47ec792acf
fix: raise scan proxy timeout from 3 to 10 min (50 pages + 20 DSI docs + LLM)
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-05 00:25:33 +02:00
f3e44cf59f
fix: restore all missing consent-tester service modules
...
banner_detector.py, script_analyzer.py, category_tester.py, authenticated_scanner.py
were only on the feature branch — needed for consent-tester to start.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-05 00:14:26 +02:00
3fade26d89
fix: restore consent-tester requirements.txt
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-05 00:06:50 +02:00
797ed667a2
fix: restore consent-tester Dockerfile (was lost from main)
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-05 00:05:19 +02:00
a3f7fb93f4
fix: Scan quality — raise page limit, use full DSI text for checks
...
Bug 1: max_pages was hardcoded to 15 in backend call — raised to 50
Bug 2: DSI documents checked against text_preview (500 chars) — now uses
full_text (10,000 chars) for Art. 13 mandatory field checks
Bug 3: DSE text not found when Playwright misses DSE page — now falls
back to DSI Discovery full_text as second source
Bug 4: Backend timeout 120s too short for 50 pages — raised to 300s
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 23:51:03 +02:00
f967480cd9
fix: Add missing service_registry.py to main
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 23:34:00 +02:00
275bdf9848
fix: Add missing service modules required by agent_scan_routes
...
Build + Deploy / build-admin-compliance (push) Successful in 1m49s
Build + Deploy / build-backend-compliance (push) Successful in 2m57s
Build + Deploy / build-ai-sdk (push) Successful in 50s
Build + Deploy / build-developer-portal (push) Successful in 1m2s
Build + Deploy / build-tts (push) Successful in 1m23s
Build + Deploy / build-document-crawler (push) Successful in 39s
Build + Deploy / build-dsms-gateway (push) Successful in 23s
Build + Deploy / build-dsms-node (push) Successful in 10s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 21s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m31s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 41s
CI / test-python-backend (push) Successful in 40s
CI / test-python-document-crawler (push) Successful in 25s
CI / test-python-dsms-gateway (push) Successful in 20s
CI / validate-canonical-controls (push) Successful in 13s
Build + Deploy / trigger-orca (push) Successful in 2m46s
These files existed on the feature branch but were never cherry-picked
to main, causing ModuleNotFoundError on import:
- dse_parser.py — parses DSE HTML into structured sections
- dse_matcher.py — matches detected services against DSE sections
- mandatory_content_checker.py — checks Art. 13 DSGVO mandatory fields
- legal_basis_validator.py — validates legal basis (lit. a-f)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 23:23:02 +02:00
a18ef16378
fix: Add missing service modules required by agent_scan_routes
...
These files existed on the feature branch but were never cherry-picked
to main, causing ModuleNotFoundError on import:
- dse_parser.py — parses DSE HTML into structured sections
- dse_matcher.py — matches detected services against DSE sections
- mandatory_content_checker.py — checks Art. 13 DSGVO mandatory fields
- legal_basis_validator.py — validates legal basis (lit. a-f)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 23:22:30 +02:00
5c0ca803b0
fix: Add missing 'import re' to agent_scan_routes.py
...
Build + Deploy / build-admin-compliance (push) Successful in 11s
Build + Deploy / build-backend-compliance (push) Successful in 9s
Build + Deploy / build-ai-sdk (push) Successful in 7s
Build + Deploy / build-developer-portal (push) Successful in 6s
Build + Deploy / build-tts (push) Successful in 7s
Build + Deploy / build-document-crawler (push) Successful in 7s
Build + Deploy / build-dsms-gateway (push) Successful in 7s
Build + Deploy / build-dsms-node (push) Successful in 9s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 15s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m35s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 46s
CI / test-python-backend (push) Successful in 43s
CI / test-python-document-crawler (push) Successful in 31s
CI / test-python-dsms-gateway (push) Successful in 21s
CI / validate-canonical-controls (push) Successful in 16s
Build + Deploy / trigger-orca (push) Successful in 2m20s
NameError: name 're' is not defined at line 146 — the import was
accidentally removed when extracting helper functions to agent_scan_helpers.py.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 22:59:55 +02:00
2f0f76e365
fix: Add missing 'import re' to agent_scan_routes.py
...
NameError: name 're' is not defined at line 146 — the import was
accidentally removed when extracting helper functions to agent_scan_helpers.py.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 22:59:53 +02:00
f960bd052a
fix: Add missing 'import re' to agent_scan_routes.py
...
NameError: name 're' is not defined at line 146 — the import was
accidentally removed when extracting helper functions to agent_scan_helpers.py.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 22:59:53 +02:00
4f92e5056c
docs: Complete agent architecture reference for reuse in other agents
...
Full documentation of the ZeroClaw compliance agent architecture:
- System overview diagram (Frontend → Backend → LLM → Playwright)
- Detailed request flow for Website-Scan mode (7 steps)
- All 5 components: Frontend, Backend, Consent-Tester, Ollama, Soul Files
- 20 banner checks across 3 files
- LLM call patterns (/api/generate + /api/chat + think-mode stripping)
- Blueprint for creating new agents (5 steps: Soul, Route, Page, Proxy, Docker)
- Timeouts, environment variables, file reference with LOC counts
Designed as reusable blueprint for Sales, HR, Finance, or other agents.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 22:26:56 +02:00
b22351fc6e
fix: Exhaustive crawl — no arbitrary page/document limits
...
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 14s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m37s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 38s
CI / test-python-backend (push) Successful in 36s
CI / test-python-document-crawler (push) Successful in 24s
CI / test-python-dsms-gateway (push) Successful in 21s
CI / validate-canonical-controls (push) Successful in 15s
Both scanners now search until done, not until a counter runs out:
playwright_scanner.py:
- Default max_pages raised from 15 to 50
- Added 3-minute timeout as safety net
- Recursive link discovery on EVERY visited page (not just DSE pages)
- Stops when: all links visited OR max_pages OR timeout
dsi_discovery.py:
- Default max_documents raised from 30 to 100
- Added 5-minute timeout as safety net
- Recursive: on each visited page, searches for MORE DSI links
- Processes ALL discovered links exhaustively
- Stops when: no more pending links OR max_documents OR timeout
The scanners now behave like a real user: they follow every relevant
link they find, and on each new page they look for more links.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 22:22:00 +02:00
a846bd8910
fix: Exhaustive crawl — no arbitrary page/document limits
...
Both scanners now search until done, not until a counter runs out:
playwright_scanner.py:
- Default max_pages raised from 15 to 50
- Added 3-minute timeout as safety net
- Recursive link discovery on EVERY visited page (not just DSE pages)
- Stops when: all links visited OR max_pages OR timeout
dsi_discovery.py:
- Default max_documents raised from 30 to 100
- Added 5-minute timeout as safety net
- Recursive: on each visited page, searches for MORE DSI links
- Processes ALL discovered links exhaustively
- Stops when: no more pending links OR max_documents OR timeout
The scanners now behave like a real user: they follow every relevant
link they find, and on each new page they look for more links.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 22:21:57 +02:00
6da9972ef4
fix: Exhaustive crawl — no arbitrary page/document limits
...
Both scanners now search until done, not until a counter runs out:
playwright_scanner.py:
- Default max_pages raised from 15 to 50
- Added 3-minute timeout as safety net
- Recursive link discovery on EVERY visited page (not just DSE pages)
- Stops when: all links visited OR max_pages OR timeout
dsi_discovery.py:
- Default max_documents raised from 30 to 100
- Added 5-minute timeout as safety net
- Recursive: on each visited page, searches for MORE DSI links
- Processes ALL discovered links exhaustively
- Stops when: no more pending links OR max_documents OR timeout
The scanners now behave like a real user: they follow every relevant
link they find, and on each new page they look for more links.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 22:21:16 +02:00
c284cefada
refactor: Remove Modules step, add Regulations card to Dashboard
...
- Modules step deleted from sdk-steps.ts and SDK Flow
(regulations are now shown in Scope-Decision tab with toggles)
- Dashboard: "Erkannte Regulierungen" card shows which regulations
apply based on Scope-Profiling (DSGVO, AI Act, NIS2, HinSchG)
- Dashboard: Amber warning if Scope-Profiling not yet completed
- Link to Scope-Decision tab for details & customization
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 22:21:12 +02:00
a970c28168
feat: DSI document discovery + completeness check in agent scan workflow
...
Build + Deploy / build-admin-compliance (push) Successful in 1m49s
Build + Deploy / build-backend-compliance (push) Successful in 2m52s
Build + Deploy / build-ai-sdk (push) Successful in 38s
Build + Deploy / build-developer-portal (push) Successful in 1m3s
Build + Deploy / build-tts (push) Successful in 1m27s
Build + Deploy / build-document-crawler (push) Successful in 33s
Build + Deploy / build-dsms-gateway (push) Successful in 22s
Build + Deploy / build-dsms-node (push) Successful in 10s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 13s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m33s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 44s
CI / test-python-backend (push) Successful in 41s
CI / test-python-document-crawler (push) Successful in 1m3s
CI / test-python-dsms-gateway (push) Successful in 29s
CI / validate-canonical-controls (push) Successful in 19s
Build + Deploy / trigger-orca (push) Successful in 2m58s
Agent scan now automatically:
1. Discovers all legal documents via consent-tester /dsi-discovery endpoint
2. Classifies each as DSE/AGB/Widerruf/Cookie/Impressum
3. Checks completeness against type-specific checklists:
- DSE: 9 Art. 13 DSGVO mandatory fields (controller, DPO, purposes,
legal basis, recipients, third-country, retention, rights, complaint)
- AGB: §305ff BGB (scope, contract formation, liability, jurisdiction)
- Widerruf: §355 BGB (right info, 14-day deadline, form, consequences)
4. Adds findings per document to scan results
5. Shows discovered documents with completeness % in email summary
6. Returns discovered_documents list in API response
New files:
- dsi_document_checker.py (229 LOC) — checklists + classifier
- agent_scan_helpers.py (109 LOC) — extracted summary builder + corrections
Refactor: agent_scan_routes.py 537→448 LOC (under 500 budget)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 22:10:15 +02:00
48146cddaf
feat: DSI document discovery + completeness check in agent scan workflow
...
Agent scan now automatically:
1. Discovers all legal documents via consent-tester /dsi-discovery endpoint
2. Classifies each as DSE/AGB/Widerruf/Cookie/Impressum
3. Checks completeness against type-specific checklists:
- DSE: 9 Art. 13 DSGVO mandatory fields (controller, DPO, purposes,
legal basis, recipients, third-country, retention, rights, complaint)
- AGB: §305ff BGB (scope, contract formation, liability, jurisdiction)
- Widerruf: §355 BGB (right info, 14-day deadline, form, consequences)
4. Adds findings per document to scan results
5. Shows discovered documents with completeness % in email summary
6. Returns discovered_documents list in API response
New files:
- dsi_document_checker.py (229 LOC) — checklists + classifier
- agent_scan_helpers.py (109 LOC) — extracted summary builder + corrections
Refactor: agent_scan_routes.py 537→448 LOC (under 500 budget)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 22:10:13 +02:00
53f6f30cf0
feat: DSI document discovery + completeness check in agent scan workflow
...
Agent scan now automatically:
1. Discovers all legal documents via consent-tester /dsi-discovery endpoint
2. Classifies each as DSE/AGB/Widerruf/Cookie/Impressum
3. Checks completeness against type-specific checklists:
- DSE: 9 Art. 13 DSGVO mandatory fields (controller, DPO, purposes,
legal basis, recipients, third-country, retention, rights, complaint)
- AGB: §305ff BGB (scope, contract formation, liability, jurisdiction)
- Widerruf: §355 BGB (right info, 14-day deadline, form, consequences)
4. Adds findings per document to scan results
5. Shows discovered documents with completeness % in email summary
6. Returns discovered_documents list in API response
New files:
- dsi_document_checker.py (229 LOC) — checklists + classifier
- agent_scan_helpers.py (109 LOC) — extracted summary builder + corrections
Refactor: agent_scan_routes.py 537→448 LOC (under 500 budget)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 22:09:45 +02:00
298c95731a
feat: Generic legal document discovery (DSI, AGB, Widerruf, Cookie-Richtlinie)
...
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 22s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m35s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 52s
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Successful in 29s
CI / test-python-dsms-gateway (push) Successful in 21s
CI / validate-canonical-controls (push) Successful in 14s
New service: dsi_discovery.py — finds ALL legal documents on any website:
- Technology-agnostic: HTML, SPA, WordPress, Typo3, custom CMS
- Structure-agnostic: accordions, sidebars, footers, inline links, tabs
- Format-agnostic: HTML pages, anchor sections, PDFs, cross-domain links
- Language-agnostic: 26 EU/EEA languages with document-type keywords
Document types discovered:
- Datenschutzinformationen / Privacy Policies (Art. 13/14 DSGVO)
- AGB / Terms of Service / Nutzungsbedingungen
- Widerrufsbelehrung / Right of Withdrawal (§355 BGB)
- Cookie-Richtlinie / Cookie Policy
- All cross-domain variants (e.g. help.instagram.com from instagram.com)
API: POST /dsi-discovery { url, max_documents }
Returns: list of documents with title, url, language, type, word_count, text_preview
Features:
- Expands all accordions, details, tabs, dropdowns before scanning
- Follows cross-domain links (same registrable domain)
- Re-expands after navigation back to source page
- Handles anchor links (#sections) separately from full pages
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 21:57:37 +02:00
4e63a6050d
feat: Generic legal document discovery (DSI, AGB, Widerruf, Cookie-Richtlinie)
...
New service: dsi_discovery.py — finds ALL legal documents on any website:
- Technology-agnostic: HTML, SPA, WordPress, Typo3, custom CMS
- Structure-agnostic: accordions, sidebars, footers, inline links, tabs
- Format-agnostic: HTML pages, anchor sections, PDFs, cross-domain links
- Language-agnostic: 26 EU/EEA languages with document-type keywords
Document types discovered:
- Datenschutzinformationen / Privacy Policies (Art. 13/14 DSGVO)
- AGB / Terms of Service / Nutzungsbedingungen
- Widerrufsbelehrung / Right of Withdrawal (§355 BGB)
- Cookie-Richtlinie / Cookie Policy
- All cross-domain variants (e.g. help.instagram.com from instagram.com)
API: POST /dsi-discovery { url, max_documents }
Returns: list of documents with title, url, language, type, word_count, text_preview
Features:
- Expands all accordions, details, tabs, dropdowns before scanning
- Follows cross-domain links (same registrable domain)
- Re-expands after navigation back to source page
- Handles anchor links (#sections) separately from full pages
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 21:56:55 +02:00
a6618af5ed
feat: Generic legal document discovery (DSI, AGB, Widerruf, Cookie-Richtlinie)
...
