Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api-docs): API-Exposure-Klassifikation — Intern vs. Oeffentlich
Some checks failed
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-ai-compliance (push) Failing after 36s
Details
CI / test-python-backend-compliance (push) Successful in 33s
Details
CI / test-python-document-crawler (push) Successful in 20s
Details
CI / test-python-dsms-gateway (push) Successful in 16s
Details

Browse Source 
Alle ~640 Endpoints nach Netzwerk-Exposition klassifiziert: public (5 Module, ~30 EP),
partner/Integration (6 Module, ~25 EP), internal (25+ Module, ~550 EP), admin/Wartung (4 EP).
Badges, Filter und Stats in API-Docs + Developer Portal.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-03-08 13:31:16 +01:00
parent 56758e8b55
commit 6ff9f1f2f3
5 changed files with 287 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
admin-compliance/app/sdk/api-docs/page.tsx
View File

@@ -2,7 +2,7 @@
import { useState, useMemo, useRef } from 'react'
import { apiModules } from '@/lib/sdk/api-docs/endpoints'
import type { HttpMethod, BackendService } from '@/lib/sdk/api-docs/types'
import type { HttpMethod, BackendService, ApiExposure } from '@/lib/sdk/api-docs/types'
const METHOD_COLORS: Record<HttpMethod, string> = {
GET: 'bg-green-100 text-green-800',
@@ -12,12 +12,30 @@ const METHOD_COLORS: Record<HttpMethod, string> = {
PATCH: 'bg-purple-100 text-purple-800',
}
const EXPOSURE_CONFIG: Record<ApiExposure, { label: string; color: string; description: string }> = {
public: { label: 'Oeffentlich', color: 'bg-green-100 text-green-800 border-green-200', description: 'Internet-exponiert' },
partner: { label: 'Integration', color: 'bg-blue-100 text-blue-800 border-blue-200', description: 'API-Key/OAuth' },
internal: { label: 'Intern', color: 'bg-gray-100 text-gray-700 border-gray-200', description: 'Nur Admin' },
admin: { label: 'Wartung', color: 'bg-orange-100 text-orange-800 border-orange-200', description: 'Nur Setup' },
}
type ServiceFilter = 'all' | BackendService
type ExposureFilter = 'all' | ApiExposure
function ExposureBadge({ exposure }: { exposure: ApiExposure }) {
const config = EXPOSURE_CONFIG[exposure]
return (
<span className={`inline-block text-[10px] font-medium px-1.5 py-0.5 rounded border ${config.color}`}>
{config.label}
</span>
)
}
export default function ApiDocsPage() {
const [search, setSearch] = useState('')
const [serviceFilter, setServiceFilter] = useState<ServiceFilter>('all')
const [methodFilter, setMethodFilter] = useState<HttpMethod | 'all'>('all')
const [exposureFilter, setExposureFilter] = useState<ExposureFilter>('all')
const [expandedModules, setExpandedModules] = useState<Set<string>>(new Set())
const moduleRefs = useRef<Record<string, HTMLDivElement | null>>({})
@@ -25,9 +43,15 @@ export default function ApiDocsPage() {
const q = search.toLowerCase()
return apiModules
.filter((m) => serviceFilter === 'all' || m.service === serviceFilter)
.filter((m) => {
if (exposureFilter === 'all') return true
if (m.exposure === exposureFilter) return true
return m.endpoints.some((e) => (e.exposure || m.exposure) === exposureFilter)
})
.map((m) => {
const eps = m.endpoints.filter((e) => {
if (methodFilter !== 'all' && e.method !== methodFilter) return false
if (exposureFilter !== 'all' && (e.exposure || m.exposure) !== exposureFilter) return false
if (!q) return true
return (
e.path.toLowerCase().includes(q) ||
@@ -39,13 +63,22 @@ export default function ApiDocsPage() {
return { ...m, endpoints: eps }
})
.filter((m) => m.endpoints.length > 0)
}, [search, serviceFilter, methodFilter])
}, [search, serviceFilter, methodFilter, exposureFilter])
const stats = useMemo(() => {
const total = apiModules.reduce((s, m) => s + m.endpoints.length, 0)
const python = apiModules.filter((m) => m.service === 'python').reduce((s, m) => s + m.endpoints.length, 0)
const go = apiModules.filter((m) => m.service === 'go').reduce((s, m) => s + m.endpoints.length, 0)
return { total, python, go, modules: apiModules.length }
const exposureCounts = { public: 0, partner: 0, internal: 0, admin: 0 }
apiModules.forEach((m) => {
m.endpoints.forEach((e) => {
const exp = e.exposure || m.exposure
exposureCounts[exp]++
})
})
return { total, python, go, modules: apiModules.length, exposure: exposureCounts }
}, [])
const filteredTotal = filteredModules.reduce((s, m) => s + m.endpoints.length, 0)
@@ -97,6 +130,26 @@ export default function ApiDocsPage() {
</div>
</div>
{/* Exposure Stats */}
<div className="flex flex-wrap gap-2 mb-3 text-xs">
<span className="text-gray-500">Exposure:</span>
<span className="px-2 py-0.5 rounded bg-green-50 text-green-700 font-medium">
{stats.exposure.public} oeffentlich
</span>
<span className="px-2 py-0.5 rounded bg-blue-50 text-blue-700 font-medium">
{stats.exposure.partner} Integration
</span>
<span className="px-2 py-0.5 rounded bg-gray-100 text-gray-600 font-medium">
{stats.exposure.internal} intern
</span>
<span className="px-2 py-0.5 rounded bg-orange-50 text-orange-700 font-medium">
{stats.exposure.admin} Wartung
</span>
<span className="text-gray-400 ml-1">
({Math.round((stats.exposure.public + stats.exposure.partner) / stats.total * 100)}% exponiert)
</span>
</div>
{/* Search + Filters */}
<div className="flex flex-wrap gap-3 items-center">
<div className="relative flex-1 min-w-[240px]">
@@ -144,6 +197,29 @@ export default function ApiDocsPage() {
