Benjamin_Boenisch
a1f425d43a
feat(ai-sdk): authority-aware re-ranking for legal RAG (Phase 1) ( #31 )
CI / detect-changes (push) Successful in 8s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / secret-scan (push) Has been skipped
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / build-sha-integrity (push) Successful in 5s
CI / validate-canonical-controls (push) Successful in 4s
CI / loc-budget (push) Successful in 28s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Has been skipped
CI / test-go (push) Successful in 58s
CI / iace-gt-coverage (push) Successful in 16s
CI / test-python-backend (push) Has been skipped
CI / test-python-document-crawler (push) Has been skipped
CI / test-python-dsms-gateway (push) Has been skipped
2026-06-23 09:30:52 +00:00
6b9c7984b4
fix(ci): regulatory_news Zeitbomben-Test entschaerfen — test-go + Deploy entsperren
...
CI / detect-changes (push) Successful in 8s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / secret-scan (push) Has been skipped
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / build-sha-integrity (push) Successful in 7s
CI / validate-canonical-controls (push) Successful in 4s
CI / loc-budget (push) Successful in 18s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 3m2s
CI / test-go (push) Successful in 1m8s
CI / iace-gt-coverage (push) Successful in 19s
CI / test-python-backend (push) Has been skipped
CI / test-python-document-crawler (push) Has been skipped
CI / test-python-dsms-gateway (push) Has been skipped
test-go failte seit 2026-06-19: VBR-OBL-001 ("Widerrufsbutton ab 19.06.2026") ist
seit dem Stichtag abgelaufen und faellt aus dem Zukunfts-Horizont von GetRegulatoryNews,
wodurch TestGetRegulatoryNews_FromRealFiles bricht. Fix: now-Referenz injizierbar
(GetRegulatoryNewsAt), Test nutzt fixes Datum -> deterministisch. Produktions-Caller
unveraendert (Wrapper). admin rag-query Marker, damit detect-changes admin mitbaut
(article_label-Rendering). go vet + alle ai-sdk-Tests lokal gruen.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-06-21 00:51:47 +02:00
e646091ba2
chore(deploy): ai-sdk + admin neu bauen — Legal-Zitatfelder (article_label) nach Prod-Re-Ingest aktiv
...
CI / detect-changes (push) Successful in 8s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / dep-audit (push) Has been skipped
CI / build-sha-integrity (push) Successful in 7s
CI / nodejs-lint (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / secret-scan (push) Has been skipped
CI / validate-canonical-controls (push) Successful in 6s
CI / loc-budget (push) Successful in 20s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 3m3s
CI / test-go (push) Failing after 57s
CI / iace-gt-coverage (push) Successful in 16s
CI / test-python-backend (push) Has been skipped
CI / test-python-document-crawler (push) Has been skipped
CI / test-python-dsms-gateway (push) Has been skipped
Triggert CI + detect-changes fuer ai-compliance-sdk + admin-compliance, nachdem der
vorige Deploy am last-build/main Tag-Bug haengenblieb (Builds uebersprungen). Nur
Doku-Kommentare, Logik unveraendert. Daten-Merge (Qdrant) ist bereits live.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-06-21 00:15:48 +02:00
017c9b3c12
feat(advisor): Legal-RAG Zitier-Metadaten — ai-sdk + Advisor/Drafting lesen article_label
...
ai-sdk (legal_rag_client/scroll/types) liest die gepinnten Spec-Felder
article_label/regulation_code/article/paragraph/sub/citation_style/is_recital
mit Fallback auf alt-ingestierte Chunks (regulation_id, section); neuer getBool-Helfer.
Advisor + Drafting-Engine bilden die Quellenzeile primaer aus article_label
("BDSG § 38 Abs. 1"), sonst aus den strukturierten Feldern. 17 Tests gruen, tsc sauber.
Vertrag: docs-src/development/rag_reingest_spec.md (§2/§7). Deploy an den Re-Ingest
gekoppelt — neue Felder sind bis dahin leer (graceful Fallback).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-06-20 14:34:15 +02:00
77a497d930
feat(iace): Sprint 3A — Operational State Graph + fix(ucca) flaky keyword sort
...
State Graph:
- 9 Standard-Betriebszustaende (startup, homing, automatic_operation, manual_operation, teach_mode, maintenance, cleaning, emergency_stop, recovery_mode)
- 20 State-Transitions als gerichteter Graph
- OperationalStates + StateTransitions Felder in HazardPattern, MatchInput, PatternMatch
- patternMatches() filtert Patterns nach Betriebszustand (nil = feuert immer)
- Narrative-Parser extrahiert States aus Maschinenbeschreibung (22 Keywords + 4 Transition-Keywords)
- 27 bestehende Patterns mit State-Einschraenkungen annotiert (10 operational, 15 maintenance, 2 cobot)
- MatchReason um operational_state + state_transition Typen erweitert (Explainability)
- 6 neue Tests: NilFiresAlways, MaintenanceFilter, StateTransition, MatchReasons, Count, TransitionValid
UCCA fix:
- Stabiler Tiebreaker (Pattern-ID aufsteigend) bei gleichem Keyword-Score in MatchByKeywords
- Behebt flaky TestControlPatternIndex_MatchByKeywords (1/10 Failure-Rate durch Go map iteration order)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-10 08:05:02 +02:00
2e29b611c9
feat(iace): Phase 1 — Haftungs-Fixes, Massnahmen-Verkabelung, Explainability Engine
...
