1cc0c3d34a
feat: Auftrag-Tab + Grenzen-Formular + CE-Report-Export
...
- Auftrag-Tab: Kunde, Anfrage, Angebot mit Status-Tracking
- Grenzen & Verwendung: 6 Sektionen (Produktbeschreibung, Verwendung,
Fehlanwendung, Grenzen, Schnittstellen, Betroffene Personen)
- CE-Akte Export: PDF (window.print) + Excel (CSV) mit allen Sektionen
(Normen, Gefaehrdungen, Risikobewertung, Massnahmen, Compliance)
- Navigation: Auftrag als 2. Tab, Briefcase-Icon
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 15:44:05 +02:00
6e71996733
fix: ComplianceAlerts API-Format Mapping
...
API liefert verschachteltes Format (trigger.regulation),
Frontend erwartete flaches Format. Mapping eingefuegt.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 15:41:25 +02:00
1d75bbf4eb
feat: IACE Navigation-Struktur — Grenzen-Tab + Zusatzmodule
...
- 'Grenzen & Verwendung' als neuen Tab eingefuegt (Schritt 3 CE-Prozess)
- Klassifikation + Monitoring als 'Zusatzmodule' separiert
- chat-Icon fuer Interview/Grenzen Tab
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 15:17:56 +02:00
56892cf7dc
feat: CE × Compliance Crossover Engine
...
Automatische Erkennung von DSGVO/AI Act/CRA/NIS2/Data Act
Implikationen bei CE-Gefaehrdungen. 50 Trigger-Mappings auf
Hazard-Patterns → Compliance-Module mit Modul-Links.
- compliance_triggers.go: 50 Pattern→Regulation Mappings
- compliance_crossover.go: Engine die Projekt-Hazards gegen Trigger prueft
- iace_handler_compliance.go: GET /compliance-triggers API
- ComplianceAlerts.tsx: Frontend Alert-Panel auf Projekt-Uebersicht
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 15:07:22 +02:00
97a52533a8
Merge remote gitea/main — resolve conflicts keeping local (origin) state
...
Build + Deploy / build-admin-compliance (push) Successful in 2m29s
Build + Deploy / build-backend-compliance (push) Successful in 3m23s
Build + Deploy / build-ai-sdk (push) Failing after 47s
Build + Deploy / build-developer-portal (push) Successful in 1m19s
Build + Deploy / build-tts (push) Failing after 1m29s
Build + Deploy / build-document-crawler (push) Successful in 43s
Build + Deploy / build-dsms-gateway (push) Successful in 25s
Build + Deploy / build-dsms-node (push) Successful in 11s
CI / branch-name (push) Has been skipped
Build + Deploy / trigger-orca (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 18s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 3m17s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 48s
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Successful in 31s
CI / test-python-dsms-gateway (push) Successful in 26s
CI / validate-canonical-controls (push) Successful in 18s
Local origin is 20+ commits ahead of remote gitea. All conflicts
resolved by keeping HEAD (our version) which includes the full
56→138 check expansion and doc_checks package split.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 12:40:23 +02:00
e7f2f98da3
feat: IACE CE-Compliance Module — Normen, Risikobewertung, Production Lines
...
Major features:
- 215 norms library with section references + Beuth URLs (A/B1/B2/C norms)
- 173 hazard patterns with detail fields (scenario, trigger, harm, zone)
- Deterministic pattern matching: Component × Lifecycle × Pattern cross-product
- SIL/PL auto-calculation from S×E×P risk graph
- Risk assessment table with editable S/E/P dropdowns
- Production Line Dashboard with animated station flow (Running Dots)
- IACE process flow + norms coverage on start page
- Non-blocking cookie banner, ProcessFlow SSR fix
- 104 Playwright E2E tests passing
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 10:53:26 +02:00
3ac8d0cba8
fix: IACE mitigations page — remove broken 'm.' prefix + accept 'protective' type
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-05 15:52:10 +02:00
b4f90ed113
fix: IACE components page — remove broken 'c.' prefix from refactor
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-05 12:20:09 +02:00
b5cf25f6ab
fix: IACE overview null-check for risk_summary (empty projects)
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-05 10:44:16 +02:00
d80cb9c8e4
feat: IACE Interview Frontend — 3 Modi (Interview/Wizard/Formular)
...
