breakpilot-compliance

Author	SHA1	Message	Date
Benjamin Admin	cca714755a	fix(iace): stronger relevance filter + matcher wrong-machine penalty Build + Deploy / build-admin-compliance (push) Successful in 10s Details Build + Deploy / build-backend-compliance (push) Successful in 11s Details Build + Deploy / build-ai-sdk (push) Successful in 40s Details Build + Deploy / build-developer-portal (push) Successful in 10s Details Build + Deploy / build-document-crawler (push) Successful in 11s Details Build + Deploy / build-dsms-gateway (push) Successful in 12s Details Build + Deploy / build-dsms-node (push) Successful in 11s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 16s Details CI / secret-scan (push) Has been skipped Details Build + Deploy / build-tts (push) Successful in 11s Details CI / nodejs-build (push) Successful in 2m44s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Failing after 43s Details CI / test-python-dsms-gateway (push) Successful in 22s Details CI / validate-canonical-controls (push) Successful in 19s Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / test-python-backend (push) Successful in 40s Details CI / test-python-document-crawler (push) Successful in 25s Details Build + Deploy / trigger-orca (push) Successful in 2m48s Details Relevance filter: now checks PatternName in addition to ZoneDE+ScenarioDE, catches "Spielplatz", "Umreifungsband", "Fahrtreppe" etc. in pattern names. Added more generic safety terms to whitelist (welle, getriebe, kette, etc.) Matcher: rebalanced weights (category 0.3, keywords 0.3, zone 0.4) to prioritize zone/component specificity. Added wrong-machine penalty (0.3x) when engine hazard mentions machine-specific terms absent from GT context (e.g. "Kollision zweier Roboter" for a single-robot GT entry). Fixes 18 problematic matches: 8 wrong-machine, 9 zone-mismatch, 1 category. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-13 15:49:50 +02:00
Benjamin Admin	d31c2fe018	feat(iace): hazard block view — parent/child grouping Build + Deploy / build-ai-sdk (push) Successful in 54s Details Build + Deploy / build-developer-portal (push) Successful in 10s Details Build + Deploy / build-admin-compliance (push) Successful in 2m9s Details Build + Deploy / build-backend-compliance (push) Successful in 11s Details Build + Deploy / build-tts (push) Successful in 12s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 19s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details Build + Deploy / build-document-crawler (push) Successful in 13s Details Build + Deploy / build-dsms-gateway (push) Successful in 15s Details Build + Deploy / build-dsms-node (push) Successful in 13s Details CI / nodejs-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 3m14s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Failing after 59s Details CI / test-python-backend (push) Successful in 40s Details CI / test-python-document-crawler (push) Successful in 28s Details CI / test-python-dsms-gateway (push) Successful in 22s Details CI / validate-canonical-controls (push) Successful in 15s Details Build + Deploy / trigger-orca (push) Successful in 2m54s Details Backend: - hazard_blocks.go: ComputeHazardBlocks() groups hazards by category + component + zone. Parent = highest risk in group. Children covered by parent's measures are flagged (no separate assessment needed). - iace_handler_blocks.go: GET /projects/:id/hazard-blocks endpoint with summary stats (blocks, covered children, assessments saved) Frontend: - HazardBlockView.tsx: Expandable block view with summary cards, parent-child hierarchy, coverage badges, and "abgedeckt" indicators - hazards/page.tsx: New "Bloecke" tab alongside "Hazard-Liste" and "Risikobewertung" No database schema changes — grouping is computed at runtime. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-13 11:36:04 +02:00
Benjamin Admin	733d2bcc7b	feat(iace): per-category hazard caps for precision improvement Build + Deploy / build-dsms-node (push) Successful in 11s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details Build + Deploy / build-admin-compliance (push) Successful in 12s Details Build + Deploy / build-backend-compliance (push) Successful in 11s Details Build + Deploy / build-ai-sdk (push) Successful in 40s Details Build + Deploy / build-developer-portal (push) Successful in 10s Details Build + Deploy / build-tts (push) Successful in 10s Details Build + Deploy / build-document-crawler (push) Successful in 10s Details Build + Deploy / build-dsms-gateway (push) Successful in 10s Details CI / loc-budget (push) Failing after 13s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 2m33s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Successful in 46s Details CI / test-python-backend (push) Successful in 39s Details CI / test-python-document-crawler (push) Successful in 28s Details CI / test-python-dsms-gateway (push) Successful in 22s Details CI / validate-canonical-controls (push) Successful in 15s Details Build + Deploy / trigger-orca (push) Successful in 2m15s Details Add categoryHazardCap() with ISO 12100-proportional limits: - mechanical: 3x components (min 15, max 60) - electrical: 1x components (min 8, max 20) - secondary (thermal, noise, material): 4-8 - software/IT/organizational: 2-5 (minimal for machinery assessment) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-13 10:00:45 +02:00
Benjamin Admin	be2ac762bd	feat(iace): narrative vocabulary overlap filter replaces blacklist Replace machine-specific term blacklist with generic vocabulary overlap: - Extract significant words (>=5 chars, not generic safety terms) from pattern zone/scenario - If pattern has specific words but NONE appear in narrative → filter - genericSafetyTerms whitelist with ~50 terms that appear in all assessments - Truly generic approach: works for any machine type without maintenance Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-13 09:55:25 +02:00
