Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
512b7a0f6c2977d16caaafdf93002977eaab159f
breakpilot-compliance/admin-compliance/README.md
Sharang Parnerkar 512b7a0f6c phase0: add architecture guardrails, CI gates, per-language AGENTS.md 
Non-negotiable structural rules that apply to every Claude Code session in
this repo and to every commit, enforced via three defense-in-depth layers:

  1. PreToolUse hook in .claude/settings.json blocks any Write/Edit that
     would push a file past the 500-line hard cap. Auto-loads for any
     Claude session in this repo regardless of who launched it.
  2. scripts/githooks/pre-commit (installed via scripts/install-hooks.sh)
     enforces the LOC cap, freezes migrations/ unless [migration-approved],
     and protects guardrail files unless [guardrail-change] is present.
  3. .gitea/workflows/ci.yaml gets loc-budget + guardrail-integrity jobs,
     plus mypy --strict on new Python packages, tsc --noEmit on Node
     services, and a syft+grype SBOM scan.

Per-language conventions are documented in AGENTS.python.md / AGENTS.go.md /
AGENTS.typescript.md at the repo root — layering (router->service->repo for
Python, hexagonal for Go, colocation for Next.js), tooling baseline, and
explicit "what you may NOT do" lists.

Adds scripts/check-loc.sh (soft 300 / hard 500, reports 205 hard and 161
soft violations in the current codebase) plus .claude/rules/loc-exceptions.txt
(initially empty — the list is designed to shrink over time).

Per-service READMEs for all 10 services + PHASE1_RUNBOOK.md for the
backend-compliance refactor. Skeleton packages (compliance/{domain,
repositories,schemas}) are the landing zone for the clean-arch rewrite that
begins in Phase 1.

CLAUDE.md is prepended with the six non-negotiable rules.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 13:09:26 +02:00

1.7 KiB
Raw Blame History

admin-compliance

Next.js 15 dashboard for BreakPilot Compliance — SDK module UI, company profile, DSR, DSFA, VVT, TOM, consent, AI Act, training, audit, change requests, etc. Also hosts 96+ API routes that proxy/orchestrate backend services.

Port: 3007 (container: bp-compliance-admin) Stack: Next.js 15 App Router, React 18, TailwindCSS, TypeScript strict.

Architecture (target — Phase 3)

app/
├── <route>/
│   ├── page.tsx              # Server Component (≤200 LOC)
│   ├── _components/          # Colocated UI, each ≤300 LOC
│   ├── _hooks/               # Client hooks
│   └── _server/              # Server actions
├── api/<domain>/route.ts     # Thin handlers → lib/server/<domain>/
lib/
├── <domain>/                 # Pure helpers, zod schemas
└── server/<domain>/          # "server-only" logic
components/                   # App-wide shared UI

See ../AGENTS.typescript.md.

Run locally

cd admin-compliance
npm install
npm run dev          # http://localhost:3007

Tests

npm test                      # Vitest unit + component tests
npx playwright test           # E2E
npx tsc --noEmit              # Type-check
npx next lint

Known debt (Phase 3 targets)

  • app/sdk/company-profile/page.tsx (3017 LOC), tom-generator/controls/loader.ts (2521), lib/sdk/types.ts (2511), app/sdk/loeschfristen/page.tsx (2322), app/sdk/dsb-portal/page.tsx (2068) — all must be split.
  • 0 test files for 182 monolithic pages. Phase 3 adds Playwright smoke + Vitest unit coverage.

Don't touch

  • Backend API paths without updating backend-compliance/ in the same change.
  • lib/sdk/types.ts in large contiguous chunks — it's being domain-split.
Reference in New Issue View Git Blame Copy Permalink