New service: dsi_discovery.py — finds ALL legal documents on any website:
- Technology-agnostic: HTML, SPA, WordPress, Typo3, custom CMS
- Structure-agnostic: accordions, sidebars, footers, inline links, tabs
- Format-agnostic: HTML pages, anchor sections, PDFs, cross-domain links
- Language-agnostic: 26 EU/EEA languages with document-type keywords
Document types discovered:
- Datenschutzinformationen / Privacy Policies (Art. 13/14 DSGVO)
- AGB / Terms of Service / Nutzungsbedingungen
- Widerrufsbelehrung / Right of Withdrawal (§355 BGB)
- Cookie-Richtlinie / Cookie Policy
- All cross-domain variants (e.g. help.instagram.com from instagram.com)
API: POST /dsi-discovery { url, max_documents }
Returns: list of documents with title, url, language, type, word_count, text_preview
Features:
- Expands all accordions, details, tabs, dropdowns before scanning
- Follows cross-domain links (same registrable domain)
- Re-expands after navigation back to source page
- Handles anchor links (#sections) separately from full pages
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 21:56:29 +02:00
2b4ff9f422
feat: DSFA — VVT-Verknüpfung + Residual Risk + Bundesland-Blacklists
...
1. VVT-Verknüpfung: Dropdown "Verknüpfte VVT-Aktivität" in Step 1,
lädt Aktivitäten via API, auto-fills Verarbeitungstätigkeit bei Auswahl
2. Residual Risk: Neuer Step 5 im Wizard — Bewertung des Restrisikos
nach Maßnahmen. Bei hoch/kritisch → Art. 36 Vorabkonsultation Warnung
3. Bundesland-Blacklists (Art. 35 Abs. 4): 16 Landesbehörden mit
DSK-Muss-Liste (10 gemeinsame Kriterien) + länderspezifische
Ergänzungen (Bayern: Whistleblower/Drohnen, NRW: Social-Media-
Monitoring, Berlin: Mieterbonitätsprüfung). Automatische Prüfung
gegen Scope-Antworten. Blacklist-Matches im DSFA-Banner angezeigt.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 21:48:59 +02:00
84b21cad08
feat: DSFA pre-fill from Company Profile + Scope answers
...
- New prefill-from-scope.ts utility:
- headquartersState → federal_state (Bundesland for authority lookup)
- data_art9 → special data categories (Gesundheit, Biometrie, etc.)
- data_minors → adds "Minderjährige" to data subjects + raises risk
- proc_adm_scoring → Art. 22 affected rights + measures
- proc_ai_usage → involves_ai flag + AI measures
- proc_video_surveillance → video data categories
- industry/businessModel → processing purpose + legal basis
- isDSFARequired() check: shows red banner when Art. 35 triggers detected
- GeneratorWizard accepts prefill prop, initializes all fields
- Passes federal_state, involves_ai, legal_basis to backend POST
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 19:36:13 +02:00
95baf60da3
refactor: Paket 2 Analyse umstrukturiert + AI Act/Evidence verschoben
...
Paket 2 Analyse (vorher 7 Steps → jetzt 5):
1. Requirements — Pruefaspekte aus Regulierungen
2. Controls — Technische & organisatorische Massnahmen
3. Risk Matrix — Risikobewertung (vorher #4 , jetzt #3 )
4. Audit Checklist — Pruefbare Checkliste (vorher #6 )
5. Audit Report — Zusammenfassender Report (vorher #7 )
Verschoben:
- AI Act → Paket 1 Vorbereitung (optional, nur bei KI-Einsatz)
- Evidence → Paket 5 Betrieb (Nachweise laufend sammeln, nicht einmalig)
SDK Flow (steps-*.ts) synchronisiert mit neuer Reihenfolge.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 16:40:10 +02:00
9fe7759973
refactor: ISO 27001 aus Regulierungen entfernen → ISMS Readiness
...
ISO 27001 ist kein Gesetz — freiwilliger Standard, kein Normtext ingested.
- Modules: ISO 27001 Fallback-Modul entfernt, Filter entfernt
- ISMS: Umbenannt zu "ISMS — ISO 27001 Readiness"
- ISMS: Hinweis "Basierend auf eigenen Pruefaspekten, kein Normtext"
- Sidebar: "ISMS (ISO 27001)" → "ISMS Readiness"
- Verbleibende Regulierungen: DSGVO, AI Act, NIS2 (gesetzlich)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 14:38:22 +02:00
f737bfc4db
refactor: Integrate Modules into Scope-Decision (Option C)
...
