DSEAgent wrappt die existierende ART13_CHECKLIST (33 kuratierte Pflichtangaben
L1 + Detailchecks L2) → strukturierter AgentOutput, NICHT der 90k-Library-
Firehose (eCall/Gesundheit/Telekom-Lärm). GET /snapshots/{id}/dse-check spiegelt
impressum-check; doc_input_from_snapshot generalisiert. Frontend: generischer
AgentModuleTab (lazy → AgentResultTab) für Impressum + DSE; DSE-Tab in der
Snapshot-Seite. Plus HRB-Pattern \d→\d+ (volle Registernummer als Beleg).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
_match_value gibt genau den gematchten Bereich zurück (nur die E-Mail unter
Email, nur die USt-IdNr, nur die Telefonnummer) — nicht mehr ein Fenster/den
umgebenden Satz. Behebt die Wiederholung desselben Anfangssatzes bei Texten
ohne Zeilenumbrüche (BMW = ein Block).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Executes the accident-statistics pipeline for the risk anchors:
- Refresh contactModeEvidence with real Eurostat ESAW figures
(dataset hsw_ph3_08, reference year 2023): impact 24.0%/21.4%,
struck-by 13.0%/23.8%, sharp 14.5%, trapped/crushed 13.8% (fatal),
+ new physical/mental-stress mode 24.7% → ergonomic. GT-calibrated
tier VALUES unchanged; the real data confirms the ordering.
- Add the versioned source document (datasources/esaw_accident_stats_2023.md,
ESAW CC BY 4.0 + OSHA public-domain context) that is ingested into the
core RAG collection bp_iace_accident_stats for searchable evidence.
- Whitelist bp_iace_accident_stats in the RAG search handler so seeding
can full-text search the statistics with citation at seed time.
Two-layer design: the small license-tagged code table stays the deterministic
tier/citation lookup; the RAG holds the searchable source evidence.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Drittland: unbekannte Herkunft ('N/A') + Self-Hosting feuern nicht mehr —
First-Party-Session-Cookies (PHPSESSID/JSESSIONID) waren False Positives.
- Impressum _line_of: enges Fenster um den Treffer bei Texten ohne Umbrüche
(BMW = ein Block) → jede Pflichtangabe zeigt IHREN Beleg statt denselben Satz.
- Neuer Finding-Typ missing_opt_out: einwilligungspflichtiger Anbieter mit
Cookies ohne Opt-Out-/Widerspruchs-Link (Art. 7 Abs. 3 + Art. 21).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Snapshot-Detailseite wird zu Modul-Tabs (Cookies & Tracking | Impressum).
Backend GET /snapshots/{id}/impressum-check laeuft den v3 ImpressumAgent auf
dem gespeicherten Impressum-Text (kein Re-Crawl); Input-Erzeugung in
impressum_input_from_snapshot() ausgelagert (pure + getestet: Text/Scope/
company_name-Fallback/None-Pfad). Frontend laedt lazy beim Tab-Wechsel und
rendert mit dem bestehenden AgentResultTab (keine zweite Engine).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The May-built OSHA distance library (minimum_distances.go, 29 CFR 1910,
US public domain) was dead code — zero callers, no route, no test, while
the mm values that actually appear in measures are independent hand-prose
(some carrying ISO 13854/13857 values, not OSHA).
This surfaces it without touching the measures response contract:
- GET /iace/minimum-distances (+ ?measure_id=) returns the distances, the
curated measure→distance link table and the licensing note.
- AllMeasureDistanceLinks/MinimumDistancesForMeasure resolve only the
defensible links (M600 value_source; M254/M065 public-domain crossref to
ISO), with the relation made explicit so the join stays honest.
- architecture.go lists the OSHA library so it shows in the audit explainer.
- Tests: inch→mm conversion + license completeness, link integrity, and a
consistency test pinning that a value_source measure's prose still
matches the OSHA source (codifies the audit finding as a regression gate).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
CookieResultView bekommt einen Umschalter [Rechtliche Rolle] ↔
[Banner-Kategorie] (Notwendig/Funktional/Statistik/Marketing). In beiden
Sichten zeigt jede Cookie-Zeile '→ sollte: Marketing', wenn die tatsächliche
Kategorie laut Library von der deklarierten abweicht (rot bei Tracker als
notwendig, § 25 TDDDG). Neue KPI 'Falsch einsortiert'. Backend liefert dazu
cookie_categories (name→actual_category) aus big_lib im cookie-check-Output;
Seite lädt cookie-check einmal und reicht es an beide Komponenten.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
app/api/webhooks/woodpecker/route.ts (committed in 529c37d) imports
WoodpeckerWebhookPayload, ExtractedError + BacklogSource from
@/types/infrastructure-modules, but that file was never committed. Clean
checkouts (Docker build, CI) fail with 'Cannot find module'. Restore the
file so the admin build is green again. Pure type declarations, no logic.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Vendor-Ebenen-Finding: greift, wenn ein Vendor eine Verarbeitung deklariert
(Kategorie/Zweck), aber KEINE Cookies gelistet sind UND keine persistence
angegeben ist (z.B. Nayoki GmbH — 'necessary' Auftragsverarbeiter ohne
Löschfrist). Die Pro-Cookie-Schleife sah solche Vendors nie (0 Cookies →
0 Findings). Remediation = Ticket-Text 'bitte Löschfrist festlegen'.
Art. 5 Abs. 1 lit. e + Art. 13 Abs. 2 lit. a → Control AUTH-2051-A03.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Adds an auditor-facing view of the IACE engine: a clickable 10-stage
pipeline flow (Grenzen-Formular → ParseNarrative → Pattern-Gates →
Relevanz → Caps → Gefährdungen → Maßnahmen → Risiko → Normen → Matrix),
plus live library counts, the data-source/license register (incl. the
DIN/Beuth + DGUV exclusions), and the norm-matching logic that reconciles
DIN/ISO/OSHA machine-type vocabulary via canonicalMachineType folding.
Backend: BuildArchitecture() with LIVE counts so the diagram can never
drift; GET /iace/architecture; collectAllNorms() extracted from
SuggestNorms as the single source of truth for the norm-library count.
Frontend: useArchitecture hook + page + new IACE nav tab.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Cookie-Check-Endpoint liefert jetzt out["drift"] (audit_cookie_compliance):
deklariert (Cookie-Richtlinie-Text) vs. tatsaechlich geladen (Browser).
Frontend zeigt den Reality-Check-Strip oben im Panel: X dokumentiert ·
Y geladen · Z undokumentiert. Pinnt den Vertrag mit test_cookie_drift.py
(undokumentiert-geladen + beide Drift-Richtungen) + Vitest Drift-Strip.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Surfaces the public-statistics provenance for the contact-mode probability
tiers so generated risk numbers are auditable and attributed (not RAG —
~a dozen stable aggregate facts are better as a license-tagged code table).
- risk_data_sources.go: RiskEvidence register (Eurostat ESAW figures + CC BY
4.0 attribution) for the documented contact modes; RiskDataSourcesNote.
- risk_suggestion.go: the W justification now cites the actual ESAW share +
license where documented; RiskSuggestion gains a data_source field.
- GET /iace/risk-data-sources returns the evidence register + attribution.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds GET /projects/:id/risk-matrix — a confidence-aware risk view computed
on read from each hazard's category/scenario/lifecycle using the SAME model
as the GT benchmark (no persistence, so it never goes stale against the
model; the hand-defaulted iace_hazards risk columns stay untouched).
- risk_matrix.go: EstimateHazardRisk (single source of truth for S/F/W/P +
range + level + confidence) and BuildRiskMatrix (per-hazard list + a 5×5
Severity×Probability aggregation grid with dominant level per cell).
- Frontend: RiskMatrix grid in the Risikobewertung tab (muted colours per
the confidence-aware tonality), level counts + tool-confidence summary,
fed by useRiskMatrix. Shows risk for EVERY project, not only GT ones.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Jeder Cookie-Befund traegt jetzt ein strukturiertes control-Feld
(control_id aus doc_check_controls + regulation + article) statt nur
hardcodeter Strings: vague_duration->AUTH-2051-A03 (Art.5(1)e+13),
tracker_as_necessary->DATA-2851-A05 (§25 TDDDG), third_country->
DATA-1624-A04 (Art.44). Kette Regulation->Article->Control->Finding.
Frontend zeigt die Rechtsgrundlage je Befund. (Controls tragen
regulation/article noch NULL -> hier mitgeliefert bis gepflegt.)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Flaggt Laufzeit-Angaben ohne konkrete Dauer/Kriterium ('dauerhaft', 'bis zur
Loeschung', 'bis Nutzer deaktiviert', 'unbegrenzt' …) — Art. 5(1)(e) + Art. 13
DSGVO. Library-unabhaengig, gilt fuer ALLE Cookies (Coverage auf BMWs 780).
'13 Monate'/'Session'/'bis Widerruf, max. X' bleiben ok.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
These were pre-existing failures (stale tests, not source bugs):
- getNextStep walks steps ordered by `seq`, not array order (ai-act seq 350
sits before import 400). The tests assumed array order; derive the
expectations from the seq-sorted sequence instead.
