Alle 3 Frontend-Seiten (audit-report, audit-report/[sessionId],
audit-checklist) riefen /sessions/{id}/pdf auf, aber der Backend-
Endpoint ist /sessions/{id}/report/pdf.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Backend-Tests fuer alle 7 Analyse-Module (Requirements CRUD, AI System CRUD + Assessment,
Evidence Pagination, Risk Workflow). MKDocs um Analyse-Module-Seite erweitert. SDK-Flow
flow-data.ts und StepHeader STEP_EXPLANATIONS mit neuen Features aktualisiert (CRUD,
Pagination, Evidence-Linking, Residual Risk, AI Act Backend-Persistenz, PDF-Export).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
7 Analyse-Module (Requirements, Controls, Evidence, Risk Matrix, AI Act,
Audit Checklist, Audit Report) von ~35% auf 100% gebracht:
- Catch-all Proxy-Route /api/sdk/v1/compliance/[[...path]] erstellt
- DELETE-Endpoints fuer Risks und Evidence im Backend hinzugefuegt
- Alle 7 Frontend-Seiten ans Backend gewired (Fetch, PUT, POST, DELETE)
- Mock-Daten durch Backend-Daten ersetzt, Templates als Fallback
- Loading-Skeletons und Error-Banner hinzugefuegt
- AI Act: Add-System-Form + assess-risk API-Integration
- Audit Report: API-Pfade von /api/admin/ auf /api/sdk/v1/compliance/ korrigiert
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Migrate queryRAG from klausur-service GET to bp-core-rag-service POST with
multi-collection support. Each of the 18 ScopeDocumentType now gets a
type-specific RAG collection and optimized search query instead of the
generic fallback. Vendor-compliance contract review now uses LLM + RAG
for real analysis with mock fallback on error.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add legal context enrichment from Qdrant vector corpus to the two
highest-priority modules (Requirements AI assistant and DSFA drafting
engine).
Go SDK:
- Add SearchCollection() with collection override + whitelist validation
- Refactor Search() to delegate to shared searchInternal()
Python backend:
- New ComplianceRAGClient proxying POST /sdk/v1/rag/search (error-tolerant)
- AI assistant: enrich interpret_requirement() and suggest_controls() with RAG
- Requirements API: add ?include_legal_context=true query parameter
Admin (Next.js):
- Extract shared queryRAG() utility from chat route
- Inject RAG legal context into v1 and v2 draft pipelines
Tests for all three layers (Go, Python, TypeScript shared utility).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Part 1 — RAG Corpus Versioning:
- New DB table compliance_corpus_versions (migration 017)
- Go CorpusVersionStore with CRUD operations
- Assessment struct extended with corpus_version_id
- API endpoints: GET /rag/corpus-status, /rag/corpus-versions/:collection
- RAG routes (search, regulations) now registered in main.go
- Ingestion script registers corpus versions after each run
- Frontend staleness badge in SDK sidebar
Part 3 — Source Policy Backend:
- New FastAPI router with CRUD for allowed sources, PII rules,
operations matrix, audit trail, stats, and compliance report
- SQLAlchemy models for all source policy tables (migration 001)
- Frontend API base corrected from edu-search:8088/8089 to
backend-compliance:8002/api
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Increase num_predict from 2048 to 8192 to prevent mid-sentence cutoff
- Add "Quellenschutz" rules to system prompt: agent refuses to list all
available sources/collections, only reveals sources used in answers
- Remove internal collection names from RAG context sent to LLM
- Agent confirms knowledge on specific topics but refuses meta-queries
like "what sources do you have?"
