feat(audit): P86 Branchen-Benchmark + P35/P77/P78 Textsignale

P86 — industry_benchmark.py: zieht alle Snapshots mit derselben
scan_context.industry, berechnet Median + Percentile, rendert
'Sie 42% — Automotive-Median 58% (Stichprobe: 12)'. Min Sample 3.

P35 — banner_text 'Speichern' ohne 'Ablehnen' = MEDIUM. Mehrdeutiges
Label nach EDPB 03/2022 Deceptive-Design-Guidelines.

P77 — DSE mit prominenter Cookie-Sektion (Vendor-Hints: Speicherdauer,
Anbieter, Datenkategorie) ersetzt die Forderung nach separater
Cookie-Richtlinie. Positives Signal statt False-Positive.

P78 — Art. 26-Klausel im DSE-Text erkannt → positives Signal
'JC-Konstrukt dokumentiert'. Vermeidet False-Positive bei
Konzern-Schwester-Kooperationen.

Alle in Mail eingehaengt: Branchen-Block nach GF-1-Pager, Signale-Block
nach Konsistenz-Check.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

backend-compliance/compliance/api/agent_compliance_check_routes.py

@@ -1081,6 +1081,23 @@ async def _run_compliance_check(check_id: str, req: ComplianceCheckRequest):
         except Exception as e:
             logger.warning("P102 mismatch detection failed: %s", e)
 
+        # P35 + P77 + P78: Textsignal-Checks (Save-Label, Cookies-in-DSE,
+        # JC-Klausel im DSE)
+        signals_html = ""
+        try:
+            from compliance.services.doc_text_signals import (
+                run_all as run_signal_checks,
+                build_signals_block_html,
+            )
+            cookie_doc_missing = not bool(doc_texts.get("cookie"))
+            sig_findings = run_signal_checks(
+                banner_result, doc_texts, cookie_doc_missing,
+            )
+            if sig_findings:
+                signals_html = build_signals_block_html(sig_findings)
+        except Exception as e:
+            logger.warning("P35/P77/P78 signals-check failed: %s", e)
+
         # P92 + P94: Banner-Konsistenz (CMP-Tool kaputt / Banner-vs-Doc-Diff)
         consistency_html = ""
         try:
@@ -1115,6 +1132,28 @@ async def _run_compliance_check(check_id: str, req: ComplianceCheckRequest):
         except Exception as e:
             logger.warning("P82 GF-1-pager skipped: %s", e)
 
+        # P86: Branchen-Benchmark (nur wenn scan_context.industry gesetzt)
+        bench_html = ""
+        try:
+            from database import SessionLocal as _SLb
+            from compliance.services.industry_benchmark import (
+                compute_benchmark, build_benchmark_html, _extract_score,
+            )
+            industry = (req.scan_context or {}).get("industry") if req.scan_context else None
+            curr_score = _extract_score(banner_result)
+            if industry and curr_score is not None:
+                _b_db = _SLb()
+                try:
+                    bench = compute_benchmark(
+                        _b_db, industry, curr_score, check_id,
+                    )
+                    if bench:
+                        bench_html = build_benchmark_html(bench)
+                finally:
+                    _b_db.close()
+        except Exception as e:
+            logger.warning("P86 industry-benchmark skipped: %s", e)
+
         # P84: Diff-Mode — "Seit letztem Lauf X Findings weg, Y neue".
         diff_html = ""
         try:
@@ -1136,12 +1175,12 @@ async def _run_compliance_check(check_id: str, req: ComplianceCheckRequest):
             logger.warning("P84 diff-mode skipped: %s", e)
 
         full_html = (
-            gf_one_pager_html + diff_html
+            gf_one_pager_html + bench_html + diff_html
             + critical_html + scope_disclaimer_html + exec_summary_html
             + cookie_arch_html + summary_html + scanned_html + profile_html
             + scorecard_html + redundancy_html
             + providers_html + banner_deep_html + library_mismatch_html
-            + consistency_html
+            + consistency_html + signals_html
             + vvt_html + report_html
         )