))}
</div>
{/* Exposure Filter */}
<div className="flex rounded-lg border border-gray-300 overflow-hidden">
{([
['all', 'Alle'],
['public', 'Oeffentlich'],
['partner', 'Integration'],
['internal', 'Intern'],
['admin', 'Wartung'],
] as const).map(([val, label]) => (
<button
key={val}
onClick={() => setExposureFilter(val)}
className={`px-3 py-2 text-xs font-medium transition-colors ${
exposureFilter === val
? 'bg-gray-900 text-white'
: 'bg-white text-gray-600 hover:bg-gray-50'
}`}
>
{label}
</button>
))}
</div>
{/* Method Filter */}
<div className="flex gap-1.5">
{(['all', 'GET', 'POST', 'PUT', 'DELETE', 'PATCH'] as const).map((m) => (
@@ -185,7 +261,7 @@ export default function ApiDocsPage() {
<div className="flex gap-6">
{/* Module Index (Sidebar) */}
<div className="hidden lg:block w-64 flex-shrink-0">
<div className="bg-white rounded-lg border border-gray-200 p-4 sticky top-[140px] max-h-[calc(100vh-180px)] overflow-y-auto">
<div className="bg-white rounded-lg border border-gray-200 p-4 sticky top-[170px] max-h-[calc(100vh-210px)] overflow-y-auto">
<h3 className="text-xs font-semibold text-gray-400 uppercase tracking-wider mb-3">
Modul-Index ({filteredModules.length})
</h3>
@@ -194,15 +270,18 @@ export default function ApiDocsPage() {
<button
key={m.id}
onClick={() => scrollToModule(m.id)}
className="w-full text-left px-2 py-1.5 text-xs rounded hover:bg-gray-100 transition-colors group flex items-center justify-between"
className="w-full text-left px-2 py-1.5 text-xs rounded hover:bg-gray-100 transition-colors group flex items-center justify-between gap-1"
>
<span className="truncate text-gray-700 group-hover:text-gray-900">
{m.id}
</span>
<span className={`text-[10px] px-1.5 py-0.5 rounded-full ${
m.service === 'python' ? 'bg-blue-50 text-blue-600' : 'bg-emerald-50 text-emerald-600'
}`}>
{m.endpoints.length}
<span className="flex items-center gap-1 flex-shrink-0">
<ExposureBadge exposure={m.exposure} />
<span className={`text-[10px] px-1.5 py-0.5 rounded-full ${
m.service === 'python' ? 'bg-blue-50 text-blue-600' : 'bg-emerald-50 text-emerald-600'
}`}>
{m.endpoints.length}
</span>
</span>
</button>
))}
@@ -246,6 +325,7 @@ export default function ApiDocsPage() {
}`}>
{m.service === 'python' ? 'PY' : 'GO'}
</span>
<ExposureBadge exposure={m.exposure} />
<span className="text-sm font-medium text-gray-900 truncate">{m.name}</span>
</div>
<div className="flex items-center gap-2 flex-shrink-0 ml-3">
@@ -265,27 +345,39 @@ export default function ApiDocsPage() {
<th className="text-left px-4 py-2 w-20">Methode</th>
<th className="text-left px-4 py-2">Pfad</th>
<th className="text-left px-4 py-2">Beschreibung</th>
<th className="text-left px-4 py-2 w-24">Exposure</th>
</tr>
</thead>
<tbody>
{m.endpoints.map((e, i) => (
<tr
key={`${e.method}-${e.path}-${i}`}
className="border-t border-gray-50 hover:bg-gray-50/50 transition-colors"
>
<td className="px-4 py-2">
<span className={`inline-block text-[11px] font-mono font-bold px-2 py-0.5 rounded ${METHOD_COLORS[e.method]}`}>
{e.method}
</span>
</td>
<td className="px-4 py-2 font-mono text-xs text-gray-800">
{e.path}
</td>
<td className="px-4 py-2 text-xs text-gray-600">
{e.description}
</td>
</tr>
))}
{m.endpoints.map((e, i) => {
const endpointExposure = e.exposure || m.exposure
const hasOverride = e.exposure && e.exposure !== m.exposure
return (
<tr
key={`${e.method}-${e.path}-${i}`}
className="border-t border-gray-50 hover:bg-gray-50/50 transition-colors"
>
<td className="px-4 py-2">
<span className={`inline-block text-[11px] font-mono font-bold px-2 py-0.5 rounded ${METHOD_COLORS[e.method]}`}>
{e.method}
</span>
</td>
<td className="px-4 py-2 font-mono text-xs text-gray-800">
{e.path}
</td>
<td className="px-4 py-2 text-xs text-gray-600">
{e.description}
</td>
<td className="px-4 py-2">
{hasOverride ? (
<ExposureBadge exposure={endpointExposure} />
) : (
<span className="text-[10px] text-gray-300"></span>
)}
</td>
</tr>
)
})}
</tbody>
</table>
</div>

88
admin-compliance/lib/sdk/api-docs/endpoints.ts
View File

@@ -10,6 +10,7 @@ export const apiModules: ApiModule[] = [
name: 'Compliance Framework — Regulierungen, Anforderungen & Controls',
service: 'python',
basePath: '/api/compliance',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/regulations', description: 'Alle Regulierungen auflisten', service: 'python' },
{ method: 'GET', path: '/regulations/{code}', description: 'Regulierung nach Code laden', service: 'python' },
@@ -29,10 +30,10 @@ export const apiModules: ApiModule[] = [
{ method: 'GET', path: '/export/{export_id}', description: 'Export-Status abfragen', service: 'python' },
{ method: 'GET', path: '/export/{export_id}/download', description: 'Export-Datei herunterladen', service: 'python' },
{ method: 'GET', path: '/exports', description: 'Alle Exports auflisten', service: 'python' },
{ method: 'POST', path: '/init-tables', description: 'Datenbanktabellen initialisieren', service: 'python' },
{ method: 'POST', path: '/create-indexes', description: 'Datenbank-Indizes erstellen', service: 'python' },
{ method: 'POST', path: '/seed-risks', description: 'Risikodaten einspielen', service: 'python' },
{ method: 'POST', path: '/seed', description: 'Systemdaten einspielen', service: 'python' },
{ method: 'POST', path: '/init-tables', description: 'Datenbanktabellen initialisieren', service: 'python', exposure: 'admin' },
{ method: 'POST', path: '/create-indexes', description: 'Datenbank-Indizes erstellen', service: 'python', exposure: 'admin' },
{ method: 'POST', path: '/seed-risks', description: 'Risikodaten einspielen', service: 'python', exposure: 'admin' },
{ method: 'POST', path: '/seed', description: 'Systemdaten einspielen', service: 'python', exposure: 'admin' },
],
},
@@ -41,6 +42,7 @@ export const apiModules: ApiModule[] = [
name: 'Audit — Sitzungen & Checklisten',
service: 'python',
basePath: '/api/compliance/audit',
exposure: 'internal',
endpoints: [
{ method: 'POST', path: '/sessions', description: 'Audit-Sitzung erstellen', service: 'python' },
{ method: 'GET', path: '/sessions', description: 'Alle Audit-Sitzungen auflisten', service: 'python' },
@@ -61,6 +63,7 @@ export const apiModules: ApiModule[] = [
name: 'AI Act — KI-Systeme & Risikobewertung',
service: 'python',
basePath: '/api/compliance/ai',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/systems', description: 'KI-Systeme auflisten', service: 'python' },
{ method: 'POST', path: '/systems', description: 'KI-System erstellen', service: 'python' },
@@ -76,12 +79,13 @@ export const apiModules: ApiModule[] = [
name: 'Cookie-Banner & Consent Management',
service: 'python',
basePath: '/api/compliance/consent',
exposure: 'internal',
endpoints: [
{ method: 'POST', path: '/consent', description: 'Einwilligung erfassen', service: 'python' },
{ method: 'POST', path: '/consent', description: 'Einwilligung erfassen', service: 'python', exposure: 'public' },
{ method: 'GET', path: '/consent', description: 'Einwilligungen auflisten', service: 'python' },
{ method: 'DELETE', path: '/consent/{consent_id}', description: 'Einwilligung loeschen', service: 'python' },
{ method: 'GET', path: '/consent/export', description: 'Einwilligungsdaten exportieren', service: 'python' },
{ method: 'GET', path: '/config/{site_id}', description: 'Seitenkonfiguration laden', service: 'python' },
{ method: 'GET', path: '/config/{site_id}', description: 'Seitenkonfiguration laden', service: 'python', exposure: 'public' },
{ method: 'GET', path: '/admin/sites', description: 'Alle Seiten auflisten', service: 'python' },
{ method: 'POST', path: '/admin/sites', description: 'Seite erstellen', service: 'python' },
{ method: 'PUT', path: '/admin/sites/{site_id}', description: 'Seite aktualisieren', service: 'python' },
@@ -101,6 +105,7 @@ export const apiModules: ApiModule[] = [
name: 'Change Requests — Aenderungsantraege',
service: 'python',
basePath: '/api/compliance/change-requests',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/stats', description: 'CR-Statistiken laden', service: 'python' },
{ method: 'GET', path: '/{cr_id}', description: 'Einzelnen CR laden', service: 'python' },
@@ -116,6 +121,7 @@ export const apiModules: ApiModule[] = [
name: 'Stammdaten — Unternehmensprofil',
service: 'python',
basePath: '/api/v1/company-profile',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/', description: 'Unternehmensprofil laden', service: 'python' },
{ method: 'POST', path: '/', description: 'Profil erstellen/aktualisieren', service: 'python' },
@@ -130,6 +136,7 @@ export const apiModules: ApiModule[] = [
name: 'Compliance Scope — Geltungsbereich',
service: 'python',
basePath: '/api/v1/compliance-scope',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/', description: 'Compliance-Scope laden', service: 'python' },
{ method: 'POST', path: '/', description: 'Compliance-Scope erstellen/aktualisieren', service: 'python' },
@@ -141,6 +148,7 @@ export const apiModules: ApiModule[] = [
name: 'Einwilligungsvorlagen — Consent Templates',
service: 'python',
basePath: '/api/compliance/consent-templates',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/consent-templates', description: 'Vorlagen auflisten', service: 'python' },
{ method: 'POST', path: '/consent-templates', description: 'Vorlage erstellen', service: 'python' },
@@ -156,6 +164,7 @@ export const apiModules: ApiModule[] = [
name: 'Dashboard — Compliance-Uebersicht & Reports',
service: 'python',
basePath: '/api/compliance/dashboard',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/dashboard', description: 'Haupt-Dashboard laden', service: 'python' },
{ method: 'GET', path: '/score', description: 'Compliance-Score berechnen', service: 'python' },
@@ -171,6 +180,7 @@ export const apiModules: ApiModule[] = [
name: 'DSFA — Datenschutz-Folgenabschaetzung',
service: 'python',
basePath: '/api/compliance/dsfa',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/', description: 'DSFAs auflisten', service: 'python' },
{ method: 'POST', path: '/', description: 'DSFA erstellen', service: 'python' },
@@ -195,6 +205,7 @@ export const apiModules: ApiModule[] = [
name: 'DSR — Betroffenenrechte (Admin)',
service: 'python',
basePath: '/api/compliance/dsr',
exposure: 'internal',
endpoints: [
{ method: 'POST', path: '/', description: 'DSR erstellen', service: 'python' },
{ method: 'GET', path: '/', description: 'DSRs auflisten', service: 'python' },
@@ -229,6 +240,7 @@ export const apiModules: ApiModule[] = [
name: 'Einwilligungen — DSGVO-Einwilligungsverwaltung',
service: 'python',
basePath: '/api/compliance/einwilligungen',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/catalog', description: 'Einwilligungskatalog laden', service: 'python' },
