h-full ${dim.color} rounded-full transition-all`} style={{ width: `${value}%` }} />
</div>
<span className="text-xs text-slate-600 w-12 text-right">{typeof value === 'number' ? value.toFixed(0) : value}%</span>
</div>
)
})}
<div className="flex items-center gap-3 pt-2 border-t border-slate-100">
<span className="text-xs font-semibold text-slate-700 w-44">Audit-Readiness</span>
<div className="flex-1 h-3 bg-slate-200 rounded-full overflow-hidden">
<div className={`h-full rounded-full transition-all ${
(dashboard.multi_score.overall_readiness || 0) >= 80 ? 'bg-green-500' :
(dashboard.multi_score.overall_readiness || 0) >= 60 ? 'bg-yellow-500' : 'bg-red-500'
}`} style={{ width: `${dashboard.multi_score.overall_readiness || 0}%` }} />
</div>
<span className="text-xs font-semibold text-slate-700 w-12 text-right">
{typeof dashboard.multi_score.overall_readiness === 'number' ? dashboard.multi_score.overall_readiness.toFixed(0) : 0}%
</span>
</div>
</div>
</div>
)}
{/* Bottom row: Four-Eyes + Hard Blocks */}
<div className="grid grid-cols-1 md:grid-cols-2 gap-4">
<div className="text-center p-3 rounded-lg bg-yellow-50">
<div className="text-2xl font-bold text-yellow-700">{evidenceDistribution?.four_eyes_pending || 0}</div>
<div className="text-xs text-yellow-600 mt-1">Four-Eyes Reviews ausstehend</div>
</div>
{dashboard.multi_score?.hard_blocks && dashboard.multi_score.hard_blocks.length > 0 ? (
<div className="p-3 rounded-lg bg-red-50">
<div className="text-xs font-medium text-red-700 mb-1">Hard Blocks ({dashboard.multi_score.hard_blocks.length})</div>
<ul className="space-y-1">
{dashboard.multi_score.hard_blocks.slice(0, 3).map((block: string, i: number) => (
<li key={i} className="text-xs text-red-600 flex items-start gap-1">
<span className="text-red-400 mt-0.5">&#8226;</span>
<span>{block}</span>
</li>
))}
</ul>
</div>
) : (
<div className="text-center p-3 rounded-lg bg-green-50">
<div className="text-2xl font-bold text-green-700">0</div>
<div className="text-xs text-green-600 mt-1">Keine Hard Blocks</div>
</div>
)}
</div>
</div>
)}
{/* Next Actions + Findings */}
<div className="grid grid-cols-1 lg:grid-cols-2 gap-4">
{/* Next Actions */}
@@ -805,6 +1007,232 @@ export default function ComplianceHubPage() {
)}
</div>
)}
{/* Traceability Tab */}
{activeTab === 'traceability' && (
<div className="p-6 space-y-6">
{traceabilityLoading ? (
<div className="flex items-center justify-center py-12">
<div className="animate-spin rounded-full h-8 w-8 border-b-2 border-purple-600" />
<span className="ml-3 text-slate-500">Traceability Matrix wird geladen...</span>
</div>
) : !traceabilityMatrix ? (
<div className="text-center py-12 text-slate-500">
Keine Daten verfuegbar. Stellen Sie sicher, dass Controls und Evidence vorhanden sind.
</div>
) : (() => {
const summary = traceabilityMatrix.summary
const totalControls = summary.total_controls || 0
const covered = summary.covered || 0
const fullyVerified = summary.fully_verified || 0
const uncovered = summary.uncovered || 0
const filteredControls = (traceabilityMatrix.controls || []).filter(ctrl => {
if (traceabilityFilter === 'covered' && !ctrl.coverage.has_evidence) return false
if (traceabilityFilter === 'uncovered' && ctrl.coverage.has_evidence) return false
if (traceabilityFilter === 'fully_verified' && !ctrl.coverage.all_assertions_verified) return false
if (traceabilityDomainFilter !== 'all' && ctrl.domain !== traceabilityDomainFilter) return false
return true
})
const domains = [...new Set(traceabilityMatrix.controls.map(c => c.domain))].sort()
return (
<>
{/* Summary Cards */}
<div className="grid grid-cols-2 md:grid-cols-4 gap-4">
<div className="bg-purple-50 border border-purple-200 rounded-lg p-4">
<div className="text-2xl font-bold text-purple-700">{totalControls}</div>
<div className="text-sm text-purple-600">Total Controls</div>
</div>
<div className="bg-blue-50 border border-blue-200 rounded-lg p-4">
<div className="text-2xl font-bold text-blue-700">{covered}</div>
<div className="text-sm text-blue-600">Abgedeckt</div>
</div>
<div className="bg-green-50 border border-green-200 rounded-lg p-4">
<div className="text-2xl font-bold text-green-700">{fullyVerified}</div>
<div className="text-sm text-green-600">Vollst. verifiziert</div>
</div>
<div className="bg-red-50 border border-red-200 rounded-lg p-4">
<div className="text-2xl font-bold text-red-700">{uncovered}</div>
<div className="text-sm text-red-600">Unabgedeckt</div>
</div>
</div>
{/* Filter Bar */}
<div className="flex flex-wrap gap-4 items-center">
<div className="flex gap-1">
{([
{ key: 'all', label: 'Alle' },
{ key: 'covered', label: 'Abgedeckt' },
{ key: 'uncovered', label: 'Nicht abgedeckt' },
{ key: 'fully_verified', label: 'Vollst. verifiziert' },
] as const).map(f => (
<button
key={f.key}
onClick={() => setTraceabilityFilter(f.key)}
className={`px-3 py-1 text-xs rounded-full transition-colors ${
traceabilityFilter === f.key
? 'bg-purple-600 text-white'
: 'bg-slate-100 text-slate-600 hover:bg-slate-200'
}`}
>
{f.label}
</button>
))}
</div>
<div className="h-4 w-px bg-slate-300" />
<div className="flex gap-1 flex-wrap">
<button
onClick={() => setTraceabilityDomainFilter('all')}
className={`px-3 py-1 text-xs rounded-full transition-colors ${
traceabilityDomainFilter === 'all'
? 'bg-purple-600 text-white'
: 'bg-slate-100 text-slate-600 hover:bg-slate-200'
}`}
>
Alle Domains
</button>
{domains.map(d => (
<button
key={d}
onClick={() => setTraceabilityDomainFilter(d)}
className={`px-3 py-1 text-xs rounded-full transition-colors ${
traceabilityDomainFilter === d
? 'bg-purple-600 text-white'
: 'bg-slate-100 text-slate-600 hover:bg-slate-200'
}`}
>
{DOMAIN_LABELS[d] || d}
</button>
))}
</div>
</div>
{/* Controls List */}
<div className="space-y-2">
{filteredControls.length === 0 ? (
<div className="text-center py-8 text-slate-400">
Keine Controls fuer diesen Filter gefunden.
