175 Commits

Author	SHA1	Message	Date
Benjamin Admin	643b26618f	feat: Control Library UI, dedup migration, QA tooling, docs ... - Control Library: parent control display, ObligationTypeBadge, GenerationStrategyBadge variants, evidence string fallback - API: expose parent_control_uuid/id/title in canonical controls - Fix: DSFA SQLAlchemy 2.0 Row._mapping compatibility - Migration 074: control_parent_links + control_dedup_reviews tables - QA scripts: benchmark, gap analysis, OSCAL import, OWASP cleanup, phase5 normalize, phase74 gap fill, sync_db, run_job - Docs: dedup engine, RAG benchmark, lessons learned, pipeline docs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-21 11:56:08 +01:00
Benjamin Admin	95c371e9a5	feat(sdk): update SDK Flow, Architecture, and StepHeader for vendor-compliance integration ... - flow-data.ts: vendor-compliance moved from betrieb/seq:4200 to dokumentation/seq:2500, prerequisite changed to vvt, added 5 DB tables - architecture-data.ts: added vendor tables and API endpoints to backend-compliance service definition - StepHeader.tsx: added vendor-compliance explanation with 4 tips (Art. 28, cross-module integration, third-country transfers, controls library). Updated obligations (12 checks, vendor-link, document), loeschfristen (vendor picker), tom (vendor-controls cross-ref), vvt (processor tab from vendor API) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-20 09:12:11 +01:00
Benjamin Admin	24f02b52ed	refactor: remove 473 lines of dead code across 5 SDK modules ... - obligations: unused vendors state/fetch, unreachable filter==='ai' path - tom: unused vendorControlsLoading state, unused bulkUpdateTOMs import - loeschfristen: unused BASELINE_TEMPLATES imports, sdk hook, managingLegalHolds state - vvt: unused apiGetCompleteness/apiGetLibrary, 7 unused VVTLib* interfaces - vendor-compliance: 11 unused context methods, 6 unused selector hooks, ContractUploadData type Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-20 06:57:01 +01:00
Benjamin Admin	1cc34c23d9	feat(document-generator): 33 policy + module document templates ... - Migration 071: 14 IT-Security policy templates (ISO 27001/BSI) information_security, access_control, password, encryption, logging, backup, incident_response, change_management, patch_management, asset_management, cloud_security, devsecops, secrets_management, vulnerability_management - Migration 072: 15 Data/HR/Vendor/BCM policy templates data_protection, data_classification, data_retention, data_transfer, privacy_incident, employee_security, security_awareness, remote_work, offboarding, vendor_risk_management, third_party_security, supplier_security, business_continuity, disaster_recovery, crisis_management - Migration 073: 4 module document reference templates vvt_register, tom_documentation, loeschkonzept, pflichtenregister - TemplateType union: 17 → 61 types with German labels - VALID_DOCUMENT_TYPES: +6 types (cybersecurity_policy, dsfa, 4 module docs) - CATEGORIES: new "DSGVO-Dokumente" category for module documents Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-19 23:27:25 +01:00
Benjamin Admin	c3afa628ed	feat(sdk): vendor-compliance cross-module integration — VVT, obligations, TOM, loeschfristen ... Integrate the vendor-compliance module with four DSGVO modules to eliminate data silos and resolve the VVT processor tab's ephemeral state problem. - Reposition vendor-compliance sidebar from seq 4200 to 2500 (after VVT) - VVT: replace ephemeral ProcessorRecord state with Vendor-API fetch (read-only) - Obligations: add linked_vendor_ids (JSONB) + compliance check #12 MISSING_VENDOR_LINK - TOM: add vendor TOM-controls cross-reference table in overview tab - Loeschfristen: add linked_vendor_ids (JSONB) + vendor picker + document section - Migrations: 069_obligations_vendor_link.sql, 070_loeschfristen_vendor_link.sql - Tests: 12 new backend tests (125 total pass) - Docs: update obligations.md + vendors.md with cross-module integration Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-19 13:59:43 +01:00
