Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
1,407 Commits 12 Branches 1 Tag
828230746ecfd9e78bc7bd65cd736c01b8e04f23
Commit Graph

4 Commits

Author SHA1 Message Date
Benjamin Admin 828230746e feat(cra): Befund-Detail aufgeräumt + Rechts-Anker (source_article) sichtbar 
Frontend (CRA/Cyber-Tab):
- Erklär-Zwischensätze je Ebene (Befund -> CRA-Anforderung -> Best-Practice-
  Standard -> Maßnahmen) + "So liest du einen Befund"-Legende.
- Kuratierte M-Maßnahmen und atom-grain "Regulatorische Breite" in EINE Sektion
  "Maßnahmen (wählbar)" zusammengeführt (statt zwei konkurrierender Listen).
- Standalone "Empfohlene Maßnahmen (Sollzustand)" entfernt (jetzt je Befund).

Backend:
- Atom-Controls-Query liefert jetzt cpl.source_article (Artikel/Anhang/Erwägungs-
  grund-Anker) zusätzlich zu source_regulation; via LATERAL-Join.
- enrich_findings_with_breadth trägt source_article in regulatory_breadth.
- Daten waren schon ingestiert (682/691 CRA-Atome haben source_article) — wurden
  nur nicht selektiert/angezeigt.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-06-14 23:14:53 +02:00
Benjamin Admin 398eaf3c36 feat(cra): two-lane breadth — CRA-specific corpus + technical depth 
All 6 security use_cases are atom-grain now. Per finding we draw two lanes: the
CRA corpus (use_case=cra, the most on-point CRA obligations) + the technical
depth (code_security for secure-dev, else network_security). Controls merged,
deduped, each tagged with its use_case (shown in the best-practice depth).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-06-14 12:23:37 +02:00
Benjamin Admin a06c64af48 feat(cra): route secure-dev breadth to code_security (atom-grain) 
Both network_security and code_security are now atom-grain. Per-sub_topic
use_case routing: secure_development -> code_security (best for secure-dev
findings), everything else -> network_security. Findings carry breadth_use_case
so the source context (which atom corpus) is visible under the best-practice depth.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-06-14 11:04:24 +02:00
Benjamin Admin c7845f67d6 feat(cra): attach network_security regulatory breadth (shared Controls-API) 
Semantic breadth (2): each finding's CRA-AI is mapped to a network_security
sub_topic and enriched with atom-grain, framework-traceable obligations from the
shared Controls-API (compliance.atom_classification) — at the endpoint/view layer
(SessionLocal), NOT in the pure mapper. CRA-AI anchor + curated measure +
NIST/OWASP crosswalk stay the lead; this is breadth + source evidence. Only
network_security is queried (atom-grain), scoped by sub_topic + limit. Frontend
renders it under the collapsible best-practice depth (control_id · title · source).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-06-14 10:45:21 +02:00