cd5f986489
fix: Massnahmen-Tabelle Layout — volle Textbreite statt truncate
...
Grid-Layout statt flex mit fixen Breiten. Texte umbrechen
statt abschneiden. Gefaehrdung-Spalte 200px, Status 80px.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 16:35:09 +02:00
a4b75dc6b1
fix: Section splitter only splits at classified headings + LLM gets full text
...
Build + Deploy / build-admin-compliance (push) Successful in 2m33s
Build + Deploy / build-ai-sdk (push) Successful in 57s
Build + Deploy / build-developer-portal (push) Successful in 1m23s
Build + Deploy / build-tts (push) Successful in 1m33s
Build + Deploy / build-backend-compliance (push) Successful in 3m34s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
Build + Deploy / build-document-crawler (push) Successful in 40s
Build + Deploy / build-dsms-gateway (push) Successful in 26s
Build + Deploy / build-dsms-node (push) Successful in 11s
CI / loc-budget (push) Failing after 23s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 3m31s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 1m2s
CI / test-python-backend (push) Successful in 46s
CI / test-python-document-crawler (push) Successful in 32s
CI / test-python-dsms-gateway (push) Successful in 26s
CI / validate-canonical-controls (push) Successful in 17s
Build + Deploy / trigger-orca (push) Successful in 3m23s
Two critical fixes:
1. Section splitter: Only lines that classify as a known doc_type
(cookie, social_media, dsfa, etc.) trigger section splits.
Random short lines ("Typen", "Funktionale Cookies") no longer
split sections — they all had blank lines before them in the
extracted HTML text.
2. LLM verification: Sub-section checks now pass the full document
text to the LLM, not just the section fragment. This lets the
LLM find content that the section splitter missed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 16:28:17 +02:00
a1b9273649
fix: Grenzen-Formular — groessere Textfelder + vollstaendige Daten
...
Allgemeine Beschreibung: 12 Zeilen (war 5)
Fehlanwendungen: 10 Zeilen (war 6)
Default TextArea: 6 Zeilen (war 3)
Seed v2: Vollstaendige Texte + maschinenspezifische Inhalte
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 16:20:05 +02:00
ac624f2e9b
feat: Umfassende Playwright-Tests fuer alle IACE Features
...
Order, Grenzen, Compliance Alerts, Risk Assessment, Mitigations,
CE-Akte Export, Production Lines, Normenrecherche — alle getestet.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 16:13:07 +02:00
a93ba9ee40
feat: Custom Hazard Modal + Residual Risk Panel
...
- CustomHazardModal: Eigene Gefaehrdung erstellen mit S/E/P/A Slidern
- ResidualRiskPanel: Akzeptabel-Toggle pro Hazard + Fortschrittsbalken
- RiskAssessmentTable: Accept/Reject Buttons pro Zeile integriert
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 16:09:50 +02:00
5244500af6
fix: Fehlende Dateien fuer Grenzen-Formular + Report-Export
...
Interview: LimitsFormSections, FormFields, SectionCard, _types
Tech-File: ReportPrintView, report-types
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 15:56:28 +02:00
f51671737a
fix: Correct Ollama model name + strict blank-line heading detection
...
Build + Deploy / build-admin-compliance (push) Failing after 48s
Build + Deploy / build-backend-compliance (push) Successful in 9s
Build + Deploy / build-ai-sdk (push) Successful in 8s
CI / loc-budget (push) Failing after 17s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Failing after 2m3s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-python-backend (push) Successful in 40s
Build + Deploy / build-developer-portal (push) Successful in 9s
Build + Deploy / build-tts (push) Successful in 7s
Build + Deploy / build-document-crawler (push) Successful in 8s
Build + Deploy / build-dsms-gateway (push) Successful in 7s
Build + Deploy / build-dsms-node (push) Successful in 7s
CI / branch-name (push) Has been skipped
Build + Deploy / trigger-orca (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / test-go (push) Failing after 45s
CI / test-python-document-crawler (push) Successful in 34s
CI / test-python-dsms-gateway (push) Successful in 27s
CI / validate-canonical-controls (push) Successful in 15s
1. LLM model: qwen3:32b → qwen3.5:35b-a3b (actual model on Mac Mini)
2. Section splitter: headings MUST be preceded by a blank line.
This prevents cookie table entries ("Funktionale Cookies",
"Session Cookies") from splitting the cookie section.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 15:53:53 +02:00
1cc0c3d34a
feat: Auftrag-Tab + Grenzen-Formular + CE-Report-Export
...
