- GET /v1/cra/scanner-repos: distinct repo_ids (+counts) vom Scanner-MCP für den Picker.
- useCRA: scannerRepo-State; bei Auswahl POST /assess-from-scanner (echte Findings),
sonst by-iace/Demo wie bisher.
- ScannerRepoPicker im CRA/Cyber-Tab; leere Auswahl = Demo, Repo gewählt = echte Befunde.
Mapping repo_id↔Projekt aktuell UI-seitig (ephemeral); DB-Persistenz pro Projekt folgt.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Snapshot/history: "Snapshot speichern" + a version list (status, date, coverage)
you can click through — makes the CRA Art. 13 running system visible (backend
endpoints already live). Measure-class: each finding shows a remediation-class
badge from its CRA evidence_type ("Code-nah" = scan-locatable, code-fix in the
ticket possible; otherwise Prozess/Doku), and the measures section is relabelled
as the Sollzustand (process/build) — no auto-fix buttons on process measures.
Backend: MappedFinding now carries evidence_type.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
CRA tab now shows the priority layer: a weights control (5 business objectives,
high/medium/low) that re-computes the assessment live; a Prio column with
P0..P3 tier badges (P0 = non-negotiable floor, reason on hover); the table in
backend priority order; and a Quick-Wins block (high impact, low effort). Demo
flags the safety-cross-linked findings as safety_impact so the P0 floor shows.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
CRA tab now computes the assessment live: useCRA POSTs the scenario findings
through a new /api/v1/cra/* proxy to the backend mapper and merges the live
mapping (CRA requirement, risk, measures, NIST/OWASP crosswalk) with the
frontend scenario constants (full measure texts + cyber->safety cross-links,
until those move server-side in step 2). Falls back to the static scenario if
the backend is unreachable.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
New "CRA / Cyber" tab in the IACE project (Zusatzmodule). Treats the
Kistenhubgeraet CE project as if it had an IoT module; invented cyber findings
are mapped to CRA Annex I requirements via the REAL backend mapper output
(faithful), and crucially cross-linked to the existing CE safety hazards they
re-open (cyber defeats a mechanically-mitigated guard -> CRA x Machinery Reg).
Frontend fixture for now; live wiring to the mapper endpoint follows.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Benjamin Admin