breakpilot-compliance

Author	SHA1	Message	Date
Benjamin Admin	afb3f83f30	feat(iace): cross-domain precision overhaul + component review + schema reconcile Engine precision (stop foreign-machine patterns leaking into a project): - Wire project.MachineType into the engine machine-type gate (empty input no longer fires every machine class — press/cnc/excavator/crane/medical...). - Capability-domain gating extended by 7 domains (outdoor, ventilation, machining, bulk, palletizer, playground, fitness) so domain-specific hazards only fire when the narrative names that domain; emitted via keyword_dictionary. - Relevance backstop moved into iace (single gating contract, testable), and its dominant false-anchor class removed (a long pattern word no longer matches a short common token; prepositions/leitung added to the generic stoplist). - New guard tests: TestCrossDomainPrecision (full pipeline, 0 foreign per GT) and TestPatternReachability now asserts 0 dead patterns. Both GTs keep coverage 1.0. Reachability fix: the 51 dead patterns required electrical/pneumatic/hydraulic tags nothing produced — renamed to the canonical electrical_energy/ pneumatic_pressure/hydraulic_pressure/hydraulic_part. Component review (negation is best-effort + expert-correctable): - Parser surfaces negated components (ComponentMatch.Negated) instead of dropping them; negated contribute no tags/energy → no phantom hazards. - presence_status (vorhanden\|nicht_vorhanden\|geloescht) + ce_marked on components; only `vorhanden` feed matching. CE+safety-relevant flags the PL/SIL obligation. - Force re-seed preserves the expert's component decisions instead of wiping them. - Tag-based component→hazard assignment (was: all on the first component). - Negation-aware narrative parsing ("keine Pneumatik" no longer extracts it). Local-dev DB: ai-sdk sets search_path=compliance,core,public; reconcile migrations 152-156 bring the consolidated local iace tables to the current schema + add the presence_status/ce_marked columns. Machine-type vocabulary endpoint for the form. [migration-approved] Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-10 17:15:55 +02:00
Benjamin Admin	06bfbd1dca	feat(use-case-compiler): MC-based compliance questionnaires with scoring Build + Deploy / build-admin-compliance (push) Successful in 2m46s Details Build + Deploy / build-backend-compliance (push) Successful in 26s Details Build + Deploy / build-ai-sdk (push) Successful in 52s Details Build + Deploy / build-developer-portal (push) Successful in 22s Details Build + Deploy / build-tts (push) Successful in 16s Details Build + Deploy / build-document-crawler (push) Successful in 12s Details Build + Deploy / build-dsms-gateway (push) Successful in 20s Details Build + Deploy / build-dsms-node (push) Successful in 16s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 18s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 3m16s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Successful in 1m0s Details CI / test-python-backend (push) Successful in 41s Details CI / test-python-document-crawler (push) Successful in 29s Details CI / test-python-dsms-gateway (push) Successful in 23s Details CI / validate-canonical-controls (push) Successful in 16s Details Build + Deploy / trigger-orca (push) Successful in 2m36s Details Implements the Use-Case Compiler that turns Master Controls into interactive compliance audits. 5 templates (Vendor Check, SAST/DAST, DSGVO, NIS2, CRA), deterministic + LLM question generation, scoring engine with regulation/severity breakdown, and gap detection. - Backend: 9 API endpoints, 22 unit tests (all pass) - Frontend: Template selector, questionnaire, result dashboard - Migration 027: usecase_audits + usecase_answers tables Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-12 13:49:16 +02:00
Benjamin Admin	dabc2358ab	feat(gap): Regulatory Gap Analysis Engine — Phase A Backend Product Profile → Regulatory Classification → MC Gap Assessment → Priority List. - 12 regulations supported (CRA, AI Act, NIS2, DSGVO, Data Act, MiCA, PSD2, AML, MDR, Machinery, TDDDG, LkSG) - Scope signal extraction from product profile - Priority scoring: Severity × Deadline × Dependency - 5 industry templates (IoT, Exchange, Cobot, SaaS, Medical) - 8 API endpoints under /sdk/v1/gap/ - DB migration for gap_projects table - Full build passes Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-10 23:11:30 +02:00