- RegulationsPanel: added enable/disable toggles per regulation
- ScopeDecisionTab: passes enabledModules + onToggleModule
- Scope page: auto-enables all applicable regulations when loaded
- Modules step: isOptional=true, moved to Zusatzmodule
- Requirements: now depends on compliance-scope, not modules
- Source-policy: now depends on use-case-assessment, not modules
Flow: Profile → Scope → Scope-Decision shows applicable regulations
with toggles → Requirements derived from enabled regulations
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 14:29:53 +02:00
7ab1476d8f
refactor: Move Screening to Zusatzmodule (optional)
...
- Screening step: isOptional=true
- Compliance Modules no longer depends on Screening
- Description updated to "SBOM + Vulnerability Scan (OSV.dev)"
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 13:55:09 +02:00
225456ec14
refactor: Source Policy — strip PII/Audit/Blocked, move to Zusatzmodule
...
- Removed: PII-Regeln tab (→ Core Service, other repo)
- Removed: Audit tab (→ redundant with Document Workflow + RBAC)
- Removed: Blockierte Inhalte tab (→ belongs to PII)
- Kept: Quellen-Whitelist + Berechtigungen (Operations Matrix)
- Renamed: "Source Policy" → "Quellen-Verwaltung"
- Moved: From Paket 1 (Pflicht) to Zusatzmodule (optional)
- sdk-steps.ts: isOptional=true, requirements no longer depends on it
- Sidebar: Added under Zusatzmodule section
- Page reduced from 365 → 130 lines
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 11:36:20 +02:00
9395a0084a
feat: Legally vetted cookie banner translations for 22 EU/EEA languages
...
Build + Deploy / build-admin-compliance (push) Successful in 2m6s
Build + Deploy / build-backend-compliance (push) Successful in 3m13s
Build + Deploy / build-ai-sdk (push) Successful in 56s
Build + Deploy / build-developer-portal (push) Successful in 1m13s
Build + Deploy / build-tts (push) Successful in 1m25s
Build + Deploy / build-document-crawler (push) Successful in 42s
Build + Deploy / build-dsms-gateway (push) Successful in 28s
Build + Deploy / build-dsms-node (push) Successful in 12s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 19s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m44s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 40s
CI / test-python-backend (push) Successful in 41s
CI / test-python-document-crawler (push) Successful in 30s
CI / test-python-dsms-gateway (push) Successful in 22s
CI / validate-canonical-controls (push) Successful in 15s
Build + Deploy / trigger-orca (push) Successful in 3m6s
22 languages: BG, CS, DA, DE, EL, EN, ES, ET, FI, FR, HR, HU, IT,
LT, LV, NL, PL, PT, RO, SK, SL, SV
Each language includes 20 fields:
- Banner title, description, accept/reject/save buttons
- Privacy notice: "zur Kenntnis genommen" pattern (NOT "zugestimmt")
- Terms: "gelesen und stimme zu" pattern (contract = agreement correct)
- EWR-only toggle label + info text
- 4 category names + descriptions
- Vendor/blocked labels, imprint + privacy policy links
Legal precision:
- DSE = Informationspflicht Art. 13 DSGVO → "acknowledged/zur Kenntnis"
- Nutzungsbedingungen = Vertrag → "agree/zustimmen" is correct
- No passive consent formulations
- No coupling patterns
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 10:58:21 +02:00
74dddbfa0f
feat: Legally vetted cookie banner translations for 22 EU/EEA languages
...
22 languages: BG, CS, DA, DE, EL, EN, ES, ET, FI, FR, HR, HU, IT,
LT, LV, NL, PL, PT, RO, SK, SL, SV
Each language includes 20 fields:
- Banner title, description, accept/reject/save buttons
- Privacy notice: "zur Kenntnis genommen" pattern (NOT "zugestimmt")
- Terms: "gelesen und stimme zu" pattern (contract = agreement correct)
- EWR-only toggle label + info text
- 4 category names + descriptions
- Vendor/blocked labels, imprint + privacy policy links
Legal precision:
- DSE = Informationspflicht Art. 13 DSGVO → "acknowledged/zur Kenntnis"
- Nutzungsbedingungen = Vertrag → "agree/zustimmen" is correct
- No passive consent formulations
- No coupling patterns
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 10:56:36 +02:00
c719b1ca5f
feat: Legally vetted cookie banner translations for 22 EU/EEA languages
...
