Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e411c4f0d3e49be7c1b60f53cb18335a23d11712
breakpilot-compliance/backend-compliance
T
History
Benjamin Admin e411c4f0d3
CI / detect-changes (push) Successful in 12s
Details
CI / branch-name (push) Has been skipped
Details
CI / nodejs-build (push) Successful in 3m27s
Details
CI / iace-gt-coverage (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / secret-scan (push) Has been skipped
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / validate-canonical-controls (push) Successful in 17s
Details
CI / loc-budget (push) Failing after 20s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go (push) Has been skipped
Details
CI / test-python-backend (push) Successful in 47s
Details
CI / test-python-document-crawler (push) Has been skipped
Details
CI / test-python-dsms-gateway (push) Has been skipped
Details
feat(audit): Text-Paste-Mode pro Row — Crawler optional umgehen 
Hintergrund: VW liefert ueber URL-Crawler nur 6 Vendors statt der 100+
die in der echten Cookie-Tabelle stehen. Wenn der User die Tabelle aber
direkt von der Site kopieren kann (was bei den meisten OEM-Sites moeglich
ist), umgehen wir den Crawler komplett und parsen den Text deterministisch.

Backend:
* doc_type_classifier.py — 7 Pattern-Gruppen (§5 TMG, Art.13 DSGVO,
  AGB-Klauseln, Widerrufs-Frist, Cookie-Tabellen-Header, etc). Wenn der
  User Text ins falsche Doc-Type-Feld kopiert (Impressum->DSE),
  detect_mismatch liefert detected + action ('reclassify' bei sehr hoher
  Konfidenz, 'warn' bei medium).
* cookies_table_parser.py — Tab/Pipe/Komma/Semicolon-Separator-Auto-
  Detection, Spalten-Mapping per Header-Keyword. Aggregiert Cookie-
  Eintraege zu Vendor-Records (mit _guess_vendor-Fallback). Voll
  deterministisch, kein LLM.
* doc_input_warnings.py — Mail-Block ueber dem Audit, der Mismatches +
  Auto-Reclassifies dem User transparent macht.
* Pipeline: text gewinnt ueber url (war schon im Schema vermerkt), neue
  Felder declared_doc_type / input_source / reclassify_hint in doc_entries.
  Pasted-Tabellen-Vendors haben Vorrang vor Library-Fallback + LLM-Cascade
  (sind 100% genau).