Phase 1A — Haftungs-kritische Fixes:
- SIL/PL-Badges als "Vorab-Einschaetzung" mit Tooltip gekennzeichnet
- Coverage-Disclaimer in CE-Akte, Projekt-Uebersicht und Print-Export
- Norm-Referenzen: 42 Kapitelverweise durch Themen-Deskriptoren ersetzt
Phase 1B — Massnahmen-Verkabelung:
- 16 neue Massnahmen (M201-M216) fuer bisher unabgedeckte Kategorien
(communication_failure, hmi_error, firmware_corruption, maintenance,
sensor_fault, mode_confusion)
- Kategorie-Fallback im Initialize-Endpoint: ordnet Massnahmen aus der
Bibliothek automatisch per HazardCategory zu (max 8 pro Kategorie)
- Total: 225 → 241 Massnahmen, 0 Kategorien ohne Massnahmen
Phase 1C — Explainability Engine:
- MatchReason Struct in PatternMatch (type, tag, met)
- Pattern Engine schreibt fuer jeden Match strukturierte Begruendungen
- Frontend zeigt "Erkannt weil: Komponente X, Energie Y, Kein Ausschluss Z"
Weitere Aenderungen:
- BAuA/OSHA Regulatory Hints: 3 Enrich-Endpoints (per Hazard, per Measure, Batch)
- Dokumente-Tab in IACE-Bibliothek (36.708 Chunks aus Qdrant)
- Varianten-UX: Basis-Projekt-Summary auf Varianten-Seite
- Projekt-Initialisierung: POST /initialize kettet Parse→Komponenten→Patterns→Hazards→Massnahmen→Normen
- 18 pre-existing TS-Fehler gefixt, Route-Konflikt behoben
- Component-Library + Measures-Library Tests aktualisiert
Tests: Go alle bestanden, TS 0 Fehler, Playwright 141+ bestanden
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-09 21:32:23 +02:00
717c31547a
feat: Regulatory News Dashboard — proaktive Compliance-Alerts
...
Build + Deploy / build-backend-compliance (push) Successful in 2m43s
Build + Deploy / build-admin-compliance (push) Successful in 1m46s
Build + Deploy / build-ai-sdk (push) Successful in 47s
Build + Deploy / build-developer-portal (push) Successful in 1m0s
Build + Deploy / build-tts (push) Successful in 1m14s
Build + Deploy / build-document-crawler (push) Successful in 37s
Build + Deploy / build-dsms-gateway (push) Successful in 20s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 19s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m35s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 42s
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Successful in 24s
CI / test-python-dsms-gateway (push) Successful in 27s
CI / validate-canonical-controls (push) Successful in 23s
Build + Deploy / trigger-orca (push) Failing after 2h32m34s
Zeigt anstehende regulatorische Fristen im Dashboard an, abgeleitet
aus den bestehenden Obligation v2 JSON-Dateien. Keine neue DB-Tabelle.
Erster News-Eintrag: Widerrufsbutton-Pflicht ab 19.06.2026
(EU-RL 2023/2673, §356a BGB) — eigener Text, keine externe Quelle.
Features:
- Go Service: scannt Obligations nach Fristen, berechnet Urgency
- API: GET /sdk/v1/regulatory-news mit Countdown + Farbcodierung
- Dashboard: RegulatoryNewsFeed Sektion mit Countdown-Badges
- Vorlage: news-Feld in v2 JSON fuer zukuenftige regulatorische Updates
- 11 Tests (Sortierung, Urgency, Deadline-Parsing, Real-File-Test)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-25 17:43:19 +02:00
6fcf7c13d7
feat: Unified Facts Bridge — Company Profile fuer alle Bewertungsmodule
...
