""" Agent Website Scan Routes — deep scan endpoint that performs multi-page website analysis with SOLL/IST service comparison. POST /api/compliance/agent/scan """ import logging import os import re from datetime import datetime, timezone import httpx from fastapi import APIRouter from pydantic import BaseModel from compliance.services.website_scanner import scan_website, DetectedService from compliance.services.dse_service_extractor import extract_dse_services, compare_services from compliance.services.smtp_sender import send_email from compliance.services.dse_parser import parse_dse from compliance.services.dse_matcher import build_text_references, TextReference from compliance.services.mandatory_content_checker import ( check_mandatory_documents, check_dse_mandatory_content, MandatoryFinding, ) from compliance.services.legal_basis_validator import validate_legal_bases from compliance.api.agent_scan_helpers import ( add_corrections, build_scan_summary, fetch_dse_text, fetch_dse_html, ) logger = logging.getLogger(__name__) router = APIRouter(prefix="/compliance/agent", tags=["agent"]) SDK_URL = os.environ.get("AI_SDK_URL", "http://bp-compliance-ai-sdk:8090") TENANT_ID = "9282a473-5c95-4b3a-bf78-0ecc0ec71d3e" USER_ID = "00000000-0000-0000-0000-000000000001" SDK_HEADERS = { "Content-Type": "application/json", "X-Tenant-ID": TENANT_ID, "X-User-ID": USER_ID, } class ScanRequest(BaseModel): url: str mode: str = "post_launch" recipient: str = "dsb@breakpilot.local" class ServiceInfo(BaseModel): name: str category: str provider: str country: str eu_adequate: bool requires_consent: bool legal_ref: str in_dse: bool status: str # "ok", "undocumented", "outdated" class TextReferenceModel(BaseModel): found: bool = False source_url: str = "" document_type: str = "Datenschutzerklaerung" section_heading: str = "" section_number: str = "" parent_section: str = "" paragraph_index: int = 0 original_text: str = "" issue: str = "" correction_type: str = "" correction_text: str = "" insert_after: str = "" class ScanFinding(BaseModel): code: str severity: str text: str correction: str = "" doc_title: str = "" text_reference: TextReferenceModel | None = None class DiscoveredDocument(BaseModel): title: str url: str doc_type: str language: str = "" word_count: int = 0 completeness_pct: int = 0 findings_count: int = 0 class ScanResponse(BaseModel): url: str pages_scanned: int pages_list: list[str] = [] services: list[ServiceInfo] findings: list[ScanFinding] discovered_documents: list[DiscoveredDocument] = [] ai_detected: bool chatbot_detected: bool chatbot_provider: str missing_pages: dict summary: str email_status: str scanned_at: str import asyncio import uuid as _uuid # In-memory scan job store (survives until container restart) _scan_jobs: dict[str, dict] = {} class ScanStartResponse(BaseModel): scan_id: str status: str = "running" message: str = "" class ScanStatusResponse(BaseModel): scan_id: str status: str # "running", "completed", "failed" progress: str = "" result: ScanResponse | None = None error: str = "" @router.post("/scan") async def scan_website_endpoint(req: ScanRequest): """Start async website scan. Returns scan_id immediately. Poll GET /scan/{scan_id} for status and results.""" scan_id = str(_uuid.uuid4())[:8] _scan_jobs[scan_id] = {"status": "running", "progress": "Scan gestartet...", "result": None, "error": ""} # Launch scan in background asyncio.create_task(_run_scan(scan_id, req)) return ScanStartResponse(scan_id=scan_id, status="running", message="Scan gestartet. Ergebnisse unter GET /scan/{scan_id}") @router.get("/scan/{scan_id}") async def get_scan_status(scan_id: str): """Poll scan status. Returns result when completed.""" job = _scan_jobs.get(scan_id) if not job: return {"scan_id": scan_id, "status": "not_found", "error": "Scan-ID nicht gefunden"} return ScanStatusResponse( scan_id=scan_id, status=job["status"], progress=job.get("progress", ""), result=job.get("result"), error=job.get("error", ""), ) async def _run_scan(scan_id: str, req: ScanRequest): """Background scan task — updates _scan_jobs with progress.""" try: result = await _execute_scan(req, scan_id) _scan_jobs[scan_id]["status"] = "completed" _scan_jobs[scan_id]["result"] = result _scan_jobs[scan_id]["progress"] = "Fertig" except Exception as e: logger.error("Scan %s failed: %s", scan_id, e) _scan_jobs[scan_id]["status"] = "failed" _scan_jobs[scan_id]["error"] = str(e)[:500] async def _execute_scan(req: ScanRequest, scan_id: str = "") -> ScanResponse: """Execute the full scan pipeline (called as background task).""" is_live = req.mode == "post_launch" def _progress(msg: str): if scan_id and scan_id in _scan_jobs: _scan_jobs[scan_id]["progress"] = msg _progress("Schritt 1/7: Website wird gescannt...") # Step 1: Scan website — try Playwright first (JS-rendered), fallback to httpx playwright_htmls: dict[str, str] = {} try: async with httpx.AsyncClient(timeout=300.0) as pw_client: pw_resp = await pw_client.post( "http://bp-compliance-consent-tester:8094/website-scan", json={"url": req.url, "max_pages": 50, "click_nav": True}, ) if pw_resp.status_code == 200: pw_data = pw_resp.json() playwright_htmls = pw_data.get("page_htmls", {}) logger.info("Playwright scan: %d pages, %d scripts", pw_data.get("pages_count", 0), len(pw_data.get("external_scripts", []))) except Exception as e: logger.warning("Playwright scanner unavailable, falling back to httpx: %s", e) # Use Playwright results if available, otherwise fall back to httpx scanner if playwright_htmls: # Build ScanResult from Playwright data from compliance.services.website_scanner import ScanResult, DetectedService, _detect_services, _detect_ai_mentions from compliance.services.service_registry import SERVICE_REGISTRY scan = ScanResult() scan.pages_scanned = list(playwright_htmls.keys()) for page_url, html in playwright_htmls.items(): _detect_services(html, page_url, scan) _detect_ai_mentions(html, page_url, scan) # Deduplicate seen = set() unique = [] for svc in scan.detected_services: if svc.id not in seen: seen.add(svc.id) unique.append(svc) scan.detected_services = unique scan.chatbot_detected = any(s.category == "chatbot" for s in scan.detected_services) if scan.chatbot_detected: scan.chatbot_provider = next(s.name for s in scan.detected_services if s.category == "chatbot") else: scan = await scan_website(req.url) logger.info("Scanned %d pages, found %d services", len(scan.pages_scanned), len(scan.detected_services)) _progress(f"Schritt 2/7: Rechtliche Dokumente suchen... ({len(scan.pages_scanned)} Seiten gescannt)") # Step 1b: DSI Discovery — find all legal documents on the website discovered_docs: list[DiscoveredDocument] = [] dsi_findings: list[ScanFinding] = [] try: async with httpx.AsyncClient(timeout=300.0) as dsi_client: dsi_resp = await dsi_client.post( "http://bp-compliance-consent-tester:8094/dsi-discovery", json={"url": req.url, "max_documents": 30}, ) if dsi_resp.status_code == 200: dsi_data = dsi_resp.json() logger.info("DSI discovery: %d documents found", dsi_data.get("total_found", 0)) # Check each document against its legal requirements from compliance.services.dsi_document_checker import ( check_document_completeness, classify_document_type, ) for doc in dsi_data.get("documents", []): doc_type = classify_document_type(doc["title"], doc["url"]) doc_text = doc.get("full_text", "") or doc.get("text_preview", "") doc_findings = check_document_completeness( doc_text, doc_type, doc["title"], doc["url"], ) # Count completeness score_finding = next((f for f in doc_findings if "SCORE" in f.get("code", "")), None) completeness = 0 if score_finding: import re as _re2 pct_match = _re2.search(r"(\d+)%", score_finding.get("text", "")) if pct_match: completeness = int(pct_match.group(1)) discovered_docs.append(DiscoveredDocument( title=doc["title"], url=doc["url"], doc_type=doc_type, language=doc.get("language", ""), word_count=doc.get("word_count", 0), completeness_pct=completeness, findings_count=len([f for f in doc_findings if "SCORE" not in f.get("code", "")]), )) for df in doc_findings: if "SCORE" not in df.get("code", ""): dsi_findings.append(ScanFinding( code=df["code"], severity=df["severity"], text=df["text"], doc_title=doc["title"], )) except Exception as e: logger.warning("DSI discovery failed: %s %s", type(e).