206 Zeilen
8.3 KiB
Markdown
206 Zeilen
8.3 KiB
Markdown
# AegisSight-Monitor
|
|
|
|
> OSINT-Lagemonitoring mit KI-gestützter Nachrichtenanalyse
|
|
|
|
## Übersicht
|
|
|
|
```yaml
|
|
projekt: AegisSight-Monitor
|
|
url: https://monitor.aegis-sight.de
|
|
server: ssh monitor (178.104.43.177, User: claude-dev)
|
|
pfad: /home/claude-dev/AegisSight-Monitor
|
|
quellcode: /home/claude-dev/AegisSight-Monitor/src/
|
|
datenbank: /mnt/gitea/osint-data/osint.db (SQLite WAL, geteilt mit Verwaltungsportal + Globe)
|
|
gitea: https://gitea-undso.aegis-sight.de/AegisSight/AegisSight-Monitor
|
|
service: osint-monitor.service (systemd, Port 8891, Nginx Reverse Proxy)
|
|
venv: /home/claude-dev/.venvs/osint/ (Python 3.12)
|
|
```
|
|
|
|
## Technologie-Stack
|
|
|
|
```yaml
|
|
backend:
|
|
framework: FastAPI + Uvicorn
|
|
datenbank: SQLite WAL (aiosqlite, async)
|
|
auth: Magic-Link-Login per E-Mail (JWT HS256, 24h)
|
|
scheduler: APScheduler (Auto-Refresh 1min, Cleanup 1h, Health-Check taeglich 04:00)
|
|
websocket: FastAPI native (Echtzeit-Updates an Clients)
|
|
ki: Claude CLI als Subprocess (WebSearch + WebFetch Tools)
|
|
ki_modelle:
|
|
schnell: CLAUDE_MODEL_FAST (Haiku) — Feed-Selektion, Geoparsing, Chat, QC
|
|
mittel: CLAUDE_MODEL_MEDIUM (Sonnet) — Entity-Extraktion, Netzwerkanalyse
|
|
standard: CLI-Default (Opus) — Recherche, Analyse, Faktencheck
|
|
email: aiosmtplib (smtp.ionos.de:587 TLS)
|
|
|
|
frontend:
|
|
typ: Vanilla JS (kein Framework, kein Build-Step)
|
|
design: AegisSight Dark/Light Theme (Navy/Gold)
|
|
fonts: Poppins (Titel), Inter (Body)
|
|
layout: gridstack.js (Drag-and-Drop Dashboard-Kacheln)
|
|
karte: Leaflet + MarkerCluster
|
|
echtzeit: WebSocket mit Auto-Reconnect und Ping/Pong
|
|
```
|
|
|
|
## Projektstruktur
|
|
|
|
```yaml
|
|
src/:
|
|
main.py: "FastAPI App, WebSocketManager, Scheduler, Lifespan, statische Routen"
|
|
config.py: "Konfiguration (JWT, Claude-Modelle, SMTP, RSS-Feeds, Zeitzone)"
|
|
auth.py: "JWT erstellen/verifizieren, Magic-Link/Code, get_current_user Dependency"
|
|
database.py: "SQLite Schema (25+ Tabellen), Migrationen, init_db(), get_db()"
|
|
models.py: "Pydantic Request/Response-Schemas"
|
|
source_rules.py: "Domain-Kategorisierung, RSS-Feed-Discovery, Claude-Feed-Bewertung"
|
|
report_generator.py: "PDF (WeasyPrint) + DOCX (python-docx) Export"
|
|
|
|
routers/:
|
|
auth.py: "Magic-Link-Login, Token-Verify, /api/auth/me"
|
|
incidents.py: "CRUD Lagen, Refresh, Artikel, Snapshots, Faktenchecks, Export, E-Mail-Abos, Refresh-Log"
|
|
sources.py: "CRUD Quellen, Discovery (Single/Multi), Domain sperren, Telegram-Validierung"
|
|
chat.py: "KI-Assistent (Haiku), Injection-Schutz, Tech-Leak-Filter"
|
|
public_api.py: "API-Key Auth, Globe-Feed (GeoJSON), Globe-Ingest, Snapshot-Abruf"
|
|
notifications.py: "CRUD Benachrichtigungen, Unread-Count, Mark-Read"
|
|
feedback.py: "E-Mail-Feedback mit Bild-Anhaengen"
|
|
tutorial.py: "Tutorial-Fortschritt pro User"
|
|
|
|
agents/:
|
|
