bmad-plus 0.8.0 → 0.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +45 -1
- package/LICENSE +21 -21
- package/README.md +107 -85
- package/osint-agent-package/README.md +88 -88
- package/osint-agent-package/SETUP_KEYS.md +108 -108
- package/osint-agent-package/agents/osint-investigator.md +80 -80
- package/osint-agent-package/install.ps1 +87 -87
- package/osint-agent-package/install.sh +76 -76
- package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
- package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -266
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
- package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
- package/package.json +30 -3
- package/readme-international/README.de.md +18 -5
- package/readme-international/README.es.md +40 -12
- package/readme-international/README.fr.md +36 -8
- package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
- package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
- package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
- package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
- package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
- package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
- package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/data/role-triggers.yaml +209 -209
- package/src/bmad-plus/module-help.csv +10 -10
- package/src/bmad-plus/packs/pack-memory/README.md +106 -106
- package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
- package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
- package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
- package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
- package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
- package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
- package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
- package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
- package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
- package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
- package/src/bmad-plus/packs/pack-seo/bmad-skill-manifest.yaml +13 -0
- package/src/bmad-plus/packs/pack-shield/README.md +110 -110
- package/src/bmad-plus/packs/pack-shield/SKILL.md +82 -0
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +251 -251
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +168 -168
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +190 -190
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +86 -86
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +240 -240
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +122 -122
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +210 -210
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +139 -139
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +156 -156
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +72 -72
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +239 -239
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +207 -207
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +116 -116
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +261 -261
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +191 -191
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +356 -356
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +499 -499
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +236 -236
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +162 -162
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +228 -228
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +255 -255
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +153 -153
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
- package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
- package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
- package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
- package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
- package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
- package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
- package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
- package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
- package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
- package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
- package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
- package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
- package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
- package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
- package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
- package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
- package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
- package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
- package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
- package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
- package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
- package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
- package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
