Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9e65dff7d6292f6066132066f176dca829edb81e
breakpilot-compliance/backend-compliance/tests/test_generation_routes.py
Benjamin Admin 1e84df9769
All checks were successful
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-ai-compliance (push) Successful in 32s
Details
CI / test-python-backend-compliance (push) Successful in 30s
Details
CI / test-python-document-crawler (push) Successful in 21s
Details
CI / test-python-dsms-gateway (push) Successful in 18s
Details
feat(sdk): Multi-Tenancy, Versionierung, Change-Requests, Dokumentengenerierung (Phase 1-6) 
6-Phasen-Implementation fuer cloud-faehiges, mandantenfaehiges Compliance SDK:

Phase 1: Multi-Tenancy Fix
- Shared tenant_utils.py Dependency (UUID-Validierung, kein "default" mehr)
- VVT tenant_id Column + tenant-scoped Queries
- DSFA/Vendor DEFAULT_TENANT_ID von "default" auf UUID migriert
- Migration 035

Phase 2: Stammdaten-Erweiterung
- Company Profile um JSONB-Felder erweitert (processing_systems, ai_systems, technical_contacts)
- Regulierungs-Flags (NIS2, AI Act, ISO 27001)
- GET /template-context Endpoint
- Migration 036

Phase 3: Dokument-Versionierung
- 5 Versions-Tabellen (DSFA, VVT, TOM, Loeschfristen, Obligations)
- Shared versioning_utils.py Helper
- /{id}/versions Endpoints auf allen 5 Dokumenttypen
- Migration 037

Phase 4: Change-Request System
- Zentrale CR-Inbox mit CRUD + Accept/Reject/Edit Workflow
- Regelbasierte CR-Engine (VVT DPIA → DSFA CR, Datenkategorien → Loeschfristen CR)
- Audit-Trail
- Migration 038

Phase 5: Dokumentengenerierung
- 5 Template-Generatoren (DSFA, VVT, TOM, Loeschfristen, Obligations)
- Preview + Apply Endpoints (erzeugt CRs, keine direkten Dokumente)

Phase 6: Frontend-Integration
- Change-Request Inbox Page mit Stats, Filtern, Modals
- VersionHistory Timeline-Komponente
- SDKSidebar CR-Badge (60s Polling)
- Company Profile: 2 neue Wizard-Steps + "Dokumente generieren" CTA

Docs: 5 neue MkDocs-Seiten, CLAUDE.md aktualisiert
Tests: 97 neue Tests (alle bestanden)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 14:12:34 +01:00

