1e84df9769
All checks were successful
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 32s
CI / test-python-backend-compliance (push) Successful in 30s
CI / test-python-document-crawler (push) Successful in 21s
CI / test-python-dsms-gateway (push) Successful in 18s
6-Phasen-Implementation fuer cloud-faehiges, mandantenfaehiges Compliance SDK:
Phase 1: Multi-Tenancy Fix
- Shared tenant_utils.py Dependency (UUID-Validierung, kein "default" mehr)
- VVT tenant_id Column + tenant-scoped Queries
- DSFA/Vendor DEFAULT_TENANT_ID von "default" auf UUID migriert
- Migration 035
Phase 2: Stammdaten-Erweiterung
- Company Profile um JSONB-Felder erweitert (processing_systems, ai_systems, technical_contacts)
- Regulierungs-Flags (NIS2, AI Act, ISO 27001)
- GET /template-context Endpoint
- Migration 036
Phase 3: Dokument-Versionierung
- 5 Versions-Tabellen (DSFA, VVT, TOM, Loeschfristen, Obligations)
- Shared versioning_utils.py Helper
- /{id}/versions Endpoints auf allen 5 Dokumenttypen
- Migration 037
Phase 4: Change-Request System
- Zentrale CR-Inbox mit CRUD + Accept/Reject/Edit Workflow
- Regelbasierte CR-Engine (VVT DPIA → DSFA CR, Datenkategorien → Loeschfristen CR)
- Audit-Trail
- Migration 038
Phase 5: Dokumentengenerierung
- 5 Template-Generatoren (DSFA, VVT, TOM, Loeschfristen, Obligations)
- Preview + Apply Endpoints (erzeugt CRs, keine direkten Dokumente)
Phase 6: Frontend-Integration
- Change-Request Inbox Page mit Stats, Filtern, Modals
- VersionHistory Timeline-Komponente
- SDKSidebar CR-Badge (60s Polling)
- Company Profile: 2 neue Wizard-Steps + "Dokumente generieren" CTA
Docs: 5 neue MkDocs-Seiten, CLAUDE.md aktualisiert
Tests: 97 neue Tests (alle bestanden)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
91 lines
2.7 KiB
Markdown
91 lines
2.7 KiB
Markdown
# Stammdaten / Company Profile
|
|
|
|
Das Unternehmensprofil (Stammdaten) bildet die Grundlage fuer die automatische Dokumentengenerierung. Es wird in einem mehrstufigen Wizard erfasst.
|
|
|
|
## Wizard-Schritte
|
|
|
|
| Schritt | Name | Felder |
|
|
|---------|------|--------|
|
|
| 1 | Basisinfos | Firmenname, Rechtsform, Branche, Gruendungsjahr |
|
|
| 2 | Geschaeftsmodell | B2B/B2C/B2B2C, Angebote |
|
|
| 3 | Firmengroesse | Unternehmengroesse, Mitarbeiterzahl, Umsatz |
|
|
| 4 | Standorte | Hauptsitz, Zielmaerkte |
|
|
| 5 | Datenschutz | Datenschutz-Rolle, KI-Nutzung, DSB |
|
|
| 6 | Systeme & KI | IT-Systeme (pbD), KI-System-Katalog |
|
|
| 7 | Rechtlicher Rahmen | NIS2/AI Act/ISO 27001, Aufsichtsbehoerde, Pruefzyklus, Ansprechpartner |
|
|
| 8 | Produkt & Maschine | Nur fuer Maschinenbauer: CE, Safety, Software |
|
|
|
|
## API-Endpoints
|
|
|
|
| Methode | Pfad | Beschreibung |
|
|
|---------|------|--------------|
|
|
| `GET` | `/company-profile` | Profil laden |
|
|
| `POST` | `/company-profile` | Profil erstellen/aktualisieren (Upsert) |
|
|
| `DELETE` | `/company-profile` | Profil loeschen (DSGVO Art. 17) |
|
|
| `GET` | `/company-profile/template-context` | Flacher Dict fuer Template-Substitution |
|
|
|
|
## Erweiterte Felder (Phase 2)
|
|
|
|
### Migration 036
|
|
|
|
| Spalte | Typ | Beschreibung |
|
|
|--------|-----|--------------|
|
|
| `repos` | JSONB | Git-Repos im Scope |
|
|
| `document_sources` | JSONB | Bestehende Compliance-Dokumente |
|
|
| `processing_systems` | JSONB | IT-Systeme mit personenbezogenen Daten |
|
|
| `ai_systems` | JSONB | Strukturierter KI-System-Katalog |
|
|
| `technical_contacts` | JSONB | CISO, IT-Manager etc. |
|
|
| `subject_to_nis2` | BOOLEAN | NIS2-Pflicht |
|
|
| `subject_to_ai_act` | BOOLEAN | AI Act relevant |
|
|
| `subject_to_iso27001` | BOOLEAN | ISO 27001 Zertifizierung |
|
|
| `supervisory_authority` | VARCHAR(255) | Zustaendige Aufsichtsbehoerde |
|
|
| `review_cycle_months` | INTEGER | Pruefzyklus in Monaten |
|
|
|
|
### Processing Systems Format
|
|
|
|
```json
|
|
[
|
|
{
|
|
"name": "SAP HR",
|
|
"vendor": "SAP",
|
|
"hosting": "cloud",
|
|
"personal_data_categories": ["Mitarbeiter", "Bankdaten"]
|
|
}
|
|
]
|
|
```
|
|
|
|
### AI Systems Format
|
|
|
|
```json
|
|
[
|
|
{
|
|
"name": "Chatbot",
|
|
"purpose": "Kundensupport",
|
|
"risk_category": "limited",
|
|
"vendor": "OpenAI",
|
|
"has_human_oversight": true
|
|
}
|
|
]
|
|
```
|
|
|
|
## Template-Kontext
|
|
|
|
Der Endpoint `GET /company-profile/template-context` liefert einen flachen Dict, der direkt in die Template-Generierung einfliessen kann:
|
|
|
|
```json
|
|
{
|
|
"company_name": "Acme GmbH",
|
|
"processing_systems": [...],
|
|
"ai_systems": [...],
|
|
"subject_to_nis2": false,
|
|
"subject_to_ai_act": true,
|
|
"has_ai_systems": true,
|
|
"is_complete": true
|
|
}
|
|
```
|
|
|
|
## Tests
|
|
|
|
- 10 Tests in `test_company_profile_extend.py`
|
|
- Pydantic-Schema-Validierung, Row-to-Response-Mapping, Template-Kontext
|