1501 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Benjamin Admin	e5cce9caff	Extend advisor proof with procedure→evidence chain ... Vollständige Begründungskette aus der Registry: Rechtsgrundlage → Obligation → Procedure → Controls → Evidence → Antwort. Join cra.json × cra_procedures.json, deterministisch, kein LLM. SBOM-Beweis: 7 Pflichten je mit CRA-Rechtsgrundlage + Procedure (wie umgesetzt) + Controls (Prüfung) + aggregierte Required Evidence; 4 Best-Practice (Guidance OWASP/NIST/ENISA); Beziehung sbom_*→supports→vuln_identification; citation 7/7 pending_span_anchor. Der Unterschied zu RAG sichtbar: RAG beantwortet — BreakPilot begründet UND operationalisiert. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-25 09:44:27 +02:00
Benjamin Admin	67dba5f641	Add CRA procedure model (SBOM + Vuln) ... Schließt die Lücke Obligation→Procedure→Control→Evidence (Schritt 3, Compliance-OS-Ebene). Procedure = Umsetzungs-/Nachweisebene EINER Obligation, KEINE neue Pflicht (LEGAL_MINIMUM bleibt an der Obligation; Procedure beschreibt Umsetzung; Evidence belegt sie). - 11 Procedures (5 SBOM + 6 Vuln), 2 Worked Examples; source_role=procedural_requirement (Konvergenz mit der Legal-Knowledge-Engine der anderen Session) - fulfills_obligations[] referenziert die cra.json-Obligations (alle gültig, volle Abdeckung) - steps/controls/evidence je Procedure; KEINE tier/legal_basis-Felder (kein Pflicht-Duplikat) - citation_spans: [] / pending_span_anchor (Join folgt mit dem zitierfähigen Re-Ingest) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-25 09:28:40 +02:00
Benjamin Admin	db2fd9d8e9	Add obligation advisor proof (P3) ... Demonstriert den Produktnutzen der Registry: obligation-basierte Antwort statt RAG-Text. Frage → Pflicht (LEGAL_MINIMUM + Rechtsgrundlage + Applicability) ⊥ Best Practice (guidance_basis) ⊥ Nachweise (evidence_facets + member controls) + Beziehungen, deterministisch aus obligations/cra.json (kein LLM, zitierfähig). Beleg (SBOM, Maschinenbauer): JA — 7 CRA-Mindestpflichten + 4 Best-Practice (OWASP/NIST/ENISA); sbom_* supports vuln_identification_inventory. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-25 09:06:34 +02:00
Benjamin Admin	d21e1247c9	Merge remote-tracking branch 'origin/main' into feat/obligation-aggregation	2026-06-25 07:49:16 +02:00
Benjamin Admin	e1b270c36e	Add obligation discovery pipeline tooling ... Sichert die validierte Obligation Discovery Pipeline aus /tmp als dauerhaftes, committetes Tooling (scripts/obligation_discovery/) — der eigentliche Vermögenswert. Stufen: precluster (Embedding-Cache + Mikro-Cluster) → meta_cluster (Review Units, Skalierungs-Fix) → synthesize_obligations (Opus, Key aus ENV, Streaming, harte Tier-Regel, Provenance) → validate_registry → merge_review_diff. Reine Helfer in _core.py, 16 Unit-Tests. Doku docs-src/development/obligation_discovery_pipeline_v1.md mit Meilensteinen (SBOM/Vuln reproduziert, Auth 4408→170 Review Units→54→kuriert 29) und der Architekturregel: Runtime deterministisch, Discovery LLM-gestützt. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-25 07:41:45 +02:00
Benjamin Admin	48e39423e6	Add curated CRA authentication obligations (scaling test) ... Erster großer Skalierungstest der Registry-Pipeline mit Zwei-Stufen-Clustering: 4408 Controls → 2134 Mikro → 170 Review Units → Opus-Synthese 54 → Kuration 29. - Zwei-Stufen-Clustering (Mikro→Meta/Review-Unit) ist der Skalierungs-Fix für große Domänen - harte Tier-Regel generalisiert: nur 6 LEGAL_MINIMUM (CRA fordert nur High-Level-Auth), 23 BEST_PRACTICE; MFA/Passwort/Session/Krypto = guidance_basis, kein CRA-Primärrecht - Kuration (key-frei, regelbasiert): Krypto-Mikro→guidance · Prüf/Nachweis→evidence-Facette · Mechanismus-Familien behalten · eID/PSD2→out_of_scope; 6 LM unangetastet - Provenance pro Obligation (source_meta_cluster/confidence/model/version) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-25 07:30:55 +02:00
