371 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Sharang Parnerkar	aabfd0aecd	docs: fix CI comment and remove dead gitea remote from CLAUDE.md ... - build-push-deploy.yml: correct comment (orca runs if any build succeeds) - CLAUDE.md: remove git push gitea main (only origin remote exists) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 10:47:52 +02:00
Sharang Parnerkar	11f13b3f74	docs: replace all Coolify references with Orca across compliance repo ... CI/CD pipeline now uses Orca (build-push-deploy.yml) not Coolify. Updated CLAUDE.md, workflow comments, docs-src, and hetzner compose. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 10:39:45 +02:00
Sharang Parnerkar	20fbfc197e	fix: rename types.ts→tsx for JSX support; orca triggers on any build success ... - types.ts had JSX (SVG icons) but .ts extension → Next.js build error - trigger-orca now runs if at least one service build succeeds (not all) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 10:37:47 +02:00
Sharang Parnerkar	b5d20a4c1d	fix: add missing training page components to fix admin-compliance Docker build ... All 8 components imported by app/sdk/training/page.tsx were missing. Docker build was failing with Module not found errors. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 10:32:35 +02:00
Sharang Parnerkar	54add75eb0	ci: trigger build-push-deploy for compliance services ... Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 09:27:40 +02:00
Sharang Parnerkar	c34f8528a7	ci: replace Coolify webhook with orca build+push+deploy pipeline ... Mirror the pitch-deck pattern: each service builds its Docker image, pushes to registry.meghsakha.com/breakpilot/compliance-*, then triggers orca redeploy via HMAC-signed webhook. Requires secrets: REGISTRY_USERNAME, REGISTRY_PASSWORD, ORCA_WEBHOOK_SECRET Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 09:11:08 +02:00
Sharang Parnerkar	90d14eb546	refactor(admin): split SDKSidebar and ScopeWizardTab components ... - SDKSidebar (918→236 LOC): extracted icons to SidebarIcons, sub-components (ProgressBar, PackageIndicator, StepItem, CorpusStalenessInfo, AdditionalModuleItem) to SidebarSubComponents, and the full module nav list to SidebarModuleNav - ScopeWizardTab (794→339 LOC): extracted DatenkategorienBlock9 and its dept mapping constants to DatenkategorienBlock, and question rendering (all switch-case types + help text) to ScopeQuestionRenderer - All files now under 500 LOC hard cap; zero behavior changes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 23:03:46 +02:00
Sharang Parnerkar	0125199c76	refactor(admin): split controls, training, control-provenance, iace/verification pages ... Each page.tsx exceeded the 500-LOC hard cap. Extracted components and hooks into colocated _components/ and _hooks/ directories; page.tsx is now a thin orchestrator. - controls/page.tsx: 944 → 180 LOC; extracted ControlCard, AddControlForm, LoadingSkeleton, TransitionErrorBanner, StatsCards, FilterBar, RAGPanel into _components/ and useControlsData, useRAGSuggestions into _hooks/; types into _types.ts - training/page.tsx: 780 → 288 LOC; extracted ContentTab (inline content generator tab) into _components/ContentTab.tsx - control-provenance/page.tsx: 739 → 122 LOC; extracted MarkdownRenderer, UsageBadge, PermBadge, LicenseMatrix, SourceRegistry into _components/; PROVENANCE_SECTIONS static data into _data/provenance-sections.ts - iace/[projectId]/verification/page.tsx: 673 → 196 LOC; extracted StatusBadge, VerificationForm, CompleteModal, SuggestEvidenceModal, VerificationTable into _components/ Zero behavior changes; logic relocated verbatim. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 22:50:15 +02:00
Sharang Parnerkar	cfd4fc347f	refactor(admin): split control-library, iace/mitigations, iace/components pages ... Extract hooks, sub-components, and constants into colocated files to bring all three page.tsx files under the 500-LOC hard cap (225, 134, 111 LOC). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 22:47:16 +02:00