234 lines
8.8 KiB
Python
Raw Blame History

"""Tests for Document Generation (Phase 5).
Verifies:
- Template generators produce correct output from context
- DSFA template includes AI risk section
- VVT generates one entry per processing system
- TOM includes regulatory-specific measures
- Loeschfristen maps standard periods
- Obligation includes DSGVO + AI Act + NIS2 when flags set
"""
import pytest
from compliance.api.document_templates.dsfa_template import generate_dsfa_draft
from compliance.api.document_templates.vvt_template import generate_vvt_drafts
from compliance.api.document_templates.loeschfristen_template import generate_loeschfristen_drafts
from compliance.api.document_templates.tom_template import generate_tom_drafts
from compliance.api.document_templates.obligation_template import generate_obligation_drafts
def _make_ctx(**overrides):
"""Build a realistic template context."""
base = {
"company_name": "Acme GmbH",
"legal_form": "GmbH",
"industry": "IT",
"dpo_name": "Max Datenschutz",
"dpo_email": "dpo@acme.de",
"supervisory_authority": "LfDI BW",
"review_cycle_months": 12,
"subject_to_nis2": False,
"subject_to_ai_act": False,
"subject_to_iso27001": False,
"uses_ai": False,
"has_ai_systems": False,
"processing_systems": [],
"ai_systems": [],
"ai_use_cases": [],
"repos": [],
"document_sources": [],
"technical_contacts": [],
}
base.update(overrides)
return base
# =============================================================================
# DSFA Template
# =============================================================================
class TestDSFATemplate:
def test_basic_draft(self):
ctx = _make_ctx()
draft = generate_dsfa_draft(ctx)
assert "DSFA" in draft["title"]
assert draft["status"] == "draft"
assert draft["involves_ai"] is False
assert draft["risk_level"] == "medium"
def test_ai_draft_is_high_risk(self):
ctx = _make_ctx(
has_ai_systems=True,
ai_systems=[{"name": "Chatbot", "purpose": "Support", "risk_category": "limited", "has_human_oversight": True}],
subject_to_ai_act=True,
)
draft = generate_dsfa_draft(ctx)
assert draft["involves_ai"] is True
assert draft["risk_level"] == "high"
assert len(draft["ai_systems_summary"]) == 1
def test_includes_dpo(self):
ctx = _make_ctx(dpo_name="Dr. Privacy")
draft = generate_dsfa_draft(ctx)
assert draft["dpo_name"] == "Dr. Privacy"
assert "Dr. Privacy" in draft["sections"]["section_1"]["content"]
# =============================================================================
# VVT Template
# =============================================================================
class TestVVTTemplate:
def test_generates_per_system(self):
ctx = _make_ctx(processing_systems=[
{"name": "SAP HR", "vendor": "SAP", "hosting": "cloud", "personal_data_categories": ["Mitarbeiter"]},
{"name": "Salesforce", "vendor": "Salesforce", "hosting": "us-cloud", "personal_data_categories": ["Kunden"]},
])
drafts = generate_vvt_drafts(ctx)
assert len(drafts) == 2
assert drafts[0]["vvt_id"] == "VVT-AUTO-001"
assert "SAP HR" in drafts[0]["name"]
def test_us_cloud_adds_third_country(self):
ctx = _make_ctx(processing_systems=[
{"name": "AWS", "vendor": "Amazon", "hosting": "us-cloud", "personal_data_categories": []},
])
drafts = generate_vvt_drafts(ctx)
assert len(drafts[0]["third_country_transfers"]) > 0
def test_no_systems_no_drafts(self):
ctx = _make_ctx(processing_systems=[])
drafts = generate_vvt_drafts(ctx)
assert len(drafts) == 0
# =============================================================================
# TOM Template
# =============================================================================
class TestTOMTemplate:
def test_base_toms(self):
ctx = _make_ctx()
drafts = generate_tom_drafts(ctx)
assert len(drafts) == 8 # Base TOMs only
categories = {d["category"] for d in drafts}
assert "Zutrittskontrolle" in categories
assert "Zugangskontrolle" in categories
def test_nis2_adds_cybersecurity(self):
ctx = _make_ctx(subject_to_nis2=True)
drafts = generate_tom_drafts(ctx)
assert len(drafts) > 8
categories = {d["category"] for d in drafts}
assert "Cybersicherheit" in categories
def test_ai_act_adds_ki_compliance(self):
ctx = _make_ctx(subject_to_ai_act=True)
drafts = generate_tom_drafts(ctx)
categories = {d["category"] for d in drafts}
assert "KI-Compliance" in categories
def test_iso27001_adds_isms(self):
ctx = _make_ctx(subject_to_iso27001=True)
drafts = generate_tom_drafts(ctx)
categories = {d["category"] for d in drafts}
assert "ISMS" in categories
def test_all_flags_combined(self):
ctx = _make_ctx(subject_to_nis2=True, subject_to_ai_act=True, subject_to_iso27001=True)
drafts = generate_tom_drafts(ctx)
# 8 base + 3 NIS2 + 3 ISO + 3 AI = 17
assert len(drafts) == 17
# =============================================================================
# Loeschfristen Template
# =============================================================================
class TestLoeschfristenTemplate:
def test_generates_per_category(self):
ctx = _make_ctx(processing_systems=[
{"name": "HR", "personal_data_categories": ["Bankdaten", "Steuer-ID"]},
{"name": "CRM", "personal_data_categories": ["Kundendaten"]},
])
drafts = generate_loeschfristen_drafts(ctx)
assert len(drafts) == 3
categories = {d["data_category"] for d in drafts}
assert "Bankdaten" in categories
assert "Steuer-ID" in categories
assert "Kundendaten" in categories
def test_standard_periods_applied(self):
ctx = _make_ctx(processing_systems=[
{"name": "Payroll", "personal_data_categories": ["Bankdaten"]},
])
drafts = generate_loeschfristen_drafts(ctx)
bankdaten = [d for d in drafts if d["data_category"] == "Bankdaten"][0]
assert "10 Jahre" in bankdaten["retention_period"]
assert "HGB" in bankdaten["legal_basis"]
def test_unknown_category_defaults(self):
ctx = _make_ctx(processing_systems=[
{"name": "Custom", "personal_data_categories": ["Spezialdaten"]},
])
drafts = generate_loeschfristen_drafts(ctx)
assert drafts[0]["retention_period"] == "Noch festzulegen"
def test_deduplicates_categories(self):
ctx = _make_ctx(processing_systems=[
{"name": "A", "personal_data_categories": ["Bankdaten"]},
{"name": "B", "personal_data_categories": ["Bankdaten"]},
])
drafts = generate_loeschfristen_drafts(ctx)
assert len(drafts) == 1 # Deduplicated
# =============================================================================
# Obligation Template
# =============================================================================
class TestObligationTemplate:
def test_base_dsgvo(self):
ctx = _make_ctx()
drafts = generate_obligation_drafts(ctx)
assert len(drafts) == 8 # Base DSGVO
titles = {d["title"] for d in drafts}
assert "Verzeichnis der Verarbeitungstätigkeiten führen" in titles
def test_ai_act_obligations(self):
ctx = _make_ctx(subject_to_ai_act=True)
drafts = generate_obligation_drafts(ctx)
assert len(drafts) > 8
regs = {d["regulation"] for d in drafts}
assert "EU AI Act" in regs
def test_nis2_obligations(self):
ctx = _make_ctx(subject_to_nis2=True)
drafts = generate_obligation_drafts(ctx)
regs = {d["regulation"] for d in drafts}
assert "NIS2" in regs
def test_all_flags(self):
ctx = _make_ctx(subject_to_nis2=True, subject_to_ai_act=True)
drafts = generate_obligation_drafts(ctx)
# 8 DSGVO + 3 AI + 2 NIS2 = 13
assert len(drafts) == 13
# =============================================================================
# Route Registration
# =============================================================================
class TestGenerationRouteRegistration:
def test_routes_registered(self):
from compliance.api import router
paths = [r.path for r in router.routes]
assert any("generation" in p for p in paths)
def test_preview_and_apply(self):
from compliance.api.generation_routes import router
paths = [r.path for r in router.routes]
assert any("preview" in p for p in paths)
assert any("apply" in p for p in paths)
Reference in New Issue View Git Blame Copy Permalink