25 Commits

Author	SHA1	Message	Date
Benjamin Admin	9f4c4abb84	feat: Document recommendation UI in generator ... New RecommendedDocuments component shown above the template library: - Evaluates scope answers + compliance level (L1-L4) - Groups templates into required/recommended/optional - Shows profile label (Startup/KMU/Extended/Enterprise) - Cards link to actual templates — click opens in generator - Optional section collapsed by default - Only visible when scope has been completed Renders as purple gradient panel with grid cards, each showing template name and availability status. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-01 11:06:56 +02:00
Benjamin Admin	d942b21354	feat: SCC + TIA templates for third-country transfers ... New templates for the Vendor Compliance module: - 105: Transfer Impact Assessment (TIA) — Schrems II risk assessment with country evaluation, government access assessment, supplementary measures, risk matrix, and go/conditional/deny decision - 105: SCC Companion Document — annexes to EU Decision 2021/914 (module selection C2C/C2P/P2P/P2C, party details, data description, TOMs, sub-processor list) Template recommendations: SCC+TIA triggered by tech_third_country answer Generator: New "Drittlandtransfer" category Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-01 10:19:56 +02:00
Benjamin Admin	4ff6050f43	feat: Template recommendation engine — bridges scope to document generator ... Fixes critical gap: 50+ templates were unreachable because the Compliance Scope Engine only outputs 23 document types, while the database has 70+. New: templateRecommendations.ts - 25 template rules that map scope answers to specific templates - Covers ALL previously orphaned templates (HR-DSI, whistleblower, AI policy, BYOD, security policies, community guidelines, etc.) - Each rule evaluates scope answers + compliance level to determine required/recommended/optional status - Key triggers: - employee_count > 0 → employee_dsi, applicant_dsi - employee_count >= 50 → whistleblower_policy (HinSchG Pflicht!) - ai_usage != none → ai_usage_policy - business_model = platform → community_guidelines, terms_of_use - cert_target = iso27001 → isms_manual - webshop = yes → widerruf Updated: scopeDefaults.ts - getRecommendedDocuments() expanded with all 60+ document types - L1→L4 graduated recommendation (required/recommended/optional) Updated: _constants.ts - Consolidated AI governance into internal_policies category Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-01 10:12:15 +02:00
Benjamin Admin	42e02fe72d	feat: Phase 6 — Integration + QS (categories, scope defaults, examples) ... Phase 6 of the Document Templates Masterplan: - Categories: Consolidated AI governance into internal_policies, removed redundant category - scopeDefaults.ts: Added getRecommendedDocuments() function that maps L1-L4 compliance levels to required/recommended/optional document types (~60 types across 4 tiers) - Examples: Added dpa_de.json, tom_de.json, whistleblower_de.json example contexts for the document generator Document recommendation per level: - L1 (Startup): 5 required (DSI, Impressum, AGB, Cookie) - L2 (KMU): +6 recommended (AVV, TOM, VVT, Löschkonzept, etc.) - L3 (Extended): +16 recommended (Security concepts, policies, HR DSI) - L4 (Enterprise): +25 recommended (ISMS, BCM, all policies) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-01 09:36:48 +02:00
Benjamin Admin	3984f39329	feat: Phase 5 — Special templates (AI policy, BYOD, ISMS, consent, video DSI) ... Phase 5 of the Document Templates Masterplan: - 104: 5 new special templates: - ai_usage_policy: AI usage policy (AI Act Art. 4 training obligation, forbidden inputs, quality check, labeling, TDM opt-out) - byod_policy: Bring Your Own Device (container solution, remote wipe, DSFA, cost sharing options) - consent_texts: Double-Opt-In texts, newsletter, marketing, tracking, profiling consent, unsubscribe confirmation - video_conference_dsi: Video conference privacy notice (Zoom/Teams/Meet, recording consent, third-country transfer) - isms_manual: ISMS handbook (ISO 27001, document structure map to all other templates, PDCA cycle, management review) Generator: 6 new categories (AI governance, ISMS, consent, special DSI, internal policies) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-01 09:25:32 +02:00