Benjamin Admin	31222885b3	feat(ai-sdk): control-intent result diversity + standard-name classifier override ... On an implementation question impl_guidance (ENISA) keeps its earned semantic Top-1, but the top-K now surfaces the best operational_requirement and control_standard from the pool (ensureControlDiversity) — so different source roles are visible instead of one role flooding the list, without forcing the binding sources to Top-1. A recognised standard NAME (NIST/OWASP/ISO 27001/CIS/CSA CCM/Grundschutz) now overrides a mis-applied supervisory_guidance source_class in classifyAuthority, so those standards classify and rank as technical_standard (control_standard role). The corpus tags many standards as guidance (weight 70); the name wins. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-25 01:54:36 +02:00
Benjamin Admin	188bb787d2	Add proposed CRA obligation relationships ... 11 human-reasoned Beziehungskanten in cra.json gemerged (dedupliziert gegen die Pipeline-Kanten), getaggt review_status=proposed / source=human_reasoned_preview / confidence=high. Nur die kleine Sprache depends_on / supports / produces_evidence_for; gerichtet. Cross-Family SBOM→Vuln-Kanten erlauben dem Advisor Ursachen-/Wirkungsketten. Damit ist der CRA-v1-Baustein vollständig: Obligations · legal_basis · guidance_basis · out_of_scope · relationships · pending citation anchors. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-25 00:08:47 +02:00
Benjamin Admin	d9d04deb00	feat(ai-sdk): close the 4 GT #3 recall gaps — backflow, cut, restart, spray-arm ... Phase 1 complete. GT #3 recall 84% -> 100% (25/25 matched), no regression: - HP2207 backflow / potable-water contamination (EN 1717) + measure M2209 (Rueckflussverhinderer / Systemtrenner) — the only genuinely new hazard. - HP2208 cut on sharp edges/screens (new sharp_edge tag from scharfe-Kante/Sieb). - HP2209 unexpected restart during maintenance (dedicated dom_warewashing pattern; avoids flooding the log via the broad moving_part tag). - Spray-arm contact now covered by the enclosure-re-scoped contact patterns. Kistenhub 97.1% and Bremse pinned mappings unchanged; 0/28 hazards without a measure. Completes the commercial-dishwasher (white-goods Phase 1) coverage. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-25 00:05:30 +02:00
Benjamin Admin	2645b5b043	Add draft CRA obligation registry ... Erstes belastbares Registry-Artefakt (obligation_registry_v1) aus den validierten SBOM+Vuln-Candidates der Obligation Discovery Pipeline. - 18 Obligations (11 SBOM + 7 Vuln) - 14 LEGAL_MINIMUM, alle mit legal_basis (harte Tier-Regel) - 4 BEST_PRACTICE korrekt herabgestuft (source_role GUIDANCE/IMPLEMENTATION) - 70 OUT_OF_SCOPE-Cluster getrennt; member_controls vollständig - legal_basis (CRA-Primärrecht) ⊥ guidance_basis (BSI/ENISA/NIST/...) - citation_status=pending_span_anchor (span_id folgt mit Asset 2), review_status=draft Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 23:52:20 +02:00
Benjamin Admin	fe5dc59152	test(ai-sdk): GT #3 completeness — 8 shared white-goods hazards + CNC gate ... Phase 1 of the commercial white-goods expansion (EN ISO 10472 family). Extend GT #3 with 8 completeness hazards a Fachmann expects but that were neither in the GT nor previously questioned: dry-run boiler overheating, residual/stored electrical energy, sharp-edge cut, tipping, interlock-failure, unexpected restart, backflow (EN 1717), microbial/legionella. Enrich the UC-M narrative with the real features so existing library patterns can fire. Result: 4/8 auto-covered by existing patterns (dry-run, residual voltage, tipping, interlock-failure) — recall 84% (21/25). Remaining gaps documented: spray-arm contact (4.3), sharp-edge cut (4.6), backflow (2.3), restart (6.4). Gate the re-surfaced CNC leak ("spanende Bearbeitung", high_temperature-only) via dom_cnc. Kistenhub 97.1% and Bremse pinned mappings unchanged. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 23:46:19 +02:00