- Auftrag-Tab: Kunde, Anfrage, Angebot mit Status-Tracking
- Grenzen & Verwendung: 6 Sektionen (Produktbeschreibung, Verwendung,
Fehlanwendung, Grenzen, Schnittstellen, Betroffene Personen)
- CE-Akte Export: PDF (window.print) + Excel (CSV) mit allen Sektionen
(Normen, Gefaehrdungen, Risikobewertung, Massnahmen, Compliance)
- Navigation: Auftrag als 2. Tab, Briefcase-Icon
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 15:44:05 +02:00
6e71996733
fix: ComplianceAlerts API-Format Mapping
...
API liefert verschachteltes Format (trigger.regulation),
Frontend erwartete flaches Format. Mapping eingefuegt.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 15:41:25 +02:00
4f29e5ff3c
feat: LLM verification for regex FAILs + section-split hardening
...
Build + Deploy / build-admin-compliance (push) Successful in 1m49s
Build + Deploy / build-backend-compliance (push) Successful in 9s
Build + Deploy / build-ai-sdk (push) Successful in 8s
Build + Deploy / build-developer-portal (push) Successful in 8s
Build + Deploy / build-tts (push) Successful in 9s
Build + Deploy / build-document-crawler (push) Successful in 8s
Build + Deploy / build-dsms-gateway (push) Successful in 7s
Build + Deploy / build-dsms-node (push) Successful in 8s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 15s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m55s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 45s
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Successful in 27s
CI / test-python-dsms-gateway (push) Successful in 26s
CI / validate-canonical-controls (push) Successful in 15s
Build + Deploy / trigger-orca (push) Successful in 2m13s
Path to 100% correctness: Regex finds 80%, LLM catches the rest.
1. LLM verification (llm_verify.py):
- Every regex FAIL is re-checked by Qwen (qwen3:32b)
- Binary YES/NO question with evidence extraction
- Overturned checks marked with [LLM] prefix in matched_text
- Graceful fallback if LLM unavailable
2. Section splitter hardening:
- Short lines (<16 chars) only treated as headings if preceded
by blank line — prevents table column headers ("Funktion",
"Speicherdauer") from splitting cookie sections
- Fixes IHK cookie section: 288 words → full section
3. DSFA documentation patterns expanded:
- Recognizes "4.) Ergebnis:" numbered result sections
- Matches risk assessment conclusions
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 15:34:07 +02:00
1d75bbf4eb
feat: IACE Navigation-Struktur — Grenzen-Tab + Zusatzmodule
...
- 'Grenzen & Verwendung' als neuen Tab eingefuegt (Schritt 3 CE-Prozess)
- Klassifikation + Monitoring als 'Zusatzmodule' separiert
- chat-Icon fuer Interview/Grenzen Tab
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 15:17:56 +02:00
a3287cd5e6
feat: HTML email report with hints + fix duplicate Social Media sections
...
Build + Deploy / build-admin-compliance (push) Successful in 1m45s
Build + Deploy / build-backend-compliance (push) Successful in 9s
Build + Deploy / build-ai-sdk (push) Successful in 36s
Build + Deploy / build-developer-portal (push) Successful in 7s
Build + Deploy / build-tts (push) Successful in 7s
Build + Deploy / build-document-crawler (push) Successful in 8s
Build + Deploy / build-dsms-gateway (push) Successful in 7s
Build + Deploy / build-dsms-node (push) Successful in 8s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 15s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m47s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 44s
CI / test-python-backend (push) Successful in 41s
CI / test-python-document-crawler (push) Successful in 26s
CI / test-python-dsms-gateway (push) Successful in 22s
CI / validate-canonical-controls (push) Successful in 15s
Build + Deploy / trigger-orca (push) Successful in 2m23s
1. Email report now renders as styled HTML (matching frontend design):
- Progress bars (green=completeness, blue=correctness)
- Hierarchical L1→L2 check display
- Red hint boxes under failed checks explaining what to fix
- Matched text evidence for passed checks
2. Section splitter deduplicates: two "Social Media" headings on the
same page are merged into one section instead of creating duplicates.
3. Extracted report builder to agent_doc_check_report.py (175 LOC)
to keep routes file under 500 LOC (386 LOC).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 15:13:00 +02:00
56892cf7dc
feat: CE × Compliance Crossover Engine
...