orchestrator.py: "Queue-basierte Refresh-Steuerung, Research Multi-Pass (3 Durchlaeufe), Retry, Cancel, Credits-Tracking"
|
|
researcher.py: "WebSearch-Recherche (Standard + 4-Phasen-Tiefenrecherche), Feed-Selektion, Keyword-Extraktion"
|
|
analyzer.py: "Analyse-Agent (Lagebild/Briefing, Erst- + inkrementell, Inline-Zitate)"
|
|
factchecker.py: "Faktencheck (Erst/Inkrementell/Zwei-Phasen mit Triage), Claim-Matching, Dedup"
|
|
geoparsing.py: "Haiku-basierte Ortsextraktion, Geocoding via geonamescache"
|
|
entity_extractor.py: "Netzwerkanalyse: Entity-Extraktion (Sonnet), Beziehungsanalyse, Dedup"
|
|
claude_client.py: "Shared Claude CLI Client, Usage-Tracking (Token, Kosten), Rate-Limit-Erkennung"
|
|
|
|
feeds/:
|
|
rss_parser.py: "RSS-Feed-Parsing (feedparser + httpx), Keyword-Matching, Domain-Cap"
|
|
telegram_parser.py: "Telethon-basierter Telegram-Parser, Kanal-Validierung"
|
|
|
|
services/:
|
|
post_refresh_qc.py: "Post-Refresh Quality Check: Faktencheck-Duplikate, Location-Korrektur"
|
|
fact_consolidation.py: "Periodisches Haiku-Clustering, Auto-Resolve veralteter Fakten"
|
|
source_health.py: "Quellen-Health-Checks (Erreichbarkeit, Feed-Validitaet, Stale)"
|
|
source_suggester.py: "KI-Quellen-Vorschlaege via Haiku"
|
|
license_service.py: "Lizenz-Pruefung (Org, Ablauf, Nutzer-Limit)"
|
|
|
|
middleware/:
|
|
license_check.py: "Dependencies: require_active_license, require_writable_license"
|
|
|
|
email_utils/:
|
|
sender.py: "Async SMTP Versand"
|
|
templates.py: "HTML-Templates (Magic-Link, Benachrichtigungen)"
|
|
rate_limiter.py: "Rate-Limiting Magic-Links"
|
|
|
|
migration/:
|
|
migrate_to_multitenancy.py: "Einmal-Migration Single->Multi-Tenant"
|
|
|
|
report_templates/:
|
|
report.html: "HTML-Template fuer PDF/DOCX-Export"
|
|
|
|
static/:
|
|
index.html: "Login-Seite (Magic-Link)"
|
|
dashboard.html: "Hauptdashboard (Sidebar + GridStack + Modals)"
|
|
css/:
|
|
style.css: "AegisSight Design System (Dark/Light Theme, alle Komponenten)"
|
|
js/:
|
|
api.js: "REST-API-Client (fetch, Auth-Header, 30s Timeout)"
|
|
app.js: "Hauptlogik: ThemeManager, NotificationCenter, App-Objekt"
|
|
components.js: "UI-Rendering: Sidebar, Faktenchecks, Toasts, Progress-Bar, Karte"
|
|
chat.js: "Chat-Assistent Widget"
|
|
layout.js: "gridstack.js Wrapper (Drag/Resize, localStorage)"
|
|
tutorial.js: "Interaktiver 32-Schritte Rundgang mit Animationen"
|
|
ws.js: "WebSocket-Client (Reconnect, Ping/Pong)"
|
|
vendor/:
|
|
leaflet.js: "Karten-Bibliothek"
|
|
leaflet.markercluster.js: "Marker-Clustering"
|
|
```
|
|
|
|
## Architektur
|
|
|
|
```yaml
|
|
incident_typen:
|
|
adhoc:
|
|
label: "Live-Monitoring"
|
|
quellen: "RSS + WebSearch + optional Telegram"
|
|
analyse: "Fliesstext-Lagebild"
|
|
faktencheck_status: "confirmed/unconfirmed/contradicted/developing"
|
|
refresh: "Manuell oder automatisch (Intervall konfigurierbar)"
|
|
research:
|
|
label: "Recherche"
|
|
quellen: "Nur WebSearch 4-Phasen-Tiefenrecherche (kein RSS)"
|
|
analyse: "Strukturiertes Briefing (Ueberblick, Hintergrund, Akteure, Lage, Einschaetzung, Quellenqualitaet)"
|
|
faktencheck_status: "established/unverified/disputed/developing"
|
|
refresh: "Immer manuell, erster Refresh automatisch 3 Durchlaeufe (Multi-Pass)"
|
|
multi_pass:
|
|
durchlaeufe: 3
|
|
labels: ["Breite Erfassung", "Vertiefung", "Konsolidierung"]
|
|
bedingung: "Nur beim ersten Refresh (kein Summary vorhanden)"
|
|
cancel: "Zwischen und innerhalb der Durchlaeufe moeglich"
|
|
|
|
refresh_pipeline:
|
|
1: "Feed-Selektion (Haiku) + dynamische Keywords"
|
|
2: "Parallel: RSS + WebSearch + optional Telegram"
|
|
3: "URL-Verifizierung (HEAD-Requests)"
|
|
4: "Duplikaterkennung (URL + Headline)"
|
|
5: "Relevanz-Scoring + DB-Dedup"
|
|
6: "Geoparsing (Haiku + geonamescache)"
|
|
7: "Parallel: Analyse + Faktencheck"
|
|
8: "Post-Refresh QC"
|
|
9: "Notifications (DB + E-Mail + WebSocket)"
|
|
10: "Credits-Tracking (Token auf Lizenz buchen)"
|
|
11: "Background: Source-Discovery"
|
|
|
|
multi_tenancy: "Volle Mandantentrennung (tenant_id auf allen Tabellen)"
|
|
|
|
dashboard_kacheln:
|
|
- "Lagebild (Markdown + Inline-Zitate)"
|
|
- "Faktencheck (Status-Icons, Evidence, Filter)"
|
|
- "Quellenübersicht (nach Domain gruppiert)"
|
|
- "Timeline (horizontale Achse, Bucketing, Filter)"
|
|
- "Karte (Leaflet, Kategorie-Marker, Legende)"
|
|
```
|
|
|
|
## Datenbank (25+ Tabellen)
|
|
|
|
```yaml
|
|
kern: "organizations, licenses, users, magic_links, portal_admins"
|
|
lagen: "incidents, articles, incident_snapshots, fact_checks, refresh_log"
|
|
quellen: "sources, source_health_checks, source_suggestions, user_excluded_domains"
|
|
geo: "article_locations"
|
|
netzwerk: "network_analyses, network_analysis_incidents, network_entities, network_entity_mentions, network_relations, network_generation_log"
|
|
system: "notifications, incident_subscriptions, feedback, token_usage_monthly"
|
|
```
|
|
|
|
## Verwandte Projekte (gleicher Server)
|
|
|
|
```yaml
|
|
verwaltungsportal:
|
|
pfad: /home/claude-dev/AegisSight-Monitor-Verwaltung
|
|
url: https://monitor-verwaltung.aegis-sight.de
|
|
service: verwaltungsportal.service (Port 8892)
|
|
geteilte_db: ja
|
|
|
|
globe:
|
|
pfad: /home/claude-dev/AegisSight-Globe
|
|
url: https://globe.aegis-sight.de
|
|
service: globe.service (Port 8890)
|
|
geteilte_db: ja
|
|
|
|
netzwerkanalyse:
|
|
pfad: /home/claude-dev/AegisSight-Netzwerkanalyse
|
|
url: https://netzwerkanalyse.aegis-sight.de
|
|
service: netzwerkanalyse.service (Port 8893)
|
|
```
|
|
|
|
## Regeln
|
|
|
|
```yaml
|
|
regeln:
|
|
- "Jede Aenderung MUSS sofort committed und nach Gitea gepusht werden"
|
|
- "Echte Umlaute in UI-Texten (ue, ae, oe, ss), keine Umschreibungen"
|
|
- "Keine Passwoerter oder Secrets in den Code committen"
|
|
- "Service nach Backend-Aenderungen: sudo systemctl restart osint-monitor"
|
|
- "Frontend-Aenderungen (HTML/JS/CSS) brauchen keinen Neustart"
|
|
- "Backup-Dateien (.bak) nicht committen, vor Push loeschen"
|
|
```
|