784 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Benjamin Admin	26b222d53d	feat: Integrate 1.874 Master Controls into document checking ... Rewritten rag_document_checker.py to use doc_check_controls table instead of generic canonical_controls. Each MC has: - check_question: binary YES/NO for LLM - pass_criteria: JSONB list of concrete requirements - fail_criteria: JSONB list of common mistakes Flow: Regex checks (fast) → LLM verify FAILs → MC deep check (15 per doc) MC results appear as additional L2 checks in the report. Coverage: 571 DSE, 381 Cookie, 309 Loeschkonzept, 153 Widerruf, 147 DSFA, 125 AVV, 113 AGB, 75 Impressum = 1.874 total. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 21:06:03 +02:00
Benjamin Admin	d339d1edc7	feat(iace): Sprint 4B — ISO 12100 Hazard/Situation/Harm Trennung ... ISO 12100 trennt: Hazard (Quelle) → Hazardous Situation (Person exponiert) → Harm (Verletzung). Bisher war alles in einem Hazard-Record vermischt. Implementierung als abgeleitetes Feld (keine DB-Migration noetig): - HazardType Feld auf Hazard Entity ("hazard"|"hazardous_situation"|"harm") - DeriveHazardType() berechnet Typ aus Scenario/PossibleHarm/Category - Explizites Override moeglich (HazardType direkt setzen) - GeneratedHazardType auf HazardPattern fuer Pattern-gesteuerte Zuweisung - Store: GetHazard/ListHazards setzen HazardType automatisch - Init-Handler: Fuellt jetzt TriggerEvent, PossibleHarm, AffectedPerson, HazardousZone aus Pattern-Match-Daten (vorher leer gelassen) 6 neue Tests: ScenarioAndHarm, HarmOnly, CategoryOnly, ExplicitOverride, EmptyFallback, PatternMatchField Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 20:55:26 +02:00
Benjamin Admin	6e995b52d1	fix: Preview tests use .first() for all selectors (strict mode) ... All elements exist twice on the preview page (desktop + mobile or banner + page content). Using .first() avoids strict mode violations. Also extracted goToPreview() and acceptAll() helpers for DRY. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 15:09:16 +02:00
Benjamin Admin	52bb766a04	fix(e2e): Revert extra waits, zurueck zu goTo 2s + 20s toBeVisible ... Extra waitForTimeout(3000) pro Test verdoppelte Laufzeit und verursachte mehr Timeouts. Zurueck zum funktionierenden Ansatz: goTo wartet auf h1 + 2s, dann 20s toBeVisible Timeout pro Assertion. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 15:04:51 +02:00
Benjamin Admin	8afc7dbff4	fix(e2e): Extra 3s Wait in Overview-Tests fuer API-Fetch-Timing ... Die letzten 3 Schwingarm-Failures kommen weil die Overview-Seite 2 parallele API-Fetches (project + risk-summary) braucht bevor der Content rendert. goTo wartet auf h1, aber die h2-Sektionen (Risikozusammenfassung, Schnellzugriff) rendern erst danach. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 14:09:00 +02:00
Benjamin Admin	9b17e4a282	fix: CMP E2E — relax selectors + replace networkidle in preview tests ... Dashboard: 3 selector fixes (banner link, KPI values, DSR link). Preview: replaced all networkidle with domcontentloaded + 2s wait. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 14:04:13 +02:00
Benjamin Admin	049b28f107	fix(e2e): goTo wartet auf h1 statt nav fuer zuverlaessigere Hydration ... Root cause der 16 overview-Failures: goTo kehrte zu frueh zurueck weil nav sofort sichtbar ist (SSR), aber der Main-Content (Projektstatus etc.) erst nach API-Fetch rendert. Jetzt wartet goTo auf h1 (das erst nach dem project-Fetch erscheint) + 1s Buffer. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 13:54:18 +02:00
Benjamin Admin	17254789e0	fix: waitForPageLoad uses domcontentloaded instead of networkidle ... networkidle times out on CMP pages that poll API endpoints. domcontentloaded + 1s wait is sufficient for page rendering. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 13:38:35 +02:00
