104 Commits

Author	SHA1	Message	Date
Benjamin Admin	ce3df9f080	feat: AI Act Obligations erweitert (60→81) + Decision Tree Q8 fix ... 1. 21 neue AI Act Obligations: - Art. 9 Risk Management (5 granulare Regeln) - Art. 10 Data Governance (3: Bias, Qualitaet, Versionierung) - Art. 12 Logging (3: I/O-Logging, Manipulationsschutz, Aufbewahrung) - Art. 14 Human Oversight (3: Override, Schulung, Automation Bias) - Art. 15 Accuracy/Cybersecurity (3: Genauigkeit, Robustheit, Security) - Art. 51/52/54/56 GPAI Governance (4: Klassifizierung, Kennzeichnung, EU-Rep, CoP) 2. Decision Tree Q8 praezisiert: "Stellst du ein KI-Modell fuer Dritte bereit?" statt generische GPAI-Frage Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 16:41:29 +02:00
Benjamin Admin	1989c410a9	test: BetrVG-Modul Tests — Konflikt-Score, Escalation, Obligations, Applicability ... 10 Tests: Score-Berechnung (no data, monitoring, HR, consulted), Escalation (E2/E3 Trigger), V2-Obligations-Loading, Applicability (DE/US/small). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 11:11:33 +02:00
Benjamin Admin	c55a6ab995	feat: BetrVG-Compliance-Modul — Obligations, Konflikt-Score, Frontend ... 1. BetrVG Obligations (JSON V2): 12 Pflichten basierend auf §87, §90, §94, §95, §99, §111 - BAG-Rechtsprechung referenziert (M365, SAP, Standardsoftware) - Applicability: DE + >=5 Mitarbeiter 2. Betriebsrats-Konflikt-Score (0-100): Gewichtete Formel aus 8 Faktoren - Ueberwachungseignung, HR-Bezug, Individualisierbarkeit, Automation - Escalation-Trigger: Score>=50 ohne BR → E2, Score>=75 → E3 3. Frontend: 3 neue Intake-Felder (Monitoring, HR, BR-Konsultation) - BR-Konflikt-Badge in Use-Case-Liste + Detail-Seite - Farbcodierung: gruen/gelb/orange/rot Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 10:49:56 +02:00
Sharang Parnerkar	3320ef94fc	refactor: phase 0 guardrails + phase 1 step 2 (models.py split) ... Squash of branch refactor/phase0-guardrails-and-models-split — 4 commits, 81 files, 173/173 pytest green, OpenAPI contract preserved (360 paths / 484 operations). ## Phase 0 — Architecture guardrails Three defense-in-depth layers to keep the architecture rules enforced regardless of who opens Claude Code in this repo: 1. .claude/settings.json PreToolUse hook on Write/Edit blocks any file that would exceed the 500-line hard cap. Auto-loads in every Claude session in this repo. 2. scripts/githooks/pre-commit (install via scripts/install-hooks.sh) enforces the LOC cap locally, freezes migrations/ without [migration-approved], and protects guardrail files without [guardrail-change]. 3. .gitea/workflows/ci.yaml gains loc-budget + guardrail-integrity + sbom-scan (syft+grype) jobs, adds mypy --strict for the new Python packages (compliance/{services,repositories,domain,schemas}), and tsc --noEmit for admin-compliance + developer-portal. Per-language conventions documented in AGENTS.python.md, AGENTS.go.md, AGENTS.typescript.md at the repo root — layering, tooling, and explicit "what you may NOT do" lists. Root CLAUDE.md is prepended with the six non-negotiable rules. Each of the 10 services gets a README.md. scripts/check-loc.sh enforces soft 300 / hard 500 and surfaces the current baseline of 205 hard + 161 soft violations so Phases 1-4 can drain it incrementally. CI gates only CHANGED files in PRs so the legacy baseline does not block unrelated work. ## Deprecation sweep 47 files. Pydantic V1 regex= -> pattern= (2 sites), class Config -> ConfigDict in source_policy_router.py (schemas.py intentionally skipped; it is the Phase 1 Step 3 split target). datetime.utcnow() -> datetime.now(timezone.utc) everywhere including SQLAlchemy default= callables. All DB columns already declare timezone=True, so this is a latent-bug fix at the Python side, not a schema change. DeprecationWarning count dropped from 158 to 35. ## Phase 1 Step 1 — Contract test harness tests/contracts/test_openapi_baseline.py diffs the live FastAPI /openapi.json against tests/contracts/openapi.baseline.json on every test run. Fails on removed paths, removed status codes, or new required request body fields. Regenerate only via tests/contracts/regenerate_baseline.py after a consumer-updated contract change. This is the safety harness for all subsequent refactor commits. ## Phase 1 Step 2 — models.py split (1466 -> 85 LOC shim) compliance/db/models.py is decomposed into seven sibling aggregate modules following the existing repo pattern (dsr_models.py, vvt_models.py, ...): regulation_models.py (134) — Regulation, Requirement control_models.py (279) — Control, Mapping, Evidence, Risk ai_system_models.py (141) — AISystem, AuditExport service_module_models.py (176) — ServiceModule, ModuleRegulation, ModuleRisk audit_session_models.py (177) — AuditSession, AuditSignOff isms_governance_models.py (323) — ISMSScope, Context, Policy, Objective, SoA isms_audit_models.py (468) — Finding, CAPA, MgmtReview, InternalAudit, AuditTrail, Readiness models.py becomes an 85-line re-export shim in dependency order so existing imports continue to work unchanged. Schema is byte-identical: __tablename__, column definitions, relationship strings, back_populates, cascade directives all preserved. All new sibling files are under the 500-line hard cap; largest is isms_audit_models.py at 468. No file in compliance/db/ now exceeds the hard cap. ## Phase 1 Step 3 — infrastructure only backend-compliance/compliance/{schemas,domain,repositories}/ packages are created as landing zones with docstrings. compliance/domain/ exports DomainError / NotFoundError / ConflictError / ValidationError / PermissionError — the base classes services will use to raise domain-level errors instead of HTTPException. PHASE1_RUNBOOK.md at backend-compliance/PHASE1_RUNBOOK.md documents the nine-step execution plan for Phase 1: snapshot baseline, characterization tests, split models.py (this commit), split schemas.py (next), extract services, extract repositories, mypy --strict, coverage. ## Verification backend-compliance/.venv-phase1: uv python install 3.12 + pip -r requirements.txt PYTHONPATH=. pytest compliance/tests/ tests/contracts/ -> 173 passed, 0 failed, 35 warnings, OpenAPI 360/484 unchanged Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 13:18:29 +02:00
Benjamin Admin	bc75b4455d	feat: AI Act Decision Tree — Zwei-Achsen-Klassifikation (GPAI + High-Risk) ... Interaktiver 12-Fragen-Entscheidungsbaum für die AI Act Klassifikation auf zwei Achsen: High-Risk (Anhang III, Q1-Q7) und GPAI (Art. 51-56, Q8-Q12). Deterministische Auswertung ohne LLM. Backend (Go): - Neue Structs: GPAIClassification, DecisionTreeAnswer, DecisionTreeResult - Decision Tree Engine mit BuildDecisionTreeDefinition() und EvaluateDecisionTree() - Store-Methoden für CRUD der Ergebnisse - API-Endpoints: GET/POST /decision-tree, GET/DELETE /decision-tree/results - 12 Unit Tests (alle bestanden) Frontend (Next.js): - DecisionTreeWizard: Wizard-UI mit Ja/Nein-Fragen, Dual-Progress-Bar, Ergebnis-Ansicht - AI Act Page refactored: Tabs (Übersicht | Entscheidungsbaum | Ergebnisse) - Proxy-Route für decision-tree Endpoints Migration 083: ai_act_decision_tree_results Tabelle Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-29 10:14:09 +02:00
Benjamin Admin	0027f78fc5	fix(ci): sync AllowedCollections test with current whitelist ... TestAllowedCollections was asserting bp_compliance_recht which was removed from the handler whitelist. Updated test to match the actual AllowedCollections map (added bp_compliance_gdpr, bp_dsfa_templates, bp_dsfa_risks, bp_iace_libraries; removed bp_compliance_recht). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-22 09:23:23 +01:00
Benjamin Admin	c52dbdb8f1	feat(rag): optimize RAG pipeline — JSON-Mode, CoT, Hybrid Search, Re-Ranking, Cross-Reg Dedup, chunk 1024 ... Phase 1 (LLM Quality): - Add format=json to all Ollama payloads (obligation_extractor, control_generator, citation_backfill) - Add Chain-of-Thought analysis steps to Pass 0a/0b system prompts Phase 2 (Retrieval Quality): - Hybrid search via Qdrant Query API with RRF fusion + automatic text index (legal_rag.go) - Fallback to dense-only search if Query API unavailable - Cross-encoder re-ranking with BGE Reranker v2 (RERANK_ENABLED=false by default) - CPU-only PyTorch dependency to keep Docker image small Phase 3 (Data Layer): - Cross-regulation dedup pass (threshold 0.95) links controls across regulations - DedupResult.link_type field distinguishes dedup_merge vs cross_regulation - Chunk size defaults updated 512/50 → 1024/128 for new ingestions only - Existing collections and controls are NOT affected Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-21 11:49:43 +01:00
Benjamin Admin	825e070ed9	feat(multi-layer): complete Multi-Layer Control Architecture (Phases 1-8 + Pass 0) ... Implements the full Multi-Layer Control Architecture for migrating ~25,000 Rich Controls into atomic, deduplicated Master Controls with full traceability. Architecture: Legal Source → Obligation → Control Pattern → Master Control → Customer Instance New services: - ObligationExtractor: 3-tier extraction (exact → embedding → LLM) - PatternMatcher: 2-tier matching (keyword + embedding + domain-bonus) - ControlComposer: Pattern + Obligation → Master Control - PipelineAdapter: Pipeline integration + Migration Passes 1-5 - DecompositionPass: Pass 0a/0b — Rich Control → atomic Controls - CrosswalkRoutes: 15 API endpoints under /v1/canonical/ New DB schema: - Migration 060: obligation_extractions, control_patterns, crosswalk_matrix - Migration 061: obligation_candidates, parent_control_uuid tracking Pattern Library: 50 YAML patterns (30 core + 20 IT-security) Go SDK: Pattern loader with YAML validation and indexing Documentation: MkDocs updated with full architecture overview 500 Python tests passing across all components. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-17 09:00:37 +01:00
