Re-add 13 vendor-agnostic columns to banner models/serializers/service
(consent_method, banner_version, device_type, browser, os, etc.) that
were lost when another session overwrote the code. Keep vendor_consents
dict from the other session.
Add list_consents method back to BannerConsentService.
Wire CookieBanner, Loeschfristen and UseCases into Document Generator
contextBridge (CMP_NAME, analytics tools, retention months, feature flags).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- MC page.tsx imports ControlListView + useControlLibraryState directly
- useControlLibraryState accepts optional backendUrl override
- MC API route returns data in canonical control format
- Same filters, pagination, sorting, click-to-detail as Control Library
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Merge took the old page.tsx from main which still had useAgentAnalysis.
Restored: Website-Scan, Dokumenten-Pruefung, Banner-Check, Impressum-Check.
Removed: Schnellanalyse, Consent-Test, Compare, Auth-Test tabs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
9 files had conflict markers from the branch merge. All resolved keeping
the feature branch version. Also split agent_scan_routes.py (534→367 LOC)
by extracting Pydantic models to agent_scan_models.py.
[guardrail-change]
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New page /sdk/master-controls with sortable, searchable MC list
- Click MC → expandable detail panel with atomic controls
- Shows L1 token, L2 subtopic, phase, severity, regulation source
- API proxy via pg directly to compliance.master_controls
- Sidebar entry added
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- FAB-Container bekommt pointer-events-none, nur Button + Panel sind klickbar
(behebt: Buttons auf der rechten Seite waren nicht klickbar)
- Initialisieren + Neu-Initialisieren Buttons von Interview-Seite auf
Betriebszustaende-Seite verschoben (natuerlicher Flow: Grenzen → States → Init)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- POST /initialize?force=true loescht bestehende Hazards + Mitigations
und erstellt sie neu mit aktuellen Betriebszustaenden
- Orange "Neu initialisieren" Button auf Interview-Seite (mit Confirm-Dialog)
- DeleteHazard Store-Methode (kaskadiert Risk Assessments)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Hazards zeigen jetzt farbige Badges mit den Betriebszustaenden die sie
ausgeloest haben (z.B. "Wartung", "Not-Halt"). Mitigations erben die
States ihrer verknuepften Hazards.
Backend: OperationalStates im Function-Feld encodiert (kein DB-Schema),
beim Lesen als operational_states[] JSON-Feld zurueckgegeben.
Frontend: Indigo-Badges in HazardTable + MitigationCard.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Connect three previously siloed modules to the contextBridge:
- CookieBanner → CONSENT (analytics tools, marketing partners) + FEATURES (CMP_NAME, HAS_FUNCTIONAL_COOKIES)
- RetentionPolicies → PRIVACY.ANALYTICS_RETENTION_MONTHS (from actual Loeschfristen data)
- UseCases → FEATURES flags (HAS_ACCOUNT, HAS_PAYMENTS, HAS_NEWSLETTER, HAS_SOCIAL_MEDIA)
Previously all FEATURES were hardcoded false/empty in EMPTY_CONTEXT.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The Betriebszustand-UI saved states to metadata.operational_states but
the initialize handler only read states from the parsed narrative text.
Now merges both sources so the UI selection actually affects which
patterns fire during initialization.
Added integration E2E test that verifies: 2 states → fewer patterns,
9 states → more patterns.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Impressum-Check: Toggle activates 75 Impressum MCs via agent
- Banner-Check: Toggle runs additional cookie doc-check (381 MCs)
after the Playwright banner test completes
- Both use the same use_agent flag through doc-check endpoint
Green pill button consistent across all tabs:
'KI-Agent aus' / 'KI-Agent aktiv (X MCs)'
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Project list view with saved projects
- Create + analyze in one flow (saves to DB)
- Re-open saved projects for re-analysis
- 3 views: projects list → wizard → dashboard
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Green pill button: 'KI-Agent aus' / 'KI-Agent aktiv (1.874 MCs)'
Toggles use_agent flag which is passed through the full chain:
Frontend → DocCheckRequest → _run_doc_check → _check_single_document
→ check_document_with_controls(use_agent=True)
→ ComplianceAgent with tool calling
Default: OFF (deterministic regex). User can enable per scan.
Also works via env var COMPLIANCE_USE_AGENT=true for always-on.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- ProductWizard: Product type, technologies, data processing, certifications
- GapDashboard: Summary cards, regulation overview, prioritized gap table
- Expandable rows with recommendations
- Filter by severity and status
- Route: /sdk/gap-analysis
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Extend banner consent records with consent_method, banner_version,
banner_config_hash, geo, page_url, referrer, device info, session_id
and consent_scope for full Art. 7 DSGVO proof with any tracking vendor.
Migration 107, backward-compatible (all fields nullable).
Admin detail modal shows tracking context, device info and technical data.
Fix pre-existing str|None → Optional[str] for Python 3.9 compat.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Merges two separate consent views into one unified page at /sdk/einwilligungen:
- Tab "Website-Besucher": device-based banner consents with site selector
- Tab "Login-Nutzer": user-based DSGVO consents (existing, unchanged)
Backend:
- New endpoint GET /admin/consents for paginated banner consent records
- Fix: categories JSON string parsing (was iterating chars instead of array)
CMP Dashboard:
- Dynamic site selector replacing hardcoded "preview-test-site"
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All elements exist twice on the preview page (desktop + mobile or
banner + page content). Using .first() avoids strict mode violations.
Also extracted goToPreview() and acceptAll() helpers for DRY.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Extra waitForTimeout(3000) pro Test verdoppelte Laufzeit und verursachte
mehr Timeouts. Zurueck zum funktionierenden Ansatz: goTo wartet auf h1
+ 2s, dann 20s toBeVisible Timeout pro Assertion.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Die letzten 3 Schwingarm-Failures kommen weil die Overview-Seite 2
parallele API-Fetches (project + risk-summary) braucht bevor der
Content rendert. goTo wartet auf h1, aber die h2-Sektionen
(Risikozusammenfassung, Schnellzugriff) rendern erst danach.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Root cause der 16 overview-Failures: goTo kehrte zu frueh zurueck weil
nav sofort sichtbar ist (SSR), aber der Main-Content (Projektstatus etc.)
erst nach API-Fetch rendert. Jetzt wartet goTo auf h1 (das erst nach
dem project-Fetch erscheint) + 1s Buffer.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
networkidle times out on CMP pages that poll API endpoints.
domcontentloaded + 1s wait is sufficient for page rendering.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Both DocCheckTab and BannerCheckTab now:
- Store full scan results per history entry in localStorage
- History entries are clickable — loads the saved result immediately
- No need to re-scan to see old results
- Fallback to last result if specific entry not found
- Banner-Check sends HTML email report to mailpit
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1. localStorage Persistenz: URL, letztes Ergebnis, Historie (30 Eintraege)
2. Historie: Zeigt URL, Datum, Provider, Violations, Prozent
3. Letztes Ergebnis bleibt nach Tab-Wechsel/Reload sichtbar
4. E-Mail-Report: HTML-formatiert mit Violations + Hints an mailpit
5. Email-Status Anzeige im Frontend
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add OSHA 29 CFR 1910 Subpart O and harmonised norms to competence area
- Soften escalation rule: harmless info questions get a short answer
instead of full rejection. Only sensitive/legal-advice questions
get declined with referral to lawyer.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Explains why companies must buy norms their own employees wrote,
and the 2024 EuGH ruling that harmonised standards are EU law
and must be freely accessible.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add withdrawn/valid_until/replaced_by to Norm interface
- Add Status filter (Aktiv/Zurueckgezogen) — defaults to "Aktiv"
- Withdrawn norms hidden by default, viewable via filter
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The /banner-check endpoint is synchronous (Playwright completes in
<30s and returns result directly). Removed unused async polling loop
that would never match since no scan_id is returned.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Benjamin Admin