Files

Sharang Parnerkar 7806425ba6 test(backend): pin OpenAPI contract baseline (360 paths, 484 operations)

Adds tests/contracts/test_openapi_baseline.py which loads the live
FastAPI app and diffs its OpenAPI schema against a checked-in baseline.
Fails on:
  - Any removed path or operation
  - Any removed response status code on an existing operation
  - Any new required request body field (would break existing clients)

Passes silently on additive changes. The baseline is regenerated by
running tests/contracts/regenerate_baseline.py — only when a contract
change has been reviewed and every consumer (admin-compliance,
developer-portal, SDKs) has been updated in the same change set.

This is the safety harness for the Phase 1 backend-compliance refactor:
every subsequent refactor commit must keep this test green.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-07 13:10:11 +02:00

auth

…

classroom_engine

…

compliance

chore(backend): deprecation sweep — Pydantic V1 -> V2, utcnow -> tz-aware

2026-04-07 13:09:59 +02:00

middleware

fix(quality): Ruff/CVE/TS-Fixes, 104 neue Tests, Complexity-Refactoring

2026-03-07 19:00:33 +01:00

migrations

feat(control-generator): 7-stage pipeline for RAG→LLM→Controls generation

2026-03-13 09:03:37 +01:00

services

…

templates/gdpr

…

tests

test(backend): pin OpenAPI contract baseline (360 paths, 484 operations)

2026-04-07 13:10:11 +02:00

consent_admin_api.py

…

consent_api.py

…

consent_client.py

chore(backend): deprecation sweep — Pydantic V1 -> V2, utcnow -> tz-aware

2026-04-07 13:09:59 +02:00

database.py

…

Dockerfile

…

gdpr_api.py

…

gdpr_export_service.py

…

main.py

feat: auto-run SQL migrations on backend startup

2026-03-13 09:14:18 +01:00

migration_runner.py

feat: auto-run SQL migrations on backend startup

2026-03-13 09:14:18 +01:00

PHASE1_RUNBOOK.md

phase0: add architecture guardrails, CI gates, per-language AGENTS.md

2026-04-07 13:09:26 +02:00

README.md

phase0: add architecture guardrails, CI gates, per-language AGENTS.md

2026-04-07 13:09:26 +02:00

requirements.txt

fix(quality): Ruff/CVE/TS-Fixes, 104 neue Tests, Complexity-Refactoring

2026-03-07 19:00:33 +01:00

README.md

backend-compliance

Python/FastAPI service implementing the DSGVO compliance API: DSR, DSFA, consent, controls, risks, evidence, audit, vendor management, ISMS, change requests, document generation.

Port: 8002 (container: bp-compliance-backend) Stack: Python 3.12, FastAPI, SQLAlchemy 2.x, Alembic, Keycloak auth.

Architecture (target — Phase 1)

compliance/
├── api/            # Routers (thin, ≤30 LOC per handler)
├── services/       # Business logic
├── repositories/   # DB access
├── domain/         # Value objects, domain errors
├── schemas/        # Pydantic models, split per domain
└── db/models/      # SQLAlchemy ORM, one module per aggregate

See ../AGENTS.python.md for the full convention and ../.claude/rules/architecture.md for the non-negotiable rules.

Run locally

cd backend-compliance
pip install -r requirements.txt
export COMPLIANCE_DATABASE_URL=...  # Postgres (Hetzner or local)
uvicorn main:app --reload --port 8002

Tests

pytest compliance/tests/ -v
pytest --cov=compliance --cov-report=term-missing

Layout: tests/unit/, tests/integration/, tests/contracts/. Contract tests diff /openapi.json against tests/contracts/openapi.baseline.json.

Public API surface

404+ endpoints across /api/v1/*. Grouped by domain: ai, audit, consent, dsfa, dsr, gdpr, vendor, evidence, change-requests, generation, projects, company-profile, isms. Every path is a contract — see the "Public endpoints" rule in the root CLAUDE.md.

Environment

Var	Purpose
`COMPLIANCE_DATABASE_URL`	Postgres DSN, `sslmode=require`
`KEYCLOAK_*`	Auth verification
`QDRANT_URL`, `QDRANT_API_KEY`	Vector search
`CORE_VALKEY_URL`	Session cache

Don't touch

Database schema, __tablename__, column names, existing migrations under migrations/. See root CLAUDE.md rule 3.