Benjamin Admin
4d1e0a7f8e
Systematic gap analysis of the Bremse ground-truth file (60 entries,
100 unique expert measures) revealed only ~5% library coverage. This
commit closes the documented gaps with concrete, norm-anchored
mitigations.
Library additions (M481-M539, 59 entries):
- M481-M482 Low-voltage isolation (>= 2,0 / 2x1,0 / 1,0 MOhm +
IP2X/IPXXB per EN 60204-1 Ziff. 6.2/8.2.3) — primary
trigger of this work
- M483-M485 Pneumatic safety (component pressure rating, hose
retention, depressurization per EN ISO 4414)
- M486-M490 Robot-cell access (tool-secured fence, dual-channel
door monitor, intentional restart, anti-trap inside
opening, HMI sight line per ISO 10218-2)
- M491-M493 Teach mode (key/password mode selector, safe reduced
speed <= 250 mm/s, hold-to-run with 3-stage enabler
per ISO 10218-1)
- M494-M500 Geometry constants (Safe Limited Position, reach-over
250 mm @ 2250 mm fence, conveyor opening >= 850 mm,
25 mm finger gap, band speed <= 100 mm/s per
EN ISO 13857 / EN 619)
- M501-M507 Enclosure load rating, gripper fail-safe, centring
gripper stop on door, MWF nozzle integration, floor
load capacity per DIN 1055-3
- M508-M517 Electrical cabling + PE protection (environment-rated,
drag chain, strain relief, 10 mm² Cu PE, dual PE,
monitoring, continuity check, class-II equipment,
SELV/PELV per EN 60204-1)
- M518-M522 RCD, cable cross-section, overcurrent in each active
conductor, IP22 water ingress, lockable main switch
- M523-M539 Teach-locked door, WZM door interlock, dual-channel
door switch, machining-doors-closed for aerosol
retention, post-NOTHALT release, >25 kg lifting aid
(DGUV 208-016), 95-120 cm control height, ergonomic
conveyor height, SDS/PSA reference, BA instructions
for depressurization/clamp release/max weight/pinch
warning/slip warning/dead-state cleaning
New hazard patterns (HP1710-HP1717):
floor overload, gripper failure throw, compressed-air injury in
machining cell, manual handling load + awkward posture, MWF skin
contact, live-cabinet cleaning short, pneumatic stored-energy.
Existing patterns rewired to the new measures: HP1600, HP1602-1606,
HP1610-1612, HP1620-1622, HP1630/1631/1633, HP1640/1641, HP1660/1661,
HP1675, HP1685, HP1688, HP1689, HP1698-1704.
Tooling:
- scripts/gt_measure_gap_analysis.py: 4-signal fuzzy matcher
(Jaccard, token recall, substring containment, norm-reference
overlap). Outputs markdown + JSON.
- gt_coverage_test.go: 23 expert-validated (GT-Nr, pattern, measure)
triples + a norm-reference presence test for every new expert
measure (no generic 'do X safely' entries allowed).
- .gitea/workflows/ci.yaml: new iace-gt-coverage job enforces
MIN_COVERAGE_PCT (70%) on Strong+Weak GT coverage; never lower
without explicit decision.
Coverage shift: 5% Strong -> 30% Strong, 0% -> 72% Strong+Weak.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
breakpilot-compliance
DSGVO/AI-Act compliance platform — 10 services, Go · Python · TypeScript
Overview
breakpilot-compliance is a multi-tenant DSGVO/EU AI Act compliance platform that provides an SDK for consent management, data subject requests (DSR), audit logging, iACE impact assessments, and document archival. It ships as 10 containerised services covering an admin dashboard, a developer portal, a Python/FastAPI backend, a Go AI compliance engine, TTS, and a decentralised document store on IPFS. Every service is deployed automatically via Gitea Actions → Orca on every push to main.
Architecture
| Service | Tech | Port | Container |
|---|---|---|---|
| admin-compliance | Next.js 15 | 3007 | bp-compliance-admin |
| backend-compliance | Python / FastAPI 0.123 | 8002 | bp-compliance-backend |
| ai-compliance-sdk | Go 1.24 / Gin | 8093 | bp-compliance-ai-sdk |
| developer-portal | Next.js 15 | 3006 | bp-compliance-developer-portal |
| breakpilot-compliance-sdk | TypeScript SDK (React/Vue/Angular/vanilla) | — | — |
| consent-sdk | JS/TS Consent SDK | — | — |
| compliance-tts-service | Python / Piper TTS | 8095 | bp-compliance-tts |
| document-crawler | Python / FastAPI | 8098 | bp-compliance-document-crawler |
| dsms-gateway | Python / FastAPI / IPFS | 8082 | bp-compliance-dsms-gateway |
| dsms-node | IPFS Kubo v0.24.0 | — | bp-compliance-dsms-node |
All containers share the external breakpilot-network Docker network and depend on breakpilot-core (Valkey, Vault, RAG service, Nginx reverse proxy).
Quick Start
Prerequisites: Docker, Go 1.24+, Python 3.12+, Node.js 20+
git clone ssh://git@gitea.meghsakha.com:22222/Benjamin_Boenisch/breakpilot-compliance.git
cd breakpilot-compliance
# Copy and populate secrets (never commit .env)
cp .env.example .env
# Start all services
docker compose up -d
For the Orca/Hetzner production target (x86_64), use the override:
docker compose -f docker-compose.yml -f docker-compose.hetzner.yml up -d
Development Workflow
Use feature branches off main. Supported prefixes: feat/, feature/, hotfix/.
git checkout main && git pull origin main
git checkout -b feat/my-change
# ... make changes ...
git push origin feat/my-change
# Open a PR → squash merge to main
Push to main triggers:
- Gitea Actions — lint → test → validate (see CI Pipeline below)
- Orca — automatic build + deploy (~3 min total)
Monitor status: https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions
CI Pipeline
Defined in .gitea/workflows/ci.yaml.
| Job | What it checks |
|---|---|
loc-budget |
All source files ≤ 500 LOC; soft target 300 |
guardrail-integrity |
Commits touching guardrail files carry [guardrail-change] |
go-lint |
golangci-lint on ai-compliance-sdk/ |
python-lint |
ruff + mypy on Python services |
nodejs-lint |
tsc --noEmit + ESLint on Next.js services |
test-go-ai-compliance |
go test ./... in ai-compliance-sdk/ |
test-python-backend-compliance |
pytest in backend-compliance/ |
test-python-document-crawler |
pytest in document-crawler/ |
test-python-dsms-gateway |
pytest test_main.py in dsms-gateway/ |
sbom-scan |
License + vulnerability scan via syft + grype |
validate-canonical-controls |
OpenAPI contract baseline diff |
File Budget
| Limit | Value | How to check |
|---|---|---|
| Soft target | 300 LOC | bash scripts/check-loc.sh |
| Hard cap | 500 LOC | Same; also enforced by PreToolUse hook + git pre-commit + CI |
| Exceptions | .claude/rules/loc-exceptions.txt |
Require written rationale + [guardrail-change] commit marker |
The .claude/settings.json PreToolUse hook blocks Claude Code from writing or editing files that would exceed the hard cap. The git pre-commit hook re-checks. CI is the final gate.
Links
| URL | |
|---|---|
| Admin dashboard | https://admin-dev.breakpilot.ai |
| Developer portal | https://developers-dev.breakpilot.ai |
| Backend API | https://api-dev.breakpilot.ai |
| AI SDK API | https://sdk-dev.breakpilot.ai |
| Gitea repo | https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance |
| Gitea Actions | https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions |