breakpilot-compliance

Benjamin_Boenisch/breakpilot-compliance

Fork 0

Commit Graph

Author	SHA1	Message	Date
Benjamin Admin	c89a68e59e	feat: Whistleblower backend + Scanner banner-check (last 2 gaps) Whistleblower (HinSchG): - Migration 118: 3 tables (reports, messages, measures) with HinSchG deadlines (7d acknowledgment, 3mo feedback) - whistleblower_routes.py: 14 endpoints (CRUD, acknowledge, close, messages, measures, public submit, anonymous status check) - Frontend api-operations.ts rewired from Go SDK to compliance proxy - Access key format XXXX-XXXX-XXXX for anonymous reporters Scanner banner-check (TTDSG § 25): - CMP Dashboard: green "Kein Cookie-Banner erforderlich" when no trackers detected + no banner configured - Red warning "Cookie-Banner fehlt!" when trackers found but no banner - Mandatory note: Impressum (DDG § 5) + DSE (DSGVO Art. 13) still required [migration-approved] Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-04 00:22:18 +02:00
Benjamin Admin	c5678c7101	fix: Route all banner API calls through Next.js proxy (SSL cert fix) Browser blocks direct calls to backend-compliance:8093 due to self-signed SSL certificate. All banner API calls now go through Next.js API proxy at /api/sdk/v1/banner/* which runs server-side. - New catch-all proxy: /api/sdk/v1/banner/[[...path]]/route.ts Maps to backend-compliance:8002/api/compliance/banner/* - Preview page: uses /api/sdk/v1/banner/ instead of https://macmini:8093 - CMP Dashboard: uses proxy for banner stats + compliance proxy for DSR/einwilligungen - Fixes: banner not closeable due to API errors, consent not saving Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-03 08:53:20 +02:00
Benjamin Admin	9423b1d1b9	feat: CMP Dashboard — aggregated consent, DSR, and compliance overview - New route /sdk/cmp with full CMP dashboard - 4 KPI cards: total consents, active consents, open DSR requests, configured sites - Cookie category acceptance bars (necessary/statistics/marketing/functional) - DSR breakdown: by status, by type (Art. 15-21), avg processing time, overdue count - 9-point compliance checklist (banner, DSE, impressum, Art.7 proof, DSR, loeschfristen, vendor AVV, email templates, EWR-only mode) — each links to relevant module - 8 module cards with icons linking to all CMP sub-modules - Real API integration: /banner/admin/stats, /einwilligungen/consents/stats, /dsr/stats - Dashboard link added as first entry in CMP sidebar section Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-03 08:44:00 +02:00

Author

SHA1

Message

Date

Benjamin Admin

c89a68e59e

feat: Whistleblower backend + Scanner banner-check (last 2 gaps)

Whistleblower (HinSchG):
- Migration 118: 3 tables (reports, messages, measures) with
  HinSchG deadlines (7d acknowledgment, 3mo feedback)
- whistleblower_routes.py: 14 endpoints (CRUD, acknowledge, close,
  messages, measures, public submit, anonymous status check)
- Frontend api-operations.ts rewired from Go SDK to compliance proxy
- Access key format XXXX-XXXX-XXXX for anonymous reporters

Scanner banner-check (TTDSG § 25):
- CMP Dashboard: green "Kein Cookie-Banner erforderlich" when no
  trackers detected + no banner configured
- Red warning "Cookie-Banner fehlt!" when trackers found but no banner
- Mandatory note: Impressum (DDG § 5) + DSE (DSGVO Art. 13) still required

[migration-approved]

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-05-04 00:22:18 +02:00

Benjamin Admin

c5678c7101

fix: Route all banner API calls through Next.js proxy (SSL cert fix)

Browser blocks direct calls to backend-compliance:8093 due to
self-signed SSL certificate. All banner API calls now go through
Next.js API proxy at /api/sdk/v1/banner/* which runs server-side.

- New catch-all proxy: /api/sdk/v1/banner/[[...path]]/route.ts
  Maps to backend-compliance:8002/api/compliance/banner/*
- Preview page: uses /api/sdk/v1/banner/ instead of https://macmini:8093
- CMP Dashboard: uses proxy for banner stats + compliance proxy for DSR/einwilligungen
- Fixes: banner not closeable due to API errors, consent not saving

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-05-03 08:53:20 +02:00

Benjamin Admin

9423b1d1b9

feat: CMP Dashboard — aggregated consent, DSR, and compliance overview

- New route /sdk/cmp with full CMP dashboard
- 4 KPI cards: total consents, active consents, open DSR requests, configured sites
- Cookie category acceptance bars (necessary/statistics/marketing/functional)
- DSR breakdown: by status, by type (Art. 15-21), avg processing time, overdue count
- 9-point compliance checklist (banner, DSE, impressum, Art.7 proof, DSR, loeschfristen,
  vendor AVV, email templates, EWR-only mode) — each links to relevant module
- 8 module cards with icons linking to all CMP sub-modules
- Real API integration: /banner/admin/stats, /einwilligungen/consents/stats, /dsr/stats
- Dashboard link added as first entry in CMP sidebar section

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-05-03 08:44:00 +02:00

3 Commits