659b37cc21ac20b80c36ac9eef34ee00acc686fa
4 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 Benjamin Admin
|
659b37cc21 |
feat(ai-sdk): source_role control-pool — controls are not only technical_standard
CI / detect-changes (pull_request) Successful in 6s
CI / branch-name (pull_request) Successful in 1s
CI / guardrail-integrity (pull_request) Successful in 6s
CI / secret-scan (pull_request) Successful in 5s
CI / dep-audit (pull_request) Failing after 55s
CI / sbom-scan (pull_request) Failing after 58s
CI / build-sha-integrity (pull_request) Successful in 6s
CI / validate-canonical-controls (pull_request) Successful in 3s
CI / loc-budget (pull_request) Successful in 18s
CI / go-lint (pull_request) Successful in 43s
CI / python-lint (pull_request) Failing after 14s
CI / nodejs-lint (pull_request) Failing after 1m6s
CI / nodejs-build (pull_request) Successful in 3m0s
CI / test-go (pull_request) Successful in 58s
CI / iace-gt-coverage (pull_request) Successful in 16s
CI / test-python-backend (pull_request) Successful in 26s
CI / test-python-document-crawler (pull_request) Successful in 13s
CI / test-python-dsms-gateway (pull_request) Successful in 9s
Live gate test showed control-intent (#36/#37) was inert for the EU cyber corpus: "Welche Controls passen zu Security Updates?" recalls ENISA good-practices (relevant measures, but source_class=supervisory_guidance) + binding regs, never NIST — so lifting technical_standard above binding did nothing. Per the finalized control-corpus model (User 2026-06-24): add source_role (functional role) ORTHOGONAL to source_class (legal authority). source_class still decides rank; source_role decides CONTROL-POOL membership. classifyRole derives 7 roles from markers (no re-tagging): obligation / operational_requirement / procedural_requirement / control_standard / implementation_guidance / interpretation / definition. Control-intent now boosts the control-pool (operational/procedural requirement, control standard, implementation guidance) over the abstract obligation, soft- ordered op_req > procedural > standard > guidance (controlPoolGain + role bonus) — replacing "lift technical_standard above binding". So CRA Annex I (operational_requirement) wins over NIST (control_standard) for "which measures", and ENISA (implementation_guidance) enters the pool while staying guidance. Recall of not-retrieved standards (NIST) for generic control queries = next step (searchControls). Tested: classifyRole table, role-preference, op_req-Top-1. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
||
 Benjamin_Boenisch
|
df7966656a |
feat(ai-sdk): classify NIST/OWASP/Grundschutz as technical_standard (#37)
CI / detect-changes (push) Successful in 4s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / secret-scan (push) Has been skipped
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / build-sha-integrity (push) Successful in 6s
CI / validate-canonical-controls (push) Successful in 3s
CI / loc-budget (push) Successful in 18s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Has been skipped
CI / test-go (push) Successful in 1m0s
CI / iace-gt-coverage (push) Successful in 14s
CI / test-python-backend (push) Has been skipped
CI / test-python-document-crawler (push) Has been skipped
CI / test-python-dsms-gateway (push) Has been skipped
|
||
|
Benjamin_Boenisch
|
05d75e8039 |
feat(ai-sdk): control-intent — technical_standard may win implementation questions (#36)
CI / detect-changes (push) Successful in 5s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / secret-scan (push) Has been skipped
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / build-sha-integrity (push) Successful in 4s
CI / validate-canonical-controls (push) Successful in 4s
CI / loc-budget (push) Successful in 15s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Has been skipped
CI / test-go (push) Successful in 54s
CI / iace-gt-coverage (push) Successful in 14s
CI / test-python-backend (push) Has been skipped
CI / test-python-document-crawler (push) Has been skipped
CI / test-python-dsms-gateway (push) Has been skipped
|
||
|
Benjamin_Boenisch
|
f11b2e035f |
feat(ai-sdk): controlled interpretation-intent guidance override (#34)
CI / detect-changes (push) Successful in 5s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / secret-scan (push) Has been skipped
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / build-sha-integrity (push) Successful in 5s
CI / validate-canonical-controls (push) Successful in 3s
CI / loc-budget (push) Successful in 17s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Has been skipped
CI / test-go (push) Successful in 57s
CI / iace-gt-coverage (push) Successful in 15s
CI / test-python-backend (push) Has been skipped
CI / test-python-document-crawler (push) Has been skipped
CI / test-python-dsms-gateway (push) Has been skipped
|