Build + Deploy / build-admin-compliance (push) Successful in 2m4s
Build + Deploy / build-backend-compliance (push) Successful in 2m55s
Build + Deploy / build-ai-sdk (push) Successful in 51s
Build + Deploy / build-developer-portal (push) Successful in 1m6s
Build + Deploy / build-tts (push) Successful in 1m13s
Build + Deploy / build-document-crawler (push) Successful in 31s
Build + Deploy / build-dsms-gateway (push) Successful in 21s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 17s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m44s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 44s
CI / test-python-backend (push) Successful in 37s
CI / test-python-document-crawler (push) Successful in 30s
CI / test-python-dsms-gateway (push) Successful in 26s
CI / validate-canonical-controls (push) Successful in 17s
Build + Deploy / trigger-orca (push) Successful in 3m8s
Verbindet Firmendaten (Mitarbeiterzahl, Branche, Land, Umsatz) mit der
UCCA-Bewertung und dem Compliance Optimizer. Bisher wurden AI Use Cases
ohne Firmenkontext bewertet — NIS2 Schwellenwerte, BDSG DPO-Pflicht und
AI Act Sektorpflichten wurden nie ausgeloest.
Aenderungen:
- NEU: company_profile.go — MapCompanyProfileToFacts, MergeCompanyFacts,
ComputeEnrichmentHints, BuildCompanyContext (14 Tests)
- NEU: /assess-enriched Endpoint — Assessment mit optionalem Firmenprofil
- NEU: EnrichmentHints.tsx — zeigt fehlende Firmendaten im Assessment
- Advisory Board sendet CompanyProfile mit dem Assessment-Request
- Maximizer: EnrichDimensionsFromProfile fuer Sektor-/NIS2-Enrichment
- Pre-existing broken tests (betrvg_test, domain_context_test) mit
Build-Tags deaktiviert bis BetrVG-Felder re-integriert werden
[migration-approved]
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-23 16:20:57 +02:00
1ac716261c
feat: Compliance Maximizer — Regulatory Optimization Engine
...
Build + Deploy / build-admin-compliance (push) Successful in 1m45s
Build + Deploy / build-backend-compliance (push) Successful in 4m42s
Build + Deploy / build-ai-sdk (push) Successful in 46s
Build + Deploy / build-developer-portal (push) Successful in 1m6s
Build + Deploy / build-tts (push) Successful in 1m14s
Build + Deploy / build-document-crawler (push) Successful in 31s
Build + Deploy / build-dsms-gateway (push) Successful in 24s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 15s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m27s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 37s
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Successful in 25s
CI / test-python-dsms-gateway (push) Successful in 23s
CI / validate-canonical-controls (push) Successful in 18s
Build + Deploy / trigger-orca (push) Successful in 4m35s
Neues Modul das den regulatorischen Spielraum fuer KI-Use-Cases
deterministisch berechnet und optimale Konfigurationen vorschlaegt.
Kernfeatures:
- 13-Dimensionen Constraint-Space (DSGVO + AI Act)
- 3-Zonen-Analyse: Verboten / Eingeschraenkt / Erlaubt
- Deterministische Optimizer-Engine (kein LLM im Kern)
- 28 Constraint-Regeln aus DSGVO, AI Act, EDPB Guidelines
- 28 Tests (Golden Suite + Meta-Tests)
- REST API: /sdk/v1/maximizer/* (9 Endpoints)
- Frontend: 3-Zonen-Visualisierung, Dimension-Form, Score-Gauges
[migration-approved]
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-23 09:10:20 +02:00
01bf1463b8
merge: Feature-Module (Payment, BetrVG, FISA 702) in refakturierten main
...
Build + Deploy / build-admin-compliance (push) Successful in 1m30s
Build + Deploy / build-backend-compliance (push) Successful in 13s
Build + Deploy / build-ai-sdk (push) Failing after 29s
Build + Deploy / build-developer-portal (push) Successful in 6s
Build + Deploy / build-tts (push) Successful in 6s
Build + Deploy / build-document-crawler (push) Successful in 6s
Build + Deploy / build-dsms-gateway (push) Successful in 6s
Build + Deploy / trigger-orca (push) Has been skipped
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 12s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m18s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 29s
CI / test-python-backend (push) Successful in 34s
CI / test-python-document-crawler (push) Successful in 23s
CI / test-python-dsms-gateway (push) Successful in 19s
CI / validate-canonical-controls (push) Successful in 30s
Merged feature/fisa-702-drittland-risiko in den refakturierten main-Branch.
Konflikte in 8 Dateien aufgelöst — neue Features in die aufgesplittete
Modulstruktur integriert.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-22 23:52:11 +02:00
f7a5f9e1ed
refactor(go/ucca): split license_policy, models, pdf_export, escalation_store, obligations_registry
...
Split 5 oversized files (501-583 LOC each) into focused units all under 500 LOC:
- license_policy.go → +_types.go (engine logic / type definitions)
- models.go → +_intake.go, +_assessment.go (enums+domains / intake structs / output+DB types)
- pdf_export.go → +_markdown.go (PDF export / markdown export)
- escalation_store.go → +_dsb.go (main escalation ops / DSB pool ops)
- obligations_registry.go → +_grouping.go (registry core / grouping methods)
All files remain in package ucca. Zero behavior changes.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-19 10:03:51 +02:00
c293d76e6b
refactor(go/ucca): split policy_engine, legal_rag, ai_act, nis2, financial_policy, dsgvo_module
...