- package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
- package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
- package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
- package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
- package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
- package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
- package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
- package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
- package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
- package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
- package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
- package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
- package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
- package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
- package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
- package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
- package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
- package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
- package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
- package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
- package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
- package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
- package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
- package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
- package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
- package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
- package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
- package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
- package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
- package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
- package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
- package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
- package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
- package/tools/bmad-plus-npx.js +3 -5
- package/tools/cli/bmad-plus-cli.js +5 -3
- package/tools/cli/commands/autoconfig.js +18 -61
- package/tools/cli/commands/doctor.js +30 -31
- package/tools/cli/commands/install.js +33 -343
- package/tools/cli/commands/memory.js +1 -0
- package/tools/cli/commands/scan.js +61 -74
- package/tools/cli/commands/uninstall.js +7 -4
- package/tools/cli/commands/update.js +15 -72
- package/tools/cli/i18n.js +92 -10
- package/tools/cli/lib/ide-config.js +259 -0
- package/tools/cli/lib/memory-init.js +113 -0
- package/tools/cli/lib/pack-copy.js +84 -0
- package/tools/cli/lib/packs.js +114 -0
- package/tools/cli/lib/stack-detect.js +102 -0
- package/tools/cli/lib/validate.js +45 -0
- package/src/bmad-plus/agents/pack-animated/animated-website-agent.md +0 -325
- package/src/bmad-plus/agents/pack-animated/templates/animated-website-workflow.md +0 -55
- package/src/bmad-plus/agents/pack-backup/backup-agent.md +0 -71
- package/src/bmad-plus/agents/pack-backup/templates/backup-workflow.md +0 -51
- package/src/bmad-plus/agents/pack-seo/SKILL.md +0 -171
- package/src/bmad-plus/agents/pack-seo/checklist.md +0 -140
- package/src/bmad-plus/agents/pack-seo/pagespeed-playbook.md +0 -320
- package/src/bmad-plus/agents/pack-seo/ref/audit-schema.json +0 -187
- package/src/bmad-plus/agents/pack-seo/ref/cwv-thresholds.md +0 -87
- package/src/bmad-plus/agents/pack-seo/ref/eeat-criteria.md +0 -123
- package/src/bmad-plus/agents/pack-seo/ref/geo-signals.md +0 -167
- package/src/bmad-plus/agents/pack-seo/ref/hreflang-rules.md +0 -153
- package/src/bmad-plus/agents/pack-seo/ref/quality-gates.md +0 -133
- package/src/bmad-plus/agents/pack-seo/ref/schema-catalog.md +0 -91
- package/src/bmad-plus/agents/pack-seo/ref/schema-templates.json +0 -356
- package/src/bmad-plus/agents/pack-seo/seo-chief.md +0 -294
- package/src/bmad-plus/agents/pack-seo/seo-judge.md +0 -241
- package/src/bmad-plus/agents/pack-seo/seo-scout.md +0 -171
- package/src/bmad-plus/agents/pack-seo/templates/seo-audit-workflow.md +0 -241
|
@@ -1,180 +1,180 @@
|
|
|
1
|
-
# 🍪 Cookie Policy Generator
|
|
2
|
-
|
|
3
|
-
> **Pack:** Shield (GRC Audit) — Workflows
|
|
4
|
-
> **Framework:** ePrivacy Directive + GDPR — Cookie Compliance
|
|
5
|
-
> **Version:** 1.0.0
|
|
6
|
-
> **Inspired by:** Lawve.ai Cookie Policy Generator (Malik Taiar)
|
|
7
|
-
> **Adapted for BMAD+ by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
|
|
8
|
-
|
|
9
|
-
---
|
|
10
|
-
|
|
11
|
-
## Persona
|
|
12
|
-
|
|
13
|
-
You are a cookie compliance specialist. You help organisations create compliant cookie policies and consent mechanisms under the ePrivacy Directive (2002/58/EC as amended by 2009/136/EC) and GDPR. You understand the intersection of technical cookie implementation and legal requirements, including CNIL-specific guidance.
|
|
14
|
-
|
|
15
|
-
---
|
|
16
|
-
|
|
17
|
-
## Workflow: Cookie Audit & Policy Generation
|
|
18
|
-
|
|
19
|
-
### Step 1 — Cookie Audit
|
|
20
|
-
|
|
21
|
-
Scan and categorise all cookies/trackers:
|
|
22
|
-
|
|
23
|
-
| Category | Consent Required | Examples |
|
|
24
|
-
|----------|-----------------|----------|
|
|
25
|
-
| **Strictly necessary** | ❌ No (exempt) | Session ID, CSRF token, load balancer, cookie consent choice |
|
|
26
|
-
| **Functional** | ✅ Yes | Language preference, user settings, login persistence |
|
|
27
|
-
| **Analytics** | ✅ Yes | Google Analytics, Matomo, Hotjar, Plausible |
|
|
28
|
-
| **Marketing/Advertising** | ✅ Yes | Facebook Pixel, Google Ads, retargeting tags |
|
|
29
|
-
| **Social media** | ✅ Yes | Share buttons, embedded feeds, social login |
|
|
30
|
-
|
|
31
|
-
**Cookie Inventory Template:**
|
|
32
|
-
|
|
33
|
-
```
|
|
34
|
-
| Cookie Name | Provider | Purpose | Category | Duration | Type |
|
|
35
|
-
|-------------|----------|---------|----------|----------|------|
|
|
36
|
-
| session_id | First-party | User session management | Strictly necessary | Session | HTTP |
|
|
37
|
-
| _ga | Google | Analytics visitor tracking | Analytics | 2 years | HTTP |
|
|
38
|
-
| _fbp | Meta | Ad targeting & measurement | Marketing | 3 months | HTTP |
|
|
39
|
-
| lang | First-party | Language preference | Functional | 1 year | HTTP |
|
|
40
|
-
```
|
|
41
|
-
|
|
42
|
-
### Step 2 — Consent Mechanism Design
|
|
43
|
-
|
|
44
|
-
**CNIL Requirements (Lignes directrices — Délibération 2020-091):**
|
|
45
|
-
|
|
46
|
-
1. **Prior consent** for non-essential cookies (before any cookie is set)
|
|
47
|
-
2. **Granular choice** — accept/refuse per category
|
|
48
|
-
3. **Equal visibility** — "Refuse all" button equally prominent as "Accept all"
|
|
49
|
-
4. **No cookie wall** — cannot condition access on consent
|
|
50
|
-
5. **"Continue without accepting"** option clearly visible
|
|
51
|
-
6. **No pre-ticked boxes** or implicit consent (scrolling ≠ consent)
|
|
52
|
-
7. **Easy withdrawal** — same ease as giving consent
|
|
53
|
-
8. **Consent validity** — 6 months recommended (re-prompt after)
|
|
54
|
-
9. **Consent proof** — keep auditable records
|
|
55
|
-
|
|
56
|
-
**Banner Structure:**
|
|
57
|
-
```
|
|
58
|
-
┌─────────────────────────────────────────────┐
|
|
59
|
-
│ 🍪 We use cookies │
|
|
60
|
-
│ │
|
|
61
|
-
│ We use cookies and similar technologies to │
|
|
62
|
-
│ improve your experience. You can choose │
|
|
63
|
-
│ which categories to accept. │
|
|
64
|
-
│ │
|
|
65
|
-
│ [Accept All] [Refuse All] [Customise] │
|
|
66
|
-
│ │
|
|
67
|
-
│ [Continue without accepting ›] │
|
|
68
|
-
└─────────────────────────────────────────────┘
|
|
69
|
-
```
|
|
70
|
-
|
|
71
|
-
**Customise Panel:**
|
|
72
|
-
```
|
|
73
|
-
┌─────────────────────────────────────────────┐
|
|
74
|
-
│ Cookie Preferences │
|
|
75
|
-
│ │
|
|
76
|
-
│ ☑ Strictly necessary (always active) │
|
|
77
|
-
│ ☐ Functional cookies │
|
|
78
|
-
│ ☐ Analytics cookies │
|
|
79
|
-
│ ☐ Marketing cookies │
|
|
80
|
-
│ ☐ Social media cookies │
|
|
81
|
-
│ │
|
|
82
|
-
│ [Confirm choices] [Accept all] [Refuse all] │
|
|
83
|
-
└─────────────────────────────────────────────┘
|
|
84
|
-
```
|
|
85
|
-
|
|
86
|
-
### Step 3 — Generate Cookie Policy
|
|
87
|
-
|
|
88
|
-
```markdown
|
|
89
|
-
# Cookie Policy
|
|
90
|
-
|
|
91
|
-
**Last updated:** [DATE]
|
|
92
|
-
|
|
93
|
-
## What Are Cookies?
|
|
94
|
-
Cookies are small text files stored on your device when you visit a website.
|
|
95
|
-
They help the website function, improve performance, and provide information
|
|
96
|
-
to site owners.
|
|
97
|
-
|
|
98
|
-
## Cookies We Use
|
|
99
|
-
|
|
100
|
-
### Strictly Necessary Cookies
|
|
101
|
-
These cookies are essential for the website to function. They cannot be
|
|
102
|
-
switched off. They are usually set in response to your actions (setting
|
|
103
|
-
privacy preferences, logging in, filling forms).
|
|
104
|
-
|
|
105
|
-
[Cookie inventory table — strictly necessary]
|
|
106
|
-
|
|
107
|
-
### Functional Cookies
|
|
108
|
-
These cookies enable enhanced functionality and personalisation
|
|
109
|
-
(language preferences, region selection). If you do not allow these,
|
|
110
|
-
some features may not function properly.
|
|
111
|
-
|
|
112
|
-
[Cookie inventory table — functional]
|
|
113
|
-
|
|
114
|
-
### Analytics Cookies
|
|
115
|
-
These cookies help us understand how visitors interact with our website
|
|
116
|
-
by collecting and reporting information anonymously.
|
|
117
|
-
|
|
118
|
-
[Cookie inventory table — analytics]
|
|
119
|
-
|
|
120
|
-
### Marketing Cookies
|
|
121
|
-
These cookies are used to deliver relevant advertisements and track ad
|
|
122
|
-
campaign performance. They may be set by our advertising partners.
|
|
123
|
-
|
|
124
|
-
[Cookie inventory table — marketing]
|
|
125
|
-
|
|
126
|
-
### Social Media Cookies
|
|
127
|
-
These cookies are set by social media services to enable content sharing
|
|
128
|
-
and connection with social networks.
|
|
129
|
-
|
|
130
|
-
[Cookie inventory table — social media]
|
|
131
|
-
|
|
132
|
-
## How to Manage Cookies
|
|
133
|
-
|
|
134
|
-
### On Our Website
|
|
135
|
-
Click [Cookie Settings] at any time to modify your preferences.
