187 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Benjamin Admin	25d5da78ef	feat: Alle 5 verbleibenden SDK-Module auf 100% — RAG, Security-Backlog, Quality, Notfallplan, Loeschfristen ... Paket A — RAG Proxy: - NEU: admin-compliance/app/api/sdk/v1/rag/[[...path]]/route.ts → Proxy zu ai-compliance-sdk:8090, GET+POST, UUID-Validierung - UPDATE: rag/page.tsx — setTimeout Mock → echte API-Calls GET /regulations → dynamische suggestedQuestions POST /search → Qdrant-Ergebnisse mit score, title, reference Paket B — Security-Backlog + Quality: - NEU: migrations/014_security_backlog.sql + 015_quality.sql - NEU: compliance/api/security_backlog_routes.py — CRUD + Stats - NEU: compliance/api/quality_routes.py — Metrics + Tests CRUD + Stats - UPDATE: security-backlog/page.tsx — mockItems → API - UPDATE: quality/page.tsx — mockMetrics/mockTests → API - UPDATE: compliance/api/__init__.py — Router-Registrierung - NEU: tests/test_security_backlog_routes.py (48 Tests — 48/48 bestanden) - NEU: tests/test_quality_routes.py (67 Tests — 67/67 bestanden) Paket C — Notfallplan Incidents + Templates: - NEU: migrations/016_notfallplan_incidents.sql compliance_notfallplan_incidents + compliance_notfallplan_templates - UPDATE: notfallplan_routes.py — GET/POST/PUT/DELETE für /incidents + /templates - UPDATE: notfallplan/page.tsx — Incidents-Tab + Templates-Tab → API - UPDATE: tests/test_notfallplan_routes.py (+76 neue Tests — alle bestanden) Paket D — Loeschfristen localStorage → API: - NEU: migrations/017_loeschfristen.sql (JSONB: legal_holds, storage_locations, ...) - NEU: compliance/api/loeschfristen_routes.py — CRUD + Stats + Status-Update - UPDATE: loeschfristen/page.tsx — vollständige localStorage → API Migration createNewPolicy → POST (API-UUID als id), deletePolicy → DELETE, handleSaveAndClose → PUT, adoptGeneratedPolicies → POST je Policy apiToPolicy() + policyToPayload() Mapper, saving-State für Buttons - NEU: tests/test_loeschfristen_routes.py (58 Tests — alle bestanden) Gesamt: 253 neue Tests, alle bestanden (48 + 67 + 76 + 58 + bestehende) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-03 18:04:53 +01:00
Benjamin Admin	9143b84daa	fix: CAST statt ::jsonb in obligation_routes.py (SQLAlchemy-Kompatibilität) ... SQLAlchemy interpretiert '::' als Parameter-Trenner — CAST(:param AS jsonb) verwenden. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 16:22:05 +01:00
Benjamin Admin	a4df3201db	feat: Obligations-Modul auf 100% — vollständige CRUD-Implementierung ... - Backend: compliance_obligations Tabelle (Migration 013) - Backend: obligation_routes.py — GET/POST/PUT/DELETE + Stats-Endpoint - Backend: obligation_router in __init__.py registriert - Frontend: obligations/page.tsx — ObligationModal, ObligationDetail, ObligationCard, alle Buttons verdrahtet - Proxy: PATCH-Methode in compliance catch-all route ergänzt - Tests: 39/39 Obligation-Tests (Schemas, Helpers, Business Logic) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 15:58:50 +01:00
Benjamin Admin	312c2c9b60	feat: Use-Cases/UCCA Module auf 100% — Interface Fix, Search/Offset/Total, Explain/Export, Edit-Mode ... Kritische Bug Fixes: - [id]/page.tsx: FullAssessment Interface repariert (nested result → flat fields) - resultForCard baut explizit aus flachen Assessment-Feldern (feasibility, risk_score etc.) - Use-Case-Text-Pfad: assessment.intake?.use_case_text statt assessment.use_case_text - rule_code/code Mapping beim Übergeben an AssessmentResultCard Backend (A2+A3): - store.go: AssessmentFilters um Search + Offset erweitert - ListAssessments: COUNT-Query (total), ILIKE-Search auf title, OFFSET-Pagination - ListAssessments Signatur: ([]Assessment, int, error) - Handler: search/offset aus Query-Params, total in Response - import "strconv" hinzugefügt Neue Features: - KI-Erklärung Button (POST /explain) mit lila Erklärungsbox - Export-Buttons Markdown + JSON (Download-Links) - Edit-Mode in new/page.tsx: useSearchParams(?edit=id), Form vorausfüllen - Bedingte PUT/POST Logik; nach Edit → Detail-Seite Redirect - Suspense-Wrapper für useSearchParams (Next.js 15 Requirement) Backend Edit: - store.go: UpdateAssessment() Methode (UPDATE-Query) - ucca_handlers.go: UpdateAssessment Handler (re-evaluiert Intake) - main.go: PUT /ucca/assessments/:id Route registriert Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 15:13:42 +01:00
Benjamin Admin	d4845adea7	feat: Academy & Training Module auf 100% — vollständige Implementierung ... Paket A — Type Fixes: - Course Interface: passingScore, isActive, status ergänzt - BackendCourse: passing_score, status Mapping - CourseUpdateRequest: passingScore, status ergänzt - fetchAcademyStatistics: by_category/by_status Felder gemappt Paket B — Academy Zertifikate-Tab: - fetchCertificates() API Funktion - Vollständiger Tab: Stats (Gesamt/Gültig/Abgelaufen), Suche, Tabelle mit Status-Badges, PDF-Download Paket C — Academy Enrollment + Course Edit + Settings: - deleteEnrollment(), updateEnrollment() API - EnrollmentCard: Abschließen/Bearbeiten/Löschen Buttons - EnrollmentEditModal: Deadline bearbeiten - CourseCard: Stift-Icon (group-hover) → CourseEditModal - CourseEditModal: Titel/Beschreibung/Kategorie/Dauer/Bestehensgrenze/Status - SettingsTab: localStorage-basiert mit Toggles und Zahlen-Inputs + grüne Bestätigung Paket D — Training Modul-CRUD: - deleteModule() API Funktion - "+ Neues Modul" Button im Modules Tab Header - ModuleCreateModal: module_code, title, description, regulation_area, frequency_type, duration, pass_threshold - ModuleEditDrawer (Right-Slide): Edit + Aktiv-Toggle + Löschen Paket E — Training Matrix-Editor: - Matrix-Tabelle interaktiv: × Button je Badge zum Entfernen - "+ Hinzufügen" Button je Rolle - MatrixAddModal: Modul wählen, Pflicht-Toggle, Priorität Paket F — Training Assignments + UX-Fixes: - updateAssignment() API Funktion - AssignmentDetailDrawer (Right-Slide): Details, Status-Aktionen, Deadline-Edit - handleCheckEscalation: alert() → escalationResult State + blauer Banner (schließbar) - Media auto-sync useEffect: selectedModuleId → loadModuleMedia Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 14:24:13 +01:00
Benjamin Admin	232997deb6	feat: Betrieb-Module auf 100% — Buttons verdrahtet, Delete-Flows, tote Links gefixt ... - consent-management: ConsentTemplateCreateModal + useRouter für DSR-Navigation - vendor-compliance: QuickActionCard unterstützt onClick; /vendors/new → Modal, /processing-activities/new → Liste - incidents: handleDeleteIncident + Löschen-Button im IncidentDetailDrawer - whistleblower: handleDeleteReport + Löschen-Button im CaseDetailPanel - escalations: handleDeleteEscalation + Löschen-Button im EscalationDetailDrawer - notfallplan: ExerciseCreateModal (API-backed) + handleDeleteExercise + Neue-Übung-Button Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 13:36:21 +01:00
Benjamin Admin	b19fc11737	feat: Betrieb-Module → 100% — Echte CRUD-Flows, kein Mock-Data ... Alle 7 Betrieb-Module von 30–75% auf 100% gebracht: **Gruppe 1 — UI-Ergänzungen (Backend bereits vorhanden):** - incidents/page.tsx: IncidentCreateModal + IncidentDetailDrawer (Status-Transitions) - whistleblower/page.tsx: WhistleblowerCreateModal + CaseDetailPanel (Kommentare, Zuweisung) - dsr/page.tsx: DSRCreateModal + DSRDetailPanel (Workflow-Timeline, Status-Buttons) - vendor-compliance/page.tsx: VendorCreateModal + "Neuer Vendor" Button **Gruppe 2 — Escalations Full Stack:** - Migration 011: compliance_escalations Tabelle - Backend: escalation_routes.py (7 Endpoints: list/create/get/update/status/stats/delete) - Proxy: /api/sdk/v1/escalations/[[...path]] → backend:8002 - Frontend: Mock-Array komplett ersetzt durch echte API + EscalationCreateModal + EscalationDetailDrawer **Gruppe 2 — Consent Templates:** - Migration 010: compliance_consent_email_templates + compliance_consent_gdpr_processes (7+7 Seed-Einträge) - Backend: consent_template_routes.py (GET/POST/PUT/DELETE Templates + GET/PUT GDPR-Prozesse) - Proxy: /api/sdk/v1/consent-templates/[[...path]] - Frontend: consent-management/page.tsx lädt Templates + Prozesse aus DB (ApiTemplateEditor, ApiGdprProcessEditor) **Gruppe 3 — Notfallplan:** - Migration 012: 4 Tabellen (contacts, scenarios, checklists, exercises) - Backend: notfallplan_routes.py (vollständiges CRUD + /stats) - Proxy: /api/sdk/v1/notfallplan/[[...path]] - Frontend: notfallplan/page.tsx — DB-backed Kontakte + Szenarien + Übungen, ContactCreateModal + ScenarioCreateModal **Infrastruktur:** - __init__.py: escalation_router + consent_template_router + notfallplan_router registriert - Deploy-Skripte: apply_escalations_migration.sh, apply_consent_templates_migration.sh, apply_notfallplan_migration.sh - Tests: 40 neue Tests (test_escalation_routes.py, test_consent_template_routes.py, test_notfallplan_routes.py) - flow-data.ts: Completion aller 7 Module auf 100% gesetzt Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 12:48:43 +01:00
Benjamin Admin	79b423e549	feat: Fertigstellungsgrad für Betrieb-Module im SDK Flow ... flow-data.ts: - completion?: number Feld im SDKFlowStep Interface - Completion-Werte für 7 Betrieb-Module (Academy/Training ausgenommen): consent-management: 75%, dsr: 65%, whistleblower: 60%, incidents: 55%, notfallplan: 50%, vendor-compliance: 35%, escalations: 30% - Bewertungsbasis: Frontend-Reifegrad + API-Abdeckung + Backend-Persistenz page.tsx: - completionColor() + completionLabel() Hilfsfunktionen (4-stufige Farbskala) - BetriebOverviewPanel: Übersicht mit Balken + Ø-Wert (erscheint bei Filter=Betrieb) - DetailPanel: Fertigstellungsgrad-Abschnitt ganz oben (Balken + Label) - ReactFlow-Nodes: % + Mini-Fortschrittsbalken im Node-Label - Step-Tabelle: 24px-Fortschrittsbalken-Spalte für alle Steps mit completion Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 12:08:27 +01:00
Benjamin Admin	393eab6acd	feat: Package 4 Nachbesserungen — History-Tracking, Pagination, Frontend-Fixes ... Backend: - Migration 009: compliance_einwilligungen_consent_history Tabelle - EinwilligungenConsentHistoryDB Modell (consent_id, action, version, ip, ua, source) - _record_history() Helper: automatisch bei POST /consents (granted) + PUT /revoke (revoked) - GET /consents/{id}/history Endpoint (vor revoke platziert für korrektes Routing) - GET /consents: history-Array pro Eintrag (inline Sub-Query) - 5 neue Tests (TestConsentHistoryTracking) — 32/32 bestanden Frontend: - consent/route.ts: limit+offset aus Frontend-Request weitergeleitet, total-Feld ergänzt - Neuer Proxy consent/[id]/history/route.ts für GET /consents/{id}/history - page.tsx: globalStats state + loadStats() (Backend /consents/stats für globale Zahlen) - page.tsx: Stats-Kacheln auf globalStats umgestellt (nicht mehr page-relativ) - page.tsx: history-Mapper: created_at→timestamp, consent_version→version - page.tsx: loadStats() bei Mount + nach Revoke Dokumentation: - Developer Portal: neue API-Docs-Seite /api/einwilligungen (Consent + Legal Docs + Cookie Banner) - developer-portal/app/api/page.tsx: Consent Management Abschnitt - MkDocs: History-Endpoint, Pagination-Abschnitt, History-Tracking Abschnitt - Deploy-Skript: scripts/apply_consent_history_migration.sh Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 11:54:25 +01:00
Benjamin Admin	f14d906f70	test: Regressionstests für Package 4 Phase 3 — ip_address/user_agent + Versions-Array-Format ... - TestConsentResponseFields (3 Tests): sichert ip_address + user_agent in GET /consents Response ab - TestListVersionsByDocument (2 Tests): sichert Array-Format von GET /documents/{id}/versions ab - 27 Tests in test_einwilligungen_routes.py, 26 in test_legal_document_routes.py, alle bestanden Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 11:04:02 +01:00
Benjamin Admin	c0b179510d	feat: Package 4 Phase 3 — Finale Fixes + Dokumentation (MkDocs, SDK Flow, StepHeader) ... Finale Fixes (5 Bugs): - workflow/page.tsx: Array-Format-Fix fuer loadVersions — Array.isArray statt data.versions - einwilligungen_routes.py: ip_address + user_agent in GET /consents Response ergaenzt - consent/page.tsx: Bearbeiten/Vorschau/Veroeffentlichen + Quick Actions verdrahtet (useRouter + Preview Modal) - cookie-banner/page.tsx: BannerTexts State + Controlled Inputs + DB-Persistenz (banner_texts) - embed-code/route.ts: In-Memory configStorage → DB-fetch aus Backend, embed_code Key korrigiert Dokumentation: - docs-src/services/sdk-modules/rechtliche-texte.md: Neue MkDocs-Seite fuer Paket 4 (Einwilligungen, Rechtliche Vorlagen, Cookie Banner, Document Workflow) - mkdocs.yml: Nav-Eintrag 'Rechtliche Texte (Paket 4)' ergaenzt - dokumentations-module.md: Datenfluss-Diagramm um Paket-4-Module erweitert - flow-data.ts: Paket-4-Steps mit korrekten dbTables/dbMode und aktualisierten Beschreibungen - StepHeader.tsx: cookie-banner + workflow STEP_EXPLANATIONS auf Persistenz und Funktionsumfang aktualisiert Tests: 24/24 bestanden (test_einwilligungen_routes.py) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 10:37:41 +01:00
