{ "schema": "https://saferpage.de/schemas/dach-2026-parity-readiness.v1", "generated_at": "2026-06-09T20:37:13+00:00", "available": true, "health": "blocked_by_external_go_live_gates", "summary": "DACH-2026-Parity: 12/15 Gates bestanden, 0 Warnung(en), 3 Blocker. Blocker sind produktive Secrets/Freigaben, nicht fehlende oeffentliche Evidence.", "metrics": { "gate_count": 15, "passed_gate_count": 12, "warning_gate_count": 0, "blocked_gate_count": 3, "ready_percent": 80, "segment_count": 4, "verified_primary_source_count": 14, "benchmark_requirement_count": 14, "benchmark_blocked_count": 1, "blocker_runbook_count": 3, "blocker_runbook_blocked_count": 3, "blocker_count": 3, "open_item_count": 3, "crawler_german_count": 698, "crawler_queue_count": 641, "crawler_state_available": 1, "crawler_timer_available_from_smoke": 1, "public_test_index_visible_count": 200, "public_test_index_total_public_checks": 704, "crawler_readiness_smoke_available": 1, "crawler_readiness_smoke_ok": 1, "crawler_readiness_smoke_failed_check_count": 0, "trust_readiness_smoke_available": 1, "trust_readiness_smoke_ok": 1, "trust_readiness_smoke_failed_check_count": 0, "trust_readiness_smoke_blocked_expected_count": 1, "trust_readiness_item_count": 120, "trust_readiness_links_per_domain": 28, "trust_readiness_public_module_count": 28, "trust_readiness_advanced_module_target_count": 13, "trust_readiness_advanced_module_passed_count": 13, "trust_readiness_coverage_percent": 100, "trust_questionnaire_review_score": 100, "competitive_evidence_health_smoke_available": 1, "competitive_evidence_health_smoke_ok": 1, "competitive_evidence_health_smoke_target_count": 79, "competitive_evidence_health_smoke_passed_count": 79, "competitive_evidence_health_smoke_failed_count": 0, "competitive_evidence_health_smoke_contract_check_count": 7, "competitive_evidence_health_smoke_contract_failed_count": 0, "competitive_evidence_health_smoke_open_public_evidence_url_count": 4, "competitive_evidence_health_smoke_open_runbook_link_count": 13, "competitive_evidence_health_smoke_use_case_segment_count": 8, "competitive_evidence_health_smoke_use_case_segment_next_action_count": 8, "competitive_evidence_health_smoke_use_case_segment_public_evidence_url_count": 8, "competitive_evidence_health_smoke_use_case_decision_path_count": 8, "competitive_evidence_health_smoke_use_case_decision_path_evidence_count": 8, "competitive_evidence_health_smoke_use_case_gated_decision_path_count": 3, "competitive_source_availability_smoke_available": 1, "competitive_source_availability_smoke_ok": 1, "competitive_source_availability_smoke_source_count": 14, "competitive_source_availability_smoke_reachable_count": 12, "competitive_source_availability_smoke_manual_review_required_count": 2, "competitive_source_availability_smoke_hard_failure_count": 0, "preview_coverage_percent": 100, "preview_missing_count": 0, "recent_report_count": 36, "alert_outbox_count": 64, "alert_sent_count": 0, "delivery_runtime_control_count": 8, "alert_delivery_readiness_smoke_available": 1, "alert_delivery_readiness_smoke_ok": 1, "alert_delivery_readiness_smoke_failed_check_count": 0, "alert_delivery_readiness_smoke_blocked_expected_count": 1, "feed_runner_executed_count": 0, "feed_runner_stored_observation_count": 0, "security_feed_readiness_smoke_available": 1, "security_feed_readiness_smoke_ok": 1, "security_feed_readiness_smoke_failed_check_count": 