Automatische Erkennung von DSGVO/AI Act/CRA/NIS2/Data Act
Implikationen bei CE-Gefaehrdungen. 50 Trigger-Mappings auf
Hazard-Patterns → Compliance-Module mit Modul-Links.
- compliance_triggers.go: 50 Pattern→Regulation Mappings
- compliance_crossover.go: Engine die Projekt-Hazards gegen Trigger prueft
- iace_handler_compliance.go: GET /compliance-triggers API
- ComplianceAlerts.tsx: Frontend Alert-Panel auf Projekt-Uebersicht
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 15:07:22 +02:00
fa4fd87102
fix: 7 regex bugs from IHK Konstanz ground truth analysis
...
Build + Deploy / build-admin-compliance (push) Successful in 9s
Build + Deploy / build-backend-compliance (push) Successful in 8s
Build + Deploy / build-ai-sdk (push) Successful in 42s
Build + Deploy / build-developer-portal (push) Successful in 8s
Build + Deploy / build-tts (push) Successful in 7s
Build + Deploy / build-document-crawler (push) Successful in 7s
Build + Deploy / build-dsms-gateway (push) Successful in 8s
Build + Deploy / build-dsms-node (push) Successful in 8s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 18s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m57s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 49s
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Successful in 28s
CI / test-python-dsms-gateway (push) Successful in 23s
CI / validate-canonical-controls (push) Successful in 15s
Build + Deploy / trigger-orca (push) Successful in 2m24s
Fixes based on manual verification of all 30 failed checks:
1. Cookie table: recognize "folgende cookies" + column headers as text
2. Cookie names: add JSESSIONID, cookieinfo, et_id, BT_* patterns
3. Essential justified: match "sitzung zuordnen", "betrieb der website"
4. Social bookmarks: recognize as 2-click alternative
5. DSFA plural: "kanaelen" now matches alongside "kanal"
6. Section splitter: skip-headings no longer lose subsequent text
(Risikoabwaegung section was cut from DSFA, losing risk scores)
7. Cookie legal basis: accept Art. 6(1)(f) in cookie context
Reduces false positives from 7 to ~1-2 for IHK Konstanz test case.
Ground truth table: zeroclaw/docs/ground-truth-ihk-konstanz.md
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 14:51:09 +02:00
f59f810638
chore: LOC-Exceptions fuer IACE Pattern-Datendateien
...
[guardrail-change]
Hazard-Pattern-Dateien sind reine Datentabellen (85 Patterns × 12 Zeilen).
Aufsplitten wuerde die Zuordnung pro Themenbereich zerstoeren.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 14:36:51 +02:00
86504ef280
feat: 1000 unique Hazard-Patterns erreicht!
...
336 neue Patterns (HP1000-HP1335):
- Mechanisch detailliert (85): Quetschen, Scheren, Einziehen pro Koerperteil
- Elektrisch/Thermisch/Chemisch (85): Verbrennung, Einatmen, Hautkontakt
- Software/Organisation/Umgebung (85): SPS, Sensor, Aktor, HMI, Notfall
- Lebenszyklus/Verkettung/Retrofit (81): Beschaffung, Manipulation, Dritte
Gesamtstand: 1000 Patterns + 751 Normen + 200 Massnahmen
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 14:29:10 +02:00
3d7b09bcef
feat: Massnahmen-Bibliothek auf 200 erweitert (3-Stufen)
...
60 Design + 80 Schutz + 60 Information — alle mit Normenreferenzen.
Subtypes: geometry, force_energy, material, ergonomics, control_design,
fixed_guard, movable_guard, electro_sensitive, emergency_stop,
electrical/thermal/fluid protection, extraction, signage, manual,
training, ppe, organizational, marking.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 14:23:15 +02:00
71802614cc
feat: Batch F patterns + engine cleanup
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 14:15:37 +02:00
30236638ed
feat: 664 unique Hazard-Patterns + Test-Fix
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 14:05:58 +02:00
293c58d0dd
feat: Add actionable hints to all 138 compliance checks
...
