373 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Benjamin Admin	dd64e33e88	docs: SDK-Flow + Wiki — EU Registration Step + 4 Domain-Artikel ... 1. SDK-Flow: Neuer Step "EU AI Database Registrierung" (seq 350, CP-REG) 2. Wiki: 4 Domain-Compliance-Artikel (Recruiting, Bildung, Gesundheit, Finance) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 07:13:17 +02:00
Benjamin Admin	2f8269d115	test: Domain-Context Tests — 22 Tests (HR, Edu, HC, CritInfra, Marketing, Mfg, AGG) ... BLOCK-Tests: AutomatedRejection, MinorsWithoutTeacher, MDRUnvalidated, SafetyCriticalNoRedundancy, DeepfakeUnlabeled, ManufacturingUnvalidated, ReviewManipulation Positive Tests: HumanReview OK, TeacherReview OK, DeepfakeLabeled OK Risk Tests: AGG visible, Triage high risk Loader Tests: AGG + AI Act obligations count, applicability Resolver Tests: HRContext, NilContext, HealthcareContext Meta: TotalObligationsCount, DomainConstants Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 06:59:11 +02:00
Benjamin Admin	532febe35c	fix: Build-Fehler — LegalContext Namenskollision + Registration Handler ... - LegalContext → LegalDomainContext (Kollision mit legal_rag.go LegalContext) - ExplainResponse.LegalContext bleibt unveraendert (RAG-Typ) - Registration Handler: Intake ist struct, kein []byte - Unbenutzten json Import entfernt Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 23:57:00 +02:00
Benjamin Admin	0a0863f31c	feat: Letzte 3 Domains abgedeckt — Finance/Banking + General (100%) ... - Finance/Banking: Kredit-Scoring, AML/KYC, automatisierte Entscheidungen, Kunden-Profiling - General: Universelle KI-Governance (Personenbezug, Automatisierung, sensible Daten) Domains mit Fragen: 27 Gruppen fuer alle 54 Domains (100% Coverage) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 23:12:00 +02:00
Benjamin Admin	d892ad161f	feat: Domain-Fragen fuer 10 weitere Domains (24 von 39 total, 62%) ... 10 neue Context-Structs + Field-Resolver + 22 YAML-Regeln + Frontend: - Agriculture: Pestizid-KI, Tierwohl, Umweltdaten - Social Services: Schutzbeduerftiger, Leistungszuteilung, Fallmanagement - Hospitality: Gaeste-Profiling, dynamische Preise, Bewertungsmanipulation=BLOCK - Insurance: Praemien, Schadensautomation, Betrugserkennung - Investment: Algo-Trading, Robo Advisor (MiFID II) - Defense: Dual-Use, Exportkontrolle, Verschlusssachen - Supply Chain: Lieferantenueberwachung, Menschenrechte (LkSG) - Facility: Zutrittskontrolle, Belegung, Energie - Sports: Athleten-Tracking, Fan-Profiling Domains mit Fragen: 24 von 39 (62%) YAML-Regeln total: ~66 Neue BLOCKs: Bewertungsmanipulation (UWG/DSA) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 23:04:35 +02:00
Benjamin Admin	17153ccbe8	feat: Domain-Fragen fuer 10 weitere Domains (14 total) ... 10 neue Context-Structs + Field-Resolver + ~30 YAML-Regeln + Frontend: - Legal/Justice: Rechtsberatung, Urteilsprognose, Mandantengeheimnis - Public Sector: Verwaltungsentscheidungen, Leistungsverteilung, FRIA - Critical Infra: Netzsteuerung, Sicherheitskritisch, Redundanz - Automotive: Autonomes Fahren, ADAS, ISO 26262 - Retail/E-Commerce: Preise, Scoring, Dark Patterns - IT/Cybersecurity: Surveillance, Threat Detection, Log-Retention - Logistics: Fahrer-Tracking, Workload-Scoring - Construction: Mieterauswahl, Arbeitsschutz - Marketing/Media: Deepfakes=BLOCK, Minderjaehrige, Targeting - Manufacturing: Maschinensicherheit=BLOCK, CE-Kennzeichnung Domains mit Fragen: 14 von 39 (36%) YAML-Regeln total: ~44 (14 vorher + 30 neu) BLOCK-Regeln: Deepfakes ungekennzeichnet, Maschinensicherheit unvalidiert, Kritische Infra ohne Redundanz Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 22:50:26 +02:00
Benjamin Admin	352d7112c9	feat: Domain YAML-Regeln (14 Regeln) + Field-Resolver fuer HR/Edu/HC ... 1. 14 neue YAML-Regeln in Kategorie K (Domain-Hochrisiko): - HR: 5 Regeln (Screening, Absagen=BLOCK, AGG, Bias, Performance) - Education: 3 Regeln (Noten, Minderjaehrige=BLOCK, Zugangssteuerung) - Healthcare: 4 Regeln (Diagnose, Triage, MDR=BLOCK, Gesundheitsdaten) 2. Field-Resolver: getHRContextValue(), getEducationContextValue(), getHealthcareContextValue() Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 22:35:48 +02:00
Benjamin Admin	0957254547	feat: Domain-spezifische UCCA-Fragen (HR, Education, Healthcare) + AGG-Modul ... 1. Domain-Context Structs: HRContext (7 Felder), EducationContext (6), HealthcareContext (6) — nach FinancialContext-Pattern, optionale Structs in UseCaseIntake 2. AGG Obligations Modul: 8 Obligations (§1-§22 AGG) — Bias-Audit, Beweislastumkehr, Proxy-Merkmale, Beschwerdemechanismus — Applicability: domain=hr/recruiting, country=DE 3. Frontend: Conditional Domain-Fragen in Step 4 des UCCA-Wizard — HR: 6 Fragen (Screening, Absagen, AGG, Bias-Audit, Human Review) — Education: 5 Fragen (Noten, Pruefungen, Minderjaehrige, Lehrkraft-Review) — Healthcare: 6 Fragen (Diagnose, Triage, MDR, klinische Validierung) — Farbcodierung: rot=Risiko, gruen=Schutzmassnahme — Domain-Contexts im Submit-Payload gemappt Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 22:06:15 +02:00
Benjamin Admin	f17608a956	feat: EU AI Database Registration (Art. 49) — Backend + Frontend ... Backend (Go): - DB Migration 023: ai_system_registrations Tabelle - RegistrationStore: CRUD + Status-Management + Export-JSON - RegistrationHandlers: 7 Endpoints (Create, List, Get, Update, Status, Prefill, Export) - Routes in main.go: /sdk/v1/ai-registration/* Frontend (Next.js): - 6-Step Wizard: Anbieter → System → Klassifikation → Konformitaet → Trainingsdaten → Pruefung - System-Karten mit Status-Badges (Entwurf/Bereit/Eingereicht/Registriert) - JSON-Export fuer EU-Datenbank-Submission - Status-Workflow: draft → ready → submitted → registered - API Proxy Routes Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 17:13:39 +02:00
Benjamin Admin	ce3df9f080	feat: AI Act Obligations erweitert (60→81) + Decision Tree Q8 fix ... 1. 21 neue AI Act Obligations: - Art. 9 Risk Management (5 granulare Regeln) - Art. 10 Data Governance (3: Bias, Qualitaet, Versionierung) - Art. 12 Logging (3: I/O-Logging, Manipulationsschutz, Aufbewahrung) - Art. 14 Human Oversight (3: Override, Schulung, Automation Bias) - Art. 15 Accuracy/Cybersecurity (3: Genauigkeit, Robustheit, Security) - Art. 51/52/54/56 GPAI Governance (4: Klassifizierung, Kennzeichnung, EU-Rep, CoP) 2. Decision Tree Q8 praezisiert: "Stellst du ein KI-Modell fuer Dritte bereit?" statt generische GPAI-Frage Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 16:41:29 +02:00
Benjamin Admin	2da39e035d	docs: SDK-Flow + Wiki — BetrVG-Modul dokumentiert ... 1. SDK-Flow: Use-Case-Assessment Beschreibung aktualisiert - BetrVG-Toggles in Step 4 dokumentiert - Konflikt-Score und BAG-Urteile erwaehnt 2. Wiki: BetrVG-Artikel als SQL-Migration - Leitentscheidungen (M365, SAP, SaaS, Belastungsstatistik) - Konflikt-Score Erklaerung - Wird nach Compliance-Refactoring auf Production eingespielt Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 12:04:54 +02:00
Benjamin Admin	1989c410a9	test: BetrVG-Modul Tests — Konflikt-Score, Escalation, Obligations, Applicability ... 10 Tests: Score-Berechnung (no data, monitoring, HR, consulted), Escalation (E2/E3 Trigger), V2-Obligations-Loading, Applicability (DE/US/small). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 11:11:33 +02:00
Benjamin Admin	c55a6ab995	feat: BetrVG-Compliance-Modul — Obligations, Konflikt-Score, Frontend ... 1. BetrVG Obligations (JSON V2): 12 Pflichten basierend auf §87, §90, §94, §95, §99, §111 - BAG-Rechtsprechung referenziert (M365, SAP, Standardsoftware) - Applicability: DE + >=5 Mitarbeiter 2. Betriebsrats-Konflikt-Score (0-100): Gewichtete Formel aus 8 Faktoren - Ueberwachungseignung, HR-Bezug, Individualisierbarkeit, Automation - Escalation-Trigger: Score>=50 ohne BR → E2, Score>=75 → E3 3. Frontend: 3 neue Intake-Felder (Monitoring, HR, BR-Konsultation) - BR-Konflikt-Badge in Use-Case-Liste + Detail-Seite - Farbcodierung: gruen/gelb/orange/rot Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 10:49:56 +02:00