Benjamin Admin	6b7950f428	Freeze Obligation Registry v1 spec (citability + two-graph) ... Schreibt das Zielmodell fest: Legal Obligation = gemeinsame Sprache zwischen Legal Knowledge Graph (Chat) und Compliance Execution Graph (Engine). - Registry-Schema v1 (id/tier/legal_basis/guidance_basis/facets/citation_anchor_ids/ relationships/decision_method) - Zitierfähigkeit hängt an der OBLIGATION, nicht an Controls (Regulierungsänderung = Anchor tauschen, Controls unverändert) - legal_basis (Primärrecht) vs guidance_basis (NIST/OWASP/...) + source_role (LEGAL_BASIS/GUIDANCE/EVIDENCE/IMPLEMENTATION/OUT_OF_SCOPE) - HARTE Regel: LEGAL_MINIMUM nur mit Primärrechts-Anker - Beziehungsgraph: requires/implements/supports/produces_evidence_for/depends_on/derived_from - Citation-Anchor-Pipeline Document→Obligation (KEIN Re-Ingest zum Control-Neubau) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 23:33:29 +02:00
Benjamin Admin	8563798c4f	fix(ai-sdk): one hazard per pattern in init — drop cross-category duplicates ... Class E1. A multi-category pattern (e.g. "Motorueberlast" [electrical, thermal], "Lagerschaden" [mechanical, thermal]) created one hazard per category, so the same scenario+zone appeared twice in the CE hazard log under different labels. InitializeProject now breaks after the primary (first eligible) category — one hazard per pattern. This aligns production with the GT benchmark, which already scores one hazard per matched pattern. Cyber-skip, per-category cap and cross-pattern measure-merge still use continue (unchanged). Handlers + iace suites green; Kistenhub/Bremse unchanged. Note (E2, not fixed): some scenarios exist as TWO separate patterns (e.g. "Sicherheitssoftware manipuliert" in hazard_patterns_final_c.go and _final_d.go) — library redundancy that E1's per-pattern break cannot merge. Left for a separate, GT-guarded library-dedup audit. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 23:06:01 +02:00
Benjamin Admin	bde6e76a57	fix(ai-sdk): keyword precision — stop adjective/generic ghost components ... Class D (generic keyword hygiene, GT-guarded). Two over-broad keyword->component mappings produced ghost components: - "kuehl"/"cool" -> Kuehlaggregat (C095) matched product variants ("Cool-Ausfuehrung") and outputs ("kuehle Glaeser"). Narrowed to cooling-UNIT terms (kuehlaggregat, kuehlanlage, kuehler, kaeltemaschine, chiller, rueckkuehl). - "filter" -> Absauganlage/Oelnebelabscheider (C124) matched any filter (Laugen-/Wasser-/Oelfilter). Keep "filteranlage" only. No pattern or GT test depends on these mappings (Kistenhub/Bremse use hand-crafted inputs). UC-M now parses 6 plausible components (was 8 incl. the two ghosts). Warewashing GT recall 82.4% and Kistenhub/Bremse pins unchanged. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 23:01:19 +02:00
Benjamin Admin	5318a70f9e	feat(ai-sdk): interlocked-enclosure model — guard-open re-scoping of contact hazards ... Class C (phase-aware, generic EN ISO 14120). A contact/entanglement hazard from a moving part is removed during NORMAL operation when the part is behind an interlocked guard; it remains only when the guard is open (maintenance/cleaning). - New HazardPattern.GuardableByEnclosure flag; set on HP096 (friction at rotating surfaces) and HP101 (entanglement of hair/clothing). - Narrative emits interlocked_enclosure for an interlocked door/hood. - pattern_enclosure.go: suppressedByEnclosure (drop in normal-op-only contexts) + guardedLifecycles (re-scope to maintenance/cleaning). - GT #3 gains the maintenance-phase entanglement/friction rows. Generic + regression-safe: machines that do not emit interlocked_enclosure are unaffected. GT #3 recall 80% -> 82.4%, one false positive removed (Aufwickeln). Kistenhub 97.1% and all 26 Bremse pinned mappings unchanged. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 22:13:34 +02:00
