650 Commits

Author	SHA1	Message	Date
Benjamin Admin	b0115cb10b	feat(cookie): 2. Sicht Banner-Kategorie + Fehl-Einsortierung ... CookieResultView bekommt einen Umschalter [Rechtliche Rolle] ↔ [Banner-Kategorie] (Notwendig/Funktional/Statistik/Marketing). In beiden Sichten zeigt jede Cookie-Zeile '→ sollte: Marketing', wenn die tatsächliche Kategorie laut Library von der deklarierten abweicht (rot bei Tracker als notwendig, § 25 TDDDG). Neue KPI 'Falsch einsortiert'. Backend liefert dazu cookie_categories (name→actual_category) aus big_lib im cookie-check-Output; Seite lädt cookie-check einmal und reicht es an beide Komponenten. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 10:33:33 +02:00
Benjamin Admin	af8906b156	fix(admin): commit missing infrastructure-modules types ... app/api/webhooks/woodpecker/route.ts (committed in 529c37d) imports WoodpeckerWebhookPayload, ExtractedError + BacklogSource from @/types/infrastructure-modules, but that file was never committed. Clean checkouts (Docker build, CI) fail with 'Cannot find module'. Restore the file so the admin build is green again. Pure type declarations, no logic. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 10:09:23 +02:00
Benjamin Admin	7fa9968ce1	feat(cookie): missing_retention — Vendor ohne Speicherdauer/Löschfrist ... Vendor-Ebenen-Finding: greift, wenn ein Vendor eine Verarbeitung deklariert (Kategorie/Zweck), aber KEINE Cookies gelistet sind UND keine persistence angegeben ist (z.B. Nayoki GmbH — 'necessary' Auftragsverarbeiter ohne Löschfrist). Die Pro-Cookie-Schleife sah solche Vendors nie (0 Cookies → 0 Findings). Remediation = Ticket-Text 'bitte Löschfrist festlegen'. Art. 5 Abs. 1 lit. e + Art. 13 Abs. 2 lit. a → Control AUTH-2051-A03. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 10:02:59 +02:00
Benjamin Admin	32ba8d16b1	feat(iace): add data-driven Architektur & Datenfluss explainer tab ... Adds an auditor-facing view of the IACE engine: a clickable 10-stage pipeline flow (Grenzen-Formular → ParseNarrative → Pattern-Gates → Relevanz → Caps → Gefährdungen → Maßnahmen → Risiko → Normen → Matrix), plus live library counts, the data-source/license register (incl. the DIN/Beuth + DGUV exclusions), and the norm-matching logic that reconciles DIN/ISO/OSHA machine-type vocabulary via canonicalMachineType folding. Backend: BuildArchitecture() with LIVE counts so the diagram can never drift; GET /iace/architecture; collectAllNorms() extracted from SuggestNorms as the single source of truth for the norm-library count. Frontend: useArchitecture hook + page + new IACE nav tab. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 09:35:37 +02:00
Benjamin Admin	05a1795ea8	feat(cookie): ② Documentation Drift — Richtlinie vs. Browser-Realität ... Cookie-Check-Endpoint liefert jetzt out["drift"] (audit_cookie_compliance): deklariert (Cookie-Richtlinie-Text) vs. tatsaechlich geladen (Browser). Frontend zeigt den Reality-Check-Strip oben im Panel: X dokumentiert · Y geladen · Z undokumentiert. Pinnt den Vertrag mit test_cookie_drift.py (undokumentiert-geladen + beide Drift-Richtungen) + Vitest Drift-Strip. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 09:33:41 +02:00
Benjamin Admin	289988d23e	feat(cookie): ① Storage Inventory + storage_transparency-Finding ... Trennt echte Cookies von anderem Endgeraete-Speicher (Local/Session Storage, IndexedDB, Salesforce-Framework-Artefakte) — § 25 TDDDG ist technologieneutral. - cookie_storage_inventory: detect_storage_type (Name-Muster ComponentDefStorage/ __MUTEX/LSKey + Laufzeit-Text) + build_storage_inventory + storage_transparency- Summenbefund ('X als Cookie gelistet -> Y echte + Z andere'). - Endpoint cookie-check liefert storage_inventory; Frontend zeigt den Breakdown. Tests: 4 + Frontend-Vitest gruen. Differenzierungsmerkmal: '740 -> 132 + 608'. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 09:05:29 +02:00
Benjamin Admin	577ceae4e6	feat(iace): project-wide risk matrix (Severity × Probability) ... Adds GET /projects/:id/risk-matrix — a confidence-aware risk view computed on read from each hazard's category/scenario/lifecycle using the SAME model as the GT benchmark (no persistence, so it never goes stale against the model; the hand-defaulted iace_hazards risk columns stay untouched). - risk_matrix.go: EstimateHazardRisk (single source of truth for S/F/W/P + range + level + confidence) and BuildRiskMatrix (per-hazard list + a 5×5 Severity×Probability aggregation grid with dominant level per cell). - Frontend: RiskMatrix grid in the Risikobewertung tab (muted colours per the confidence-aware tonality), level counts + tool-confidence summary, fed by useRiskMatrix. Shows risk for EVERY project, not only GT ones. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-11 08:54:47 +02:00
Benjamin Admin	901de1ca97	feat(cookie): A — Findings auditfest an Controls verdrahten ... Jeder Cookie-Befund traegt jetzt ein strukturiertes control-Feld (control_id aus doc_check_controls + regulation + article) statt nur hardcodeter Strings: vague_duration->AUTH-2051-A03 (Art.5(1)e+13), tracker_as_necessary->DATA-2851-A05 (§25 TDDDG), third_country-> DATA-1624-A04 (Art.44). Kette Regulation->Article->Control->Finding. Frontend zeigt die Rechtsgrundlage je Befund. (Controls tragen regulation/article noch NULL -> hier mitgeliefert bis gepflegt.) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 08:44:19 +02:00