Benjamin Admin	4417938558	feat: Phase 3 — Security + HR/Vendor/BCM policies ... Phase 3 of the Document Templates Masterplan: - 103: 4 new security policies (information_security_policy, password_policy, encryption_policy, access_control_policy) + updates for CRA (056) and all 15 HR/Vendor/BCM policies (072) New templates: - Information Security Policy: ISMS-Leitlinie (ISO 27001, BSI, NIS2) - Password Policy: BSI/NIST compliant (12+ chars, MFA, no forced rotation) - Encryption Policy: BSI TR-02102, algorithms, key management, TLS config - Access Control Policy: RBAC, Least Privilege, Zero Trust, rezertification Updates: AI Act + NIS2UmsuCG references for CRA and all 15 HR/Vendor/BCM Generator: 6 new categories (security, HR, data, vendor, BCM policies) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-01 09:05:03 +02:00
Benjamin Admin	f591871277	feat: Phase 1 — Whistleblower + Cookie/Impressum + HR-DSI templates ... Phase 1 of the Document Templates Masterplan: - 098: Whistleblower-Richtlinie (HinSchG) — 10 sections, anonymous reporting, 7-day confirmation, 3-month feedback, reprisal protection - 099: Cookie-Banner + Impressum updates — OS-Plattform discontinued note (July 2025), description updates - 100: Applicant DSI + Employee DSI — two new HR privacy notices with § 26 BDSG, 6-month retention (applicants), modular blocks for video interviews, talent pool, IT monitoring, company vehicles, works council Generator: 25 new fields (whistleblower, applicant, employee categories) Categories: whistleblower, hr_dsi added to document generator Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-01 08:29:52 +02:00
Benjamin Admin	bae59e2ce0	feat: Document Templates v2 — 11 migrations + scope-based generator ... Complete overhaul of document generator templates based on paragraph-by-paragraph legal review of attorney-drafted templates (TOM, AVV, AGB, DSI, Community Guidelines, Nutzungsbedingungen, Widerrufsbelehrung, Cookie-Richtlinie). Templates (11 migrations 087-097): - 087: TOM-Dokumentation v2 (11 categories incl. Trennungskontrolle) - 088: AVV Art. 28 DSGVO (complete, §§ 1-11, 3 annexes) - 089: Cross-document updates (Löschkonzept DIN 66399, VVT recipients) - 090: AGB SaaS/Shop v2 (18 §§, B2B/B2C, IoT, physical goods, IP protection) - 091: Community Guidelines v2 (3 tones, 11 modular categories, DSA-compliant) - 092: Media & Content modules (MStV, AI Act Art. 50, UWG, Pressekodex) - 093: DSI/Privacy Policy v2 (Art. 13 complete, shop+corporate modules) - 094: Nutzungsbedingungen (Terms of Use, UGC, tipping, wallet, CC licenses) - 095: Widerrufsbelehrung (SaaS + physical + IoT bundle + combo) - 096: Social Media DSI (Facebook, YouTube, LinkedIn, TikTok, Meta Pixel) - 097: Cookie-Richtlinie v2 (TDDDG § 25, consent banner, browser links) Frontend (generator): - scopeDefaults.ts: L1-L4 scope-based defaults from Compliance Scope Engine - contextBridge.ts: TOMCtx + DPACtx interfaces (70+ new fields) - contextBridge-helpers.ts: 35+ placeholder mappings for TOM/DPA/AGB - _constants.ts: 120+ new generator fields (TOM, DPA, AGB, community, media, social, nutzungsbedingungen, widerruf, cookie, shop, IoT) - page.tsx: Auto-prefill TOM/DPA from scope engine decision Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-01 01:18:33 +02:00
Benjamin Admin	2134383b5a	fix: guard placeholders with Array.isArray to prevent e.filter crash ... Same pattern as the email templates variables fix. Backend may return placeholders as object instead of array. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-28 23:36:09 +02:00
Benjamin Admin	b39c1d5dce	feat: DSR Prozessbeschreibungen Art. 15-21 mit Swim-Lane-Diagrammen ... 7 vollstaendige Prozessbeschreibungen fuer den Document Generator: - Art. 15: Auskunftsrecht (30 Tage, 6 Schritte, Informationskatalog) - Art. 16: Berichtigungsrecht (14 Tage, inkl. Art. 19 Mitteilung) - Art. 17: Loeschungsrecht (14 Tage, Art. 17(3) Ausnahmen-Checkliste) - Art. 18: Einschraenkungsrecht (14 Tage, erlaubte Verarbeitung) - Art. 19: Mitteilungspflicht (automatisch bei Art. 16/17/18) - Art. 20: Datenuebertragbarkeit (30 Tage, JSON/CSV/XML Export) - Art. 21: Widerspruchsrecht (30 Tage, Sonderfall Direktwerbung) Jede Beschreibung enthaelt: - Mermaid Swim-Lane-Diagramm (Betroffener/Sachbearbeitung/Fachabteilung/DSB) - Detaillierte Schritt-Tabelle mit Verantwortlichkeiten und Fristen - Rechtsgrundlagen-Verweise - Firmen-Platzhalter (FIRMENNAME, VERSION, DATUM, DSB_NAME) Integration: - 7 neue Typen in VALID_DOCUMENT_TYPES (legal_template_routes.py) - Neue Kategorie "DSR-Prozesse" im Document Generator Frontend - DSR types-core.ts: templateType Feld verknuepft DSR → Document Generator - Migration 085 seeded die Templates in die legal_templates Tabelle [migration-approved] Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-28 17:53:44 +02:00