Benjamin Admin	717c31547a	feat: Regulatory News Dashboard — proaktive Compliance-Alerts Build + Deploy / build-backend-compliance (push) Successful in 2m43s Details Build + Deploy / build-admin-compliance (push) Successful in 1m46s Details Build + Deploy / build-ai-sdk (push) Successful in 47s Details Build + Deploy / build-developer-portal (push) Successful in 1m0s Details Build + Deploy / build-tts (push) Successful in 1m14s Details Build + Deploy / build-document-crawler (push) Successful in 37s Details Build + Deploy / build-dsms-gateway (push) Successful in 20s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 19s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 2m35s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Successful in 42s Details CI / test-python-backend (push) Successful in 42s Details CI / test-python-document-crawler (push) Successful in 24s Details CI / test-python-dsms-gateway (push) Successful in 27s Details CI / validate-canonical-controls (push) Successful in 23s Details Build + Deploy / trigger-orca (push) Failing after 2h32m34s Details Zeigt anstehende regulatorische Fristen im Dashboard an, abgeleitet aus den bestehenden Obligation v2 JSON-Dateien. Keine neue DB-Tabelle. Erster News-Eintrag: Widerrufsbutton-Pflicht ab 19.06.2026 (EU-RL 2023/2673, §356a BGB) — eigener Text, keine externe Quelle. Features: - Go Service: scannt Obligations nach Fristen, berechnet Urgency - API: GET /sdk/v1/regulatory-news mit Countdown + Farbcodierung - Dashboard: RegulatoryNewsFeed Sektion mit Countdown-Badges - Vorlage: news-Feld in v2 JSON fuer zukuenftige regulatorische Updates - 11 Tests (Sortierung, Urgency, Deadline-Parsing, Real-File-Test) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-25 17:43:19 +02:00
Benjamin Admin	1ac716261c	feat: Compliance Maximizer — Regulatory Optimization Engine Build + Deploy / build-admin-compliance (push) Successful in 1m45s Details Build + Deploy / build-backend-compliance (push) Successful in 4m42s Details Build + Deploy / build-ai-sdk (push) Successful in 46s Details Build + Deploy / build-developer-portal (push) Successful in 1m6s Details Build + Deploy / build-tts (push) Successful in 1m14s Details Build + Deploy / build-document-crawler (push) Successful in 31s Details Build + Deploy / build-dsms-gateway (push) Successful in 24s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / loc-budget (push) Failing after 15s Details CI / secret-scan (push) Has been skipped Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 2m27s Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / test-go (push) Failing after 37s Details CI / test-python-backend (push) Successful in 42s Details CI / test-python-document-crawler (push) Successful in 25s Details CI / test-python-dsms-gateway (push) Successful in 23s Details CI / validate-canonical-controls (push) Successful in 18s Details Build + Deploy / trigger-orca (push) Successful in 4m35s Details Neues Modul das den regulatorischen Spielraum fuer KI-Use-Cases deterministisch berechnet und optimale Konfigurationen vorschlaegt. Kernfeatures: - 13-Dimensionen Constraint-Space (DSGVO + AI Act) - 3-Zonen-Analyse: Verboten / Eingeschraenkt / Erlaubt - Deterministische Optimizer-Engine (kein LLM im Kern) - 28 Constraint-Regeln aus DSGVO, AI Act, EDPB Guidelines - 28 Tests (Golden Suite + Meta-Tests) - REST API: /sdk/v1/maximizer/* (9 Endpoints) - Frontend: 3-Zonen-Visualisierung, Dimension-Form, Score-Gauges [migration-approved] Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-23 09:10:20 +02:00
Sharang Parnerkar	3f2aff2389	refactor(go): split roadmap_handlers, academy/store, extract cmd/server/main to internal/app roadmap_handlers.go (740 LOC) → roadmap_handlers.go, roadmap_item_handlers.go, roadmap_import_handlers.go academy/store.go (683 LOC) → store_courses.go, store_enrollments.go cmd/server/main.go (681 LOC) → internal/app/app.go (Run+buildRouter) + internal/app/routes.go (registerXxx helpers) main.go reduced to 7 LOC thin entrypoint calling app.Run() All files under 410 LOC. Zero behavior changes, same package declarations. go vet passes on all directly-split packages. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-19 09:51:11 +02:00

6 Commits