Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bb183b0e75ef38b981dc321d7267545328c5addb
breakpilot-compliance/backend-compliance/migrations/147_compliance_template_rules.sql
T
Benjamin Admin bb183b0e75
CI / detect-changes (push) Successful in 12s
Details
CI / branch-name (push) Has been skipped
Details
CI / test-python-backend (push) Successful in 33s
Details
CI / test-python-document-crawler (push) Successful in 23s
Details
CI / test-python-dsms-gateway (push) Successful in 19s
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / secret-scan (push) Has been skipped
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / build-sha-integrity (push) Failing after 7s
Details
CI / validate-canonical-controls (push) Successful in 16s
Details
CI / loc-budget (push) Failing after 18s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / nodejs-build (push) Successful in 2m27s
Details
CI / test-go (push) Failing after 46s
Details
CI / iace-gt-coverage (push) Successful in 25s
Details
feat(template-rules): backend foundation for profile-based document recommendations 
Introduces the sustainable backend replacement for the hardcoded inline rules in
admin-compliance/app/sdk/document-generator/templateRecommendations.ts.

What's in this commit (Phase 1.1 - 1.5 of the rustling-yawning-boot plan):

- Migration 147: 4 new tables
  - compliance_template_rules (rule shell, document_type, current_version_id)
  - compliance_template_rule_versions (lifecycle, JSONB conditions,
    source_citation, change_summary, approval timestamps)
  - compliance_template_rule_approvals (audit trail)
  - compliance_tenant_rule_overrides (per-tenant classification overrides)
  Plus partial unique index for "only one is_live=1 version per rule".

- SQLAlchemy models: TemplateRuleDB, TemplateRuleVersionDB,
  TemplateRuleApprovalDB, TenantRuleOverrideDB (compliance/db/).

- Pydantic schemas (compliance/schemas/template_rule.py): full request/response
  set including RecommendationRequest/Result with reasons and override tracking.

- TemplateRuleService (compliance/services/): CRUD + Lifecycle transitions
  (submit_for_review/approve/publish/reject) following legal_document_service.py
  pattern with _transition() helper and approval audit trail. Plus tenant
  override upsert.

- RecommendationService: condition evaluator (eq, neq, in, not_in, gte/lte/gt/lt,
  exists, truthy) over JSONB conditions, override application, reason generation
  for human-readable explanations in workspace UI.

- 18 FastAPI routes in compliance/api/template_rule_routes.py covering rule CRUD,
  version lifecycle, override management and POST /recommend evaluation endpoint.

- Seed data: 33 initial rules ported from templateRecommendations.ts in
  compliance/data/template_rule_seed_data.py, written as published versions
  on first seed run. Idempotent via rule_key.

Phase 1.6 (pytest suite) and Phase 2 (editorial UI in admin-compliance) follow
in separate commits.

[migration-approved]

