---
arc42: "2 — Architecture Constraints"
status: stub
---

## 2.1 Technical Constraints

| Constraint | Rationale |
|---|---|
| Hosted on Hetzner (EU) | European sovereignty narrative; cost; GDPR residency |
| Docker Compose deployment | Solo maintainability; no Kubernetes overhead for PoC |
| Python 3.12 | AI ecosystem fit; LLM-assisted dev speed; SDK readiness |
| PostgreSQL 16 | Relational integrity + JSONB flexibility for BSM payload |
| Caddy reverse proxy | Auto-TLS (Let's Encrypt); zero-config HTTPS |
| Open source (Apache 2.0) | STF requirement; community credibility |
| HTTPS mandatory | Trust infrastructure must be served over TLS — non-negotiable even for PoC |

## 2.2 Organisational Constraints

| Constraint | Rationale |
|---|---|
| Solo developer | All components must be maintainable by one person |
| LLM-assisted development | Accepted; all generated code must be reviewed before commit |
| Public GitHub repository | STF requires open-source deliverables; also community signal |
| No external team dependencies | No waiting on others; all unblocked decisions are made by Carsten |

## 2.3 Regulatory Constraints

| Constraint | Rationale |
|---|---|
| GDPR-lite | Only data stored: registrant email (for contact), service URL, BSM payload. No analytics, no tracking. |
| No PII in logs | Even at DEBUG level — email addresses must not appear in log output |
| No secrets in images or Git | API keys and DB credentials via runtime env only |

## 2.4 Convention Constraints

| Constraint | Rationale |
|---|---|
| HATEOAS API style | Core APIX Internet-Draft requirement; agents must be able to navigate from root URL |
| IETF Internet-Draft alignment | BSM field names must match draft-rehfeld-bot-service-index-00 |
| PlantUML for all diagrams | Project convention (not Mermaid) |
| arc42 documentation structure | This document set |