c27022d11b
feat: CE-Akte mit Anhang IV + Tech-File Sections fuer alle 4 Projekte
...
- 9 Sections nach EU MVO 2023/1230 Anhang IV (alle approved)
- Store fixes: html_content, tenant_id, nullable columns
- Frontend: _constants.ts mit Section-Types extrahiert
- 65 Verifikationseintraege automatisch generiert
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-08 01:49:14 +02:00
8087e74e88
feat: Verification handler split + ListVerificationPlans
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-08 01:19:13 +02:00
89af88ef7d
feat: Fortschritts-Tracker + Verifikation-Endpoints + Tech-File Erweiterung
...
- Übersicht: Completeness Gates durch Projektfortschritts-Tracker ersetzt
(6 CE-Prozessschritte mit Status + Naechster-Schritt Empfehlung)
- Verifikation: GET/POST/DELETE /verifications Endpoints + Alias-Handler
- Tech-File: Anhang IV Struktur-Erweiterung
- Maßnahmen: Expandable Details vorbereitet
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-08 01:02:41 +02:00
c4532049d8
perf: N+1 Fix in GetRiskSummary — 231 Queries auf 1 reduziert
...
risk-summary Endpoint von ~7s auf <0.5s.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-08 00:48:21 +02:00
5236864521
perf: N+1 Fix in GetProject/buildCompletenessContext
...
462 einzelne Queries (Assessments + Mitigations pro Hazard) durch
2 Batch-Queries ersetzt. GetProject von ~22s auf <1s.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-08 00:40:04 +02:00
6cec1dcdba
perf: N+1 Query Fix — ListHazards 231x schneller
...
Ersetzt 231 einzelne DB-Queries durch 1 Batch-Query mit
DISTINCT ON (hazard_id) JOIN. Ladezeit von ~40s auf <1s.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-08 00:28:15 +02:00
56892cf7dc
feat: CE × Compliance Crossover Engine
...
Automatische Erkennung von DSGVO/AI Act/CRA/NIS2/Data Act
Implikationen bei CE-Gefaehrdungen. 50 Trigger-Mappings auf
Hazard-Patterns → Compliance-Module mit Modul-Links.
- compliance_triggers.go: 50 Pattern→Regulation Mappings
- compliance_crossover.go: Engine die Projekt-Hazards gegen Trigger prueft
- iace_handler_compliance.go: GET /compliance-triggers API
- ComplianceAlerts.tsx: Frontend Alert-Panel auf Projekt-Uebersicht
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 15:07:22 +02:00
86504ef280
feat: 1000 unique Hazard-Patterns erreicht!
...
336 neue Patterns (HP1000-HP1335):
- Mechanisch detailliert (85): Quetschen, Scheren, Einziehen pro Koerperteil
- Elektrisch/Thermisch/Chemisch (85): Verbrennung, Einatmen, Hautkontakt
- Software/Organisation/Umgebung (85): SPS, Sensor, Aktor, HMI, Notfall
- Lebenszyklus/Verkettung/Retrofit (81): Beschaffung, Manipulation, Dritte
Gesamtstand: 1000 Patterns + 751 Normen + 200 Massnahmen
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 14:29:10 +02:00
3d7b09bcef
feat: Massnahmen-Bibliothek auf 200 erweitert (3-Stufen)
...
60 Design + 80 Schutz + 60 Information — alle mit Normenreferenzen.
Subtypes: geometry, force_energy, material, ergonomics, control_design,
fixed_guard, movable_guard, electro_sensitive, emergency_stop,
electrical/thermal/fluid protection, extraction, signage, manual,
training, ppe, organizational, marking.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 14:23:15 +02:00
71802614cc
feat: Batch F patterns + engine cleanup
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 14:15:37 +02:00
30236638ed
feat: 664 unique Hazard-Patterns + Test-Fix
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 14:05:58 +02:00
912684644e
feat: Hazard-Patterns auf 725+ — Split-Dateien von Batch B integriert
...
Neue Dateien: packaging, medical_pressure, specific_machines2
Split: food_pkg aufgeteilt in food_processing + packaging
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 14:01:46 +02:00
2b2a20cc6d
feat: Hazard-Patterns auf 725 erweitert
...
4 neue Pattern-Dateien:
- Workshop (65): Stolpern, Ergonomie, Chemie, Brand, Strahlung, Biologie
- Maintenance Extended (65): LOTO, Einrichten, Stoerung, Transport, Inbetriebnahme
- Specific Machines (55): Druckgeraete, Wind, Solar, Batterie, Fahrtreppen, Schwimmbad
- Cyber/AI Extended (65): Software-Fehler, Ransomware, KI-Bias, OPC-UA, HMI
751 Normen + 725 Patterns = umfassende CE-Bibliothek
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 13:55:15 +02:00
05839e36aa
feat: Hazard-Patterns auf 475 erweitert (Ziel: 1000)
...
