Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8f4f59f0e384dfce9beb5e2cd0c0ab75c6ebbd86
breakpilot-compliance/.claude/rules/loc-exceptions.txt
T
Benjamin Admin 4a5924b8c4 feat(iace): CRA / DIN EN 40000-1-2 cyber-resilience spur 
[guardrail-change]

Phase 18 adds an EU Cyber Resilience Act compliance track to IACE:
the engine now fires patterns that surface the manufacturer-side CRA
obligations whenever a project's components carry digital elements.

Patterns (HP1910-HP1918, hazard_patterns_cra.go):
  HP1910  Missing SBOM
  HP1911  Unsigned firmware/software updates
  HP1912  Factory-default credentials still active
  HP1913  No coordinated vulnerability disclosure (CVD) policy
  HP1914  No documented security patch SLA
  HP1915  Missing user-facing hardening guide
  HP1916  No incident-notification process to ENISA / CSIRT
  HP1917  No security assessment prior to placing on market
  HP1918  AI component without cybersecurity risk assessment

Each pattern carries ClarificationQuestionsDE so the operator gets
auditor-grade questions to take back to the Anlagenbauer instead of
the engine inventing prose. PatternMatch carries DefaultAvoidability
(P=1 for all CRA patterns), feeding the PLr graph from Phase 17.

Measures (M540-M548, measures_library_cra.go):
  M540  SBOM (SPDX or CycloneDX) with each machine release
  M541  Signed updates with rollback protection
  M542  Forced default-password change at first boot
  M543  Published CVD policy (security.txt / PSIRT)
  M544  Documented patch SLA with CVSS-tier response times
  M545  User-facing hardening guide in the machine docs
  M546  ENISA incident-notification process (24h/72h/14d)
  M547  Authenticated update channel + integrity check
  M548  Pre-market security assessment / pen-test

The library is urheberrechtlich neutral: identifiers only
(Verordnung (EU) 2024/2847, DIN EN 40000-1-2 Entwurf, IEC 62443,
ETSI EN 303 645, ISO/IEC 5962, ISO/IEC 29147). No normative text
is reproduced — DIN/Beuth proprietary content is referenced by
section number only.

Category-compatibility:
  cyber_resilience pattern category accepts measures with
  HazardCategory cyber_resilience, cyber_network, or
  software_control. Updated in both the runtime helper
  (iace_handler_init_helpers.go) and its test-mirror
  (pattern_coverage_test.go) — both must move in lockstep.

Frontend (clarifications page):
  When at least one clarification references "2024/2847" or
  "40000-1-2" in its norm_references, a blue info-banner is
  rendered at the top of the page:
    "Cyber Resilience Act (CRA) — Hinweis zur Geltung
     Diese Klärungsliste enthält Fragen zur Verordnung (EU)
     2024/2847 (CRA). Die CRA gilt für Produkte mit digitalen
     Elementen, die ab dem 11.12.2027 auf dem EU-Markt bereit-
     gestellt werden. ..."
  Reminds the user that the CRA pflichten are forward-looking
  while still allowing the manufacturer to bake them in now.

LOC exceptions:
  Added three pre-existing files to .claude/rules/loc-exceptions.txt
  (manufacturer_safety_features.go, iace_handler_clarifications.go,
  routes.go). All three grew across Phases 16-17 and are tagged as
  Phase 5+ refactor backlog. [guardrail-change] marker required.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-17 02:15:51 +02:00