CE-Risikobeurteilung Datenerfassung mit 3 wählbaren Eingabe-Modi:
1. Interview-Modus (Chat-artig): Fragen werden nacheinander gestellt
wie im Kundengespräch. Antwort-Historie sichtbar.
2. Wizard-Modus: Schritt-für-Schritt durch 8 Sektionen.
3. Formular-Modus: Alle Sektionen als Accordion auf einer Seite.
20 strukturierte Fragen in 8 Abschnitten:
- Maschinenbeschreibung (Name, Typ, Baugruppen)
- Lebensphasen (Betrieb, Einrichten, Wartung)
- Bestimmungsgemäße Verwendung
- Vorhersehbare Fehlanwendung
- Qualifikation der Benutzer
- Räumliche/Zeitliche Grenzen
- Technische Daten (Kräfte, Spannungen, Temperaturen, Drehzahlen)
- Umgebungsbedingungen
answersToNarrativeText() konvertiert alle Antworten in den Freitext
der an POST /parse-narrative gesendet wird.
Ergebnis-Panel zeigt: Komponenten, Gefahren, Patterns, Energiequellen.
URL: /sdk/iace/[projectId]/interview
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-05 08:22:59 +02:00
8266c37911
merge: phases 1–5 refactor, CI hardening, docs (coolify → main)
...
Build + Deploy / build-admin-compliance (push) Failing after 47s
Build + Deploy / build-backend-compliance (push) Successful in 11s
Build + Deploy / build-ai-sdk (push) Successful in 34s
Build + Deploy / build-developer-portal (push) Successful in 56s
Build + Deploy / build-tts (push) Successful in 26s
Build + Deploy / build-document-crawler (push) Successful in 15s
Build + Deploy / build-dsms-gateway (push) Successful in 13s
Build + Deploy / trigger-orca (push) Has been skipped
CI/CD / loc-budget (push) Successful in 22s
CI/CD / guardrail-integrity (push) Has been skipped
CI/CD / go-lint (push) Has been skipped
CI/CD / python-lint (push) Has been skipped
CI/CD / nodejs-lint (push) Has been cancelled
CI/CD / test-go-ai-compliance (push) Has been cancelled
CI/CD / test-python-backend-compliance (push) Has been cancelled
CI/CD / test-python-document-crawler (push) Has been cancelled
CI/CD / test-python-dsms-gateway (push) Successful in 28s
CI/CD / sbom-scan (push) Has been cancelled
CI/CD / validate-canonical-controls (push) Successful in 20s
Phase 1: backend-compliance — partial service-layer extraction
Phase 2: ai-compliance-sdk — full hexagonal split; iace/ucca/training handlers
and stores split into focused files; cmd/server/main.go → internal/app/
Phase 3: admin-compliance — types.ts, tom-generator loader, and major page
components split; lib document generators extracted
Phase 4: dsms-gateway, consent-sdk, developer-portal, breakpilot-compliance-sdk
Phase 5 CI hardening:
- loc-budget job now scans whole repo (blocking, no || true)
- sbom-scan / grype blocking on high+ CVEs
- ai-compliance-sdk/.golangci.yml: strict golangci-lint config
- check-loc.sh: skip test_*.py and *.html; loc-exceptions.txt expanded
- deleted stray routes.py.backup (2512 LOC)
Docs:
- root README.md with CI badge, service table, quick start, CI pipeline table
- CONTRIBUTING.md: setup, pre-commit checklist, guardrail marker reference
- CLAUDE.md: First-Time Setup & Claude Code Onboarding section
- all 7 service READMEs updated (stale phase refs, current architecture)
- AGENTS.go/python/typescript.md enhanced with linting, DI, barrel re-export
- .gitignore: dist/, .turbo/, pnpm-lock.yaml added
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-19 16:11:53 +02:00
e3a1822883
refactor(admin): split training, control-provenance, iace/verification, training/learner, ControlDetail
...
