8f3fb84b61
All checks were successful
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 31s
CI / test-python-backend-compliance (push) Successful in 27s
CI / test-python-document-crawler (push) Successful in 20s
CI / test-python-dsms-gateway (push) Successful in 17s
- CLAUDE.md: Voraussetzungen auf externe Hetzner-Services aktualisiert (PostgreSQL 46.225.100.82:54321, Qdrant qdrant-dev.breakpilot.ai, MinIO Hetzner) - docs-src/index.md: PostgreSQL-Zeile auf externe Instanz aktualisiert - docs-src/document-crawler/index.md: DB-Verbindung auf externe PG aktualisiert - Zusatz: training_*, ucca_*, academy_* Tabellen + update_updated_at_column() Funktion auf externe DB nachmigriert (waren beim ersten Dump nicht erfasst) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
206 lines
9.2 KiB
Markdown
206 lines
9.2 KiB
Markdown
# BreakPilot Compliance - Dokumentation
|
|
|
|
Willkommen zur Dokumentation des **BreakPilot Compliance**-Stacks (Team B: DSGVO/Compliance).
|
|
|
|
## Drei-Projekt-Architektur
|
|
|
|
| Projekt | Beschreibung | Docs |
|
|
|---------|-------------|------|
|
|
| **breakpilot-core** | Shared Infrastructure (DB, Cache, Vault, Nginx) | Port 8009 |
|
|
| **breakpilot-lehrer** | Bildungs-Stack | Port 8010 |
|
|
| **breakpilot-compliance** (dieses Projekt) | DSGVO/Compliance-Stack | Port 8011 |
|
|
|
|
Compliance haengt **ausschliesslich von Core** ab (PostgreSQL, Valkey, Vault, Qdrant, MinIO, Embedding, RAG).
|
|
Es gibt **keine Laufzeitabhaengigkeit** zu breakpilot-lehrer.
|
|
|
|
---
|
|
|
|
## Services
|
|
|
|
| Service | Container | Port | Tech | Beschreibung |
|
|
|---------|-----------|------|------|--------------|
|
|
| Admin Compliance | bp-compliance-admin | 3007 | Next.js | Compliance-Dashboard |
|
|
| Developer Portal | bp-compliance-developer-portal | 3006 | Next.js | API-Dokumentation fuer Kunden |
|
|
| Backend Compliance | bp-compliance-backend | 8002 | Python/FastAPI | Compliance API |
|
|
| AI Compliance SDK | bp-compliance-ai-sdk | 8090/8093 | Go/Gin | DSGVO-konforme KI-Nutzung |
|
|
| DSMS Node | bp-compliance-dsms-node | 4001/5001 | IPFS | Dezentrales Datenschutz-Management |
|
|
| DSMS Gateway | bp-compliance-dsms-gateway | 8082 | Node.js/Express | IPFS Gateway |
|
|
| Document Crawler | bp-compliance-document-crawler | 8098 | Python | Web-Crawler fuer Rechtstexte |
|
|
|
|
---
|
|
|
|
## SDK-Module (Kundenbereich)
|
|
|
|
Module die Compliance-Kunden im SDK sehen und nutzen:
|
|
|
|
| Modul | Beschreibung | Frontend |
|
|
|-------|--------------|----------|
|
|
| **TOM** | Technisch-Organisatorische Massnahmen | /sdk/tom |
|
|
| **DSFA** | Datenschutz-Folgenabschaetzung | /sdk/dsfa |
|
|
| **VVT** | Verzeichnis von Verarbeitungstaetigkeiten | /sdk/vvt |
|
|
| **Loeschfristen** | Loeschfristen-Verwaltung | /sdk/loeschfristen |
|
|
| **Requirements** | Compliance-Anforderungen (CRUD + RAG) | /sdk/requirements |
|
|
| **Controls** | Technische/Organisatorische Kontrollen | /sdk/controls |
|
|
| **Evidence** | Compliance-Nachweise mit Gueltigkeit | /sdk/evidence |
|
|
| **Risk Matrix** | 5x5 Risikomatrix (Inherent/Residual) | /sdk/risks |
|
|
| **AI Act Compliance** | KI-Verordnung Konformitaet | /sdk/ai-act |
|
|
| **Obligations v2** | 325 Pflichten aus 9 Regulierungen, TOM-Mapping, Gap-Analyse | /sdk/obligations |
|
|
| **IACE** | CE-Risikobeurteilung (Maschinenverordnung, AI Act, CRA) | /sdk/iace |
|
|
| **Audit Checklist** | Audit-Checkliste mit Sign-Off | /sdk/audit-checklist |
|
|
| **Audit Report** | Audit-Berichte mit PDF-Export | /sdk/audit-report |
|
|
| **Consent Management** | Einwilligungs-Verwaltung | /sdk/einwilligungen |
|
|
| **DSR** | Betroffenenrechte (Art. 15-21 DSGVO) | /sdk/dsr |
|
|
| **E-Mail-Templates** | Benachrichtigungs-Vorlagen (DSR, Incidents, Schulungen) | /sdk/email-templates |
|
|
| **Academy** | Datenschutz-Schulungen mit PDF-Zertifikaten | /sdk/academy |
|
|
| **Training Engine** | KI-generierte Schulungen, Quiz, Rollenmatrix, TTS-Video | /sdk/training |
|
|
| **Whistleblower** | Hinweisgebersystem (HinSchG) | /sdk/whistleblower |
|
|
| **Incidents** | Datenschutz-Vorfaelle (Art. 33/34 DSGVO) | /sdk/incidents |
|
|
| **Vendors** | Auftragsverarbeiter-Management | /sdk/vendor-compliance |
|
|
| **Reporting** | Compliance-Berichte fuer Top Management | /sdk/reporting |
|
|
| **Import** | Dokument-Import + Gap-Analyse | /sdk/import |
|
|
| **Screening** | SBOM + CVE-Scan via OSV.dev | /sdk/screening |
|
|
| **RAG/Quellen** | Semantische Suche in Regulierungstexten | /sdk/rag |
|
|
| **Industry Templates** | Branchenvorlagen (E-Commerce, Gesundheit, etc.) | /sdk/industry-templates |
|
|
| **Document Crawler** | Automatisches Crawling von Rechtstexten | /sdk/document-crawler |
|
|
| **Advisory Board** | KI-Compliance-Beirat | /sdk/advisory-board |
|
|
|
|
## Admin-Module (Plattform-Verwaltung)
|
|
|
|
Interne Tools fuer die BreakPilot-Plattformverwaltung:
|
|
|
|
| Modul | Beschreibung | Frontend |
|
|
|-------|--------------|----------|
|
|
| **Katalogverwaltung** | SDK-Kataloge & Auswahltabellen | /dashboard/catalog-manager |
|
|
| **Mandantenverwaltung** | B2B-Kundenverwaltung & Mandanten | /dashboard/multi-tenant |
|
|
| **SSO-Konfiguration** | Single Sign-On & Authentifizierung | /dashboard/sso |
|
|
| **DSB Portal** | Datenschutzbeauftragter-Arbeitsbereich | /dashboard/dsb-portal |
|
|
|
|
---
|
|
|
|
## URLs
|
|
|
|
| URL | Service | Beschreibung |
|
|
|-----|---------|--------------|
|
|
| https://macmini:3007/ | Admin Compliance | Compliance-Dashboard |
|
|
| https://macmini:3006/ | Developer Portal | API-Dokumentation |
|
|
| https://macmini:8002/ | Backend API | Compliance REST API |
|
|
| https://macmini:8093/ | AI SDK API | SDK Backend-API |
|
|
|
|
### SDK-Module (Admin Compliance)
|
|
|
|
| URL | Modul |
|
|
|-----|-------|
|
|
| https://macmini:3007/sdk | SDK Uebersicht |
|
|
| https://macmini:3007/sdk/requirements | Requirements |
|
|
| https://macmini:3007/sdk/controls | Controls |
|
|
| https://macmini:3007/sdk/evidence | Evidence |
|
|
| https://macmini:3007/sdk/risks | Risk Matrix |
|
|
| https://macmini:3007/sdk/ai-act | AI Act |
|
|
| https://macmini:3007/sdk/audit-checklist | Audit Checklist |
|
|
| https://macmini:3007/sdk/audit-report | Audit Report |
|
|
| https://macmini:3007/sdk/obligations | Obligations v2 |
|
|
| https://macmini:3007/sdk/iace | IACE (CE-Risikobeurteilung) |
|
|
| https://macmini:3007/sdk/import | Document Import |
|
|
| https://macmini:3007/sdk/screening | System Screening |
|
|
| https://macmini:3007/sdk/rag | RAG/Quellen |
|
|
| https://macmini:3007/sdk/tom | TOM |
|
|
| https://macmini:3007/sdk/dsfa | DSFA |
|
|
| https://macmini:3007/sdk/vvt | VVT |
|
|
| https://macmini:3007/sdk/loeschfristen | Loeschfristen |
|
|
| https://macmini:3007/sdk/email-templates | E-Mail-Templates |
|
|
| https://macmini:3007/sdk/academy | Academy |
|
|
| https://macmini:3007/sdk/training | Training Engine |
|
|
| https://macmini:3007/sdk/whistleblower | Whistleblower |
|
|
| https://macmini:3007/sdk/incidents | Incidents |
|
|
| https://macmini:3007/sdk/reporting | Reporting |
|
|
| https://macmini:3007/sdk/vendor-compliance | Vendor Compliance |
|
|
| https://macmini:3007/sdk/industry-templates | Branchenvorlagen |
|
|
| https://macmini:3007/sdk/document-crawler | Document Crawler |
|
|
