ad111d5e69
Docker Compose with 24+ services: - PostgreSQL (PostGIS), Valkey, MinIO, Qdrant - Vault (PKI/TLS), Nginx (Reverse Proxy) - Backend Core API, Consent Service, Billing Service - RAG Service, Embedding Service - Gitea, Woodpecker CI/CD - Night Scheduler, Health Aggregator - Jitsi (Web/XMPP/JVB/Jicofo), Mailpit Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
205 lines
6.3 KiB
PL/PgSQL
205 lines
6.3 KiB
PL/PgSQL
-- BreakPilot Compliance SDK - Database Initialization
|
|
-- Mac Mini Deployment
|
|
|
|
-- Create extensions
|
|
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
|
|
CREATE EXTENSION IF NOT EXISTS "pgcrypto";
|
|
|
|
-- Schema: SDK State
|
|
CREATE TABLE IF NOT EXISTS sdk_state (
|
|
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
|
|
tenant_id VARCHAR(255) NOT NULL UNIQUE,
|
|
state JSONB NOT NULL DEFAULT '{}',
|
|
version INTEGER NOT NULL DEFAULT 1,
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
|
updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
|
|
);
|
|
|
|
-- Schema: Consents
|
|
CREATE TABLE IF NOT EXISTS consents (
|
|
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
|
|
tenant_id VARCHAR(255) NOT NULL,
|
|
user_id VARCHAR(255) NOT NULL,
|
|
purpose VARCHAR(50) NOT NULL,
|
|
granted BOOLEAN NOT NULL DEFAULT false,
|
|
source VARCHAR(100),
|
|
ip_address VARCHAR(45),
|
|
user_agent TEXT,
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
|
revoked_at TIMESTAMP WITH TIME ZONE,
|
|
|
|
INDEX idx_consents_tenant (tenant_id),
|
|
INDEX idx_consents_user (tenant_id, user_id)
|
|
);
|
|
|
|
-- Schema: DSR Requests
|
|
CREATE TABLE IF NOT EXISTS dsr_requests (
|
|
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
|
|
tenant_id VARCHAR(255) NOT NULL,
|
|
request_type VARCHAR(50) NOT NULL,
|
|
email VARCHAR(255) NOT NULL,
|
|
name VARCHAR(255) NOT NULL,
|
|
status VARCHAR(50) NOT NULL DEFAULT 'PENDING',
|
|
notes TEXT,
|
|
submitted_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
|
deadline TIMESTAMP WITH TIME ZONE,
|
|
completed_at TIMESTAMP WITH TIME ZONE,
|
|
|
|
INDEX idx_dsr_tenant (tenant_id),
|
|
INDEX idx_dsr_status (status)
|
|
);
|
|
|
|
-- Schema: Processing Activities (VVT)
|
|
CREATE TABLE IF NOT EXISTS processing_activities (
|
|
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
|
|
tenant_id VARCHAR(255) NOT NULL,
|
|
name VARCHAR(255) NOT NULL,
|
|
purpose TEXT,
|
|
legal_basis VARCHAR(100),
|
|
data_categories TEXT[],
|
|
data_subjects TEXT[],
|
|
recipients TEXT[],
|
|
retention_period VARCHAR(100),
|
|
security_measures TEXT,
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
|
updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
|
|
|
INDEX idx_activities_tenant (tenant_id)
|
|
);
|
|
|
|
-- Schema: TOMs
|
|
CREATE TABLE IF NOT EXISTS toms (
|
|
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
|
|
tenant_id VARCHAR(255) NOT NULL,
|
|
category VARCHAR(50) NOT NULL,
|
|
title VARCHAR(255) NOT NULL,
|
|
description TEXT,
|
|
implementation_status VARCHAR(50) DEFAULT 'PLANNED',
|
|
responsible VARCHAR(255),
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
|
updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
|
|
|
INDEX idx_toms_tenant (tenant_id)
|
|
);
|
|
|
|
-- Schema: Controls
|
|
CREATE TABLE IF NOT EXISTS controls (
|
|
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
|
|
tenant_id VARCHAR(255) NOT NULL,
|
|
control_id VARCHAR(50) NOT NULL,
|
|
name VARCHAR(255) NOT NULL,
|
|
domain VARCHAR(50),
|
|
description TEXT,
|
|
