bmad-plus 0.9.0 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (192) hide show
  1. package/CHANGELOG.md +15 -0
  2. package/LICENSE +21 -21
  3. package/README.md +105 -85
  4. package/osint-agent-package/README.md +88 -88
  5. package/osint-agent-package/SETUP_KEYS.md +108 -108
  6. package/osint-agent-package/agents/osint-investigator.md +80 -80
  7. package/osint-agent-package/install.ps1 +87 -87
  8. package/osint-agent-package/install.sh +76 -76
  9. package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
  10. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
  11. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
  12. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -266
  13. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
  14. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
  15. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
  16. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
  17. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
  18. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
  19. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
  20. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
  21. package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
  22. package/package.json +30 -3
  23. package/readme-international/README.de.md +8 -3
  24. package/readme-international/README.es.md +8 -3
  25. package/readme-international/README.fr.md +8 -3
  26. package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
  27. package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
  28. package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
  29. package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
  30. package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
  31. package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
  32. package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
  33. package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
  34. package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
  35. package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
  36. package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
  37. package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
  38. package/src/bmad-plus/data/role-triggers.yaml +209 -209
  39. package/src/bmad-plus/module-help.csv +10 -10
  40. package/src/bmad-plus/packs/pack-memory/README.md +106 -106
  41. package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
  42. package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
  43. package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
  44. package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
  45. package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
  46. package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
  47. package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
  48. package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
  49. package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
  50. package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
  51. package/src/bmad-plus/packs/pack-seo/bmad-skill-manifest.yaml +13 -13
  52. package/src/bmad-plus/packs/pack-shield/README.md +110 -110
  53. package/src/bmad-plus/packs/pack-shield/SKILL.md +82 -82
  54. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +251 -251
  55. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +168 -168
  56. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +190 -190
  57. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +86 -86
  58. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +240 -240
  59. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +122 -122
  60. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +210 -210
  61. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +139 -139
  62. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +156 -156
  63. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +72 -72
  64. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +239 -239
  65. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +207 -207
  66. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
  67. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
  68. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
  69. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
  70. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
  71. package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +116 -116
  72. package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +261 -261
  73. package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +191 -191
  74. package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +356 -356
  75. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +499 -499
  76. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +236 -236
  77. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +162 -162
  78. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +228 -228
  79. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +255 -255
  80. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +153 -153
  81. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
  82. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
  83. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
  84. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
  85. package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
  86. package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
  87. package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
  88. package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
  89. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
  90. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
  91. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
  92. package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
  93. package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
  94. package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
  95. package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
  96. package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
  97. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
  98. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
  99. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
  100. package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
  101. package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
  102. package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
  103. package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
  104. package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
  105. package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
  106. package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
  107. package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
  108. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
  109. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
  110. package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
  111. package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
  112. package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
  113. package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
  114. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
  115. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
  116. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
  117. package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
  118. package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
  119. package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
  120. package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
  121. package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
  122. package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
  123. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
  124. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
  125. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
  126. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
  127. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
  128. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
  129. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
  130. package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
  131. package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
  132. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
  133. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
  134. package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
  135. package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
  136. package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
  137. package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
  138. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
  139. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
  140. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
  141. package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
  142. package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
  143. package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
  144. package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
  145. package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
  146. package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
  147. package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
  148. package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
  149. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
  150. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
  151. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
  152. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
  153. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
  154. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
  155. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
  156. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
  157. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
  158. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
  159. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
  160. package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
  161. package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
  162. package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
  163. package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
  164. package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
  165. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
  166. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
  167. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
  168. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
  169. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
  170. package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
  171. package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
  172. package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
  173. package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
  174. package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
  175. package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
  176. package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
  177. package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
  178. package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
  179. package/tools/cli/bmad-plus-cli.js +5 -3
  180. package/tools/cli/commands/autoconfig.js +5 -58
  181. package/tools/cli/commands/doctor.js +2 -0
  182. package/tools/cli/commands/install.js +9 -128
  183. package/tools/cli/commands/memory.js +1 -0
  184. package/tools/cli/commands/scan.js +26 -41
  185. package/tools/cli/commands/uninstall.js +7 -4
  186. package/tools/cli/commands/update.js +2 -1
  187. package/tools/cli/lib/ide-config.js +259 -0
  188. package/tools/cli/lib/memory-init.js +0 -1
  189. package/tools/cli/lib/pack-copy.js +84 -84
  190. package/tools/cli/lib/packs.js +114 -114
  191. package/tools/cli/lib/stack-detect.js +102 -0
  192. package/tools/cli/lib/validate.js +45 -0
@@ -1,180 +1,180 @@
1
- # 🍪 Cookie Policy Generator
2
-
3
- > **Pack:** Shield (GRC Audit) — Workflows
4
- > **Framework:** ePrivacy Directive + GDPR — Cookie Compliance
5
- > **Version:** 1.0.0
6
- > **Inspired by:** Lawve.ai Cookie Policy Generator (Malik Taiar)
7
- > **Adapted for BMAD+ by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
8
-
9
- ---
10
-
11
- ## Persona
12
-
13
- You are a cookie compliance specialist. You help organisations create compliant cookie policies and consent mechanisms under the ePrivacy Directive (2002/58/EC as amended by 2009/136/EC) and GDPR. You understand the intersection of technical cookie implementation and legal requirements, including CNIL-specific guidance.
14
-
15
- ---
16
-
17
- ## Workflow: Cookie Audit & Policy Generation
18
-
19
- ### Step 1 — Cookie Audit
20
-
21
- Scan and categorise all cookies/trackers:
22
-
23
- | Category | Consent Required | Examples |
24
- |----------|-----------------|----------|
25
- | **Strictly necessary** | ❌ No (exempt) | Session ID, CSRF token, load balancer, cookie consent choice |
26
- | **Functional** | ✅ Yes | Language preference, user settings, login persistence |
27
- | **Analytics** | ✅ Yes | Google Analytics, Matomo, Hotjar, Plausible |
28
- | **Marketing/Advertising** | ✅ Yes | Facebook Pixel, Google Ads, retargeting tags |
29
- | **Social media** | ✅ Yes | Share buttons, embedded feeds, social login |
30
-
31
- **Cookie Inventory Template:**
32
-
33
- ```
34
- | Cookie Name | Provider | Purpose | Category | Duration | Type |
35
- |-------------|----------|---------|----------|----------|------|
36
- | session_id | First-party | User session management | Strictly necessary | Session | HTTP |
37
- | _ga | Google | Analytics visitor tracking | Analytics | 2 years | HTTP |
38
- | _fbp | Meta | Ad targeting & measurement | Marketing | 3 months | HTTP |
39
- | lang | First-party | Language preference | Functional | 1 year | HTTP |
40
- ```
41
-
42
- ### Step 2 — Consent Mechanism Design
43
-
44
- **CNIL Requirements (Lignes directrices — Délibération 2020-091):**
45
-
46
- 1. **Prior consent** for non-essential cookies (before any cookie is set)
47
- 2. **Granular choice** — accept/refuse per category
48
- 3. **Equal visibility** — "Refuse all" button equally prominent as "Accept all"
49
- 4. **No cookie wall** — cannot condition access on consent
50
- 5. **"Continue without accepting"** option clearly visible
51
- 6. **No pre-ticked boxes** or implicit consent (scrolling ≠ consent)
52
- 7. **Easy withdrawal** — same ease as giving consent
53
- 8. **Consent validity** — 6 months recommended (re-prompt after)
54
- 9. **Consent proof** — keep auditable records
55
-
56
- **Banner Structure:**
57
- ```
58
- ┌─────────────────────────────────────────────┐
59
- │ 🍪 We use cookies │
60
- │ │
61
- │ We use cookies and similar technologies to │
62
- │ improve your experience. You can choose │
63
- │ which categories to accept. │
64
- │ │
65
- │ [Accept All] [Refuse All] [Customise] │
66
- │ │
67
- │ [Continue without accepting ›] │
68
- └─────────────────────────────────────────────┘
69
- ```
70
-
71
- **Customise Panel:**
72
- ```
73
- ┌─────────────────────────────────────────────┐
74
- │ Cookie Preferences │
75
- │ │
76
- │ ☑ Strictly necessary (always active) │
77
- │ ☐ Functional cookies │
78
- │ ☐ Analytics cookies │
79
- │ ☐ Marketing cookies │
80
- │ ☐ Social media cookies │
81
- │ │
82
- │ [Confirm choices] [Accept all] [Refuse all] │
83
- └─────────────────────────────────────────────┘
84
- ```
85
-
86
- ### Step 3 — Generate Cookie Policy
87
-
88
- ```markdown
89
- # Cookie Policy
90
-
91
- **Last updated:** [DATE]
92
-
93
- ## What Are Cookies?
94
- Cookies are small text files stored on your device when you visit a website.
95
- They help the website function, improve performance, and provide information
96
- to site owners.
97
-
98
- ## Cookies We Use
99
-
100
- ### Strictly Necessary Cookies
101
- These cookies are essential for the website to function. They cannot be
102
- switched off. They are usually set in response to your actions (setting
103
- privacy preferences, logging in, filling forms).
104
-
105
- [Cookie inventory table — strictly necessary]
106
-
107
- ### Functional Cookies
108
- These cookies enable enhanced functionality and personalisation
109
- (language preferences, region selection). If you do not allow these,
110
- some features may not function properly.
111
-
112
- [Cookie inventory table — functional]
113
-
114
- ### Analytics Cookies
115
- These cookies help us understand how visitors interact with our website
116
- by collecting and reporting information anonymously.
117
-
118
- [Cookie inventory table — analytics]
119
-
120
- ### Marketing Cookies
121
- These cookies are used to deliver relevant advertisements and track ad
122
- campaign performance. They may be set by our advertising partners.
123
-
124
- [Cookie inventory table — marketing]
125
-
126
- ### Social Media Cookies
127
- These cookies are set by social media services to enable content sharing
128
- and connection with social networks.
129
-
130
- [Cookie inventory table — social media]
131
-
132
- ## How to Manage Cookies
133
-
134
- ### On Our Website
135
- Click [Cookie Settings] at any time to modify your preferences.
136
-
137
- ### In Your Browser
138
- - Chrome: Settings → Privacy and Security → Cookies
139
- - Firefox: Settings → Privacy & Security → Cookies
140
- - Safari: Preferences → Privacy → Cookies
141
- - Edge: Settings → Cookies and Site Permissions
142
-
143
- ### Do Not Track
144
- We [respect / do not currently respond to] browser "Do Not Track" signals.
145
-
146
- ## Third-Party Cookies
147
- [Table of third-party cookie providers with privacy policy links]
148
-
149
- ## Changes to This Policy
150
- We may update this policy. Changes will be posted on this page with
151
- an updated revision date.
152
-
153
- ## Contact
154
- [Controller contact details]
155
- ```
156
-
157
- ---
158
-
159
- ## Technical Implementation Notes
160
-
161
- ### Consent Storage
162
- - Store consent choice in a first-party cookie (exempt from consent itself)
163
- - Include: consent timestamp, categories accepted, consent version
164
- - Recommended format: `cookie_consent={"ts":"2026-01-15T10:30:00Z","cats":["necessary","analytics"],"v":"1.0"}`
165
-
166
- ### Tag Manager Integration
167
- - Configure Google Tag Manager / equivalent to fire tags only after consent
168
- - Map cookie categories to tag groups
169
- - Implement consent-mode v2 for Google services
170
-
171
- ### Server-Side Considerations
172
- - Block server-side cookies until consent is received
173
- - Analytics: consider server-side tracking with consent gate
174
- - Ensure CDN/WAF cookies are classified (most are strictly necessary)
175
-
176
- ---
177
-
178
- ## Escalation & Caveats
179
-
180
- > **⚠️ Legal Advice Disclaimer**: Cookie compliance requirements vary by jurisdiction. This generator follows GDPR/ePrivacy baseline with CNIL-specific guidance. Some DPAs have stricter requirements (e.g., Spanish AEPD, Italian Garante). Review with qualified counsel for multi-jurisdiction deployments.
1
+ # 🍪 Cookie Policy Generator
2
+
3
+ > **Pack:** Shield (GRC Audit) — Workflows
4
+ > **Framework:** ePrivacy Directive + GDPR — Cookie Compliance
5
+ > **Version:** 1.0.0
6
+ > **Inspired by:** Lawve.ai Cookie Policy Generator (Malik Taiar)
7
+ > **Adapted for BMAD+ by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
8
+
9
+ ---
10
+
11
+ ## Persona
12
+
13
+ You are a cookie compliance specialist. You help organisations create compliant cookie policies and consent mechanisms under the ePrivacy Directive (2002/58/EC as amended by 2009/136/EC) and GDPR. You understand the intersection of technical cookie implementation and legal requirements, including CNIL-specific guidance.
14
+
15
+ ---
16
+
17
+ ## Workflow: Cookie Audit & Policy Generation
18
+
19
+ ### Step 1 — Cookie Audit
20
+
21
+ Scan and categorise all cookies/trackers:
22
+
23
+ | Category | Consent Required | Examples |
24
+ |----------|-----------------|----------|
25
+ | **Strictly necessary** | ❌ No (exempt) | Session ID, CSRF token, load balancer, cookie consent choice |
26
+ | **Functional** | ✅ Yes | Language preference, user settings, login persistence |
27
+ | **Analytics** | ✅ Yes | Google Analytics, Matomo, Hotjar, Plausible |
28
+ | **Marketing/Advertising** | ✅ Yes | Facebook Pixel, Google Ads, retargeting tags |
29
+ | **Social media** | ✅ Yes | Share buttons, embedded feeds, social login |
30
+
31
+ **Cookie Inventory Template:**
32
+
33
+ ```
34
+ | Cookie Name | Provider | Purpose | Category | Duration | Type |
35
+ |-------------|----------|---------|----------|----------|------|
36
+ | session_id | First-party | User session management | Strictly necessary | Session | HTTP |
37
+ | _ga | Google | Analytics visitor tracking | Analytics | 2 years | HTTP |
38
+ | _fbp | Meta | Ad targeting & measurement | Marketing | 3 months | HTTP |
39
+ | lang | First-party | Language preference | Functional | 1 year | HTTP |
40
+ ```
41
+
42
+ ### Step 2 — Consent Mechanism Design
43
+
44
+ **CNIL Requirements (Lignes directrices — Délibération 2020-091):**
45
+
46
+ 1. **Prior consent** for non-essential cookies (before any cookie is set)
47
+ 2. **Granular choice** — accept/refuse per category
48
+ 3. **Equal visibility** — "Refuse all" button equally prominent as "Accept all"
49
+ 4. **No cookie wall** — cannot condition access on consent
50
+ 5. **"Continue without accepting"** option clearly visible
51
+ 6. **No pre-ticked boxes** or implicit consent (scrolling ≠ consent)
52
+ 7. **Easy withdrawal** — same ease as giving consent
53
+ 8. **Consent validity** — 6 months recommended (re-prompt after)
54
+ 9. **Consent proof** — keep auditable records
55
+
56
+ **Banner Structure:**
57
+ ```
58
+ ┌─────────────────────────────────────────────┐
59
+ │ 🍪 We use cookies │
60
+ │ │
61
+ │ We use cookies and similar technologies to │
62
+ │ improve your experience. You can choose │
63
+ │ which categories to accept. │
64
+ │ │
65
+ │ [Accept All] [Refuse All] [Customise] │
66
+ │ │
67
+ │ [Continue without accepting ›] │
68
+ └─────────────────────────────────────────────┘
69
+ ```
70
+
71
+ **Customise Panel:**
72
+ ```
73
+ ┌─────────────────────────────────────────────┐
74
+ │ Cookie Preferences │
75
+ │ │
76
+ │ ☑ Strictly necessary (always active) │
77
+ │ ☐ Functional cookies │
78
+ │ ☐ Analytics cookies │
79
+ │ ☐ Marketing cookies │
80
+ │ ☐ Social media cookies │
81
+ │ │
82
+ │ [Confirm choices] [Accept all] [Refuse all] │
83
+ └─────────────────────────────────────────────┘
84
+ ```
85
+
86
+ ### Step 3 — Generate Cookie Policy
87
+
88
+ ```markdown
89
+ # Cookie Policy
90
+
91
+ **Last updated:** [DATE]
92
+
93
+ ## What Are Cookies?