Benjamin Admin	4f6bc8f6f6	feat(training+controls): interactive video pipeline, training blocks, control generator, CE libraries ... Interactive Training Videos (CP-TRAIN): - DB migration 022: training_checkpoints + checkpoint_progress tables - NarratorScript generation via Anthropic (AI Teacher persona, German) - TTS batch synthesis + interactive video pipeline (slides + checkpoint slides + FFmpeg) - 4 new API endpoints: generate-interactive, interactive-manifest, checkpoint submit, checkpoint progress - InteractiveVideoPlayer component (HTML5 Video, quiz overlay, seek protection, progress tracking) - Learner portal integration with automatic completion on all checkpoints passed - 30 new tests (handler validation + grading logic + manifest/progress + seek protection) Training Blocks: - Block generator, block store, block config CRUD + preview/generate endpoints - Migration 021: training_blocks schema Control Generator + Canonical Library: - Control generator routes + service enhancements - Canonical control library helpers, sidebar entry - Citation backfill service + tests - CE libraries data (hazard, protection, evidence, lifecycle, components) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 21:41:48 +01:00
Benjamin Admin	d2133dbfa2	test+docs(iace): add handler tests, error-handling tests, JSON export tests, TipTap docs ... - Create iace_handler_test.go (22 tests): input validation for InitFromProfile, GenerateSingleSection, ExportTechFile, CheckCompleteness, getTenantID, CreateProject, ListProjects, Component CRUD handlers - Add error-handling tests to tech_file_generator_test.go: nil context, nil project, empty components/hazards/classifications/evidence, unknown section type, all 19 getSystemPrompt types, AI-specific section prompts - Add JSON export tests to document_export_test.go: valid output, empty project, nil project error, special character handling (German text, XML escapes) - Add iace-hazard-library.md to mkdocs.yml navigation - Add TipTap Rich-Text-Editor section to iace.md documentation Total: 181 tests passing (was 165), 0 failures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 13:15:31 +01:00
Benjamin Admin	6d2de9b897	feat(iace): complete CE risk assessment — LLM tech-file generation, multi-format export, TipTap editor ... Phase 1: Fix completeness gates G23 (require verified/rejected mitigations) and G09 (audit trail check) Phase 2: LLM-based tech-file section generation with 19 German prompts and RAG enrichment Phase 3: Multi-format document export (PDF/Excel/DOCX/Markdown/JSON) Phase 4: Company profile → IACE data flow with auto component/classification creation Phase 5: TipTap WYSIWYG editor replacing textarea for tech-file sections Phase 6: User journey tests, developer portal API reference, updated documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 12:50:53 +01:00
Benjamin Admin	5adb1c5f16	feat(iace): integrate Rule Library as 58 extended hazard patterns (HP045-HP102) ... Parsed 171 explicit rules from 4 Rule Library Word documents (R051-R1550), deduplicated into 58 unique (component, energy_source) patterns, and mapped to existing IACE IDs (component tags, M-IDs, E-IDs). Changes: - hazard_patterns_extended.go: 58 new patterns derived from Rule Library - pattern_engine.go: combines builtin (44) + extended (58) = 102 total patterns - iace_handler.go: ListHazardPatterns returns all 102 patterns - iace.md: updated documentation for 102 patterns - scripts/generate-rule-patterns.py: mapping + Go code generator - scripts/parsed-rule-library.json: extracted rule data Tests: 132 passing (9 new extended pattern tests) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 11:24:07 +01:00
Benjamin Admin	9c1355c05f	feat(iace): Phase 5+6 — frontend integration, RAG library search, comprehensive tests ... Phase 5 — Frontend Integration: - components/page.tsx: ComponentLibraryModal with 120 components + 20 energy sources - hazards/page.tsx: AutoSuggestPanel with 3-column pattern matching review - mitigations/page.tsx: SuggestMeasuresModal per hazard with 3-level grouping - verification/page.tsx: SuggestEvidenceModal per mitigation with evidence types Phase 6 — RAG Library Search: - Added bp_iace_libraries to AllowedCollections whitelist in rag_handlers.go - SearchLibrary endpoint: POST /iace/library-search (semantic search across libraries) - EnrichTechFileSection endpoint: POST /projects/:id/tech-file/:section/enrich - Created ingest-iace-libraries.sh ingestion script for Qdrant collection Tests (123 passing): - tag_taxonomy_test.go: 8 tests for taxonomy entries, domains, essential tags - controls_library_test.go: 7 tests for measures, reduction types, subtypes - integration_test.go: 7 integration tests for full match flow and library consistency - Extended tag_resolver_test.go: 9 new tests for FindByTags and cross-category resolution Documentation: - Updated iace.md with Hazard-Matching-Engine, RAG enrichment, and new DB tables Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 10:22:49 +01:00
