breakpilot-compliance

Files

T

Benjamin Admin cc80e59e5e feat(cra): Phase 4 — Vulnerability Disclosure + Post-Market Monitoring

Migration 121: compliance_cra_vulnerabilities table with full lifecycle tracking
- Status state machine: reported → triaged → patched → disclosed (+ withdrawn)
- CRA Art. 14(2) deadlines tracked: reported_to_enisa_at (24h), detailed_report_at (72h)
- CVE-ID, severity, CVSS, affected_components (JSONB), embargo_until

Backend endpoints in cra_routes.py:
- POST /vulnerabilities — create with validation (severity, CVSS range)
- GET /vulnerabilities — list with deadline-breach summary (24h/72h counters)
- PATCH /vulnerabilities/{id} — update fields + auto-set lifecycle timestamps
- DELETE /vulnerabilities/{id} — soft-delete (withdrawn)
- GET /monitoring — combined view: CRA deadlines + vuln summary + post-market checklist

Frontend:
- /vuln page: intake form, vuln cards with 24h/72h-countdown buttons,
  status-transition flow with auto-timestamps
- /monitoring page: CRA deadlines (11.06.26 / 11.09.26 / 11.12.27), breach banner
  if 24h/72h obligations missed, post-market checklist with deep-links
- Dashboard: +2 buttons (Vulns, Monitoring)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-18 22:08:49 +02:00

001_source_policy.sql

feat: add RAG corpus versioning and source policy backend

2026-03-02 07:58:08 +01:00

002_sdk_states.sql

feat: Vorbereitung-Module auf 100% — Persistenz, Backend-Services, UCCA Frontend

2026-03-02 11:04:31 +01:00

003_document_import.sql

feat: Vorbereitung-Module auf 100% — Persistenz, Backend-Services, UCCA Frontend

2026-03-02 11:04:31 +01:00

004_screening.sql

feat: Vorbereitung-Module auf 100% — Persistenz, Backend-Services, UCCA Frontend

2026-03-02 11:04:31 +01:00

005_company_profile.sql

feat: Vorbereitung-Module auf 100% — Persistenz, Backend-Services, UCCA Frontend

2026-03-02 11:04:31 +01:00

006_vvt.sql

feat: 6 Dokumentations-Module auf 100% — VVT Backend, Filter, PDF-Export

2026-03-02 17:14:58 +01:00

007_legal_documents.sql

feat: Package 4 Rechtliche Texte — DB-Persistenz fuer Legal Documents, Einwilligungen und Cookie Banner

2026-03-03 08:25:13 +01:00

008_einwilligungen.sql

feat: Package 4 Rechtliche Texte — DB-Persistenz fuer Legal Documents, Einwilligungen und Cookie Banner

2026-03-03 08:25:13 +01:00

009_consent_history.sql

feat: Package 4 Nachbesserungen — History-Tracking, Pagination, Frontend-Fixes

2026-03-03 11:54:25 +01:00

010_consent_templates.sql

feat: Betrieb-Module → 100% — Echte CRUD-Flows, kein Mock-Data

2026-03-03 12:48:43 +01:00

011_escalations.sql

feat: Betrieb-Module → 100% — Echte CRUD-Flows, kein Mock-Data

2026-03-03 12:48:43 +01:00

012_notfallplan.sql

feat: Betrieb-Module → 100% — Echte CRUD-Flows, kein Mock-Data

2026-03-03 12:48:43 +01:00

013_obligations.sql

feat: Obligations-Modul auf 100% — vollständige CRUD-Implementierung

2026-03-03 15:58:50 +01:00

014_security_backlog.sql

feat: Alle 5 verbleibenden SDK-Module auf 100% — RAG, Security-Backlog, Quality, Notfallplan, Loeschfristen

2026-03-03 18:04:53 +01:00

015_quality.sql

feat: Alle 5 verbleibenden SDK-Module auf 100% — RAG, Security-Backlog, Quality, Notfallplan, Loeschfristen

2026-03-03 18:04:53 +01:00

016_notfallplan_incidents.sql

feat: Alle 5 verbleibenden SDK-Module auf 100% — RAG, Security-Backlog, Quality, Notfallplan, Loeschfristen