{ method: 'PUT', path: '/catalog', description: 'Katalog aktualisieren', service: 'python' },
@@ -249,6 +261,7 @@ export const apiModules: ApiModule[] = [
name: 'E-Mail-Vorlagen — Template-Verwaltung',
service: 'python',
basePath: '/api/compliance/email-templates',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/types', description: 'Vorlagentypen laden', service: 'python' },
{ method: 'GET', path: '/stats', description: 'E-Mail-Statistiken laden', service: 'python' },
@@ -279,6 +292,7 @@ export const apiModules: ApiModule[] = [
name: 'Eskalationen — Eskalationsmanagement',
service: 'python',
basePath: '/api/compliance/escalations',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/', description: 'Eskalationen auflisten', service: 'python' },
{ method: 'POST', path: '/', description: 'Eskalation erstellen', service: 'python' },
@@ -295,13 +309,14 @@ export const apiModules: ApiModule[] = [
name: 'Nachweise — Evidence Management',
service: 'python',
basePath: '/api/compliance/evidence',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/evidence', description: 'Nachweise auflisten', service: 'python' },
{ method: 'POST', path: '/evidence', description: 'Nachweis erstellen', service: 'python' },
{ method: 'DELETE', path: '/evidence/{evidence_id}', description: 'Nachweis loeschen', service: 'python' },
{ method: 'POST', path: '/evidence/upload', description: 'Nachweis-Datei hochladen', service: 'python' },
{ method: 'POST', path: '/evidence/collect', description: 'CI-Nachweis sammeln', service: 'python' },
{ method: 'GET', path: '/evidence/ci-status', description: 'CI-Nachweis-Status laden', service: 'python' },
{ method: 'POST', path: '/evidence/collect', description: 'CI-Nachweis sammeln', service: 'python', exposure: 'partner' },
{ method: 'GET', path: '/evidence/ci-status', description: 'CI-Nachweis-Status laden', service: 'python', exposure: 'partner' },
],
},
@@ -310,6 +325,7 @@ export const apiModules: ApiModule[] = [
name: 'Extraktion — Anforderungen aus RAG',
service: 'python',
basePath: '/api/compliance',
exposure: 'internal',
endpoints: [
{ method: 'POST', path: '/extract-requirements-from-rag', description: 'Anforderungen aus RAG-Korpus extrahieren', service: 'python' },
],
@@ -320,6 +336,7 @@ export const apiModules: ApiModule[] = [
name: 'Dokumentengenerierung — Automatische Erstellung',
service: 'python',
basePath: '/api/compliance/generation',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/preview/{doc_type}', description: 'Generierungs-Vorschau laden', service: 'python' },
{ method: 'POST', path: '/apply/{doc_type}', description: 'Dokument generieren und anwenden', service: 'python' },
@@ -331,6 +348,7 @@ export const apiModules: ApiModule[] = [
name: 'Dokument-Import & Gap-Analyse',
service: 'python',
basePath: '/api/import',
exposure: 'internal',
endpoints: [
{ method: 'POST', path: '/analyze', description: 'Dokument analysieren', service: 'python' },
{ method: 'GET', path: '/gap-analysis/{document_id}', description: 'Gap-Analyse laden', service: 'python' },
@@ -344,6 +362,7 @@ export const apiModules: ApiModule[] = [
name: 'Datenschutz-Vorfaelle — Incident Management',
service: 'python',
basePath: '/api/compliance/incidents',
exposure: 'internal',
endpoints: [
{ method: 'POST', path: '/', description: 'Vorfall erstellen', service: 'python' },
{ method: 'GET', path: '/', description: 'Vorfaelle auflisten', service: 'python' },
@@ -368,6 +387,7 @@ export const apiModules: ApiModule[] = [
name: 'ISMS — ISO 27001 Managementsystem',
service: 'python',
basePath: '/api/compliance/isms',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/scope', description: 'ISMS-Scope laden', service: 'python' },
{ method: 'POST', path: '/scope', description: 'ISMS-Scope erstellen', service: 'python' },
@@ -416,6 +436,7 @@ export const apiModules: ApiModule[] = [
name: 'Rechtliche Dokumente — Verwaltung & Versionen',
service: 'python',
basePath: '/api/compliance/legal-documents',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/documents', description: 'Dokumente auflisten', service: 'python' },
{ method: 'POST', path: '/documents', description: 'Dokument erstellen', service: 'python' },
@@ -431,8 +452,8 @@ export const apiModules: ApiModule[] = [
{ method: 'POST', path: '/versions/{version_id}/reject', description: 'Version ablehnen', service: 'python' },
{ method: 'POST', path: '/versions/{version_id}/publish', description: 'Version veroeffentlichen', service: 'python' },
{ method: 'GET', path: '/versions/{version_id}/approval-history', description: 'Genehmigungshistorie laden', service: 'python' },
{ method: 'GET', path: '/public', description: 'Oeffentliche Dokumente laden', service: 'python' },
{ method: 'GET', path: '/public/{document_type}/latest', description: 'Aktuellstes Dokument laden', service: 'python' },
{ method: 'GET', path: '/public', description: 'Oeffentliche Dokumente laden', service: 'python', exposure: 'public' },
{ method: 'GET', path: '/public/{document_type}/latest', description: 'Aktuellstes Dokument laden', service: 'python', exposure: 'public' },
{ method: 'POST', path: '/consents', description: 'Einwilligung erfassen', service: 'python' },
{ method: 'GET', path: '/consents/my', description: 'Eigene Einwilligungen laden', service: 'python' },
{ method: 'GET', path: '/consents/check/{document_type}', description: 'Einwilligungsstatus pruefen', service: 'python' },
@@ -451,6 +472,7 @@ export const apiModules: ApiModule[] = [
name: 'Dokumentvorlagen — DSGVO-Generatoren',
service: 'python',
basePath: '/api/compliance/legal-templates',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/', description: 'Vorlagen auflisten', service: 'python' },
{ method: 'GET', path: '/status', description: 'Vorlagenstatus laden', service: 'python' },
@@ -467,6 +489,7 @@ export const apiModules: ApiModule[] = [
name: 'Loeschfristen — Aufbewahrung & Loeschung',
service: 'python',
basePath: '/api/compliance/loeschfristen',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/', description: 'Loeschrichtlinien auflisten', service: 'python' },
{ method: 'POST', path: '/', description: 'Richtlinie erstellen', service: 'python' },
@@ -485,11 +508,12 @@ export const apiModules: ApiModule[] = [
name: 'Module — Compliance-Modul-Verwaltung',
service: 'python',
basePath: '/api/compliance/modules',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/modules', description: 'Module auflisten', service: 'python' },
{ method: 'GET', path: '/modules/overview', description: 'Modul-Uebersicht laden', service: 'python' },
{ method: 'GET', path: '/modules/{module_id}', description: 'Modul laden', service: 'python' },
{ method: 'POST', path: '/modules/seed', description: 'Module einspielen', service: 'python' },
{ method: 'POST', path: '/modules/seed', description: 'Module einspielen', service: 'python', exposure: 'admin' },
{ method: 'POST', path: '/modules/{module_id}/activate', description: 'Modul aktivieren', service: 'python' },
{ method: 'POST', path: '/modules/{module_id}/deactivate', description: 'Modul deaktivieren', service: 'python' },
{ method: 'POST', path: '/modules/{module_id}/regulations', description: 'Regulierungs-Zuordnung hinzufuegen', service: 'python' },
@@ -501,6 +525,7 @@ export const apiModules: ApiModule[] = [
name: 'Notfallplan — Kontakte, Szenarien & Uebungen',
service: 'python',
basePath: '/api/compliance/notfallplan',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/contacts', description: 'Notfallkontakte laden', service: 'python' },
{ method: 'POST', path: '/contacts', description: 'Kontakt erstellen', service: 'python' },
@@ -533,6 +558,7 @@ export const apiModules: ApiModule[] = [
name: 'Pflichten — Compliance-Obligations',
service: 'python',
basePath: '/api/compliance/obligations',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/', description: 'Pflichten auflisten', service: 'python' },
{ method: 'POST', path: '/', description: 'Pflicht erstellen', service: 'python' },
@@ -551,6 +577,7 @@ export const apiModules: ApiModule[] = [
name: 'Quality — KI-Qualitaetsmetriken & Tests',
service: 'python',
basePath: '/api/compliance/quality',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/stats', description: 'Qualitaets-Statistiken laden', service: 'python' },
{ method: 'GET', path: '/metrics', description: 'Metriken auflisten', service: 'python' },
@@ -569,6 +596,7 @@ export const apiModules: ApiModule[] = [
name: 'Risikomanagement — Bewertung & Matrix',
service: 'python',
basePath: '/api/compliance/risks',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/risks', description: 'Risiken auflisten', service: 'python' },
{ method: 'POST', path: '/risks', description: 'Risiko erstellen', service: 'python' },
@@ -583,8 +611,9 @@ export const apiModules: ApiModule[] = [
name: 'Screening — Abhaengigkeiten-Pruefung',
service: 'python',
basePath: '/api/compliance/screening',
exposure: 'internal',
endpoints: [
{ method: 'POST', path: '/scan', description: 'Abhaengigkeiten scannen', service: 'python' },
{ method: 'POST', path: '/scan', description: 'Abhaengigkeiten scannen', service: 'python', exposure: 'partner' },
{ method: 'GET', path: '/{screening_id}', description: 'Screening-Ergebnis laden', service: 'python' },
{ method: 'GET', path: '/', description: 'Screenings auflisten', service: 'python' },
],
@@ -595,6 +624,7 @@ export const apiModules: ApiModule[] = [
name: 'Scraper — Rechtsquellen-Aktualisierung',
service: 'python',
basePath: '/api/compliance/scraper',
exposure: 'partner',
endpoints: [
{ method: 'GET', path: '/scraper/status', description: 'Scraper-Status laden', service: 'python' },
{ method: 'GET', path: '/scraper/sources', description: 'Quellen auflisten', service: 'python' },
@@ -611,6 +641,7 @@ export const apiModules: ApiModule[] = [
name: 'Security Backlog — Sicherheitsmassnahmen',
service: 'python',
basePath: '/api/compliance/security-backlog',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/', description: 'Backlog-Eintraege auflisten', service: 'python' },
{ method: 'POST', path: '/', description: 'Eintrag erstellen', service: 'python' },
@@ -625,6 +656,7 @@ export const apiModules: ApiModule[] = [
name: 'Source Policy — Datenquellen & PII-Regeln',
service: 'python',
basePath: '/api/compliance/source-policy',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/sources', description: 'Datenquellen auflisten', service: 'python' },
{ method: 'POST', path: '/sources', description: 'Quelle erstellen', service: 'python' },
@@ -649,6 +681,7 @@ export const apiModules: ApiModule[] = [
name: 'TOM — Technisch-Organisatorische Massnahmen',
service: 'python',
basePath: '/api/compliance/tom',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/state', description: 'TOM-Zustand laden', service: 'python' },