161 lines
8.4 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# loc-exceptions.txt — files allowed to exceed the 500-line hard cap.
#
# Format: one repo-relative path per line. Comments start with '#' and are ignored.
# Each exception MUST be preceded by a comment explaining why splitting is not viable.
#
# Phase 0 baseline: this list is initially empty. Phases 1-4 will add grandfathered
# entries as we encounter legitimate exceptions (e.g. large generated data tables).
# The goal is for this list to SHRINK over time, never grow.
# --- admin-compliance: static data catalogs (Phase 3) ---
# Splitting these would fragment lookup tables without improving readability.
admin-compliance/lib/sdk/tom-generator/controls/loader.ts
admin-compliance/lib/sdk/vendor-compliance/risk/controls-library.ts
admin-compliance/lib/sdk/compliance-scope-triggers.ts
admin-compliance/lib/sdk/vendor-compliance/catalog/processing-activities.ts
admin-compliance/lib/sdk/catalog-manager/catalog-registry.ts
admin-compliance/lib/sdk/dsfa/mitigation-library.ts
admin-compliance/lib/sdk/vvt-baseline-catalog.ts
admin-compliance/lib/sdk/dsfa/eu-legal-frameworks.ts
admin-compliance/lib/sdk/dsfa/risk-catalog.ts
admin-compliance/lib/sdk/loeschfristen-baseline-catalog.ts
admin-compliance/lib/sdk/vendor-compliance/catalog/vendor-templates.ts
admin-compliance/lib/sdk/vendor-compliance/catalog/legal-basis.ts
admin-compliance/lib/sdk/vendor-compliance/contract-review/findings.ts
admin-compliance/lib/sdk/vendor-compliance/contract-review/checklists.ts
admin-compliance/lib/sdk/compliance-scope-types/document-scope-matrix-core.ts
admin-compliance/lib/sdk/compliance-scope-types/document-scope-matrix-extended.ts
admin-compliance/lib/sdk/demo-data/index.ts
admin-compliance/lib/sdk/tom-generator/demo-data/index.ts
# --- admin-compliance: self-contained export generators (Phase 3) ---
# Each file generates a complete document format. Splitting mid-generation
# logic would create artificial module boundaries without benefit.
admin-compliance/lib/sdk/tom-generator/export/zip.ts
admin-compliance/lib/sdk/tom-generator/export/docx.ts
admin-compliance/lib/sdk/tom-generator/export/pdf.ts
admin-compliance/lib/sdk/einwilligungen/export/pdf.ts
admin-compliance/lib/sdk/einwilligungen/generator/privacy-policy-sections.ts
# --- backend-compliance: legacy utility services (Phase 1) ---
# Pre-refactor utility modules not yet split. Phase 5 targets.
backend-compliance/compliance/services/control_generator.py
backend-compliance/compliance/services/audit_pdf_generator.py
backend-compliance/compliance/services/regulation_scraper.py
backend-compliance/compliance/services/llm_provider.py
backend-compliance/compliance/services/export_generator.py
backend-compliance/compliance/services/pdf_extractor.py
backend-compliance/compliance/services/ai_compliance_assistant.py
# --- backend-compliance: Phase 1 code refactor backlog ---
# These are the remaining oversized route/service/data/auth files that Phase 1
# did not reach. Each entry is a tracked refactor debt item — the list must shrink.
backend-compliance/compliance/services/decomposition_pass.py
backend-compliance/compliance/api/schemas.py
backend-compliance/compliance/api/canonical_control_routes.py
backend-compliance/compliance/db/repository.py
backend-compliance/compliance/db/models.py
backend-compliance/compliance/api/evidence_check_routes.py
backend-compliance/compliance/api/control_generator_routes.py
backend-compliance/compliance/api/process_task_routes.py
backend-compliance/compliance/api/evidence_routes.py
backend-compliance/compliance/api/crosswalk_routes.py
backend-compliance/compliance/api/dashboard_routes.py
backend-compliance/compliance/api/dsfa_routes.py
backend-compliance/compliance/api/routes.py
backend-compliance/compliance/api/tom_mapping_routes.py
backend-compliance/compliance/services/control_dedup.py
backend-compliance/compliance/services/framework_decomposition.py
backend-compliance/compliance/services/pipeline_adapter.py
backend-compliance/compliance/services/batch_dedup_runner.py
backend-compliance/compliance/services/obligation_extractor.py
backend-compliance/compliance/services/control_composer.py
backend-compliance/compliance/services/pattern_matcher.py
backend-compliance/compliance/data/iso27001_annex_a.py
backend-compliance/compliance/data/service_modules.py