Benjamin Admin	1ca6c77c26	fix(e2e): Schwingarm E2E — korrekte Button-Texte + Hydration-Toleranz ... - Hazards-Button: "Gefaehrdungen erkennen" statt "Auto-Erkennung" (UI geaendert) - Overview: Toleriert React Hydration Error #418 (SSR "Kein Projekt" → Client Projekt) - Quick-Actions: Flexibler Selektor (Schnellzugriff OR Komponenten) - Alle toBeVisible Timeouts auf 20s erhoeht Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 13:34:49 +02:00
Benjamin Admin	94ae2fdc01	fix(e2e): networkidle → domcontentloaded fuer IACE E2E Tests ... Root cause: Die Schwingarm-Rundtaktanlage Seite hat Background-Requests (vermutlich Polling oder SSE) die networkidle verhindern → 30s Timeout → alle Schwingarm-Tests schlagen fehl. Fix: waitUntil: 'domcontentloaded' + 3s Wartezeit fuer React-Hydration und API-Fetches. Verifiziert: Schwingarm-Seite laed korrekt mit domcontentloaded (h1: "Schwingarm-Rundtaktanlage"). iace-project-tabs: 10/10, iace-module: Schwingarm-Tests repariert. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 13:00:21 +02:00
Benjamin Admin	fbaca53c32	fix: Skip webServer when PLAYWRIGHT_BASE_URL is set	2026-05-10 12:47:00 +02:00
Benjamin Admin	8a974e1f97	test: CMP E2E tests — Dashboard (20 tests) + EWR/Consent (19 tests) ... cmp-dashboard.spec.ts (235 LOC, 20 tests): - Page load, KPI cards, site selector - Module navigation grid (8 modules) - Compliance checklist (9 DSGVO items) - Cookie category acceptance bars cmp-ewr-consent.spec.ts (285 LOC, 19 tests): - First visit banner appearance - EWR-Only toggle functionality - Accept all / reject all consent flow - Consent persistence across reloads - Cookie FAB button reopens banner - Consent reset clears everything - API debug panel verification - Category toggles (necessary disabled) Total CMP test coverage: 5 spec files, ~100 test cases. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 11:15:24 +02:00
Benjamin Admin	345ea70844	fix: Add 'impressum' to DSI keywords for self-extraction ... "impressum" was missing from DSI_KEYWORDS despite being listed in the docstring. This caused /impressum URLs to skip self-extraction and return linked datenschutz text instead. Added: DE: impressum, anbieterkennzeichnung, kontakt EN: imprint, legal notice, site notice, legal information Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 11:00:26 +02:00
Benjamin Admin	a14e5ad97d	fix: Non-DSE doc checks prefer self-extracted text from actual URL ... When checking impressum/agb/widerruf, the DSI discovery would follow links away from the page and return the wrong document (e.g. /impressum → finds link to /datenschutz → returns datenschutz text). Now: for non-DSE doc_types, prefer the html_full_page document (self-extracted from the actual URL the user provided) over linked pages found by the crawler. Fixes safetykon.de/impressum returning datenschutz text. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 10:24:37 +02:00
Benjamin Admin	df463dbce7	test+docs: IACE Phase 3/4 — fehlende Tests + Entwickler-Dokumentation ... 18 neue Unit/Integration-Tests (phase3_4_test.go): - Narrative Parser: State-Keyword Extraktion (7 Subtests), Transitions, No-Match - CNC Patterns: MachineType-Restriktion, Unique IDs, Referenced Measures exist - VDMA Patterns: MachineType-Restriktion, Unique IDs, Referenced Measures exist - Metalworking/VDMA Measures: Feld-Validierung (ID, Name, Desc, Type, NormRefs) - Full-Library: 476 Measures alle unique - Integration: CNC-Projekt → 84 Patterns → 35 Measures → Trajectory 48→1 - Integration: Maintenance-State filtert Patterns korrekt - Evidence: Count 55, Unique IDs, Sort Order IACE_ENGINE.md Entwickler-Dokumentation: - Architektur-Uebersicht mit Flussdiagramm - Datenmodell: HazardPattern, ProtectiveMeasureEntry, RiskReduction, MatchInput - Operational State Graph mit 9 States und Transitions - Human Interaction Model mit 6 Rollen - Suppression Engine mit RiskTrajectory Beispiel - API-Endpoints Tabelle - Dateien-Referenz (Massnahmen + Patterns) - Test-Ausfuehrungsanleitung Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 09:49:29 +02:00