</div>
) : filteredControls.map(ctrl => {
const isExpanded = expandedControls.has(ctrl.id)
const coverageIcon = ctrl.coverage.all_assertions_verified
? { symbol: '\u2713', color: 'text-green-600 bg-green-50' }
: ctrl.coverage.has_evidence
? { symbol: '\u25D0', color: 'text-yellow-600 bg-yellow-50' }
: { symbol: '\u2717', color: 'text-red-600 bg-red-50' }
return (
<div key={ctrl.id} className="border rounded-lg overflow-hidden">
{/* Control Row */}
<button
onClick={() => toggleControlExpanded(ctrl.id)}
className="w-full flex items-center gap-3 px-4 py-3 text-left hover:bg-slate-50 transition-colors"
>
<span className="text-slate-400 text-xs">{isExpanded ? '\u25BC' : '\u25B6'}</span>
<span className={`w-7 h-7 flex items-center justify-center rounded-full text-sm font-medium ${coverageIcon.color}`}>
{coverageIcon.symbol}
</span>
<code className="text-xs bg-slate-100 px-2 py-0.5 rounded text-slate-600 font-mono">{ctrl.control_id}</code>
<span className="text-sm text-slate-800 flex-1 truncate">{ctrl.title}</span>
<span className="text-xs bg-slate-100 text-slate-500 px-2 py-0.5 rounded">{DOMAIN_LABELS[ctrl.domain] || ctrl.domain}</span>
<span className={`text-xs px-2 py-0.5 rounded ${
ctrl.status === 'implemented' ? 'bg-green-100 text-green-700'
: ctrl.status === 'in_progress' ? 'bg-blue-100 text-blue-700'
: 'bg-slate-100 text-slate-600'
}`}>
{ctrl.status}
</span>
<ConfidenceLevelBadge level={ctrl.coverage.min_confidence_level} />
<span className="text-xs text-slate-400 min-w-[3rem] text-right">
{ctrl.evidence.length} Ev.
</span>
</button>
{/* Expanded: Evidence list */}
{isExpanded && (
<div className="border-t bg-slate-50">
{ctrl.evidence.length === 0 ? (
<div className="px-8 py-3 text-xs text-slate-400 italic">
Kein Evidence verknuepft.
</div>
) : ctrl.evidence.map(ev => {
const evExpanded = expandedEvidence.has(ev.id)
return (
<div key={ev.id} className="border-b last:border-b-0">
<button
onClick={() => toggleEvidenceExpanded(ev.id)}
className="w-full flex items-center gap-3 px-8 py-2 text-left hover:bg-slate-100 transition-colors"
>
<span className="text-slate-400 text-xs">{evExpanded ? '\u25BC' : '\u25B6'}</span>
<span className="text-sm text-slate-700 flex-1 truncate">{ev.title}</span>
<span className="text-xs bg-white border px-2 py-0.5 rounded text-slate-500">{ev.evidence_type}</span>
<ConfidenceLevelBadge level={ev.confidence_level} />
<span className={`text-xs px-2 py-0.5 rounded ${
ev.status === 'valid' ? 'bg-green-100 text-green-700'
: ev.status === 'expired' ? 'bg-red-100 text-red-700'
: 'bg-slate-100 text-slate-600'
}`}>
{ev.status}
</span>
<span className="text-xs text-slate-400 min-w-[3rem] text-right">
{ev.assertions.length} Ass.
