Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
1,178 Commits 11 Branches 1 Tag
c771d8ecb94d0e9792777040733b78af2b2f546c
Commit Graph

11 Commits

Author SHA1 Message Date
Benjamin Admin 772ff35e8d feat(iace): bridge OSHA MD library to pattern engine, body-part-specific lift crush hazards 
- M600-M604: lift endstop mitigations (Kriechgeschwindigkeit, Schaltleiste,
  Mindestabstand, Hold-to-run, Trittblech) — cite OSHA + EN ISO identifiers
- HP2100-HP2102: body-part crush patterns for lift family (foot under platform,
  hand/body against fixed structure, leg between lift and lateral structure),
  restricted via MachineTypes filter
- pattern_machinetype_overrides.go: post-load pass fills MachineTypes on 14
  legacy patterns (HP1000 Walzen, HP539 Schweiss, HP545/HP782 Glas,
  HP756/HP757/HP760 Fahrtreppe, HP1400-1402 CNC, HP045/HP049 Pressen,
  HP420-422 Conveyor) to prevent drift on Kistenhubgeraet-style projects

Why: Kistenhubgeraet re-init exposed two gaps — the abstract "Bremse versagt
bei Absenkbewegung" pattern fired but the concrete foot-crush body-part variant
was missing, AND ~10 unrelated patterns fired purely because their RequiredTags
incidentally aligned. Override map avoids touching 1000+ LOC pattern files
that already exceed the soft cap.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-22 08:37:24 +02:00
Benjamin Admin 4a5924b8c4 feat(iace): CRA / DIN EN 40000-1-2 cyber-resilience spur 
[guardrail-change]

Phase 18 adds an EU Cyber Resilience Act compliance track to IACE:
the engine now fires patterns that surface the manufacturer-side CRA
obligations whenever a project's components carry digital elements.

Patterns (HP1910-HP1918, hazard_patterns_cra.go):
  HP1910  Missing SBOM
  HP1911  Unsigned firmware/software updates
  HP1912  Factory-default credentials still active
  HP1913  No coordinated vulnerability disclosure (CVD) policy
  HP1914  No documented security patch SLA
  HP1915  Missing user-facing hardening guide
  HP1916  No incident-notification process to ENISA / CSIRT
  HP1917  No security assessment prior to placing on market
  HP1918  AI component without cybersecurity risk assessment

Each pattern carries ClarificationQuestionsDE so the operator gets
auditor-grade questions to take back to the Anlagenbauer instead of
the engine inventing prose. PatternMatch carries DefaultAvoidability
(P=1 for all CRA patterns), feeding the PLr graph from Phase 17.

Measures (M540-M548, measures_library_cra.go):
  M540  SBOM (SPDX or CycloneDX) with each machine release
  M541  Signed updates with rollback protection
  M542  Forced default-password change at first boot
  M543  Published CVD policy (security.txt / PSIRT)
  M544  Documented patch SLA with CVSS-tier response times
  M545  User-facing hardening guide in the machine docs
  M546  ENISA incident-notification process (24h/72h/14d)
  M547  Authenticated update channel + integrity check
  M548  Pre-market security assessment / pen-test

The library is urheberrechtlich neutral: identifiers only
(Verordnung (EU) 2024/2847, DIN EN 40000-1-2 Entwurf, IEC 62443,
ETSI EN 303 645, ISO/IEC 5962, ISO/IEC 29147). No normative text
is reproduced — DIN/Beuth proprietary content is referenced by
section number only.

Category-compatibility:
  cyber_resilience pattern category accepts measures with
  HazardCategory cyber_resilience, cyber_network, or
  software_control. Updated in both the runtime helper
  (iace_handler_init_helpers.go) and its test-mirror
  (pattern_coverage_test.go) — both must move in lockstep.

Frontend (clarifications page):
  When at least one clarification references "2024/2847" or
  "40000-1-2" in its norm_references, a blue info-banner is
  rendered at the top of the page:
    "Cyber Resilience Act (CRA) — Hinweis zur Geltung
     Diese Klärungsliste enthält Fragen zur Verordnung (EU)
     2024/2847 (CRA). Die CRA gilt für Produkte mit digitalen
     Elementen, die ab dem 11.12.2027 auf dem EU-Markt bereit-
     gestellt werden. ..."
  Reminds the user that the CRA pflichten are forward-looking
  while still allowing the manufacturer to bake them in now.

