42e02fe72d
feat: Phase 6 — Integration + QS (categories, scope defaults, examples)
...
Phase 6 of the Document Templates Masterplan:
- Categories: Consolidated AI governance into internal_policies,
removed redundant category
- scopeDefaults.ts: Added getRecommendedDocuments() function that
maps L1-L4 compliance levels to required/recommended/optional
document types (~60 types across 4 tiers)
- Examples: Added dpa_de.json, tom_de.json, whistleblower_de.json
example contexts for the document generator
Document recommendation per level:
- L1 (Startup): 5 required (DSI, Impressum, AGB, Cookie)
- L2 (KMU): +6 recommended (AVV, TOM, VVT, Löschkonzept, etc.)
- L3 (Extended): +16 recommended (Security concepts, policies, HR DSI)
- L4 (Enterprise): +25 recommended (ISMS, BCM, all policies)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-01 09:36:48 +02:00
3984f39329
feat: Phase 5 — Special templates (AI policy, BYOD, ISMS, consent, video DSI)
...
Phase 5 of the Document Templates Masterplan:
- 104: 5 new special templates:
- ai_usage_policy: AI usage policy (AI Act Art. 4 training obligation,
forbidden inputs, quality check, labeling, TDM opt-out)
- byod_policy: Bring Your Own Device (container solution, remote wipe,
DSFA, cost sharing options)
- consent_texts: Double-Opt-In texts, newsletter, marketing, tracking,
profiling consent, unsubscribe confirmation
- video_conference_dsi: Video conference privacy notice (Zoom/Teams/Meet,
recording consent, third-country transfer)
- isms_manual: ISMS handbook (ISO 27001, document structure map to all
other templates, PDCA cycle, management review)
Generator: 6 new categories (AI governance, ISMS, consent, special DSI,
internal policies)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-01 09:25:32 +02:00
4417938558
feat: Phase 3 — Security + HR/Vendor/BCM policies
...
Phase 3 of the Document Templates Masterplan:
- 103: 4 new security policies (information_security_policy, password_policy,
encryption_policy, access_control_policy) + updates for CRA (056) and
all 15 HR/Vendor/BCM policies (072)
New templates:
- Information Security Policy: ISMS-Leitlinie (ISO 27001, BSI, NIS2)
- Password Policy: BSI/NIST compliant (12+ chars, MFA, no forced rotation)
- Encryption Policy: BSI TR-02102, algorithms, key management, TLS config
- Access Control Policy: RBAC, Least Privilege, Zero Trust, rezertification
Updates: AI Act + NIS2UmsuCG references for CRA and all 15 HR/Vendor/BCM
Generator: 6 new categories (security, HR, data, vendor, BCM policies)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-01 09:05:03 +02:00
f591871277
feat: Phase 1 — Whistleblower + Cookie/Impressum + HR-DSI templates
...
Phase 1 of the Document Templates Masterplan:
- 098: Whistleblower-Richtlinie (HinSchG) — 10 sections, anonymous
reporting, 7-day confirmation, 3-month feedback, reprisal protection
- 099: Cookie-Banner + Impressum updates — OS-Plattform discontinued
note (July 2025), description updates
- 100: Applicant DSI + Employee DSI — two new HR privacy notices with
§ 26 BDSG, 6-month retention (applicants), modular blocks for video
interviews, talent pool, IT monitoring, company vehicles, works council
Generator: 25 new fields (whistleblower, applicant, employee categories)
Categories: whistleblower, hr_dsi added to document generator
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-01 08:29:52 +02:00
bae59e2ce0
feat: Document Templates v2 — 11 migrations + scope-based generator
...
Complete overhaul of document generator templates based on paragraph-by-paragraph
legal review of attorney-drafted templates (TOM, AVV, AGB, DSI, Community
Guidelines, Nutzungsbedingungen, Widerrufsbelehrung, Cookie-Richtlinie).