Benjamin Admin	bc75b4455d	feat: AI Act Decision Tree — Zwei-Achsen-Klassifikation (GPAI + High-Risk) ... Interaktiver 12-Fragen-Entscheidungsbaum für die AI Act Klassifikation auf zwei Achsen: High-Risk (Anhang III, Q1-Q7) und GPAI (Art. 51-56, Q8-Q12). Deterministische Auswertung ohne LLM. Backend (Go): - Neue Structs: GPAIClassification, DecisionTreeAnswer, DecisionTreeResult - Decision Tree Engine mit BuildDecisionTreeDefinition() und EvaluateDecisionTree() - Store-Methoden für CRUD der Ergebnisse - API-Endpoints: GET/POST /decision-tree, GET/DELETE /decision-tree/results - 12 Unit Tests (alle bestanden) Frontend (Next.js): - DecisionTreeWizard: Wizard-UI mit Ja/Nein-Fragen, Dual-Progress-Bar, Ergebnis-Ansicht - AI Act Page refactored: Tabs (Übersicht | Entscheidungsbaum | Ergebnisse) - Proxy-Route für decision-tree Endpoints Migration 083: ai_act_decision_tree_results Tabelle Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-29 10:14:09 +02:00
Benjamin Admin	712fa8cb74	feat: Pass 0b quality — negative actions, container detection, session object classes ... 4 error class fixes from AUTH-1052 quality review: 1. Prohibitive action types (prevent/exclude/forbid) for "dürfen keine", "verboten" etc. 2. Container object detection (Sitzungsverwaltung, Token-Schutz → _requires_decomposition) 3. Session-specific object classes (session, cookie, jwt, federated_assertion) 4. Session lifecycle actions (invalidate, issue, rotate, enforce) with templates + severity caps 76 new tests (303 total), all passing. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-28 17:24:19 +01:00
Benjamin Admin	447ec08509	Add migration 082: widen source_article to TEXT, fix pass0b query filters ... - source_article/source_regulation VARCHAR(100) → TEXT for long NIST refs - Pass 0b NOT EXISTS queries now skip deprecated/duplicate controls - Duplicate Guard excludes deprecated/duplicate from existence check Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-28 12:47:26 +01:00
Benjamin Admin	8cb1dc1108	Fix pass0b queries to skip deprecated/duplicate controls ... The NOT EXISTS check and Duplicate Guard now exclude deprecated and duplicate controls, enabling clean re-runs after invalidation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-28 09:09:16 +01:00
Benjamin Admin	f8d9919b97	Improve object normalization: shorter keys, synonym expansion, qualifier stripping ... - Truncate object keys to 40 chars (was 80) at underscore boundary - Strip German qualifying prepositional phrases (bei/für/gemäß/von/zur/...) - Add 65 new synonym mappings for near-duplicate patterns found in analysis - Strip trailing noise tokens (articles/prepositions) - Add _truncate_at_boundary() helper and _QUALIFYING_PHRASE_RE regex - 11 new tests for normalization improvements (227 total pass) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-28 08:55:48 +01:00
Benjamin Admin	fb2cf29b34	fix: Pass 0b — Duplicate Guard, Severity-Kalibrierung, Title-Truncation ... 1. Duplicate Guard: merge_hint-Lookup vor INSERT in _write_atomic_control() verhindert semantisch identische Controls unter demselben Parent. 2. Severity-Kalibrierung: action_type-basiert statt blind vom Parent. define/review/test → max medium, implement/monitor → max high. 3. Title-Truncation: Schnitt am Wortende statt mitten im Wort. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-27 08:38:33 +01:00
Benjamin Admin	f39e5a71af	feat: Obligation-Deduplizierung — 34.617 Duplikate als 'duplicate' markiert ... Neue Endpunkte POST /obligations/dedup und GET /obligations/dedup-stats. Pro candidate_id wird der aelteste Eintrag behalten, alle weiteren erhalten release_state='duplicate' mit merged_into_id + quality_flags fuer Traceability. Detail-View filtert Duplikate aus. MKDocs aktualisiert. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 20:13:00 +01:00
