Alle 3 Frontend-Seiten (audit-report, audit-report/[sessionId],
audit-checklist) riefen /sessions/{id}/pdf auf, aber der Backend-
Endpoint ist /sessions/{id}/report/pdf.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Backend-Tests fuer alle 7 Analyse-Module (Requirements CRUD, AI System CRUD + Assessment,
Evidence Pagination, Risk Workflow). MKDocs um Analyse-Module-Seite erweitert. SDK-Flow
flow-data.ts und StepHeader STEP_EXPLANATIONS mit neuen Features aktualisiert (CRUD,
Pagination, Evidence-Linking, Residual Risk, AI Act Backend-Persistenz, PDF-Export).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
7 Analyse-Module (Requirements, Controls, Evidence, Risk Matrix, AI Act,
Audit Checklist, Audit Report) von ~35% auf 100% gebracht:
- Catch-all Proxy-Route /api/sdk/v1/compliance/[[...path]] erstellt
- DELETE-Endpoints fuer Risks und Evidence im Backend hinzugefuegt
- Alle 7 Frontend-Seiten ans Backend gewired (Fetch, PUT, POST, DELETE)
- Mock-Daten durch Backend-Daten ersetzt, Templates als Fallback
- Loading-Skeletons und Error-Banner hinzugefuegt
- AI Act: Add-System-Form + assess-risk API-Integration
- Audit Report: API-Pfade von /api/admin/ auf /api/sdk/v1/compliance/ korrigiert
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Migrate queryRAG from klausur-service GET to bp-core-rag-service POST with
multi-collection support. Each of the 18 ScopeDocumentType now gets a
type-specific RAG collection and optimized search query instead of the
generic fallback. Vendor-compliance contract review now uses LLM + RAG
for real analysis with mock fallback on error.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add legal context enrichment from Qdrant vector corpus to the two
highest-priority modules (Requirements AI assistant and DSFA drafting
engine).
Go SDK:
- Add SearchCollection() with collection override + whitelist validation
- Refactor Search() to delegate to shared searchInternal()
Python backend:
- New ComplianceRAGClient proxying POST /sdk/v1/rag/search (error-tolerant)
- AI assistant: enrich interpret_requirement() and suggest_controls() with RAG
- Requirements API: add ?include_legal_context=true query parameter
Admin (Next.js):
- Extract shared queryRAG() utility from chat route
- Inject RAG legal context into v1 and v2 draft pipelines
Tests for all three layers (Go, Python, TypeScript shared utility).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The DATABASE_URL was using postgresql+asyncpg:// with ?options= for search_path,
but database.py uses synchronous SQLAlchemy (create_engine) and asyncpg doesn't
support the 'options' keyword argument. The search_path is already set via an
event listener in database.py, so the options parameter is unnecessary.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Part 1 — RAG Corpus Versioning:
- New DB table compliance_corpus_versions (migration 017)
- Go CorpusVersionStore with CRUD operations
- Assessment struct extended with corpus_version_id
- API endpoints: GET /rag/corpus-status, /rag/corpus-versions/:collection
- RAG routes (search, regulations) now registered in main.go
- Ingestion script registers corpus versions after each run
- Frontend staleness badge in SDK sidebar
Part 3 — Source Policy Backend:
- New FastAPI router with CRUD for allowed sources, PII rules,
operations matrix, audit trail, stats, and compliance report
- SQLAlchemy models for all source policy tables (migration 001)
- Frontend API base corrected from edu-search:8088/8089 to
backend-compliance:8002/api
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Increase num_predict from 2048 to 8192 to prevent mid-sentence cutoff
- Add "Quellenschutz" rules to system prompt: agent refuses to list all
available sources/collections, only reveals sources used in answers
- Remove internal collection names from RAG context sent to LLM
- Agent confirms knowledge on specific topics but refuses meta-queries
like "what sources do you have?"
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
EDPB migrated from /sites/default/files/ to /system/files/YYYY-MM/.
Updated all URLs to current working paths.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds download URLs for 11 EDPB guidelines, EDPS DPIA list,
3 ENISA reports, and TMG/UrhG to the missing files check.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Script downloads original regulation PDFs from EUR-Lex into
~/rag-originals/ for use with the RAG QA Split-View Chunk-Browser.