Benjamin Admin	4b1eede45b	feat(tom): audit document, compliance checks, 25 controls, canonical control mapping ... Phase A: TOM document HTML generator (12 sections, inline CSS, A4 print) Phase B: TOMDocumentTab component (org-header form, revisions, print/download) Phase C: 11 compliance checks with severity-weighted scoring Phase D: MkDocs documentation for TOM module Phase E: 25 new controls (63 → 88) in 13 categories Canonical Control Mapping (three-layer architecture): - Migration 068: tom_control_mappings + tom_control_sync_state tables - 6 API endpoints: sync, list, by-tom, stats, manual add, delete - Category mapping: 13 TOM categories → 17 canonical categories - Frontend: sync button + coverage card (Overview), drill-down (Editor), belegende Controls count (Document) - 20 tests (unit + API with mocked DB) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-19 11:56:53 +01:00
Benjamin Admin	2a70441eaa	feat(sdk): VVT master libraries, process templates, Loeschfristen profiling + document ... VVT: Master library tables (7 catalogs), 500+ seed entries, process templates with instantiation, library API endpoints + 18 tests. Loeschfristen: Baseline catalog, compliance checks, profiling engine, HTML document generator, MkDocs documentation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-19 11:56:25 +01:00
Benjamin Admin	f2819b99af	feat(pipeline): v3 — scoped control applicability + source_type classification ... Phase 4: source_type (law/guideline/standard/restricted) on source_citation - NIST/OWASP/ENISA correctly shown as "Standard" instead of "Gesetzliche Grundlage" - Dynamic frontend labels based on source_type - Backfill endpoint POST /v1/canonical/generate/backfill-source-type Phase v3: Scoped Control Applicability - 3 new fields: applicable_industries, applicable_company_size, scope_conditions - LLM prompt extended with 39 industries, 5 company sizes, 10 scope signals - All 5 generation paths (Rule 1/2/3, batch structure, batch reform) updated - _build_control_from_json: parsing + validation (string→list, size validation) - _store_control: writes 3 new JSONB columns - API: response models, create/update requests, SELECT queries extended - Migration 063: 3 new JSONB columns with GIN indexes - 110 generator tests + 28 route tests = 138 total, all passing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 16:28:05 +01:00
Benjamin Admin	148c7ba3af	feat(qa): recital detection, review split, duplicate comparison ... Add _detect_recital() to QA pipeline — flags controls where source_original_text contains Erwägungsgrund markers instead of article text (28% of controls with source text affected). - Recital detection via regex + phrase matching in QA validation - 10 new tests (TestRecitalDetection), 81 total - ReviewCompare component for side-by-side duplicate comparison - Review mode split: Duplikat-Verdacht vs Rule-3-ohne-Anchor tabs - MkDocs: recital detection documentation - Detection script for bulk analysis (scripts/find_recital_controls.py) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 08:20:02 +01:00
Benjamin Admin	4f6bc8f6f6	feat(training+controls): interactive video pipeline, training blocks, control generator, CE libraries ... Interactive Training Videos (CP-TRAIN): - DB migration 022: training_checkpoints + checkpoint_progress tables - NarratorScript generation via Anthropic (AI Teacher persona, German) - TTS batch synthesis + interactive video pipeline (slides + checkpoint slides + FFmpeg) - 4 new API endpoints: generate-interactive, interactive-manifest, checkpoint submit, checkpoint progress - InteractiveVideoPlayer component (HTML5 Video, quiz overlay, seek protection, progress tracking) - Learner portal integration with automatic completion on all checkpoints passed - 30 new tests (handler validation + grading logic + manifest/progress + seek protection) Training Blocks: - Block generator, block store, block config CRUD + preview/generate endpoints - Migration 021: training_blocks schema Control Generator + Canonical Library: - Control generator routes + service enhancements - Canonical control library helpers, sidebar entry - Citation backfill service + tests - CE libraries data (hazard, protection, evidence, lifecycle, components) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 21:41:48 +01:00
Benjamin Admin	6d2de9b897	feat(iace): complete CE risk assessment — LLM tech-file generation, multi-format export, TipTap editor ... Phase 1: Fix completeness gates G23 (require verified/rejected mitigations) and G09 (audit trail check) Phase 2: LLM-based tech-file section generation with 19 German prompts and RAG enrichment Phase 3: Multi-format document export (PDF/Excel/DOCX/Markdown/JSON) Phase 4: Company profile → IACE data flow with auto component/classification creation Phase 5: TipTap WYSIWYG editor replacing textarea for tech-file sections Phase 6: User journey tests, developer portal API reference, updated documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 12:50:53 +01:00
Benjamin Admin	9c1355c05f	feat(iace): Phase 5+6 — frontend integration, RAG library search, comprehensive tests ... Phase 5 — Frontend Integration: - components/page.tsx: ComponentLibraryModal with 120 components + 20 energy sources - hazards/page.tsx: AutoSuggestPanel with 3-column pattern matching review - mitigations/page.tsx: SuggestMeasuresModal per hazard with 3-level grouping - verification/page.tsx: SuggestEvidenceModal per mitigation with evidence types Phase 6 — RAG Library Search: - Added bp_iace_libraries to AllowedCollections whitelist in rag_handlers.go - SearchLibrary endpoint: POST /iace/library-search (semantic search across libraries) - EnrichTechFileSection endpoint: POST /projects/:id/tech-file/:section/enrich - Created ingest-iace-libraries.sh ingestion script for Qdrant collection Tests (123 passing): - tag_taxonomy_test.go: 8 tests for taxonomy entries, domains, essential tags - controls_library_test.go: 7 tests for measures, reduction types, subtypes - integration_test.go: 7 integration tests for full match flow and library consistency - Extended tag_resolver_test.go: 9 new tests for FindByTags and cross-category resolution Documentation: - Updated iace.md with Hazard-Matching-Engine, RAG enrichment, and new DB tables Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 10:22:49 +01:00
Benjamin Admin	3b2006ebce	feat(iace): add hazard-matching-engine with component library, tag system, and pattern engine ... Implements Phases 1-4 of the IACE Hazard-Matching-Engine: - 120 machine components (C001-C120) in 11 categories - 20 energy sources (EN01-EN20) - ~85 tag taxonomy across 5 domains - 44 hazard patterns with AND/NOT matching logic - Pattern engine with tag resolution and confidence scoring - 8 new API endpoints (component-library, energy-sources, tags, patterns, match/apply) - Completeness gate G09 for pattern matching - 320 tests passing (36 new) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 08:50:11 +01:00
Benjamin Admin	c7651796c9	feat(iace): integrate ISO 12100 machine risk model with 4-factor assessment ... Add dual-mode risk engine: legacy S×E×P (avoidance=0) and ISO mode S×F×P×A (avoidance>=1) with new thresholds (low/medium/high/very_high/not_acceptable). - 150+ hazard library entries across 28 categories incl. physical hazards (mechanical, electrical, thermal, pneumatic/hydraulic, noise/vibration, ergonomic, material/environmental) - 160-entry protective measures library with 3-step hierarchy validation (design → protective → information) - 25 lifecycle phases, 20 affected person roles, 50 evidence types - 10 verification methods (expanded from 7) - New API endpoints: lifecycle-phases, roles, evidence-types, protective-measures-library, validate-mitigation-hierarchy - DB migrations 018+019 for extended schema - Frontend: 4-slider risk assessment, hierarchy warnings, measures library modal - MkDocs wiki updated with ISO mode docs and legal notice (no norm text) All content uses original wording — norms referenced as methodology only. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-15 23:13:41 +01:00
Benjamin Admin	c8fd9cc780	feat(control-library): document-grouped batching, generation strategy tracking, sort by source ... - Group chunks by regulation_code before batching for better LLM context - Add generation_strategy column (ungrouped=v1, document_grouped=v2) - Add v1/v2 badge to control cards in frontend - Add sort-by-source option with visual group headers - Add frontend page tests (18 tests) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-15 15:10:52 +01:00