Sharang Parnerkar	feedeb052f	refactor(admin-compliance): split 11 oversized files under 500 LOC hard cap (batch 2) ... Barrel-split pattern: each original becomes a thin re-export barrel; logic moved to sibling files so no consumer imports need updating. Files split: - loeschfristen-profiling.ts → profiling-data.ts + profiling-generator.ts - vendor-compliance/catalog/vendor-templates.ts → vendor-country-profiles.ts - vendor-compliance/catalog/legal-basis.ts → legal-basis-retention.ts - dsfa/eu-legal-frameworks.ts → eu-legal-frameworks-national.ts - compliance-scope-types/document-scope-matrix-core.ts → core-part2.ts - compliance-scope-types/document-scope-matrix-extended.ts → extended-part2.ts - app/sdk/document-generator/contextBridge.ts → contextBridge-helpers.ts - app/api/sdk/drafting-engine/draft/route.ts → draft-helpers.ts + draft-helpers-v2.ts All files ≤ 500 LOC. Zero behavior changes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-18 00:32:08 +02:00
Sharang Parnerkar	2ade65431a	refactor(admin): split compliance-hub, obligations, document-generator pages ... Each page.tsx was >1000 LOC; extract components to _components/ and hooks to _hooks/ so page files stay under 500 LOC (164 / 255 / 243 respectively). Zero behavior changes — logic relocated verbatim. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 17:10:14 +02:00
Sharang Parnerkar	c43d9da6d0	merge: sync with origin/main, take upstream on conflicts ... # Conflicts: # admin-compliance/lib/sdk/types.ts # admin-compliance/lib/sdk/vendor-compliance/types.ts	2026-04-16 16:26:48 +02:00
Sharang Parnerkar	eeb9931d87	refactor(admin): split document-generator page.tsx into colocated components ... Split 1130-LOC document-generator page into _components and _constants modules. page.tsx now 243 LOC (wire-up only). Behavior preserved. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-14 23:01:56 +02:00
Benjamin Admin	1cc34c23d9	feat(document-generator): 33 policy + module document templates ... - Migration 071: 14 IT-Security policy templates (ISO 27001/BSI) information_security, access_control, password, encryption, logging, backup, incident_response, change_management, patch_management, asset_management, cloud_security, devsecops, secrets_management, vulnerability_management - Migration 072: 15 Data/HR/Vendor/BCM policy templates data_protection, data_classification, data_retention, data_transfer, privacy_incident, employee_security, security_awareness, remote_work, offboarding, vendor_risk_management, third_party_security, supplier_security, business_continuity, disaster_recovery, crisis_management - Migration 073: 4 module document reference templates vvt_register, tom_documentation, loeschkonzept, pflichtenregister - TemplateType union: 17 → 61 types with German labels - VALID_DOCUMENT_TYPES: +6 types (cybersecurity_policy, dsfa, 4 module docs) - CATEGORIES: new "DSGVO-Dokumente" category for module documents Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-19 23:27:25 +01:00
Benjamin Admin	0171d611f6	feat: add policy library with 29 German policy templates ... Add 29 new document types (IT security, data, personnel, vendor, BCM policies) to VALID_DOCUMENT_TYPES and 5 category pills to the document generator UI. Include seed script for production DB population. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-14 22:37:33 +01:00
Benjamin Admin	49ce417428	feat: add compliance modules 2-5 (dashboard, security templates, process manager, evidence collector) ... Module 2: Extended Compliance Dashboard with roadmap, module-status, next-actions, snapshots, score-history Module 3: 7 German security document templates (IT-Sicherheitskonzept, Datenschutz, Backup, Logging, Incident-Response, Zugriff, Risikomanagement) Module 4: Compliance Process Manager with CRUD, complete/skip/seed, ~50 seed tasks, 3-tab UI Module 5: Evidence Collector Extended with automated checks, control-mapping, coverage report, 4-tab UI Also includes: canonical control library enhancements (verification method, categories, dedup), control generator improvements, RAG client extensions 52 tests pass, frontend builds clean. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-14 21:03:04 +01:00
