28 Commits

Author	SHA1	Message	Date
Benjamin Admin	2a0449c9b7	docs(qa): add Control Quality Pipeline documentation ... QA process, article types, match rates, preamble dedup rules, and next steps documented in MkDocs under Entwicklung. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-20 08:16:07 +01:00
Benjamin Admin	4b1eede45b	feat(tom): audit document, compliance checks, 25 controls, canonical control mapping ... Phase A: TOM document HTML generator (12 sections, inline CSS, A4 print) Phase B: TOMDocumentTab component (org-header form, revisions, print/download) Phase C: 11 compliance checks with severity-weighted scoring Phase D: MkDocs documentation for TOM module Phase E: 25 new controls (63 → 88) in 13 categories Canonical Control Mapping (three-layer architecture): - Migration 068: tom_control_mappings + tom_control_sync_state tables - 6 API endpoints: sync, list, by-tom, stats, manual add, delete - Category mapping: 13 TOM categories → 17 canonical categories - Frontend: sync button + coverage card (Overview), drill-down (Editor), belegende Controls count (Document) - 20 tests (unit + API with mocked DB) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-19 11:56:53 +01:00
Benjamin Admin	3bb9fffab6	docs: update control library taxonomy, add provenance wiki page ... - canonical-control-library.md: add 7 release_states (was 4), target_audience (17 values), generation_strategy, missing API endpoints (controls-customer, backfill-citations, backfill-domain), updated test counts (81+) - NEW control-provenance.md: extracted from frontend page.tsx — methodology, legal basis, filters, badges, taxonomy, open/restricted sources, verification methods, 23 categories, license matrix, source registry - mkdocs.yml: add Control Provenance Wiki to navigation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 08:49:42 +01:00
Benjamin Admin	a9e0869205	feat(pipeline): pipeline_version v2, migration 062, docs + 71 tests ... - Add PIPELINE_VERSION=2 constant and pipeline_version column to canonical_controls and canonical_processed_chunks (migration 062) - Anthropic API decides chunk relevance via null-returns (skip_prefilter) - Annex/appendix chunks explicitly protected in prompts - Fix 6 failing tests (CRYP domain, _process_batch tuple return) - Add TestPipelineVersion + TestRegulationFilter test classes (10 new tests) - Add MkDocs page: control-generator-pipeline.md (541 lines) - Update canonical-control-library.md with v2 pipeline diagram - Update testing.md with 71-test breakdown table Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-17 17:31:11 +01:00
Benjamin Admin	d2133dbfa2	test+docs(iace): add handler tests, error-handling tests, JSON export tests, TipTap docs ... - Create iace_handler_test.go (22 tests): input validation for InitFromProfile, GenerateSingleSection, ExportTechFile, CheckCompleteness, getTenantID, CreateProject, ListProjects, Component CRUD handlers - Add error-handling tests to tech_file_generator_test.go: nil context, nil project, empty components/hazards/classifications/evidence, unknown section type, all 19 getSystemPrompt types, AI-specific section prompts - Add JSON export tests to document_export_test.go: valid output, empty project, nil project error, special character handling (German text, XML escapes) - Add iace-hazard-library.md to mkdocs.yml navigation - Add TipTap Rich-Text-Editor section to iace.md documentation Total: 181 tests passing (was 165), 0 failures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 13:15:31 +01:00
Benjamin Admin	a9f291ff49	test+docs: add policy library tests (67 tests) and MKDocs documentation ... - New test_policy_templates.py: 67 tests covering all 29 policy types, API creation, filtering, placeholders, seed script validation - Updated test_legal_template_routes.py: fix type count 16→52 - New MKDocs page policy-bibliothek.md with full template reference - Updated dokumentengenerierung.md and rechtliche-texte.md with cross-refs - Added policy-bibliothek to mkdocs.yml navigation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-14 22:50:50 +01:00
