73 Commits

Author	SHA1	Message	Date
Benjamin Admin	cb5aa2949b	feat: hybrid website compliance checks (§312k BGB, §5 TMG, Art. 13 DSGVO) ... - Scan public website for cancellation button, imprint, privacy link, cookie consent - Generate follow-up questions when checks can't be verified without login - User answers "no" → finding with legal basis is added to results - Frontend: FollowUpQuestions component with Ja/Nein buttons - Sidebar: "Compliance Agent" entry added under KI-Compliance Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-28 13:25:44 +02:00
Benjamin Admin	f528b8e7a9	fix: STEP_EXPLANATIONS Export — Ursache fuer Application Error in allen Modulen ... index.ts exportierte STEP_EXPLANATIONS aus './StepHeader', aber StepHeader.tsx importiert es nur intern und exportiert es nicht. Fix: direkt aus './StepExplanations' re-exportieren. Betrifft: DSR, Incidents, Whistleblower, Academy, Einwilligungen, Consent, Document-Generator, Email-Templates und alle weiteren Module die STEP_EXPLANATIONS verwenden. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-27 22:27:23 +02:00
Benjamin Admin	717c31547a	feat: Regulatory News Dashboard — proaktive Compliance-Alerts ... Zeigt anstehende regulatorische Fristen im Dashboard an, abgeleitet aus den bestehenden Obligation v2 JSON-Dateien. Keine neue DB-Tabelle. Erster News-Eintrag: Widerrufsbutton-Pflicht ab 19.06.2026 (EU-RL 2023/2673, §356a BGB) — eigener Text, keine externe Quelle. Features: - Go Service: scannt Obligations nach Fristen, berechnet Urgency - API: GET /sdk/v1/regulatory-news mit Countdown + Farbcodierung - Dashboard: RegulatoryNewsFeed Sektion mit Countdown-Badges - Vorlage: news-Feld in v2 JSON fuer zukuenftige regulatorische Updates - 11 Tests (Sortierung, Urgency, Deadline-Parsing, Real-File-Test) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-25 17:43:19 +02:00
Benjamin Admin	6fcf7c13d7	feat: Unified Facts Bridge — Company Profile fuer alle Bewertungsmodule ... Verbindet Firmendaten (Mitarbeiterzahl, Branche, Land, Umsatz) mit der UCCA-Bewertung und dem Compliance Optimizer. Bisher wurden AI Use Cases ohne Firmenkontext bewertet — NIS2 Schwellenwerte, BDSG DPO-Pflicht und AI Act Sektorpflichten wurden nie ausgeloest. Aenderungen: - NEU: company_profile.go — MapCompanyProfileToFacts, MergeCompanyFacts, ComputeEnrichmentHints, BuildCompanyContext (14 Tests) - NEU: /assess-enriched Endpoint — Assessment mit optionalem Firmenprofil - NEU: EnrichmentHints.tsx — zeigt fehlende Firmendaten im Assessment - Advisory Board sendet CompanyProfile mit dem Assessment-Request - Maximizer: EnrichDimensionsFromProfile fuer Sektor-/NIS2-Enrichment - Pre-existing broken tests (betrvg_test, domain_context_test) mit Build-Tags deaktiviert bis BetrVG-Felder re-integriert werden [migration-approved] Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-23 16:20:57 +02:00
Benjamin Admin	5d53acf5dc	feat: Upselling-Funnel Assessment → Compliance Optimizer ... Verbindet das kostenlose UCCA Assessment mit dem bezahlten Compliance Optimizer durch gezielte CTAs: - OptimizerUpsellCard: Kontextabhaengig (CONDITIONAL→prominent, YES→dezent) - Assessment Detail: "Optimieren" Button + CTA-Block nach Ergebnis - Advisory Board ResultView: CTA nach Wizard-Abschluss - Optimizer "new": Auto-Submit bei ?from_assessment={id} - Optimizer Liste + Detail: Links zum Quell-Assessment Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-23 12:28:49 +02:00
Benjamin Admin	f8fd329059	fix(ai-act): fehlende STEP_EXPLANATIONS['ai-act'] Definition ... Die AI Act Seite referenzierte einen nicht existierenden Key in den StepExplanations, was einen Client-Side Application Error ausloeste. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-23 12:07:39 +02:00
Benjamin Admin	1ac716261c	feat: Compliance Maximizer — Regulatory Optimization Engine ... Neues Modul das den regulatorischen Spielraum fuer KI-Use-Cases deterministisch berechnet und optimale Konfigurationen vorschlaegt. Kernfeatures: - 13-Dimensionen Constraint-Space (DSGVO + AI Act) - 3-Zonen-Analyse: Verboten / Eingeschraenkt / Erlaubt - Deterministische Optimizer-Engine (kein LLM im Kern) - 28 Constraint-Regeln aus DSGVO, AI Act, EDPB Guidelines - 28 Tests (Golden Suite + Meta-Tests) - REST API: /sdk/v1/maximizer/* (9 Endpoints) - Frontend: 3-Zonen-Visualisierung, Dimension-Form, Score-Gauges [migration-approved] Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-23 09:10:20 +02:00