Benjamin Admin	ac42a0aaa0	fix: Faceted Counts — NULL-Werte einbeziehen + AbortController fuer Race Conditions ... Backend: Facets zaehlen jetzt Controls OHNE Wert (z.B. "Ohne Nachweis") als __none__. Filter unterstuetzen __none__ fuer verification_method, category, evidence_type. Counts addieren sich immer zum Total. Frontend: "Ohne X" Optionen in Dropdowns. AbortController verhindert dass aeltere API-Antworten neuere ueberschreiben. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 17:35:52 +01:00
Benjamin Admin	52e463a7c8	feat: Faceted Search — Dropdown-Counts passen sich aktiven Filtern an ... Backend: controls-meta akzeptiert alle Filter-Parameter und berechnet Faceted Counts (jede Dimension zaehlt mit allen ANDEREN Filtern). Neue Facets: severity, verification_method, category, evidence_type, release_state — zusaetzlich zu domains, sources, type_counts. Frontend: loadMeta laedt bei jeder Filteraenderung neu, alle Dropdowns zeigen kontextsensitive Zahlen. Proxy leitet Filter an controls-meta weiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 15:00:40 +01:00
Benjamin Admin	2dee62fa6f	feat: Eigenentwicklung-Filter im Typ-Dropdown mit Counts ... Backend: control_type=eigenentwicklung in list_controls + count_controls, type_counts (rich/atomic/eigenentwicklung) in controls-meta Endpoint. Frontend: Typ-Dropdown zeigt Eigenentwicklung mit Anzahl. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 14:33:00 +01:00
Benjamin Admin	3fb07e201f	fix: V1 Enrichment Threshold auf 0.70 gesenkt (typische Top-Scores 0.70-0.77) ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 11:13:37 +01:00
Benjamin Admin	81c9ce5de3	fix: V1 Enrichment — Qdrant Collection + Parent-Resolution fuer regulatorische Matches ... Die atomic_controls_dedup Collection (51k Punkte) enthaelt nur atomare Controls ohne source_citation. Jetzt wird der Parent-Control aufgeloest, der die Rechtsgrundlage traegt. Deduplizierung nach Parent-UUID verhindert mehrfache Eintraege fuer die gleiche Regulation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 10:52:41 +01:00
Benjamin Admin	db7c207464	feat: V1 Control Enrichment — Eigenentwicklung-Label, regulatorisches Matching & Vergleichsansicht ... 863 v1-Controls (manuell geschrieben, ohne Rechtsgrundlage) werden als "Eigenentwicklung" gekennzeichnet und automatisch mit regulatorischen Controls (DSGVO, NIS2, OWASP etc.) per Embedding-Similarity abgeglichen. Backend: - Migration 080: v1_control_matches Tabelle (Cross-Reference) - v1_enrichment.py: Batch-Matching via BGE-M3 + Qdrant (Threshold 0.75) - 3 neue API-Endpoints: enrich-v1-matches, v1-matches, v1-enrichment-stats - 6 Tests (dry-run, execution, matches, pagination, detection) Frontend: - Orange "Eigenentwicklung"-Badge statt grauem "v1" (wenn kein Source) - "Regulatorische Abdeckung"-Sektion im ControlDetail mit Match-Karten - Side-by-Side V1CompareView (Eigenentwicklung vs. regulatorisch gedeckt) - Prev/Next Navigation durch alle Matches Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 10:32:08 +01:00
Benjamin Admin	cb034b8009	fix: DB-Rollback nach LLM-Fehler im Rationale-Backfill ... Verhindert 'invalid transaction' Fehler wenn ein LLM-Call fehlschlaegt und nachfolgende DB-Operationen blockiert. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 23:51:27 +01:00
Benjamin Admin	564f93259b	fix: Ollama think:false fuer qwen3.5 Thinking-Mode ... qwen3.5 gibt Antworten im 'thinking'-Feld statt 'response' zurueck. Mit think:false wird der Thinking-Mode deaktiviert und die Antwort korrekt im response-Feld geliefert. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 23:25:14 +01:00
Benjamin Admin	89ac223c41	fix: LLM Provider erkennt COMPLIANCE_LLM_PROVIDER=ollama ... Ollama als eigener Enum-Wert neben self_hosted, damit die docker-compose-Konfiguration (ollama) korrekt aufgeloest wird. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 23:12:05 +01:00
