Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
1,173 Commits 11 Branches 1 Tag
2e87b747493df77a2974bef368c3c0a172255a58
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Benjamin Admin 2e87b74749
CI / detect-changes (push) Successful in 10s
Details
CI / branch-name (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / secret-scan (push) Has been skipped
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / validate-canonical-controls (push) Successful in 15s
Details
CI / nodejs-build (push) Successful in 2m35s
Details
CI / test-go (push) Failing after 51s
Details
CI / iace-gt-coverage (push) Successful in 27s
Details
CI / loc-budget (push) Failing after 16s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-python-backend (push) Successful in 39s
Details
CI / test-python-document-crawler (push) Has been skipped
Details
CI / test-python-dsms-gateway (push) Has been skipped
Details
feat(audit): P103+P104+P105 Defeat-Device-Heuristik fuer Cookies 
Drei zusammenhaengende Stufen 'Cookie-Verhalten ist anders als deklariert' —
analog zum VW-Diesel-Skandal-Pattern (Pruefstand vs Realbetrieb).

P103 (Stufe 3) — cookie_value_entropy.py:
Klassifiziert Cookie-Werte als flag/short_id/long_token/uuid/hash/json_blob
via Shannon-Entropy + Regex-Patterns. Wenn ein als 'essential' deklarierter
Cookie einen 64-char-Base64-Wert hat → MEDIUM-Finding 'Defeat-Device-Heuristik'.

P104 (Stufe 4) — cookie_network_tracer.py:
Vergleicht Cookie-Domain mit Site-Hauptdomain + bekannten Tracker-Vendoren
(50 Domains gemapped: doubleclick.net, facebook.com, demdex.net, omtrdc.net,
adsrvr.org, hotjar.com, ...). Wenn ein als 'essential' deklariertes Cookie
von externer Tracker-Domain gesetzt wird → HIGH. Drittland-Cookies werden
als 'DRITTLAND US/CN/...' markiert (Schrems-II-Folge).

P105 (Stufe 5) — tcf_vendor_authority.py:
Ingest-Endpoint POST /api/compliance/agent/admin/tcf-ingest holt die
IAB TCF v2 Global Vendor List (vendor-list.consensu.org/v3) und upserted
sie in cookie_library mit source='iab_tcf_v2'. cross_reference_with_tcf
fuzzy-matched cmp_vendors gegen die TCF-Liste — wenn Vendor in TCF als
Marketing gefuehrt aber Site sagt 'Funktional' → HIGH (externe Authority
widerspricht der Deklaration).

Alle drei rendern eigene Mail-Bloecke im Bereich Cookies (nach
cookie_audit_html, vor library_mismatch_html).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-22 00:24:07 +02:00
.claude
feat(compliance-check): P12 — TDM-Override mit dokumentierter Kunden-Erlaubnis
2026-05-19 08:56:50 +02:00
.gitea/workflows
fix(ci): trigger orca on per-job result, not needs.*.result spread
2026-05-19 09:34:59 +02:00
.woodpecker
fix(ci): update Go to 1.24 for ai-compliance-sdk
2026-02-15 17:43:27 +01:00
admin-compliance
feat(iace): LLM gap-review (Task #7+#8) + tech-file sources appendix (#29)
2026-05-22 00:21:49 +02:00
ai-compliance-sdk
feat(iace): LLM gap-review (Task #7+#8) + tech-file sources appendix (#29)
2026-05-22 00:21:49 +02:00
backend-compliance
feat(audit): P103+P104+P105 Defeat-Device-Heuristik fuer Cookies
2026-05-22 00:24:07 +02:00
breakpilot-compliance-sdk
docs: update service READMEs for refactor progress and stale phase references
2026-04-19 16:07:23 +02:00
compliance-tts-service
Add Edge TTS voices for TR, AR, UK, RU, PL, FR, ES
2026-04-26 23:56:05 +02:00
consent-sdk
refactor(consent-sdk,dsms-gateway): split ConsentManager, types, and main.py
2026-04-18 08:42:32 +02:00
consent-tester
fix(audit): parse_flat_cookie_text fuer VW-Style Flat-Tabellen
2026-05-21 21:24:14 +02:00
developer-portal
chore: bump next 15.1.0 → 15.5.16 (CVE-2026-44578)
2026-05-15 18:48:36 +02:00
docs-src
test+docs: IACE Phase 3/4 — fehlende Tests + Entwickler-Dokumentation
2026-05-10 09:49:29 +02:00
document-crawler
refactor: phase 0 guardrails + phase 1 step 2 (models.py split)
2026-04-07 13:18:29 +02:00
dsms-gateway
feat(dsms): Stufe 2+3 — Evidence/TechFile → DSMS + Version Chains + Audit Timeline
2026-05-12 13:55:07 +02:00
dsms-node
refactor: phase 0 guardrails + phase 1 step 2 (models.py split)
2026-04-07 13:18:29 +02:00
scripts
feat(consent+report): P56-P67 Mercedes-Audit-Cycle (Anti-Audit, Phase G Vendors, Cookie-Behavior-Validator + 5 Mail-Polish-Items) [migration-approved]
2026-05-21 06:28:25 +02:00
zeroclaw
docs(gt): BMW cross-domain finding — 3 domains, no AGB, Social Media on jobs portal
2026-05-15 13:21:27 +02:00
.env.example
feat(infra): Qdrant + MinIO auf externe Hetzner-Services migrieren
2026-03-06 14:33:04 +01:00
.env.orca.example
chore: replace all Coolify references with Orca
2026-04-19 16:33:56 +02:00
.gitignore
docs: add root README, CONTRIBUTING, onboarding section, gitignore fixes
2026-04-19 16:09:28 +02:00
AGENTS.go.md
fix: resolve CI failures in Python tests and admin-compliance build
2026-04-19 16:41:39 +02:00
AGENTS.python.md
fix: resolve CI failures in Python tests and admin-compliance build
2026-04-19 16:41:39 +02:00
AGENTS.typescript.md
docs(agents): require build + lint + test locally before pushing [guardrail-change]
2026-04-19 16:38:21 +02:00
CONTRIBUTING.md
chore: replace all Coolify references with Orca
2026-04-19 16:33:56 +02:00
docker-compose.hetzner.yml
docs: replace all Coolify references with Orca across compliance repo
2026-04-17 10:39:45 +02:00
docker-compose.orca.yml
chore: replace all Coolify references with Orca
2026-04-19 16:33:56 +02:00
docker-compose.yml
feat(agent): MC scorecard + audit drill-down + tenant trend (A1-A6)
2026-05-17 13:45:58 +02:00
mkdocs.yml
docs: add Pass 0b cost benchmark — v3 vs v4 vs backfill vs Mac Mini
2026-04-27 16:00:11 +02:00
README.md
chore: replace all Coolify references with Orca
2026-04-19 16:33:56 +02:00
REFACTOR_PLAYBOOK.md
docs: add root README, CONTRIBUTING, onboarding section, gitignore fixes
2026-04-19 16:09:28 +02:00

README.md

breakpilot-compliance

DSGVO/AI-Act compliance platform — 10 services, Go · Python · TypeScript

CI Go Python Node.js TypeScript FastAPI DSGVO AI Act LOC guard Services

Overview

breakpilot-compliance is a multi-tenant DSGVO/EU AI Act compliance platform that provides an SDK for consent management, data subject requests (DSR), audit logging, iACE impact assessments, and document archival. It ships as 10 containerised services covering an admin dashboard, a developer portal, a Python/FastAPI backend, a Go AI compliance engine, TTS, and a decentralised document store on IPFS. Every service is deployed automatically via Gitea Actions → Orca on every push to main.

Architecture

Service Tech Port Container
admin-compliance Next.js 15 3007 bp-compliance-admin
backend-compliance Python / FastAPI 0.123 8002 bp-compliance-backend
ai-compliance-sdk Go 1.24 / Gin 8093 bp-compliance-ai-sdk
developer-portal Next.js 15 3006 bp-compliance-developer-portal
breakpilot-compliance-sdk TypeScript SDK (React/Vue/Angular/vanilla)
consent-sdk JS/TS Consent SDK
compliance-tts-service Python / Piper TTS 8095 bp-compliance-tts
document-crawler Python / FastAPI 8098 bp-compliance-document-crawler
dsms-gateway Python / FastAPI / IPFS 8082 bp-compliance-dsms-gateway
dsms-node IPFS Kubo v0.24.0 bp-compliance-dsms-node

All containers share the external breakpilot-network Docker network and depend on breakpilot-core (Valkey, Vault, RAG service, Nginx reverse proxy).

Quick Start

Prerequisites: Docker, Go 1.24+, Python 3.12+, Node.js 20+

git clone ssh://git@gitea.meghsakha.com:22222/Benjamin_Boenisch/breakpilot-compliance.git
cd breakpilot-compliance

# Copy and populate secrets (never commit .env)
cp .env.example .env

# Start all services
docker compose up -d

For the Orca/Hetzner production target (x86_64), use the override:

docker compose -f docker-compose.yml -f docker-compose.hetzner.yml up -d

Development Workflow

Use feature branches off main. Supported prefixes: feat/, feature/, hotfix/.

git checkout main && git pull origin main
git checkout -b feat/my-change
# ... make changes ...
git push origin feat/my-change
# Open a PR → squash merge to main

Push to main triggers:

  1. Gitea Actions — lint → test → validate (see CI Pipeline below)
  2. Orca — automatic build + deploy (~3 min total)

Monitor status: https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions

CI Pipeline

Defined in .gitea/workflows/ci.yaml.

Job What it checks
loc-budget All source files ≤ 500 LOC; soft target 300
guardrail-integrity Commits touching guardrail files carry [guardrail-change]
go-lint golangci-lint on ai-compliance-sdk/
python-lint ruff + mypy on Python services
nodejs-lint tsc --noEmit + ESLint on Next.js services
test-go-ai-compliance go test ./... in ai-compliance-sdk/
test-python-backend-compliance pytest in backend-compliance/
test-python-document-crawler pytest in document-crawler/
test-python-dsms-gateway pytest test_main.py in dsms-gateway/
sbom-scan License + vulnerability scan via syft + grype
validate-canonical-controls OpenAPI contract baseline diff

File Budget

Limit Value How to check
Soft target 300 LOC bash scripts/check-loc.sh
Hard cap 500 LOC Same; also enforced by PreToolUse hook + git pre-commit + CI
Exceptions .claude/rules/loc-exceptions.txt Require written rationale + [guardrail-change] commit marker

The .claude/settings.json PreToolUse hook blocks Claude Code from writing or editing files that would exceed the hard cap. The git pre-commit hook re-checks. CI is the final gate.

Links

URL
Admin dashboard https://admin-dev.breakpilot.ai
Developer portal https://developers-dev.breakpilot.ai
Backend API https://api-dev.breakpilot.ai
AI SDK API https://sdk-dev.breakpilot.ai
Gitea repo https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance
Gitea Actions https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions
Reference in New Issue View Git Blame Copy Permalink
S
Description
No description provided
Readme 25 MiB
Languages
TypeScript 43.1%
Python 30.8%
Go 23.5%
Shell 1.2%
PLpgSQL 0.8%
Other 0.3%