52 Commits

Author	SHA1	Message	Date
Benjamin Admin	4b1eede45b	feat(tom): audit document, compliance checks, 25 controls, canonical control mapping ... Phase A: TOM document HTML generator (12 sections, inline CSS, A4 print) Phase B: TOMDocumentTab component (org-header form, revisions, print/download) Phase C: 11 compliance checks with severity-weighted scoring Phase D: MkDocs documentation for TOM module Phase E: 25 new controls (63 → 88) in 13 categories Canonical Control Mapping (three-layer architecture): - Migration 068: tom_control_mappings + tom_control_sync_state tables - 6 API endpoints: sync, list, by-tom, stats, manual add, delete - Category mapping: 13 TOM categories → 17 canonical categories - Frontend: sync button + coverage card (Overview), drill-down (Editor), belegende Controls count (Document) - 20 tests (unit + API with mocked DB) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-19 11:56:53 +01:00
Benjamin Admin	2a70441eaa	feat(sdk): VVT master libraries, process templates, Loeschfristen profiling + document ... VVT: Master library tables (7 catalogs), 500+ seed entries, process templates with instantiation, library API endpoints + 18 tests. Loeschfristen: Baseline catalog, compliance checks, profiling engine, HTML document generator, MkDocs documentation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-19 11:56:25 +01:00
Benjamin Admin	f2819b99af	feat(pipeline): v3 — scoped control applicability + source_type classification ... Phase 4: source_type (law/guideline/standard/restricted) on source_citation - NIST/OWASP/ENISA correctly shown as "Standard" instead of "Gesetzliche Grundlage" - Dynamic frontend labels based on source_type - Backfill endpoint POST /v1/canonical/generate/backfill-source-type Phase v3: Scoped Control Applicability - 3 new fields: applicable_industries, applicable_company_size, scope_conditions - LLM prompt extended with 39 industries, 5 company sizes, 10 scope signals - All 5 generation paths (Rule 1/2/3, batch structure, batch reform) updated - _build_control_from_json: parsing + validation (string→list, size validation) - _store_control: writes 3 new JSONB columns - API: response models, create/update requests, SELECT queries extended - Migration 063: 3 new JSONB columns with GIN indexes - 110 generator tests + 28 route tests = 138 total, all passing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 16:28:05 +01:00
Benjamin Admin	3bb9fffab6	docs: update control library taxonomy, add provenance wiki page ... - canonical-control-library.md: add 7 release_states (was 4), target_audience (17 values), generation_strategy, missing API endpoints (controls-customer, backfill-citations, backfill-domain), updated test counts (81+) - NEW control-provenance.md: extracted from frontend page.tsx — methodology, legal basis, filters, badges, taxonomy, open/restricted sources, verification methods, 23 categories, license matrix, source registry - mkdocs.yml: add Control Provenance Wiki to navigation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 08:49:42 +01:00
Benjamin Admin	148c7ba3af	feat(qa): recital detection, review split, duplicate comparison ... Add _detect_recital() to QA pipeline — flags controls where source_original_text contains Erwägungsgrund markers instead of article text (28% of controls with source text affected). - Recital detection via regex + phrase matching in QA validation - 10 new tests (TestRecitalDetection), 81 total - ReviewCompare component for side-by-side duplicate comparison - Review mode split: Duplikat-Verdacht vs Rule-3-ohne-Anchor tabs - MkDocs: recital detection documentation - Detection script for bulk analysis (scripts/find_recital_controls.py) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 08:20:02 +01:00
Benjamin Admin	a9e0869205	feat(pipeline): pipeline_version v2, migration 062, docs + 71 tests ... - Add PIPELINE_VERSION=2 constant and pipeline_version column to canonical_controls and canonical_processed_chunks (migration 062) - Anthropic API decides chunk relevance via null-returns (skip_prefilter) - Annex/appendix chunks explicitly protected in prompts - Fix 6 failing tests (CRYP domain, _process_batch tuple return) - Add TestPipelineVersion + TestRegulationFilter test classes (10 new tests) - Add MkDocs page: control-generator-pipeline.md (541 lines) - Update canonical-control-library.md with v2 pipeline diagram - Update testing.md with 71-test breakdown table Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-17 17:31:11 +01:00
Benjamin Admin	825e070ed9	feat(multi-layer): complete Multi-Layer Control Architecture (Phases 1-8 + Pass 0) ... Implements the full Multi-Layer Control Architecture for migrating ~25,000 Rich Controls into atomic, deduplicated Master Controls with full traceability. Architecture: Legal Source → Obligation → Control Pattern → Master Control → Customer Instance New services: - ObligationExtractor: 3-tier extraction (exact → embedding → LLM) - PatternMatcher: 2-tier matching (keyword + embedding + domain-bonus) - ControlComposer: Pattern + Obligation → Master Control - PipelineAdapter: Pipeline integration + Migration Passes 1-5 - DecompositionPass: Pass 0a/0b — Rich Control → atomic Controls - CrosswalkRoutes: 15 API endpoints under /v1/canonical/ New DB schema: - Migration 060: obligation_extractions, control_patterns, crosswalk_matrix - Migration 061: obligation_candidates, parent_control_uuid tracking Pattern Library: 50 YAML patterns (30 core + 20 IT-security) Go SDK: Pattern loader with YAML validation and indexing Documentation: MkDocs updated with full architecture overview 500 Python tests passing across all components. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-17 09:00:37 +01:00
Benjamin Admin	4f6bc8f6f6	feat(training+controls): interactive video pipeline, training blocks, control generator, CE libraries ... Interactive Training Videos (CP-TRAIN): - DB migration 022: training_checkpoints + checkpoint_progress tables - NarratorScript generation via Anthropic (AI Teacher persona, German) - TTS batch synthesis + interactive video pipeline (slides + checkpoint slides + FFmpeg) - 4 new API endpoints: generate-interactive, interactive-manifest, checkpoint submit, checkpoint progress - InteractiveVideoPlayer component (HTML5 Video, quiz overlay, seek protection, progress tracking) - Learner portal integration with automatic completion on all checkpoints passed - 30 new tests (handler validation + grading logic + manifest/progress + seek protection) Training Blocks: - Block generator, block store, block config CRUD + preview/generate endpoints - Migration 021: training_blocks schema Control Generator + Canonical Library: - Control generator routes + service enhancements - Canonical control library helpers, sidebar entry - Citation backfill service + tests - CE libraries data (hazard, protection, evidence, lifecycle, components) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 21:41:48 +01:00
Benjamin Admin	d2133dbfa2	test+docs(iace): add handler tests, error-handling tests, JSON export tests, TipTap docs ... - Create iace_handler_test.go (22 tests): input validation for InitFromProfile, GenerateSingleSection, ExportTechFile, CheckCompleteness, getTenantID, CreateProject, ListProjects, Component CRUD handlers - Add error-handling tests to tech_file_generator_test.go: nil context, nil project, empty components/hazards/classifications/evidence, unknown section type, all 19 getSystemPrompt types, AI-specific section prompts - Add JSON export tests to document_export_test.go: valid output, empty project, nil project error, special character handling (German text, XML escapes) - Add iace-hazard-library.md to mkdocs.yml navigation - Add TipTap Rich-Text-Editor section to iace.md documentation Total: 181 tests passing (was 165), 0 failures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 13:15:31 +01:00
Benjamin Admin	6d2de9b897	feat(iace): complete CE risk assessment — LLM tech-file generation, multi-format export, TipTap editor ... Phase 1: Fix completeness gates G23 (require verified/rejected mitigations) and G09 (audit trail check) Phase 2: LLM-based tech-file section generation with 19 German prompts and RAG enrichment Phase 3: Multi-format document export (PDF/Excel/DOCX/Markdown/JSON) Phase 4: Company profile → IACE data flow with auto component/classification creation Phase 5: TipTap WYSIWYG editor replacing textarea for tech-file sections Phase 6: User journey tests, developer portal API reference, updated documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 12:50:53 +01:00
Benjamin Admin	5adb1c5f16	feat(iace): integrate Rule Library as 58 extended hazard patterns (HP045-HP102) ... Parsed 171 explicit rules from 4 Rule Library Word documents (R051-R1550), deduplicated into 58 unique (component, energy_source) patterns, and mapped to existing IACE IDs (component tags, M-IDs, E-IDs). Changes: - hazard_patterns_extended.go: 58 new patterns derived from Rule Library - pattern_engine.go: combines builtin (44) + extended (58) = 102 total patterns - iace_handler.go: ListHazardPatterns returns all 102 patterns - iace.md: updated documentation for 102 patterns - scripts/generate-rule-patterns.py: mapping + Go code generator - scripts/parsed-rule-library.json: extracted rule data Tests: 132 passing (9 new extended pattern tests) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 11:24:07 +01:00
Benjamin Admin	9c1355c05f	feat(iace): Phase 5+6 — frontend integration, RAG library search, comprehensive tests ... Phase 5 — Frontend Integration: - components/page.tsx: ComponentLibraryModal with 120 components + 20 energy sources - hazards/page.tsx: AutoSuggestPanel with 3-column pattern matching review - mitigations/page.tsx: SuggestMeasuresModal per hazard with 3-level grouping - verification/page.tsx: SuggestEvidenceModal per mitigation with evidence types Phase 6 — RAG Library Search: - Added bp_iace_libraries to AllowedCollections whitelist in rag_handlers.go - SearchLibrary endpoint: POST /iace/library-search (semantic search across libraries) - EnrichTechFileSection endpoint: POST /projects/:id/tech-file/:section/enrich - Created ingest-iace-libraries.sh ingestion script for Qdrant collection Tests (123 passing): - tag_taxonomy_test.go: 8 tests for taxonomy entries, domains, essential tags - controls_library_test.go: 7 tests for measures, reduction types, subtypes - integration_test.go: 7 integration tests for full match flow and library consistency - Extended tag_resolver_test.go: 9 new tests for FindByTags and cross-category resolution Documentation: - Updated iace.md with Hazard-Matching-Engine, RAG enrichment, and new DB tables Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 10:22:49 +01:00
Benjamin Admin	3b2006ebce	feat(iace): add hazard-matching-engine with component library, tag system, and pattern engine ... Implements Phases 1-4 of the IACE Hazard-Matching-Engine: - 120 machine components (C001-C120) in 11 categories - 20 energy sources (EN01-EN20) - ~85 tag taxonomy across 5 domains - 44 hazard patterns with AND/NOT matching logic - Pattern engine with tag resolution and confidence scoring - 8 new API endpoints (component-library, energy-sources, tags, patterns, match/apply) - Completeness gate G09 for pattern matching - 320 tests passing (36 new) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 08:50:11 +01:00
Benjamin Admin	c7651796c9	feat(iace): integrate ISO 12100 machine risk model with 4-factor assessment ... Add dual-mode risk engine: legacy S×E×P (avoidance=0) and ISO mode S×F×P×A (avoidance>=1) with new thresholds (low/medium/high/very_high/not_acceptable). - 150+ hazard library entries across 28 categories incl. physical hazards (mechanical, electrical, thermal, pneumatic/hydraulic, noise/vibration, ergonomic, material/environmental) - 160-entry protective measures library with 3-step hierarchy validation (design → protective → information) - 25 lifecycle phases, 20 affected person roles, 50 evidence types - 10 verification methods (expanded from 7) - New API endpoints: lifecycle-phases, roles, evidence-types, protective-measures-library, validate-mitigation-hierarchy - DB migrations 018+019 for extended schema - Frontend: 4-slider risk assessment, hierarchy warnings, measures library modal - MkDocs wiki updated with ISO mode docs and legal notice (no norm text) All content uses original wording — norms referenced as methodology only. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-15 23:13:41 +01:00
Benjamin Admin	f3e05c1bf7	feat: enhance whistleblower HinSchG content, fix control-library filter layout ... - Whistleblower page: expand overview tab with comprehensive HinSchG legal info (Gesetzliche Grundlage, Fristen-Cards, Anwendungsbereich, Schutz des Hinweisgebers) - StepHeader: enrich whistleblower tips with detailed HinSchG paragraphs and sanctions - Wiki: add migration 054 with 5 new/updated HinSchG articles (Anwendungsbereich, Hinweisgeberschutz, Meldestellen, Verfahrensablauf, Datenschutz-Anforderungen) - MKDocs: rewrite whistleblower docs with full legal basis, architecture, API, DB schema - Control library: fix filter dropdown overflow by splitting into search + filter rows Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-15 00:23:19 +01:00
Benjamin Admin	2ed1c08acf	feat: enhance legal basis display, add batch processing tests and docs ... - Backfill 81 controls with empty source_citation.source from generation_metadata - Add fallback to generation_metadata.source_regulation in ControlDetail blue box - Improve Rule 3 amber box text for reformulated controls - Add 30 new tests for batch processing (TestParseJsonArray, TestBatchSizeConfig, TestBatchProcessingLoop) — all 61 control generator tests passing - Fix stale test_config_defaults assertion (max_controls 50→0) - Update canonical-control-library.md with batch processing pipeline docs, processed chunks tracking, migration guide, and stats endpoint - Update testing.md with canonical control generator test section Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-14 23:51:52 +01:00
Benjamin Admin	a9f291ff49	test+docs: add policy library tests (67 tests) and MKDocs documentation ... - New test_policy_templates.py: 67 tests covering all 29 policy types, API creation, filtering, placeholders, seed script validation - Updated test_legal_template_routes.py: fix type count 16→52 - New MKDocs page policy-bibliothek.md with full template reference - Updated dokumentengenerierung.md and rechtliche-texte.md with cross-refs - Added policy-bibliothek to mkdocs.yml navigation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-14 22:50:50 +01:00
Benjamin Admin	49ce417428	feat: add compliance modules 2-5 (dashboard, security templates, process manager, evidence collector) ... Module 2: Extended Compliance Dashboard with roadmap, module-status, next-actions, snapshots, score-history Module 3: 7 German security document templates (IT-Sicherheitskonzept, Datenschutz, Backup, Logging, Incident-Response, Zugriff, Risikomanagement) Module 4: Compliance Process Manager with CRUD, complete/skip/seed, ~50 seed tasks, 3-tab UI Module 5: Evidence Collector Extended with automated checks, control-mapping, coverage report, 4-tab UI Also includes: canonical control library enhancements (verification method, categories, dedup), control generator improvements, RAG client extensions 52 tests pass, frontend builds clean. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-14 21:03:04 +01:00
Benjamin Admin	b4d2be83eb	Merge gitea/main: resolve ci.yaml conflict, keep Coolify deploy ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 13:26:17 +01:00
Benjamin Admin	453eec9ed8	fix: correct canonical control proxy paths to include /compliance prefix ... The backend mounts the compliance router at /api/compliance, so canonical control endpoints are at /api/compliance/v1/canonical/*, not /api/v1/canonical/*. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 20:49:06 +01:00
Benjamin Admin	050f353192	feat(canonical-controls): Canonical Control Library — rechtssichere Security Controls ... Eigenstaendig formulierte Security Controls mit unabhaengiger Taxonomie und Open-Source-Verankerung (OWASP, NIST, ENISA). Keine BSI-Nomenklatur. - Migration 044: 5 DB-Tabellen (frameworks, controls, sources, licenses, mappings) - 10 Seed Controls mit 39 Open-Source-Referenzen - License Gate: Quellen-Berechtigungspruefung (analysis/excerpt/embeddings/product) - Too-Close-Detektor: 5 Metriken (exact-phrase, token-overlap, ngram, embedding, LCS) - REST API: 8 Endpoints unter /v1/canonical/ - Go Loader mit Multi-Index (ID, domain, severity, framework) - Frontend: Control Library Browser + Provenance Wiki - CI/CD: validate-controls.py Job (schema, no-leak, open-anchors) - 67 Tests (8 Go + 59 Python), alle PASS - MkDocs Dokumentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 19:55:06 +01:00
Benjamin Admin	b1a0dd3615	docs: SDK-Flow, MkDocs und Entwicklerdoku aktualisieren ... - flow-data.ts: Profil-Summary und Use-Case-Wizard-Details dokumentiert - stammdaten.md: Step 99 Summary-Seite dokumentiert, Dokumente-generieren entfernt - vorbereitung-module.md: UCCA 8-Schritte-Wizard mit Kachel-UI dokumentiert Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 22:30:31 +01:00
Benjamin Admin	1f91e05600	fix+test+docs: Archivierte Projekte, Vitest-Tests & Regulations-Doku ... - fix(ProjectSelector): Archivierte Projekte anklickbar machen, doppelten "Neues Projekt" Button entfernen - test: 32 Vitest-Tests fuer scope-to-facts und supervisory-authority-resolver - docs(flow-data): Scope-Step outputs + Obligations inputs erweitert - docs(developer-portal): Feature-Highlight "Automatische Regulierungs-Ableitung" - docs(mkdocs): Neuer Abschnitt Regulierungs-Ableitung in obligations.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 11:07:35 +01:00
Benjamin Admin	d53cf21b95	docs: Projekt-API in API-Docs, Developer Portal + MKDocs ergaenzen ... - endpoints.ts: Neues Modul "Projekte — Multi-Projekt-Verwaltung" (5 Endpoints) - Developer Portal: projectId im Beispiel-Code, Multi-Projekt als Feature - multi-tenancy.md: Verweis auf multi-project.md + neue Tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 15:59:27 +01:00
Benjamin Admin	0affa4eb66	feat(sdk): Multi-Projekt-Architektur — mehrere Projekte pro Tenant ... Jeder Tenant kann jetzt mehrere Compliance-Projekte anlegen (z.B. verschiedene Produkte, Tochterunternehmen). CompanyProfile ist pro Projekt kopierbar und danach unabhaengig editierbar. Multi-Tab-Support via separater BroadcastChannel und localStorage Keys pro Projekt. - Migration 039: compliance_projects Tabelle, sdk_states.project_id - Backend: FastAPI CRUD-Routes fuer Projekte mit Tenant-Isolation - Frontend: ProjectSelector UI, SDKProvider mit projectId, URL ?project= - State API: UPSERT auf (tenant_id, project_id) mit Abwaertskompatibilitaet - Tests: pytest fuer Model-Validierung, Row-Konvertierung, Tenant-Isolation - Docs: MKDocs Seite, CLAUDE.md, Backend README Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 14:53:50 +01:00
Benjamin Admin	9e65dff7d6	feat(isms): ISO 27001 Frontend, Proxy, Sidebar, Flow-Data, Architecture, MkDocs ... ISMS-Modul mit 6 Tabs (Uebersicht, Policies, SoA, Ziele, Audits/Findings/CAPA, Management-Reviews) fuer alle 39 Backend-Endpoints. Readiness-Check identifiziert potenzielle Major/Minor-Findings vor externer Zertifizierung. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 14:53:31 +01:00
Benjamin Admin	1e84df9769	feat(sdk): Multi-Tenancy, Versionierung, Change-Requests, Dokumentengenerierung (Phase 1-6) ... 6-Phasen-Implementation fuer cloud-faehiges, mandantenfaehiges Compliance SDK: Phase 1: Multi-Tenancy Fix - Shared tenant_utils.py Dependency (UUID-Validierung, kein "default" mehr) - VVT tenant_id Column + tenant-scoped Queries - DSFA/Vendor DEFAULT_TENANT_ID von "default" auf UUID migriert - Migration 035 Phase 2: Stammdaten-Erweiterung - Company Profile um JSONB-Felder erweitert (processing_systems, ai_systems, technical_contacts) - Regulierungs-Flags (NIS2, AI Act, ISO 27001) - GET /template-context Endpoint - Migration 036 Phase 3: Dokument-Versionierung - 5 Versions-Tabellen (DSFA, VVT, TOM, Loeschfristen, Obligations) - Shared versioning_utils.py Helper - /{id}/versions Endpoints auf allen 5 Dokumenttypen - Migration 037 Phase 4: Change-Request System - Zentrale CR-Inbox mit CRUD + Accept/Reject/Edit Workflow - Regelbasierte CR-Engine (VVT DPIA → DSFA CR, Datenkategorien → Loeschfristen CR) - Audit-Trail - Migration 038 Phase 5: Dokumentengenerierung - 5 Template-Generatoren (DSFA, VVT, TOM, Loeschfristen, Obligations) - Preview + Apply Endpoints (erzeugt CRs, keine direkten Dokumente) Phase 6: Frontend-Integration - Change-Request Inbox Page mit Stats, Filtern, Modals - VersionHistory Timeline-Komponente - SDKSidebar CR-Badge (60s Polling) - Company Profile: 2 neue Wizard-Steps + "Dokumente generieren" CTA Docs: 5 neue MkDocs-Seiten, CLAUDE.md aktualisiert Tests: 97 neue Tests (alle bestanden) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 14:12:34 +01:00
Benjamin Admin	8f3fb84b61	docs: Infrastruktur-Migration 2026-03-06 in Docs + CLAUDE.md nachziehen ... - CLAUDE.md: Voraussetzungen auf externe Hetzner-Services aktualisiert (PostgreSQL 46.225.100.82:54321, Qdrant qdrant-dev.breakpilot.ai, MinIO Hetzner) - docs-src/index.md: PostgreSQL-Zeile auf externe Instanz aktualisiert - docs-src/document-crawler/index.md: DB-Verbindung auf externe PG aktualisiert - Zusatz: training_*, ucca_*, academy_* Tabellen + update_updated_at_column() Funktion auf externe DB nachmigriert (waren beim ersten Dump nicht erfasst) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-06 21:10:24 +01:00
Benjamin Admin	8742cb7f5a	docs: Qdrant und MinIO/Object-Storage Referenzen aktualisieren ... - Qdrant: lokaler Container → qdrant-dev.breakpilot.ai (gehostet, API-Key) - MinIO: bp-core-minio → Hetzner Object Storage (nbg1.your-objectstorage.com) - CLAUDE.md, MkDocs, ARCHITECTURE.md, training.md, ci-cd-pipeline.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 20:18:29 +01:00
Benjamin Admin	4a564ad8f7	docs: SDK Workflow Referenzseite — Seq-Nummern, visibleWhen, Navigation ... Neue Übersichtsseite sdk-workflow.md mit vollständiger Referenz: - Alle 34 Steps mit seq-Nummern (100–4800) in Pakettabellen - Lücken-Konvention (100er innerhalb, 300er an Paket-Grenzen) - visibleWhen-Logik für import/dsfa/document-generator - Prerequisite-Ketten-Regeln und Ausnahmen - Alle Navigationsfunktionen (getNextStep, getVisibleSteps, etc.) - Anleitung zum Einfügen neuer Steps - Deprecated-Hinweis für getVisibleStepsForCustomerType Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 22:31:28 +01:00
Benjamin Admin	d527fcbdc8	fix(sdk)+docs: dsfa-visibleWhen Bug, training.md, index.md komplett ... Fixes: - types.ts: dsfa isOptional false→true + visibleWhen ergänzt (sichtbar nur bei Scope L2/L3/L4 oder dsfaRequired Hard-Trigger) - dsfa war einziger Step mit fehlendem visibleWhen laut Plan Docs: - training.md: NEU — Training Engine (seq 4800), alle Endpoints, Rollenmatrix, KI-Inhalt, Quiz, TTS-Media, DB-Schema - mkdocs.yml: Training Engine nav-Eintrag - index.md: E-Mail-Templates (4350) + Training Engine (4800) in Modul-Tabelle + URL-Liste ergänzt Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 21:13:06 +01:00
Benjamin Admin	d212208587	docs: MkDocs-Aktualisierung — Obligations v2, Extraction, fehlende Module ... - obligations.md: NEU — Obligations Framework v2 (325 Pflichten, 9 Regulierungen, Condition Engine, TOM-Mapping, Gap-Analyse, alle 13 API-Endpoints) - requirements.md: POST /compliance/extract-requirements-from-rag dokumentiert (RAG-Collections, dry_run, Deduplication, Auto-Regulation-Stubs) - vorbereitung-module.md: UCCA Obligations v2 Abschnitt + neue Endpoints + Hinweis: Go-Tests lokal statt im Container - index.md: Obligations, IACE, Import, Screening, RAG zur Modulliste + URLs - mkdocs.yml: obligations.md als nav-Eintrag Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 20:33:08 +01:00
Benjamin Admin	a1980cd12d	feat(reporting+docs): tenant-ID-Validierung, Go-Tests, 4 MkDocs-Einzelseiten ... - reporting_handlers.go: uuid.Nil-Check vor Store-Aufruf (→ 400) - reporting_handlers_test.go: 4 MissingTenantID-Tests (PASS) + 4 WithTenant-Tests (SKIP) - docs-src: requirements.md, controls.md, evidence.md, risks.md (je mit API, Schema, Tests) - mkdocs.yml: 4 neue Nav-Einträge + \n-Bug auf Zeile 91 behoben - compliance-kern.md: Link-Hinweise zu Detailseiten ergänzt Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 18:25:26 +01:00
Benjamin Admin	529c37d91a	chore: diverse Bereinigungen und Fixes ... - admin-compliance: .dockerignore + Dockerfile bereinigt - dsfa-corpus/route.ts + legal-corpus/route.ts entfernt (obsolet) - webhooks/woodpecker/route.ts: minor fix - dsfa/[id]/page.tsx: Refactoring - service_modules.py + README.md: aktualisiert - Migration 028 → 032 umbenannt (legal_documents_extend) - docs: index.md + DEVELOPER.md aktualisiert Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 17:24:15 +01:00
Benjamin Admin	efeacc1619	feat(iace): Hazard-Library v2, Controls-Library, SEPA Avoidance, CE RAG-Ingest ... - Hazard-Library: +79 neue Eintraege in 12 Kategorien (software_fault, hmi_error, mechanical_hazard, electrical_hazard, thermal_hazard, emc_hazard, configuration_error, safety_function_failure, logging_audit_failure, integration_error, environmental_hazard, maintenance_hazard) — Gesamtanzahl: ~116 Eintraege in 24 Kategorien - Controls-Library: neue Datei controls_library.go mit 200 Eintraegen in 6 Domaenen (REQ/ARCH/SWDEV/VER/CYBER/DOC) - Handler: GET /sdk/v1/iace/controls-library (?domain=, ?category=) - SEPA: CalculateInherentRisk() + 4. Param Avoidance (0=disabled, 1-5: 3=neutral); RiskComputeInput.Avoidance, RiskAssessment.Avoidance, AssessRiskRequest.Avoidance — backward-kompatibel (A=0 → S×E×P) - Tests: engine_test.go + hazard_library_test.go aktualisiert - Scripts: ingest-ce-corpus.sh — 15 CE/Safety-Dokumente (EUR-Lex, NIST, ENISA, NASA, OWASP, MITRE CWE) in bp_compliance_ce und bp_compliance_datenschutz - Docs: docs-src/services/sdk-modules/iace.md + mkdocs.yml Nav-Eintrag Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 17:13:01 +01:00
Benjamin Admin	bd9796725a	feat(compliance-kern): Tests, MkDocs + RAG-Controls Button für Anforderungen/Controls/Nachweise/Risiken ... - 74 neue Tests (test_risk_routes, test_evidence_routes, test_requirement_routes, test_control_routes) Enum-Mocking (.value), ControlStatusEnum-Validierung, db.query() direkte Mocks - MkDocs: docs-src/services/sdk-modules/compliance-kern.md Endpunkt-Tabellen, Schema-Erklärungen, CI/CD-Beispiele, Risikomatrix - controls/page.tsx: "KI-Controls aus RAG vorschlagen" Button POST /api/sdk/v1/compliance/ai/suggest-controls, Suggestion-Panel, Requirement-ID-Eingabe + Dropdown, Konfidenz-Anzeige, Hinzufügen-Aktion Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 13:43:02 +01:00
Benjamin Admin	3913931d5b	feat(freigabe): Import/Screening/Modules/RAG — API-Tests, Migration 031, Bug-Fix ... - import_routes: GET /gap-analysis/{document_id} implementiert - import_routes: Bug-Fix — gap_analysis_result vor try-Block initialisiert (verhindert UnboundLocalError bei DB-Fehler) - test_import_routes: 21 neue API-Endpoint-Tests (59 total, alle grün) - test_screening_routes: 18 neue API-Endpoint-Tests (74 total, alle grün) - 031_modules.sql: Migration für compliance_service_modules, compliance_module_regulations, compliance_module_risks - test_module_routes: 20 neue Tests für Module-Registry-Routen (alle grün) - freigabe-module.md: MkDocs-Seite für Import/Screening/Modules/RAG - mkdocs.yml: Nav-Eintrag "Freigabe-Module (Paket 2)" Gesamt: 146 neue Tests, alle bestanden Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 11:42:19 +01:00
Benjamin Admin	0503e72a80	fix(freigabe): Vorbereitung-Module release prep — Python 3.9 fix, Scope Engine tests, MkDocs ... - fix: company_profile_routes.py — dict|None → Optional[dict] for Python 3.9 compat (9/9 tests grün) - test: 40 Vitest-Tests für ComplianceScopeEngine (calculateScores, determineLevel, evaluateHardTriggers, evaluate integration, buildDocumentScope, evaluateRiskFlags) - docs: vorbereitung-module.md — Profil, Scope, UCCA vollständig dokumentiert - docs: mkdocs.yml — Nav-Eintrag "Vorbereitung-Module (Paket 1)" vor Analyse-Module Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 10:57:17 +01:00