Build + Deploy / build-admin-compliance (push) Successful in 9s
Build + Deploy / build-backend-compliance (push) Successful in 8s
Build + Deploy / build-ai-sdk (push) Successful in 37s
Build + Deploy / build-developer-portal (push) Successful in 7s
Build + Deploy / build-tts (push) Successful in 7s
Build + Deploy / build-document-crawler (push) Successful in 8s
Build + Deploy / build-dsms-gateway (push) Successful in 7s
Build + Deploy / build-dsms-node (push) Successful in 8s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 17s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m55s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 49s
CI / test-python-backend (push) Successful in 43s
CI / test-python-document-crawler (push) Successful in 32s
CI / test-python-dsms-gateway (push) Successful in 23s
CI / validate-canonical-controls (push) Successful in 16s
Build + Deploy / trigger-orca (push) Successful in 2m11s
8 neue Pattern-Dateien fuer:
- Aufzuege (25), AGV/Landmaschinen (30), Lebensmittel/Verpackung (35)
- Laser/Medizin/Druck (40), Bau/Krane (20), Forst/Foerderer (31)
- Kunststoff/Metall (30), Schweissen/Glas/Textil (30)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 13:31:23 +02:00
1005ba0398
feat: Normen-Bibliothek auf 751 Normen finalisiert
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 13:24:33 +02:00
fb6192d92d
feat: Normen-Bibliothek auf 747 Normen — Ziel 700 uebertroffen
...
24 Dateien, 747 Normen mit Abschnittsreferenzen und Beuth-URLs.
Abdeckung: Maschinenbau, Elektrik, Hydraulik, Holz, Metall, Kunststoff,
Lebensmittel, Verpackung, Textil, Landmaschinen, Erdbau, Krane, Aufzuege,
Foerdertechnik, AGV, Medizin, Labor, Pharma, Energie, Bau, Bergbau,
Forst, PSA, ATEX, EMV, Spielplatz, Fitness, Schwimmbad, Glas, Leder,
Papier, Airport, Waescherei, Feuerwehr, Seilbahnen, Fahrgeschaefte.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 13:18:25 +02:00
ba9558384f
feat: Normen-Bibliothek auf 620+ erweitert + wave3 fixes
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 13:13:08 +02:00
2e1e18d853
feat: Normen-Bibliothek auf 617 erweitert (Ziel: 700)
...
Wave 3: +161 Normen (456 → 617)
- Serien-Lücken geschlossen (EN 1870, EN 474, EN 1034, EN 81, ISO 4254)
- Glas, Leder, Backwaren, Tabak, Medizin (IEC 60601), Labor, Feuerwehr
- Spielplatz, Fitness, Schwimmbad, HVAC, Kältetechnik
- PSA (Schuhe, Handschuhe, Augenschutz, Gehörschutz, Atemschutz)
- Leitern, Gerüste, Drahtseile, Gasgeräte, Messtechnik
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 13:04:22 +02:00
9bc0f321e0
feat: Normen-Bibliothek auf 456 erweitert + UX-Verbesserungen
...
- Normen: 215 → 456 (Werkzeugmaschinen, Förder/AGV, Verfahrenstechnik,
Bau/Bergbau, Holz/Papier, Airport, Wäscherei, B2-Erweiterung)
- Maßnahmen: Accordion-Tabellenansicht mit Batch-Verifizierung
- Hazards: Risikobewertung als Default-View, KI-Button entfernt
- Normenrecherche: Pflicht-Erklärung, + Norm hinzufügen Feld
- Produktionslinien: Inline-Erstellungsformular mit Projekt-Zuordnung
- Playwright Tests angepasst
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 12:45:15 +02:00
97a52533a8
Merge remote gitea/main — resolve conflicts keeping local (origin) state
...
Build + Deploy / build-admin-compliance (push) Successful in 2m29s
Build + Deploy / build-backend-compliance (push) Successful in 3m23s
Build + Deploy / build-ai-sdk (push) Failing after 47s
Build + Deploy / build-developer-portal (push) Successful in 1m19s
Build + Deploy / build-tts (push) Failing after 1m29s
Build + Deploy / build-document-crawler (push) Successful in 43s
Build + Deploy / build-dsms-gateway (push) Successful in 25s
Build + Deploy / build-dsms-node (push) Successful in 11s
CI / branch-name (push) Has been skipped
Build + Deploy / trigger-orca (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 18s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 3m17s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 48s
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Successful in 31s
CI / test-python-dsms-gateway (push) Successful in 26s
CI / validate-canonical-controls (push) Successful in 18s
Local origin is 20+ commits ahead of remote gitea. All conflicts
resolved by keeping HEAD (our version) which includes the full
56→138 check expansion and doc_checks package split.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 12:40:23 +02:00
e7f2f98da3
feat: IACE CE-Compliance Module — Normen, Risikobewertung, Production Lines
...
