feat(agent): Cookie-Result-View + Check-Historie aus Snapshots

Snapshot-getriebene Result-Views, entkoppelt vom Live-Check: - CookieResultView: laedt cmp_vendors aus einem Snapshot (kein Re-Crawl), KPIs (Anbieter/Cookies/Marketing/Drittland) + Empfaenger-Gruppen (Eigene/AVV/Joint-Controller) + aufklappbare Vendor->Cookie-Tabelle. - Historie (/sdk/agent/snapshots): alle gespeicherten Checks, jederzeit oeffnbar (DSB/Mitarbeiter) + Detail-Seite je Snapshot. - Next.js-Proxys fuer GET /snapshots (Liste) + /snapshots/{id} (einzeln). BMW-Snapshot 4603d15b: 83 Vendors / 780 Cookies. Library-Abgleich (cookie_knowledge_db.lookup_cookie) folgt als Phase B. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-11 00:51:25 +02:00
parent a28db8f8f0
commit 3332eb0bf9
6 changed files with 418 additions and 0 deletions
@@ -0,0 +1,34 @@
 /**
 * Snapshot-Proxy
 * GET /api/sdk/v1/agent/snapshots/{snapshotId}
 *   → backend /api/compliance/agent/snapshots/{snapshotId}
 *
 * Liefert die persistierten Roh-Daten eines Checks (cmp_vendors + Cookies +
 * banner_result) — Basis für den Cookie-Result-View OHNE Re-Crawl.
 */
 import { NextRequest, NextResponse } from 'next/server'
 const BACKEND_URL =
  process.env.BACKEND_API_URL || process.env.BACKEND_URL ||
  'http://backend-compliance:8002'
 export async function GET(
  _request: NextRequest,
  { params }: { params: Promise<{ snapshotId: string }> },
 ) {
  const { snapshotId } = await params
  try {
    const response = await fetch(
      `${BACKEND_URL}/api/compliance/agent/snapshots/${snapshotId}`,
      { signal: AbortSignal.timeout(60_000) },
    )
    const data = await response.json()
    return NextResponse.json(data, { status: response.status })
  } catch {
    return NextResponse.json(
      { error: 'Snapshot-Laden zum Backend fehlgeschlagen' },
      { status: 503 },
    )
  }
 }
@@ -0,0 +1,33 @@
 /**
 * Snapshot-Liste (Historie)
 * GET /api/sdk/v1/agent/snapshots?domain=&limit=
 *   → backend /api/compliance/agent/snapshots
 *
 * Ohne domain: alle letzten Snapshots (Historie zum Durchklicken).
 */
 import { NextRequest, NextResponse } from 'next/server'
 const BACKEND_URL =
  process.env.BACKEND_API_URL || process.env.BACKEND_URL ||
  'http://backend-compliance:8002'
 export async function GET(request: NextRequest) {
  const { searchParams } = new URL(request.url)
  const domain = searchParams.get('domain') || ''
  const limit = searchParams.get('limit') || '50'
  try {
    const response = await fetch(
      `${BACKEND_URL}/api/compliance/agent/snapshots`
        + `?domain=${encodeURIComponent(domain)}&limit=${encodeURIComponent(limit)}`,
      { signal: AbortSignal.timeout(30_000) },
    )
    const data = await response.json()
    return NextResponse.json(data, { status: response.status })
  } catch {
    return NextResponse.json(
      { error: 'Snapshot-Liste zum Backend fehlgeschlagen', snapshots: [] },
      { status: 503 },
    )
  }
 }
@@ -0,0 +1,177 @@
 'use client'
 /**
 * CookieResultView — strukturierte Cookie-/Vendor-Auswertung aus einem
 * gespeicherten Snapshot (cmp_vendors), OHNE Re-Crawl.
 *
 * KPIs + Empfänger-Gruppen (Eigene / Auftragsverarbeiter / Joint Controller —
 * wie im Audit-Mail-VVT) + aufklappbare Vendor→Cookie-Tabelle. Verarbeitet
 * Mengen (780 Cookies bei BMW): Vendors gruppiert, Cookies on-demand.
