Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(ai-sdk): classify NIST/OWASP/Grundschutz as technical_standard #37

Merged
Benjamin_Boenisch merged 1 commits from feat/technical-standard-class into main 2026-06-24 10:15:17 +00:00
Conversation 0 Commits 1 Files Changed 4
+36 -6
Benjamin_Boenisch commented 2026-06-24 10:11:09 +00:00
Owner
Copy Link
Copy Source

Discovery: NIST is already in dev ce but was classified supervisory_guidance (NIST sat in guidanceMarkers), so the control-intent lift (#36) could not surface it. Adds a technical_standard class + makes the intent-lift path classify via classifyAuthority (not raw payload) so the untagged legacy NIST corpus is recognized + lifted on control questions. Enables Schritt 4 (Control-Gate) without re-ingesting NIST.

Discovery: NIST is already in dev ce but was classified supervisory_guidance (NIST sat in guidanceMarkers), so the control-intent lift (#36) could not surface it. Adds a technical_standard class + makes the intent-lift path classify via classifyAuthority (not raw payload) so the untagged legacy NIST corpus is recognized + lifted on control questions. Enables Schritt 4 (Control-Gate) without re-ingesting NIST.
Benjamin_Boenisch added 1 commit 2026-06-24 10:11:09 +00:00
feat(ai-sdk): classify technical standards (NIST/OWASP/Grundschutz) as technical_standard
CI / detect-changes (pull_request) Successful in 5s
Details
CI / branch-name (pull_request) Successful in 1s
Details
CI / guardrail-integrity (pull_request) Successful in 4s
Details
CI / secret-scan (pull_request) Successful in 6s
Details
CI / dep-audit (pull_request) Failing after 55s
Details
CI / sbom-scan (pull_request) Failing after 58s
Details
CI / build-sha-integrity (pull_request) Successful in 6s
Details
CI / validate-canonical-controls (pull_request) Successful in 4s
Details
CI / loc-budget (pull_request) Successful in 18s
Details
CI / go-lint (pull_request) Successful in 41s
Details
CI / python-lint (pull_request) Failing after 13s
Details
CI / nodejs-lint (pull_request) Failing after 1m4s
Details
CI / nodejs-build (pull_request) Successful in 3m0s
Details
CI / test-go (pull_request) Successful in 58s
Details
CI / iace-gt-coverage (pull_request) Successful in 14s
Details
CI / test-python-backend (pull_request) Successful in 25s
Details
CI / test-python-document-crawler (pull_request) Successful in 13s
Details
CI / test-python-dsms-gateway (pull_request) Successful in 10s
Details
90e0a57799 
The existing NIST corpus (SP 800-82r3 etc., ingested before source_class tagging)
was classified supervisory_guidance because "NIST" sat in guidanceMarkers, so the
control-intent lift (#36) could never surface it. Add a technical_standard class:

- authority.go: new standardMarkers (NIST/OWASP/Grundschutz/ISO 27001/CSA CCM/CIS),
  checked before guidanceMarkers (so "BSI Grundschutz" -> standard, not BSI guidance);
  move NIST out of guidanceMarkers; sourceClassFromWeight maps weight 80 -> standard.
- authority_rerank.go: the intent-lift path (liftAboveBinding + bestBindingSemantic)
  now classifies via classifyAuthority instead of trusting the raw payload source_class,
  so the untagged legacy corpus is recognized — untagged NIST is now lifted on a
  control question ("Welche Controls passen zu Security Updates?").

Tested: classifier cases for NIST/Grundschutz/weight-80, and an untagged-NIST lift case.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Benjamin_Boenisch merged commit df7966656a into main 2026-06-24 10:15:17 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
config
Env vars, secrets management, startup validation
 data-integrity
Transactions, indexes, pagination
 frontend
Next.js, client-side concerns
 observability
Logging, audit trails, health checks
 reliability
Error handling, retries, circuit breakers
 security
Auth, secrets, injection, tenant isolation
 severity: critical
System-level risk, data breach or full outage
 severity: high
Significant risk, must fix before go-live
 severity: medium
Important but not blocking go-live
 testing
Test coverage, integration tests
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
sharang (Sharang Parnerkar) Benjamin_Boenisch
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Benjamin_Boenisch/breakpilot-compliance#37
Delete Branch "feat/technical-standard-class"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?