Benjamin Admin	0d95c3bb44	feat(control-provenance): add filter explanations, badges, and updated taxonomy ... - Add new "Filter in der Control Library" section explaining all 7 dropdowns - Add "Badges & Lizenzregeln" section explaining Rule 1/2/3 and all badges - Update taxonomy with actual top-10 domains and counts (~3100+ controls) - Update Master Library strategy with current numbers Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-15 10:45:21 +01:00
Benjamin Admin	f066cf1a03	feat(control-library): add document source dropdown filter ... Add "Dokumentenursprung" filter dropdown to the control library page. Extracts unique source_citation.source values from controls, sorted by frequency. Includes "Ohne Quelle" option for controls without source info. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-15 09:03:21 +01:00
Benjamin Admin	f3e05c1bf7	feat: enhance whistleblower HinSchG content, fix control-library filter layout ... - Whistleblower page: expand overview tab with comprehensive HinSchG legal info (Gesetzliche Grundlage, Fristen-Cards, Anwendungsbereich, Schutz des Hinweisgebers) - StepHeader: enrich whistleblower tips with detailed HinSchG paragraphs and sanctions - Wiki: add migration 054 with 5 new/updated HinSchG articles (Anwendungsbereich, Hinweisgeberschutz, Meldestellen, Verfahrensablauf, Datenschutz-Anforderungen) - MKDocs: rewrite whistleblower docs with full legal basis, architecture, API, DB schema - Control library: fix filter dropdown overflow by splitting into search + filter rows Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-15 00:23:19 +01:00
Benjamin Admin	2ed1c08acf	feat: enhance legal basis display, add batch processing tests and docs ... - Backfill 81 controls with empty source_citation.source from generation_metadata - Add fallback to generation_metadata.source_regulation in ControlDetail blue box - Improve Rule 3 amber box text for reformulated controls - Add 30 new tests for batch processing (TestParseJsonArray, TestBatchSizeConfig, TestBatchProcessingLoop) — all 61 control generator tests passing - Fix stale test_config_defaults assertion (max_controls 50→0) - Update canonical-control-library.md with batch processing pipeline docs, processed chunks tracking, migration guide, and stats endpoint - Update testing.md with canonical control generator test section Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-14 23:51:52 +01:00
Benjamin Admin	0171d611f6	feat: add policy library with 29 German policy templates ... Add 29 new document types (IT security, data, personnel, vendor, BCM policies) to VALID_DOCUMENT_TYPES and 5 category pills to the document generator UI. Include seed script for production DB population. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-14 22:37:33 +01:00
Benjamin Admin	c74f506415	fix: add API proxy routes for process-tasks and evidence-checks ... The frontend pages were calling /api/sdk/v1/compliance/process-tasks/* and /api/sdk/v1/compliance/evidence-checks/* but no Next.js proxy routes existed for these paths, causing 404s and empty data. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-14 21:40:57 +01:00
Benjamin Admin	49ce417428	feat: add compliance modules 2-5 (dashboard, security templates, process manager, evidence collector) ... Module 2: Extended Compliance Dashboard with roadmap, module-status, next-actions, snapshots, score-history Module 3: 7 German security document templates (IT-Sicherheitskonzept, Datenschutz, Backup, Logging, Incident-Response, Zugriff, Risikomanagement) Module 4: Compliance Process Manager with CRUD, complete/skip/seed, ~50 seed tasks, 3-tab UI Module 5: Evidence Collector Extended with automated checks, control-mapping, coverage report, 4-tab UI Also includes: canonical control library enhancements (verification method, categories, dedup), control generator improvements, RAG client extensions 52 tests pass, frontend builds clean. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-14 21:03:04 +01:00
Benjamin Admin	b6e6ffaaee	feat: add verification method, categories, and dedup UI to control library ... - Migration 047: verification_method + category columns, 17 category lookup table - Backend: new filters, GET /categories, GET /controls/{id}/similar (embedding-based) - Frontend: filter dropdowns, badges, dedup UI in ControlDetail with merge workflow - ControlForm: verification method + category selects - Provenance: verification methods, categories, master library strategy sections - Fix UUID cast syntax in generator routes (::uuid -> CAST) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-14 07:55:22 +01:00
Benjamin Admin	8a05fcc2f0	refactor: split control library into components, add generator UI ... - Extract ControlForm, ControlDetail, GeneratorModal, helpers into separate component files (max ~470 lines each, was 1210) - Add Collection selector in Generator modal - Add Job History view in Generator modal - Add Review Queue button with counter badge - Add review mode navigation (prev/next through review items) - Add vitest tests for helpers (getDomain, constants, options) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 18:52:42 +01:00
Benjamin Admin	de19ef0684	feat(control-generator): 7-stage pipeline for RAG→LLM→Controls generation ... Implements the Control Generator Pipeline that systematically generates canonical security controls from 150k+ RAG chunks across all compliance collections (BSI, NIST, OWASP, ENISA, EU laws, German laws). Three license rules enforced throughout: - Rule 1 (free_use): Laws/Public Domain — original text preserved - Rule 2 (citation_required): CC-BY/CC-BY-SA — text with citation - Rule 3 (restricted): BSI/ISO — full reformulation, no source traces New files: - Migration 046: job tracking, chunk tracking, blocked sources tables - control_generator.py: 7-stage pipeline (scan→classify→structure/reform→harmonize→anchor→store→mark) - anchor_finder.py: RAG + DuckDuckGo open-source reference search - control_generator_routes.py: REST API (generate, review, stats, blocked-sources) - test_control_generator.py: license mapping, rule enforcement, anchor filtering tests Modified: - __init__.py: register control_generator_router - route.ts: proxy generator/review/stats endpoints - page.tsx: Generator modal, stats panel, state filter, review queue, license badges Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 09:03:37 +01:00
Benjamin Admin	c87f07c99a	feat: seed 10 canonical controls + CRUD endpoints + frontend editor ... - Migration 045: Seed 10 controls (AUTH, NET, SUP, LOG, WEB, DATA, CRYP, REL) with 39 open-source anchors into the database - Backend: POST/PUT/DELETE endpoints for canonical controls CRUD - Frontend proxy: PUT and DELETE methods added to canonical route - Frontend: Control Library with create/edit/delete UI, full form with open anchor management, scope, requirements, evidence, test procedures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 00:28:21 +01:00
Benjamin Admin	453eec9ed8	fix: correct canonical control proxy paths to include /compliance prefix ... The backend mounts the compliance router at /api/compliance, so canonical control endpoints are at /api/compliance/v1/canonical/*, not /api/v1/canonical/*. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 20:49:06 +01:00
Benjamin Admin	050f353192	feat(canonical-controls): Canonical Control Library — rechtssichere Security Controls ... Eigenstaendig formulierte Security Controls mit unabhaengiger Taxonomie und Open-Source-Verankerung (OWASP, NIST, ENISA). Keine BSI-Nomenklatur. - Migration 044: 5 DB-Tabellen (frameworks, controls, sources, licenses, mappings) - 10 Seed Controls mit 39 Open-Source-Referenzen - License Gate: Quellen-Berechtigungspruefung (analysis/excerpt/embeddings/product) - Too-Close-Detektor: 5 Metriken (exact-phrase, token-overlap, ngram, embedding, LCS) - REST API: 8 Endpoints unter /v1/canonical/ - Go Loader mit Multi-Index (ID, domain, severity, framework) - Frontend: Control Library Browser + Provenance Wiki - CI/CD: validate-controls.py Job (schema, no-leak, open-anchors) - 67 Tests (8 Go + 59 Python), alle PASS - MkDocs Dokumentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 19:55:06 +01:00