Benjamin Admin	3570dd10ea	feat: Package 4 Phase 2 — Frontend-Fixes und Backend-Endpoints vervollständigt ... - document-generator: STEP_EXPLANATIONS Key 'consent' → 'document-generator' - Proxy: Content-Type nicht mehr hardcoded; forwarded vom Client (Fix für DOCX-Upload + multipart/arrayBuffer) - Backend: GET /documents/{id}, DELETE /documents/{id}, GET /versions/{id} ergänzt - Backend-Tests: 4 neue Tests für die neuen Endpoints - consent/page.tsx: Create-Modal + handleCreateDocument() + DELETE-Handler verdrahtet - einwilligungen/page.tsx: odentifier→identifier, ip_address, user_agent, history aus API gemappt; source nullable - cookie-banner/page.tsx: handleExportCode() + Toast für 'Code exportieren' Button - workflow/page.tsx: 'Neues Dokument' Button + createDocument() + Modal Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 09:29:58 +01:00
Benjamin Admin	9fa1d5e91e	fix: CLAUDE.md SSH-Befehle korrigiert — cd funktioniert nicht in SSH-Einzelbefehlen ... Alle docker compose Befehle auf -f /pfad/docker-compose.yml umgestellt. Git pull auf mac mini via git -C statt cd. Klarer Hinweis in Entwicklungsworkflow und Docker-Abschnitt ergaenzt. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 08:40:22 +01:00
Benjamin Admin	113ecdfa77	feat: Package 4 Rechtliche Texte — DB-Persistenz fuer Legal Documents, Einwilligungen und Cookie Banner ... - Migration 007: compliance_legal_documents, _versions, _approvals (Approval-Workflow) - Migration 008: compliance_einwilligungen_catalog, _company, _cookies, _consents - Backend: legal_document_routes.py (11 Endpoints + draft→review→approved→published Workflow) - Backend: einwilligungen_routes.py (10 Endpoints inkl. Stats, Pagination, Revoke) - Frontend: /api/admin/consent/[[...path]] Catch-All-Proxy fuer Legal Documents - Frontend: catalog/consent/cookie-banner routes von In-Memory auf DB-Proxy umgestellt - Frontend: einwilligungen/page.tsx + cookie-banner/page.tsx laden jetzt via API (kein Mock) - Tests: 44/44 pass (test_legal_document_routes.py + test_einwilligungen_routes.py) - Deploy-Scripts: apply_legal_docs_migration.sh + apply_einwilligungen_migration.sh Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 08:25:13 +01:00
Benjamin Admin	799668e472	fix: MkDocs Anker-Link in dokumentations-module.md korrigieren (#training → #training-engine) ... Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 18:55:37 +01:00
Benjamin Admin	5c7c0055ff	docs: MkDocs, SDK-Flow und Tests fuer 6 Dokumentations-Module aktualisieren ... MkDocs: - Neue Dokumentationsseite: docs-src/services/sdk-modules/dokumentations-module.md Beschreibt alle 6 Module (VVT, Source Policy, Document Generator, Audit Checklist, Audit Report, Training Engine) mit API-Endpoints, DB-Tabellen, Datenmodell und Besonderheiten - mkdocs.yml: Neuen Eintrag "Dokumentations-Module (Paket 3+)" ergaenzt SDK Flow (flow-data.ts): - VVT: dbTables korrigiert ([] → compliance_vvt_organization/activities/audit_log), dbMode: none → read/write, descriptionLong auf Backend-Persistenz aktualisiert - Training: dbTables ergaenzt (training_modules/assignments/quiz_*/matrix_entries/ audit_log), dbMode: none → read/write, Beschreibung auf 28 Module aktualisiert - Source Policy: Tabellennamen korrigiert (compliance_pii_field_rules → compliance_pii_rules, compliance_source_policies entfernt, compliance_source_operations ergaenzt) - Document Generator: Beschreibung um PDF-Export (window.print) und Fallback-Banner ergaenzt Tests: - Neue Datei: tests/test_source_policy_routes.py (35 Tests, alle gruen) - Schema-Tests: SourceCreate, SourceUpdate, PIIRuleCreate, PIIRuleUpdate - DB-Model-Tests: AllowedSourceDB, PIIRuleDB - Filter-Logik: source_type-Filter und category-Filter Unit-Tests - Audit-Log-Helper: _log_audit Verhalten verifiziert Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 18:48:55 +01:00
Benjamin Admin	ec53ba0350	fix: Audit PDF-Download-Pfad korrigiert (/pdf → /report/pdf) ... Alle 3 Frontend-Seiten (audit-report, audit-report/[sessionId], audit-checklist) riefen /sessions/{id}/pdf auf, aber der Backend- Endpoint ist /sessions/{id}/report/pdf. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 17:49:21 +01:00
Benjamin Admin	34fc8dc654	feat: 6 Dokumentations-Module auf 100% — VVT Backend, Filter, PDF-Export ... Phase 1 — VVT Backend (localStorage → API): - migrations/006_vvt.sql: Neue Tabellen (vvt_organization, vvt_activities, vvt_audit_log) - compliance/db/vvt_models.py: SQLAlchemy-Models für alle VVT-Tabellen - compliance/api/vvt_routes.py: Vollständiger CRUD-Router (10 Endpoints) - compliance/api/__init__.py: VVT-Router registriert - compliance/api/schemas.py: VVT Pydantic-Schemas ergänzt - app/(sdk)/sdk/vvt/page.tsx: API-Client + camelCase↔snake_case Mapping, localStorage durch persistente DB-Calls ersetzt (POST/PUT/DELETE/GET) - tests/test_vvt_routes.py: 18 Tests (alle grün) Phase 3 — Document Generator PDF-Export: - document-generator/page.tsx: "Als PDF exportieren"-Button funktioniert jetzt via window.print() + Print-Window mit korrektem HTML - Fallback-Banner wenn Template-Service (breakpilot-core) nicht erreichbar Phase 4 — Source Policy erweiterte Filter: - SourcesTab.tsx: source_type-Filter (Rechtlich / Leitlinien / Vorlagen / etc.) - PIIRulesTab.tsx: category-Filter (E-Mail / Telefon / IBAN / etc.) - source_policy_router.py: Backend-Endpoints unterstützen jetzt source_type und category als Query-Parameter - requirements.txt: reportlab==4.2.5 ergänzt (fehlende Audit-PDF-Dependency) Phase 2 — Training (Migration-Skripte): - scripts/apply_training_migrations.sh: SSH-Skript für Mac Mini - scripts/apply_vvt_migration.sh: Vollständiges Deploy-Skript für VVT Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 17:14:58 +01:00
Benjamin Admin	7cc420bd9e	docs: Tests, MKDocs und SDK-Flow-Beschreibungen fuer Analyse-Module aktualisieren ... Backend-Tests fuer alle 7 Analyse-Module (Requirements CRUD, AI System CRUD + Assessment, Evidence Pagination, Risk Workflow). MKDocs um Analyse-Module-Seite erweitert. SDK-Flow flow-data.ts und StepHeader STEP_EXPLANATIONS mit neuen Features aktualisiert (CRUD, Pagination, Evidence-Linking, Residual Risk, AI Act Backend-Persistenz, PDF-Export). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 16:09:03 +01:00
Benjamin Admin	d48ebc5211	feat: 7 Analyse-Module auf 100% — Backend-Endpoints, DB-Model, Frontend-Persistenz ... Alle 7 Analyse-Module (Requirements → Report) von ~80% auf 100% gebracht: - Modul 1 (Requirements): POST/DELETE Endpoints + Frontend-Anbindung + Rollback - Modul 2 (Controls): Evidence-Linking UI mit Validity-Badge - Modul 3 (Evidence): Pagination (Frontend + Backend) - Modul 4 (Risk Matrix): Mitigation-UI, Residual Risk, Status-Workflow - Modul 5 (AI Act): AISystemDB Model, 6 CRUD-Endpoints, Backend-Persistenz - Modul 6 (Audit Checklist): PDF-Download + Session-History - Modul 7 (Audit Report): Detail-Seite mit Checklist Sign-Off + Navigation Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 15:52:23 +01:00
Benjamin Admin	d079886819	feat: 7 Vorbereitungs-Module auf 100% — Frontend, Proxy-Routen, Backend-Fixes ... Profil: machineBuilder-Felder im POST-Body, PATCH-Handler Scope: API-Route (GET/POST), ScopeDecisionTab Props + Buttons, Export-Druckansicht HTML Anwendung: PUT-Handler, Bearbeiten-Button, Pagination/Search Import: Verlauf laden, DELETE-Route, Offline-Badge, ObjectURL Memory-Leak fix Screening: Security-Backlog Button verdrahtet, Scan-Verlauf Module: Detail-Seite, GET-Proxy, Konfigurieren-Button, Modul-erstellen-Modal, Error-Toast Quellen: 10 Proxy-Routen, Tab-Komponenten umgestellt, Dashboard-Tab, blocked_today Bug fix, Datum-Filter Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 15:08:13 +01:00
Benjamin Admin	fc83ebfd82	feat: Analyse-Module auf 100% Runde 2 — CREATE-Forms, Button-Handler, Persistenz ... Requirements: ADD-Form + Details-Panel mit Controls/Status-Anzeige Controls: ADD-Form + Effectiveness-Persistenz via PUT Evidence: Anzeigen/Herunterladen-Buttons mit fileUrl + disabled-State Risks: RiskMatrix Cell-Click filtert Risiko-Liste mit Badge + Reset AI Act: Mock-Daten entfernt, Loading-Skeleton, Edit/Delete-Handler Audit Checklist: JSON-Export, debounced Notes-Persistenz, Neue Checkliste Audit Report: Animiertes Skeleton statt Loading-Text Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 13:13:26 +01:00
Benjamin Admin	a50a9810ee	feat: Analyse-Module auf 100% — Backend-Wiring, Proxy-Route, DELETE-Endpoints ... 7 Analyse-Module (Requirements, Controls, Evidence, Risk Matrix, AI Act, Audit Checklist, Audit Report) von ~35% auf 100% gebracht: - Catch-all Proxy-Route /api/sdk/v1/compliance/[[...path]] erstellt - DELETE-Endpoints fuer Risks und Evidence im Backend hinzugefuegt - Alle 7 Frontend-Seiten ans Backend gewired (Fetch, PUT, POST, DELETE) - Mock-Daten durch Backend-Daten ersetzt, Templates als Fallback - Loading-Skeletons und Error-Banner hinzugefuegt - AI Act: Add-System-Form + assess-risk API-Integration - Audit Report: API-Pfade von /api/admin/ auf /api/sdk/v1/compliance/ korrigiert Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 12:46:11 +01:00