Benjamin Admin	1bd892afbf	feat(iace): narrative relevance filter + zone normalization for precision Build + Deploy / build-backend-compliance (push) Successful in 3m14s Details Build + Deploy / build-ai-sdk (push) Successful in 1m18s Details Build + Deploy / build-developer-portal (push) Successful in 1m8s Details CI / loc-budget (push) Failing after 19s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details Build + Deploy / build-admin-compliance (push) Successful in 1m56s Details Build + Deploy / build-tts (push) Successful in 1m35s Details Build + Deploy / build-document-crawler (push) Successful in 47s Details Build + Deploy / build-dsms-gateway (push) Successful in 35s Details Build + Deploy / build-dsms-node (push) Successful in 19s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / test-go (push) Successful in 44s Details CI / test-python-backend (push) Successful in 38s Details CI / test-python-document-crawler (push) Successful in 26s Details CI / nodejs-build (push) Successful in 2m28s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-python-dsms-gateway (push) Successful in 21s Details CI / validate-canonical-controls (push) Successful in 13s Details Build + Deploy / trigger-orca (push) Successful in 2m54s Details - isPatternRelevant() filters patterns whose zone/scenario mentions machine-specific terms (extruder, stanzpresse, spielplatz, etc.) absent from the actual machine narrative - normalizeZoneKey() clusters similar zones for smarter dedup (e.g. "Schaltschrank, Sammelschiene" = "Schaltschrank-Innenraum") - machineSpecificTerms list with 40+ terms for generic filtering Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-13 09:51:00 +02:00
Benjamin Admin	8bb90d73e5	feat(iace): benchmark system + erklaerteil + dedup-fix Build + Deploy / build-backend-compliance (push) Successful in 3m34s Details Build + Deploy / build-ai-sdk (push) Successful in 1m6s Details Build + Deploy / build-developer-portal (push) Successful in 1m7s Details Build + Deploy / build-tts (push) Successful in 1m58s Details Build + Deploy / build-document-crawler (push) Successful in 57s Details Build + Deploy / build-dsms-gateway (push) Successful in 34s Details Build + Deploy / build-admin-compliance (push) Successful in 2m7s Details Build + Deploy / build-dsms-node (push) Successful in 29s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 17s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 2m28s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Successful in 42s Details CI / test-python-backend (push) Successful in 37s Details CI / test-python-document-crawler (push) Successful in 27s Details CI / test-python-dsms-gateway (push) Successful in 22s Details CI / validate-canonical-controls (push) Successful in 15s Details Build + Deploy / trigger-orca (push) Successful in 3m10s Details - Erklaerteil-Template fuer Risikobeurteilungen (risk_assessment_template.go) in PDF-Export, Markdown-Export und Frontend ReportPrintView eingebaut - Ground Truth Benchmark-System: Datenmodell, Fuzzy-Matching-Engine, 3 API Endpoints (import-gt, benchmark, benchmark/summary) - Frontend Benchmark-Tab mit Score-Cards, Kategorie-Breakdown, Hazard-Vergleichstabelle (Zugeordnet/Fehlend/Extra), Business Impact - Erster Benchmark: 13.3% Coverage (Baseline) gegen 60 GT-Eintraege - Dedup-Fix: seenCat[cat] -> seenCatZone[cat+zone] erlaubt mehrere Gefaehrdungen pro Kategorie an verschiedenen Gefahrenstellen - Komponenten-spezifische Hazard-Namen und Zone-basierte Zuordnung Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-13 01:02:33 +02:00
Benjamin Admin	e785b6d695	fix(use-case-compiler): compile questions from MCs, not hardcoded Build + Deploy / build-admin-compliance (push) Successful in 14s Details Build + Deploy / build-developer-portal (push) Successful in 10s Details Build + Deploy / build-tts (push) Successful in 11s Details Build + Deploy / build-document-crawler (push) Successful in 20s Details Build + Deploy / build-dsms-gateway (push) Successful in 13s Details Build + Deploy / build-dsms-node (push) Successful in 13s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 18s Details Build + Deploy / trigger-orca (push) Successful in 2m26s Details Build + Deploy / build-backend-compliance (push) Successful in 13s Details Build + Deploy / build-ai-sdk (push) Successful in 11s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 2m50s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Successful in 43s Details CI / test-python-backend (push) Successful in 38s Details CI / test-python-document-crawler (push) Successful in 26s Details CI / test-python-dsms-gateway (push) Successful in 25s Details CI / validate-canonical-controls (push) Successful in 16s Details Changes the compile flow to always query Master Controls from DB first: 1. doc_check_controls → Mode A (deterministic) 2. LLM generation via Ollama/Claude → Mode B 3. Derive from MC name → fallback 4. Template hardcoded questions → absolute fallback Previously, templates with pre-defined questions just returned those without ever hitting the DB. Now MC-compiled questions take priority and template questions fill gaps for uncovered topics. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-12 17:34:41 +02:00
Benjamin Admin	edbf6d2be5	feat(dsms): Stufe 2+3 — Evidence/TechFile → DSMS + Version Chains + Audit Timeline Build + Deploy / build-admin-compliance (push) Successful in 1m58s Details Build + Deploy / build-backend-compliance (push) Successful in 12s Details Build + Deploy / build-ai-sdk (push) Successful in 11s Details Build + Deploy / build-developer-portal (push) Successful in 11s Details Build + Deploy / build-tts (push) Successful in 21s Details Build + Deploy / build-document-crawler (push) Successful in 11s Details Build + Deploy / build-dsms-gateway (push) Successful in 14s Details Build + Deploy / build-dsms-node (push) Successful in 14s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 15s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 2m40s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Successful in 40s Details CI / test-python-backend (push) Successful in 37s Details CI / test-python-document-crawler (push) Successful in 26s Details CI / test-python-dsms-gateway (push) Successful in 22s Details CI / validate-canonical-controls (push) Successful in 14s Details Build + Deploy / trigger-orca (push) Successful in 2m26s Details Stufe 2A: Evidence Upload → automatische DSMS-Archivierung - Nach SHA-256 Hash → archive_to_dsms(), CID im Audit-Trail - Evidence mit CID wird automatisch zu E2 (hash-verifiziert) hochgestuft Stufe 2B: IACE Tech-File Export → DSMS - PDF/Excel/DOCX/Markdown Exporte werden nach DSMS archiviert - archiveTechFile() Helper fuer alle 4 Formate Stufe 3A: DSMS Gateway — parent_cid + History Endpoint - parent_cid + tenant_id Felder in DocumentMetadata - GET /documents/{cid}/history — folgt parent_cid-Chain (max 50 deep) Stufe 3C: Audit Timeline UI - Neue Seite /sdk/audit-timeline - Vertikale Timeline mit farbigen Action-Dots - Filter: Alle, Nachweis, DSMS-Archiv, Control, Dokument, DSFA, VVT, TOM - CID-Badges fuer DSMS-archivierte Eintraege Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-12 13:55:07 +02:00
