- New page /sdk/master-controls with sortable, searchable MC list
- Click MC → expandable detail panel with atomic controls
- Shows L1 token, L2 subtopic, phase, severity, regulation source
- API proxy via pg directly to compliance.master_controls
- Sidebar entry added
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
ISO 27001 ist kein Gesetz — freiwilliger Standard, kein Normtext ingested.
- Modules: ISO 27001 Fallback-Modul entfernt, Filter entfernt
- ISMS: Umbenannt zu "ISMS — ISO 27001 Readiness"
- ISMS: Hinweis "Basierend auf eigenen Pruefaspekten, kein Normtext"
- Sidebar: "ISMS (ISO 27001)" → "ISMS Readiness"
- Verbleibende Regulierungen: DSGVO, AI Act, NIS2 (gesetzlich)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New /sdk/rollenkonzept/ module with 3 tabs (Rollen, Zuordnung, Reviews)
- 7 standard compliance roles (DSB, GF, IT-Leiter, HR, Marketing, Compliance, Einkauf)
- Inline role editing with test email via Mailpit
- Document-to-role mapping table (editable per tenant)
- Review list with status filters and approve/reject workflow
- ReviewAssignmentPanel in Document Generator preview tab
- "Zur Pruefung senden" button creates reviews + sends notification emails
- Approval notification sent to all affected roles after document sign-off
- Sidebar navigation link added
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New route /sdk/cmp with full CMP dashboard
- 4 KPI cards: total consents, active consents, open DSR requests, configured sites
- Cookie category acceptance bars (necessary/statistics/marketing/functional)
- DSR breakdown: by status, by type (Art. 15-21), avg processing time, overdue count
- 9-point compliance checklist (banner, DSE, impressum, Art.7 proof, DSR, loeschfristen,
vendor AVV, email templates, EWR-only mode) — each links to relevant module
- 8 module cards with icons linking to all CMP sub-modules
- Real API integration: /banner/admin/stats, /einwilligungen/consents/stats, /dsr/stats
- Dashboard link added as first entry in CMP sidebar section
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New route /sdk/cmp with full CMP dashboard
- 4 KPI cards: total consents, active consents, open DSR requests, configured sites
- Cookie category acceptance bars (necessary/statistics/marketing/functional)
- DSR breakdown: by status, by type (Art. 15-21), avg processing time, overdue count
- 9-point compliance checklist (banner, DSE, impressum, Art.7 proof, DSR, loeschfristen,
vendor AVV, email templates, EWR-only mode) — each links to relevant module
- 8 module cards with icons linking to all CMP sub-modules
- Real API integration: /banner/admin/stats, /einwilligungen/consents/stats, /dsr/stats
- Dashboard link added as first entry in CMP sidebar section
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CMP Section in Sidebar:
- New "CMP" group with purple accent, above other module sections
- Links: Cookie-Banner, Live-Vorschau, Consent-Records, Consent-Verwaltung,
Vendor-Compliance, DSR Portal, Loeschfristen, E-Mail-Templates
Live Preview (/sdk/cookie-banner/preview):
- Simulated "MusterShop GmbH" website with full cookie banner
- Real API calls to POST /banner/consent (saves to DB)
- EWR-Only toggle functional in preview
- API Debug panel shows fingerprint, consent status, blocked vendors
- Response JSON viewer for API debugging
- Links to verify in Consent-Verwaltung, Consent-Records, DSR Portal
- "Consent zuruecksetzen" button to re-test
- Footer "Cookie-Einstellungen" link to reopen banner
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CMP Section in Sidebar:
- New "CMP" group with purple accent, above other module sections
- Links: Cookie-Banner, Live-Vorschau, Consent-Records, Consent-Verwaltung,
Vendor-Compliance, DSR Portal, Loeschfristen, E-Mail-Templates
Live Preview (/sdk/cookie-banner/preview):
- Simulated "MusterShop GmbH" website with full cookie banner
- Real API calls to POST /banner/consent (saves to DB)
- EWR-Only toggle functional in preview
- API Debug panel shows fingerprint, consent status, blocked vendors
- Response JSON viewer for API debugging
- Links to verify in Consent-Verwaltung, Consent-Records, DSR Portal
- "Consent zuruecksetzen" button to re-test
- Footer "Cookie-Einstellungen" link to reopen banner
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Scan public website for cancellation button, imprint, privacy link, cookie consent
- Generate follow-up questions when checks can't be verified without login
- User answers "no" → finding with legal basis is added to results
- Frontend: FollowUpQuestions component with Ja/Nein buttons
- Sidebar: "Compliance Agent" entry added under KI-Compliance
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Merged feature/fisa-702-drittland-risiko in den refakturierten main-Branch.