All 5 files reduced below 500 LOC (hard cap) by extracting sub-components:
- training/page.tsx: 780→278 LOC — imports existing _components/, adds BlocksSection
- control-provenance/page.tsx: 739→145 LOC — extracts provenance-data.ts, ProvenanceHelpers, LicenseMatrix, SourceRegistry
- iace/[projectId]/verification/page.tsx: 673→164 LOC — extracts VerificationForm, CompleteModal, SuggestEvidenceModal, VerificationTable
- training/learner/page.tsx: 560→216 LOC — extracts AssignmentsList, ContentView, QuizView, CertificatesView
- ControlDetail.tsx: 878→311 LOC — adds ControlSourceCitation, ControlTraceability, ControlRegulatorySection, ControlSimilarControls, ControlReviewActions siblings
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-17 12:26:39 +02:00
083792dfd7
refactor(admin): split control-library, iace/mitigations, iace/components, controls pages
...
All 4 page.tsx files reduced well below 500 LOC (235/181/158/262) by
extracting components and hooks into colocated _components/ and _hooks/
subdirectories. Zero behavior changes — logic relocated verbatim.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-17 12:24:58 +02:00
20fbfc197e
fix: rename types.ts→tsx for JSX support; orca triggers on any build success
...
Build + Deploy / build-admin-compliance (push) Successful in 1m26s
Build + Deploy / build-backend-compliance (push) Successful in 7s
Build + Deploy / build-ai-sdk (push) Successful in 7s
Build + Deploy / build-developer-portal (push) Successful in 7s
Build + Deploy / build-document-crawler (push) Has been cancelled
Build + Deploy / build-dsms-gateway (push) Has been cancelled
Build + Deploy / trigger-orca (push) Has been cancelled
Build + Deploy / build-tts (push) Has been cancelled
CI/CD / python-lint (push) Has been cancelled
CI/CD / nodejs-lint (push) Has been cancelled
CI/CD / test-go-ai-compliance (push) Has been cancelled
CI/CD / test-python-backend-compliance (push) Has been cancelled
CI/CD / test-python-document-crawler (push) Has been cancelled
CI/CD / test-python-dsms-gateway (push) Has been cancelled
CI/CD / validate-canonical-controls (push) Has been cancelled
CI/CD / go-lint (push) Has been cancelled
- types.ts had JSX (SVG icons) but .ts extension → Next.js build error
- trigger-orca now runs if at least one service build succeeds (not all)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-17 10:37:47 +02:00
0125199c76
refactor(admin): split controls, training, control-provenance, iace/verification pages
...
Each page.tsx exceeded the 500-LOC hard cap. Extracted components and hooks into
colocated _components/ and _hooks/ directories; page.tsx is now a thin orchestrator.
- controls/page.tsx: 944 → 180 LOC; extracted ControlCard, AddControlForm,
LoadingSkeleton, TransitionErrorBanner, StatsCards, FilterBar, RAGPanel into
_components/ and useControlsData, useRAGSuggestions into _hooks/; types into _types.ts
- training/page.tsx: 780 → 288 LOC; extracted ContentTab (inline content generator tab)
into _components/ContentTab.tsx
- control-provenance/page.tsx: 739 → 122 LOC; extracted MarkdownRenderer, UsageBadge,
PermBadge, LicenseMatrix, SourceRegistry into _components/; PROVENANCE_SECTIONS
static data into _data/provenance-sections.ts
- iace/[projectId]/verification/page.tsx: 673 → 196 LOC; extracted StatusBadge,
VerificationForm, CompleteModal, SuggestEvidenceModal, VerificationTable into _components/
Zero behavior changes; logic relocated verbatim.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-16 22:50:15 +02:00
cfd4fc347f
refactor(admin): split control-library, iace/mitigations, iace/components pages
...