Templates (11 migrations 087-097):
- 087: TOM-Dokumentation v2 (11 categories incl. Trennungskontrolle)
- 088: AVV Art. 28 DSGVO (complete, §§ 1-11, 3 annexes)
- 089: Cross-document updates (Löschkonzept DIN 66399, VVT recipients)
- 090: AGB SaaS/Shop v2 (18 §§, B2B/B2C, IoT, physical goods, IP protection)
- 091: Community Guidelines v2 (3 tones, 11 modular categories, DSA-compliant)
- 092: Media & Content modules (MStV, AI Act Art. 50, UWG, Pressekodex)
- 093: DSI/Privacy Policy v2 (Art. 13 complete, shop+corporate modules)
- 094: Nutzungsbedingungen (Terms of Use, UGC, tipping, wallet, CC licenses)
- 095: Widerrufsbelehrung (SaaS + physical + IoT bundle + combo)
- 096: Social Media DSI (Facebook, YouTube, LinkedIn, TikTok, Meta Pixel)
- 097: Cookie-Richtlinie v2 (TDDDG § 25, consent banner, browser links)
Frontend (generator):
- scopeDefaults.ts: L1-L4 scope-based defaults from Compliance Scope Engine
- contextBridge.ts: TOMCtx + DPACtx interfaces (70+ new fields)
- contextBridge-helpers.ts: 35+ placeholder mappings for TOM/DPA/AGB
- _constants.ts: 120+ new generator fields (TOM, DPA, AGB, community,
media, social, nutzungsbedingungen, widerruf, cookie, shop, IoT)
- page.tsx: Auto-prefill TOM/DPA from scope engine decision
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-01 01:18:33 +02:00
b39c1d5dce
feat: DSR Prozessbeschreibungen Art. 15-21 mit Swim-Lane-Diagrammen
...
Build + Deploy / build-admin-compliance (push) Successful in 1m56s
Build + Deploy / build-backend-compliance (push) Successful in 3m5s
Build + Deploy / build-ai-sdk (push) Successful in 47s
Build + Deploy / build-developer-portal (push) Successful in 1m5s
Build + Deploy / build-tts (push) Successful in 1m23s
Build + Deploy / build-document-crawler (push) Successful in 33s
Build + Deploy / build-dsms-gateway (push) Successful in 23s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 17s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m40s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 42s
CI / test-python-backend (push) Successful in 47s
CI / test-python-document-crawler (push) Successful in 33s
CI / test-python-dsms-gateway (push) Successful in 22s
CI / validate-canonical-controls (push) Successful in 18s
Build + Deploy / trigger-orca (push) Successful in 2m53s
7 vollstaendige Prozessbeschreibungen fuer den Document Generator:
- Art. 15: Auskunftsrecht (30 Tage, 6 Schritte, Informationskatalog)
- Art. 16: Berichtigungsrecht (14 Tage, inkl. Art. 19 Mitteilung)
- Art. 17: Loeschungsrecht (14 Tage, Art. 17(3) Ausnahmen-Checkliste)
- Art. 18: Einschraenkungsrecht (14 Tage, erlaubte Verarbeitung)
- Art. 19: Mitteilungspflicht (automatisch bei Art. 16/17/18)
- Art. 20: Datenuebertragbarkeit (30 Tage, JSON/CSV/XML Export)
- Art. 21: Widerspruchsrecht (30 Tage, Sonderfall Direktwerbung)
Jede Beschreibung enthaelt:
- Mermaid Swim-Lane-Diagramm (Betroffener/Sachbearbeitung/Fachabteilung/DSB)
- Detaillierte Schritt-Tabelle mit Verantwortlichkeiten und Fristen
- Rechtsgrundlagen-Verweise
- Firmen-Platzhalter (FIRMENNAME, VERSION, DATUM, DSB_NAME)
Integration:
- 7 neue Typen in VALID_DOCUMENT_TYPES (legal_template_routes.py)
- Neue Kategorie "DSR-Prozesse" im Document Generator Frontend
- DSR types-core.ts: templateType Feld verknuepft DSR → Document Generator
- Migration 085 seeded die Templates in die legal_templates Tabelle
[migration-approved]
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-28 17:53:44 +02:00
eeb9931d87
refactor(admin): split document-generator page.tsx into colocated components
...
Split 1130-LOC document-generator page into _components and _constants
modules. page.tsx now 243 LOC (wire-up only). Behavior preserved.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-14 23:01:56 +02:00
Benjamin Admin