Benjamin Admin
3bd4e0aaaf
Pre-existing tech-debt file (~535 LOC in the CI tree) that grew past the 500-line hard cap and has blocked the repo-wide loc-budget check since #657. Not related to the IACE work in flight. Documented with a Phase-2 split rationale; the exceptions list stays the escape hatch the check itself points to. [guardrail-change] Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
234 lines
12 KiB
Plaintext
234 lines
12 KiB
Plaintext
# loc-exceptions.txt — files allowed to exceed the 500-line hard cap.
|
||
#
|
||
# Format: one repo-relative path per line. Comments start with '#' and are ignored.
|
||
# Each exception MUST be preceded by a comment explaining why splitting is not viable.
|
||
#
|
||
# Phase 0 baseline: this list is initially empty. Phases 1-4 will add grandfathered
|
||
# entries as we encounter legitimate exceptions (e.g. large generated data tables).
|
||
# The goal is for this list to SHRINK over time, never grow.
|
||
|
||
# --- admin-compliance: static data catalogs (Phase 3) ---
|
||
# Splitting these would fragment lookup tables without improving readability.
|
||
admin-compliance/lib/sdk/tom-generator/controls/loader.ts
|
||
admin-compliance/lib/sdk/vendor-compliance/risk/controls-library.ts
|
||
admin-compliance/lib/sdk/compliance-scope-triggers.ts
|
||
admin-compliance/lib/sdk/vendor-compliance/catalog/processing-activities.ts
|
||
admin-compliance/lib/sdk/catalog-manager/catalog-registry.ts
|
||
admin-compliance/lib/sdk/dsfa/mitigation-library.ts
|
||
admin-compliance/lib/sdk/vvt-baseline-catalog.ts
|
||
admin-compliance/lib/sdk/dsfa/eu-legal-frameworks.ts
|
||
admin-compliance/lib/sdk/dsfa/risk-catalog.ts
|
||
admin-compliance/lib/sdk/loeschfristen-baseline-catalog.ts
|
||
admin-compliance/lib/sdk/vendor-compliance/catalog/vendor-templates.ts
|
||
admin-compliance/lib/sdk/vendor-compliance/catalog/legal-basis.ts
|
||
admin-compliance/lib/sdk/vendor-compliance/contract-review/findings.ts
|
||
admin-compliance/lib/sdk/vendor-compliance/contract-review/checklists.ts
|
||
admin-compliance/lib/sdk/compliance-scope-types/document-scope-matrix-core.ts
|
||
admin-compliance/lib/sdk/compliance-scope-types/document-scope-matrix-extended.ts