Sharang Parnerkar	2adbacf267	revert: remove <en> mixed-language TTS approach ... Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 22:38:05 +02:00
Sharang Parnerkar	9d96330a54	fix(tts): add missing re and subprocess imports for <en> tag handling ... Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 22:30:49 +02:00
Sharang Parnerkar	c50e57fd85	feat(tts): mixed-language synthesis via <en> tags ... Parse <en>word</en> markers in text, synthesise English segments with en-US-GuyNeural and German segments with de-DE-ConradNeural, then ffmpeg-concat into a single MP3. Fallback to plain synthesis if no tags. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 22:28:59 +02:00
Benjamin Admin	712fa8cb74	feat: Pass 0b quality — negative actions, container detection, session object classes ... 4 error class fixes from AUTH-1052 quality review: 1. Prohibitive action types (prevent/exclude/forbid) for "dürfen keine", "verboten" etc. 2. Container object detection (Sitzungsverwaltung, Token-Schutz → _requires_decomposition) 3. Session-specific object classes (session, cookie, jwt, federated_assertion) 4. Session lifecycle actions (invalidate, issue, rotate, enforce) with templates + severity caps 76 new tests (303 total), all passing. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-28 17:24:19 +01:00
Benjamin Admin	447ec08509	Add migration 082: widen source_article to TEXT, fix pass0b query filters ... - source_article/source_regulation VARCHAR(100) → TEXT for long NIST refs - Pass 0b NOT EXISTS queries now skip deprecated/duplicate controls - Duplicate Guard excludes deprecated/duplicate from existence check Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-28 12:47:26 +01:00
Benjamin Admin	8cb1dc1108	Fix pass0b queries to skip deprecated/duplicate controls ... The NOT EXISTS check and Duplicate Guard now exclude deprecated and duplicate controls, enabling clean re-runs after invalidation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-28 09:09:16 +01:00
Benjamin Admin	f8d9919b97	Improve object normalization: shorter keys, synonym expansion, qualifier stripping ... - Truncate object keys to 40 chars (was 80) at underscore boundary - Strip German qualifying prepositional phrases (bei/für/gemäß/von/zur/...) - Add 65 new synonym mappings for near-duplicate patterns found in analysis - Strip trailing noise tokens (articles/prepositions) - Add _truncate_at_boundary() helper and _QUALIFYING_PHRASE_RE regex - 11 new tests for normalization improvements (227 total pass) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-28 08:55:48 +01:00
Benjamin Admin	fb2cf29b34	fix: Pass 0b — Duplicate Guard, Severity-Kalibrierung, Title-Truncation ... 1. Duplicate Guard: merge_hint-Lookup vor INSERT in _write_atomic_control() verhindert semantisch identische Controls unter demselben Parent. 2. Severity-Kalibrierung: action_type-basiert statt blind vom Parent. define/review/test → max medium, implement/monitor → max high. 3. Title-Truncation: Schnitt am Wortende statt mitten im Wort. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-27 08:38:33 +01:00
Benjamin Admin	f39e5a71af	feat: Obligation-Deduplizierung — 34.617 Duplikate als 'duplicate' markiert ... Neue Endpunkte POST /obligations/dedup und GET /obligations/dedup-stats. Pro candidate_id wird der aelteste Eintrag behalten, alle weiteren erhalten release_state='duplicate' mit merged_into_id + quality_flags fuer Traceability. Detail-View filtert Duplikate aus. MKDocs aktualisiert. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 20:13:00 +01:00
Benjamin Admin	ac42a0aaa0	fix: Faceted Counts — NULL-Werte einbeziehen + AbortController fuer Race Conditions ... Backend: Facets zaehlen jetzt Controls OHNE Wert (z.B. "Ohne Nachweis") als __none__. Filter unterstuetzen __none__ fuer verification_method, category, evidence_type. Counts addieren sich immer zum Total. Frontend: "Ohne X" Optionen in Dropdowns. AbortController verhindert dass aeltere API-Antworten neuere ueberschreiben. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 17:35:52 +01:00
Benjamin Admin	52e463a7c8	feat: Faceted Search — Dropdown-Counts passen sich aktiven Filtern an ... Backend: controls-meta akzeptiert alle Filter-Parameter und berechnet Faceted Counts (jede Dimension zaehlt mit allen ANDEREN Filtern). Neue Facets: severity, verification_method, category, evidence_type, release_state — zusaetzlich zu domains, sources, type_counts. Frontend: loadMeta laedt bei jeder Filteraenderung neu, alle Dropdowns zeigen kontextsensitive Zahlen. Proxy leitet Filter an controls-meta weiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 15:00:40 +01:00
Benjamin Admin	2dee62fa6f	feat: Eigenentwicklung-Filter im Typ-Dropdown mit Counts ... Backend: control_type=eigenentwicklung in list_controls + count_controls, type_counts (rich/atomic/eigenentwicklung) in controls-meta Endpoint. Frontend: Typ-Dropdown zeigt Eigenentwicklung mit Anzahl. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 14:33:00 +01:00
Benjamin Admin	3fb07e201f	fix: V1 Enrichment Threshold auf 0.70 gesenkt (typische Top-Scores 0.70-0.77) ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 11:13:37 +01:00
Benjamin Admin	81c9ce5de3	fix: V1 Enrichment — Qdrant Collection + Parent-Resolution fuer regulatorische Matches ... Die atomic_controls_dedup Collection (51k Punkte) enthaelt nur atomare Controls ohne source_citation. Jetzt wird der Parent-Control aufgeloest, der die Rechtsgrundlage traegt. Deduplizierung nach Parent-UUID verhindert mehrfache Eintraege fuer die gleiche Regulation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 10:52:41 +01:00
Benjamin Admin	db7c207464	feat: V1 Control Enrichment — Eigenentwicklung-Label, regulatorisches Matching & Vergleichsansicht ... 863 v1-Controls (manuell geschrieben, ohne Rechtsgrundlage) werden als "Eigenentwicklung" gekennzeichnet und automatisch mit regulatorischen Controls (DSGVO, NIS2, OWASP etc.) per Embedding-Similarity abgeglichen. Backend: - Migration 080: v1_control_matches Tabelle (Cross-Reference) - v1_enrichment.py: Batch-Matching via BGE-M3 + Qdrant (Threshold 0.75) - 3 neue API-Endpoints: enrich-v1-matches, v1-matches, v1-enrichment-stats - 6 Tests (dry-run, execution, matches, pagination, detection) Frontend: - Orange "Eigenentwicklung"-Badge statt grauem "v1" (wenn kein Source) - "Regulatorische Abdeckung"-Sektion im ControlDetail mit Match-Karten - Side-by-Side V1CompareView (Eigenentwicklung vs. regulatorisch gedeckt) - Prev/Next Navigation durch alle Matches Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 10:32:08 +01:00
Benjamin Admin	cb034b8009	fix: DB-Rollback nach LLM-Fehler im Rationale-Backfill ... Verhindert 'invalid transaction' Fehler wenn ein LLM-Call fehlschlaegt und nachfolgende DB-Operationen blockiert. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 23:51:27 +01:00
Benjamin Admin	564f93259b	fix: Ollama think:false fuer qwen3.5 Thinking-Mode ... qwen3.5 gibt Antworten im 'thinking'-Feld statt 'response' zurueck. Mit think:false wird der Thinking-Mode deaktiviert und die Antwort korrekt im response-Feld geliefert. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 23:25:14 +01:00
Benjamin Admin	89ac223c41	fix: LLM Provider erkennt COMPLIANCE_LLM_PROVIDER=ollama ... Ollama als eigener Enum-Wert neben self_hosted, damit die docker-compose-Konfiguration (ollama) korrekt aufgeloest wird. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 23:12:05 +01:00
Benjamin Admin	23dd5116b3	feat: LLM-basierter Rationale-Backfill fuer atomare Controls ... POST /controls/backfill-rationale — ersetzt Placeholder "Aus Obligation abgeleitet." durch LLM-generierte Begruendungen (Ollama/qwen3.5). Optimierung: gruppiert ~86k Controls nach ~7k Parents, ein LLM-Call pro Parent. Paginierung via batch_size/offset fuer kontrollierte Ausfuehrung. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 23:01:49 +01:00
Benjamin Admin	81ce9dde07	docs: Anti-Fake-Evidence MkDocs umfassend erweitert ... - Delve-Vorfall als Motivation mit konkreten Haftungsrisiken - 6 Guardrails als Mermaid-Diagramm mit Zusammenspiel - Verbindung zu evidence_type (code/process/hybrid) - Sicherheitsarchitektur: Warum E0-E4, warum Four-Eyes nur GOV/PRIV - Same-Person-Schutz Erklaerung (Backend-Level, kein Admin-Bypass) - Hard Blocks: SQL-Beispiele fuer Audit-Sperren - Vollstaendiges DB-Schema (Enums, alle Tabellen, alle Spalten) - Vollstaendige API-Referenz (Evidence, Assertions, Audit-Trail, LLM-Audit) - FAQ-Sektion (E0 loeschen, Four-Eyes Timeout, Assertion-Extraktion) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 22:22:01 +01:00
Benjamin Admin	5e9cab6ab5	feat: evidence_type Feld (code/process/hybrid) fuer Controls ... Neues Feld auf canonical_controls klassifiziert, ob ein Control technisch im Source Code (code), organisatorisch via Dokumente (process) oder beides (hybrid) nachgewiesen wird. Inklusive Backfill-Endpoint, Frontend-Badge/Filter und MkDocs-Dokumentation. - Migration 079: evidence_type VARCHAR(20) + Index - Backend: Filter, Backfill-Endpoint mit Domain-Heuristik, CRUD - Frontend: EvidenceTypeBadge (sky/amber/violet), Nachweisart-Dropdown - Proxy: evidence_type Passthrough fuer controls + controls-count - Tests: 22 Tests fuer Klassifikations-Heuristik - Docs: Eigenes MkDocs-Kapitel mit Mermaid-Diagramm Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 21:53:40 +01:00
Benjamin Admin	a29bfdd588	fix: normative_strength 'may' statt 'can' (DB-Constraint) ... DB-Constraint erlaubt nur must/should/may. 'can' gibt es nicht. Alle Referenzen auf 'can' durch 'may' ersetzt. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 08:35:16 +01:00
Benjamin Admin	9dbb4cc5d2	fix: Backfill nutzt source_citation statt control_parent_links ... Die Obligation kennt ihren Parent-Rich-Control direkt. Dessen source_citation->>'source' gibt die Quell-Regulierung zuverlaessiger als der Umweg ueber control_parent_links (M:N-Inflation). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 08:25:32 +01:00
Benjamin Admin	c56bccaedf	fix: deploy.sh bash 3 kompatibel (keine assoziativen Arrays) ... macOS ships mit bash 3, declare -A wird nicht unterstuetzt. Ersetzt durch case-Funktion dir_to_service(). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 08:19:38 +01:00
Benjamin Admin	230fbeb490	feat: Dreistufenmodell normative Verbindlichkeit + Duplikat-Filter + Auto-Deploy ... - Source-Type-Klassifikation (58 Regulierungen: law/guideline/framework) - Backfill-Endpoint POST /controls/backfill-normative-strength - exclude_duplicates Filter fuer Control-Library (Backend + Proxy + UI-Toggle) - MkDocs-Kapitel: Normative Verbindlichkeit mit Mermaid-Diagrammen - scripts/deploy.sh: Auto-Push + Mac Mini rebuild + Coolify health monitoring - 26 Unit Tests fuer Klassifikations-Logik Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 08:18:00 +01:00
Benjamin Admin	6d3bdf8e74	feat: Control-Detail Provenance + Atomare Controls Seite ... Backend: provenance endpoint (obligations, doc refs, merged duplicates, regulations summary) + atomic-stats aggregation endpoint. Frontend: ControlDetail mit Provenance-Sektionen, klickbare Navigation, neue /sdk/atomic-controls Seite mit Stats-Bar und gefilterer Liste. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 10:38:34 +01:00
Benjamin Admin	200facda6a	fix: use CAST(:dd AS jsonb) instead of :dd::jsonb in _write_review ... SQLAlchemy's text() parser doesn't properly handle :param::type syntax — it fails to recognize :dd as a bind parameter when followed by ::jsonb. Using CAST(:dd AS jsonb) instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 08:48:58 +01:00
Benjamin Admin	9282850138	fix: add db.rollback() to batch dedup error handlers ... SQLAlchemy sessions enter a failed state after SQL errors. Without rollback(), all subsequent queries on the same session fail with InFailedSqlTransaction. Added try/except with rollback in _mark_duplicate, _mark_duplicate_to, _write_review, cross-group pass, and the main phase1 loop. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 08:41:36 +01:00
Benjamin Admin	770f0b5ab0	fix: adapt batch dedup to NULL pattern_id — group by merge_group_hint ... All Pass 0b controls have pattern_id=NULL. Rewritten to: - Phase 1: Group by merge_group_hint (action:object:trigger), 52k groups - Phase 2: Cross-group embedding search for semantically similar masters - Qdrant search uses unfiltered cross-regulation endpoint - API param changed: pattern_id → hint_filter Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 07:24:02 +01:00
Benjamin Admin	35784c35eb	feat: Batch Dedup Runner — 85k→~18-25k Master Controls ... Adds batch orchestration for deduplicating ~85k Pass 0b atomic controls into ~18-25k unique masters with M:N parent linking. New files: - migrations/078_batch_dedup.sql: merged_into_uuid column, perf indexes, link_type CHECK extended for cross_regulation - batch_dedup_runner.py: BatchDedupRunner with quality scoring, merge-hint grouping, title-identical short-circuit, parent-link transfer, and cross-regulation pass - tests/test_batch_dedup_runner.py: 21 tests (all passing) Modified: - control_dedup.py: optional collection param on Qdrant functions - crosswalk_routes.py: POST/GET batch-dedup endpoints Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 07:06:38 +01:00
Benjamin Admin	cce2707c03	fix: update 61 outdated test mocks to match current schemas ... Tests were failing due to stale mock objects after schema extensions: - DSFA: add _mapping property to _DictRow, use proper mock instead of MagicMock - Company Profile: add 6 missing fields (project_id, offering_urls, etc.) - Legal Templates/Policy: update document type count 52→58 - VVT: add 13 missing attributes to activity mock - Legal Documents: align consent test assertions with production behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 06:40:42 +01:00
Benjamin Admin	2efc738803	Merge branch 'feature/anti-fake-evidence' into main ... Anti-Fake-Evidence System (Phase 1-4b): Confidence levels, assertion engine, four-eyes approval, audit trail, traceability matrix UI, evidence distribution dashboard.	2026-03-23 21:12:45 +01:00
Benjamin Admin	e6201d5239	feat: Anti-Fake-Evidence System (Phase 1-4b) ... Implement full evidence integrity pipeline to prevent compliance theater: - Confidence levels (E0-E4), truth status tracking, assertion engine - Four-Eyes approval workflow, audit trail, reject endpoint - Evidence distribution dashboard, LLM audit routes - Traceability matrix (backend endpoint + Compliance Hub UI tab) - Anti-fake badges, control status machine, normative patterns - 2 migrations, 4 test suites, MkDocs documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 17:15:45 +01:00
Benjamin Admin	48ca0a6bef	feat: Framework Decomposition Engine + Composite Detection for Pass 0b ... Adds a routing layer between Pass 0a and Pass 0b that classifies obligations into atomic/compound/framework_container. Framework-container obligations (e.g. "CCM-Praktiken fuer AIS") are decomposed into concrete sub-obligations via an internal framework registry before Pass 0b composition. - New: framework_decomposition.py with routing, matching, decomposition - New: Framework registry (NIST SP 800-53, OWASP ASVS, CSA CCM) as JSON - New: Composite detection flags on atomic controls (is_composite, atomicity) - New: gen_meta fields: framework_ref, framework_domain, decomposition_source - Integration: _route_and_compose() in run_pass0b() deterministic path - 248 tests (198 decomposition + 50 framework), all passing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 12:11:55 +01:00
