chore: archive — remove compliance duplicates, migrate all services to core/lehrer/compliance

Removed: ai-compliance-sdk, dsms-node, dsms-gateway, developer-portal, night-scheduler Removed nginx proxy: /sdk/v1/ from port 3002, port 3006, port 8093 All services now in breakpilot-core, breakpilot-lehrer, or breakpilot-compliance Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 19:44:10 +01:00
parent 557305db5d
commit 71cde313d5
3 changed files with 40 additions and 223 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,39 @@
 # BreakPilot PWA (ARCHIVED)
 > **Dieses Repository ist archiviert.** Alle Services wurden in die folgenden Projekte migriert.
 ## Migration (2026-02-14)
 | Service | Neues Projekt | Container |
 |---------|---------------|-----------|
 | Studio v2 | breakpilot-lehrer | bp-lehrer-studio-v2 |
 | Admin | breakpilot-lehrer | bp-lehrer-admin |
 | Website | breakpilot-lehrer | bp-lehrer-website |
 | Backend (Lehrer) | breakpilot-lehrer | bp-lehrer-backend |
 | Klausur Service | breakpilot-lehrer | bp-lehrer-klausur-service |
 | School Service | breakpilot-lehrer | bp-lehrer-school-service |
 | Voice Service | breakpilot-lehrer | bp-lehrer-voice-service |
 | Geo Service | breakpilot-lehrer | bp-lehrer-geo-service |
 | Backend (Core) | breakpilot-core | bp-core-backend |
 | Postgres | breakpilot-core | bp-core-postgres |
 | Valkey | breakpilot-core | bp-core-valkey |
 | Nginx | breakpilot-core | bp-core-nginx |
 | Vault | breakpilot-core | bp-core-vault |
 | Qdrant | breakpilot-core | bp-core-qdrant |
 | MinIO | breakpilot-core | bp-core-minio |
 | Embedding Service | breakpilot-core | bp-core-embedding-service |
 | Night Scheduler | breakpilot-core | bp-core-night-scheduler |
 | Pitch Deck | breakpilot-core | bp-core-pitch-deck |
 | Gitea | breakpilot-core | bp-core-gitea |
 | Woodpecker CI | breakpilot-core | bp-core-woodpecker-server |
 | Jitsi | breakpilot-core | bp-core-jitsi-* |
 | AI Compliance SDK | breakpilot-compliance | bp-compliance-ai-sdk |
 | Developer Portal | breakpilot-compliance | bp-compliance-developer-portal |
 | DSMS | breakpilot-compliance | bp-compliance-dsms-* |
 | Backend (Compliance) | breakpilot-compliance | bp-compliance-backend |
 ## Neue Repos
 - **breakpilot-core**: Shared Infrastructure (Postgres, Nginx, Vault, Qdrant, MinIO, etc.)
 - **breakpilot-lehrer**: Bildungs-Stack (Studio, Admin, Backend, Klausur, Voice, etc.)
 - **breakpilot-compliance**: DSGVO/Compliance-Stack (Admin, SDK, DSMS, Developer Portal)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -16,9 +16,7 @@ services:
      - "8000:8000"    # HTTPS Backend API
      - "8086:8086"    # HTTPS Klausur Service
      - "8089:8089"    # HTTPS Edu-Search proxy (edu-search runs on 8088)
      - "8093:8093"    # HTTPS AI Compliance SDK
      - "8443:8443"    # HTTPS Jitsi Meet (https://macmini:8443/)
      - "3006:3006"    # HTTPS Developer Portal (https://macmini:3006/)
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - vault_certs:/etc/nginx/certs:ro
@@ -35,14 +33,10 @@ services:
        condition: service_started
      website:
        condition: service_started
      ai-compliance-sdk:
        condition: service_started
      admin-v2:
        condition: service_started
      jitsi-web:
        condition: service_started
      developer-portal:
        condition: service_started
    extra_hosts:
      - "breakpilot-edu-search:host-gateway"
    networks:
@@ -744,7 +738,6 @@ services:
      - BACKEND_URL=http://backend:8000
      - CONSENT_SERVICE_URL=http://consent-service:8081
      - KLAUSUR_SERVICE_URL=http://klausur-service:8086
      - SDK_URL=http://ai-compliance-sdk:8090
      # Woodpecker CI Status
      - WOODPECKER_URL=${WOODPECKER_URL:-http://woodpecker-server:8000}
      - WOODPECKER_TOKEN=${WOODPECKER_TOKEN:-}
@@ -759,25 +752,6 @@ services:
    depends_on:
      - backend
