Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8ec8af4c2da85d6c896f801c9aee4d4b4e13e91a
breakpilot-compliance/README.md
Sharang Parnerkar 8ec8af4c2d
Some checks failed
Build + Deploy / build-admin-compliance (push) Failing after 45s
Details
Build + Deploy / build-backend-compliance (push) Successful in 13s
Details
Build + Deploy / build-ai-sdk (push) Successful in 40s
Details
Build + Deploy / build-developer-portal (push) Successful in 12s
Details
Build + Deploy / build-tts (push) Successful in 11s
Details
Build + Deploy / build-document-crawler (push) Successful in 14s
Details
Build + Deploy / build-dsms-gateway (push) Successful in 12s
Details
Build + Deploy / trigger-orca (push) Has been skipped
Details
CI/CD / loc-budget (push) Successful in 21s
Details
CI/CD / guardrail-integrity (push) Has been skipped
Details
CI/CD / go-lint (push) Has been skipped
Details
CI/CD / python-lint (push) Has been skipped
Details
CI/CD / nodejs-lint (push) Has been skipped
Details
CI/CD / test-go-ai-compliance (push) Successful in 48s
Details
CI/CD / test-python-backend-compliance (push) Failing after 38s
Details
CI/CD / test-python-document-crawler (push) Successful in 31s
Details
CI/CD / test-python-dsms-gateway (push) Successful in 27s
Details
CI/CD / sbom-scan (push) Has been skipped
Details
CI/CD / validate-canonical-controls (push) Successful in 19s
Details
chore: remove all gitea remote references; single origin push only 
There is only one remote (origin). Removed all occurrences of:
  - git push gitea / git push origin main && git push gitea main
  - "Pushing to gitea (external)" in deploy.sh
  - # gitea: git@gitea.meghsakha.com:... remote comment in docs-src/index.md
  - "Push auf gitea triggert" → "Push auf origin triggert" in docs
  - Clone URL updated to ssh://git@coolify.meghsakha.com:22222/... in
    README.md and CONTRIBUTING.md

Web UI URLs (gitea.meghsakha.com/...) are unchanged — those are still valid.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-19 16:16:12 +02:00

