Benjamin Bönisch
8f21650d74
CI / detect-changes (push) Successful in 16s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / secret-scan (push) Has been skipped
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / build-sha-integrity (push) Successful in 15s
CI / validate-canonical-controls (push) Successful in 13s
CI / loc-budget (push) Successful in 25s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 3m9s
CI / test-go (push) Has been skipped
CI / iace-gt-coverage (push) Has been skipped
CI / test-python-backend (push) Successful in 31s
CI / test-python-document-crawler (push) Has been skipped
CI / test-python-dsms-gateway (push) Has been skipped
- /sdk/dokumente: Kundensicht nur auf veroeffentlichte Rechtsdokumente (Ansehen + Download); Proxy mit Allow-List nur /public — Templates/Drafts/ Generator bleiben unerreichbar. - /sdk/cra-meldewesen: CRA Art. 14 Meldewesen (24h/72h/14d-Kaskade) mit Fristen-Tracking + ENISA-SRP-Export-Entwurf (kein Live-API). Backend: cra_meldewesen (pure, getestet) + cra_incident_store (schema-neutral ueber compliance_cra_documents) + /api/v1/cra/incidents (additiv, contract-safe). - Screening (Self-Scan) aus dem Frontend genommen: Flow-Stepper-Eintrag ausgeblendet (visibleWhen), Dashboard-Kachel + Import-Button entfernt. Repo-Scanning laeuft extern im Compliance-Scanner; Backend-Router bleibt vorerst gemountet (Contract-Stabilitaet). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
197 lines
7.0 KiB
Python
197 lines
7.0 KiB
Python
"""
|
|
BreakPilot Compliance Backend
|
|
|
|
Extracted compliance-specific APIs from the monorepo backend.
|
|
Provides: Compliance Framework, Consent Admin, DSR, GDPR Export.
|
|
|
|
Runs on port 8002 with DB search_path=compliance,core,public.
|
|
"""
|
|
|
|
import logging
|
|
import os
|
|
from contextlib import asynccontextmanager
|
|
|
|
from fastapi import FastAPI
|
|
from fastapi.middleware.cors import CORSMiddleware
|
|
|
|
# Configure root logging so all modules' logger.info() etc. are visible
|
|
logging.basicConfig(
|
|
level=logging.INFO,
|
|
format="%(levelname)s:%(name)s: %(message)s",
|
|
)
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
# Compliance-specific API routers
|
|
from consent_api import router as consent_router
|
|
from consent_admin_api import router as consent_admin_router
|
|
from gdpr_api import router as gdpr_router, admin_router as gdpr_admin_router
|
|
# DSR proxy removed — now handled natively in compliance/api/dsr_routes.py
|
|
|
|
# Compliance framework sub-package
|
|
from compliance.api import router as compliance_framework_router
|
|
|
|
# Source Policy
|
|
from compliance.api.source_policy_router import router as source_policy_router
|
|
|
|
# Document Import & Screening
|
|
from compliance.api.import_routes import router as import_router
|
|
from compliance.api.screening_routes import router as screening_router
|
|
|
|
# Company Profile
|
|
from compliance.api.company_profile_routes import router as company_profile_router
|
|
|
|
# Agent (ZeroClaw compliance agent)
|
|
from compliance.api.agent_notification_routes import router as agent_notify_router
|
|
from compliance.api.agent_analyze_routes import router as agent_analyze_router
|
|
from compliance.api.agent_scan_routes import router as agent_scan_router
|
|
from compliance.api.agent_history_routes import router as agent_history_router
|
|
from compliance.api.agent_recurring_routes import router as agent_recurring_router
|
|
from compliance.api.agent_compare_routes import router as agent_compare_router
|
|
from compliance.api.agent_doc_check_routes import router as agent_doc_check_router
|
|
from compliance.api.agent_compliance_check_routes import router as agent_compliance_check_router
|
|
from compliance.api.snapshot_check_routes import router as snapshot_check_router
|
|
from compliance.api.agent_findings_routes import router as agent_findings_router
|
|
from compliance.api.saving_scan_routes import router as saving_scan_router
|
|
from compliance.api.agent_migration_routes import router as agent_migration_router
|
|
from compliance.api.vendor_assessment_routes import router as vendor_assessment_router
|
|
from compliance.api.cra_routes import router as cra_router
|
|
from compliance.api.cra_assess_routes import router as cra_assess_router
|
|
from compliance.api.cra_progress_routes import router as cra_progress_router
|
|
from compliance.api.cra_incident_routes import router as cra_incident_router
|
|
from compliance.api.cra_link_routes import router as cra_link_router
|
|
from compliance.api.quaidal_routes import router as quaidal_router
|
|
|
|
# Middleware
|
|
from middleware import (
|
|
RequestIDMiddleware,
|
|
SecurityHeadersMiddleware,
|
|
)
|
|
|
|
@asynccontextmanager
|
|
async def lifespan(app: FastAPI):
|
|
"""Run migrations on startup."""
|
|
from migration_runner import run_migrations
|
|
try:
|
|
run_migrations()
|
|
logger.info("Database migrations completed")
|
|
except Exception as e:
|
|
logger.error("Migration failed: %s — backend starting anyway", e)
|
|
yield
|
|
|
|
|
|
app = FastAPI(
|
|
title="BreakPilot Compliance Backend",
|
|
description="GDPR/DSGVO Compliance, Consent Management, Data Subject Requests, and Regulatory Compliance Framework",
|
|
version="1.0.0",
|
|
lifespan=lifespan,
|
|
)
|
|
|
|
# --- CORS ---
|
|
ALLOWED_ORIGINS = os.getenv("CORS_ORIGINS", "*").split(",")
|
|
app.add_middleware(
|
|
CORSMiddleware,
|
|
allow_origins=ALLOWED_ORIGINS,
|
|
allow_credentials=True,
|
|
allow_methods=["*"],
|
|
allow_headers=["*"],
|
|
)
|
|
|
|
# --- Security & Tracing Middleware ---
|
|
app.add_middleware(RequestIDMiddleware)
|
|
app.add_middleware(SecurityHeadersMiddleware)
|
|
|
|
|
|
# --- Health Endpoint ---
|
|
@app.get("/health", tags=["system"])
|
|
async def health():
|
|
"""Health check endpoint for load balancers and orchestration."""
|
|
return {
|
|
"status": "healthy",
|
|
"service": "backend-compliance",
|
|
"version": "1.0.0",
|
|
}
|
|
|
|
|
|
@app.get("/debug/routers", tags=["system"])
|
|
async def debug_routers():
|
|
"""Diagnostic: show which sub-routers loaded and which failed."""
|
|
from compliance.api import _ROUTER_MODULES, _failed_routers, _loaded_count
|
|
return {
|
|
"total": len(_ROUTER_MODULES),
|
|
"loaded": _loaded_count,
|
|
"failed_count": len(_failed_routers),
|
|
"failed": _failed_routers,
|
|
}
|
|
|
|
|
|
# --- Compliance-specific Routers ---
|
|
|
|
# Consent (user-facing)
|
|
app.include_router(consent_router, prefix="/api")
|
|
|
|
# Consent Admin
|
|
app.include_router(consent_admin_router, prefix="/api")
|
|
|
|
# GDPR / Privacy (user-facing)
|
|
app.include_router(gdpr_router, prefix="/api")
|
|
|
|
# GDPR Admin
|
|
app.include_router(gdpr_admin_router, prefix="/api")
|
|
|
|
# DSR now handled natively via compliance_framework_router (dsr_routes.py)
|
|
|
|
# Compliance Framework (regulations, controls, evidence, risks, audits, ISMS)
|
|
app.include_router(compliance_framework_router, prefix="/api")
|
|
|
|
# Source Policy (allowed sources, PII rules, audit)
|
|
app.include_router(source_policy_router, prefix="/api")
|
|
|
|
# Document Import (PDF analysis, gap detection)
|
|
app.include_router(import_router, prefix="/api")
|
|
|
|
# System Screening (SBOM generation, vulnerability scan)
|
|
# Screening (Self-Scan) ist aus dem Frontend genommen (Repo-Scanning läuft extern im
|
|
# Compliance-Scanner). Backend-Router bleibt vorerst gemountet (Contract-Stabilität);
|
|
# Demount/Archivierung erst, wenn der externe Scanner SBOM/CVE/DAST voll liefert.
|
|
app.include_router(screening_router, prefix="/api")
|
|
|
|
# Company Profile (CRUD with audit logging)
|
|
app.include_router(company_profile_router, prefix="/api")
|
|
|
|
# Agent (ZeroClaw compliance agent → analyze + email via SMTP)
|
|
app.include_router(agent_notify_router, prefix="/api")
|
|
app.include_router(agent_analyze_router, prefix="/api")
|
|
app.include_router(agent_scan_router, prefix="/api")
|
|
app.include_router(agent_history_router, prefix="/api")
|
|
app.include_router(agent_recurring_router, prefix="/api")
|
|
app.include_router(agent_compare_router, prefix="/api")
|
|
app.include_router(agent_doc_check_router, prefix="/api")
|
|
app.include_router(agent_compliance_check_router, prefix="/api")
|
|
app.include_router(snapshot_check_router, prefix="/api")
|
|
app.include_router(agent_findings_router, prefix="/api")
|
|
app.include_router(saving_scan_router, prefix="/api")
|
|
app.include_router(agent_migration_router, prefix="/api")
|
|
|
|
# Vendor Contract Assessment
|
|
app.include_router(vendor_assessment_router, prefix="/api")
|
|
|
|
# CRA (Cyber Resilience Act) Compliance
|
|
app.include_router(cra_router, prefix="/api")
|
|
app.include_router(cra_assess_router, prefix="/api")
|
|
app.include_router(cra_progress_router, prefix="/api")
|
|
app.include_router(cra_incident_router, prefix="/api")
|
|
app.include_router(cra_link_router, prefix="/api")
|
|
app.include_router(quaidal_router, prefix="/api")
|
|
|
|
|
|
if __name__ == "__main__":
|
|
import uvicorn
|
|
|
|
uvicorn.run(
|
|
"main:app",
|
|
host="0.0.0.0",
|
|
port=int(os.getenv("PORT", "8002")),
|
|
reload=os.getenv("ENVIRONMENT", "development") == "development",
|
|
)
|