#!/usr/bin/env python3
"""P59c — Seed DACH-Custom-Cookies in compliance.cookie_library.

Ergaenzt Open-Cookie-Database (~2200 Cookies) um DACH-typische Cookies, die in
der OCD fehlen oder schlecht abgedeckt sind:

  - Borlabs Cookie (selbst gehostete CMP, sehr verbreitet im DACH-Mittelstand)
  - etracker (in DE haeufige Analytics-Alternative zu Google Analytics)
  - Matomo / Piwik (self-hosted Analytics)
  - Userlike, Userpilot, ChannelEngine (DACH-Tools)
  - OEM-typische Custom-Cookies (Mercedes _abck/Akamai, BMW eus5, VW dxa)

Quellen-Doku: jeder Eintrag hat source_url auf Anbieter-Doku (rechtssicher).
Lizenz: Wir publizieren als eigene Sammlung (CC-BY) — Texte sind eigene
Formulierungen, Anbieter-Quellen werden referenziert.
"""
from __future__ import annotations

import os
import sys

import psycopg2

# (cookie_name, domain_pattern, vendor_name, actual_category, purpose_de,
#  typical_max_age_seconds, source_name, source_url, confidence)
DACH_COOKIES = [
    # ── Borlabs Cookie CMP ─────────────────────────────────────────
    ("borlabs-cookie", "*", "Borlabs GmbH", "essential",
     "Speichert die Cookie-Einwilligung des Nutzers (CMP-Funktion).",
     31536000, "Borlabs Cookie Doku",
     "https://de.borlabs.io/kb/borlabs-cookie/", 0.95),
    ("borlabs_consent", "*", "Borlabs GmbH", "essential",
     "Aelterer Borlabs-Consent-Cookie (Legacy v1).",
     31536000, "Borlabs Cookie Doku",
     "https://de.borlabs.io/kb/borlabs-cookie/", 0.90),

    # ── etracker (DE-Analytics-Alternative) ───────────────────────
    ("et_oi_v3", "*", "etracker GmbH, Hamburg", "statistics",
     "etracker Opt-Out-Indikator (zeigt ob Nutzer dem Tracking widersprochen hat).",
     63072000, "etracker Doku",
     "https://www.etracker.com/docs/integration-setup/datenschutz/", 0.95),
    ("et_cust_v3", "*", "etracker GmbH, Hamburg", "statistics",
     "etracker Customer-ID fuer wiederkehrende Besucher.",
     31536000, "etracker Doku",
     "https://www.etracker.com/docs/integration-setup/datenschutz/", 0.95),

    # ── Matomo / Piwik (self-hosted Analytics) ────────────────────
    ("_pk_id", "*", "Matomo (selbst gehostet)", "statistics",
     "Matomo Visitor-ID fuer Wiedererkennung von Besuchern (typisch 13 Monate).",
     33696000, "Matomo Doku",
     "https://matomo.org/faq/general/faq_146/", 0.95),
    ("_pk_ses", "*", "Matomo (selbst gehostet)", "statistics",
     "Matomo Session-ID fuer aktive Besuchersitzungen (30 Minuten).",
     1800, "Matomo Doku",
     "https://matomo.org/faq/general/faq_146/", 0.95),
    ("_pk_ref", "*", "Matomo (selbst gehostet)", "statistics",
     "Matomo Referrer-Information (woher kam der Besucher).",
     15768000, "Matomo Doku",
     "https://matomo.org/faq/general/faq_146/", 0.90),

    # ── Userlike (DE-Chat) ────────────────────────────────────────
    ("uslk_e", "*", "Userlike UG, Koeln", "functional",
     "Userlike Live-Chat — speichert ob Nutzer mit Chat interagiert hat.",
     31536000, "Userlike Privacy",
     "https://www.userlike.com/de/privacy-policy", 0.90),

    # ── OEM-typische Akamai-Bot-Manager-Cookies ───────────────────
    # (Mercedes, BMW, VW, Audi nutzen alle Akamai)
    ("_abck", "*", "Akamai Technologies", "essential",
     "Akamai Bot-Manager Session-Cookie. Erkennt automatisierte Zugriffe (Bots).",
     31536000, "Akamai Bot Manager Doku",
     "https://techdocs.akamai.com/bot-manager/docs", 0.95),
    ("bm_sz", "*", "Akamai Technologies", "essential",
     "Akamai Bot-Manager — speichert Geraete-Fingerprint fuer Bot-Erkennung.",
     14400, "Akamai Bot Manager Doku",
     "https://techdocs.akamai.com/bot-manager/docs", 0.95),
    ("bm_mi", "*", "Akamai Technologies", "essential",
     "Akamai Bot-Manager — Mobile-Integrity-Check.",
     7200, "Akamai Bot Manager Doku",
     "https://techdocs.akamai.com/bot-manager/docs", 0.90),
    ("ak_bmsc", "*", "Akamai Technologies", "essential",
     "Akamai Bot-Manager Score-Cookie.",
     7200, "Akamai Bot Manager Doku",
     "https://techdocs.akamai.com/bot-manager/docs", 0.90),

