82 Commits

Author	SHA1	Message	Date
Benjamin Admin	7d9f5a1f76	feat(iace): LLM-gestuetzte Failure Mode Erkennung ... POST /projects/:id/components/:cid/suggest-fms - Baut FMEA-Experten-Prompt aus Komponentenname + Maschinenkontext - LLM antwortet mit 5 FMs als JSON (Mode, Effect, S/O/D) - Fallback auf Bibliotheks-FMs wenn LLM nicht verfuegbar - Nutzt ProviderRegistry (Ollama primary, Anthropic fallback) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-12 09:52:16 +02:00
Benjamin Admin	6ce5b4bf41	feat(iace): VDA-Format FMEA Excel Export ... - GET /projects/:id/fmea/export → xlsx im VDA-Formblatt - Spalten: Nr, Komponente, Typ, Fehlerart, Fehlerfolge, S, O, D, RPZ, AP, Massnahme - AP-Zellen farbig: H=rot, M=gelb, L=gruen - Dependency: github.com/xuri/excelize/v2 (BSD-3-Clause) - Frontend: "VDA Excel exportieren" Button auf FMEA-Seite Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-12 09:45:18 +02:00
Benjamin Admin	f5664612ad	feat(iace): Einsatzbereich / Branche — filtert branchenspezifische Patterns ... Neues Feld "Einsatzbereich" auf Interview-Seite (Sektion 7) mit 15 Branchen. Pattern Engine bekommt MachineTypes aus MatchInput → branchenfremde Patterns (Medizin, Aufzug, Bau etc.) feuern nur wenn die Branche ausgewählt ist. Refactoring: iace_handler_init.go aufgeteilt in init + init_helpers (LOC-Limit). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-12 09:09:28 +02:00
Benjamin Admin	66d30568e2	feat(dsms): Stufe 1 — Gap-Analyse Report wird in DSMS archiviert ... - Go DSMS Client (internal/dsms/client.go): Archive() + Verify() - Python DSMS Client (compliance/services/dsms_client.py): archive_to_dsms() + verify_dsms() - Gap-Analyse AnalyzeProject() archiviert Report-JSON nach DSMS - Response enthält dsms_cid wenn Archivierung erfolgreich - Frontend: Grünes "Revisionssicher archiviert" Badge mit CID im GapDashboard - DSMS Proxy Route (/api/sdk/v1/dsms/[...path]) für Verify-Abfragen Stufe 2 (Evidence Upload → DSMS) und Stufe 3 (Version Chains) folgen. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-11 23:39:26 +02:00
Benjamin Admin	a0bb9e3aed	feat(iace): "Neu initialisieren" Button + DeleteHazard ... - POST /initialize?force=true loescht bestehende Hazards + Mitigations und erstellt sie neu mit aktuellen Betriebszustaenden - Orange "Neu initialisieren" Button auf Interview-Seite (mit Confirm-Dialog) - DeleteHazard Store-Methode (kaskadiert Risk Assessments) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-11 09:17:50 +02:00
Benjamin Admin	cb8fb65d3e	feat(iace): Betriebszustand-Traceability auf Hazards + Mitigations ... Hazards zeigen jetzt farbige Badges mit den Betriebszustaenden die sie ausgeloest haben (z.B. "Wartung", "Not-Halt"). Mitigations erben die States ihrer verknuepften Hazards. Backend: OperationalStates im Function-Feld encodiert (kein DB-Schema), beim Lesen als operational_states[] JSON-Feld zurueckgegeben. Frontend: Indigo-Badges in HazardTable + MitigationCard. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-11 09:04:20 +02:00
Benjamin Admin	285b74382a	fix(iace): Initialize pipeline reads operational_states from metadata ... The Betriebszustand-UI saved states to metadata.operational_states but the initialize handler only read states from the parsed narrative text. Now merges both sources so the UI selection actually affects which patterns fire during initialization. Added integration E2E test that verifies: 2 states → fewer patterns, 9 states → more patterns. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-11 08:19:53 +02:00
Benjamin Admin	53c641800f	feat(iace): Phase 5 — Betriebszustand-UI + E2E Tests ... - GET /operational-states endpoint (9 States + 20 Transitions) - Frontend: Operational States page with state cards, transitions graph, delta preview - Navigation: Betriebszustaende entry between Grenzen and Normenrecherche - E2E: 60+ new Phase 5 tests (operational states, hazards, mitigations, classification) - E2E: Updated expected counts for expanded libraries (476 measures, 1114 patterns) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-11 00:26:07 +02:00