Major features:
- 215 norms library with section references + Beuth URLs (A/B1/B2/C norms)
- 173 hazard patterns with detail fields (scenario, trigger, harm, zone)
- Deterministic pattern matching: Component × Lifecycle × Pattern cross-product
- SIL/PL auto-calculation from S×E×P risk graph
- Risk assessment table with editable S/E/P dropdowns
- Production Line Dashboard with animated station flow (Running Dots)
- IACE process flow + norms coverage on start page
- Non-blocking cookie banner, ProcessFlow SSR fix
- 104 Playwright E2E tests passing
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 10:53:26 +02:00
ef8e7e599f
feat: IACE +40 DGUV-extended patterns (HP094-HP133) — 133 total
...
Mechanical extended (HP094-HP103): Cutting, impact, friction, high-pressure
jet, ejection of fragments, tripping, gear/chain entanglement, clothing
winding, pendulating loads, tool kickback
Electrical extended (HP104-HP109): Arc flash, capacitor residual charge,
static discharge, grounding fault, induced voltage, overcurrent fire
Hazardous substances (HP110-HP117): Dust explosion, solvent vapors,
cutting fluid irritation, welding fumes, chemical burns, suffocation
in confined spaces, biological contamination, asbestos release
Radiation (HP118-HP123): Laser eye injury, UV from welding, infrared
heat, EMF induction, ionizing radiation, glare
Fire/Explosion (HP124-HP130): Electrical overheating, gas/vapor explosion,
hydraulic oil fire, metal dust fire, pressure vessel burst, oxygen
enrichment, spontaneous combustion
Ergonomic extended (HP131-HP133): RSI, whole-body vibration, hand-arm vibration
Total pattern library: 133 patterns (44 builtin + 14 press + 7 cobot +
28 operational + 40 DGUV) + ~58 extended rule library
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-05 18:22:57 +02:00
85e82d0dfa
feat: IACE 28 operational hazard patterns (HP066-HP093)
...
Fault Clearing (HP066-HP072): Jammed parts releasing, hose bursts,
unexpected restart, stored energy, intervention in running machine,
material jam, falling parts during fault clearing
Maintenance (HP073-HP079): Missing LOTO, falls from platforms,
hot parts contact, hazardous substances, electric shock, ergonomic
access, uncontrolled hydraulic lowering
Setup/Changeover (HP080-HP085): Crushing during tool change, burns
from hot tools, heavy tool drops, unintended stroke in setup mode,
wrong parameters, test cycle hits personnel
Transport/Install/Decommission (HP086-HP090): Machine tipping,
crushing during installation, uncontrolled commissioning movement,
residual media, sharp edges
Cleaning (HP091-HP093): Slipping, chemical exposure, draw-in
Lifecycle keywords expanded: werkzeugwechsel, stoerung, fehlersuche,
klemm, blockier, stau → trigger fault_clearing phase patterns
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-05 17:42:38 +02:00
d816cf8d3a
fix: missing closing brace in GetBuiltinHazardPatterns()
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-05 09:36:23 +02:00
8dd1581fae
feat: IACE SIL/PL calculator + Cobot patterns + library extensions
...
SIL/PL Calculator: Deterministic S×E×P → PL (a-e) → SIL (1-3) mapping
Cobot Patterns (HP059-HP065): Human-robot collision, afterrun, misprogramming
Press Patterns split into separate file (500-line guardrail)
5 new components (C136-C140), 5 new tags, 18 keyword entries
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-05 09:29:03 +02:00
d7b287889e
fix: IACE parser handler — use MatchOutput.SuggestedHazards instead of MatchedPatterns fields
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-05 07:18:55 +02:00
d4b7943d54
feat: IACE deterministic narrative parser + library extensions
...
