chore: archive — remove compliance duplicates, migrate all services to core/lehrer/compliance

Removed: ai-compliance-sdk, dsms-node, dsms-gateway, developer-portal, night-scheduler Removed nginx proxy: /sdk/v1/ from port 3002, port 3006, port 8093 All services now in breakpilot-core, breakpilot-lehrer, or breakpilot-compliance Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 19:44:10 +01:00
parent 557305db5d
commit 71cde313d5
3 changed files with 40 additions and 223 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,39 @@
+# BreakPilot PWA (ARCHIVED)
+
+> **Dieses Repository ist archiviert.** Alle Services wurden in die folgenden Projekte migriert.
+
+## Migration (2026-02-14)
+
+| Service | Neues Projekt | Container |
+|---------|---------------|-----------|
+| Studio v2 | breakpilot-lehrer | bp-lehrer-studio-v2 |
+| Admin | breakpilot-lehrer | bp-lehrer-admin |
+| Website | breakpilot-lehrer | bp-lehrer-website |
+| Backend (Lehrer) | breakpilot-lehrer | bp-lehrer-backend |
+| Klausur Service | breakpilot-lehrer | bp-lehrer-klausur-service |
+| School Service | breakpilot-lehrer | bp-lehrer-school-service |
+| Voice Service | breakpilot-lehrer | bp-lehrer-voice-service |
+| Geo Service | breakpilot-lehrer | bp-lehrer-geo-service |
+| Backend (Core) | breakpilot-core | bp-core-backend |
+| Postgres | breakpilot-core | bp-core-postgres |
+| Valkey | breakpilot-core | bp-core-valkey |
+| Nginx | breakpilot-core | bp-core-nginx |
+| Vault | breakpilot-core | bp-core-vault |
+| Qdrant | breakpilot-core | bp-core-qdrant |
+| MinIO | breakpilot-core | bp-core-minio |
+| Embedding Service | breakpilot-core | bp-core-embedding-service |
+| Night Scheduler | breakpilot-core | bp-core-night-scheduler |
+| Pitch Deck | breakpilot-core | bp-core-pitch-deck |
+| Gitea | breakpilot-core | bp-core-gitea |
+| Woodpecker CI | breakpilot-core | bp-core-woodpecker-server |
+| Jitsi | breakpilot-core | bp-core-jitsi-* |
+| AI Compliance SDK | breakpilot-compliance | bp-compliance-ai-sdk |
+| Developer Portal | breakpilot-compliance | bp-compliance-developer-portal |
+| DSMS | breakpilot-compliance | bp-compliance-dsms-* |
+| Backend (Compliance) | breakpilot-compliance | bp-compliance-backend |
+
+## Neue Repos
+
+- **breakpilot-core**: Shared Infrastructure (Postgres, Nginx, Vault, Qdrant, MinIO, etc.)
+- **breakpilot-lehrer**: Bildungs-Stack (Studio, Admin, Backend, Klausur, Voice, etc.)
+- **breakpilot-compliance**: DSGVO/Compliance-Stack (Admin, SDK, DSMS, Developer Portal)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -16,9 +16,7 @@ services:
      - "8000:8000"    # HTTPS Backend API
      - "8086:8086"    # HTTPS Klausur Service
      - "8089:8089"    # HTTPS Edu-Search proxy (edu-search runs on 8088)
-      - "8093:8093"    # HTTPS AI Compliance SDK
      - "8443:8443"    # HTTPS Jitsi Meet (https://macmini:8443/)
-      - "3006:3006"    # HTTPS Developer Portal (https://macmini:3006/)
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - vault_certs:/etc/nginx/certs:ro
@@ -35,14 +33,10 @@ services:
        condition: service_started
      website:
        condition: service_started
-      ai-compliance-sdk:
-        condition: service_started
      admin-v2:
        condition: service_started
      jitsi-web:
        condition: service_started
-      developer-portal:
-        condition: service_started
    extra_hosts:
      - "breakpilot-edu-search:host-gateway"
    networks:
@@ -744,7 +738,6 @@ services:
      - BACKEND_URL=http://backend:8000
      - CONSENT_SERVICE_URL=http://consent-service:8081
      - KLAUSUR_SERVICE_URL=http://klausur-service:8086
-      - SDK_URL=http://ai-compliance-sdk:8090
      # Woodpecker CI Status
      - WOODPECKER_URL=${WOODPECKER_URL:-http://woodpecker-server:8000}
      - WOODPECKER_TOKEN=${WOODPECKER_TOKEN:-}
@@ -759,25 +752,6 @@ services:
    depends_on:
      - backend
      - consent-service
-      - ai-compliance-sdk
-    networks:
-      - breakpilot-pwa-network
-    restart: unless-stopped
-
-  # ============================================
-  # Developer Portal - Oeffentliches SDK-Dokumentationsportal
-  # Access: https://macmini:3006/
-  # ============================================
-  developer-portal:
-    build:
-      context: ./developer-portal
-      dockerfile: Dockerfile
-    platform: linux/arm64
-    container_name: breakpilot-pwa-developer-portal
-    expose:
-      - "3000"
-    environment:
-      - NODE_ENV=production
    networks:
      - breakpilot-pwa-network
    restart: unless-stopped
@@ -798,106 +772,13 @@ services:
      - NODE_ENV=production
      - DATABASE_URL=postgres://breakpilot:breakpilot123@host.docker.internal:5432/breakpilot_db
      - OLLAMA_URL=http://host.docker.internal:11434
-      - OLLAMA_MODEL=qwen2.5:32b
+      - OLLAMA_MODEL=qwen3:30b-a3b
    extra_hosts:
      - "host.docker.internal:host-gateway"
    networks:
      - breakpilot-pwa-network
    restart: unless-stopped

-  # ============================================
-  # AI Compliance SDK - Multi-Tenant RBAC & LLM Gateway
-  # Go auf Port 8090 (intern), 8093 (extern)
-  # CFO Use-Case: Namespace-isolierte KI-Nutzung
-  # ============================================
-  ai-compliance-sdk:
-    build:
-      context: ./ai-compliance-sdk
-      dockerfile: Dockerfile
-    platform: linux/arm64  # Mac Mini Apple Silicon
-    container_name: breakpilot-pwa-ai-compliance-sdk
-    # Port 8093 wird über nginx proxied (ai-compliance-sdk:8090 intern)
-    environment:
-      - PORT=8090
-      - ENVIRONMENT=${ENVIRONMENT:-development}
-      # PostgreSQL for RBAC, Policies, Audit
-      - DATABASE_URL=postgres://breakpilot:breakpilot123@postgres:5432/breakpilot_db?sslmode=disable
-      - JWT_SECRET=${JWT_SECRET:-your-super-secret-jwt-key-change-in-production}
-      # LLM Provider Configuration
-      - LLM_PROVIDER=${SDK_LLM_PROVIDER:-ollama}
-      - LLM_FALLBACK_PROVIDER=${SDK_LLM_FALLBACK_PROVIDER:-anthropic}
-      # Ollama (Mac Mini lokal - DSGVO-konform)
-      - OLLAMA_URL=${OLLAMA_BASE_URL:-http://host.docker.internal:11434}
-      - OLLAMA_DEFAULT_MODEL=${OLLAMA_DEFAULT_MODEL:-qwen2.5:14b}
-      # Anthropic (Cloud-Fallback via Syseleven BSI-Cloud)
-      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
-      - ANTHROPIC_DEFAULT_MODEL=${ANTHROPIC_DEFAULT_MODEL:-claude-sonnet-4-20250514}
-      # PII Detection & Redaction
-      - PII_REDACTION_ENABLED=${PII_REDACTION_ENABLED:-true}
-      - PII_REDACTION_LEVEL=${PII_REDACTION_LEVEL:-strict}
-      # Audit Trail
-      - AUDIT_RETENTION_DAYS=${AUDIT_RETENTION_DAYS:-365}
-      - AUDIT_LOG_PROMPTS=${AUDIT_LOG_PROMPTS:-false}
-      # CORS
-      - ALLOWED_ORIGINS=http://localhost:3002,https://macmini:3002,http://admin-v2:3000
-    extra_hosts:
-      - "host.docker.internal:host-gateway"
-    depends_on:
-      postgres:
-        condition: service_healthy
-    networks:
-      - breakpilot-pwa-network
-    healthcheck:
-      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8090/health"]
-      interval: 30s
-      timeout: 3s
-      start_period: 10s
-      retries: 3
-    restart: unless-stopped
-
-  # DSMS Node - Dezentrales Speichersystem (Private IPFS)
-  dsms-node:
-    build:
-      context: ./dsms-node
-      dockerfile: Dockerfile
-    container_name: breakpilot-pwa-dsms-node
-    ports:
-      - "4001:4001"   # Swarm P2P
-      - "5001:5001"   # IPFS API
-      - "8085:8080"   # IPFS Gateway (8085 um Konflikt mit Backend zu vermeiden)
-    volumes:
-      - dsms_data:/data/ipfs
-    environment:
-      - IPFS_PROFILE=server
-    networks:
-      - breakpilot-pwa-network
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD-SHELL", "ipfs id > /dev/null 2>&1 || exit 1"]
-      interval: 30s
-      timeout: 10s
-      start_period: 30s
-      retries: 3
-
-  # DSMS Gateway - REST API für DSMS
-  dsms-gateway:
-    build:
-      context: ./dsms-gateway
-      dockerfile: Dockerfile
-    container_name: breakpilot-pwa-dsms-gateway
-    ports:
-      - "8082:8082"
-    environment:
-      - IPFS_API_URL=http://dsms-node:5001
-      - IPFS_GATEWAY_URL=http://dsms-node:8080
-      - JWT_SECRET=${JWT_SECRET:-your-super-secret-jwt-key-change-in-production}
-    depends_on:
-      dsms-node:
-        condition: service_healthy
-    networks:
-      - breakpilot-pwa-network
-    restart: unless-stopped
-
  # ============================================
  # Jitsi Meet - Videokonferenzen für Schulungen
  # Web UI: http://localhost:8443
@@ -1697,32 +1578,6 @@ services:
      - breakpilot-pwa-network
    restart: unless-stopped

-  # ============================================
-  # Night Scheduler - Nachtabschaltung
-  # Stoppt Services nachts, startet sie morgens
-  # API: http://localhost:8096
-  # ============================================
-  night-scheduler:
-    build: ./night-scheduler
-    container_name: breakpilot-pwa-night-scheduler
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - ./night-scheduler/config:/config
-      - ./docker-compose.yml:/app/docker-compose.yml:ro
-    environment:
-      - COMPOSE_PROJECT_NAME=breakpilot-pwa
-    ports:
-      - "8096:8096"
-    networks:
-      - breakpilot-pwa-network
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8096/health"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-      start_period: 10s
-
  # ============================================
  # Woodpecker CI - Agent
  # Executes pipeline steps in containers
@@ -1774,8 +1629,6 @@ volumes:
  # Valkey Session Cache
  valkey_data:
    driver: local
-  dsms_data:
-    driver: local
  klausur_uploads:
    driver: local
  eh_uploads:
--- a/nginx/conf.d/default.conf
+++ b/nginx/conf.d/default.conf
@@ -276,22 +276,6 @@ server {
        proxy_read_timeout 300s;
    }

-    # Proxy SDK API requests to AI Compliance SDK (same origin = no CORS issues)
-    # Only /sdk/v1/ is forwarded to the SDK backend, /sdk/einwilligungen/* etc are frontend pages
-    location /sdk/v1/ {
-        set $upstream_sdk ai-compliance-sdk:8090;
-        proxy_pass http://$upstream_sdk;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto https;
-        # Longer timeout for LLM requests
-        proxy_read_timeout 300s;
-        proxy_connect_timeout 60s;
-        proxy_send_timeout 300s;
-    }
-
    # Proxy Documentation (MkDocs) - same origin = no mixed content issues
    location /docs/ {
        set $upstream_docs docs:80;
@@ -317,65 +301,6 @@ server {
    }
 }

-# HTTPS - Developer Portal on port 3006
-# Oeffentliches SDK-Dokumentationsportal (kein Auth)
-server {
-    listen 3006 ssl;
-    http2 on;
-    server_name macmini localhost;
-
-    ssl_certificate /etc/nginx/certs/macmini.crt;
-    ssl_certificate_key /etc/nginx/certs/macmini.key;
-
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
-    ssl_prefer_server_ciphers off;
-
-    location / {
-        set $upstream_devportal developer-portal:3000;
-        proxy_pass http://$upstream_devportal;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto https;
-    }
-}
-
-# HTTPS - AI Compliance SDK on port 8093
-# Multi-Tenant RBAC, LLM Gateway, Audit Trail
-server {
-    listen 8093 ssl;
-    http2 on;
-    server_name macmini localhost;
-
-    ssl_certificate /etc/nginx/certs/macmini.crt;
-    ssl_certificate_key /etc/nginx/certs/macmini.key;
-
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
-    ssl_prefer_server_ciphers off;
-
-    # SDK endpoints - allow larger payloads for LLM requests
-    client_max_body_size 10M;
-
-    location / {
-        set $upstream_sdk ai-compliance-sdk:8090;
-        proxy_pass http://$upstream_sdk;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto https;
-        # Longer timeout for LLM requests
-        proxy_read_timeout 300s;
-        proxy_connect_timeout 60s;
-        proxy_send_timeout 300s;
-    }
-}
-
 # HTTPS - Edu-Search Service on port 8089
 # Proxies to edu-search container running on port 8088
 server {