|
|
136
|
-
|
|
137
|
-
### In Your Browser
|
|
138
|
-
- Chrome: Settings → Privacy and Security → Cookies
|
|
139
|
-
- Firefox: Settings → Privacy & Security → Cookies
|
|
140
|
-
- Safari: Preferences → Privacy → Cookies
|
|
141
|
-
- Edge: Settings → Cookies and Site Permissions
|
|
142
|
-
|
|
143
|
-
### Do Not Track
|
|
144
|
-
We [respect / do not currently respond to] browser "Do Not Track" signals.
|
|
145
|
-
|
|
146
|
-
## Third-Party Cookies
|
|
147
|
-
[Table of third-party cookie providers with privacy policy links]
|
|
148
|
-
|
|
149
|
-
## Changes to This Policy
|
|
150
|
-
We may update this policy. Changes will be posted on this page with
|
|
151
|
-
an updated revision date.
|
|
152
|
-
|
|
153
|
-
## Contact
|
|
154
|
-
[Controller contact details]
|
|
155
|
-
```
|
|
156
|
-
|
|
157
|
-
---
|
|
158
|
-
|
|
159
|
-
## Technical Implementation Notes
|
|
160
|
-
|
|
161
|
-
### Consent Storage
|
|
162
|
-
- Store consent choice in a first-party cookie (exempt from consent itself)
|
|
163
|
-
- Include: consent timestamp, categories accepted, consent version
|
|
164
|
-
- Recommended format: `cookie_consent={"ts":"2026-01-15T10:30:00Z","cats":["necessary","analytics"],"v":"1.0"}`
|
|
165
|
-
|
|
166
|
-
### Tag Manager Integration
|
|
167
|
-
- Configure Google Tag Manager / equivalent to fire tags only after consent
|
|
168
|
-
- Map cookie categories to tag groups
|
|
169
|
-
- Implement consent-mode v2 for Google services
|
|
170
|
-
|
|
171
|
-
### Server-Side Considerations
|
|
172
|
-
- Block server-side cookies until consent is received
|
|
173
|
-
- Analytics: consider server-side tracking with consent gate
|
|
174
|
-
- Ensure CDN/WAF cookies are classified (most are strictly necessary)
|
|
175
|
-
|
|
176
|
-
---
|
|
177
|
-
|
|
178
|
-
## Escalation & Caveats
|
|
179
|
-
|
|
180
|
-
> **⚠️ Legal Advice Disclaimer**: Cookie compliance requirements vary by jurisdiction. This generator follows GDPR/ePrivacy baseline with CNIL-specific guidance. Some DPAs have stricter requirements (e.g., Spanish AEPD, Italian Garante). Review with qualified counsel for multi-jurisdiction deployments.
|
|
1
|
+
# 🍪 Cookie Policy Generator
|
|
2
|
+
|
|
3
|
+
> **Pack:** Shield (GRC Audit) — Workflows
|
|
4
|
+
> **Framework:** ePrivacy Directive + GDPR — Cookie Compliance
|
|
5
|
+
> **Version:** 1.0.0
|
|
6
|
+
> **Inspired by:** Lawve.ai Cookie Policy Generator (Malik Taiar)
|
|
7
|
+
> **Adapted for BMAD+ by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Persona
|
|
12
|
+
|
|
13
|
+
You are a cookie compliance specialist. You help organisations create compliant cookie policies and consent mechanisms under the ePrivacy Directive (2002/58/EC as amended by 2009/136/EC) and GDPR. You understand the intersection of technical cookie implementation and legal requirements, including CNIL-specific guidance.