implementation_status VARCHAR(50) DEFAULT 'NOT_IMPLEMENTED',
|
|
responsible VARCHAR(255),
|
|
evidence_ids UUID[],
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
|
updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
|
|
|
INDEX idx_controls_tenant (tenant_id),
|
|
UNIQUE (tenant_id, control_id)
|
|
);
|
|
|
|
-- Schema: Evidence
|
|
CREATE TABLE IF NOT EXISTS evidence (
|
|
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
|
|
tenant_id VARCHAR(255) NOT NULL,
|
|
title VARCHAR(255) NOT NULL,
|
|
type VARCHAR(50) NOT NULL,
|
|
file_path VARCHAR(500),
|
|
description TEXT,
|
|
valid_from TIMESTAMP WITH TIME ZONE,
|
|
valid_until TIMESTAMP WITH TIME ZONE,
|
|
uploaded_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
|
|
|
INDEX idx_evidence_tenant (tenant_id)
|
|
);
|
|
|
|
-- Schema: Risks
|
|
CREATE TABLE IF NOT EXISTS risks (
|
|
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
|
|
tenant_id VARCHAR(255) NOT NULL,
|
|
title VARCHAR(255) NOT NULL,
|
|
description TEXT,
|
|
likelihood INTEGER CHECK (likelihood BETWEEN 1 AND 5),
|
|
impact INTEGER CHECK (impact BETWEEN 1 AND 5),
|
|
severity VARCHAR(20),
|
|
status VARCHAR(50) DEFAULT 'IDENTIFIED',
|
|
mitigation TEXT,
|
|
control_ids UUID[],
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
|
updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
|
|
|
INDEX idx_risks_tenant (tenant_id)
|
|
);
|
|
|
|
-- Schema: Security Findings
|
|
CREATE TABLE IF NOT EXISTS security_findings (
|
|
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
|
|
tenant_id VARCHAR(255) NOT NULL,
|
|
tool VARCHAR(50) NOT NULL,
|
|
severity VARCHAR(20) NOT NULL,
|
|
title VARCHAR(255) NOT NULL,
|
|
description TEXT,
|
|
file_path VARCHAR(500),
|
|
line_number INTEGER,
|
|
recommendation TEXT,
|
|
status VARCHAR(50) DEFAULT 'OPEN',
|
|
cve VARCHAR(50),
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
|
|
|
INDEX idx_findings_tenant (tenant_id),
|
|
INDEX idx_findings_severity (severity)
|
|
);
|
|
|
|
-- Schema: Audit Log
|
|
CREATE TABLE IF NOT EXISTS audit_log (
|
|
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
|
|
tenant_id VARCHAR(255) NOT NULL,
|
|
user_id VARCHAR(255),
|
|
action VARCHAR(100) NOT NULL,
|
|
resource_type VARCHAR(100),
|
|
resource_id VARCHAR(255),
|
|
details JSONB,
|
|
ip_address VARCHAR(45),
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
|
|
|
INDEX idx_audit_tenant (tenant_id),
|
|
INDEX idx_audit_created (created_at)
|
|
);
|
|
|
|
-- Function: Update timestamp
|
|
CREATE OR REPLACE FUNCTION update_updated_at()
|
|
RETURNS TRIGGER AS $$
|
|
BEGIN
|
|
NEW.updated_at = CURRENT_TIMESTAMP;
|
|
RETURN NEW;
|
|
END;
|
|
$$ LANGUAGE plpgsql;
|
|
|
|
-- Triggers for updated_at
|
|
CREATE TRIGGER trg_sdk_state_updated
|
|
BEFORE UPDATE ON sdk_state
|
|
FOR EACH ROW EXECUTE FUNCTION update_updated_at();
|
|
|
|
CREATE TRIGGER trg_activities_updated
|
|
BEFORE UPDATE ON processing_activities
|
|
FOR EACH ROW EXECUTE FUNCTION update_updated_at();
|
|
|
|
CREATE TRIGGER trg_toms_updated
|
|
BEFORE UPDATE ON toms
|
|
FOR EACH ROW EXECUTE FUNCTION update_updated_at();
|
|
|
|
CREATE TRIGGER trg_controls_updated
|
|
BEFORE UPDATE ON controls
|
|
FOR EACH ROW EXECUTE FUNCTION update_updated_at();
|
|
|
|
CREATE TRIGGER trg_risks_updated
|
|
BEFORE UPDATE ON risks
|
|
FOR EACH ROW EXECUTE FUNCTION update_updated_at();
|
|
|
|
-- Initial data
|
|
INSERT INTO sdk_state (tenant_id, state)
|
|
VALUES ('default', '{"completedSteps": [], "currentStep": "overview"}')
|
|
ON CONFLICT (tenant_id) DO NOTHING;
|