Benjamin Admin	1a63f5857b	feat: Deterministic Control Composition Engine v2 for Pass 0b ... Replace LLM-based Pass 0b with rule-based deterministic engine that composes atomic controls from obligation data without any LLM call. Engine features: - 24 action types (implement, configure, define, document, maintain, review, monitor, assess, audit, test, verify, validate, report, notify, train, restrict_access, encrypt, delete, retain, ensure, approve, remediate, perform, obtain) - 19 object classes (policy, procedure, register, record, report, technical_control, access_control, cryptographic_control, configuration, account, system, data, interface, role, training, incident, risk_artifact, process, consent) - Compound action splitting with no-split phrases - Title pattern: "{Object} {state_suffix}" (24 state suffixes) - Statement field: "{condition} {object} ist {trigger} {action}" - Pattern candidates for downstream categorization (26 specific combos + 24 action fallbacks) - Structured timing: deadline_hours + frequency extraction - Confidence scoring (0.3 base + action/object/trigger/template) - Merge group hints for dedup: "{action}:{norm_obj}:{trigger}" - Synonym-based object normalization (50+ German synonyms) - 16 specific (action_type, object_class) template overrides - Output validator with Pflichtfelder + Negativregeln + Warnregeln - All new fields serialized into gen_meta JSONB (no migration needed) Tests: 185 passed (33 new tests covering all engine components) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 11:05:48 +01:00
Benjamin Admin	295c18c6f7	feat: add DECOMPOSITION_LLM_MODEL env var for runtime model switching ... Allows switching between Haiku 4.5 and Sonnet 4.6 for Pass 0b without rebuilding the backend container. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 09:20:10 +01:00
Benjamin Admin	649a3c5e4e	perf: switch Pass 0b default model to Haiku 4.5 ... Benchmark shows Haiku is 2.5x faster than Sonnet at 5x lower cost for this JSON structuring task. Quality is equivalent. $142 vs $705 for 75K obligations, ~2.8 days vs ~7 days. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 09:12:01 +01:00
Benjamin Admin	bdd2f6fa0f	fix: cap Anthropic max_tokens to 16384 for Pass 0b batches ... Previous formula (batch_size * 1500) exceeded Claude's 16K output limit for batch_size > 10, causing API failures and Ollama fallback. New formula: min(16384, max(4096, batch_size * 500)) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 08:50:45 +01:00
Benjamin Admin	ac6134ce6d	feat: control_parent_links population + traceability API + frontend ... - _write_atomic_control() now uses RETURNING id and inserts into control_parent_links (M:N) with source_regulation, source_article, and obligation_candidate_id parsed from parent's source_citation - New _parse_citation() helper for JSONB source_citation extraction - New GET /controls/{id}/traceability endpoint returning full chain: parent links with obligations, child controls, source_count - Backend: control_type filter (atomic/rich) for controls + count - Frontend: Rechtsgrundlagen section in ControlDetail showing all parent links per source regulation with obligation text + strength - Frontend: Atomic/Rich filter dropdown in Control Library list - Frontend: GenerationStrategyBadge recognizes 'pass0b' strategy - Tests: 3 new tests for parent_link creation + citation parsing, existing batch test mock updated for RETURNING clause Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 08:14:29 +01:00
Benjamin Admin	0027f78fc5	fix(ci): sync AllowedCollections test with current whitelist ... TestAllowedCollections was asserting bp_compliance_recht which was removed from the handler whitelist. Updated test to match the actual AllowedCollections map (added bp_compliance_gdpr, bp_dsfa_templates, bp_dsfa_risks, bp_iace_libraries; removed bp_compliance_recht). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-22 09:23:23 +01:00
Benjamin Admin	b29a7caee7	feat(scripts): add Phase I ingestion script for 12 new documents ... Covers NIST SP 800-160/30/82, SPDX 3.0, CVSS v4.0, SLSA v1.0, CycloneDX 1.6, OpenTelemetry, EU Machinery Guide 2006/42/EC, FDA Human Factors, and 5 GPAI documents (Scope Guidelines, Communication, CoP Safety/Transparency/Copyright). All documents include license metadata in regulation payloads. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-22 09:18:30 +01:00