Benjamin_Boenisch/breakpilot-compliance

Fork 0

Files

T

History

Benjamin Admin 623d80b6c8

CI / detect-changes (pull_request) Successful in 11s

Details

CI / branch-name (pull_request) Successful in 2s

Details

CI / guardrail-integrity (pull_request) Successful in 9s

Details

CI / secret-scan (pull_request) Successful in 11s

Details

CI / dep-audit (pull_request) Failing after 54s

Details

CI / sbom-scan (pull_request) Failing after 59s

Details

CI / build-sha-integrity (pull_request) Successful in 8s

Details

CI / validate-canonical-controls (pull_request) Successful in 8s

Details

CI / loc-budget (pull_request) Successful in 23s

Details

CI / go-lint (pull_request) Successful in 57s

Details

CI / python-lint (pull_request) Failing after 16s

Details

CI / nodejs-lint (pull_request) Failing after 1m11s

Details

CI / nodejs-build (pull_request) Successful in 3m4s

Details

CI / test-go (pull_request) Successful in 1m1s

Details

CI / iace-gt-coverage (pull_request) Successful in 18s

Details

CI / test-python-backend (pull_request) Successful in 25s

Details

CI / test-python-document-crawler (pull_request) Successful in 14s

Details

CI / test-python-dsms-gateway (pull_request) Successful in 12s

Details

fix(ai-sdk): national-law subsidiarity in authority rerank (DSGVO > BDSG for general questions)

The authority reranker (wired in legal_rag_client.go:168) had no national-subsidiarity
dimension, so a general BDSG paragraph could outrank the primary DSGVO article. Surfaced by
the KB-2026.1 BDSG pilot (dp_05/08/11 + cr_07).

- authorityScore: DE binding_law in an EU-primary domain WITHOUT a co-primary topic match
  -> soft demote (subsidiarityPen 0.18), not exclusion. National special rules stay
  co-primary via the topic ontology (DSB Art.37+§38, special categories Art.9+§22, ...).
- queryDomain: fall back to a regulation-name mention (DSGVO/BDSG/CRA) so a question phrased
  around the act is domain-scoped even without a topical keyword (fixes cr_07: BDSG Teil-3 §64).
- data_protection keyword stem 'auftragsverarbeit' (catches Auftragsverarbeitungsvertrag).

Pure ranking logic, no data manipulation; soft demotes keep national rules visible.
Build result (DSGVO+BDSG): degraded=0, must_not=0. go build/vet/test ./... green; 6 new table tests.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-26 21:28:12 +02:00

cmd

fix(ci): unblock deploy on main — test-go vet, loc-budget, build-sha

2026-06-10 14:17:27 +02:00

data

fix(ucca): CM-7 repo_scan is required evidence for attack_surface_minimization

2026-06-26 09:42:12 +02:00

docs

chore: remove all gitea remote references; single origin push only

2026-04-19 16:16:12 +02:00

internal

fix(ai-sdk): national-law subsidiarity in authority rerank (DSGVO > BDSG for general questions)

2026-06-26 21:28:12 +02:00

migrations

feat(iace): cross-domain precision overhaul + component review + schema reconcile

2026-06-10 17:15:55 +02:00

payment-compliance-pack

feat: Payment Compliance Pack — Semgrep + CodeQL + State Machine + Schema

2026-04-13 14:59:49 +02:00

policies

feat: Regulatory News Dashboard — proaktive Compliance-Alerts

2026-04-25 17:43:19 +02:00

scripts

feat(cra): SBOM- + DAST-Findings aus dem Scanner-MCP konsumieren

2026-06-18 12:05:05 +02:00

.golangci.yml

ci(go-lint): golangci-lint v1.64.8 (go1.24) + new-from-merge-base (#32 )

2026-06-23 10:58:48 +00:00

Dockerfile

ci(compliance): re-trigger scoped ai-sdk build + doc synced join-keys copy

2026-06-26 01:00:53 +02:00

go.mod

feat(iace): VDA-Format FMEA Excel Export

2026-05-12 09:45:18 +02:00

go.sum

feat(iace): VDA-Format FMEA Excel Export

2026-05-12 09:45:18 +02:00

README.md

docs: update service READMEs for refactor progress and stale phase references

2026-04-19 16:07:23 +02:00

README.md

ai-compliance-sdk

Go/Gin service providing AI-Act compliance analysis: iACE impact assessments, UCCA rules engine, hazard library, training/academy, audit, escalation, portfolio, RBAC, RAG, whistleblower, workshop.

Port: 8090 → exposed 8093 (container: bp-compliance-ai-sdk) Stack: Go 1.24, Gin, pgx, Postgres.

Architecture

Clean-arch refactor is complete:

cmd/server/main.go              # Thin entrypoint, 7 LOC — wiring in internal/app/
internal/
├── app/
│   ├── app.go                  # Server initialization + lifecycle
│   └── routes.go               # Route registration
├── api/handlers/               # 8 sub-resource handler files:
│   │                           #   iace_handler_projects, hazards, mitigations,
│   │                           #   techfile, monitoring, refdata, rag, components
├── iace/                       # Store split into 7 files:
│   │                           #   store_projects, components, hazards,
│   │                           #   hazard_library, mitigations, evidence, audit
│   └── hazard_library/         # Split into 10 category files
└── ...

See ../AGENTS.go.md for the full convention.

Linting (Phase 5): .golangci.yml added — run golangci-lint run --timeout 5m ./....

Run locally

cd ai-compliance-sdk
go mod download
export COMPLIANCE_DATABASE_URL=...
go run ./cmd/server

Tests

go test -race -cover ./...
golangci-lint run --timeout 5m ./...

Co-located *_test.go, table-driven. Repo layer uses testcontainers-go (or the compose Postgres) — no SQL mocks.

Public API surface

Handlers under internal/api/handlers/ (8 sub-resource files). Health at GET /health. iACE, UCCA, training, academy, portfolio, escalation, audit, rag, whistleblower, workshop subresources. Every route is a contract.

Environment

Var	Purpose
`COMPLIANCE_DATABASE_URL`	Postgres DSN
`LLM_GATEWAY_URL`	LLM router for rag/iACE
`QDRANT_URL`	Vector search

Don't touch

DB schema. Hand-rolled migrations elsewhere own it.