Workshop von 5 auf 8 Schritte erweitert: Datenkategorien (Art.9, Sonstige),
Verarbeitungszweck (Rechtsgrundlage), Technologie (Glossar, Modell-Nutzung),
Automatisierung (Beispiele, Art.22), Hosting/Transfer, Datenhaltung/Vertraege,
Zusammenfassung mit automatischer Risikobewertung und UCCA-API-Aufruf.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Info-Tooltips fuer alle Datenkategorien mit typischen Beispieldaten
- Neue Kategorie: Qualifikations-/Schulungsdaten (Fortbildungen, Zertifikate)
- Externer Dienstleister bei Lohn-/Gehaltsabrechnung (AVV-relevant)
- Externer Dienstleister bei Website-Betrieb (AVV nach Art. 28 DSGVO)
- Arbeitszeiterfassung als Pflicht markiert (§3 ArbZG)
- Gesundheitsdaten-Abgrenzung: Krankenkassenname ist KEIN Art. 9 Datum
- Bewerbermanagement: Religion als Art. 9 ergaenzt
- Online-Shop/SaaS Beschreibungen praezisiert + Warnbanner bei Doppelauswahl
- Rechtsgrundlage aus Firmenprofil entfernt (gehoert in VVT-Schritt)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Backend: Restore-Endpoint (POST /projects/{id}/restore) und
Hard-Delete-Endpoint (DELETE /projects/{id}/permanent) hinzugefuegt
- Frontend: Dreistufiger Dialog (Archivieren / Endgueltig loeschen mit
Bestaetigungsdialog) statt einfachem Loeschen
- Archivierte Projekte aufklappbar in der Projektliste mit
Wiederherstellen-Button
- CustomerTypeSelector entfernt (redundant seit Multi-Projekt)
- Default tenantId von 'default' auf UUID geaendert (Backend-400-Fix)
- SQL-Cast :state::jsonb durch CAST(:state AS jsonb) ersetzt (SQLAlchemy-Fix)
- snake_case/camelCase-Mapping fuer Backend-Response (NaN-Datum-Fix)
- projectInfo wird beim Laden vom Backend geholt (Header zeigt Projektname)
- API-Client erzeugt sich on-demand (Race-Condition-Fix fuer Projektliste)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- endpoints.ts: Neues Modul "Projekte — Multi-Projekt-Verwaltung" (5 Endpoints)
- Developer Portal: projectId im Beispiel-Code, Multi-Projekt als Feature
- multi-tenancy.md: Verweis auf multi-project.md + neue Tests
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeder Tenant kann jetzt mehrere Compliance-Projekte anlegen (z.B. verschiedene
Produkte, Tochterunternehmen). CompanyProfile ist pro Projekt kopierbar und
danach unabhaengig editierbar. Multi-Tab-Support via separater BroadcastChannel
und localStorage Keys pro Projekt.
- Migration 039: compliance_projects Tabelle, sdk_states.project_id
- Backend: FastAPI CRUD-Routes fuer Projekte mit Tenant-Isolation
- Frontend: ProjectSelector UI, SDKProvider mit projectId, URL ?project=
- State API: UPSERT auf (tenant_id, project_id) mit Abwaertskompatibilitaet
- Tests: pytest fuer Model-Validierung, Row-Konvertierung, Tenant-Isolation
- Docs: MKDocs Seite, CLAUDE.md, Backend README
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Logo-Klick fuehrt zurueck zur Startseite (Neues/Bestehendes Projekt)
- Neue projectVersion im SDK State (inkrementiert nur bei explizitem Speichern)
- Header zeigt Firmenname + V001-Format statt auto-inkrementierende Sync-Version
- Sidebar Logo von Link auf Button umgestellt mit customerType-Reset
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- CRITICAL: Alle db.execute() Aufrufe in company_profile_routes.py
und generation_routes.py mit text() gewrapped (SQLAlchemy 2.x)
- Geschaeftsmodell-Kacheln: Nur Kurztext, Beschreibung bei Klick
- "Warum diese Fragen" in Hauptbereich unter Ueberschrift verschoben
- Sidebar-Box entfernt fuer mehr Platz
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- B2B2C als Geschaeftsmodell hinzugefuegt
- URL-Felder bei Offering-Auswahl (Website, Shop, App, SaaS) — optional
- Schritt-spezifische Erklaerungen in "Warum diese Fragen?"
- Firmenname ohne Rechtsform, Templates bauen automatisch zusammen
- Gruendungsjahr springt auf 2000 statt 1800
- SDK-Abdeckung Panel und Profil-loeschen Button entfernt
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fixes:
- types.ts: dsfa isOptional false→true + visibleWhen ergänzt
(sichtbar nur bei Scope L2/L3/L4 oder dsfaRequired Hard-Trigger)
- dsfa war einziger Step mit fehlendem visibleWhen laut Plan
Docs:
- training.md: NEU — Training Engine (seq 4800), alle Endpoints,
Rollenmatrix, KI-Inhalt, Quiz, TTS-Media, DB-Schema
- mkdocs.yml: Training Engine nav-Eintrag
- index.md: E-Mail-Templates (4350) + Training Engine (4800)
in Modul-Tabelle + URL-Liste ergänzt
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Bestehende Catalog-Manager-Komponenten in SDK-Routes eingebunden:
- SDKState + Reducer um customCatalogs CRUD erweitert
- Neue Route /sdk/catalog-manager mit CatalogManagerContent
- Sidebar-Link "Kataloge" mit Database-Icon
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Alle /ai/... und /developers/... Pfade hatten keine Pages (404).
Gefixt: Daten&RAG→/sdk/rag, Schulungen→/sdk/training,
Screening→/sdk/screening, Qualitaet→/sdk/quality.
