Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
603 Commits 5 Branches 1 Tag
85c4cbbf3781a47609ffd5e2261c32e1bdf167ed
Commit Graph

9 Commits

Author SHA1 Message Date
Benjamin Admin e35db90232 feat: Phase 5 — DB persistence for scan results + Phase 10 in plan 
- Migration 086: compliance_agent_scans table (findings, services, corrections)
- agent_history_routes.py: POST /scans (save), GET /scans (list), GET /scans/{id}
- Scan results survive page reloads and can be reviewed later
- Phase 10 (Playwright website scanner) added to product roadmap

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-29 15:17:51 +02:00
Benjamin Admin 5c5054f740 feat: Phase 3 — registry 82 services, mandatory checker, SDK flow step 
- website_scanner.py: imports from master service_registry.py (82 services)
- agent_scan_routes.py: mandatory content checks (documents + DSE sections)
- steps-betrieb.ts: Compliance Agent step added to SDK Flow (seq 5000)
- PLAN: Phase 9 (Authenticated Testing) added to product roadmap

Mandatory checks know what MUST be there:
- Documents: Impressum, DSE, AGB, Widerrufsbelehrung
- DSE content: 9 Art. 13 DSGVO fields (DSB, Speicherdauer, etc.)
- Impressum content: 5 §5 TMG fields (GF, HRB, USt-ID, etc.)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-29 15:04:44 +02:00
Benjamin Admin 0266dfd011 docs: Compliance Agent product roadmap — 8 phases, PoC to production 
P0: UCCA score calibration + control relevance filter
P1: Headless browser consent test (before/after cookie banner) + 80+ services
P2: Scan acceleration, DB persistence, PDF export
P3: Recurring scans, multi-website comparison

Investor demo scenario included.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-29 11:32:27 +02:00
Benjamin Admin d0dc284cd5 docs: add Phase 5 (Payment/Marketing checks) + Phase 6 (auto-corrections) 
- Payment: Stripe, PayPal, Klarna (Art. 22 Bonitaetspruefung!), Adyen, Mollie
- Marketing: GA, Meta Pixel, TikTok, Hotjar, Clarity, Newsletter-Anbieter
- Each service: DSE mention check, consent check, third-country check
- Pre-launch mode: agent generates ready-to-insert DSE text blocks via Qwen
- Correction types: missing service, wrong legal basis, outdated entry

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-28 15:26:29 +02:00
Benjamin Admin 24fb1e14e0 docs: add Phase 4b — SOLL/IST Dienstleister-Abgleich (DSE vs. Website) 
Automated comparison: services mentioned in privacy policy vs. actually
embedded on website. Three categories: undocumented (Art. 13 violation),
outdated (cleanup), correctly documented (check third country only).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-28 15:20:12 +02:00
Benjamin Admin 6aa753146f docs: extend plan with third-party service detection + Drittland registry 
80+ services: CDN (Cloudflare, Akamai), Fonts (Google Fonts LG München),
Tracking (GA, Meta Pixel, Matomo), Captcha, Maps, Video, Payment.
Static registry with country, EU adequacy, consent requirement, legal ref.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-28 15:18:43 +02:00
Benjamin Admin acd2d5f944 docs: add Phase 4 (Website-Scan) to Control Relevance Filter plan 
Multi-page crawl: scan 5-10 strategic pages (start, footer links) for
chatbot widgets, AI text mentions, and tracking services. Feed results
into relevance filter to reduce false positives.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-28 15:11:19 +02:00
Benjamin Admin 2a6f526c88 docs: plan for Control Relevance Filter (3-stage: rules, LLM, follow-up) 
Addresses false-positive controls like C_TRANSPARENCY being recommended
when no AI usage is evident. Plan for separate implementation session.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-28 14:32:25 +02:00
Benjamin Admin 0c0dd4e3a6 feat: ZeroClaw compliance agent — document analysis + role assignment + email 
Add autonomous compliance agent that fetches web documents (cookie banners,
privacy policies), classifies them via Qwen/Ollama, assesses DSGVO compliance,
assigns to the responsible role, and sends notification emails.

Components:
- ZeroClaw SOP (6-step workflow: fetch, classify, assess, summarize, assign, notify)
- Backend: /api/compliance/agent/analyze (combined endpoint)
- Backend: /api/compliance/agent/notify (standalone email)
- Frontend: /sdk/agent page (Manager UI with URL input + results)
- Helper scripts + E2E test

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-27 23:28:21 +02:00