0, "security_feed_readiness_smoke_blocked_expected_count": 2, "api_key_gate_passed_count": 0, "api_runtime_implementation_gate_passed_count": 7, "api_systemd_service_contract": 1, "api_access_storage_table_count": 0, "api_key_readiness_smoke_available": 1, "api_key_readiness_smoke_ok": 1, "api_key_readiness_smoke_failed_check_count": 0, "api_key_readiness_smoke_blocked_expected_count": 1, "activation_packet_count": 3, "activation_packet_waiting_count": 3, "operator_approval_queue_count": 3, "operator_approval_waiting_count": 3 }, "last_competitor_check_at": "2026-06-09", "verified_primary_sources": [ { "id": "compliso_scanner_2026_06", "vendor": "Compliso", "checked_at": "2026-06-09", "signal": "30 DSGVO-Checks, Cookie-/Storage-/Third-Party-Analyse, Chrome DevTools Protocol, Dark-Pattern-Erkennung und BFSG/WCAG-Audit.", "url": "https://saferpage.de/vergleich/features-json", "official_url": "https://compliso.de/features/scanner/", "matrix_url": "https://saferpage.de/vergleich/features-json" }, { "id": "webpruefer_website_check_2026_06", "vendor": "WebPrüfer", "checked_at": "2026-06-09", "signal": "87 Prüfungen in Recht, DSGVO, Technik, SEO, KI-Sichtbarkeit, BFSG, E-Commerce und Sicherheit.", "url": "https://saferpage.de/vergleich/features-json", "official_url": "https://web-pruefer.de/", "matrix_url": "https://saferpage.de/vergleich/features-json" }, { "id": "siteboard_deepscan_2026_06", "vendor": "siteboard", "checked_at": "2026-06-09", "signal": "Barrierefreiheit, Performance, Sicherheit und technische Qualität mit DeepScans bis 100 Unterseiten, Monitoring, PDF-Reports und detaillierten Entwickler-Reports.", "url": "https://saferpage.de/vergleich/features-json", "official_url": "https://siteboard.io/", "matrix_url": "https://saferpage.de/vergleich/features-json" }, { "id": "auditzo_evidence_audit_2026_06", "vendor": "Auditzo", "checked_at": "2026-06-09", "signal": "Evidence-first Website Compliance Audit mit realer Browser-Netzwerkerfassung, HAR-/Request-Evidence, Pre-Consent-Tracking, Third-Party-Data-Flow und Framework-Mapping.", "url": "https://saferpage.de/vergleich/features-json", "official_url": "https://www.auditzo.com/", "matrix_url": "https://saferpage.de/vergleich/features-json" }, { "id": "complyo_ai_compliance_2026_06", "vendor": "Complyo", "checked_at": "2026-06-09", "signal": "KI-gestützter Website-Compliance-Check für DSGVO, Cookie-Compliance, WCAG 2.1 AA, Rechtstexte, Compliance-Score und konkrete Lösungsvorschläge.", "url": "https://saferpage.de/vergleich/features-json", "official_url": "https://complyo.de/", "matrix_url": "https://saferpage.de/vergleich/features-json" }, { "id": "abmahn_shield_scan_2026_06", "vendor": "Abmahn-Shield", "checked_at": "2026-06-09", "signal": "Deutschlandfokussierter Compliance-Scan mit 47 Kriterien aus sechs Rechtsgebieten, 60-Sekunden-Ergebnis, PDF-Report, Fix-Anleitungen, Monitoring und E-Mail-Alerts.", "url": "https://saferpage.de/vergleich/features-json", "official_url": "https://abmahn-shield.de/", "matrix_url": "https://saferpage.de/vergleich/features-json" }, { "id": "hugo_check_2026_06", "vendor": "Hugo Check", "checked_at": "2026-06-09", "signal": "29-Punkte-Website-Scanner für DSGVO, IT-Sicherheit, E-Mail, Domain-Schutz, NIS2-Betroffenheitscheck, Unterseitenkontingente, Monitoring und