Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(audit-tonality): P89/P76/P91 — Co-Pilot statt Roboter-Anwalt
CI / branch-name (push) Has been skipped
Details
CI / detect-changes (push) Successful in 11s
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / secret-scan (push) Has been skipped
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / validate-canonical-controls (push) Successful in 14s
Details
CI / loc-budget (push) Failing after 15s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / nodejs-build (push) Has been skipped
Details
CI / test-go (push) Failing after 48s
Details
CI / iace-gt-coverage (push) Successful in 25s
Details
CI / test-python-backend (push) Successful in 43s
Details
CI / test-python-document-crawler (push) Has been skipped
Details
CI / test-python-dsms-gateway (push) Has been skipped
Details

Browse Source 
User-Feedback in einer Session: "Wir erzeugen nur Panik. Egal was da steht,
es dauert Wochen. Wir sind Tool an der Seite von CMO/GF/CIO, nicht Gegner."
Memory: feedback_breakpilot_tonalitaet.md (gilt fuer ALLE Module + Marketing).

P89  Critical-Findings-Block ENTFERNT/UMGEBAUT — keine Panik-Rot-Box mehr.
     - Statt "🚨 SOFORTMASSNAHMEN ERFORDERLICH" -> "Zusammenfassung fuer
       die Geschaeftsfuehrung", blauer dezenter Block
     - Statt "VERSTOSSE" -> "Themen zur Besprechung mit DSB, Marketing
       und Entwicklung"
     - Statt "Bussgeldrahmen 4% Weltumsatz" als Erstes -> realistische
       Einordnung (0,1-1%) in dezenter Schluss-Notiz mit Konfidenz-Hinweis
     - "Sofortmassnahme" -> "Empfehlung"
     - "Themen 1, 2, 3..." statt "HIGH"-Badges (P87-Vorbereitung)
     - Explizite Zeitschaetzung "4-8 Wochen (DSB -> Agentur -> Dev -> Freigabe)"

P76  Mercedes-Sekundaer-Buttons (Datenschutzerklaerung + Impressum klein
     unter den 3 Haupt-Buttons) erkennen. Walker scant jetzt label-basiert
     ALLE klickbaren Elemente im Shadow-DOM (wb7-link, wb7-link-secondary,
     wb7-button-text, span[onclick], small a, [role=button], etc.).
     Vermeidet Mercedes-Impressum-False-Positive der Phase 1.

P91  VVT-Tabellen-Renderer in neuer Co-Pilot-Tonalitaet. Statt
     "Verstoss-Liste mit Bussgeldpotenzial" -> Wahrscheinlichkeits-Aussage:
     "Bei Anbieter-Reduktion + Wechsel zu europaeischen Alternativen ist
     Reduktion des Tracking-Footprints + Lizenz-Einsparung wahrscheinlich.
     Fundierte Bewertung erfordert DSB-Abstimmung."

BMW-Bug B1-B4 (P90) bewusst nicht in diesem Commit: BMW-Lauf hat ePaaS
4x captured im consent-tester, aber Backend bekommt 0 cmp_payloads.
Wiring-Bug zwischen consent-tester /dsi-discovery und Backend
_fetch_text — eigene Diagnose-Session noetig (siehe Task P90).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-05-21 11:24:57 +02:00
parent f534b52817
commit 7938e377b6
3 changed files with 101 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files
consent-tester/services/banner_dom_walkers.py
+35 -16
View File
@@ -30,6 +30,38 @@ SHADOW_BANNER_WALKER_JS = """() => {
for (const k of LEGAL_KW.dse) if (t.includes(k)) return 'dse';
return null;
}
// P76: EXTENDED — scan ANY clickable element by label, not just
// <a href> or named web-components. Mercedes uses small secondary
// buttons below the main 3 actions: "Datenschutzerklaerung" + "Impressum"
// as <wb7-link>/<button>/<small><a> — generic label-based scan catches them.
function collectLegalLinksFromRoot(rootEl, acc) {
if (!rootEl || !rootEl.querySelectorAll) return;
// Generic scan: ALLE klickbaren/Link-aussehenden Elemente
const cands = rootEl.querySelectorAll(
'a, button, [role="link"], [role="button"], ' +
'wb7-link, wb7-button, wb7-button-text, wb7-link-secondary, ' +
'span[onclick], small a, small button, ' +
'[class*="link" i], [class*="button" i]'
);
const seen = new Set();
for (const c of cands) {
const label = (c.textContent || '').trim();
if (!label || label.length > 60) continue;
const which = isLegalLabel(label);
if (!which) continue;
const key = which + '|' + label.toLowerCase();
if (seen.has(key)) continue;
seen.add(key);
const href = (c.getAttribute('href') ||
c.getAttribute('data-href') ||
c.getAttribute('data-uri') ||
c.getAttribute('data-url') || '').toLowerCase();
acc.links.push({
href: href || ('#label-' + which),
text: label.toLowerCase(),
});
}
}
function walk(root, acc) {
if (!root) return;
const all = root.querySelectorAll ? root.querySelectorAll('*') : [];
@@ -45,6 +77,9 @@ SHADOW_BANNER_WALKER_JS = """() => {
if (el.shadowRoot) {
const txt = (el.shadowRoot.textContent || '').trim();
if (txt) acc.text += ' ' + txt;
// P76: full label-based scan of shadow content
collectLegalLinksFromRoot(el.shadowRoot, acc);
// Legacy: plain <a href> for backward compatibility
const links = el.shadowRoot.querySelectorAll('a[href]');
for (const a of links) {
acc.links.push({
@@ -52,22 +87,6 @@ SHADOW_BANNER_WALKER_JS = """() => {
text: (a.textContent || '').trim().toLowerCase(),
});
}
const cands = el.shadowRoot.querySelectorAll(
'wb7-link, wb7-button, [role="link"], button, span, a'
);
for (const c of cands) {
const label = (c.textContent || '').trim();
const which = isLegalLabel(label);
if (which) {
const href = (c.getAttribute('href') ||
c.getAttribute('data-href') ||
c.getAttribute('data-uri') || '').toLowerCase();
acc.links.push({
href: href || ('#shadow-' + which),
text: label.toLowerCase(),
});
}
}
}
}
}