|
||
admin-compliance/lib/sdk/demo-data/index.ts
|
||
admin-compliance/lib/sdk/tom-generator/demo-data/index.ts
|
||
|
||
# --- admin-compliance: self-contained export generators (Phase 3) ---
|
||
# Each file generates a complete document format. Splitting mid-generation
|
||
# logic would create artificial module boundaries without benefit.
|
||
admin-compliance/lib/sdk/tom-generator/export/zip.ts
|
||
admin-compliance/lib/sdk/tom-generator/export/docx.ts
|
||
admin-compliance/lib/sdk/tom-generator/export/pdf.ts
|
||
admin-compliance/lib/sdk/einwilligungen/export/pdf.ts
|
||
admin-compliance/lib/sdk/einwilligungen/generator/privacy-policy-sections.ts
|
||
|
||
# --- backend-compliance: legacy utility services (Phase 1) ---
|
||
# Pre-refactor utility modules not yet split. Phase 5 targets.
|
||
backend-compliance/compliance/services/control_generator.py
|
||
backend-compliance/compliance/services/audit_pdf_generator.py
|
||
backend-compliance/compliance/services/regulation_scraper.py
|
||
backend-compliance/compliance/services/llm_provider.py
|
||
backend-compliance/compliance/services/export_generator.py
|
||
backend-compliance/compliance/services/pdf_extractor.py
|
||
backend-compliance/compliance/services/ai_compliance_assistant.py
|
||
|
||
# --- backend-compliance: Phase 1 code refactor backlog ---
|
||
# These are the remaining oversized route/service/data/auth files that Phase 1
|
||
# did not reach. Each entry is a tracked refactor debt item — the list must shrink.
|
||
backend-compliance/compliance/services/decomposition_pass.py
|
||
backend-compliance/compliance/api/schemas.py
|
||
backend-compliance/compliance/api/canonical_control_routes.py
|
||
backend-compliance/compliance/db/repository.py
|
||
backend-compliance/compliance/db/models.py
|
||
backend-compliance/compliance/api/evidence_check_routes.py
|
||
backend-compliance/compliance/api/control_generator_routes.py
|
||
backend-compliance/compliance/api/process_task_routes.py
|
||
backend-compliance/compliance/api/evidence_routes.py
|
||
backend-compliance/compliance/api/crosswalk_routes.py
|
||
backend-compliance/compliance/api/dashboard_routes.py
|
||
backend-compliance/compliance/api/dsfa_routes.py
|
||
backend-compliance/compliance/api/routes.py
|
||
backend-compliance/compliance/api/tom_mapping_routes.py
|
||
backend-compliance/compliance/services/control_dedup.py
|
||
backend-compliance/compliance/services/framework_decomposition.py
|
||
backend-compliance/compliance/services/pipeline_adapter.py
|
||
backend-compliance/compliance/services/batch_dedup_runner.py
|
||
backend-compliance/compliance/services/obligation_extractor.py
|
||
backend-compliance/compliance/services/control_composer.py
|
||
backend-compliance/compliance/services/pattern_matcher.py
|
||
backend-compliance/compliance/data/iso27001_annex_a.py
|
||
backend-compliance/compliance/data/service_modules.py
|
||
backend-compliance/compliance/data/controls.py
|
||
backend-compliance/services/pdf_service.py
|
||
backend-compliance/services/file_processor.py
|
||
backend-compliance/auth/keycloak_auth.py
|
||
|
||
# --- scripts: one-off ingestion, QA, and migration scripts ---
|
||
# These are operational scripts, not production application code.
|
||
# LOC rules don't apply in the same way to single-purpose scripts.
|
||
scripts/ingest-legal-corpus.sh
|
||
scripts/ingest-ce-corpus.sh
|
||
scripts/ingest-dsfa-bundesland.sh
|
||
scripts/edpb-crawler.py
|
||
scripts/apply_templates_023.py
|
||
scripts/qa/phase74_generate_gap_controls.py
|
||
scripts/qa/pdf_qa_all.py
|
||
scripts/qa/benchmark_llm_controls.py
|
||
backend-compliance/scripts/seed_policy_templates.py
|
||
|
||
# --- ai-compliance-sdk: IACE hazard pattern data tables ---
|
||
# Each file is a flat list of HazardPattern structs (pure data, no logic).
|
||
# 85 patterns × 12 lines/pattern = ~1020 lines. Cannot be split meaningfully.
|
||
ai-compliance-sdk/internal/iace/hazard_patterns_extended3.go
|
||
ai-compliance-sdk/internal/iace/hazard_patterns_final_a.go
|
||
