feat(compliance-check): MC-Classification + Embedding + Vendor-Redundanz + Action-Recipes + Borlabs-Features
CI / nodejs-build (push) Successful in 2m47s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / detect-changes (push) Successful in 10s
CI / secret-scan (push) Has been skipped
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / validate-canonical-controls (push) Successful in 16s
CI / loc-budget (push) Failing after 17s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Has been skipped
CI / test-go (push) Has been skipped
CI / iace-gt-coverage (push) Has been skipped
CI / test-python-dsms-gateway (push) Has been skipped
CI / nodejs-build (push) Successful in 2m47s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / detect-changes (push) Successful in 10s
CI / secret-scan (push) Has been skipped
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / validate-canonical-controls (push) Successful in 16s
CI / loc-budget (push) Failing after 17s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Has been skipped
CI / test-go (push) Has been skipped
CI / iace-gt-coverage (push) Has been skipped
CI / test-python-dsms-gateway (push) Has been skipped
Massiv-Update auf Basis BMW-Test-Iterationen (v1→v9): Core Compliance-Check - Sonnet check_type Klassifikation: text/process/review fuer alle 1874 MCs in compliance.doc_check_controls (script + Sidecar /data/mc_classification.db). rag_document_checker filtert auf check_type='text' fuer doc_check. Plus fits_doc_type-Audit (v2) + ui_only-Audit fuer DSA/E-Commerce-MCs in falscher doc_type-Schublade. - scope_requires-Filter: biometric/ai_decision/child_targeting MCs werden per business_profile gefiltert (FRT skipped fuer BMW etc.). - Embedding-Match (BGE-M3) als Phase-3 nach Regex-Match: Per-doc_type-Threshold-Override (impressum 0.50, dse/cookie 0.60), Short-Field-Rescue (15-Wort-Chunks) fuer Pflichtfelder im Impressum. Title+check_question als Embedding-Input fuer mehr Kontext. - Cookie-Text-Routing: consent-tester gibt cmp_cookie_text aus dem CMP-Reconstruct zurueck, Backend bevorzugt das gegen DOM-Extraction wenn richer (BMW 1824 vs 600 Worte). Vendor-Redundanz + EU-Alternativen + Cost-Saving - vendor_redundancy.analyze() — funktionale Kategorisierung der CMP-Vendors, Detektion von Mehrfach-Anbietern pro Kategorie, EU-Alternative-Lookup (Matomo, IONOS, HERE, Friendly Captcha, Smart AdServer, ...). - vendor_cost_estimator: Tier-Inferenz aus Cookie-Footprint (Cookie-Anzahl + Premium-Feature-Cookies + Third-Party-Quote → starter/professional/ enterprise/premier). - Self-Service-Werbung (Google/Meta/Pinterest/...) = 0 Lizenz-Kosten (nur Media-Spend, separat). DSP-Plattformen behalten enge Range. - Tier-aware Saving-Range: bei Enterprise/Premier nutzen wir den oberen 40-100%-Band der Listpreise, nicht starter→premier. - Multi-Function-Tools (Matomo Pro, SAP CX, IONOS Cloud, Userlike, Smart AdServer, HERE Maps, Vimeo Pro, LamaPoll) — ein Tool ersetzt mehrere Kategorien gleichzeitig. Cookie-Wissens-DB + Funktionale Klassifikation - cookie_knowledge_db: 50 kuratierte Top-Cookies (Google/Meta/Adobe/MS/...) mit vendor, exact_purpose, data_collected, IAB-TCF-IDs, reid_risk, schrems_ii_status, EuGH-Urteile, EU-Alternative. - cookie_function_classifier: pro Cookie funktionale Rolle (tracking_id, ad_pixel, session_id, ab_test, csrf, ...) + blocking_impact. Country-Inferenz aus Rechtsform - cookie_link_validator: Country-Field wird aus Vendor-Name abgeleitet (A/S=DK, GmbH=DE, Inc=US, B.V.