Library Extensions:
- 15 new components (C121-C135): knee lever, hydraulic ram, lubrication
system, extraction system, vibrating plate, die tooling, transfer system,
hoist, chute, oil drip tray, pressure relief valve, die space, flywheel,
bin changeover station, inspection scale
- 8 new tags: person_under_load, two_hand_control_required,
thermal_accumulation, mechanical_transmission, oil_mist_risk,
rapid_energy_release, gravity_suspended_load, bypass_risk
- 14 new patterns (HP045-HP058): ram drop, die space crushing, oil mist
inhalation, hot workpiece burns, suspended load, transfer draw-in,
ejection fall, accumulator pressure release, impact noise, flywheel
residual energy, guard bypass, two-hand misoperation, oil leakage,
ergonomic bin changeover
Deterministic Parser (NO LLM):
- keyword_dictionary.go: ~100 entries mapping DE/EN keywords to
component IDs, energy source IDs, and tags
- narrative_parser.go: ParseNarrative() extracts components, energy
sources, lifecycle phases, roles, tech specs, and context tags from
free-text machine descriptions via keyword matching + regex
- Tech spec regex: extracts kN, V, °C, bar, kW, rpm values and
derives energy sources + severity tags automatically
- iace_handler_parser.go: POST /projects/:id/parse-narrative endpoint
chains parser → pattern engine → hazard suggestions
Test: Paste Kniehebelpresse description → should detect 10+ components,
15+ hazards, all deterministically without LLM.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-05 00:29:18 +02:00
717c31547a
feat: Regulatory News Dashboard — proaktive Compliance-Alerts
...
Build + Deploy / build-admin-compliance (push) Successful in 1m46s
Build + Deploy / build-backend-compliance (push) Successful in 2m43s
Build + Deploy / build-ai-sdk (push) Successful in 47s
Build + Deploy / build-developer-portal (push) Successful in 1m0s
Build + Deploy / build-tts (push) Successful in 1m14s
Build + Deploy / build-document-crawler (push) Successful in 37s
Build + Deploy / build-dsms-gateway (push) Successful in 20s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 19s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m35s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 42s
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Successful in 24s
CI / test-python-dsms-gateway (push) Successful in 27s
CI / validate-canonical-controls (push) Successful in 23s
Build + Deploy / trigger-orca (push) Failing after 2h32m34s
Zeigt anstehende regulatorische Fristen im Dashboard an, abgeleitet
aus den bestehenden Obligation v2 JSON-Dateien. Keine neue DB-Tabelle.
Erster News-Eintrag: Widerrufsbutton-Pflicht ab 19.06.2026
(EU-RL 2023/2673, §356a BGB) — eigener Text, keine externe Quelle.
Features:
- Go Service: scannt Obligations nach Fristen, berechnet Urgency
- API: GET /sdk/v1/regulatory-news mit Countdown + Farbcodierung
- Dashboard: RegulatoryNewsFeed Sektion mit Countdown-Badges
- Vorlage: news-Feld in v2 JSON fuer zukuenftige regulatorische Updates
- 11 Tests (Sortierung, Urgency, Deadline-Parsing, Real-File-Test)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-25 17:43:19 +02:00
6fcf7c13d7
feat: Unified Facts Bridge — Company Profile fuer alle Bewertungsmodule
...
Build + Deploy / build-admin-compliance (push) Successful in 2m4s
Build + Deploy / build-backend-compliance (push) Successful in 2m55s
Build + Deploy / build-ai-sdk (push) Successful in 51s
Build + Deploy / build-developer-portal (push) Successful in 1m6s
Build + Deploy / build-tts (push) Successful in 1m13s
Build + Deploy / build-document-crawler (push) Successful in 31s
Build + Deploy / build-dsms-gateway (push) Successful in 21s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 17s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m44s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 44s
CI / test-python-backend (push) Successful in 37s
CI / test-python-document-crawler (push) Successful in 30s
CI / test-python-dsms-gateway (push) Successful in 26s
CI / validate-canonical-controls (push) Successful in 17s
Build + Deploy / trigger-orca (push) Successful in 3m8s
Verbindet Firmendaten (Mitarbeiterzahl, Branche, Land, Umsatz) mit der
UCCA-Bewertung und dem Compliance Optimizer. Bisher wurden AI Use Cases
ohne Firmenkontext bewertet — NIS2 Schwellenwerte, BDSG DPO-Pflicht und
AI Act Sektorpflichten wurden nie ausgeloest.
Aenderungen:
- NEU: company_profile.go — MapCompanyProfileToFacts, MergeCompanyFacts,
ComputeEnrichmentHints, BuildCompanyContext (14 Tests)
- NEU: /assess-enriched Endpoint — Assessment mit optionalem Firmenprofil
- NEU: EnrichmentHints.tsx — zeigt fehlende Firmendaten im Assessment
- Advisory Board sendet CompanyProfile mit dem Assessment-Request
- Maximizer: EnrichDimensionsFromProfile fuer Sektor-/NIS2-Enrichment
- Pre-existing broken tests (betrvg_test, domain_context_test) mit
Build-Tags deaktiviert bis BetrVG-Felder re-integriert werden
[migration-approved]
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-23 16:20:57 +02:00
1ac716261c
feat: Compliance Maximizer — Regulatory Optimization Engine
...