Benjamin Admin	cf86dc241b	test(ai-sdk): GT #3 (commercial dishwasher) + fix Drehtisch keyword mislabel ... Add ground_truth_warewashing.json + TestWarewashing_GTCoverage. The test runs the UC-M narrative through the SAME chain as production (ParseNarrative -> engine -> relevance + cyber filter), so keyword/gating fixes are measured on the real hazard set, and false positives show up as "extra". Class A (generic keyword hygiene): spuelarm/spuelfeld no longer map to library component C004 ("Drehtisch" / rotary table) — that mislabelled the spray arm. Keep the rotating_part tag. Removes the bogus "Drehtisch" hazard. GT #3 baseline -> after Class A: recall 80% (unchanged), one false positive (Drehtisch) removed. Kistenhub 97.1% and Bremse pinned mappings unchanged. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 21:51:26 +02:00
Benjamin Admin	ba6f1bd1f6	Document obligation aggregation validation results ... Hält den bewiesenen Shadow-Stand fest: vier Schichten (Obligation Aggregation, Applicability, Recall-limited Segregation, Targeted LLM Fix) + Zahlen. - 7-Firmen-Shadow: 136 legacy control-findings → 29 obligation findings = 4,7× (23 echte Lücken, 6 recall_limited in nur 2/7 Firmen, 46 MET, 2 N/A) - LLM-Fix validiert: teamviewer 5→0, safetykon 7→4 (echte Portability-Lücke bleibt, legitimate_interest→NA); recall_limited 3→0 bei beiden - Modell: Haiku 4.5 (fest verdrahteter Sufficiency-Judge), NICHT OVH-Kaskade/Opus → Deploy-Gate ist ein gültiger Anthropic-Key auf dev, nicht der OVH-Pfad Kein Deploy, kein Live-Schalten. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 21:39:28 +02:00
Benjamin Admin	79ad95e244	feat(ai-sdk): keep cyber/AI hazards out of the traditional CE hazard log ... InitializeProject created hazards for every matched pattern, so native cybersecurity/AI topics (unauthorized access, firmware manipulation, missing SBOM, ...) mixed into the ISO 12100 hazard log. Route the security categories (frontend groups I. Cyber/Netzwerk + J. KI) to the CRA module instead — generically for EVERY project, enforced centrally in InitializeProject. The split is by the nature of the hazard, not the component: functional-safety control faults stay in CE (software faults, lost safety functions, config errors, bus failures, botched updates) — they are random/systematic faults, not attacks, and feed the CRA safety-function bridge. This holds whether the controller is a bought-in CE-marked PLC or the manufacturer's own control. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 20:20:15 +02:00
Benjamin Admin	a6f1020b2c	feat(ai-sdk): IACE warewashing hazard patterns + cross-domain gating ... Add commercial-dishwasher hazard patterns (HP2200-HP2206): hot-water/steam scald on door opening, hot surfaces, hot ware, corrosive detergent/rinse-aid burn, respiratory irritation, door pinch and wet-floor slip — each gated by dom_warewashing so they never leak into other machine classes. Add the matching warewashing protective measures (M2200-M2208). Tighten capability-domain gating: emit dom_flame/dom_glue and add welding surface-form gate terms (schweissarbeitsplatz, schweissfunke, lichtbogenzone, ...) so the welding/flame/glue burn patterns stop leaking into thermal-capable machines such as a dishwasher. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 20:20:15 +02:00