22 languages: BG, CS, DA, DE, EL, EN, ES, ET, FI, FR, HR, HU, IT,
LT, LV, NL, PL, PT, RO, SK, SL, SV
Each language includes 20 fields:
- Banner title, description, accept/reject/save buttons
- Privacy notice: "zur Kenntnis genommen" pattern (NOT "zugestimmt")
- Terms: "gelesen und stimme zu" pattern (contract = agreement correct)
- EWR-only toggle label + info text
- 4 category names + descriptions
- Vendor/blocked labels, imprint + privacy policy links
Legal precision:
- DSE = Informationspflicht Art. 13 DSGVO → "acknowledged/zur Kenntnis"
- Nutzungsbedingungen = Vertrag → "agree/zustimmen" is correct
- No passive consent formulations
- No coupling patterns
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 10:56:23 +02:00
129849aa21
feat: 9 new banner checks (12-20), total 20 compliance checks
...
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 15s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m38s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 45s
CI / test-python-backend (push) Successful in 52s
CI / test-python-document-crawler (push) Successful in 30s
CI / test-python-dsms-gateway (push) Successful in 21s
CI / validate-canonical-controls (push) Successful in 13s
Check 12: Click count — reject requires more clicks than accept (CNIL 150M EUR)
Check 13: Color contrast — reject button invisible (same bg as banner)
Check 14: Google Consent Mode — analytics_storage 'granted' as default
Check 15: Pre-consent cookies — tracking cookies set before any interaction
Check 16: Registration coupling — login button = consent (Art. 7(4) DSGVO)
Check 17: Language mismatch — banner vs page language (all 26 EU languages)
Check 18: Consent cookie expiry — >13 months violates CNIL guidelines
Check 19: Nudging — reject button below fold / requires scrolling
Check 20: Emotional language (Stirring) — "volle Funktionalitaet" etc.
Language detection covers: BG, CS, DA, DE, EL, EN, ES, ET, FI, FR, GA,
HR, HU, IS, IT, LT, LV, MT, NL, NO, PL, PT, RO, SK, SL, SV
New file: banner_advanced_checks.py (396 LOC)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 08:39:01 +02:00
b997b4a475
feat: 9 new banner checks (12-20), total 20 compliance checks
...
Check 12: Click count — reject requires more clicks than accept (CNIL 150M EUR)
Check 13: Color contrast — reject button invisible (same bg as banner)
Check 14: Google Consent Mode — analytics_storage 'granted' as default
Check 15: Pre-consent cookies — tracking cookies set before any interaction
Check 16: Registration coupling — login button = consent (Art. 7(4) DSGVO)
Check 17: Language mismatch — banner vs page language (all 26 EU languages)
Check 18: Consent cookie expiry — >13 months violates CNIL guidelines
Check 19: Nudging — reject button below fold / requires scrolling
Check 20: Emotional language (Stirring) — "volle Funktionalitaet" etc.
Language detection covers: BG, CS, DA, DE, EL, EN, ES, ET, FI, FR, GA,
HR, HU, IS, IT, LT, LV, MT, NL, NO, PL, PT, RO, SK, SL, SV
New file: banner_advanced_checks.py (396 LOC)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 08:39:00 +02:00
9df2a001bb
feat: 9 new banner checks (12-20), total 20 compliance checks
...
Check 12: Click count — reject requires more clicks than accept (CNIL 150M EUR)
Check 13: Color contrast — reject button invisible (same bg as banner)
Check 14: Google Consent Mode — analytics_storage 'granted' as default
Check 15: Pre-consent cookies — tracking cookies set before any interaction
Check 16: Registration coupling — login button = consent (Art. 7(4) DSGVO)
Check 17: Language mismatch — banner vs page language (all 26 EU languages)
Check 18: Consent cookie expiry — >13 months violates CNIL guidelines
Check 19: Nudging — reject button below fold / requires scrolling
Check 20: Emotional language (Stirring) — "volle Funktionalitaet" etc.
Language detection covers: BG, CS, DA, DE, EL, EN, ES, ET, FI, FR, GA,
HR, HU, IS, IT, LT, LV, MT, NL, NO, PL, PT, RO, SK, SL, SV
New file: banner_advanced_checks.py (396 LOC)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 08:38:46 +02:00
7fc43a3f1f
feat: 3 new banner legal checks (11 total) + extract banner_text_checker
...
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 46s
CI / validate-canonical-controls (push) Successful in 14s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 18s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m32s
CI / test-python-backend (push) Successful in 40s
CI / test-python-document-crawler (push) Successful in 25s
CI / test-python-dsms-gateway (push) Successful in 21s
New checks (from EUIPO reference case):
- Check 9: Third-party DSE link — detects when consent dialog links to
external domain's privacy policy instead of own DSE (Art. 13 DSGVO)
- Check 10: Dark-pattern language — detects "muessen/erforderlich" for
non-essential cookies suggesting false technical necessity (EDPB Rn. 70)
- Check 11: Non-modal dismiss = consent — detects when clicking outside
dialog closes it (possibly treating as consent, Planet49 violation)
Refactor: extracted _check_banner_text (375 LOC) from consent_scanner.py
into services/banner_text_checker.py to keep both files under 500 LOC.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 08:05:49 +02:00
5d138f265b
feat: 3 new banner legal checks (11 total) + extract banner_text_checker
...
New checks (from EUIPO reference case):
- Check 9: Third-party DSE link — detects when consent dialog links to
external domain's privacy policy instead of own DSE (Art. 13 DSGVO)
- Check 10: Dark-pattern language — detects "muessen/erforderlich" for
non-essential cookies suggesting false technical necessity (EDPB Rn. 70)
- Check 11: Non-modal dismiss = consent — detects when clicking outside
dialog closes it (possibly treating as consent, Planet49 violation)
Refactor: extracted _check_banner_text (375 LOC) from consent_scanner.py
into services/banner_text_checker.py to keep both files under 500 LOC.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 08:02:46 +02:00
c47450fe58
feat: 3 new banner legal checks (11 total) + extract banner_text_checker
...
New checks (from EUIPO reference case):
- Check 9: Third-party DSE link — detects when consent dialog links to
external domain's privacy policy instead of own DSE (Art. 13 DSGVO)
- Check 10: Dark-pattern language — detects "muessen/erforderlich" for
non-essential cookies suggesting false technical necessity (EDPB Rn. 70)
- Check 11: Non-modal dismiss = consent — detects when clicking outside
dialog closes it (possibly treating as consent, Planet49 violation)
Refactor: extracted _check_banner_text (375 LOC) from consent_scanner.py
into services/banner_text_checker.py to keep both files under 500 LOC.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 08:01:54 +02:00
bb1f5d6c94
feat: Document Workflow wiring + Email system consolidation
...
Document Workflow:
- "Als Version speichern" button in Document Generator preview
- Creates document + version via /legal-documents/documents API
- Saved documents appear in /sdk/workflow module
- Status indicator (saving/saved/error) in toolbar
Email Consolidation:
- consent-management Emails tab now redirects to /sdk/email-templates
- Single source of truth for all email templates
- Old tab replaced with redirect card explaining the change
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 07:57:33 +02:00
0837680e03
docs: Add EUIPO Unblu Chat findings (3 new, total 10 findings)
...
Finding 8: Unblu chat consent links to third-party DSE (unblu.com)
instead of EUIPO's own privacy policy (Art. 13 DSGVO)
Finding 9: Cookie consent delegated to third-party terms without
own legal basis (§25 TDDDG)
Finding 10: Click-outside-dialog = accept — accidental click counts
as consent (Planet49, Art. 7(1) DSGVO)
New planned agent checks:
- Drittanbieter-DSE-Check: detect consent linking to external DSE
- Modal-Dismiss-Check: Playwright test if backdrop click = consent
- Dark-Pattern-Sprache: detect "muessen/erforderlich" for non-essential cookies
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 07:48:35 +02:00
0b7e14f202
feat: Add IAM system knowledge + CMP FAQ to Compliance Advisor soul
...
Build + Deploy / build-admin-compliance (push) Successful in 2m0s
Build + Deploy / build-backend-compliance (push) Successful in 2m56s
Build + Deploy / build-ai-sdk (push) Successful in 43s
Build + Deploy / build-developer-portal (push) Successful in 1m1s
Build + Deploy / build-tts (push) Successful in 1m14s
Build + Deploy / build-document-crawler (push) Successful in 32s
Build + Deploy / build-dsms-gateway (push) Successful in 20s
Build + Deploy / build-dsms-node (push) Successful in 9s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 15s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m31s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 40s
CI / test-python-backend (push) Successful in 36s
CI / test-python-document-crawler (push) Successful in 26s
CI / test-python-dsms-gateway (push) Successful in 21s
CI / validate-canonical-controls (push) Successful in 13s
Build + Deploy / trigger-orca (push) Successful in 3m15s
New FAQ sections the advisor can answer:
- "Was ist WSO2 Identity Server?" — explains systemic GDPR template problem
- "Welche IAM-Systeme haben aehnliche Probleme?" — WSO2, Keycloak, Azure AD B2C,
Auth0, Cognito, ForgeRock comparison table
- "Was ist das Koppelungsverbot?" — Art. 7(4) DSGVO with practical examples
- CMP product knowledge — all 9 modules, EWR-Only feature explanation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 07:40:32 +02:00
2fb417c784
feat: Add IAM system knowledge + CMP FAQ to Compliance Advisor soul
...
New FAQ sections the advisor can answer:
- "Was ist WSO2 Identity Server?" — explains systemic GDPR template problem
- "Welche IAM-Systeme haben aehnliche Probleme?" — WSO2, Keycloak, Azure AD B2C,
Auth0, Cognito, ForgeRock comparison table
- "Was ist das Koppelungsverbot?" — Art. 7(4) DSGVO with practical examples
- CMP product knowledge — all 9 modules, EWR-Only feature explanation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 07:37:17 +02:00
f74b786c6f
feat: Add IAM system knowledge + CMP FAQ to Compliance Advisor soul
...