Build + Deploy / build-admin-compliance (push) Successful in 1m40s
Build + Deploy / build-backend-compliance (push) Successful in 7s
Build + Deploy / build-ai-sdk (push) Successful in 35s
Build + Deploy / build-developer-portal (push) Successful in 8s
Build + Deploy / build-tts (push) Successful in 7s
Build + Deploy / build-document-crawler (push) Successful in 8s
Build + Deploy / build-dsms-gateway (push) Successful in 7s
Build + Deploy / build-dsms-node (push) Successful in 8s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 16s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m50s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 40s
CI / test-python-backend (push) Successful in 37s
CI / test-python-document-crawler (push) Successful in 25s
CI / test-python-dsms-gateway (push) Successful in 23s
CI / validate-canonical-controls (push) Successful in 15s
Build + Deploy / trigger-orca (push) Successful in 2m28s
Each check now has a "hint" field explaining what is missing and
what the customer should do to fix it. Hints are shown in the
frontend below failed checks in red text.
Examples:
- "Bei Verarbeitung auf Basis von Art. 6(1)(f) muss dokumentiert
werden, warum Ihr berechtigtes Interesse die Rechte der
Betroffenen ueberwiegt."
- "Die ladungsfaehige Anschrift fehlt. Erforderlich: Strasse,
Hausnummer, PLZ und Ort."
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 14:05:01 +02:00
912684644e
feat: Hazard-Patterns auf 725+ — Split-Dateien von Batch B integriert
...
Neue Dateien: packaging, medical_pressure, specific_machines2
Split: food_pkg aufgeteilt in food_processing + packaging
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 14:01:46 +02:00
2b2a20cc6d
feat: Hazard-Patterns auf 725 erweitert
...
4 neue Pattern-Dateien:
- Workshop (65): Stolpern, Ergonomie, Chemie, Brand, Strahlung, Biologie
- Maintenance Extended (65): LOTO, Einrichten, Stoerung, Transport, Inbetriebnahme
- Specific Machines (55): Druckgeraete, Wind, Solar, Batterie, Fahrtreppen, Schwimmbad
- Cyber/AI Extended (65): Software-Fehler, Ransomware, KI-Bias, OPC-UA, HMI
751 Normen + 725 Patterns = umfassende CE-Bibliothek
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 13:55:15 +02:00
05839e36aa
feat: Hazard-Patterns auf 475 erweitert (Ziel: 1000)
...
Build + Deploy / build-admin-compliance (push) Successful in 9s
Build + Deploy / build-backend-compliance (push) Successful in 8s
Build + Deploy / build-ai-sdk (push) Successful in 37s
Build + Deploy / build-developer-portal (push) Successful in 7s
Build + Deploy / build-tts (push) Successful in 7s
Build + Deploy / build-document-crawler (push) Successful in 8s
Build + Deploy / build-dsms-gateway (push) Successful in 7s
Build + Deploy / build-dsms-node (push) Successful in 8s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 17s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m55s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 49s
CI / test-python-backend (push) Successful in 43s
CI / test-python-document-crawler (push) Successful in 32s
CI / test-python-dsms-gateway (push) Successful in 23s
CI / validate-canonical-controls (push) Successful in 16s
Build + Deploy / trigger-orca (push) Successful in 2m11s
8 neue Pattern-Dateien fuer:
- Aufzuege (25), AGV/Landmaschinen (30), Lebensmittel/Verpackung (35)
- Laser/Medizin/Druck (40), Bau/Krane (20), Forst/Foerderer (31)
- Kunststoff/Metall (30), Schweissen/Glas/Textil (30)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 13:31:23 +02:00
870953f579
fix: PLZ regex matches lowercase text and D-78467 format
...
Patterns ran on text.lower() but searched [A-Z] — changed to [a-z].
Also accept D-12345 prefix (common German format).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 13:28:00 +02:00
1005ba0398
feat: Normen-Bibliothek auf 751 Normen finalisiert
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 13:24:33 +02:00
fb6192d92d
feat: Normen-Bibliothek auf 747 Normen — Ziel 700 uebertroffen
...
24 Dateien, 747 Normen mit Abschnittsreferenzen und Beuth-URLs.
Abdeckung: Maschinenbau, Elektrik, Hydraulik, Holz, Metall, Kunststoff,
Lebensmittel, Verpackung, Textil, Landmaschinen, Erdbau, Krane, Aufzuege,
Foerdertechnik, AGV, Medizin, Labor, Pharma, Energie, Bau, Bergbau,
Forst, PSA, ATEX, EMV, Spielplatz, Fitness, Schwimmbad, Glas, Leder,
Papier, Airport, Waescherei, Feuerwehr, Seilbahnen, Fahrgeschaefte.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 13:18:25 +02:00
8849c396b5
fix: Show L2 detail checks always visible (no extra click needed)
...
Build + Deploy / build-admin-compliance (push) Successful in 2m44s
Build + Deploy / build-backend-compliance (push) Successful in 3m25s
Build + Deploy / build-ai-sdk (push) Successful in 56s
Build + Deploy / build-developer-portal (push) Successful in 1m22s
Build + Deploy / build-tts (push) Successful in 1m30s
Build + Deploy / build-document-crawler (push) Successful in 8s
Build + Deploy / build-dsms-gateway (push) Successful in 8s
Build + Deploy / build-dsms-node (push) Successful in 9s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 20s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 3m5s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 44s
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Successful in 27s
CI / test-python-dsms-gateway (push) Successful in 22s
CI / validate-canonical-controls (push) Successful in 18s
Build + Deploy / trigger-orca (push) Successful in 3m22s
L2 checks were hidden behind a second click on L1 items.
Now they render inline below their L1 parent, always visible
when the document card is expanded.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 13:16:04 +02:00
ba9558384f
feat: Normen-Bibliothek auf 620+ erweitert + wave3 fixes
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 13:13:08 +02:00
2e1e18d853
feat: Normen-Bibliothek auf 617 erweitert (Ziel: 700)
...
Wave 3: +161 Normen (456 → 617)
- Serien-Lücken geschlossen (EN 1870, EN 474, EN 1034, EN 81, ISO 4254)
- Glas, Leder, Backwaren, Tabak, Medizin (IEC 60601), Labor, Feuerwehr
- Spielplatz, Fitness, Schwimmbad, HVAC, Kältetechnik
- PSA (Schuhe, Handschuhe, Augenschutz, Gehörschutz, Atemschutz)
- Leitern, Gerüste, Drahtseile, Gasgeräte, Messtechnik
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 13:04:22 +02:00
9bc0f321e0
feat: Normen-Bibliothek auf 456 erweitert + UX-Verbesserungen
...
- Normen: 215 → 456 (Werkzeugmaschinen, Förder/AGV, Verfahrenstechnik,
Bau/Bergbau, Holz/Papier, Airport, Wäscherei, B2-Erweiterung)
- Maßnahmen: Accordion-Tabellenansicht mit Batch-Verifizierung
- Hazards: Risikobewertung als Default-View, KI-Button entfernt
- Normenrecherche: Pflicht-Erklärung, + Norm hinzufügen Feld
- Produktionslinien: Inline-Erstellungsformular mit Projekt-Zuordnung
- Playwright Tests angepasst
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 12:45:15 +02:00
97a52533a8
Merge remote gitea/main — resolve conflicts keeping local (origin) state
...
Build + Deploy / build-admin-compliance (push) Successful in 2m29s
Build + Deploy / build-backend-compliance (push) Successful in 3m23s
Build + Deploy / build-ai-sdk (push) Failing after 47s
Build + Deploy / build-developer-portal (push) Successful in 1m19s
Build + Deploy / build-tts (push) Failing after 1m29s
Build + Deploy / build-document-crawler (push) Successful in 43s
Build + Deploy / build-dsms-gateway (push) Successful in 25s
Build + Deploy / build-dsms-node (push) Successful in 11s
CI / branch-name (push) Has been skipped
Build + Deploy / trigger-orca (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 18s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 3m17s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 48s
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Successful in 31s
CI / test-python-dsms-gateway (push) Successful in 26s
CI / validate-canonical-controls (push) Successful in 18s
Local origin is 20+ commits ahead of remote gitea. All conflicts
resolved by keeping HEAD (our version) which includes the full
56→138 check expansion and doc_checks package split.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 12:40:23 +02:00
b363c28539
feat: Add 76 Level-2 regex checks for document correctness verification
...
Split dsi_document_checker.py (466 LOC) into doc_checks/ package (9 files).
Two-pass L1→L2 logic: L1 checks "Is it mentioned?", L2 checks "Is it correct?"
(e.g. controller has full address, specific Art. 6 lit., concrete time periods).
138 total checks (62 L1 + 76 L2) across 7 doc types:
- DSE Art. 13: 31, Impressum §5 TMG: 16, Cookie §25 TDDDG: 15
- Widerruf §355: 15, AGB §305ff: 21, Social Media Art. 26: 20, DSFA Art. 35: 18
Frontend: hierarchical L1→L2 display with dual progress bars
(green=completeness, blue=correctness).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 12:37:03 +02:00
3c12e06faf
feat: Fix DSFA dedup + expand all checklists to 56 total checks
...