Benjamin Admin	06bfbd1dca	feat(use-case-compiler): MC-based compliance questionnaires with scoring Build + Deploy / build-admin-compliance (push) Successful in 2m46s Details Build + Deploy / build-backend-compliance (push) Successful in 26s Details Build + Deploy / build-ai-sdk (push) Successful in 52s Details Build + Deploy / build-developer-portal (push) Successful in 22s Details Build + Deploy / build-tts (push) Successful in 16s Details Build + Deploy / build-document-crawler (push) Successful in 12s Details Build + Deploy / build-dsms-gateway (push) Successful in 20s Details Build + Deploy / build-dsms-node (push) Successful in 16s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 18s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 3m16s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Successful in 1m0s Details CI / test-python-backend (push) Successful in 41s Details CI / test-python-document-crawler (push) Successful in 29s Details CI / test-python-dsms-gateway (push) Successful in 23s Details CI / validate-canonical-controls (push) Successful in 16s Details Build + Deploy / trigger-orca (push) Successful in 2m36s Details Implements the Use-Case Compiler that turns Master Controls into interactive compliance audits. 5 templates (Vendor Check, SAST/DAST, DSGVO, NIS2, CRA), deterministic + LLM question generation, scoring engine with regulation/severity breakdown, and gap detection. - Backend: 9 API endpoints, 22 unit tests (all pass) - Frontend: Template selector, questionnaire, result dashboard - Migration 027: usecase_audits + usecase_answers tables Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-12 13:49:16 +02:00
Benjamin Admin	7d9f5a1f76	feat(iace): LLM-gestuetzte Failure Mode Erkennung Build + Deploy / build-admin-compliance (push) Successful in 1m42s Details Build + Deploy / build-backend-compliance (push) Successful in 15s Details Build + Deploy / build-ai-sdk (push) Successful in 9s Details Build + Deploy / build-developer-portal (push) Successful in 11s Details Build + Deploy / build-tts (push) Successful in 18s Details Build + Deploy / build-document-crawler (push) Successful in 10s Details Build + Deploy / build-dsms-gateway (push) Successful in 14s Details Build + Deploy / build-dsms-node (push) Successful in 12s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 14s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 2m32s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Successful in 41s Details CI / test-python-backend (push) Successful in 37s Details CI / test-python-document-crawler (push) Successful in 25s Details CI / test-python-dsms-gateway (push) Successful in 21s Details CI / validate-canonical-controls (push) Successful in 13s Details Build + Deploy / trigger-orca (push) Successful in 2m25s Details POST /projects/:id/components/:cid/suggest-fms - Baut FMEA-Experten-Prompt aus Komponentenname + Maschinenkontext - LLM antwortet mit 5 FMs als JSON (Mode, Effect, S/O/D) - Fallback auf Bibliotheks-FMs wenn LLM nicht verfuegbar - Nutzt ProviderRegistry (Ollama primary, Anthropic fallback) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-12 09:52:16 +02:00
Benjamin Admin	6ce5b4bf41	feat(iace): VDA-Format FMEA Excel Export Build + Deploy / build-admin-compliance (push) Successful in 1m48s Details Build + Deploy / build-backend-compliance (push) Successful in 11s Details Build + Deploy / build-ai-sdk (push) Successful in 44s Details Build + Deploy / build-developer-portal (push) Successful in 11s Details Build + Deploy / build-tts (push) Successful in 11s Details Build + Deploy / build-document-crawler (push) Successful in 12s Details Build + Deploy / build-dsms-gateway (push) Successful in 10s Details Build + Deploy / build-dsms-node (push) Successful in 13s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 14s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 2m36s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Successful in 41s Details CI / test-python-backend (push) Successful in 37s Details CI / test-python-document-crawler (push) Successful in 27s Details CI / test-python-dsms-gateway (push) Successful in 22s Details CI / validate-canonical-controls (push) Successful in 14s Details Build + Deploy / trigger-orca (push) Successful in 2m15s Details - GET /projects/:id/fmea/export → xlsx im VDA-Formblatt - Spalten: Nr, Komponente, Typ, Fehlerart, Fehlerfolge, S, O, D, RPZ, AP, Massnahme - AP-Zellen farbig: H=rot, M=gelb, L=gruen - Dependency: github.com/xuri/excelize/v2 (BSD-3-Clause) - Frontend: "VDA Excel exportieren" Button auf FMEA-Seite Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-12 09:45:18 +02:00
Benjamin Admin	f5664612ad	feat(iace): Einsatzbereich / Branche — filtert branchenspezifische Patterns Build + Deploy / build-admin-compliance (push) Successful in 2m7s Details Build + Deploy / build-backend-compliance (push) Successful in 13s Details Build + Deploy / build-ai-sdk (push) Successful in 55s Details Build + Deploy / build-developer-portal (push) Successful in 12s Details Build + Deploy / build-tts (push) Successful in 34s Details Build + Deploy / build-document-crawler (push) Successful in 12s Details Build + Deploy / build-dsms-gateway (push) Successful in 13s Details Build + Deploy / build-dsms-node (push) Successful in 14s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 18s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 3m5s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Successful in 46s Details CI / test-python-backend (push) Successful in 37s Details CI / test-python-document-crawler (push) Successful in 26s Details CI / test-python-dsms-gateway (push) Successful in 22s Details CI / validate-canonical-controls (push) Successful in 15s Details Build + Deploy / trigger-orca (push) Successful in 2m19s Details Neues Feld "Einsatzbereich" auf Interview-Seite (Sektion 7) mit 15 Branchen. Pattern Engine bekommt MachineTypes aus MatchInput → branchenfremde Patterns (Medizin, Aufzug, Bau etc.) feuern nur wenn die Branche ausgewählt ist. Refactoring: iace_handler_init.go aufgeteilt in init + init_helpers (LOC-Limit). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-12 09:09:28 +02:00