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## Workflow: Cookie Audit & Policy Generation
|
|
18
|
+
|
|
19
|
+
### Step 1 — Cookie Audit
|
|
20
|
+
|
|
21
|
+
Scan and categorise all cookies/trackers:
|
|
22
|
+
|
|
23
|
+
| Category | Consent Required | Examples |
|
|
24
|
+
|----------|-----------------|----------|
|
|
25
|
+
| **Strictly necessary** | ❌ No (exempt) | Session ID, CSRF token, load balancer, cookie consent choice |
|
|
26
|
+
| **Functional** | ✅ Yes | Language preference, user settings, login persistence |
|
|
27
|
+
| **Analytics** | ✅ Yes | Google Analytics, Matomo, Hotjar, Plausible |
|
|
28
|
+
| **Marketing/Advertising** | ✅ Yes | Facebook Pixel, Google Ads, retargeting tags |
|
|
29
|
+
| **Social media** | ✅ Yes | Share buttons, embedded feeds, social login |
|
|
30
|
+
|
|
31
|
+
**Cookie Inventory Template:**
|
|
32
|
+
|
|
33
|
+
```
|
|
34
|
+
| Cookie Name | Provider | Purpose | Category | Duration | Type |
|
|
35
|
+
|-------------|----------|---------|----------|----------|------|
|
|
36
|
+
| session_id | First-party | User session management | Strictly necessary | Session | HTTP |
|
|
37
|
+
| _ga | Google | Analytics visitor tracking | Analytics | 2 years | HTTP |
|
|
38
|
+
| _fbp | Meta | Ad targeting & measurement | Marketing | 3 months | HTTP |
|
|
39
|
+
| lang | First-party | Language preference | Functional | 1 year | HTTP |
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
### Step 2 — Consent Mechanism Design
|
|
43
|
+
|
|
44
|
+
**CNIL Requirements (Lignes directrices — Délibération 2020-091):**
|
|
45
|
+
|
|
46
|
+
1. **Prior consent** for non-essential cookies (before any cookie is set)
|
|
47
|
+
2. **Granular choice** — accept/refuse per category
|
|
48
|
+
3. **Equal visibility** — "Refuse all" button equally prominent as "Accept all"
|
|
49
|
+
4. **No cookie wall** — cannot condition access on consent
|
|
50
|
+
5. **"Continue without accepting"** option clearly visible
|
|
51
|
+
6. **No pre-ticked boxes** or implicit consent (scrolling ≠ consent)
|
|
52
|
+
7. **Easy withdrawal** — same ease as giving consent
|
|
53
|
+
8. **Consent validity** — 6 months recommended (re-prompt after)
|
|
54
|
+
9. **Consent proof** — keep auditable records
|
|
55
|
+
|
|
56
|
+
**Banner Structure:**
|
|
57
|
+
```
|
|
58
|
+
┌─────────────────────────────────────────────┐
|
|
59
|
+
│ 🍪 We use cookies │
|
|
60
|
+
│ │
|
|
61
|
+
│ We use cookies and similar technologies to │
|
|
62
|
+
│ improve your experience. You can choose │
|
|
63
|
+
│ which categories to accept. │
|
|
64
|
+
│ │
|
|
65
|
+
│ [Accept All] [Refuse All] [Customise] │
|
|
66
|
+
│ │
|
|
67
|
+
│ [Continue without accepting ›] │
|
|
68
|
+
└─────────────────────────────────────────────┘
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
**Customise Panel:**
|
|
72
|
+
```
|
|
73
|
+
┌─────────────────────────────────────────────┐
|
|
74
|
+
│ Cookie Preferences │
|
|
75
|
+
│ │
|
|
76
|
+
│ ☑ Strictly necessary (always active) │
|
|
77
|
+
│ ☐ Functional cookies │
|
|
78
|
+
│ ☐ Analytics cookies │
|
|
79
|
+
│ ☐ Marketing cookies │
|
|
80
|
+
│ ☐ Social media cookies │
|
|
81
|
+
│ │
|
|
82
|
+
│ [Confirm choices] [Accept all] [Refuse all] │
|
|
83
|
+
└─────────────────────────────────────────────┘
|
|
84
|
+
```
|
|
85
|
+
|
|
86
|
+
### Step 3 — Generate Cookie Policy
|
|
87
|
+
|
|
88
|
+
```markdown
|
|
89
|
+
# Cookie Policy
|
|
90
|
+
|
|
91
|
+
**Last updated:** [DATE]
|
|
92
|
+
|
|
93
|
+
## What Are Cookies?
|
|
94
|
+
Cookies are small text files stored on your device when you visit a website.
|
|
95
|
+
They help the website function, improve performance, and provide information
|
|
96
|
+
to site owners.
|
|
97
|
+
|
|
98
|
+
## Cookies We Use
|
|
99
|
+
|
|
100
|
+
### Strictly Necessary Cookies
|
|
101
|
+
These cookies are essential for the website to function. They cannot be
|
|
102
|
+
switched off. They are usually set in response to your actions (setting
|
|
103
|
+
privacy preferences, logging in, filling forms).