Benjamin Admin	c1ea9458a7	Add met_count and recall_limited_obligations to shadow telemetry ... Reichert die Obligation-Shadow-Telemetrie um zwei Felder an für die Cross-Firmen- Auswertung: met_count (abgedeckte Obligations) + recall_limited_obligations (welche Obligations recall-limitiert sind) — erlaubt die Konzentrations-Analyse über Firmen. 7-Firmen-Shadow: 136 Control-Findings → 29 Obligation-Findings (4,7×); recall_limited nur 6/29, konzentriert auf third_country/safeguards in 2/7 Firmen → LLM-Fix bounded. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 20:15:45 +02:00
Benjamin_Boenisch	e50892a2aa	feat(ai-sdk): searchControls — recall control sources on implementation questions (#39)	2026-06-24 12:08:29 +00:00
Benjamin Admin	0631a98bdd	Mark recall-limited obligations in DSE shadow telemetry ... Trennt im Shadow drei Kategorien statt eines pauschalen FAILED: - echte Lücke (failed_by_current_checker) - redundanter Control-FP (kollabiert per OR zu MET) - Prüfer-Reichweitenproblem (recall_limited) obligation_taxonomy.py: decision_method_required=LLM für recipients_disclosed, third_country_transfer_disclosed, safeguards_disclosed, safeguards_accessible (versioniertes Registry-Artefakt bis DB-Tabelle, v1-Spec). Empirisch: TeamViewer 0/22 kw+emb trotz erfüllter Pflicht (cos 0.49-0.57) → CONTENT/LLM-Klasse, kein Schwellen-Fix. compute_obligation_shadow segregiert FAILED/PARTIAL über requires_llm(): teamviewer 5 Findings → 2 echte + 3 recall_limited. 9 neue Unit-Tests (41 gesamt grün). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 13:46:21 +02:00
Benjamin_Boenisch	9cfe6f83b1	feat(ai-sdk): source_role control-pool (controls != only technical_standard) (#38)	2026-06-24 11:12:22 +00:00
Benjamin Admin	c3542f7dfe	feat(dse): obligation shadow telemetry ... Verdrahtet die Obligation Aggregation Engine als Layer 4 (SHADOW) in v3_engine: erzeugt aus den results zusätzlich Obligation-Ergebnisse AUSSCHLIESSLICH für die Telemetrie. Greift NICHT in results ein — nutzer-sichtbare Findings unverändert. - _obligation_shadow.py: fetch_obligation_markers (legal_obligations + applicability) + compute_obligation_shadow (pure): legacy_control_findings, obligation_shadow_results, collapse_factor, na_count, met_failed_delta, top_collapsed_obligations - met-Signal = Legacy-passed (kein zusätzlicher Prüfer-Call/Key) E2E (3 Firmen, echte Engine): 57 Control-Findings → 14 Obligation-Findings (4,1×); Redundanz kollabiert wo Evidenz existiert, echte Lücken bleiben FAILED. 6 Unit-Tests grün. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 12:59:52 +02:00
Benjamin Admin	7ec29999a2	feat(obligation): obligation applicability predicates ... Minimaler Applicability-Hook für die Obligation Aggregation Engine: entscheidet aus dem Dokumenttext, ob eine bedingte Obligation anwendbar ist (True/False/None). - has_third_country_transfer · uses_legitimate_interest · direct_marketing (+ Alias legitimate_interest_or_public_task) - unbekanntes Prädikat → None → Aufrufer behält Default=anwendbar (fail-safe, nie stille NA) - profiling/employment/telecom/health/data_act folgen als nächste Charge Re-Benchmark (Opus-GT, 3 Firmen): Prädikate erkennen Transfer/berecht.Interesse/ Direktwerbung korrekt → keine falsche NA; NA-Flip-Probe bestätigt FEHLT→NA ohne Transfer. 14 Unit-Tests grün. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 12:43:42 +02:00