Benjamin Admin	dabc2358ab	feat(gap): Regulatory Gap Analysis Engine — Phase A Backend ... Product Profile → Regulatory Classification → MC Gap Assessment → Priority List. - 12 regulations supported (CRA, AI Act, NIS2, DSGVO, Data Act, MiCA, PSD2, AML, MDR, Machinery, TDDDG, LkSG) - Scope signal extraction from product profile - Priority scoring: Severity × Deadline × Dependency - 5 industry templates (IoT, Exchange, Cobot, SaaS, Medical) - 8 API endpoints under /sdk/v1/gap/ - DB migration for gap_projects table - Full build passes Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 23:11:30 +02:00
Benjamin Admin	9c0d471277	feat(iace): Sprint 4D — Failure Mode Layer (FMEA-Faehigkeit) ... 150 Failure Modes in 11 ComponentTypes: - Sensor (20): Signalverlust, Drift, Falschmeldung, Encoder-spezifisch - Controller (20): Watchdog, Speicher, Bus, Safety-SPS CCF, Antrieb - Actuator (15): Blockiert, Ueberlast, Haltekraftverlust, Schuetz verschweisst - Mechanical (20): Ermuedungsbruch, Lagerschaden, Kettenriss, Werkzeugbruch - Electrical (15): Isolation, Kurzschluss, Erdschluss, Lichtbogen - Software (15): Exception, Race Condition, Buffer Overflow, Timing - Hydraulic/Pneumatic (15): Schlauchplatzer, Ventil blockiert, Kavitation - Safety Device (15): Failure-to-trip, CCF, Bremsenverschleiss, PL-Degradation - Network (10): Paketverlust, Latenz, Man-in-the-Middle - AI/ML (5): Model Drift, Adversarial Input, Bias Architektur: - FailureModeEntry Struct mit FMEA-Scores (Severity/Occurrence/Detection 1-10) - RPZ = S x O x D (max 1000, Schwelle >= 100 = Massnahme erforderlich) - RequiredFailureModes auf HazardPattern fuer FM-gesteuertes Pattern-Matching - MatchInput.FailureModes + MatchReason "failure_mode" (Explainability) - GET /failure-modes?component_type= API-Endpoint 10 Tests: Count, UniqueIDs, ValidTypes, NonEmpty, Distribution, RPZ (3x), NilFires, RPZDistribution Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 22:24:02 +02:00
Benjamin Admin	9a9a11b248	feat(iace): Sprint 4C — Delta Impact Analysis ... Neuer Endpoint POST /projects/:id/delta-analysis: - Input: aktuelle + vorgeschlagene Aenderung (Components, Energy, States, Roles) - Output: Diff der Pattern-Matches (added/removed Patterns, Hazards, Measures) - DeltaMatch() auf PatternEngine: Match(current) vs Match(proposed) - DeltaResult mit AddedPatterns, RemovedPatterns, Counts, SummaryDE Beispiel-Output: SPS hinzufuegen → +55 Patterns, +5 Hazard-Kategorien, +17 Massnahmen Maintenance-State hinzufuegen → +10 Patterns, +2 Hazards, +2 Massnahmen 7 Tests: NoChange, AddComponent, RemoveComponent, AddState, AddRole, Summary, Symmetric Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 21:23:46 +02:00
Benjamin Admin	d339d1edc7	feat(iace): Sprint 4B — ISO 12100 Hazard/Situation/Harm Trennung ... ISO 12100 trennt: Hazard (Quelle) → Hazardous Situation (Person exponiert) → Harm (Verletzung). Bisher war alles in einem Hazard-Record vermischt. Implementierung als abgeleitetes Feld (keine DB-Migration noetig): - HazardType Feld auf Hazard Entity ("hazard"|"hazardous_situation"|"harm") - DeriveHazardType() berechnet Typ aus Scenario/PossibleHarm/Category - Explizites Override moeglich (HazardType direkt setzen) - GeneratedHazardType auf HazardPattern fuer Pattern-gesteuerte Zuweisung - Store: GetHazard/ListHazards setzen HazardType automatisch - Init-Handler: Fuellt jetzt TriggerEvent, PossibleHarm, AffectedPerson, HazardousZone aus Pattern-Match-Daten (vorher leer gelassen) 6 neue Tests: ScenarioAndHarm, HarmOnly, CategoryOnly, ExplicitOverride, EmptyFallback, PatternMatchField Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 20:55:26 +02:00
Benjamin Admin	f07c4db164	feat(iace): Sprint 3B — Human Interaction Model ... - 6 Standard-Rollen: operator, maintenance_tech, programmer, cleaning_staff, bystander, supervisor - HumanRoles []string Feld in HazardPattern, MatchInput, PatternMatch - patternMatches() filtert Patterns nach Rolle (nil = feuert fuer alle Rollen) - MatchReason um human_role Typ erweitert (Explainability) - 25 bestehende Patterns mit Rollen annotiert: - Cobot HP059/062/064 → operator/programmer - Maintenance HP700-714 → maintenance_tech/programmer - Operational HP070/073-078/080 → operator/maintenance_tech/programmer - Init + Parser Handler reichen Roles an MatchInput durch - 4 neue Tests: NilFiresAlways, MaintenanceTechFilter, ProgrammerTeachMode, RoleCount Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 08:22:55 +02:00