White-Label-Reports.", "url": "https://saferpage.de/vergleich/features-json", "official_url": "https://www.fraghugo.de/hugo-check/", "matrix_url": "https://saferpage.de/vergleich/features-json" }, { "id": "website_check_trusted_seal_2026_06", "vendor": "Website-Check.de", "checked_at": "2026-06-09", "signal": "Sichtbare Compliance-Siegel, automatisierte Website-/Shop-Pruefungen, BFSG/WCAG-Checks, Rechtstexte, Consent-Management und Handlungsempfehlungen.", "url": "https://saferpage.de/vergleich/features-json", "official_url": "https://website-check.de/", "matrix_url": "https://saferpage.de/vergleich/features-json" }, { "id": "cookieinspector_public_verification_badge_2026_06", "vendor": "CookieInspector", "checked_at": "2026-06-09", "signal": "Sharebare Cookie-/Tracker-Reports und Public Verification Badge mit öffentlicher Verifizierungsseite fuer letzten Scanstatus.", "url": "https://saferpage.de/vergleich/features-json", "official_url": "https://www.cookieinspector.com/cookie-scanner", "matrix_url": "https://saferpage.de/vergleich/features-json" }, { "id": "siwecos_feature_overview_2026_06", "vendor": "SIWECOS", "checked_at": "2026-06-09", "signal": "Tägliche Prüfung registrierter Domains, automatische Nachrichten, Siegel, Gesamtscore und Sicherheitsbericht.", "url": "https://saferpage.de/vergleich/features-json", "official_url": "https://siwecos.de/ueber-das-projekt/feature-uebersicht", "matrix_url": "https://saferpage.de/vergleich/features-json" }, { "id": "cookiebot_scan_report_2026_06", "vendor": "Cookiebot", "checked_at": "2026-06-09", "signal": "Monatliche Scans mit Domain-Zusammenfassung, Landingpage-Thumbnail, Tracker-Anzahl, Kategorien und Prior-Consent-Hinweisen.", "url": "https://saferpage.de/vergleich/features-json", "official_url": "https://support.cookiebot.com/hc/en-us/articles/5007079527580-Understanding-the-scan-report", "matrix_url": "https://saferpage.de/vergleich/features-json" }, { "id": "osano_compliance_check_2026_06", "vendor": "Osano", "checked_at": "2026-06-09", "signal": "Kontinuierliches Domain- und Privacy-Policy-Monitoring mit historischen Ergebnissen und regionaler Zugriffssimulation.", "url": "https://saferpage.de/vergleich/features-json", "official_url": "https://www.osano.com/features/compliance-check", "matrix_url": "https://saferpage.de/vergleich/features-json" }, { "id": "vanta_trust_center_2026_06", "vendor": "Vanta", "checked_at": "2026-06-09", "signal": "Trust-Center-Zugriffe mit Ablaufdatum, NDA-Anforderung, Revocation und Viewer-Datenlöschung.", "url": "https://saferpage.de/vergleich/features-json", "official_url": "https://help.vanta.com/en/articles/11345469-vanta-trust-center", "matrix_url": "https://saferpage.de/vergleich/features-json" }, { "id": "conveyor_trust_ai_2026_06", "vendor": "Conveyor", "checked_at": "2026-06-09", "signal": "Trust-Center-Agent für Kundenfragen und Fragebögen mit Quellenlinks, Source-Download und Audit-Fähigkeiten.", "url": "https://saferpage.de/vergleich/features-json", "official_url": "https://docs.conveyor.com/docs/trust-center-agent", "matrix_url": "https://saferpage.de/vergleich/features-json" } ], "benchmark_requirements": [ { "id": "dach_all_in_one_fast_report", "label": "Schneller DACH-All-in-one-Report", "status": "covered", "evidence": "Der DACH-Website-Check exportiert Datenschutz, Cookies/Consent, Rechtstexte, BFSG/WCAG, Security, E-Mail/Domain, NIS2, E-Commerce, Performance/technische UX, SEO/KI-Sichtbarkeit mit robots.txt-/KI-Bot-/llms.txt-WARD-Prüfpunkten, 160x150-Seitenvorschau, Coverage-Metriken, Detailmodule und Fix-Links in einer endnutzerfreundlichen Ansicht. Produktive Secrets und Freigaben bleiben separat im Parity-Board blockiert.", "next_action": "Website-Check als Endnutzer-/Betreiber-Einstieg nutzen und Coverage-, Performance-, SEO/KI-/Bot-Policy- und Screenshot-Metriken im JSON beobachten.", "url": "https://saferpage.de/website-check/anrufer.info/json", "source_ids": [ "compliso_scanner_2026_06", "webpruefer_website_check_2026_06" ], "source_details": [ { "id": "compliso_scanner_2026_06", "vendor": "Compliso", "checked_at": "2026-06-09", "official_url": "https://compliso.de/features/scanner/", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "30 DSGVO-Checks, Cookie-/Storage-/Third-Party-Analyse, Chrome DevTools Protocol, Dark-Pattern-Erkennung und BFSG/WCAG-Audit." }, { "id": "webpruefer_website_check_2026_06", "vendor": "WebPrüfer", "checked_at": "2026-06-09", "official_url": "https://web-pruefer.de/", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "87 Prüfungen in Recht, DSGVO, Technik, SEO, KI-Sichtbarkeit, BFSG, E-Commerce und Sicherheit." } ], "source_labels": [ "Compliso (2026-06-09)", "WebPrüfer (2026-06-09)" ] }, { "id": "consent_cookie_thumbnail_report", "label": "Cookie-/Tracker-Report mit Screenshot-Kontext", "status": "covered", "evidence": "Kurzreport, Share-Card, Cookie-/Anbieterdetails und 160x150-Screenshot-Previews sind verlinkt.", "next_action": "Cookie-Details und Top-Fixes konsequent in Kurzreport, A-Z und Crawler-Listen aktuell halten.", "url": "https://saferpage.de/anrufer.info/share-card-json", "source_ids": [ "cookiebot_scan_report_2026_06", "compliso_scanner_2026_06" ], "source_details": [ { "id": "cookiebot_scan_report_2026_06", "vendor": "Cookiebot", "checked_at": "2026-06-09", "official_url": "https://support.cookiebot.com/hc/en-us/articles/5007079527580-Understanding-the-scan-report", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Monatliche Scans mit Domain-Zusammenfassung, Landingpage-Thumbnail, Tracker-Anzahl, Kategorien und Prior-Consent-Hinweisen." }, { "id": "compliso_scanner_2026_06", "vendor": "Compliso", "checked_at": "2026-06-09", "official_url": "https://compliso.de/features/scanner/", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "30 DSGVO-Checks, Cookie-/Storage-/Third-Party-Analyse, Chrome DevTools Protocol, Dark-Pattern-Erkennung und BFSG/WCAG-Audit." } ], "source_labels": [ "Cookiebot (2026-06-09)", "Compliso (2026-06-09)" ] }, { "id": "public_test_index_preview_coverage", "label": "Öffentlicher Testindex mit Preview-Coverage", "status": "covered", "evidence": "A-Z-Testindex, letzte Checks, Sitemap-Shards, JSON/CSV/Markdown-Exports, direkte Modul-Links und 160x150-Preview-Coverage sind öffentlich belegbar.", "next_action": "Preview-Abdeckung in Testindex und Crawler-Ops beobachten; fehlende Vorschauen sofort als Backfill-Kandidaten behandeln.", "url": "https://saferpage.de/tests-json", "source_ids": [ "cookiebot_scan_report_2026_06", "siteboard_deepscan_2026_06", "siwecos_feature_overview_2026_06" ], "source_details": [ { "id": "cookiebot_scan_report_2026_06", "vendor": "Cookiebot", "checked_at": "2026-06-09", "official_url": "https://support.cookiebot.com/hc/en-us/articles/5007079527580-Understanding-the-scan-report", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Monatliche Scans mit