Benjamin Admin	050f353192	feat(canonical-controls): Canonical Control Library — rechtssichere Security Controls ... Eigenstaendig formulierte Security Controls mit unabhaengiger Taxonomie und Open-Source-Verankerung (OWASP, NIST, ENISA). Keine BSI-Nomenklatur. - Migration 044: 5 DB-Tabellen (frameworks, controls, sources, licenses, mappings) - 10 Seed Controls mit 39 Open-Source-Referenzen - License Gate: Quellen-Berechtigungspruefung (analysis/excerpt/embeddings/product) - Too-Close-Detektor: 5 Metriken (exact-phrase, token-overlap, ngram, embedding, LCS) - REST API: 8 Endpoints unter /v1/canonical/ - Go Loader mit Multi-Index (ID, domain, severity, framework) - Frontend: Control Library Browser + Provenance Wiki - CI/CD: validate-controls.py Job (schema, no-leak, open-anchors) - 67 Tests (8 Go + 59 Python), alle PASS - MkDocs Dokumentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 19:55:06 +01:00
Benjamin Admin	0affa4eb66	feat(sdk): Multi-Projekt-Architektur — mehrere Projekte pro Tenant ... Jeder Tenant kann jetzt mehrere Compliance-Projekte anlegen (z.B. verschiedene Produkte, Tochterunternehmen). CompanyProfile ist pro Projekt kopierbar und danach unabhaengig editierbar. Multi-Tab-Support via separater BroadcastChannel und localStorage Keys pro Projekt. - Migration 039: compliance_projects Tabelle, sdk_states.project_id - Backend: FastAPI CRUD-Routes fuer Projekte mit Tenant-Isolation - Frontend: ProjectSelector UI, SDKProvider mit projectId, URL ?project= - State API: UPSERT auf (tenant_id, project_id) mit Abwaertskompatibilitaet - Tests: pytest fuer Model-Validierung, Row-Konvertierung, Tenant-Isolation - Docs: MKDocs Seite, CLAUDE.md, Backend README Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 14:53:50 +01:00
Benjamin Admin	9e65dff7d6	feat(isms): ISO 27001 Frontend, Proxy, Sidebar, Flow-Data, Architecture, MkDocs ... ISMS-Modul mit 6 Tabs (Uebersicht, Policies, SoA, Ziele, Audits/Findings/CAPA, Management-Reviews) fuer alle 39 Backend-Endpoints. Readiness-Check identifiziert potenzielle Major/Minor-Findings vor externer Zertifizierung. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 14:53:31 +01:00
Benjamin Admin	1e84df9769	feat(sdk): Multi-Tenancy, Versionierung, Change-Requests, Dokumentengenerierung (Phase 1-6) ... 6-Phasen-Implementation fuer cloud-faehiges, mandantenfaehiges Compliance SDK: Phase 1: Multi-Tenancy Fix - Shared tenant_utils.py Dependency (UUID-Validierung, kein "default" mehr) - VVT tenant_id Column + tenant-scoped Queries - DSFA/Vendor DEFAULT_TENANT_ID von "default" auf UUID migriert - Migration 035 Phase 2: Stammdaten-Erweiterung - Company Profile um JSONB-Felder erweitert (processing_systems, ai_systems, technical_contacts) - Regulierungs-Flags (NIS2, AI Act, ISO 27001) - GET /template-context Endpoint - Migration 036 Phase 3: Dokument-Versionierung - 5 Versions-Tabellen (DSFA, VVT, TOM, Loeschfristen, Obligations) - Shared versioning_utils.py Helper - /{id}/versions Endpoints auf allen 5 Dokumenttypen - Migration 037 Phase 4: Change-Request System - Zentrale CR-Inbox mit CRUD + Accept/Reject/Edit Workflow - Regelbasierte CR-Engine (VVT DPIA → DSFA CR, Datenkategorien → Loeschfristen CR) - Audit-Trail - Migration 038 Phase 5: Dokumentengenerierung - 5 Template-Generatoren (DSFA, VVT, TOM, Loeschfristen, Obligations) - Preview + Apply Endpoints (erzeugt CRs, keine direkten Dokumente) Phase 6: Frontend-Integration - Change-Request Inbox Page mit Stats, Filtern, Modals - VersionHistory Timeline-Komponente - SDKSidebar CR-Badge (60s Polling) - Company Profile: 2 neue Wizard-Steps + "Dokumente generieren" CTA Docs: 5 neue MkDocs-Seiten, CLAUDE.md aktualisiert Tests: 97 neue Tests (alle bestanden) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 14:12:34 +01:00
Benjamin Admin	b5625c14aa	feat(docs): Wettbewerbsanalyse aktualisiert — 11/15 Features erledigt, 57 Module, 9 USPs ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 22:35:01 +01:00