</span>
</button>
{/* Expanded: Assertions list */}
{evExpanded && ev.assertions.length > 0 && (
<div className="bg-white border-t">
<table className="w-full text-xs">
<thead className="bg-slate-50">
<tr>
<th className="px-12 py-1.5 text-left text-slate-500 font-medium">Aussage</th>
<th className="px-3 py-1.5 text-center text-slate-500 font-medium w-20">Typ</th>
<th className="px-3 py-1.5 text-center text-slate-500 font-medium w-24">Konfidenz</th>
<th className="px-3 py-1.5 text-center text-slate-500 font-medium w-16">Status</th>
</tr>
</thead>
<tbody className="divide-y divide-slate-100">
{ev.assertions.map(a => (
<tr key={a.id} className="hover:bg-slate-50">
<td className="px-12 py-1.5 text-slate-700">{a.sentence_text}</td>
<td className="px-3 py-1.5 text-center text-slate-500">{a.assertion_type}</td>
<td className="px-3 py-1.5 text-center">
<span className={`font-medium ${
a.confidence >= 0.8 ? 'text-green-600'
: a.confidence >= 0.5 ? 'text-yellow-600'
: 'text-red-600'
}`}>
{(a.confidence * 100).toFixed(0)}%
</span>
</td>
<td className="px-3 py-1.5 text-center">
{a.verified
? <span className="text-green-600 font-medium">{'\u2713'}</span>
: <span className="text-slate-400">{'\u2717'}</span>
}
</td>
</tr>
))}
</tbody>
</table>
</div>
)}
</div>
)
})}
</div>
)}
</div>
)
})}
</div>
</>
)
})()}
</div>
)}
</>
)}
</div>

117
admin-compliance/app/sdk/controls/page.tsx
View File

@@ -196,7 +196,15 @@ function ControlCard({
{/* Linked Evidence */}
{control.linkedEvidence.length > 0 && (
<div className="mt-3 pt-3 border-t border-gray-100">
<span className="text-xs text-gray-500 mb-1 block">Nachweise:</span>
<span className="text-xs text-gray-500 mb-1 block">
Nachweise: {control.linkedEvidence.length}
{(() => {
const e2plus = control.linkedEvidence.filter((ev: { confidenceLevel?: string }) =>
ev.confidenceLevel && ['E2', 'E3', 'E4'].includes(ev.confidenceLevel)
).length
return e2plus > 0 ? ` (${e2plus} E2+)` : ''
})()}
</span>
<div className="flex items-center gap-1 flex-wrap">
{control.linkedEvidence.map(ev => (
<span key={ev.id} className={`px-2 py-0.5 text-xs rounded ${
@@ -205,6 +213,9 @@ function ControlCard({
'bg-yellow-50 text-yellow-700'
}`}>
{ev.title}
{(ev as { confidenceLevel?: string }).confidenceLevel && (
<span className="ml-1 opacity-70">({(ev as { confidenceLevel?: string }).confidenceLevel})</span>
)}
</span>
))}
</div>
@@ -359,6 +370,49 @@ interface RAGControlSuggestion {
// MAIN PAGE
// =============================================================================
function TransitionErrorBanner({
controlId,
violations,
onDismiss,
}: {
controlId: string
violations: string[]
onDismiss: () => void
}) {
return (
<div className="p-4 bg-orange-50 border border-orange-200 rounded-lg">
<div className="flex items-start justify-between">
<div className="flex items-start gap-3">
<svg className="w-5 h-5 text-orange-600 mt-0.5 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
</svg>
<div>
<h4 className="font-medium text-orange-800">
Status-Transition blockiert ({controlId})
</h4>
<ul className="mt-2 space-y-1">
{violations.map((v, i) => (
<li key={i} className="text-sm text-orange-700 flex items-start gap-2">
<span className="text-orange-400 mt-0.5"></span>
<span>{v}</span>
</li>
))}
</ul>
<a href="/sdk/evidence" className="mt-2 inline-block text-sm text-purple-600 hover:text-purple-700 font-medium">
Evidence hinzufuegen
</a>
</div>
</div>
<button onClick={onDismiss} className="text-orange-400 hover:text-orange-600 ml-4">
<svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
</svg>
</button>
</div>
</div>
)
}
export default function ControlsPage() {
const { state, dispatch } = useSDK()
const router = useRouter()
@@ -373,6 +427,9 @@ export default function ControlsPage() {
const [showRagPanel, setShowRagPanel] = useState(false)
const [selectedRequirementId, setSelectedRequirementId] = useState<string>('')
// Transition error from Anti-Fake-Evidence state machine (409 Conflict)
const [transitionError, setTransitionError] = useState<{ controlId: string; violations: string[] } | null>(null)
// Track effectiveness locally as it's not in the SDK state type
const [effectivenessMap, setEffectivenessMap] = useState<Record<string, number>>({})
// Track linked evidence per control
@@ -385,7 +442,7 @@ export default function ControlsPage() {
const data = await res.json()
const allEvidence = data.evidence || data
if (Array.isArray(allEvidence)) {
const map: Record<string, { id: string; title: string; status: string }[]> = {}
const map: Record<string, { id: string; title: string; status: string; confidenceLevel?: string }[]> = {}
for (const ev of allEvidence) {
const ctrlId = ev.control_id || ''
if (!map[ctrlId]) map[ctrlId] = []
@@ -393,6 +450,7 @@ export default function ControlsPage() {
id: ev.id,
title: ev.title || ev.name || 'Nachweis',
status: ev.status || 'pending',
confidenceLevel: ev.confidence_level || undefined,
})
}
setEvidenceMap(map)
@@ -483,20 +541,56 @@ export default function ControlsPage() {
: 0
const partialCount = displayControls.filter(c => c.displayStatus === 'partial').length
const handleStatusChange = async (controlId: string, status: ImplementationStatus) => {
const handleStatusChange = async (controlId: string, newStatus: ImplementationStatus) => {
// Remember old status for rollback
const oldControl = state.controls.find(c => c.id === controlId)
const oldStatus = oldControl?.implementationStatus
// Optimistic update
dispatch({
type: 'UPDATE_CONTROL',
payload: { id: controlId, data: { implementationStatus: status } },
payload: { id: controlId, data: { implementationStatus: newStatus } },
})
try {
await fetch(`/api/sdk/v1/compliance/controls/${controlId}`, {