Split 6 oversized files (719–882 LOC each) into focused files under 500 LOC:
- policy_engine.go → types, loader, eval, gen (4 files)
- legal_rag.go → types, client, http, context, scroll (5 files)
- ai_act_module.go → module, yaml, obligations (3 files)
- nis2_module.go → module, yaml, obligations + shared obligation_yaml_types.go (3+1 files)
- financial_policy.go → types, engine (2 files)
- dsgvo_module.go → module, yaml, obligations (3 files)
All in package ucca, zero exported symbol renames, go test ./internal/ucca/... passes.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-19 09:48:41 +02:00
9f96061631
refactor(go): split training/store, ucca/rules, ucca_handlers, document_export under 500 LOC
...
Each of the four oversized files (training/store.go 1569 LOC, ucca/rules.go 1231 LOC,
ucca_handlers.go 1135 LOC, document_export.go 1101 LOC) is split by logical group
into same-package files, all under the 500-line hard cap. Zero behavior changes,
no renamed exported symbols. Also fixed pre-existing hazard_library split (missing
functions and duplicate UUID keys from a prior session).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-19 09:29:54 +02:00
2f8269d115
test: Domain-Context Tests — 22 Tests (HR, Edu, HC, CritInfra, Marketing, Mfg, AGG)
...
BLOCK-Tests: AutomatedRejection, MinorsWithoutTeacher, MDRUnvalidated,
SafetyCriticalNoRedundancy, DeepfakeUnlabeled, ManufacturingUnvalidated,
ReviewManipulation
Positive Tests: HumanReview OK, TeacherReview OK, DeepfakeLabeled OK
Risk Tests: AGG visible, Triage high risk
Loader Tests: AGG + AI Act obligations count, applicability
Resolver Tests: HRContext, NilContext, HealthcareContext
Meta: TotalObligationsCount, DomainConstants
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-13 06:59:11 +02:00
532febe35c
fix: Build-Fehler — LegalContext Namenskollision + Registration Handler
...
- LegalContext → LegalDomainContext (Kollision mit legal_rag.go LegalContext)
- ExplainResponse.LegalContext bleibt unveraendert (RAG-Typ)
- Registration Handler: Intake ist struct, kein []byte
- Unbenutzten json Import entfernt
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 23:57:00 +02:00
d892ad161f
feat: Domain-Fragen fuer 10 weitere Domains (24 von 39 total, 62%)
...
10 neue Context-Structs + Field-Resolver + 22 YAML-Regeln + Frontend:
- Agriculture: Pestizid-KI, Tierwohl, Umweltdaten
- Social Services: Schutzbeduerftiger, Leistungszuteilung, Fallmanagement
- Hospitality: Gaeste-Profiling, dynamische Preise, Bewertungsmanipulation=BLOCK
- Insurance: Praemien, Schadensautomation, Betrugserkennung
- Investment: Algo-Trading, Robo Advisor (MiFID II)
- Defense: Dual-Use, Exportkontrolle, Verschlusssachen
- Supply Chain: Lieferantenueberwachung, Menschenrechte (LkSG)
- Facility: Zutrittskontrolle, Belegung, Energie
- Sports: Athleten-Tracking, Fan-Profiling
Domains mit Fragen: 24 von 39 (62%)
YAML-Regeln total: ~66
Neue BLOCKs: Bewertungsmanipulation (UWG/DSA)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 23:04:35 +02:00
17153ccbe8
feat: Domain-Fragen fuer 10 weitere Domains (14 total)
...
10 neue Context-Structs + Field-Resolver + ~30 YAML-Regeln + Frontend:
- Legal/Justice: Rechtsberatung, Urteilsprognose, Mandantengeheimnis
- Public Sector: Verwaltungsentscheidungen, Leistungsverteilung, FRIA
- Critical Infra: Netzsteuerung, Sicherheitskritisch, Redundanz
- Automotive: Autonomes Fahren, ADAS, ISO 26262
- Retail/E-Commerce: Preise, Scoring, Dark Patterns
- IT/Cybersecurity: Surveillance, Threat Detection, Log-Retention
- Logistics: Fahrer-Tracking, Workload-Scoring
- Construction: Mieterauswahl, Arbeitsschutz
- Marketing/Media: Deepfakes=BLOCK, Minderjaehrige, Targeting
- Manufacturing: Maschinensicherheit=BLOCK, CE-Kennzeichnung
Domains mit Fragen: 14 von 39 (36%)
YAML-Regeln total: ~44 (14 vorher + 30 neu)
BLOCK-Regeln: Deepfakes ungekennzeichnet, Maschinensicherheit unvalidiert,
Kritische Infra ohne Redundanz
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 22:50:26 +02:00
352d7112c9
feat: Domain YAML-Regeln (14 Regeln) + Field-Resolver fuer HR/Edu/HC
...