Domain-Zusammenfassung, Landingpage-Thumbnail, Tracker-Anzahl, Kategorien und Prior-Consent-Hinweisen." }, { "id": "siteboard_deepscan_2026_06", "vendor": "siteboard", "checked_at": "2026-06-09", "official_url": "https://siteboard.io/", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Barrierefreiheit, Performance, Sicherheit und technische Qualität mit DeepScans bis 100 Unterseiten, Monitoring, PDF-Reports und detaillierten Entwickler-Reports." }, { "id": "siwecos_feature_overview_2026_06", "vendor": "SIWECOS", "checked_at": "2026-06-09", "official_url": "https://siwecos.de/ueber-das-projekt/feature-uebersicht", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Tägliche Prüfung registrierter Domains, automatische Nachrichten, Siegel, Gesamtscore und Sicherheitsbericht." } ], "source_labels": [ "Cookiebot (2026-06-09)", "siteboard (2026-06-09)", "SIWECOS (2026-06-09)" ] }, { "id": "scheduled_security_alerting", "label": "Geplante Security-Scans mit Alerting", "status": "blocked", "evidence": "Security-Evidence-Index, Launch-Board, Security-Profile, Alerts, Badges, Feed-Evidence, Dry-Run-Gates und externe Nachweispläne sind öffentlich belegbar; Feed-Credentials, Feed-Storage-Freigabe und produktive externe Alert-Ziele sind noch nicht aktiv.", "next_action": "Security-Evidence-Index und Launch-Board beobachten; URLhaus/Safe-Browsing-Credentials, Storage-Approval und Delivery-Approval über No-Secret-Preflights freigeben.", "url": "https://saferpage.de/security-evidence-json", "source_ids": [ "siwecos_feature_overview_2026_06" ], "source_details": [ { "id": "siwecos_feature_overview_2026_06", "vendor": "SIWECOS", "checked_at": "2026-06-09", "official_url": "https://siwecos.de/ueber-das-projekt/feature-uebersicht", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Tägliche Prüfung registrierter Domains, automatische Nachrichten, Siegel, Gesamtscore und Sicherheitsbericht." } ], "source_labels": [ "SIWECOS (2026-06-09)" ] }, { "id": "continuous_privacy_monitoring", "label": "Kontinuierliches Privacy- und Policy-Monitoring", "status": "covered", "evidence": "Portfolio-Schedule, Policy-Diff, Consent-Region-Regeln und Betreiber-Digests sind als Module angelegt.", "next_action": "Portfolio-Digest, Policy-Diff und Consent-Region-Regeln enger im Betreiberfluss verbinden.", "url": "https://saferpage.de/portfolio/schedule-json", "source_ids": [ "osano_compliance_check_2026_06" ], "source_details": [ { "id": "osano_compliance_check_2026_06", "vendor": "Osano", "checked_at": "2026-06-09", "official_url": "https://www.osano.com/features/compliance-check", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Kontinuierliches Domain- und Privacy-Policy-Monitoring mit historischen Ergebnissen und regionaler Zugriffssimulation." } ], "source_labels": [ "Osano (2026-06-09)" ] }, { "id": "agency_developer_deepscan_report", "label": "Agentur-/Developer-DeepScan-Report", "status": "covered", "evidence": "Seiteninventar, Crawl-Abdeckung, 100-Unterseiten-Zielplan, Backoff-/Timeout-Guardrails, Performance/UX, Accessibility, Security, Fix-Guides und White-Label-Report-Pack sind als DeepScan-Paket exportierbar.", "next_action": "Agentur-/Developer-DeepScan als zentrale Arbeitsansicht fuer 100er-Zielplan, Seiteninventar, Fix-Guides, Performance-/Accessibility-Evidence, PDF, Backoff-Grenzen und Re-Scan-Links nutzen.", "url": "https://saferpage.de/agentur/anrufer.info/deepscan-json", "source_ids": [ "siteboard_deepscan_2026_06" ], "source_details": [ { "id": "siteboard_deepscan_2026_06", "vendor": "siteboard", "checked_at": "2026-06-09", "official_url": "https://siteboard.io/", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Barrierefreiheit, Performance, Sicherheit und technische Qualität mit DeepScans bis 100 Unterseiten, Monitoring, PDF-Reports und detaillierten Entwickler-Reports." } ], "source_labels": [ "siteboard (2026-06-09)" ] }, { "id": "dach_crawler_performance_backoff_ops", "label": "Performanter DACH-Crawler mit Backoff", "status": "covered", "evidence": "Crawler-Operations liefern User-Agent, Queue, direkte Kurzreportlinks, Durchsatz, Backlog-ETA, Fehlerklassen, Retry-/Backoff-Policy, Performance-Grenzen und Runbook fuer schonende Skalierung im deutschsprachigen Raum.", "next_action": "Batchgroesse nur anhand stabiler Health-, Durchsatz- und Fehlerquoten erhoehen; Seeds und Filter kontinuierlich pflegen.", "url": "https://saferpage.de/crawler/ops-json", "source_ids": [ "siteboard_deepscan_2026_06", "osano_compliance_check_2026_06" ], "source_details": [ { "id": "siteboard_deepscan_2026_06", "vendor": "siteboard", "checked_at": "2026-06-09", "official_url": "https://siteboard.io/", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Barrierefreiheit, Performance, Sicherheit und technische Qualität mit DeepScans bis 100 Unterseiten, Monitoring, PDF-Reports und detaillierten Entwickler-Reports." }, { "id": "osano_compliance_check_2026_06", "vendor": "Osano", "checked_at": "2026-06-09", "official_url": "https://www.osano.com/features/compliance-check", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Kontinuierliches Domain- und Privacy-Policy-Monitoring mit historischen Ergebnissen und regionaler Zugriffssimulation." } ], "source_labels": [ "siteboard (2026-06-09)", "Osano (2026-06-09)" ] }, { "id": "cms_specific_fix_playbooks", "label": "CMS-/Shop-spezifische Reparaturanleitungen", "status": "covered", "evidence": "Technik-Center und Markdown-Export liefern CMS-/Shop-/Deployment-Playbooks mit Plattformschritten, Owner, Abnahmekriterien, Guide und Re-Scan-Link; bei unsicherer Erkennung wird kein CMS behauptet.", "next_action": "Playbooks in Betreiber-Flow, DeepScan und Fix-Guides als Standard-Reparaturpfad verlinkt halten.", "url": "https://saferpage.de/technik/anrufer.info/export", "source_ids": [ "hugo_check_2026_06" ], "source_details": [ { "id": "hugo_check_2026_06", "vendor": "Hugo Check", "checked_at": "2026-06-09", "official_url": "https://www.fraghugo.de/hugo-check/", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "29-Punkte-Website-Scanner für DSGVO, IT-Sicherheit, E-Mail, Domain-Schutz, NIS2-Betroffenheitscheck, Unterseitenkontingente, Monitoring und White-Label-Reports." } ], "source_labels": [ "Hugo Check (2026-06-09)" ] }, { "id": "evidence_grade_network_audit", "label": "Evidence-basierter Browser-/Netzwerk-Audit", "status": "covered", "evidence": "Audit Evidence Pack, Chromium-Requests, Drittanbieter-Matrix, Cookie-/Storage-Evidence, Consent-Zustände, Screenshot und Integritätsmanifest sind im Kurzreport und JSON exportierbar.", "next_action": "Request-Samples, Consent-Zustände und Evidence-Manifest weiterhin ohne personenbezogene Rohdaten, Secrets oder Besucherlogs exportieren.", "url": "https://saferpage.de/anrufer.info#audit-evidence", "source_ids": [ "auditzo_evidence_audit_2026_06" ], "source_details": [ { "id": "auditzo_evidence_audit_2026_06", "vendor": "Auditzo", "checked_at": "2026-06-09", "official_url": "https://www.auditzo.com/", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Evidence-first Website Compliance Audit mit realer Browser-Netzwerkerfassung, HAR-/Request-Evidence, Pre-Consent-Tracking, Third-Party-Data-Flow und Framework-Mapping." } ], "source_labels": [ "Auditzo (2026-06-09)" ] }, { "id": "nis2_email_domain_monitoring", "label": "NIS2-, E-Mail- und Domain-Schutz-Signale", "status": "covered", "evidence": "NIS2-Selbstcheck, Infrastructure-Analyse mit MX/SPF/DMARC, TLS/HSTS, Domainhistorie, Security-Headern, Monitoring und Betreiberfragen sind verlinkt.", "next_action": "NIS2-Betroffenheit nicht aus Website-Signalen behaupten; Betreiberfragen, Branche, Größe und Lieferkettenbezug im Self-Check bestätigen lassen.", "url": "https://saferpage.de/nis2/anrufer.info/export", "source_ids": [ "hugo_check_2026_06" ], "source_details": [ { "id": "hugo_check_2026_06", "vendor": "Hugo Check", "checked_at": "2026-06-09", "official_url": "https://www.fraghugo.de/hugo-check/", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "29-Punkte-Website-Scanner für DSGVO, IT-Sicherheit, E-Mail, Domain-Schutz, NIS2-Betroffenheitscheck, Unterseitenkontingente, Monitoring und White-Label-Reports." } ], "source_labels": [ "Hugo Check (2026-06-09)" ] }, { "id": "email_domain_authentication_center", "label": "Eigenes E-Mail-/Domain-Schutz-Center", "status": "covered", "evidence": "E-Mail-Schutz-Center liefert MX, SPF, DKIM-Betreibernachweis, DMARC, DNSSEC, CAA, HSTS, Domainhistorie, JSON/CSV/Markdown und Betreiber-Playbook ohne E-Mail-Versand oder private Header.", "next_action": "DKIM nur mit Selector- oder Mail-Header-Evidence bestaetigen und den Bereich dauerhaft aus Website-Check, Sitemap und Fix-Guides verlinken.", "url": "https://saferpage.de/email-schutz/anrufer.info/json", "source_ids": [ "hugo_check_2026_06", "siwecos_feature_overview_2026_06" ], "source_details": [ { "id": "hugo_check_2026_06", "vendor": "Hugo Check", "checked_at": "2026-06-09", "official_url": "https://www.fraghugo.de/hugo-check/", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "29-Punkte-Website-Scanner für DSGVO, IT-Sicherheit, E-Mail, Domain-Schutz, NIS2-Betroffenheitscheck, Unterseitenkontingente, Monitoring und White-Label-Reports." }, { "id": "siwecos_feature_overview_2026_06", "vendor": "SIWECOS", "checked_at": "2026-06-09", "official_url": "https://siwecos.de/ueber-das-projekt/feature-uebersicht", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Tägliche Prüfung registrierter Domains, automatische Nachrichten, Siegel, Gesamtscore und Sicherheitsbericht." } ], "source_labels": [ "Hugo Check (2026-06-09)", "SIWECOS (2026-06-09)" ] }, { "id": "public_badge_verification_page", "label": "Öffentliches Prüfbadge mit Verifizierungsseite", "status": "covered", "evidence": "Badge, Badge-Index, Embed Center, JSON, Markdown, Kurzreport und Sitemap verlinken öffentliche Verifizierungsseiten mit Score, Prüfdatum, geprüften Bereichen, Methodik und klaren Claim-Grenzen; verboten sind Zertifikats-, Rechtsfreigabe- oder Abmahnsicherheits-Claims.", "next_action": "Badge-Verifizierung und Badge-Index als Standardziel für Betreiber-Trustseiten halten, Embed-Links immer auf die Verifizierungsseite führen und nach wesentlichen Website-Änderungen