const res = await fetch(`/api/sdk/v1/compliance/controls/${controlId}`, {
method: 'PUT',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ implementation_status: status }),
body: JSON.stringify({ implementation_status: newStatus }),
})
if (!res.ok) {
// Rollback optimistic update
if (oldStatus) {
dispatch({
type: 'UPDATE_CONTROL',
payload: { id: controlId, data: { implementationStatus: oldStatus } },
})
}
const err = await res.json().catch(() => ({ detail: 'Status-Aenderung fehlgeschlagen' }))
if (res.status === 409 && err.detail?.violations) {
setTransitionError({ controlId, violations: err.detail.violations })
} else {
const msg = typeof err.detail === 'string' ? err.detail : err.detail?.error || 'Status-Aenderung fehlgeschlagen'
setError(msg)
}
} else {
// Clear any previous transition error for this control
if (transitionError?.controlId === controlId) {
setTransitionError(null)
}
}
} catch {
// Silently fail — SDK state is already updated
// Network error — rollback
if (oldStatus) {
dispatch({
type: 'UPDATE_CONTROL',
payload: { id: controlId, data: { implementationStatus: oldStatus } },
})
}
setError('Netzwerkfehler bei Status-Aenderung')
}
}
@@ -745,6 +839,15 @@ export default function ControlsPage() {
</div>
)}
{/* Transition Error Banner (Anti-Fake-Evidence 409 violations) */}
{transitionError && (
<TransitionErrorBanner
controlId={transitionError.controlId}
violations={transitionError.violations}
onDismiss={() => setTransitionError(null)}
/>
)}
{/* Requirements Alert */}
{state.requirements.length === 0 && !loading && (
<div className="bg-amber-50 border border-amber-200 rounded-xl p-4">

111
admin-compliance/app/sdk/evidence/components/anti-fake-badges.tsx Normal file
View File

@@ -0,0 +1,111 @@
"use client"
import React from "react"
const badgeBase = "inline-flex items-center px-2 py-0.5 rounded text-xs font-medium"
// ---------------------------------------------------------------------------
// Confidence Level Badge (E0E4)
// ---------------------------------------------------------------------------
const confidenceColors: Record<string, string> = {
E0: "bg-red-100 text-red-800",
E1: "bg-yellow-100 text-yellow-800",
E2: "bg-blue-100 text-blue-800",
E3: "bg-green-100 text-green-800",
E4: "bg-emerald-100 text-emerald-800",
}
const confidenceLabels: Record<string, string> = {
E0: "E0 — Generiert",
E1: "E1 — Manuell",
E2: "E2 — Intern validiert",
E3: "E3 — System-beobachtet",
E4: "E4 — Extern auditiert",
}
export function ConfidenceLevelBadge({ level }: { level?: string | null }) {
if (!level) return null
const color = confidenceColors[level] || "bg-gray-100 text-gray-800"
const label = confidenceLabels[level] || level
return <span className={`${badgeBase} ${color}`}>{label}</span>
}
// ---------------------------------------------------------------------------
// Truth Status Badge
// ---------------------------------------------------------------------------
const truthColors: Record<string, string> = {
generated: "bg-violet-100 text-violet-800",
uploaded: "bg-gray-100 text-gray-800",
observed: "bg-blue-100 text-blue-800",
validated: "bg-green-100 text-green-800",
rejected: "bg-red-100 text-red-800",
audited: "bg-emerald-100 text-emerald-800",
}
const truthLabels: Record<string, string> = {
generated: "Generiert",
uploaded: "Hochgeladen",
observed: "Beobachtet",
validated: "Validiert",
rejected: "Abgelehnt",
audited: "Auditiert",
}
export function TruthStatusBadge({ status }: { status?: string | null }) {
if (!status) return null
const color = truthColors[status] || "bg-gray-100 text-gray-800"
const label = truthLabels[status] || status
return <span className={`${badgeBase} ${color}`}>{label}</span>
}
// ---------------------------------------------------------------------------
// Generation Mode Badge (sparkles icon)
// ---------------------------------------------------------------------------
export function GenerationModeBadge({ mode }: { mode?: string | null }) {
if (!mode) return null
return (
<span className={`${badgeBase} bg-violet-100 text-violet-800`}>
<svg className="w-3 h-3 mr-1" fill="currentColor" viewBox="0 0 20 20">
<path d="M5 2a1 1 0 011 1v1h1a1 1 0 010 2H6v1a1 1 0 01-2 0V6H3a1 1 0 010-2h1V3a1 1 0 011-1zm0 10a1 1 0 011 1v1h1a1 1 0 010 2H6v1a1 1 0 01-2 0v-1H3a1 1 0 010-2h1v-1a1 1 0 011-1zm7-10a1 1 0 01.967.744L14.146 7.2 17.5 7.512a1 1 0 010 1.976l-3.354.313-1.18 4.456a1 1 0 01-1.932 0l-1.18-4.456-3.354-.313a1 1 0 010-1.976l3.354-.313 1.18-4.456A1 1 0 0112 2z" />
</svg>
KI-generiert
</span>
)
}
// ---------------------------------------------------------------------------
// Approval Status Badge (Four-Eyes)
// ---------------------------------------------------------------------------
const approvalColors: Record<string, string> = {
none: "bg-gray-100 text-gray-600",
pending_first: "bg-yellow-100 text-yellow-800",
first_approved: "bg-blue-100 text-blue-800",
approved: "bg-green-100 text-green-800",
rejected: "bg-red-100 text-red-800",
}
const approvalLabels: Record<string, string> = {
none: "Kein Review",
pending_first: "Warte auf 1. Review",
first_approved: "1. Review OK",
approved: "Genehmigt (4-Augen)",
rejected: "Abgelehnt",
}
export function ApprovalStatusBadge({
status,
requiresFourEyes,
}: {
status?: string | null
requiresFourEyes?: boolean | null
}) {
if (!requiresFourEyes) return null
const s = status || "none"
const color = approvalColors[s] || "bg-gray-100 text-gray-600"
const label = approvalLabels[s] || s
return <span className={`${badgeBase} ${color}`}>{label}</span>
}

473
admin-compliance/app/sdk/evidence/page.tsx
View File

@@ -3,6 +3,12 @@
import React, { useState, useEffect, useRef } from 'react'
