Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
07916df3307bcf1ef3bb9668127adf548585e8d7
breakpilot-compliance/ai-compliance-sdk
T
History
Benjamin Admin 07916df330
CI / detect-changes (pull_request) Successful in 12s
Details
CI / branch-name (pull_request) Successful in 2s
Details
CI / guardrail-integrity (pull_request) Successful in 9s
Details
CI / secret-scan (pull_request) Successful in 9s
Details
CI / dep-audit (pull_request) Failing after 57s
Details
CI / sbom-scan (pull_request) Failing after 58s
Details
CI / build-sha-integrity (pull_request) Successful in 5s
Details
CI / validate-canonical-controls (pull_request) Successful in 5s
Details
CI / loc-budget (pull_request) Successful in 19s
Details
CI / go-lint (pull_request) Successful in 40s
Details
CI / python-lint (pull_request) Failing after 14s
Details
CI / nodejs-lint (pull_request) Failing after 1m8s
Details
CI / nodejs-build (pull_request) Successful in 3m1s
Details
CI / test-go (pull_request) Successful in 1m0s
Details
CI / iace-gt-coverage (pull_request) Successful in 17s
Details
CI / test-python-backend (pull_request) Successful in 23s
Details
CI / test-python-document-crawler (pull_request) Successful in 15s
Details
CI / test-python-dsms-gateway (pull_request) Successful in 13s
Details
feat(ai-sdk): ePrivacy/cookie topic — §25 TDDDG co-primary for cookie questions 
The TDDDG (ex-TTDSG) pilot revealed §25 TDDDG (terminal-equipment / cookie consent)
ranked #3 on a cookie query — the subsidiarity rule demoted it as DE law subsidiary
to the DSGVO, but TDDDG is lex specialis (ePrivacy) for cookies.

Topic-based fix (NOT blanket TDDDG > DSGVO):
- cookie/ePrivacy topic (cookie/endeinrichtung/endgeraet/tracking -> §25 TDDDG) so it is
  co-primary (topic-matched -> topicGain, no subsidiarity demote).
- TDDDG/TTDSG added to the data_protection domain (chunkDomain recognition).
- cookie-specific keywords (NOT bare 'Einwilligung') so a general consent question still
  resolves to Art. 7 DSGVO.

Acceptance on the DSGVO+BDSG+TDDDG build: cookie -> §25 TDDDG top-1; Rechtsgrundlage -> DSGVO;
DSB -> Art.37+§38 BDSG (not TDDDG); degraded=0, must_not=0. go build/vet/test green; 2 new table tests.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-27 07:19:00 +02:00
..
cmd
feat(ai-sdk): coverage blind-spot proposer (P2 slice 6, type 4)
2026-06-26 10:27:01 +02:00
data
fix(ucca): CM-7 repo_scan is required evidence for attack_surface_minimization
2026-06-26 09:42:12 +02:00
docs
chore: remove all gitea remote references; single origin push only
2026-04-19 16:16:12 +02:00
internal
feat(ai-sdk): ePrivacy/cookie topic — §25 TDDDG co-primary for cookie questions
2026-06-27 07:19:00 +02:00
migrations
feat(iace): cross-domain precision overhaul + component review + schema reconcile
2026-06-10 17:15:55 +02:00
payment-compliance-pack
feat: Payment Compliance Pack — Semgrep + CodeQL + State Machine + Schema
2026-04-13 14:59:49 +02:00
policies
feat: Regulatory News Dashboard — proaktive Compliance-Alerts
2026-04-25 17:43:19 +02:00
scripts
feat(cra): SBOM- + DAST-Findings aus dem Scanner-MCP konsumieren
2026-06-18 12:05:05 +02:00
.golangci.yml
ci(go-lint): golangci-lint v1.64.8 (go1.24) + new-from-merge-base (#32)
2026-06-23 10:58:48 +00:00
Dockerfile
ci: re-trigger ai-sdk build (transient registry 502 + last-build tag-bug)
2026-06-27 06:43:30 +02:00
go.mod
feat(iace): VDA-Format FMEA Excel Export
2026-05-12 09:45:18 +02:00
go.sum
feat(iace): VDA-Format FMEA Excel Export
2026-05-12 09:45:18 +02:00
README.md
docs: update service READMEs for refactor progress and stale phase references
2026-04-19 16:07:23 +02:00

README.md

ai-compliance-sdk

Go/Gin service providing AI-Act compliance analysis: iACE impact assessments, UCCA rules engine, hazard library, training/academy, audit, escalation, portfolio, RBAC, RAG, whistleblower, workshop.

Port: 8090 → exposed 8093 (container: bp-compliance-ai-sdk) Stack: Go 1.24, Gin, pgx, Postgres.

Architecture

Clean-arch refactor is complete:

cmd/server/main.go              # Thin entrypoint, 7 LOC — wiring in internal/app/
internal/
├── app/
│   ├── app.go                  # Server initialization + lifecycle
│   └── routes.go               # Route registration
├── api/handlers/               # 8 sub-resource handler files:
│   │                           #   iace_handler_projects, hazards, mitigations,
│   │                           #   techfile, monitoring, refdata, rag, components
├── iace/                       # Store split into 7 files:
│   │                           #   store_projects, components, hazards,
│   │                           #   hazard_library, mitigations, evidence, audit
│   └── hazard_library/         # Split into 10 category files
└── ...

See ../AGENTS.go.md for the full convention.

Linting (Phase 5): .golangci.yml added — run golangci-lint run --timeout 5m ./....

Run locally

cd ai-compliance-sdk
go mod download
export COMPLIANCE_DATABASE_URL=...
go run ./cmd/server

Tests

go test -race -cover ./...
golangci-lint run --timeout 5m ./...

Co-located *_test.go, table-driven. Repo layer uses testcontainers-go (or the compose Postgres) — no SQL mocks.

Public API surface

Handlers under internal/api/handlers/ (8 sub-resource files). Health at GET /health. iACE, UCCA, training, academy, portfolio, escalation, audit, rag, whistleblower, workshop subresources. Every route is a contract.

Environment

Var Purpose
COMPLIANCE_DATABASE_URL Postgres DSN
LLM_GATEWAY_URL LLM router for rag/iACE
QDRANT_URL Vector search

Don't touch

DB schema. Hand-rolled migrations elsewhere own it.

Reference in New Issue View Git Blame Copy Permalink