LOC exceptions:
  Added three pre-existing files to .claude/rules/loc-exceptions.txt
  (manufacturer_safety_features.go, iace_handler_clarifications.go,
  routes.go). All three grew across Phases 16-17 and are tagged as
  Phase 5+ refactor backlog. [guardrail-change] marker required.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 02:15:51 +02:00
Benjamin Admin 4d1e0a7f8e feat(iace): GT-Bremse coverage — 59 expert measures + 7 hazard patterns 
Systematic gap analysis of the Bremse ground-truth file (60 entries,
100 unique expert measures) revealed only ~5% library coverage. This
commit closes the documented gaps with concrete, norm-anchored
mitigations.

Library additions (M481-M539, 59 entries):
- M481-M482  Low-voltage isolation (>= 2,0 / 2x1,0 / 1,0 MOhm +
             IP2X/IPXXB per EN 60204-1 Ziff. 6.2/8.2.3) — primary
             trigger of this work
- M483-M485  Pneumatic safety (component pressure rating, hose
             retention, depressurization per EN ISO 4414)
- M486-M490  Robot-cell access (tool-secured fence, dual-channel
             door monitor, intentional restart, anti-trap inside
             opening, HMI sight line per ISO 10218-2)
- M491-M493  Teach mode (key/password mode selector, safe reduced
             speed <= 250 mm/s, hold-to-run with 3-stage enabler
             per ISO 10218-1)
- M494-M500  Geometry constants (Safe Limited Position, reach-over
             250 mm @ 2250 mm fence, conveyor opening >= 850 mm,
             25 mm finger gap, band speed <= 100 mm/s per
             EN ISO 13857 / EN 619)
- M501-M507  Enclosure load rating, gripper fail-safe, centring
             gripper stop on door, MWF nozzle integration, floor
             load capacity per DIN 1055-3
- M508-M517  Electrical cabling + PE protection (environment-rated,
             drag chain, strain relief, 10 mm² Cu PE, dual PE,
             monitoring, continuity check, class-II equipment,
             SELV/PELV per EN 60204-1)
- M518-M522  RCD, cable cross-section, overcurrent in each active
             conductor, IP22 water ingress, lockable main switch
- M523-M539  Teach-locked door, WZM door interlock, dual-channel
             door switch, machining-doors-closed for aerosol
             retention, post-NOTHALT release, >25 kg lifting aid
             (DGUV 208-016), 95-120 cm control height, ergonomic
             conveyor height, SDS/PSA reference, BA instructions
             for depressurization/clamp release/max weight/pinch
             warning/slip warning/dead-state cleaning

New hazard patterns (HP1710-HP1717):
floor overload, gripper failure throw, compressed-air injury in
machining cell, manual handling load + awkward posture, MWF skin
contact, live-cabinet cleaning short, pneumatic stored-energy.

Existing patterns rewired to the new measures: HP1600, HP1602-1606,
HP1610-1612, HP1620-1622, HP1630/1631/1633, HP1640/1641, HP1660/1661,
HP1675, HP1685, HP1688, HP1689, HP1698-1704.

Tooling:
- scripts/gt_measure_gap_analysis.py: 4-signal fuzzy matcher
  (Jaccard, token recall, substring containment, norm-reference
  overlap). Outputs markdown + JSON.
- gt_coverage_test.go: 23 expert-validated (GT-Nr, pattern, measure)
  triples + a norm-reference presence test for every new expert
  measure (no generic 'do X safely' entries allowed).
- .gitea/workflows/ci.yaml: new iace-gt-coverage job enforces
  MIN_COVERAGE_PCT (70%) on Strong+Weak GT coverage; never lower
  without explicit decision.

Coverage shift: 5% Strong -> 30% Strong, 0% -> 72% Strong+Weak.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-16 13:08:52 +02:00
Benjamin Admin bcf78c120a feat(iace): Erweiterungen 2-4 — FMEA Worksheet, Delta Modal, Textil+Agri
Build + Deploy / build-admin-compliance (push) Successful in 2m5s
Details
Build + Deploy / build-backend-compliance (push) Successful in 3m2s
Details
Build + Deploy / build-ai-sdk (push) Failing after 35s
Details
Build + Deploy / build-developer-portal (push) Successful in 1m6s
Details
Build + Deploy / build-tts (push) Successful in 1m31s
Details
Build + Deploy / build-document-crawler (push) Successful in 41s
Details
Build + Deploy / build-dsms-gateway (push) Successful in 27s
Details
Build + Deploy / build-dsms-node (push) Successful in 17s
Details
CI / branch-name (push) Has been skipped
Details
Build + Deploy / trigger-orca (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / loc-budget (push) Failing after 16s
Details
CI / secret-scan (push) Has been skipped
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / nodejs-build (push) Successful in 2m25s
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / test-go (push) Successful in 40s
Details
CI / test-python-backend (push) Successful in 36s
Details
CI / test-python-document-crawler (push) Successful in 26s
Details
CI / test-python-dsms-gateway (push) Successful in 21s
Details
CI / validate-canonical-controls (push) Successful in 13s
Details 
Erweiterung 2: FMEA-Worksheet Tab (/fmea)
- Tabelle: Komponente | Typ | Fehlerart | Auswirkung | S | O | D | RPZ | Bewertung
- RPZ-Farbcodierung: >200 Kritisch, >100 Handlungsbedarf, >50 Beobachten
- Stats: Gesamt, Kritisch, Handlungsbedarf, Akzeptabel

Erweiterung 3: DeltaPreviewModal (wiederverwendbar)
- Modal zeigt +/- Patterns, Hazards, Massnahmen bei Aenderungen
- Nutzt POST /delta-analysis Endpoint
- Summary Grid + detaillierte Listen

Erweiterung 4: Textilmaschinen (EN ISO 11111) + Landmaschinen (ISO 4254)
- 21 neue Patterns: HP1550-HP1559 (Textil), HP1565-HP1575 (Agri)
- 23 neue Massnahmen: M452-M460 (Textil), M461-M474 (Agri)
- Walzenspalt, Zapfwelle, ROPS, autonomer Traktor, Siloexplosion etc.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-05-12 07:08:56 +02:00
Benjamin Admin 6d2616cad7 feat(iace): Sprint 4A — Residual Risk Modeling (Suppression Engine) 
RiskReduction Struct + automatische Risk Trajectory:
- RiskReduction{SeverityDelta, ExposureDelta, ProbabilityDelta} auf ProtectiveMeasureEntry
- CalculateRiskTrajectory() in engine.go: berechnet schrittweise Risikoreduktion
  entlang ISO 12100 Hierarchie (design → protection → information)
- Kumulative Deltas pro Stufe, Clamp auf Minimum 1
- RiskTrajectoryStep mit Stage, S/E/P, Score, Level, IsAcceptable

101 Massnahmen mit RiskReduction-Profilen versehen:
- Design/Geometry (M001-M010): S-1, E-1 (Gefahrstelle eliminiert)
- Design/Force (M011-M022): S-2 (Energie/Kraft reduziert)
- Design/Control (M039-M050): P-2 (sichere Steuerung)
- Protection/Guards (M061-M072): E-2 (Zugang verhindert)
- Protection/Electro (M073-M079): E-1, P-1 (Erkennung)
- Protection/Safety (M105-M113): P-2 (sichere SPS)
- Protection/Monitoring (M114-M120): P-1 (Frueerkennung)
- Protection/Cyber (M121-M130): P-1
- Information/Training (M161-M168): P-1
- Information/PPE (M169-M175): S-1

8 neue Tests: NoMeasures, DesignReduce, FullHierarchy, ClampMin1,
  OnlyProtection, WithoutReduction, MandatoryAsProtective, LibraryCount

