Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
381 Commits 5 Branches 0 Tags
8dfab4ba14f1dd02ccb7d7e17a90a7a669c98957
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Benjamin Admin 8dfab4ba14 feat: Payment Compliance Pack — Semgrep + CodeQL + State Machine + Schema 
Ausfuehrbares Pruefpaket fuer Payment-Terminal-Systeme:

1. Semgrep-Regeln (25 Regeln in 5 Dateien):
   - Logging: Sensitive Daten, Tokens, Debug-Flags
   - Crypto: MD5/SHA1/DES/ECB, Hardcoded Secrets, Weak Random, TLS
   - API: Debug-Routes, Exception Leaks, IDOR, Input Validation
   - Config: Test-Endpoints, CORS, Cookies, Retry
   - Data: Telemetrie, Cache, Export, Queue, Testdaten

2. CodeQL Query-Specs (5 Briefings):
   - Sensitive Data → Logs
   - Sensitive Data → HTTP Response
   - Tenant Context Loss
   - Sensitive Data → Telemetry
   - Cache/Export Leak

3. State-Machine-Tests (10 Testfaelle):
   - 11 Zustaende, 15 Events, 8 Invarianten
   - Duplicate Response, Timeout+Late Success, Decline
   - Invalid Reversal, Cancel, Backend Timeout
   - Parallel Reversal, Unknown Response, Reconnect
   - Late Response after Cancel

4. Finding Schema (JSON Schema):
   - Einheitliches Format fuer alle Engines
   - control_id, engine, status, confidence, evidence, verdict_text

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 14:59:49 +02:00
.claude
docs: add post-push deploy monitoring to CLAUDE.md
2026-03-13 13:39:12 +01:00
.gitea/workflows
Merge gitea/main: resolve ci.yaml conflict, keep Coolify deploy
2026-03-13 13:26:17 +01:00
.woodpecker
admin-compliance
feat: Payment Compliance in Sidebar Navigation
2026-04-13 09:43:50 +02:00
ai-compliance-sdk
feat: Payment Compliance Pack — Semgrep + CodeQL + State Machine + Schema
2026-04-13 14:59:49 +02:00
backend-compliance
feat: AI Act Decision Tree — Zwei-Achsen-Klassifikation (GPAI + High-Risk)
2026-03-29 10:14:09 +02:00
breakpilot-compliance-sdk
feat(rag): optimize RAG pipeline — JSON-Mode, CoT, Hybrid Search, Re-Ranking, Cross-Reg Dedup, chunk 1024
2026-03-21 11:49:43 +01:00
compliance-tts-service
fix(tts): upgrade edge-tts 6.1.12 → 7.2.7 (fixes 403 token expiry)
2026-03-20 16:23:44 +01:00
consent-sdk
developer-portal
feat(training+controls): interactive video pipeline, training blocks, control generator, CE libraries
2026-03-16 21:41:48 +01:00
docs-src
feat: Obligation-Deduplizierung — 34.617 Duplikate als 'duplicate' markiert
2026-03-26 20:13:00 +01:00
document-crawler
dsms-gateway
dsms-node
scripts
fix: deploy.sh bash 3 kompatibel (keine assoziativen Arrays)
2026-03-25 08:19:38 +01:00
.env.coolify.example
.env.example
.gitignore
chore: add coverage.out to .gitignore
2026-03-14 22:55:05 +01:00
docker-compose.coolify.yml
docker-compose.hetzner.yml
Merge gitea/main: resolve ci.yaml conflict, keep Coolify deploy
2026-03-13 13:26:17 +01:00
docker-compose.yml
feat: add DECOMPOSITION_LLM_MODEL env var for runtime model switching
2026-03-23 09:20:10 +01:00
mkdocs.yml
feat: evidence_type Feld (code/process/hybrid) fuer Controls
2026-03-25 21:53:40 +01:00
Description
No description provided
20 MiB
Languages
TypeScript 50.9%
Python 29.8%
Go 16%
Shell 1.7%
PLpgSQL 1%
Other 0.3%