Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6aad774fc1b48cbb51ddb931609e7b7b4273e74d
breakpilot-compliance/backend-compliance/tests
T
History
Benjamin Admin 6aad774fc1 feat(b14): widersprüchliche Speicherdauer im selben Doc (GT TH-RETENTION-001) 
Erkennt: in derselben DSE / Cookie-Richtlinie nennt der Anbieter für
DIESELBE Datenkategorie mehrere unterschiedliche Speicherdauern.

GT-Anker (Elli): Logfiles "7 Tage" + "30 Tage" im selben DSE → eine
Angabe ist falsch oder veraltet.

Heuristik:
  - Satz-Boundary-Scope (kein ±N-Zeichen-Fenster) verhindert
    Cross-Category-Leakage
  - Pro Satz: Kategorie-Anchor + Retention-Werte beide drin
  - Tag-Cluster mit ±20 %-Toleranz: "30 Tage" und "1 Monat" =
    1 Cluster; "7 Tage" und "30 Tage" = 2 Cluster → Finding

Kategorien (Phase 1):
  - logfile, contact_form, application, newsletter, invoice,
    session_cookie

Severity: MEDIUM (DSGVO Art. 5 Abs. 1 lit. a + Art. 13 Abs. 2 lit. a).

Tests: 11/11 grün (Cluster-Logik 5, Check-Pfade 6, inkl. Cross-
Category-Leakage-Regression).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-07 00:12:00 +02:00
..
contracts
refactor(backend/isms): split isms_assessment_service.py to stay under 500 LOC
2026-04-09 20:50:30 +02:00
fixtures
feat(audit): Phase 1 Quick-Wins (P81 + P85 + P70 + P83) + TCF DELETE/INSERT-Fix
2026-05-22 08:24:46 +02:00
__init__.py
feat: Phase 2 — RAG integration in Requirements + DSFA Draft
2026-03-02 08:57:39 +01:00
test_agent_notification_routes.py
feat: ZeroClaw compliance agent — document analysis + role assignment + email
2026-04-27 23:28:21 +02:00
test_anti_fake_evidence_phase2.py
feat: Anti-Fake-Evidence System (Phase 1-4b)
2026-03-23 17:15:45 +01:00
test_anti_fake_evidence_phase3.py
feat: Anti-Fake-Evidence System (Phase 1-4b)
2026-03-23 17:15:45 +01:00
test_anti_fake_evidence_phase4.py
feat: Anti-Fake-Evidence System (Phase 1-4b)
2026-03-23 17:15:45 +01:00
test_anti_fake_evidence.py
feat: Anti-Fake-Evidence System (Phase 1-4b)
2026-03-23 17:15:45 +01:00
test_audit_routes_integration.py
tech-debt: mypy --strict config + integration tests for audit routes
2026-04-07 18:39:40 +02:00
test_banner_routes.py
feat: Cookie-Banner ↔ Backend Integration (DSR, Retention, Consent Proof)
2026-05-02 19:41:22 +02:00
test_batch_dedup_runner.py
fix: adapt batch dedup to NULL pattern_id — group by merge_group_hint
2026-03-24 07:24:02 +01:00
test_canonical_control_routes.py
feat: Obligation-Deduplizierung — 34.617 Duplikate als 'duplicate' markiert
2026-03-26 20:13:00 +01:00
test_change_request_routes.py
feat(sdk): Multi-Tenancy, Versionierung, Change-Requests, Dokumentengenerierung (Phase 1-6)
2026-03-07 14:12:34 +01:00
test_citation_backfill.py
feat(rag): optimize RAG pipeline — JSON-Mode, CoT, Hybrid Search, Re-Ranking, Cross-Reg Dedup, chunk 1024
2026-03-21 11:49:43 +01:00
test_company_profile_extend.py
fix: update 61 outdated test mocks to match current schemas
2026-03-24 06:40:42 +01:00
test_company_profile_routes.py
fix: update 61 outdated test mocks to match current schemas
2026-03-24 06:40:42 +01:00
test_compliance_scope_routes.py
feat: Vorbereitung-Module auf 100% — Compliance-Scope Backend, DELETE-Endpoints, Proxy-Fixes, blocked-content Tab
2026-03-04 17:43:29 +01:00
