Benjamin Admin
f534b52817
Add cmd/iace-audit CLI with 5 deterministic methods that find engine gaps without ground truth: - A reachability: 1058 patterns vs achievable tag universe - B consistency: components vs their declared hazard categories - C vocabulary: limits-form tokens vs keyword dictionary - D echo: limits-form sentences vs generated hazards (jaccard) - E hierarchy: hazards vs ISO 12100 design/protection/info levels Library fixes triggered by A+B+C findings: - tag_resolver: synonym map for electrical/pneumatic/hydraulic aliases - component_library: crush_point + EN03 (gravitational) on C014/C128 (Hubwerk family) - fixes HP1014/1015/1017/1018 which were silently weakly_reachable. noise_source added on 7 components (C006/C011/ C017/C020/C031/C041/C096). electrical_part on 8 drive components (C031/C032/C033/C034/C035/C036/C037/C038/C077/C092). cyber tag on 10 sensors (C081-C090) + 3 IT components (C111/C112/C116) + KI module C119 (ai_model added). pneumatic_part+hydraulic_part on valves C091/C093, hydraulic_part+chemical_risk on pump C097, moving_part on motion controller C075 - keyword_dictionary: EN03 added to aufzug/lift/hubwerk/hubgeraet (was wrongly EN04-only). New keyword entries for hub-action verbs: absenken/senken/anheben/heben + hubhoehe/hubweg/hubgeschwindig Audit impact: - A: weakly_reachable 409 -> 358 (-51 patterns now fully reachable) - B: incomplete components 46 -> 30 (-16, -33%) - HP1018 (Person unter absenkendem Maschinenteil eingeklemmt): weakly_reachable -> reachable Why: methods A/B/C surfaced that the Kistenhubgeraet test project generated 0 crush-under-load hazards despite OSHA 1910.212(a)(3) + EN ISO 12100 6.3.5.5 explicitly requiring them. Three orthogonal bugs (missing crush_point tag, wrong energy source mapping, missing action verbs in dictionary) silently disabled the entire lift crush pattern family.
ai-compliance-sdk
Go/Gin service providing AI-Act compliance analysis: iACE impact assessments, UCCA rules engine, hazard library, training/academy, audit, escalation, portfolio, RBAC, RAG, whistleblower, workshop.
Port: 8090 → exposed 8093 (container: bp-compliance-ai-sdk)
Stack: Go 1.24, Gin, pgx, Postgres.
Architecture
Clean-arch refactor is complete:
cmd/server/main.go # Thin entrypoint, 7 LOC — wiring in internal/app/
internal/
├── app/
│ ├── app.go # Server initialization + lifecycle
│ └── routes.go # Route registration
├── api/handlers/ # 8 sub-resource handler files:
│ │ # iace_handler_projects, hazards, mitigations,
│ │ # techfile, monitoring, refdata, rag, components
├── iace/ # Store split into 7 files:
│ │ # store_projects, components, hazards,
│ │ # hazard_library, mitigations, evidence, audit
│ └── hazard_library/ # Split into 10 category files
└── ...
See ../AGENTS.go.md for the full convention.
Linting (Phase 5): .golangci.yml added — run golangci-lint run --timeout 5m ./....
Run locally
cd ai-compliance-sdk
go mod download
export COMPLIANCE_DATABASE_URL=...
go run ./cmd/server
Tests
go test -race -cover ./...
golangci-lint run --timeout 5m ./...
Co-located *_test.go, table-driven. Repo layer uses testcontainers-go (or the compose Postgres) — no SQL mocks.
Public API surface
Handlers under internal/api/handlers/ (8 sub-resource files). Health at GET /health. iACE, UCCA, training, academy, portfolio, escalation, audit, rag, whistleblower, workshop subresources. Every route is a contract.
Environment
| Var | Purpose |
|---|---|
COMPLIANCE_DATABASE_URL |
Postgres DSN |
LLM_GATEWAY_URL |
LLM router for rag/iACE |
QDRANT_URL |
Vector search |
Don't touch
DB schema. Hand-rolled migrations elsewhere own it.