New independent service (port 8094) with headless Chromium:
- Phase A: What loads BEFORE any consent interaction
- Phase B: What loads AFTER rejecting consent (CRITICAL if tracking persists)
- Phase C: What loads AFTER accepting (check against cookie policy)
- 10 CMP-specific selectors (Didomi, OneTrust, Cookiebot, Usercentrics, etc.)
- Generic fallback via button text matching
- 18 tracking service patterns for script classification
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Shows for each finding:
- Original text block from DSE (or "missing" indicator)
- Position: section heading, number, parent section, paragraph index
- Correction: insert/append/replace with copy button
Falls back to plain correction view if no text reference available.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- dse_parser.py: HTML → structured sections (heading, number, content, parent)
Uses heading hierarchy (h1-h4) with regex fallback
- dse_matcher.py: matches detected services against DSE sections
Exact name → provider → category matching with insertion point suggestion
- agent_scan_routes: TextReference model in findings (original text,
section, paragraph, correction type, insert_after)
Enables showing: "Google Analytics not found in DSE, insert after
Section 2.4 Cookies und Tracking"
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Phase 0: Qwen extracts 14 structured intake flags (personal_data,
marketing, profiling, ai_usage, etc.) instead of keyword matching.
Fallback to keywords if LLM unavailable. Flags feed into UCCA for
accurate scoring.
Phase 1: Control relevance filter removes false positives.
C_TRANSPARENCY only recommended if AI/ML keywords found in text.
7 control rules with keyword lists + intake flag fallback.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Summary now renders as styled HTML (table layout, colored risk badge,
warning banners) instead of plaintext in <div>
- Tab info text explains scope: "Analysiert nur die eingegebene URL" vs
"Scannt automatisch 5-10 Unterseiten"
- Scan history with findings count badge and page count
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Advisor now knows about: project setup (3 steps), all SDK modules
(DSGVO, AI Act, CE, independent modules), recommended workflow order,
navigation (sidebar, CommandBar, SDK-Flow). No business secrets.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Same pattern as the email templates variables fix. Backend may return
placeholders as object instead of array.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Chat-Verlauf wird als strukturiertes Beratungsprotokoll per Email
an den DSB gesendet. Button erscheint im Header sobald Nachrichten
vorhanden sind. Zeigt Checkmark nach erfolgreichem Versand.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Widgets were hidden behind projectId guard. Removed condition so new
users can ask questions (e.g. "Wie lege ich ein Projekt an?") before
creating a project.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Email now lists all scanned URLs with checkmark/cross status.
Frontend shows collapsible "X Seiten gescannt — Details anzeigen".
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SDK LLM chat returns empty content due to Qwen think-mode. Direct Ollama
/api/generate call with stream:false gets the full response including
think tags which we strip.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Backend gibt variables manchmal als {} (Objekt) statt [] (Array)
zurueck. (template.variables || []).map() greift nicht weil {}
truthy ist. Fix: Array.isArray() Check in TemplateCard + EditorTab.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Automated comparison: services mentioned in privacy policy vs. actually
embedded on website. Three categories: undocumented (Art. 13 violation),
outdated (cleanup), correctly documented (check third country only).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Multi-page crawl: scan 5-10 strategic pages (start, footer links) for
chatbot widgets, AI text mentions, and tracking services. Feed results
into relevance filter to reduce false positives.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Addresses false-positive controls like C_TRANSPARENCY being recommended
when no AI usage is evident. Plan for separate implementation session.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Backend: mode field in request, adapts summary tone and email subject
- Pre-launch: "Implementieren Sie X vor Veroeffentlichung"
- Post-launch: "ACHTUNG: Maengel sind oeffentlich sichtbar, sofortige Nachbesserung"
- Frontend: Mode toggle (internes Dokument vs. Live-Website)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Scan public website for cancellation button, imprint, privacy link, cookie consent
- Generate follow-up questions when checks can't be verified without login
- User answers "no" → finding with legal basis is added to results
- Frontend: FollowUpQuestions component with Ja/Nein buttons
- Sidebar: "Compliance Agent" entry added under KI-Compliance
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Backend-Endpoints existierten bereits (submit/approve/reject/publish),
wurden aber vom Frontend nicht genutzt. Jetzt vollstaendiger Workflow:
- Submit for Review: Entwurf → Pruefung einreichen
- Approve/Reject: DSB kann genehmigen oder mit Begruendung ablehnen
- Publish: Genehmigte Version veroeffentlichen
- Test senden: Test-E-Mail an beliebige Adresse
- Approval History: Genehmigungshistorie abrufbar
- Status-Badges: draft/review/approved/published mit passenden Buttons
Alle Buttons sind kontextabhaengig — nur sichtbar wenn der Status passt.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
index.ts exportierte STEP_EXPLANATIONS aus './StepHeader', aber
StepHeader.tsx importiert es nur intern und exportiert es nicht.
Fix: direkt aus './StepExplanations' re-exportieren.
Betrifft: DSR, Incidents, Whistleblower, Academy, Einwilligungen,
Consent, Document-Generator, Email-Templates und alle weiteren Module
die STEP_EXPLANATIONS verwenden.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Die Hetzner PostgreSQL nutzt ein Self-Signed Zertifikat. Der Node.js
pg Pool lehnte es ab (DEPTH_ZERO_SELF_SIGNED_CERT), wodurch der SDK
State nicht laden konnte → Application Error in ALLEN Modulen.
Fix: rejectUnauthorized: false wenn sslmode=require in der URL.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Pin-free pymdownx gets latest version which fixes NoneType error
on bare code fences in Python 3.11.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
testing.md causes NoneType error in Docker MkDocs build (Python 3.11).
Works locally on Python 3.9. Needs investigation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Older pymdown-extensions (10.12) crashes on bare code fences.
Upgraded to 10.14.3 + mkdocs-material 9.6.14.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
pymdownx.highlight requires language specification on code fences.
Bare ``` causes NoneType error during MkDocs build.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Benjamin Admin