Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
92a47bf6f94d314ad0a0b35d8ba1891a377f7b1f
breakpilot-compliance/admin-compliance/lib/sdk/demo-data/demo-state.ts
Sharang Parnerkar 91063f09b8 refactor(admin): split lib document generators and data catalogs into domain barrels 
obligations-document, tom-document, loeschfristen-document, compliance-scope-triggers,
sdk-flow/flow-data, processing-activities, loeschfristen-baseline-catalog,
catalog-registry, dsfa mitigation-library + risk-catalog, vvt-baseline-catalog,
vendor contract-review checklists + findings, demo-data, tom-compliance.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-18 00:07:03 +02:00

218 lines
12 KiB
TypeScript
Raw Blame History

/**
* Demo State Generator
*
* Generates a complete demo SDKState object for seeding.
* Barrel-split from index.ts. Do NOT import directly; use index.ts.
*/
import { SDKState } from '../types'
import { getDemoUseCases } from './use-cases'
import { getDemoRisks } from './risks'
import { getDemoControls } from './controls'
import { getDemoDSFA } from './dsfa'
import { getDemoTOMs } from './toms'
import { getDemoProcessingActivities, getDemoRetentionPolicies } from './vvt'
/**
* Generate a complete demo state object
* This is used as seed data for the API, not as runtime data
*/
export function generateDemoState(tenantId: string, userId: string): Partial<SDKState> {
const now = new Date()
return {
// Metadata
version: '1.0.0',
projectVersion: 1,
lastModified: now,
// Tenant & User
tenantId,
userId,
subscription: 'PROFESSIONAL',
// Customer Type
customerType: 'new',
// Company Profile (Demo: TechStart GmbH - SaaS-Startup aus Berlin)
companyProfile: {
companyName: 'TechStart GmbH',
legalForm: 'gmbh',
industry: ['Technologie / IT'],
industryOther: '',
foundedYear: 2022,
businessModel: 'B2B_B2C',
offerings: ['app_web', 'software_saas', 'services_consulting'],
companySize: 'small',
employeeCount: '10-49',
annualRevenue: '2-10 Mio',
headquartersCountry: 'DE',
headquartersCity: 'Berlin',
hasInternationalLocations: false,
internationalCountries: [],
targetMarkets: ['germany_only', 'dach'],
primaryJurisdiction: 'DE',
isDataController: true,
isDataProcessor: true,
dpoName: 'Max Mustermann',
dpoEmail: 'dsb@techstart.de',
legalContactName: null,
legalContactEmail: null,
isComplete: true,
completedAt: new Date('2026-01-14'),
},
// Progress - showing a realistic partially completed workflow
currentPhase: 2,
currentStep: 'tom',
completedSteps: [
'company-profile',
'use-case-assessment',
'screening',
'modules',
'requirements',
'controls',
'evidence',
'audit-checklist',
'risks',
'ai-act',
'obligations',
'dsfa',
],
checkpoints: {
'CP-PROF': { checkpointId: 'CP-PROF', passed: true, validatedAt: new Date('2026-01-14'), validatedBy: 'demo-user', errors: [], warnings: [] },
'CP-UC': { checkpointId: 'CP-UC', passed: true, validatedAt: new Date('2026-01-15'), validatedBy: 'demo-user', errors: [], warnings: [] },
'CP-SCAN': { checkpointId: 'CP-SCAN', passed: true, validatedAt: new Date('2026-01-16'), validatedBy: 'demo-user', errors: [], warnings: [] },
