feat: B12 Chatbot-Cookie-Klassifikation (#19) + Cookie-Matrix scan + safetykon test

#19 Chatbot-Cookie-Klassifikation: - chat_providers.json KB mit 11 Providern (iAdvize, Intercom, Tidio, Drift, Userlike, Zendesk, LivePerson, HubSpot, Vertex AI, OpenAI, Anthropic Claude). Pro Provider: Cookie-Pattern-Regex, typical_retention_days, tn_functions vs cp_functions, ai_capable. - chatbot_cookie_classification_check.py mit 4 KORRIGIERTEN Checks: CHAT-COOKIE-CLASS-001 (MED) — TN deklariert + Vendor-Purpose erwähnt Targeting/Analytics/A-B-Tests CHAT-COOKIE-CLASS-002 (MED) — Provider hat tn+cp Funktionen, Tabelle nennt nur eine Seite → keine Einwilligungs-Differenzierung CHAT-COOKIE-PURPOSE-001 (LOW) — Zweck zu generisch (Art. 13 DSGVO konkret) CHAT-COOKIE-RETENTION-001 (HIGH) — deklariert <90d, KB-typisch >365d → vermutlich unterdeklariert NEU vs vorigem Plan: kein "eigene Banner-Kategorie Chat/AI"-Check — gesetzlich nicht vorgeschrieben (Vermischung Zweck-Transparenz vs Kategorie-Name). Anwender-Frage berechtigt, Konzept geschärft. - _b12_wiring.py + Orchestrator-Wire + V2-Compose-Slot - Cookie-Inventar mit [Chat]/[Chat+AI]-Tag pro Cookie-Name (KB-Lookup) - Smoke (3 Vendors / 5 Cookies): 9 findings korrekt (3 HIGH RETENTION, 3 MEDIUM CLASS-001, 4 LOW PURPOSE) Cookie-Matrix Scan (Browser-Vergleich gegen safetykon.de): - consent-tester/services/cookie_behavior_per_browser.py: eigener fokussierter Scanner. Pro Browser-Profile: cookies before / after reject / after accept in separaten Kontexten. Sequenzielle Runs statt parallel (Race-Conditions). - routes_cookie_matrix.py POST /scan-cookie-matrix - Live-Test safetykon.de: chromium=1, firefox=0, webkit=1, mobile- safari=1 nach reject — Firefox setzt KEIN Cookie nach Reject! (consent-tester Rebuild brachte playwright install-deps für system-libs) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-06 23:25:20 +02:00
parent bcf1bfa038
commit ff796fb480
9 changed files with 739 additions and 1 deletions
@@ -46,6 +46,8 @@ def compose_v2(state: dict) -> str:
        state.get("ai_act_html", ""),
        # B6/B7/B8/B9/B10 — DPO + Staleness + CMP + MultiEntity + Transfer
        state.get("extra_findings_html", ""),
+        # B12 Chatbot-Cookie-Klassifikation
+        state.get("chatbot_cookie_html", ""),
        # Browser-Matrix (Stage 1.c)
        state.get("browser_matrix_html", ""),
        # All legacy build_*_html() wrapped in V2 sections — preserves
@@ -77,6 +77,22 @@ def _country_third(country: str | None) -> tuple[str, bool, str | None]:
    return (code, True, tag)


+def _vendor_type_tag(cookie_name: str) -> str:
+    """Lookup the cookie in the chatbot-KB and return a [Chat]/[Chat+AI] tag."""
+    try:
+        from ..chatbot_cookie_classification_check import _detect_provider, _KB
+        match = _detect_provider(cookie_name)
+        if not match:
+            return ""
+        prov_id, _pat = match
+        prov = (_KB.get("providers") or {}).get(prov_id) or {}
+        if prov.get("ai_capable"):
+            return ' <span style="display:inline-block;background:#dbeafe;color:#1e40af;font-size:10px;padding:1px 6px;border-radius:999px;margin-left:4px;">Chat+AI</span>'
+        return ' <span style="display:inline-block;background:#f1f5f9;color:#475569;font-size:10px;padding:1px 6px;border-radius:999px;margin-left:4px;">Chat</span>'
+    except Exception:
+        return ""
+
+
 def _src_chip(in_dse: bool, in_table: bool, in_browser: bool,
              in_ocr: bool) -> str:
    parts: list[str] = []
@@ -248,7 +264,7 @@ def render_inventory_rows(rows: list[dict]) -> list[list[str]]:
                f'font-weight:700;">[{tag}]</span>'
            )
        out.append([
-            f'<code>{h(r["name"])}</code>',
+            f'<code>{h(r["name"])}</code>{_vendor_type_tag(r["name"])}',
            h(r["vendor"]) if r["vendor"] else
              '<span style="color:#dc2626;">❌</span>',
            _x_or(r["category"]),