Benjamin Admin
659b37cc21
CI / detect-changes (pull_request) Successful in 6s
CI / branch-name (pull_request) Successful in 1s
CI / guardrail-integrity (pull_request) Successful in 6s
CI / secret-scan (pull_request) Successful in 5s
CI / dep-audit (pull_request) Failing after 55s
CI / sbom-scan (pull_request) Failing after 58s
CI / build-sha-integrity (pull_request) Successful in 6s
CI / validate-canonical-controls (pull_request) Successful in 3s
CI / loc-budget (pull_request) Successful in 18s
CI / go-lint (pull_request) Successful in 43s
CI / python-lint (pull_request) Failing after 14s
CI / nodejs-lint (pull_request) Failing after 1m6s
CI / nodejs-build (pull_request) Successful in 3m0s
CI / test-go (pull_request) Successful in 58s
CI / iace-gt-coverage (pull_request) Successful in 16s
CI / test-python-backend (pull_request) Successful in 26s
CI / test-python-document-crawler (pull_request) Successful in 13s
CI / test-python-dsms-gateway (pull_request) Successful in 9s
Live gate test showed control-intent (#36/#37) was inert for the EU cyber corpus: "Welche Controls passen zu Security Updates?" recalls ENISA good-practices (relevant measures, but source_class=supervisory_guidance) + binding regs, never NIST — so lifting technical_standard above binding did nothing. Per the finalized control-corpus model (User 2026-06-24): add source_role (functional role) ORTHOGONAL to source_class (legal authority). source_class still decides rank; source_role decides CONTROL-POOL membership. classifyRole derives 7 roles from markers (no re-tagging): obligation / operational_requirement / procedural_requirement / control_standard / implementation_guidance / interpretation / definition. Control-intent now boosts the control-pool (operational/procedural requirement, control standard, implementation guidance) over the abstract obligation, soft- ordered op_req > procedural > standard > guidance (controlPoolGain + role bonus) — replacing "lift technical_standard above binding". So CRA Annex I (operational_requirement) wins over NIST (control_standard) for "which measures", and ENISA (implementation_guidance) enters the pool while staying guidance. Recall of not-retrieved standards (NIST) for generic control queries = next step (searchControls). Tested: classifyRole table, role-preference, op_req-Top-1. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
51 lines
2.6 KiB
Go
51 lines
2.6 KiB
Go
package ucca
|
|
|
|
import "testing"
|
|
|
|
func TestClassifyRole(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
r LegalSearchResult
|
|
want string
|
|
}{
|
|
{"NIST -> control_standard", LegalSearchResult{RegulationShort: "NIST SP 800-82r3", ArticleLabel: "AU-8"}, roleControlStandard},
|
|
{"OWASP -> control_standard", LegalSearchResult{RegulationShort: "OWASP ASVS"}, roleControlStandard},
|
|
{"CRA Anhang -> operational_requirement", LegalSearchResult{RegulationShort: "CRA", ArticleLabel: "CRA Anhang I", Category: "regulation"}, roleOperationalReq},
|
|
{"CRA Meldepflicht -> procedural_requirement", LegalSearchResult{RegulationShort: "CRA", ArticleLabel: "Art. 14 CRA Meldepflicht", Category: "regulation"}, roleProceduralReq},
|
|
{"ENISA Good Practices -> implementation_guidance", LegalSearchResult{RegulationShort: "ENISA Supply Chain Good Practices"}, roleImplGuidance},
|
|
{"EDPB Leitlinie -> interpretation", LegalSearchResult{RegulationShort: "EDPB DPO", ArticleLabel: "WP243 Leitlinien Datenschutzbeauftragte"}, roleInterpretation},
|
|
{"DORA article -> obligation", LegalSearchResult{RegulationShort: "DORA", ArticleLabel: "Art. 5 DORA", Category: "regulation"}, roleObligation},
|
|
{"DSGVO Begriffsbestimmungen -> definition", LegalSearchResult{RegulationShort: "DSGVO", ArticleLabel: "Art. 4 DSGVO Begriffsbestimmungen", Category: "regulation"}, roleDefinition},
|
|
{"recital -> definition", LegalSearchResult{RegulationShort: "CRA", IsRecital: true}, roleDefinition},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
if got := classifyRole(tt.r); got != tt.want {
|
|
t.Errorf("classifyRole() = %q, want %q", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestApplyControlRoles_PoolPreference(t *testing.T) {
|
|
// op_req > procedural > control_standard > impl_guidance; non-control roles get no boost.
|
|
roles := []struct {
|
|
r LegalSearchResult
|
|
wantGain float64
|
|
}{
|
|
{LegalSearchResult{ArticleLabel: "CRA Anhang I", Category: "regulation"}, controlPoolGain + 0.100},
|
|
{LegalSearchResult{ArticleLabel: "Art. 14 CRA Meldepflicht", Category: "regulation"}, controlPoolGain + 0.075},
|
|
{LegalSearchResult{RegulationShort: "NIST SP 800-53"}, controlPoolGain + 0.050},
|
|
{LegalSearchResult{RegulationShort: "ENISA Good Practices"}, controlPoolGain + 0.000},
|
|
{LegalSearchResult{ArticleLabel: "Art. 5 DORA", Category: "regulation"}, 0.0}, // obligation: no boost
|
|
}
|
|
for _, rc := range roles {
|
|
out := []LegalSearchResult{rc.r}
|
|
out[0].Score = 1.0
|
|
applyControlRoles(out)
|
|
if got := out[0].Score - 1.0; got < rc.wantGain-1e-9 || got > rc.wantGain+1e-9 {
|
|
t.Errorf("role %q: gain %.3f, want %.3f", classifyRole(rc.r), got, rc.wantGain)
|
|
}
|
|
}
|
|
}
|