Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dfadff5b02ee987a76e7cca2375cb048f0e09bcc
breakpilot-compliance/.claude/rules/loc-exceptions.txt
T
Benjamin Admin 35802c8c33 chore(loc): exempt 5 pre-existing > 500-LOC files with rationale [guardrail-change] 
Diese 5 Files verletzten den Hard-Cap und blockierten jeden PR der sie
touched. Pre-existing — keine neue Verletzung. Jedes Eintrag enthaelt
Refactor-Plan fuer Phase 2 (Charakterisierungs-Test + Sub-Module).

- consent-tester/services/vendor_detail_extractor.py (675)
- consent-tester/services/consent_scanner.py (567)
- backend-compliance/.../rag_document_checker.py (559)
- consent-tester/services/banner_text_checker.py (531)
- admin-compliance/app/sdk/ai-act/page.tsx (503)

Effekt: CI exit 0 ohne Verhaltensaenderung. Die exceptions-Liste muss
laut .claude/rules/architecture.md ueber Zeit schrumpfen, nicht wachsen
— d.h. diese 5 Eintraege sind explizite Tech-Debt-Marker.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-22 18:33:58 +02:00

217 lines
12 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# loc-exceptions.txt — files allowed to exceed the 500-line hard cap.
#
# Format: one repo-relative path per line. Comments start with '#' and are ignored.
# Each exception MUST be preceded by a comment explaining why splitting is not viable.
#
# Phase 0 baseline: this list is initially empty. Phases 1-4 will add grandfathered
# entries as we encounter legitimate exceptions (e.g. large generated data tables).
# The goal is for this list to SHRINK over time, never grow.
# --- admin-compliance: static data catalogs (Phase 3) ---
# Splitting these would fragment lookup tables without improving readability.
admin-compliance/lib/sdk/tom-generator/controls/loader.ts
admin-compliance/lib/sdk/vendor-compliance/risk/controls-library.ts
admin-compliance/lib/sdk/compliance-scope-triggers.ts
admin-compliance/lib/sdk/vendor-compliance/catalog/processing-activities.ts
admin-compliance/lib/sdk/catalog-manager/catalog-registry.ts
admin-compliance/lib/sdk/dsfa/mitigation-library.ts
admin-compliance/lib/sdk/vvt-baseline-catalog.ts
admin-compliance/lib/sdk/dsfa/eu-legal-frameworks.ts
admin-compliance/lib/sdk/dsfa/risk-catalog.ts
admin-compliance/lib/sdk/loeschfristen-baseline-catalog.ts
admin-compliance/lib/sdk/vendor-compliance/catalog/vendor-templates.ts
admin-compliance/lib/sdk/vendor-compliance/catalog/legal-basis.ts
admin-compliance/lib/sdk/vendor-compliance/contract-review/findings.ts
admin-compliance/lib/sdk/vendor-compliance/contract-review/checklists.ts
admin-compliance/lib/sdk/compliance-scope-types/document-scope-matrix-core.ts
admin-compliance/lib/sdk/compliance-scope-types/document-scope-matrix-extended.ts