{ method: 'POST', path: '/state', description: 'TOM-Zustand speichern', service: 'python' },
@@ -669,6 +702,7 @@ export const apiModules: ApiModule[] = [
name: 'Vendor Compliance — Auftragsverarbeitung',
service: 'python',
basePath: '/api/compliance/vendors',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/vendors/stats', description: 'Anbieter-Statistiken laden', service: 'python' },
{ method: 'GET', path: '/vendors', description: 'Anbieter auflisten', service: 'python' },
@@ -703,6 +737,7 @@ export const apiModules: ApiModule[] = [
name: 'VVT — Verarbeitungsverzeichnis (Art. 30 DSGVO)',
service: 'python',
basePath: '/api/compliance/vvt',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/organization', description: 'Organisationskopf laden', service: 'python' },
{ method: 'PUT', path: '/organization', description: 'Organisationskopf speichern', service: 'python' },
@@ -724,6 +759,7 @@ export const apiModules: ApiModule[] = [
name: 'Consent API — Nutzer-Einwilligungen',
service: 'python',
basePath: '/api/consents',
exposure: 'public',
endpoints: [
{ method: 'GET', path: '/token/demo', description: 'Demo-Token laden', service: 'python' },
{ method: 'GET', path: '/check/{document_type}', description: 'Einwilligungsstatus pruefen', service: 'python' },
@@ -744,6 +780,7 @@ export const apiModules: ApiModule[] = [
name: 'Consent Admin — Dokumenten- & Versionsverwaltung',
service: 'python',
basePath: '/api/admin/consents',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/documents', description: 'Dokumente auflisten', service: 'python' },
{ method: 'POST', path: '/documents', description: 'Dokument erstellen', service: 'python' },
@@ -777,6 +814,7 @@ export const apiModules: ApiModule[] = [
name: 'DSR API — Nutzer-Betroffenenrechte',
service: 'python',
basePath: '/api/dsr',
exposure: 'public',
endpoints: [
{ method: 'POST', path: '/', description: 'Antrag stellen', service: 'python' },
{ method: 'GET', path: '/', description: 'Eigene Antraege laden', service: 'python' },
@@ -790,6 +828,7 @@ export const apiModules: ApiModule[] = [
name: 'DSR Admin — Antrags-Verwaltung',
service: 'python',
basePath: '/api/admin/dsr',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/', description: 'Alle Antraege laden', service: 'python' },
{ method: 'GET', path: '/stats', description: 'DSR-Statistiken laden', service: 'python' },
@@ -817,6 +856,7 @@ export const apiModules: ApiModule[] = [
name: 'GDPR / Datenschutz — Nutzerdaten & Export',
service: 'python',
basePath: '/api/gdpr',
exposure: 'public',
endpoints: [
{ method: 'POST', path: '/export-pdf', description: 'Nutzerdaten als PDF exportieren', service: 'python' },
{ method: 'GET', path: '/export-html', description: 'Nutzerdaten als HTML exportieren', service: 'python' },
@@ -835,8 +875,9 @@ export const apiModules: ApiModule[] = [
name: 'Health — System-Status',
service: 'go',
basePath: '/sdk/v1',
exposure: 'admin',
endpoints: [
{ method: 'GET', path: '/health', description: 'API Health-Check', service: 'go' },
{ method: 'GET', path: '/health', description: 'API Health-Check', service: 'go', exposure: 'admin' },
],
},
@@ -845,6 +886,7 @@ export const apiModules: ApiModule[] = [
name: 'RBAC — Tenant, Rollen & Berechtigungen',
service: 'go',
basePath: '/sdk/v1',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/tenants', description: 'Alle Tenants auflisten', service: 'go' },
{ method: 'GET', path: '/tenants/:id', description: 'Tenant laden', service: 'go' },
@@ -871,6 +913,7 @@ export const apiModules: ApiModule[] = [
name: 'LLM — KI-Textverarbeitung & Policies',
service: 'go',
basePath: '/sdk/v1/llm',
exposure: 'partner',
endpoints: [
{ method: 'GET', path: '/policies', description: 'LLM-Policies auflisten', service: 'go' },
{ method: 'GET', path: '/policies/:id', description: 'Policy laden', service: 'go' },
@@ -891,6 +934,7 @@ export const apiModules: ApiModule[] = [
name: 'Audit (Go) — LLM-Audit & Compliance-Reports',
service: 'go',
basePath: '/sdk/v1/audit',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/llm', description: 'LLM-Audit-Logs laden', service: 'go' },
{ method: 'GET', path: '/general', description: 'Allgemeine Audit-Logs laden', service: 'go' },
@@ -909,6 +953,7 @@ export const apiModules: ApiModule[] = [
name: 'UCCA — Use-Case Compliance Advisor',
service: 'go',
basePath: '/sdk/v1/ucca',
exposure: 'internal',
endpoints: [
{ method: 'POST', path: '/assess', description: 'Compliance-Bewertung durchfuehren', service: 'go' },
{ method: 'GET', path: '/assessments', description: 'Bewertungen auflisten', service: 'go' },
@@ -951,6 +996,7 @@ export const apiModules: ApiModule[] = [
name: 'RAG — Legal Corpus & Vektorsuche',
service: 'go',
basePath: '/sdk/v1/rag',
exposure: 'partner',
endpoints: [
{ method: 'POST', path: '/search', description: 'Rechtskorpus durchsuchen', service: 'go' },
{ method: 'GET', path: '/regulations', description: 'Regulierungen auflisten', service: 'go' },
@@ -964,6 +1010,7 @@ export const apiModules: ApiModule[] = [
name: 'Roadmaps — Compliance-Implementierungsplaene',
service: 'go',
basePath: '/sdk/v1/roadmaps',
exposure: 'internal',
endpoints: [
{ method: 'POST', path: '/', description: 'Roadmap erstellen', service: 'go' },
{ method: 'GET', path: '/', description: 'Roadmaps auflisten', service: 'go' },
@@ -984,6 +1031,7 @@ export const apiModules: ApiModule[] = [
name: 'Roadmap Items — Einzelne Massnahmen',
service: 'go',
basePath: '/sdk/v1/roadmap-items',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/:id', description: 'Item laden', service: 'go' },
{ method: 'PUT', path: '/:id', description: 'Item aktualisieren', service: 'go' },
@@ -997,6 +1045,7 @@ export const apiModules: ApiModule[] = [
name: 'Workshops — Kollaborative Compliance-Workshops',
service: 'go',
basePath: '/sdk/v1/workshops',
exposure: 'internal',
endpoints: [
{ method: 'POST', path: '/', description: 'Workshop erstellen', service: 'go' },
{ method: 'GET', path: '/', description: 'Workshops auflisten', service: 'go' },
@@ -1027,6 +1076,7 @@ export const apiModules: ApiModule[] = [
name: 'Portfolios — KI-Use-Case-Portfolio',
service: 'go',
basePath: '/sdk/v1/portfolios',
exposure: 'internal',
endpoints: [
{ method: 'POST', path: '/', description: 'Portfolio erstellen', service: 'go' },
{ method: 'GET', path: '/', description: 'Portfolios auflisten', service: 'go' },
@@ -1053,6 +1103,7 @@ export const apiModules: ApiModule[] = [
name: 'Academy — E-Learning & Zertifikate',
service: 'go',
basePath: '/sdk/v1/academy',
exposure: 'internal',
endpoints: [
{ method: 'POST', path: '/courses', description: 'Kurs erstellen', service: 'go' },
{ method: 'GET', path: '/courses', description: 'Kurse auflisten', service: 'go' },
@@ -1080,6 +1131,7 @@ export const apiModules: ApiModule[] = [
name: 'Training — Schulungsmodule & Content-Pipeline',
service: 'go',
basePath: '/sdk/v1/training',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/modules', description: 'Schulungsmodule auflisten', service: 'go' },
{ method: 'GET', path: '/modules/:id', description: 'Modul laden', service: 'go' },
@@ -1115,7 +1167,7 @@ export const apiModules: ApiModule[] = [
{ method: 'POST', path: '/escalation/check', description: 'Eskalation pruefen', service: 'go' },
{ method: 'GET', path: '/audit-log', description: 'Schulungs-Audit-Log laden', service: 'go' },
{ method: 'GET', path: '/stats', description: 'Schulungs-Statistiken laden', service: 'go' },
{ method: 'GET', path: '/certificates/:id/verify', description: 'Zertifikat verifizieren', service: 'go' },
{ method: 'GET', path: '/certificates/:id/verify', description: 'Zertifikat verifizieren', service: 'go', exposure: 'partner' },
],
},
@@ -1124,10 +1176,11 @@ export const apiModules: ApiModule[] = [
name: 'Whistleblower — Hinweisgebersystem (HinSchG)',
service: 'go',
basePath: '/sdk/v1/whistleblower',
exposure: 'internal',
endpoints: [
{ method: 'POST', path: '/reports/submit', description: 'Anonymen Hinweis einreichen', service: 'go' },
{ method: 'GET', path: '/reports/access/:accessKey', description: 'Hinweis per Zugangscode laden', service: 'go' },
{ method: 'POST', path: '/reports/access/:accessKey/messages', description: 'Nachricht senden (anonym)', service: 'go' },
{ method: 'POST', path: '/reports/submit', description: 'Anonymen Hinweis einreichen', service: 'go', exposure: 'public' },
{ method: 'GET', path: '/reports/access/:accessKey', description: 'Hinweis per Zugangscode laden', service: 'go', exposure: 'public' },
{ method: 'POST', path: '/reports/access/:accessKey/messages', description: 'Nachricht senden (anonym)', service: 'go', exposure: 'public' },
{ method: 'GET', path: '/reports', description: 'Alle Hinweise auflisten', service: 'go' },
{ method: 'GET', path: '/reports/:id', description: 'Hinweis laden', service: 'go' },
{ method: 'PUT', path: '/reports/:id', description: 'Hinweis aktualisieren', service: 'go' },
@@ -1147,6 +1200,7 @@ export const apiModules: ApiModule[] = [
name: 'IACE — Industrial AI / CE-Compliance Engine',
service: 'go',
basePath: '/sdk/v1/iace',
exposure: 'internal',
endpoints: [
{ method: 'GET', path: '/hazard-library', description: 'Gefahrenbibliothek laden', service: 'go' },
{ method: 'GET', path: '/controls-library', description: 'Controls-Bibliothek laden', service: 'go' },

3
admin-compliance/lib/sdk/api-docs/types.ts
View File

@@ -1,11 +1,13 @@
export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH'
export type BackendService = 'python' | 'go'
export type ApiExposure = 'public' | 'partner' | 'internal' | 'admin'
export interface ApiEndpoint {
method: HttpMethod
path: string
description: string
service: BackendService
exposure?: ApiExposure
}
export interface ApiModule {
@@ -13,5 +15,6 @@ export interface ApiModule {
name: string
service: BackendService
basePath: string
exposure: ApiExposure
endpoints: ApiEndpoint[]
}

38
developer-portal/app/api/page.tsx
View File

@@ -1,6 +1,20 @@
import Link from 'next/link'
import { DevPortalLayout, ApiEndpoint, InfoBox } from '@/components/DevPortalLayout'
function ExposureBadge({ type }: { type: 'public' | 'partner' | 'internal' | 'admin' }) {
const config = {
public: { label: 'Oeffentlich', className: 'bg-green-100 text-green-800' },
partner: { label: 'Integration', className: 'bg-blue-100 text-blue-800' },
internal: { label: 'Intern', className: 'bg-gray-100 text-gray-700' },
admin: { label: 'Wartung', className: 'bg-orange-100 text-orange-800' },
}[type]
return (
<span className={`inline-block text-[10px] font-medium px-1.5 py-0.5 rounded ml-2 ${config.className}`}>
{config.label}
</span>
)
}
export default function ApiReferencePage() {
return (
<DevPortalLayout
@@ -18,6 +32,18 @@ export default function ApiReferencePage() {
Für Self-Hosted-Installationen verwenden Sie Ihre eigene Domain.