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-06 23:13:50 +02:00

107 lines
5.0 KiB
SQL
Raw Blame History

-- =========================================================
-- Migration 147: Compliance Template Rules — profilbasierte Empfehlungs-Regeln
-- mit Versionierung, Approval-Workflow und Tenant-Overrides.
--
-- Ersetzt langfristig die hartcodierten Regeln in
-- admin-compliance/app/sdk/document-generator/templateRecommendations.ts.
-- =========================================================
-- compliance_template_rules: Regel-Hülle (eine Regel = eine document_type-Empfehlung)
CREATE TABLE IF NOT EXISTS compliance_template_rules (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
rule_key VARCHAR(150) NOT NULL UNIQUE, -- z.B. "whistleblower_required_50plus"
document_type VARCHAR(100) NOT NULL, -- z.B. "whistleblower_policy"
title VARCHAR(300) NOT NULL, -- kurzer Anzeigename
current_version_id UUID, -- pointet auf published Version, null bis erste Freigabe
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ DEFAULT NOW()
);
-- compliance_template_rule_versions: Versionen mit Lifecycle + Approval-Trail
CREATE TABLE IF NOT EXISTS compliance_template_rule_versions (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
rule_id UUID NOT NULL REFERENCES compliance_template_rules(id) ON DELETE CASCADE,
version_number INT NOT NULL,
-- Lifecycle (analog compliance_legal_document_versions)
status VARCHAR(20) NOT NULL DEFAULT 'draft', -- draft|review|approved|published|archived|rejected
is_live SMALLINT NOT NULL DEFAULT 0, -- 1 = aktuell published Version dieser Regel
-- Klassifikation der Empfehlung
classification VARCHAR(20) NOT NULL, -- required | recommended | optional
-- Bedingung als strukturiertes JSONB
-- Format: { "kind": "all"|"any", "clauses": [{ "field": "...", "op": "...", "value": ... }] }
conditions JSONB NOT NULL DEFAULT '{"kind":"all","clauses":[]}'::jsonb,
-- Editorial-Pflichtfelder
source_citation TEXT NOT NULL DEFAULT '', -- "§ 12 HinSchG", "EuGH C-311/18", "DSK Kurzpapier Nr. 18"
rationale TEXT, -- Freitext-Begründung des Anwalts
change_summary TEXT, -- Pflicht beim Einreichen (was wurde geändert)
-- Approval-Trail (vereinfacht; volle Action-Liste in approvals-Tabelle)
created_by VARCHAR(200),
submitted_by VARCHAR(200),
submitted_at TIMESTAMPTZ,
approved_by VARCHAR(200),
approved_at TIMESTAMPTZ,
published_by VARCHAR(200),
published_at TIMESTAMPTZ,
rejected_by VARCHAR(200),
rejected_at TIMESTAMPTZ,
rejection_reason TEXT,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ DEFAULT NOW(),
UNIQUE (rule_id, version_number),
CHECK (classification IN ('required', 'recommended', 'optional')),
CHECK (status IN ('draft', 'review', 'approved', 'published', 'archived', 'rejected')),
CHECK (is_live IN (0, 1))
);
-- Genau eine published/live Version pro Regel
CREATE UNIQUE INDEX IF NOT EXISTS idx_rule_versions_one_live
ON compliance_template_rule_versions(rule_id) WHERE is_live = 1;
-- compliance_template_rule_approvals: Audit-Trail aller Lifecycle-Aktionen
CREATE TABLE IF NOT EXISTS compliance_template_rule_approvals (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
version_id UUID NOT NULL REFERENCES compliance_template_rule_versions(id) ON DELETE CASCADE,
action VARCHAR(50) NOT NULL, -- submitted|approved|rejected|published|archived
approver VARCHAR(200),
comment TEXT,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
-- compliance_tenant_rule_overrides: Pro Kanzlei/Tenant Override einer globalen Regel
CREATE TABLE IF NOT EXISTS compliance_tenant_rule_overrides (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
tenant_id VARCHAR(100) NOT NULL,
rule_id UUID NOT NULL REFERENCES compliance_template_rules(id) ON DELETE CASCADE,
override_classification VARCHAR(20), -- null = Regel komplett für Tenant deaktiviert
reason TEXT NOT NULL, -- Pflicht: warum dieser Override
created_by VARCHAR(200),
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ DEFAULT NOW(),
CONSTRAINT chk_override_classification CHECK (
override_classification IS NULL OR
override_classification IN ('required', 'recommended', 'optional')
)
);
-- Indizes
CREATE INDEX IF NOT EXISTS idx_template_rules_type
ON compliance_template_rules(document_type);
CREATE INDEX IF NOT EXISTS idx_rule_versions_rule
ON compliance_template_rule_versions(rule_id);
CREATE INDEX IF NOT EXISTS idx_rule_versions_status
ON compliance_template_rule_versions(status);
CREATE INDEX IF NOT EXISTS idx_rule_approvals_version
ON compliance_template_rule_approvals(version_id);
CREATE INDEX IF NOT EXISTS idx_tenant_overrides_tenant
ON compliance_tenant_rule_overrides(tenant_id);
CREATE UNIQUE INDEX IF NOT EXISTS idx_tenant_overrides_unique
ON compliance_tenant_rule_overrides(tenant_id, rule_id);
Reference in New Issue View Git Blame Copy Permalink