 */
 import React, { useMemo, useState } from 'react'
 export interface SnapshotCookie {
  name: string
  expiry?: string
  purpose?: string
  is_third_party?: boolean
  functional_role?: string
 }
 export interface SnapshotVendor {
  name: string
  cookies?: SnapshotCookie[]
  category?: string
  country?: string
  recipient_type?: string
  compliance_score?: number
  compliance_flags?: string[]
  opt_out_ok?: boolean
 }
 interface Snapshot {
  id: string
  site_domain?: string
  created_at?: string
  cmp_vendors?: SnapshotVendor[]
 }
 const ROLE_LABEL: Record<string, string> = {
  unknown: 'Unbekannt', ad_pixel: 'Werbe-Pixel', auth_token: 'Auth-Token',
  preference: 'Präferenz', visitor_id: 'Besucher-ID', consent_state: 'Consent',
  tracking: 'Tracking',
 }
 const CAT_COLOR: Record<string, string> = {
  necessary: 'bg-green-100 text-green-700', functional: 'bg-blue-100 text-blue-700',
  statistics: 'bg-amber-100 text-amber-700', marketing: 'bg-red-100 text-red-700',
 }
 const EEA = new Set([
  'DE','FR','IE','NL','AT','BE','BG','HR','CY','CZ','DK','EE','FI','GR','HU',
  'IT','LV','LT','LU','MT','PL','PT','RO','SK','SI','ES','SE','IS','LI','NO',
 ])
 const GROUPS = [
  { key: 'own', label: 'Eigene Verarbeitungen (VVT, Art. 30)', test: (r: string) => !r || r === 'INTERNAL' || r === 'GROUP' || r === 'CONTROLLER' },
  { key: 'proc', label: 'Auftragsverarbeiter (AVV, Art. 28)', test: (r: string) => r === 'PROCESSOR' },
  { key: 'joint', label: 'Joint Controller (Art. 26)', test: (r: string) => r === 'JOINT_CONTROLLER' },
  { key: 'other', label: 'Sonstige Empfänger', test: () => true },
 ]
 function scoreColor(s?: number): string {
  if (s == null) return 'text-gray-400'
  return s >= 80 ? 'text-green-700' : s >= 50 ? 'text-amber-700' : 'text-red-700'
 }
 function Tile({ label, value, tone }: { label: string; value: React.ReactNode; tone: string }) {
  return (
    <div className="border border-gray-200 rounded-lg p-3 bg-white">
      <div className={`text-2xl font-semibold leading-none ${tone}`}>{value}</div>
      <div className="text-xs text-gray-500 mt-1.5">{label}</div>
    </div>
  )
 }
 function VendorRow({ v }: { v: SnapshotVendor }) {
  const [open, setOpen] = useState(false)
  const cookies = v.cookies || []
  const cat = (v.category || '').toLowerCase()
  const drittland = !!v.country && !EEA.has((v.country || '').toUpperCase())
  return (
    <div>
      <button
        onClick={() => setOpen(o => !o)}
        className="w-full flex items-center gap-2 px-3 py-2 text-left hover:bg-gray-50 text-xs"
      >
        <span className={`text-gray-400 transition-transform ${open ? 'rotate-90' : ''}`}>›</span>
        <span className="font-medium text-gray-800 flex-1 min-w-0 truncate">{v.name}</span>
        {cat && (
          <span className={`px-1.5 py-0.5 rounded text-[10px] ${CAT_COLOR[cat] || 'bg-gray-100 text-gray-600'}`}>
            {v.category}
          </span>
        )}
        {drittland && (
          <span className="px-1.5 py-0.5 rounded text-[10px] bg-red-50 text-red-600" title="außerhalb EWR">
            {v.country}
          </span>
        )}
        <span className="text-gray-500 w-16 text-right">{cookies.length} Cookies</span>
        <span className={`w-10 text-right font-semibold ${scoreColor(v.compliance_score)}`}>
          {v.compliance_score != null ? `${v.compliance_score}%` : '—'}
        </span>
      </button>
      {open && cookies.length > 0 && (
        <div className="ml-6 mb-1 border-l-2 border-gray-200">
          <table className="w-full text-[11px]">
            <thead className="text-gray-400">
              <tr>
                <th className="px-2 py-1 text-left font-normal">Cookie</th>
                <th className="px-2 py-1 text-left font-normal">Rolle</th>
                <th className="px-2 py-1 text-left font-normal">Zweck</th>
                <th className="px-2 py-1 text-left font-normal">Laufzeit</th>
              </tr>
            </thead>
            <tbody>
              {cookies.map((c, i) => (
                <tr key={i} className="border-t border-gray-100">
                  <td className="px-2 py-1 font-mono text-gray-700 break-all">{c.name}</td>
                  <td className="px-2 py-1 text-gray-500">{ROLE_LABEL[c.functional_role || 'unknown'] || c.functional_role}</td>
                  <td className="px-2 py-1 text-gray-500">{c.purpose ? c.purpose.slice(0, 60) : <span className="text-amber-600 italic">kein Zweck</span>}</td>
                  <td className="px-2 py-1 text-gray-400">{c.expiry || '—'}</td>
                </tr>
              ))}
            </tbody>
          </table>
        </div>
      )}
    </div>
  )
 }
 export function CookieResultView({ snapshot }: { snapshot: Snapshot }) {
  const vendors = snapshot.cmp_vendors || []
  const stats = useMemo(() => {
    const cookies = vendors.reduce((n, v) => n + (v.cookies?.length || 0), 0)
    const marketing = vendors.filter(v => (v.category || '').toLowerCase() === 'marketing').length
    const drittland = vendors.filter(v => v.country && !EEA.has(v.country.toUpperCase())).length
    return { cookies, marketing, drittland }
  }, [vendors])
  const grouped = useMemo(() => GROUPS.map(g => ({
    ...g,
    vendors: vendors
      .filter(v => GROUPS.find(gg => gg.test((v.recipient_type || '').toUpperCase()))?.key === g.key)
      .sort((a, b) => (a.compliance_score ?? 100) - (b.compliance_score ?? 100)),
  })).filter(g => g.vendors.length > 0), [vendors])
  return (
    <div className="space-y-4">
      <div>
        <h2 className="text-lg font-semibold text-gray-900">
          Cookie-Auswertung — {snapshot.site_domain || 'Snapshot'}
        </h2>
        <p className="text-xs text-gray-500 mt-0.5">
          aus gespeichertem Snapshot (kein Re-Crawl) ·{' '}
          {snapshot.created_at ? snapshot.created_at.slice(0, 19).replace('T', ' ') : ''}
        </p>
      </div>
      <div className="grid grid-cols-2 sm:grid-cols-4 gap-3">
        <Tile label="Anbieter" value={vendors.length} tone="text-gray-800" />
        <Tile label="Cookies gesamt" value={stats.cookies} tone="text-gray-800" />
        <Tile label="Marketing-Anbieter" value={stats.marketing} tone={stats.marketing > 0 ? 'text-red-700' : 'text-gray-800'} />
        <Tile label="Drittland (außerhalb EWR)" value={stats.drittland} tone={stats.drittland > 0 ? 'text-amber-700' : 'text-gray-800'} />
      </div>
      {grouped.map(g => (
        <div key={g.key} className="border rounded-lg overflow-hidden">
          <div className="px-3 py-2 bg-slate-50 border-b text-xs font-semibold text-gray-700">
            {g.label} <span className="text-gray-400 font-normal">({g.vendors.length})</span>
          </div>
          <div className="divide-y divide-gray-100">
            {g.vendors.map((v, i) => <VendorRow key={i} v={v} />)}
          </div>
        </div>
      ))}
    </div>
  )
 }
@@ -0,0 +1,47 @@
 import { describe, it, expect } from 'vitest'
 import { render, screen, fireEvent } from '@testing-library/react'
 import { CookieResultView } from '../CookieResultView'
 const SNAP = {
  id: 'abc',
  site_domain: 'bmw.de',
  created_at: '2026-06-10T22:16:11',
  cmp_vendors: [
    {
      name: 'Salesforce', category: 'necessary', country: 'US',
      recipient_type: 'PROCESSOR', compliance_score: 91,
      cookies: [
        { name: 'LSKey-c$Policy', functional_role: 'consent_state', purpose: '', expiry: '1 Jahr' },
        { name: 'sid', functional_role: 'auth_token', purpose: 'Login', expiry: 'Session' },
      ],
    },
    {
      name: 'BMW AG — eShop', category: 'necessary', country: '',
      recipient_type: 'INTERNAL', compliance_score: 100,
      cookies: [{ name: 'x', functional_role: 'preference', purpose: 'Sprache' }],
    },
  ],
 }
 describe('CookieResultView', () => {
  it('zeigt KPIs + Empfänger-Gruppen aus dem Snapshot', () => {
    render(<CookieResultView snapshot={SNAP} />)
    expect(screen.getByText(/Cookie-Auswertung/)).toBeInTheDocument()
    // 2 Anbieter, 3 Cookies gesamt
    expect(screen.getByText('Anbieter')).toBeInTheDocument()
    expect(screen.getByText('Cookies gesamt')).toBeInTheDocument()
    expect(screen.getByText('3')).toBeInTheDocument()
    // Gruppen: Eigene + Auftragsverarbeiter
    expect(screen.getByText(/Eigene Verarbeitungen/)).toBeInTheDocument()
    expect(screen.getByText(/Auftragsverarbeiter/)).toBeInTheDocument()
    expect(screen.getByText('Salesforce')).toBeInTheDocument()
  })
  it('klappt einen Vendor auf und zeigt die Cookies', () => {
    render(<CookieResultView snapshot={SNAP} />)
    fireEvent.click(screen.getByText('Salesforce'))
    expect(screen.getByText('LSKey-c$Policy')).toBeInTheDocument()
    expect(screen.getByText(/kein Zweck/)).toBeInTheDocument()  // leerer purpose
  })
 })
@@ -0,0 +1,56 @@
 'use client'
 /**
 * Snapshot-Detail — öffnet einen gespeicherten Check aus der Historie und
 * zeigt die Ergebnis-Views aus den Rohdaten (kein Re-Crawl). Aktuell:
 * Cookie-Auswertung. Impressum/AGB/… folgen als weitere Module hier.
 */
 import React, { use as useUnwrap, useEffect, useState } from 'react'
 import Link from 'next/link'
 import { CookieResultView } from '../../_components/CookieResultView'
 export default function SnapshotDetail(
  { params }: { params: Promise<{ snapshotId: string }> },
 ) {
  const { snapshotId } = useUnwrap(params)
  const [snap, setSnap] = useState<any>(null)
  const [loading, setLoading] = useState(true)
  const [error, setError] = useState<string | null>(null)
  useEffect(() => {
    let cancelled = false
    fetch(`/api/sdk/v1/agent/snapshots/${snapshotId}`)
      .then(r => r.json())
      .then(d => {
        if (cancelled) return
        if (d?.error) setError(d.error)
        else setSnap(d)
      })
      .catch(e => { if (!cancelled) setError(String(e)) })
      .finally(() => { if (!cancelled) setLoading(false) })
    return () => { cancelled = true }
  }, [snapshotId])
  const hasCookies = (snap?.cmp_vendors?.length ?? 0) > 0
  return (
    <div className="p-6 max-w-6xl space-y-4">
      <Link href="/sdk/agent/snapshots" className="text-xs text-blue-700 hover:underline">
        ‹ Zurück zur Historie
      </Link>
      {loading ? (
        <div className="text-sm text-gray-500">Lade Snapshot…</div>
      ) : error || !snap ? (
        <div className="text-sm text-red-600">Snapshot nicht gefunden.</div>
      ) : hasCookies ? (
        <CookieResultView snapshot={snap} />
      ) : (
        <div className="text-sm text-gray-500">
          Dieser Snapshot enthält keine Cookie-/Vendor-Daten.
        </div>
      )}
    </div>
  )
 }
@@ -0,0 +1,71 @@
 'use client'
 /**
 * Check-Historie — listet gespeicherte Snapshots (alle Sites/Module).
 * Ein DSB/Mitarbeiter kann jeden früheren Check öffnen, ohne neuen Check
 * zu starten. Daten kommen aus den Snapshot-Rohdaten.
 */
 import React, { useEffect, useState } from 'react'
 import Link from 'next/link'
 interface SnapMeta {
  id: string
  check_id?: string
  site_domain?: string
  site_label?: string
  created_at?: string
  replay_count?: number
 }
 export default function SnapshotHistory() {
  const [snaps, setSnaps] = useState<SnapMeta[]>([])
  const [loading, setLoading] = useState(true)
  useEffect(() => {
    let cancelled = false
    fetch('/api/sdk/v1/agent/snapshots?limit=50')
      .then(r => r.json())
      .then(d => { if (!cancelled) setSnaps(d.snapshots || []) })
      .catch(() => { if (!cancelled) setSnaps([]) })
      .finally(() => { if (!cancelled) setLoading(false) })
    return () => { cancelled = true }
  }, [])
  return (
    <div className="p-6 max-w-4xl space-y-4">
      <div>
        <h1 className="text-xl font-semibold text-gray-900">Check-Historie</h1>
        <p className="text-xs text-gray-500 mt-1">
          Frühere Compliance-Checks aus gespeicherten Snapshots — jederzeit
          ansehbar, ohne neuen Check zu starten.
        </p>
      </div>
      {loading ? (
        <div className="text-sm text-gray-500">Lade Historie…</div>
      ) : snaps.length === 0 ? (
        <div className="text-sm text-gray-400">Keine gespeicherten Checks gefunden.</div>
      ) : (
        <div className="border rounded-lg divide-y divide-gray-100">
          {snaps.map(s => (
            <Link
              key={s.id}
              href={`/sdk/agent/snapshots/${s.id}`}
              className="flex items-center gap-3 px-4 py-3 hover:bg-gray-50 text-sm"
            >
              <span className="font-medium text-gray-800 w-44 truncate">
                {s.site_label || s.site_domain || 'unbekannt'}
              </span>
              <span className="text-gray-500 flex-1 min-w-0 truncate">{s.site_domain}</span>
              <span className="text-xs text-gray-400 whitespace-nowrap">
                {(s.created_at || '').slice(0, 16).replace('T', ' ')}
              </span>
              <span className="text-gray-300">›</span>
            </Link>
          ))}
        </div>
      )}
    </div>
  )
 }