Benjamin Admin
ff796fb480
#19 Chatbot-Cookie-Klassifikation: - chat_providers.json KB mit 11 Providern (iAdvize, Intercom, Tidio, Drift, Userlike, Zendesk, LivePerson, HubSpot, Vertex AI, OpenAI, Anthropic Claude). Pro Provider: Cookie-Pattern-Regex, typical_retention_days, tn_functions vs cp_functions, ai_capable. - chatbot_cookie_classification_check.py mit 4 KORRIGIERTEN Checks: CHAT-COOKIE-CLASS-001 (MED) — TN deklariert + Vendor-Purpose erwähnt Targeting/Analytics/A-B-Tests CHAT-COOKIE-CLASS-002 (MED) — Provider hat tn+cp Funktionen, Tabelle nennt nur eine Seite → keine Einwilligungs-Differenzierung CHAT-COOKIE-PURPOSE-001 (LOW) — Zweck zu generisch (Art. 13 DSGVO konkret) CHAT-COOKIE-RETENTION-001 (HIGH) — deklariert <90d, KB-typisch >365d → vermutlich unterdeklariert NEU vs vorigem Plan: kein "eigene Banner-Kategorie Chat/AI"-Check — gesetzlich nicht vorgeschrieben (Vermischung Zweck-Transparenz vs Kategorie-Name). Anwender-Frage berechtigt, Konzept geschärft. - _b12_wiring.py + Orchestrator-Wire + V2-Compose-Slot - Cookie-Inventar mit [Chat]/[Chat+AI]-Tag pro Cookie-Name (KB-Lookup) - Smoke (3 Vendors / 5 Cookies): 9 findings korrekt (3 HIGH RETENTION, 3 MEDIUM CLASS-001, 4 LOW PURPOSE) Cookie-Matrix Scan (Browser-Vergleich gegen safetykon.de): - consent-tester/services/cookie_behavior_per_browser.py: eigener fokussierter Scanner. Pro Browser-Profile: cookies before / after reject / after accept in separaten Kontexten. Sequenzielle Runs statt parallel (Race-Conditions). - routes_cookie_matrix.py POST /scan-cookie-matrix - Live-Test safetykon.de: chromium=1, firefox=0, webkit=1, mobile- safari=1 nach reject — Firefox setzt KEIN Cookie nach Reject! (consent-tester Rebuild brachte playwright install-deps für system-libs) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
69 lines
2.2 KiB
Python
69 lines
2.2 KiB
Python
"""Mail-V2 compose — single entrypoint that returns the full HTML.
|
|
|
|
Call `compose_v2(state)` from the email-dispatch phase when
|
|
`MAIL_RENDER_V2=true`. Default remains the legacy compose so we can
|
|
A/B in Mailpit.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import os
|
|
|
|
from ._blocks import (
|
|
render_attachments,
|
|
render_caveats,
|
|
render_header,
|
|
render_per_doc,
|
|
render_per_theme,
|
|
render_sofortmassnahmen,
|
|
render_toc,
|
|
)
|
|
from ._blocks_findings import (
|
|
render_critical,
|
|
render_internal_reminders,
|
|
render_manual_review,
|
|
)
|
|
from ._legacy_wrappers import render_all_legacy
|
|
from ._style import page_close, page_open
|
|
|
|
|
|
def compose_v2(state: dict) -> str:
|
|
"""Build the full audit-mail HTML in the V2 layout."""
|
|
site = state.get("site_name") or "—"
|
|
parts = [
|
|
page_open(site),
|
|
render_header(state),
|
|
render_toc(state),
|
|
render_critical(state),
|
|
render_manual_review(state),
|
|
render_internal_reminders(state),
|
|
render_sofortmassnahmen(state),
|
|
render_per_doc(state),
|
|
render_per_theme(state),
|
|
# B4 — Cross-Doc Vendor-Consistency (Elli Vertex↔Iadvize pattern)
|
|
state.get("vendor_consistency_html", ""),
|
|
# B5 — AI-Act Art. 50 Transparenzpflicht
|
|
state.get("ai_act_html", ""),
|
|
# B6/B7/B8/B9/B10 — DPO + Staleness + CMP + MultiEntity + Transfer
|
|
state.get("extra_findings_html", ""),
|
|
# B12 Chatbot-Cookie-Klassifikation
|
|
state.get("chatbot_cookie_html", ""),
|
|
# Browser-Matrix (Stage 1.c)
|
|
state.get("browser_matrix_html", ""),
|
|
# All legacy build_*_html() wrapped in V2 sections — preserves
|
|
# every information block from the old renderer (Exec Summary,
|
|
# Banner-Screenshot, VVT, Redundancy, Solutions, Diff, etc.)
|
|
render_all_legacy(state),
|
|
render_caveats(state),
|
|
render_attachments(state),
|
|
page_close(state.get("check_id", ""),
|
|
os.environ.get("BUILD_SHA", "unknown")),
|
|
]
|
|
return "".join(p for p in parts if p)
|
|
|
|
|
|
def is_v2_enabled() -> bool:
|
|
return os.environ.get("MAIL_RENDER_V2", "false").lower() in (
|
|
"true", "1", "yes", "on",
|
|
)
|