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Ingestion script: Add 3 new PDFs (IFRS DE/EN, EFRAG Endorsement Status)
to ingest-industry-compliance.sh (7 → 10 documents total)
- System prompt: Add EU-IFRS and EFRAG to competence area, add mandatory
IFRS endorsement warning section for all IFRS/IAS queries
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace single DSFA corpus query with parallel search across 6 collections
via RAG service (port 8097)
- Add country parameter with metadata filter for bp_compliance_gesetze
- Add country-specific system prompt section
- Add DE/AT/CH/EU toggle buttons in ComplianceAdvisorWidget header
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The training API client sends X-Tenant-ID: "default" which the proxy was
forwarding as-is, causing the backend to return 0 results. Now both proxies
validate that tenant/user IDs match UUID format before forwarding, falling
back to the configured defaults.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 28 modules already have academy_course_id set, so the filter was hiding
everything. Now shows all modules with a "Kurs vorhanden" badge for linked ones.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The "generate course" feature now shows a list of available training modules
to select from, instead of a free-text topic field. This correctly sends the
module_id to the backend GenerateCourseFromTraining handler.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- statistics.byStatus.in_progress could crash on empty object → optional chaining
- COURSE_CATEGORY_INFO[course.category] could return undefined → fallback to 'custom'
- Update LLM model to qwen3.5:35b-a3b in docker-compose.yml
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Both academy and training proxy routes now set default identity headers
so the Go backend RBAC middleware can set the tenant context. Without
these defaults, the browser doesn't send X-User-ID and modules/courses
return empty.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add POST /academy/courses/generate endpoint that creates an academy
course from a training module (with content + quiz as lessons)
- Add POST /academy/courses/generate-all to bulk-generate all courses
- Fix academy API response mapping (snake_case → camelCase)
- Fix fetchCourses/fetchCourse/fetchEnrollments/fetchStats to unwrap
backend response wrappers ({courses:[...]}, {course:{...}})
- Add "Alle Kurse generieren" button to academy overview page
- Fix bulkResult.errors crash in training page (optional chaining)
- Add SetAcademyCourseID to training store for bidirectional linking
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Create server-side health check API that probes actual compliance services
(Backend, AI SDK, Ollama, TTS, Embedding, RAG, Qdrant, Valkey, MinIO)
from within the Docker network. Replaces the non-existent endpoint that
caused all services to show as offline. Also updates ServiceStatus
component to list compliance-relevant services instead of lehrer services.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sync [id]/page.tsx and new/page.tsx that were missing from deployment,
causing 404 on all course detail URLs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Drafting Engine: 7-module pipeline with narrative tags, allowed facts governance,
PII sanitizer, prose validator with repair loop, hash-based cache, and terminology
guide. v1 fallback via ?v=1 query param.
IACE: Initial AI-Act Conformity Engine with risk classifier, completeness checker,
hazard library, and PostgreSQL store for AI system assessments.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Reduce chat history from 10 to 6 messages to fit context window
- Lower num_predict from 8192 to 2048 for faster responses
- Add Training module link to SDK sidebar navigation
- Add snake_case to camelCase key transformation for reporting API
(Go backend returns snake_case, TypeScript expects camelCase)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When accessing SDK pages directly (e.g. /sdk/gci) without a stored role,
the layout now auto-selects 'developer' instead of redirecting to '/',
which on port 3002 would hit bp-lehrer-admin and bounce to /dashboard.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implements the 4-level GCI scoring model (Module -> Risk-Weighted -> Regulation Area -> Final GCI)
with DSGVO, NIS2, ISO 27001, and EU AI Act integration.
Backend:
- 9 Go files: engine, models, weights, validity, NIS2 roles/scoring, ISO mapping/gap-analysis, mock data
- GCI handlers with 13 API endpoints under /sdk/v1/gci/
- Routes registered in main.go
Frontend:
- TypeScript types, API client, Next.js API proxy
- Dashboard page with 6 tabs (Overview, Breakdown, NIS2, ISO 27001, Matrix, Audit Trail)
- Sidebar navigation entry
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Next.js pages for Academy, Whistleblower, Incidents, Document Crawler,
DSB Portal, Industry Templates, Multi-Tenant and SSO. Add API proxy routes
and TypeScript SDK client libraries. Add server binary to .gitignore.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
