Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(pipeline): implement Control Dependency Engine (Block 9)

Browse Source 
Core engine (dependency_engine.py):
- 5 dependency types: prerequisite, supersedes, compensating_control,
  conditional_requirement, scope_exclusion
- Generic condition evaluator (JSONB rules with AND/OR/NOT/field ops)
- Priority-based conflict resolution
- Cycle detection (DFS) + topological sort
- Full evaluation with MCP-compatible dependency_resolution trace
- 39 tests all passing (incl. GHV scenario from user requirements)

Automatic generator (dependency_generator.py):
- Ontology-based: same normalized_object + phase sequence -> prerequisite
- Pattern-based: define->implement, implement->monitor, etc.
- Domain packs: YAML rules for GDPR, AI Act, CRA, Security, Labor Contracts
- 14 tests all passing

API routes (dependency_routes.py):
- CRUD for dependencies
- POST /evaluate with dependency resolution
- POST /generate (auto-generation with dry_run)
- POST /validate (cycle detection)
- GET /graph (nodes + edges for visualization)

Prompt enhancement (decomposition_pass.py):
- Added dependency_hints + lifecycle_phase_order to Pass 0b prompt
- Stored in generation_metadata for post-processing

DB migration: control_dependencies + control_evaluation_results tables

126 tests total, all passing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-04-26 20:28:10 +02:00
parent 5aaa62dca7
commit 42ab5ead26
14 changed files with 2421 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
control-pipeline/data/domain_packs/cra.yaml Normal file
View File

@@ -0,0 +1,34 @@
domain: cra
version: "1.0"
description: "Cyber Resilience Act spezifische Abhaengigkeiten"
rules:
- name: sbom_triggers_vuln_monitoring
description: "SBOM fuehrt zu Schwachstellenmonitoring-Pflicht"
source_match:
title_contains: ["SBOM", "Komponentenverzeichnis"]
target_match:
title_contains: ["Schwachstellenmonitoring", "Vulnerability Monitoring"]
dependency_type: prerequisite
condition:
field: source.status
op: "=="
value: pass
effect:
set_status: review_required
priority: 40
- name: ce_partially_satisfies_evidence
description: "CE-Zertifizierung ersetzt Teile der Einzelnachweise"
source_match:
title_contains: ["CE-Konformitaet", "CE-Zertifizierung", "Konformitaetserklaerung"]
target_match:
title_contains: ["Einzelnachweis", "Konformitaetsnachweis"]
dependency_type: compensating_control
condition:
field: source.status
op: "=="
value: pass
effect:
set_status: compensated_fail
priority: 80