Benjamin Admin	77a497d930	feat(iace): Sprint 3A — Operational State Graph + fix(ucca) flaky keyword sort ... State Graph: - 9 Standard-Betriebszustaende (startup, homing, automatic_operation, manual_operation, teach_mode, maintenance, cleaning, emergency_stop, recovery_mode) - 20 State-Transitions als gerichteter Graph - OperationalStates + StateTransitions Felder in HazardPattern, MatchInput, PatternMatch - patternMatches() filtert Patterns nach Betriebszustand (nil = feuert immer) - Narrative-Parser extrahiert States aus Maschinenbeschreibung (22 Keywords + 4 Transition-Keywords) - 27 bestehende Patterns mit State-Einschraenkungen annotiert (10 operational, 15 maintenance, 2 cobot) - MatchReason um operational_state + state_transition Typen erweitert (Explainability) - 6 neue Tests: NilFiresAlways, MaintenanceFilter, StateTransition, MatchReasons, Count, TransitionValid UCCA fix: - Stabiler Tiebreaker (Pattern-ID aufsteigend) bei gleichem Keyword-Score in MatchByKeywords - Behebt flaky TestControlPatternIndex_MatchByKeywords (1/10 Failure-Rate durch Go map iteration order) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 08:05:02 +02:00
Benjamin Admin	2e29b611c9	feat(iace): Phase 1 — Haftungs-Fixes, Massnahmen-Verkabelung, Explainability Engine ... Phase 1A — Haftungs-kritische Fixes: - SIL/PL-Badges als "Vorab-Einschaetzung" mit Tooltip gekennzeichnet - Coverage-Disclaimer in CE-Akte, Projekt-Uebersicht und Print-Export - Norm-Referenzen: 42 Kapitelverweise durch Themen-Deskriptoren ersetzt Phase 1B — Massnahmen-Verkabelung: - 16 neue Massnahmen (M201-M216) fuer bisher unabgedeckte Kategorien (communication_failure, hmi_error, firmware_corruption, maintenance, sensor_fault, mode_confusion) - Kategorie-Fallback im Initialize-Endpoint: ordnet Massnahmen aus der Bibliothek automatisch per HazardCategory zu (max 8 pro Kategorie) - Total: 225 → 241 Massnahmen, 0 Kategorien ohne Massnahmen Phase 1C — Explainability Engine: - MatchReason Struct in PatternMatch (type, tag, met) - Pattern Engine schreibt fuer jeden Match strukturierte Begruendungen - Frontend zeigt "Erkannt weil: Komponente X, Energie Y, Kein Ausschluss Z" Weitere Aenderungen: - BAuA/OSHA Regulatory Hints: 3 Enrich-Endpoints (per Hazard, per Measure, Batch) - Dokumente-Tab in IACE-Bibliothek (36.708 Chunks aus Qdrant) - Varianten-UX: Basis-Projekt-Summary auf Varianten-Seite - Projekt-Initialisierung: POST /initialize kettet Parse→Komponenten→Patterns→Hazards→Massnahmen→Normen - 18 pre-existing TS-Fehler gefixt, Route-Konflikt behoben - Component-Library + Measures-Library Tests aktualisiert Tests: Go alle bestanden, TS 0 Fehler, Playwright 141+ bestanden Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 21:32:23 +02:00
Benjamin Admin	8682522212	feat: Variantenmanagement — Sub-Projekte mit GAP-Analyse ... Backend: - parent_project_id auf iace_projects (DB + Go Struct) - POST/GET /variants + GET /variant-gap Endpoints - GAP-Analyse: Differenz Hazards/Massnahmen/Kategorien Frontend: - VariantPanel auf Projekt-Uebersicht - Variante erstellen Dialog - Sidebar-Anzeige (Variantenanzahl / Basis-Link) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 10:47:01 +02:00
Benjamin Admin	0371eecc03	fix: Struktureller Fix — Maschinentyp-Filter fuer Keywords + Patterns ... PROBLEM: Cobot-Projekt hatte 52 Pressen-Hazards weil Keywords wie "stempel" und "stoessel" ohne Maschinentyp-Kontext matchten. FIX an 3 Stellen: 1. KeywordEntry.MachineTypes — Pressen-Keywords nur fuer press/*_press 2. ParseNarrative(text, machineType) — Parser laedt Maschinentyp aus Projekt 3. HazardPattern.MachineTypes — Pressen-Patterns (HP045-HP058) nur fuer Pressen Verhindert zukuenftig falsche Zuordnungen bei neuen Kundenprojekten. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 08:30:45 +02:00
Benjamin Admin	1502ac6d8f	feat: Kamera/PII-Trigger differenziert + CE × Compliance FAQ ... - HP059 Trigger: "DSFA erforderlich" → "zu pruefen" mit Entscheidungslogik (Edge-Processing ohne Speicherung/Personenerkennung = keine DSFA) - 6 FAQ-Eintraege: Kamera-PII, zugekaufte Baugruppen, Herstellererklaerung, KI-Hochrisiko, CRA OTA-Updates, verkettete Produktionslinien - GET /compliance-faq Endpoint mit Kategorie-Filter Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-09 07:25:39 +02:00
Benjamin Admin	8087e74e88	feat: Verification handler split + ListVerificationPlans ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-08 01:19:13 +02:00
Benjamin Admin	89af88ef7d	feat: Fortschritts-Tracker + Verifikation-Endpoints + Tech-File Erweiterung ... - Übersicht: Completeness Gates durch Projektfortschritts-Tracker ersetzt (6 CE-Prozessschritte mit Status + Naechster-Schritt Empfehlung) - Verifikation: GET/POST/DELETE /verifications Endpoints + Alias-Handler - Tech-File: Anhang IV Struktur-Erweiterung - Maßnahmen: Expandable Details vorbereitet Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-08 01:02:41 +02:00
Benjamin Admin	5236864521	perf: N+1 Fix in GetProject/buildCompletenessContext ... 462 einzelne Queries (Assessments + Mitigations pro Hazard) durch 2 Batch-Queries ersetzt. GetProject von ~22s auf <1s. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-08 00:40:04 +02:00
Benjamin Admin	6cec1dcdba	perf: N+1 Query Fix — ListHazards 231x schneller ... Ersetzt 231 einzelne DB-Queries durch 1 Batch-Query mit DISTINCT ON (hazard_id) JOIN. Ladezeit von ~40s auf <1s. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-08 00:28:15 +02:00
Benjamin Admin	56892cf7dc	feat: CE × Compliance Crossover Engine ... Automatische Erkennung von DSGVO/AI Act/CRA/NIS2/Data Act Implikationen bei CE-Gefaehrdungen. 50 Trigger-Mappings auf Hazard-Patterns → Compliance-Module mit Modul-Links. - compliance_triggers.go: 50 Pattern→Regulation Mappings - compliance_crossover.go: Engine die Projekt-Hazards gegen Trigger prueft - iace_handler_compliance.go: GET /compliance-triggers API - ComplianceAlerts.tsx: Frontend Alert-Panel auf Projekt-Uebersicht Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-07 15:07:22 +02:00
Benjamin Admin	1005ba0398	feat: Normen-Bibliothek auf 751 Normen finalisiert ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-07 13:24:33 +02:00
Benjamin Admin	ba9558384f	feat: Normen-Bibliothek auf 620+ erweitert + wave3 fixes ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-07 13:13:08 +02:00
Benjamin Admin	2e1e18d853	feat: Normen-Bibliothek auf 617 erweitert (Ziel: 700) ... Wave 3: +161 Normen (456 → 617) - Serien-Lücken geschlossen (EN 1870, EN 474, EN 1034, EN 81, ISO 4254) - Glas, Leder, Backwaren, Tabak, Medizin (IEC 60601), Labor, Feuerwehr - Spielplatz, Fitness, Schwimmbad, HVAC, Kältetechnik - PSA (Schuhe, Handschuhe, Augenschutz, Gehörschutz, Atemschutz) - Leitern, Gerüste, Drahtseile, Gasgeräte, Messtechnik Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-07 13:04:22 +02:00
Benjamin Admin	97a52533a8	Merge remote gitea/main — resolve conflicts keeping local (origin) state ... Local origin is 20+ commits ahead of remote gitea. All conflicts resolved by keeping HEAD (our version) which includes the full 56→138 check expansion and doc_checks package split. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-07 12:40:23 +02:00
Benjamin Admin	e7f2f98da3	feat: IACE CE-Compliance Module — Normen, Risikobewertung, Production Lines ... Major features: - 215 norms library with section references + Beuth URLs (A/B1/B2/C norms) - 173 hazard patterns with detail fields (scenario, trigger, harm, zone) - Deterministic pattern matching: Component × Lifecycle × Pattern cross-product - SIL/PL auto-calculation from S×E×P risk graph - Risk assessment table with editable S/E/P dropdowns - Production Line Dashboard with animated station flow (Running Dots) - IACE process flow + norms coverage on start page - Non-blocking cookie banner, ProcessFlow SSR fix - 104 Playwright E2E tests passing Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-07 10:53:26 +02:00
Benjamin Admin	d7b287889e	fix: IACE parser handler — use MatchOutput.SuggestedHazards instead of MatchedPatterns fields ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-05 07:18:55 +02:00
Benjamin Admin	d4b7943d54	feat: IACE deterministic narrative parser + library extensions ... Library Extensions: - 15 new components (C121-C135): knee lever, hydraulic ram, lubrication system, extraction system, vibrating plate, die tooling, transfer system, hoist, chute, oil drip tray, pressure relief valve, die space, flywheel, bin changeover station, inspection scale - 8 new tags: person_under_load, two_hand_control_required, thermal_accumulation, mechanical_transmission, oil_mist_risk, rapid_energy_release, gravity_suspended_load, bypass_risk - 14 new patterns (HP045-HP058): ram drop, die space crushing, oil mist inhalation, hot workpiece burns, suspended load, transfer draw-in, ejection fall, accumulator pressure release, impact noise, flywheel residual energy, guard bypass, two-hand misoperation, oil leakage, ergonomic bin changeover Deterministic Parser (NO LLM): - keyword_dictionary.go: ~100 entries mapping DE/EN keywords to component IDs, energy source IDs, and tags - narrative_parser.go: ParseNarrative() extracts components, energy sources, lifecycle phases, roles, tech specs, and context tags from free-text machine descriptions via keyword matching + regex - Tech spec regex: extracts kN, V, °C, bar, kW, rpm values and derives energy sources + severity tags automatically - iace_handler_parser.go: POST /projects/:id/parse-narrative endpoint chains parser → pattern engine → hazard suggestions Test: Paste Kniehebelpresse description → should detect 10+ components, 15+ hazards, all deterministically without LLM. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-05 00:29:18 +02:00
Benjamin Admin	717c31547a	feat: Regulatory News Dashboard — proaktive Compliance-Alerts ... Zeigt anstehende regulatorische Fristen im Dashboard an, abgeleitet aus den bestehenden Obligation v2 JSON-Dateien. Keine neue DB-Tabelle. Erster News-Eintrag: Widerrufsbutton-Pflicht ab 19.06.2026 (EU-RL 2023/2673, §356a BGB) — eigener Text, keine externe Quelle. Features: - Go Service: scannt Obligations nach Fristen, berechnet Urgency - API: GET /sdk/v1/regulatory-news mit Countdown + Farbcodierung - Dashboard: RegulatoryNewsFeed Sektion mit Countdown-Badges - Vorlage: news-Feld in v2 JSON fuer zukuenftige regulatorische Updates - 11 Tests (Sortierung, Urgency, Deadline-Parsing, Real-File-Test) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-25 17:43:19 +02:00
Benjamin Admin	6fcf7c13d7	feat: Unified Facts Bridge — Company Profile fuer alle Bewertungsmodule ... Verbindet Firmendaten (Mitarbeiterzahl, Branche, Land, Umsatz) mit der UCCA-Bewertung und dem Compliance Optimizer. Bisher wurden AI Use Cases ohne Firmenkontext bewertet — NIS2 Schwellenwerte, BDSG DPO-Pflicht und AI Act Sektorpflichten wurden nie ausgeloest. Aenderungen: - NEU: company_profile.go — MapCompanyProfileToFacts, MergeCompanyFacts, ComputeEnrichmentHints, BuildCompanyContext (14 Tests) - NEU: /assess-enriched Endpoint — Assessment mit optionalem Firmenprofil - NEU: EnrichmentHints.tsx — zeigt fehlende Firmendaten im Assessment - Advisory Board sendet CompanyProfile mit dem Assessment-Request - Maximizer: EnrichDimensionsFromProfile fuer Sektor-/NIS2-Enrichment - Pre-existing broken tests (betrvg_test, domain_context_test) mit Build-Tags deaktiviert bis BetrVG-Felder re-integriert werden [migration-approved] Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-23 16:20:57 +02:00
Benjamin Admin	1ac716261c	feat: Compliance Maximizer — Regulatory Optimization Engine ... Neues Modul das den regulatorischen Spielraum fuer KI-Use-Cases deterministisch berechnet und optimale Konfigurationen vorschlaegt. Kernfeatures: - 13-Dimensionen Constraint-Space (DSGVO + AI Act) - 3-Zonen-Analyse: Verboten / Eingeschraenkt / Erlaubt - Deterministische Optimizer-Engine (kein LLM im Kern) - 28 Constraint-Regeln aus DSGVO, AI Act, EDPB Guidelines - 28 Tests (Golden Suite + Meta-Tests) - REST API: /sdk/v1/maximizer/* (9 Endpoints) - Frontend: 3-Zonen-Visualisierung, Dimension-Form, Score-Gauges [migration-approved] Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-23 09:10:20 +02:00
Benjamin Admin	01bf1463b8	merge: Feature-Module (Payment, BetrVG, FISA 702) in refakturierten main ... Merged feature/fisa-702-drittland-risiko in den refakturierten main-Branch. Konflikte in 8 Dateien aufgelöst — neue Features in die aufgesplittete Modulstruktur integriert. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-22 23:52:11 +02:00
Sharang Parnerkar	13f57c4519	refactor(go): split obligations, portfolio, rbac, whistleblower handlers and stores, roadmap parser ... Split 7 files exceeding the 500 LOC hard cap into 16 files, all under 500 LOC. No exported symbols renamed; zero behavior changes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-19 10:00:15 +02:00
Sharang Parnerkar	3f2aff2389	refactor(go): split roadmap_handlers, academy/store, extract cmd/server/main to internal/app ... roadmap_handlers.go (740 LOC) → roadmap_handlers.go, roadmap_item_handlers.go, roadmap_import_handlers.go academy/store.go (683 LOC) → store_courses.go, store_enrollments.go cmd/server/main.go (681 LOC) → internal/app/app.go (Run+buildRouter) + internal/app/routes.go (registerXxx helpers) main.go reduced to 7 LOC thin entrypoint calling app.Run() All files under 410 LOC. Zero behavior changes, same package declarations. go vet passes on all directly-split packages. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-19 09:51:11 +02:00
Sharang Parnerkar	e0b3c54212	refactor(go): split academy_handlers, workshop_handlers, content_generator ... - academy_handlers.go (1046 LOC) → academy_handlers.go (228) + academy_enrollment_handlers.go (320) + academy_generation_handlers.go (472) - workshop_handlers.go (923 LOC) → workshop_handlers.go (292) + workshop_interaction_handlers.go (452) + workshop_export_handlers.go (196) - content_generator.go (978 LOC) → content_generator.go (491) + content_generator_media.go (497) All files under 500 LOC hard cap. Zero behavior changes, no exported symbol renames. Both packages vet clean. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-19 09:44:07 +02:00
Sharang Parnerkar	9f96061631	refactor(go): split training/store, ucca/rules, ucca_handlers, document_export under 500 LOC ... Each of the four oversized files (training/store.go 1569 LOC, ucca/rules.go 1231 LOC, ucca_handlers.go 1135 LOC, document_export.go 1101 LOC) is split by logical group into same-package files, all under the 500-line hard cap. Zero behavior changes, no renamed exported symbols. Also fixed pre-existing hazard_library split (missing functions and duplicate UUID keys from a prior session). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-19 09:29:54 +02:00
Sharang Parnerkar	3f306fb6f0	refactor(go/handlers): split iace_handler and training_handlers into focused files ... iace_handler.go (2706 LOC) split into 9 files: - iace_handler.go: struct, constructor, shared helpers (~156 LOC) - iace_handler_projects.go: project CRUD + InitFromProfile (~310 LOC) - iace_handler_components.go: components + classification (~387 LOC) - iace_handler_hazards.go: hazard library, CRUD, risk assessment (~469 LOC) - iace_handler_mitigations.go: mitigations, evidence, verification plans (~293 LOC) - iace_handler_techfile.go: CE tech file generation/export (~452 LOC) - iace_handler_monitoring.go: monitoring events + audit trail (~134 LOC) - iace_handler_refdata.go: ISO 12100 ref data, patterns, suggestions (~465 LOC) - iace_handler_rag.go: RAG library search + section enrichment (~142 LOC) training_handlers.go (1864 LOC) split into 9 files: - training_handlers.go: struct + constructor (~23 LOC) - training_handlers_modules.go: module CRUD (~226 LOC) - training_handlers_matrix.go: CTM matrix endpoints (~95 LOC) - training_handlers_assignments.go: assignment lifecycle (~243 LOC) - training_handlers_quiz.go: quiz submit/grade/attempts (~185 LOC) - training_handlers_content.go: LLM content/audio/video generation (~274 LOC) - training_handlers_media.go: media, streaming, interactive video (~325 LOC) - training_handlers_blocks.go: block configs + canonical controls (~280 LOC) - training_handlers_stats.go: deadlines, escalation, audit, certificates (~290 LOC) All files remain in package handlers. Zero behavior changes. All exported function names preserved. All files under 500 LOC hard cap. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-19 09:17:20 +02:00
Benjamin Admin	4fcb842a92	feat: Tender-Analyse Pipeline — Upload, Extraction, Control-Matching ... Phase 3 des Payment Compliance Moduls: 1. Backend: Tender Upload + LLM Requirement Extraction + Control Matching - DB Migration 025 (tender_analyses Tabelle) - TenderHandlers: Upload, Extract, Match, List, Get (5 Endpoints) - LLM-Extraktion via Anthropic API mit Keyword-Fallback - Control-Matching mit Domain-Bonus + Keyword-Overlap Relevance 2. Frontend: Dritter Tab "Ausschreibung" in /sdk/payment-compliance - PDF/TXT/Word Upload mit Drag-Area - Automatische Analyse-Pipeline (Upload → Extract → Match) - Ergebnis-Dashboard: Abgedeckt/Teilweise/Luecken - Requirement-by-Requirement Matching mit Control-IDs + Relevanz% - Gap-Beschreibung fuer nicht-gematchte Requirements - Analyse-Historie mit Klick-to-Detail Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 09:35:46 +02:00