Benjamin Admin	4c45f11e43	feat(cookie): Finding 'vague_duration' — unkonkrete Speicherdauer ... Flaggt Laufzeit-Angaben ohne konkrete Dauer/Kriterium ('dauerhaft', 'bis zur Loeschung', 'bis Nutzer deaktiviert', 'unbegrenzt' …) — Art. 5(1)(e) + Art. 13 DSGVO. Library-unabhaengig, gilt fuer ALLE Cookies (Coverage auf BMWs 780). '13 Monate'/'Session'/'bis Widerruf, max. X' bleiben ok. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 08:33:06 +02:00
Benjamin Admin	d18ef79f18	feat(cookie): Pro-Cookie-Library-Abgleich (2287er OCD + 35er rich) + Panel ... - analyze_cookies gleicht Cookies gegen BEIDE Libraries ab: compliance.cookie_library (2287, OCD/CC0 — Kategorie/Retention) + 35er rich-DB (technical_necessity/reid/ schrems/eu_alternative). 5 Befund-Typen: tracker_as_necessary, missing_purpose, excessive_lifetime (Art.5), third_country (Art.44), eu_alternative (kommerziell). - Endpoint GET /snapshots/{id}/cookie-check (load_big_library batch + analyze). - Frontend CookieLibraryPanel im Snapshot-Detail. - Fix CookieResultView: Zweck nicht mehr auf 60 Zeichen gekuerzt; Rolle 'unknown' als Strich statt 'Unbekannt'. Tests: 7 backend + frontend vitest gruen. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 08:18:25 +02:00
Benjamin Admin	19786c96f8	test(admin): fix 3 stale vitest logic assumptions ... These were pre-existing failures (stale tests, not source bugs): - getNextStep walks steps ordered by `seq`, not array order (ai-act seq 350 sits before import 400). The tests assumed array order; derive the expectations from the seq-sorted sequence instead. - buildDocumentScope: a document required only by the level matrix is `mandatory` but may be `medium` priority — only trigger-mandated docs (and the high-priority doc types) are forced to high. The test wrongly asserted ALL mandatory docs are high; now it checks the trigger-mandated ones. Full vitest suite: 414/414 green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-11 08:08:23 +02:00
Benjamin Admin	cefadf9e4c	test(agent): CookieResultView KPI-Assertion entschaerfen (mehrdeutige '3') ... Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 01:04:37 +02:00
Benjamin Admin	410a814230	fix(agent): Cookie-View CONTROLLER -> Joint-Controller-Gruppe ... recipient_type=CONTROLLER (Meta/LinkedIn/Criteo) gehoert zu Art. 26 (eigenverantwortliche Dritte / Joint Controller), nicht zu den eigenen Verarbeitungen. BMW: 58 eigene / 16 AVV / 7 joint / 2 sonstige (= Mail-VVT). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 01:03:20 +02:00
Benjamin Admin	3332eb0bf9	feat(agent): Cookie-Result-View + Check-Historie aus Snapshots ... Snapshot-getriebene Result-Views, entkoppelt vom Live-Check: - CookieResultView: laedt cmp_vendors aus einem Snapshot (kein Re-Crawl), KPIs (Anbieter/Cookies/Marketing/Drittland) + Empfaenger-Gruppen (Eigene/AVV/Joint-Controller) + aufklappbare Vendor->Cookie-Tabelle. - Historie (/sdk/agent/snapshots): alle gespeicherten Checks, jederzeit oeffnbar (DSB/Mitarbeiter) + Detail-Seite je Snapshot. - Next.js-Proxys fuer GET /snapshots (Liste) + /snapshots/{id} (einzeln). BMW-Snapshot 4603d15b: 83 Vendors / 780 Cookies. Library-Abgleich (cookie_knowledge_db.lookup_cookie) folgt als Phase B. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 00:51:25 +02:00
Benjamin Admin	a28db8f8f0	fix(admin): resolve all 266 TypeScript errors, enable strict build ... Eliminate the pre-existing TS errors that were masked by next.config.js `typescript.ignoreBuildErrors: true`, then turn the flag OFF so the compiler is a real safety net for future changes. `next build` and `tsc --noEmit` now pass with 0 errors. The errors were not cosmetic — several exposed real latent bugs hidden by the flag, e.g. the drafting-engine ConstraintEnforcer read non-existent fields (`t.rule.dsfaRequired`, `d.required`, `r.title`), so its DSFA hard gate and risk-flag checks were silently no-ops; scopeDefaults read snake_case CompanyProfile fields that never matched the camelCase type (generator defaults never populated). Both fixed by aligning code to the current types. Highlights: - Vitest globals: add vitest-globals.d.ts (config already had globals:true) so the test files type-check; exclude Playwright specs from vitest. - Add a minimal ambient `pg` module declaration (no @types/pg installed). - Fix Next 15 route handlers to await Promise params. - Reconcile drifted types across loeschfristen, compliance-scope, document- generator, drafting-engine, vendor-compliance, agent and more. Pre-existing (NOT caused here, proven by stashing the diff): 3 vitest logic tests still fail — getNextStep (2) and buildDocumentScope priority (1). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-11 00:42:44 +02:00