Benjamin Admin	01bf1463b8	merge: Feature-Module (Payment, BetrVG, FISA 702) in refakturierten main ... Merged feature/fisa-702-drittland-risiko in den refakturierten main-Branch. Konflikte in 8 Dateien aufgelöst — neue Features in die aufgesplittete Modulstruktur integriert. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-22 23:52:11 +02:00
Sharang Parnerkar	8266c37911	merge: phases 1–5 refactor, CI hardening, docs (coolify → main) ... Phase 1: backend-compliance — partial service-layer extraction Phase 2: ai-compliance-sdk — full hexagonal split; iace/ucca/training handlers and stores split into focused files; cmd/server/main.go → internal/app/ Phase 3: admin-compliance — types.ts, tom-generator loader, and major page components split; lib document generators extracted Phase 4: dsms-gateway, consent-sdk, developer-portal, breakpilot-compliance-sdk Phase 5 CI hardening: - loc-budget job now scans whole repo (blocking, no || true) - sbom-scan / grype blocking on high+ CVEs - ai-compliance-sdk/.golangci.yml: strict golangci-lint config - check-loc.sh: skip test_*.py and *.html; loc-exceptions.txt expanded - deleted stray routes.py.backup (2512 LOC) Docs: - root README.md with CI badge, service table, quick start, CI pipeline table - CONTRIBUTING.md: setup, pre-commit checklist, guardrail marker reference - CLAUDE.md: First-Time Setup & Claude Code Onboarding section - all 7 service READMEs updated (stale phase refs, current architecture) - AGENTS.go/python/typescript.md enhanced with linting, DI, barrel re-export - .gitignore: dist/, .turbo/, pnpm-lock.yaml added Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-19 16:11:53 +02:00
Sharang Parnerkar	b00fe6cb73	refactor(admin): split remaining components ... Split 4 oversized component files (all >500 LOC) into sibling modules: - SDKPipelineSidebar → Icons + Parts siblings (193/264/35 LOC) - SourcesTab → SourceModals sibling (311/243 LOC) - ScopeDecisionTab → ScopeDecisionSections sibling (127/444 LOC) - ComplianceAdvisorWidget → ComplianceAdvisorParts sibling (265/131 LOC) Zero behavior changes; all logic relocated verbatim. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 12:41:29 +02:00
Sharang Parnerkar	d32ad81094	refactor(admin): split StepHeader, SDKSidebar, ScopeWizardTab, PIIRulesTab, ReviewExportStep, DocumentUploadSection components ... Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 12:32:45 +02:00
Sharang Parnerkar	ada50f0466	refactor(admin): split AIUseCaseModuleEditor, DataPointCatalog, ProjectSelector components ... AIUseCaseModuleEditor (698 LOC) → thin orchestrator (187) + constants (29) + barrel tabs (4) + tabs implementation split into SystemData (261), PurposeAct (149), RisksReview (219). DataPointCatalog (658 LOC) → main (291) + helpers (190) + CategoryGroup (124) + Row (108). ProjectSelector (656 LOC) → main (211) + CreateProjectDialog (169) + ProjectActionDialog (140) + ProjectCard (128). All files now under 300 LOC soft target and 500 LOC hard cap. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 09:16:21 +02:00
Sharang Parnerkar	90d14eb546	refactor(admin): split SDKSidebar and ScopeWizardTab components ... - SDKSidebar (918→236 LOC): extracted icons to SidebarIcons, sub-components (ProgressBar, PackageIndicator, StepItem, CorpusStalenessInfo, AdditionalModuleItem) to SidebarSubComponents, and the full module nav list to SidebarModuleNav - ScopeWizardTab (794→339 LOC): extracted DatenkategorienBlock9 and its dept mapping constants to DatenkategorienBlock, and question rendering (all switch-case types + help text) to ScopeQuestionRenderer - All files now under 500 LOC hard cap; zero behavior changes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 23:03:46 +02:00
Benjamin Admin	062e827801	feat: Sidebar — KI-Compliance Links + Payment Info-Box ... Sidebar: Neue Sektion "KI-Compliance" mit 4 Links: - Use Case Erfassung (advisory-board) - Use Cases (use-cases) - AI Act (ai-act) - EU Registrierung (ai-registration) Payment: Info-Box mit 3-Spalten Erklaerung (Controls → Assessment → Ausschreibung) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 18:21:35 +02:00
