Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
32ba8d16b1491f319259d26e80259f5e1bfc4a4e
breakpilot-compliance/ai-compliance-sdk/internal/app/app.go
T
Benjamin Admin afb3f83f30 feat(iace): cross-domain precision overhaul + component review + schema reconcile 
Engine precision (stop foreign-machine patterns leaking into a project):
- Wire project.MachineType into the engine machine-type gate (empty input no
  longer fires every machine class — press/cnc/excavator/crane/medical...).
- Capability-domain gating extended by 7 domains (outdoor, ventilation,
  machining, bulk, palletizer, playground, fitness) so domain-specific hazards
  only fire when the narrative names that domain; emitted via keyword_dictionary.
- Relevance backstop moved into iace (single gating contract, testable), and its
  dominant false-anchor class removed (a long pattern word no longer matches a
  short common token; prepositions/leitung added to the generic stoplist).
- New guard tests: TestCrossDomainPrecision (full pipeline, 0 foreign per GT) and
  TestPatternReachability now asserts 0 dead patterns. Both GTs keep coverage 1.0.

Reachability fix: the 51 dead patterns required electrical/pneumatic/hydraulic
tags nothing produced — renamed to the canonical electrical_energy/
pneumatic_pressure/hydraulic_pressure/hydraulic_part.

Component review (negation is best-effort + expert-correctable):
- Parser surfaces negated components (ComponentMatch.Negated) instead of dropping
  them; negated contribute no tags/energy → no phantom hazards.
- presence_status (vorhanden|nicht_vorhanden|geloescht) + ce_marked on components;
  only `vorhanden` feed matching. CE+safety-relevant flags the PL/SIL obligation.
- Force re-seed preserves the expert's component decisions instead of wiping them.
- Tag-based component→hazard assignment (was: all on the first component).
- Negation-aware narrative parsing ("keine Pneumatik" no longer extracts it).

Local-dev DB: ai-sdk sets search_path=compliance,core,public; reconcile migrations
152-156 bring the consolidated local iace tables to the current schema + add the
presence_status/ce_marked columns. Machine-type vocabulary endpoint for the form.

[migration-approved]