import { useSDK, Evidence as SDKEvidence, EvidenceType } from '@/lib/sdk'
import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
import {
ConfidenceLevelBadge,
TruthStatusBadge,
GenerationModeBadge,
ApprovalStatusBadge,
} from './components/anti-fake-badges'
// =============================================================================
// TYPES
@@ -28,6 +34,12 @@ interface DisplayEvidence {
status: DisplayStatus
fileSize: string
fileUrl: string | null
// Anti-Fake-Evidence Phase 2
confidenceLevel: string | null
truthStatus: string | null
generationMode: string | null
approvalStatus: string | null
requiresFourEyes: boolean
}
// =============================================================================
@@ -162,7 +174,327 @@ const evidenceTemplates: EvidenceTemplate[] = [
// COMPONENTS
// =============================================================================
function EvidenceCard({ evidence, onDelete, onView, onDownload }: { evidence: DisplayEvidence; onDelete: () => void; onView: () => void; onDownload: () => void }) {
// =============================================================================
// CONFIDENCE FILTER COLORS (matching anti-fake-badges)
// =============================================================================
const confidenceFilterColors: Record<string, string> = {
E0: 'bg-red-200 text-red-800',
E1: 'bg-yellow-200 text-yellow-800',
E2: 'bg-blue-200 text-blue-800',
E3: 'bg-green-200 text-green-800',
E4: 'bg-emerald-200 text-emerald-800',
}
// =============================================================================
// REVIEW MODAL
// =============================================================================
function ReviewModal({ evidence, onClose, onSuccess }: { evidence: DisplayEvidence; onClose: () => void; onSuccess: () => void }) {
const [confidenceLevel, setConfidenceLevel] = useState(evidence.confidenceLevel || 'E1')
const [truthStatus, setTruthStatus] = useState(evidence.truthStatus || 'uploaded')
const [reviewedBy, setReviewedBy] = useState('')
const [submitting, setSubmitting] = useState(false)
const [error, setError] = useState<string | null>(null)
const handleSubmit = async () => {
if (!reviewedBy.trim()) { setError('Bitte E-Mail-Adresse angeben'); return }
setSubmitting(true)
setError(null)
try {
const res = await fetch(`/api/sdk/v1/compliance/evidence/${evidence.id}/review`, {
method: 'PATCH',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ confidence_level: confidenceLevel, truth_status: truthStatus, reviewed_by: reviewedBy }),
})
if (!res.ok) {
const err = await res.json().catch(() => ({ detail: 'Review fehlgeschlagen' }))
throw new Error(typeof err.detail === 'string' ? err.detail : JSON.stringify(err.detail))
}
onSuccess()
} catch (err) {
setError(err instanceof Error ? err.message : 'Unbekannter Fehler')
} finally {
setSubmitting(false)
}
}
const confidenceLevels = [
{ value: 'E0', label: 'E0 — Generiert' },
{ value: 'E1', label: 'E1 — Manuell' },
{ value: 'E2', label: 'E2 — Intern validiert' },
{ value: 'E3', label: 'E3 — System-beobachtet' },
{ value: 'E4', label: 'E4 — Extern auditiert' },
]
const truthStatuses = [
{ value: 'generated', label: 'Generiert' },
{ value: 'uploaded', label: 'Hochgeladen' },
{ value: 'observed', label: 'Beobachtet' },
{ value: 'validated', label: 'Validiert' },
{ value: 'audited', label: 'Auditiert' },
]
return (
<div className="fixed inset-0 z-50 flex items-center justify-center bg-black/50" onClick={onClose}>
<div className="bg-white rounded-2xl shadow-xl w-full max-w-lg mx-4 p-6" onClick={e => e.stopPropagation()}>
<h2 className="text-xl font-bold text-gray-900 mb-4">Evidence Reviewen</h2>
<p className="text-sm text-gray-500 mb-4">{evidence.name}</p>
{/* Current values */}
<div className="mb-4 p-3 bg-gray-50 rounded-lg text-sm space-y-1">
<div className="flex justify-between">
<span className="text-gray-500">Aktuelles Confidence-Level:</span>
<span className="font-medium">{evidence.confidenceLevel || '—'}</span>
</div>
<div className="flex justify-between">
<span className="text-gray-500">Aktueller Truth-Status:</span>
<span className="font-medium">{evidence.truthStatus || '—'}</span>
</div>
</div>
{/* New confidence level */}
<div className="mb-4">
<label className="block text-sm font-medium text-gray-700 mb-1">Neues Confidence-Level</label>
<select value={confidenceLevel} onChange={e => setConfidenceLevel(e.target.value)}
className="w-full border border-gray-300 rounded-lg px-3 py-2 text-sm focus:ring-2 focus:ring-purple-500 focus:border-transparent">
{confidenceLevels.map(l => <option key={l.value} value={l.value}>{l.label}</option>)}
</select>
</div>
{/* New truth status */}
<div className="mb-4">
<label className="block text-sm font-medium text-gray-700 mb-1">Neuer Truth-Status</label>
<select value={truthStatus} onChange={e => setTruthStatus(e.target.value)}
className="w-full border border-gray-300 rounded-lg px-3 py-2 text-sm focus:ring-2 focus:ring-purple-500 focus:border-transparent">
{truthStatuses.map(s => <option key={s.value} value={s.value}>{s.label}</option>)}
</select>
</div>
{/* Reviewed by */}
<div className="mb-4">
<label className="block text-sm font-medium text-gray-700 mb-1">Reviewer (E-Mail)</label>
<input type="email" value={reviewedBy} onChange={e => setReviewedBy(e.target.value)}
placeholder="reviewer@unternehmen.de"
className="w-full border border-gray-300 rounded-lg px-3 py-2 text-sm focus:ring-2 focus:ring-purple-500 focus:border-transparent" />
</div>
{/* Four-eyes warning */}
{evidence.requiresFourEyes && evidence.approvalStatus !== 'approved' && (
<div className="mb-4 p-3 bg-yellow-50 border border-yellow-200 rounded-lg">
<div className="flex items-start gap-2">