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-05-10 09:15:43 +02:00
Benjamin Admin 99ef9873ad feat(iace): Sprint 3D — VDMA-Sektoren Holz/Oberfläche/Druck/Pumpen 
30 VDMA-Massnahmen (M422-M451), RAG-validiert gegen TRGS 553/507/430:
- Holzbearbeitung (8): Absauganlage, Absaugprüfung, Rückschlag, AGW, Ex-Schutz, Filterüberwachung
- Oberflächentechnik (8): Spritzkabinen-Belüftung, Isocyanat-Substitution, Galvanikbad, ATEX, REACH-Schulung
- Druckmaschinen (8): Walzenschutz, Farbnebelabsaugung, UV-Schutz, Not-Halt-Leiste, Bahnrisserkennung
- Pumpen/Kompressoren (6): Druckstossdämpfer, Kavitation, Leckage, Bersten, Trockenlauf, Entwässerung

21 VDMA-Patterns (HP1500-HP1549):
- Holz (6): Rückschlag, Sägeblattkontakt, Holzstaub, Staubexplosion, Einzug, Fräserkontakt
- Oberfläche (5): Lösemittel, Isocyanat, Brand/Explosion, Chromsäure, Hautverätzung
- Druck (4): Walzeneinzug, Farbennebel, UV-Strahlung, Bahnriss
- Pumpen (6): Druckstoss, Kavitation, Leckage, Bersten, Trockenlauf, Korrosion

Alle mit MachineTypes, OperationalStates, HumanRoles wo zutreffend.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-05-10 08:52:56 +02:00
Benjamin Admin c7e197d107 feat(iace): Sprint 3C — Werkzeugmaschinen (CNC/Dreh/Fraes/Schleifen/Schweissen) 
35 CNC-spezifische Hazard Patterns (HP1400-HP1434):
- Werkzeugbruch, Schleifscheibenbruch, Spaeneflug, Kollision
- KSS-Exposition (Aerosol, Hautkontakt, Keimbelastung, Brand)
- Schweissrauch, UV-Strahlung, Spritzer, Stromschlag, Ex-Hohlkoerper
- Maschinenspezifisch: Quetschung Tuer, Spindelerfassung, Walzeneinzug
- Alle mit MachineTypes, OperationalStates, HumanRoles annotiert

18 Metalworking-Massnahmen (M404-M421), RAG-validiert gegen TRGS 551/528:
- KSS: Substitution, Aerosolabsaugung, Konzentrationskontrolle, Wechselintervalle, Hautschutzplan
- Schleifen: Schleifscheiben-Pruefung, Drehzahlbegrenzung
- Schweissen: Fortluft-Absaugung, brennerintegrierte Absaugung, raeumliche Trennung, Schweisserschutzschild
- Allgemein: AGW-Ueberwachung, Arbeitsmedizin, Reinigung, Unterweisung

5 Evidenztypen (E51-E55): KSS-Analyse, Schleifscheiben-/Spannmittel-Pruefung, Schweissnaht-Qualifikation

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-05-10 08:43:21 +02:00
Benjamin Admin c075ecb721 feat(iace): Phase 2 — RAG-validierte Massnahmen-Erweiterung 241→428, Evidenztypen 25→50 
- 62 Kap.-Verweise durch Themen-Deskriptoren ersetzt (0 verbleibend)
- measures_library_trbs.go: +85 Massnahmen (M217-M301) aus TRBS 1111/1201/2111/2121/2131/2141/2152
- measures_library_osha.go: +70 Massnahmen (M302-M371) aus OSHA Machine Guarding/LOTO/Electrical/Robots/Noise/Ergonomics/Pressure Vessels
- measures_library_trgs.go: +11 Massnahmen (M372-M382) aus TRGS 600/500/401/402/509/727/555
- measures_library_supplementary.go: +21 Massnahmen (M383-M403) aus RAG-Gap-Analyse gegen 6.141 extrahierte Obligations
  - Brandschutz (8): TRGS 509/510/511/741/751 — Brandkonzept, Loeschanlagen, Brandmeldung, Fluchtweg
  - Strahlung/Laser (5): OSHA TM Ch.6 — Laserklasse, Laserschutz, LSB, Absaugung
  - TRBS 1115 Cybersecurity MSR (3): Cyber-GBU fuer Safety-SPS, Pruefung, Aenderungsmanagement
  - TRBS 1112 Instandhaltung (3): GBU Instandhaltung, kontrollierte Handsteuerung, Fremdfirmenkoordination
  - ASR (2): Sicherheitsbeleuchtung, Quetschschutz kraftbetaetigte Tueren
- tag_resolver.go: +25 Evidenztypen (E26-E50) — Materialzertifikat, EMV, Druckpruefung, Laser, ATEX, SIL/PL-Validierung, SBOM

