Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
1,477 Commits 36 Branches 1 Tag
feat/control-recall
Commit Graph

2 Commits

Author SHA1 Message Date
Benjamin Admin 576063515b feat(ai-sdk): searchControls — deep dense pull recalls control sources on implementation questions
CI / detect-changes (pull_request) Successful in 8s
Details
CI / branch-name (pull_request) Successful in 2s
Details
CI / guardrail-integrity (pull_request) Successful in 6s
Details
CI / secret-scan (pull_request) Successful in 8s
Details
CI / dep-audit (pull_request) Failing after 55s
Details
CI / sbom-scan (pull_request) Failing after 1m1s
Details
CI / build-sha-integrity (pull_request) Successful in 11s
Details
CI / validate-canonical-controls (pull_request) Successful in 5s
Details
CI / loc-budget (pull_request) Successful in 16s
Details
CI / go-lint (pull_request) Successful in 50s
Details
CI / python-lint (pull_request) Failing after 15s
Details
CI / nodejs-lint (pull_request) Failing after 1m8s
Details
CI / nodejs-build (pull_request) Successful in 3m1s
Details
CI / test-go (pull_request) Successful in 59s
Details
CI / iace-gt-coverage (pull_request) Successful in 15s
Details
CI / test-python-backend (pull_request) Successful in 27s
Details
CI / test-python-document-crawler (pull_request) Successful in 13s
Details
CI / test-python-dsms-gateway (pull_request) Successful in 10s
Details 
Measured (raw dense, top-500, "Welche Controls passen zu Security Updates?"):
NIST at dense rank 9 (115 chunks), CRA Annex at rank 8 — both shallow, just below
the client's small top-K, so the rank layer (#38) never saw them. OWASP: absent from
the corpus (separate ingest).

Add searchControls: on an explicit implementation question (queryWantsControls) pull a
deep dense pool (depth 60, no filter), classify each hit's role in code, and keep only
the four control-pool roles (operational/procedural requirement, control standard,
implementation guidance) — no source_role tagging of the corpus. Merge-dedup into the
pool; the existing rerank + applyControlRoles then order them (op_req > procedural >
standard > guidance). So CRA Annex I (operational_requirement) lands Top-1 and NIST
(control_standard) enters Top-3/5, while ENISA stays visible. Norm questions (no control
intent) are untouched.

Tested: isControlPoolRole, controlRoleOf payload classification (NIST/CRA-Annex/DORA).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-06-24 14:03:45 +02:00
Benjamin_Boenisch 9cfe6f83b1 feat(ai-sdk): source_role control-pool (controls != only technical_standard) (#38)
CI / detect-changes (push) Successful in 4s
Details
CI / branch-name (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / secret-scan (push) Has been skipped
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / build-sha-integrity (push) Successful in 6s
Details
CI / validate-canonical-controls (push) Successful in 3s
Details
CI / loc-budget (push) Successful in 19s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / nodejs-build (push) Has been skipped
Details
CI / test-go (push) Successful in 57s
Details
CI / iace-gt-coverage (push) Successful in 15s
Details
CI / test-python-backend (push) Has been skipped
Details
CI / test-python-document-crawler (push) Has been skipped
Details
CI / test-python-dsms-gateway (push) Has been skipped
Details
2026-06-24 11:12:22 +00:00