breakpilot-compliance

Benjamin_Boenisch/breakpilot-compliance

Fork 0

Commit Graph

Author	SHA1	Message	Date
Benjamin Admin	6f16507c5f	feat(banner): P19 + P20 — Per-Category-Click-Test + Frontend-Drilldown CI / secret-scan (push) Has been skipped Details CI / dep-audit (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 2m54s Details CI / test-go (push) Has been skipped Details CI / detect-changes (push) Successful in 10s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / validate-canonical-controls (push) Successful in 17s Details CI / loc-budget (push) Successful in 17s Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / iace-gt-coverage (push) Has been skipped Details CI / test-python-backend (push) Successful in 43s Details CI / test-python-document-crawler (push) Has been skipped Details CI / test-python-dsms-gateway (push) Has been skipped Details P19 (consent-tester): - dp-cookieconsent (TYPO3, Safetykon-Pattern) als CMP-Profil hinzu — Selektoren #dp--cookie-statistics/marketing + a.cc-allow Save-Button - Neues Signal provider_details_visible: nach Kategorie-Toggle prueft Playwright ob im Banner sichtbare Provider-/Cookie-Detail-Elemente erscheinen. Bei dp-cookieconsent (Banner ohne Listing) immer False -> HIGH-Violation "Kategorie zeigt keine Provider-/Cookie-Details — Nutzer kann nicht informiert einwilligen (Art. 7 Abs. 1 DSGVO)" - main.py serialisiert provider_details_visible + cookies_set pro Kategorie P20 (Frontend-Drilldown): - Backend: check_payloads-Tabelle um Spalte 'banner' (JSON) — voller banner_result persistiert (vorher nur in-memory). ALTER TABLE Migration idempotent. - Neuer Endpoint GET /api/compliance/agent/banner/<check_id> — liefert Quality-Score, Phases, Category-Tests, Banner-Checks, alle 46 structured_checks. - Frontend: BannerTab im /sdk/agent/audit/<id> mit Quality-Cards, 3-Phasen-Cookie-Tabelle, Per-Category-Listing (mit P19-Signal rot/gruen), Banner-Verstoesse + Rechtsgrundlagen, 46-Check-Drilldown filterbar nach Severity. - Tab-Switcher in page.tsx um "Cookie-Banner-Analyse" erweitert. - Bonus: 2 alte route.ts auf Next.js 15 Promise-params umgestellt (Build-Fix). Plus: Critical-Findings-Block nutzt provider_details_visible als primaeres Signal statt nur tracking_services-Anzahl. Smoke-Test Safetykon: 4 Critical Findings im Mail, banner-Endpoint liefert 46 checks + 3 phases + 2 categories mit provider_details_visible=False. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-19 14:31:13 +02:00
Benjamin Admin	d4d9b60007	feat(email): P18 — Critical-Findings-Box + Banner-Deep-Block CI / detect-changes (push) Successful in 12s Details CI / branch-name (push) Has been skipped Details CI / guardrail-integrity (push) Has been skipped Details CI / secret-scan (push) Has been skipped Details CI / dep-audit (push) Has been skipped Details CI / sbom-scan (push) Has been skipped Details CI / validate-canonical-controls (push) Successful in 15s Details CI / loc-budget (push) Successful in 20s Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / nodejs-build (push) Successful in 3m8s Details CI / test-go (push) Has been skipped Details CI / iace-gt-coverage (push) Has been skipped Details CI / test-python-backend (push) Successful in 47s Details CI / test-python-document-crawler (push) Has been skipped Details CI / test-python-dsms-gateway (push) Has been skipped Details Backend wirft 90% der consent-tester-Daten weg — nur 4 Felder von einem vollen Banner-Scan landeten im Email. Phases (before_consent / after_reject / after_accept), banner_checks.violations mit Rechtsgrundlagen, category_tests, 46 structured_checks, completeness/correctness-Scores waren alle nicht sichtbar. Backend: agent_compliance_check_routes leitet jetzt das volle banner_result durch (15 Felder statt 4). Renderer (2 neue Module): 1) agent_doc_check_critical.build_critical_findings_html - ROTER Sofortmassnahmen-Block GANZ OBEN in der Email - Erkennt: banner-violations (HIGH/CRITICAL), leere Per-Category-Lists, DSE-Score <30%, fehlende Cookie-Richtlinie, US-Tracker ohne SCC/DPF - Pro Issue: konkrete Sofortmassnahme + Rechtsgrundlage + Bussgeld- Praezedenz (CNIL TikTok 5 Mio, LfDI BW 30k, EuGH Schrems II, ...) - Wird nur gerendert wenn echte Issues vorliegen 2) agent_doc_check_banner.build_banner_deep_html - Banner-Quality-Score-Cards (Vollstaendigkeit / Korrektheit / Verstoesse) - 3-Phasen-Cookie-Tabelle: vor Consent / nach Ablehnung / nach Annahme mit Cookie-Count, Tracker-Count, Auffaelligkeiten - Per-Category-Tracker-Listing (Statistik/Marketing) — zeigt explizit wenn eine Kategorie keine Provider listet (Safetykon-Pattern) - Violations-Liste mit Severity-Badge + Quellen-Hint (LG Rostock, EDPB) Smoke-Test Safetykon: alle 6 neuen Blocks rendern, kein Regression. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-19 13:34:17 +02:00

