Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
breakpilot-compliance/backend-compliance/migrations/119_compliance_cra_projects.sql
T
Benjamin Admin 1cf5de1d45 feat(cra): CRA Compliance module Phase 1+2+3 (intake, scope, path, requirements, backlog, sbom, checks) 
Phase 1 — Intake + Scope + Path:
- Migration 119: compliance_cra_projects table (intake + classification + path + status state machine)
- Backend service cra_routes.py: CRUD + scope-check + path-select
- Deterministic Annex III/IV classifier (verbatim mapping from migration 059 wiki)
- Path validation per classification (CRITICAL → notified_body mandatory)
- Frontend: project list, dashboard, 3-step wizard (intake/scope/path)
- Sidebar entry under "CRA Compliance" (red)

Phase 2 — Annex I Requirements + Priorisierungs-Backlog:
- cra_annex_i_data.py: 40 Annex-I requirements (8 categories), 9 measures (M540-M548), 3 CRA deadlines
- Endpoints: /requirements (40 items), /backlog (priority-sorted with deadline pressure)
- Frontend: requirements table with filters + expandable details, backlog with deadline banner + score-ranked table
- Dashboard KPI cards (Critical count, days to CE deadline, etc.) + top-10 backlog snippet

Phase 3 — SBOM Upload + Automated Checks:
- Migration 120: compliance_cra_sboms (versioned uploads, CycloneDX + SPDX)
- SBOM endpoints: POST /sbom/upload (format detection, summary extraction), GET /sboms
- Checks reuse compliance_evidence_checks: init creates 6 default CRA checks, run executes
- Real implementations: cra_security_txt (HTTP + Contact: line) and cra_tls_cert_check (TLS handshake)
- Frontend: SBOM file upload + version list, Checks page with per-check URL input + Run button

Backend-Reuse: gap_projects (intake pre-population), compliance_evidence_checks/_check_results.
Tenant scoping via existing X-Tenant-ID header pattern.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 17:56:52 +02:00

45 lines
1.8 KiB
SQL
Raw Permalink Blame History

-- Migration 119: CRA Compliance Projects
-- Tracks per-product CRA conformity assessment lifecycle.
-- Status state machine (validated as whitelist, no transition enforcement):
-- draft -> scoped -> classified -> path_selected -> requirements_mapped ->
-- evidence_pending -> gaps_open -> remediation -> ready_for_review ->
-- declaration_ready -> post_market
-- Tenant scoping via X-Tenant-ID header (validated UUID).
CREATE TABLE IF NOT EXISTS compliance_cra_projects (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
tenant_id VARCHAR(255) NOT NULL,
name VARCHAR(500) NOT NULL,
description TEXT DEFAULT '',
gap_project_id UUID,
-- Intake (Software-fokussiert, NICHT Hardware)
repo_url VARCHAR(1000),
primary_language VARCHAR(50),
has_firmware BOOLEAN DEFAULT false,
connected_to_internet BOOLEAN DEFAULT false,
has_software_updates BOOLEAN DEFAULT false,
processes_personal_data BOOLEAN DEFAULT false,
is_critical_infra_supplier BOOLEAN DEFAULT false,
intended_use TEXT DEFAULT '',
-- Scope
cra_classification VARCHAR(20),
classification_rationale JSONB DEFAULT '[]'::jsonb,
-- Path
conformity_path VARCHAR(30),
-- Status (whitelist)
status VARCHAR(40) NOT NULL DEFAULT 'draft',
-- Audit
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE INDEX IF NOT EXISTS idx_cra_projects_tenant ON compliance_cra_projects(tenant_id);
CREATE INDEX IF NOT EXISTS idx_cra_projects_status ON compliance_cra_projects(tenant_id, status);
CREATE INDEX IF NOT EXISTS idx_cra_projects_class ON compliance_cra_projects(cra_classification);
CREATE INDEX IF NOT EXISTS idx_cra_projects_gap_link ON compliance_cra_projects(gap_project_id) WHERE gap_project_id IS NOT NULL;
Reference in New Issue View Git Blame Copy Permalink