<svg className="w-5 h-5 text-yellow-600 mt-0.5 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
</svg>
<div className="text-sm text-yellow-800">
<p className="font-medium">4-Augen-Prinzip aktiv</p>
<p>Dieser Nachweis erfordert eine zusaetzliche Freigabe durch einen zweiten Reviewer.</p>
</div>
</div>
</div>
)}
{/* Error */}
{error && (
<div className="mb-4 p-3 bg-red-50 border border-red-200 rounded-lg text-sm text-red-700">{error}</div>
)}
{/* Actions */}
<div className="flex justify-end gap-3">
<button onClick={onClose} className="px-4 py-2 text-sm text-gray-600 hover:bg-gray-100 rounded-lg transition-colors">
Abbrechen
</button>
<button onClick={handleSubmit} disabled={submitting}
className="px-4 py-2 text-sm bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors disabled:opacity-50">
{submitting ? 'Wird gespeichert...' : 'Review abschliessen'}
</button>
</div>
</div>
</div>
)
}
// =============================================================================
// REJECT MODAL
// =============================================================================
function RejectModal({ evidence, onClose, onSuccess }: { evidence: DisplayEvidence; onClose: () => void; onSuccess: () => void }) {
const [reviewedBy, setReviewedBy] = useState('')
const [rejectionReason, setRejectionReason] = useState('')
const [submitting, setSubmitting] = useState(false)
const [error, setError] = useState<string | null>(null)
const handleSubmit = async () => {
if (!reviewedBy.trim()) { setError('Bitte E-Mail-Adresse angeben'); return }
if (!rejectionReason.trim()) { setError('Bitte Ablehnungsgrund angeben'); return }
setSubmitting(true)
setError(null)
try {
const res = await fetch(`/api/sdk/v1/compliance/evidence/${evidence.id}/reject`, {
method: 'PATCH',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ reviewed_by: reviewedBy, rejection_reason: rejectionReason }),
})
if (!res.ok) {
const err = await res.json().catch(() => ({ detail: 'Ablehnung fehlgeschlagen' }))
throw new Error(typeof err.detail === 'string' ? err.detail : JSON.stringify(err.detail))
}
onSuccess()
} catch (err) {
setError(err instanceof Error ? err.message : 'Unbekannter Fehler')
} finally {
setSubmitting(false)
}
}
return (
<div className="fixed inset-0 z-50 flex items-center justify-center bg-black/50" onClick={onClose}>
<div className="bg-white rounded-2xl shadow-xl w-full max-w-lg mx-4 p-6" onClick={e => e.stopPropagation()}>
<h2 className="text-xl font-bold text-gray-900 mb-4">Evidence Ablehnen</h2>
<p className="text-sm text-gray-500 mb-4">{evidence.name}</p>
{/* Reviewed by */}
<div className="mb-4">
<label className="block text-sm font-medium text-gray-700 mb-1">Reviewer (E-Mail)</label>
<input type="email" value={reviewedBy} onChange={e => setReviewedBy(e.target.value)}
placeholder="reviewer@unternehmen.de"
className="w-full border border-gray-300 rounded-lg px-3 py-2 text-sm focus:ring-2 focus:ring-red-500 focus:border-transparent" />
</div>
{/* Rejection reason */}
<div className="mb-4">
<label className="block text-sm font-medium text-gray-700 mb-1">Ablehnungsgrund</label>
<textarea value={rejectionReason} onChange={e => setRejectionReason(e.target.value)}
placeholder="Bitte beschreiben Sie den Grund fuer die Ablehnung..."
rows={4}
className="w-full border border-gray-300 rounded-lg px-3 py-2 text-sm focus:ring-2 focus:ring-red-500 focus:border-transparent resize-none" />
</div>
{/* Error */}
{error && (
<div className="mb-4 p-3 bg-red-50 border border-red-200 rounded-lg text-sm text-red-700">{error}</div>
)}
{/* Actions */}
<div className="flex justify-end gap-3">
<button onClick={onClose} className="px-4 py-2 text-sm text-gray-600 hover:bg-gray-100 rounded-lg transition-colors">
Abbrechen
</button>
<button onClick={handleSubmit} disabled={submitting}
className="px-4 py-2 text-sm bg-red-600 text-white rounded-lg hover:bg-red-700 transition-colors disabled:opacity-50">
{submitting ? 'Wird abgelehnt...' : 'Ablehnen'}
</button>
</div>
</div>
</div>
)
}
// =============================================================================
// AUDIT TRAIL PANEL
// =============================================================================
function AuditTrailPanel({ evidenceId, onClose }: { evidenceId: string; onClose: () => void }) {
const [entries, setEntries] = useState<{ id: string; action: string; actor: string; timestamp: string; details: Record<string, unknown> | null }[]>([])
const [loading, setLoading] = useState(true)
useEffect(() => {
fetch(`/api/sdk/v1/compliance/audit-trail?entity_type=evidence&entity_id=${evidenceId}`)
.then(res => res.json())
.then(data => {
const mapped = (data.entries || []).map((e: Record<string, unknown>) => ({
id: e.id as string,
action: e.action as string,
actor: (e.performed_by || 'System') as string,
timestamp: (e.performed_at || '') as string,
details: {
...(e.field_changed ? { field: e.field_changed } : {}),
...(e.old_value ? { old: e.old_value } : {}),
...(e.new_value ? { new: e.new_value } : {}),
...(e.change_summary ? { summary: e.change_summary } : {}),
} as Record<string, unknown>,
}))
setEntries(mapped)
})
.catch(() => {})
.finally(() => setLoading(false))
}, [evidenceId])
const actionLabels: Record<string, { label: string; color: string }> = {
created: { label: 'Erstellt', color: 'bg-blue-100 text-blue-700' },
uploaded: { label: 'Hochgeladen', color: 'bg-purple-100 text-purple-700' },
reviewed: { label: 'Reviewed', color: 'bg-green-100 text-green-700' },
rejected: { label: 'Abgelehnt', color: 'bg-red-100 text-red-700' },
updated: { label: 'Aktualisiert', color: 'bg-yellow-100 text-yellow-700' },
deleted: { label: 'Geloescht', color: 'bg-gray-100 text-gray-700' },