test_consent_reachability_check.py
refactor(agent-check): split routes file (2692→347 LOC) + wire B1/B3/A1 [guardrail-change]
2026-06-06 14:47:25 +02:00
test_consent_template_routes.py
feat: Betrieb-Module → 100% — Echte CRUD-Flows, kein Mock-Data
2026-03-03 12:48:43 +01:00
test_control_composer.py
feat(multi-layer): complete Multi-Layer Control Architecture (Phases 1-8 + Pass 0)
2026-03-17 09:00:37 +01:00
test_control_dedup.py
feat(rag): optimize RAG pipeline — JSON-Mode, CoT, Hybrid Search, Re-Ranking, Cross-Reg Dedup, chunk 1024
2026-03-21 11:49:43 +01:00
test_control_generator.py
feat(rag): optimize RAG pipeline — JSON-Mode, CoT, Hybrid Search, Re-Ranking, Cross-Reg Dedup, chunk 1024
2026-03-21 11:49:43 +01:00
test_control_patterns.py
feat(multi-layer): complete Multi-Layer Control Architecture (Phases 1-8 + Pass 0)
2026-03-17 09:00:37 +01:00
test_control_routes.py
feat: Anti-Fake-Evidence System (Phase 1-4b)
2026-03-23 17:15:45 +01:00
test_crosswalk_routes.py
feat(multi-layer): complete Multi-Layer Control Architecture (Phases 1-8 + Pass 0)
2026-03-17 09:00:37 +01:00
test_dashboard_routes_extended.py
feat: add compliance modules 2-5 (dashboard, security templates, process manager, evidence collector)
2026-03-14 21:03:04 +01:00
test_decomposition_pass.py
feat: Pass 0b quality — negative actions, container detection, session object classes
2026-03-28 17:24:19 +01:00
test_document_versions.py
feat(sdk): Multi-Tenancy, Versionierung, Change-Requests, Dokumentengenerierung (Phase 1-6)
2026-03-07 14:12:34 +01:00
test_dsfa_routes.py
merge: sync with origin/main, take upstream on conflicts
2026-04-16 16:26:48 +02:00
test_dsr_routes.py
refactor: phase 0 guardrails + phase 1 step 2 (models.py split)
2026-04-07 13:18:29 +02:00
test_einwilligungen_routes.py
refactor: phase 0 guardrails + phase 1 step 2 (models.py split)
2026-04-07 13:18:29 +02:00
test_email_template_routes.py
feat: Consent-Service Module nach Compliance migriert (DSR, E-Mail-Templates, Legal Docs, Banner)
2026-03-05 00:36:24 +01:00
test_escalation_routes.py
feat(sdk): API-Referenz Frontend + Backend-Konsolidierung (Shared Utilities, CRUD Factory)
2026-03-07 17:07:43 +01:00
test_evidence_check_routes.py
feat: add compliance modules 2-5 (dashboard, security templates, process manager, evidence collector)
2026-03-14 21:03:04 +01:00
test_evidence_routes.py
feat: Anti-Fake-Evidence System (Phase 1-4b)
2026-03-23 17:15:45 +01:00
test_evidence_type.py
feat: evidence_type Feld (code/process/hybrid) fuer Controls
2026-03-25 21:53:40 +01:00
test_extraction_routes.py
feat(extraction): POST /compliance/extract-requirements-from-rag
2026-03-05 15:11:10 +01:00
test_founding_wizard.py
feat(founding-wizard): Per-Person IP-Assignment + Prefill + E2E-Tests
2026-05-21 18:49:10 +02:00
test_framework_decomposition.py
feat: Framework Decomposition Engine + Composite Detection for Pass 0b
2026-03-23 12:11:55 +01:00
test_generation_routes.py
fix(quality): Ruff/CVE/TS-Fixes, 104 neue Tests, Complexity-Refactoring
2026-03-07 19:00:33 +01:00
test_import_routes.py
fix(import+screening): GET-Alias, DELETE-Endpoint, ehrlicher Scan-Status
2026-03-05 12:07:01 +01:00
test_impressum_multi_entity_check.py
fix(b9): clean entity names in multi-entity-impressum (GT IMPRESSUM-001)
