Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
575644c9c5334925970a6375943539d0ec7899db
breakpilot-compliance/backend-compliance/main.py
T
Benjamin Admin 6c223c7c9b
CI / detect-changes (push) Successful in 10s
Details
CI / branch-name (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / secret-scan (push) Has been skipped
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / validate-canonical-controls (push) Successful in 14s
Details
CI / loc-budget (push) Failing after 15s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / nodejs-build (push) Successful in 2m43s
Details
CI / test-go (push) Has been skipped
Details
CI / iace-gt-coverage (push) Has been skipped
Details
CI / test-python-backend (push) Successful in 37s
Details
CI / test-python-document-crawler (push) Has been skipped
Details
CI / test-python-dsms-gateway (push) Has been skipped
Details
feat(compliance-check): exec-summary + voll-audit + TDM-respect + cookie-KB-extended + saving-scan-funnel 
P1 — Exec-Summary oben im Email-Report (4 KPIs + 2 CTAs, dunkler Gradient)
P3 — no_direct_sales-Flag fuer OEM-Konfigurator-Sites; AGB/Widerruf/AGB als
     "NICHT ANWENDBAR" (grau) statt "NICHT GEFUNDEN" (rot)
P5 — Voll-Audit Unification: alle Findings (MC + Pflichtangaben + Vendor +
     Redundanz) in /data/compliance_audits.db.unified_findings; neuer
     /api/compliance/agent/findings/<id> Endpoint + FindingsTab im Audit-UI
     mit Filter + CSV-Export
P7 — Crawl-Hardening: TDM-Reservation-Check (robots.txt / ai.txt / Header /
     Meta) vor jedem Run mit 24h-Cache; HeadlessChrome-UA (Firma noch nicht
     gegruendet — Switch via BREAKPILOT_BRANDED_UA env); per-Domain
     Rate-Limit 1 req/s + max 2 concurrent
P2 — Cookie-Knowledge-DB additiv erweitert (35 -> 74 Cookies): Adobe, Meta,
     Microsoft, LinkedIn, TikTok, HubSpot, Marketo, Salesforce, Hotjar,
     FullStory, Mouseflow, Intercom, Drift, Zendesk, Cloudflare, Stripe,
     OneTrust/Cookiebot/Usercentrics, Matomo, Pinterest, Snapchat, X/Twitter,
     YouTube, Vimeo, Klaviyo, Mailchimp, Mixpanel, Segment, Amplitude,
     Optimizely, Datadog; Wire-in in cookie_function_classifier liefert
     compliance_risk-Label (kritisch/hoch/mittel/gering) pro Vendor
A  — k-Anonymitaets-Helper (benchmark_k_anonymity) fuer P6-Vorbereitung
B  — Cross-Tenant-Domain-Assertion im /findings-Endpoint (expected_domain
     Query-Param -> 403 bei Mismatch)
C  — Saving-Scan-Funnel: /api/compliance/agent/saving-scan/start mit
     Validierung + 24h-Rate-Limit pro Domain + Lead-Persistenz in
     saving_scan_leads + Auto-Discovery via _run_compliance_check; 6 Tests
D  — Risk-Badge im Email-Vendor-Row

Rechtliche Leitplanken (Memory feedback_oem_data_legal.md): nur eigene
Knapp-Bewertungen + Source-Pointer, keine 1:1-Kopien fremder CMP-Texte.
TDM-Opt-Out-Respect nach § 44b UrhG. KEINE Schema-Aenderungen — alles in
Sidecar-SQLite.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 23:48:34 +02:00

182 lines
6.0 KiB
Python
Raw Blame History

"""
BreakPilot Compliance Backend
Extracted compliance-specific APIs from the monorepo backend.
Provides: Compliance Framework, Consent Admin, DSR, GDPR Export.
Runs on port 8002 with DB search_path=compliance,core,public.
"""
import logging
import os
from contextlib import asynccontextmanager
from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware
# Configure root logging so all modules' logger.info() etc. are visible
logging.basicConfig(
level=logging.INFO,
format="%(levelname)s:%(name)s: %(message)s",
)
logger = logging.getLogger(__name__)
# Compliance-specific API routers
from consent_api import router as consent_router
from consent_admin_api import router as consent_admin_router
from gdpr_api import router as gdpr_router, admin_router as gdpr_admin_router
# DSR proxy removed — now handled natively in compliance/api/dsr_routes.py
# Compliance framework sub-package
from compliance.api import router as compliance_framework_router
# Source Policy
from compliance.api.source_policy_router import router as source_policy_router
# Document Import & Screening
from compliance.api.import_routes import router as import_router
from compliance.api.screening_routes import router as screening_router
# Company Profile
from compliance.api.company_profile_routes import router as company_profile_router
# Agent (ZeroClaw compliance agent)
from compliance.api.agent_notification_routes import router as agent_notify_router
from compliance.api.agent_analyze_routes import router as agent_analyze_router
from compliance.api.agent_scan_routes import router as agent_scan_router
from compliance.api.agent_history_routes import router as agent_history_router
from compliance.api.agent_recurring_routes import router as agent_recurring_router
from compliance.api.agent_compare_routes import router as agent_compare_router
from compliance.api.agent_doc_check_routes import router as agent_doc_check_router
from compliance.api.agent_compliance_check_routes import router as agent_compliance_check_router
from compliance.api.agent_findings_routes import router as agent_findings_router
from compliance.api.saving_scan_routes import router as saving_scan_router
from compliance.api.agent_migration_routes import router as agent_migration_router
from compliance.api.vendor_assessment_routes import router as vendor_assessment_router
from compliance.api.cra_routes import router as cra_router
# Middleware
from middleware import (
RequestIDMiddleware,
SecurityHeadersMiddleware,
)
@asynccontextmanager
async def lifespan(app: FastAPI):
"""Run migrations on startup."""
from migration_runner import run_migrations
try:
run_migrations()
logger.info("Database migrations completed")
except Exception as e:
logger.error("Migration failed: %s — backend starting anyway", e)
yield
app = FastAPI(
title="BreakPilot Compliance Backend",
description="GDPR/DSGVO Compliance, Consent Management, Data Subject Requests, and Regulatory Compliance Framework",
version="1.0.0",
lifespan=lifespan,
)
# --- CORS ---
ALLOWED_ORIGINS = os.getenv("CORS_ORIGINS", "*").split(",")
app.add_middleware(
CORSMiddleware,
allow_origins=ALLOWED_ORIGINS,
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
# --- Security & Tracing Middleware ---
app.add_middleware(RequestIDMiddleware)
app.add_middleware(SecurityHeadersMiddleware)
# --- Health Endpoint ---
@app.get("/health", tags=["system"])
async def health():
"""Health check endpoint for load balancers and orchestration."""
return {
"status": "healthy",
"service": "backend-compliance",
"version": "1.0.0",
}
@app.get("/debug/routers", tags=["system"])
async def debug_routers():
"""Diagnostic: show which sub-routers loaded and which failed."""
from compliance.api import _ROUTER_MODULES, _failed_routers, _loaded_count
return {
"total": len(_ROUTER_MODULES),
"loaded": _loaded_count,
"failed_count": len(_failed_routers),
"failed": _failed_routers,
}
# --- Compliance-specific Routers ---
# Consent (user-facing)
app.include_router(consent_router, prefix="/api")
# Consent Admin
app.include_router(consent_admin_router, prefix="/api")
# GDPR / Privacy (user-facing)
app.include_router(gdpr_router, prefix="/api")
# GDPR Admin
app.include_router(gdpr_admin_router, prefix="/api")
# DSR now handled natively via compliance_framework_router (dsr_routes.py)
# Compliance Framework (regulations, controls, evidence, risks, audits, ISMS)
app.include_router(compliance_framework_router, prefix="/api")
# Source Policy (allowed sources, PII rules, audit)
app.include_router(source_policy_router, prefix="/api")
# Document Import (PDF analysis, gap detection)
app.include_router(import_router, prefix="/api")
# System Screening (SBOM generation, vulnerability scan)
app.include_router(screening_router, prefix="/api")
# Company Profile (CRUD with audit logging)
app.include_router(company_profile_router, prefix="/api")
# Agent (ZeroClaw compliance agent → analyze + email via SMTP)
app.include_router(agent_notify_router, prefix="/api")
app.include_router(agent_analyze_router, prefix="/api")
app.include_router(agent_scan_router, prefix="/api")
app.include_router(agent_history_router, prefix="/api")
app.include_router(agent_recurring_router, prefix="/api")
app.include_router(agent_compare_router, prefix="/api")
app.include_router(agent_doc_check_router, prefix="/api")
app.include_router(agent_compliance_check_router, prefix="/api")
app.include_router(agent_findings_router, prefix="/api")
app.include_router(saving_scan_router, prefix="/api")
app.include_router(agent_migration_router, prefix="/api")
# Vendor Contract Assessment
app.include_router(vendor_assessment_router, prefix="/api")
# CRA (Cyber Resilience Act) Compliance
app.include_router(cra_router, prefix="/api")
if __name__ == "__main__":
import uvicorn
uvicorn.run(
"main:app",
host="0.0.0.0",
port=int(os.getenv("PORT", "8002")),
reload=os.getenv("ENVIRONMENT", "development") == "development",
)
Reference in New Issue View Git Blame Copy Permalink