| https://macmini:3007/sdk/advisory-board | Advisory Board |
|
|
|
|
### Admin-Module (Dashboard)
|
|
|
|
| URL | Modul |
|
|
|-----|-------|
|
|
| https://macmini:3007/dashboard | Dashboard |
|
|
| https://macmini:3007/dashboard/catalog-manager | Katalogverwaltung |
|
|
| https://macmini:3007/dashboard/multi-tenant | Mandantenverwaltung |
|
|
| https://macmini:3007/dashboard/sso | SSO-Konfiguration |
|
|
| https://macmini:3007/dashboard/dsb-portal | DSB Portal |
|
|
|
|
---
|
|
|
|
## Abhaengigkeiten zu Core
|
|
|
|
Compliance-Services nutzen folgende Core-Infrastruktur:
|
|
|
|
| Core Service | Genutzt von | Zweck |
|
|
|-------------|-------------|-------|
|
|
| PostgreSQL (46.225.100.82:54321, extern) | Alle | Compliance-Datenbank (Hetzner/meghshakka, TLS) |
|
|
| Valkey (6379) | Backend, Admin | Session Cache |
|
|
| Vault (8200) | Alle | Secrets Management |
|
|
| Qdrant (qdrant-dev.breakpilot.ai) | AI SDK, Document Crawler | Vector-Suche (gehostet, API-Key) |
|
|
| Hetzner Object Storage | TTS Service, Document Crawler | Datei-Storage (S3-kompatibel) |
|
|
| Embedding (8087) | AI SDK | Text-Embeddings |
|
|
| RAG Service (8097) | AI SDK | Retrieval Augmented Generation |
|
|
| Nginx | Alle | HTTPS Reverse Proxy |
|
|
|
|
---
|
|
|
|
## Services-Dokumentation
|
|
|
|
- [AI Compliance SDK](services/ai-compliance-sdk/index.md)
|
|
- [Architektur](services/ai-compliance-sdk/ARCHITECTURE.md)
|
|
- [Developer Guide](services/ai-compliance-sdk/DEVELOPER.md)
|
|
- [Auditor-Dokumentation](services/ai-compliance-sdk/AUDITOR_DOCUMENTATION.md)
|
|
- [SBOM](services/ai-compliance-sdk/SBOM.md)
|
|
- [Document Crawler](services/document-crawler/index.md)
|
|
- SDK-Module:
|
|
- [Analyse-Module (Paket 2)](services/sdk-modules/analyse-module.md) — Requirements, Controls, Evidence, Risk Matrix, AI Act, Audit Checklist, Audit Report
|
|
- [Dokumentations-Module (Paket 3+)](services/sdk-modules/dokumentations-module.md) — VVT, Source Policy, Document Generator, Audit Checklist, Training Engine
|
|
- [DSFA (Art. 35 DSGVO)](services/sdk-modules/dsfa.md) — vollständig backend-persistent, Migration 024
|
|
- [Rechtliche Texte (Paket 4)](services/sdk-modules/rechtliche-texte.md) — Einwilligungen, Consent, Cookie Banner, Workflow
|
|
- [Academy](services/sdk-modules/academy.md)
|
|
- [Whistleblower](services/sdk-modules/whistleblower.md)
|
|
- [Incidents](services/sdk-modules/incidents.md)
|
|
- [Reporting](services/sdk-modules/reporting.md)
|
|
- [Vendors](services/sdk-modules/vendors.md)
|
|
- [Industry Templates](services/sdk-modules/industry-templates.md)
|
|
- [Document Crawler](services/sdk-modules/document-crawler.md)
|
|
- [Advisory Board](services/sdk-modules/advisory-board.md)
|
|
- [DSB Portal](services/sdk-modules/dsb-portal.md)
|
|
|
|
## Entwicklung
|
|
|
|
- [Testing](development/testing.md)
|
|
- [Dokumentation](development/documentation.md)
|
|
- [CI/CD Pipeline](development/ci-cd-pipeline.md)
|
|
|
|
---
|
|
|
|
## Deployment
|
|
|
|
```bash
|
|
# Voraussetzung: breakpilot-core muss laufen
|
|
|
|
# Alle Compliance-Services starten
|
|
docker compose -f breakpilot-compliance/docker-compose.yml up -d
|
|
|
|
# Einzelnen Service neu bauen
|
|
docker compose -f breakpilot-compliance/docker-compose.yml build --no-cache <service>
|
|
docker compose -f breakpilot-compliance/docker-compose.yml up -d <service>
|
|
```
|
|
|
|
---
|
|
|
|
## Git
|
|
|
|
```bash
|
|
# Zwei Remotes - IMMER zu beiden pushen:
|
|
git push origin main && git push gitea main
|
|
|
|
# Remotes:
|
|
# origin: http://macmini:3003/pilotadmin/breakpilot-compliance.git
|
|
# gitea: git@gitea.meghsakha.com:Benjamin_Boenisch/breakpilot-compliance.git
|
|
```
|