feat(cookie): ② Documentation Drift — Richtlinie vs. Browser-Realität

Cookie-Check-Endpoint liefert jetzt out["drift"] (audit_cookie_compliance):
deklariert (Cookie-Richtlinie-Text) vs. tatsaechlich geladen (Browser).
Frontend zeigt den Reality-Check-Strip oben im Panel: X dokumentiert ·
Y geladen · Z undokumentiert. Pinnt den Vertrag mit test_cookie_drift.py
(undokumentiert-geladen + beide Drift-Richtungen) + Vitest Drift-Strip.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

backend-compliance/compliance/api/agent_compliance_check_routes.py

@@ -235,6 +235,9 @@ async def snapshot_cookie_check(snapshot_id: str):
     from compliance.services.cookie_storage_inventory import (
         build_storage_inventory, storage_transparency_finding,
     )
+    from compliance.services.cookie_compliance_audit import (
+        audit_cookie_compliance,
+    )
     db = SessionLocal()
     try:
         snap = load_snapshot(db, snapshot_id)
@@ -251,6 +254,15 @@ async def snapshot_cookie_check(snapshot_id: str):
             out["findings"].insert(0, tf)
             out["summary"]["findings"] = len(out["findings"])
         out["storage_inventory"] = inv
+        # ② Documentation Drift: Cookie-Richtlinie (Text) vs. Browser-Realität.
+        docs = snap.get("doc_entries") or []
+        cookie_text = next(
+            (e.get("text") or e.get("content") or "" for e in docs
+             if e.get("doc_type") in ("cookie", "cookie_richtlinie", "cookies")),
+            "",
+        )
+        out["drift"] = audit_cookie_compliance(
+            db, cookie_text, snap.get("banner_result"))
         return out
     finally:
         db.close()