Initial commit: breakpilot-core - Shared Infrastructure

Docker Compose with 24+ services: - PostgreSQL (PostGIS), Valkey, MinIO, Qdrant - Vault (PKI/TLS), Nginx (Reverse Proxy) - Backend Core API, Consent Service, Billing Service - RAG Service, Embedding Service - Gitea, Woodpecker CI/CD - Night Scheduler, Health Aggregator - Jitsi (Web/XMPP/JVB/Jicofo), Mailpit Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-11 23:47:13 +01:00
commit ad111d5e69
244 changed files with 84288 additions and 0 deletions
--- a/docs-src/breakpilot-compliance-sdk/hardware/mac-mini/init-db.sql
+++ b/docs-src/breakpilot-compliance-sdk/hardware/mac-mini/init-db.sql
@@ -0,0 +1,204 @@
+-- BreakPilot Compliance SDK - Database Initialization
+-- Mac Mini Deployment
+
+-- Create extensions
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+CREATE EXTENSION IF NOT EXISTS "pgcrypto";
+
+-- Schema: SDK State
+CREATE TABLE IF NOT EXISTS sdk_state (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    tenant_id VARCHAR(255) NOT NULL UNIQUE,
+    state JSONB NOT NULL DEFAULT '{}',
+    version INTEGER NOT NULL DEFAULT 1,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
+);
+
+-- Schema: Consents
+CREATE TABLE IF NOT EXISTS consents (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    tenant_id VARCHAR(255) NOT NULL,
+    user_id VARCHAR(255) NOT NULL,
+    purpose VARCHAR(50) NOT NULL,
+    granted BOOLEAN NOT NULL DEFAULT false,
+    source VARCHAR(100),
+    ip_address VARCHAR(45),
+    user_agent TEXT,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+    revoked_at TIMESTAMP WITH TIME ZONE,
+
+    INDEX idx_consents_tenant (tenant_id),
+    INDEX idx_consents_user (tenant_id, user_id)
+);
+
+-- Schema: DSR Requests
+CREATE TABLE IF NOT EXISTS dsr_requests (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    tenant_id VARCHAR(255) NOT NULL,
+    request_type VARCHAR(50) NOT NULL,
+    email VARCHAR(255) NOT NULL,
+    name VARCHAR(255) NOT NULL,
+    status VARCHAR(50) NOT NULL DEFAULT 'PENDING',
+    notes TEXT,
+    submitted_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+    deadline TIMESTAMP WITH TIME ZONE,
+    completed_at TIMESTAMP WITH TIME ZONE,
+
+    INDEX idx_dsr_tenant (tenant_id),
+    INDEX idx_dsr_status (status)
+);
+
+-- Schema: Processing Activities (VVT)
+CREATE TABLE IF NOT EXISTS processing_activities (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    tenant_id VARCHAR(255) NOT NULL,
+    name VARCHAR(255) NOT NULL,
+    purpose TEXT,
+    legal_basis VARCHAR(100),
+    data_categories TEXT[],
+    data_subjects TEXT[],
+    recipients TEXT[],
+    retention_period VARCHAR(100),
+    security_measures TEXT,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+
+    INDEX idx_activities_tenant (tenant_id)
+);
+
+-- Schema: TOMs
+CREATE TABLE IF NOT EXISTS toms (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    tenant_id VARCHAR(255) NOT NULL,
+    category VARCHAR(50) NOT NULL,
+    title VARCHAR(255) NOT NULL,
+    description TEXT,
+    implementation_status VARCHAR(50) DEFAULT 'PLANNED',
+    responsible VARCHAR(255),
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+
+    INDEX idx_toms_tenant (tenant_id)
+);
+
+-- Schema: Controls
+CREATE TABLE IF NOT EXISTS controls (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    tenant_id VARCHAR(255) NOT NULL,
+    control_id VARCHAR(50) NOT NULL,
+    name VARCHAR(255) NOT NULL,
+    domain VARCHAR(50),
+    description TEXT,
+    implementation_status VARCHAR(50) DEFAULT 'NOT_IMPLEMENTED',
+    responsible VARCHAR(255),
+    evidence_ids UUID[],
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+
+    INDEX idx_controls_tenant (tenant_id),
+    UNIQUE (tenant_id, control_id)
+);
+
+-- Schema: Evidence
+CREATE TABLE IF NOT EXISTS evidence (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    tenant_id VARCHAR(255) NOT NULL,
+    title VARCHAR(255) NOT NULL,
+    type VARCHAR(50) NOT NULL,
+    file_path VARCHAR(500),
+    description TEXT,
+    valid_from TIMESTAMP WITH TIME ZONE,
+    valid_until TIMESTAMP WITH TIME ZONE,
+    uploaded_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+
+    INDEX idx_evidence_tenant (tenant_id)
+);
+
+-- Schema: Risks
+CREATE TABLE IF NOT EXISTS risks (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    tenant_id VARCHAR(255) NOT NULL,
+    title VARCHAR(255) NOT NULL,
+    description TEXT,
+    likelihood INTEGER CHECK (likelihood BETWEEN 1 AND 5),
+    impact INTEGER CHECK (impact BETWEEN 1 AND 5),
+    severity VARCHAR(20),
+    status VARCHAR(50) DEFAULT 'IDENTIFIED',
+    mitigation TEXT,
+    control_ids UUID[],
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+
+    INDEX idx_risks_tenant (tenant_id)
+);
+
+-- Schema: Security Findings
+CREATE TABLE IF NOT EXISTS security_findings (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    tenant_id VARCHAR(255) NOT NULL,
+    tool VARCHAR(50) NOT NULL,
+    severity VARCHAR(20) NOT NULL,
+    title VARCHAR(255) NOT NULL,
+    description TEXT,
+    file_path VARCHAR(500),
+    line_number INTEGER,
+    recommendation TEXT,
+    status VARCHAR(50) DEFAULT 'OPEN',
+    cve VARCHAR(50),
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+
+    INDEX idx_findings_tenant (tenant_id),
+    INDEX idx_findings_severity (severity)
+);
+
+-- Schema: Audit Log
+CREATE TABLE IF NOT EXISTS audit_log (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    tenant_id VARCHAR(255) NOT NULL,
+    user_id VARCHAR(255),
+    action VARCHAR(100) NOT NULL,
+    resource_type VARCHAR(100),
+    resource_id VARCHAR(255),
+    details JSONB,
+    ip_address VARCHAR(45),
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+
+    INDEX idx_audit_tenant (tenant_id),
+    INDEX idx_audit_created (created_at)
+);
+
+-- Function: Update timestamp
+CREATE OR REPLACE FUNCTION update_updated_at()
+RETURNS TRIGGER AS $$
+BEGIN
+    NEW.updated_at = CURRENT_TIMESTAMP;
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- Triggers for updated_at
+CREATE TRIGGER trg_sdk_state_updated
+    BEFORE UPDATE ON sdk_state
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER trg_activities_updated
+    BEFORE UPDATE ON processing_activities
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER trg_toms_updated
+    BEFORE UPDATE ON toms
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER trg_controls_updated
+    BEFORE UPDATE ON controls
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+CREATE TRIGGER trg_risks_updated
+    BEFORE UPDATE ON risks
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
+
+-- Initial data
+INSERT INTO sdk_state (tenant_id, state)
+VALUES ('default', '{"completedSteps": [], "currentStep": "overview"}')
+ON CONFLICT (tenant_id) DO NOTHING;