Benjamin Admin	23dd5116b3	feat: LLM-basierter Rationale-Backfill fuer atomare Controls ... POST /controls/backfill-rationale — ersetzt Placeholder "Aus Obligation abgeleitet." durch LLM-generierte Begruendungen (Ollama/qwen3.5). Optimierung: gruppiert ~86k Controls nach ~7k Parents, ein LLM-Call pro Parent. Paginierung via batch_size/offset fuer kontrollierte Ausfuehrung. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 23:01:49 +01:00
Benjamin Admin	81ce9dde07	docs: Anti-Fake-Evidence MkDocs umfassend erweitert ... - Delve-Vorfall als Motivation mit konkreten Haftungsrisiken - 6 Guardrails als Mermaid-Diagramm mit Zusammenspiel - Verbindung zu evidence_type (code/process/hybrid) - Sicherheitsarchitektur: Warum E0-E4, warum Four-Eyes nur GOV/PRIV - Same-Person-Schutz Erklaerung (Backend-Level, kein Admin-Bypass) - Hard Blocks: SQL-Beispiele fuer Audit-Sperren - Vollstaendiges DB-Schema (Enums, alle Tabellen, alle Spalten) - Vollstaendige API-Referenz (Evidence, Assertions, Audit-Trail, LLM-Audit) - FAQ-Sektion (E0 loeschen, Four-Eyes Timeout, Assertion-Extraktion) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 22:22:01 +01:00
Benjamin Admin	5e9cab6ab5	feat: evidence_type Feld (code/process/hybrid) fuer Controls ... Neues Feld auf canonical_controls klassifiziert, ob ein Control technisch im Source Code (code), organisatorisch via Dokumente (process) oder beides (hybrid) nachgewiesen wird. Inklusive Backfill-Endpoint, Frontend-Badge/Filter und MkDocs-Dokumentation. - Migration 079: evidence_type VARCHAR(20) + Index - Backend: Filter, Backfill-Endpoint mit Domain-Heuristik, CRUD - Frontend: EvidenceTypeBadge (sky/amber/violet), Nachweisart-Dropdown - Proxy: evidence_type Passthrough fuer controls + controls-count - Tests: 22 Tests fuer Klassifikations-Heuristik - Docs: Eigenes MkDocs-Kapitel mit Mermaid-Diagramm Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 21:53:40 +01:00
Benjamin Admin	a29bfdd588	fix: normative_strength 'may' statt 'can' (DB-Constraint) ... DB-Constraint erlaubt nur must/should/may. 'can' gibt es nicht. Alle Referenzen auf 'can' durch 'may' ersetzt. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 08:35:16 +01:00
Benjamin Admin	9dbb4cc5d2	fix: Backfill nutzt source_citation statt control_parent_links ... Die Obligation kennt ihren Parent-Rich-Control direkt. Dessen source_citation->>'source' gibt die Quell-Regulierung zuverlaessiger als der Umweg ueber control_parent_links (M:N-Inflation). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 08:25:32 +01:00
Benjamin Admin	c56bccaedf	fix: deploy.sh bash 3 kompatibel (keine assoziativen Arrays) ... macOS ships mit bash 3, declare -A wird nicht unterstuetzt. Ersetzt durch case-Funktion dir_to_service(). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 08:19:38 +01:00
Benjamin Admin	230fbeb490	feat: Dreistufenmodell normative Verbindlichkeit + Duplikat-Filter + Auto-Deploy ... - Source-Type-Klassifikation (58 Regulierungen: law/guideline/framework) - Backfill-Endpoint POST /controls/backfill-normative-strength - exclude_duplicates Filter fuer Control-Library (Backend + Proxy + UI-Toggle) - MkDocs-Kapitel: Normative Verbindlichkeit mit Mermaid-Diagrammen - scripts/deploy.sh: Auto-Push + Mac Mini rebuild + Coolify health monitoring - 26 Unit Tests fuer Klassifikations-Logik Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 08:18:00 +01:00
Benjamin Admin	6d3bdf8e74	feat: Control-Detail Provenance + Atomare Controls Seite ... Backend: provenance endpoint (obligations, doc refs, merged duplicates, regulations summary) + atomic-stats aggregation endpoint. Frontend: ControlDetail mit Provenance-Sektionen, klickbare Navigation, neue /sdk/atomic-controls Seite mit Stats-Bar und gefilterer Liste. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 10:38:34 +01:00