Benjamin Admin	82951785ec	feat: Impressum checks expanded from 16 to 24 (GAP analysis) ... 8 new checks: Reglementierte Berufe, Grundkapital, Aufsichtsbehoerde, Berufshaftpflicht, rechtswidrige Disclaimer, Kammer, Berufsbezeichnung, berufsrechtliche Regelungen. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 09:29:49 +02:00
Benjamin Admin	6d2616cad7	feat(iace): Sprint 4A — Residual Risk Modeling (Suppression Engine) ... RiskReduction Struct + automatische Risk Trajectory: - RiskReduction{SeverityDelta, ExposureDelta, ProbabilityDelta} auf ProtectiveMeasureEntry - CalculateRiskTrajectory() in engine.go: berechnet schrittweise Risikoreduktion entlang ISO 12100 Hierarchie (design → protection → information) - Kumulative Deltas pro Stufe, Clamp auf Minimum 1 - RiskTrajectoryStep mit Stage, S/E/P, Score, Level, IsAcceptable 101 Massnahmen mit RiskReduction-Profilen versehen: - Design/Geometry (M001-M010): S-1, E-1 (Gefahrstelle eliminiert) - Design/Force (M011-M022): S-2 (Energie/Kraft reduziert) - Design/Control (M039-M050): P-2 (sichere Steuerung) - Protection/Guards (M061-M072): E-2 (Zugang verhindert) - Protection/Electro (M073-M079): E-1, P-1 (Erkennung) - Protection/Safety (M105-M113): P-2 (sichere SPS) - Protection/Monitoring (M114-M120): P-1 (Frueerkennung) - Protection/Cyber (M121-M130): P-1 - Information/Training (M161-M168): P-1 - Information/PPE (M169-M175): S-1 8 neue Tests: NoMeasures, DesignReduce, FullHierarchy, ClampMin1, OnlyProtection, WithoutReduction, MandatoryAsProtective, LibraryCount Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 09:15:43 +02:00
Benjamin Admin	05d98ea95f	feat: New tab structure — Discovery Scan, Doc-Check, Banner, Impressum ... Removed Schnellanalyse tab. New 4-tab structure: 1. Website-Scan (Discovery): Finds legal documents + services, shows "Jetzt pruefen" buttons that navigate to specialized tabs with pre-filled URLs. 2. Dokumenten-Pruefung: DSI, AGB, Cookie, Widerruf checks (existing) 3. Banner-Check: Cookie banner 46-check deep verification (existing) 4. Impressum-Check (NEW): §5 TMG / §18 MStV with 16 checks, own tab with URL input, history, email report. Uses existing impressum_checks.py via doc-check endpoint. Tab cross-navigation: Scan → "Jetzt pruefen" → opens target tab with URL pre-filled via localStorage handoff. Removed: Mode selector (pre/post launch), Schnellanalyse, useAgentAnalysis hook import, AnalysisResult/FollowUpQuestions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 09:09:27 +02:00
Benjamin Admin	d2dc0c9fe4	feat: Deep consent verification — DataLayer, Storage, GCM, TCF ... 5 verification layers added to the 3-phase banner test: 1. DataLayer/GTM Interception: Proxy on window.dataLayer captures all push() events. Distinguishes safe lifecycle events (gtm.js, gtm.dom) from tracking events (page_view, conversion, purchase). Flags tracking events before consent as violations. 2. localStorage/sessionStorage Monitoring: Intercepts setItem() to detect tracking keys (_ga, _fbp, amplitude, mixpanel, etc.) written before consent. 3. Google Consent Mode v2 Runtime Verification: Reads actual GCM state (analytics_storage, ad_storage) per phase. Verifies default=denied before consent, stays denied after reject, switches to granted after accept. 4. TCF v2.2 State: Reads __tcfapi('getTCData') if available. Verifies consent purpose states match user choice. 5. Cookie Attribute Analysis: Domain (1st vs 3rd party), expires (>13 months), secure flag for tracking cookies. 10 new L2 checks with expert hints (EDPB, CNIL, §25 TDDDG). All interceptor calls wrapped in try/except for graceful fallback. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 08:58:44 +02:00
