The monolithic compliance/db/models.py is decomposed into seven sibling
aggregate modules following the existing repo pattern (dsr_models.py,
vvt_models.py, tom_models.py, etc.):
regulation_models.py (134 LOC) — RegulationDB, RequirementDB
control_models.py (279 LOC) — ControlDB, ControlMappingDB, EvidenceDB, RiskDB
ai_system_models.py (141 LOC) — AISystemDB, AuditExportDB
service_module_models.py (176 LOC) — ServiceModuleDB, ModuleRegulationMappingDB, ModuleRiskDB
audit_session_models.py (177 LOC) — AuditSessionDB, AuditSignOffDB
isms_governance_models.py (323 LOC) — ISMSScope, Context, Policy, Objective, SoA
isms_audit_models.py (468 LOC) — AuditFinding, CAPA, ManagementReview, InternalAudit,
AuditTrail, ReadinessCheck
models.py becomes an 85-line re-export shim — every public symbol is
re-exported in dependency order so existing imports work unchanged:
from compliance.db.models import RegulationDB, ControlDB, AuditFindingDB # still works
New code SHOULD import from the aggregate module directly; the shim is
for backwards compatibility during the migration.
Schema freeze preserved:
- __tablename__ byte-identical
- Column names, types, indexes, constraints byte-identical
- relationship() string references and back_populates unchanged
- cascade directives unchanged
Verified:
- 173/173 pytest compliance/tests/ pass
- tests/contracts/test_openapi_baseline.py passes (360 paths,
484 operations — identical to baseline)
- All new sibling files under the 500-line hard cap
(largest: isms_audit_models.py at 468 LOC)
- No file in compliance/db/ now exceeds the hard cap
This is Phase 1 Step 2 from PHASE1_RUNBOOK.md. Phase 1 Step 3 (split
compliance/api/schemas.py, 1899 LOC) is the next target.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds tests/contracts/test_openapi_baseline.py which loads the live
FastAPI app and diffs its OpenAPI schema against a checked-in baseline.
Fails on:
- Any removed path or operation
- Any removed response status code on an existing operation
- Any new required request body field (would break existing clients)
Passes silently on additive changes. The baseline is regenerated by
running tests/contracts/regenerate_baseline.py — only when a contract
change has been reviewed and every consumer (admin-compliance,
developer-portal, SDKs) has been updated in the same change set.
This is the safety harness for the Phase 1 backend-compliance refactor:
every subsequent refactor commit must keep this test green.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two low-risk Pydantic V1 idioms that will be hard errors in V3:
- Query(regex=...) -> Query(pattern=...) (audit_routes, control_generator_routes)
- class Config: from_attributes=True -> model_config = ConfigDict(...)
in source_policy_router.py (schemas.py is intentionally skipped — it is
the Phase 1 schema-split target and the ConfigDict conversion is most
efficient to do during that split).
Naive -> aware datetime sweep across 47 files:
- datetime.utcnow() -> datetime.now(timezone.utc)
- default=datetime.utcnow -> default=lambda: datetime.now(timezone.utc)
- onupdate=datetime.utcnow -> onupdate=lambda: datetime.now(timezone.utc)
All SQLAlchemy DateTime columns in the project already declare
timezone=True, so the DB schema expects aware datetimes. Before this
commit, the in-Python side was generating naive values and the driver
was silently coercing them. This is a latent-bug fix, not a behavior
change at the DB boundary.
Verified:
- 173/173 pytest compliance/tests/ pass (same as baseline)
- tests/contracts/test_openapi_baseline.py passes (360 paths,
484 operations unchanged)
- DeprecationWarning count dropped from 158 -> 35
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Non-negotiable structural rules that apply to every Claude Code session in
this repo and to every commit, enforced via three defense-in-depth layers:
1. PreToolUse hook in .claude/settings.json blocks any Write/Edit that
would push a file past the 500-line hard cap. Auto-loads for any
Claude session in this repo regardless of who launched it.
2. scripts/githooks/pre-commit (installed via scripts/install-hooks.sh)
enforces the LOC cap, freezes migrations/ unless [migration-approved],
and protects guardrail files unless [guardrail-change] is present.