Benjamin Admin	200facda6a	fix: use CAST(:dd AS jsonb) instead of :dd::jsonb in _write_review ... SQLAlchemy's text() parser doesn't properly handle :param::type syntax — it fails to recognize :dd as a bind parameter when followed by ::jsonb. Using CAST(:dd AS jsonb) instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 08:48:58 +01:00
Benjamin Admin	9282850138	fix: add db.rollback() to batch dedup error handlers ... SQLAlchemy sessions enter a failed state after SQL errors. Without rollback(), all subsequent queries on the same session fail with InFailedSqlTransaction. Added try/except with rollback in _mark_duplicate, _mark_duplicate_to, _write_review, cross-group pass, and the main phase1 loop. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 08:41:36 +01:00
Benjamin Admin	770f0b5ab0	fix: adapt batch dedup to NULL pattern_id — group by merge_group_hint ... All Pass 0b controls have pattern_id=NULL. Rewritten to: - Phase 1: Group by merge_group_hint (action:object:trigger), 52k groups - Phase 2: Cross-group embedding search for semantically similar masters - Qdrant search uses unfiltered cross-regulation endpoint - API param changed: pattern_id → hint_filter Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 07:24:02 +01:00
Benjamin Admin	35784c35eb	feat: Batch Dedup Runner — 85k→~18-25k Master Controls ... Adds batch orchestration for deduplicating ~85k Pass 0b atomic controls into ~18-25k unique masters with M:N parent linking. New files: - migrations/078_batch_dedup.sql: merged_into_uuid column, perf indexes, link_type CHECK extended for cross_regulation - batch_dedup_runner.py: BatchDedupRunner with quality scoring, merge-hint grouping, title-identical short-circuit, parent-link transfer, and cross-regulation pass - tests/test_batch_dedup_runner.py: 21 tests (all passing) Modified: - control_dedup.py: optional collection param on Qdrant functions - crosswalk_routes.py: POST/GET batch-dedup endpoints Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 07:06:38 +01:00
Benjamin Admin	cce2707c03	fix: update 61 outdated test mocks to match current schemas ... Tests were failing due to stale mock objects after schema extensions: - DSFA: add _mapping property to _DictRow, use proper mock instead of MagicMock - Company Profile: add 6 missing fields (project_id, offering_urls, etc.) - Legal Templates/Policy: update document type count 52→58 - VVT: add 13 missing attributes to activity mock - Legal Documents: align consent test assertions with production behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 06:40:42 +01:00
Benjamin Admin	2efc738803	Merge branch 'feature/anti-fake-evidence' into main ... Anti-Fake-Evidence System (Phase 1-4b): Confidence levels, assertion engine, four-eyes approval, audit trail, traceability matrix UI, evidence distribution dashboard.	2026-03-23 21:12:45 +01:00
Benjamin Admin	e6201d5239	feat: Anti-Fake-Evidence System (Phase 1-4b) ... Implement full evidence integrity pipeline to prevent compliance theater: - Confidence levels (E0-E4), truth status tracking, assertion engine - Four-Eyes approval workflow, audit trail, reject endpoint - Evidence distribution dashboard, LLM audit routes - Traceability matrix (backend endpoint + Compliance Hub UI tab) - Anti-fake badges, control status machine, normative patterns - 2 migrations, 4 test suites, MkDocs documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 17:15:45 +01:00
Benjamin Admin	48ca0a6bef	feat: Framework Decomposition Engine + Composite Detection for Pass 0b ... Adds a routing layer between Pass 0a and Pass 0b that classifies obligations into atomic/compound/framework_container. Framework-container obligations (e.g. "CCM-Praktiken fuer AIS") are decomposed into concrete sub-obligations via an internal framework registry before Pass 0b composition. - New: framework_decomposition.py with routing, matching, decomposition - New: Framework registry (NIST SP 800-53, OWASP ASVS, CSA CCM) as JSON - New: Composite detection flags on atomic controls (is_composite, atomicity) - New: gen_meta fields: framework_ref, framework_domain, decomposition_source - Integration: _route_and_compose() in run_pass0b() deterministic path - 248 tests (198 decomposition + 50 framework), all passing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 12:11:55 +01:00