Benjamin Admin	3b2006ebce	feat(iace): add hazard-matching-engine with component library, tag system, and pattern engine ... Implements Phases 1-4 of the IACE Hazard-Matching-Engine: - 120 machine components (C001-C120) in 11 categories - 20 energy sources (EN01-EN20) - ~85 tag taxonomy across 5 domains - 44 hazard patterns with AND/NOT matching logic - Pattern engine with tag resolution and confidence scoring - 8 new API endpoints (component-library, energy-sources, tags, patterns, match/apply) - Completeness gate G09 for pattern matching - 320 tests passing (36 new) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 08:50:11 +01:00
Benjamin Admin	c7651796c9	feat(iace): integrate ISO 12100 machine risk model with 4-factor assessment ... Add dual-mode risk engine: legacy S×E×P (avoidance=0) and ISO mode S×F×P×A (avoidance>=1) with new thresholds (low/medium/high/very_high/not_acceptable). - 150+ hazard library entries across 28 categories incl. physical hazards (mechanical, electrical, thermal, pneumatic/hydraulic, noise/vibration, ergonomic, material/environmental) - 160-entry protective measures library with 3-step hierarchy validation (design → protective → information) - 25 lifecycle phases, 20 affected person roles, 50 evidence types - 10 verification methods (expanded from 7) - New API endpoints: lifecycle-phases, roles, evidence-types, protective-measures-library, validate-mitigation-hierarchy - DB migrations 018+019 for extended schema - Frontend: 4-slider risk assessment, hierarchy warnings, measures library modal - MkDocs wiki updated with ISO mode docs and legal notice (no norm text) All content uses original wording — norms referenced as methodology only. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-15 23:13:41 +01:00
Benjamin Admin	49ce417428	feat: add compliance modules 2-5 (dashboard, security templates, process manager, evidence collector) ... Module 2: Extended Compliance Dashboard with roadmap, module-status, next-actions, snapshots, score-history Module 3: 7 German security document templates (IT-Sicherheitskonzept, Datenschutz, Backup, Logging, Incident-Response, Zugriff, Risikomanagement) Module 4: Compliance Process Manager with CRUD, complete/skip/seed, ~50 seed tasks, 3-tab UI Module 5: Evidence Collector Extended with automated checks, control-mapping, coverage report, 4-tab UI Also includes: canonical control library enhancements (verification method, categories, dedup), control generator improvements, RAG client extensions 52 tests pass, frontend builds clean. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-14 21:03:04 +01:00
Benjamin Admin	b4d2be83eb	Merge gitea/main: resolve ci.yaml conflict, keep Coolify deploy ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 13:26:17 +01:00
sharang	f1710fdb9e	fix: migrate deployment from Hetzner to Coolify (#1) ... ## Summary - Add Coolify deployment configuration (docker-compose, healthchecks, network setup) - Replace deploy-hetzner CI job with Coolify webhook deploy - Externalize postgres, qdrant, S3 for Coolify environment ## All changes since branch creation - Coolify docker-compose with Traefik labels and healthchecks - CI pipeline: deploy-hetzner → deploy-coolify (simple webhook curl) - SQLAlchemy 2.x text() compatibility fixes - Alpine-compatible Dockerfile fixes Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com> Reviewed-on: #1	2026-03-13 10:45:35 +00:00
Sharang Parnerkar	998d427c3c	fix: update alpine base to 3.21 for ai-compliance-sdk ... Alpine 3.19 apk mirrors failing during Coolify build. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 10:13:57 +01:00
Benjamin Admin	050f353192	feat(canonical-controls): Canonical Control Library — rechtssichere Security Controls ... Eigenstaendig formulierte Security Controls mit unabhaengiger Taxonomie und Open-Source-Verankerung (OWASP, NIST, ENISA). Keine BSI-Nomenklatur. - Migration 044: 5 DB-Tabellen (frameworks, controls, sources, licenses, mappings) - 10 Seed Controls mit 39 Open-Source-Referenzen - License Gate: Quellen-Berechtigungspruefung (analysis/excerpt/embeddings/product) - Too-Close-Detektor: 5 Metriken (exact-phrase, token-overlap, ngram, embedding, LCS) - REST API: 8 Endpoints unter /v1/canonical/ - Go Loader mit Multi-Index (ID, domain, severity, framework) - Frontend: Control Library Browser + Provenance Wiki - CI/CD: validate-controls.py Job (schema, no-leak, open-anchors) - 67 Tests (8 Go + 59 Python), alle PASS - MkDocs Dokumentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 19:55:06 +01:00