approved: { label: 'Genehmigt', color: 'bg-emerald-100 text-emerald-700' },
four_eyes_first: { label: '1. Review (4-Augen)', color: 'bg-blue-100 text-blue-700' },
four_eyes_final: { label: 'Finale Freigabe (4-Augen)', color: 'bg-emerald-100 text-emerald-700' },
}
return (
<div className="fixed inset-0 z-50 flex items-center justify-center bg-black/50" onClick={onClose}>
<div className="bg-white rounded-2xl shadow-xl w-full max-w-2xl mx-4 p-6 max-h-[80vh] overflow-y-auto" onClick={e => e.stopPropagation()}>
<div className="flex items-center justify-between mb-4">
<h2 className="text-xl font-bold text-gray-900">Audit-Trail</h2>
<button onClick={onClose} className="text-gray-400 hover:text-gray-600 text-xl">&times;</button>
</div>
{loading ? (
<div className="flex justify-center py-12">
<div className="animate-spin rounded-full h-8 w-8 border-b-2 border-purple-600" />
</div>
) : entries.length === 0 ? (
<div className="py-12 text-center text-gray-500">
<p>Keine Audit-Trail-Eintraege vorhanden.</p>
</div>
) : (
<div className="relative">
{/* Timeline line */}
<div className="absolute left-4 top-0 bottom-0 w-0.5 bg-gray-200" />
<div className="space-y-4">
{entries.map((entry, idx) => {
const meta = actionLabels[entry.action] || { label: entry.action, color: 'bg-gray-100 text-gray-700' }
return (
<div key={entry.id || idx} className="relative flex items-start gap-4 pl-10">
{/* Timeline dot */}
<div className="absolute left-2.5 top-1.5 w-3 h-3 rounded-full bg-white border-2 border-purple-400" />
<div className="flex-1 bg-gray-50 rounded-lg p-3">
<div className="flex items-center gap-2 mb-1">
<span className={`px-2 py-0.5 text-xs rounded ${meta.color}`}>{meta.label}</span>
<span className="text-xs text-gray-400">
{entry.timestamp ? new Date(entry.timestamp).toLocaleString('de-DE') : '—'}
</span>
</div>
<div className="text-sm text-gray-600">
<span className="font-medium">{entry.actor || 'System'}</span>
</div>
{entry.details && Object.keys(entry.details).length > 0 && (
<div className="mt-2 text-xs text-gray-500 font-mono bg-white rounded p-2 border">
{Object.entries(entry.details).map(([k, v]) => (
<div key={k}><span className="text-gray-400">{k}:</span> {String(v)}</div>
))}
</div>
)}
</div>
</div>
)
})}
</div>
</div>
)}
</div>
</div>
)
}
// =============================================================================
// EVIDENCE CARD
// =============================================================================
function EvidenceCard({ evidence, onDelete, onView, onDownload, onReview, onReject, onShowHistory }: { evidence: DisplayEvidence; onDelete: () => void; onView: () => void; onDownload: () => void; onReview: () => void; onReject: () => void; onShowHistory: () => void }) {
const typeIcons = {
document: (
<svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
@@ -221,9 +553,15 @@ function EvidenceCard({ evidence, onDelete, onView, onDownload }: { evidence: Di
<div className="flex-1">
<div className="flex items-center justify-between">
<h3 className="text-lg font-semibold text-gray-900">{evidence.name}</h3>
<span className={`px-3 py-1 text-xs rounded-full ${statusColors[evidence.status]}`}>
{statusLabels[evidence.status]}
</span>
<div className="flex items-center gap-1.5 flex-wrap">
<span className={`px-3 py-1 text-xs rounded-full ${statusColors[evidence.status]}`}>
{statusLabels[evidence.status]}
</span>
<ConfidenceLevelBadge level={evidence.confidenceLevel} />
<TruthStatusBadge status={evidence.truthStatus} />
<GenerationModeBadge mode={evidence.generationMode} />
<ApprovalStatusBadge status={evidence.approvalStatus} requiresFourEyes={evidence.requiresFourEyes} />
</div>
</div>
<p className="text-sm text-gray-500 mt-1">{evidence.description}</p>
@@ -275,6 +613,31 @@ function EvidenceCard({ evidence, onDelete, onView, onDownload }: { evidence: Di
>
Loeschen
</button>
{/* Review button — visible when review is possible */}
{(evidence.approvalStatus === 'none' || evidence.approvalStatus === 'pending_first' || evidence.approvalStatus === 'first_approved' || !evidence.approvalStatus) && evidence.approvalStatus !== 'approved' && evidence.approvalStatus !== 'rejected' && (
<button
onClick={onReview}
className="px-3 py-1 text-sm text-green-600 hover:bg-green-50 rounded-lg transition-colors font-medium"
>
Reviewen
</button>
)}
{/* Reject button — visible for four-eyes evidence that's not yet resolved */}
{evidence.requiresFourEyes && evidence.approvalStatus !== 'rejected' && evidence.approvalStatus !== 'approved' && (
<button
onClick={onReject}
className="px-3 py-1 text-sm text-orange-600 hover:bg-orange-50 rounded-lg transition-colors"
>
Ablehnen
</button>
)}
{/* History button */}
<button
onClick={onShowHistory}
className="px-3 py-1 text-sm text-gray-500 hover:bg-gray-100 rounded-lg transition-colors"
>
Historie
</button>
</div>
</div>
</div>
@@ -382,6 +745,15 @@ export default function EvidencePage() {
const [pageSize] = useState(20)
const [total, setTotal] = useState(0)
// Anti-Fake-Evidence metadata (keyed by evidence ID)
const [antiFakeMeta, setAntiFakeMeta] = useState<Record<string, {
confidenceLevel: string | null
truthStatus: string | null
generationMode: string | null
approvalStatus: string | null
requiresFourEyes: boolean
}>>({})
// Evidence Checks state
const [checks, setChecks] = useState<EvidenceCheck[]>([])
const [checksLoading, setChecksLoading] = useState(false)
@@ -393,6 +765,13 @@ export default function EvidencePage() {
const [coverageReport, setCoverageReport] = useState<CoverageReport | null>(null)
const [seedingChecks, setSeedingChecks] = useState(false)
// Phase 3: Review/Reject/AuditTrail state
const [reviewEvidence, setReviewEvidence] = useState<DisplayEvidence | null>(null)
