feat: BreakPilot PWA - Full codebase (clean push without large binaries)

All services: admin-v2, studio-v2, website, ai-compliance-sdk,
consent-service, klausur-service, voice-service, and infrastructure.
Large PDFs and compiled binaries excluded via .gitignore.

scripts/setup-branch-protection.sh

@@ -0,0 +1,130 @@
+#!/bin/bash
+# =============================================================================
+# Gitea Branch Protection Setup
+# =============================================================================
+# Dieses Script richtet Branch Protection für das breakpilot-pwa Repository ein.
+#
+# Voraussetzungen:
+#   1. Gitea API Token erstellen unter:
+#      http://macmini:3003/user/settings/applications
+#      → "Generate New Token" → Name: "branch-protection" → Alle Rechte
+#
+#   2. Token als Umgebungsvariable setzen:
+#      export GITEA_TOKEN="dein-token-hier"
+#
+#   3. Script ausführen:
+#      ./scripts/setup-branch-protection.sh
+# =============================================================================
+
+set -e
+
+# Konfiguration
+GITEA_URL="http://macmini:3003"
+OWNER="pilotadmin"
+REPO="breakpilot-pwa"
+BRANCH="main"
+
+# Prüfe Token
+if [ -z "$GITEA_TOKEN" ]; then
+    echo "=============================================="
+    echo "FEHLER: GITEA_TOKEN nicht gesetzt!"
+    echo "=============================================="
+    echo ""
+    echo "Schritte zum Einrichten:"
+    echo ""
+    echo "1. Öffne: http://macmini:3003/user/settings/applications"
+    echo ""
+    echo "2. Klicke 'Generate New Token'"
+    echo "   - Name: branch-protection"
+    echo "   - Wähle alle Berechtigungen (oder mindestens 'repo')"
+    echo ""
+    echo "3. Kopiere den Token und führe aus:"
+    echo "   export GITEA_TOKEN=\"dein-token-hier\""
+    echo "   ./scripts/setup-branch-protection.sh"
+    echo ""
+    exit 1
+fi
+
+echo "=============================================="
+echo "Gitea Branch Protection Setup"
+echo "=============================================="
+echo ""
+echo "Repository: $OWNER/$REPO"
+echo "Branch: $BRANCH"
+echo ""
+
+# Prüfe API-Zugang
+echo "[1/3] Prüfe API-Zugang..."
+API_CHECK=$(curl -s -o /dev/null -w "%{http_code}" \
+    -H "Authorization: token $GITEA_TOKEN" \
+    "$GITEA_URL/api/v1/repos/$OWNER/$REPO")
+
+if [ "$API_CHECK" != "200" ]; then
+    echo "FEHLER: API-Zugang fehlgeschlagen (HTTP $API_CHECK)"
+    echo "Prüfe Token und Repository-Name."
+    exit 1
+fi
+echo "      ✓ API-Zugang OK"
+
+# Branch Protection einrichten
+echo "[2/3] Richte Branch Protection ein..."
+
+# Lösche bestehende Protection falls vorhanden
+curl -s -X DELETE \
+    -H "Authorization: token $GITEA_TOKEN" \
+    "$GITEA_URL/api/v1/repos/$OWNER/$REPO/branch_protections/$BRANCH" \
+    >/dev/null 2>&1 || true
+
+# Erstelle neue Branch Protection
+RESPONSE=$(curl -s -X POST \
+    -H "Authorization: token $GITEA_TOKEN" \
+    -H "Content-Type: application/json" \
+    "$GITEA_URL/api/v1/repos/$OWNER/$REPO/branch_protections" \
+    -d '{
+        "branch_name": "main",
+        "enable_push": false,
+        "enable_push_whitelist": true,
+        "push_whitelist_usernames": [],
+        "push_whitelist_deploy_keys": false,
+        "enable_merge_whitelist": false,
+        "enable_status_check": true,
+        "status_check_contexts": [],
+        "required_approvals": 1,
+        "enable_approvals_whitelist": false,
+        "block_on_rejected_reviews": true,
+        "block_on_outdated_branch": true,
+        "dismiss_stale_approvals": true,
+        "require_signed_commits": false,
+        "protected_file_patterns": "",
+        "unprotected_file_patterns": ""
+    }')
+
+if echo "$RESPONSE" | grep -q "branch_name"; then
+    echo "      ✓ Branch Protection aktiviert"
+else
+    echo "      ⚠ Möglicherweise bereits eingerichtet oder Fehler:"
+    echo "$RESPONSE" | head -5
+fi
+
+# Zusammenfassung
+echo "[3/3] Fertig!"
+echo ""
+echo "=============================================="
+echo "Branch Protection für 'main' ist aktiv:"
+echo "=============================================="
+echo ""
+echo "  ✓ Direkter Push auf 'main' blockiert"
+echo "  ✓ Pull Request erforderlich"
+echo "  ✓ Mindestens 1 Approval erforderlich"
+echo "  ✓ Veraltete Approvals werden verworfen"
+echo "  ✓ Blockiert bei abgelehnten Reviews"
+echo ""
+echo "Team-Workflow:"
+echo "  1. git checkout -b feature/mein-feature"
+echo "  2. git push -u origin feature/mein-feature"
+echo "  3. Pull Request erstellen in Gitea"
+echo "  4. Code Review + Approval"
+echo "  5. Merge in main"
+echo ""
+echo "Gitea: http://macmini:3003/$OWNER/$REPO"
+echo ""