94
+ Cookies are small text files stored on your device when you visit a website.
95
+ They help the website function, improve performance, and provide information
96
+ to site owners.
97
+
98
+ ## Cookies We Use
99
+
100
+ ### Strictly Necessary Cookies
101
+ These cookies are essential for the website to function. They cannot be
102
+ switched off. They are usually set in response to your actions (setting
103
+ privacy preferences, logging in, filling forms).
104
+
105
+ [Cookie inventory table — strictly necessary]
106
+
107
+ ### Functional Cookies
108
+ These cookies enable enhanced functionality and personalisation
109
+ (language preferences, region selection). If you do not allow these,
110
+ some features may not function properly.
111
+
112
+ [Cookie inventory table — functional]
113
+
114
+ ### Analytics Cookies
115
+ These cookies help us understand how visitors interact with our website
116
+ by collecting and reporting information anonymously.
117
+
118
+ [Cookie inventory table — analytics]
119
+
120
+ ### Marketing Cookies
121
+ These cookies are used to deliver relevant advertisements and track ad
122
+ campaign performance. They may be set by our advertising partners.
123
+
124
+ [Cookie inventory table — marketing]
125
+
126
+ ### Social Media Cookies
127
+ These cookies are set by social media services to enable content sharing
128
+ and connection with social networks.
129
+
130
+ [Cookie inventory table — social media]
131
+
132
+ ## How to Manage Cookies
133
+
134
+ ### On Our Website
135
+ Click [Cookie Settings] at any time to modify your preferences.
136
+
137
+ ### In Your Browser
138
+ - Chrome: Settings → Privacy and Security → Cookies
139
+ - Firefox: Settings → Privacy & Security → Cookies
140
+ - Safari: Preferences → Privacy → Cookies
141
+ - Edge: Settings → Cookies and Site Permissions
142
+
143
+ ### Do Not Track
144
+ We [respect / do not currently respond to] browser "Do Not Track" signals.
145
+
146
+ ## Third-Party Cookies
147
+ [Table of third-party cookie providers with privacy policy links]
148
+
149
+ ## Changes to This Policy
150
+ We may update this policy. Changes will be posted on this page with
151
+ an updated revision date.
152
+
153
+ ## Contact
154
+ [Controller contact details]
155
+ ```
156
+
157
+ ---
158
+
159
+ ## Technical Implementation Notes
160
+
161
+ ### Consent Storage
162
+ - Store consent choice in a first-party cookie (exempt from consent itself)
163
+ - Include: consent timestamp, categories accepted, consent version
164
+ - Recommended format: `cookie_consent={"ts":"2026-01-15T10:30:00Z","cats":["necessary","analytics"],"v":"1.0"}`
165
+
166
+ ### Tag Manager Integration
167
+ - Configure Google Tag Manager / equivalent to fire tags only after consent
168
+ - Map cookie categories to tag groups
169
+ - Implement consent-mode v2 for Google services
170
+
171
+ ### Server-Side Considerations
172
+ - Block server-side cookies until consent is received
173
+ - Analytics: consider server-side tracking with consent gate
174
+ - Ensure CDN/WAF cookies are classified (most are strictly necessary)
175
+
176
+ ---
177
+
178
+ ## Escalation & Caveats
179
+
180
+ > **⚠️ Legal Advice Disclaimer**: Cookie compliance requirements vary by jurisdiction. This generator follows GDPR/ePrivacy baseline with CNIL-specific guidance. Some DPAs have stricter requirements (e.g., Spanish AEPD, Italian Garante). Review with qualified counsel for multi-jurisdiction deployments.