New FAQ sections the advisor can answer:
- "Was ist WSO2 Identity Server?" — explains systemic GDPR template problem
- "Welche IAM-Systeme haben aehnliche Probleme?" — WSO2, Keycloak, Azure AD B2C,
Auth0, Cognito, ForgeRock comparison table
- "Was ist das Koppelungsverbot?" — Art. 7(4) DSGVO with practical examples
- CMP product knowledge — all 9 modules, EWR-Only feature explanation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 07:36:27 +02:00
7ebd25c59c
docs: Add EUIPO registration as compliance agent reference test case
...
Real-world case from EU authority (EUIPO) with 7 findings:
- Grammatically broken consent text (bad DE translation)
- Coupling prohibition violation (login = consent, Art. 7(4) DSGVO)
- No reject button, no granularity, no active opt-in
- Broken link layout (DSE/ToS links appear after submit button)
- Includes correction suggestion and planned agent check implementations
- Pattern: WSO2 Identity Server default templates (systemic issue)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 07:28:32 +02:00
e0f59cdf82
feat: IAB TCF 2.2 + sidebar naming consistency (Option C)
...
TCF/IAB 2.2:
- TCFEncoderService: base64url TC String generation per IAB spec
- 12 IAB purposes mapped to banner categories
- tcf_routes: 5 endpoints (purposes, features, mapping, encode)
- Auto-generate TC String on consent when tcf_enabled=true
- TCFSettings.tsx: enable/disable, purpose grid, test encoder
- New "TCF/IAB" tab in cookie-banner (7 tabs total)
Sidebar naming (Option C):
- SDK step "Einwilligungen" renamed to "Consent-Records"
to match CMP sidebar label — consistent across both navigations
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 07:10:53 +02:00
d3c8811fdb
feat: IAB TCF 2.2 — TC String encoder + purpose mapping + UI
...
- TCFEncoderService: generates base64url-encoded TC Strings per IAB spec
with 12 purposes, vendor consent bitfield, CMP metadata
- Category-to-purpose mapping (necessary→none, statistics→1,7,8,9,10,
marketing→1,2,3,4,5,6,7,12, functional→1,11)
- tcf_routes: 5 endpoints (purposes, features, mapping, encode, encode-categories)
- banner_consent_service: auto-generates TC String when tcf_enabled=true
- TCFSettings.tsx: enable/disable toggle, purpose grid with category mapping,
TC String test generator, CMP registration info
- New "TCF/IAB" tab in cookie-banner page (7 tabs total)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 07:01:37 +02:00
c89a68e59e
feat: Whistleblower backend + Scanner banner-check (last 2 gaps)
...
Whistleblower (HinSchG):
- Migration 118: 3 tables (reports, messages, measures) with
HinSchG deadlines (7d acknowledgment, 3mo feedback)
- whistleblower_routes.py: 14 endpoints (CRUD, acknowledge, close,
messages, measures, public submit, anonymous status check)
- Frontend api-operations.ts rewired from Go SDK to compliance proxy
- Access key format XXXX-XXXX-XXXX for anonymous reporters
Scanner banner-check (TTDSG § 25):
- CMP Dashboard: green "Kein Cookie-Banner erforderlich" when no
trackers detected + no banner configured
- Red warning "Cookie-Banner fehlt!" when trackers found but no banner
- Mandatory note: Impressum (DDG § 5) + DSE (DSGVO Art. 13) still required
[migration-approved]
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-04 00:22:18 +02:00
eb4ea8bc42
feat: EmailDeliveryService + professional DSR email templates
...
- EmailDeliveryService: load template → find published version →
render {{variables}} → send via SMTP → audit log. Fallback to
inline HTML when no published template exists.
- Migration 117: Professional HTML/text content for all 5 DSR
templates (receipt, completion, rejection, identity, extension)
with branded styling and proper Art. references
- DSRArt11Service now uses EmailDeliveryService with dsr_rejection
template instead of hardcoded HTML
[migration-approved]
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-03 23:38:32 +02:00
060f351da7
feat: Art. 11 DSGVO — reject DSR when data subject not identifiable
...
- New DSRArt11Service: handles rejection with proper legal basis,
automated email notification to requester explaining Art. 11
- POST /dsr/{id}/reject-art11 endpoint
- ActionButtons.tsx: "Nicht identifizierbar (Art. 11)" button
shown when identity is not yet verified
- Also fixes: DSR export type-cast rollback handling
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-03 23:30:18 +02:00
c55d0ab12a
fix: DSR export type-cast bug + session rollback on partial failures
...
- tenant_id kept as string (PostgreSQL handles UUID cast)
- Einwilligungen query uses CAST(:tid AS VARCHAR) for compatibility
- Each data source query wrapped with rollback on failure to prevent
cascading "transaction aborted" errors
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-05-03 23:15:25 +02:00
Benjamin Admin