Benjamin_Boenisch/breakpilot-compliance

Fork 0

T

Benjamin Admin e2be51b0aa

CI / secret-scan (push) Has been skipped

Details

CI / dep-audit (push) Has been skipped

Details

CI / sbom-scan (push) Has been skipped

Details

CI / validate-canonical-controls (push) Successful in 16s

Details

CI / detect-changes (push) Successful in 11s

Details

CI / branch-name (push) Has been skipped

Details

CI / guardrail-integrity (push) Has been skipped

Details

CI / loc-budget (push) Failing after 16s

Details

CI / go-lint (push) Has been skipped

Details

CI / python-lint (push) Has been skipped

Details

CI / nodejs-lint (push) Has been skipped

Details

CI / nodejs-build (push) Successful in 2m42s

Details

CI / test-go (push) Has been skipped

Details

CI / iace-gt-coverage (push) Has been skipped

Details

CI / test-python-backend (push) Successful in 41s

Details

CI / test-python-document-crawler (push) Has been skipped

Details

CI / test-python-dsms-gateway (push) Has been skipped

Details

feat(audit): P106 MC-Audit-Type + P83 BUILD_SHA in Dockerfiles + P80 v2 full

P106 — mc_audit_type.py: zentrales Quality-Thema.
Klassifiziert pro MC: verifiable / process_internal / doc_internal /
ambiguous. Pattern-Match auf check_question + title + fail_criteria
(Schulung, AVV abgeschlossen, TOM umgesetzt, DSFA durchgefuehrt,
Ausnahmen dokumentieren, kostenfrei zur Verfuegung, opt-out
intern ermoeglichen, …).

Interne MCs werden in der MC-Auswertung NICHT mehr als FAIL gewertet,
sondern als CHECK markiert (audit_status='check'). Sie zaehlen im
build_scorecard als skipped (nicht failed) damit der Score realistisch
ist. build_internal_checks_block_html() rendert sie als separaten
blauen Block 'Pruefungen die wir von aussen NICHT durchfuehren koennen'
nach dem MC-Scorecard.

Erwartete Wirkung: bei VW 95 FAILs → wahrscheinlich 30-40 echte
verifiable_fails + 50-60 internal_checks. GF-Mail wird drastisch
realistischer (statt 'Sie haben 95 Verstoesse' → 'Sie haben 35
extern sichtbare Themen + 60 interne Checks, bitte mit DSB klaeren').

P83 — BUILD_SHA in backend/admin/consent-tester Dockerfiles als
ARG + ENV. check-rebuild-needed.sh kann jetzt deployed vs local SHA
vergleichen + REBUILD REQUIRED melden.

P80 v2 — check_replay.py macht jetzt vollstaendigen Replay aller
post-fetch Quality-Generatoren: vendor_normalizer (Dedup),
audit_quality_checks, cookie_compliance_audit, tcf_vendor_authority,
cookie_value_entropy, cookie_network_tracer. Snapshots aus alter Zeit
zeigen jetzt im Replay den aktuellen Audit-Stand.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-22 08:57:02 +02:00

.claude

feat(compliance-check): P12 — TDM-Override mit dokumentierter Kunden-Erlaubnis

2026-05-19 08:56:50 +02:00

.gitea/workflows

fix(ci): trigger orca on per-job result, not needs.*.result spread

2026-05-19 09:34:59 +02:00

.woodpecker

fix(ci): update Go to 1.24 for ai-compliance-sdk

2026-02-15 17:43:27 +01:00

admin-compliance

feat(audit): P106 MC-Audit-Type + P83 BUILD_SHA in Dockerfiles + P80 v2 full

2026-05-22 08:57:02 +02:00

ai-compliance-sdk

feat(iace): bridge OSHA MD library to pattern engine, body-part-specific lift crush hazards

2026-05-22 08:37:24 +02:00

backend-compliance

feat(audit): P106 MC-Audit-Type + P83 BUILD_SHA in Dockerfiles + P80 v2 full

2026-05-22 08:57:02 +02:00

breakpilot-compliance-sdk

docs: update service READMEs for refactor progress and stale phase references

2026-04-19 16:07:23 +02:00

compliance-tts-service

Add Edge TTS voices for TR, AR, UK, RU, PL, FR, ES

2026-04-26 23:56:05 +02:00

consent-sdk

refactor(consent-sdk,dsms-gateway): split ConsentManager, types, and main.py

2026-04-18 08:42:32 +02:00

consent-tester

feat(audit): P106 MC-Audit-Type + P83 BUILD_SHA in Dockerfiles + P80 v2 full

2026-05-22 08:57:02 +02:00

developer-portal

chore: bump next 15.1.0 → 15.5.16 (CVE-2026-44578)

2026-05-15 18:48:36 +02:00

docs-src

test+docs: IACE Phase 3/4 — fehlende Tests + Entwickler-Dokumentation

2026-05-10 09:49:29 +02:00

document-crawler

refactor: phase 0 guardrails + phase 1 step 2 (models.py split)

2026-04-07 13:18:29 +02:00

dsms-gateway

feat(dsms): Stufe 2+3 — Evidence/TechFile → DSMS + Version Chains + Audit Timeline

2026-05-12 13:55:07 +02:00

dsms-node

refactor: phase 0 guardrails + phase 1 step 2 (models.py split)

2026-04-07 13:18:29 +02:00

scripts

feat(audit): Phase 1 Quick-Wins (P81 + P85 + P70 + P83) + TCF DELETE/INSERT-Fix

2026-05-22 08:24:46 +02:00

zeroclaw

docs(gt): BMW cross-domain finding — 3 domains, no AGB, Social Media on jobs portal

2026-05-15 13:21:27 +02:00

.env.example

feat(infra): Qdrant + MinIO auf externe Hetzner-Services migrieren

2026-03-06 14:33:04 +01:00

.env.orca.example

chore: replace all Coolify references with Orca

2026-04-19 16:33:56 +02:00

.gitignore

docs: add root README, CONTRIBUTING, onboarding section, gitignore fixes

2026-04-19 16:09:28 +02:00

AGENTS.go.md

fix: resolve CI failures in Python tests and admin-compliance build

2026-04-19 16:41:39 +02:00

AGENTS.python.md

fix: resolve CI failures in Python tests and admin-compliance build

2026-04-19 16:41:39 +02:00

AGENTS.typescript.md

docs(agents): require build + lint + test locally before pushing [guardrail-change]

2026-04-19 16:38:21 +02:00

CONTRIBUTING.md

chore: replace all Coolify references with Orca

2026-04-19 16:33:56 +02:00

docker-compose.hetzner.yml

docs: replace all Coolify references with Orca across compliance repo

2026-04-17 10:39:45 +02:00

docker-compose.orca.yml

chore: replace all Coolify references with Orca

2026-04-19 16:33:56 +02:00

docker-compose.yml

feat(agent): MC scorecard + audit drill-down + tenant trend (A1-A6)

2026-05-17 13:45:58 +02:00

mkdocs.yml

docs: add Pass 0b cost benchmark — v3 vs v4 vs backfill vs Mac Mini

2026-04-27 16:00:11 +02:00

README.md

chore: replace all Coolify references with Orca

2026-04-19 16:33:56 +02:00

REFACTOR_PLAYBOOK.md

docs: add root README, CONTRIBUTING, onboarding section, gitignore fixes

2026-04-19 16:09:28 +02:00

README.md

breakpilot-compliance

DSGVO/AI-Act compliance platform — 10 services, Go · Python · TypeScript

Overview

breakpilot-compliance is a multi-tenant DSGVO/EU AI Act compliance platform that provides an SDK for consent management, data subject requests (DSR), audit logging, iACE impact assessments, and document archival. It ships as 10 containerised services covering an admin dashboard, a developer portal, a Python/FastAPI backend, a Go AI compliance engine, TTS, and a decentralised document store on IPFS. Every service is deployed automatically via Gitea Actions → Orca on every push to main.