2026-03-03 18:04:53 +01:00

017_loeschfristen.sql

feat: Alle 5 verbleibenden SDK-Module auf 100% — RAG, Security-Backlog, Quality, Notfallplan, Loeschfristen

2026-03-03 18:04:53 +01:00

018_legal_templates.sql

feat: Legal Templates Service — eigene Vorlagen für Dokumentengenerator

2026-03-03 23:12:07 +01:00

019_legal_templates_attribution.sql

feat: Legal Templates — Attribution-Tracking + 6 neue Templates (DE/EN)

2026-03-04 09:00:25 +01:00

020_legal_templates_new_types.sql

feat: Dokumentengenerator — Vollständige Vorlage-Bibliothek + Frontend-Redesign

2026-03-04 10:47:38 +01:00

021_legal_templates_v2.sql

feat: Migration 021 — Legal Templates v2 (vollwertige Inhalte)

2026-03-04 12:06:26 +01:00

022_template_block_markers.sql

feat: Template-Spec v1 Phase B — Rule Engine + Block Removal

2026-03-04 13:23:03 +01:00

023_new_templates_de.sql

feat: Template-Spec v1 Phase C — IF-Renderer + HOSTING/FEATURES + 4 neue DE-Templates

2026-03-04 14:35:56 +01:00

024_dsfa.sql

feat: DSFA Modul — Backend, Proxy, Frontend-Migration, Tests + Mock-Daten entfernt

2026-03-04 22:41:05 +01:00

025_dsfa_template.sql

fix: DSFA-Template status active → published (wird im Document Generator angezeigt)

2026-03-05 00:05:10 +01:00

026_dsr.sql

feat: Consent-Service Module nach Compliance migriert (DSR, E-Mail-Templates, Legal Docs, Banner)

2026-03-05 00:36:24 +01:00

027_email_templates.sql

feat: Consent-Service Module nach Compliance migriert (DSR, E-Mail-Templates, Legal Docs, Banner)

2026-03-05 00:36:24 +01:00

028_dsfa_ai_use_cases.sql

fix: Migration 028 robuster (section_progress UPDATE via DO-Block mit IF EXISTS)

2026-03-05 09:32:31 +01:00

029_banner_consent.sql

feat: Consent-Service Module nach Compliance migriert (DSR, E-Mail-Templates, Legal Docs, Banner)

2026-03-05 00:36:24 +01:00

030_dsfa_full_schema.sql

feat: DSFA vollständiges DB-Schema + PDF-Ingest + Tests

2026-03-05 10:03:09 +01:00

031_modules.sql

feat(freigabe): Import/Screening/Modules/RAG — API-Tests, Migration 031, Bug-Fix

2026-03-05 11:42:19 +01:00

032_legal_documents_extend.sql

chore: diverse Bereinigungen und Fixes

2026-03-05 17:24:15 +01:00

033_vvt_consolidation.sql

feat(vvt): Go-Features nach Python portieren (Source of Truth)

2026-03-06 17:14:38 +01:00

034_tom.sql

feat(tom): TOM-Backend in Python erstellen, Frontend von In-Memory auf DB migrieren

2026-03-06 17:35:44 +01:00

035_vvt_tenant_isolation.sql

feat(sdk): Multi-Tenancy, Versionierung, Change-Requests, Dokumentengenerierung (Phase 1-6)

2026-03-07 14:12:34 +01:00

036_company_profile_extend.sql

feat(sdk): Multi-Tenancy, Versionierung, Change-Requests, Dokumentengenerierung (Phase 1-6)

2026-03-07 14:12:34 +01:00

037_document_versions.sql

feat(sdk): Multi-Tenancy, Versionierung, Change-Requests, Dokumentengenerierung (Phase 1-6)

2026-03-07 14:12:34 +01:00

038_change_requests.sql

feat(sdk): Multi-Tenancy, Versionierung, Change-Requests, Dokumentengenerierung (Phase 1-6)