Build + Deploy / build-admin-compliance (push) Successful in 1m45s
Build + Deploy / build-backend-compliance (push) Successful in 4m42s
Build + Deploy / build-ai-sdk (push) Successful in 46s
Build + Deploy / build-developer-portal (push) Successful in 1m6s
Build + Deploy / build-tts (push) Successful in 1m14s
Build + Deploy / build-document-crawler (push) Successful in 31s
Build + Deploy / build-dsms-gateway (push) Successful in 24s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 15s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m27s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 37s
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Successful in 25s
CI / test-python-dsms-gateway (push) Successful in 23s
CI / validate-canonical-controls (push) Successful in 18s
Build + Deploy / trigger-orca (push) Successful in 4m35s
Neues Modul das den regulatorischen Spielraum fuer KI-Use-Cases
deterministisch berechnet und optimale Konfigurationen vorschlaegt.
Kernfeatures:
- 13-Dimensionen Constraint-Space (DSGVO + AI Act)
- 3-Zonen-Analyse: Verboten / Eingeschraenkt / Erlaubt
- Deterministische Optimizer-Engine (kein LLM im Kern)
- 28 Constraint-Regeln aus DSGVO, AI Act, EDPB Guidelines
- 28 Tests (Golden Suite + Meta-Tests)
- REST API: /sdk/v1/maximizer/* (9 Endpoints)
- Frontend: 3-Zonen-Visualisierung, Dimension-Form, Score-Gauges
[migration-approved]
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-23 09:10:20 +02:00
01bf1463b8
merge: Feature-Module (Payment, BetrVG, FISA 702) in refakturierten main
...
Build + Deploy / build-admin-compliance (push) Successful in 1m30s
Build + Deploy / build-backend-compliance (push) Successful in 13s
Build + Deploy / build-ai-sdk (push) Failing after 29s
Build + Deploy / build-developer-portal (push) Successful in 6s
Build + Deploy / build-tts (push) Successful in 6s
Build + Deploy / build-document-crawler (push) Successful in 6s
Build + Deploy / build-dsms-gateway (push) Successful in 6s
Build + Deploy / trigger-orca (push) Has been skipped
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 12s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m18s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 29s
CI / test-python-backend (push) Successful in 34s
CI / test-python-document-crawler (push) Successful in 23s
CI / test-python-dsms-gateway (push) Successful in 19s
CI / validate-canonical-controls (push) Successful in 30s
Merged feature/fisa-702-drittland-risiko in den refakturierten main-Branch.
Konflikte in 8 Dateien aufgelöst — neue Features in die aufgesplittete
Modulstruktur integriert.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-22 23:52:11 +02:00
f7a5f9e1ed
refactor(go/ucca): split license_policy, models, pdf_export, escalation_store, obligations_registry
...
Split 5 oversized files (501-583 LOC each) into focused units all under 500 LOC:
- license_policy.go → +_types.go (engine logic / type definitions)
- models.go → +_intake.go, +_assessment.go (enums+domains / intake structs / output+DB types)
- pdf_export.go → +_markdown.go (PDF export / markdown export)
- escalation_store.go → +_dsb.go (main escalation ops / DSB pool ops)
- obligations_registry.go → +_grouping.go (registry core / grouping methods)
All files remain in package ucca. Zero behavior changes.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-19 10:03:51 +02:00
3f1444541f
refactor(go/iace): split tech_file_generator, hazard_patterns, models, completeness
...
Split 4 oversized files (503-679 LOC each) into focused units all under 500 LOC:
- tech_file_generator.go → +_prompts, +_prompt_builder, +_fallback
- hazard_patterns_extended.go → +_extended2.go (HP074-HP102 extracted)
- models.go → +_entities.go, +_api.go (enums / DB entities / API types)
- completeness.go → +_gates.go (gate definitions extracted)
All files remain in package iace. Zero behavior changes.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-19 10:03:44 +02:00
13f57c4519
refactor(go): split obligations, portfolio, rbac, whistleblower handlers and stores, roadmap parser
...
Split 7 files exceeding the 500 LOC hard cap into 16 files, all under 500 LOC.