Benjamin Admin	402a42d30d	feat(obligation): obligation-level aggregation engine ... Erste Ausführung des Legal Obligation Layer v1: aggregiert Bewertungen auf Kriterium-/Control-Ebene zu Findings auf Obligation-Ebene (Regulation → Legal Obligation → Control → Criterion). - regulierungs-agnostisch (obligation_id/tier/met/legal_basis/conditional) - fail-safe: LM applicable=false→NA · keine erfüllt→FAILED · alle→MET · Teil→PARTIAL; BP/OPT covered→MET sonst OPEN (nie FAILED); LM unbewertbar→UNDETERMINED (Legacy behalten) - Redundanz-Kollaps per OR pro legal_basis-Anforderung → kein künstliches PARTIAL - Applicability als Hook (Prädikat-Engine folgt separat) Shadow-Benchmark (Opus-GT, 3 Firmen): 38 Control-Findings → 13 Obligation-Findings (2,9×); ~23 redundante Falsch-Positive strukturell korrigiert, echte Lücken erhalten, PARTIAL=0. 16/16 Unit-Tests grün. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-24 12:28:03 +02:00
Benjamin_Boenisch	df7966656a	feat(ai-sdk): classify NIST/OWASP/Grundschutz as technical_standard (#37)	2026-06-24 10:15:17 +00:00
Benjamin_Boenisch	05d75e8039	feat(ai-sdk): control-intent — technical_standard may win implementation questions (#36)	2026-06-24 09:58:35 +00:00
Benjamin_Boenisch	e24a551ee4	fix(ai-sdk): make interpretation-intent override reliably win (#35)	2026-06-24 09:31:58 +00:00
Benjamin_Boenisch	f11b2e035f	feat(ai-sdk): controlled interpretation-intent guidance override (#34)	2026-06-24 09:01:25 +00:00
Benjamin_Boenisch	230dc05287	feat(ai-sdk): legal-corpus coverage + Phase-2 citation-graph assessment (#33)	2026-06-24 06:37:22 +00:00
Benjamin_Boenisch	b83c3e6e00	ci(go-lint): golangci-lint v1.64.8 (go1.24) + new-from-merge-base (#32)	2026-06-23 10:58:48 +00:00
Benjamin_Boenisch	a1f425d43a	feat(ai-sdk): authority-aware re-ranking for legal RAG (Phase 1) (#31)	2026-06-23 09:30:52 +00:00
sharang	23c6ac6f32	Merge pull request 'feat: wire breakpilot-compliance to Infisical for local dev' (#30) from feat/infisical-secrets into main	2026-06-22 19:12:54 +00:00
Sharang Parnerkar	d82f86fc95	feat: wire breakpilot-compliance to Infisical for local dev ... - Add .infisical.json linking the repo to the breakpilot-compliance project on the self-hosted secrets.meghsakha.com instance. - Add Makefile with infisical-aware targets (make dev, dev-build, dev-down, secrets, secrets-set). `make dev` runs `infisical run --env=dev -- docker compose up`, so secrets are injected at run time and .env files no longer touch disk. - Add INFISICAL_SETUP.md with per-developer onboarding (CLI install, login, verify project link, run targets, Claude Code usage patterns, troubleshooting). - Update README Quick Start to drop the cp .env.example .env step and point at make dev + INFISICAL_SETUP.md. - Remove HashiCorp Vault references from CLAUDE.md (core-services list + sensitive-files list) and compliance-checklist.md TOM section; replace with Infisical. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-22 21:00:58 +02:00
Benjamin Admin	a4d1105b3c	Merge branch 'feat/advisor-corpus-authority' into HEAD	2026-06-22 18:40:15 +02:00
Benjamin Admin	067118b12d	fix(cascade): give OVH/gpt-oss reasoning headroom so Tier-2 isn't silently dead ... gpt-oss-120b is a reasoning model: it spends output tokens on chain-of-thought before the answer. deep_check called _call_ovh with max_tokens=400, which length-capped it mid-reasoning -> content=null -> the OVH tier returned nothing and the cascade always skipped Tier-2. Floor the OVH budget to >=2000, fall back to reasoning_content when content is null, and raise the client timeout to 90s for the slower reasoning path. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-22 17:37:48 +02:00
Benjamin Admin	b9c00574b1	docs(catalog): freeze criterion meta-model (compliance_tier axis) ... Friert das Kriterien-Meta-Modell ein: atomare getypte Kriterien mit drei Achsen (verification_method, decision_method, compliance_tier), 3-Status-Gating nur auf LEGAL_MINIMUM (ERFÜLLT/TEILWEISE/FEHLT), 3-Ebenen-Reporting und Grün/Blau/Rot-Semantik. Control-UUID bleibt stabil (kein physischer Split), Speicherung in generation_metadata jsonb (keine Schema-Änderung). Validiert am Pilot (6/6 Disagreements korrigiert, TEILWEISE empirisch bestätigt). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-22 17:37:48 +02:00