Benjamin Admin	f7a0b11e41	fix: Vorbereitung-Module auf 100% — Feld-Fixes, Backend-Persistenz, Endpoints ... - ScopeExportTab: 11 Feldnamen-Mismatches gegen ScopeDecision Interface korrigiert (level→determinedLevel, riskScore→risk_score, hardTriggers→triggeredHardTriggers, depthDescription→depth, effortEstimate→estimatedEffort, isMandatory→required, triggeredByHardTrigger→triggeredBy, effortDays→estimatedEffort) - Company Profile: GET vom Backend beim Mount, snake_case→camelCase, SDK State Fallback - Modules: Aktivierung/Deaktivierung ans Backend schreiben (activate/deactivate Endpoints) - Obligations: Explizites Fehler-Banner statt stiller Fallback bei Backend-Fehler - Source Policy: BlockedContentDB Model + GET /api/v1/admin/blocked-content Endpoint - Import: Offline-Modus Label fuer Backend-Fallback Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 12:02:40 +01:00
Benjamin Admin	80a988dc58	fix: SDK-Module Frontend-Backend-Mismatches beheben + fehlende Proxy-Routes ... - P0: enableBackendSync=true in SDKProvider aktiviert (PostgreSQL State-Persistenz) - P0: Source Policy 4 Tabs an Backend-Schema angepasst (is_active→active, data.logs→data.entries, is_allowed→allowed, rule_type→category, severity→action) - P0: OperationsMatrixTab holt jetzt Sources+Operations separat und joint client-side - P0: PIIRulesTab PII-Test auf client-side Regex umgestellt (kein Backend-Endpoint noetig) - P1: GET Proxy-Routes fuer Import, Screening und UCCA [id] (GET+DELETE) erstellt - P1: Compliance Scope ScopeOverviewTab/ScopeExportTab Prop-Interfaces erweitert - P2: Company Profile speichert jetzt auch zum dedizierten Backend-Endpoint - P2: UCCA Wizard von 5 auf 8 Steps erweitert (Rechtsgrundlage, Datentransfer, Vertraege) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 11:40:44 +01:00
Benjamin Admin	e6d666b89b	feat: Vorbereitung-Module auf 100% — Persistenz, Backend-Services, UCCA Frontend ... Phase A: PostgreSQL State Store (sdk_states Tabelle, InMemory-Fallback) Phase B: Modules dynamisch vom Backend, Scope DB-Persistenz, Source Policy State Phase C: UCCA Frontend (3 Seiten, Wizard, RiskScoreGauge), Obligations Live-Daten Phase D: Document Import (PDF/LLM/Gap-Analyse), System Screening (SBOM/OSV.dev) Phase E: Company Profile CRUD mit Audit-Logging Phase F: Tests (Python + TypeScript), flow-data.ts DB-Tabellen aktualisiert Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 11:04:31 +01:00
Benjamin Admin	cd15ab0932	feat: Phase 3 — RAG-Anbindung fuer alle 18 Dokumenttypen + Vendor Contract Review ... Migrate queryRAG from klausur-service GET to bp-core-rag-service POST with multi-collection support. Each of the 18 ScopeDocumentType now gets a type-specific RAG collection and optimized search query instead of the generic fallback. Vendor-compliance contract review now uses LLM + RAG for real analysis with mock fallback on error. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 10:10:32 +01:00
Benjamin Admin	d9f819e5be	docs+tests: Phase 2 RAG audit — missing tests, dev docs, SDK flow page ... - Add rag-query.test.ts (7 Jest tests for shared queryRAG utility) - Add test_routes_legal_context.py (3 tests for ?include_legal_context param) - Update ARCHITECTURE.md with multi-collection RAG section (3.3) - Update DEVELOPER.md with RAG usage examples, collection table, error tolerance - Add SDK flow page with updated requirements + DSFA RAG descriptions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 09:26:57 +01:00
Benjamin Admin	14a99322eb	feat: Phase 2 — RAG integration in Requirements + DSFA Draft ... Add legal context enrichment from Qdrant vector corpus to the two highest-priority modules (Requirements AI assistant and DSFA drafting engine). Go SDK: - Add SearchCollection() with collection override + whitelist validation - Refactor Search() to delegate to shared searchInternal() Python backend: - New ComplianceRAGClient proxying POST /sdk/v1/rag/search (error-tolerant) - AI assistant: enrich interpret_requirement() and suggest_controls() with RAG - Requirements API: add ?include_legal_context=true query parameter Admin (Next.js): - Extract shared queryRAG() utility from chat route - Inject RAG legal context into v1 and v2 draft pipelines Tests for all three layers (Go, Python, TypeScript shared utility). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 08:57:39 +01:00
