breakpilot-compliance

Benjamin_Boenisch/breakpilot-compliance

Fork 0

Commit Graph

Author	SHA1	Message	Date
Benjamin Admin	b0f78ae9a3	feat(cra): readiness derives obligations from Machinery Reg 2023/1230 too Machine/plant builders are hit by BOTH the CRA and the new Machinery Regulation. New machinery_reg_cyber.py models its two well-corroborated Annex III cyber-with- safety essential requirements (1.1.9 protection against corruption, 1.2.1 control- system safety incl. foreseeable manipulation) in our own words; EU legal text is freely reusable (Commission Decision 2011/833/EU, source acknowledged), harmonised standards referenced by identifier only. The readiness check asks "is it machinery?" and, if so, adds these obligations tagged "Maschinen-VO" alongside the CRA ones — the combination is visible (regulations list + per-item source badge). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-14 14:26:08 +02:00
Benjamin Admin	2da3e5fdbb	copy(cra): readiness check names both regulations + the living-system framing Intro now states machine/plant builders are hit by BOTH the CRA (manufacturer duties from 2027) and the new Machinery Regulation 2023/1230 (cyber-affecting- safety in CE), and frames CRA Art. 13 as a continuously documented risk assessment over the lifecycle — not a yearly pentest — which we run as a living system (versioned snapshots). Educates the lead to win them. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-14 13:59:07 +02:00
Benjamin Admin	9660724a2c	feat(cra): CRA Readiness Check lead-magnet on /sdk/cra (Track A) Low-friction, stateless readiness check (no project/DB): business-scope answers (internet / parameter app / remote maintenance / updates / firmware / personal data / critical infra) -> Annex III/IV classification (reuses _classify) + a high-level guideline grouped Code / Prozess / Dokumentation (via Annex I evidence_type) + conformity path + deadlines + rough effort + the "we implement" hook and a CTA into the existing project workflow. Endpoint POST /api/v1/cra/ readiness. Reuse + reframe of the existing CRA module — no duplicate questionnaire. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-14 13:33:09 +02:00

Author

SHA1

Message

Date

Benjamin Admin

b0f78ae9a3

feat(cra): readiness derives obligations from Machinery Reg 2023/1230 too

Machine/plant builders are hit by BOTH the CRA and the new Machinery Regulation.
New machinery_reg_cyber.py models its two well-corroborated Annex III cyber-with-
safety essential requirements (1.1.9 protection against corruption, 1.2.1 control-
system safety incl. foreseeable manipulation) in our own words; EU legal text is
freely reusable (Commission Decision 2011/833/EU, source acknowledged), harmonised
standards referenced by identifier only. The readiness check asks "is it
machinery?" and, if so, adds these obligations tagged "Maschinen-VO" alongside the
CRA ones — the combination is visible (regulations list + per-item source badge).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-14 14:26:08 +02:00

Benjamin Admin

2da3e5fdbb

copy(cra): readiness check names both regulations + the living-system framing

Intro now states machine/plant builders are hit by BOTH the CRA (manufacturer
duties from 2027) and the new Machinery Regulation 2023/1230 (cyber-affecting-
safety in CE), and frames CRA Art. 13 as a continuously documented risk
assessment over the lifecycle — not a yearly pentest — which we run as a living
system (versioned snapshots). Educates the lead to win them.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-14 13:59:07 +02:00

Benjamin Admin

9660724a2c

feat(cra): CRA Readiness Check lead-magnet on /sdk/cra (Track A)

Low-friction, stateless readiness check (no project/DB): business-scope answers
(internet / parameter app / remote maintenance / updates / firmware / personal
data / critical infra) -> Annex III/IV classification (reuses _classify) + a
high-level guideline grouped Code / Prozess / Dokumentation (via Annex I
evidence_type) + conformity path + deadlines + rough effort + the "we implement"
hook and a CTA into the existing project workflow. Endpoint POST /api/v1/cra/
readiness. Reuse + reframe of the existing CRA module — no duplicate questionnaire.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-14 13:33:09 +02:00

3 Commits