=NL, ...) plus Vendor-Lookup-Table. Reduziert false-positive no_country-Flags bei eindeutig-EU-Vendors (Adform DK, Pinterest IE). Action-Recipes + Doc-Anchor-Locator - finding_action_recipes: pro Finding-Typ (no_cookies_listed, no_country, broken_opt_out, "Auftragsverarbeiter erwaehnen", "Art. 22 Profiling", ...) eine strukturierte Anweisung mit what/why/fix_text/where/example. Zum 1:1-Einfuegen in Kunden-Dokumente. - doc_anchor_locator: Embedding-basiert (BGE-M3 cosine) — sucht den passenden Absatz im existierenden Kundendokument fuer jeden Finding. Per-Run Thread-Local-Cache. Fallback: keyword-Match. - Email-Rendering integriert Recipe + Anchor pro Doc-Pruefungs-Fail + Vendor-Flag-Liste mit aufklappbarer Action-Liste. - Score-Erklaerung pro Vendor-Zeile (3/5-Untertitel + Tooltip). Migration-Pipeline (Compliance-Check -> Customer Banner/Documents) - migration_to_banner.py: Vendor-Liste -> CookieBannerConfig mit 4 Kategorien + Review-Flags. - migration_to_document.py: Vendor-Liste -> Cookie-Policy + VVT-Register + Privacy-Policy-Pre-Fills. - agent_migration_routes: 3 Preview-Endpoints (banner-preview, document-preview, summary). Persistierung der cmp_vendors in /data/compliance_audits.db check_payloads-Tabelle. Borlabs-Parity Cookie-Banner-Features - Consent-Historie im Banner: window.bpShowConsentHistory() + localStorage. - Content-Blocker: cookie-banner-content-blocker.ts — YouTube/Maps/Video Placeholder bis Einwilligung. - Google Consent Mode v2 erweitert: wait_for_update + region=EEA/CH/GB. - Consent-Log Export (CSV/JSON) per einwilligungen_export_routes. Bug-Fixes - canonical_control_routes: _jsonish-Helper fuer string-typed jsonb, similar-controls-Endpoint mit _has_embedding_col()-Cache (kein 500 mehr). - Control-Library Frontend: defensive .map-Coercer in 2 Detail-Views. - Embedding-Service-Batching (32er Batches statt 165 in einem Call). - KeyError 'control_id' in MC-Result-Aggregation (defensive .get). - Master-Controls-Klick-Through von /sdk/master-controls auf /sdk/control-library?control=<id> mit URL-Param-Auto-Open. - Dockerfile: /data pre-chowned auf appuser (Audit-DB-Schreibrecht). - Cookie-Text-Routing-Bug (cmp_reconstructed > DOM-extraction). - doc_type-aware MC-Filter (statt all-text-MCs). - Master-Contract-Dedup (60 BMW-Internal-Eintraege = 1 Adobe-Vertrag). - A3-v2-Audit hat 24 UI-Sprache-MCs als 'process' reklassifiziert. Tests - test_migration_mappers.py (9 Tests) - test_migration_endpoints.py (4 Tests) Skripte (one-shot) - classify_mc_check_type.py (v1) + _v2 (PK=control_id,doc_type) - audit_mc_doctype_fit.py (v1 fits) + _v2 (ui_only + scope_requires) BMW-Run-Bilanz v1 (broken) -> v9 (alle Fixes): DSE 7,5% -> 81-83% Impressum 4% -> 100% (6 echte MCs alle erfuellt) Cookie 0% -> 79-83% (CMP-Text-Routing + Embedding) Plus: 10 Konsolidierungs-Kategorien, geschaetzte Saving 200k-3M / Jahr Plus: Action-Recipes + Doc-Anchors fuer jeden Fail Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -325,18 +325,25 @@ function generateJS(config: CookieBannerConfig): string {
|
||||
const CATEGORIES = ${JSON.stringify(categoryIds)};
|
||||
const REQUIRED_CATEGORIES = ${JSON.stringify(requiredCategories)};
|
||||
|
||||
// Google Consent Mode v2 — PFLICHT seit Maerz 2024 fuer Google Services in EEA
|
||||
// Sets default consent state to "denied" BEFORE any Google tags fire
|
||||
if (typeof gtag === 'function') {
|
||||
gtag('consent', 'default', {
|
||||
analytics_storage: 'denied',
|
||||
ad_storage: 'denied',
|
||||
ad_user_data: 'denied',
|
||||
ad_personalization: 'denied',
|
||||
functionality_storage: 'granted',
|
||||
security_storage: 'granted',
|
||||
});
|
||||
// Google Consent Mode v2 — PFLICHT seit Maerz 2024 fuer Google Services
|
||||
// in EEA. Shim gtag/dataLayer falls Google Tag noch nicht initialisiert
|
||||
// wurde, dann sofort den default consent state setzen (DENIED).
|
||||
window.dataLayer = window.dataLayer || [];
|
||||
if (typeof gtag !== 'function') {
|
||||
window.gtag = function () { window.dataLayer.push(arguments); };
|
||||
}
|
||||
// wait_for_update gibt dem Banner 500ms Zeit, damit der Nutzer
|
||||
// entscheiden kann bevor Tags feuern. Empfehlung von Google fuer GCM v2.
|
||||
gtag('consent', 'default', {
|
||||
analytics_storage: 'denied',
|
||||
ad_storage: 'denied',
|
||||
ad_user_data: 'denied',
|
||||
ad_personalization: 'denied',
|
||||
functionality_storage: 'granted',
|
||||
security_storage: 'granted',
|
||||
wait_for_update: 500,
|
||||
region: ['EEA', 'CH', 'GB'],
|
||||
});
|
||||
|
||||
function updateGoogleConsentMode(consent) {
|
||||
if (typeof gtag !== 'function') return;
|
||||
@@ -364,10 +371,61 @@ function generateJS(config: CookieBannerConfig): string {
|
||||
document.cookie = COOKIE_NAME + '=' + encodeURIComponent(JSON.stringify(consent)) +
|
||||
';expires=' + date.toUTCString() +
|
||||
';path=/;SameSite=Lax';
|
||||
// Append to local history (Art. 7(3) DSGVO Best-Practice + Borlabs-Parity).
|
||||
// Server-seitiges Logging laeuft separat via consent-service.
|
||||
try {
|
||||
const HKEY = COOKIE_NAME + '_history';
|
||||
const hist = JSON.parse(localStorage.getItem(HKEY) || '[]');
|
||||
hist.push({
|
||||
ts: new Date().toISOString(),
|
||||
choices: consent,
|
||||
});
|
||||
if (hist.length > 50) hist.splice(0, hist.length - 50);
|
||||
localStorage.setItem(HKEY, JSON.stringify(hist));
|
||||
} catch (e) { /* localStorage blocked */ }
|
||||
window.dispatchEvent(new CustomEvent('cookieConsentUpdated', { detail: consent }));
|
||||
updateGoogleConsentMode(consent);
|
||||
}
|
||||
|
||||
// Borlabs-Parity: zeigt dem Nutzer alle seine bisherigen Einwilligungen.
|
||||
// Aufruf via window.bpShowConsentHistory() oder Klick auf den Link im Banner-Footer.
|
||||
window.bpShowConsentHistory = function () {
|
||||
var existing = document.getElementById('bpConsentHistoryModal');
|
||||
if (existing) { existing.remove(); return; }
|
||||
var hist = [];
|
||||
try { hist = JSON.parse(localStorage.getItem(COOKIE_NAME + '_history') || '[]'); } catch (e) {}
|
||||
var rows = hist.length === 0
|
||||
? '<p style="color:#94a3b8;font-style:italic">Noch keine Einwilligungen gespeichert.</p>'
|
||||
: hist.slice().reverse().map(function (h) {
|
||||
var d = new Date(h.ts);
|
||||
var parts = Object.keys(h.choices).map(function (k) {
|
||||
return '<span style="margin-right:8px;font-size:11px;color:' +
|
||||
(h.choices[k] ? '#16a34a' : '#dc2626') + '">' +
|
||||
(h.choices[k] ? '✓ ' : '✗ ') + k + '</span>';
|
||||
}).join('');
|
||||
return '<div style="border-bottom:1px solid #e5e7eb;padding:8px 0">' +
|
||||
'<div style="font-size:12px;color:#64748b;margin-bottom:4px">' +
|
||||
d.toLocaleString('de-DE') + '</div>' +
|
||||
'<div>' + parts + '</div></div>';
|
||||
}).join('');
|
||||
var modal = document.createElement('div');
|
||||
modal.id = 'bpConsentHistoryModal';
|
||||
modal.style.cssText = 'position:fixed;inset:0;background:rgba(0,0,0,0.5);' +
|
||||
'z-index:999999;display:flex;align-items:center;justify-content:center;padding:20px';
|
||||
modal.innerHTML = '<div style="background:white;border-radius:8px;max-width:500px;' +
|
||||
'width:100%;max-height:80vh;overflow:auto;padding:20px;font-family:-apple-system,sans-serif">' +
|
||||
'<div style="display:flex;justify-content:space-between;align-items:center;margin-bottom:12px">' +
|
||||
'<h3 style="margin:0;font-size:16px">Ihre Einwilligungs-Historie</h3>' +
|
||||
'<button onclick="document.getElementById(\\'bpConsentHistoryModal\\').remove()" ' +
|
||||
'style="background:none;border:none;font-size:24px;cursor:pointer;color:#94a3b8">×</button>' +
|
||||
'</div>' +
|
||||
'<p style="font-size:12px;color:#64748b;margin:0 0 12px">' +
|
||||
'Lokal in Ihrem Browser gespeichert. Server-seitig laufen Audit-Logs gemaess Art. 7(1) DSGVO.</p>' +
|
||||
rows + '</div>';
|
||||
modal.addEventListener('click', function (e) { if (e.target === modal) modal.remove(); });
|
||||
document.body.appendChild(modal);
|
||||
};
|
||||
|
||||
function hasConsent(category) {
|
||||
const consent = getConsent();
|
||||
if (!consent) return REQUIRED_CATEGORIES.includes(category);
|
||||
|
||||
Reference in New Issue
Block a user