Extract hooks, sub-components, and constants into colocated files to bring
all three page.tsx files under the 500-LOC hard cap (225, 134, 111 LOC).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-16 22:47:16 +02:00
1fcd8244b1
refactor(admin): split evidence, process-tasks, iace/hazards pages
...
Extract components and hooks into _components/ and _hooks/ subdirectories
to reduce each page.tsx to under 500 LOC (was 1545/1383/1316).
Final line counts: evidence=213, process-tasks=304, hazards=157.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-16 17:12:15 +02:00
c43d9da6d0
merge: sync with origin/main, take upstream on conflicts
...
# Conflicts:
# admin-compliance/lib/sdk/types.ts
# admin-compliance/lib/sdk/vendor-compliance/types.ts
2026-04-16 16:26:48 +02:00
e04816cfe5
refactor(admin): split dsr/new, compliance-hub, iace/monitoring, cookie-banner pages
...
Extract components and hooks from 4 oversized pages (518–508 LOC each) to bring
each page.tsx under 300 LOC (hard cap 500). Zero behavior changes.
- dsr/new: TypeSelector, SourceSelector → _components/; useNewDSRForm → _hooks/
- compliance-hub: QuickActions, StatsRow, DomainChart, MappingsAndFindings,
RegulationsTable → _components/; useComplianceHub → _hooks/
- iace/[projectId]/monitoring: Badges, EventForm, ResolveModal, TimelineEvent →
_components/; useMonitoring → _hooks/
- cookie-banner: BannerPreview, CategoryCard → _components/; useCookieBanner → _hooks/
Result: page.tsx LOC: dsr/new=259, compliance-hub=95, monitoring=157, cookie-banner=212
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-16 13:22:01 +02:00
653fa07f57
refactor(admin): split academy/[id], iace/hazards, ai-act pages
...
Extracted components and constants into _components/ subdirectories
to bring all three pages under the 300 LOC soft target (was 651/628/612,
now 255/232/278 LOC respectively). Zero behavior changes.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-16 13:14:50 +02:00
6d2de9b897
feat(iace): complete CE risk assessment — LLM tech-file generation, multi-format export, TipTap editor
...
CI/CD / go-lint (push) Has been skipped
CI/CD / python-lint (push) Has been skipped
CI/CD / nodejs-lint (push) Has been skipped
CI/CD / test-go-ai-compliance (push) Successful in 36s
CI/CD / test-python-backend-compliance (push) Successful in 33s
CI/CD / test-python-document-crawler (push) Successful in 24s
CI/CD / test-python-dsms-gateway (push) Successful in 21s
CI/CD / validate-canonical-controls (push) Successful in 13s
CI/CD / Deploy (push) Successful in 2s
Phase 1: Fix completeness gates G23 (require verified/rejected mitigations) and G09 (audit trail check)
Phase 2: LLM-based tech-file section generation with 19 German prompts and RAG enrichment
Phase 3: Multi-format document export (PDF/Excel/DOCX/Markdown/JSON)
Phase 4: Company profile → IACE data flow with auto component/classification creation
Phase 5: TipTap WYSIWYG editor replacing textarea for tech-file sections
Phase 6: User journey tests, developer portal API reference, updated documentation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-16 12:50:53 +01:00
9c1355c05f
feat(iace): Phase 5+6 — frontend integration, RAG library search, comprehensive tests
...
