Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
13c5880f513f12d28f10b5c924814855c9c10ab0
breakpilot-compliance/backend-compliance
T
History
Benjamin Admin 13c5880f51 fix: Restrict sub-section detection to genuinely separate document types 
Only Cookie and Widerruf sections are checked as separate documents.
Social Media, DSFA, Betroffenenrechte, Dienste von Drittanbietern are
part of the parent DSI and no longer generate false findings.

Added PLAN-rag-document-check.md for Phase 2:
- RAG-based checks with document-type-specific Controls
- DSFA checklist (Art. 35 + Landes-Listen)
- AVV checklist (Art. 28)
- Reference detection (sub-doc → parent doc)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-06 11:02:36 +02:00
..
auth
classroom_engine
compliance
fix: Restrict sub-section detection to genuinely separate document types
2026-05-06 11:02:36 +02:00
middleware
migrations
feat: Cookie-Banner ↔ Backend Integration (DSR, Retention, Consent Proof)
2026-05-02 19:52:04 +02:00
scripts
services
templates/gdpr
tests
feat: Cookie-Banner ↔ Backend Integration (DSR, Retention, Consent Proof)
2026-05-02 19:52:04 +02:00
consent_admin_api.py
consent_api.py
consent_client.py
database.py
Dockerfile
gdpr_api.py
gdpr_export_service.py
main.py
feat: Multi-URL Document Check with full checklist visibility
2026-05-06 10:08:40 +02:00
migration_runner.py
mypy.ini
chore: mypy cleanup — comprehensive disable headers for agent-created services
2026-04-10 11:23:43 +02:00
PHASE1_RUNBOOK.md
README.md
docs: update service READMEs for refactor progress and stale phase references
2026-04-19 16:07:23 +02:00
requirements-reranker.txt
requirements.txt

README.md

backend-compliance

Python/FastAPI service implementing the DSGVO compliance API: DSR, DSFA, consent, controls, risks, evidence, audit, vendor management, ISMS, change requests, document generation.

Port: 8002 (container: bp-compliance-backend) Stack: Python 3.12, FastAPI, SQLAlchemy 2.x, Alembic, Keycloak auth.

Architecture

compliance/
├── api/            # Routers (thin, ≤30 LOC per handler)
├── services/       # Business logic
├── repositories/   # DB access
├── domain/         # Value objects, domain errors
├── schemas/        # Pydantic models, split per domain
└── db/models/      # SQLAlchemy ORM, one module per aggregate

The service follows this layered target structure but not all files are fully refactored yet. Phase 1 backlog is tracked in .claude/rules/loc-exceptions.txt (27 backend-compliance files currently excepted).

See ../AGENTS.python.md for the full convention and ../.claude/rules/architecture.md for the non-negotiable rules.

Run locally

cd backend-compliance
pip install -r requirements.txt
export COMPLIANCE_DATABASE_URL=...  # Postgres (Hetzner or local)
uvicorn main:app --reload --port 8002

Tests

pytest compliance/tests/ -v
pytest --cov=compliance --cov-report=term-missing

Layout: tests/unit/, tests/integration/, tests/contracts/. Contract tests diff /openapi.json against tests/contracts/openapi.baseline.json.

Public API surface

404+ endpoints across /api/v1/*. Grouped by domain: ai, audit, consent, dsfa, dsr, gdpr, vendor, evidence, change-requests, generation, projects, company-profile, isms. Every path is a contract — see the "Public endpoints" rule in the root CLAUDE.md.

Environment

Var Purpose
COMPLIANCE_DATABASE_URL Postgres DSN, sslmode=require
KEYCLOAK_* Auth verification
QDRANT_URL, QDRANT_API_KEY Vector search
CORE_VALKEY_URL Session cache

Don't touch

Database schema, __tablename__, column names, existing migrations under migrations/. See root CLAUDE.md rule 3.

Reference in New Issue View Git Blame Copy Permalink