Benjamin Admin	99ef9873ad	feat(iace): Sprint 3D — VDMA-Sektoren Holz/Oberfläche/Druck/Pumpen ... 30 VDMA-Massnahmen (M422-M451), RAG-validiert gegen TRGS 553/507/430: - Holzbearbeitung (8): Absauganlage, Absaugprüfung, Rückschlag, AGW, Ex-Schutz, Filterüberwachung - Oberflächentechnik (8): Spritzkabinen-Belüftung, Isocyanat-Substitution, Galvanikbad, ATEX, REACH-Schulung - Druckmaschinen (8): Walzenschutz, Farbnebelabsaugung, UV-Schutz, Not-Halt-Leiste, Bahnrisserkennung - Pumpen/Kompressoren (6): Druckstossdämpfer, Kavitation, Leckage, Bersten, Trockenlauf, Entwässerung 21 VDMA-Patterns (HP1500-HP1549): - Holz (6): Rückschlag, Sägeblattkontakt, Holzstaub, Staubexplosion, Einzug, Fräserkontakt - Oberfläche (5): Lösemittel, Isocyanat, Brand/Explosion, Chromsäure, Hautverätzung - Druck (4): Walzeneinzug, Farbennebel, UV-Strahlung, Bahnriss - Pumpen (6): Druckstoss, Kavitation, Leckage, Bersten, Trockenlauf, Korrosion Alle mit MachineTypes, OperationalStates, HumanRoles wo zutreffend. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 08:52:56 +02:00
Benjamin Admin	c7e197d107	feat(iace): Sprint 3C — Werkzeugmaschinen (CNC/Dreh/Fraes/Schleifen/Schweissen) ... 35 CNC-spezifische Hazard Patterns (HP1400-HP1434): - Werkzeugbruch, Schleifscheibenbruch, Spaeneflug, Kollision - KSS-Exposition (Aerosol, Hautkontakt, Keimbelastung, Brand) - Schweissrauch, UV-Strahlung, Spritzer, Stromschlag, Ex-Hohlkoerper - Maschinenspezifisch: Quetschung Tuer, Spindelerfassung, Walzeneinzug - Alle mit MachineTypes, OperationalStates, HumanRoles annotiert 18 Metalworking-Massnahmen (M404-M421), RAG-validiert gegen TRGS 551/528: - KSS: Substitution, Aerosolabsaugung, Konzentrationskontrolle, Wechselintervalle, Hautschutzplan - Schleifen: Schleifscheiben-Pruefung, Drehzahlbegrenzung - Schweissen: Fortluft-Absaugung, brennerintegrierte Absaugung, raeumliche Trennung, Schweisserschutzschild - Allgemein: AGW-Ueberwachung, Arbeitsmedizin, Reinigung, Unterweisung 5 Evidenztypen (E51-E55): KSS-Analyse, Schleifscheiben-/Spannmittel-Pruefung, Schweissnaht-Qualifikation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 08:43:21 +02:00
Benjamin Admin	80ae196853	fix: Banner checks no longer default to PASS when untested ... 20 checks were defaulting to PASS when no violation was found, even if the scanner couldn't actually test them. Now: - Phase-based checks (tracking/cookies): absence = PASS (correct) - UI checks: only PASS if banner_checks actually ran - If banner not detected: everything except banner_detected = FAIL This prevents false 100% scores when violations exist but the text→code mapping doesn't cover them. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 08:32:05 +02:00
Benjamin Admin	561150b5a8	fix: Banner runner maps violations by text when code field is missing ... The consent-tester produces violations without a 'code' field — only text, severity, service. The runner now infers check_keys from the violation text content (36 text→code mappings). This fixes the 100% false-pass for safetykon.de which had 3 real violations (impressum, re-access, color contrast dark pattern) that were silently ignored. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 08:25:50 +02:00
Benjamin Admin	f07c4db164	feat(iace): Sprint 3B — Human Interaction Model ... - 6 Standard-Rollen: operator, maintenance_tech, programmer, cleaning_staff, bystander, supervisor - HumanRoles []string Feld in HazardPattern, MatchInput, PatternMatch - patternMatches() filtert Patterns nach Rolle (nil = feuert fuer alle Rollen) - MatchReason um human_role Typ erweitert (Explainability) - 25 bestehende Patterns mit Rollen annotiert: - Cobot HP059/062/064 → operator/programmer - Maintenance HP700-714 → maintenance_tech/programmer - Operational HP070/073-078/080 → operator/maintenance_tech/programmer - Init + Parser Handler reichen Roles an MatchInput durch - 4 neue Tests: NilFiresAlways, MaintenanceTechFilter, ProgrammerTeachMode, RoleCount Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 08:22:55 +02:00
Benjamin Admin	f201c01a06	fix: Replace unicode escapes with actual emoji characters	2026-05-10 08:20:00 +02:00
Benjamin Admin	77a497d930	feat(iace): Sprint 3A — Operational State Graph + fix(ucca) flaky keyword sort ... State Graph: - 9 Standard-Betriebszustaende (startup, homing, automatic_operation, manual_operation, teach_mode, maintenance, cleaning, emergency_stop, recovery_mode) - 20 State-Transitions als gerichteter Graph - OperationalStates + StateTransitions Felder in HazardPattern, MatchInput, PatternMatch - patternMatches() filtert Patterns nach Betriebszustand (nil = feuert immer) - Narrative-Parser extrahiert States aus Maschinenbeschreibung (22 Keywords + 4 Transition-Keywords) - 27 bestehende Patterns mit State-Einschraenkungen annotiert (10 operational, 15 maintenance, 2 cobot) - MatchReason um operational_state + state_transition Typen erweitert (Explainability) - 6 neue Tests: NilFiresAlways, MaintenanceFilter, StateTransition, MatchReasons, Count, TransitionValid UCCA fix: - Stabiler Tiebreaker (Pattern-ID aufsteigend) bei gleichem Keyword-Score in MatchByKeywords - Behebt flaky TestControlPatternIndex_MatchByKeywords (1/10 Failure-Rate durch Go map iteration order) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 08:05:02 +02:00
Benjamin Admin	33f0a64ff6	feat: Persistent result history — click to reload old scan results ... Both DocCheckTab and BannerCheckTab now: - Store full scan results per history entry in localStorage - History entries are clickable — loads the saved result immediately - No need to re-scan to see old results - Fallback to last result if specific entry not found - Banner-Check sends HTML email report to mailpit Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 07:59:02 +02:00
Benjamin Admin	1b8e9881bb	feat: Banner-Check — Historie, persistentes Ergebnis, E-Mail-Report ... 1. localStorage Persistenz: URL, letztes Ergebnis, Historie (30 Eintraege) 2. Historie: Zeigt URL, Datum, Provider, Violations, Prozent 3. Letztes Ergebnis bleibt nach Tab-Wechsel/Reload sichtbar 4. E-Mail-Report: HTML-formatiert mit Violations + Hints an mailpit 5. Email-Status Anzeige im Frontend Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 07:55:12 +02:00
Benjamin Admin	c075ecb721	feat(iace): Phase 2 — RAG-validierte Massnahmen-Erweiterung 241→428, Evidenztypen 25→50 ... - 62 Kap.-Verweise durch Themen-Deskriptoren ersetzt (0 verbleibend) - measures_library_trbs.go: +85 Massnahmen (M217-M301) aus TRBS 1111/1201/2111/2121/2131/2141/2152 - measures_library_osha.go: +70 Massnahmen (M302-M371) aus OSHA Machine Guarding/LOTO/Electrical/Robots/Noise/Ergonomics/Pressure Vessels - measures_library_trgs.go: +11 Massnahmen (M372-M382) aus TRGS 600/500/401/402/509/727/555 - measures_library_supplementary.go: +21 Massnahmen (M383-M403) aus RAG-Gap-Analyse gegen 6.141 extrahierte Obligations - Brandschutz (8): TRGS 509/510/511/741/751 — Brandkonzept, Loeschanlagen, Brandmeldung, Fluchtweg - Strahlung/Laser (5): OSHA TM Ch.6 — Laserklasse, Laserschutz, LSB, Absaugung - TRBS 1115 Cybersecurity MSR (3): Cyber-GBU fuer Safety-SPS, Pruefung, Aenderungsmanagement - TRBS 1112 Instandhaltung (3): GBU Instandhaltung, kontrollierte Handsteuerung, Fremdfirmenkoordination - ASR (2): Sicherheitsbeleuchtung, Quetschschutz kraftbetaetigte Tueren - tag_resolver.go: +25 Evidenztypen (E26-E50) — Materialzertifikat, EMV, Druckpruefung, Laser, ATEX, SIL/PL-Validierung, SBOM Methodik: Systematische Obligation Extraction aus 152 Dokumenten (TRBS/TRGS/ASR/OSHA) in Qdrant bp_compliance_ce (83.222 Chunks), Gap-Analyse gegen bestehende Bibliothek, eigene Formulierungen (keine Normtext-Reproduktion). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 07:07:34 +02:00
Benjamin Admin	2e29b611c9	feat(iace): Phase 1 — Haftungs-Fixes, Massnahmen-Verkabelung, Explainability Engine ... Phase 1A — Haftungs-kritische Fixes: - SIL/PL-Badges als "Vorab-Einschaetzung" mit Tooltip gekennzeichnet - Coverage-Disclaimer in CE-Akte, Projekt-Uebersicht und Print-Export - Norm-Referenzen: 42 Kapitelverweise durch Themen-Deskriptoren ersetzt Phase 1B — Massnahmen-Verkabelung: - 16 neue Massnahmen (M201-M216) fuer bisher unabgedeckte Kategorien (communication_failure, hmi_error, firmware_corruption, maintenance, sensor_fault, mode_confusion) - Kategorie-Fallback im Initialize-Endpoint: ordnet Massnahmen aus der Bibliothek automatisch per HazardCategory zu (max 8 pro Kategorie) - Total: 225 → 241 Massnahmen, 0 Kategorien ohne Massnahmen Phase 1C — Explainability Engine: - MatchReason Struct in PatternMatch (type, tag, met) - Pattern Engine schreibt fuer jeden Match strukturierte Begruendungen - Frontend zeigt "Erkannt weil: Komponente X, Energie Y, Kein Ausschluss Z" Weitere Aenderungen: - BAuA/OSHA Regulatory Hints: 3 Enrich-Endpoints (per Hazard, per Measure, Batch) - Dokumente-Tab in IACE-Bibliothek (36.708 Chunks aus Qdrant) - Varianten-UX: Basis-Projekt-Summary auf Varianten-Seite - Projekt-Initialisierung: POST /initialize kettet Parse→Komponenten→Patterns→Hazards→Massnahmen→Normen - 18 pre-existing TS-Fehler gefixt, Route-Konflikt behoben - Component-Library + Measures-Library Tests aktualisiert Tests: Go alle bestanden, TS 0 Fehler, Playwright 141+ bestanden Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 21:32:23 +02:00
Benjamin Admin	6387b6950a	fix(agent): add BAuA TRBS/TRGS/ASR, EuGH rulings, EU 2018/1725 to competence scope ... All content from bp_compliance_ce collection is now explicitly listed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 15:36:45 +02:00
Benjamin Admin	1f5d1a0b79	fix(agent): add OSHA + harmonised norms to competence scope, soften escalation ... - Add OSHA 29 CFR 1910 Subpart O and harmonised norms to competence area - Soften escalation rule: harmless info questions get a short answer instead of full rejection. Only sensitive/legal-advice questions get declined with referral to lawyer. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 14:48:29 +02:00
Benjamin Admin	8682522212	feat: Variantenmanagement — Sub-Projekte mit GAP-Analyse ... Backend: - parent_project_id auf iace_projects (DB + Go Struct) - POST/GET /variants + GET /variant-gap Endpoints - GAP-Analyse: Differenz Hazards/Massnahmen/Kategorien Frontend: - VariantPanel auf Projekt-Uebersicht - Variante erstellen Dialog - Sidebar-Anzeige (Variantenanzahl / Basis-Link) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 10:47:01 +02:00
Benjamin Admin	2143840ee7	docs(agent): add FAQ about harmonised standards copyright + EuGH C-588/21 P ... Explains why companies must buy norms their own employees wrote, and the 2024 EuGH ruling that harmonised standards are EU law and must be freely accessible. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 09:50:44 +02:00
