7 Analyse-Module (Requirements, Controls, Evidence, Risk Matrix, AI Act,
Audit Checklist, Audit Report) von ~35% auf 100% gebracht:
- Catch-all Proxy-Route /api/sdk/v1/compliance/[[...path]] erstellt
- DELETE-Endpoints fuer Risks und Evidence im Backend hinzugefuegt
- Alle 7 Frontend-Seiten ans Backend gewired (Fetch, PUT, POST, DELETE)
- Mock-Daten durch Backend-Daten ersetzt, Templates als Fallback
- Loading-Skeletons und Error-Banner hinzugefuegt
- AI Act: Add-System-Form + assess-risk API-Integration
- Audit Report: API-Pfade von /api/admin/ auf /api/sdk/v1/compliance/ korrigiert
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Migrate queryRAG from klausur-service GET to bp-core-rag-service POST with
multi-collection support. Each of the 18 ScopeDocumentType now gets a
type-specific RAG collection and optimized search query instead of the
generic fallback. Vendor-compliance contract review now uses LLM + RAG
for real analysis with mock fallback on error.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add legal context enrichment from Qdrant vector corpus to the two
highest-priority modules (Requirements AI assistant and DSFA drafting
engine).
Go SDK:
- Add SearchCollection() with collection override + whitelist validation
- Refactor Search() to delegate to shared searchInternal()
Python backend:
- New ComplianceRAGClient proxying POST /sdk/v1/rag/search (error-tolerant)
- AI assistant: enrich interpret_requirement() and suggest_controls() with RAG
- Requirements API: add ?include_legal_context=true query parameter
Admin (Next.js):
- Extract shared queryRAG() utility from chat route
- Inject RAG legal context into v1 and v2 draft pipelines
Tests for all three layers (Go, Python, TypeScript shared utility).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Increase num_predict from 2048 to 8192 to prevent mid-sentence cutoff
- Add "Quellenschutz" rules to system prompt: agent refuses to list all
available sources/collections, only reveals sources used in answers
- Remove internal collection names from RAG context sent to LLM
- Agent confirms knowledge on specific topics but refuses meta-queries
like "what sources do you have?"
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Ingestion script: Add 3 new PDFs (IFRS DE/EN, EFRAG Endorsement Status)
to ingest-industry-compliance.sh (7 → 10 documents total)
- System prompt: Add EU-IFRS and EFRAG to competence area, add mandatory
IFRS endorsement warning section for all IFRS/IAS queries
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace single DSFA corpus query with parallel search across 6 collections
via RAG service (port 8097)
- Add country parameter with metadata filter for bp_compliance_gesetze
- Add country-specific system prompt section
- Add DE/AT/CH/EU toggle buttons in ComplianceAdvisorWidget header
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The training API client sends X-Tenant-ID: "default" which the proxy was
forwarding as-is, causing the backend to return 0 results. Now both proxies
validate that tenant/user IDs match UUID format before forwarding, falling
back to the configured defaults.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Both academy and training proxy routes now set default identity headers
so the Go backend RBAC middleware can set the tenant context. Without
these defaults, the browser doesn't send X-User-ID and modules/courses
return empty.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Drafting Engine: 7-module pipeline with narrative tags, allowed facts governance,
PII sanitizer, prose validator with repair loop, hash-based cache, and terminology
guide. v1 fallback via ?v=1 query param.
IACE: Initial AI-Act Conformity Engine with risk classifier, completeness checker,
hazard library, and PostgreSQL store for AI system assessments.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Reduce chat history from 10 to 6 messages to fit context window
- Lower num_predict from 8192 to 2048 for faster responses
- Add Training module link to SDK sidebar navigation
- Add snake_case to camelCase key transformation for reporting API
(Go backend returns snake_case, TypeScript expects camelCase)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implements the 4-level GCI scoring model (Module -> Risk-Weighted -> Regulation Area -> Final GCI)
with DSGVO, NIS2, ISO 27001, and EU AI Act integration.
Backend:
- 9 Go files: engine, models, weights, validity, NIS2 roles/scoring, ISO mapping/gap-analysis, mock data
- GCI handlers with 13 API endpoints under /sdk/v1/gci/
- Routes registered in main.go
Frontend:
- TypeScript types, API client, Next.js API proxy
- Dashboard page with 6 tabs (Overview, Breakdown, NIS2, ISO 27001, Matrix, Audit Trail)
- Sidebar navigation entry
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Next.js pages for Academy, Whistleblower, Incidents, Document Crawler,
DSB Portal, Industry Templates, Multi-Tenant and SSO. Add API proxy routes
and TypeScript SDK client libraries. Add server binary to .gitignore.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
