Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(pipeline): implement Control Dependency Engine (Block 9)

Browse Source 
Core engine (dependency_engine.py):
- 5 dependency types: prerequisite, supersedes, compensating_control,
  conditional_requirement, scope_exclusion
- Generic condition evaluator (JSONB rules with AND/OR/NOT/field ops)
- Priority-based conflict resolution
- Cycle detection (DFS) + topological sort
- Full evaluation with MCP-compatible dependency_resolution trace
- 39 tests all passing (incl. GHV scenario from user requirements)

Automatic generator (dependency_generator.py):
- Ontology-based: same normalized_object + phase sequence -> prerequisite
- Pattern-based: define->implement, implement->monitor, etc.
- Domain packs: YAML rules for GDPR, AI Act, CRA, Security, Labor Contracts
- 14 tests all passing

API routes (dependency_routes.py):
- CRUD for dependencies
- POST /evaluate with dependency resolution
- POST /generate (auto-generation with dry_run)
- POST /validate (cycle detection)
- GET /graph (nodes + edges for visualization)

Prompt enhancement (decomposition_pass.py):
- Added dependency_hints + lifecycle_phase_order to Pass 0b prompt
- Stored in generation_metadata for post-processing

DB migration: control_dependencies + control_evaluation_results tables

126 tests total, all passing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-04-26 20:28:10 +02:00
parent 5aaa62dca7
commit 42ab5ead26
14 changed files with 2421 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
control-pipeline/data/domain_packs/security.yaml Normal file
View File

@@ -0,0 +1,34 @@
domain: security
version: "1.0"
description: "Security-spezifische Abhaengigkeiten"
rules:
- name: mfa_compensates_password
description: "MFA kompensiert teilweise schwache Passwortanforderungen"
source_match:
title_contains: ["MFA aktiviert", "Multi-Faktor-Authentifizierung"]
target_match:
title_contains: ["Passwortlaenge", "Passwortkomplexitaet", "Passwortrichtlinie"]
dependency_type: compensating_control
condition:
field: source.status
op: "=="
value: pass
effect:
set_status: compensated_fail
priority: 80
- name: cert_compensates_individual
description: "ISO 27001 Zertifizierung kompensiert einzelne Security-Controls"
source_match:
title_contains: ["ISO 27001 Zertifizierung", "ISMS Zertifizierung"]
target_match:
title_contains: ["Zugriffskontrolle", "Protokollierung", "Verschluesselung"]
dependency_type: compensating_control
condition:
field: source.status
op: "=="
value: pass
effect:
set_status: compensated_fail
priority: 80