Benjamin Admin
6a3e96d54c
Two-part nachhaltiger fix replacing the previous "fill to 5 mitigations no matter what" behavior that the GT-Bremse benchmark proved unfaithful (e.g. HP1625 "scharfe Kanten" returning M005 "Rotations- bewegung vermeiden" via category fallback; HP1651 "Wiederanlauf Roboter" returning M054 "Sichere thermische Auslegung" via mismatched pattern reference). PART A — Set-based category filter (handlers package): - acceptableMeasureCategories: replaces 1:1 patternCatToMeasureCat with a curated set per pattern category, so e.g. safety_function_failure now accepts software_control measures (watchdogs, plausibility checks) and emc_hazard accepts both electrical and software_control measures - isCategoryCompatible: gate every measure id against the accepted set before creating a mitigation; mismatches log MEASURE-SKIP - The old category fallback is REMOVED. A hazard whose pattern has no category-compatible measure is now created with zero mitigations and logged as COVERAGE-GAP — the operator must consult an expert. No more silent invention of generic defaults. PART B — 235 pattern author-error fixes across 26 files: - HP040-HP044 (AI): M101/M102/M103 (Auffangwanne/Absauganlage) -> M133 Anomalieerkennung + M214 Plausibilitaet + M213 Sensor-Redundanz + M044 Zweikanalige Steuerung + others - HP011-HP015, HP104-HP109, HP1085-HP1095, HP1281-HP1334 (electrical): M001-M005/M054/M061 placeholders -> M481/M482 Isolation + M511-M522 PE/Schutzleiter/RCD/Hauptschalter - HP110-HP1331 (material_environmental): M101-M103 -> M384-M395 Brandschutz/Laserschutz + M533/M408 SDB/PSA - HP800-HP858, HP1178-HP1264 (software/sensor/hmi): M101/M104 -> M105/M106/M107/M214 SPS/Watchdog/Plausibilitaet - HP026, HP611-HP1690 (ergonomic): M001/M082 -> M353-M360 + M530-M532 Hebehilfe/ergonomische Hoehe - HP201-HP1697 (mechanical): M054/M051 -> M002/M008/M061/M141 + M487/M488 Tueroeffnung-Stillsetzung/Wiederanlauf - Plus EMF/Strahlung/Brand/Lärm/Vibration/Kommunikation/Cyber Coverage shift (Pattern-Author-Fehler bei aktiviertem Set-Filter): start: 237 patterns with zero category-compatible measures after Stufe 1A: 5 (AI) after Stufe 1B: 20 (mechanical Bestand) after Stufe 1C: 35 (electrical Bestand) after Stufe 1D: 29 (material_environmental) after Stufe 1E: 29 (software/sensor/hmi) after Stufe 1F: 20 (ergonomic) after Stufe 1G: 80 (thermal/comm/radiation/fire/safety) final: 0 (28 extended.go/extended2.go duplicates fixed) New regression tests: - TestEveryPattern_HasCategoryCompatibleMeasure: every pattern in collectAllPatterns() must reference at least one category-compatible measure; gaps must be explicitly listed in AllowlistKnownGaps (currently empty). Fails CI for any new pattern that drifts. - TestAcceptableMeasureCategories: pins the set-mapping for the 7 most-bug-prone pattern categories. - TestIsCategoryCompatible_EmptyMeasureCat: protects legacy entries. A separate task #11 tracks 58 HP-ID duplicates between extended.go/extended2.go and cobot.go/press.go/operational.go — patterns are semantically different and TestGetBuiltinHazardPatterns_- UniqueIDs misses them because it only checks HP001-HP044. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
breakpilot-compliance
DSGVO/AI-Act compliance platform — 10 services, Go · Python · TypeScript
Overview
breakpilot-compliance is a multi-tenant DSGVO/EU AI Act compliance platform that provides an SDK for consent management, data subject requests (DSR), audit logging, iACE impact assessments, and document archival. It ships as 10 containerised services covering an admin dashboard, a developer portal, a Python/FastAPI backend, a Go AI compliance engine, TTS, and a decentralised document store on IPFS. Every service is deployed automatically via Gitea Actions → Orca on every push to main.