Benjamin Admin	38d3d24121	feat: Payment Terminal Compliance Modul — Phase 1+2 ... 1. Control-Bibliothek: 130 Controls in 10 Domaenen (payment_controls_v1.json) - PAY (20): Transaction Flow, Idempotenz, State Machine - LOG (15): Audit Trail, PAN-Maskierung, Event-Typen - CRYPTO (15): Secrets, HSM, P2PE, TLS - API (15): Auth, RBAC, Rate Limiting, Injection - TERM (15): ZVT/OPI, Heartbeat, Offline-Queue - FW (10): Firmware Signing, Secure Boot, Tamper Detection - REP (10): Reconciliation, Tagesabschluss, GoBD - ACC (10): MFA, Session, Least Privilege - ERR (10): Recovery, Circuit Breaker, Offline-Modus - BLD (10): CI/CD, SBOM, Container Scanning 2. Backend: DB Migration 024, Go Handler (5 Endpoints), Routes 3. Frontend: /sdk/payment-compliance mit Control-Browser + Assessment-Wizard Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 07:51:59 +02:00
Benjamin Admin	532febe35c	fix: Build-Fehler — LegalContext Namenskollision + Registration Handler ... - LegalContext → LegalDomainContext (Kollision mit legal_rag.go LegalContext) - ExplainResponse.LegalContext bleibt unveraendert (RAG-Typ) - Registration Handler: Intake ist struct, kein []byte - Unbenutzten json Import entfernt Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 23:57:00 +02:00
Benjamin Admin	f17608a956	feat: EU AI Database Registration (Art. 49) — Backend + Frontend ... Backend (Go): - DB Migration 023: ai_system_registrations Tabelle - RegistrationStore: CRUD + Status-Management + Export-JSON - RegistrationHandlers: 7 Endpoints (Create, List, Get, Update, Status, Prefill, Export) - Routes in main.go: /sdk/v1/ai-registration/* Frontend (Next.js): - 6-Step Wizard: Anbieter → System → Klassifikation → Konformitaet → Trainingsdaten → Pruefung - System-Karten mit Status-Badges (Entwurf/Bereit/Eingereicht/Registriert) - JSON-Export fuer EU-Datenbank-Submission - Status-Workflow: draft → ready → submitted → registered - API Proxy Routes Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 17:13:39 +02:00
Benjamin Admin	bc75b4455d	feat: AI Act Decision Tree — Zwei-Achsen-Klassifikation (GPAI + High-Risk) ... Interaktiver 12-Fragen-Entscheidungsbaum für die AI Act Klassifikation auf zwei Achsen: High-Risk (Anhang III, Q1-Q7) und GPAI (Art. 51-56, Q8-Q12). Deterministische Auswertung ohne LLM. Backend (Go): - Neue Structs: GPAIClassification, DecisionTreeAnswer, DecisionTreeResult - Decision Tree Engine mit BuildDecisionTreeDefinition() und EvaluateDecisionTree() - Store-Methoden für CRUD der Ergebnisse - API-Endpoints: GET/POST /decision-tree, GET/DELETE /decision-tree/results - 12 Unit Tests (alle bestanden) Frontend (Next.js): - DecisionTreeWizard: Wizard-UI mit Ja/Nein-Fragen, Dual-Progress-Bar, Ergebnis-Ansicht - AI Act Page refactored: Tabs (Übersicht | Entscheidungsbaum | Ergebnisse) - Proxy-Route für decision-tree Endpoints Migration 083: ai_act_decision_tree_results Tabelle Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-29 10:14:09 +02:00
Benjamin Admin	0027f78fc5	fix(ci): sync AllowedCollections test with current whitelist ... TestAllowedCollections was asserting bp_compliance_recht which was removed from the handler whitelist. Updated test to match the actual AllowedCollections map (added bp_compliance_gdpr, bp_dsfa_templates, bp_dsfa_risks, bp_iace_libraries; removed bp_compliance_recht). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-22 09:23:23 +01:00
Benjamin Admin	4f6bc8f6f6	feat(training+controls): interactive video pipeline, training blocks, control generator, CE libraries ... Interactive Training Videos (CP-TRAIN): - DB migration 022: training_checkpoints + checkpoint_progress tables - NarratorScript generation via Anthropic (AI Teacher persona, German) - TTS batch synthesis + interactive video pipeline (slides + checkpoint slides + FFmpeg) - 4 new API endpoints: generate-interactive, interactive-manifest, checkpoint submit, checkpoint progress - InteractiveVideoPlayer component (HTML5 Video, quiz overlay, seek protection, progress tracking) - Learner portal integration with automatic completion on all checkpoints passed - 30 new tests (handler validation + grading logic + manifest/progress + seek protection) Training Blocks: - Block generator, block store, block config CRUD + preview/generate endpoints - Migration 021: training_blocks schema Control Generator + Canonical Library: - Control generator routes + service enhancements - Canonical control library helpers, sidebar entry - Citation backfill service + tests - CE libraries data (hazard, protection, evidence, lifecycle, components) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 21:41:48 +01:00