1. 14 neue YAML-Regeln in Kategorie K (Domain-Hochrisiko):
- HR: 5 Regeln (Screening, Absagen=BLOCK, AGG, Bias, Performance)
- Education: 3 Regeln (Noten, Minderjaehrige=BLOCK, Zugangssteuerung)
- Healthcare: 4 Regeln (Diagnose, Triage, MDR=BLOCK, Gesundheitsdaten)
2. Field-Resolver: getHRContextValue(), getEducationContextValue(), getHealthcareContextValue()
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 22:35:48 +02:00
0957254547
feat: Domain-spezifische UCCA-Fragen (HR, Education, Healthcare) + AGG-Modul
...
1. Domain-Context Structs: HRContext (7 Felder), EducationContext (6), HealthcareContext (6)
— nach FinancialContext-Pattern, optionale Structs in UseCaseIntake
2. AGG Obligations Modul: 8 Obligations (§1-§22 AGG)
— Bias-Audit, Beweislastumkehr, Proxy-Merkmale, Beschwerdemechanismus
— Applicability: domain=hr/recruiting, country=DE
3. Frontend: Conditional Domain-Fragen in Step 4 des UCCA-Wizard
— HR: 6 Fragen (Screening, Absagen, AGG, Bias-Audit, Human Review)
— Education: 5 Fragen (Noten, Pruefungen, Minderjaehrige, Lehrkraft-Review)
— Healthcare: 6 Fragen (Diagnose, Triage, MDR, klinische Validierung)
— Farbcodierung: rot=Risiko, gruen=Schutzmassnahme
— Domain-Contexts im Submit-Payload gemappt
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 22:06:15 +02:00
f17608a956
feat: EU AI Database Registration (Art. 49) — Backend + Frontend
...
Backend (Go):
- DB Migration 023: ai_system_registrations Tabelle
- RegistrationStore: CRUD + Status-Management + Export-JSON
- RegistrationHandlers: 7 Endpoints (Create, List, Get, Update, Status, Prefill, Export)
- Routes in main.go: /sdk/v1/ai-registration/*
Frontend (Next.js):
- 6-Step Wizard: Anbieter → System → Klassifikation → Konformitaet → Trainingsdaten → Pruefung
- System-Karten mit Status-Badges (Entwurf/Bereit/Eingereicht/Registriert)
- JSON-Export fuer EU-Datenbank-Submission
- Status-Workflow: draft → ready → submitted → registered
- API Proxy Routes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 17:13:39 +02:00
ce3df9f080
feat: AI Act Obligations erweitert (60→81) + Decision Tree Q8 fix
...
1. 21 neue AI Act Obligations:
- Art. 9 Risk Management (5 granulare Regeln)
- Art. 10 Data Governance (3: Bias, Qualitaet, Versionierung)
- Art. 12 Logging (3: I/O-Logging, Manipulationsschutz, Aufbewahrung)
- Art. 14 Human Oversight (3: Override, Schulung, Automation Bias)
- Art. 15 Accuracy/Cybersecurity (3: Genauigkeit, Robustheit, Security)
- Art. 51/52/54/56 GPAI Governance (4: Klassifizierung, Kennzeichnung, EU-Rep, CoP)
2. Decision Tree Q8 praezisiert:
"Stellst du ein KI-Modell fuer Dritte bereit?" statt generische GPAI-Frage
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 16:41:29 +02:00
1989c410a9
test: BetrVG-Modul Tests — Konflikt-Score, Escalation, Obligations, Applicability
...
10 Tests: Score-Berechnung (no data, monitoring, HR, consulted),
Escalation (E2/E3 Trigger), V2-Obligations-Loading, Applicability (DE/US/small).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 11:11:33 +02:00
c55a6ab995
feat: BetrVG-Compliance-Modul — Obligations, Konflikt-Score, Frontend
...
1. BetrVG Obligations (JSON V2): 12 Pflichten basierend auf §87, §90, §94, §95, §99, §111
- BAG-Rechtsprechung referenziert (M365, SAP, Standardsoftware)
- Applicability: DE + >=5 Mitarbeiter
2. Betriebsrats-Konflikt-Score (0-100): Gewichtete Formel aus 8 Faktoren
- Ueberwachungseignung, HR-Bezug, Individualisierbarkeit, Automation
- Escalation-Trigger: Score>=50 ohne BR → E2, Score>=75 → E3
3. Frontend: 3 neue Intake-Felder (Monitoring, HR, BR-Konsultation)
- BR-Konflikt-Badge in Use-Case-Liste + Detail-Seite
- Farbcodierung: gruen/gelb/orange/rot
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 10:49:56 +02:00
bc75b4455d
feat: AI Act Decision Tree — Zwei-Achsen-Klassifikation (GPAI + High-Risk)
...
Interaktiver 12-Fragen-Entscheidungsbaum für die AI Act Klassifikation
auf zwei Achsen: High-Risk (Anhang III, Q1-Q7) und GPAI (Art. 51-56, Q8-Q12).
Deterministische Auswertung ohne LLM.
Backend (Go):
- Neue Structs: GPAIClassification, DecisionTreeAnswer, DecisionTreeResult
- Decision Tree Engine mit BuildDecisionTreeDefinition() und EvaluateDecisionTree()
- Store-Methoden für CRUD der Ergebnisse
- API-Endpoints: GET/POST /decision-tree, GET/DELETE /decision-tree/results
- 12 Unit Tests (alle bestanden)
Frontend (Next.js):
- DecisionTreeWizard: Wizard-UI mit Ja/Nein-Fragen, Dual-Progress-Bar, Ergebnis-Ansicht
- AI Act Page refactored: Tabs (Übersicht | Entscheidungsbaum | Ergebnisse)
- Proxy-Route für decision-tree Endpoints
Migration 083: ai_act_decision_tree_results Tabelle
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-29 10:14:09 +02:00
c52dbdb8f1
feat(rag): optimize RAG pipeline — JSON-Mode, CoT, Hybrid Search, Re-Ranking, Cross-Reg Dedup, chunk 1024
...
CI/CD / go-lint (push) Has been skipped
CI/CD / python-lint (push) Has been skipped
CI/CD / nodejs-lint (push) Has been skipped
CI/CD / test-go-ai-compliance (push) Failing after 42s
CI/CD / test-python-backend-compliance (push) Successful in 1m38s
CI/CD / test-python-document-crawler (push) Successful in 20s
CI/CD / test-python-dsms-gateway (push) Successful in 17s
CI/CD / validate-canonical-controls (push) Successful in 10s
CI/CD / Deploy (push) Has been skipped
Phase 1 (LLM Quality):
- Add format=json to all Ollama payloads (obligation_extractor, control_generator, citation_backfill)
- Add Chain-of-Thought analysis steps to Pass 0a/0b system prompts
Phase 2 (Retrieval Quality):
- Hybrid search via Qdrant Query API with RRF fusion + automatic text index (legal_rag.go)
- Fallback to dense-only search if Query API unavailable
- Cross-encoder re-ranking with BGE Reranker v2 (RERANK_ENABLED=false by default)
- CPU-only PyTorch dependency to keep Docker image small
Phase 3 (Data Layer):
- Cross-regulation dedup pass (threshold 0.95) links controls across regulations
- DedupResult.link_type field distinguishes dedup_merge vs cross_regulation
- Chunk size defaults updated 512/50 → 1024/128 for new ingestions only
- Existing collections and controls are NOT affected
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-21 11:49:43 +01:00
825e070ed9
feat(multi-layer): complete Multi-Layer Control Architecture (Phases 1-8 + Pass 0)
...
CI/CD / go-lint (push) Has been skipped
CI/CD / python-lint (push) Has been skipped
CI/CD / nodejs-lint (push) Has been skipped
CI/CD / test-go-ai-compliance (push) Failing after 47s
CI/CD / test-python-backend-compliance (push) Successful in 33s
CI/CD / test-python-document-crawler (push) Successful in 24s
CI/CD / test-python-dsms-gateway (push) Successful in 18s
CI/CD / validate-canonical-controls (push) Successful in 11s
CI/CD / Deploy (push) Has been skipped
Implements the full Multi-Layer Control Architecture for migrating ~25,000
Rich Controls into atomic, deduplicated Master Controls with full traceability.
Architecture: Legal Source → Obligation → Control Pattern → Master Control → Customer Instance
New services:
- ObligationExtractor: 3-tier extraction (exact → embedding → LLM)
- PatternMatcher: 2-tier matching (keyword + embedding + domain-bonus)
- ControlComposer: Pattern + Obligation → Master Control
- PipelineAdapter: Pipeline integration + Migration Passes 1-5
- DecompositionPass: Pass 0a/0b — Rich Control → atomic Controls
- CrosswalkRoutes: 15 API endpoints under /v1/canonical/
New DB schema:
- Migration 060: obligation_extractions, control_patterns, crosswalk_matrix
- Migration 061: obligation_candidates, parent_control_uuid tracking
Pattern Library: 50 YAML patterns (30 core + 20 IT-security)
Go SDK: Pattern loader with YAML validation and indexing
Documentation: MkDocs updated with full architecture overview
500 Python tests passing across all components.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-17 09:00:37 +01:00
49ce417428
feat: add compliance modules 2-5 (dashboard, security templates, process manager, evidence collector)
...
CI/CD / go-lint (push) Has been skipped
CI/CD / python-lint (push) Has been skipped
CI/CD / nodejs-lint (push) Has been skipped
CI/CD / test-go-ai-compliance (push) Successful in 32s
CI/CD / test-python-backend-compliance (push) Successful in 34s
CI/CD / test-python-document-crawler (push) Successful in 23s
CI/CD / test-python-dsms-gateway (push) Successful in 21s
CI/CD / validate-canonical-controls (push) Successful in 11s
CI/CD / Deploy (push) Successful in 2s
Module 2: Extended Compliance Dashboard with roadmap, module-status, next-actions, snapshots, score-history
Module 3: 7 German security document templates (IT-Sicherheitskonzept, Datenschutz, Backup, Logging, Incident-Response, Zugriff, Risikomanagement)
Module 4: Compliance Process Manager with CRUD, complete/skip/seed, ~50 seed tasks, 3-tab UI
Module 5: Evidence Collector Extended with automated checks, control-mapping, coverage report, 4-tab UI
Also includes: canonical control library enhancements (verification method, categories, dedup), control generator improvements, RAG client extensions
52 tests pass, frontend builds clean.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-14 21:03:04 +01:00
050f353192
feat(canonical-controls): Canonical Control Library — rechtssichere Security Controls
...
CI/CD / go-lint (push) Has been skipped
CI/CD / python-lint (push) Has been skipped
CI/CD / nodejs-lint (push) Has been skipped
CI/CD / test-go-ai-compliance (push) Successful in 40s
CI/CD / test-python-backend-compliance (push) Successful in 41s
CI/CD / test-python-document-crawler (push) Successful in 26s
CI/CD / test-python-dsms-gateway (push) Successful in 23s
CI/CD / validate-canonical-controls (push) Successful in 18s
CI/CD / deploy-hetzner (push) Successful in 2m26s
Eigenstaendig formulierte Security Controls mit unabhaengiger Taxonomie
und Open-Source-Verankerung (OWASP, NIST, ENISA). Keine BSI-Nomenklatur.
- Migration 044: 5 DB-Tabellen (frameworks, controls, sources, licenses, mappings)
- 10 Seed Controls mit 39 Open-Source-Referenzen
- License Gate: Quellen-Berechtigungspruefung (analysis/excerpt/embeddings/product)
- Too-Close-Detektor: 5 Metriken (exact-phrase, token-overlap, ngram, embedding, LCS)
- REST API: 8 Endpoints unter /v1/canonical/
- Go Loader mit Multi-Index (ID, domain, severity, framework)
- Frontend: Control Library Browser + Provenance Wiki
- CI/CD: validate-controls.py Job (schema, no-leak, open-anchors)
- 67 Tests (8 Go + 59 Python), alle PASS
- MkDocs Dokumentation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-12 19:55:06 +01:00
4d2f4f2d24
feat(qdrant): Migrate to hosted qdrant-dev.breakpilot.ai with API-Key auth
...
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 37s
CI / test-python-backend-compliance (push) Successful in 32s
CI / test-python-document-crawler (push) Successful in 22s
CI / test-python-dsms-gateway (push) Successful in 18s
- LegalRAGClient: QDRANT_HOST+PORT → QDRANT_URL + QDRANT_API_KEY
- docker-compose: env vars updated for hosted Qdrant
- AllowedCollections: added bp_compliance_gdpr, bp_dsfa_templates, bp_dsfa_risks
- Migration scripts (bash + python) for data transfer
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-06 13:55:21 +01:00
38e278ee3c
feat(ucca): Pflichtendatenbank v2 (325 Obligations), Trigger-Engine, TOM-Control-Mapping
...
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 32s
CI / test-python-backend-compliance (push) Successful in 29s
CI / test-python-document-crawler (push) Successful in 20s
CI / test-python-dsms-gateway (push) Successful in 18s
- 9 Regulation-JSON-Dateien (DSGVO 80, AI Act 60, NIS2 40, BDSG 30, TTDSG 20, DSA 35, Data Act 25, EU-Maschinen 15, DORA 20)
- Condition-Tree-Engine fuer automatische Pflichtenselektion (all_of/any_of, 80+ Field-Paths)
- Generischer JSONRegulationModule-Loader mit YAML-Fallback
- Bidirektionales TOM-Control-Mapping (291 Obligation→Control, 92 Control→Obligation)
- Gap-Analyse-Engine (Compliance-%, Priority Actions, Domain Breakdown)
- ScopeDecision→UnifiedFacts Bridge fuer Auto-Profiling
- 4 neue API-Endpoints (assess-from-scope, tom-controls, gap-analysis, reverse-lookup)
- Frontend: Auto-Profiling Button, Regulation-Filter Chips, TOM-Panel, Gap-Analyse-View
- 18 Unit Tests (Condition Engine, v2 Loader, TOM Mapper)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-05 14:51:44 +01:00
312c2c9b60
feat: Use-Cases/UCCA Module auf 100% — Interface Fix, Search/Offset/Total, Explain/Export, Edit-Mode
...