133 lines
5.3 KiB
Markdown
Raw Blame History

# breakpilot-compliance
**DSGVO/AI-Act compliance platform — 10 services, Go · Python · TypeScript**
[![CI](https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions/workflows/ci.yaml/badge.svg)](https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions)
![Go](https://img.shields.io/badge/Go-1.24-00ADD8?logo=go&logoColor=white)
![Python](https://img.shields.io/badge/Python-3.12-3776AB?logo=python&logoColor=white)
![Node.js](https://img.shields.io/badge/Node.js-20-339933?logo=node.js&logoColor=white)
![TypeScript](https://img.shields.io/badge/TypeScript-strict-3178C6?logo=typescript&logoColor=white)
![FastAPI](https://img.shields.io/badge/FastAPI-0.123-009688?logo=fastapi&logoColor=white)
![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)
![DSGVO](https://img.shields.io/badge/DSGVO-compliant-green)
![AI Act](https://img.shields.io/badge/EU%20AI%20Act-compliant-green)
![LOC guard](https://img.shields.io/badge/LOC%20guard-500%20hard%20cap-orange)
![Services](https://img.shields.io/badge/services-10-blueviolet)
---
## Overview
breakpilot-compliance is a multi-tenant DSGVO/EU AI Act compliance platform that provides an SDK for consent management, data subject requests (DSR), audit logging, iACE impact assessments, and document archival. It ships as 10 containerised services covering an admin dashboard, a developer portal, a Python/FastAPI backend, a Go AI compliance engine, TTS, and a decentralised document store on IPFS. Every service is deployed automatically via Gitea Actions → Coolify on the `coolify` branch.
---
## Architecture
| Service | Tech | Port | Container |
|---------|------|------|-----------|
| admin-compliance | Next.js 15 | 3007 | bp-compliance-admin |
| backend-compliance | Python / FastAPI 0.123 | 8002 | bp-compliance-backend |
| ai-compliance-sdk | Go 1.24 / Gin | 8093 | bp-compliance-ai-sdk |
| developer-portal | Next.js 15 | 3006 | bp-compliance-developer-portal |
| breakpilot-compliance-sdk | TypeScript SDK (React/Vue/Angular/vanilla) | — | — |
| consent-sdk | JS/TS Consent SDK | — | — |
| compliance-tts-service | Python / Piper TTS | 8095 | bp-compliance-tts |
| document-crawler | Python / FastAPI | 8098 | bp-compliance-document-crawler |
| dsms-gateway | Python / FastAPI / IPFS | 8082 | bp-compliance-dsms-gateway |
| dsms-node | IPFS Kubo v0.24.0 | — | bp-compliance-dsms-node |
All containers share the external `breakpilot-network` Docker network and depend on `breakpilot-core` (Valkey, Vault, RAG service, Nginx reverse proxy).
---
## Quick Start
**Prerequisites:** Docker, Go 1.24+, Python 3.12+, Node.js 20+
```bash
git clone ssh://git@coolify.meghsakha.com:22222/Benjamin_Boenisch/breakpilot-compliance.git
cd breakpilot-compliance
# Copy and populate secrets (never commit .env)
cp .env.example .env
# Start all services
docker compose up -d
```
For the Coolify/Hetzner production target (x86_64), use the override:
```bash
docker compose -f docker-compose.yml -f docker-compose.hetzner.yml up -d
```
---
## Development Workflow
Work on the `coolify` branch. Push to **both** remotes to trigger CI and deploy:
```bash
git checkout coolify
# ... make changes ...
git push origin coolify
```
Push to `origin` triggers:
1. **Gitea Actions** — lint → test → validate (see CI Pipeline below)
2. **Coolify** — automatic build + deploy (~3 min total)
Monitor status: <https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions>
---
## CI Pipeline
Defined in `.gitea/workflows/ci.yaml`.
| Job | What it checks |
|-----|----------------|
| `loc-budget` | All source files ≤ 500 LOC; soft target 300 |
| `guardrail-integrity` | Commits touching guardrail files carry `[guardrail-change]` |
| `go-lint` | `golangci-lint` on `ai-compliance-sdk/` |
| `python-lint` | `ruff` + `mypy` on Python services |
| `nodejs-lint` | `tsc --noEmit` + ESLint on Next.js services |
| `test-go-ai-compliance` | `go test ./...` in `ai-compliance-sdk/` |
| `test-python-backend-compliance` | `pytest` in `backend-compliance/` |
| `test-python-document-crawler` | `pytest` in `document-crawler/` |
| `test-python-dsms-gateway` | `pytest test_main.py` in `dsms-gateway/` |
| `sbom-scan` | License + vulnerability scan via `syft` + `grype` |
| `validate-canonical-controls` | OpenAPI contract baseline diff |
---
## File Budget
| Limit | Value | How to check |
|-------|-------|--------------|
| Soft target | 300 LOC | `bash scripts/check-loc.sh` |
| Hard cap | 500 LOC | Same; also enforced by `PreToolUse` hook + git pre-commit + CI |
| Exceptions | `.claude/rules/loc-exceptions.txt` | Require written rationale + `[guardrail-change]` commit marker |
The `.claude/settings.json` `PreToolUse` hook blocks Claude Code from writing or editing files that would exceed the hard cap. The git pre-commit hook re-checks. CI is the final gate.
---
## Links
| | URL |
|-|-----|
| Admin dashboard | <https://admin-dev.breakpilot.ai> |
| Developer portal | <https://developers-dev.breakpilot.ai> |
| Backend API | <https://api-dev.breakpilot.ai> |
| AI SDK API | <https://sdk-dev.breakpilot.ai> |
| Gitea repo | <https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance> |
| Gitea Actions | <https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions> |
---
## License
Apache-2.0. See [LICENSE](LICENSE).
Reference in New Issue View Git Blame Copy Permalink