Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9b8b7ca073cb3ff562b2ff24d86c99bbf445a58c
breakpilot-compliance/backend-compliance/compliance/SERVICE_COVERAGE.md
Benjamin Boenisch 4435e7ea0a Initial commit: breakpilot-compliance - Compliance SDK Platform 
Services: Admin-Compliance, Backend-Compliance,
AI-Compliance-SDK, Consent-SDK, Developer-Portal,
PCA-Platform, DSMS

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-11 23:47:28 +01:00

298 lines
8.7 KiB
Markdown
Raw Blame History

# Breakpilot Service Coverage - Sprint 3
## Übersicht
Vollständige Dokumentation aller 36 Breakpilot Services in der Compliance-Registry.
## Service-Kategorien
### Backend Services (11)
| Service | Port | PII | AI | Criticality | GDPR | AI Act | BSI-TR |
|---------|------|-----|----|----|------|--------|--------|
| python-backend | 8000 | ✓ | - | critical | ✓✓✓ | ✓✓ | ✓✓ |
| consent-service | 8081 | ✓ | - | critical | ✓✓✓ | - | ✓✓ |
| billing-service | 8083 | ✓ | - | critical | ✓✓✓ | - | - |
| school-service | 8084 | ✓ | - | high | ✓✓✓ | - | ✓✓ |
| calendar-service | 8085 | ✓ | - | medium | ✓✓ | - | - |
| h5p-service | 8082 | ✓ | - | medium | ✓✓ | - | - |
| website | 3000 | ✓ | - | high | ✓✓ | - | ✓✓ |
| dsms-gateway | 8082 | ✓ | - | medium | ✓✓ | - | - |
| erpnext | 8080 | ✓ | - | high | ✓✓✓ | - | - |
| camunda | 8089 | ✓ | - | medium | ✓✓ | - | - |
| compliance-module | - | - | ✓ | high | ✓✓ | ✓ | - |
### AI Services (4)
| Service | Port | PII | AI | Criticality | GDPR | AI Act | Notes |
|---------|------|-----|----|-------------|------|--------|-------|
| klausur-service | 8086 | ✓ | ✓ | high | ✓✓✓ | ✓✓✓ | High-Risk KI (Bildung) |
| embedding-service | 8087 | - | ✓ | medium | ✓ | ✓✓ | RAG/Embeddings |
| transcription-worker | - | ✓ | ✓ | medium | ✓✓ | ✓✓ | Whisper ASR |
| llm-gateway | 8088 | ✓ | ✓ | high | ✓✓ | ✓✓✓ | LLM Orchestration |
| breakpilot-drive | 3001 | ✓ | ✓ | medium | ✓✓ | ✓✓ | Unity + LLM |
### Databases (5)
| Service | Port | Type | PII | Criticality | GDPR | BSI-TR |
|---------|------|------|-----|-------------|------|--------|
| postgresql | 5432 | Relational | ✓ | critical | ✓✓✓ | ✓✓✓ |
| qdrant | 6333 | Vector | - | medium | ✓ | ✓✓ |
| valkey | 6379 | Cache | ✓ | high | ✓✓ | ✓✓ |
| content-db | 5433 | Relational | - | medium | - | ✓✓ |
| erpnext-db | 3306 | MariaDB | ✓ | high | ✓✓ | ✓✓ |
### Communication Services (6)
| Service | Port | PII | Criticality | GDPR | DSA | Notes |
|---------|------|-----|-------------|------|-----|-------|
| matrix-synapse | 8008 | ✓ | high | ✓✓✓ | ✓✓ | E2EE Chat |
| synapse-db | 5432 | ✓ | high | ✓✓✓ | - | Matrix DB |
| jitsi-meet | 8443 | ✓ | high | ✓✓✓ | - | Video Frontend |
| jitsi-prosody | 5222 | ✓ | high | ✓✓ | - | XMPP Server |
| jitsi-jicofo | - | - | medium | ✓ | - | Conference Focus |
| jitsi-jvb | 10000 | ✓ | high | ✓✓ | - | Video Bridge |
| jibri | - | ✓ | high | ✓✓✓ | - | Recording |
### Storage Services (2)
| Service | Port | Type | PII | Criticality | GDPR | BSI-TR |
|---------|------|------|-----|-------------|------|--------|
| minio | 9000 | S3 | ✓ | critical | ✓✓✓ | ✓✓ |
| dsms-node | 5001 | IPFS | ✓ | medium | ✓✓ | ✓✓ |
### Infrastructure Services (5)
| Service | Port | PII | Criticality | GDPR | NIS2 | Notes |
|---------|------|-----|-------------|------|------|-------|
| vault | 8200 | - | critical | ✓✓ | - | Secrets Management |
| traefik | 443 | ✓ | critical | - | ✓✓ | Reverse Proxy |
| mailpit | 8025 | ✓ | low | ✓ | - | Dev Mail Server |
| backup | - | ✓ | critical | ✓✓✓ | - | DB Backups |
### Monitoring Services (3)
| Service | Port | PII | Criticality | GDPR | BSI-TR | Notes |
|---------|------|-----|-------------|------|--------|-------|
| loki | 3100 | ✓ | high | ✓✓ | ✓✓ | Log Aggregation |
| grafana | 3000 | - | medium | - | ✓✓ | Dashboards |
| prometheus | 9090 | - | medium | - | ✓✓ | Metrics |
### Security Services (1)
| Service | Port | PII | Criticality | GDPR | BSI-TR | Notes |
|---------|------|-----|-------------|------|--------|-------|
| vault | 8200 | - | critical | ✓✓ | ✓✓✓ | Encryption as a Service |
## Statistiken
### Gesamt
- **36 Services** dokumentiert
- **26 Services** (72%) verarbeiten PII
- **5 Services** (14%) enthalten KI-Komponenten
- **9 Services** (25%) sind als "critical" eingestuft
### Nach Service-Typ
```
Backend: 11 (31%)
Communication: 6 (17%)
Database: 5 (14%)
AI: 5 (14%)
Infrastructure: 5 (14%)
Monitoring: 3 (8%)
Storage: 2 (6%)
Security: 1 (3%)
```
### Technologie-Stack (Top 10)
```
Python: 15 Services
PostgreSQL: 8 Services
FastAPI: 7 Services
Go: 4 Services
Java: 3 Services
JavaScript: 2 Services
WebRTC: 2 Services
Redis/Valkey: 2 Services
Nginx: 2 Services
Docker: 36 Services (alle)
```
### Compliance-Abdeckung
#### GDPR
- **Critical**: 15 Services (consent, billing, school, postgresql, minio, backup, etc.)
- **High**: 10 Services (python-backend, klausur-service, matrix-synapse, etc.)
- **Medium**: 8 Services (calendar, embedding, dsms, etc.)
- **Low**: 3 Services (mailpit, etc.)
#### AI Act
- **Critical**: 3 Services (klausur-service, llm-gateway)
- **High**: 2 Services (python-backend)
- **Medium**: 5 Services (embedding-service, transcription-worker, compliance-module, etc.)
#### BSI-TR-03161
- **Critical**: 4 Services (postgresql, vault, backup)
- **High**: 8 Services (consent-service, school-service, matrix-synapse, etc.)
- **Medium**: 12 Services (qdrant, valkey, minio, etc.)