'CP-MOD': { checkpointId: 'CP-MOD', passed: true, validatedAt: new Date('2026-01-17'), validatedBy: 'demo-user', errors: [], warnings: [] },
'CP-REQ': { checkpointId: 'CP-REQ', passed: true, validatedAt: new Date('2026-01-18'), validatedBy: 'demo-user', errors: [], warnings: [] },
'CP-CTRL': { checkpointId: 'CP-CTRL', passed: true, validatedAt: new Date('2026-01-19'), validatedBy: 'demo-user', errors: [], warnings: [] },
'CP-EVI': { checkpointId: 'CP-EVI', passed: true, validatedAt: new Date('2026-01-20'), validatedBy: 'demo-user', errors: [], warnings: [] },
'CP-CHK': { checkpointId: 'CP-CHK', passed: true, validatedAt: new Date('2026-01-21'), validatedBy: 'demo-user', errors: [], warnings: [] },
'CP-RISK': { checkpointId: 'CP-RISK', passed: true, validatedAt: new Date('2026-01-22'), validatedBy: 'demo-user', errors: [], warnings: [] },
'CP-AI': { checkpointId: 'CP-AI', passed: true, validatedAt: new Date('2026-01-25'), validatedBy: 'demo-user', errors: [], warnings: [] },
'CP-OBL': { checkpointId: 'CP-OBL', passed: true, validatedAt: new Date('2026-01-27'), validatedBy: 'demo-user', errors: [], warnings: [] },
'CP-DSFA': { checkpointId: 'CP-DSFA', passed: true, validatedAt: new Date('2026-01-30'), validatedBy: 'DSB', errors: [], warnings: [] },
},
// Phase 1 Data
useCases: getDemoUseCases(),
activeUseCase: 'demo-uc-1',
screening: {
id: 'demo-scan-1',
status: 'COMPLETED',
startedAt: new Date('2026-01-16T09:00:00'),
completedAt: new Date('2026-01-16T09:15:00'),
sbom: {
format: 'CycloneDX',
version: '1.4',
components: [
{ name: 'tensorflow', version: '2.15.0', type: 'library', purl: 'pkg:pypi/tensorflow@2.15.0', licenses: ['Apache-2.0'], vulnerabilities: [] },
{ name: 'scikit-learn', version: '1.4.0', type: 'library', purl: 'pkg:pypi/scikit-learn@1.4.0', licenses: ['BSD-3-Clause'], vulnerabilities: [] },
{ name: 'pandas', version: '2.2.0', type: 'library', purl: 'pkg:pypi/pandas@2.2.0', licenses: ['BSD-3-Clause'], vulnerabilities: [] },
],
dependencies: [],
generatedAt: new Date('2026-01-16T09:10:00'),
},
securityScan: {
totalIssues: 3,
critical: 0,
high: 1,
medium: 1,
low: 1,
issues: [
{
id: 'sec-issue-1', severity: 'HIGH', title: 'Outdated cryptography library',
description: 'The cryptography library version 41.0.0 has known vulnerabilities',
cve: 'CVE-2024-1234', cvss: 7.5, affectedComponent: 'cryptography',
remediation: 'Upgrade to cryptography >= 42.0.0', status: 'RESOLVED',
},
{
id: 'sec-issue-2', severity: 'MEDIUM', title: 'Insecure default configuration',
description: 'Debug mode enabled in production configuration',
cve: null, cvss: 5.3, affectedComponent: 'app-config',
remediation: 'Set DEBUG=false in production', status: 'RESOLVED',
},
{
id: 'sec-issue-3', severity: 'LOW', title: 'Missing security headers',
description: 'X-Content-Type-Options header not set',
cve: null, cvss: 3.1, affectedComponent: 'web-server',
remediation: 'Add security headers middleware', status: 'RESOLVED',
},
],
},
error: null,
},
modules: [