__name__, e) _progress(f"Schritt 3/7: Datenschutzerklaerung analysieren... ({len(discovered_docs)} Dokumente gefunden)") # Step 2: Fetch privacy policy text # Priority: 1) Playwright HTMLs, 2) DSI Discovery full_text, 3) httpx fallback dse_text = "" for page_url, html in playwright_htmls.items(): if re.search(r"datenschutz|privacy|dsgvo", page_url, re.IGNORECASE): clean = re.sub(r"<(script|style)[^>]*>.*?", "", html, flags=re.DOTALL | re.IGNORECASE) clean = re.sub(r"<[^>]+>", " ", clean) clean = re.sub(r"\s+", " ", clean).strip() dse_text = clean[:8000] break # Fallback: use DSI discovery texts (combined from all DSE documents found) if not dse_text and discovered_docs: try: dsi_data_local = dsi_resp.json() if 'dsi_resp' in dir() else {} for doc in dsi_data_local.get("documents", []): if doc.get("doc_type", "") in ("dse", "privacy", "datenschutz") or \ "datenschutz" in doc.get("title", "").lower(): ft = doc.get("full_text", "") if ft and len(ft) > len(dse_text): dse_text = ft[:8000] except Exception: pass if not dse_text: dse_text = await fetch_dse_text(req.url, scan.pages_scanned) # Step 3: Extract services mentioned in DSE via LLM + text fallback dse_services = await extract_dse_services(dse_text) if dse_text else [] logger.info("DSE mentions %d services (LLM)", len(dse_services)) # Fallback: if LLM extraction failed, search DSE text directly for service names if not dse_services and dse_text: dse_lower = dse_text.lower() detected_dicts_for_check = [_service_to_dict(s) for s in scan.detected_services] for svc in detected_dicts_for_check: name = svc.get("name", "").lower() # Check if service name appears in DSE text if name and len(name) > 3 and name in dse_lower: dse_services.append({"name": svc["name"], "purpose": "", "country": svc.get("country", ""), "legal_basis": ""}) if dse_services: logger.info("DSE text fallback found %d services", len(dse_services)) # Step 4: Parse DSE into structured sections (prefer Playwright HTML) dse_html = "" for page_url, html in playwright_htmls.items(): if re.search(r"datenschutz|privacy|dsgvo", page_url, re.IGNORECASE): dse_html = html break if not dse_html: dse_html = await fetch_dse_html(req.url, scan.pages_scanned) dse_sections = parse_dse(dse_html, req.url) if dse_html else [] logger.info("Parsed %d DSE sections", len(dse_sections)) _progress("Schritt 4/7: SOLL/IST Vergleich...") # Step 5: SOLL/IST comparison detected_dicts = [_service_to_dict(s) for s in scan.detected_services] comparison = compare_services(detected_dicts, dse_services) # Step 6: Build TextReferences for each detected service text_refs = build_text_references(detected_dicts, dse_services, dse_sections, req.url) # Step 7: Generate findings with text references services_info, findings = _build_findings(comparison, scan, is_live, text_refs) # Step 8: Check mandatory content (documents + DSE sections) mandatory_findings = check_mandatory_documents(scan.pages_scanned, scan.missing_pages) mandatory_findings += check_dse_mandatory_content(dse_sections, dse_text) for mf in mandatory_findings: findings.append(ScanFinding( code=mf.code, severity=mf.severity, text=f"{mf.text}" + (f" — {mf.suggestion}" if mf.suggestion else ""), )) # Step 8b: Validate legal bases (lit. a-f) in DSE if dse_text: lit_findings = validate_legal_bases(dse_text) for lf in lit_findings: findings.append(ScanFinding( code=f"LIT-{lf.purpose.upper()}", severity=lf.severity, text=lf.text, text_reference=TextReferenceModel( found=True, source_url=req.url, original_text=lf.original_text, issue="incorrect", correction_type="replace", correction_text=f"Korrekte Rechtsgrundlage: {lf.correct_basis} ({lf.legal_ref})", ) if lf.original_text else None, )) # Step 8c: Add DSI document findings findings.extend(dsi_findings) _progress(f"Schritt 5/7: Korrekturen generieren... ({len(findings)} Findings)") # Step 9: Generate corrections for pre-launch mode if not is_live and findings: await add_corrections(findings, dse_text) _progress("Schritt 6/7: Report erstellen...") # Step 7: Build summary summary = build_scan_summary(req.url, scan, comparison, findings, is_live, discovered_docs) _progress("Schritt 7/7: E-Mail senden...") # Step 8: Send notification mode_label = "INTERNE PRUEFUNG" if not is_live else "LIVE-WEBSITE" email_result = send_email( recipient=req.recipient, subject=f"[{mode_label}] Website-Scan: {req.url[:50]}", body_html=f"
{summary}
", ) return ScanResponse( url=req.url, pages_scanned=len(scan.pages_scanned), pages_list=scan.pages_scanned, services=services_info, findings=findings, discovered_documents=discovered_docs, ai_detected=len(scan.ai_mentions) > 0, chatbot_detected=scan.chatbot_detected, chatbot_provider=scan.chatbot_provider, missing_pages=scan.missing_pages, summary=summary, email_status=email_result.get("status", "failed"), scanned_at=datetime.now(timezone.utc).isoformat(), ) def _service_to_dict(svc: DetectedService) -> dict: return { "id": svc.id, "name": svc.name, "category": svc.category, "provider": svc.provider, "country": svc.country, "eu_adequate": svc.eu_adequate, "requires_consent": svc.requires_consent, "legal_ref": svc.legal_ref, } def _build_findings( comparison: dict, scan, is_live: bool, text_refs: dict | None = None, ) -> tuple[list[ServiceInfo], list[ScanFinding]]: """Build service info list and findings from comparison.""" services = [] findings = [] text_refs = text_refs or {} def _get_ref(svc_id: str) -> TextReferenceModel | None: ref = text_refs.get(svc_id) if not ref: return None return TextReferenceModel( found=ref.found, source_url=ref.source_url, document_type=ref.document_type, section_heading=ref.section_heading, section_number=ref.section_number, parent_section=ref.parent_section, paragraph_index=ref.paragraph_index, original_text=ref.original_text, issue=ref.issue, correction_type=ref.correction_type, correction_text=ref.correction_text, insert_after=ref.insert_after, ) # Undocumented services (on website, NOT in DSE) for svc in comparison["undocumented"]: services.append(ServiceInfo( name=svc["name"], category=svc.get("category", "other"), provider=svc.get("provider", ""), country=svc.get("country", ""), eu_adequate=svc.get("eu_adequate", False), requires_consent=svc.get("requires_consent", False), legal_ref=svc.get("legal_ref", ""), in_dse=False, status="undocumented", )) severity = "HIGH" if is_live else "MEDIUM" ref = _get_ref(svc.get("id", "")) findings.append(ScanFinding( code=f"DSE-MISSING-{svc['id'].upper()}", severity=severity, text=f"{svc['name']} ({svc.get('provider', '')}, {svc.get('country', '')}) " f"ist auf der Website eingebunden aber NICHT in der Datenschutzerklaerung " f"dokumentiert (Art. 13 DSGVO).", text_reference=ref, )) # Documented services (OK) for item in comparison["documented"]: svc = item["detected"] services.append(ServiceInfo( name=svc["name"], category=svc.get("category", "other"), provider=svc.get("provider", ""), country=svc.get("country", ""), eu_adequate=svc.get("eu_adequate", False), requires_consent=svc.get("requires_consent", False), legal_ref=svc.get("legal_ref", ""), in_dse=True, status="ok", )) # Check third-country transfer if not svc.get("eu_adequate", False): findings.append(ScanFinding( code=f"TRANSFER-{svc['id'].upper()}", severity="MEDIUM", text=f"{svc['name']} ({svc.get('country', '')}) — Drittlandtransfer. " f"Pruefen ob SCCs oder Angemessenheitsbeschluss dokumentiert sind.", )) # Outdated services (in DSE, NOT on website) for svc in comparison["outdated"]: services.append(ServiceInfo( name=svc["name"], category="other", provider=svc.get("provider", ""), country=svc.get("country", ""), eu_adequate=True, requires_consent=False, legal_ref="", in_dse=True, status="outdated", )) findings.append(ScanFinding( code=f"DSE-OUTDATED-{svc['name'].upper().replace(' ', '_')[:20]}", severity="LOW", text=f"{svc['name']} in Datenschutzerklaerung erwaehnt aber auf der Website " f"nicht mehr gefunden. Eintrag bei naechster Aktualisierung entfernen.", )) # Missing pages (e.g., /impressum returns 404) for page_url, status_code in scan.missing_pages.items(): if "impressum" in page_url.lower(): findings.append(ScanFinding( code="MISSING-IMPRESSUM", severity="HIGH", text=f"Impressum-Seite gibt HTTP {status_code} zurueck (§5 TMG Verstoss).", )) return services, findings