Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
07d470edee50d547ef6e01c2c791fe1d85e9f3bb
breakpilot-compliance/backend-compliance
History
Sharang Parnerkar 07d470edee refactor(backend/api): extract DSR services (Step 4 — file 15 of 18) 
compliance/api/dsr_routes.py (1176 LOC) -> 369 LOC thin routes +
469-line DsrService + 487-line DsrWorkflowService + 101-line schemas.

Two-service split for Data Subject Request (DSGVO Art. 15-22):
  - dsr_service.py: CRUD, list, stats, export, audit log
  - dsr_workflow_service.py: identity verification, processing,
    portability, escalation

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-09 20:34:48 +02:00
..
auth
classroom_engine
compliance
refactor(backend/api): extract DSR services (Step 4 — file 15 of 18)
2026-04-09 20:34:48 +02:00
middleware
fix(quality): Ruff/CVE/TS-Fixes, 104 neue Tests, Complexity-Refactoring
2026-03-07 19:00:33 +01:00
migrations
feat(control-generator): 7-stage pipeline for RAG→LLM→Controls generation
2026-03-13 09:03:37 +01:00
services
templates/gdpr
tests
refactor(backend/api): extract DSFA schemas + services (Step 4 — file 14 of 18)
2026-04-09 19:20:48 +02:00
consent_admin_api.py
consent_api.py
consent_client.py
refactor: phase 0 guardrails + phase 1 step 2 (models.py split)
2026-04-07 13:18:29 +02:00
database.py
Dockerfile
gdpr_api.py
gdpr_export_service.py
main.py
feat: auto-run SQL migrations on backend startup
2026-03-13 09:14:18 +01:00
migration_runner.py
feat: auto-run SQL migrations on backend startup
2026-03-13 09:14:18 +01:00
mypy.ini
chore: mypy fixes for routes.py + legal_document_service + control_export_service
2026-04-09 20:04:16 +02:00
PHASE1_RUNBOOK.md
refactor: phase 0 guardrails + phase 1 step 2 (models.py split)
2026-04-07 13:18:29 +02:00
README.md
refactor: phase 0 guardrails + phase 1 step 2 (models.py split)
2026-04-07 13:18:29 +02:00
requirements.txt
fix(quality): Ruff/CVE/TS-Fixes, 104 neue Tests, Complexity-Refactoring
2026-03-07 19:00:33 +01:00

README.md

backend-compliance

Python/FastAPI service implementing the DSGVO compliance API: DSR, DSFA, consent, controls, risks, evidence, audit, vendor management, ISMS, change requests, document generation.

Port: 8002 (container: bp-compliance-backend) Stack: Python 3.12, FastAPI, SQLAlchemy 2.x, Alembic, Keycloak auth.

Architecture (target — Phase 1)

compliance/
├── api/            # Routers (thin, ≤30 LOC per handler)
├── services/       # Business logic
├── repositories/   # DB access
├── domain/         # Value objects, domain errors
├── schemas/        # Pydantic models, split per domain
└── db/models/      # SQLAlchemy ORM, one module per aggregate

See ../AGENTS.python.md for the full convention and ../.claude/rules/architecture.md for the non-negotiable rules.

Run locally

cd backend-compliance
pip install -r requirements.txt
export COMPLIANCE_DATABASE_URL=...  # Postgres (Hetzner or local)
uvicorn main:app --reload --port 8002

Tests

pytest compliance/tests/ -v
pytest --cov=compliance --cov-report=term-missing

Layout: tests/unit/, tests/integration/, tests/contracts/. Contract tests diff /openapi.json against tests/contracts/openapi.baseline.json.

Public API surface

404+ endpoints across /api/v1/*. Grouped by domain: ai, audit, consent, dsfa, dsr, gdpr, vendor, evidence, change-requests, generation, projects, company-profile, isms. Every path is a contract — see the "Public endpoints" rule in the root CLAUDE.md.

Environment

Var Purpose
COMPLIANCE_DATABASE_URL Postgres DSN, sslmode=require
KEYCLOAK_* Auth verification
QDRANT_URL, QDRANT_API_KEY Vector search
CORE_VALKEY_URL Session cache

Don't touch

Database schema, __tablename__, column names, existing migrations under migrations/. See root CLAUDE.md rule 3.

Reference in New Issue View Git Blame Copy Permalink