Initial commit: breakpilot-compliance - Compliance SDK Platform

Services: Admin-Compliance, Backend-Compliance, AI-Compliance-SDK, Consent-SDK, Developer-Portal, PCA-Platform, DSMS Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-11 23:47:28 +01:00
commit 4435e7ea0a
734 changed files with 251369 additions and 0 deletions
--- a/backend-compliance/compliance/SERVICE_COVERAGE.md
+++ b/backend-compliance/compliance/SERVICE_COVERAGE.md
@@ -0,0 +1,297 @@
+# Breakpilot Service Coverage - Sprint 3
+
+## Übersicht
+
+Vollständige Dokumentation aller 36 Breakpilot Services in der Compliance-Registry.
+
+## Service-Kategorien
+
+### Backend Services (11)
+
+| Service | Port | PII | AI | Criticality | GDPR | AI Act | BSI-TR |
+|---------|------|-----|----|----|------|--------|--------|
+| python-backend | 8000 | ✓ | - | critical | ✓✓✓ | ✓✓ | ✓✓ |
+| consent-service | 8081 | ✓ | - | critical | ✓✓✓ | - | ✓✓ |
+| billing-service | 8083 | ✓ | - | critical | ✓✓✓ | - | - |
+| school-service | 8084 | ✓ | - | high | ✓✓✓ | - | ✓✓ |
+| calendar-service | 8085 | ✓ | - | medium | ✓✓ | - | - |
+| h5p-service | 8082 | ✓ | - | medium | ✓✓ | - | - |
+| website | 3000 | ✓ | - | high | ✓✓ | - | ✓✓ |
+| dsms-gateway | 8082 | ✓ | - | medium | ✓✓ | - | - |
+| erpnext | 8080 | ✓ | - | high | ✓✓✓ | - | - |
+| camunda | 8089 | ✓ | - | medium | ✓✓ | - | - |
+| compliance-module | - | - | ✓ | high | ✓✓ | ✓ | - |
+
+### AI Services (4)
+
+| Service | Port | PII | AI | Criticality | GDPR | AI Act | Notes |
+|---------|------|-----|----|-------------|------|--------|-------|
+| klausur-service | 8086 | ✓ | ✓ | high | ✓✓✓ | ✓✓✓ | High-Risk KI (Bildung) |
+| embedding-service | 8087 | - | ✓ | medium | ✓ | ✓✓ | RAG/Embeddings |
+| transcription-worker | - | ✓ | ✓ | medium | ✓✓ | ✓✓ | Whisper ASR |
+| llm-gateway | 8088 | ✓ | ✓ | high | ✓✓ | ✓✓✓ | LLM Orchestration |
+| breakpilot-drive | 3001 | ✓ | ✓ | medium | ✓✓ | ✓✓ | Unity + LLM |
+
+### Databases (5)
+
+| Service | Port | Type | PII | Criticality | GDPR | BSI-TR |
+|---------|------|------|-----|-------------|------|--------|
+| postgresql | 5432 | Relational | ✓ | critical | ✓✓✓ | ✓✓✓ |
+| qdrant | 6333 | Vector | - | medium | ✓ | ✓✓ |
+| valkey | 6379 | Cache | ✓ | high | ✓✓ | ✓✓ |
+| content-db | 5433 | Relational | - | medium | - | ✓✓ |
+| erpnext-db | 3306 | MariaDB | ✓ | high | ✓✓ | ✓✓ |
+
+### Communication Services (6)
+
+| Service | Port | PII | Criticality | GDPR | DSA | Notes |
+|---------|------|-----|-------------|------|-----|-------|
+| matrix-synapse | 8008 | ✓ | high | ✓✓✓ | ✓✓ | E2EE Chat |
+| synapse-db | 5432 | ✓ | high | ✓✓✓ | - | Matrix DB |
+| jitsi-meet | 8443 | ✓ | high | ✓✓✓ | - | Video Frontend |
+| jitsi-prosody | 5222 | ✓ | high | ✓✓ | - | XMPP Server |
+| jitsi-jicofo | - | - | medium | ✓ | - | Conference Focus |
+| jitsi-jvb | 10000 | ✓ | high | ✓✓ | - | Video Bridge |
+| jibri | - | ✓ | high | ✓✓✓ | - | Recording |
+
+### Storage Services (2)
+
+| Service | Port | Type | PII | Criticality | GDPR | BSI-TR |
+|---------|------|------|-----|-------------|------|--------|
+| minio | 9000 | S3 | ✓ | critical | ✓✓✓ | ✓✓ |
+| dsms-node | 5001 | IPFS | ✓ | medium | ✓✓ | ✓✓ |
+
+### Infrastructure Services (5)
+
+| Service | Port | PII | Criticality | GDPR | NIS2 | Notes |
+|---------|------|-----|-------------|------|------|-------|
+| vault | 8200 | - | critical | ✓✓ | - | Secrets Management |
+| traefik | 443 | ✓ | critical | - | ✓✓ | Reverse Proxy |
+| mailpit | 8025 | ✓ | low | ✓ | - | Dev Mail Server |
+| backup | - | ✓ | critical | ✓✓✓ | - | DB Backups |
+
+### Monitoring Services (3)
+
+| Service | Port | PII | Criticality | GDPR | BSI-TR | Notes |
+|---------|------|-----|-------------|------|--------|-------|
+| loki | 3100 | ✓ | high | ✓✓ | ✓✓ | Log Aggregation |
+| grafana | 3000 | - | medium | - | ✓✓ | Dashboards |
+| prometheus | 9090 | - | medium | - | ✓✓ | Metrics |
+
+### Security Services (1)
+
+| Service | Port | PII | Criticality | GDPR | BSI-TR | Notes |
+|---------|------|-----|-------------|------|--------|-------|
+| vault | 8200 | - | critical | ✓✓ | ✓✓✓ | Encryption as a Service |
+
+## Statistiken
+
+### Gesamt
+- **36 Services** dokumentiert
+- **26 Services** (72%) verarbeiten PII
+- **5 Services** (14%) enthalten KI-Komponenten
+- **9 Services** (25%) sind als "critical" eingestuft
+
+### Nach Service-Typ
+```
+Backend:         11 (31%)
+Communication:    6 (17%)
+Database:         5 (14%)
+AI:              5 (14%)
+Infrastructure:   5 (14%)
+Monitoring:       3 (8%)
+Storage:          2 (6%)
+Security:         1 (3%)
+```
+
+### Technologie-Stack (Top 10)
+```
+Python:          15 Services
+PostgreSQL:      8 Services
+FastAPI:         7 Services
+Go:              4 Services
+Java:            3 Services
+JavaScript:      2 Services
+WebRTC:          2 Services
+Redis/Valkey:    2 Services
+Nginx:           2 Services
+Docker:          36 Services (alle)
+```
+
+### Compliance-Abdeckung
+
+#### GDPR
+- **Critical**: 15 Services (consent, billing, school, postgresql, minio, backup, etc.)
+- **High**: 10 Services (python-backend, klausur-service, matrix-synapse, etc.)
+- **Medium**: 8 Services (calendar, embedding, dsms, etc.)
+- **Low**: 3 Services (mailpit, etc.)
+
+#### AI Act
+- **Critical**: 3 Services (klausur-service, llm-gateway)
+- **High**: 2 Services (python-backend)
+- **Medium**: 5 Services (embedding-service, transcription-worker, compliance-module, etc.)
+
+#### BSI-TR-03161
+- **Critical**: 4 Services (postgresql, vault, backup)
+- **High**: 8 Services (consent-service, school-service, matrix-synapse, etc.)
+- **Medium**: 12 Services (qdrant, valkey, minio, etc.)
+
+## Port-Übersicht
+
+### Häufig genutzte Ports
+```
+8000  - python-backend
+8008  - matrix-synapse
+8025  - mailpit (Web UI)
+8081  - consent-service
+8082  - h5p-service / dsms-gateway (Konflikt möglich)
+8083  - billing-service
+8084  - school-service
+8085  - calendar-service
+8086  - klausur-service
+8087  - embedding-service
+8088  - llm-gateway
+8089  - camunda
+8090  - erpnext-frontend
+8200  - vault
+8443  - jitsi-meet
+
+3000  - website / grafana (Konflikt möglich)
+3001  - breakpilot-drive
+3100  - loki
+3306  - erpnext-db (MariaDB)
+
+5001  - dsms-node (IPFS API)
+5222  - jitsi-prosody (XMPP)
+5432  - postgresql / synapse-db
+5433  - content-db
+
+6333  - qdrant
+6379  - valkey (Redis)
+
+9000  - minio (S3 API)
+9001  - minio (Console)
+9090  - prometheus
+
+10000 - jitsi-jvb (UDP)
+```
+
+### Erkannte Port-Konflikte
+- **Port 8082**: h5p-service, dsms-gateway (beide in service_modules.py)
+- **Port 3000**: website, grafana (beide in service_modules.py)
+- **Port 5432**: postgresql, synapse-db (separater Service)
+
+**Hinweis**: Konflikte in docker-compose.yml durch unterschiedliche Profile oder Host-Ports gelöst.
+
+## PII-Verarbeitung
+
+### Services die PII verarbeiten (26)
+
+**Critical PII Processing:**
+- consent-service (Einwilligungen)
+- billing-service (Zahlungsdaten)
+- school-service (Schülerdaten)
+- postgresql (alle persistenten Daten)
+- minio (Dateispeicher)
+- backup (Datensicherung)
+
+**High PII Processing:**
+- python-backend (User-Daten, Dokumente)
+- klausur-service (Klausuren, Korrekturen)
+- matrix-synapse (Chat-Inhalte)
+- jitsi-meet/jvb (Video/Audio)
+- jibri (Aufzeichnungen)
+- transcription-worker (Sprachaufnahmen)
+
+## KI-Komponenten
+
+### Services mit KI (5)
+
+1. **klausur-service** (High-Risk AI)
+   - Claude API für Klausurkorrektur
+   - AI Act Art. 6 (Bildungsbereich)
+   - GDPR Art. 22 (automatisierte Entscheidungen)
+
+2. **embedding-service**
+   - SentenceTransformers (lokal)
+   - General-Purpose AI System
+
+3. **transcription-worker**
+   - Whisper ASR (OpenAI)
+   - Biometrische Daten (GDPR)
+
+4. **llm-gateway**
+   - LLM Orchestrierung
+   - Externe API-Calls
+
+5. **breakpilot-drive**
+   - Unity + LLM Integration
+   - Lernspiel mit KI
+
+## Kritikalität
+
+### Critical Services (9)
+Ausfall führt zu System-Shutdown oder schwerwiegendem Datenverlust:
+- python-backend
+- consent-service
+- billing-service
+- postgresql
+- minio
+- vault
+- traefik
+- backup
+
+### High Services (10)
+Wichtige Funktionalität, aber System kann degradiert weiterlaufen:
+- klausur-service
+- school-service
+- website
+- matrix-synapse
+- jitsi-meet/jvb
+- valkey
+- loki
+- erpnext
+- erpnext-db
+
+### Medium Services (14)
+Standard-Funktionalität:
+- calendar-service
+- embedding-service
+- transcription-worker
+- h5p-service
+- qdrant
+- dsms-node/gateway
+- jitsi-jicofo
+- grafana
+- prometheus
+- compliance-module
+- camunda
+- breakpilot-drive
+
+### Low Services (3)
+Nur für Entwicklung/Testing:
+- mailpit
+- content-db
+
+## Nächste Schritte
+
+### Sprint 4 Planung
+- [ ] Port-Konflikte auflösen (8082, 3000)
+- [ ] Compliance-Score Berechnung
+- [ ] Automatische Dependency-Graph-Erstellung
+- [ ] Service-Health-Checks integrieren
+- [ ] Gap-Analyse pro Service
+- [ ] Dashboard für Service-Overview
+
+### Fehlende Services
+Services in docker-compose.yml aber nicht kritisch für Compliance:
+- erpnext-redis-queue
+- erpnext-redis-cache
+- erpnext-create-site (Init-Service)
+- erpnext-backend
+- erpnext-websocket
+- erpnext-scheduler
+- erpnext-worker-long
+- erpnext-worker-short
+
+**Grund**: Interne ERPNext Worker, keine separate Compliance-Relevanz.