Konflikte in 8 Dateien aufgelöst — neue Features in die aufgesplittete
Modulstruktur integriert.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- SDKSidebar (918→236 LOC): extracted icons to SidebarIcons, sub-components
(ProgressBar, PackageIndicator, StepItem, CorpusStalenessInfo, AdditionalModuleItem)
to SidebarSubComponents, and the full module nav list to SidebarModuleNav
- ScopeWizardTab (794→339 LOC): extracted DatenkategorienBlock9 and its
dept mapping constants to DatenkategorienBlock, and question rendering
(all switch-case types + help text) to ScopeQuestionRenderer
- All files now under 500 LOC hard cap; zero behavior changes
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sidebar: Neue Sektion "KI-Compliance" mit 4 Links:
- Use Case Erfassung (advisory-board)
- Use Cases (use-cases)
- AI Act (ai-act)
- EU Registrierung (ai-registration)
Payment: Info-Box mit 3-Spalten Erklaerung (Controls → Assessment → Ausschreibung)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Neuer Sidebar-Eintrag "Payment / Terminal" mit Kreditkarten-Icon
zwischen CE/IACE und Zusatzmodule.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Jeder Tenant kann jetzt mehrere Compliance-Projekte anlegen (z.B. verschiedene
Produkte, Tochterunternehmen). CompanyProfile ist pro Projekt kopierbar und
danach unabhaengig editierbar. Multi-Tab-Support via separater BroadcastChannel
und localStorage Keys pro Projekt.
- Migration 039: compliance_projects Tabelle, sdk_states.project_id
- Backend: FastAPI CRUD-Routes fuer Projekte mit Tenant-Isolation
- Frontend: ProjectSelector UI, SDKProvider mit projectId, URL ?project=
- State API: UPSERT auf (tenant_id, project_id) mit Abwaertskompatibilitaet
- Tests: pytest fuer Model-Validierung, Row-Konvertierung, Tenant-Isolation
- Docs: MKDocs Seite, CLAUDE.md, Backend README
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Logo-Klick fuehrt zurueck zur Startseite (Neues/Bestehendes Projekt)
- Neue projectVersion im SDK State (inkrementiert nur bei explizitem Speichern)
- Header zeigt Firmenname + V001-Format statt auto-inkrementierende Sync-Version
- Sidebar Logo von Link auf Button umgestellt mit customerType-Reset
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bestehende Catalog-Manager-Komponenten in SDK-Routes eingebunden:
- SDKState + Reducer um customCatalogs CRUD erweitert
- Neue Route /sdk/catalog-manager mit CatalogManagerContent
- Sidebar-Link "Kataloge" mit Database-Icon
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
13 Services in 4 Schwimmbahnen (Frontend, Backend, Infrastructure, Data Sovereignty),
Layer-Filter, DB/RAG/API-Toggles, Detail-Panel und Service-Tabelle.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Part 1 — RAG Corpus Versioning:
- New DB table compliance_corpus_versions (migration 017)
- Go CorpusVersionStore with CRUD operations
- Assessment struct extended with corpus_version_id
- API endpoints: GET /rag/corpus-status, /rag/corpus-versions/:collection
- RAG routes (search, regulations) now registered in main.go
- Ingestion script registers corpus versions after each run
- Frontend staleness badge in SDK sidebar
Part 3 — Source Policy Backend:
- New FastAPI router with CRUD for allowed sources, PII rules,
operations matrix, audit trail, stats, and compliance report
- SQLAlchemy models for all source policy tables (migration 001)
- Frontend API base corrected from edu-search:8088/8089 to
backend-compliance:8002/api
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fix interleaved step ordering by introducing global sequence numbers (100-4700)
instead of package-relative order. Add conditional visibility (visibleWhen) for
optional steps like Import and DSFA. Fix TOM/workflow prerequisite bugs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Reduce chat history from 10 to 6 messages to fit context window
- Lower num_predict from 8192 to 2048 for faster responses
- Add Training module link to SDK sidebar navigation
- Add snake_case to camelCase key transformation for reporting API
(Go backend returns snake_case, TypeScript expects camelCase)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implements the 4-level GCI scoring model (Module -> Risk-Weighted -> Regulation Area -> Final GCI)
with DSGVO, NIS2, ISO 27001, and EU AI Act integration.
Backend:
- 9 Go files: engine, models, weights, validity, NIS2 roles/scoring, ISO mapping/gap-analysis, mock data
- GCI handlers with 13 API endpoints under /sdk/v1/gci/
- Routes registered in main.go
Frontend:
- TypeScript types, API client, Next.js API proxy
- Dashboard page with 6 tabs (Overview, Breakdown, NIS2, ISO 27001, Matrix, Audit Trail)
- Sidebar navigation entry
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add STEP_EXPLANATIONS for academy, whistleblower, incidents, dsb-portal,
industry-templates, multi-tenant, sso, document-crawler, advisory-board
to fix client-side crashes. Add all new modules to Zusatzmodule section
in both SDKSidebar and SDKPipelineSidebar (FAB).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Benjamin Admin