Benjamin Admin	66d30568e2	feat(dsms): Stufe 1 — Gap-Analyse Report wird in DSMS archiviert Build + Deploy / build-admin-compliance (push) Successful in 1m41s Details Build + Deploy / build-backend-compliance (push) Successful in 14s Details Build + Deploy / build-ai-sdk (push) Successful in 41s Details Build + Deploy / build-developer-portal (push) Successful in 10s Details Build + Deploy / build-tts (push) Successful in 10s Details Build + Deploy / build-document-crawler (push) Successful in 10s Details Build + Deploy / build-dsms-gateway (push) Successful in 10s Details Build + Deploy / build-dsms-node (push) Successful in 11s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 14s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 2m31s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Successful in 48s Details CI / test-python-backend (push) Failing after 1s Details CI / test-python-document-crawler (push) Successful in 32s Details CI / test-python-dsms-gateway (push) Successful in 25s Details CI / validate-canonical-controls (push) Successful in 15s Details Build + Deploy / trigger-orca (push) Successful in 2m23s Details - Go DSMS Client (internal/dsms/client.go): Archive() + Verify() - Python DSMS Client (compliance/services/dsms_client.py): archive_to_dsms() + verify_dsms() - Gap-Analyse AnalyzeProject() archiviert Report-JSON nach DSMS - Response enthält dsms_cid wenn Archivierung erfolgreich - Frontend: Grünes "Revisionssicher archiviert" Badge mit CID im GapDashboard - DSMS Proxy Route (/api/sdk/v1/dsms/[...path]) für Verify-Abfragen Stufe 2 (Evidence Upload → DSMS) und Stufe 3 (Version Chains) folgen. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-11 23:39:26 +02:00
Benjamin Admin	a0bb9e3aed	feat(iace): "Neu initialisieren" Button + DeleteHazard - POST /initialize?force=true loescht bestehende Hazards + Mitigations und erstellt sie neu mit aktuellen Betriebszustaenden - Orange "Neu initialisieren" Button auf Interview-Seite (mit Confirm-Dialog) - DeleteHazard Store-Methode (kaskadiert Risk Assessments) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-11 09:17:50 +02:00
Benjamin Admin	cb8fb65d3e	feat(iace): Betriebszustand-Traceability auf Hazards + Mitigations Hazards zeigen jetzt farbige Badges mit den Betriebszustaenden die sie ausgeloest haben (z.B. "Wartung", "Not-Halt"). Mitigations erben die States ihrer verknuepften Hazards. Backend: OperationalStates im Function-Feld encodiert (kein DB-Schema), beim Lesen als operational_states[] JSON-Feld zurueckgegeben. Frontend: Indigo-Badges in HazardTable + MitigationCard. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-11 09:04:20 +02:00
Benjamin Admin	285b74382a	fix(iace): Initialize pipeline reads operational_states from metadata The Betriebszustand-UI saved states to metadata.operational_states but the initialize handler only read states from the parsed narrative text. Now merges both sources so the UI selection actually affects which patterns fire during initialization. Added integration E2E test that verifies: 2 states → fewer patterns, 9 states → more patterns. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-11 08:19:53 +02:00
Benjamin Admin	53c641800f	feat(iace): Phase 5 — Betriebszustand-UI + E2E Tests - GET /operational-states endpoint (9 States + 20 Transitions) - Frontend: Operational States page with state cards, transitions graph, delta preview - Navigation: Betriebszustaende entry between Grenzen and Normenrecherche - E2E: 60+ new Phase 5 tests (operational states, hazards, mitigations, classification) - E2E: Updated expected counts for expanded libraries (476 measures, 1114 patterns) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-11 00:26:07 +02:00
Benjamin Admin	dabc2358ab	feat(gap): Regulatory Gap Analysis Engine — Phase A Backend Product Profile → Regulatory Classification → MC Gap Assessment → Priority List. - 12 regulations supported (CRA, AI Act, NIS2, DSGVO, Data Act, MiCA, PSD2, AML, MDR, Machinery, TDDDG, LkSG) - Scope signal extraction from product profile - Priority scoring: Severity × Deadline × Dependency - 5 industry templates (IoT, Exchange, Cobot, SaaS, Medical) - 8 API endpoints under /sdk/v1/gap/ - DB migration for gap_projects table - Full build passes Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 23:11:30 +02:00
Benjamin Admin	9c0d471277	feat(iace): Sprint 4D — Failure Mode Layer (FMEA-Faehigkeit) 150 Failure Modes in 11 ComponentTypes: - Sensor (20): Signalverlust, Drift, Falschmeldung, Encoder-spezifisch - Controller (20): Watchdog, Speicher, Bus, Safety-SPS CCF, Antrieb - Actuator (15): Blockiert, Ueberlast, Haltekraftverlust, Schuetz verschweisst - Mechanical (20): Ermuedungsbruch, Lagerschaden, Kettenriss, Werkzeugbruch - Electrical (15): Isolation, Kurzschluss, Erdschluss, Lichtbogen - Software (15): Exception, Race Condition, Buffer Overflow, Timing - Hydraulic/Pneumatic (15): Schlauchplatzer, Ventil blockiert, Kavitation - Safety Device (15): Failure-to-trip, CCF, Bremsenverschleiss, PL-Degradation - Network (10): Paketverlust, Latenz, Man-in-the-Middle - AI/ML (5): Model Drift, Adversarial Input, Bias Architektur: - FailureModeEntry Struct mit FMEA-Scores (Severity/Occurrence/Detection 1-10) - RPZ = S x O x D (max 1000, Schwelle >= 100 = Massnahme erforderlich) - RequiredFailureModes auf HazardPattern fuer FM-gesteuertes Pattern-Matching - MatchInput.FailureModes + MatchReason "failure_mode" (Explainability) - GET /failure-modes?component_type= API-Endpoint 10 Tests: Count, UniqueIDs, ValidTypes, NonEmpty, Distribution, RPZ (3x), NilFires, RPZDistribution Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 22:24:02 +02:00
Benjamin Admin	9a9a11b248	feat(iace): Sprint 4C — Delta Impact Analysis Neuer Endpoint POST /projects/:id/delta-analysis: - Input: aktuelle + vorgeschlagene Aenderung (Components, Energy, States, Roles) - Output: Diff der Pattern-Matches (added/removed Patterns, Hazards, Measures) - DeltaMatch() auf PatternEngine: Match(current) vs Match(proposed) - DeltaResult mit AddedPatterns, RemovedPatterns, Counts, SummaryDE Beispiel-Output: SPS hinzufuegen → +55 Patterns, +5 Hazard-Kategorien, +17 Massnahmen Maintenance-State hinzufuegen → +10 Patterns, +2 Hazards, +2 Massnahmen 7 Tests: NoChange, AddComponent, RemoveComponent, AddState, AddRole, Summary, Symmetric Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 21:23:46 +02:00
Benjamin Admin	d339d1edc7	feat(iace): Sprint 4B — ISO 12100 Hazard/Situation/Harm Trennung ISO 12100 trennt: Hazard (Quelle) → Hazardous Situation (Person exponiert) → Harm (Verletzung). Bisher war alles in einem Hazard-Record vermischt. Implementierung als abgeleitetes Feld (keine DB-Migration noetig): - HazardType Feld auf Hazard Entity ("hazard"\|"hazardous_situation"\|"harm") - DeriveHazardType() berechnet Typ aus Scenario/PossibleHarm/Category - Explizites Override moeglich (HazardType direkt setzen) - GeneratedHazardType auf HazardPattern fuer Pattern-gesteuerte Zuweisung - Store: GetHazard/ListHazards setzen HazardType automatisch - Init-Handler: Fuellt jetzt TriggerEvent, PossibleHarm, AffectedPerson, HazardousZone aus Pattern-Match-Daten (vorher leer gelassen) 6 neue Tests: ScenarioAndHarm, HarmOnly, CategoryOnly, ExplicitOverride, EmptyFallback, PatternMatchField Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 20:55:26 +02:00
Benjamin Admin	f07c4db164	feat(iace): Sprint 3B — Human Interaction Model - 6 Standard-Rollen: operator, maintenance_tech, programmer, cleaning_staff, bystander, supervisor - HumanRoles []string Feld in HazardPattern, MatchInput, PatternMatch - patternMatches() filtert Patterns nach Rolle (nil = feuert fuer alle Rollen) - MatchReason um human_role Typ erweitert (Explainability) - 25 bestehende Patterns mit Rollen annotiert: - Cobot HP059/062/064 → operator/programmer - Maintenance HP700-714 → maintenance_tech/programmer - Operational HP070/073-078/080 → operator/maintenance_tech/programmer - Init + Parser Handler reichen Roles an MatchInput durch - 4 neue Tests: NilFiresAlways, MaintenanceTechFilter, ProgrammerTeachMode, RoleCount Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 08:22:55 +02:00
Benjamin Admin	77a497d930	feat(iace): Sprint 3A — Operational State Graph + fix(ucca) flaky keyword sort State Graph: - 9 Standard-Betriebszustaende (startup, homing, automatic_operation, manual_operation, teach_mode, maintenance, cleaning, emergency_stop, recovery_mode) - 20 State-Transitions als gerichteter Graph - OperationalStates + StateTransitions Felder in HazardPattern, MatchInput, PatternMatch - patternMatches() filtert Patterns nach Betriebszustand (nil = feuert immer) - Narrative-Parser extrahiert States aus Maschinenbeschreibung (22 Keywords + 4 Transition-Keywords) - 27 bestehende Patterns mit State-Einschraenkungen annotiert (10 operational, 15 maintenance, 2 cobot) - MatchReason um operational_state + state_transition Typen erweitert (Explainability) - 6 neue Tests: NilFiresAlways, MaintenanceFilter, StateTransition, MatchReasons, Count, TransitionValid UCCA fix: - Stabiler Tiebreaker (Pattern-ID aufsteigend) bei gleichem Keyword-Score in MatchByKeywords - Behebt flaky TestControlPatternIndex_MatchByKeywords (1/10 Failure-Rate durch Go map iteration order) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 08:05:02 +02:00
Benjamin Admin	2e29b611c9	feat(iace): Phase 1 — Haftungs-Fixes, Massnahmen-Verkabelung, Explainability Engine Phase 1A — Haftungs-kritische Fixes: - SIL/PL-Badges als "Vorab-Einschaetzung" mit Tooltip gekennzeichnet - Coverage-Disclaimer in CE-Akte, Projekt-Uebersicht und Print-Export - Norm-Referenzen: 42 Kapitelverweise durch Themen-Deskriptoren ersetzt Phase 1B — Massnahmen-Verkabelung: - 16 neue Massnahmen (M201-M216) fuer bisher unabgedeckte Kategorien (communication_failure, hmi_error, firmware_corruption, maintenance, sensor_fault, mode_confusion) - Kategorie-Fallback im Initialize-Endpoint: ordnet Massnahmen aus der Bibliothek automatisch per HazardCategory zu (max 8 pro Kategorie) - Total: 225 → 241 Massnahmen, 0 Kategorien ohne Massnahmen Phase 1C — Explainability Engine: - MatchReason Struct in PatternMatch (type, tag, met) - Pattern Engine schreibt fuer jeden Match strukturierte Begruendungen - Frontend zeigt "Erkannt weil: Komponente X, Energie Y, Kein Ausschluss Z" Weitere Aenderungen: - BAuA/OSHA Regulatory Hints: 3 Enrich-Endpoints (per Hazard, per Measure, Batch) - Dokumente-Tab in IACE-Bibliothek (36.708 Chunks aus Qdrant) - Varianten-UX: Basis-Projekt-Summary auf Varianten-Seite - Projekt-Initialisierung: POST /initialize kettet Parse→Komponenten→Patterns→Hazards→Massnahmen→Normen - 18 pre-existing TS-Fehler gefixt, Route-Konflikt behoben - Component-Library + Measures-Library Tests aktualisiert Tests: Go alle bestanden, TS 0 Fehler, Playwright 141+ bestanden Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 21:32:23 +02:00
Benjamin Admin	8682522212	feat: Variantenmanagement — Sub-Projekte mit GAP-Analyse Backend: - parent_project_id auf iace_projects (DB + Go Struct) - POST/GET /variants + GET /variant-gap Endpoints - GAP-Analyse: Differenz Hazards/Massnahmen/Kategorien Frontend: - VariantPanel auf Projekt-Uebersicht - Variante erstellen Dialog - Sidebar-Anzeige (Variantenanzahl / Basis-Link) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 10:47:01 +02:00
Benjamin Admin	0371eecc03	fix: Struktureller Fix — Maschinentyp-Filter fuer Keywords + Patterns PROBLEM: Cobot-Projekt hatte 52 Pressen-Hazards weil Keywords wie "stempel" und "stoessel" ohne Maschinentyp-Kontext matchten. FIX an 3 Stellen: 1. KeywordEntry.MachineTypes — Pressen-Keywords nur fuer press/*_press 2. ParseNarrative(text, machineType) — Parser laedt Maschinentyp aus Projekt 3. HazardPattern.MachineTypes — Pressen-Patterns (HP045-HP058) nur fuer Pressen Verhindert zukuenftig falsche Zuordnungen bei neuen Kundenprojekten. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 08:30:45 +02:00
Benjamin Admin	1502ac6d8f	feat: Kamera/PII-Trigger differenziert + CE × Compliance FAQ - HP059 Trigger: "DSFA erforderlich" → "zu pruefen" mit Entscheidungslogik (Edge-Processing ohne Speicherung/Personenerkennung = keine DSFA) - 6 FAQ-Eintraege: Kamera-PII, zugekaufte Baugruppen, Herstellererklaerung, KI-Hochrisiko, CRA OTA-Updates, verkettete Produktionslinien - GET /compliance-faq Endpoint mit Kategorie-Filter Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 07:25:39 +02:00