## Port-Übersicht
### Häufig genutzte Ports
```
8000 - python-backend
8008 - matrix-synapse
8025 - mailpit (Web UI)
8081 - consent-service
8082 - h5p-service / dsms-gateway (Konflikt möglich)
8083 - billing-service
8084 - school-service
8085 - calendar-service
8086 - klausur-service
8087 - embedding-service
8088 - llm-gateway
8089 - camunda
8090 - erpnext-frontend
8200 - vault
8443 - jitsi-meet
3000 - website / grafana (Konflikt möglich)
3001 - breakpilot-drive
3100 - loki
3306 - erpnext-db (MariaDB)
5001 - dsms-node (IPFS API)
5222 - jitsi-prosody (XMPP)
5432 - postgresql / synapse-db
5433 - content-db
6333 - qdrant
6379 - valkey (Redis)
9000 - minio (S3 API)
9001 - minio (Console)
9090 - prometheus
10000 - jitsi-jvb (UDP)
```
### Erkannte Port-Konflikte
- **Port 8082**: h5p-service, dsms-gateway (beide in service_modules.py)
- **Port 3000**: website, grafana (beide in service_modules.py)
- **Port 5432**: postgresql, synapse-db (separater Service)
**Hinweis**: Konflikte in docker-compose.yml durch unterschiedliche Profile oder Host-Ports gelöst.
## PII-Verarbeitung
### Services die PII verarbeiten (26)
**Critical PII Processing:**
- consent-service (Einwilligungen)
- billing-service (Zahlungsdaten)
- school-service (Schülerdaten)
- postgresql (alle persistenten Daten)
- minio (Dateispeicher)
- backup (Datensicherung)
**High PII Processing:**
- python-backend (User-Daten, Dokumente)
- klausur-service (Klausuren, Korrekturen)
- matrix-synapse (Chat-Inhalte)
- jitsi-meet/jvb (Video/Audio)
- jibri (Aufzeichnungen)
- transcription-worker (Sprachaufnahmen)
## KI-Komponenten
### Services mit KI (5)
1. **klausur-service** (High-Risk AI)
- Claude API für Klausurkorrektur
- AI Act Art. 6 (Bildungsbereich)
- GDPR Art. 22 (automatisierte Entscheidungen)
2. **embedding-service**
- SentenceTransformers (lokal)
- General-Purpose AI System
3. **transcription-worker**
- Whisper ASR (OpenAI)
- Biometrische Daten (GDPR)
4. **llm-gateway**
- LLM Orchestrierung
- Externe API-Calls
5. **breakpilot-drive**
- Unity + LLM Integration
- Lernspiel mit KI
## Kritikalität
### Critical Services (9)
Ausfall führt zu System-Shutdown oder schwerwiegendem Datenverlust:
- python-backend
- consent-service
- billing-service
- postgresql
- minio
- vault
- traefik
- backup
### High Services (10)
Wichtige Funktionalität, aber System kann degradiert weiterlaufen:
- klausur-service
- school-service
- website
- matrix-synapse
- jitsi-meet/jvb
- valkey
- loki
- erpnext
- erpnext-db
### Medium Services (14)
Standard-Funktionalität:
- calendar-service
- embedding-service
- transcription-worker
- h5p-service
- qdrant
- dsms-node/gateway
- jitsi-jicofo
- grafana
- prometheus
- compliance-module
- camunda
- breakpilot-drive
### Low Services (3)
Nur für Entwicklung/Testing:
- mailpit
- content-db
## Nächste Schritte
### Sprint 4 Planung
- [ ] Port-Konflikte auflösen (8082, 3000)
- [ ] Compliance-Score Berechnung
- [ ] Automatische Dependency-Graph-Erstellung
- [ ] Service-Health-Checks integrieren
- [ ] Gap-Analyse pro Service
- [ ] Dashboard für Service-Overview
### Fehlende Services
Services in docker-compose.yml aber nicht kritisch für Compliance:
- erpnext-redis-queue
- erpnext-redis-cache
- erpnext-create-site (Init-Service)
- erpnext-backend
- erpnext-websocket
- erpnext-scheduler
- erpnext-worker-long
- erpnext-worker-short
**Grund**: Interne ERPNext Worker, keine separate Compliance-Relevanz.
Reference in New Issue View Git Blame Copy Permalink