    # ── Cloudflare Bot-Management ─────────────────────────────────
    ("__cf_bm", "*", "Cloudflare, Inc.", "essential",
     "Cloudflare Bot-Management Token — unterscheidet menschliche Zugriffe von Bots.",
     1800, "Cloudflare Doku",
     "https://developers.cloudflare.com/bots/concepts/bot-score/", 0.95),
    ("cf_clearance", "*", "Cloudflare, Inc.", "essential",
     "Cloudflare Challenge-Cookie nach erfolgreichem Captcha/JS-Challenge.",
     1800, "Cloudflare Doku",
     "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/", 0.95),

    # ── Datadome Bot-Manager ──────────────────────────────────────
    ("datadome", "*", "DataDome SAS, Paris", "essential",
     "DataDome Bot-Detection Cookie. Wird auf vielen OEM-Sites mit Akamai parallel eingesetzt.",
     31536000, "DataDome Doku",
     "https://datadome.co/learning-center/", 0.90),

    # ── Usercentrics (CMP — verbreitet in DACH) ───────────────────
    ("uc_user_interaction", "*", "Usercentrics GmbH", "essential",
     "Usercentrics CMP — speichert Banner-Interaktion (Akzeptiert/Abgelehnt).",
     31536000, "Usercentrics Doku",
     "https://usercentrics.com/de/knowledge-hub/", 0.95),
    ("uc_settings", "*", "Usercentrics GmbH", "essential",
     "Usercentrics CMP — detaillierte Kategorie-Einstellungen pro Vendor.",
     31536000, "Usercentrics Doku",
     "https://usercentrics.com/de/knowledge-hub/", 0.95),

    # ── Cookiebot (CMP) ───────────────────────────────────────────
    ("CookieConsent", "*", "Cybot A/S (Cookiebot)", "essential",
     "Cookiebot CMP — speichert Einwilligungs-Status des Nutzers.",
     31536000, "Cookiebot Doku",
     "https://www.cookiebot.com/de/datenschutzerklarung/", 0.95),

    # ── Cookieyes ─────────────────────────────────────────────────
    ("cky-consent", "*", "Cookieyes Ltd, UK", "essential",
     "Cookieyes CMP — Einwilligungs-Speicherung.",
     31536000, "Cookieyes Doku",
     "https://www.cookieyes.com/documentation/", 0.90),

    # ── HubSpot (verbreitet in DE-B2B) ─────────────────────────────
    ("__hstc", "*", "HubSpot, Inc.", "marketing",
     "HubSpot Analytics — Hauptcookie zur Besucher-Identifikation.",
     34128000, "HubSpot Cookies Doku",
     "https://knowledge.hubspot.com/de/privacy-and-consent/what-cookies-does-hubspot-set-in-a-visitor-s-browser", 0.95),
    ("hubspotutk", "*", "HubSpot, Inc.", "marketing",
     "HubSpot User-Token — verfolgt Besucher seitenuebergreifend.",
     34128000, "HubSpot Cookies Doku",
     "https://knowledge.hubspot.com/de/privacy-and-consent/what-cookies-does-hubspot-set-in-a-visitor-s-browser", 0.95),
]


def main() -> int:
    dsn = os.environ.get("DATABASE_URL")
    if not dsn:
        print("DATABASE_URL missing", file=sys.stderr)
        return 1
    conn = psycopg2.connect(dsn)
    cur = conn.cursor()
    inserted = 0
    for c in DACH_COOKIES:
        (name, domain, vendor, cat, purpose_de, max_age,
         source_name, source_url, confidence) = c
        cur.execute(
            """
            INSERT INTO compliance.cookie_library
                (cookie_name, domain_pattern, vendor_name,
                 actual_category, purpose_de,
                 typical_max_age_seconds, source_name, source_url,
                 source_license, confidence)
            VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)
            ON CONFLICT DO NOTHING
            """,
            (name, domain, vendor[:200], cat, purpose_de, max_age,
             source_name, source_url, "CC-BY-eigene-Sammlung", confidence),
        )
        inserted += cur.rowcount
    conn.commit()
    print(f"P59c DACH-Cookies: {inserted}/{len(DACH_COOKIES)} inserted")
    return 0


if __name__ == "__main__":
    sys.exit(main())