backend-compliance/compliance/data/controls.py
backend-compliance/services/pdf_service.py
backend-compliance/services/file_processor.py
backend-compliance/auth/keycloak_auth.py
# --- scripts: one-off ingestion, QA, and migration scripts ---
# These are operational scripts, not production application code.
# LOC rules don't apply in the same way to single-purpose scripts.
scripts/ingest-legal-corpus.sh
scripts/ingest-ce-corpus.sh
scripts/ingest-dsfa-bundesland.sh
scripts/edpb-crawler.py
scripts/apply_templates_023.py
scripts/qa/phase74_generate_gap_controls.py
scripts/qa/pdf_qa_all.py
scripts/qa/benchmark_llm_controls.py
backend-compliance/scripts/seed_policy_templates.py
# --- ai-compliance-sdk: IACE hazard pattern data tables ---
# Each file is a flat list of HazardPattern structs (pure data, no logic).
# 85 patterns × 12 lines/pattern = ~1020 lines. Cannot be split meaningfully.
ai-compliance-sdk/internal/iace/hazard_patterns_extended3.go
ai-compliance-sdk/internal/iace/hazard_patterns_final_a.go
ai-compliance-sdk/internal/iace/hazard_patterns_final_b.go
ai-compliance-sdk/internal/iace/hazard_patterns_final_c.go
ai-compliance-sdk/internal/iace/hazard_patterns_final_d.go
ai-compliance-sdk/internal/iace/hazard_patterns_cyber_extended.go
ai-compliance-sdk/internal/iace/hazard_patterns_workshop.go
ai-compliance-sdk/internal/iace/norms_library_c_process.go
ai-compliance-sdk/internal/iace/norms_library_c_food_pkg.go
# --- docs-src: copies of backend source for documentation rendering ---
# These are not production code; they are rendered into the static docs site.
docs-src/control_generator.py
docs-src/control_generator_routes.py
# --- consent-sdk: platform-native mobile SDKs (Swift / Dart) ---
# Flutter and iOS SDKs follow platform conventions (verbose verbose) that make
# splitting into multiple files awkward without sacrificing single-import ergonomics.
consent-sdk/src/mobile/flutter/consent_sdk.dart
consent-sdk/src/mobile/ios/ConsentManager.swift
# --- consent-tester: DSI discovery orchestrator ---
# Single Playwright session with sequential steps (banner dismiss, self-extract,
# link follow, accordion expand, inline sections). Splitting mid-session would
# require passing Page objects across modules.
consent-tester/services/dsi_discovery.py
# --- backend-compliance: unified compliance check orchestrator ---
# Sequential 7-step pipeline (text resolve, profile detect, check documents,
# banner scan, cross-check, profile extract, report). Phase 5 split target.
backend-compliance/compliance/api/agent_compliance_check_routes.py
# --- docs-src: binary office files (not source code) ---
# (Also excluded by extension in scripts/check-loc.sh — kept here for legibility.)
docs-src/Breakpilot ComplAI Finanzplan.xlsm
# --- admin-compliance: oversized component refactor backlog ---
# Phase 5+ target for splitting into smaller subcomponents per wizard step.
admin-compliance/components/sdk/ai-act/DecisionTreeWizard.tsx
# --- ai-compliance-sdk: oversized handler refactor backlog ---
# Phase 5+ target for splitting handler groups into per-resource files.
ai-compliance-sdk/internal/api/handlers/tender_handlers.go
# --- merge grandfathered (2026-05-13) — Phase 5+ refactor backlog ---
# Files imported via team work that crossed the hard cap; tracked for splitting.
consent-tester/checks/banner_checks.py
consent-tester/services/banner_detector.py
backend-compliance/compliance/api/agent_doc_check_routes.py
backend-compliance/compliance/services/service_registry.py
backend-compliance/compliance/services/dsr_workflow_service.py
ai-compliance-sdk/internal/iace/hazard_patterns_forestry_conveyor.go
admin-compliance/app/sdk/compliance-scope/page.tsx
# --- zeroclaw: ground-truth corpus (test fixture data, not source) ---
zeroclaw/docs/ground-truth/06-spiegel-dsi-fulltext.txt
# --- IACE data tables and orchestration files (Phase 16-18 refactor backlog) ---
# Each file grew during the IACE polish phases (Stufe-A manufacturer library,
# Klärungen Phase 3 PDF export + methodology, app routes). Phase 5+ split
# targets — splitting now would fragment unrelated cohesive logic.
ai-compliance-sdk/internal/iace/manufacturer_safety_features.go
ai-compliance-sdk/internal/api/handlers/iace_handler_clarifications.go
ai-compliance-sdk/internal/app/routes.go
Reference in New Issue View Git Blame Copy Permalink