Benjamin Admin 28a078ccb4 feat(compliance-check): P10 — Cookie-Policy-Architecture-Detection ...

Neuer Service cookie_policy_architecture.detect_architecture(...) prueft
vier Diagnose-Punkte der Cookie-Policy einer Website:

  1. Layer-Trennung: single (BMW-Pattern: Banner + Info in EINER URL)
                   | separate (Best Practice: getrennte Layer)
  2. Versionierung: "Stand vom DD.MM.JJJJ" / "Version X.Y" / ...
  3. Dynamic content: CMP-Capture auf Doc-URL oder Marker-Texte
  4. Vendor-Count im Text: Indikator ob Liste statisch drinsteht

Risiko-Ampel:
  - gruen: separate + versioned + statisch
  - gelb : single+unversioned (BMW) ODER separate+unversioned
  - rot  : weder noch (Pflicht-Info fehlt)

Wire-in im Compliance-Check-Worker: nach Exec-Summary-Block wird der
Architecture-Block gerendert (build_architecture_html) mit konkreter
Empfehlung. Bei BMW-Pattern: "Snapshot der dynamischen Vendor-Tabelle
als versioniertes PDF im Archiv."

Hintergrund: BMW hat eine HTML-Seite die GLEICHZEITIG Banner-Re-Trigger
und Cookie-Richtlinie ist. Mindestanforderung nach §25 TDDDG + Art. 13
DSGVO erfuellt, aber bei einer Aufsichtsbehoerden-Pruefung kann nicht
belegt werden welche Vendor-Liste an einem bestimmten Stichtag aktiv
war. Das ist kein Verstoss aber best-practice-Luecke.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-19 01:01:48 +02:00

..

document_templates

…

__init__.py

feat(compliance-check): MC-Classification + Embedding + Vendor-Redundanz + Action-Recipes + Borlabs-Features

2026-05-18 18:30:08 +02:00

_http_errors.py

refactor(backend/api): extract AuditSession service layer (Step 4 worked example)

2026-04-07 18:16:50 +02:00

agent_analyze_routes.py

fix: derive intake flags from DETECTED SERVICES, not from text content

2026-05-02 08:37:51 +02:00

agent_compare_routes.py

feat: Phase 6-8 — PDF export, recurring scans, multi-website compare

2026-04-29 15:27:51 +02:00

agent_compliance_check_routes.py

feat(compliance-check): P10 — Cookie-Policy-Architecture-Detection

2026-05-19 01:01:48 +02:00

agent_doc_check_exec_summary.py

feat(compliance-check): exec-summary + voll-audit + TDM-respect + cookie-KB-extended + saving-scan-funnel

2026-05-18 23:48:34 +02:00

agent_doc_check_extras.py

feat(compliance-check): exec-summary + voll-audit + TDM-respect + cookie-KB-extended + saving-scan-funnel

2026-05-18 23:48:34 +02:00

agent_doc_check_redundancy.py

feat(compliance-check): exec-summary + voll-audit + TDM-respect + cookie-KB-extended + saving-scan-funnel

2026-05-18 23:48:34 +02:00

agent_doc_check_report.py

feat(compliance-check): exec-summary + voll-audit + TDM-respect + cookie-KB-extended + saving-scan-funnel

2026-05-18 23:48:34 +02:00

agent_doc_check_routes.py

feat(agent): MC scorecard + audit drill-down + tenant trend (A1-A6)

2026-05-17 13:45:58 +02:00

agent_doc_check_scorecard.py

feat(compliance-check): exec-summary + voll-audit + TDM-respect + cookie-KB-extended + saving-scan-funnel

2026-05-18 23:48:34 +02:00

agent_findings_routes.py

feat(compliance-check): exec-summary + voll-audit + TDM-respect + cookie-KB-extended + saving-scan-funnel

2026-05-18 23:48:34 +02:00

agent_history_routes.py

feat: Phase 6-8 — PDF export, recurring scans, multi-website compare

2026-04-29 15:27:51 +02:00

agent_migration_routes.py

feat(agent): migrate compliance-check results to banner + documents (M1-M5)

2026-05-17 14:06:28 +02:00

agent_notification_routes.py

fix: relax email validation for .local domains in agent notify endpoint

2026-04-27 23:39:16 +02:00

agent_recurring_routes.py

feat: Phase 6-8 — PDF export, recurring scans, multi-website compare

2026-04-29 15:27:51 +02:00

agent_scan_helpers.py

fix: resolve all merge conflict markers from feat/zeroclaw-compliance-agent

2026-05-11 12:15:07 +02:00

agent_scan_models.py

fix: resolve all merge conflict markers from feat/zeroclaw-compliance-agent

2026-05-11 12:15:07 +02:00

agent_scan_routes.py

fix: resolve all merge conflict markers from feat/zeroclaw-compliance-agent

2026-05-11 12:15:07 +02:00

ai_routes.py

refactor: phase 0 guardrails + phase 1 step 2 (models.py split)

2026-04-07 13:18:29 +02:00

assertion_routes.py

…

audit_routes.py

tech-debt: mypy --strict config + integration tests for audit routes

2026-04-07 18:39:40 +02:00

audit_trail_utils.py

…

banner_ab_routes.py

feat: A/B Testing + Compliance Report PDF (F5 + F8)

2026-05-03 21:42:50 +02:00

banner_analytics_routes.py

feat: Vendor-level consent + Consent analytics (F4 + F6)

2026-05-03 20:58:06 +02:00

banner_routes.py

feat(cmp): timezone→geo_country mapping + timezone parameter

2026-05-12 14:43:13 +02:00

canonical_control_routes.py

feat(compliance-check): MC-Classification + Embedding + Vendor-Redundanz + Action-Recipes + Borlabs-Features

2026-05-18 18:30:08 +02:00

change_request_engine.py

…

change_request_routes.py

…

company_profile_routes.py

refactor(backend/api): extract CompanyProfileService (Step 4 — file 4 of 18)

2026-04-07 19:47:29 +02:00

compliance_report_routes.py

feat: A/B Testing + Compliance Report PDF (F5 + F8)

2026-05-03 21:42:50 +02:00

compliance_scope_routes.py

…

consent_template_routes.py

refactor: phase 0 guardrails + phase 1 step 2 (models.py split)

2026-04-07 13:18:29 +02:00

control_generator_routes.py

merge: sync with origin/main, take upstream on conflicts

2026-04-16 16:26:48 +02:00

cra_annex_i_data.py

feat(cra): CRA Compliance module Phase 1+2+3 (intake, scope, path, requirements, backlog, sbom, checks)

2026-05-18 17:56:52 +02:00

cra_doc_templates.py

feat(cra): Phase 5 — Technical Doc + DoC Generator (Annex V + VII)

2026-05-18 22:10:23 +02:00

cra_routes.py

feat(cra): Phase 4 — Vulnerability Disclosure + Post-Market Monitoring

2026-05-18 22:08:49 +02:00

crosswalk_routes.py

…

crud_factory.py

refactor: phase 0 guardrails + phase 1 step 2 (models.py split)

2026-04-07 13:18:29 +02:00

dashboard_routes.py

merge: sync with origin/main, take upstream on conflicts

2026-04-16 16:26:48 +02:00

db_utils.py

…

document_review_routes.py

feat: Academy integration — training gap detection after document approval (F7)

2026-05-03 22:03:25 +02:00

dsfa_routes.py

fix: EvidenceService Import + get_workflow_service Factory

2026-04-25 23:01:44 +02:00

dsr_routes.py

feat: Art. 11 DSGVO — reject DSR when data subject not identifiable

2026-05-03 23:30:18 +02:00

einwilligungen_export_routes.py

feat(compliance-check): MC-Classification + Embedding + Vendor-Redundanz + Action-Recipes + Borlabs-Features

2026-05-18 18:30:08 +02:00

einwilligungen_routes.py

refactor: phase 0 guardrails + phase 1 step 2 (models.py split)

2026-04-07 13:18:29 +02:00

email_template_routes.py

refactor(backend/api): extract Email Template services (Step 4 — file 10 of 18)

2026-04-08 22:39:19 +02:00

escalation_routes.py

refactor: phase 0 guardrails + phase 1 step 2 (models.py split)

2026-04-07 13:18:29 +02:00

evidence_check_routes.py

…

evidence_routes.py

feat(dsms): Stufe 2+3 — Evidence/TechFile → DSMS + Version Chains + Audit Timeline

2026-05-12 13:55:07 +02:00

extraction_routes.py

merge: sync with origin/main, take upstream on conflicts

2026-04-16 16:26:48 +02:00

generation_routes.py

…

import_routes.py

…

incident_routes.py

refactor(backend/api): extract Incident services (Step 4 — file 11 of 18)

2026-04-09 08:35:57 +02:00

isms_routes.py

merge: sync with origin/main, take upstream on conflicts

2026-04-16 16:26:48 +02:00

legal_document_routes.py

refactor(backend/api): extract LegalDocumentConsentService (Step 4 — file 12 of 18)

2026-04-09 08:47:56 +02:00

legal_template_routes.py

feat: DSR Prozessbeschreibungen Art. 15-21 mit Swim-Lane-Diagrammen

2026-04-28 19:25:38 +02:00

llm_audit_routes.py

…

loeschfristen_routes.py

merge: sync with origin/main, take upstream on conflicts

2026-04-16 16:26:48 +02:00

module_routes.py

…

notfallplan_routes.py

refactor(backend/api): extract Notfallplan schemas + services (Step 4)

2026-04-09 20:10:43 +02:00

obligation_routes.py

merge: sync with origin/main, take upstream on conflicts

2026-04-16 16:26:48 +02:00

org_role_routes.py

feat: Rollenkonzept backend + SOP template (Phase 1-3)

2026-05-03 13:03:38 +02:00

process_task_routes.py

…

project_routes.py

…

quality_routes.py

refactor: phase 0 guardrails + phase 1 step 2 (models.py split)

2026-04-07 13:18:29 +02:00

risk_routes.py

…

routes.py

merge: sync with origin/main, take upstream on conflicts

2026-04-16 16:26:48 +02:00

saving_scan_routes.py

feat(compliance-check): exec-summary + voll-audit + TDM-respect + cookie-KB-extended + saving-scan-funnel

2026-05-18 23:48:34 +02:00

schemas.py

merge: sync with origin/main, take upstream on conflicts

2026-04-16 16:26:48 +02:00

scraper_routes.py

…

screening_routes.py

merge: sync with origin/main, take upstream on conflicts

2026-04-16 16:26:48 +02:00

security_backlog_routes.py

refactor: phase 0 guardrails + phase 1 step 2 (models.py split)

2026-04-07 13:18:29 +02:00

source_policy_router.py

refactor(backend/api): extract SourcePolicyService (Step 4 — file 7 of 18)

2026-04-07 19:58:02 +02:00

tcf_routes.py

feat: IAB TCF 2.2 — TC String encoder + purpose mapping + UI

2026-05-04 07:01:37 +02:00

tenant_utils.py

…

tom_mapping_routes.py

…

tom_routes.py

refactor(backend/api): extract TOMService (Step 4 — file 3 of 18)

2026-04-07 19:42:17 +02:00

vendor_assessment_routes.py

feat(vendor-assessment): Pruefprotokoll + Frontend + Sidebar

2026-05-12 23:24:12 +02:00

vendor_compliance_routes.py

refactor(backend/api): extract vendor compliance services (Step 4)

2026-04-09 20:11:24 +02:00

versioning_utils.py

…

vvt_library_routes.py

…

vvt_routes.py

fix: 3 weitere Router-Import-Fehler aus Refactoring

2026-04-25 22:48:04 +02:00

whistleblower_routes.py

feat: Whistleblower backend + Scanner banner-check (last 2 gaps)

2026-05-04 00:22:18 +02:00

wiki_routes.py

…