2026-03-07 14:12:34 +01:00

039_compliance_projects.sql

fix(migration): handle missing sdk_states table in migration 039

2026-03-09 15:06:06 +01:00

040_compliance_wiki.sql

fix: Cast empty ARRAY[] to text[] in wiki migration

2026-03-09 20:12:54 +01:00

041_compliance_wiki_enrichment.sql

feat(wiki): Enrich wiki with DACH court decisions and 18 new articles

2026-03-09 20:43:23 +01:00

042_company_profile_project_id.sql

fix: CREATE audit table IF NOT EXISTS before ALTER in migration 042

2026-03-09 23:54:20 +01:00

043_wiki_datenkategorien_abteilungen.sql

feat(vvt): Aufklappbare Abteilungskacheln mit Datenkategorien + Wiki-Infoboxen

2026-03-10 13:11:00 +01:00

044_canonical_control_library.sql

feat(canonical-controls): Canonical Control Library — rechtssichere Security Controls

2026-03-12 19:55:06 +01:00

045_canonical_controls_seed.sql

feat: seed 10 canonical controls + CRUD endpoints + frontend editor

2026-03-13 00:28:21 +01:00

046_control_generator.sql

fix: migration runner strips BEGIN/COMMIT and guards missing tables

2026-03-14 21:59:10 +01:00

047_verification_method_category.sql

fix: migration runner strips BEGIN/COMMIT and guards missing tables

2026-03-14 21:59:10 +01:00

048_processing_path_expand.sql

fix: make migrations 048/049 safe for environments without canonical tables

2026-03-14 21:45:00 +01:00

049_target_audience.sql

fix: make migrations 048/049 safe for environments without canonical tables

2026-03-14 21:45:00 +01:00

050_score_snapshots.sql

feat: add compliance modules 2-5 (dashboard, security templates, process manager, evidence collector)

2026-03-14 21:03:04 +01:00

051_security_templates.sql

feat: add compliance modules 2-5 (dashboard, security templates, process manager, evidence collector)

2026-03-14 21:03:04 +01:00

052_process_tasks.sql

feat: add compliance modules 2-5 (dashboard, security templates, process manager, evidence collector)

2026-03-14 21:03:04 +01:00

053_evidence_checks.sql

feat: add compliance modules 2-5 (dashboard, security templates, process manager, evidence collector)

2026-03-14 21:03:04 +01:00

054_wiki_hinschg_erweitert.sql

feat: enhance whistleblower HinSchG content, fix control-library filter layout

2026-03-15 00:23:19 +01:00

055_wiki_cra.sql

feat: CRA wiki, cybersecurity policy template, Phase H RAG ingestion

2026-03-15 00:43:46 +01:00

056_cra_cybersecurity_policy.sql

feat: CRA wiki, cybersecurity policy template, Phase H RAG ingestion

2026-03-15 00:43:46 +01:00

057_processing_path_batch.sql

feat(control-library): document-grouped batching, generation strategy tracking, sort by source

2026-03-15 15:10:52 +01:00

058_generation_strategy.sql

feat(control-library): document-grouped batching, generation strategy tracking, sort by source

2026-03-15 15:10:52 +01:00

059_wiki_cra_annex_i_detail.sql

feat(training+controls): interactive video pipeline, training blocks, control generator, CE libraries

2026-03-16 21:41:48 +01:00

060_crosswalk_matrix.sql

feat(multi-layer): complete Multi-Layer Control Architecture (Phases 1-8 + Pass 0)

2026-03-17 09:00:37 +01:00

061_obligation_candidates.sql

feat(multi-layer): complete Multi-Layer Control Architecture (Phases 1-8 + Pass 0)

2026-03-17 09:00:37 +01:00

062_pipeline_version.sql

feat(pipeline): pipeline_version v2, migration 062, docs + 71 tests

2026-03-17 17:31:11 +01:00

063_control_applicability.sql

feat(pipeline): v3 — scoped control applicability + source_type classification

2026-03-18 16:28:05 +01:00

064_vvt_master_libraries.sql

feat(sdk): VVT master libraries, process templates, Loeschfristen profiling + document

2026-03-19 11:56:25 +01:00

065_vvt_library_seed.sql

feat(sdk): VVT master libraries, process templates, Loeschfristen profiling + document

2026-03-19 11:56:25 +01:00

066_vvt_process_templates.sql

feat(sdk): VVT master libraries, process templates, Loeschfristen profiling + document

2026-03-19 11:56:25 +01:00

067_vvt_process_templates_seed.sql

feat(sdk): VVT master libraries, process templates, Loeschfristen profiling + document

2026-03-19 11:56:25 +01:00

068_tom_control_mappings.sql

feat(tom): audit document, compliance checks, 25 controls, canonical control mapping

2026-03-19 11:56:53 +01:00

069_obligations_vendor_link.sql

feat(sdk): vendor-compliance cross-module integration — VVT, obligations, TOM, loeschfristen

2026-03-19 13:59:43 +01:00

070_loeschfristen_vendor_link.sql

feat(sdk): vendor-compliance cross-module integration — VVT, obligations, TOM, loeschfristen

2026-03-19 13:59:43 +01:00

071_policy_templates_it_security.sql

feat(document-generator): 33 policy + module document templates

2026-03-19 23:27:25 +01:00

072_policy_templates_data_hr_vendor_bcm.sql

feat(document-generator): 33 policy + module document templates

2026-03-19 23:27:25 +01:00

073_module_document_templates.sql

feat(document-generator): 33 policy + module document templates

2026-03-19 23:27:25 +01:00

074_control_dedup.sql

feat: Control Library UI, dedup migration, QA tooling, docs

2026-03-21 11:56:08 +01:00

075_obligation_refinement.sql

feat(decomposition): add merge pass, enrichment, and Pass 0b refinements

2026-03-21 22:27:09 +01:00

076_anti_fake_evidence.sql

feat: Anti-Fake-Evidence System (Phase 1-4b)

2026-03-23 17:15:45 +01:00

077_anti_fake_evidence_phase2.sql

feat: Anti-Fake-Evidence System (Phase 1-4b)

2026-03-23 17:15:45 +01:00

078_batch_dedup.sql

feat: Batch Dedup Runner — 85k→~18-25k Master Controls

2026-03-24 07:06:38 +01:00

079_evidence_type.sql

feat: evidence_type Feld (code/process/hybrid) fuer Controls

2026-03-25 21:53:40 +01:00

080_v1_control_matches.sql

feat: V1 Control Enrichment — Eigenentwicklung-Label, regulatorisches Matching & Vergleichsansicht

2026-03-26 10:32:08 +01:00

081_obligation_dedup_state.sql

feat: Obligation-Deduplizierung — 34.617 Duplikate als 'duplicate' markiert

2026-03-26 20:13:00 +01:00

082_widen_source_article.sql

Add migration 082: widen source_article to TEXT, fix pass0b query filters

2026-03-28 12:47:26 +01:00

083_ai_act_decision_tree.sql

feat: AI Act Decision Tree — Zwei-Achsen-Klassifikation (GPAI + High-Risk)

