Initial commit: breakpilot-compliance - Compliance SDK Platform

Services: Admin-Compliance, Backend-Compliance, AI-Compliance-SDK, Consent-SDK, Developer-Portal, PCA-Platform, DSMS Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-11 23:47:28 +01:00
commit 4435e7ea0a
734 changed files with 251369 additions and 0 deletions
--- a/backend-compliance/main.py
+++ b/backend-compliance/main.py
@@ -0,0 +1,97 @@
+"""
+BreakPilot Compliance Backend
+
+Extracted compliance-specific APIs from the monorepo backend.
+Provides: Compliance Framework, Consent Admin, DSR, GDPR Export.
+
+Runs on port 8002 with DB search_path=compliance,core,public.
+"""
+
+import os
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+
+# Compliance-specific API routers
+from consent_api import router as consent_router
+from consent_admin_api import router as consent_admin_router
+from gdpr_api import router as gdpr_router, admin_router as gdpr_admin_router
+from dsr_api import router as dsr_router
+from dsr_admin_api import router as dsr_admin_router, templates_router as dsr_templates_router
+
+# Compliance framework sub-package
+from compliance.api import router as compliance_framework_router
+
+# Middleware
+from middleware import (
+    RequestIDMiddleware,
+    SecurityHeadersMiddleware,
+)
+
+app = FastAPI(
+    title="BreakPilot Compliance Backend",
+    description="GDPR/DSGVO Compliance, Consent Management, Data Subject Requests, and Regulatory Compliance Framework",
+    version="1.0.0",
+)
+
+# --- CORS ---
+ALLOWED_ORIGINS = os.getenv("CORS_ORIGINS", "*").split(",")
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=ALLOWED_ORIGINS,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+# --- Security & Tracing Middleware ---
+app.add_middleware(RequestIDMiddleware)
+app.add_middleware(SecurityHeadersMiddleware)
+
+
+# --- Health Endpoint ---
+@app.get("/health", tags=["system"])
+async def health():
+    """Health check endpoint for load balancers and orchestration."""
+    return {
+        "status": "healthy",
+        "service": "backend-compliance",
+        "version": "1.0.0",
+    }
+
+
+# --- Compliance-specific Routers ---
+
+# Consent (user-facing)
+app.include_router(consent_router, prefix="/api")
+
+# Consent Admin
+app.include_router(consent_admin_router, prefix="/api")
+
+# GDPR / Privacy (user-facing)
+app.include_router(gdpr_router, prefix="/api")
+
+# GDPR Admin
+app.include_router(gdpr_admin_router, prefix="/api")
+
+# DSR - Data Subject Requests (user-facing)
+app.include_router(dsr_router, prefix="/api")
+
+# DSR Admin
+app.include_router(dsr_admin_router, prefix="/api")
+
+# DSR Templates Admin
+app.include_router(dsr_templates_router, prefix="/api")
+
+# Compliance Framework (regulations, controls, evidence, risks, audits, ISMS)
+app.include_router(compliance_framework_router, prefix="/api")
+
+
+if __name__ == "__main__":
+    import uvicorn
+
+    uvicorn.run(
+        "main:app",
+        host="0.0.0.0",
+        port=int(os.getenv("PORT", "8002")),
+        reload=os.getenv("ENVIRONMENT", "development") == "development",
+    )