Frontend (DocCheckTab):
* Pro Row Mode-Toggle 'URL' / 'Text einfuegen' (lila wenn aktiv).
* Textarea (h-32, monospace) im text-mode mit kontext-spezifischem
  Placeholder (Cookie-Hinweis ggue. anderen Doc-Types) und Live-
  Zeichen-/Wort-Counter.
* Submit-Button accepted entries mit URL ODER text.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-21 18:58:32 +02:00
..
auth
Initial commit: breakpilot-compliance - Compliance SDK Platform
2026-02-11 23:47:28 +01:00
classroom_engine
Initial commit: breakpilot-compliance - Compliance SDK Platform
2026-02-11 23:47:28 +01:00
compliance
feat(audit): Text-Paste-Mode pro Row — Crawler optional umgehen
2026-05-21 18:58:32 +02:00
middleware
fix(quality): Ruff/CVE/TS-Fixes, 104 neue Tests, Complexity-Refactoring
2026-03-07 19:00:33 +01:00
migrations
feat(audit-pipeline): P72 MC-Scope-Classifier + P80 Snapshot/Replay-Foundation [migration-approved]
2026-05-21 08:53:31 +02:00
scripts
feat(audit): VW-Cookie-Bug-Fix + P101/P102 Cookie-Library-Mismatch-Findings
2026-05-21 15:47:11 +02:00
services
Initial commit: breakpilot-compliance - Compliance SDK Platform
2026-02-11 23:47:28 +01:00
templates/gdpr
Initial commit: breakpilot-compliance - Compliance SDK Platform
2026-02-11 23:47:28 +01:00
tests
feat(founding-wizard): Per-Person IP-Assignment + Prefill + E2E-Tests
2026-05-21 18:49:10 +02:00
consent_admin_api.py
Initial commit: breakpilot-compliance - Compliance SDK Platform
2026-02-11 23:47:28 +01:00
consent_api.py
Initial commit: breakpilot-compliance - Compliance SDK Platform
2026-02-11 23:47:28 +01:00
consent_client.py
refactor: phase 0 guardrails + phase 1 step 2 (models.py split)
2026-04-07 13:18:29 +02:00
database.py
Initial commit: breakpilot-compliance - Compliance SDK Platform
2026-02-11 23:47:28 +01:00
Dockerfile
feat(compliance-check): MC-Classification + Embedding + Vendor-Redundanz + Action-Recipes + Borlabs-Features
2026-05-18 18:30:08 +02:00
gdpr_api.py
Initial commit: breakpilot-compliance - Compliance SDK Platform
2026-02-11 23:47:28 +01:00
gdpr_export_service.py
Initial commit: breakpilot-compliance - Compliance SDK Platform
2026-02-11 23:47:28 +01:00
main.py
feat(quaidal): backend API + frontend tab for BSI QUAIDAL data-quality controls
2026-05-19 13:03:54 +02:00
migration_runner.py
fix: migration runner strips BEGIN/COMMIT and guards missing tables
2026-03-14 21:59:10 +01:00
mypy.ini
chore: mypy cleanup — comprehensive disable headers for agent-created services
2026-04-10 11:23:43 +02:00
PHASE1_RUNBOOK.md
refactor: phase 0 guardrails + phase 1 step 2 (models.py split)
2026-04-07 13:18:29 +02:00
README.md
docs: update service READMEs for refactor progress and stale phase references
2026-04-19 16:07:23 +02:00
requirements-reranker.txt
fix(docker): make torch/sentence-transformers optional to unblock builds
2026-03-21 15:06:51 +01:00
requirements.txt
fix(founding-wizard): add python-docx dep + Lifecycle filter UI
2026-05-20 16:41:36 +02:00

README.md

backend-compliance

Python/FastAPI service implementing the DSGVO compliance API: DSR, DSFA, consent, controls, risks, evidence, audit, vendor management, ISMS, change requests, document generation.

Port: 8002 (container: bp-compliance-backend) Stack: Python 3.12, FastAPI, SQLAlchemy 2.x, Alembic, Keycloak auth.

Architecture

compliance/
├── api/            # Routers (thin, ≤30 LOC per handler)
├── services/       # Business logic
├── repositories/   # DB access
├── domain/         # Value objects, domain errors
├── schemas/        # Pydantic models, split per domain
└── db/models/      # SQLAlchemy ORM, one module per aggregate

The service follows this layered target structure but not all files are fully refactored yet. Phase 1 backlog is tracked in .claude/rules/loc-exceptions.txt (27 backend-compliance files currently excepted).

See ../AGENTS.python.md for the full convention and ../.claude/rules/architecture.md for the non-negotiable rules.

Run locally

cd backend-compliance
pip install -r requirements.txt
export COMPLIANCE_DATABASE_URL=...  # Postgres (Hetzner or local)
uvicorn main:app --reload --port 8002

Tests

pytest compliance/tests/ -v
pytest --cov=compliance --cov-report=term-missing

Layout: tests/unit/, tests/integration/, tests/contracts/. Contract tests diff /openapi.json against tests/contracts/openapi.baseline.json.

Public API surface

404+ endpoints across /api/v1/*. Grouped by domain: ai, audit, consent, dsfa, dsr, gdpr, vendor, evidence, change-requests, generation, projects, company-profile, isms. Every path is a contract — see the "Public endpoints" rule in the root CLAUDE.md.

Environment

Var Purpose
COMPLIANCE_DATABASE_URL Postgres DSN, sslmode=require
KEYCLOAK_* Auth verification
QDRANT_URL, QDRANT_API_KEY Vector search
CORE_VALKEY_URL Session cache

Don't touch

Database schema, __tablename__, column names, existing migrations under migrations/. See root CLAUDE.md rule 3.

Reference in New Issue View Git Blame Copy Permalink