Lists missing national law PDFs that require manual download.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Document all 10 industry compliance PDFs and their sources
- Cover ingestion script usage, phases, chunking config
- Document IFRS timeout workaround and endorsement warning
- Add license overview for all document sources
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Update ENISA download URLs to new site structure (publications → sites/default/files)
- Increase curl max-time from 300s to 600s for IFRS PDFs (7.5-8.2MB)
- Update ENISA Secure by Design metadata (title changed)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Ingestion script: Add 3 new PDFs (IFRS DE/EN, EFRAG Endorsement Status)
to ingest-industry-compliance.sh (7 → 10 documents total)
- System prompt: Add EU-IFRS and EFRAG to competence area, add mandatory
IFRS endorsement warning section for all IFRS/IAS queries
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace single DSFA corpus query with parallel search across 6 collections
via RAG service (port 8097)
- Add country parameter with metadata filter for bp_compliance_gesetze
- Add country-specific system prompt section
- Add DE/AT/CH/EU toggle buttons in ComplianceAdvisorWidget header
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add quizQuestions field to Lesson interface
- Map quiz_questions (snake_case) to quizQuestions (camelCase) in course mapping
- Map correct_index to correctOptionIndex for quiz rendering
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The training API client sends X-Tenant-ID: "default" which the proxy was
forwarding as-is, causing the backend to return 0 results. Now both proxies
validate that tenant/user IDs match UUID format before forwarding, falling
back to the configured defaults.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 28 modules already have academy_course_id set, so the filter was hiding
everything. Now shows all modules with a "Kurs vorhanden" badge for linked ones.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The "generate course" feature now shows a list of available training modules
to select from, instead of a free-text topic field. This correctly sends the
module_id to the backend GenerateCourseFromTraining handler.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- statistics.byStatus.in_progress could crash on empty object → optional chaining
- COURSE_CATEGORY_INFO[course.category] could return undefined → fallback to 'custom'
- Update LLM model to qwen3.5:35b-a3b in docker-compose.yml
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Both academy and training proxy routes now set default identity headers
so the Go backend RBAC middleware can set the tenant context. Without
these defaults, the browser doesn't send X-User-ID and modules/courses
return empty.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add POST /academy/courses/generate endpoint that creates an academy
course from a training module (with content + quiz as lessons)
- Add POST /academy/courses/generate-all to bulk-generate all courses
- Fix academy API response mapping (snake_case → camelCase)
- Fix fetchCourses/fetchCourse/fetchEnrollments/fetchStats to unwrap
backend response wrappers ({courses:[...]}, {course:{...}})
- Add "Alle Kurse generieren" button to academy overview page
- Fix bulkResult.errors crash in training page (optional chaining)
- Add SetAcademyCourseID to training store for bidirectional linking
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Create server-side health check API that probes actual compliance services
(Backend, AI SDK, Ollama, TTS, Embedding, RAG, Qdrant, Valkey, MinIO)
from within the Docker network. Replaces the non-existent endpoint that
caused all services to show as offline. Also updates ServiceStatus
component to list compliance-relevant services instead of lehrer services.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add training step to the Betrieb package in SDK_STEPS so it appears
in the sidebar after Compliance Academy.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use consistent :moduleId param name for content routes and :mediaId for
media routes. Add param adapters for handlers that expect different names.
Fix frontend media API paths to match backend route structure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Connect the existing training engine handlers (40+ endpoints) to the router
in main.go. This was the critical blocker preventing the training content
pipeline from being accessible. Also adds generateCourse, generateVideos,
and getVideoStatus functions to the academy API client, plus the
GenerateCourseRequest type.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Academy API client was using NEXT_PUBLIC_SDK_API_URL with fallback
to http://localhost:8093, which is unreachable from the browser. Changed
to use the existing Next.js proxy at /api/sdk/v1/academy/.
Sync [id]/page.tsx and new/page.tsx that were missing from deployment,
causing 404 on all course detail URLs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Drafting Engine: 7-module pipeline with narrative tags, allowed facts governance,
PII sanitizer, prose validator with repair loop, hash-based cache, and terminology
guide. v1 fallback via ?v=1 query param.
IACE: Initial AI-Act Conformity Engine with risk classifier, completeness checker,
hazard library, and PostgreSQL store for AI system assessments.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fix interleaved step ordering by introducing global sequence numbers (100-4700)
instead of package-relative order. Add conditional visibility (visibleWhen) for
optional steps like Import and DSFA. Fix TOM/workflow prerequisite bugs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Reduce chat history from 10 to 6 messages to fit context window
- Lower num_predict from 8192 to 2048 for faster responses
- Add Training module link to SDK sidebar navigation
- Add snake_case to camelCase key transformation for reporting API
(Go backend returns snake_case, TypeScript expects camelCase)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Switch LegalRAGClient from empty bp_legal_corpus to bp_compliance_ce
collection (3,734 chunks across 14 regulations)
- Replace embedding-service (384-dim MiniLM) with Ollama bge-m3 (1024-dim)
- Add standalone RAG search endpoint: POST /sdk/v1/rag/search
- Add regulations list endpoint: GET /sdk/v1/rag/regulations
- Add QDRANT_HOST/PORT env vars to docker-compose.yml
- Update regulation ID mapping to match actual Qdrant payload schema
- Update determineRelevantRegulations for CE corpus regulation IDs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix route param conflict: /content/publish/:id instead of /content/:id/publish
- Fix route conflict: /media/module/:moduleId for module media list
- Use Piper binary instead of pip package (ARM64 compatibility)
- Update frontend API URLs to match new routes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When accessing SDK pages directly (e.g. /sdk/gci) without a stored role,
the layout now auto-selects 'developer' instead of redirecting to '/',
which on port 3002 would hit bp-lehrer-admin and bounce to /dashboard.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