Benjamin Admin	4d708b4443	feat(iace): add withdrawn filter to norms library frontend ... - Add withdrawn/valid_until/replaced_by to Norm interface - Add Status filter (Aktiv/Zurueckgezogen) — defaults to "Aktiv" - Withdrawn norms hidden by default, viewable via filter Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 08:50:26 +02:00
Benjamin Admin	4bfb438c92	feat: 4 banner check upgrades — 30 CMPs, stealth, Shadow DOM, categories ... 1. 30 CMP selectors (was 10): Added Sourcepoint, Iubenda, Complianz, CookieFirst, HubSpot, Osano, Piwik PRO, Cookie Consent (Insites), Axeptio, Termly, CookieScript, Civic UK, GDPR Cookie Compliance, CookieHub, Ketch, Admiral, Sibbo, Evidon, LiveRamp, Adsimple. Plus improved generic fallback: role=dialog, aria-label, data-* attrs. 2. Playwright stealth mode: playwright-stealth against bot detection. Removes WebDriver flag, simulates plugins, realistic viewport/locale. Launch args: --disable-blink-features=AutomationControlled. 3. Shadow DOM: Recursive JS-based search through shadowRoot elements for consent banners. Fallback click via page.evaluate() when normal Playwright selectors can't penetrate Shadow DOM. 4. Category selection UI: User can choose which cookie categories to test (Notwendig, Statistik, Marketing, Funktional, Praeferenzen). Pill-style checkboxes in BannerCheckTab, forwarded through API chain. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 08:42:30 +02:00
Benjamin Admin	0371eecc03	fix: Struktureller Fix — Maschinentyp-Filter fuer Keywords + Patterns ... PROBLEM: Cobot-Projekt hatte 52 Pressen-Hazards weil Keywords wie "stempel" und "stoessel" ohne Maschinentyp-Kontext matchten. FIX an 3 Stellen: 1. KeywordEntry.MachineTypes — Pressen-Keywords nur fuer press/*_press 2. ParseNarrative(text, machineType) — Parser laedt Maschinentyp aus Projekt 3. HazardPattern.MachineTypes — Pressen-Patterns (HP045-HP058) nur fuer Pressen Verhindert zukuenftig falsche Zuordnungen bei neuen Kundenprojekten. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 08:30:45 +02:00
Benjamin Admin	751f4a5ee7	fix: Remove dead polling code from BannerCheckTab ... The /banner-check endpoint is synchronous (Playwright completes in <30s and returns result directly). Removed unused async polling loop that would never match since no scan_id is returned. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 08:22:36 +02:00
Benjamin Admin	445a2f7c7c	docs: Instruktion fuer RAG-Pipeline — Dokumenten-Upload Backend ... Vollstaendige Spezifikation: - DB-Schema (iace_uploaded_documents) - 3 Go Endpoints (POST/GET/DELETE) - Async PDF → Text → Chunks → Embed → Qdrant Pipeline - Tenant-isolierte Collections (bp_norms_tenant_{id}) - Multi-Collection RAG-Suche - Frontend-API-Vertrag - Sicherheit (Tenant-Isolation, Datei-Validierung) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 08:09:40 +02:00
Benjamin Admin	c89e46a828	feat: Dokumenten Upload im Normenrecherche-Tab ... Drag & Drop Upload-Zone fuer kundeneigene PDFs (Normen, Spezifikationen). Tenant-isoliert, Status-Tracking, Backend-Placeholder fuer RAG-Pipeline. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 08:07:58 +02:00
Benjamin Admin	9034a3071c	feat(iace): mark 300 withdrawn norms + add validity fields ... Compared 750 IACE norms against EU Official Journal harmonised standards list (SummaryListForLegislation, generated 30.03.2026): - 912 norms correctly matched (EN/EN ISO prefix normalized) - 300 norms marked as Withdrawn (no longer in EU OJ) - 0 missing (all EU-listed norms already present) NormReference struct extended with: - Withdrawn bool (true = no longer gives presumption of conformity) - ValidUntil string (end of legal effect date) - ReplacedBy string (successor norm if applicable) Source: EU Commission Implementing Decision 2023/1586 + amendments. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 07:58:58 +02:00
