Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(b17): Stufe 4 banner-tour + Stufe 5 annotierte Screenshots + V2-default

Browse Source 
Stufe 4 — Cookie-Banner-Tour vor dem Accept-Klick:
  - audit_walk_banner_tour.tour_cookie_banner(): öffnet Settings
    (16 Phrase-Varianten), scrollt vertikal, aktiviert jedes
    [role=tab], expandet jedes [aria-expanded=false] / details /
    summary + 14 CMP-spezifische Selektoren. Max 35 Klicks,
    Best-Effort.
  - audit_walk_recorder ruft tour_cookie_banner() VOR
    _try_accept_banner auf — Reviewer sieht den vollen Consent-
    Katalog im Video (Vendor-Liste, Kategorien, Zwecke).
  - Recorder unter 500 LOC (412+155 split).

Stufe 5 — Annotierte Screenshots pro Finding:
  - finding_annotator.annotate_url(): WebKit headless, JS-Inject
    eines rot-banner-Labels oben + roter Outline um das Element
    (Selector oder Text-Match).
  - finding_annotator.annotate_findings(): dispatched 3 Cases —
    B1 Tap-Target (Anchor markiert mit "Tap-Target X×Y px"),
    B16 URL-Slug-Drift (404-Seite mit "/<slug> 404"),
    B13 Widerruf (Footer markiert "Widerruf-Link fehlt").
  - routes_audit_walk.POST /annotate-findings (consent-tester).
  - _b17_wiring ruft annotate-findings nach record_audit_walk und
    speichert annotations in walk.annotations.
  - audit_walk_zip_builder packt PNGs nach findings/<name>.png ins
    ZIP — Reviewer hat Beweis-Bilder im Postfach.

Plausibility Circuit-Breaker:
  - Nach 6 consecutive empty batches (PLAUSIBILITY_EMPTY_BUDGET=6)
    bricht die ganze Phase ab statt 200 Calls zu warten. Fix für
    qwen3-down + große DSE-Sites (BMW: ohne Breaker 21min, mit
    Breaker ~3min).

audit_walk_zip_builder fängt walk.annotations ab und legt sie unter
  findings/<fname>.png im ZIP-Anhang ab.

V2-Default:
  - docker-compose.yml backend-compliance.environment.MAIL_RENDER_V2:
    default 'true'. Ohne diesen Override liefert die Engine
    weiterhin das alte Legacy-Mail-Layout, in dem die B-Wiring-
    Blöcke nicht sichtbar sind.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-07 20:44:42 +02:00
parent e8ff75cbfe
commit b16130369a
8 changed files with 540 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
consent-tester/routes_audit_walk.py
+15
View File
@@ -10,6 +10,7 @@ from fastapi.responses import FileResponse
from pydantic import BaseModel
from services.audit_walk_recorder import WALK_ROOT, record_audit_walk
from services.finding_annotator import annotate_findings
router = APIRouter()
@@ -20,6 +21,11 @@ class AuditWalkReq(BaseModel):
max_links: int = 8
class AnnotateReq(BaseModel):
findings: list[dict]
home_url: str
@router.post("/scan-audit-walk")
async def scan_audit_walk(req: AuditWalkReq) -> dict:
if not req.url or not req.url.startswith(("http://", "https://")):
@@ -51,3 +57,12 @@ async def serve_walk_meta(walk_id: str):
if not path.exists():
raise HTTPException(404, "walk.json not found")
return FileResponse(str(path), media_type="application/json")
@router.post("/annotate-findings")
async def annotate_findings_route(req: AnnotateReq) -> dict:
"""Produce annotated screenshots per finding."""
if not req.home_url.startswith(("http://", "https://")):
raise HTTPException(400, "invalid home_url")
out = await annotate_findings(req.findings, req.home_url)
return {"annotations": out, "count": len(out)}