Benjamin Admin	bb9aacc3d3	feat(agent): Abstellmaßnahmen + Ticket-Formulierung (Schritt 3) ... RemediationPlan: aus den offenen Punkten (result.results, Haupt-Engine) je Finding eine Massnahme + fertigen Ticket-Text ableiten, nach Prioritaet sortiert, mit Kopieren + JSON-Export als Uebergabe. SCOPE: BreakPilot formuliert nur — Ticketsystem/Jira/Feedback-Loop baut ein anderes Team. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 00:12:35 +02:00
Benjamin Admin	5da20af4fd	feat(agent): Audit-Kopf + 4 KPI-Kacheln ueber den Ergebnis-Tabs ... ResultSummary: Titel (Firma aus extracted_profile) + check_id + 4 Kacheln (Dokumente, Konform, Offene Pflichtangaben, Zu pruefen), gerechnet aus result.results. Co-Pilot-Ton: gruen/gelb/rot nur bei echten Werten. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-10 23:53:12 +02:00
Benjamin Admin	3f23a64d5f	feat(agent): Impressum-Tab auf Haupt-Engine + Profil/§36-Fixes ... Ergebnis-Tab rendert jetzt result.results (Haupt-Doc-Check) statt des abweichenden v3-Agenten — BMW korrekt statt False Positives: - DocResultView: ein Dokument als Pflichtangaben-Tabelle (Label + gefundener Text + 3-Tier-Status), KEINE MC-IDs. ComplianceResultTabs speist Tabs aus result.results; ChecklistView-Bausteine exportiert + wiederverwendet. - profile_extractor: Firmenname/Rechtsform = fruehester Treffer + ausge- schriebene Formen (Aktiengesellschaft) -> BMW AG statt "juris GmbH". - 36 VSBG (MC-010): reines b2c -> POSSIBLY_APPLICABLE (Pruef-Hinweis) statt MEDIUM-FAIL; hart nur bei ecommerce. possibly_hint pro MC. - McCoverage traegt label + found (Snippet); mc_possibly-Aggregat. - AgentFindingCard/Methodik: interne check_id/mc_id nicht mehr angezeigt. Tests: test_four_status (16) + Frontend-Vitest gruen; CI-Suite 206, v3/GT unveraendert. Nur eigene Dateien (geteilter Tree). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-10 23:44:01 +02:00
Benjamin Admin	a7dc12f30f	feat(iace): risk as confidence range + label in benchmark tab ... Report the tool's risk number as a plausible range with a confidence label instead of a false-precision point value (confidence-aware tonality — the assessment is confirmed by the DSB / safety expert). - risk_estimation.go: EstimateConfidence (hoch/mittel/niedrig from how the contact mode resolved), EstimateRiskRange (S±1 and aggregate L=F+W+P ±1, the empirically validated per-parameter accuracy), RiskLevelRange; share the riskBandLabel thresholds with EstimateRiskLevel. - risk_benchmark.go: RiskComparisonPair gains eng_risk_point/low/high + level + level_range + confidence; RiskAgreement gains high_confidence_pct. - RiskComparison.tsx: per-hazard range "low–high (level range)" + point, confidence chip, and an aggregate confidence line; types in useBenchmark.ts. - Unit tests for the range/confidence helpers. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-10 23:04:56 +02:00
Benjamin Admin	97575cc9c0	feat(agent): 4-Status-Modell (NOT_APPLICABLE/INSUFFICIENT_EVIDENCE/POSSIBLY_APPLICABLE) für Impressum ... Kanonisches Compliance-Datenmodell, Impressum-Agent als Referenz: - CheckStatus-Enum + Finding.status GETRENNT von severity (Verdikt ≠ Risiko) - Unbestimmte Rechtsform (weder Text noch Wizard) → INSUFFICIENT_EVIDENCE (INFO) statt hartem HIGH-FAIL; legal_form_dependent-Gate + detect_legal_form_present - §18-MStV-Graubereich (Corporate-Blog via has_editorial_content) → POSSIBLY_APPLICABLE (LOW Prüf-Hinweis); 3-stufig via scope_disposition - Recommendations nur aus echten FAILs; mc_insufficient/mc_possibly-Aggregate - Frontend: Verdikt-Pill + Coverage-Vokabular - 19 neue Tests (test_four_status.py, AgentFindingCard); CI-Suite 204 grün, v3 25 / GT 13 unverändert Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-10 22:38:11 +02:00
Benjamin Admin	65de90114a	feat(agent): SSE — progressive Themen-Tabs (Phase 2) ... Der Compliance-Check streamt jetzt progressive Events; der Impressum-Tab erscheint, sobald das Thema fertig ist, statt am Ende alles auf einmal. Additiv — das Polling fürs finale Ergebnis bleibt. - backend: _sse.py (Queue/emit/event_generator) + Endpoint /compliance-check/{id}/stream; _update emittiert progress, run_agent_outputs emittiert topic (laeuft jetzt frueh nach Phase B), Orchestrator emittiert complete/error. - frontend: SSE-Proxy-Route + EventSource in ComplianceCheckTab merged topic-Events in agent_outputs -> Tab erscheint progressiv. - Tests: backend 5 passed (SSE + agent_outputs); tsc 0 neue Fehler, vitest 2 passed, check-loc 0. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-10 19:07:26 +02:00
Benjamin Admin	e21984e0ad	feat(agent): strukturierte Ergebnis-Tabs — Impressum (Phase 1) ... Der Compliance-Check legt zusätzlich einen strukturierten v3-AgentOutput pro Thema in result.agent_outputs ab (additiv; B18-HTML + Firehose-Mail bleiben unangetastet). Frontend: standardisiertes Ergebnis-Tab statt Firehose — Impressum-Tab (AgentResultTab) + "Alle Checks (roh)" (ChecklistView). - backend: _agent_outputs.py ruft den registrierten v3-ImpressumAgent, gewired in _orchestrator nach B18, surfaced via _phase_f_persist. - frontend: AgentResultView (aus AgentSlotCard extrahiert, DRY), AgentResultTab, ComplianceResultTabs; ComplianceCheckTab 490->391 Zeilen. - Tests: backend 2 passed, frontend 2 passed; tsc 0 neue Fehler; check-loc 0. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-10 18:32:06 +02:00