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-10 17:15:55 +02:00

208 lines
7.9 KiB
Go
Raw Blame History

package app
import (
"context"
"log"
"net/http"
"os"
"os/signal"
"syscall"
"time"
"github.com/breakpilot/ai-compliance-sdk/internal/academy"
"github.com/breakpilot/ai-compliance-sdk/internal/api/handlers"
"github.com/breakpilot/ai-compliance-sdk/internal/audit"
"github.com/breakpilot/ai-compliance-sdk/internal/config"
"github.com/breakpilot/ai-compliance-sdk/internal/iace"
"github.com/breakpilot/ai-compliance-sdk/internal/llm"
"github.com/breakpilot/ai-compliance-sdk/internal/maximizer"
"github.com/breakpilot/ai-compliance-sdk/internal/portfolio"
"github.com/breakpilot/ai-compliance-sdk/internal/rbac"
"github.com/breakpilot/ai-compliance-sdk/internal/roadmap"
"github.com/breakpilot/ai-compliance-sdk/internal/training"
"github.com/breakpilot/ai-compliance-sdk/internal/ucca"
"github.com/breakpilot/ai-compliance-sdk/internal/whistleblower"
"github.com/breakpilot/ai-compliance-sdk/internal/workshop"
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
"github.com/jackc/pgx/v5/pgxpool"
)
// Run initializes and starts the AI Compliance SDK server.
func Run() {
cfg, err := config.Load()
if err != nil {
log.Fatalf("Failed to load configuration: %v", err)
}
if cfg.IsProduction() {
gin.SetMode(gin.ReleaseMode)
}
ctx := context.Background()
poolCfg, err := pgxpool.ParseConfig(cfg.DatabaseURL)
if err != nil {
log.Fatalf("Failed to parse database URL: %v", err)
}
// The iace/compliance tables live in the `compliance` schema (see CLAUDE.md:
// "DB search_path: compliance,core,public"). Set it explicitly so the
// connection does not silently resolve to `public` (an empty/legacy schema)
// when the URL carries no search_path — as happened on the local dev DB.
// Only set when not already specified in the URL, so prod stays untouched.
if poolCfg.ConnConfig.RuntimeParams == nil {
poolCfg.ConnConfig.RuntimeParams = map[string]string{}
}
if poolCfg.ConnConfig.RuntimeParams["search_path"] == "" {
searchPath := os.Getenv("DB_SEARCH_PATH")
if searchPath == "" {
searchPath = "compliance,core,public"
}
poolCfg.ConnConfig.RuntimeParams["search_path"] = searchPath
}
pool, err := pgxpool.NewWithConfig(ctx, poolCfg)
if err != nil {
log.Fatalf("Failed to connect to database: %v", err)
}
defer pool.Close()
if err := pool.Ping(ctx); err != nil {
log.Fatalf("Failed to ping database: %v", err)
}
log.Println("Connected to database")
router := buildRouter(cfg, pool)
srv := &http.Server{
Addr: ":" + cfg.Port,
Handler: router,
ReadTimeout: 30 * time.Second,
WriteTimeout: 5 * time.Minute,
IdleTimeout: 60 * time.Second,
}
go func() {
log.Printf("AI Compliance SDK starting on port %s", cfg.Port)
log.Printf("Environment: %s", cfg.Environment)
log.Printf("Primary LLM Provider: %s", cfg.LLMProvider)
log.Printf("Fallback LLM Provider: %s", cfg.LLMFallbackProvider)
if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
log.Fatalf("Server failed: %v", err)
}
}()
quit := make(chan os.Signal, 1)
signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM)
<-quit
log.Println("Shutting down server...")
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
if err := srv.Shutdown(ctx); err != nil {
log.Fatalf("Server forced to shutdown: %v", err)
}
log.Println("Server exited")
}
// buildRouter wires all stores, services, and handlers onto a new Gin engine.
func buildRouter(cfg *config.Config, pool *pgxpool.Pool) *gin.Engine {
// Stores
rbacStore := rbac.NewStore(pool)
auditStore := audit.NewStore(pool)
uccaStore := ucca.NewStore(pool)
escalationStore := ucca.NewEscalationStore(pool)
corpusVersionStore := ucca.NewCorpusVersionStore(pool)
roadmapStore := roadmap.NewStore(pool)
workshopStore := workshop.NewStore(pool)
portfolioStore := portfolio.NewStore(pool)
academyStore := academy.NewStore(pool)
whistleblowerStore := whistleblower.NewStore(pool)
iaceStore := iace.NewStore(pool)
trainingStore := training.NewStore(pool)
obligationsStore := ucca.NewObligationsStore(pool)
// Services
rbacService := rbac.NewService(rbacStore)
policyEngine := rbac.NewPolicyEngine(rbacService, rbacStore)
// LLM providers
providerRegistry := llm.NewProviderRegistry(cfg.LLMProvider, cfg.LLMFallbackProvider)
providerRegistry.Register(llm.NewOllamaAdapter(cfg.OllamaURL, cfg.OllamaDefaultModel))
if cfg.AnthropicAPIKey != "" {
providerRegistry.Register(llm.NewAnthropicAdapter(cfg.AnthropicAPIKey, cfg.AnthropicDefaultModel))
}
piiDetector := llm.NewPIIDetectorWithPatterns(llm.AllPIIPatterns())
ttsClient := training.NewTTSClient(cfg.TTSServiceURL)
contentGenerator := training.NewContentGenerator(providerRegistry, piiDetector, trainingStore, ttsClient)
accessGate := llm.NewAccessGate(policyEngine, piiDetector, providerRegistry)
trailBuilder := audit.NewTrailBuilder(auditStore)
exporter := audit.NewExporter(auditStore)
blockGenerator := training.NewBlockGenerator(trainingStore, contentGenerator)
// Handlers
rbacHandlers := handlers.NewRBACHandlers(rbacStore, rbacService, policyEngine)
llmHandlers := handlers.NewLLMHandlers(accessGate, providerRegistry, piiDetector, auditStore, trailBuilder)
auditHandlers := handlers.NewAuditHandlers(auditStore, exporter)
uccaHandlers := handlers.NewUCCAHandlers(uccaStore, escalationStore, providerRegistry)
escalationHandlers := handlers.NewEscalationHandlers(escalationStore, uccaStore)
roadmapHandlers := handlers.NewRoadmapHandlers(roadmapStore)
workshopHandlers := handlers.NewWorkshopHandlers(workshopStore)
portfolioHandlers := handlers.NewPortfolioHandlers(portfolioStore)
academyHandlers := handlers.NewAcademyHandlers(academyStore, trainingStore)
whistleblowerHandlers := handlers.NewWhistleblowerHandlers(whistleblowerStore)
iaceHandler := handlers.NewIACEHandler(iaceStore, providerRegistry)
trainingHandlers := handlers.NewTrainingHandlers(trainingStore, contentGenerator, blockGenerator, ttsClient)
ragHandlers := handlers.NewRAGHandlers(corpusVersionStore)
obligationsHandlers := handlers.NewObligationsHandlersWithStore(obligationsStore)
// Regulatory News
allV2Regs, err := ucca.LoadAllV2Regulations()
if err != nil {
log.Printf("WARNING: V2 regulations not loaded: %v", err)
allV2Regs = make(map[string]*ucca.V2RegulationFile)
}
regulatoryNewsHandlers := handlers.NewRegulatoryNewsHandlers(allV2Regs)
// Maximizer
maximizerStore := maximizer.NewStore(pool)
maximizerRules, err := maximizer.LoadConstraintRulesFromDefault()
if err != nil {
log.Printf("WARNING: Maximizer constraints not loaded: %v", err)
maximizerRules = &maximizer.ConstraintRuleSet{Version: "0.0.0"}
}
maximizerSvc := maximizer.NewService(maximizerStore, uccaStore, maximizerRules)
maximizerHandlers := handlers.NewMaximizerHandlers(maximizerSvc)
// Gap Analysis
gapHandler := handlers.NewGapHandler(pool)
// Use-Case Compiler
useCaseHandler := handlers.NewUseCaseHandler(pool, providerRegistry)
rbacMiddleware := rbac.NewMiddleware(rbacService, policyEngine)
// Router
router := gin.Default()
router.Use(cors.New(cors.Config{
AllowOrigins: cfg.AllowedOrigins,
AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
AllowHeaders: []string{"Origin", "Content-Type", "Authorization", "X-User-ID", "X-Tenant-ID", "X-Namespace-ID", "X-Tenant-Slug"},
ExposeHeaders: []string{"Content-Length", "Content-Disposition"},
AllowCredentials: true,
MaxAge: 12 * time.Hour,
}))
router.GET("/health", func(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{
"status": "healthy",
"timestamp": time.Now().UTC().Format(time.RFC3339),
})
})
registerRoutes(router, rbacMiddleware,
rbacHandlers, llmHandlers, auditHandlers,
uccaHandlers, escalationHandlers, obligationsHandlers, ragHandlers,
roadmapHandlers, workshopHandlers, portfolioHandlers,
academyHandlers, trainingHandlers, whistleblowerHandlers, iaceHandler,
gapHandler, maximizerHandlers, regulatoryNewsHandlers, useCaseHandler)
return router
}
Reference in New Issue View Git Blame Copy Permalink