Benjamin Admin	55e44df256	docs: Instruktion fuer RAG-Pipeline — TRBS + TRGS + ASR Ingest ... ~120 gemeinfreie Technische Regeln (amtliche Bekanntmachungen §5 UrhG) von baua.de fuer die RAG-Pipeline. Crawling + Embedding + Qdrant-Import. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 07:57:40 +02:00
Benjamin Admin	e5dcb5a2dc	feat: 25 Norm-Pflichtmassnahmen (Mandatory=true) ... Neue Kategorie: Massnahmen die durch harmonisierte Normen VORGESCHRIEBEN sind. Abweichung = Verlust der Konformitaetsvermutung. Pressen: Zweihandschaltung, Stoesselabsturzsicherung, Schutztuere Roboter/Cobot: Kraft-/Geschwindigkeitsbegrenzung, Sicherheitsscanner Aufzuege: Fangvorrichtung, Geschwindigkeitsbegrenzer, Puffer Gabelstapler: Redundante Lastaufnahme, Kippschutz Holz: Spaltkeil, Saegeblattschutzhaube Krane: Ueberlastsicherung, Endschalter Allgemein: Not-Halt, Hauptschalter, Schutzleiter, PL/SIL-Nachweis AGV: Personenerkennung, Notbremse Kettensaege: Kettenbremse Fahrtreppe: Kammplatte Druckgeraete: Sicherheitsventil Schweissen: Leerlaufspannungsbegrenzung Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 07:39:43 +02:00
Benjamin Admin	1502ac6d8f	feat: Kamera/PII-Trigger differenziert + CE × Compliance FAQ ... - HP059 Trigger: "DSFA erforderlich" → "zu pruefen" mit Entscheidungslogik (Edge-Processing ohne Speicherung/Personenerkennung = keine DSFA) - 6 FAQ-Eintraege: Kamera-PII, zugekaufte Baugruppen, Herstellererklaerung, KI-Hochrisiko, CRA OTA-Updates, verkettete Produktionslinien - GET /compliance-faq Endpoint mit Kategorie-Filter Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 07:25:39 +02:00
Benjamin Admin	0fcb3ee488	docs(agent): add Machinery Regulation harmonised standards FAQ ... Explains current status: no harmonised standards published under (EU) 2023/1230 yet, ~800 from old directive still valid. Timeline from June 2023 to January 2027 full application. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 07:17:32 +02:00
Benjamin Admin	499210eff2	perf: Fix N+1 query in production line dashboard (27s → <1s) ... GetLineDashboard called GetLatestAssessment per hazard (N+1 queries). Replaced with GetLatestAssessmentsByProject — one batch query per station instead of one per hazard. With 50+ hazards across multiple stations, this reduces hundreds of DB queries to ~5. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-08 07:03:44 +02:00
Benjamin Admin	c6229a2c22	fix: Tech-File html_content → content Mapping ... API liefert html_content, Frontend erwartet content. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-08 06:46:51 +02:00
Benjamin Admin	c27022d11b	feat: CE-Akte mit Anhang IV + Tech-File Sections fuer alle 4 Projekte ... - 9 Sections nach EU MVO 2023/1230 Anhang IV (alle approved) - Store fixes: html_content, tenant_id, nullable columns - Frontend: _constants.ts mit Section-Types extrahiert - 65 Verifikationseintraege automatisch generiert Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-08 01:49:14 +02:00
Benjamin Admin	51d91d20ed	fix: 6 false positives from Stadt Koeln + Caritas verification ... - Phone regex allows parentheses: +49 (0)761 now matches - "Recht auf Widerspruch" (3 words) + §23 KDG recognized - Church authorities: "Katholisches Datenschutzzentrum", KdoeR - "Artikel 6 Absatz 1 Buchstabe a" (unabbreviated) now matches - "PHP Session ID" (with spaces) alongside "PHPSESSID" 6 FP eliminated across Caritas (KDG) and Stadt Koeln (verbose forms). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-08 01:31:36 +02:00
Benjamin Admin	8087e74e88	feat: Verification handler split + ListVerificationPlans ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-08 01:19:13 +02:00