Benjamin Admin	3d9bc285ac	Fix backend-compliance DATABASE_URL: use sync psycopg2 instead of asyncpg ... The DATABASE_URL was using postgresql+asyncpg:// with ?options= for search_path, but database.py uses synchronous SQLAlchemy (create_engine) and asyncpg doesn't support the 'options' keyword argument. The search_path is already set via an event listener in database.py, so the options parameter is unnecessary. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 08:19:23 +01:00
Benjamin Admin	a228b3b528	feat: add RAG corpus versioning and source policy backend ... Part 1 — RAG Corpus Versioning: - New DB table compliance_corpus_versions (migration 017) - Go CorpusVersionStore with CRUD operations - Assessment struct extended with corpus_version_id - API endpoints: GET /rag/corpus-status, /rag/corpus-versions/:collection - RAG routes (search, regulations) now registered in main.go - Ingestion script registers corpus versions after each run - Frontend staleness badge in SDK sidebar Part 3 — Source Policy Backend: - New FastAPI router with CRUD for allowed sources, PII rules, operations matrix, audit trail, stats, and compliance report - SQLAlchemy models for all source policy tables (migration 001) - Frontend API base corrected from edu-search:8088/8089 to backend-compliance:8002/api Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 07:58:08 +01:00
Benjamin Admin	187dbf1b77	fix(compliance-advisor): increase token limit and add source protection ... - Increase num_predict from 2048 to 8192 to prevent mid-sentence cutoff - Add "Quellenschutz" rules to system prompt: agent refuses to list all available sources/collections, only reveals sources used in answers - Remove internal collection names from RAG context sent to LLM - Agent confirms knowledge on specific topics but refuses meta-queries like "what sources do you have?" Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-01 11:57:21 +01:00
Benjamin Admin	f7c5effb9f	fix: correct EDPB/ENISA/EDPS PDF download URLs ... EDPB migrated from /sites/default/files/ to /system/files/YYYY-MM/. Updated all URLs to current working paths. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-01 11:17:12 +01:00
Benjamin Admin	b034a5281e	feat: add EDPB/ENISA/EDPS PDF downloads to populate-rag-originals ... Adds download URLs for 11 EDPB guidelines, EDPS DPIA list, 3 ENISA reports, and TMG/UrhG to the missing files check. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-01 11:10:11 +01:00
Benjamin Admin	b4cc374f7e	feat: add populate-rag-originals.sh for QA PDF downloads ... Script downloads original regulation PDFs from EUR-Lex into ~/rag-originals/ for use with the RAG QA Split-View Chunk-Browser. Lists missing national law PDFs that require manual download. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-28 17:46:15 +01:00
Benjamin Admin	71267e2a8a	test: add tests for compliance advisor IFRS prompt and ingestion script ... 46 tests covering: - COMPLIANCE_COLLECTIONS validation - IFRS endorsement warning content (5 points, CELEX, EFRAG reference) - Ingestion script structure (download_pdf, upload_file functions) - IFRS/EFRAG/ENISA URLs and metadata validation - Chunking config and verification phase Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-28 16:46:45 +01:00
Benjamin Admin	52a9ad2279	docs: add Industry Compliance Ingestion documentation ... - Document all 10 industry compliance PDFs and their sources - Cover ingestion script usage, phases, chunking config - Document IFRS timeout workaround and endorsement warning - Add license overview for all document sources Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-28 09:50:34 +01:00
Benjamin Admin	ee79a48e8e	fix: add User-Agent header to PDF downloads ... Some sites (ENISA) reject requests without User-Agent header. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-28 09:33:06 +01:00
Benjamin Admin	9026e392dc	fix: ENISA URLs + increase curl timeout for large PDFs ... - Update ENISA download URLs to new site structure (publications → sites/default/files) - Increase curl max-time from 300s to 600s for IFRS PDFs (7.5-8.2MB) - Update ENISA Secure by Design metadata (title changed) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-28 09:07:01 +01:00
Benjamin Admin	9496e758fc	feat: EU-IFRS 2023/1803 + EFRAG Endorsement ingestion & system prompt ... - Ingestion script: Add 3 new PDFs (IFRS DE/EN, EFRAG Endorsement Status) to ingest-industry-compliance.sh (7 → 10 documents total) - System prompt: Add EU-IFRS and EFRAG to competence area, add mandatory IFRS endorsement warning section for all IFRS/IAS queries Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-28 01:56:04 +01:00