CI/CD / go-lint (push) Has been skipped
CI/CD / python-lint (push) Has been skipped
CI/CD / nodejs-lint (push) Has been skipped
CI/CD / test-go-ai-compliance (push) Successful in 34s
CI/CD / test-python-backend-compliance (push) Successful in 33s
CI/CD / test-python-document-crawler (push) Successful in 23s
CI/CD / test-python-dsms-gateway (push) Successful in 19s
CI/CD / validate-canonical-controls (push) Successful in 13s
CI/CD / Deploy (push) Successful in 2s
Phase 5 — Frontend Integration:
- components/page.tsx: ComponentLibraryModal with 120 components + 20 energy sources
- hazards/page.tsx: AutoSuggestPanel with 3-column pattern matching review
- mitigations/page.tsx: SuggestMeasuresModal per hazard with 3-level grouping
- verification/page.tsx: SuggestEvidenceModal per mitigation with evidence types
Phase 6 — RAG Library Search:
- Added bp_iace_libraries to AllowedCollections whitelist in rag_handlers.go
- SearchLibrary endpoint: POST /iace/library-search (semantic search across libraries)
- EnrichTechFileSection endpoint: POST /projects/:id/tech-file/:section/enrich
- Created ingest-iace-libraries.sh ingestion script for Qdrant collection
Tests (123 passing):
- tag_taxonomy_test.go: 8 tests for taxonomy entries, domains, essential tags
- controls_library_test.go: 7 tests for measures, reduction types, subtypes
- integration_test.go: 7 integration tests for full match flow and library consistency
- Extended tag_resolver_test.go: 9 new tests for FindByTags and cross-category resolution
Documentation:
- Updated iace.md with Hazard-Matching-Engine, RAG enrichment, and new DB tables
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-16 10:22:49 +01:00
c7651796c9
feat(iace): integrate ISO 12100 machine risk model with 4-factor assessment
...
CI/CD / go-lint (push) Has been skipped
CI/CD / python-lint (push) Has been skipped
CI/CD / nodejs-lint (push) Has been skipped
CI/CD / test-go-ai-compliance (push) Successful in 36s
CI/CD / test-python-backend-compliance (push) Successful in 36s
CI/CD / test-python-document-crawler (push) Successful in 22s
CI/CD / test-python-dsms-gateway (push) Successful in 18s
CI/CD / validate-canonical-controls (push) Successful in 12s
CI/CD / Deploy (push) Successful in 2s
Add dual-mode risk engine: legacy S×E×P (avoidance=0) and ISO mode S×F×P×A
(avoidance>=1) with new thresholds (low/medium/high/very_high/not_acceptable).
- 150+ hazard library entries across 28 categories incl. physical hazards
(mechanical, electrical, thermal, pneumatic/hydraulic, noise/vibration,
ergonomic, material/environmental)
- 160-entry protective measures library with 3-step hierarchy validation
(design → protective → information)
- 25 lifecycle phases, 20 affected person roles, 50 evidence types
- 10 verification methods (expanded from 7)
- New API endpoints: lifecycle-phases, roles, evidence-types,
protective-measures-library, validate-mitigation-hierarchy
- DB migrations 018+019 for extended schema
- Frontend: 4-slider risk assessment, hierarchy warnings, measures library modal
- MkDocs wiki updated with ISO mode docs and legal notice (no norm text)
All content uses original wording — norms referenced as methodology only.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-15 23:13:41 +01:00
215b95adfa
refactor: Admin-Layout komplett entfernt — SDK als einziges Layout
...
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 32s
CI / test-python-backend-compliance (push) Successful in 31s
CI / test-python-document-crawler (push) Successful in 21s
CI / test-python-dsms-gateway (push) Successful in 19s
Kaputtes (admin) Layout geloescht (Role-Selection, 404-Sidebar, localhost-Dashboard).
SDK-Flow nach /sdk/sdk-flow verschoben. Route-Gruppe (sdk) aufgeloest.
Root-Seite redirected auf /sdk. ~25 ungenutzte Dateien/Verzeichnisse entfernt.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-04 11:43:00 +01:00
Benjamin Admin