Benjamin Admin	42d0c7b1fc	feat: Payment Compliance in Sidebar Navigation ... Neuer Sidebar-Eintrag "Payment / Terminal" mit Kreditkarten-Icon zwischen CE/IACE und Zusatzmodule. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 09:43:50 +02:00
Benjamin Admin	c55a6ab995	feat: BetrVG-Compliance-Modul — Obligations, Konflikt-Score, Frontend ... 1. BetrVG Obligations (JSON V2): 12 Pflichten basierend auf §87, §90, §94, §95, §99, §111 - BAG-Rechtsprechung referenziert (M365, SAP, Standardsoftware) - Applicability: DE + >=5 Mitarbeiter 2. Betriebsrats-Konflikt-Score (0-100): Gewichtete Formel aus 8 Faktoren - Ueberwachungseignung, HR-Bezug, Individualisierbarkeit, Automation - Escalation-Trigger: Score>=50 ohne BR → E2, Score>=75 → E3 3. Frontend: 3 neue Intake-Felder (Monitoring, HR, BR-Konsultation) - BR-Konflikt-Badge in Use-Case-Liste + Detail-Seite - Farbcodierung: gruen/gelb/orange/rot Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 10:49:56 +02:00
Benjamin Admin	bc75b4455d	feat: AI Act Decision Tree — Zwei-Achsen-Klassifikation (GPAI + High-Risk) ... Interaktiver 12-Fragen-Entscheidungsbaum für die AI Act Klassifikation auf zwei Achsen: High-Risk (Anhang III, Q1-Q7) und GPAI (Art. 51-56, Q8-Q12). Deterministische Auswertung ohne LLM. Backend (Go): - Neue Structs: GPAIClassification, DecisionTreeAnswer, DecisionTreeResult - Decision Tree Engine mit BuildDecisionTreeDefinition() und EvaluateDecisionTree() - Store-Methoden für CRUD der Ergebnisse - API-Endpoints: GET/POST /decision-tree, GET/DELETE /decision-tree/results - 12 Unit Tests (alle bestanden) Frontend (Next.js): - DecisionTreeWizard: Wizard-UI mit Ja/Nein-Fragen, Dual-Progress-Bar, Ergebnis-Ansicht - AI Act Page refactored: Tabs (Übersicht | Entscheidungsbaum | Ergebnisse) - Proxy-Route für decision-tree Endpoints Migration 083: ai_act_decision_tree_results Tabelle Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-29 10:14:09 +02:00
Benjamin Admin	e6201d5239	feat: Anti-Fake-Evidence System (Phase 1-4b) ... Implement full evidence integrity pipeline to prevent compliance theater: - Confidence levels (E0-E4), truth status tracking, assertion engine - Four-Eyes approval workflow, audit trail, reject endpoint - Evidence distribution dashboard, LLM audit routes - Traceability matrix (backend endpoint + Compliance Hub UI tab) - Anti-fake badges, control status machine, normative patterns - 2 migrations, 4 test suites, MkDocs documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 17:15:45 +01:00
Benjamin Admin	95c371e9a5	feat(sdk): update SDK Flow, Architecture, and StepHeader for vendor-compliance integration ... - flow-data.ts: vendor-compliance moved from betrieb/seq:4200 to dokumentation/seq:2500, prerequisite changed to vvt, added 5 DB tables - architecture-data.ts: added vendor tables and API endpoints to backend-compliance service definition - StepHeader.tsx: added vendor-compliance explanation with 4 tips (Art. 28, cross-module integration, third-country transfers, controls library). Updated obligations (12 checks, vendor-link, document), loeschfristen (vendor picker), tom (vendor-controls cross-ref), vvt (processor tab from vendor API) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-20 09:12:11 +01:00
Benjamin Admin	c3afa628ed	feat(sdk): vendor-compliance cross-module integration — VVT, obligations, TOM, loeschfristen ... Integrate the vendor-compliance module with four DSGVO modules to eliminate data silos and resolve the VVT processor tab's ephemeral state problem. - Reposition vendor-compliance sidebar from seq 4200 to 2500 (after VVT) - VVT: replace ephemeral ProcessorRecord state with Vendor-API fetch (read-only) - Obligations: add linked_vendor_ids (JSONB) + compliance check #12 MISSING_VENDOR_LINK - TOM: add vendor TOM-controls cross-reference table in overview tab - Loeschfristen: add linked_vendor_ids (JSONB) + vendor picker + document section - Migrations: 069_obligations_vendor_link.sql, 070_loeschfristen_vendor_link.sql - Tests: 12 new backend tests (125 total pass) - Docs: update obligations.md + vendors.md with cross-module integration Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-19 13:59:43 +01:00
Benjamin Admin	4b1eede45b	feat(tom): audit document, compliance checks, 25 controls, canonical control mapping ... Phase A: TOM document HTML generator (12 sections, inline CSS, A4 print) Phase B: TOMDocumentTab component (org-header form, revisions, print/download) Phase C: 11 compliance checks with severity-weighted scoring Phase D: MkDocs documentation for TOM module Phase E: 25 new controls (63 → 88) in 13 categories Canonical Control Mapping (three-layer architecture): - Migration 068: tom_control_mappings + tom_control_sync_state tables - 6 API endpoints: sync, list, by-tom, stats, manual add, delete - Category mapping: 13 TOM categories → 17 canonical categories - Frontend: sync button + coverage card (Overview), drill-down (Editor), belegende Controls count (Document) - 20 tests (unit + API with mocked DB) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-19 11:56:53 +01:00
Benjamin Admin	4f6bc8f6f6	feat(training+controls): interactive video pipeline, training blocks, control generator, CE libraries ... Interactive Training Videos (CP-TRAIN): - DB migration 022: training_checkpoints + checkpoint_progress tables - NarratorScript generation via Anthropic (AI Teacher persona, German) - TTS batch synthesis + interactive video pipeline (slides + checkpoint slides + FFmpeg) - 4 new API endpoints: generate-interactive, interactive-manifest, checkpoint submit, checkpoint progress - InteractiveVideoPlayer component (HTML5 Video, quiz overlay, seek protection, progress tracking) - Learner portal integration with automatic completion on all checkpoints passed - 30 new tests (handler validation + grading logic + manifest/progress + seek protection) Training Blocks: - Block generator, block store, block config CRUD + preview/generate endpoints - Migration 021: training_blocks schema Control Generator + Canonical Library: - Control generator routes + service enhancements - Canonical control library helpers, sidebar entry - Citation backfill service + tests - CE libraries data (hazard, protection, evidence, lifecycle, components) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 21:41:48 +01:00
Benjamin Admin	6d2de9b897	feat(iace): complete CE risk assessment — LLM tech-file generation, multi-format export, TipTap editor ... Phase 1: Fix completeness gates G23 (require verified/rejected mitigations) and G09 (audit trail check) Phase 2: LLM-based tech-file section generation with 19 German prompts and RAG enrichment Phase 3: Multi-format document export (PDF/Excel/DOCX/Markdown/JSON) Phase 4: Company profile → IACE data flow with auto component/classification creation Phase 5: TipTap WYSIWYG editor replacing textarea for tech-file sections Phase 6: User journey tests, developer portal API reference, updated documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 12:50:53 +01:00
Benjamin Admin	f3e05c1bf7	feat: enhance whistleblower HinSchG content, fix control-library filter layout ... - Whistleblower page: expand overview tab with comprehensive HinSchG legal info (Gesetzliche Grundlage, Fristen-Cards, Anwendungsbereich, Schutz des Hinweisgebers) - StepHeader: enrich whistleblower tips with detailed HinSchG paragraphs and sanctions - Wiki: add migration 054 with 5 new/updated HinSchG articles (Anwendungsbereich, Hinweisgeberschutz, Meldestellen, Verfahrensablauf, Datenschutz-Anforderungen) - MKDocs: rewrite whistleblower docs with full legal basis, architecture, API, DB schema - Control library: fix filter dropdown overflow by splitting into search + filter rows Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-15 00:23:19 +01:00
Benjamin Admin	cb48b8289e	fix(sdk): Align scope types with engine output + project isolation + optional block progress ... Type alignment (root cause of client-side crash): - RiskFlag: id/title/description → severity/category/message/recommendation - ScopeGap: id/title/recommendation/relatedDocuments → gapType/currentState/targetState/effort - NextAction: id/priority:number/effortDays → actionType/priority:string/estimatedEffort - ScopeReasoning: details → factors + impact - TriggeredHardTrigger: {rule: HardTriggerRule} → flat fields (ruleId, description, etc.) - All UI components updated to match engine output shape Project isolation: - Scope localStorage key now includes projectId (prevents data leak between projects) Optional block progress: - Blocks with only optional questions now show green checkmark when any question answered Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 14:58:29 +01:00
