breakpilot-compliance

Benjamin_Boenisch/breakpilot-compliance

Fork 0

Commit Graph

Author	SHA1	Message	Date
Benjamin Admin	0837680e03	docs: Add EUIPO Unblu Chat findings (3 new, total 10 findings) Finding 8: Unblu chat consent links to third-party DSE (unblu.com) instead of EUIPO's own privacy policy (Art. 13 DSGVO) Finding 9: Cookie consent delegated to third-party terms without own legal basis (§25 TDDDG) Finding 10: Click-outside-dialog = accept — accidental click counts as consent (Planet49, Art. 7(1) DSGVO) New planned agent checks: - Drittanbieter-DSE-Check: detect consent linking to external DSE - Modal-Dismiss-Check: Playwright test if backdrop click = consent - Dark-Pattern-Sprache: detect "muessen/erforderlich" for non-essential cookies Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-04 07:48:35 +02:00
Benjamin Admin	7ebd25c59c	docs: Add EUIPO registration as compliance agent reference test case Real-world case from EU authority (EUIPO) with 7 findings: - Grammatically broken consent text (bad DE translation) - Coupling prohibition violation (login = consent, Art. 7(4) DSGVO) - No reject button, no granularity, no active opt-in - Broken link layout (DSE/ToS links appear after submit button) - Includes correction suggestion and planned agent check implementations - Pattern: WSO2 Identity Server default templates (systemic issue) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-04 07:28:32 +02:00
Benjamin Admin	0c0dd4e3a6	feat: ZeroClaw compliance agent — document analysis + role assignment + email Add autonomous compliance agent that fetches web documents (cookie banners, privacy policies), classifies them via Qwen/Ollama, assesses DSGVO compliance, assigns to the responsible role, and sends notification emails. Components: - ZeroClaw SOP (6-step workflow: fetch, classify, assess, summarize, assign, notify) - Backend: /api/compliance/agent/analyze (combined endpoint) - Backend: /api/compliance/agent/notify (standalone email) - Frontend: /sdk/agent page (Manager UI with URL input + results) - Helper scripts + E2E test Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-27 23:28:21 +02:00

Author

SHA1

Message

Date

Benjamin Admin

0837680e03

docs: Add EUIPO Unblu Chat findings (3 new, total 10 findings)

Finding 8: Unblu chat consent links to third-party DSE (unblu.com)
  instead of EUIPO's own privacy policy (Art. 13 DSGVO)
Finding 9: Cookie consent delegated to third-party terms without
  own legal basis (§25 TDDDG)
Finding 10: Click-outside-dialog = accept — accidental click counts
  as consent (Planet49, Art. 7(1) DSGVO)

New planned agent checks:
- Drittanbieter-DSE-Check: detect consent linking to external DSE
- Modal-Dismiss-Check: Playwright test if backdrop click = consent
- Dark-Pattern-Sprache: detect "muessen/erforderlich" for non-essential cookies

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-05-04 07:48:35 +02:00

Benjamin Admin

7ebd25c59c

docs: Add EUIPO registration as compliance agent reference test case

Real-world case from EU authority (EUIPO) with 7 findings:
- Grammatically broken consent text (bad DE translation)
- Coupling prohibition violation (login = consent, Art. 7(4) DSGVO)
- No reject button, no granularity, no active opt-in
- Broken link layout (DSE/ToS links appear after submit button)
- Includes correction suggestion and planned agent check implementations
- Pattern: WSO2 Identity Server default templates (systemic issue)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-05-04 07:28:32 +02:00

Benjamin Admin

0c0dd4e3a6

feat: ZeroClaw compliance agent — document analysis + role assignment + email

Add autonomous compliance agent that fetches web documents (cookie banners,
privacy policies), classifies them via Qwen/Ollama, assesses DSGVO compliance,
assigns to the responsible role, and sends notification emails.

Components:
- ZeroClaw SOP (6-step workflow: fetch, classify, assess, summarize, assign, notify)
- Backend: /api/compliance/agent/analyze (combined endpoint)
- Backend: /api/compliance/agent/notify (standalone email)
- Frontend: /sdk/agent page (Manager UI with URL input + results)
- Helper scripts + E2E test

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-27 23:28:21 +02:00

3 Commits