Benjamin Admin	1a63f5857b	feat: Deterministic Control Composition Engine v2 for Pass 0b ... Replace LLM-based Pass 0b with rule-based deterministic engine that composes atomic controls from obligation data without any LLM call. Engine features: - 24 action types (implement, configure, define, document, maintain, review, monitor, assess, audit, test, verify, validate, report, notify, train, restrict_access, encrypt, delete, retain, ensure, approve, remediate, perform, obtain) - 19 object classes (policy, procedure, register, record, report, technical_control, access_control, cryptographic_control, configuration, account, system, data, interface, role, training, incident, risk_artifact, process, consent) - Compound action splitting with no-split phrases - Title pattern: "{Object} {state_suffix}" (24 state suffixes) - Statement field: "{condition} {object} ist {trigger} {action}" - Pattern candidates for downstream categorization (26 specific combos + 24 action fallbacks) - Structured timing: deadline_hours + frequency extraction - Confidence scoring (0.3 base + action/object/trigger/template) - Merge group hints for dedup: "{action}:{norm_obj}:{trigger}" - Synonym-based object normalization (50+ German synonyms) - 16 specific (action_type, object_class) template overrides - Output validator with Pflichtfelder + Negativregeln + Warnregeln - All new fields serialized into gen_meta JSONB (no migration needed) Tests: 185 passed (33 new tests covering all engine components) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 11:05:48 +01:00
Benjamin Admin	295c18c6f7	feat: add DECOMPOSITION_LLM_MODEL env var for runtime model switching ... Allows switching between Haiku 4.5 and Sonnet 4.6 for Pass 0b without rebuilding the backend container. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 09:20:10 +01:00
Benjamin Admin	649a3c5e4e	perf: switch Pass 0b default model to Haiku 4.5 ... Benchmark shows Haiku is 2.5x faster than Sonnet at 5x lower cost for this JSON structuring task. Quality is equivalent. $142 vs $705 for 75K obligations, ~2.8 days vs ~7 days. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 09:12:01 +01:00
Benjamin Admin	bdd2f6fa0f	fix: cap Anthropic max_tokens to 16384 for Pass 0b batches ... Previous formula (batch_size * 1500) exceeded Claude's 16K output limit for batch_size > 10, causing API failures and Ollama fallback. New formula: min(16384, max(4096, batch_size * 500)) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 08:50:45 +01:00
Benjamin Admin	ac6134ce6d	feat: control_parent_links population + traceability API + frontend ... - _write_atomic_control() now uses RETURNING id and inserts into control_parent_links (M:N) with source_regulation, source_article, and obligation_candidate_id parsed from parent's source_citation - New _parse_citation() helper for JSONB source_citation extraction - New GET /controls/{id}/traceability endpoint returning full chain: parent links with obligations, child controls, source_count - Backend: control_type filter (atomic/rich) for controls + count - Frontend: Rechtsgrundlagen section in ControlDetail showing all parent links per source regulation with obligation text + strength - Frontend: Atomic/Rich filter dropdown in Control Library list - Frontend: GenerationStrategyBadge recognizes 'pass0b' strategy - Tests: 3 new tests for parent_link creation + citation parsing, existing batch test mock updated for RETURNING clause Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 08:14:29 +01:00