breakpilot-compliance

Benjamin_Boenisch/breakpilot-compliance

Fork 0

Commit Graph

Author	SHA1	Message	Date
Benjamin Admin	4e761c1363	feat: #5b materialize capability layer (Modell C) — capabilities.json + cra_core.json User-Entscheidung Modell C + objective_tags-Safeguard (Tags, keine Klasse). Deterministisch via materialize_capabilities.py: - obligations/capabilities.json: 5 Capabilities (multi_factor_authentication/session_management/ transport_encryption/code_signing/security_monitoring_alerting), realized_by (n:m) + guidance_basis KANONISCH hochgezogen. access_control gedroppt (OVERLAP). - obligations/cra_core.json: 2 CORE-Sicherheitsziele (attack_surface_minimization (2)(j)/CM-7 + software_integrity_protection (2)(f)/SI-7) -> fuellt den #4-NIST-Gap. - DOMAIN specializes->CORE (remote_access_attack_surface_min, component_remote_interface_security, signed_update_integrity, firmware_software_authentication) + objective_tags. - Merge: vuln_remediation_patching -> deprecated_alias von provide_security_updates. - remote_access_data_export_protection bleibt BEST_PRACTICE (pending Data-Act-Scope). - join_keys 93->95 (core 2). Bidirektional validiert. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-26 00:54:23 +02:00
Benjamin Admin	8937f105ea	feat(bridge): security-updates obligation cut (CRA Annex I (2)(c)/Art 13) — 9 obligations - obligations/cra_updates.json: 9 (6 LEGAL_MINIMUM + 3 BEST_PRACTICE), Beziehungen. Pipeline 670->318 micro->15 review-units -> Opus-Synthese. Synthese gut kalibriert -> light review (KEINE Hart-Re-Tier, vs Auth/Remote-Access). out_of_scope M4/M7. 5 capability_candidate-Marker (signed/trusted/automatic/rollback/testing) fuer Phase-4-Capability-Pruefung. Anker approximativ (curation.anchor_quality). - obligation_join_keys.json: 84 -> 93 (updates 9). Alle 6 CRA-P1-Domaenen abgedeckt. - precluster.py: updates-Scope. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-25 18:51:09 +02:00

Author

SHA1

Message

Date

Benjamin Admin

4e761c1363

feat: #5b materialize capability layer (Modell C) — capabilities.json + cra_core.json

User-Entscheidung Modell C + objective_tags-Safeguard (Tags, keine Klasse). Deterministisch
via materialize_capabilities.py:
- obligations/capabilities.json: 5 Capabilities (multi_factor_authentication/session_management/
  transport_encryption/code_signing/security_monitoring_alerting), realized_by (n:m) +
  guidance_basis KANONISCH hochgezogen. access_control gedroppt (OVERLAP).
- obligations/cra_core.json: 2 CORE-Sicherheitsziele (attack_surface_minimization (2)(j)/CM-7 +
  software_integrity_protection (2)(f)/SI-7) -> fuellt den #4-NIST-Gap.
- DOMAIN specializes->CORE (remote_access_attack_surface_min, component_remote_interface_security,
  signed_update_integrity, firmware_software_authentication) + objective_tags.
- Merge: vuln_remediation_patching -> deprecated_alias von provide_security_updates.
- remote_access_data_export_protection bleibt BEST_PRACTICE (pending Data-Act-Scope).
- join_keys 93->95 (core 2). Bidirektional validiert.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-26 00:54:23 +02:00

Benjamin Admin

8937f105ea

feat(bridge): security-updates obligation cut (CRA Annex I (2)(c)/Art 13) — 9 obligations

- obligations/cra_updates.json: 9 (6 LEGAL_MINIMUM + 3 BEST_PRACTICE), Beziehungen.
  Pipeline 670->318 micro->15 review-units -> Opus-Synthese. Synthese gut kalibriert ->
  light review (KEINE Hart-Re-Tier, vs Auth/Remote-Access). out_of_scope M4/M7.
  5 capability_candidate-Marker (signed/trusted/automatic/rollback/testing) fuer
  Phase-4-Capability-Pruefung. Anker approximativ (curation.anchor_quality).
- obligation_join_keys.json: 84 -> 93 (updates 9). Alle 6 CRA-P1-Domaenen abgedeckt.
- precluster.py: updates-Scope.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-25 18:51:09 +02:00

2 Commits