2026-03-29 10:14:09 +02:00

085_dsr_process_templates.sql

feat: DSR Prozessbeschreibungen Art. 15-21 mit Swim-Lane-Diagrammen

2026-04-28 19:25:38 +02:00

086_agent_scans.sql

feat: Phase 5 — DB persistence for scan results + Phase 10 in plan

2026-04-29 15:17:51 +02:00

087_tom_documentation_v2.sql

feat: Document Templates v2 — 11 migrations + scope-based generator

2026-05-01 01:18:33 +02:00

088_avv_template.sql

feat: Document Templates v2 — 11 migrations + scope-based generator

2026-05-01 01:18:33 +02:00

089_template_cross_doc_updates.sql

feat: Document Templates v2 — 11 migrations + scope-based generator

2026-05-01 01:18:33 +02:00

090_agb_saas_v2.sql

feat: Document Templates v2 — 11 migrations + scope-based generator

2026-05-01 01:18:33 +02:00

091_community_guidelines_v2.sql

feat: Document Templates v2 — 11 migrations + scope-based generator

2026-05-01 01:18:33 +02:00

092_media_content_modules.sql

feat: Document Templates v2 — 11 migrations + scope-based generator

2026-05-01 01:18:33 +02:00

093_privacy_policy_v2.sql

feat: Document Templates v2 — 11 migrations + scope-based generator

2026-05-01 01:18:33 +02:00

094_terms_of_use.sql

feat: Document Templates v2 — 11 migrations + scope-based generator

2026-05-01 01:18:33 +02:00

095_widerrufsbelehrung_v2.sql

feat: Document Templates v2 — 11 migrations + scope-based generator

2026-05-01 01:18:33 +02:00

096_social_media_dsi.sql

feat: Document Templates v2 — 11 migrations + scope-based generator

2026-05-01 01:18:33 +02:00

097_cookie_policy_v2.sql

feat: Document Templates v2 — 11 migrations + scope-based generator

2026-05-01 01:18:33 +02:00

098_whistleblower_policy.sql

feat: Phase 1 — Whistleblower + Cookie/Impressum + HR-DSI templates

2026-05-01 08:29:52 +02:00

099_cookie_banner_impressum_v2.sql

feat: Phase 1 — Whistleblower + Cookie/Impressum + HR-DSI templates

2026-05-01 08:29:52 +02:00

100_employee_applicant_dsi.sql

feat: Phase 1 — Whistleblower + Cookie/Impressum + HR-DSI templates

2026-05-01 08:29:52 +02:00

101_security_concepts_v2.sql

feat: Phase 2 — Security Concepts + DSFA + DSR updates

2026-05-01 08:45:04 +02:00

102_dsfa_pflichten_dsr_v2.sql

feat: Phase 2 — Security Concepts + DSFA + DSR updates

2026-05-01 08:45:04 +02:00

103_security_policies_new.sql

feat: Phase 3 — Security + HR/Vendor/BCM policies

2026-05-01 09:05:03 +02:00

104_special_templates.sql

feat: Phase 5 — Special templates (AI policy, BYOD, ISMS, consent, video DSI)

2026-05-01 09:25:32 +02:00

105_scc_tia_templates.sql

feat: SCC + TIA templates for third-country transfers

2026-05-01 10:19:56 +02:00

106_banner_email_link_consent_proof.sql

feat: Cookie-Banner ↔ Backend Integration (DSR, Retention, Consent Proof)

2026-05-02 19:52:04 +02:00

106_cleanup_agb_duplicates.sql

feat: AGB cleanup + English Terms v2

2026-05-03 06:59:28 +02:00

107_agb_en_v2.sql

feat: AGB cleanup + English Terms v2

2026-05-03 06:59:28 +02:00

107_banner_vendor_agnostic.sql

feat(cmp): vendor-agnostic consent data model — 13 new fields

2026-05-10 23:12:20 +02:00

108_banner_script_cookie_tracking.sql

feat(cmp): Phase 2 — script blocking + cookie tracking

2026-05-11 22:52:26 +02:00

108_privacy_policy_cleanup_en.sql

feat: Privacy notice cleanup + English v2

2026-05-03 07:03:06 +02:00

109_full_template_cleanup.sql

feat: Full template cleanup + categories by use case

2026-05-03 07:09:16 +02:00

110_unreviewed_policies_v2.sql

feat: Review all 12 remaining policy templates + categorize

2026-05-03 07:19:41 +02:00

111_org_roles_reviews.sql

feat: Rollenkonzept backend + SOP template (Phase 1-3)

2026-05-03 13:03:38 +02:00

112_sop_template.sql

feat: Rollenkonzept backend + SOP template (Phase 1-3)

2026-05-03 13:03:38 +02:00

113_vendor_consent_granular.sql

feat: Vendor-level consent + Consent analytics (F4 + F6)

2026-05-03 20:58:06 +02:00

114_banner_analytics.sql

feat: Vendor-level consent + Consent analytics (F4 + F6)

2026-05-03 20:58:06 +02:00

115_role_training_mapping.sql

feat: Academy integration — training gap detection after document approval (F7)

2026-05-03 22:03:25 +02:00

116_banner_ab_testing.sql

feat: A/B Testing + Compliance Report PDF (F5 + F8)

2026-05-03 21:42:50 +02:00

117_dsr_email_templates_content.sql

feat: EmailDeliveryService + professional DSR email templates

2026-05-03 23:38:32 +02:00

118_whistleblower.sql

feat: Whistleblower backend + Scanner banner-check (last 2 gaps)

2026-05-04 00:22:18 +02:00

119_compliance_cra_projects.sql

feat(cra): CRA Compliance module Phase 1+2+3 (intake, scope, path, requirements, backlog, sbom, checks)

2026-05-18 17:56:52 +02:00

120_compliance_cra_sboms.sql

feat(cra): CRA Compliance module Phase 1+2+3 (intake, scope, path, requirements, backlog, sbom, checks)

2026-05-18 17:56:52 +02:00

121_compliance_cra_vulnerabilities.sql

feat(cra): Phase 4 — Vulnerability Disclosure + Post-Market Monitoring

2026-05-18 22:08:49 +02:00