Benjamin Admin	4a564ad8f7	docs: SDK Workflow Referenzseite — Seq-Nummern, visibleWhen, Navigation ... Neue Übersichtsseite sdk-workflow.md mit vollständiger Referenz: - Alle 34 Steps mit seq-Nummern (100–4800) in Pakettabellen - Lücken-Konvention (100er innerhalb, 300er an Paket-Grenzen) - visibleWhen-Logik für import/dsfa/document-generator - Prerequisite-Ketten-Regeln und Ausnahmen - Alle Navigationsfunktionen (getNextStep, getVisibleSteps, etc.) - Anleitung zum Einfügen neuer Steps - Deprecated-Hinweis für getVisibleStepsForCustomerType Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 22:31:28 +01:00
Benjamin Admin	d527fcbdc8	fix(sdk)+docs: dsfa-visibleWhen Bug, training.md, index.md komplett ... Fixes: - types.ts: dsfa isOptional false→true + visibleWhen ergänzt (sichtbar nur bei Scope L2/L3/L4 oder dsfaRequired Hard-Trigger) - dsfa war einziger Step mit fehlendem visibleWhen laut Plan Docs: - training.md: NEU — Training Engine (seq 4800), alle Endpoints, Rollenmatrix, KI-Inhalt, Quiz, TTS-Media, DB-Schema - mkdocs.yml: Training Engine nav-Eintrag - index.md: E-Mail-Templates (4350) + Training Engine (4800) in Modul-Tabelle + URL-Liste ergänzt Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 21:13:06 +01:00
Benjamin Admin	d212208587	docs: MkDocs-Aktualisierung — Obligations v2, Extraction, fehlende Module ... - obligations.md: NEU — Obligations Framework v2 (325 Pflichten, 9 Regulierungen, Condition Engine, TOM-Mapping, Gap-Analyse, alle 13 API-Endpoints) - requirements.md: POST /compliance/extract-requirements-from-rag dokumentiert (RAG-Collections, dry_run, Deduplication, Auto-Regulation-Stubs) - vorbereitung-module.md: UCCA Obligations v2 Abschnitt + neue Endpoints + Hinweis: Go-Tests lokal statt im Container - index.md: Obligations, IACE, Import, Screening, RAG zur Modulliste + URLs - mkdocs.yml: obligations.md als nav-Eintrag Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 20:33:08 +01:00
Benjamin Admin	a1980cd12d	feat(reporting+docs): tenant-ID-Validierung, Go-Tests, 4 MkDocs-Einzelseiten ... - reporting_handlers.go: uuid.Nil-Check vor Store-Aufruf (→ 400) - reporting_handlers_test.go: 4 MissingTenantID-Tests (PASS) + 4 WithTenant-Tests (SKIP) - docs-src: requirements.md, controls.md, evidence.md, risks.md (je mit API, Schema, Tests) - mkdocs.yml: 4 neue Nav-Einträge + \n-Bug auf Zeile 91 behoben - compliance-kern.md: Link-Hinweise zu Detailseiten ergänzt Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 18:25:26 +01:00
Benjamin Admin	efeacc1619	feat(iace): Hazard-Library v2, Controls-Library, SEPA Avoidance, CE RAG-Ingest ... - Hazard-Library: +79 neue Eintraege in 12 Kategorien (software_fault, hmi_error, mechanical_hazard, electrical_hazard, thermal_hazard, emc_hazard, configuration_error, safety_function_failure, logging_audit_failure, integration_error, environmental_hazard, maintenance_hazard) — Gesamtanzahl: ~116 Eintraege in 24 Kategorien - Controls-Library: neue Datei controls_library.go mit 200 Eintraegen in 6 Domaenen (REQ/ARCH/SWDEV/VER/CYBER/DOC) - Handler: GET /sdk/v1/iace/controls-library (?domain=, ?category=) - SEPA: CalculateInherentRisk() + 4. Param Avoidance (0=disabled, 1-5: 3=neutral); RiskComputeInput.Avoidance, RiskAssessment.Avoidance, AssessRiskRequest.Avoidance — backward-kompatibel (A=0 → S×E×P) - Tests: engine_test.go + hazard_library_test.go aktualisiert - Scripts: ingest-ce-corpus.sh — 15 CE/Safety-Dokumente (EUR-Lex, NIST, ENISA, NASA, OWASP, MITRE CWE) in bp_compliance_ce und bp_compliance_datenschutz - Docs: docs-src/services/sdk-modules/iace.md + mkdocs.yml Nav-Eintrag Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 17:13:01 +01:00
Benjamin Admin	bd9796725a	feat(compliance-kern): Tests, MkDocs + RAG-Controls Button für Anforderungen/Controls/Nachweise/Risiken ... - 74 neue Tests (test_risk_routes, test_evidence_routes, test_requirement_routes, test_control_routes) Enum-Mocking (.value), ControlStatusEnum-Validierung, db.query() direkte Mocks - MkDocs: docs-src/services/sdk-modules/compliance-kern.md Endpunkt-Tabellen, Schema-Erklärungen, CI/CD-Beispiele, Risikomatrix - controls/page.tsx: "KI-Controls aus RAG vorschlagen" Button POST /api/sdk/v1/compliance/ai/suggest-controls, Suggestion-Panel, Requirement-ID-Eingabe + Dropdown, Konfidenz-Anzeige, Hinzufügen-Aktion Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 13:43:02 +01:00