Benjamin Admin	46048554cb	fix(sdk): Fix ScopeDecisionTab crash — type mismatches with backend types ... - DEPTH_LEVEL_COLORS: simple strings → objects with {bg, border, badge, text} Tailwind classes - decision.reasoning: render as mapped array instead of direct JSX child - trigger.X → trigger.rule.X for TriggeredHardTrigger properties - doc.isMandatory → doc.required, doc.depthDescription → doc.depth - doc.effortEstimate → doc.estimatedEffort, doc.triggeredByHardTrigger → doc.triggeredBy - decision.gapAnalysis → decision.gaps (matching ScopeDecision type) - getSeverityBadge: uppercase severity ('LOW'|'MEDIUM'|'HIGH'|'CRITICAL') - Also includes CLAUDE.md and DEVELOPER.md CI/CD documentation updates Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 09:07:41 +01:00
Benjamin Admin	091f093e1b	fix(ci): Add missing ReportingHandlers + fix Python 3.9 compat ... - Create reporting_handlers.go with ReportingHandlers struct and 4 endpoint methods (GetExecutiveReport, GetComplianceScore, GetUpcomingDeadlines, GetRiskOverview) to fix build failure - Fix gap_analysis/analyzer.py: use Optional[list[str]] instead of list[str] | None for Python 3.9 compatibility Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 00:21:50 +01:00
Benjamin Admin	95fcba34cd	fix(quality): Ruff/CVE/TS-Fixes, 104 neue Tests, Complexity-Refactoring ... - Ruff: 144 auto-fixes (unused imports, == None → is None), F821/F811/F841 manuell - CVEs: python-multipart>=0.0.22, weasyprint>=68.0, pillow>=12.1.1, npm audit fix (0 vulns) - TS: 5 tote Drafting-Engine-Dateien entfernt, allowed-facts/sanitizer/StepHeader/context fixes - Tests: +104 (ISMS 58, Evidence 18, VVT 14, Generation 14) → 1449 passed - Refactoring: collect_ci_evidence (F→A), row_to_response (E→A), extract_requirements (E→A) - Dead Code: pca-platform, 7 Go-Handler, dsr_api.py, duplicate Schemas entfernt Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 19:00:33 +01:00
Benjamin Admin	ef9aed666f	fix(reporting): Replace deleted dsgvo/vendor/incidents store imports with direct SQL ... The reporting module imported packages deleted in the previous commit. Replaced with direct SQL queries against the compliance schema tables. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 09:53:46 +01:00
Benjamin Admin	37166c966f	feat(sdk): Audit-Dashboard + RBAC-Admin Frontends, UCCA/Go Cleanup ... - Remove 5 unused UCCA routes (wizard, stats, dsb-pool) from Go main.go - Delete 64 deprecated Go handlers (DSGVO, Vendors, Incidents, Drafting) - Delete legacy proxy routes (dsgvo, vendors) - Add LLM Audit Dashboard (3 tabs: Log, Nutzung, Compliance) with export - Add RBAC Admin UI (5 tabs: Mandanten, Namespaces, Rollen, Benutzer, LLM-Policies) - Add proxy routes for audit-llm and rbac to Go backend - Add Workshop, Portfolio, Roadmap proxy routes and frontends - Add LLM Audit + RBAC Admin to SDKSidebar Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 09:45:56 +01:00
Benjamin Admin	3467bce222	feat(obligations): Go PARTIAL DEPRECATED, Python x-user-id, UCCA Proxy Headers, 62 Tests ... - Go obligations_handlers.go: CRUD-Overlap als deprecated markiert, AI-Features (Assess/Gap/TOM/Export) bleiben aktiv - Python obligation_routes.py: x-user-id Header + Audit-Logging an 4 Write-Endpoints - 3 UCCA Proxy-Dateien: Default X-Tenant-ID + X-User-ID Headers - Tests von 39 auf 62 erweitert (+23 Route-Integration-Tests mit mock_db/TestClient) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 21:31:14 +01:00
Benjamin Admin	a5e4801b09	fix(escalations): Tenant/User-ID Defaults + Routing-Klarheit ... - escalations/route.ts: X-Tenant-Id + X-User-Id Default-Header ergaenzt, X-User-Id aus Request weitergeleitet - escalation_routes.py: DEFAULT_TENANT_ID Konstante (9282a473-...) statt 'default' - test_escalation_routes.py: vollstaendige Test-Suite ergaenzt (+337 Zeilen) - main.go + escalation_handlers.go: DEPRECATED-Kommentare — UCCA-Escalations bleiben fuer Assessment-Review, Haupt-Escalation-System ist Python-Backend Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-06 21:15:02 +01:00
Benjamin Admin	2dd86e97be	feat(incidents): Go Incidents nach Python migrieren, Proxy umleiten, 50 Tests ... - incident_routes.py: 15 Endpoints (CRUD, Risk Assessment, Art. 33/34 Notifications, Measures, Timeline, Close, Stats) - Neuer Endpoint PUT /{id}/status (nicht in Go vorhanden, Frontend braucht ihn) - Proxy von ai-compliance-sdk:8090 auf backend-compliance:8002 umgeleitet - Go incidents_handlers.go + main.go als DEPRECATED markiert - 50/50 Tests bestanden Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 20:50:00 +01:00
Benjamin Admin	8742cb7f5a	docs: Qdrant und MinIO/Object-Storage Referenzen aktualisieren ... - Qdrant: lokaler Container → qdrant-dev.breakpilot.ai (gehostet, API-Key) - MinIO: bp-core-minio → Hetzner Object Storage (nbg1.your-objectstorage.com) - CLAUDE.md, MkDocs, ARCHITECTURE.md, training.md, ci-cd-pipeline.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 20:18:29 +01:00
