# Breakpilot Service Coverage - Sprint 3 ## Übersicht Vollständige Dokumentation aller 36 Breakpilot Services in der Compliance-Registry. ## Service-Kategorien ### Backend Services (11) | Service | Port | PII | AI | Criticality | GDPR | AI Act | BSI-TR | |---------|------|-----|----|----|------|--------|--------| | python-backend | 8000 | ✓ | - | critical | ✓✓✓ | ✓✓ | ✓✓ | | consent-service | 8081 | ✓ | - | critical | ✓✓✓ | - | ✓✓ | | billing-service | 8083 | ✓ | - | critical | ✓✓✓ | - | - | | school-service | 8084 | ✓ | - | high | ✓✓✓ | - | ✓✓ | | calendar-service | 8085 | ✓ | - | medium | ✓✓ | - | - | | h5p-service | 8082 | ✓ | - | medium | ✓✓ | - | - | | website | 3000 | ✓ | - | high | ✓✓ | - | ✓✓ | | dsms-gateway | 8082 | ✓ | - | medium | ✓✓ | - | - | | erpnext | 8080 | ✓ | - | high | ✓✓✓ | - | - | | camunda | 8089 | ✓ | - | medium | ✓✓ | - | - | | compliance-module | - | - | ✓ | high | ✓✓ | ✓ | - | ### AI Services (4) | Service | Port | PII | AI | Criticality | GDPR | AI Act | Notes | |---------|------|-----|----|-------------|------|--------|-------| | klausur-service | 8086 | ✓ | ✓ | high | ✓✓✓ | ✓✓✓ | High-Risk KI (Bildung) | | embedding-service | 8087 | - | ✓ | medium | ✓ | ✓✓ | RAG/Embeddings | | transcription-worker | - | ✓ | ✓ | medium | ✓✓ | ✓✓ | Whisper ASR | | llm-gateway | 8088 | ✓ | ✓ | high | ✓✓ | ✓✓✓ | LLM Orchestration | | breakpilot-drive | 3001 | ✓ | ✓ | medium | ✓✓ | ✓✓ | Unity + LLM | ### Databases (5) | Service | Port | Type | PII | Criticality | GDPR | BSI-TR | |---------|------|------|-----|-------------|------|--------| | postgresql | 5432 | Relational | ✓ | critical | ✓✓✓ | ✓✓✓ | | qdrant | 6333 | Vector | - | medium | ✓ | ✓✓ | | valkey | 6379 | Cache | ✓ | high | ✓✓ | ✓✓ | | content-db | 5433 | Relational | - | medium | - | ✓✓ | | erpnext-db | 3306 | MariaDB | ✓ | high | ✓✓ | ✓✓ | ### Communication Services (6) | Service | Port | PII | Criticality | GDPR | DSA | Notes | |---------|------|-----|-------------|------|-----|-------| | matrix-synapse | 8008 | ✓ | high | ✓✓✓ | ✓✓ | E2EE Chat | | synapse-db | 5432 | ✓ | high | ✓✓✓ | - | Matrix DB | | jitsi-meet | 8443 | ✓ | high | ✓✓✓ | - | Video Frontend | | jitsi-prosody | 5222 | ✓ | high | ✓✓ | - | XMPP Server | | jitsi-jicofo | - | - | medium | ✓ | - | Conference Focus | | jitsi-jvb | 10000 | ✓ | high | ✓✓ | - | Video Bridge | | jibri | - | ✓ | high | ✓✓✓ | - | Recording | ### Storage Services (2) | Service | Port | Type | PII | Criticality | GDPR | BSI-TR | |---------|------|------|-----|-------------|------|--------| | minio | 9000 | S3 | ✓ | critical | ✓✓✓ | ✓✓ | | dsms-node | 5001 | IPFS | ✓ | medium | ✓✓ | ✓✓ | ### Infrastructure Services (5) | Service | Port | PII | Criticality | GDPR | NIS2 | Notes | |---------|------|-----|-------------|------|------|-------| | vault | 8200 | - | critical | ✓✓ | - | Secrets Management | | traefik | 443 | ✓ | critical | - | ✓✓ | Reverse Proxy | | mailpit | 8025 | ✓ | low | ✓ | - | Dev Mail Server | | backup | - | ✓ | critical | ✓✓✓ | - | DB Backups | ### Monitoring Services (3) | Service | Port | PII | Criticality | GDPR | BSI-TR | Notes | |---------|------|-----|-------------|------|--------|-------| | loki | 3100 | ✓ | high | ✓✓ | ✓✓ | Log Aggregation | | grafana | 3000 | - | medium | - | ✓✓ | Dashboards | | prometheus | 9090 | - | medium | - | ✓✓ | Metrics | ### Security Services (1) | Service | Port | PII | Criticality | GDPR | BSI-TR | Notes | |---------|------|-----|-------------|------|--------|-------| | vault | 8200 | - | critical | ✓✓ | ✓✓✓ | Encryption as a Service | ## Statistiken ### Gesamt - **36 Services** dokumentiert - **26 Services** (72%) verarbeiten PII - **5 Services** (14%) enthalten KI-Komponenten - **9 Services** (25%) sind als "critical" eingestuft ### Nach Service-Typ ``` Backend: 11 (31%) Communication: 6 (17%) Database: 5 (14%) AI: 5 (14%) Infrastructure: 5 (14%) Monitoring: 3 (8%) Storage: 2 (6%) Security: 1 (3%) ``` ### Technologie-Stack (Top 10) ``` Python: 15 Services PostgreSQL: 8 Services FastAPI: 7 Services Go: 4 Services Java: 3 Services JavaScript: 2 Services WebRTC: 2 Services Redis/Valkey: 2 Services Nginx: 2 Services Docker: 36 Services (alle) ``` ### Compliance-Abdeckung #### GDPR - **Critical**: 15 Services (consent, billing, school, postgresql, minio, backup, etc.) - **High**: 10 Services (python-backend, klausur-service, matrix-synapse, etc.) - **Medium**: 8 Services (calendar, embedding, dsms, etc.) - **Low**: 3 Services (mailpit, etc.) #### AI Act - **Critical**: 3 Services (klausur-service, llm-gateway) - **High**: 2 Services (python-backend) - **Medium**: 5 Services (embedding-service, transcription-worker, compliance-module, etc.) #### BSI-TR-03161 - **Critical**: 4 Services (postgresql, vault, backup) - **High**: 8 Services (consent-service, school-service, matrix-synapse, etc.) - **Medium**: 12 Services (qdrant, valkey, minio, etc.) ## Port-Übersicht ### Häufig genutzte Ports ``` 8000 - python-backend 8008 - matrix-synapse 8025 - mailpit (Web UI) 8081 - consent-service 8082 - h5p-service / dsms-gateway (Konflikt möglich) 8083 - billing-service 8084 - school-service 8085 - calendar-service 8086 - klausur-service 8087 - embedding-service 8088 - llm-gateway 8089 - camunda 8090 - erpnext-frontend 8200 - vault 8443 - jitsi-meet 3000 - website / grafana (Konflikt möglich) 3001 - breakpilot-drive 3100 - loki 3306 - erpnext-db (MariaDB) 5001 - dsms-node (IPFS API) 5222 - jitsi-prosody (XMPP) 5432 - postgresql / synapse-db 5433 - content-db 6333 - qdrant 6379 - valkey (Redis) 9000 - minio (S3 API) 9001 - minio (Console) 9090 - prometheus 10000 - jitsi-jvb (UDP) ``` ### Erkannte Port-Konflikte - **Port 8082**: h5p-service, dsms-gateway (beide in service_modules.py) - **Port 3000**: website, grafana (beide in service_modules.py) - **Port 5432**: postgresql, synapse-db (separater Service) **Hinweis**: Konflikte in docker-compose.yml durch unterschiedliche Profile oder Host-Ports gelöst. ## PII-Verarbeitung ### Services die PII verarbeiten (26) **Critical PII Processing:** - consent-service (Einwilligungen) - billing-service (Zahlungsdaten) - school-service (Schülerdaten) - postgresql (alle persistenten Daten) - minio (Dateispeicher) - backup (Datensicherung) **High PII Processing:** - python-backend (User-Daten, Dokumente) - klausur-service (Klausuren, Korrekturen) - matrix-synapse (Chat-Inhalte) - jitsi-meet/jvb (Video/Audio) - jibri (Aufzeichnungen) - transcription-worker (Sprachaufnahmen) ## KI-Komponenten ### Services mit KI (5) 1. **klausur-service** (High-Risk AI) - Claude API für Klausurkorrektur - AI Act Art. 6 (Bildungsbereich) - GDPR Art. 22 (automatisierte Entscheidungen) 2. **embedding-service** - SentenceTransformers (lokal) - General-Purpose AI System 3. **transcription-worker** - Whisper ASR (OpenAI) - Biometrische Daten (GDPR) 4. **llm-gateway** - LLM Orchestrierung - Externe API-Calls 5. **breakpilot-drive** - Unity + LLM Integration - Lernspiel mit KI ## Kritikalität ### Critical Services (9) Ausfall führt zu System-Shutdown oder schwerwiegendem Datenverlust: - python-backend - consent-service - billing-service - postgresql - minio - vault - traefik - backup ### High Services (10) Wichtige Funktionalität, aber System kann degradiert weiterlaufen: - klausur-service - school-service - website - matrix-synapse - jitsi-meet/jvb - valkey - loki - erpnext - erpnext-db ### Medium Services (14) Standard-Funktionalität: - calendar-service - embedding-service - transcription-worker - h5p-service - qdrant - dsms-node/gateway - jitsi-jicofo - grafana - prometheus - compliance-module - camunda - breakpilot-drive ### Low Services (3) Nur für Entwicklung/Testing: - mailpit - content-db ## Nächste Schritte ### Sprint 4 Planung - [ ] Port-Konflikte auflösen (8082, 3000) - [ ] Compliance-Score Berechnung - [ ] Automatische Dependency-Graph-Erstellung - [ ] Service-Health-Checks integrieren - [ ] Gap-Analyse pro Service - [ ] Dashboard für Service-Overview ### Fehlende Services Services in docker-compose.yml aber nicht kritisch für Compliance: - erpnext-redis-queue - erpnext-redis-cache - erpnext-create-site (Init-Service) - erpnext-backend - erpnext-websocket - erpnext-scheduler - erpnext-worker-long - erpnext-worker-short **Grund**: Interne ERPNext Worker, keine separate Compliance-Relevanz.