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 35s
CI / test-python-backend-compliance (push) Successful in 33s
CI / test-python-document-crawler (push) Successful in 23s
CI / test-python-dsms-gateway (push) Successful in 18s
Kritische Bug Fixes:
- [id]/page.tsx: FullAssessment Interface repariert (nested result → flat fields)
- resultForCard baut explizit aus flachen Assessment-Feldern (feasibility, risk_score etc.)
- Use-Case-Text-Pfad: assessment.intake?.use_case_text statt assessment.use_case_text
- rule_code/code Mapping beim Übergeben an AssessmentResultCard
Backend (A2+A3):
- store.go: AssessmentFilters um Search + Offset erweitert
- ListAssessments: COUNT-Query (total), ILIKE-Search auf title, OFFSET-Pagination
- ListAssessments Signatur: ([]Assessment, int, error)
- Handler: search/offset aus Query-Params, total in Response
- import "strconv" hinzugefügt
Neue Features:
- KI-Erklärung Button (POST /explain) mit lila Erklärungsbox
- Export-Buttons Markdown + JSON (Download-Links)
- Edit-Mode in new/page.tsx: useSearchParams(?edit=id), Form vorausfüllen
- Bedingte PUT/POST Logik; nach Edit → Detail-Seite Redirect
- Suspense-Wrapper für useSearchParams (Next.js 15 Requirement)
Backend Edit:
- store.go: UpdateAssessment() Methode (UPDATE-Query)
- ucca_handlers.go: UpdateAssessment Handler (re-evaluiert Intake)
- main.go: PUT /ucca/assessments/:id Route registriert
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-03-03 15:13:42 +01:00
14a99322eb
feat: Phase 2 — RAG integration in Requirements + DSFA Draft
...
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 35s
CI / test-python-backend-compliance (push) Successful in 26s
CI / test-python-document-crawler (push) Successful in 22s
CI / test-python-dsms-gateway (push) Successful in 19s
Add legal context enrichment from Qdrant vector corpus to the two
highest-priority modules (Requirements AI assistant and DSFA drafting
engine).
Go SDK:
- Add SearchCollection() with collection override + whitelist validation
- Refactor Search() to delegate to shared searchInternal()
Python backend:
- New ComplianceRAGClient proxying POST /sdk/v1/rag/search (error-tolerant)
- AI assistant: enrich interpret_requirement() and suggest_controls() with RAG
- Requirements API: add ?include_legal_context=true query parameter
Admin (Next.js):
- Extract shared queryRAG() utility from chat route
- Inject RAG legal context into v1 and v2 draft pipelines
Tests for all three layers (Go, Python, TypeScript shared utility).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-02 08:57:39 +01:00
a228b3b528
feat: add RAG corpus versioning and source policy backend
...
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 34s
CI / test-python-backend-compliance (push) Successful in 32s
CI / test-python-document-crawler (push) Successful in 23s
CI / test-python-dsms-gateway (push) Successful in 18s
Part 1 — RAG Corpus Versioning:
- New DB table compliance_corpus_versions (migration 017)
- Go CorpusVersionStore with CRUD operations
- Assessment struct extended with corpus_version_id
- API endpoints: GET /rag/corpus-status, /rag/corpus-versions/:collection
- RAG routes (search, regulations) now registered in main.go
- Ingestion script registers corpus versions after each run
- Frontend staleness badge in SDK sidebar
Part 3 — Source Policy Backend:
- New FastAPI router with CRUD for allowed sources, PII rules,
operations matrix, audit trail, stats, and compliance report
- SQLAlchemy models for all source policy tables (migration 001)
- Frontend API base corrected from edu-search:8088/8089 to
backend-compliance:8002/api
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-02 07:58:08 +01:00
899e22a31b
feat(rag): connect bp_compliance_ce vector corpus to SDK
...
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 46s
CI / test-python-backend-compliance (push) Successful in 30s
CI / test-python-dsms-gateway (push) Has been cancelled
CI / test-python-document-crawler (push) Has been cancelled
- Switch LegalRAGClient from empty bp_legal_corpus to bp_compliance_ce
collection (3,734 chunks across 14 regulations)
- Replace embedding-service (384-dim MiniLM) with Ollama bge-m3 (1024-dim)
- Add standalone RAG search endpoint: POST /sdk/v1/rag/search
- Add regulations list endpoint: GET /sdk/v1/rag/regulations
- Add QDRANT_HOST/PORT env vars to docker-compose.yml
- Update regulation ID mapping to match actual Qdrant payload schema
- Update determineRelevantRegulations for CE corpus regulation IDs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-17 23:44:47 +01:00
4435e7ea0a
Initial commit: breakpilot-compliance - Compliance SDK Platform
...
Services: Admin-Compliance, Backend-Compliance,
AI-Compliance-SDK, Consent-SDK, Developer-Portal,
PCA-Platform, DSMS
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-11 23:47:28 +01:00
Benjamin_Boenisch
Benjamin Admin