Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
06bfbd1dca1f7cf8d948bd3f7fb8a770af1fac5e
breakpilot-compliance/ai-compliance-sdk/internal/usecase/models.go
T
Benjamin Admin 06bfbd1dca
Build + Deploy / build-admin-compliance (push) Successful in 2m46s
Details
Build + Deploy / build-backend-compliance (push) Successful in 26s
Details
Build + Deploy / build-ai-sdk (push) Successful in 52s
Details
Build + Deploy / build-developer-portal (push) Successful in 22s
Details
Build + Deploy / build-tts (push) Successful in 16s
Details
Build + Deploy / build-document-crawler (push) Successful in 12s
Details
Build + Deploy / build-dsms-gateway (push) Successful in 20s
Details
Build + Deploy / build-dsms-node (push) Successful in 16s
Details
CI / branch-name (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / loc-budget (push) Failing after 18s
Details
CI / secret-scan (push) Has been skipped
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / nodejs-build (push) Successful in 3m16s
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / test-go (push) Successful in 1m0s
Details
CI / test-python-backend (push) Successful in 41s
Details
CI / test-python-document-crawler (push) Successful in 29s
Details
CI / test-python-dsms-gateway (push) Successful in 23s
Details
CI / validate-canonical-controls (push) Successful in 16s
Details
Build + Deploy / trigger-orca (push) Successful in 2m36s
Details
feat(use-case-compiler): MC-based compliance questionnaires with scoring 
Implements the Use-Case Compiler that turns Master Controls into
interactive compliance audits. 5 templates (Vendor Check, SAST/DAST,
DSGVO, NIS2, CRA), deterministic + LLM question generation, scoring
engine with regulation/severity breakdown, and gap detection.

- Backend: 9 API endpoints, 22 unit tests (all pass)
- Frontend: Template selector, questionnaire, result dashboard
- Migration 027: usecase_audits + usecase_answers tables

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-12 13:49:16 +02:00

147 lines
5.7 KiB
Go
Raw Blame History

// Package usecase implements the Use-Case Compiler that turns
// Master Controls into interactive compliance questionnaires.
package usecase
import (
"time"
"github.com/google/uuid"
)
// ── Use-Case Template ──────────────────────────────────────────────
// Template defines a reusable compliance audit blueprint.
type Template struct {
ID string `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
MCFilters []string `json:"mc_filters"`
Regulations []string `json:"regulations"`
Questions []Question `json:"questions,omitempty"`
}
// ── Question ───────────────────────────────────────────────────────
// Question is a single compliance check derived from a Master Control.
type Question struct {
ID string `json:"id"`
MCID string `json:"mc_id"`
MCName string `json:"mc_name"`
Text string `json:"question"`
QuestionType string `json:"question_type"`
EvidenceRequired bool `json:"evidence_required"`
PassCriteria []string `json:"pass_criteria"`
FailCriteria []string `json:"fail_criteria"`
Severity string `json:"severity"`
Regulation string `json:"regulation"`
DependsOn string `json:"depends_on,omitempty"`
}
// ── Audit ──────────────────────────────────────────────────────────
// AuditStatus enumerates the lifecycle of an audit.
type AuditStatus string
const (
StatusDraft AuditStatus = "draft"
StatusInProgress AuditStatus = "in_progress"
StatusCompleted AuditStatus = "completed"
)
// Audit is a running or completed compliance questionnaire.
type Audit struct {
ID uuid.UUID `json:"id"`
TenantID uuid.UUID `json:"tenant_id"`
TemplateID string `json:"template_id"`
Name string `json:"name"`
TargetName string `json:"target_name,omitempty"`
Status AuditStatus `json:"status"`
TotalQuestions int `json:"total_questions"`
AnsweredQuestions int `json:"answered_questions"`
ComplianceScore float64 `json:"compliance_score"`
Questions []Question `json:"questions"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
CompletedAt *time.Time `json:"completed_at,omitempty"`
}
// ── Answer ─────────────────────────────────────────────────────────
// AnswerStatus enumerates how a question was handled.
type AnswerStatus string
const (
AnswerStatusAnswered AnswerStatus = "answered"
AnswerStatusSkipped AnswerStatus = "skipped"
AnswerStatusEscalated AnswerStatus = "escalated"
)
// Answer stores a user's response to a single question.
type Answer struct {
ID uuid.UUID `json:"id"`
AuditID uuid.UUID `json:"audit_id"`
QuestionID string `json:"question_id"`
MCID string `json:"mc_id,omitempty"`
Value interface{} `json:"value"`
Comment string `json:"comment,omitempty"`
EvidenceIDs []string `json:"evidence_ids"`
Status AnswerStatus `json:"status"`
AnsweredAt time.Time `json:"answered_at"`
}
// AnswerInput is the request payload for answering a question.
type AnswerInput struct {
QuestionID string `json:"question_id" binding:"required"`
Value interface{} `json:"value" binding:"required"`
Comment string `json:"comment"`
EvidenceIDs []string `json:"evidence_ids"`
Status string `json:"status"`
}
// ── Scoring ────────────────────────────────────────────────────────
// ScoreResult is the compliance summary for an audit.
type ScoreResult struct {
AuditID uuid.UUID `json:"audit_id"`
TotalQuestions int `json:"total_questions"`
Answered int `json:"answered"`
Passed int `json:"passed"`
Failed int `json:"failed"`
Skipped int `json:"skipped"`
ComplianceScore float64 `json:"compliance_score"`
ByRegulation map[string]RegulationScore `json:"by_regulation"`
BySeverity map[string]SeverityScore `json:"by_severity"`
}
// RegulationScore breaks down results per regulation.
type RegulationScore struct {
Total int `json:"total"`
Passed int `json:"passed"`
Score float64 `json:"score"`
}
// SeverityScore breaks down results per severity.
type SeverityScore struct {
Total int `json:"total"`
Passed int `json:"passed"`
Failed int `json:"failed"`
}
// ── Gap Detection ──────────────────────────────────────────────────
// MissingSource describes a regulation not yet covered by MCs.
type MissingSource struct {
Regulation string `json:"regulation"`
AffectsMCs []string `json:"affects_mcs"`
EstimatedGap int `json:"estimated_controls"`
SourceURL string `json:"source_url,omitempty"`
Priority string `json:"priority"`
}
// CreateAuditInput is the request to start a new audit.
type CreateAuditInput struct {
TemplateID string `json:"template_id" binding:"required"`
Name string `json:"name" binding:"required"`
TargetName string `json:"target_name"`
}
Reference in New Issue View Git Blame Copy Permalink