2026-06-07 00:08:18 +02:00
test_incident_routes.py
feat(incidents): Go Incidents nach Python migrieren, Proxy umleiten, 50 Tests
2026-03-06 20:50:00 +01:00
test_isms_routes.py
refactor: phase 0 guardrails + phase 1 step 2 (models.py split)
2026-04-07 13:18:29 +02:00
test_legal_document_routes_extended.py
merge: sync with origin/main, take upstream on conflicts
2026-04-16 16:26:48 +02:00
test_legal_document_routes.py
refactor(backend/api): extract LegalDocumentConsentService (Step 4 — file 12 of 18)
2026-04-09 08:47:56 +02:00
test_legal_template_routes.py
fix: update 61 outdated test mocks to match current schemas
2026-03-24 06:40:42 +01:00
test_license_gate.py
feat(canonical-controls): Canonical Control Library — rechtssichere Security Controls
2026-03-12 19:55:06 +01:00
test_lit_mapping_validation.py
test: Lit-Mapping validation — Dict vs Control Library comparison
2026-04-29 16:56:38 +02:00
test_loeschfristen_routes.py
feat(sdk): vendor-compliance cross-module integration — VVT, obligations, TOM, loeschfristen
2026-03-19 13:59:43 +01:00
test_mail_render_v2.py
feat(audit): V2 mail render + 5 new findings (B4/B5/B6/B7/B8) + LLM-Plausibility-Phase
2026-06-06 21:19:49 +02:00
test_mc_audit_type_classification.py
fix(mc-audit): TOM/AVV case-mismatch + Ausnahmen-Pattern Wortabstand
2026-05-22 11:51:03 +02:00
test_migration_060.py
feat(multi-layer): complete Multi-Layer Control Architecture (Phases 1-8 + Pass 0)
2026-03-17 09:00:37 +01:00
test_migration_endpoints.py
feat(agent): migrate compliance-check results to banner + documents (M1-M5)
2026-05-17 14:06:28 +02:00
test_migration_mappers.py
feat(agent): migrate compliance-check results to banner + documents (M1-M5)
2026-05-17 14:06:28 +02:00
test_module_routes.py
feat(freigabe): Import/Screening/Modules/RAG — API-Tests, Migration 031, Bug-Fix
2026-03-05 11:42:19 +01:00
test_notfallplan_routes.py
feat: Alle 5 verbleibenden SDK-Module auf 100% — RAG, Security-Backlog, Quality, Notfallplan, Loeschfristen
2026-03-03 18:04:53 +01:00
test_obligation_extractor.py
feat(rag): optimize RAG pipeline — JSON-Mode, CoT, Hybrid Search, Re-Ranking, Cross-Reg Dedup, chunk 1024
2026-03-21 11:49:43 +01:00
test_obligation_routes.py
feat(sdk): vendor-compliance cross-module integration — VVT, obligations, TOM, loeschfristen
2026-03-19 13:59:43 +01:00
test_pattern_matcher.py
feat(multi-layer): complete Multi-Layer Control Architecture (Phases 1-8 + Pass 0)
2026-03-17 09:00:37 +01:00
test_pipeline_adapter.py
feat(multi-layer): complete Multi-Layer Control Architecture (Phases 1-8 + Pass 0)
2026-03-17 09:00:37 +01:00
test_policy_templates.py
fix: update 61 outdated test mocks to match current schemas
2026-03-24 06:40:42 +01:00
test_process_task_routes.py
feat: add compliance modules 2-5 (dashboard, security templates, process manager, evidence collector)
2026-03-14 21:03:04 +01:00
test_project_routes.py
feat(sdk): Multi-Projekt-Architektur — mehrere Projekte pro Tenant
2026-03-09 14:53:50 +01:00
test_provenance_endpoint.py
feat: Control-Detail Provenance + Atomare Controls Seite
2026-03-24 10:38:34 +01:00
test_quality_routes.py
feat(sdk): API-Referenz Frontend + Backend-Konsolidierung (Shared Utilities, CRUD Factory)
2026-03-07 17:07:43 +01:00