3. .gitea/workflows/ci.yaml gets loc-budget + guardrail-integrity jobs,
plus mypy --strict on new Python packages, tsc --noEmit on Node
services, and a syft+grype SBOM scan.
Per-language conventions are documented in AGENTS.python.md / AGENTS.go.md /
AGENTS.typescript.md at the repo root — layering (router->service->repo for
Python, hexagonal for Go, colocation for Next.js), tooling baseline, and
explicit "what you may NOT do" lists.
Adds scripts/check-loc.sh (soft 300 / hard 500, reports 205 hard and 161
soft violations in the current codebase) plus .claude/rules/loc-exceptions.txt
(initially empty — the list is designed to shrink over time).
Per-service READMEs for all 10 services + PHASE1_RUNBOOK.md for the
backend-compliance refactor. Skeleton packages (compliance/{domain,
repositories,schemas}) are the landing zone for the clean-arch rewrite that
begins in Phase 1.
CLAUDE.md is prepended with the six non-negotiable rules.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SQLAlchemy 2.x requires raw SQL strings to be explicitly wrapped
in text(). Fixed 16 instances across 5 route files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaced bare imports with safe_import_router pattern — if one sub-router
fails to import (e.g. missing dependency), other routers still load.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
from __future__ import annotations breaks Pydantic BaseModel runtime type
evaluation. Replaced str | None → Optional[str], list[str] → List[str] etc.
in control_generator.py, anchor_finder.py, control_generator_routes.py.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds migration_runner.py that executes pending migrations from
migrations/ directory when backend-compliance starts. Tracks applied
migrations in _migration_history table.
Handles existing databases: detects if tables from migrations 001-045
already exist and seeds the history table accordingly, so only new
migrations (046+) are applied.
Skippable via SKIP_MIGRATIONS=true env var.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Migration 045: Seed 10 controls (AUTH, NET, SUP, LOG, WEB, DATA, CRYP, REL)
with 39 open-source anchors into the database
- Backend: POST/PUT/DELETE endpoints for canonical controls CRUD
- Frontend proxy: PUT and DELETE methods added to canonical route
- Frontend: Control Library with create/edit/delete UI, full form with
open anchor management, scope, requirements, evidence, test procedures
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Step 2 im VVT-Generator: Ja/Nein-Buttons durch expandierbare Kacheln ersetzt.
Pro Abteilung werden typische Datenkategorien als Checkboxen angezeigt (isTypical
vorausgefuellt), Art. 9 Kategorien orange hervorgehoben mit DSGVO-Warnung.
7 neue Wiki-Artikel fuer Datenkategorien pro Geschaeftsbereich (HR, Finanzen,
Vertrieb, Marketing, Support, IT, Produktion).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Problem: Company Profile nutzte hartcodiertes tenant_id=default ohne project_id.
Beim Wechsel zwischen Projekten wurden immer die gleichen (oder keine) Daten geladen.
Aenderungen:
- Migration 042: project_id Spalte + UNIQUE(tenant_id, project_id) Constraint,
fehlende Spalten (offering_urls, Adressfelder) nachgetragen
- Backend: Alle Queries nutzen WHERE tenant_id + project_id IS NOT DISTINCT FROM
- Proxy: project_id Query-Parameter wird durchgereicht
- Frontend: projectId aus SDK-Context, profileApiUrl() Helper fuer alle API-Aufrufe
- "Weiter" speichert jetzt immer den Draft (war schon so, ging aber ins Leere)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Backend: Restore-Endpoint (POST /projects/{id}/restore) und
Hard-Delete-Endpoint (DELETE /projects/{id}/permanent) hinzugefuegt
- Frontend: Dreistufiger Dialog (Archivieren / Endgueltig loeschen mit
Bestaetigungsdialog) statt einfachem Loeschen
- Archivierte Projekte aufklappbar in der Projektliste mit
Wiederherstellen-Button
- CustomerTypeSelector entfernt (redundant seit Multi-Projekt)
- Default tenantId von 'default' auf UUID geaendert (Backend-400-Fix)
- SQL-Cast :state::jsonb durch CAST(:state AS jsonb) ersetzt (SQLAlchemy-Fix)
- snake_case/camelCase-Mapping fuer Backend-Response (NaN-Datum-Fix)
- projectInfo wird beim Laden vom Backend geholt (Header zeigt Projektname)
- API-Client erzeugt sich on-demand (Race-Condition-Fix fuer Projektliste)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The sdk_states table may not exist yet if no state has been saved via
the frontend. Wrap sdk_states alterations in a conditional DO block.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeder Tenant kann jetzt mehrere Compliance-Projekte anlegen (z.B. verschiedene
Produkte, Tochterunternehmen). CompanyProfile ist pro Projekt kopierbar und
danach unabhaengig editierbar. Multi-Tab-Support via separater BroadcastChannel
und localStorage Keys pro Projekt.
- Migration 039: compliance_projects Tabelle, sdk_states.project_id
- Backend: FastAPI CRUD-Routes fuer Projekte mit Tenant-Isolation
- Frontend: ProjectSelector UI, SDKProvider mit projectId, URL ?project=
- State API: UPSERT auf (tenant_id, project_id) mit Abwaertskompatibilitaet
- Tests: pytest fuer Model-Validierung, Row-Konvertierung, Tenant-Isolation
- Docs: MKDocs Seite, CLAUDE.md, Backend README
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- CRITICAL: Alle db.execute() Aufrufe in company_profile_routes.py
und generation_routes.py mit text() gewrapped (SQLAlchemy 2.x)
- Geschaeftsmodell-Kacheln: Nur Kurztext, Beschreibung bei Klick
- "Warum diese Fragen" in Hauptbereich unter Ueberschrift verschoben
- Sidebar-Box entfernt fuer mehr Platz
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- B2B2C als Geschaeftsmodell hinzugefuegt
- URL-Felder bei Offering-Auswahl (Website, Shop, App, SaaS) — optional
- Schritt-spezifische Erklaerungen in "Warum diese Fragen?"
- Firmenname ohne Rechtsform, Templates bauen automatisch zusammen
- Gruendungsjahr springt auf 2000 statt 1800
- SDK-Abdeckung Panel und Profil-loeschen Button entfernt
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Migration 034: compliance_tom_state + compliance_tom_measures Tabellen
- Python Routes: State CRUD, Measures CRUD, Bulk-Upsert, Stats, CSV/JSON-Export
- Frontend-Proxy: In-Memory Storage durch Proxy zu backend-compliance ersetzt
- Go TOM-Handler als DEPRECATED markiert (Source of Truth ist jetzt Python)
- 44 Tests (alle bestanden)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Review-Daten (last_reviewed_at, next_review_at), created_by, DSFA-Link,
CSV-Export mit Semikolon-Trennung, overdue_review_count in Stats.
Go-VVT-Handler als DEPRECATED markiert. 32 Tests bestanden.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sucht alle RAG-Kollektionen nach Prüfaspekten und legt automatisch
Anforderungen in der DB an. Kernfeatures:
- Durchsucht alle 6 RAG-Kollektionen parallel (bp_compliance_ce,
bp_compliance_recht, bp_compliance_gesetze, bp_compliance_datenschutz,
bp_dsfa_corpus, bp_legal_templates)
- Erkennt BSI Prüfaspekte (O.Purp_6) im Artikel-Feld und per Regex
- Dedupliziert nach (regulation_code, article) — safe to call many times
- Auto-erstellt Regulations-Stubs für unbekannte regulation_codes
- dry_run=true zeigt was erstellt würde ohne DB-Schreibzugriff
- Optionale Filter: collections, regulation_codes, search_queries
- 18 Tests (alle bestanden)
- Frontend: "Aus RAG extrahieren" Button auf /sdk/requirements
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Vollständige Vorlage für Datenschutz-Folgenabschätzungen nach Art. 35 DSGVO
mit IF-Blöcken, Risikomatrix, TOM-Tabelle und Unterschriften-Abschnitt.
document_type=dsfa, Sprache=de, 19 Platzhalter.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Router-Prefix /v1/dsfa → /dsfa (konsistent mit allen anderen Routes)
Proxy-Pfad /api/v1/dsfa → /api/compliance/dsfa
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