admin-compliance/lib/sdk/demo-data/index.ts
admin-compliance/lib/sdk/tom-generator/demo-data/index.ts
# --- admin-compliance: self-contained export generators (Phase 3) ---
# Each file generates a complete document format. Splitting mid-generation
# logic would create artificial module boundaries without benefit.
admin-compliance/lib/sdk/tom-generator/export/zip.ts
admin-compliance/lib/sdk/tom-generator/export/docx.ts
admin-compliance/lib/sdk/tom-generator/export/pdf.ts
admin-compliance/lib/sdk/einwilligungen/export/pdf.ts
admin-compliance/lib/sdk/einwilligungen/generator/privacy-policy-sections.ts
# --- backend-compliance: legacy utility services (Phase 1) ---
# Pre-refactor utility modules not yet split. Phase 5 targets.
backend-compliance/compliance/services/control_generator.py
backend-compliance/compliance/services/audit_pdf_generator.py
backend-compliance/compliance/services/regulation_scraper.py
backend-compliance/compliance/services/llm_provider.py
backend-compliance/compliance/services/export_generator.py
backend-compliance/compliance/services/pdf_extractor.py
backend-compliance/compliance/services/ai_compliance_assistant.py
# --- backend-compliance: Phase 1 code refactor backlog ---
# These are the remaining oversized route/service/data/auth files that Phase 1
# did not reach. Each entry is a tracked refactor debt item — the list must shrink.
backend-compliance/compliance/services/decomposition_pass.py
backend-compliance/compliance/api/schemas.py
backend-compliance/compliance/api/canonical_control_routes.py
backend-compliance/compliance/db/repository.py
backend-compliance/compliance/db/models.py
backend-compliance/compliance/api/evidence_check_routes.py
backend-compliance/compliance/api/control_generator_routes.py
backend-compliance/compliance/api/process_task_routes.py
backend-compliance/compliance/api/evidence_routes.py
backend-compliance/compliance/api/crosswalk_routes.py
backend-compliance/compliance/api/dashboard_routes.py
backend-compliance/compliance/api/dsfa_routes.py
backend-compliance/compliance/api/routes.py
backend-compliance/compliance/api/tom_mapping_routes.py
backend-compliance/compliance/services/control_dedup.py
backend-compliance/compliance/services/framework_decomposition.py
backend-compliance/compliance/services/pipeline_adapter.py
backend-compliance/compliance/services/batch_dedup_runner.py
backend-compliance/compliance/services/obligation_extractor.py
backend-compliance/compliance/services/control_composer.py
backend-compliance/compliance/services/pattern_matcher.py
backend-compliance/compliance/data/iso27001_annex_a.py
backend-compliance/compliance/data/service_modules.py
backend-compliance/compliance/data/controls.py
backend-compliance/services/pdf_service.py
backend-compliance/services/file_processor.py
backend-compliance/auth/keycloak_auth.py
# --- scripts: one-off ingestion, QA, and migration scripts ---
# These are operational scripts, not production application code.
# LOC rules don't apply in the same way to single-purpose scripts.
scripts/ingest-legal-corpus.sh
scripts/ingest-ce-corpus.sh
scripts/ingest-dsfa-bundesland.sh
scripts/edpb-crawler.py
scripts/apply_templates_023.py
scripts/qa/phase74_generate_gap_controls.py
scripts/qa/pdf_qa_all.py
scripts/qa/benchmark_llm_controls.py
backend-compliance/scripts/seed_policy_templates.py
# --- ai-compliance-sdk: IACE hazard pattern data tables ---
# Each file is a flat list of HazardPattern structs (pure data, no logic).
# 85 patterns × 12 lines/pattern = ~1020 lines. Cannot be split meaningfully.
ai-compliance-sdk/internal/iace/hazard_patterns_extended3.go
ai-compliance-sdk/internal/iace/hazard_patterns_final_a.go
ai-compliance-sdk/internal/iace/hazard_patterns_final_b.go
ai-compliance-sdk/internal/iace/hazard_patterns_final_c.go
ai-compliance-sdk/internal/iace/hazard_patterns_final_d.go
ai-compliance-sdk/internal/iace/hazard_patterns_cyber_extended.go
ai-compliance-sdk/internal/iace/hazard_patterns_workshop.go
ai-compliance-sdk/internal/iace/norms_library_c_process.go
ai-compliance-sdk/internal/iace/norms_library_c_food_pkg.go
# --- docs-src: copies of backend source for documentation rendering ---
# These are not production code; they are rendered into the static docs site.
docs-src/control_generator.py
docs-src/control_generator_routes.py
# --- consent-sdk: platform-native mobile SDKs (Swift / Dart) ---
# Flutter and iOS SDKs follow platform conventions (verbose verbose) that make
# splitting into multiple files awkward without sacrificing single-import ergonomics.
consent-sdk/src/mobile/flutter/consent_sdk.dart
consent-sdk/src/mobile/ios/ConsentManager.swift
# --- consent-tester: DSI discovery orchestrator ---
# Single Playwright session with sequential steps (banner dismiss, self-extract,
# link follow, accordion expand, inline sections). Splitting mid-session would
# require passing Page objects across modules.
consent-tester/services/dsi_discovery.py
# --- backend-compliance: unified compliance check orchestrator ---
# Sequential 7-step pipeline (text resolve, profile detect, check documents,
# banner scan, cross-check, profile extract, report). Phase 5 split target.
backend-compliance/compliance/api/agent_compliance_check_routes.py
# --- docs-src: binary office files (not source code) ---
# (Also excluded by extension in scripts/check-loc.sh — kept here for legibility.)
docs-src/Breakpilot ComplAI Finanzplan.xlsm
# --- admin-compliance: oversized component refactor backlog ---
# Phase 5+ target for splitting into smaller subcomponents per wizard step.
admin-compliance/components/sdk/ai-act/DecisionTreeWizard.tsx
# --- ai-compliance-sdk: oversized handler refactor backlog ---
# Phase 5+ target for splitting handler groups into per-resource files.
ai-compliance-sdk/internal/api/handlers/tender_handlers.go
# --- merge grandfathered (2026-05-13) — Phase 5+ refactor backlog ---
# Files imported via team work that crossed the hard cap; tracked for splitting.
consent-tester/checks/banner_checks.py
consent-tester/services/banner_detector.py
backend-compliance/compliance/api/agent_doc_check_routes.py
backend-compliance/compliance/services/service_registry.py
backend-compliance/compliance/services/dsr_workflow_service.py
ai-compliance-sdk/internal/iace/hazard_patterns_forestry_conveyor.go
admin-compliance/app/sdk/compliance-scope/page.tsx
# --- zeroclaw: ground-truth corpus (test fixture data, not source) ---
zeroclaw/docs/ground-truth/06-spiegel-dsi-fulltext.txt
# --- IACE data tables and orchestration files (Phase 16-18 refactor backlog) ---
# Each file grew during the IACE polish phases (Stufe-A manufacturer library,
# Klärungen Phase 3 PDF export + methodology, app routes). Phase 5+ split
# targets — splitting now would fragment unrelated cohesive logic.
ai-compliance-sdk/internal/iace/manufacturer_safety_features.go
ai-compliance-sdk/internal/api/handlers/iace_handler_clarifications.go
ai-compliance-sdk/internal/app/routes.go
# --- 2026-05-19 Coolify-Unblocker: 4 grandfathered files ---
# Diese 4 Dateien sind Pre-Existing-Tech-Debt und blockierten den
# Coolify-Build. Splits sind als P9.5 Tech-Debt-Sprint geplant, bis
# dahin als Exceptions getragen damit Deploy laeuft.
#
# cra_routes.py (1714): CRA-Phase-5-Router mit Annex-V/VII Generator —
# Split nach Endpoint-Gruppen (vuln/post-market/tech-doc/doc) sinnvoll.
backend-compliance/compliance/api/cra_routes.py
# vendor_redundancy.py (727): Cost-Lookup-Tabellen (DSP/SaaS/Self-Service)
# + Multi-Function-Tools + Engine. Tabellen-Splits nach Lookup-Klasse.
backend-compliance/compliance/services/vendor_redundancy.py
# cookie_knowledge_db.py (608): Basis-KB — Ergaenzung via
# cookie_knowledge_extended.py + Facade laeuft bereits (P2). Split der
# Base-KB nach Vendor-Familie ist Phase-2-Ziel.
backend-compliance/compliance/services/cookie_knowledge_db.py
# cookie-banner-embed.ts (558): Banner-Embed-Bundle fuer CDN-Auslieferung
# — selbst-kontainierter Code-Generator, Split wuerde Generator-Logik
# fragmentieren ohne Nutzen.
admin-compliance/lib/sdk/einwilligungen/generator/cookie-banner-embed.ts
# ComplianceCheckTab.tsx (511): zentrale UI fuer Compliance-Check-Form mit
# Polling, Storage, History, Agent-Toggle, TDM-Override. Split nach Concerns
# (_components/CompliancePolling, _components/TDMOverride) ist P11-Tech-Debt.
admin-compliance/app/sdk/agent/_components/ComplianceCheckTab.tsx
# --- 2026-05-22 batch: P83-CI-Hardening backlog ---
# Diese 5 Files verletzen den 500-LOC-Hard-Cap aktuell und blockieren
# jeden PR der sie touched. Refactor ist Phase-2-Ziel (charakterisierungs-
# tests + Sub-Module). Bis dahin: explizite Exception mit Rationale,
# damit die CI nicht orthogonal an pre-existing Tech-Debt scheitert.
#
# vendor_detail_extractor.py (675): Playwright-Browser-Orchestrierung mit
# eng verflochtenen Page-State-Operationen (Banner-Reopen, Category-
# Expand, Anti-Audit-Detection, TDM-Check). Split braucht Page-Context-
# Shared-State zwischen Modulen — Aufwand > Nutzen ohne klares Refactor-
# Konzept. Phase 2: vendor_detail/ Subpackage mit Page-Wrapper-Klasse.
consent-tester/services/vendor_detail_extractor.py
# consent_scanner.py (567): 460-Zeilen-Funktion run_consent_test() —
# Browser-Phasen (initial fetch, banner detect, button click, reject,
# accept, screenshot, cookie diff). Split nach Phasen ist Phase-2-Ziel
# (consent_scanner/_phase_*.py).
consent-tester/services/consent_scanner.py
# rag_document_checker.py (559): Doc-Check-Pipeline (control loading,
# canonical-scope filter, deterministic MC checks, LLM enrichment).
# Splitbar in _control_loader.py + _llm_enrichment.py — kandidat fuer
# naechsten Sprint mit Charakterisierungs-Test gegen 5 GT-Doc-Samples.
backend-compliance/compliance/services/rag_document_checker.py
# banner_text_checker.py (531): 500-Zeilen-Funktion check_banner_text()
# mit eng-verflochtener DOM-Erkennungs-Logik (Save-Label, Ablehnen-
# Button, Dark-Patterns, Wortwahl-Heuristik). Phase-2-Split nach
# Pruef-Aspekt.
consent-tester/services/banner_text_checker.py
# ai-act/page.tsx (503): React-Page mit Form-State, Risiko-Klassifikation,
# Demo-Daten und Export. Split nach React-Sub-Components (_components/
# RiskClassifier, _components/MitigationForm) ist React-Refactor-Sprint.
admin-compliance/app/sdk/ai-act/page.tsx
Reference in New Issue View Git Blame Copy Permalink