Benjamin Admin	3aa49f9553	Merge origin/main into iace precision/component-review work ... Resolved .claude/rules/loc-exceptions.txt: removed the temporary iace_handler_init_helpers.go exception — the file is now split to 455 lines (< 500) in commit afb3f83, so the exception is no longer needed (per the note the other session left on that entry). [guardrail-change]	2026-06-10 17:24:49 +02:00
Benjamin Admin	170691ef96	feat(iace-ui): component presence/CE review + machine-type dropdown ... - Components view: three presence sections (Vorhanden / Nicht vorhanden / Geloescht) with bidirectional move + soft-delete (audit-visible, restorable), so the expert corrects the engine's best-effort negation in both directions. - CE marking per component (bought robot/actuator/SPS) with a clear "validate the integrated safety function (PL/SIL)" note when also safety-relevant. Safe semantics: hazards are not suppressed, only provenance is surfaced. - Project-create form: machine type is now a grouped dropdown from the engine's controlled vocabulary (GET /machine-types) instead of free text. - Knowledge graph: component→hazard edges use the real component_id. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-10 17:16:35 +02:00
Benjamin Admin	a064933c1f	docs(master-controls): list all 4 seeded mapping tables + sentinel caveat ... The guard probes mc_use_case_mappings as the existence sentinel, but the route also queries mc_verification, mc_regulations and mc_use_case_sync_state. Document that they are seeded together and that a half-seeded DB (sentinel present, a sibling missing) still 500s on the sibling's queries. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-10 16:10:34 +02:00
Benjamin_Boenisch	bb6139df3e	MC mapping: defensive route + MinIO overridable + iace migration 151 (#27) ... MC mapping deploy: defensive route + MinIO overridable + Migration 151 + loc-exception [migration-approved] [guardrail-change]	2026-06-10 11:54:48 +00:00
Benjamin Admin	372e1fe9e9	Use-Case-Mapping-Filter für Master Controls + Mapper-Präzisionsfix ... Phase 2: Live-Filter an /sdk/master-controls (Use Case, Quell-Regulierung, Verifikations-Methode, Coverage, Primärzweck-Toggle, category via Member-EXISTS). API mit EXISTS-Filtern + gecachten Meta-Counts in master-controls/route.ts. Phase A: neue UseCase telekommunikation + Fix der Impressum-Fehlrouten im Register (TKG/AT-TKG->telekommunikation, telemedien->dse, GewO->handelsrecht); echte Impressum-Quellen (TMG/Mediengesetz) bleiben impressum. Deterministischer Seed aus source_regulation; Tests grün. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-09 23:19:56 +02:00
Benjamin Admin	2a25b66a2f	feat(iace-frontend): expandable detail rows for missing + extra benchmark findings ... The "Zugeordnet" tab already expanded to a GT-vs-Engine detail comparison; the "Fehlend" and "Engine Findings" tabs were flat and could not be inspected. Extracted GTDetailBlock / EngineDetailBlock from DetailComparison and made both tables expandable (chevron) — missing rows show the full GT entry, extra rows show the full engine hazard (incl. measures, norms, clarification status). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-09 18:43:43 +02:00
Benjamin Admin	2677bca9ca	feat(iace): benchmark risk comparison (traffic lights) + misuse pattern + 1:n matcher ... #1 Risk-number comparison in the benchmark: ComputeRiskComparison derives the tool's S/F/W/P + Fine-Kinney per matched hazard and compares to the GT values; exposed on the benchmark response and rendered in a new RiskComparison table with GREEN/YELLOW/RED traffic lights on the risk number R (like the Excel), plus per-axis within-1 agreement cards. #2 Generic misuse pattern HP2103 "Personenbefoerderung auf Hebezeug" — gated to lift-family machine types, fires for ANY lifting device (not machine-specific). #3 Benchmark matcher is now 1:n — one broad engine hazard may cover several fine-grained GT sub-scenarios (foot/hand/leg crush), so coverage reflects real risk coverage rather than 1:1 wording matches. Validated on BOTH ground truths (robot cell + lift): leakage 0, ghosts 0, coverage held. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-09 17:24:52 +02:00
Benjamin Admin	c6ebe61162	feat(iace-frontend): Risikobewertung tab with dual risk model + live formula ... New tab /sdk/iace/[projectId]/risikobewertung. Per hazard it shows BOTH models side by side — EN-62061-style (S/F/W/P) and Fine-Kinney (P/E/C) — with BreakPilot's justified suggested values from public data, the visible formula, and editable fields that recompute the score + risk band live. The professional adjusts the values (e.g. from his own licensed DIN/Beuth data); we only supply the formula + inputs, reproduce no norm table. Consumes GET .../hazards/:hid/risk-suggestion. Registered in IACE_NAV_ITEMS. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-09 15:40:59 +02:00