Benjamin Admin	6ad7d62369	docs: DSFA MkDocs aktualisiert — Migration 030, vollständiges Schema, 101 Tests, PDF-Ingest ... - Datenmodell: vollständiges Response-JSON mit allen 60+ Feldern (Sections 0-8) - DB-Schema: Migrations-Tabelle (024/028/030), alle Spaltengruppen dokumentiert - API: minimaler Create-Request + Section-Update-Beispiel - Tests: 101 Tests (war: 52), neue Klassen TestAIUseCaseModules + TestDSFAFullSchema - Ingest-Script: PDF-Downloads aktiviert, 10 Behörden mit direkten URLs, Tabelle: Behörden mit PDF vs. Text-Fallback Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 10:13:43 +01:00
Benjamin Admin	308d559c85	feat: DSFA Section 8 KI-Anwendungsfälle + Bundesland RAG-Ingest ... - Migration 028: ai_use_case_modules JSONB + section_8_complete auf compliance_dsfas - Neues ai-use-case-types.ts: AIUseCaseModule Interface, 8 Typen, Art22Assessment, AI Act Risikoklassen, WP248-Kriterien, Privacy by Design, createEmptyModule() Helper - types.ts: Section 8 in DSFA_SECTIONS, ai_use_case_modules im DSFA Interface, section_8_complete in DSFASectionProgress - api.ts: addAIUseCaseModule, updateAIUseCaseModule, removeAIUseCaseModule - 5 neue UI-Komponenten: AIUseCaseTypeSelector, Art22AssessmentPanel, AIRiskCriteriaChecklist, AIUseCaseModuleEditor (7 Tabs), AIUseCaseSection - DSFASidebar: Section 8 Eintrag + calculateSectionProgress case 8 - ReviewScheduleSection: ai_use_case_module Trigger-Typ ergänzt - page.tsx: Section 8 Rendering + Weiter-Button auf activeSection < 8 + KI-Module Counter - scripts/ingest-dsfa-bundesland.sh: WP248 + alle 17 Behörden → bp_dsfa_corpus - Docs: dsfa.md Section 8 + RAG-Corpus, Developer Portal DSFA mit AI-Modul-Code-Beispielen Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 09:20:27 +01:00
Benjamin Admin	451616b10e	docs: MkDocs-Dokumentation fuer DSR, E-Mail-Templates, Banner Consent ... - Neue Seiten: dsr.md, email-templates.md, banner-consent.md - rechtliche-texte.md: User-Consents & Cookie-Kategorien (Migration 028) ergaenzt - mkdocs.yml: 3 neue Nav-Eintraege unter SDK Module Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 08:22:38 +01:00
Benjamin Admin	a9de7b4010	docs: DSFA Modul — MkDocs + Developer Portal Dokumentation ... - docs-src/services/sdk-modules/dsfa.md: vollständige DSFA-Dokumentation (Endpoints, Datenmodell, Status-Workflow, DB-Tabellen, Tests, Compliance-Kontext) - mkdocs.yml: DSFA in Navigation unter SDK Module eingefügt - docs-src/index.md: DSFA + Paket-Links in Services-Dokumentation - docs-src/services/sdk-modules/dokumentations-module.md: DSFA in Übersichtstabelle - developer-portal/app/api/dsfa/page.tsx: vollständige API-Referenz mit cURL-Beispielen - developer-portal/app/api/page.tsx: DSFA-Abschnitt mit allen 8 Endpoints Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-04 22:55:31 +01:00
Benjamin Admin	393eab6acd	feat: Package 4 Nachbesserungen — History-Tracking, Pagination, Frontend-Fixes ... Backend: - Migration 009: compliance_einwilligungen_consent_history Tabelle - EinwilligungenConsentHistoryDB Modell (consent_id, action, version, ip, ua, source) - _record_history() Helper: automatisch bei POST /consents (granted) + PUT /revoke (revoked) - GET /consents/{id}/history Endpoint (vor revoke platziert für korrektes Routing) - GET /consents: history-Array pro Eintrag (inline Sub-Query) - 5 neue Tests (TestConsentHistoryTracking) — 32/32 bestanden Frontend: - consent/route.ts: limit+offset aus Frontend-Request weitergeleitet, total-Feld ergänzt - Neuer Proxy consent/[id]/history/route.ts für GET /consents/{id}/history - page.tsx: globalStats state + loadStats() (Backend /consents/stats für globale Zahlen) - page.tsx: Stats-Kacheln auf globalStats umgestellt (nicht mehr page-relativ) - page.tsx: history-Mapper: created_at→timestamp, consent_version→version - page.tsx: loadStats() bei Mount + nach Revoke Dokumentation: - Developer Portal: neue API-Docs-Seite /api/einwilligungen (Consent + Legal Docs + Cookie Banner) - developer-portal/app/api/page.tsx: Consent Management Abschnitt - MkDocs: History-Endpoint, Pagination-Abschnitt, History-Tracking Abschnitt - Deploy-Skript: scripts/apply_consent_history_migration.sh Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 11:54:25 +01:00
Benjamin Admin	c0b179510d	feat: Package 4 Phase 3 — Finale Fixes + Dokumentation (MkDocs, SDK Flow, StepHeader) ... Finale Fixes (5 Bugs): - workflow/page.tsx: Array-Format-Fix fuer loadVersions — Array.isArray statt data.versions - einwilligungen_routes.py: ip_address + user_agent in GET /consents Response ergaenzt - consent/page.tsx: Bearbeiten/Vorschau/Veroeffentlichen + Quick Actions verdrahtet (useRouter + Preview Modal) - cookie-banner/page.tsx: BannerTexts State + Controlled Inputs + DB-Persistenz (banner_texts) - embed-code/route.ts: In-Memory configStorage → DB-fetch aus Backend, embed_code Key korrigiert Dokumentation: - docs-src/services/sdk-modules/rechtliche-texte.md: Neue MkDocs-Seite fuer Paket 4 (Einwilligungen, Rechtliche Vorlagen, Cookie Banner, Document Workflow) - mkdocs.yml: Nav-Eintrag 'Rechtliche Texte (Paket 4)' ergaenzt - dokumentations-module.md: Datenfluss-Diagramm um Paket-4-Module erweitert - flow-data.ts: Paket-4-Steps mit korrekten dbTables/dbMode und aktualisierten Beschreibungen - StepHeader.tsx: cookie-banner + workflow STEP_EXPLANATIONS auf Persistenz und Funktionsumfang aktualisiert Tests: 24/24 bestanden (test_einwilligungen_routes.py) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 10:37:41 +01:00
Benjamin Admin	799668e472	fix: MkDocs Anker-Link in dokumentations-module.md korrigieren (#training → #training-engine) ... Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 18:55:37 +01:00
Benjamin Admin	5c7c0055ff	docs: MkDocs, SDK-Flow und Tests fuer 6 Dokumentations-Module aktualisieren ... MkDocs: - Neue Dokumentationsseite: docs-src/services/sdk-modules/dokumentations-module.md Beschreibt alle 6 Module (VVT, Source Policy, Document Generator, Audit Checklist, Audit Report, Training Engine) mit API-Endpoints, DB-Tabellen, Datenmodell und Besonderheiten - mkdocs.yml: Neuen Eintrag "Dokumentations-Module (Paket 3+)" ergaenzt SDK Flow (flow-data.ts): - VVT: dbTables korrigiert ([] → compliance_vvt_organization/activities/audit_log), dbMode: none → read/write, descriptionLong auf Backend-Persistenz aktualisiert - Training: dbTables ergaenzt (training_modules/assignments/quiz_*/matrix_entries/ audit_log), dbMode: none → read/write, Beschreibung auf 28 Module aktualisiert - Source Policy: Tabellennamen korrigiert (compliance_pii_field_rules → compliance_pii_rules, compliance_source_policies entfernt, compliance_source_operations ergaenzt) - Document Generator: Beschreibung um PDF-Export (window.print) und Fallback-Banner ergaenzt Tests: - Neue Datei: tests/test_source_policy_routes.py (35 Tests, alle gruen) - Schema-Tests: SourceCreate, SourceUpdate, PIIRuleCreate, PIIRuleUpdate - DB-Model-Tests: AllowedSourceDB, PIIRuleDB - Filter-Logik: source_type-Filter und category-Filter Unit-Tests - Audit-Log-Helper: _log_audit Verhalten verifiziert Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 18:48:55 +01:00
Benjamin Admin	7cc420bd9e	docs: Tests, MKDocs und SDK-Flow-Beschreibungen fuer Analyse-Module aktualisieren ... Backend-Tests fuer alle 7 Analyse-Module (Requirements CRUD, AI System CRUD + Assessment, Evidence Pagination, Risk Workflow). MKDocs um Analyse-Module-Seite erweitert. SDK-Flow flow-data.ts und StepHeader STEP_EXPLANATIONS mit neuen Features aktualisiert (CRUD, Pagination, Evidence-Linking, Residual Risk, AI Act Backend-Persistenz, PDF-Export). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 16:09:03 +01:00
Benjamin Admin	d9f819e5be	docs+tests: Phase 2 RAG audit — missing tests, dev docs, SDK flow page ... - Add rag-query.test.ts (7 Jest tests for shared queryRAG utility) - Add test_routes_legal_context.py (3 tests for ?include_legal_context param) - Update ARCHITECTURE.md with multi-collection RAG section (3.3) - Update DEVELOPER.md with RAG usage examples, collection table, error tolerance - Add SDK flow page with updated requirements + DSFA RAG descriptions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 09:26:57 +01:00
Benjamin Admin	52a9ad2279	docs: add Industry Compliance Ingestion documentation ... - Document all 10 industry compliance PDFs and their sources - Cover ingestion script usage, phases, chunking config - Document IFRS timeout workaround and endorsement warning - Add license overview for all document sources Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-28 09:50:34 +01:00
Benjamin Boenisch	dccb3e9f36	feat: add reporting frontend, fix module categorization, update docs ... - Create Reporting module frontend (page.tsx) with executive dashboard showing compliance score, risk overview, deadlines, module KPIs - Create Reporting lib (types.ts, api.ts) matching Go backend models - Add Reporting to STEP_EXPLANATIONS and both SDK sidebars - Remove DSB Portal, Multi-Tenant, SSO from SDK sidebars (admin-only) - Add Multi-Tenant, SSO, DSB Portal to dashboard navigation.ts with 'Plattform-Verwaltung' subgroup - Update docs: academy.md (PDF certs), reporting.md (new), index.md (SDK vs Admin categorization), mkdocs.yml (all modules) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-15 01:03:53 +01:00