{ id: 'demo-mod-1', name: 'Kundendaten-Modul', description: 'Verarbeitung von Kundendaten für Marketing und Analyse', regulations: ['DSGVO', 'TTDSG'], criticality: 'HIGH', processesPersonalData: true, hasAIComponents: true },
{ id: 'demo-mod-2', name: 'HR-Modul', description: 'Bewerbermanagement und Personalverwaltung', regulations: ['DSGVO', 'AGG', 'AI Act'], criticality: 'HIGH', processesPersonalData: true, hasAIComponents: true },
{ id: 'demo-mod-3', name: 'Support-Modul', description: 'Kundenservice und Chatbot-System', regulations: ['DSGVO', 'AI Act'], criticality: 'MEDIUM', processesPersonalData: true, hasAIComponents: true },
],
requirements: [
{ id: 'demo-req-1', regulation: 'DSGVO', article: 'Art. 5', title: 'Grundsätze der Verarbeitung', description: 'Einhaltung der Grundsätze für die Verarbeitung personenbezogener Daten', criticality: 'CRITICAL', applicableModules: ['demo-mod-1', 'demo-mod-2', 'demo-mod-3'], status: 'IMPLEMENTED', controls: ['demo-ctrl-1', 'demo-ctrl-2', 'demo-ctrl-9'] },
{ id: 'demo-req-2', regulation: 'DSGVO', article: 'Art. 32', title: 'Sicherheit der Verarbeitung', description: 'Geeignete technische und organisatorische Maßnahmen', criticality: 'CRITICAL', applicableModules: ['demo-mod-1', 'demo-mod-2', 'demo-mod-3'], status: 'IMPLEMENTED', controls: ['demo-ctrl-1', 'demo-ctrl-3', 'demo-ctrl-4'] },
{ id: 'demo-req-3', regulation: 'DSGVO', article: 'Art. 25', title: 'Datenschutz durch Technikgestaltung', description: 'Privacy by Design und Privacy by Default', criticality: 'HIGH', applicableModules: ['demo-mod-1', 'demo-mod-2'], status: 'IMPLEMENTED', controls: ['demo-ctrl-9', 'demo-ctrl-10'] },
{ id: 'demo-req-4', regulation: 'AI Act', article: 'Art. 13', title: 'Transparenz', description: 'Transparenzanforderungen für KI-Systeme', criticality: 'HIGH', applicableModules: ['demo-mod-1', 'demo-mod-2', 'demo-mod-3'], status: 'IMPLEMENTED', controls: ['demo-ctrl-7', 'demo-ctrl-8'] },
{ id: 'demo-req-5', regulation: 'AI Act', article: 'Art. 9', title: 'Risikomanagement', description: 'Risikomanagementsystem für Hochrisiko-KI', criticality: 'HIGH', applicableModules: ['demo-mod-2'], status: 'IMPLEMENTED', controls: ['demo-ctrl-5', 'demo-ctrl-6', 'demo-ctrl-11', 'demo-ctrl-12'] },
],
controls: getDemoControls(),
evidence: [
{ id: 'demo-evi-1', controlId: 'demo-ctrl-1', type: 'SCREENSHOT', name: 'MFA-Konfiguration Azure AD', description: 'Screenshot der MFA-Einstellungen im Azure AD Admin Portal', fileUrl: null, validFrom: new Date('2026-01-01'), validUntil: new Date('2027-01-01'), uploadedBy: 'IT-Security', uploadedAt: new Date('2026-01-10') },
{ id: 'demo-evi-2', controlId: 'demo-ctrl-2', type: 'DOCUMENT', name: 'Berechtigungskonzept v2.1', description: 'Dokumentiertes Berechtigungskonzept mit Rollenmatrix', fileUrl: null, validFrom: new Date('2026-01-01'), validUntil: null, uploadedBy: 'IT-Security', uploadedAt: new Date('2026-01-05') },
{ id: 'demo-evi-5', controlId: 'demo-ctrl-5', type: 'AUDIT_REPORT', name: 'Bias-Audit Q1/2026', description: 'Externer Audit-Bericht zur Fairness des KI-Modells', fileUrl: null, validFrom: new Date('2026-01-15'), validUntil: new Date('2026-04-15'), uploadedBy: 'Data Science Lead', uploadedAt: new Date('2026-01-20') },