Benjamin Admin	3913931d5b	feat(freigabe): Import/Screening/Modules/RAG — API-Tests, Migration 031, Bug-Fix ... - import_routes: GET /gap-analysis/{document_id} implementiert - import_routes: Bug-Fix — gap_analysis_result vor try-Block initialisiert (verhindert UnboundLocalError bei DB-Fehler) - test_import_routes: 21 neue API-Endpoint-Tests (59 total, alle grün) - test_screening_routes: 18 neue API-Endpoint-Tests (74 total, alle grün) - 031_modules.sql: Migration für compliance_service_modules, compliance_module_regulations, compliance_module_risks - test_module_routes: 20 neue Tests für Module-Registry-Routen (alle grün) - freigabe-module.md: MkDocs-Seite für Import/Screening/Modules/RAG - mkdocs.yml: Nav-Eintrag "Freigabe-Module (Paket 2)" Gesamt: 146 neue Tests, alle bestanden Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 11:42:19 +01:00
Benjamin Admin	0503e72a80	fix(freigabe): Vorbereitung-Module release prep — Python 3.9 fix, Scope Engine tests, MkDocs ... - fix: company_profile_routes.py — dict|None → Optional[dict] for Python 3.9 compat (9/9 tests grün) - test: 40 Vitest-Tests für ComplianceScopeEngine (calculateScores, determineLevel, evaluateHardTriggers, evaluate integration, buildDocumentScope, evaluateRiskFlags) - docs: vorbereitung-module.md — Profil, Scope, UCCA vollständig dokumentiert - docs: mkdocs.yml — Nav-Eintrag "Vorbereitung-Module (Paket 1)" vor Analyse-Module Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 10:57:17 +01:00
Benjamin Admin	451616b10e	docs: MkDocs-Dokumentation fuer DSR, E-Mail-Templates, Banner Consent ... - Neue Seiten: dsr.md, email-templates.md, banner-consent.md - rechtliche-texte.md: User-Consents & Cookie-Kategorien (Migration 028) ergaenzt - mkdocs.yml: 3 neue Nav-Eintraege unter SDK Module Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 08:22:38 +01:00
Benjamin Admin	a9de7b4010	docs: DSFA Modul — MkDocs + Developer Portal Dokumentation ... - docs-src/services/sdk-modules/dsfa.md: vollständige DSFA-Dokumentation (Endpoints, Datenmodell, Status-Workflow, DB-Tabellen, Tests, Compliance-Kontext) - mkdocs.yml: DSFA in Navigation unter SDK Module eingefügt - docs-src/index.md: DSFA + Paket-Links in Services-Dokumentation - docs-src/services/sdk-modules/dokumentations-module.md: DSFA in Übersichtstabelle - developer-portal/app/api/dsfa/page.tsx: vollständige API-Referenz mit cURL-Beispielen - developer-portal/app/api/page.tsx: DSFA-Abschnitt mit allen 8 Endpoints Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-04 22:55:31 +01:00
Benjamin Admin	c0b179510d	feat: Package 4 Phase 3 — Finale Fixes + Dokumentation (MkDocs, SDK Flow, StepHeader) ... Finale Fixes (5 Bugs): - workflow/page.tsx: Array-Format-Fix fuer loadVersions — Array.isArray statt data.versions - einwilligungen_routes.py: ip_address + user_agent in GET /consents Response ergaenzt - consent/page.tsx: Bearbeiten/Vorschau/Veroeffentlichen + Quick Actions verdrahtet (useRouter + Preview Modal) - cookie-banner/page.tsx: BannerTexts State + Controlled Inputs + DB-Persistenz (banner_texts) - embed-code/route.ts: In-Memory configStorage → DB-fetch aus Backend, embed_code Key korrigiert Dokumentation: - docs-src/services/sdk-modules/rechtliche-texte.md: Neue MkDocs-Seite fuer Paket 4 (Einwilligungen, Rechtliche Vorlagen, Cookie Banner, Document Workflow) - mkdocs.yml: Nav-Eintrag 'Rechtliche Texte (Paket 4)' ergaenzt - dokumentations-module.md: Datenfluss-Diagramm um Paket-4-Module erweitert - flow-data.ts: Paket-4-Steps mit korrekten dbTables/dbMode und aktualisierten Beschreibungen - StepHeader.tsx: cookie-banner + workflow STEP_EXPLANATIONS auf Persistenz und Funktionsumfang aktualisiert Tests: 24/24 bestanden (test_einwilligungen_routes.py) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-03 10:37:41 +01:00