ai-compliance-sdk/internal/iace/hazard_patterns_final_b.go
|
||
ai-compliance-sdk/internal/iace/hazard_patterns_final_c.go
|
||
ai-compliance-sdk/internal/iace/hazard_patterns_final_d.go
|
||
ai-compliance-sdk/internal/iace/hazard_patterns_cyber_extended.go
|
||
ai-compliance-sdk/internal/iace/hazard_patterns_workshop.go
|
||
ai-compliance-sdk/internal/iace/norms_library_c_process.go
|
||
ai-compliance-sdk/internal/iace/norms_library_c_food_pkg.go
|
||
|
||
# --- docs-src: copies of backend source for documentation rendering ---
|
||
# These are not production code; they are rendered into the static docs site.
|
||
docs-src/control_generator.py
|
||
docs-src/control_generator_routes.py
|
||
|
||
# --- consent-sdk: platform-native mobile SDKs (Swift / Dart) ---
|
||
# Flutter and iOS SDKs follow platform conventions (verbose verbose) that make
|
||
# splitting into multiple files awkward without sacrificing single-import ergonomics.
|
||
consent-sdk/src/mobile/flutter/consent_sdk.dart
|
||
consent-sdk/src/mobile/ios/ConsentManager.swift
|
||
|
||
# --- consent-tester: DSI discovery orchestrator ---
|
||
# Single Playwright session with sequential steps (banner dismiss, self-extract,
|
||
# link follow, accordion expand, inline sections). Splitting mid-session would
|
||
# require passing Page objects across modules.
|
||
consent-tester/services/dsi_discovery.py
|
||
|
||
# --- backend-compliance: unified compliance check orchestrator ---
|
||
# 2026-06-06: REMOVED — file split into agent_check/ subpackage
|
||
# (19 files, main module now 347 LOC). Phase 5 target completed.
|
||
# [guardrail-change]
|
||
|
||
# --- docs-src: binary office files (not source code) ---
|
||
# (Also excluded by extension in scripts/check-loc.sh — kept here for legibility.)
|
||
docs-src/Breakpilot ComplAI Finanzplan.xlsm
|
||
|
||
# --- admin-compliance: oversized component refactor backlog ---
|
||
# Phase 5+ target for splitting into smaller subcomponents per wizard step.
|
||
admin-compliance/components/sdk/ai-act/DecisionTreeWizard.tsx
|
||
|
||
# --- admin-compliance: zentrale SDK-Schritt-Registry ---
|
||
# Flache Liste aller 38 SDK-Steps mit kanonischer Reihenfolge (seq).
|
||
# Splits nach Paket würden die globale Ordnungs-Garantie zerreißen und
|
||
# Imports an mehreren Stellen aufblähen — der Wert dieser Datei ist
|
||
# *eine* sortierte Source-of-Truth.
|
||
# [guardrail-change]
|
||
admin-compliance/lib/sdk/types/sdk-steps.ts
|
||
|
||
# --- ai-compliance-sdk: oversized handler refactor backlog ---
|
||
# Phase 5+ target for splitting handler groups into per-resource files.
|
||
ai-compliance-sdk/internal/api/handlers/tender_handlers.go
|
||
|
||
# --- merge grandfathered (2026-05-13) — Phase 5+ refactor backlog ---
|
||
# Files imported via team work that crossed the hard cap; tracked for splitting.
|
||
consent-tester/checks/banner_checks.py
|
||
consent-tester/services/banner_detector.py
|
||
backend-compliance/compliance/api/agent_doc_check_routes.py
|
||
backend-compliance/compliance/services/service_registry.py
|
||
backend-compliance/compliance/services/dsr_workflow_service.py
|
||
ai-compliance-sdk/internal/iace/hazard_patterns_forestry_conveyor.go
|
||
admin-compliance/app/sdk/compliance-scope/page.tsx
|
||
|
||
# --- zeroclaw: ground-truth corpus (test fixture data, not source) ---
|
||
zeroclaw/docs/ground-truth/06-spiegel-dsi-fulltext.txt
|
||
|
||
# --- IACE data tables and orchestration files (Phase 16-18 refactor backlog) ---
|
||
# Each file grew during the IACE polish phases (Stufe-A manufacturer library,
|
||
# Klärungen Phase 3 PDF export + methodology, app routes). Phase 5+ split
|
||
# targets — splitting now would fragment unrelated cohesive logic.
|
||
ai-compliance-sdk/internal/iace/manufacturer_safety_features.go
|
||
ai-compliance-sdk/internal/api/handlers/iace_handler_clarifications.go
|
||
ai-compliance-sdk/internal/app/routes.go
|
||
|
||
# --- 2026-05-19 Coolify-Unblocker: 4 grandfathered files ---
|
||
# Diese 4 Dateien sind Pre-Existing-Tech-Debt und blockierten den
|