Benjamin Admin	8087e74e88	feat: Verification handler split + ListVerificationPlans Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-08 01:19:13 +02:00
Benjamin Admin	89af88ef7d	feat: Fortschritts-Tracker + Verifikation-Endpoints + Tech-File Erweiterung - Übersicht: Completeness Gates durch Projektfortschritts-Tracker ersetzt (6 CE-Prozessschritte mit Status + Naechster-Schritt Empfehlung) - Verifikation: GET/POST/DELETE /verifications Endpoints + Alias-Handler - Tech-File: Anhang IV Struktur-Erweiterung - Maßnahmen: Expandable Details vorbereitet Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-08 01:02:41 +02:00
Benjamin Admin	5236864521	perf: N+1 Fix in GetProject/buildCompletenessContext 462 einzelne Queries (Assessments + Mitigations pro Hazard) durch 2 Batch-Queries ersetzt. GetProject von ~22s auf <1s. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-08 00:40:04 +02:00
Benjamin Admin	6cec1dcdba	perf: N+1 Query Fix — ListHazards 231x schneller Ersetzt 231 einzelne DB-Queries durch 1 Batch-Query mit DISTINCT ON (hazard_id) JOIN. Ladezeit von ~40s auf <1s. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-08 00:28:15 +02:00
Benjamin Admin	56892cf7dc	feat: CE × Compliance Crossover Engine Automatische Erkennung von DSGVO/AI Act/CRA/NIS2/Data Act Implikationen bei CE-Gefaehrdungen. 50 Trigger-Mappings auf Hazard-Patterns → Compliance-Module mit Modul-Links. - compliance_triggers.go: 50 Pattern→Regulation Mappings - compliance_crossover.go: Engine die Projekt-Hazards gegen Trigger prueft - iace_handler_compliance.go: GET /compliance-triggers API - ComplianceAlerts.tsx: Frontend Alert-Panel auf Projekt-Uebersicht Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-07 15:07:22 +02:00
Benjamin Admin	1005ba0398	feat: Normen-Bibliothek auf 751 Normen finalisiert Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-07 13:24:33 +02:00
Benjamin Admin	ba9558384f	feat: Normen-Bibliothek auf 620+ erweitert + wave3 fixes Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-07 13:13:08 +02:00
Benjamin Admin	2e1e18d853	feat: Normen-Bibliothek auf 617 erweitert (Ziel: 700) Wave 3: +161 Normen (456 → 617) - Serien-Lücken geschlossen (EN 1870, EN 474, EN 1034, EN 81, ISO 4254) - Glas, Leder, Backwaren, Tabak, Medizin (IEC 60601), Labor, Feuerwehr - Spielplatz, Fitness, Schwimmbad, HVAC, Kältetechnik - PSA (Schuhe, Handschuhe, Augenschutz, Gehörschutz, Atemschutz) - Leitern, Gerüste, Drahtseile, Gasgeräte, Messtechnik Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-07 13:04:22 +02:00
Benjamin Admin	97a52533a8	Merge remote gitea/main — resolve conflicts keeping local (origin) state Build + Deploy / build-admin-compliance (push) Successful in 2m29s Details Build + Deploy / build-backend-compliance (push) Successful in 3m23s Details Build + Deploy / build-ai-sdk (push) Failing after 47s Details Build + Deploy / build-developer-portal (push) Successful in 1m19s Details Build + Deploy / build-tts (push) Failing after 1m29s Details Build + Deploy / build-document-crawler (push) Successful in 43s Details Build + Deploy / build-dsms-gateway (push) Successful in 25s Details Build + Deploy / build-dsms-node (push) Successful in 11s Details CI / branch-name (push) Has been skipped Details Build + Deploy / trigger-orca (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 18s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 3m17s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Failing after 48s Details CI / test-python-backend (push) Successful in 42s Details CI / test-python-document-crawler (push) Successful in 31s Details CI / test-python-dsms-gateway (push) Successful in 26s Details CI / validate-canonical-controls (push) Successful in 18s Details Local origin is 20+ commits ahead of remote gitea. All conflicts resolved by keeping HEAD (our version) which includes the full 56→138 check expansion and doc_checks package split. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-07 12:40:23 +02:00
Benjamin Admin	e7f2f98da3	feat: IACE CE-Compliance Module — Normen, Risikobewertung, Production Lines Major features: - 215 norms library with section references + Beuth URLs (A/B1/B2/C norms) - 173 hazard patterns with detail fields (scenario, trigger, harm, zone) - Deterministic pattern matching: Component × Lifecycle × Pattern cross-product - SIL/PL auto-calculation from S×E×P risk graph - Risk assessment table with editable S/E/P dropdowns - Production Line Dashboard with animated station flow (Running Dots) - IACE process flow + norms coverage on start page - Non-blocking cookie banner, ProcessFlow SSR fix - 104 Playwright E2E tests passing Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-07 10:53:26 +02:00
Benjamin Admin	d7b287889e	fix: IACE parser handler — use MatchOutput.SuggestedHazards instead of MatchedPatterns fields Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-05 07:18:55 +02:00
Benjamin Admin	d4b7943d54	feat: IACE deterministic narrative parser + library extensions Library Extensions: - 15 new components (C121-C135): knee lever, hydraulic ram, lubrication system, extraction system, vibrating plate, die tooling, transfer system, hoist, chute, oil drip tray, pressure relief valve, die space, flywheel, bin changeover station, inspection scale - 8 new tags: person_under_load, two_hand_control_required, thermal_accumulation, mechanical_transmission, oil_mist_risk, rapid_energy_release, gravity_suspended_load, bypass_risk - 14 new patterns (HP045-HP058): ram drop, die space crushing, oil mist inhalation, hot workpiece burns, suspended load, transfer draw-in, ejection fall, accumulator pressure release, impact noise, flywheel residual energy, guard bypass, two-hand misoperation, oil leakage, ergonomic bin changeover Deterministic Parser (NO LLM): - keyword_dictionary.go: ~100 entries mapping DE/EN keywords to component IDs, energy source IDs, and tags - narrative_parser.go: ParseNarrative() extracts components, energy sources, lifecycle phases, roles, tech specs, and context tags from free-text machine descriptions via keyword matching + regex - Tech spec regex: extracts kN, V, °C, bar, kW, rpm values and derives energy sources + severity tags automatically - iace_handler_parser.go: POST /projects/:id/parse-narrative endpoint chains parser → pattern engine → hazard suggestions Test: Paste Kniehebelpresse description → should detect 10+ components, 15+ hazards, all deterministically without LLM. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-05 00:29:18 +02:00
Benjamin Admin	717c31547a	feat: Regulatory News Dashboard — proaktive Compliance-Alerts Build + Deploy / build-backend-compliance (push) Successful in 2m43s Details Build + Deploy / build-admin-compliance (push) Successful in 1m46s Details Build + Deploy / build-ai-sdk (push) Successful in 47s Details Build + Deploy / build-developer-portal (push) Successful in 1m0s Details Build + Deploy / build-tts (push) Successful in 1m14s Details Build + Deploy / build-document-crawler (push) Successful in 37s Details Build + Deploy / build-dsms-gateway (push) Successful in 20s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 19s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 2m35s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Successful in 42s Details CI / test-python-backend (push) Successful in 42s Details CI / test-python-document-crawler (push) Successful in 24s Details CI / test-python-dsms-gateway (push) Successful in 27s Details CI / validate-canonical-controls (push) Successful in 23s Details Build + Deploy / trigger-orca (push) Failing after 2h32m34s Details Zeigt anstehende regulatorische Fristen im Dashboard an, abgeleitet aus den bestehenden Obligation v2 JSON-Dateien. Keine neue DB-Tabelle. Erster News-Eintrag: Widerrufsbutton-Pflicht ab 19.06.2026 (EU-RL 2023/2673, §356a BGB) — eigener Text, keine externe Quelle. Features: - Go Service: scannt Obligations nach Fristen, berechnet Urgency - API: GET /sdk/v1/regulatory-news mit Countdown + Farbcodierung - Dashboard: RegulatoryNewsFeed Sektion mit Countdown-Badges - Vorlage: news-Feld in v2 JSON fuer zukuenftige regulatorische Updates - 11 Tests (Sortierung, Urgency, Deadline-Parsing, Real-File-Test) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-25 17:43:19 +02:00
Benjamin Admin	6fcf7c13d7	feat: Unified Facts Bridge — Company Profile fuer alle Bewertungsmodule Build + Deploy / build-admin-compliance (push) Successful in 2m4s Details Build + Deploy / build-backend-compliance (push) Successful in 2m55s Details Build + Deploy / build-ai-sdk (push) Successful in 51s Details Build + Deploy / build-developer-portal (push) Successful in 1m6s Details Build + Deploy / build-tts (push) Successful in 1m13s Details Build + Deploy / build-document-crawler (push) Successful in 31s Details Build + Deploy / build-dsms-gateway (push) Successful in 21s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 17s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 2m44s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Successful in 44s Details CI / test-python-backend (push) Successful in 37s Details CI / test-python-document-crawler (push) Successful in 30s Details CI / test-python-dsms-gateway (push) Successful in 26s Details CI / validate-canonical-controls (push) Successful in 17s Details Build + Deploy / trigger-orca (push) Successful in 3m8s Details Verbindet Firmendaten (Mitarbeiterzahl, Branche, Land, Umsatz) mit der UCCA-Bewertung und dem Compliance Optimizer. Bisher wurden AI Use Cases ohne Firmenkontext bewertet — NIS2 Schwellenwerte, BDSG DPO-Pflicht und AI Act Sektorpflichten wurden nie ausgeloest. Aenderungen: - NEU: company_profile.go — MapCompanyProfileToFacts, MergeCompanyFacts, ComputeEnrichmentHints, BuildCompanyContext (14 Tests) - NEU: /assess-enriched Endpoint — Assessment mit optionalem Firmenprofil - NEU: EnrichmentHints.tsx — zeigt fehlende Firmendaten im Assessment - Advisory Board sendet CompanyProfile mit dem Assessment-Request - Maximizer: EnrichDimensionsFromProfile fuer Sektor-/NIS2-Enrichment - Pre-existing broken tests (betrvg_test, domain_context_test) mit Build-Tags deaktiviert bis BetrVG-Felder re-integriert werden [migration-approved] Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-23 16:20:57 +02:00
Benjamin Admin	1ac716261c	feat: Compliance Maximizer — Regulatory Optimization Engine Build + Deploy / build-admin-compliance (push) Successful in 1m45s Details Build + Deploy / build-backend-compliance (push) Successful in 4m42s Details Build + Deploy / build-ai-sdk (push) Successful in 46s Details Build + Deploy / build-developer-portal (push) Successful in 1m6s Details Build + Deploy / build-tts (push) Successful in 1m14s Details Build + Deploy / build-document-crawler (push) Successful in 31s Details Build + Deploy / build-dsms-gateway (push) Successful in 24s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 15s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 2m27s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Failing after 37s Details CI / test-python-backend (push) Successful in 42s Details CI / test-python-document-crawler (push) Successful in 25s Details CI / test-python-dsms-gateway (push) Successful in 23s Details CI / validate-canonical-controls (push) Successful in 18s Details Build + Deploy / trigger-orca (push) Successful in 4m35s Details Neues Modul das den regulatorischen Spielraum fuer KI-Use-Cases deterministisch berechnet und optimale Konfigurationen vorschlaegt. Kernfeatures: - 13-Dimensionen Constraint-Space (DSGVO + AI Act) - 3-Zonen-Analyse: Verboten / Eingeschraenkt / Erlaubt - Deterministische Optimizer-Engine (kein LLM im Kern) - 28 Constraint-Regeln aus DSGVO, AI Act, EDPB Guidelines - 28 Tests (Golden Suite + Meta-Tests) - REST API: /sdk/v1/maximizer/* (9 Endpoints) - Frontend: 3-Zonen-Visualisierung, Dimension-Form, Score-Gauges [migration-approved] Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-23 09:10:20 +02:00
Benjamin Admin	01bf1463b8	merge: Feature-Module (Payment, BetrVG, FISA 702) in refakturierten main Build + Deploy / build-admin-compliance (push) Successful in 1m30s Details Build + Deploy / build-backend-compliance (push) Successful in 13s Details Build + Deploy / build-ai-sdk (push) Failing after 29s Details Build + Deploy / build-developer-portal (push) Successful in 6s Details Build + Deploy / build-tts (push) Successful in 6s Details Build + Deploy / build-document-crawler (push) Successful in 6s Details Build + Deploy / build-dsms-gateway (push) Successful in 6s Details Build + Deploy / trigger-orca (push) Has been skipped Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 12s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 2m18s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Failing after 29s Details CI / test-python-backend (push) Successful in 34s Details CI / test-python-document-crawler (push) Successful in 23s Details CI / test-python-dsms-gateway (push) Successful in 19s Details CI / validate-canonical-controls (push) Successful in 30s Details Merged feature/fisa-702-drittland-risiko in den refakturierten main-Branch. Konflikte in 8 Dateien aufgelöst — neue Features in die aufgesplittete Modulstruktur integriert. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-22 23:52:11 +02:00