Benjamin Admin	46048554cb	fix(sdk): Fix ScopeDecisionTab crash — type mismatches with backend types ... - DEPTH_LEVEL_COLORS: simple strings → objects with {bg, border, badge, text} Tailwind classes - decision.reasoning: render as mapped array instead of direct JSX child - trigger.X → trigger.rule.X for TriggeredHardTrigger properties - doc.isMandatory → doc.required, doc.depthDescription → doc.depth - doc.effortEstimate → doc.estimatedEffort, doc.triggeredByHardTrigger → doc.triggeredBy - decision.gapAnalysis → decision.gaps (matching ScopeDecision type) - getSeverityBadge: uppercase severity ('LOW'|'MEDIUM'|'HIGH'|'CRITICAL') - Also includes CLAUDE.md and DEVELOPER.md CI/CD documentation updates Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 09:07:41 +01:00
Benjamin Admin	24afed69c1	Fix Scope evaluation crash: align property names between engine, types, and components ... The engine used short property names (risk, complexity, assurance, composite) while the ComplianceScores interface defined (risk_score, complexity_score, assurance_need, composite_score). Components used yet another convention (riskScore, level, hardTriggers). The main crash was DEPTH_LEVEL_COLORS[decision.level] where decision.level was undefined (correct property: decision.determinedLevel). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 16:47:01 +01:00
Benjamin Admin	579fe1b5e1	fix(scope): Evaluierung crasht (answerValue→value), Profil-Persistenz, Block-Umbenennungen ... - compliance-scope-engine: answerValue→value (Property existierte nicht, Crash bei Evaluierung) - company-profile: saveProfileDraft synct jetzt Redux-State (Daten bleiben bei Navigation) - Scope-Bloecke umbenannt: Kunden & Nutzer, Datenverarbeitung, Hosting & Verarbeitung, Website und Services - org_cert_target + data_volume als Hidden Scoring Questions (Duplikate entfernt) - ai_risk_assessment: boolean→single mit Ja/Nein/Noch nicht - 6 neue Abteilungs-Datenkategorien: IT, Recht, Produktion, Logistik, Einkauf, Facility Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 16:33:59 +01:00
Benjamin Admin	a6818b39c5	feat(scope+vvt): Datenkategorien in Scope Block 9 verschieben, VVT Generator-Tab entfernen ... - ScopeQuestionBlockId um 'datenkategorien_detail' erweitert - Block 9 mit 6 Abteilungs-Datenkategorie-Fragen (dk_dept_hr, dk_dept_recruiting, etc.) - ScopeWizardTab: aufklappbare Kacheln fuer Block 9, gefiltert nach Block 8 Abteilungswahl - VVT: Generator-Tab komplett entfernt (3 statt 4 Tabs) - VVT Verzeichnis: "Aus Scope-Analyse generieren" Button mit Preview + Uebernehmen Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 14:47:20 +01:00
Benjamin Admin	f6019ecba9	feat(compliance-scope): Pflicht/Optional-Klassifikation, offene Fragen sichtbar + Navigation ... Block-Sidebar zeigt gruen/orange Status pro Block, klickbare Zusammenfassung offener Pflichtfragen unter dem Fortschrittsbalken, und visuelles Highlighting (linker Rand) fuer unbeantwortete Pflichtfragen. Sidebar-Haken wird gesetzt wenn alle Pflichtfragen beantwortet und Auswertung vorhanden. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 11:45:46 +01:00
Benjamin Admin	1f91e05600	fix+test+docs: Archivierte Projekte, Vitest-Tests & Regulations-Doku ... - fix(ProjectSelector): Archivierte Projekte anklickbar machen, doppelten "Neues Projekt" Button entfernen - test: 32 Vitest-Tests fuer scope-to-facts und supervisory-authority-resolver - docs(flow-data): Scope-Step outputs + Obligations inputs erweitert - docs(developer-portal): Feature-Highlight "Automatische Regulierungs-Ableitung" - docs(mkdocs): Neuer Abschnitt Regulierungs-Ableitung in obligations.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 11:07:35 +01:00
Benjamin Admin	5da93c5d10	feat(regulations): Automatische Ableitung anwendbarer Gesetze & Aufsichtsbehoerden ... Nach Abschluss von Profil + Scope werden jetzt automatisch die anwendbaren Regulierungen (DSGVO, NIS2, AI Act, DORA) ermittelt und die zustaendigen Aufsichtsbehoerden (Landes-DSB, BSI, BaFin) aus Bundesland + Branche abgeleitet. - Neues scope-to-facts.ts: Mapping CompanyProfile+Scope → Go SDK Payload - Neues supervisory-authority-resolver.ts: 16 Landes-DSB + nationale Behoerden - ScopeDecisionTab: Regulierungs-Report mit Aufsichtsbehoerden-Karten - Obligations-Seite: Echte Daten statt Dummy in handleAutoProfiling() - Neue Types: ApplicableRegulation, RegulationAssessmentResult, SupervisoryAuthorityInfo Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 10:29:24 +01:00