Author

SHA1

Message

Date

Benjamin Admin

6f16507c5f

feat(banner): P19 + P20 — Per-Category-Click-Test + Frontend-Drilldown

CI / secret-scan (push) Has been skipped

Details

CI / dep-audit (push) Has been skipped

Details

CI / nodejs-lint (push) Has been skipped

Details

CI / nodejs-build (push) Successful in 2m54s

Details

CI / test-go (push) Has been skipped

Details

CI / detect-changes (push) Successful in 10s

Details

CI / branch-name (push) Has been skipped

Details

CI / guardrail-integrity (push) Has been skipped

Details

CI / sbom-scan (push) Has been skipped

Details

CI / validate-canonical-controls (push) Successful in 17s

Details

CI / loc-budget (push) Successful in 17s

Details

CI / go-lint (push) Has been skipped

Details

CI / python-lint (push) Has been skipped

Details

CI / iace-gt-coverage (push) Has been skipped

Details

CI / test-python-backend (push) Successful in 43s

Details

CI / test-python-document-crawler (push) Has been skipped

Details

CI / test-python-dsms-gateway (push) Has been skipped

Details

P19 (consent-tester):
- dp-cookieconsent (TYPO3, Safetykon-Pattern) als CMP-Profil hinzu —
  Selektoren #dp--cookie-statistics/marketing + a.cc-allow Save-Button
- Neues Signal provider_details_visible: nach Kategorie-Toggle prueft
  Playwright ob im Banner sichtbare Provider-/Cookie-Detail-Elemente
  erscheinen. Bei dp-cookieconsent (Banner ohne Listing) immer False
  -> HIGH-Violation "Kategorie zeigt keine Provider-/Cookie-Details —
  Nutzer kann nicht informiert einwilligen (Art. 7 Abs. 1 DSGVO)"
- main.py serialisiert provider_details_visible + cookies_set pro Kategorie

P20 (Frontend-Drilldown):
- Backend: check_payloads-Tabelle um Spalte 'banner' (JSON) — voller
  banner_result persistiert (vorher nur in-memory). ALTER TABLE
  Migration idempotent.
- Neuer Endpoint GET /api/compliance/agent/banner/<check_id> — liefert
  Quality-Score, Phases, Category-Tests, Banner-Checks, alle 46
  structured_checks.
- Frontend: BannerTab im /sdk/agent/audit/<id> mit Quality-Cards,
  3-Phasen-Cookie-Tabelle, Per-Category-Listing (mit P19-Signal
  rot/gruen), Banner-Verstoesse + Rechtsgrundlagen, 46-Check-Drilldown
  filterbar nach Severity.
- Tab-Switcher in page.tsx um "Cookie-Banner-Analyse" erweitert.
- Bonus: 2 alte route.ts auf Next.js 15 Promise-params umgestellt
  (Build-Fix).

Plus: Critical-Findings-Block nutzt provider_details_visible als
primaeres Signal statt nur tracking_services-Anzahl.

Smoke-Test Safetykon: 4 Critical Findings im Mail, banner-Endpoint
liefert 46 checks + 3 phases + 2 categories mit provider_details_visible=False.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-19 14:31:13 +02:00

Benjamin Admin

d4d9b60007

feat(email): P18 — Critical-Findings-Box + Banner-Deep-Block

CI / detect-changes (push) Successful in 12s

Details

CI / branch-name (push) Has been skipped

Details

CI / guardrail-integrity (push) Has been skipped

Details

CI / secret-scan (push) Has been skipped

Details

CI / dep-audit (push) Has been skipped

Details

CI / sbom-scan (push) Has been skipped

Details

CI / validate-canonical-controls (push) Successful in 15s

Details

CI / loc-budget (push) Successful in 20s

Details

CI / go-lint (push) Has been skipped

Details

CI / python-lint (push) Has been skipped

Details

CI / nodejs-lint (push) Has been skipped

Details

CI / nodejs-build (push) Successful in 3m8s

Details

CI / test-go (push) Has been skipped

Details

CI / iace-gt-coverage (push) Has been skipped

Details

CI / test-python-backend (push) Successful in 47s

Details

CI / test-python-document-crawler (push) Has been skipped

Details

CI / test-python-dsms-gateway (push) Has been skipped

Details

Backend wirft 90% der consent-tester-Daten weg — nur 4 Felder von einem
vollen Banner-Scan landeten im Email. Phases (before_consent / after_reject
/ after_accept), banner_checks.violations mit Rechtsgrundlagen,
category_tests, 46 structured_checks, completeness/correctness-Scores
waren alle nicht sichtbar.

Backend: agent_compliance_check_routes leitet jetzt das volle banner_result
durch (15 Felder statt 4).

Renderer (2 neue Module):
1) agent_doc_check_critical.build_critical_findings_html
   - ROTER Sofortmassnahmen-Block GANZ OBEN in der Email
   - Erkennt: banner-violations (HIGH/CRITICAL), leere Per-Category-Lists,
     DSE-Score <30%, fehlende Cookie-Richtlinie, US-Tracker ohne SCC/DPF
   - Pro Issue: konkrete Sofortmassnahme + Rechtsgrundlage + Bussgeld-
     Praezedenz (CNIL TikTok 5 Mio, LfDI BW 30k, EuGH Schrems II, ...)
   - Wird nur gerendert wenn echte Issues vorliegen

2) agent_doc_check_banner.build_banner_deep_html
   - Banner-Quality-Score-Cards (Vollstaendigkeit / Korrektheit / Verstoesse)
   - 3-Phasen-Cookie-Tabelle: vor Consent / nach Ablehnung / nach Annahme
     mit Cookie-Count, Tracker-Count, Auffaelligkeiten
   - Per-Category-Tracker-Listing (Statistik/Marketing) — zeigt explizit
     wenn eine Kategorie keine Provider listet (Safetykon-Pattern)
   - Violations-Liste mit Severity-Badge + Quellen-Hint (LG Rostock, EDPB)

Smoke-Test Safetykon: alle 6 neuen Blocks rendern, kein Regression.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-19 13:34:17 +02:00

2 Commits