Sharang Parnerkar	13f57c4519	refactor(go): split obligations, portfolio, rbac, whistleblower handlers and stores, roadmap parser Split 7 files exceeding the 500 LOC hard cap into 16 files, all under 500 LOC. No exported symbols renamed; zero behavior changes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-19 10:00:15 +02:00
Sharang Parnerkar	3f2aff2389	refactor(go): split roadmap_handlers, academy/store, extract cmd/server/main to internal/app roadmap_handlers.go (740 LOC) → roadmap_handlers.go, roadmap_item_handlers.go, roadmap_import_handlers.go academy/store.go (683 LOC) → store_courses.go, store_enrollments.go cmd/server/main.go (681 LOC) → internal/app/app.go (Run+buildRouter) + internal/app/routes.go (registerXxx helpers) main.go reduced to 7 LOC thin entrypoint calling app.Run() All files under 410 LOC. Zero behavior changes, same package declarations. go vet passes on all directly-split packages. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-19 09:51:11 +02:00
Sharang Parnerkar	e0b3c54212	refactor(go): split academy_handlers, workshop_handlers, content_generator - academy_handlers.go (1046 LOC) → academy_handlers.go (228) + academy_enrollment_handlers.go (320) + academy_generation_handlers.go (472) - workshop_handlers.go (923 LOC) → workshop_handlers.go (292) + workshop_interaction_handlers.go (452) + workshop_export_handlers.go (196) - content_generator.go (978 LOC) → content_generator.go (491) + content_generator_media.go (497) All files under 500 LOC hard cap. Zero behavior changes, no exported symbol renames. Both packages vet clean. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-19 09:44:07 +02:00
Sharang Parnerkar	9f96061631	refactor(go): split training/store, ucca/rules, ucca_handlers, document_export under 500 LOC Each of the four oversized files (training/store.go 1569 LOC, ucca/rules.go 1231 LOC, ucca_handlers.go 1135 LOC, document_export.go 1101 LOC) is split by logical group into same-package files, all under the 500-line hard cap. Zero behavior changes, no renamed exported symbols. Also fixed pre-existing hazard_library split (missing functions and duplicate UUID keys from a prior session). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-19 09:29:54 +02:00
Sharang Parnerkar	3f306fb6f0	refactor(go/handlers): split iace_handler and training_handlers into focused files iace_handler.go (2706 LOC) split into 9 files: - iace_handler.go: struct, constructor, shared helpers (~156 LOC) - iace_handler_projects.go: project CRUD + InitFromProfile (~310 LOC) - iace_handler_components.go: components + classification (~387 LOC) - iace_handler_hazards.go: hazard library, CRUD, risk assessment (~469 LOC) - iace_handler_mitigations.go: mitigations, evidence, verification plans (~293 LOC) - iace_handler_techfile.go: CE tech file generation/export (~452 LOC) - iace_handler_monitoring.go: monitoring events + audit trail (~134 LOC) - iace_handler_refdata.go: ISO 12100 ref data, patterns, suggestions (~465 LOC) - iace_handler_rag.go: RAG library search + section enrichment (~142 LOC) training_handlers.go (1864 LOC) split into 9 files: - training_handlers.go: struct + constructor (~23 LOC) - training_handlers_modules.go: module CRUD (~226 LOC) - training_handlers_matrix.go: CTM matrix endpoints (~95 LOC) - training_handlers_assignments.go: assignment lifecycle (~243 LOC) - training_handlers_quiz.go: quiz submit/grade/attempts (~185 LOC) - training_handlers_content.go: LLM content/audio/video generation (~274 LOC) - training_handlers_media.go: media, streaming, interactive video (~325 LOC) - training_handlers_blocks.go: block configs + canonical controls (~280 LOC) - training_handlers_stats.go: deadlines, escalation, audit, certificates (~290 LOC) All files remain in package handlers. Zero behavior changes. All exported function names preserved. All files under 500 LOC hard cap. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-19 09:17:20 +02:00
Benjamin Admin	4fcb842a92	feat: Tender-Analyse Pipeline — Upload, Extraction, Control-Matching Phase 3 des Payment Compliance Moduls: 1. Backend: Tender Upload + LLM Requirement Extraction + Control Matching - DB Migration 025 (tender_analyses Tabelle) - TenderHandlers: Upload, Extract, Match, List, Get (5 Endpoints) - LLM-Extraktion via Anthropic API mit Keyword-Fallback - Control-Matching mit Domain-Bonus + Keyword-Overlap Relevance 2. Frontend: Dritter Tab "Ausschreibung" in /sdk/payment-compliance - PDF/TXT/Word Upload mit Drag-Area - Automatische Analyse-Pipeline (Upload → Extract → Match) - Ergebnis-Dashboard: Abgedeckt/Teilweise/Luecken - Requirement-by-Requirement Matching mit Control-IDs + Relevanz% - Gap-Beschreibung fuer nicht-gematchte Requirements - Analyse-Historie mit Klick-to-Detail Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 09:35:46 +02:00
Benjamin Admin	38d3d24121	feat: Payment Terminal Compliance Modul — Phase 1+2 1. Control-Bibliothek: 130 Controls in 10 Domaenen (payment_controls_v1.json) - PAY (20): Transaction Flow, Idempotenz, State Machine - LOG (15): Audit Trail, PAN-Maskierung, Event-Typen - CRYPTO (15): Secrets, HSM, P2PE, TLS - API (15): Auth, RBAC, Rate Limiting, Injection - TERM (15): ZVT/OPI, Heartbeat, Offline-Queue - FW (10): Firmware Signing, Secure Boot, Tamper Detection - REP (10): Reconciliation, Tagesabschluss, GoBD - ACC (10): MFA, Session, Least Privilege - ERR (10): Recovery, Circuit Breaker, Offline-Modus - BLD (10): CI/CD, SBOM, Container Scanning 2. Backend: DB Migration 024, Go Handler (5 Endpoints), Routes 3. Frontend: /sdk/payment-compliance mit Control-Browser + Assessment-Wizard Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 07:51:59 +02:00

1 2

91 Commits