],
checklist: [
{ id: 'demo-chk-1', requirementId: 'demo-req-1', title: 'Rechtmäßigkeit der Verarbeitung geprüft', description: 'Dokumentierte Prüfung der Rechtsgrundlagen', status: 'PASSED', notes: 'Geprüft durch DSB', verifiedBy: 'DSB', verifiedAt: new Date('2026-01-20') },
{ id: 'demo-chk-2', requirementId: 'demo-req-2', title: 'TOMs dokumentiert und umgesetzt', description: 'Technische und organisatorische Maßnahmen', status: 'PASSED', notes: 'Alle TOMs implementiert', verifiedBy: 'CISO', verifiedAt: new Date('2026-01-21') },
],
risks: getDemoRisks(),
// Phase 2 Data
aiActClassification: {
riskCategory: 'HIGH',
systemType: 'Beschäftigungsbezogenes KI-System (Art. 6 Abs. 2 AI Act)',
obligations: [
{ id: 'demo-ai-obl-1', article: 'Art. 9', title: 'Risikomanagementsystem', description: 'Einrichtung eines KI-Risikomanagementsystems', deadline: new Date('2026-08-01'), status: 'IN_PROGRESS' },
{ id: 'demo-ai-obl-2', article: 'Art. 10', title: 'Daten-Governance', description: 'Anforderungen an Trainingsdaten', deadline: new Date('2026-08-01'), status: 'COMPLETED' },
{ id: 'demo-ai-obl-3', article: 'Art. 13', title: 'Transparenz', description: 'Dokumentation für Nutzer', deadline: new Date('2026-08-01'), status: 'COMPLETED' },
],
assessmentDate: new Date('2026-01-25'),
assessedBy: 'Compliance Team',
justification: 'Das System fällt unter Art. 6 Abs. 2 lit. a AI Act (Einstellung und Auswahl von Personen).',
},
obligations: [
{ id: 'demo-obl-1', regulation: 'DSGVO', article: 'Art. 30', title: 'Verarbeitungsverzeichnis', description: 'Führung eines Verzeichnisses der Verarbeitungstätigkeiten', deadline: null, penalty: 'Bis zu 10 Mio. EUR oder 2% des Jahresumsatzes', status: 'COMPLETED', responsible: 'DSB' },
{ id: 'demo-obl-2', regulation: 'DSGVO', article: 'Art. 35', title: 'Datenschutz-Folgenabschätzung', description: 'Durchführung einer DSFA für Hochrisiko-Verarbeitungen', deadline: null, penalty: 'Bis zu 10 Mio. EUR oder 2% des Jahresumsatzes', status: 'COMPLETED', responsible: 'DSB' },
{ id: 'demo-obl-3', regulation: 'AI Act', article: 'Art. 49', title: 'CE-Kennzeichnung', description: 'CE-Kennzeichnung für Hochrisiko-KI-Systeme', deadline: new Date('2026-08-01'), penalty: 'Bis zu 35 Mio. EUR oder 7% des Jahresumsatzes', status: 'PENDING', responsible: 'Compliance' },
],
dsfa: getDemoDSFA(),
toms: getDemoTOMs(),
retentionPolicies: getDemoRetentionPolicies(),
vvt: getDemoProcessingActivities(),
// Documents, Cookie Banner, etc. - partially filled
documents: [],
cookieBanner: null,
consents: [],
dsrConfig: null,
escalationWorkflows: [],
// Security
sbom: null,
securityIssues: [],
securityBacklog: [],
// UI State
commandBarHistory: [],
recentSearches: ['DSGVO Art. 5', 'Bias-Monitoring', 'TOM Verschlüsselung'],
preferences: {
language: 'de',
theme: 'light',
compactMode: false,
showHints: true,
autoSave: true,
autoValidate: true,
allowParallelWork: true,
},
}
}
Reference in New Issue View Git Blame Copy Permalink