Benjamin Admin	95fcba34cd	fix(quality): Ruff/CVE/TS-Fixes, 104 neue Tests, Complexity-Refactoring ... - Ruff: 144 auto-fixes (unused imports, == None → is None), F821/F811/F841 manuell - CVEs: python-multipart>=0.0.22, weasyprint>=68.0, pillow>=12.1.1, npm audit fix (0 vulns) - TS: 5 tote Drafting-Engine-Dateien entfernt, allowed-facts/sanitizer/StepHeader/context fixes - Tests: +104 (ISMS 58, Evidence 18, VVT 14, Generation 14) → 1449 passed - Refactoring: collect_ci_evidence (F→A), row_to_response (E→A), extract_requirements (E→A) - Dead Code: pca-platform, 7 Go-Handler, dsr_api.py, duplicate Schemas entfernt Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 19:00:33 +01:00
Benjamin Admin	6a8289246c	feat: DSFA als TemplateType + Kategorie im Document Generator ... - TemplateType-Union um 'dsfa' erweitert - TEMPLATE_TYPE_LABELS: dsfa → 'Datenschutz-Folgenabschätzung' - Document Generator: Kategorie-Tab 'DSFA' hinzugefügt Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-04 23:54:29 +01:00
Benjamin Admin	dd404da6cd	fix: Bibliothek-Vorschau zeigt vollständigen Template-Text ... Trunkierung bei 1.500 Zeichen entfernt, Container auf max-h-[32rem] erweitert damit langer Inhalt scrollbar aber vollständig lesbar ist. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-04 15:04:03 +01:00
Benjamin Admin	e0f7f2134e	feat: Template-Spec v1 Phase C — IF-Renderer + HOSTING/FEATURES + 4 neue DE-Templates ... - contextBridge.ts: HostingCtx + FeaturesCtx (35 Felder), ~50 neue Platzhalter-Aliases - ruleEngine.ts: buildBoolContext() + applyConditionalBlocks() (IF/IF_NOT/IF_ANY) - ruleEngine.test.ts: 67 Tests (+18 für Phase C), alle grün - page.tsx: IF-Renderer in Pipeline, HOSTING+FEATURES Formular-Sections, erweiterter SDK-Prefill - scripts/apply_templates_023.py: 4 neue DE-Templates (Cookie v2, DSE, AGB, Impressum) - migrations/023_new_templates_de.sql: Dokumentation + Verifikations-Query Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-04 14:35:56 +01:00
Benjamin Admin	1c5a4c2d96	feat: Template-Spec v1 Phase B — Rule Engine + Block Removal ... - ruleEngine.ts: Minimal JSONLogic evaluator, 6-phase runner (compute_flags, auto_defaults, hard_validations, auto_remove_blocks, module_requirements, warnings), getDocType mapping, applyBlockRemoval - ruleEngine.test.ts: 49 Vitest tests (alle grün) - page.tsx: ruleResult useMemo, enabledModules state, computed flags pills, module toggles, rule engine banners (errors/warnings/legal notice) - migrations/022_template_block_markers.sql: Dokumentation + Verify-Query - scripts/apply_block_markers_022.py: NDA_PENALTY_BLOCK, COOKIE_ANALYTICS_BLOCK, COOKIE_MARKETING_BLOCK in DB-Templates einfügen Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-04 13:23:03 +01:00
Benjamin Admin	076cdd587d	feat: DocumentGenerator — Template-Spec v1 Phase A (Kontext-Formular + Beispiele) ... - page.tsx: Generator-Section nutzt jetzt strukturiertes Kontext-Formular statt einzelner Platzhalter-Inputs - 10 Sections (Anbieter, Kunde, Dienst, Rechtliches, Datenschutz, SLA, Zahlungskonditionen, Sicherheit, NDA, Cookie/Einwilligung) - Nur für die Vorlage relevante Sections werden angezeigt (getRelevantSections) - Collapsible Sections mit Auto-Expand beim Template-Wechsel - Uncovered Placeholders als separate manuelle Eingaben - Validierungs-Badge zeigt fehlende Pflichtfelder - Grüne Bestätigung wenn alle Felder ausgefüllt - 11 Beispiel-Contexts für alle doc_types (nda_de, nda_en, sla_de, aup_en, community_de, copyright_de, cloud_contract_de, data_usage_clause_de, cookie_banner_de, agb_de, liability_clause_en) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-04 12:36:40 +01:00
Benjamin Admin	eca0855216	feat: Sidebar-Links fuer Developer Portal + SDK Dokumentation ... Externe Links oeffnen in neuem Tab mit Icon-Indikator. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-04 12:24:39 +01:00
Benjamin Admin	215b95adfa	refactor: Admin-Layout komplett entfernt — SDK als einziges Layout ... Kaputtes (admin) Layout geloescht (Role-Selection, 404-Sidebar, localhost-Dashboard). SDK-Flow nach /sdk/sdk-flow verschoben. Route-Gruppe (sdk) aufgeloest. Root-Seite redirected auf /sdk. ~25 ungenutzte Dateien/Verzeichnisse entfernt. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-04 11:43:00 +01:00