</p>
<InfoBox type="info" title="API Exposure">
Jeder Endpoint ist mit einer Exposure-Kategorie gekennzeichnet:
<span className="inline-block text-[10px] font-medium px-1.5 py-0.5 rounded bg-green-100 text-green-800 mx-1">Oeffentlich</span>
Internet-exponiert,
<span className="inline-block text-[10px] font-medium px-1.5 py-0.5 rounded bg-blue-100 text-blue-800 mx-1">Integration</span>
API-Key-authentifiziert,
<span className="inline-block text-[10px] font-medium px-1.5 py-0.5 rounded bg-gray-100 text-gray-700 mx-1">Intern</span>
nur Admin-Dashboard,
<span className="inline-block text-[10px] font-medium px-1.5 py-0.5 rounded bg-orange-100 text-orange-800 mx-1">Wartung</span>
nur Setup.
</InfoBox>
<h2>Authentifizierung</h2>
<p>
Alle API-Anfragen erfordern einen gültigen API Key im Header:
@@ -33,7 +59,7 @@ export default function ApiReferencePage() {
<h2>API Endpoints</h2>
<h3>State Management</h3>
<h3>State Management <ExposureBadge type="internal" /></h3>
<p>
Verwalten Sie den SDK-State für Ihren Tenant.
</p>
@@ -60,7 +86,7 @@ export default function ApiReferencePage() {
</Link>
</p>
<h3>RAG Search</h3>
<h3>RAG Search <ExposureBadge type="partner" /></h3>
<p>
Durchsuchen Sie den Compliance-Korpus (DSGVO, AI Act, NIS2).
</p>
@@ -82,7 +108,7 @@ export default function ApiReferencePage() {
</Link>
</p>
<h3>Document Generation</h3>
<h3>Document Generation <ExposureBadge type="internal" /></h3>
<p>
Generieren Sie Compliance-Dokumente automatisch.
</p>
@@ -109,7 +135,7 @@ export default function ApiReferencePage() {
</Link>
</p>
<h3>Export</h3>
<h3>Export <ExposureBadge type="internal" /></h3>
<p>
Exportieren Sie den Compliance-Stand in verschiedenen Formaten.
</p>
@@ -126,7 +152,7 @@ export default function ApiReferencePage() {
</Link>
</p>
<h3>Consent Management</h3>
<h3>Consent Management <ExposureBadge type="public" /></h3>
<p>
Verwalten Sie Einwilligungen, rechtliche Dokumente und Cookie-Banner-Konfigurationen.
</p>
@@ -142,7 +168,7 @@ export default function ApiReferencePage() {
</Link>
</p>
<h3>DSFA Datenschutz-Folgenabschätzung</h3>
<h3>DSFA Datenschutz-Folgenabschätzung <ExposureBadge type="internal" /></h3>
<p>
Verwalten Sie Datenschutz-Folgenabschätzungen gemäß Art. 35 DSGVO mit vollständigem
Audit-Trail, Status-Workflow und Risikobewertung.

62
developer-portal/app/page.tsx
View File

@@ -132,6 +132,68 @@ function ComplianceDashboard() {
</ul>
</InfoBox>
{/* API Exposure Classification */}
<h2>API-Exposure-Klassifikation</h2>
<p>
Das SDK klassifiziert alle API-Endpoints nach ihrer Netzwerk-Exposition.
Von den ~640 Endpoints sind nur ~9% oeffentlich exponiert.
</p>
<div className="my-4 overflow-x-auto not-prose">
<table className="min-w-full divide-y divide-gray-200">
<thead className="bg-gray-50">
<tr>
<th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Kategorie</th>
<th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Badge</th>
<th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Bedeutung</th>
<th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">~Endpoints</th>
</tr>
</thead>
<tbody className="bg-white divide-y divide-gray-200 text-sm">
<tr>
<td className="px-4 py-3 font-medium">public</td>
<td className="px-4 py-3">
<span className="inline-block text-xs font-medium px-2 py-0.5 rounded bg-green-100 text-green-800">Oeffentlich</span>
</td>
<td className="px-4 py-3 text-gray-600">Von Endnutzern/Browsern erreichbar (Internet)</td>
<td className="px-4 py-3">~30</td>
</tr>
<tr>
<td className="px-4 py-3 font-medium">partner</td>
<td className="px-4 py-3">
<span className="inline-block text-xs font-medium px-2 py-0.5 rounded bg-blue-100 text-blue-800">Integration</span>
</td>
<td className="px-4 py-3 text-gray-600">Fuer externe Systeme (CI/CD, LLM-Provider, API-Key/OAuth)</td>
<td className="px-4 py-3">~25</td>
</tr>
<tr>
<td className="px-4 py-3 font-medium">internal</td>
<td className="px-4 py-3">
<span className="inline-block text-xs font-medium px-2 py-0.5 rounded bg-gray-100 text-gray-700">Intern</span>
</td>
<td className="px-4 py-3 text-gray-600">Nur Admin-Dashboard, nicht Internet-exponiert</td>
<td className="px-4 py-3">~550</td>
</tr>
<tr>
<td className="px-4 py-3 font-medium">admin</td>
<td className="px-4 py-3">
<span className="inline-block text-xs font-medium px-2 py-0.5 rounded bg-orange-100 text-orange-800">Wartung</span>
</td>
<td className="px-4 py-3 text-gray-600">Setup/Maintenance nach Deployment deaktivieren</td>
<td className="px-4 py-3">~4</td>
</tr>
</tbody>
</table>
</div>
<InfoBox type="info" title="Sicherheitshinweis">
<p>
Bei Self-Hosted-Deployments stellen Sie sicher, dass nur <strong>public</strong> und
<strong> partner</strong> Endpoints ueber den Reverse Proxy erreichbar sind.
Interne und Wartungs-Endpoints sollten ausschliesslich im Docker-Netzwerk / VPN erreichbar sein.
</p>
</InfoBox>
{/* Features */}
<h2>Hauptfunktionen</h2>
<div className="grid grid-cols-1 md:grid-cols-2 gap-4 not-prose">