Benjamin Admin	cb48b8289e	fix(sdk): Align scope types with engine output + project isolation + optional block progress ... Type alignment (root cause of client-side crash): - RiskFlag: id/title/description → severity/category/message/recommendation - ScopeGap: id/title/recommendation/relatedDocuments → gapType/currentState/targetState/effort - NextAction: id/priority:number/effortDays → actionType/priority:string/estimatedEffort - ScopeReasoning: details → factors + impact - TriggeredHardTrigger: {rule: HardTriggerRule} → flat fields (ruleId, description, etc.) - All UI components updated to match engine output shape Project isolation: - Scope localStorage key now includes projectId (prevents data leak between projects) Optional block progress: - Blocks with only optional questions now show green checkmark when any question answered Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 14:58:29 +01:00
Benjamin Admin	a673cb0ce4	fix(sdk): Prevent auto-save from overwriting completed profile status ... The auto-save timers (SDK context + backend) were firing after completeAndSaveProfile(), resetting isComplete back to false. Fix: skip auto-save when currentStep===99 (completed), cancel pending timers before completing, and await backend save before updating SDK context. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 08:50:28 +01:00
Benjamin Admin	7afbcfd9f5	fix(sdk): Auto-save company profile to SDK context and backend ... Profile data was lost when navigating away because it was only saved to SDK context on explicit button click (Next/Save). Scope data persisted because it auto-synced on every change. Added two debounced auto-save mechanisms: - SDK context sync (500ms) — survives in-app navigation - Backend save (2s) — survives page reload/session change Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 08:33:12 +01:00
Benjamin Admin	e3a877b549	feat(sdk): Advisory-Board Wizard auf Kachel-UI umstellen + use-cases/new konsolidieren ... Advisory-Board page komplett auf tile-basierte UI umgestellt (wie use-cases/new): - 11 Kachel-Konstanten (50+ Datenkategorien, 16 Zwecke, Hosting, Transfer, etc.) - Array-basiertes Formular statt einzelner Booleans - Client-seitige Risikobewertung entfernt — nur UCCA-Backend - Edit-Modus via ?edit=id (laedt Assessment, sendet PUT) - use-cases/new durch Redirect zu advisory-board ersetzt Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 23:43:56 +01:00
Benjamin Admin	237c05a94c	fix: Profil-State nach Backend-Load in SDK-Context sync + alle Tests fixen ... - Company Profile: setCompanyProfile() und COMPLETE_STEP dispatch nach Backend-Load, damit Sidebar-Checkmarks nach Refresh erhalten bleiben - compliance-scope-engine.test.ts: Property-Namen anpassen (composite_score, risk_score, etc.) - dsfa/types.test.ts: 9 Sections (0-8), 7 required, 2 optional - api-client.test.ts: SDKApiClient-Klasse statt nicht-existierendem Singleton - types.test.ts: use-case-assessment statt use-case-workshop - vitest.config.ts: E2E-Verzeichnis aus Vitest excluden Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 22:58:36 +01:00
Benjamin Admin	b1a0dd3615	docs: SDK-Flow, MkDocs und Entwicklerdoku aktualisieren ... - flow-data.ts: Profil-Summary und Use-Case-Wizard-Details dokumentiert - stammdaten.md: Step 99 Summary-Seite dokumentiert, Dokumente-generieren entfernt - vorbereitung-module.md: UCCA 8-Schritte-Wizard mit Kachel-UI dokumentiert Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 22:30:31 +01:00
Benjamin Admin	6e7d0d9b14	feat(sdk): Profil-Summary + Use-Case-Workshop komplett auf Kachel-UI umstellen ... - Profil: Summary-Seite (Step 99) nach Abschluss statt direkter Sprung zu Scope - Profil: "Dokumente generieren" Block entfernt - Use Cases Step 1: Branche aus Profil auto-abgeleitet, 21 KI-Kategorien als Kacheln - Use Cases Step 2: ~60 Datenkategorien in 10 Gruppen als Kacheln (Art. 9 orange) - Use Cases Step 3: Rechtsgrundlage entfernt (SDK ermittelt), 16 Zweck-Kacheln - Use Cases Step 4: Automatisierungsgrad als Single-Select-Kacheln - Use Cases Step 5: Hosting/Region/Modellnutzung als Kacheln statt Dropdowns - Use Cases Step 6: Transfer-Ziele + Mechanismus als Kacheln statt Checkbox/Dropdown - Use Cases Step 7: Aufbewahrungsdauer als Kacheln statt Zahlenfeld - Use Cases Step 8: Compliance-Dokumente als Multi-Select-Kacheln Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 19:03:47 +01:00
Benjamin Admin	24afed69c1	Fix Scope evaluation crash: align property names between engine, types, and components ... The engine used short property names (risk, complexity, assurance, composite) while the ComplianceScores interface defined (risk_score, complexity_score, assurance_need, composite_score). Components used yet another convention (riskScore, level, hardTriggers). The main crash was DEPTH_LEVEL_COLORS[decision.level] where decision.level was undefined (correct property: decision.determinedLevel). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 16:47:01 +01:00
Benjamin Admin	579fe1b5e1	fix(scope): Evaluierung crasht (answerValue→value), Profil-Persistenz, Block-Umbenennungen ... - compliance-scope-engine: answerValue→value (Property existierte nicht, Crash bei Evaluierung) - company-profile: saveProfileDraft synct jetzt Redux-State (Daten bleiben bei Navigation) - Scope-Bloecke umbenannt: Kunden & Nutzer, Datenverarbeitung, Hosting & Verarbeitung, Website und Services - org_cert_target + data_volume als Hidden Scoring Questions (Duplikate entfernt) - ai_risk_assessment: boolean→single mit Ja/Nein/Noch nicht - 6 neue Abteilungs-Datenkategorien: IT, Recht, Produktion, Logistik, Einkauf, Facility Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 16:33:59 +01:00
Benjamin Admin	a6818b39c5	feat(scope+vvt): Datenkategorien in Scope Block 9 verschieben, VVT Generator-Tab entfernen ... - ScopeQuestionBlockId um 'datenkategorien_detail' erweitert - Block 9 mit 6 Abteilungs-Datenkategorie-Fragen (dk_dept_hr, dk_dept_recruiting, etc.) - ScopeWizardTab: aufklappbare Kacheln fuer Block 9, gefiltert nach Block 8 Abteilungswahl - VVT: Generator-Tab komplett entfernt (3 statt 4 Tabs) - VVT Verzeichnis: "Aus Scope-Analyse generieren" Button mit Preview + Uebernehmen Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 14:47:20 +01:00
Benjamin Admin	e3fb81fc0d	feat(vvt): Aufklappbare Abteilungskacheln mit Datenkategorien + Wiki-Infoboxen ... Step 2 im VVT-Generator: Ja/Nein-Buttons durch expandierbare Kacheln ersetzt. Pro Abteilung werden typische Datenkategorien als Checkboxen angezeigt (isTypical vorausgefuellt), Art. 9 Kategorien orange hervorgehoben mit DSGVO-Warnung. 7 neue Wiki-Artikel fuer Datenkategorien pro Geschaeftsbereich (HR, Finanzen, Vertrieb, Marketing, Support, IT, Produktion). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 13:11:00 +01:00
Benjamin Admin	3512963006	fix(compliance-scope): Race Condition bei State-Persistenz beheben ... SDK Context laedt State asynchron vom Server. Die Page las bei Mount sdkState.complianceScope (noch null), fiel auf leeres localStorage zurueck, und der Save-Effect ueberschrieb dann den echten State mit leeren Daten. Fix: sdkState.complianceScope wird jetzt reaktiv beobachtet, und leere States werden nie zurueckgeschrieben. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 12:11:36 +01:00
Benjamin Admin	85b3cc3421	fix(company-profile): CE-Kennzeichnung und Pruefzyklus entfernen ... CE-Kennzeichnung aus Zertifizierungsliste entfernt und den Pruefzyklus- Abschnitt aus dem Legal-Framework-Step entfernt, da beides nicht relevant. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 11:50:25 +01:00
Benjamin Admin	f6019ecba9	feat(compliance-scope): Pflicht/Optional-Klassifikation, offene Fragen sichtbar + Navigation ... Block-Sidebar zeigt gruen/orange Status pro Block, klickbare Zusammenfassung offener Pflichtfragen unter dem Fortschrittsbalken, und visuelles Highlighting (linker Rand) fuer unbeantwortete Pflichtfragen. Sidebar-Haken wird gesetzt wenn alle Pflichtfragen beantwortet und Auswertung vorhanden. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 11:45:46 +01:00
Benjamin Admin	1f91e05600	fix+test+docs: Archivierte Projekte, Vitest-Tests & Regulations-Doku ... - fix(ProjectSelector): Archivierte Projekte anklickbar machen, doppelten "Neues Projekt" Button entfernen - test: 32 Vitest-Tests fuer scope-to-facts und supervisory-authority-resolver - docs(flow-data): Scope-Step outputs + Obligations inputs erweitert - docs(developer-portal): Feature-Highlight "Automatische Regulierungs-Ableitung" - docs(mkdocs): Neuer Abschnitt Regulierungs-Ableitung in obligations.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 11:07:35 +01:00