Benjamin Admin	5ff08a240b	feat(dse): tiered 3-state evaluator + Layer-3 wiring (compliance_tier) ... Getierte Auswertung mit compliance_tier-Gating (nur LEGAL_MINIMUM bestimmt ERFÜLLT/TEILWEISE/FEHLT; BEST_PRACTICE/OPTIONAL → Empfehlungen). Deterministisch- first: EMBEDDING-Präsenz + gecachter Haiku nur für Sufficiency → reproduzierbar (löst die gemessene Judge-Varianz). Layer-3 in v3_engine gated auf tiered_criteria, fail-safe (UNBESTIMMT → Legacy). Offene Kalibrierung: Präsenz-Schwelle (Schritt 2). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-22 17:37:48 +02:00
Benjamin Admin	3e3644f83d	feat(checkers): platform router + Haiku sufficiency tier; cookie is first consumer ... Generalise "Embedding finds, Claude decides" into the shared Pruefer-Library: - router.route_and_check dispatches control -> sensor_classification -> Checker. - build_spec reads sensor_classification (CONTENT/LLM -> judge=haiku, the validated sufficiency tier; the Qwen-first cascade is disproven for sufficiency). - LLMChecker gains a Haiku-direct tier (reuses the validated deep_check prompt). - Cookie Layer-3 now routes through route_and_check instead of bespoke code, so cookie is the first real router consumer -- proves the architecture end-to-end. Reproduces the validated result via the shared path: FN 159->14, recall 0.13->0.92, precision 0.89 (vs bespoke 12/0.93/0.90 -- within Haiku noise). Tests: 10/10 (router dispatch + build_spec + haiku tier + cookie rewire). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-22 17:37:48 +02:00
Benjamin Admin	e809d0bc1c	feat(cookie): Layer-3 sufficiency-judge — Haiku re-judges embedding/boost rescues ... The embedding/boost auto-rescue is intentionally optimistic (finds the topic, not fulfilment) -> 159 FN over-rescues vs Opus-GT (recall 0.13). Layer-3 re-judges exactly the rescued passes with the validated Haiku judge (cohort cookie_sufficiency_v1 P0.89/R0.91) -- NOT the Qwen-first cascade (local is disproven as a sufficiency judge) -- and un-passes them when the obligation is not concretely met. Gated to the full check (not skip_llm). Measured (5-firm Opus-GT, engine+L3): FN 159->12, recall 0.13->0.93, precision 0.96->0.90 (276 rescues corrected). "Embedding finds, Claude decides." Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-22 17:37:48 +02:00
Benjamin Admin	869e7aeb1e	fix(cookie): gate non-COOKIE_POLICY controls out of the cookie-policy scan ... The cookie agent loaded 100 controls, 11 of which have no COOKIE_POLICY in applicable_artifacts -- Security/TOM/Audit (PROCESS) or Banner-behaviour (BEHAVIOR) controls that produce nonsense findings against a cookie policy (e.g. "TOMs not documented"). Add a cookie classification gate (analogous to the DSE gate, keyed on COOKIE_POLICY, without the needs_review carve-out since the artifact signal is decisive and the set is inventory-verified). Controls are routed out, not deleted. Effect vs Opus-GT: FP 16->11, FN 179->159; the remaining FN=159 over-rescue is a separate (judge/criteria) question, not routing. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-22 17:37:48 +02:00