Benjamin Admin	5c7c0055ff	docs: MkDocs, SDK-Flow und Tests fuer 6 Dokumentations-Module aktualisieren ... MkDocs: - Neue Dokumentationsseite: docs-src/services/sdk-modules/dokumentations-module.md Beschreibt alle 6 Module (VVT, Source Policy, Document Generator, Audit Checklist, Audit Report, Training Engine) mit API-Endpoints, DB-Tabellen, Datenmodell und Besonderheiten - mkdocs.yml: Neuen Eintrag "Dokumentations-Module (Paket 3+)" ergaenzt SDK Flow (flow-data.ts): - VVT: dbTables korrigiert ([] → compliance_vvt_organization/activities/audit_log), dbMode: none → read/write, descriptionLong auf Backend-Persistenz aktualisiert - Training: dbTables ergaenzt (training_modules/assignments/quiz_*/matrix_entries/ audit_log), dbMode: none → read/write, Beschreibung auf 28 Module aktualisiert - Source Policy: Tabellennamen korrigiert (compliance_pii_field_rules → compliance_pii_rules, compliance_source_policies entfernt, compliance_source_operations ergaenzt) - Document Generator: Beschreibung um PDF-Export (window.print) und Fallback-Banner ergaenzt Tests: - Neue Datei: tests/test_source_policy_routes.py (35 Tests, alle gruen) - Schema-Tests: SourceCreate, SourceUpdate, PIIRuleCreate, PIIRuleUpdate - DB-Model-Tests: AllowedSourceDB, PIIRuleDB - Filter-Logik: source_type-Filter und category-Filter Unit-Tests - Audit-Log-Helper: _log_audit Verhalten verifiziert Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 18:48:55 +01:00
Benjamin Admin	7cc420bd9e	docs: Tests, MKDocs und SDK-Flow-Beschreibungen fuer Analyse-Module aktualisieren ... Backend-Tests fuer alle 7 Analyse-Module (Requirements CRUD, AI System CRUD + Assessment, Evidence Pagination, Risk Workflow). MKDocs um Analyse-Module-Seite erweitert. SDK-Flow flow-data.ts und StepHeader STEP_EXPLANATIONS mit neuen Features aktualisiert (CRUD, Pagination, Evidence-Linking, Residual Risk, AI Act Backend-Persistenz, PDF-Export). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 16:09:03 +01:00
Benjamin Admin	52a9ad2279	docs: add Industry Compliance Ingestion documentation ... - Document all 10 industry compliance PDFs and their sources - Cover ingestion script usage, phases, chunking config - Document IFRS timeout workaround and endorsement warning - Add license overview for all document sources Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-28 09:50:34 +01:00
Benjamin Boenisch	dccb3e9f36	feat: add reporting frontend, fix module categorization, update docs ... - Create Reporting module frontend (page.tsx) with executive dashboard showing compliance score, risk overview, deadlines, module KPIs - Create Reporting lib (types.ts, api.ts) matching Go backend models - Add Reporting to STEP_EXPLANATIONS and both SDK sidebars - Remove DSB Portal, Multi-Tenant, SSO from SDK sidebars (admin-only) - Add Multi-Tenant, SSO, DSB Portal to dashboard navigation.ts with 'Plattform-Verwaltung' subgroup - Update docs: academy.md (PDF certs), reporting.md (new), index.md (SDK vs Admin categorization), mkdocs.yml (all modules) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-15 01:03:53 +01:00
Benjamin Boenisch	0e9970ff32	docs: Add MkDocs documentation for Document Crawler and SDK modules ... Adds documentation pages for: - Document Crawler (architecture, API endpoints, gap analysis) - Academy/Schulungsmodul - Whistleblower/Hinweisgebersystem (HinSchG) - Incidents/Datenschutzvorfaelle (Art. 33/34 DSGVO) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-13 22:05:30 +01:00
Benjamin Boenisch	c11270f8e0	Add CLAUDE.md, MkDocs docs, docs page in admin, .claude/rules ... - CLAUDE.md: Comprehensive documentation for Compliance SDK platform - docs-src: AI-Compliance-SDK docs (architecture, developer, auditor, SBOM) - mkdocs.yml: Compliance-specific nav with purple theme - docker-compose: Added docs service (port 8011, profile: docs) - admin-compliance: New /development/docs page with iframe + quick links - navigation.ts: Added development category with docs module - .claude/rules: testing, docs, open-source, compliance-checklist Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-12 00:49:28 +01:00