test_rag_client.py
feat: Phase 2 — RAG integration in Requirements + DSFA Draft
2026-03-02 08:57:39 +01:00
test_rationale_backfill.py
feat: LLM-basierter Rationale-Backfill fuer atomare Controls
2026-03-25 23:01:49 +01:00
test_requirement_routes.py
feat(compliance-kern): Tests, MkDocs + RAG-Controls Button für Anforderungen/Controls/Nachweise/Risiken
2026-03-05 13:43:02 +01:00
test_reranker.py
feat(rag): optimize RAG pipeline — JSON-Mode, CoT, Hybrid Search, Re-Ranking, Cross-Reg Dedup, chunk 1024
2026-03-21 11:49:43 +01:00
test_retention_comparator.py
refactor(agent-check): split routes file (2692→347 LOC) + wire B1/B3/A1 [guardrail-change]
2026-06-06 14:47:25 +02:00
test_retention_conflict_check.py
feat(b14): widersprüchliche Speicherdauer im selben Doc (GT TH-RETENTION-001)
2026-06-07 00:12:00 +02:00
test_risk_routes.py
feat(compliance-kern): Tests, MkDocs + RAG-Controls Button für Anforderungen/Controls/Nachweise/Risiken
2026-03-05 13:43:02 +01:00
test_routes_legal_context.py
docs+tests: Phase 2 RAG audit — missing tests, dev docs, SDK flow page
2026-03-02 09:26:57 +01:00
test_saving_scan_routes.py
feat(compliance-check): exec-summary + voll-audit + TDM-respect + cookie-KB-extended + saving-scan-funnel
2026-05-18 23:48:34 +02:00
test_screening_routes.py
feat(freigabe): Import/Screening/Modules/RAG — API-Tests, Migration 031, Bug-Fix
2026-03-05 11:42:19 +01:00
test_security_backlog_routes.py
feat(sdk): API-Referenz Frontend + Backend-Konsolidierung (Shared Utilities, CRUD Factory)
2026-03-07 17:07:43 +01:00
test_security_templates.py
feat: add compliance modules 2-5 (dashboard, security templates, process manager, evidence collector)
2026-03-14 21:03:04 +01:00
test_source_policy_routes.py
docs: MkDocs, SDK-Flow und Tests fuer 6 Dokumentations-Module aktualisieren
2026-03-02 18:48:55 +01:00
test_source_type_classification.py
fix: normative_strength 'may' statt 'can' (DB-Constraint)
2026-03-25 08:35:16 +01:00
test_template_rule_routes.py
test(template-rules): pytest suite for backend foundation (Phase 1.6)
2026-06-06 23:19:22 +02:00
test_tom_mapping_routes.py
feat(tom): audit document, compliance checks, 25 controls, canonical control mapping
2026-03-19 11:56:53 +01:00
test_tom_routes.py
feat(tom): TOM-Backend in Python erstellen, Frontend von In-Memory auf DB migrieren
2026-03-06 17:35:44 +01:00
test_v1_enrichment.py
fix: V1 Enrichment — Qdrant Collection + Parent-Resolution fuer regulatorische Matches
2026-03-26 10:52:41 +01:00
test_validate_controls.py
feat(canonical-controls): Canonical Control Library — rechtssichere Security Controls
2026-03-12 19:55:06 +01:00
test_vendor_compliance_routes.py
refactor: phase 0 guardrails + phase 1 step 2 (models.py split)
2026-04-07 13:18:29 +02:00
test_vvt_library_routes.py
feat(sdk): VVT master libraries, process templates, Loeschfristen profiling + document
2026-03-19 11:56:25 +01:00
test_vvt_routes.py
refactor: phase 0 guardrails + phase 1 step 2 (models.py split)
2026-04-07 13:18:29 +02:00
test_vvt_tenant_isolation.py
merge: sync with origin/main, take upstream on conflicts
2026-04-16 16:26:48 +02:00
test_widerrufsbelehrung_reachability_check.py
feat(b13): Widerrufsbelehrung-Reachability-Check (GT WIDERRUFSBELEHRUNG-001)
2026-06-07 00:04:41 +02:00