Benjamin Admin	6a940344c2	feat(dsfa): Go DSFA deprecated, URL-Fix, fehlende Endpoints + 145 Tests ... - Go: DEPRECATED-Kommentare an allen 6 DSFA-Handlern + Route-Block - api.ts: URL-Fix /dsgvo/dsfas → /dsfa (Detail-Seite war komplett kaputt) - Python: Section-Update, Workflow (submit/approve), Export (JSON+CSV), UCCA-Stubs - Tests: 145/145 bestanden (Schema + Route-Integration mit TestClient+SQLite) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 19:41:12 +01:00
Benjamin Admin	095eff26d9	feat(dsr): Go DSR deprecated, Python Export-Endpoint, Frontend an Backend-APIs anbinden ... - Go: DEPRECATED-Kommentare an allen DSR-Handlern und Routes - Python: GET /dsr/export?format=csv|json (Semikolon-CSV, 12 Spalten) - API-Client: 12 neue Funktionen (verify, assign, extend, complete, reject, communications, exception-checks, history) - Detail-Seite: Alle Actions verdrahtet (keine Coming-soon-Alerts mehr), Communications + Art.17(3)-Checks + Audit-Log live - Haupt-Seite: CSV-Export-Button im Header - Tests: 54/54 bestanden (4 neue Export-Tests) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 18:21:43 +01:00
Benjamin Admin	3593a4ff78	feat(tom): TOM-Backend in Python erstellen, Frontend von In-Memory auf DB migrieren ... - Migration 034: compliance_tom_state + compliance_tom_measures Tabellen - Python Routes: State CRUD, Measures CRUD, Bulk-Upsert, Stats, CSV/JSON-Export - Frontend-Proxy: In-Memory Storage durch Proxy zu backend-compliance ersetzt - Go TOM-Handler als DEPRECATED markiert (Source of Truth ist jetzt Python) - 44 Tests (alle bestanden) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 17:35:44 +01:00
Benjamin Admin	4cbfea5c1d	feat(vvt): Go-Features nach Python portieren (Source of Truth) ... Review-Daten (last_reviewed_at, next_review_at), created_by, DSFA-Link, CSV-Export mit Semikolon-Trennung, overdue_review_count in Stats. Go-VVT-Handler als DEPRECATED markiert. 32 Tests bestanden. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 17:14:38 +01:00
Benjamin Admin	4d2f4f2d24	feat(qdrant): Migrate to hosted qdrant-dev.breakpilot.ai with API-Key auth ... - LegalRAGClient: QDRANT_HOST+PORT → QDRANT_URL + QDRANT_API_KEY - docker-compose: env vars updated for hosted Qdrant - AllowedCollections: added bp_compliance_gdpr, bp_dsfa_templates, bp_dsfa_risks - Migration scripts (bash + python) for data transfer Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 13:55:21 +01:00
Benjamin Admin	a1980cd12d	feat(reporting+docs): tenant-ID-Validierung, Go-Tests, 4 MkDocs-Einzelseiten ... - reporting_handlers.go: uuid.Nil-Check vor Store-Aufruf (→ 400) - reporting_handlers_test.go: 4 MissingTenantID-Tests (PASS) + 4 WithTenant-Tests (SKIP) - docs-src: requirements.md, controls.md, evidence.md, risks.md (je mit API, Schema, Tests) - mkdocs.yml: 4 neue Nav-Einträge + \n-Bug auf Zeile 91 behoben - compliance-kern.md: Link-Hinweise zu Detailseiten ergänzt Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 18:25:26 +01:00
Benjamin Admin	efeacc1619	feat(iace): Hazard-Library v2, Controls-Library, SEPA Avoidance, CE RAG-Ingest ... - Hazard-Library: +79 neue Eintraege in 12 Kategorien (software_fault, hmi_error, mechanical_hazard, electrical_hazard, thermal_hazard, emc_hazard, configuration_error, safety_function_failure, logging_audit_failure, integration_error, environmental_hazard, maintenance_hazard) — Gesamtanzahl: ~116 Eintraege in 24 Kategorien - Controls-Library: neue Datei controls_library.go mit 200 Eintraegen in 6 Domaenen (REQ/ARCH/SWDEV/VER/CYBER/DOC) - Handler: GET /sdk/v1/iace/controls-library (?domain=, ?category=) - SEPA: CalculateInherentRisk() + 4. Param Avoidance (0=disabled, 1-5: 3=neutral); RiskComputeInput.Avoidance, RiskAssessment.Avoidance, AssessRiskRequest.Avoidance — backward-kompatibel (A=0 → S×E×P) - Tests: engine_test.go + hazard_library_test.go aktualisiert - Scripts: ingest-ce-corpus.sh — 15 CE/Safety-Dokumente (EUR-Lex, NIST, ENISA, NASA, OWASP, MITRE CWE) in bp_compliance_ce und bp_compliance_datenschutz - Docs: docs-src/services/sdk-modules/iace.md + mkdocs.yml Nav-Eintrag Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 17:13:01 +01:00
Benjamin Admin	f3ccfe5dcd	fix(ucca): Route-Konflikt :id vs :assessmentId — TOM-Controls Pfad geaendert ... GET /obligations/:id/tom-controls → GET /obligations/tom-controls/for-obligation/:obligationId Gin erlaubt keine unterschiedlichen Param-Namen auf demselben Pfad-Level. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 15:03:48 +01:00
Benjamin Admin	38e278ee3c	feat(ucca): Pflichtendatenbank v2 (325 Obligations), Trigger-Engine, TOM-Control-Mapping ... - 9 Regulation-JSON-Dateien (DSGVO 80, AI Act 60, NIS2 40, BDSG 30, TTDSG 20, DSA 35, Data Act 25, EU-Maschinen 15, DORA 20) - Condition-Tree-Engine fuer automatische Pflichtenselektion (all_of/any_of, 80+ Field-Paths) - Generischer JSONRegulationModule-Loader mit YAML-Fallback - Bidirektionales TOM-Control-Mapping (291 Obligation→Control, 92 Control→Obligation) - Gap-Analyse-Engine (Compliance-%, Priority Actions, Domain Breakdown) - ScopeDecision→UnifiedFacts Bridge fuer Auto-Profiling - 4 neue API-Endpoints (assess-from-scope, tom-controls, gap-analysis, reverse-lookup) - Frontend: Auto-Profiling Button, Regulation-Filter Chips, TOM-Panel, Gap-Analyse-View - 18 Unit Tests (Condition Engine, v2 Loader, TOM Mapper) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 14:51:44 +01:00
Benjamin Admin	274dc68e24	feat: Drafting Agent Kompetenzbereich erweitert — alle 18 Dokumenttypen, Gap-Banner, Redirect-Logic ... - DOCUMENT_SDK_STEP_MAP: 12 kaputte URLs korrigiert (z.B. /sdk/loeschkonzept → /sdk/loeschfristen) - Go Backend: iace_ce_assessment zur validTypes-Whitelist hinzugefuegt - SOUL-Datei: von 17 auf ~80 Zeilen erweitert (18 draftbare Typen, Redirects, operative Module) - Intent Classifier: 10 fehlende Dokumenttyp-Patterns + 5 Redirect-Patterns (Impressum/AGB/Widerruf → Document Generator) - State Projector: getExistingDocumentTypes von 6 auf 11 Checks erweitert (risks, escalations, iace, obligations, dsr) - DraftingEngineWidget: Gap-Banner fuer kritische Luecken mit Analysieren-Button - Cross-Validation: 4 neue deterministische Regeln (DSFA-NO-VVT, DSFA-NO-TOM, DSI-NO-LF, AV-NO-VVT) - Prose Blocks: 5 neue Dokumenttypen (av_vertrag, betroffenenrechte, risikoanalyse, notfallplan, iace_ce_assessment) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 09:07:07 +01:00
Benjamin Admin	312c2c9b60	feat: Use-Cases/UCCA Module auf 100% — Interface Fix, Search/Offset/Total, Explain/Export, Edit-Mode ... Kritische Bug Fixes: - [id]/page.tsx: FullAssessment Interface repariert (nested result → flat fields) - resultForCard baut explizit aus flachen Assessment-Feldern (feasibility, risk_score etc.) - Use-Case-Text-Pfad: assessment.intake?.use_case_text statt assessment.use_case_text - rule_code/code Mapping beim Übergeben an AssessmentResultCard Backend (A2+A3): - store.go: AssessmentFilters um Search + Offset erweitert - ListAssessments: COUNT-Query (total), ILIKE-Search auf title, OFFSET-Pagination - ListAssessments Signatur: ([]Assessment, int, error) - Handler: search/offset aus Query-Params, total in Response - import "strconv" hinzugefügt Neue Features: - KI-Erklärung Button (POST /explain) mit lila Erklärungsbox - Export-Buttons Markdown + JSON (Download-Links) - Edit-Mode in new/page.tsx: useSearchParams(?edit=id), Form vorausfüllen - Bedingte PUT/POST Logik; nach Edit → Detail-Seite Redirect - Suspense-Wrapper für useSearchParams (Next.js 15 Requirement) Backend Edit: - store.go: UpdateAssessment() Methode (UPDATE-Query) - ucca_handlers.go: UpdateAssessment Handler (re-evaluiert Intake) - main.go: PUT /ucca/assessments/:id Route registriert Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 15:13:42 +01:00
Benjamin Admin	14a99322eb	feat: Phase 2 — RAG integration in Requirements + DSFA Draft ... Add legal context enrichment from Qdrant vector corpus to the two highest-priority modules (Requirements AI assistant and DSFA drafting engine). Go SDK: - Add SearchCollection() with collection override + whitelist validation - Refactor Search() to delegate to shared searchInternal() Python backend: - New ComplianceRAGClient proxying POST /sdk/v1/rag/search (error-tolerant) - AI assistant: enrich interpret_requirement() and suggest_controls() with RAG - Requirements API: add ?include_legal_context=true query parameter Admin (Next.js): - Extract shared queryRAG() utility from chat route - Inject RAG legal context into v1 and v2 draft pipelines Tests for all three layers (Go, Python, TypeScript shared utility). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 08:57:39 +01:00
Benjamin Admin	a228b3b528	feat: add RAG corpus versioning and source policy backend ... Part 1 — RAG Corpus Versioning: - New DB table compliance_corpus_versions (migration 017) - Go CorpusVersionStore with CRUD operations - Assessment struct extended with corpus_version_id - API endpoints: GET /rag/corpus-status, /rag/corpus-versions/:collection - RAG routes (search, regulations) now registered in main.go - Ingestion script registers corpus versions after each run - Frontend staleness badge in SDK sidebar Part 3 — Source Policy Backend: - New FastAPI router with CRUD for allowed sources, PII rules, operations matrix, audit trail, stats, and compliance report - SQLAlchemy models for all source policy tables (migration 001) - Frontend API base corrected from edu-search:8088/8089 to backend-compliance:8002/api Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 07:58:08 +01:00