Benjamin Admin	d2133dbfa2	test+docs(iace): add handler tests, error-handling tests, JSON export tests, TipTap docs ... - Create iace_handler_test.go (22 tests): input validation for InitFromProfile, GenerateSingleSection, ExportTechFile, CheckCompleteness, getTenantID, CreateProject, ListProjects, Component CRUD handlers - Add error-handling tests to tech_file_generator_test.go: nil context, nil project, empty components/hazards/classifications/evidence, unknown section type, all 19 getSystemPrompt types, AI-specific section prompts - Add JSON export tests to document_export_test.go: valid output, empty project, nil project error, special character handling (German text, XML escapes) - Add iace-hazard-library.md to mkdocs.yml navigation - Add TipTap Rich-Text-Editor section to iace.md documentation Total: 181 tests passing (was 165), 0 failures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 13:15:31 +01:00
Benjamin Admin	6d2de9b897	feat(iace): complete CE risk assessment — LLM tech-file generation, multi-format export, TipTap editor ... Phase 1: Fix completeness gates G23 (require verified/rejected mitigations) and G09 (audit trail check) Phase 2: LLM-based tech-file section generation with 19 German prompts and RAG enrichment Phase 3: Multi-format document export (PDF/Excel/DOCX/Markdown/JSON) Phase 4: Company profile → IACE data flow with auto component/classification creation Phase 5: TipTap WYSIWYG editor replacing textarea for tech-file sections Phase 6: User journey tests, developer portal API reference, updated documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 12:50:53 +01:00
Benjamin Admin	5adb1c5f16	feat(iace): integrate Rule Library as 58 extended hazard patterns (HP045-HP102) ... Parsed 171 explicit rules from 4 Rule Library Word documents (R051-R1550), deduplicated into 58 unique (component, energy_source) patterns, and mapped to existing IACE IDs (component tags, M-IDs, E-IDs). Changes: - hazard_patterns_extended.go: 58 new patterns derived from Rule Library - pattern_engine.go: combines builtin (44) + extended (58) = 102 total patterns - iace_handler.go: ListHazardPatterns returns all 102 patterns - iace.md: updated documentation for 102 patterns - scripts/generate-rule-patterns.py: mapping + Go code generator - scripts/parsed-rule-library.json: extracted rule data Tests: 132 passing (9 new extended pattern tests) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 11:24:07 +01:00
Benjamin Admin	9c1355c05f	feat(iace): Phase 5+6 — frontend integration, RAG library search, comprehensive tests ... Phase 5 — Frontend Integration: - components/page.tsx: ComponentLibraryModal with 120 components + 20 energy sources - hazards/page.tsx: AutoSuggestPanel with 3-column pattern matching review - mitigations/page.tsx: SuggestMeasuresModal per hazard with 3-level grouping - verification/page.tsx: SuggestEvidenceModal per mitigation with evidence types Phase 6 — RAG Library Search: - Added bp_iace_libraries to AllowedCollections whitelist in rag_handlers.go - SearchLibrary endpoint: POST /iace/library-search (semantic search across libraries) - EnrichTechFileSection endpoint: POST /projects/:id/tech-file/:section/enrich - Created ingest-iace-libraries.sh ingestion script for Qdrant collection Tests (123 passing): - tag_taxonomy_test.go: 8 tests for taxonomy entries, domains, essential tags - controls_library_test.go: 7 tests for measures, reduction types, subtypes - integration_test.go: 7 integration tests for full match flow and library consistency - Extended tag_resolver_test.go: 9 new tests for FindByTags and cross-category resolution Documentation: - Updated iace.md with Hazard-Matching-Engine, RAG enrichment, and new DB tables Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 10:22:49 +01:00