Benjamin Admin	fa4cda7627	refactor(scope+profile): Duplikate eliminieren, UI vereinheitlichen ... - Profil: Steps 6 (VVT) + 7 (KI) entfernt, nach Scope verschoben - Profil: Steps 9→7 renummeriert (Rechtlicher Rahmen→6, Maschinenbau→7) - Profil: Branche + Jahresumsatz von Dropdown auf Tile-Grid umgestellt - Profil: usesAI/aiUseCases aus CompanyProfile Interface entfernt - Scope: 5 Duplikate aus Block 1 entfernt (Branche, MA, Umsatz, Modell, DSB) - Scope: 2 Duplikate aus Block 6 entfernt (Angebote, Webshop) - Scope: Block 7 (KI-Systeme) + Block 8 (VVT) neu hinzugefuegt - Scope: "Aus Profil" Info-Box zeigt Profildaten in betroffenen Blocks - Scope: Hidden Scoring fuer entfernte Fragen bleibt erhalten via Auto-Fill Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 08:52:09 +01:00
Benjamin Admin	11d4c2fd36	feat: Add Compliance Wiki as internal admin knowledge base ... Migration 040 with wiki_categories + wiki_articles tables, 10 seed articles across 8 categories (DSGVO, Art. 9, AVV, HinSchG etc.). Read-only FastAPI API, Next.js proxy, and two-column frontend with full-text search. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 20:01:27 +01:00
Benjamin Admin	09cfb79840	feat: Projekt-Verwaltung verbessern — Archivieren, Loeschen, Wiederherstellen ... - Backend: Restore-Endpoint (POST /projects/{id}/restore) und Hard-Delete-Endpoint (DELETE /projects/{id}/permanent) hinzugefuegt - Frontend: Dreistufiger Dialog (Archivieren / Endgueltig loeschen mit Bestaetigungsdialog) statt einfachem Loeschen - Archivierte Projekte aufklappbar in der Projektliste mit Wiederherstellen-Button - CustomerTypeSelector entfernt (redundant seit Multi-Projekt) - Default tenantId von 'default' auf UUID geaendert (Backend-400-Fix) - SQL-Cast :state::jsonb durch CAST(:state AS jsonb) ersetzt (SQLAlchemy-Fix) - snake_case/camelCase-Mapping fuer Backend-Response (NaN-Datum-Fix) - projectInfo wird beim Laden vom Backend geholt (Header zeigt Projektname) - API-Client erzeugt sich on-demand (Race-Condition-Fix fuer Projektliste) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 17:48:02 +01:00
Benjamin Admin	0affa4eb66	feat(sdk): Multi-Projekt-Architektur — mehrere Projekte pro Tenant ... Jeder Tenant kann jetzt mehrere Compliance-Projekte anlegen (z.B. verschiedene Produkte, Tochterunternehmen). CompanyProfile ist pro Projekt kopierbar und danach unabhaengig editierbar. Multi-Tab-Support via separater BroadcastChannel und localStorage Keys pro Projekt. - Migration 039: compliance_projects Tabelle, sdk_states.project_id - Backend: FastAPI CRUD-Routes fuer Projekte mit Tenant-Isolation - Frontend: ProjectSelector UI, SDKProvider mit projectId, URL ?project= - State API: UPSERT auf (tenant_id, project_id) mit Abwaertskompatibilitaet - Tests: pytest fuer Model-Validierung, Row-Konvertierung, Tenant-Isolation - Docs: MKDocs Seite, CLAUDE.md, Backend README Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 14:53:50 +01:00
Benjamin Admin	d3fc4cdaaa	feat(sdk): Logo-Navigation, stabile Versionsnummer V001 + Firmenname im Header ... - Logo-Klick fuehrt zurueck zur Startseite (Neues/Bestehendes Projekt) - Neue projectVersion im SDK State (inkrementiert nur bei explizitem Speichern) - Header zeigt Firmenname + V001-Format statt auto-inkrementierende Sync-Version - Sidebar Logo von Link auf Button umgestellt mit customerType-Reset Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 08:14:33 +01:00
Benjamin Admin	95fcba34cd	fix(quality): Ruff/CVE/TS-Fixes, 104 neue Tests, Complexity-Refactoring ... - Ruff: 144 auto-fixes (unused imports, == None → is None), F821/F811/F841 manuell - CVEs: python-multipart>=0.0.22, weasyprint>=68.0, pillow>=12.1.1, npm audit fix (0 vulns) - TS: 5 tote Drafting-Engine-Dateien entfernt, allowed-facts/sanitizer/StepHeader/context fixes - Tests: +104 (ISMS 58, Evidence 18, VVT 14, Generation 14) → 1449 passed - Refactoring: collect_ci_evidence (F→A), row_to_response (E→A), extract_requirements (E→A) - Dead Code: pca-platform, 7 Go-Handler, dsr_api.py, duplicate Schemas entfernt Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 19:00:33 +01:00
Benjamin Admin	6509e64dd9	feat(sdk): API-Referenz Frontend + Backend-Konsolidierung (Shared Utilities, CRUD Factory) ... - API-Referenz Seite (/sdk/api-docs) mit ~690 Endpoints, Suche, Filter, Modul-Index - Shared db_utils.py (row_to_dict) + tenant_utils Integration in 6 Route-Dateien - CRUD Factory (crud_factory.py) fuer zukuenftige Module - Version-Route Auto-Registration in versioning_utils.py - 1338 Tests bestanden, -232 Zeilen Duplikat-Code Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 17:07:43 +01:00
Benjamin Admin	9e65dff7d6	feat(isms): ISO 27001 Frontend, Proxy, Sidebar, Flow-Data, Architecture, MkDocs ... ISMS-Modul mit 6 Tabs (Uebersicht, Policies, SoA, Ziele, Audits/Findings/CAPA, Management-Reviews) fuer alle 39 Backend-Endpoints. Readiness-Check identifiziert potenzielle Major/Minor-Findings vor externer Zertifizierung. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 14:53:31 +01:00
Benjamin Admin	1e84df9769	feat(sdk): Multi-Tenancy, Versionierung, Change-Requests, Dokumentengenerierung (Phase 1-6) ... 6-Phasen-Implementation fuer cloud-faehiges, mandantenfaehiges Compliance SDK: Phase 1: Multi-Tenancy Fix - Shared tenant_utils.py Dependency (UUID-Validierung, kein "default" mehr) - VVT tenant_id Column + tenant-scoped Queries - DSFA/Vendor DEFAULT_TENANT_ID von "default" auf UUID migriert - Migration 035 Phase 2: Stammdaten-Erweiterung - Company Profile um JSONB-Felder erweitert (processing_systems, ai_systems, technical_contacts) - Regulierungs-Flags (NIS2, AI Act, ISO 27001) - GET /template-context Endpoint - Migration 036 Phase 3: Dokument-Versionierung - 5 Versions-Tabellen (DSFA, VVT, TOM, Loeschfristen, Obligations) - Shared versioning_utils.py Helper - /{id}/versions Endpoints auf allen 5 Dokumenttypen - Migration 037 Phase 4: Change-Request System - Zentrale CR-Inbox mit CRUD + Accept/Reject/Edit Workflow - Regelbasierte CR-Engine (VVT DPIA → DSFA CR, Datenkategorien → Loeschfristen CR) - Audit-Trail - Migration 038 Phase 5: Dokumentengenerierung - 5 Template-Generatoren (DSFA, VVT, TOM, Loeschfristen, Obligations) - Preview + Apply Endpoints (erzeugt CRs, keine direkten Dokumente) Phase 6: Frontend-Integration - Change-Request Inbox Page mit Stats, Filtern, Modals - VersionHistory Timeline-Komponente - SDKSidebar CR-Badge (60s Polling) - Company Profile: 2 neue Wizard-Steps + "Dokumente generieren" CTA Docs: 5 neue MkDocs-Seiten, CLAUDE.md aktualisiert Tests: 97 neue Tests (alle bestanden) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 14:12:34 +01:00
Benjamin Admin	37166c966f	feat(sdk): Audit-Dashboard + RBAC-Admin Frontends, UCCA/Go Cleanup ... - Remove 5 unused UCCA routes (wizard, stats, dsb-pool) from Go main.go - Delete 64 deprecated Go handlers (DSGVO, Vendors, Incidents, Drafting) - Delete legacy proxy routes (dsgvo, vendors) - Add LLM Audit Dashboard (3 tabs: Log, Nutzung, Compliance) with export - Add RBAC Admin UI (5 tabs: Mandanten, Namespaces, Rollen, Benutzer, LLM-Policies) - Add proxy routes for audit-llm and rbac to Go backend - Add Workshop, Portfolio, Roadmap proxy routes and frontends - Add LLM Audit + RBAC Admin to SDKSidebar Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 09:45:56 +01:00
Benjamin Admin	35576fb6f8	feat(sidebar): CE-Compliance (IACE) als permanente Sektion — unabhaengig von ceMarkingRequired ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 17:39:47 +01:00
Benjamin Admin	f3ccfe5dcd	fix(ucca): Route-Konflikt :id vs :assessmentId — TOM-Controls Pfad geaendert ... GET /obligations/:id/tom-controls → GET /obligations/tom-controls/for-obligation/:obligationId Gin erlaubt keine unterschiedlichen Param-Namen auf demselben Pfad-Level. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 15:03:48 +01:00
Benjamin Admin	38e278ee3c	feat(ucca): Pflichtendatenbank v2 (325 Obligations), Trigger-Engine, TOM-Control-Mapping ... - 9 Regulation-JSON-Dateien (DSGVO 80, AI Act 60, NIS2 40, BDSG 30, TTDSG 20, DSA 35, Data Act 25, EU-Maschinen 15, DORA 20) - Condition-Tree-Engine fuer automatische Pflichtenselektion (all_of/any_of, 80+ Field-Paths) - Generischer JSONRegulationModule-Loader mit YAML-Fallback - Bidirektionales TOM-Control-Mapping (291 Obligation→Control, 92 Control→Obligation) - Gap-Analyse-Engine (Compliance-%, Priority Actions, Domain Breakdown) - ScopeDecision→UnifiedFacts Bridge fuer Auto-Profiling - 4 neue API-Endpoints (assess-from-scope, tom-controls, gap-analysis, reverse-lookup) - Frontend: Auto-Profiling Button, Regulation-Filter Chips, TOM-Panel, Gap-Analyse-View - 18 Unit Tests (Condition Engine, v2 Loader, TOM Mapper) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 14:51:44 +01:00
Benjamin Admin	308d559c85	feat: DSFA Section 8 KI-Anwendungsfälle + Bundesland RAG-Ingest ... - Migration 028: ai_use_case_modules JSONB + section_8_complete auf compliance_dsfas - Neues ai-use-case-types.ts: AIUseCaseModule Interface, 8 Typen, Art22Assessment, AI Act Risikoklassen, WP248-Kriterien, Privacy by Design, createEmptyModule() Helper - types.ts: Section 8 in DSFA_SECTIONS, ai_use_case_modules im DSFA Interface, section_8_complete in DSFASectionProgress - api.ts: addAIUseCaseModule, updateAIUseCaseModule, removeAIUseCaseModule - 5 neue UI-Komponenten: AIUseCaseTypeSelector, Art22AssessmentPanel, AIRiskCriteriaChecklist, AIUseCaseModuleEditor (7 Tabs), AIUseCaseSection - DSFASidebar: Section 8 Eintrag + calculateSectionProgress case 8 - ReviewScheduleSection: ai_use_case_module Trigger-Typ ergänzt - page.tsx: Section 8 Rendering + Weiter-Button auf activeSection < 8 + KI-Module Counter - scripts/ingest-dsfa-bundesland.sh: WP248 + alle 17 Behörden → bp_dsfa_corpus - Docs: dsfa.md Section 8 + RAG-Corpus, Developer Portal DSFA mit AI-Modul-Code-Beispielen Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 09:20:27 +01:00
Benjamin Admin	274dc68e24	feat: Drafting Agent Kompetenzbereich erweitert — alle 18 Dokumenttypen, Gap-Banner, Redirect-Logic ... - DOCUMENT_SDK_STEP_MAP: 12 kaputte URLs korrigiert (z.B. /sdk/loeschkonzept → /sdk/loeschfristen) - Go Backend: iace_ce_assessment zur validTypes-Whitelist hinzugefuegt - SOUL-Datei: von 17 auf ~80 Zeilen erweitert (18 draftbare Typen, Redirects, operative Module) - Intent Classifier: 10 fehlende Dokumenttyp-Patterns + 5 Redirect-Patterns (Impressum/AGB/Widerruf → Document Generator) - State Projector: getExistingDocumentTypes von 6 auf 11 Checks erweitert (risks, escalations, iace, obligations, dsr) - DraftingEngineWidget: Gap-Banner fuer kritische Luecken mit Analysieren-Button - Cross-Validation: 4 neue deterministische Regeln (DSFA-NO-VVT, DSFA-NO-TOM, DSI-NO-LF, AV-NO-VVT) - Prose Blocks: 5 neue Dokumenttypen (av_vertrag, betroffenenrechte, risikoanalyse, notfallplan, iace_ce_assessment) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 09:07:07 +01:00
Benjamin Admin	560bdfb7fd	feat: Agent Management Modul — SOUL-Editor, Dashboard, Architektur-Doku ... - SOUL-Dateien: System-Prompts aus Chat-Routen extrahiert nach agent-core/soul/*.soul.md - soul-reader.ts: Lese-/Schreib-API mit 30s TTL-Cache und Backup-Versionierung - agent-registry.ts: Statische Konfiguration der 2 Compliance-Agenten - 5 API-Routen: /api/sdk/agents (Liste, Detail, SOUL GET/PUT, Sessions, Statistiken) - 5 Frontend-Seiten: Dashboard, Detail mit SOUL-Editor, Architektur, Sessions, Statistiken - Sidebar: "Agenten" Link nach Architektur eingefügt - Wire-Up: compliance-advisor + drafting-engine lesen SOUL-Datei mit Fallback - Dockerfile: agent-core wird in Production-Image kopiert Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-04 16:53:36 +01:00
Benjamin Admin	c1a1ce8b71	feat: Katalogverwaltung ins Compliance SDK integriert (17 Kataloge) ... Bestehende Catalog-Manager-Komponenten in SDK-Routes eingebunden: - SDKState + Reducer um customCatalogs CRUD erweitert - Neue Route /sdk/catalog-manager mit CatalogManagerContent - Sidebar-Link "Kataloge" mit Database-Icon Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-04 14:27:20 +01:00
Benjamin Admin	1d9972b565	feat: Architektur-Uebersichtsseite — interaktiver Service-Graph mit ReactFlow ... 13 Services in 4 Schwimmbahnen (Frontend, Backend, Infrastructure, Data Sovereignty), Layer-Filter, DB/RAG/API-Toggles, Detail-Panel und Service-Tabelle. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-04 13:10:12 +01:00