Files

T

Benjamin Admin bea8559f78 docs(knowledge): first Transition Pattern ISO27001 -> CRA (curated knowledge base)

Reasoning session's new Knowledge Acquisition responsibility (re-charter): build and curate
the Transition Knowledge Base under backend-compliance/knowledge/transition_patterns/ (beside
reasoning/, not under it -- it is knowledge, not an engine).

First professional pattern TP-ISO27001-CRA-v1 (status: draft): separates what a mature ISMS
likely covers at the ORG level (probably_covered, needs product-level confirmation, never
auto-"erfuellt") from the CRA-specific delta with no ISO 27001 analogue (SBOM, support period +
secure signed updates, coordinated vulnerability disclosure, Art. 14 authority reporting,
product cyber risk assessment, CE conformity / technical documentation). Expert draft, not a
normative proof; review_required before customer use.

Non-runtime knowledge -> no deploy (ADR-001). Next: ISMS->TISAX.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-27 07:50:42 +02:00

auth

Initial commit: breakpilot-compliance - Compliance SDK Platform

2026-02-11 23:47:28 +01:00

classroom_engine

Initial commit: breakpilot-compliance - Compliance SDK Platform

2026-02-11 23:47:28 +01:00

compliance

feat(transition): Transition Reasoning v0 (RS-005) — Transition Planning Engine

2026-06-27 07:31:11 +02:00

knowledge/transition_patterns

docs(knowledge): first Transition Pattern ISO27001 -> CRA (curated knowledge base)

2026-06-27 07:50:42 +02:00

middleware

fix(quality): Ruff/CVE/TS-Fixes, 104 neue Tests, Complexity-Refactoring

2026-03-07 19:00:33 +01:00

migrations

fix(db): dedupe doc_check_controls 3x + unique constraint

2026-06-20 14:25:03 +02:00

reference_scenarios

feat(reference): Reference Scenario Suite v1 (living regression reference, not docs)

2026-06-26 22:48:27 +02:00

scripts

chore(cra): align CRA module to the dev/demo tenant + demo-customer seed script

2026-06-14 15:52:49 +02:00

services

Initial commit: breakpilot-compliance - Compliance SDK Platform

2026-02-11 23:47:28 +01:00

templates/gdpr

Initial commit: breakpilot-compliance - Compliance SDK Platform

2026-02-11 23:47:28 +01:00

tests

feat(transition): Transition Reasoning v0 (RS-005) — Transition Planning Engine

2026-06-27 07:31:11 +02:00

consent_admin_api.py

Initial commit: breakpilot-compliance - Compliance SDK Platform

2026-02-11 23:47:28 +01:00

consent_api.py

Initial commit: breakpilot-compliance - Compliance SDK Platform

2026-02-11 23:47:28 +01:00

consent_client.py

refactor: phase 0 guardrails + phase 1 step 2 (models.py split)

2026-04-07 13:18:29 +02:00

database.py

Initial commit: breakpilot-compliance - Compliance SDK Platform

2026-02-11 23:47:28 +01:00

Dockerfile

feat(audit): Screenshot+Tesseract-OCR Cookie-Extract als Vendor-Quelle C

2026-05-22 23:22:35 +02:00

gdpr_api.py

Initial commit: breakpilot-compliance - Compliance SDK Platform

2026-02-11 23:47:28 +01:00

gdpr_export_service.py

Initial commit: breakpilot-compliance - Compliance SDK Platform

2026-02-11 23:47:28 +01:00

main.py

feat(sdk): Kunden-Dokumente + CRA-Meldewesen, Screening aus Frontend genommen

2026-06-17 21:21:28 +02:00

migration_runner.py

fix: migration runner strips BEGIN/COMMIT and guards missing tables

2026-03-14 21:59:10 +01:00

mypy.ini

chore: mypy cleanup — comprehensive disable headers for agent-created services

2026-04-10 11:23:43 +02:00

PHASE1_RUNBOOK.md

refactor: phase 0 guardrails + phase 1 step 2 (models.py split)

2026-04-07 13:18:29 +02:00

README.md

docs: update service READMEs for refactor progress and stale phase references

2026-04-19 16:07:23 +02:00

requirements-reranker.txt

fix(docker): make torch/sentence-transformers optional to unblock builds

2026-03-21 15:06:51 +01:00

requirements.txt

feat(cra): standalone CRA finding->Annex I risk mapper + MCP interface

2026-06-13 20:22:34 +02:00

README.md

backend-compliance

Python/FastAPI service implementing the DSGVO compliance API: DSR, DSFA, consent, controls, risks, evidence, audit, vendor management, ISMS, change requests, document generation.

Port: 8002 (container: bp-compliance-backend) Stack: Python 3.12, FastAPI, SQLAlchemy 2.x, Alembic, Keycloak auth.

Architecture

compliance/
├── api/            # Routers (thin, ≤30 LOC per handler)
├── services/       # Business logic
├── repositories/   # DB access
├── domain/         # Value objects, domain errors
├── schemas/        # Pydantic models, split per domain
└── db/models/      # SQLAlchemy ORM, one module per aggregate

The service follows this layered target structure but not all files are fully refactored yet. Phase 1 backlog is tracked in .claude/rules/loc-exceptions.txt (27 backend-compliance files currently excepted).

See ../AGENTS.python.md for the full convention and ../.claude/rules/architecture.md for the non-negotiable rules.

Run locally

cd backend-compliance
pip install -r requirements.txt
export COMPLIANCE_DATABASE_URL=...  # Postgres (Hetzner or local)
uvicorn main:app --reload --port 8002

Tests

pytest compliance/tests/ -v
pytest --cov=compliance --cov-report=term-missing

Layout: tests/unit/, tests/integration/, tests/contracts/. Contract tests diff /openapi.json against tests/contracts/openapi.baseline.json.

Public API surface

404+ endpoints across /api/v1/*. Grouped by domain: ai, audit, consent, dsfa, dsr, gdpr, vendor, evidence, change-requests, generation, projects, company-profile, isms. Every path is a contract — see the "Public endpoints" rule in the root CLAUDE.md.

Environment

Var	Purpose
`COMPLIANCE_DATABASE_URL`	Postgres DSN, `sslmode=require`
`KEYCLOAK_*`	Auth verification
`QDRANT_URL`, `QDRANT_API_KEY`	Vector search
`CORE_VALKEY_URL`	Session cache

Don't touch

Database schema, __tablename__, column names, existing migrations under migrations/. See root CLAUDE.md rule 3.