Architecture
| Service | Tech | Port | Container |
|---|---|---|---|
| admin-compliance | Next.js 15 | 3007 | bp-compliance-admin |
| backend-compliance | Python / FastAPI 0.123 | 8002 | bp-compliance-backend |
| ai-compliance-sdk | Go 1.24 / Gin | 8093 | bp-compliance-ai-sdk |
| developer-portal | Next.js 15 | 3006 | bp-compliance-developer-portal |
| breakpilot-compliance-sdk | TypeScript SDK (React/Vue/Angular/vanilla) | — | — |
| consent-sdk | JS/TS Consent SDK | — | — |
| compliance-tts-service | Python / Piper TTS | 8095 | bp-compliance-tts |
| document-crawler | Python / FastAPI | 8098 | bp-compliance-document-crawler |
| dsms-gateway | Python / FastAPI / IPFS | 8082 | bp-compliance-dsms-gateway |
| dsms-node | IPFS Kubo v0.24.0 | — | bp-compliance-dsms-node |
All containers share the external breakpilot-network Docker network and depend on breakpilot-core (Valkey, Vault, RAG service, Nginx reverse proxy).
Quick Start
Prerequisites: Docker, Go 1.24+, Python 3.12+, Node.js 20+
git clone ssh://git@gitea.meghsakha.com:22222/Benjamin_Boenisch/breakpilot-compliance.git
cd breakpilot-compliance
# Copy and populate secrets (never commit .env)
cp .env.example .env
# Start all services
docker compose up -d
For the Orca/Hetzner production target (x86_64), use the override:
docker compose -f docker-compose.yml -f docker-compose.hetzner.yml up -d
Development Workflow
Use feature branches off main. Supported prefixes: feat/, feature/, hotfix/.
git checkout main && git pull origin main
git checkout -b feat/my-change
# ... make changes ...
git push origin feat/my-change
# Open a PR → squash merge to main
Push to main triggers:
- Gitea Actions — lint → test → validate (see CI Pipeline below)
- Orca — automatic build + deploy (~3 min total)
Monitor status: https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions
CI Pipeline
Defined in .gitea/workflows/ci.yaml.
| Job | What it checks |
|---|---|
loc-budget |
All source files ≤ 500 LOC; soft target 300 |
guardrail-integrity |
Commits touching guardrail files carry [guardrail-change] |
go-lint |
golangci-lint on ai-compliance-sdk/ |
python-lint |
ruff + mypy on Python services |
nodejs-lint |
tsc --noEmit + ESLint on Next.js services |
test-go-ai-compliance |
go test ./... in ai-compliance-sdk/ |
test-python-backend-compliance |
pytest in backend-compliance/ |
test-python-document-crawler |
pytest in document-crawler/ |
test-python-dsms-gateway |
pytest test_main.py in dsms-gateway/ |
sbom-scan |
License + vulnerability scan via syft + grype |
validate-canonical-controls |
OpenAPI contract baseline diff |
File Budget
| Limit | Value | How to check |
|---|---|---|
| Soft target | 300 LOC | bash scripts/check-loc.sh |
| Hard cap | 500 LOC | Same; also enforced by PreToolUse hook + git pre-commit + CI |
| Exceptions | .claude/rules/loc-exceptions.txt |
Require written rationale + [guardrail-change] commit marker |
The .claude/settings.json PreToolUse hook blocks Claude Code from writing or editing files that would exceed the hard cap. The git pre-commit hook re-checks. CI is the final gate.
Links
| URL | |
|---|---|
| Admin dashboard | https://admin-dev.breakpilot.ai |
| Developer portal | https://developers-dev.breakpilot.ai |
| Backend API | https://api-dev.breakpilot.ai |
| AI SDK API | https://sdk-dev.breakpilot.ai |
| Gitea repo | https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance |
| Gitea Actions | https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions |