Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
58f108b5785b244850fd5a91c9769375004a3001
breakpilot-compliance/ai-compliance-sdk
History
Sharang Parnerkar 58f108b578 phase 5: flip loc-budget to whole-repo blocking gate [guardrail-change] 
- loc-budget CI job: remove if/else PR-only guard; now runs scripts/check-loc.sh
  (no || true) on every push and PR, scanning the full repo
- sbom-scan: remove || true from grype command — high+ CVEs now block PRs
- scripts/check-loc.sh: add test_*.py / */test_*.py and *.html exclusions so
  Python test files and Jinja/HTML templates are not counted against the budget
- .claude/rules/loc-exceptions.txt: grandfather 40 remaining oversized files
  into the exceptions list (one-off scripts, docs copies, platform SDKs,
  and Phase 1 backend-compliance refactor backlog)
- ai-compliance-sdk/.golangci.yml: add strict golangci-lint config (errcheck,
  govet, staticcheck, gosec, gocyclo, gocritic, revive, goimports)
- delete stray routes.py.backup (2512 LOC)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-19 14:29:43 +02:00
..
cmd/server
refactor(go): split roadmap_handlers, academy/store, extract cmd/server/main to internal/app
2026-04-19 09:51:11 +02:00
data/ce-libraries
feat(training+controls): interactive video pipeline, training blocks, control generator, CE libraries
2026-03-16 21:41:48 +01:00
docs
Merge gitea/main: resolve ci.yaml conflict, keep Coolify deploy
2026-03-13 13:26:17 +01:00
internal
refactor(go/ucca): split license_policy, models, pdf_export, escalation_store, obligations_registry
2026-04-19 10:03:51 +02:00
migrations
feat(training+controls): interactive video pipeline, training blocks, control generator, CE libraries
2026-03-16 21:41:48 +01:00
policies
feat(multi-layer): complete Multi-Layer Control Architecture (Phases 1-8 + Pass 0)
2026-03-17 09:00:37 +01:00
.golangci.yml
phase 5: flip loc-budget to whole-repo blocking gate [guardrail-change]
2026-04-19 14:29:43 +02:00
Dockerfile
fix: migrate deployment from Hetzner to Coolify (#1)
2026-03-13 10:45:35 +00:00
go.mod
feat(academy): add PDF certificate generation and download endpoint
2026-02-14 22:05:31 +01:00
go.sum
feat(academy): add PDF certificate generation and download endpoint
2026-02-14 22:05:31 +01:00
README.md
refactor: phase 0 guardrails + phase 1 step 2 (models.py split)
2026-04-07 13:18:29 +02:00

README.md

ai-compliance-sdk

Go/Gin service providing AI-Act compliance analysis: iACE impact assessments, UCCA rules engine, hazard library, training/academy, audit, escalation, portfolio, RBAC, RAG, whistleblower, workshop.

Port: 8090 → exposed 8093 (container: bp-compliance-ai-sdk) Stack: Go 1.24, Gin, pgx, Postgres.

Architecture (target — Phase 2)

cmd/server/main.go          # Thin entrypoint (<50 LOC)
internal/
├── app/                    # Wiring + lifecycle
├── domain/<aggregate>/     # Types, interfaces, errors
├── service/<aggregate>/    # Business logic
├── repository/postgres/    # Repo implementations
├── transport/http/         # Gin handlers + middleware + router
└── platform/               # DB pool, logger, config, httperr

See ../AGENTS.go.md for the full convention.

Run locally

cd ai-compliance-sdk
go mod download
export COMPLIANCE_DATABASE_URL=...
go run ./cmd/server

Tests

go test -race -cover ./...
golangci-lint run --timeout 5m ./...

Co-located *_test.go, table-driven. Repo layer uses testcontainers-go (or the compose Postgres) — no SQL mocks.

Public API surface

Handlers under internal/api/handlers/ (Phase 2 moves to internal/transport/http/handler/). Health at GET /health. iACE, UCCA, training, academy, portfolio, escalation, audit, rag, whistleblower, workshop subresources. Every route is a contract.

Environment

Var Purpose
COMPLIANCE_DATABASE_URL Postgres DSN
LLM_GATEWAY_URL LLM router for rag/iACE
QDRANT_URL Vector search

Don't touch

DB schema. Hand-rolled migrations elsewhere own it.

Reference in New Issue View Git Blame Copy Permalink