Fixes:
- 'Risikoabwaegung' is sub-section of DSFA → added to SKIP_HEADINGS
- 'Social Media' standalone heading → recognized as social_media DSE
- Removed 'risikobew' from DSFA pattern (was too broad)
Expanded checklists:
- Widerruf: 4→7 checks (+Empfaenger, kein Grund, §312k Button)
- AGB: 4→9 checks (+Zahlung, Lieferung, Gewaehrleistung, Kuendigung, Datenschutz)
- Social Media: +1 (Social Bookmarks)
- DSFA: +1 (LFDI Richtlinie)
Total: 47→56 Regex-Checks across 7 document types:
DSI=9, Cookie=5, Social Media=10, DSFA=8, Impressum=6, Widerruf=7, AGB=9
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 11:55:29 +02:00
58234ac18b
fix: DSFA must be matched before social_media in SECTION_TYPE_MAP
...
'Datenschutzfolgeabschätzung...Social Media' was matching as social_media
(Art. 26) instead of dsfa (Art. 35) because the social_media pattern
'datenschutz.*social media' matched first.
Fixed: DSFA patterns checked before social_media patterns.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 11:35:10 +02:00
4642abba23
feat: Expand Social Media (10 checks) + DSFA (8 checks) checklists
...
Art. 26 Joint Controller (10 checks, was 7):
+ Auflistung der genutzten Plattformen
+ Rechtsgrundlage (Art. 6)
+ Social Bookmarks vs. Plugins Hinweis
Improved: broader patterns for joint parties, contact point, data types
DSFA Art. 35 (8 checks, was 5):
+ Schwellwertanalyse / Auslösepruefung
+ Beruecksichtigung Landesbehörden-Richtlinie (LFDI)
+ Dokumentation der Ergebnisse
Improved: IHK-specific patterns (Kanäle, systematische Beobachtung,
geringer Umfang, sensitive Daten)
Total: 40 → 47 Regex-Checks across all document types.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 11:17:16 +02:00
e7f2f98da3
feat: IACE CE-Compliance Module — Normen, Risikobewertung, Production Lines
...
Major features:
- 215 norms library with section references + Beuth URLs (A/B1/B2/C norms)
- 173 hazard patterns with detail fields (scenario, trigger, harm, zone)
- Deterministic pattern matching: Component × Lifecycle × Pattern cross-product
- SIL/PL auto-calculation from S×E×P risk graph
- Risk assessment table with editable S/E/P dropdowns
- Production Line Dashboard with animated station flow (Running Dots)
- IACE process flow + norms coverage on start page
- Non-blocking cookie banner, ProcessFlow SSR fix
- 104 Playwright E2E tests passing
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 10:53:26 +02:00
3853a0838a
feat: Art. 26 Joint Controller + DSFA checklists for Social Media sections
...
New checklists:
- JOINT_CONTROLLER_CHECKLIST (Art. 26 DSGVO, 7 checks):
Joint parties, arrangement, contact point, processing split,
data categories, third-country transfer (USA), rights
- DSFA_CHECKLIST (Art. 35 DSGVO, 5 checks):
Description, necessity, risk assessment, measures, DSB involvement
Section detection: 'Datenschutzerklaerung fuer Social Media' → social_media,
'Datenschutzfolgeabschaetzung/Risikoanalyse' → dsfa
classify_document_type: DSFA and social_media detected before generic DSE
Frontend: DOC_TYPES dropdown + ChecklistView labels updated
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 10:49:32 +02:00
5188411828
disable: Control Library checks until doc-check Master Controls are ready
...
8 false positives from generic canonical_controls. Regex checks (9+5)
are accurate. Re-enable when ~80 specific doc-check controls exist.
See INSTRUCTION-master-controls-for-doc-check.md
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 10:28:25 +02:00
45446aef16
fix: 8 quality + UX improvements
...
1. Cookie 'Zwecke' false positive: added 'um...zu', 'dienen', 'helfen',
'ermöglichen' patterns — catches purpose descriptions without 'Zweck'
2. Kurzhinweis: added empty all_checks for short documents (<200 words)
3. Bezeichnungsfeld: placeholder shows 'Version / Stand' for typed docs,
'Dokumentname' for 'Sonstiges'
4. DocCheckTab state persistence: entries + results survive navigation
5. DocCheck history: saves each check with date, doc count, findings
6. History display: 'Letzte Pruefungen' section at bottom of tab
7. ChecklistView: shows 'X von Y Pruefpunkten bestanden' per document
8. Results persist in localStorage across page navigation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 09:37:47 +02:00
e19d9ca532
docs: Master Controls spec for document checker — 80-100 specific check criteria
...
Detailed requirements for the pipeline session:
- Binary yes/no check_question per control
- Concrete pass_criteria + fail_criteria (not 'check completeness')
- correction_template from our Template Generator
- 8 document types: DSI, Cookie, Impressum, Widerruf, AGB, DSFA, AVV, Loeschkonzept
- ~80-100 total controls (not 25K generic ones)
- Examples for DSI, Cookie, Impressum with exact field expectations
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-07 07:53:36 +02:00
a680276c86
fix: Filter controls by test_procedure content — eliminates governance false positives
...
Only use controls whose test_procedure mentions document-type-specific terms:
- DSI: test_procedure must contain 'datenschutzerkl' or 'art. 13/14'
- Cookie: must contain 'cookie', 'einwilligung', 'consent'
- Impressum: must contain 'impressum'
This filters out internal governance controls (Datenmodelle, Infrastruktur)
that are irrelevant for public document checks.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-06 20:42:35 +02:00
fa45b5793c
feat: Control Library check via SQL (canonical_controls) instead of Qdrant
...
Complete rewrite of rag_document_checker.py:
- Queries canonical_controls table (294K controls, 10K data_protection)
- Filters by category + title keywords per document type
- Uses test_procedure field as actual check instructions
- Regex pre-check extracts key terms from procedure → fast match
- LLM fallback only for regex misses (saves tokens)
- /no_think prefix for direct JSON output
SQL approach advantages:
- Structured data with test_procedure, pass_criteria, fail_criteria
- Category filtering (data_protection, compliance, governance)
- No Qdrant API key issues
- Controls are actual check criteria, not general legal texts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-06 20:26:56 +02:00
7e7f31c344
disable: RAG checks until Master Controls (G1 Decision Trace) are ready
...
Current 144K controls are general legal texts, not specific check criteria.
RAG integration code stays (rag_document_checker.py), just disabled in
the doc-check endpoint. Re-enable when G1-G4 block is complete and
25K Master Controls with Decision Trace are available.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-06 17:11:58 +02:00
6da36d87c2
fix: Robust JSON parsing for LLM responses — handles unquoted keys, fallback extraction
...
LLM returns {fulfilled: true} instead of {"fulfilled": true}.
Now fixes unquoted keys, True→true, and falls back to text-based
boolean extraction when JSON parsing fails entirely.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-06 15:18:52 +02:00
e50c4d659e
fix: Disable Qwen thinking mode for RAG checks (/no_think prefix)
...
Qwen 3.5 uses all tokens for thinking, leaving response empty.
Using /no_think prefix to get direct JSON output.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-06 15:12:51 +02:00
9f16e6d535
fix: Read Qwen response from 'thinking' field when 'response' is empty
...
Qwen 3.5 with latest Ollama returns structured thinking in separate
'thinking' field, leaving 'response' empty. Now checks both fields.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-06 15:07:09 +02:00
1ff34227bf
debug: Add logging to RAG check integration
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-06 14:57:30 +02:00
f4374cfe8d
feat: Semantic Qdrant search — embed query via bge-m3, vector search in local Qdrant
...
Replaces scroll+filter approach with proper semantic search:
1. Embed query via bp-core-embedding-service (bge-m3, 1024 dim)
2. Vector search in Qdrant (bp_compliance_datenschutz + bp_compliance_gesetze)
3. Sort by cosine similarity score
4. No API key needed — local Qdrant on Mac Mini
Falls back gracefully: SDK first, then semantic Qdrant, then empty.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-06 14:46:06 +02:00
7b8440191e
fix: Better error logging + increase LLM timeout to 120s for RAG check
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-06 14:33:58 +02:00
510f513811
fix: Qdrant search uses chunk_text + section/category filter
...
Payload structure: chunk_text (not text), section (Article 13),
category, regulation_id. Scrolls 100 points per collection,
filters client-side against regulation keywords.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-06 14:28:32 +02:00
Benjamin Admin