Methodik: Systematische Obligation Extraction aus 152 Dokumenten (TRBS/TRGS/ASR/OSHA)
in Qdrant bp_compliance_ce (83.222 Chunks), Gap-Analyse gegen bestehende Bibliothek,
eigene Formulierungen (keine Normtext-Reproduktion).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-05-10 07:07:34 +02:00
Benjamin Admin 2e29b611c9 feat(iace): Phase 1 — Haftungs-Fixes, Massnahmen-Verkabelung, Explainability Engine 
Phase 1A — Haftungs-kritische Fixes:
- SIL/PL-Badges als "Vorab-Einschaetzung" mit Tooltip gekennzeichnet
- Coverage-Disclaimer in CE-Akte, Projekt-Uebersicht und Print-Export
- Norm-Referenzen: 42 Kapitelverweise durch Themen-Deskriptoren ersetzt

Phase 1B — Massnahmen-Verkabelung:
- 16 neue Massnahmen (M201-M216) fuer bisher unabgedeckte Kategorien
  (communication_failure, hmi_error, firmware_corruption, maintenance,
  sensor_fault, mode_confusion)
- Kategorie-Fallback im Initialize-Endpoint: ordnet Massnahmen aus der
  Bibliothek automatisch per HazardCategory zu (max 8 pro Kategorie)
- Total: 225 → 241 Massnahmen, 0 Kategorien ohne Massnahmen

Phase 1C — Explainability Engine:
- MatchReason Struct in PatternMatch (type, tag, met)
- Pattern Engine schreibt fuer jeden Match strukturierte Begruendungen
- Frontend zeigt "Erkannt weil: Komponente X, Energie Y, Kein Ausschluss Z"

Weitere Aenderungen:
- BAuA/OSHA Regulatory Hints: 3 Enrich-Endpoints (per Hazard, per Measure, Batch)
- Dokumente-Tab in IACE-Bibliothek (36.708 Chunks aus Qdrant)
- Varianten-UX: Basis-Projekt-Summary auf Varianten-Seite
- Projekt-Initialisierung: POST /initialize kettet Parse→Komponenten→Patterns→Hazards→Massnahmen→Normen
- 18 pre-existing TS-Fehler gefixt, Route-Konflikt behoben
- Component-Library + Measures-Library Tests aktualisiert

Tests: Go alle bestanden, TS 0 Fehler, Playwright 141+ bestanden

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-05-09 21:32:23 +02:00
Benjamin Admin e5dcb5a2dc feat: 25 Norm-Pflichtmassnahmen (Mandatory=true) 
Neue Kategorie: Massnahmen die durch harmonisierte Normen VORGESCHRIEBEN
sind. Abweichung = Verlust der Konformitaetsvermutung.

Pressen: Zweihandschaltung, Stoesselabsturzsicherung, Schutztuere
Roboter/Cobot: Kraft-/Geschwindigkeitsbegrenzung, Sicherheitsscanner
Aufzuege: Fangvorrichtung, Geschwindigkeitsbegrenzer, Puffer
Gabelstapler: Redundante Lastaufnahme, Kippschutz
Holz: Spaltkeil, Saegeblattschutzhaube
Krane: Ueberlastsicherung, Endschalter
Allgemein: Not-Halt, Hauptschalter, Schutzleiter, PL/SIL-Nachweis
AGV: Personenerkennung, Notbremse
Kettensaege: Kettenbremse
Fahrtreppe: Kammplatte
Druckgeraete: Sicherheitsventil
Schweissen: Leerlaufspannungsbegrenzung

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-05-09 07:39:43 +02:00
Benjamin Admin 3d7b09bcef feat: Massnahmen-Bibliothek auf 200 erweitert (3-Stufen) 
60 Design + 80 Schutz + 60 Information — alle mit Normenreferenzen.
Subtypes: geometry, force_energy, material, ergonomics, control_design,
fixed_guard, movable_guard, electro_sensitive, emergency_stop,
electrical/thermal/fluid protection, extraction, signage, manual,
training, ppe, organizational, marking.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-05-07 14:23:15 +02:00