Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dca7740d8c007e9edd63bc7d7f924da45a5d08a3
breakpilot-compliance/ai-compliance-sdk
T
History
Benjamin Admin 0bf9c54d27
CI / detect-changes (push) Successful in 6s
Details
CI / branch-name (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / secret-scan (push) Has been skipped
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / build-sha-integrity (push) Failing after 5s
Details
CI / validate-canonical-controls (push) Successful in 11s
Details
CI / loc-budget (push) Successful in 15s
Details
CI / go-lint (push) Has been skipped
Details
CI / test-go (push) Failing after 38s
Details
CI / iace-gt-coverage (push) Successful in 23s
Details
CI / test-python-backend (push) Has been skipped
Details
CI / test-python-document-crawler (push) Has been skipped
Details
CI / test-python-dsms-gateway (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / nodejs-build (push) Has been skipped
Details
feat(iace): add Fine-Kinney risk model (citable, free, US-recognized) 
Fine-Kinney (Fine 1971 / Kinney-Wiruth 1976): Risk = Probability x Exposure x
Consequence — a PUBLISHED, freely-usable method (not a DIN/Beuth/ISO standard),
widely used incl. CE-marking. Gives the professional a second, US-recognized
model alongside the EN-62061-style one; German exporters get both for free and
adjust with their own licensed norm data.

risk_fine_kinney.go: SuggestFineKinney derives justified P/E/C from public
anchors (ESAW frequency -> P, lifecycle -> E, de-biased severity -> C on the
Fine-Kinney consequence scale) + ComputeFineKinney(p,e,c) so the professional
can override with his own values. No norm table stored.

GT benchmark (rank concordance vs the professional): Fine-Kinney 75.4% — beats
the EN-62061-style model (69.3%) and the raw engine (57%).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-09 15:22:44 +02:00
..
cmd
feat(iace): pattern audit suite + library hygiene wave
2026-05-21 10:51:08 +02:00
data/ce-libraries
docs
internal
feat(iace): add Fine-Kinney risk model (citable, free, US-recognized)
2026-06-09 15:22:44 +02:00
migrations
feat(iace): Customer-Standard-Reuse across customer's prior projects
2026-05-18 22:31:30 +02:00
payment-compliance-pack
policies
.golangci.yml
Dockerfile
feat(p83): wire BUILD_SHA through all Dockerfiles + compose + CI check
2026-05-22 18:29:03 +02:00
go.mod
go.sum
README.md

README.md

ai-compliance-sdk

Go/Gin service providing AI-Act compliance analysis: iACE impact assessments, UCCA rules engine, hazard library, training/academy, audit, escalation, portfolio, RBAC, RAG, whistleblower, workshop.

Port: 8090 → exposed 8093 (container: bp-compliance-ai-sdk) Stack: Go 1.24, Gin, pgx, Postgres.

Architecture

Clean-arch refactor is complete:

cmd/server/main.go              # Thin entrypoint, 7 LOC — wiring in internal/app/
internal/
├── app/
│   ├── app.go                  # Server initialization + lifecycle
│   └── routes.go               # Route registration
├── api/handlers/               # 8 sub-resource handler files:
│   │                           #   iace_handler_projects, hazards, mitigations,
│   │                           #   techfile, monitoring, refdata, rag, components
├── iace/                       # Store split into 7 files:
│   │                           #   store_projects, components, hazards,
│   │                           #   hazard_library, mitigations, evidence, audit
│   └── hazard_library/         # Split into 10 category files
└── ...

See ../AGENTS.go.md for the full convention.

Linting (Phase 5): .golangci.yml added — run golangci-lint run --timeout 5m ./....

Run locally

cd ai-compliance-sdk
go mod download
export COMPLIANCE_DATABASE_URL=...
go run ./cmd/server

Tests

go test -race -cover ./...
golangci-lint run --timeout 5m ./...

Co-located *_test.go, table-driven. Repo layer uses testcontainers-go (or the compose Postgres) — no SQL mocks.

Public API surface

Handlers under internal/api/handlers/ (8 sub-resource files). Health at GET /health. iACE, UCCA, training, academy, portfolio, escalation, audit, rag, whistleblower, workshop subresources. Every route is a contract.

Environment

Var Purpose
COMPLIANCE_DATABASE_URL Postgres DSN
LLM_GATEWAY_URL LLM router for rag/iACE
QDRANT_URL Vector search

Don't touch

DB schema. Hand-rolled migrations elsewhere own it.

Reference in New Issue View Git Blame Copy Permalink