Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c867478791ba071b691d2fea147af89f6925789b
breakpilot-compliance/backend-compliance
T
History
Benjamin Admin c867478791
CI / loc-budget (push) Failing after 16s
Details
Build + Deploy / build-admin-compliance (push) Successful in 14s
Details
Build + Deploy / build-backend-compliance (push) Successful in 16s
Details
Build + Deploy / build-ai-sdk (push) Successful in 20s
Details
Build + Deploy / build-developer-portal (push) Successful in 12s
Details
Build + Deploy / build-tts (push) Successful in 15s
Details
Build + Deploy / build-document-crawler (push) Successful in 13s
Details
Build + Deploy / build-dsms-gateway (push) Successful in 13s
Details
Build + Deploy / build-dsms-node (push) Successful in 12s
Details
CI / branch-name (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / test-python-document-crawler (push) Successful in 26s
Details
CI / secret-scan (push) Has been skipped
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / nodejs-build (push) Successful in 2m49s
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / test-go (push) Successful in 45s
Details
CI / test-python-backend (push) Successful in 38s
Details
CI / test-python-dsms-gateway (push) Successful in 23s
Details
CI / validate-canonical-controls (push) Successful in 15s
Details
Build + Deploy / trigger-orca (push) Successful in 2m23s
Details
feat(tcf-vendors): GVL cache + vendor extraction + VVT mapping 
Phase 1-2 of the closed quality loop:
- GVL cache (consent-tester/services/gvl_cache.py): downloads and caches
  IAB Global Vendor List with 24h TTL, resolves vendor IDs to names,
  purposes, policy URLs, retention, country
- Vendor extraction (consent_interceptor.py): extract_tcf_vendors()
  reads __tcfapi after accept phase, resolves via GVL
- Scan response: tcf_vendors field added to /scan endpoint
- VVT mapper (vendor_vvt_mapper.py): maps TCF vendors to VVT format
  with purpose labels, Rechtsgrundlage, Drittland detection
- Vendor cross-check (banner_cookie_cross_check.py): checks all TCF
  vendors against DSI text — missing vendors, undocumented transfers
- Compliance check integrates Step 3d: TCF vendors vs DSI

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-12 18:18:50 +02:00
..
auth
classroom_engine
compliance
feat(tcf-vendors): GVL cache + vendor extraction + VVT mapping
2026-05-12 18:18:50 +02:00
middleware
migrations
feat(cmp): Phase 2 — script blocking + cookie tracking
2026-05-11 22:52:26 +02:00
scripts
services
templates/gdpr
tests
feat: Cookie-Banner ↔ Backend Integration (DSR, Retention, Consent Proof)
2026-05-02 19:52:04 +02:00
consent_admin_api.py
consent_api.py
consent_client.py
database.py
Dockerfile
gdpr_api.py
gdpr_export_service.py
main.py
feat: Unified Compliance-Check — 8 document types in one form
2026-05-11 20:56:10 +02:00
migration_runner.py
mypy.ini
chore: mypy cleanup — comprehensive disable headers for agent-created services
2026-04-10 11:23:43 +02:00
PHASE1_RUNBOOK.md
README.md
docs: update service READMEs for refactor progress and stale phase references
2026-04-19 16:07:23 +02:00
requirements-reranker.txt
requirements.txt

README.md

backend-compliance

Python/FastAPI service implementing the DSGVO compliance API: DSR, DSFA, consent, controls, risks, evidence, audit, vendor management, ISMS, change requests, document generation.

Port: 8002 (container: bp-compliance-backend) Stack: Python 3.12, FastAPI, SQLAlchemy 2.x, Alembic, Keycloak auth.

Architecture

compliance/
├── api/            # Routers (thin, ≤30 LOC per handler)
├── services/       # Business logic
├── repositories/   # DB access
├── domain/         # Value objects, domain errors
├── schemas/        # Pydantic models, split per domain
└── db/models/      # SQLAlchemy ORM, one module per aggregate

The service follows this layered target structure but not all files are fully refactored yet. Phase 1 backlog is tracked in .claude/rules/loc-exceptions.txt (27 backend-compliance files currently excepted).

See ../AGENTS.python.md for the full convention and ../.claude/rules/architecture.md for the non-negotiable rules.

Run locally

cd backend-compliance
pip install -r requirements.txt
export COMPLIANCE_DATABASE_URL=...  # Postgres (Hetzner or local)
uvicorn main:app --reload --port 8002

Tests

pytest compliance/tests/ -v
pytest --cov=compliance --cov-report=term-missing

Layout: tests/unit/, tests/integration/, tests/contracts/. Contract tests diff /openapi.json against tests/contracts/openapi.baseline.json.

Public API surface

404+ endpoints across /api/v1/*. Grouped by domain: ai, audit, consent, dsfa, dsr, gdpr, vendor, evidence, change-requests, generation, projects, company-profile, isms. Every path is a contract — see the "Public endpoints" rule in the root CLAUDE.md.

Environment

Var Purpose
COMPLIANCE_DATABASE_URL Postgres DSN, sslmode=require
KEYCLOAK_* Auth verification
QDRANT_URL, QDRANT_API_KEY Vector search
CORE_VALKEY_URL Session cache

Don't touch

Database schema, __tablename__, column names, existing migrations under migrations/. See root CLAUDE.md rule 3.

Reference in New Issue View Git Blame Copy Permalink