Benjamin Admin	216c7b8eca	feat(iace): DSMS-CID-Badge im Tech-File-Export + aggregierter Bulk-Diff ... Punkt 1 — UI-CID-Badge nach erfolgreichem Tech-File-Export: - archiveTechFile setzt X-DSMS-CID / X-DSMS-Filename / X-DSMS-Size response headers + Access-Control-Expose-Headers, sobald DSMS-Archive durchlief - Split iace_handler_techfile.go (war ueber 500 LOC) → archiveTechFile lebt jetzt in iace_handler_techfile_archive.go, setDSMSResponseHeaders als pure Helper mit 3 unit tests - Next.js IACE-Proxy forwarded die X-DSMS-* Header und erkennt jetzt auch XLSX/DOCX/MD als Binary-Response (vorher nur PDF/ZIP/octet-stream) - ExportCIDBadge.tsx zeigt CID, Filename, Groesse + Kopieren-Button + "Verlauf anzeigen" (oeffnet CIDHistoryModal) Punkt 2 — Bulk-Diff Report V1 → V_latest: - Neuer Endpoint GET /api/v1/documents/{cid}/bulk-diff im dsms-gateway: laeuft parent_cid-Kette ab, berechnet chronologische Step-Diffs, aggregiert Totals (added/removed lines, metadata_fields_changed, binary_steps). Edge-Cases: einzelne Version, binaere Steps, abgebrochene Kette - BulkDiffPanel.tsx zeigt 4-Stat-Header + Step-Tabelle - CIDHistoryModal bekommt Toggle-Button "Bulk-Diff V1 → V_latest anzeigen" neben dem Versions-Counter; damit auch vom IACE-Export-Badge erreichbar Tests: 3 neue Go-Tests, 4 neue pytest-Tests, alle gruen Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-09 09:07:20 +02:00
Benjamin Admin	3ec6393919	docs(agents): korrigierte Zahlen — 13.588 Master-Controls (dedup) statt 314k ... User-Klarstellung 2026-06-09: - 314.811 Atomic-Controls (compliance.canonical_controls) - 13.588 Master-Controls nach RAG-Dedup (compliance.master_controls) - ~1.778 Master-Controls fuer dieses Compliance-Tool selektiert (vermutlich phases_covered = ['implementation', 'testing']) - Frontend: https://macmini:3007/sdk/master-controls und https://macmini:3007/sdk/control-library Methodik-Box im Agent-Test-Tab aktualisiert mit korrekten Zahlen + Roadmap-Hinweis: Sprint 1.12 wird interne Pattern-IDs formal mit Master-Controls verknuepfen. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-09 08:34:23 +02:00
Benjamin Admin	18e4f98201	fix(agents): klarere Naming + korrektes LLM-Default-Modell ... User-Korrektur 2026-06-09: (1) Begriff 'MC' steht im Projekt fuer Master-Control aus canonical_controls (314k Eintraege, ~1.800 fuer dieses Tool). Mein neuer Agent-Code hatte 'MC' als Abkuerzung fuer 'Machine-Check' verwendet — Naming-Konflikt. Frontend-Methodik-Box jetzt: - 'Pattern-Check' statt 'Machine-Check' - Explizit: 'Diese Pattern-IDs (IMP-MC-001) sind interne Test-IDs, NICHT die Master-Control-IDs aus der canonical_controls-DB' - Roadmap-Hinweis: formale Verknuepfung Pattern→Master-Control folgt Backend-Variablen mc_id bleiben technisch unveraendert (Refactor waere gross), aber UI darf sie nicht als 'Master-Control' bezeichnen. (2) LLM-Modell-Default war 'qwen2.5:7b' — Projekt nutzt aber das groessere 'qwen3.5:35b-a3b' auf macmini (ENV SELF_HOSTED_LLM_MODEL). _escalation.py default jetzt: SELF_HOSTED_LLM_MODEL als Fallback, und Methodik-Erklaerung nennt das richtige Modell. (3) Methodik-Erklaerung erweitert um Sprint-1.10 Semantic-Validator und Sprint-1.11 Auto-Learning-Pattern-Library + Cross-Placement. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-09 08:29:00 +02:00
Benjamin Admin	3ef8c9b247	feat(agents): Frontend Methodik-First Layout ... User-Vorgabe: pro Slot transparent zeigen WAS wir tun: 1. Was wurde geprueft (MC-Coverage, collapsible) 2. Speedometer mit Severity-Verteilung 3. LLM-Eskalation-Log (wenn benutzt) 4. Findings sortiert HIGH->LOW, je Card: - Methodik-Badge (MC / Regex / KB / LLM / Cross) - Gesetzliche Basis (Norm-Block, violett) - Befund (Zitat-Block, amber) - Empfehlung -> 'Pflicht-Massnahme' bei HIGH, 'Best-Practice' bei MEDIUM/LOW, 'LLM-Vorschlag' bei LLM-Quelle 5. Maszahmen-Plan (gerollupte Recommendations mit related_finding_ids + Aufwand) Refactor: ein File AgentTestTab.tsx (519 LOC) -> 7 Files: _agentTypes.ts (Types + Methodik-Konstanten) AgentSpeedometer.tsx AgentMcCoverage.tsx AgentFindingCard.tsx AgentRecommendationCard.tsx AgentSlotCard.tsx AgentTestTab.tsx (Top-Level, schlank) Plus Methodik-Info-Erklaerung am Tab-Anfang + Disclaimer. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-09 07:53:24 +02:00
Benjamin Admin	702e7a6333	fix(impressum): Pattern fasst Geschäftsführung/Vorstand/Inhaber ... Safetykon-Bug: 'Geschäftsführung:' (Sammelbegriff für GF einer GmbH) matched das alte Pattern 'Geschäftsführer' nicht — False-Positive IMPRESSUM-AGENT-VERTRETUNGSBERECHTIGTE_LABEL_KORREKT. Pattern erweitert: Geschäftsführer|Geschäftsführung|Geschäftsführerin + Vorstand|Vorstandsvorsitzender + Inhaber|persönlich haftend. Test test_safetykon_geschaeftsfuehrung_passes ergänzt (11/11 grün). frontend: SlotCard zeigt jetzt Badge bei 0/0/0-Slots ('Dokument konnte nicht geladen werden') statt silent-fail, + bei 0 Findings ein 'alle MCs OK'-Badge. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-08 18:24:01 +02:00
Benjamin Admin	caf33ea295	fix(agents): Frontend-Proxy ruft korrekten Backend-Pfad auf ... Backend registriert specialist-agent-Routes über den compliance-Router, prefix wird /api/compliance/specialist-agent/* (statt /api/v1/...). Frontend-Proxy hat auf /api/v1/specialist-agent/* gezeigt — 404. Verifiziert auf macmini: curl http://localhost:8002/api/compliance/specialist-agent/agents → 200 {"agents": [{"agent_id": "impressum", ...}, {"agent_id": "cookie_policy", ...}]} Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-08 18:02:36 +02:00
Benjamin Admin	3ae4e60c9d	feat(agents): SSE-Endpoint + Agent-Test-Tab (5-URL parallel) ... Backend: - specialist_agent_routes.py: GET /agents, POST /test/start (run_id), GET /test/stream/{run_id} (SSE), GET /run/{run_id}/result, GET /run/{run_id}/artifacts, GET /run/{run_id}/artifact/{path}, DELETE /run/{run_id}, GET /runs. - Per-URL async orchestrator: text fetch via consent-tester dsi-discovery → agent.evaluate() → vault.put_json + stream events. - Tests: 7/7 grün. Frontend: - /api/sdk/v1/specialist-agent proxy mit SSE-passthrough. - AgentTestTab.tsx: Agent-Wähler + 5 URL-Slots + Live-Events + Speedometer (OK/N-A/HIGH/MEDIUM/LOW) + Findings + Recommendations + Eskalations-Log + Artefakt-Link pro Slot. - Neuer Tab "Agent-Test" in /sdk/agent. User-Wunsch 2026-06-08: pro Agent isoliert testen, 5 URLs gleichzeitig, Live-Updates statt Polling-Wartespiel. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-08 17:47:05 +02:00
Benjamin Admin	ec03317170	feat(frontend): Firmenname + Domain Input + useCompanyOrigin hook ... ComplianceCheckTab.tsx bekommt zwei neue UI-Felder oberhalb des PreScanWizard: - Firma → z.B. 'Tesla Germany GmbH' - Domain (Site-Origin) → z.B. 'https://www.tesla.com/de_de' Beide werden: - in localStorage persistiert (Hook _useCompanyOrigin.ts) - im POST-Body als company_name + origin_domain mitgeschickt - haben Vorrang vor LLM-extracted_profile (Backend nutzt eingegebene Werte falls vorhanden, fallback auf Inferenz) Datei jetzt 489 LOC (war vorher 461 + 28 für die Inputs). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-08 13:01:44 +02:00
Benjamin Admin	5aaf7ac613	refactor(complianceCheckTab): split — DOCUMENT_TYPES + Storage + Polling out ... ComplianceCheckTab.tsx war 519 LOC und blockte jeden weiteren Edit (500-LOC-Hard-Cap). Drei Concerns ausgelagert: - _document_types.ts: DOCUMENT_TYPES + DocTypeId (inkl. news doc_type) - _compliance_storage.ts: STORAGE_KEY_*, DocState/HistoryEntry types, emptyDocState/initState helpers, countWords - _useCompliancePolling.ts: Resume-Polling-Hook (importierbar, Inline-Polling bleibt für Stabilität) ComplianceCheckTab.tsx ist jetzt 461 LOC (-58). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-08 12:18:30 +02:00
Benjamin Admin	b4ce3528e5	feat(impressum-agent): Tesla-Pattern + KBA-Hint + News-Doc-Type ... User-Feedback Tesla-Impressum: 10 FAIL bei 46 Worten — viele False- Positives. Nach Tuning: 5 juristisch saubere Findings. Impressum-Agent Patterns: - name_anbieter zusätzlich label-frei matchen (Firma+Rechtsform+ Anschrift, Tesla schreibt ohne "Anbieter:" Label). - vertretungsberechtigte akzeptiert jetzt "Management" / "Director" als alternative (US-Konzern-Habit), aber emittiert separates Sub-Finding "Label sollte Geschäftsführer für § 5 TMG sein". - aufsichtsbehoerde-Pattern um KBA / Bundesnetzagentur erweitert. - NEU: verantwortlicher_redaktion (§ 18 MStV bei Blog/News). - NEU: verbraucher_streitbeilegung (§ 36 VSBG bei B2C). - Auto-Detection von Automotive-Branche: explizite Begriffe ODER bekannte Hersteller-Namen (Tesla/BMW/Mercedes/Audi/VW/Porsche…). Triggert KBA-Hint im aufsichtsbehoerde-Finding-Action. Frontend (_document_types.ts): - Extrahiert aus ComplianceCheckTab.tsx (vorher inline). - NEU: doc_type "news" für Blog/Newsroom-URL → § 18 MStV-Pflicht- angaben prüfen. User-Hinweis: tesla.com/de_de/blog ist relevanter Audit-Input neben DSE/Impressum. Smoke gegen Tesla-Impressum (46 Worte): Vorher 10 Findings (5 davon FP). Jetzt 5 Findings — alle juristisch korrekt: [MED] Management statt Geschäftsführer [LOW] KBA als Aufsichtsbehörde fehlt [MED] § 18 MStV-Verantwortlicher fehlt (Tesla Blog!) [MED] § 36 VSBG-Hinweis fehlt [MED] ODR-Plattform-Link fehlt Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-08 12:07:08 +02:00
Benjamin Admin	79ce12caf1	feat(workflow): 5-Stage Lifecycle UI im Compliance Workflow-Editor ... Erweitert Phase 1 (Backend 5-Stage Lifecycle, Migration 148) jetzt auch im Frontend: Status-Pills, Buttons und Modal-Texte differenzieren nun zwischen DSB- und Mandanten-Pruefung. - WorkflowStatusBar zeigt 5 Schritte: draft -> review_internal -> review_client -> approved -> published, mit status-spezifischen Action-Buttons (Save/Submit, DSB-Freigabe, Mandant-Freigabe, Publish). - ApprovalModal differenziert Mode 'approve-internal' / 'approve-client' / 'reject' mit eigenen Titles und Button-Labels. - useWorkflowActions ruft neue Endpoints /approve-internal und /approve-client (Backend Phase 1); approveVersion bleibt als Backward-Compat-Alias. - page.tsx leitet Modal-Confirm an passende Action weiter und akzeptiert review_internal/review_client im draftVersion-Filter. - _types.ts: Status-Union + STATUS_LABELS um beide Review-Stufen erweitert; alter 'review'-Wert bleibt fuer Bestandsdaten erhalten. - CompareView, SplitViewEditor, HistoryPanel: Status-Rendering und neue Action-Labels (submitted_internal, approved_internal, approved_client). LOC-Exception fuer admin-compliance/lib/sdk/types/sdk-steps.ts (525): zentrale SDK-Step-Registry mit kanonischer Reihenfolge — splits wuerden die globale seq-Garantie zerreissen. [guardrail-change] Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-08 10:15:32 +02:00
Benjamin Admin	663a1c3e38	feat(document-library): zentrale Doc-Übersicht + Workflow-Auto-Select (Phase 3) ... Neue Compliance-Admin-Seite /sdk/document-library: zeigt alle compliance_ legal_documents mit aktueller Version, gruppiert nach Empfehlungs-Klassi- fikation, filterbar nach Status + Volltextsuche. Backend (Service + Routes): - LegalDocumentService.list_documents_with_versions() — JOIN über docs + latest/published version in einem Roundtrip statt N+1 - GET /api/v1/compliance/legal-documents/documents-with-versions liefert {documents:[{...doc, latest_version, published_version}]} Admin-Frontend: - app/sdk/document-library/page.tsx (350 LOC) - Lädt Docs + Recommend parallel - Mapped jedes Doc per .type → Recommend-Item (klassifiziert in required/recommended/optional/uncategorized) - 4 Sektionen mit Klassifikations-Chip + Anzahl-Badge - Tabelle pro Sektion: Titel · Type · Status · Version · Geändert · Override - Status-Filter (alle / draft / review_internal / review_client / approved / published / archived / rejected) - Klick auf Zeile → /sdk/workflow?doc=<uuid> - Empty state mit Link zum Generator (Bulk-Modus) - workflow/page.tsx: auto-select bei ?doc=<uuid> URL-Param - lib/sdk/types/sdk-steps.ts: 'document-library' bei seq=2500 im Paket 'dokumentation' registriert (sichtbar in der SDK-Sidebar) Workflow-Hookup vervollständigt: Library → click → Workflow öffnet direkt das gewünschte Dokument im SplitViewEditor, keine manuelle Selektion über DocumentSelectorBar mehr nötig. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-08 09:32:25 +02:00
Benjamin Admin	b515ab0c0a	feat(generator): "Generate-All" bulk mode for recommended documents ... Phase 2 of the workspace-cutover initiative: the Document Generator gets a Bulk-Generate mode that produces every recommended document in one click instead of forcing the user through 25+ per-template clicks. New: BulkGenerateModal.tsx (430 LOC) - On open: POSTs current CompanyProfile + ComplianceScope answers to /api/sdk/v1/compliance/recommend (Phase 1 endpoint) - Matches each recommendation's document_type against allTemplates - Shows tabular list: classification chip, title, document_type, source citation; checkboxes pre-selected for required+recommended (only where a template exists) - On submit: sequentially renders each selected template using the same pipeline as GeneratorSection (runRuleset → applyBlockRemoval → applyConditionalBlocks → placeholder replace), then POSTs documents + version v1.0 draft - Per-row progress: ⏳ generiere → ✓ erstellt / ✗ Fehler / — übersprungen; final summary counts page.tsx: - Imports BulkGenerateModal - Adds prominent "Empfohlene generieren →" CTA above the RecommendedDocuments block - Wires SDK state (companyProfile, complianceScope) into the modal Profile mapper: - CompanyProfile (camelCase): employeeCount, businessModel, isDataProcessor → org_employee_count, org_business_model, comp_has_processors - ComplianceScope answers (questionId/value): pass through 1:1 since the rule system uses the same field names as the wizard - compliance_depth_level pulled from decision.determinedLevel End-to-end flow: 1. User completes CompanyProfile + ComplianceScope 2. Clicks "Empfohlene generieren →" 3. Reviews 25-30 prefilled checkboxes 4. Clicks "Generieren" — modal iterates, all docs land as drafts in compliance_legal_documents + version v1.0 5. Phase 3 (next): document-library tab makes them findable 6. Phase 4 (next-next): workspace consumes these directly Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-08 08:57:53 +02:00
Benjamin Admin	e0cad4dc68	feat(template-rule-editor): tenant override UI (Phase 2.1) ... Adds the "Meine Overrides" tab in /sdk/template-rule-editor — the mechanism by which a Kanzlei tells the system "yes, the global recommendation says required, but for MY mandanten this is only optional / or disabled entirely (because we have an equivalent control elsewhere)". Components: - TenantOverrideList.tsx (398 LOC): tabular view with search filter, add/edit/delete operations; one row per override showing Rule Title, Original Classification, My Override Classification (or "Deaktiviert" badge for disabled), Reason, Created-by/at; sticky table header. - OverrideDialog (inline): rule picker (locked in edit mode), classification radio group (required/recommended/optional/disabled), mandatory reason textarea, shows the original source_citation as context above the radio group. - ConfirmDialog (inline): delete confirmation. Page integration: - New Tab system at top of /sdk/template-rule-editor: [Globale Regeln (n)] | [Meine Overrides (n)] - TabButton helper component (border-bottom indicator). - loadOverrides on mount. - handleUpsertOverride / handleDeleteOverride reload overrides after success. Backend integration (already in place since Phase 1): - GET /api/sdk/v1/compliance/tenant-rule-overrides - POST /api/sdk/v1/compliance/tenant-rule-overrides (upsert) - DELETE /api/sdk/v1/compliance/tenant-rule-overrides/{id} Verified end-to-end against live Mac Mini backend: Baseline: whistleblower_policy in required (for 250_999 MA) Add override (optional + reason): moves to optional bucket with override_applied=true and reason concatenation "Trifft zu: ... · Quelle: ... · Tenant-Override: required → optional (Bei meinen Tier-1-Mandanten ...)" Delete: 204 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-06 23:50:37 +02:00
Benjamin Admin	02879a2c3a	refactor: split cookie_screenshot_ocr.py (642 → 290 + 353 LOC) ... CI hard-cap 500 LOC. cookie_screenshot_ocr.py war auf 642 gewachsen, also gesplittet: - cookie_screenshot_ocr_engines.py (353 LOC, NEU) OCR-Engine-Funktionen: _slice_screenshot, Vision-LLM (qwen2.5vl), PaddleOCR, Tesseract, parse_ocr_cookie_table, parse_vision_response, Konstanten VISION_MODEL/OLLAMA_URL/VISION_PROMPT. - cookie_screenshot_ocr.py (290 LOC, REWRITE) Orchestration: capture_cookie_evidence_slices, _ocr_one_slice, ocr_slices_extract_cookies, capture_cookie_screenshot, extract_cookies_via_vision, cookies_to_vendor_records. Re-Exports der Engine-Funktionen für Backward-Kompat. Einziger externer Importer (_phase_d1_vendors_raw.py) braucht keinen Code-Change — Public-API stabil. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-06 23:35:33 +02:00
Benjamin Admin	dfadff5b02	feat(agent): PreScanWizard im ComplianceCheckTab (P79 sichtbar) ... Wizard war bisher nur im DocCheckTab eingebaut, der aber nirgends im UI gemountet ist. Daher: alle Compliance-Checks schickten scan_context=null, P72 Branchen-Filter wirkte nie. Fix: PreScanWizard ins ComplianceCheckTab über die Document-Rows gestellt. Submit-Button disabled bis alle 8 Felder (Branche, B2B/B2C, Direkt-Vertrieb, Rechtsform, Konzern, MA, Besondere Daten, Drittland) gesetzt sind. scan_context wird im POST body mitgesendet. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-23 07:21:11 +02:00
Benjamin Admin	4087bb5f18	Merge feat/dsms-stufe3-version-chains: version chain history + diff + audit-timeline modal	2026-05-22 12:00:33 +02:00
Benjamin Admin	916dec87ee	Merge feat/iace-llm-fm-frontend: KI-Vorschlag Uebernehmen/Ablehnen + AP tests	2026-05-22 12:00:10 +02:00
Benjamin Admin	299375e486	feat(dsms): version chain history + diff endpoint + Audit Timeline UI ... DSMS Stufe 3 — making the parent_cid chain useful end-to-end. Gateway (dsms-gateway): - /api/v1/documents/{cid}/history alias added next to the legacy /documents/{cid}/history (history endpoint itself was already there, just under an inconsistent prefix). - NEW /api/v1/documents/{cid_a}/diff/{cid_b}: fetches both packages from IPFS, computes a metadata diff (per-field old/new), and renders a unified text diff for utf-8 payloads. Binary payloads return only metadata diff with a "binary — compare via rendered export" note. - 4 new pytest cases (mocking ipfs_cat): text diff, binary fallback, fetch error, history chain depth — all green. Frontend (admin-compliance): - CIDHistoryModal: lazy-loads /dsms/documents/:cid/history, renders the version chain as a vertical timeline, marks the AKTUELL entry, and per-step exposes a "Diff zu V<n>" button that loads + renders the diff inline (metadata table + unified text diff in a monospace panel). - AuditTimelinePage: existing CID badge now sits next to a "Verlauf anzeigen" link that opens the modal. Handles both Python's plain-CID audit values and the Go techfile flow's JSON envelope {cid, filename, size} via extractCID() helper. This makes "show me how this CE-Akte changed between V2 and V3" self-service in the UI instead of a curl-against-IPFS workflow. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-22 10:10:07 +02:00
Benjamin Admin	872145d883	feat(iace-fmea): KI-Vorschlag Uebernehmen/Ablehnen flow + AP unit tests ... Closes the loose end from IACE Phase 5 handover: the LLM FM-suggest button existed and the backend endpoint was wired, but accepted suggestions had no path into the FMEA worksheet. Hook (useFMEA.ts): - acceptSuggestion(fm, componentId): builds an FMEARow from FM defaults, prepends to rows (sorted by RPZ), removes the FM from suggestions. No-ops + drops the suggestion when (component, fm.id) is already in rows. - rejectSuggestion(fmId): drops the FM from suggestions list. Page (fmea/page.tsx): - Suggestion cards now have explicit Uebernehmen / Ablehnen buttons. - Counter "X Vorschlaege uebernommen" tracks accept count for the run. - RPZ in each suggestion is colour-coded (red >200, orange >100). - Hinweis line explains S/O/D adjustability after acceptance. - acceptedCount auto-resets when suggesting starts or panel closes. Tests (useFMEA.test.ts): - 8 calculateAP cases covering AIAG-VDA 2019 boundary points for severity 10 / 9 / 7 / 5 / 3, validating the H/M/L action priority matrix. LOC: fmea/page.tsx hits 320 (soft target 300, well under 500 hard cap). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-22 09:56:05 +02:00