const [rejectEvidence, setRejectEvidence] = useState<DisplayEvidence | null>(null)
const [auditTrailId, setAuditTrailId] = useState<string | null>(null)
const [confidenceFilter, setConfidenceFilter] = useState<string | null>(null)
const [refreshKey, setRefreshKey] = useState(0)
// Fetch evidence from backend on mount and when page changes
useEffect(() => {
const fetchEvidence = async () => {
@@ -404,18 +783,30 @@ export default function EvidencePage() {
if (data.total !== undefined) setTotal(data.total)
const backendEvidence = data.evidence || data
if (Array.isArray(backendEvidence) && backendEvidence.length > 0) {
const mapped: SDKEvidence[] = backendEvidence.map((e: Record<string, unknown>) => ({
id: (e.id || '') as string,
controlId: (e.control_id || '') as string,
type: ((e.evidence_type || 'DOCUMENT') as string).toUpperCase() as EvidenceType,
name: (e.title || e.name || '') as string,
description: (e.description || '') as string,
fileUrl: (e.artifact_url || null) as string | null,
validFrom: e.valid_from ? new Date(e.valid_from as string) : new Date(),
validUntil: e.valid_until ? new Date(e.valid_until as string) : null,
uploadedBy: (e.uploaded_by || 'System') as string,
uploadedAt: e.created_at ? new Date(e.created_at as string) : new Date(),
}))
const metaMap: typeof antiFakeMeta = {}
const mapped: SDKEvidence[] = backendEvidence.map((e: Record<string, unknown>) => {
const id = (e.id || '') as string
metaMap[id] = {
confidenceLevel: (e.confidence_level || null) as string | null,
truthStatus: (e.truth_status || null) as string | null,
generationMode: (e.generation_mode || null) as string | null,
approvalStatus: (e.approval_status || null) as string | null,
requiresFourEyes: !!e.requires_four_eyes,
}
return {
id,
controlId: (e.control_id || '') as string,
type: ((e.evidence_type || 'DOCUMENT') as string).toUpperCase() as EvidenceType,
name: (e.title || e.name || '') as string,
description: (e.description || '') as string,
fileUrl: (e.artifact_url || null) as string | null,
validFrom: e.valid_from ? new Date(e.valid_from as string) : new Date(),
validUntil: e.valid_until ? new Date(e.valid_until as string) : null,
uploadedBy: (e.uploaded_by || 'System') as string,
uploadedAt: e.created_at ? new Date(e.created_at as string) : new Date(),
}
})
setAntiFakeMeta(metaMap)
dispatch({ type: 'SET_STATE', payload: { evidence: mapped } })
setError(null)
return
@@ -463,12 +854,13 @@ export default function EvidencePage() {
}
fetchEvidence()
}, [page, pageSize]) // eslint-disable-line react-hooks/exhaustive-deps
}, [page, pageSize, refreshKey]) // eslint-disable-line react-hooks/exhaustive-deps
// Convert SDK evidence to display evidence
const displayEvidence: DisplayEvidence[] = state.evidence.map(ev => {
const template = evidenceTemplates.find(t => t.id === ev.id)
const meta = antiFakeMeta[ev.id]
return {
id: ev.id,
name: ev.name,
@@ -485,12 +877,18 @@ export default function EvidencePage() {
status: getEvidenceStatus(ev.validUntil),
fileSize: template?.fileSize || 'Unbekannt',
fileUrl: ev.fileUrl,
confidenceLevel: meta?.confidenceLevel || null,
truthStatus: meta?.truthStatus || null,
generationMode: meta?.generationMode || null,
approvalStatus: meta?.approvalStatus || null,
requiresFourEyes: meta?.requiresFourEyes || false,
}
})
const filteredEvidence = filter === 'all'
const filteredEvidence = (filter === 'all'
? displayEvidence
: displayEvidence.filter(e => e.status === filter || e.displayType === filter)
).filter(e => !confidenceFilter || e.confidenceLevel === confidenceFilter)
const validCount = displayEvidence.filter(e => e.status === 'valid').length
const expiredCount = displayEvidence.filter(e => e.status === 'expired').length
@@ -803,6 +1201,20 @@ export default function EvidencePage() {
f === 'certificate' ? 'Zertifikate' : 'Audit-Berichte'}
</button>
))}
<span className="text-gray-300 mx-1">|</span>
{['E0', 'E1', 'E2', 'E3', 'E4'].map(level => (
<button
key={level}
onClick={() => setConfidenceFilter(confidenceFilter === level ? null : level)}
className={`px-3 py-1 text-sm rounded-full transition-colors ${
confidenceFilter === level
? confidenceFilterColors[level]
: 'bg-gray-100 text-gray-600 hover:bg-gray-200'
}`}
>
{level}
</button>
))}
</div>
{/* Loading State */}
@@ -818,6 +1230,9 @@ export default function EvidencePage() {
onDelete={() => handleDelete(ev.id)}
onView={() => handleView(ev)}
onDownload={() => handleDownload(ev)}
onReview={() => setReviewEvidence(ev)}
onReject={() => setRejectEvidence(ev)}
onShowHistory={() => setAuditTrailId(ev.id)}
/>
))}
</div>
@@ -1106,6 +1521,28 @@ export default function EvidencePage() {
)}
</div>
)}
{/* Phase 3 Modals */}
{reviewEvidence && (
<ReviewModal
evidence={reviewEvidence}
onClose={() => setReviewEvidence(null)}
onSuccess={() => { setReviewEvidence(null); setRefreshKey(k => k + 1) }}
/>
)}
{rejectEvidence && (
<RejectModal
evidence={rejectEvidence}
onClose={() => setRejectEvidence(null)}
onSuccess={() => { setRejectEvidence(null); setRefreshKey(k => k + 1) }}
/>
)}
{auditTrailId && (
<AuditTrailPanel
evidenceId={auditTrailId}
onClose={() => setAuditTrailId(null)}
/>
)}
</div>
)
}

13
admin-compliance/components/sdk/Sidebar/SDKSidebar.tsx
View File

@@ -643,6 +643,19 @@ export function SDKSidebar({ collapsed = false, onCollapsedChange }: SDKSidebarP
collapsed={collapsed}
projectId={projectId}
/>
<AdditionalModuleItem
href="/sdk/assertions"
icon={
<svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2}
d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4" />
</svg>
}
label="Assertions"
isActive={pathname === '/sdk/assertions'}
collapsed={collapsed}
projectId={projectId}
/>
<AdditionalModuleItem
href="/sdk/dsms"
icon={