Benjamin Admin	3c0c1e49da	feat(company-profile): Branchen-Erweiterung, Multi-Select & Zertifizierungen ... Multi-Branche-Auswahl im CompanyProfile, erweiterte allowed-facts fuer Drafting Engine, Demo-Daten und TOM-Generator Anpassungen. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 11:03:21 +01:00
Benjamin Admin	5da93c5d10	feat(regulations): Automatische Ableitung anwendbarer Gesetze & Aufsichtsbehoerden ... Nach Abschluss von Profil + Scope werden jetzt automatisch die anwendbaren Regulierungen (DSGVO, NIS2, AI Act, DORA) ermittelt und die zustaendigen Aufsichtsbehoerden (Landes-DSB, BSI, BaFin) aus Bundesland + Branche abgeleitet. - Neues scope-to-facts.ts: Mapping CompanyProfile+Scope → Go SDK Payload - Neues supervisory-authority-resolver.ts: 16 Landes-DSB + nationale Behoerden - ScopeDecisionTab: Regulierungs-Report mit Aufsichtsbehoerden-Karten - Obligations-Seite: Echte Daten statt Dummy in handleAutoProfiling() - Neue Types: ApplicableRegulation, RegulationAssessmentResult, SupervisoryAuthorityInfo Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 10:29:24 +01:00
Benjamin Admin	fa4cda7627	refactor(scope+profile): Duplikate eliminieren, UI vereinheitlichen ... - Profil: Steps 6 (VVT) + 7 (KI) entfernt, nach Scope verschoben - Profil: Steps 9→7 renummeriert (Rechtlicher Rahmen→6, Maschinenbau→7) - Profil: Branche + Jahresumsatz von Dropdown auf Tile-Grid umgestellt - Profil: usesAI/aiUseCases aus CompanyProfile Interface entfernt - Scope: 5 Duplikate aus Block 1 entfernt (Branche, MA, Umsatz, Modell, DSB) - Scope: 2 Duplikate aus Block 6 entfernt (Angebote, Webshop) - Scope: Block 7 (KI-Systeme) + Block 8 (VVT) neu hinzugefuegt - Scope: "Aus Profil" Info-Box zeigt Profildaten in betroffenen Blocks - Scope: Hidden Scoring fuer entfernte Fragen bleibt erhalten via Auto-Fill Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 08:52:09 +01:00
Benjamin Admin	90d99bba08	feat(use-case-workshop): UCCA-Ergebnis-Panel nach Abschluss anzeigen ... Nach Wizard-Abschluss wird ein Ergebnis-Panel angezeigt: - Bei UCCA-API-Erfolg: AssessmentResultCard mit Regeln, Kontrollen, Architektur - Bei API-Fehler: Lokale Risikobewertung mit Score, Massnahmen, Regulations - Badge zeigt Quelle (API vs Lokal) - Nutzer kann Ergebnis pruefen bevor "Use Case speichern" geklickt wird Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 08:06:43 +01:00
Benjamin Admin	2c35775b44	feat(use-case-workshop): 8-Schritt-Wizard mit UCCA-API-Integration ... Workshop von 5 auf 8 Schritte erweitert: Datenkategorien (Art.9, Sonstige), Verarbeitungszweck (Rechtsgrundlage), Technologie (Glossar, Modell-Nutzung), Automatisierung (Beispiele, Art.22), Hosting/Transfer, Datenhaltung/Vertraege, Zusammenfassung mit automatischer Risikobewertung und UCCA-API-Aufruf. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 07:56:01 +01:00
Benjamin Admin	aaf95cf894	feat(use-case-wizard): Sonstige Datentypen, bessere Erklaerungen und Glossar ... - Step 2: Dynamische Textfelder fuer eigene Datentypen (Kennzeichen, VIN etc.) - Step 4: Konkrete Beispiele fuer Automatisierungsgrade + Art. 22 DSGVO Info - Step 5: Ausfuehrliche Erklaerungen mit Beispielen + aufklappbares Glossar (ML, DL, NLP, LLM, RAG, Fine-Tuning) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 07:24:05 +01:00
Benjamin Admin	e7fab73a3a	fix(company-profile): Projekt-aware Persistenz — Daten werden jetzt pro Projekt gespeichert ... Problem: Company Profile nutzte hartcodiertes tenant_id=default ohne project_id. Beim Wechsel zwischen Projekten wurden immer die gleichen (oder keine) Daten geladen. Aenderungen: - Migration 042: project_id Spalte + UNIQUE(tenant_id, project_id) Constraint, fehlende Spalten (offering_urls, Adressfelder) nachgetragen - Backend: Alle Queries nutzen WHERE tenant_id + project_id IS NOT DISTINCT FROM - Proxy: project_id Query-Parameter wird durchgereicht - Frontend: projectId aus SDK-Context, profileApiUrl() Helper fuer alle API-Aufrufe - "Weiter" speichert jetzt immer den Draft (war schon so, ging aber ins Leere) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 23:48:15 +01:00