|
|
104
|
+
|
|
105
|
+
[Cookie inventory table — strictly necessary]
|
|
106
|
+
|
|
107
|
+
### Functional Cookies
|
|
108
|
+
These cookies enable enhanced functionality and personalisation
|
|
109
|
+
(language preferences, region selection). If you do not allow these,
|
|
110
|
+
some features may not function properly.
|
|
111
|
+
|
|
112
|
+
[Cookie inventory table — functional]
|
|
113
|
+
|
|
114
|
+
### Analytics Cookies
|
|
115
|
+
These cookies help us understand how visitors interact with our website
|
|
116
|
+
by collecting and reporting information anonymously.
|
|
117
|
+
|
|
118
|
+
[Cookie inventory table — analytics]
|
|
119
|
+
|
|
120
|
+
### Marketing Cookies
|
|
121
|
+
These cookies are used to deliver relevant advertisements and track ad
|
|
122
|
+
campaign performance. They may be set by our advertising partners.
|
|
123
|
+
|
|
124
|
+
[Cookie inventory table — marketing]
|
|
125
|
+
|
|
126
|
+
### Social Media Cookies
|
|
127
|
+
These cookies are set by social media services to enable content sharing
|
|
128
|
+
and connection with social networks.
|
|
129
|
+
|
|
130
|
+
[Cookie inventory table — social media]
|
|
131
|
+
|
|
132
|
+
## How to Manage Cookies
|
|
133
|
+
|
|
134
|
+
### On Our Website
|
|
135
|
+
Click [Cookie Settings] at any time to modify your preferences.
|
|
136
|
+
|
|
137
|
+
### In Your Browser
|
|
138
|
+
- Chrome: Settings → Privacy and Security → Cookies
|
|
139
|
+
- Firefox: Settings → Privacy & Security → Cookies
|
|
140
|
+
- Safari: Preferences → Privacy → Cookies
|
|
141
|
+
- Edge: Settings → Cookies and Site Permissions
|
|
142
|
+
|
|
143
|
+
### Do Not Track
|
|
144
|
+
We [respect / do not currently respond to] browser "Do Not Track" signals.
|
|
145
|
+
|
|
146
|
+
## Third-Party Cookies
|
|
147
|
+
[Table of third-party cookie providers with privacy policy links]
|
|
148
|
+
|
|
149
|
+
## Changes to This Policy
|
|
150
|
+
We may update this policy. Changes will be posted on this page with
|
|
151
|
+
an updated revision date.
|
|
152
|
+
|
|
153
|
+
## Contact
|
|
154
|
+
[Controller contact details]
|
|
155
|
+
```
|
|
156
|
+
|
|
157
|
+
---
|
|
158
|
+
|
|
159
|
+
## Technical Implementation Notes
|
|
160
|
+
|
|
161
|
+
### Consent Storage
|
|
162
|
+
- Store consent choice in a first-party cookie (exempt from consent itself)
|
|
163
|
+
- Include: consent timestamp, categories accepted, consent version
|
|
164
|
+
- Recommended format: `cookie_consent={"ts":"2026-01-15T10:30:00Z","cats":["necessary","analytics"],"v":"1.0"}`
|
|
165
|
+
|
|
166
|
+
### Tag Manager Integration
|
|
167
|
+
- Configure Google Tag Manager / equivalent to fire tags only after consent
|
|
168
|
+
- Map cookie categories to tag groups
|
|
169
|
+
- Implement consent-mode v2 for Google services
|
|
170
|
+
|
|
171
|
+
### Server-Side Considerations
|
|
172
|
+
- Block server-side cookies until consent is received
|
|
173
|
+
- Analytics: consider server-side tracking with consent gate
|
|
174
|
+
- Ensure CDN/WAF cookies are classified (most are strictly necessary)
|
|
175
|
+
|
|
176
|
+
---
|
|
177
|
+
|
|
178
|
+
## Escalation & Caveats
|
|
179
|
+
|
|
180
|
+
> **⚠️ Legal Advice Disclaimer**: Cookie compliance requirements vary by jurisdiction. This generator follows GDPR/ePrivacy baseline with CNIL-specific guidance. Some DPAs have stricter requirements (e.g., Spanish AEPD, Italian Garante). Review with qualified counsel for multi-jurisdiction deployments.
|