SDK-Doku-Kategorie entfernt (liegt auf Developer Portal :3006).
Meta-Links ohne Pages (architecture, onboarding, backlog, rbac)
durch SDK-Module-Link ersetzt.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OCR-Labeling ist bereits im Core Admin (macmini:3002/ai/ocr-pipeline)
vorhanden und wird im Compliance Dashboard nicht benoetigt.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Website (Uebersetzungen, Manager) und GPU Infrastruktur gehoeren
nicht ins Compliance Dashboard. GPU ist im Core Admin (macmini:3008).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Diese Module gehoeren nur in den Admin Lehrer (macmini:3002),
nicht ins Compliance Dashboard. Entfernt: Education Search,
Zeugnisse-Crawler, Abitur-Archiv, Klausur-Korrektur, Magic Help.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Migrate queryRAG from klausur-service GET to bp-core-rag-service POST with
multi-collection support. Each of the 18 ScopeDocumentType now gets a
type-specific RAG collection and optimized search query instead of the
generic fallback. Vendor-compliance contract review now uses LLM + RAG
for real analysis with mock fallback on error.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add legal context enrichment from Qdrant vector corpus to the two
highest-priority modules (Requirements AI assistant and DSFA drafting
engine).
Go SDK:
- Add SearchCollection() with collection override + whitelist validation
- Refactor Search() to delegate to shared searchInternal()
Python backend:
- New ComplianceRAGClient proxying POST /sdk/v1/rag/search (error-tolerant)
- AI assistant: enrich interpret_requirement() and suggest_controls() with RAG
- Requirements API: add ?include_legal_context=true query parameter
Admin (Next.js):
- Extract shared queryRAG() utility from chat route
- Inject RAG legal context into v1 and v2 draft pipelines
Tests for all three layers (Go, Python, TypeScript shared utility).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Part 1 — RAG Corpus Versioning:
- New DB table compliance_corpus_versions (migration 017)
- Go CorpusVersionStore with CRUD operations
- Assessment struct extended with corpus_version_id
- API endpoints: GET /rag/corpus-status, /rag/corpus-versions/:collection
- RAG routes (search, regulations) now registered in main.go
- Ingestion script registers corpus versions after each run
- Frontend staleness badge in SDK sidebar
Part 3 — Source Policy Backend:
- New FastAPI router with CRUD for allowed sources, PII rules,
operations matrix, audit trail, stats, and compliance report
- SQLAlchemy models for all source policy tables (migration 001)
- Frontend API base corrected from edu-search:8088/8089 to
backend-compliance:8002/api
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add quizQuestions field to Lesson interface
- Map quiz_questions (snake_case) to quizQuestions (camelCase) in course mapping
- Map correct_index to correctOptionIndex for quiz rendering
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add POST /academy/courses/generate endpoint that creates an academy
course from a training module (with content + quiz as lessons)
- Add POST /academy/courses/generate-all to bulk-generate all courses
- Fix academy API response mapping (snake_case → camelCase)
- Fix fetchCourses/fetchCourse/fetchEnrollments/fetchStats to unwrap
backend response wrappers ({courses:[...]}, {course:{...}})
- Add "Alle Kurse generieren" button to academy overview page
- Fix bulkResult.errors crash in training page (optional chaining)
- Add SetAcademyCourseID to training store for bidirectional linking
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add training step to the Betrieb package in SDK_STEPS so it appears
in the sidebar after Compliance Academy.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use consistent :moduleId param name for content routes and :mediaId for
media routes. Add param adapters for handlers that expect different names.
Fix frontend media API paths to match backend route structure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Connect the existing training engine handlers (40+ endpoints) to the router
in main.go. This was the critical blocker preventing the training content
pipeline from being accessible. Also adds generateCourse, generateVideos,
and getVideoStatus functions to the academy API client, plus the
GenerateCourseRequest type.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Academy API client was using NEXT_PUBLIC_SDK_API_URL with fallback
to http://localhost:8093, which is unreachable from the browser. Changed
to use the existing Next.js proxy at /api/sdk/v1/academy/.
Drafting Engine: 7-module pipeline with narrative tags, allowed facts governance,
PII sanitizer, prose validator with repair loop, hash-based cache, and terminology
guide. v1 fallback via ?v=1 query param.
IACE: Initial AI-Act Conformity Engine with risk classifier, completeness checker,
hazard library, and PostgreSQL store for AI system assessments.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fix interleaved step ordering by introducing global sequence numbers (100-4700)
instead of package-relative order. Add conditional visibility (visibleWhen) for
optional steps like Import and DSFA. Fix TOM/workflow prerequisite bugs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Reduce chat history from 10 to 6 messages to fit context window
- Lower num_predict from 8192 to 2048 for faster responses
- Add Training module link to SDK sidebar navigation
- Add snake_case to camelCase key transformation for reporting API
(Go backend returns snake_case, TypeScript expects camelCase)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix route param conflict: /content/publish/:id instead of /content/:id/publish
- Fix route conflict: /media/module/:moduleId for module media list
- Use Piper binary instead of pip package (ARM64 compatibility)
- Update frontend API URLs to match new routes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implements the 4-level GCI scoring model (Module -> Risk-Weighted -> Regulation Area -> Final GCI)
with DSGVO, NIS2, ISO 27001, and EU AI Act integration.
Backend:
- 9 Go files: engine, models, weights, validity, NIS2 roles/scoring, ISO mapping/gap-analysis, mock data
- GCI handlers with 13 API endpoints under /sdk/v1/gci/
- Routes registered in main.go
Frontend:
- TypeScript types, API client, Next.js API proxy
- Dashboard page with 6 tabs (Overview, Breakdown, NIS2, ISO 27001, Matrix, Audit Trail)
- Sidebar navigation entry
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
