Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(pipeline): implement Control Dependency Engine (Block 9)

Browse Source 
Core engine (dependency_engine.py):
- 5 dependency types: prerequisite, supersedes, compensating_control,
  conditional_requirement, scope_exclusion
- Generic condition evaluator (JSONB rules with AND/OR/NOT/field ops)
- Priority-based conflict resolution
- Cycle detection (DFS) + topological sort
- Full evaluation with MCP-compatible dependency_resolution trace
- 39 tests all passing (incl. GHV scenario from user requirements)

Automatic generator (dependency_generator.py):
- Ontology-based: same normalized_object + phase sequence -> prerequisite
- Pattern-based: define->implement, implement->monitor, etc.
- Domain packs: YAML rules for GDPR, AI Act, CRA, Security, Labor Contracts
- 14 tests all passing

API routes (dependency_routes.py):
- CRUD for dependencies
- POST /evaluate with dependency resolution
- POST /generate (auto-generation with dry_run)
- POST /validate (cycle detection)
- GET /graph (nodes + edges for visualization)

Prompt enhancement (decomposition_pass.py):
- Added dependency_hints + lifecycle_phase_order to Pass 0b prompt
- Stored in generation_metadata for post-processing

DB migration: control_dependencies + control_evaluation_results tables

126 tests total, all passing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-04-26 20:28:10 +02:00
parent 5aaa62dca7
commit 42ab5ead26
14 changed files with 2421 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
control-pipeline/data/domain_packs/gdpr.yaml Normal file
View File

@@ -0,0 +1,31 @@
domain: gdpr
version: "1.0"
description: "DSGVO-spezifische Abhaengigkeiten"
rules:
- name: vvt_before_dsfa
description: "Verarbeitungsverzeichnis muss vor DSFA existieren"
source_match:
title_contains: ["Verarbeitungsverzeichnis", "VVT"]
target_match:
title_contains: ["Datenschutz-Folgenabschaetzung", "DSFA"]
dependency_type: prerequisite
priority: 40
- name: rechtsgrundlage_before_verarbeitung
description: "Rechtsgrundlage muss vor Datenverarbeitung definiert sein"
source_match:
title_contains: ["Rechtsgrundlage", "Einwilligung definiert"]
target_match:
title_contains: ["Datenverarbeitung implementiert", "personenbezogene Daten verarbeitet"]
dependency_type: prerequisite
priority: 30
- name: tom_before_documentation
description: "TOMs muessen implementiert sein bevor sie dokumentiert werden"
source_match:
title_contains: ["TOM implementiert", "Technische Massnahmen umgesetzt"]
target_match:
title_contains: ["TOM dokumentiert", "Massnahmen dokumentiert"]
dependency_type: prerequisite
priority: 50