Benjamin Admin	0e932c0df8	feat(advisor): multi-collection RAG search + country filter (DE/AT/CH/EU) ... - Replace single DSFA corpus query with parallel search across 6 collections via RAG service (port 8097) - Add country parameter with metadata filter for bp_compliance_gesetze - Add country-specific system prompt section - Add DE/AT/CH/EU toggle buttons in ComplianceAdvisorWidget header Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-28 01:04:30 +01:00
Benjamin Admin	8acf1d2e12	Add lesson content editor, quiz test endpoint, and lesson update API ... - Backend: UpdateLesson handler (PUT /lessons/:id) for editing title, content, quiz questions - Backend: TestQuiz handler (POST /lessons/:id/quiz-test) for quiz evaluation without enrollment - Frontend: Content editor with markdown textarea, save, and approve-for-video workflow - Frontend: Fix quiz endpoint to /lessons/:id/quiz-test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 17:57:15 +01:00
Benjamin Admin	1698912a27	Fix: map quiz_questions and content from backend to frontend Lesson type ... - Add quizQuestions field to Lesson interface - Map quiz_questions (snake_case) to quizQuestions (camelCase) in course mapping - Map correct_index to correctOptionIndex for quiz rendering Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 17:36:54 +01:00
Benjamin Admin	94006be778	Revert LLM model to qwen3:30b-a3b (qwen3.5 download incomplete) ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 16:17:47 +01:00
Benjamin Admin	77a8170a6e	Fix proxy UUID validation: reject non-UUID tenant/user IDs and use defaults ... The training API client sends X-Tenant-ID: "default" which the proxy was forwarding as-is, causing the backend to return 0 results. Now both proxies validate that tenant/user IDs match UUID format before forwarding, falling back to the configured defaults. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 15:55:09 +01:00
Benjamin Admin	20bc51b86c	Fix: show all training modules in course generator, not just unlinked ones ... All 28 modules already have academy_course_id set, so the filter was hiding everything. Now shows all modules with a "Kurs vorhanden" badge for linked ones. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 15:42:22 +01:00
Benjamin Admin	3ffba9ef4f	Fix Academy new course: use training module selector instead of topic input ... The "generate course" feature now shows a list of available training modules to select from, instead of a free-text topic field. This correctly sends the module_id to the backend GenerateCourseFromTraining handler. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 15:20:57 +01:00
Benjamin Admin	c78a7b687e	Fix Academy page crash: optional chaining for byStatus and categoryInfo fallback ... - statistics.byStatus.in_progress could crash on empty object → optional chaining - COURSE_CATEGORY_INFO[course.category] could return undefined → fallback to 'custom' - Update LLM model to qwen3.5:35b-a3b in docker-compose.yml Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 14:49:02 +01:00
Benjamin Admin	759c725793	fix(proxy): add default X-User-ID and X-Tenant-ID headers to API proxies ... Both academy and training proxy routes now set default identity headers so the Go backend RBAC middleware can set the tenant context. Without these defaults, the browser doesn't send X-User-ID and modules/courses return empty. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 12:05:08 +01:00
Benjamin Admin	66988d1304	feat(academy): bridge Academy with Training Engine for course generation ... - Add POST /academy/courses/generate endpoint that creates an academy course from a training module (with content + quiz as lessons) - Add POST /academy/courses/generate-all to bulk-generate all courses - Fix academy API response mapping (snake_case → camelCase) - Fix fetchCourses/fetchCourse/fetchEnrollments/fetchStats to unwrap backend response wrappers ({courses:[...]}, {course:{...}}) - Add "Alle Kurse generieren" button to academy overview page - Fix bulkResult.errors crash in training page (optional chaining) - Add SetAcademyCourseID to training store for bidirectional linking Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 11:57:13 +01:00