- buildDocumentScope: a document required only by the level matrix is
`mandatory` but may be `medium` priority — only trigger-mandated docs (and
the high-priority doc types) are forced to high. The test wrongly asserted
ALL mandatory docs are high; now it checks the trigger-mandated ones.
Full vitest suite: 414/414 green.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
recipient_type=CONTROLLER (Meta/LinkedIn/Criteo) gehoert zu Art. 26
(eigenverantwortliche Dritte / Joint Controller), nicht zu den eigenen
Verarbeitungen. BMW: 58 eigene / 16 AVV / 7 joint / 2 sonstige (= Mail-VVT).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Eliminate the pre-existing TS errors that were masked by
next.config.js `typescript.ignoreBuildErrors: true`, then turn the flag
OFF so the compiler is a real safety net for future changes. `next build`
and `tsc --noEmit` now pass with 0 errors.
The errors were not cosmetic — several exposed real latent bugs hidden by
the flag, e.g. the drafting-engine ConstraintEnforcer read non-existent
fields (`t.rule.dsfaRequired`, `d.required`, `r.title`), so its DSFA hard
gate and risk-flag checks were silently no-ops; scopeDefaults read
snake_case CompanyProfile fields that never matched the camelCase type
(generator defaults never populated). Both fixed by aligning code to the
current types.
Highlights:
- Vitest globals: add vitest-globals.d.ts (config already had globals:true)
so the test files type-check; exclude Playwright specs from vitest.
- Add a minimal ambient `pg` module declaration (no @types/pg installed).
- Fix Next 15 route handlers to await Promise params.
- Reconcile drifted types across loeschfristen, compliance-scope, document-
generator, drafting-engine, vendor-compliance, agent and more.
Pre-existing (NOT caused here, proven by stashing the diff): 3 vitest
logic tests still fail — getNextStep (2) and buildDocumentScope priority (1).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
RemediationPlan: aus den offenen Punkten (result.results, Haupt-Engine) je
Finding eine Massnahme + fertigen Ticket-Text ableiten, nach Prioritaet
sortiert, mit Kopieren + JSON-Export als Uebergabe. SCOPE: BreakPilot
formuliert nur — Ticketsystem/Jira/Feedback-Loop baut ein anderes Team.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
ResultSummary: Titel (Firma aus extracted_profile) + check_id + 4 Kacheln
(Dokumente, Konform, Offene Pflichtangaben, Zu pruefen), gerechnet aus
result.results. Co-Pilot-Ton: gruen/gelb/rot nur bei echten Werten.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Report the tool's risk number as a plausible range with a confidence
label instead of a false-precision point value (confidence-aware
tonality — the assessment is confirmed by the DSB / safety expert).
- risk_estimation.go: EstimateConfidence (hoch/mittel/niedrig from how the
contact mode resolved), EstimateRiskRange (S±1 and aggregate L=F+W+P ±1,
the empirically validated per-parameter accuracy), RiskLevelRange; share
the riskBandLabel thresholds with EstimateRiskLevel.
- risk_benchmark.go: RiskComparisonPair gains eng_risk_point/low/high +
level + level_range + confidence; RiskAgreement gains high_confidence_pct.
- RiskComparison.tsx: per-hazard range "low–high (level range)" + point,
confidence chip, and an aggregate confidence line; types in useBenchmark.ts.
- Unit tests for the range/confidence helpers.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Domain-gate ~15 foreign machine classes (pool, amusement, paint booth,
tank farm, reactor, lathe/chips, saw, film/carton, robot, mobile cab,
asbestos, playground swing) in pattern_domain_gates.go so ungated hazard
patterns stop leaking into unrelated machines; matching emit keywords
added in keyword_dictionary.go (gate+emit share one vocabulary).
- Extend the cross-domain precision guard to 6 machine classes (press,
cobot, motor, welding + the 2 GTs) with per-case homeDomains, so a
machine's own domain terms are never flagged. GT coverage stays 100%.
- Reconcile the fine-grained norm machine-type vocabulary (455 keys) with
the 68 canonical dropdown keys via canonicalMachineType() family folding
in matchNorm — welding 0->17, robotics_cobot 0->6, press 8->13,
circular_saw 1->35 machine-specific C-norms. Pattern gating left strict.
- Fix initialize?force=true summary index-shift that mislabeled counts
(reported matched-patterns as "hazards"); now uses named step vars.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Resolved .claude/rules/loc-exceptions.txt: removed the temporary
iace_handler_init_helpers.go exception — the file is now split to 455 lines
(< 500) in commit afb3f83, so the exception is no longer needed (per the note
the other session left on that entry).
[guardrail-change]
- Components view: three presence sections (Vorhanden / Nicht vorhanden /
Geloescht) with bidirectional move + soft-delete (audit-visible, restorable),
so the expert corrects the engine's best-effort negation in both directions.
- CE marking per component (bought robot/actuator/SPS) with a clear
"validate the integrated safety function (PL/SIL)" note when also safety-relevant.
Safe semantics: hazards are not suppressed, only provenance is surfaced.
- Project-create form: machine type is now a grouped dropdown from the engine's
controlled vocabulary (GET /machine-types) instead of free text.
- Knowledge graph: component→hazard edges use the real component_id.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Engine precision (stop foreign-machine patterns leaking into a project):
- Wire project.MachineType into the engine machine-type gate (empty input no
longer fires every machine class — press/cnc/excavator/crane/medical...).
- Capability-domain gating extended by 7 domains (outdoor, ventilation,
machining, bulk, palletizer, playground, fitness) so domain-specific hazards
only fire when the narrative names that domain; emitted via keyword_dictionary.
- Relevance backstop moved into iace (single gating contract, testable), and its
dominant false-anchor class removed (a long pattern word no longer matches a
short common token; prepositions/leitung added to the generic stoplist).
- New guard tests: TestCrossDomainPrecision (full pipeline, 0 foreign per GT) and
TestPatternReachability now asserts 0 dead patterns. Both GTs keep coverage 1.0.
Reachability fix: the 51 dead patterns required electrical/pneumatic/hydraulic
tags nothing produced — renamed to the canonical electrical_energy/
pneumatic_pressure/hydraulic_pressure/hydraulic_part.
Component review (negation is best-effort + expert-correctable):
- Parser surfaces negated components (ComponentMatch.Negated) instead of dropping
them; negated contribute no tags/energy → no phantom hazards.
- presence_status (vorhanden|nicht_vorhanden|geloescht) + ce_marked on components;
only `vorhanden` feed matching. CE+safety-relevant flags the PL/SIL obligation.
- Force re-seed preserves the expert's component decisions instead of wiping them.
- Tag-based component→hazard assignment (was: all on the first component).
- Negation-aware narrative parsing ("keine Pneumatik" no longer extracts it).
Local-dev DB: ai-sdk sets search_path=compliance,core,public; reconcile migrations
152-156 bring the consolidated local iace tables to the current schema + add the
presence_status/ce_marked columns. Machine-type vocabulary endpoint for the form.
[migration-approved]
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The guard probes mc_use_case_mappings as the existence sentinel, but the route
also queries mc_verification, mc_regulations and mc_use_case_sync_state. Document
that they are seeded together and that a half-seeded DB (sentinel present, a
sibling missing) still 500s on the sibling's queries.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
test-go (go vet runs as part of go test) failed on two pre-existing iace spots:
- cmd/iace-audit/main.go: 6x fmt.Println with redundant trailing \n
- internal/iace/document_export_sources.go: duplicate `r == ';'` clause
build-sha-integrity failed because the alpine job installs python3 but not
pyyaml, so `import yaml` raised ModuleNotFoundError. Add py3-yaml to apk.
loc-budget flagged iace_handler_init_helpers.go (530 lines, committed state).
The other session already split it to 455 in the working tree (uncommitted);
grandfather it until that split lands, then remove the exception.
Verified locally: go test ./... all ok, go vet clean, check-loc.sh exit 0.
[guardrail-change]
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Pre-existing tech-debt file (~535 LOC in the CI tree) that grew past the
500-line hard cap and has blocked the repo-wide loc-budget check since #657.
Not related to the IACE work in flight. Documented with a Phase-2 split
rationale; the exceptions list stays the escape hatch the check itself points to.
[guardrail-change]
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Phase 2: Live-Filter an /sdk/master-controls (Use Case, Quell-Regulierung,
Verifikations-Methode, Coverage, Primärzweck-Toggle, category via Member-EXISTS).
API mit EXISTS-Filtern + gecachten Meta-Counts in master-controls/route.ts.
Phase A: neue UseCase telekommunikation + Fix der Impressum-Fehlrouten im
Register (TKG/AT-TKG->telekommunikation, telemedien->dse, GewO->handelsrecht);
echte Impressum-Quellen (TMG/Mediengesetz) bleiben impressum. Deterministischer
Seed aus source_regulation; Tests grün.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Diagnosis: engine F mean 3.56 vs professional 2.56; the dominant disagreement was
normal-operation hazards getting F=4 where the professional assigned 2. Lowered
the lifecycle→F mapping (normal operation 4→3, occasional phases 3→2). New
TestGT_RiskComparison_CrossGT runs the exact production comparison on BOTH GTs:
F within±1 rose to 95% (robot cell) and 94% (lift) — generic, not lift-tuned.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The "Zugeordnet" tab already expanded to a GT-vs-Engine detail comparison; the
"Fehlend" and "Engine Findings" tabs were flat and could not be inspected.
Extracted GTDetailBlock / EngineDetailBlock from DetailComparison and made both
tables expandable (chevron) — missing rows show the full GT entry, extra rows
show the full engine hazard (incl. measures, norms, clarification status).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
#1 Risk-number comparison in the benchmark: ComputeRiskComparison derives the
tool's S/F/W/P + Fine-Kinney per matched hazard and compares to the GT values;
exposed on the benchmark response and rendered in a new RiskComparison table
with GREEN/YELLOW/RED traffic lights on the risk number R (like the Excel),
plus per-axis within-1 agreement cards.
#2 Generic misuse pattern HP2103 "Personenbefoerderung auf Hebezeug" — gated to
lift-family machine types, fires for ANY lifting device (not machine-specific).
#3 Benchmark matcher is now 1:n — one broad engine hazard may cover several
fine-grained GT sub-scenarios (foot/hand/leg crush), so coverage reflects real
risk coverage rather than 1:1 wording matches.
Validated on BOTH ground truths (robot cell + lift): leakage 0, ghosts 0,
coverage held.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Member-canonical_controls tragen meist kein evidence_type/verification_method
(wie schon source_citation). primary_verification_method() leitet die Methode
deterministisch aus dem Primaer-Use-Case ab (impressum->document,
code_security->source_code, ...). Populiert mc_verification beim naechsten Seed.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
(1) extractNarrativeFromMetadata now reads every limits-form field generically
(no whitelist) — intended use, foreseeable misuse, all machine limits and all
four interface groups (electrical/mechanical/pneumatic/software). Field-schema
drift no longer silently drops hazard sources.
(2) withUniversalLifecycles always adds normal_operation/setup/maintenance/
cleaning to the matched lifecycle phases — these occur on virtually every
machine and the professional assesses them, so their hazards must be derived
even when the form omits them.
Kistenhubgeraet recall jumped 42.9% -> 74.3% (electrical 9% -> 82%) from the
field-name fix alone; this broadens it further.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
extractNarrativeFromMetadata looked for field names that don't exist in the real
limits-form schema (interfaces_description, control_system_description,
energy_sources, space_limits, foreseeable_misuse), so it effectively read only
general_description + intended_purpose. The electrical/mechanical/pneumatic/
software interface fields — each a hazard source — were silently dropped, which
is why electrical hazard coverage was 9% for the Kistenhubgeraet.
Now reads the actual schema fields incl. electrical_interfaces /
mechanical_interfaces / pneumatic_hydraulic_interfaces / software_interfaces /
energy_supply / spatial_limits / foreseeable_misuses, plus array fields
(operating_modes, person_groups, industry_sectors). Legacy names kept.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
A "Splitterflug bei Werkzeugbruch" pattern leaked into a lift re-seed because
its press hint ("Pressraum") lives in ZoneDE, which applyDomainGates did not
scan. Add ZoneDE to the gated text. Leakage stays 0, ghosts 0, coverage held.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Observed on a real Kistenhubgeraet (lift) project: generic mechanical patterns
(e.g. HP1000 "Quetschen Arm zwischen Pressenteilen") carry NO machine type and
only generic tags (crush_point, rotating_part), so they fired for a lift; the
narrow domain-gate terms missed their press/welding/glass wording.
Broadens domainGateTerms (pressenteil, pressraum, blechbearbeitung,
punktschweiss, schweisselektrod, elektrodenspalt) and adds a dom_glass domain
(glasschneid/glasbearbeitung/...) with its emit keywords. New test pins that the
four observed leakers now require a dom_* tag. Ghost=0, Leakage=0, coverage held
on both GTs.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
New tab /sdk/iace/[projectId]/risikobewertung. Per hazard it shows BOTH models
side by side — EN-62061-style (S/F/W/P) and Fine-Kinney (P/E/C) — with
BreakPilot's justified suggested values from public data, the visible formula,
and editable fields that recompute the score + risk band live. The professional
adjusts the values (e.g. from his own licensed DIN/Beuth data); we only supply
the formula + inputs, reproduce no norm table.
Consumes GET .../hazards/:hid/risk-suggestion. Registered in IACE_NAV_ITEMS.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Benjamin Admin
Benjamin_Boenisch