Benjamin Admin	33085c61b4	feat(advisor): Korpus-Autoritaet — Fakten nur aus Kontext, Konflikt-Transparenz ... Authority-/Freshness-Layer Punkte 1/2/5 im Advisor-Antwortpfad (Prompt-Ebene, kein Schema). Neue Soul-Sektion "Korpus-Autoritaet & Aktualitaet": rechtliche FAKTEN (Schwellen/Fristen/Zahlen/Pflichten) nur aus bereitgestelltem RAG-/Controls-Kontext, Trainingswissen nie als Rechtsquelle; Konflikt -> Kontext gewinnt, transparent; Co-Pilot-Ton statt Roboter-Verweigerung. Ergaenzt Quellentreue (Fundstellen) um die Fakten-Ebene -> loest den "DSB ab 10 statt 20"-Fall. route.ts: RAG-Framing als "deine EINZIGEN Rechtsquellen" verschaerft. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-21 23:18:05 +02:00
Benjamin_Boenisch	38a347a82a	feat(platform): live-wire AGB v2 + DSE v3 + Architektur-Tab (#29) ... AGB v2 (decision_method routing, 71%FP->~0) + DSE v3 (4-layer, recovered from container) + Architektur-Tab into /sdk/agent live path. Incl CI robustness (detect-changes.sh + PR-head checkout) + security (hardcoded Qdrant key removed, gitleaks allowlist). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-21 12:58:26 +00:00
Benjamin Admin	6b9c7984b4	fix(ci): regulatory_news Zeitbomben-Test entschaerfen — test-go + Deploy entsperren ... test-go failte seit 2026-06-19: VBR-OBL-001 ("Widerrufsbutton ab 19.06.2026") ist seit dem Stichtag abgelaufen und faellt aus dem Zukunfts-Horizont von GetRegulatoryNews, wodurch TestGetRegulatoryNews_FromRealFiles bricht. Fix: now-Referenz injizierbar (GetRegulatoryNewsAt), Test nutzt fixes Datum -> deterministisch. Produktions-Caller unveraendert (Wrapper). admin rag-query Marker, damit detect-changes admin mitbaut (article_label-Rendering). go vet + alle ai-sdk-Tests lokal gruen. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-21 00:51:47 +02:00
Benjamin Admin	e646091ba2	chore(deploy): ai-sdk + admin neu bauen — Legal-Zitatfelder (article_label) nach Prod-Re-Ingest aktiv ... Triggert CI + detect-changes fuer ai-compliance-sdk + admin-compliance, nachdem der vorige Deploy am last-build/main Tag-Bug haengenblieb (Builds uebersprungen). Nur Doku-Kommentare, Logik unveraendert. Daten-Merge (Qdrant) ist bereits live. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-21 00:15:48 +02:00
Benjamin Admin	069b855b49	ci: re-trigger deploy — last-build/main tag-bug uebersprang ai-sdk/admin builds (Daten-Merge bereits live)	2026-06-20 21:30:53 +02:00
Benjamin Admin	01af9b56a6	Merge branch 'main' of ssh://gitea.meghsakha.com:22222/Benjamin_Boenisch/breakpilot-compliance	2026-06-20 20:58:33 +02:00
Benjamin Admin	017c9b3c12	feat(advisor): Legal-RAG Zitier-Metadaten — ai-sdk + Advisor/Drafting lesen article_label ... ai-sdk (legal_rag_client/scroll/types) liest die gepinnten Spec-Felder article_label/regulation_code/article/paragraph/sub/citation_style/is_recital mit Fallback auf alt-ingestierte Chunks (regulation_id, section); neuer getBool-Helfer. Advisor + Drafting-Engine bilden die Quellenzeile primaer aus article_label ("BDSG § 38 Abs. 1"), sonst aus den strukturierten Feldern. 17 Tests gruen, tsc sauber. Vertrag: docs-src/development/rag_reingest_spec.md (§2/§7). Deploy an den Re-Ingest gekoppelt — neue Felder sind bis dahin leer (graceful Fallback). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-20 14:34:15 +02:00
Benjamin Admin	76d1dc5e00	fix(db): dedupe doc_check_controls 3x + unique constraint ... compliance.doc_check_controls war auf prod historisch trippliziert (Dump-Artefakt ohne PK/Unique: jede (doc_type, control_id)-Zeile 3x, 5622 statt 1874 ueber alle 8 doc_types). Die Migration dedupt idempotent (kleinste ctid behalten) und setzt UNIQUE(doc_type, control_id), damit sich die Triplikation nicht wiederholen kann. Auf prod bereits direkt angewandt und in _migration_history registriert (read-only verifiziert: 1874, alle doc_types total=distinct, Constraint aktiv); dieser Commit codifiziert die Migration in der Deploy-Kette, damit ein Restore aus einem aelteren Dump sie automatisch re-appliziert. [migration-approved] Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-20 14:25:03 +02:00