      - consent-service
      - ai-compliance-sdk
    networks:
      - breakpilot-pwa-network
    restart: unless-stopped
  # ============================================
  # Developer Portal - Oeffentliches SDK-Dokumentationsportal
  # Access: https://macmini:3006/
  # ============================================
  developer-portal:
    build:
      context: ./developer-portal
      dockerfile: Dockerfile
    platform: linux/arm64
    container_name: breakpilot-pwa-developer-portal
    expose:
      - "3000"
    environment:
      - NODE_ENV=production
    networks:
      - breakpilot-pwa-network
    restart: unless-stopped
@@ -798,106 +772,13 @@ services:
      - NODE_ENV=production
      - DATABASE_URL=postgres://breakpilot:breakpilot123@host.docker.internal:5432/breakpilot_db
      - OLLAMA_URL=http://host.docker.internal:11434
-      - OLLAMA_MODEL=qwen2.5:32b
+      - OLLAMA_MODEL=qwen3:30b-a3b
    extra_hosts:
      - "host.docker.internal:host-gateway"
    networks:
      - breakpilot-pwa-network
    restart: unless-stopped
  # ============================================
  # AI Compliance SDK - Multi-Tenant RBAC & LLM Gateway
  # Go auf Port 8090 (intern), 8093 (extern)
  # CFO Use-Case: Namespace-isolierte KI-Nutzung
  # ============================================
  ai-compliance-sdk:
    build:
      context: ./ai-compliance-sdk
      dockerfile: Dockerfile
    platform: linux/arm64  # Mac Mini Apple Silicon
    container_name: breakpilot-pwa-ai-compliance-sdk
    # Port 8093 wird über nginx proxied (ai-compliance-sdk:8090 intern)
    environment:
      - PORT=8090
      - ENVIRONMENT=${ENVIRONMENT:-development}
      # PostgreSQL for RBAC, Policies, Audit
      - DATABASE_URL=postgres://breakpilot:breakpilot123@postgres:5432/breakpilot_db?sslmode=disable
      - JWT_SECRET=${JWT_SECRET:-your-super-secret-jwt-key-change-in-production}
      # LLM Provider Configuration
      - LLM_PROVIDER=${SDK_LLM_PROVIDER:-ollama}
      - LLM_FALLBACK_PROVIDER=${SDK_LLM_FALLBACK_PROVIDER:-anthropic}
      # Ollama (Mac Mini lokal - DSGVO-konform)
      - OLLAMA_URL=${OLLAMA_BASE_URL:-http://host.docker.internal:11434}
      - OLLAMA_DEFAULT_MODEL=${OLLAMA_DEFAULT_MODEL:-qwen2.5:14b}
      # Anthropic (Cloud-Fallback via Syseleven BSI-Cloud)
      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
      - ANTHROPIC_DEFAULT_MODEL=${ANTHROPIC_DEFAULT_MODEL:-claude-sonnet-4-20250514}
      # PII Detection & Redaction
      - PII_REDACTION_ENABLED=${PII_REDACTION_ENABLED:-true}
      - PII_REDACTION_LEVEL=${PII_REDACTION_LEVEL:-strict}
      # Audit Trail
      - AUDIT_RETENTION_DAYS=${AUDIT_RETENTION_DAYS:-365}
      - AUDIT_LOG_PROMPTS=${AUDIT_LOG_PROMPTS:-false}
      # CORS
      - ALLOWED_ORIGINS=http://localhost:3002,https://macmini:3002,http://admin-v2:3000
    extra_hosts:
      - "host.docker.internal:host-gateway"
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - breakpilot-pwa-network
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8090/health"]
      interval: 30s
      timeout: 3s
      start_period: 10s
      retries: 3
    restart: unless-stopped
  # DSMS Node - Dezentrales Speichersystem (Private IPFS)
  dsms-node:
    build:
      context: ./dsms-node
      dockerfile: Dockerfile
    container_name: breakpilot-pwa-dsms-node
    ports:
      - "4001:4001"   # Swarm P2P
      - "5001:5001"   # IPFS API
      - "8085:8080"   # IPFS Gateway (8085 um Konflikt mit Backend zu vermeiden)
    volumes:
      - dsms_data:/data/ipfs
    environment:
      - IPFS_PROFILE=server
    networks:
      - breakpilot-pwa-network
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "ipfs id > /dev/null 2>&1 || exit 1"]
      interval: 30s
      timeout: 10s
      start_period: 30s
      retries: 3
  # DSMS Gateway - REST API für DSMS
  dsms-gateway:
    build:
      context: ./dsms-gateway
      dockerfile: Dockerfile
    container_name: breakpilot-pwa-dsms-gateway
    ports:
      - "8082:8082"
    environment:
      - IPFS_API_URL=http://dsms-node:5001
      - IPFS_GATEWAY_URL=http://dsms-node:8080
      - JWT_SECRET=${JWT_SECRET:-your-super-secret-jwt-key-change-in-production}
    depends_on:
      dsms-node:
        condition: service_healthy
    networks:
      - breakpilot-pwa-network
    restart: unless-stopped
  # ============================================
  # Jitsi Meet - Videokonferenzen für Schulungen
  # Web UI: http://localhost:8443
@@ -1697,32 +1578,6 @@ services:
      - breakpilot-pwa-network
    restart: unless-stopped
  # ============================================
  # Night Scheduler - Nachtabschaltung
  # Stoppt Services nachts, startet sie morgens
  # API: http://localhost:8096
  # ============================================
  night-scheduler:
    build: ./night-scheduler
    container_name: breakpilot-pwa-night-scheduler
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./night-scheduler/config:/config
      - ./docker-compose.yml:/app/docker-compose.yml:ro
    environment:
      - COMPOSE_PROJECT_NAME=breakpilot-pwa
    ports:
      - "8096:8096"
    networks:
      - breakpilot-pwa-network
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8096/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s
  # ============================================
  # Woodpecker CI - Agent
  # Executes pipeline steps in containers
@@ -1774,8 +1629,6 @@ volumes:
  # Valkey Session Cache
  valkey_data:
    driver: local
  dsms_data:
    driver: local
  klausur_uploads:
    driver: local
  eh_uploads:
--- a/nginx/conf.d/default.conf
+++ b/nginx/conf.d/default.conf
@@ -276,22 +276,6 @@ server {
        proxy_read_timeout 300s;
    }
    # Proxy SDK API requests to AI Compliance SDK (same origin = no CORS issues)
    # Only /sdk/v1/ is forwarded to the SDK backend, /sdk/einwilligungen/* etc are frontend pages
    location /sdk/v1/ {
        set $upstream_sdk ai-compliance-sdk:8090;
        proxy_pass http://$upstream_sdk;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        # Longer timeout for LLM requests
        proxy_read_timeout 300s;
        proxy_connect_timeout 60s;
        proxy_send_timeout 300s;
    }
    # Proxy Documentation (MkDocs) - same origin = no mixed content issues
    location /docs/ {
        set $upstream_docs docs:80;
@@ -317,65 +301,6 @@ server {
    }
 }
 # HTTPS - Developer Portal on port 3006
 # Oeffentliches SDK-Dokumentationsportal (kein Auth)
 server {
    listen 3006 ssl;
    http2 on;
    server_name macmini localhost;
    ssl_certificate /etc/nginx/certs/macmini.crt;
    ssl_certificate_key /etc/nginx/certs/macmini.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
    ssl_prefer_server_ciphers off;
    location / {
        set $upstream_devportal developer-portal:3000;
        proxy_pass http://$upstream_devportal;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
    }
 }
 # HTTPS - AI Compliance SDK on port 8093
 # Multi-Tenant RBAC, LLM Gateway, Audit Trail
 server {
    listen 8093 ssl;
    http2 on;
    server_name macmini localhost;
    ssl_certificate /etc/nginx/certs/macmini.crt;
    ssl_certificate_key /etc/nginx/certs/macmini.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
    ssl_prefer_server_ciphers off;
    # SDK endpoints - allow larger payloads for LLM requests
    client_max_body_size 10M;
    location / {
        set $upstream_sdk ai-compliance-sdk:8090;
        proxy_pass http://$upstream_sdk;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        # Longer timeout for LLM requests
        proxy_read_timeout 300s;
        proxy_connect_timeout 60s;
        proxy_send_timeout 300s;
    }
 }
 # HTTPS - Edu-Search Service on port 8089
 # Proxies to edu-search container running on port 8088
 server {