Architecture

Service	Tech	Port	Container
admin-compliance	Next.js 15	3007	bp-compliance-admin
backend-compliance	Python / FastAPI 0.123	8002	bp-compliance-backend
ai-compliance-sdk	Go 1.24 / Gin	8093	bp-compliance-ai-sdk
developer-portal	Next.js 15	3006	bp-compliance-developer-portal
breakpilot-compliance-sdk	TypeScript SDK (React/Vue/Angular/vanilla)	—	—
consent-sdk	JS/TS Consent SDK	—	—
compliance-tts-service	Python / Piper TTS	8095	bp-compliance-tts
document-crawler	Python / FastAPI	8098	bp-compliance-document-crawler
dsms-gateway	Python / FastAPI / IPFS	8082	bp-compliance-dsms-gateway
dsms-node	IPFS Kubo v0.24.0	—	bp-compliance-dsms-node

All containers share the external breakpilot-network Docker network and depend on breakpilot-core (Valkey, Vault, RAG service, Nginx reverse proxy).

Quick Start

Prerequisites: Docker, Go 1.24+, Python 3.12+, Node.js 20+

git clone ssh://git@gitea.meghsakha.com:22222/Benjamin_Boenisch/breakpilot-compliance.git
cd breakpilot-compliance

# Copy and populate secrets (never commit .env)
cp .env.example .env

# Start all services
docker compose up -d

For the Orca/Hetzner production target (x86_64), use the override:

docker compose -f docker-compose.yml -f docker-compose.hetzner.yml up -d

Development Workflow

Use feature branches off main. Supported prefixes: feat/, feature/, hotfix/.

git checkout main && git pull origin main
git checkout -b feat/my-change
# ... make changes ...
git push origin feat/my-change
# Open a PR → squash merge to main

Push to main triggers:

Gitea Actions — lint → test → validate (see CI Pipeline below)
Orca — automatic build + deploy (~3 min total)

Monitor status: https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions

CI Pipeline

Defined in .gitea/workflows/ci.yaml.

Job	What it checks
`loc-budget`	All source files ≤ 500 LOC; soft target 300
`guardrail-integrity`	Commits touching guardrail files carry `[guardrail-change]`
`go-lint`	`golangci-lint` on `ai-compliance-sdk/`
`python-lint`	`ruff` + `mypy` on Python services
`nodejs-lint`	`tsc --noEmit` + ESLint on Next.js services
`test-go-ai-compliance`	`go test ./...` in `ai-compliance-sdk/`
`test-python-backend-compliance`	`pytest` in `backend-compliance/`
`test-python-document-crawler`	`pytest` in `document-crawler/`
`test-python-dsms-gateway`	`pytest test_main.py` in `dsms-gateway/`
`sbom-scan`	License + vulnerability scan via `syft` + `grype`
`validate-canonical-controls`	OpenAPI contract baseline diff

File Budget

Limit	Value	How to check
Soft target	300 LOC	`bash scripts/check-loc.sh`
Hard cap	500 LOC	Same; also enforced by `PreToolUse` hook + git pre-commit + CI
Exceptions	`.claude/rules/loc-exceptions.txt`	Require written rationale + `[guardrail-change]` commit marker

The .claude/settings.json PreToolUse hook blocks Claude Code from writing or editing files that would exceed the hard cap. The git pre-commit hook re-checks. CI is the final gate.

Links

	URL
Admin dashboard	https://admin-dev.breakpilot.ai
Developer portal	https://developers-dev.breakpilot.ai
Backend API	https://api-dev.breakpilot.ai
AI SDK API	https://sdk-dev.breakpilot.ai
Gitea repo	https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance
Gitea Actions	https://gitea.meghsakha.com/Benjamin_Boenisch/breakpilot-compliance/actions

Languages

TypeScript 43.1%

Python 30.8%

Go 23.5%

Shell 1.2%

PLpgSQL 0.8%

Other 0.3%