Benjamin Admin	8acf1d2e12	Add lesson content editor, quiz test endpoint, and lesson update API ... - Backend: UpdateLesson handler (PUT /lessons/:id) for editing title, content, quiz questions - Backend: TestQuiz handler (POST /lessons/:id/quiz-test) for quiz evaluation without enrollment - Frontend: Content editor with markdown textarea, save, and approve-for-video workflow - Frontend: Fix quiz endpoint to /lessons/:id/quiz-test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 17:57:15 +01:00
Benjamin Admin	66988d1304	feat(academy): bridge Academy with Training Engine for course generation ... - Add POST /academy/courses/generate endpoint that creates an academy course from a training module (with content + quiz as lessons) - Add POST /academy/courses/generate-all to bulk-generate all courses - Fix academy API response mapping (snake_case → camelCase) - Fix fetchCourses/fetchCourse/fetchEnrollments/fetchStats to unwrap backend response wrappers ({courses:[...]}, {course:{...}}) - Add "Alle Kurse generieren" button to academy overview page - Fix bulkResult.errors crash in training page (optional chaining) - Add SetAcademyCourseID to training store for bidirectional linking Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 11:57:13 +01:00
Benjamin Admin	71bc48449d	fix(training): resolve Gin route param conflicts for content/media routes ... Use consistent :moduleId param name for content routes and :mediaId for media routes. Add param adapters for handlers that expect different names. Fix frontend media API paths to match backend route structure. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 09:52:15 +01:00
Benjamin Admin	e5cb5e37ad	feat(training): register training routes and add missing academy API functions ... Connect the existing training engine handlers (40+ endpoints) to the router in main.go. This was the critical blocker preventing the training content pipeline from being accessible. Also adds generateCourse, generateVideos, and getVideoStatus functions to the academy API client, plus the GenerateCourseRequest type. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 09:46:16 +01:00
Benjamin Boenisch	06711bad1c	feat(sdk,iace): add Personalized Drafting Pipeline v2 and IACE engine ... Drafting Engine: 7-module pipeline with narrative tags, allowed facts governance, PII sanitizer, prose validator with repair loop, hash-based cache, and terminology guide. v1 fallback via ?v=1 query param. IACE: Initial AI-Act Conformity Engine with risk classifier, completeness checker, hazard library, and PostgreSQL store for AI system assessments. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-25 22:27:06 +01:00
Benjamin Boenisch	899e22a31b	feat(rag): connect bp_compliance_ce vector corpus to SDK ... - Switch LegalRAGClient from empty bp_legal_corpus to bp_compliance_ce collection (3,734 chunks across 14 regulations) - Replace embedding-service (384-dim MiniLM) with Ollama bge-m3 (1024-dim) - Add standalone RAG search endpoint: POST /sdk/v1/rag/search - Add regulations list endpoint: GET /sdk/v1/rag/regulations - Add QDRANT_HOST/PORT env vars to docker-compose.yml - Update regulation ID mapping to match actual Qdrant payload schema - Update determineRelevantRegulations for CE corpus regulation IDs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 23:44:47 +01:00
Benjamin Boenisch	ec1575fc56	fix(training): resolve Gin route conflicts and fix TTS Dockerfile ... - Fix route param conflict: /content/publish/:id instead of /content/:id/publish - Fix route conflict: /media/module/:moduleId for module media list - Use Piper binary instead of pip package (ARM64 compatibility) - Update frontend API URLs to match new routes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-16 22:04:47 +01:00
Benjamin Boenisch	375914e568	feat(training): add Media Pipeline — TTS Audio, Presentation Video, Bulk Generation ... Phase A: 8 new IT-Security training modules (SEC-PWD, SEC-DESK, SEC-KIAI, SEC-BYOD, SEC-VIDEO, SEC-USB, SEC-INC, SEC-HOME) with CTM entries. Bulk content and quiz generation endpoints for all 28 modules. Phase B: Piper TTS service (Python/FastAPI) for local German speech synthesis. training_media table, TTSClient in Go backend, audio generation endpoints, AudioPlayer component in frontend. MinIO storage integration. Phase C: FFmpeg presentation video pipeline — LLM generates slide scripts, ImageMagick renders 1920x1080 slides, FFmpeg combines with audio to MP4. VideoPlayer and ScriptPreview components in frontend. New files: 15 created, 9 modified - compliance-tts-service/ (Dockerfile, main.py, tts_engine.py, storage.py, slide_renderer.py, video_generator.py) - migrations 014-016 (training engine, IT-security modules, media table) - training package (models, store, content_generator, media, handlers) - frontend (AudioPlayer, VideoPlayer, ScriptPreview, api, types, page) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-16 21:45:05 +01:00