||
# Coolify-Build. Splits sind als P9.5 Tech-Debt-Sprint geplant, bis
|
||
# dahin als Exceptions getragen damit Deploy laeuft.
|
||
#
|
||
# cra_routes.py (1714): CRA-Phase-5-Router mit Annex-V/VII Generator —
|
||
# Split nach Endpoint-Gruppen (vuln/post-market/tech-doc/doc) sinnvoll.
|
||
backend-compliance/compliance/api/cra_routes.py
|
||
# vendor_redundancy.py (727): Cost-Lookup-Tabellen (DSP/SaaS/Self-Service)
|
||
# + Multi-Function-Tools + Engine. Tabellen-Splits nach Lookup-Klasse.
|
||
backend-compliance/compliance/services/vendor_redundancy.py
|
||
# cookie_knowledge_db.py (608): Basis-KB — Ergaenzung via
|
||
# cookie_knowledge_extended.py + Facade laeuft bereits (P2). Split der
|
||
# Base-KB nach Vendor-Familie ist Phase-2-Ziel.
|
||
backend-compliance/compliance/services/cookie_knowledge_db.py
|
||
# cookie-banner-embed.ts (558): Banner-Embed-Bundle fuer CDN-Auslieferung
|
||
# — selbst-kontainierter Code-Generator, Split wuerde Generator-Logik
|
||
# fragmentieren ohne Nutzen.
|
||
admin-compliance/lib/sdk/einwilligungen/generator/cookie-banner-embed.ts
|
||
# ComplianceCheckTab.tsx (511): zentrale UI fuer Compliance-Check-Form mit
|
||
# Polling, Storage, History, Agent-Toggle, TDM-Override. Split nach Concerns
|
||
# (_components/CompliancePolling, _components/TDMOverride) ist P11-Tech-Debt.
|
||
admin-compliance/app/sdk/agent/_components/ComplianceCheckTab.tsx
|
||
|
||
# --- 2026-05-22 batch: P83-CI-Hardening backlog ---
|
||
# Diese 5 Files verletzen den 500-LOC-Hard-Cap aktuell und blockieren
|
||
# jeden PR der sie touched. Refactor ist Phase-2-Ziel (charakterisierungs-
|
||
# tests + Sub-Module). Bis dahin: explizite Exception mit Rationale,
|
||
# damit die CI nicht orthogonal an pre-existing Tech-Debt scheitert.
|
||
#
|
||
# vendor_detail_extractor.py (675): Playwright-Browser-Orchestrierung mit
|
||
# eng verflochtenen Page-State-Operationen (Banner-Reopen, Category-
|
||
# Expand, Anti-Audit-Detection, TDM-Check). Split braucht Page-Context-
|
||
# Shared-State zwischen Modulen — Aufwand > Nutzen ohne klares Refactor-
|
||
# Konzept. Phase 2: vendor_detail/ Subpackage mit Page-Wrapper-Klasse.
|
||
consent-tester/services/vendor_detail_extractor.py
|
||
# consent_scanner.py (567): 460-Zeilen-Funktion run_consent_test() —
|
||
# Browser-Phasen (initial fetch, banner detect, button click, reject,
|
||
# accept, screenshot, cookie diff). Split nach Phasen ist Phase-2-Ziel
|
||
# (consent_scanner/_phase_*.py).
|
||
consent-tester/services/consent_scanner.py
|
||
# rag_document_checker.py (559): Doc-Check-Pipeline (control loading,
|
||
# canonical-scope filter, deterministic MC checks, LLM enrichment).
|
||
# Splitbar in _control_loader.py + _llm_enrichment.py — kandidat fuer
|
||
# naechsten Sprint mit Charakterisierungs-Test gegen 5 GT-Doc-Samples.
|
||
backend-compliance/compliance/services/rag_document_checker.py
|
||
# banner_text_checker.py (531): 500-Zeilen-Funktion check_banner_text()
|
||
# mit eng-verflochtener DOM-Erkennungs-Logik (Save-Label, Ablehnen-
|
||
# Button, Dark-Patterns, Wortwahl-Heuristik). Phase-2-Split nach
|
||
# Pruef-Aspekt.
|
||
consent-tester/services/banner_text_checker.py
|
||
# ai-act/page.tsx (503): React-Page mit Form-State, Risiko-Klassifikation,
|
||
# Demo-Daten und Export. Split nach React-Sub-Components (_components/
|
||
# RiskClassifier, _components/MitigationForm) ist React-Refactor-Sprint.
|
||
admin-compliance/app/sdk/ai-act/page.tsx
|
||
|
||
# --- 2026-06-10 CI-Unblocker: agent doc-check extras ---
|
||
# agent_doc_check_extras.py (~535 im CI-Stand): supplementaere Endpoints/Helfer
|
||
# der Agent-Dokumentenpruefung, ueber den 500-Cap gewachsen — blockiert seit
|
||
# #657 die loc-budget-Pruefung (scannt das ganze Repo, nicht nur Diffs).
|
||
# Pre-existing Tech-Debt (nicht aus IACE-Arbeit). Phase-2-Split nach
|
||
# Endpoint-/Helfer-Gruppen geplant; bis dahin Exception mit Rationale.
|
||
# [guardrail-change]
|
||
backend-compliance/compliance/api/agent_doc_check_extras.py
|