No exported symbols renamed; zero behavior changes.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-19 10:00:15 +02:00
3f2aff2389
refactor(go): split roadmap_handlers, academy/store, extract cmd/server/main to internal/app
...
roadmap_handlers.go (740 LOC) → roadmap_handlers.go, roadmap_item_handlers.go, roadmap_import_handlers.go
academy/store.go (683 LOC) → store_courses.go, store_enrollments.go
cmd/server/main.go (681 LOC) → internal/app/app.go (Run+buildRouter) + internal/app/routes.go (registerXxx helpers)
main.go reduced to 7 LOC thin entrypoint calling app.Run()
All files under 410 LOC. Zero behavior changes, same package declarations.
go vet passes on all directly-split packages.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-19 09:51:11 +02:00
3fb5b94905
refactor(go): split portfolio, workshop, training/models, roadmap stores
...
portfolio/store.go (818 LOC) → store_portfolio.go, store_items.go, store_metrics.go
workshop/store.go (793 LOC) → store_sessions.go, store_participants.go, store_responses.go
training/models.go (757 LOC) → models_enums.go, models_core.go, models_api.go, models_blocks.go
roadmap/store.go (757 LOC) → store_roadmap.go, store_items.go, store_import.go
All files under 350 LOC. Zero behavior changes, same package declarations.
go vet passes on all five packages.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-19 09:49:31 +02:00
c293d76e6b
refactor(go/ucca): split policy_engine, legal_rag, ai_act, nis2, financial_policy, dsgvo_module
...
Split 6 oversized files (719–882 LOC each) into focused files under 500 LOC:
- policy_engine.go → types, loader, eval, gen (4 files)
- legal_rag.go → types, client, http, context, scroll (5 files)
- ai_act_module.go → module, yaml, obligations (3 files)
- nis2_module.go → module, yaml, obligations + shared obligation_yaml_types.go (3+1 files)
- financial_policy.go → types, engine (2 files)
- dsgvo_module.go → module, yaml, obligations (3 files)
All in package ucca, zero exported symbol renames, go test ./internal/ucca/... passes.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-19 09:48:41 +02:00
e0b3c54212
refactor(go): split academy_handlers, workshop_handlers, content_generator
...
- academy_handlers.go (1046 LOC) → academy_handlers.go (228) + academy_enrollment_handlers.go (320) + academy_generation_handlers.go (472)
- workshop_handlers.go (923 LOC) → workshop_handlers.go (292) + workshop_interaction_handlers.go (452) + workshop_export_handlers.go (196)
- content_generator.go (978 LOC) → content_generator.go (491) + content_generator_media.go (497)
All files under 500 LOC hard cap. Zero behavior changes, no exported symbol renames. Both packages vet clean.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-19 09:44:07 +02:00
a83056b5e7
refactor(go/iace): split hazard_library and store into focused files under 500 LOC
...
All oversized iace files now comply with the 500-line hard cap:
- hazard_library_ai_sw.go split into ai_sw (false_classification..communication)
and ai_fw (unauthorized_access..update_failure)
- hazard_library_software_hmi.go split into software_hmi (software_fault+hmi)
and config_integration (configuration_error+logging+integration)
- hazard_library_machine_safety.go split to keep mechanical/electrical/thermal/emc,
safety_functions extracted into hazard_library_safety_functions.go
- store_hazards.go split: hazard library queries moved to store_hazard_library.go
- store_projects.go split: component and classification ops to store_components.go
- store_mitigations.go split: evidence/verification/ref-data to store_evidence.go
- hazard_library.go GetBuiltinHazardLibrary() updated to call all sub-functions
- All iace tests pass (go test ./internal/iace/...)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-19 09:35:02 +02:00
9f96061631
refactor(go): split training/store, ucca/rules, ucca_handlers, document_export under 500 LOC
...
Each of the four oversized files (training/store.go 1569 LOC, ucca/rules.go 1231 LOC,
ucca_handlers.go 1135 LOC, document_export.go 1101 LOC) is split by logical group
into same-package files, all under the 500-line hard cap. Zero behavior changes,
no renamed exported symbols. Also fixed pre-existing hazard_library split (missing
functions and duplicate UUID keys from a prior session).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-19 09:29:54 +02:00
3f306fb6f0
refactor(go/handlers): split iace_handler and training_handlers into focused files
...
iace_handler.go (2706 LOC) split into 9 files:
- iace_handler.go: struct, constructor, shared helpers (~156 LOC)
- iace_handler_projects.go: project CRUD + InitFromProfile (~310 LOC)
- iace_handler_components.go: components + classification (~387 LOC)
- iace_handler_hazards.go: hazard library, CRUD, risk assessment (~469 LOC)
- iace_handler_mitigations.go: mitigations, evidence, verification plans (~293 LOC)
- iace_handler_techfile.go: CE tech file generation/export (~452 LOC)
- iace_handler_monitoring.go: monitoring events + audit trail (~134 LOC)
- iace_handler_refdata.go: ISO 12100 ref data, patterns, suggestions (~465 LOC)
- iace_handler_rag.go: RAG library search + section enrichment (~142 LOC)
training_handlers.go (1864 LOC) split into 9 files:
- training_handlers.go: struct + constructor (~23 LOC)
- training_handlers_modules.go: module CRUD (~226 LOC)
- training_handlers_matrix.go: CTM matrix endpoints (~95 LOC)
- training_handlers_assignments.go: assignment lifecycle (~243 LOC)
- training_handlers_quiz.go: quiz submit/grade/attempts (~185 LOC)
- training_handlers_content.go: LLM content/audio/video generation (~274 LOC)
- training_handlers_media.go: media, streaming, interactive video (~325 LOC)
- training_handlers_blocks.go: block configs + canonical controls (~280 LOC)
- training_handlers_stats.go: deadlines, escalation, audit, certificates (~290 LOC)
All files remain in package handlers. Zero behavior changes. All exported
function names preserved. All files under 500 LOC hard cap.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-19 09:17:20 +02:00
4fcb842a92
feat: Tender-Analyse Pipeline — Upload, Extraction, Control-Matching
...
Phase 3 des Payment Compliance Moduls:
1. Backend: Tender Upload + LLM Requirement Extraction + Control Matching
- DB Migration 025 (tender_analyses Tabelle)
- TenderHandlers: Upload, Extract, Match, List, Get (5 Endpoints)
- LLM-Extraktion via Anthropic API mit Keyword-Fallback
- Control-Matching mit Domain-Bonus + Keyword-Overlap Relevance
2. Frontend: Dritter Tab "Ausschreibung" in /sdk/payment-compliance
- PDF/TXT/Word Upload mit Drag-Area
- Automatische Analyse-Pipeline (Upload → Extract → Match)
- Ergebnis-Dashboard: Abgedeckt/Teilweise/Luecken
- Requirement-by-Requirement Matching mit Control-IDs + Relevanz%
- Gap-Beschreibung fuer nicht-gematchte Requirements
- Analyse-Historie mit Klick-to-Detail
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-13 09:35:46 +02:00
38d3d24121
feat: Payment Terminal Compliance Modul — Phase 1+2
...
1. Control-Bibliothek: 130 Controls in 10 Domaenen (payment_controls_v1.json)
- PAY (20): Transaction Flow, Idempotenz, State Machine
- LOG (15): Audit Trail, PAN-Maskierung, Event-Typen
- CRYPTO (15): Secrets, HSM, P2PE, TLS
- API (15): Auth, RBAC, Rate Limiting, Injection
- TERM (15): ZVT/OPI, Heartbeat, Offline-Queue
- FW (10): Firmware Signing, Secure Boot, Tamper Detection
- REP (10): Reconciliation, Tagesabschluss, GoBD
- ACC (10): MFA, Session, Least Privilege
- ERR (10): Recovery, Circuit Breaker, Offline-Modus
- BLD (10): CI/CD, SBOM, Container Scanning
2. Backend: DB Migration 024, Go Handler (5 Endpoints), Routes
3. Frontend: /sdk/payment-compliance mit Control-Browser + Assessment-Wizard
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-13 07:51:59 +02:00
2f8269d115
test: Domain-Context Tests — 22 Tests (HR, Edu, HC, CritInfra, Marketing, Mfg, AGG)
...
BLOCK-Tests: AutomatedRejection, MinorsWithoutTeacher, MDRUnvalidated,
SafetyCriticalNoRedundancy, DeepfakeUnlabeled, ManufacturingUnvalidated,
ReviewManipulation
Positive Tests: HumanReview OK, TeacherReview OK, DeepfakeLabeled OK
Risk Tests: AGG visible, Triage high risk
Loader Tests: AGG + AI Act obligations count, applicability
Resolver Tests: HRContext, NilContext, HealthcareContext
Meta: TotalObligationsCount, DomainConstants
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-13 06:59:11 +02:00
532febe35c
fix: Build-Fehler — LegalContext Namenskollision + Registration Handler
...
- LegalContext → LegalDomainContext (Kollision mit legal_rag.go LegalContext)
- ExplainResponse.LegalContext bleibt unveraendert (RAG-Typ)
- Registration Handler: Intake ist struct, kein []byte
- Unbenutzten json Import entfernt
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 23:57:00 +02:00
d892ad161f
feat: Domain-Fragen fuer 10 weitere Domains (24 von 39 total, 62%)
...
10 neue Context-Structs + Field-Resolver + 22 YAML-Regeln + Frontend:
- Agriculture: Pestizid-KI, Tierwohl, Umweltdaten
- Social Services: Schutzbeduerftiger, Leistungszuteilung, Fallmanagement
- Hospitality: Gaeste-Profiling, dynamische Preise, Bewertungsmanipulation=BLOCK
- Insurance: Praemien, Schadensautomation, Betrugserkennung
- Investment: Algo-Trading, Robo Advisor (MiFID II)
- Defense: Dual-Use, Exportkontrolle, Verschlusssachen
- Supply Chain: Lieferantenueberwachung, Menschenrechte (LkSG)
- Facility: Zutrittskontrolle, Belegung, Energie
- Sports: Athleten-Tracking, Fan-Profiling
Domains mit Fragen: 24 von 39 (62%)
YAML-Regeln total: ~66
Neue BLOCKs: Bewertungsmanipulation (UWG/DSA)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 23:04:35 +02:00
17153ccbe8
feat: Domain-Fragen fuer 10 weitere Domains (14 total)
...
10 neue Context-Structs + Field-Resolver + ~30 YAML-Regeln + Frontend:
- Legal/Justice: Rechtsberatung, Urteilsprognose, Mandantengeheimnis
- Public Sector: Verwaltungsentscheidungen, Leistungsverteilung, FRIA
- Critical Infra: Netzsteuerung, Sicherheitskritisch, Redundanz
- Automotive: Autonomes Fahren, ADAS, ISO 26262
- Retail/E-Commerce: Preise, Scoring, Dark Patterns
- IT/Cybersecurity: Surveillance, Threat Detection, Log-Retention
- Logistics: Fahrer-Tracking, Workload-Scoring
- Construction: Mieterauswahl, Arbeitsschutz
- Marketing/Media: Deepfakes=BLOCK, Minderjaehrige, Targeting
- Manufacturing: Maschinensicherheit=BLOCK, CE-Kennzeichnung
Domains mit Fragen: 14 von 39 (36%)
YAML-Regeln total: ~44 (14 vorher + 30 neu)
BLOCK-Regeln: Deepfakes ungekennzeichnet, Maschinensicherheit unvalidiert,
Kritische Infra ohne Redundanz
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 22:50:26 +02:00
352d7112c9
feat: Domain YAML-Regeln (14 Regeln) + Field-Resolver fuer HR/Edu/HC
...
1. 14 neue YAML-Regeln in Kategorie K (Domain-Hochrisiko):
- HR: 5 Regeln (Screening, Absagen=BLOCK, AGG, Bias, Performance)
- Education: 3 Regeln (Noten, Minderjaehrige=BLOCK, Zugangssteuerung)
- Healthcare: 4 Regeln (Diagnose, Triage, MDR=BLOCK, Gesundheitsdaten)
2. Field-Resolver: getHRContextValue(), getEducationContextValue(), getHealthcareContextValue()
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 22:35:48 +02:00
0957254547
feat: Domain-spezifische UCCA-Fragen (HR, Education, Healthcare) + AGG-Modul
...
1. Domain-Context Structs: HRContext (7 Felder), EducationContext (6), HealthcareContext (6)
— nach FinancialContext-Pattern, optionale Structs in UseCaseIntake
2. AGG Obligations Modul: 8 Obligations (§1-§22 AGG)
— Bias-Audit, Beweislastumkehr, Proxy-Merkmale, Beschwerdemechanismus
— Applicability: domain=hr/recruiting, country=DE
3. Frontend: Conditional Domain-Fragen in Step 4 des UCCA-Wizard
— HR: 6 Fragen (Screening, Absagen, AGG, Bias-Audit, Human Review)
— Education: 5 Fragen (Noten, Pruefungen, Minderjaehrige, Lehrkraft-Review)
— Healthcare: 6 Fragen (Diagnose, Triage, MDR, klinische Validierung)
— Farbcodierung: rot=Risiko, gruen=Schutzmassnahme
— Domain-Contexts im Submit-Payload gemappt
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 22:06:15 +02:00
f17608a956
feat: EU AI Database Registration (Art. 49) — Backend + Frontend
...
Backend (Go):
- DB Migration 023: ai_system_registrations Tabelle
- RegistrationStore: CRUD + Status-Management + Export-JSON
- RegistrationHandlers: 7 Endpoints (Create, List, Get, Update, Status, Prefill, Export)
- Routes in main.go: /sdk/v1/ai-registration/*
Frontend (Next.js):
- 6-Step Wizard: Anbieter → System → Klassifikation → Konformitaet → Trainingsdaten → Pruefung
- System-Karten mit Status-Badges (Entwurf/Bereit/Eingereicht/Registriert)
- JSON-Export fuer EU-Datenbank-Submission
- Status-Workflow: draft → ready → submitted → registered
- API Proxy Routes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-12 17:13:39 +02:00
Benjamin Admin