Re-Scan empfehlen.", "url": "https://saferpage.de/badges-json", "source_ids": [ "website_check_trusted_seal_2026_06", "cookieinspector_public_verification_badge_2026_06", "siwecos_feature_overview_2026_06" ], "source_details": [ { "id": "website_check_trusted_seal_2026_06", "vendor": "Website-Check.de", "checked_at": "2026-06-09", "official_url": "https://website-check.de/", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Sichtbare Compliance-Siegel, automatisierte Website-/Shop-Pruefungen, BFSG/WCAG-Checks, Rechtstexte, Consent-Management und Handlungsempfehlungen." }, { "id": "cookieinspector_public_verification_badge_2026_06", "vendor": "CookieInspector", "checked_at": "2026-06-09", "official_url": "https://www.cookieinspector.com/cookie-scanner", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Sharebare Cookie-/Tracker-Reports und Public Verification Badge mit öffentlicher Verifizierungsseite fuer letzten Scanstatus." }, { "id": "siwecos_feature_overview_2026_06", "vendor": "SIWECOS", "checked_at": "2026-06-09", "official_url": "https://siwecos.de/ueber-das-projekt/feature-uebersicht", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Tägliche Prüfung registrierter Domains, automatische Nachrichten, Siegel, Gesamtscore und Sicherheitsbericht." } ], "source_labels": [ "Website-Check.de (2026-06-09)", "CookieInspector (2026-06-09)", "SIWECOS (2026-06-09)" ] }, { "id": "gated_trust_and_questionnaires", "label": "Gated Trust Center und Questionnaire-Automation", "status": "partial", "evidence": "Öffentliche Trust-/Questionnaire-Coverage, Quellenbindung, Review-Gates, Exportmanifest, Viewer-Privacy, Trust-Readiness-Index und Claim-Grenzen sind belegbar; produktive Auth, NDA, private Dokumente, API-Key-Store und echte Questionnaire-Verarbeitung fehlen als Live-Integration.", "next_action": "Trust-Readiness-Index und Gated-Readiness-Dossiers beobachten; Trust-Access, Viewer-Privacy, API-Key-Store sowie Questionnaire-Review erst nach Auth-/Storage-/NDA-Freigaben produktiv schalten.", "url": "https://saferpage.de/trust-readiness-json", "source_ids": [ "vanta_trust_center_2026_06", "conveyor_trust_ai_2026_06" ], "source_details": [ { "id": "vanta_trust_center_2026_06", "vendor": "Vanta", "checked_at": "2026-06-09", "official_url": "https://help.vanta.com/en/articles/11345469-vanta-trust-center", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Trust-Center-Zugriffe mit Ablaufdatum, NDA-Anforderung, Revocation und Viewer-Datenlöschung." }, { "id": "conveyor_trust_ai_2026_06", "vendor": "Conveyor", "checked_at": "2026-06-09", "official_url": "https://docs.conveyor.com/docs/trust-center-agent", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Trust-Center-Agent für Kundenfragen und Fragebögen mit Quellenlinks, Source-Download und Audit-Fähigkeiten." } ], "source_labels": [ "Vanta (2026-06-09)", "Conveyor (2026-06-09)" ] }, { "id": "gated_trust_activation_dossier", "label": "Gated-Trust-Go-live-Dossier mit Blockertransparenz", "status": "covered", "evidence": "Gated Readiness bündelt Domain-Claim, Visitor Auth, NDA, private Dokumente, Access Groups, Viewer-Datenschutz, Questionnaire Intake, Portal-Automation, API-Key-Runtime, Delivery-Freigabe, Trust-/Questionnaire-Coverage, Aktivierungsreihenfolge, Claim-Grenzen und No-Secret-Policy als öffentliche Go-live-Checkliste.", "next_action": "Dossier vor jeder privaten Trust-Freigabe als Pflichtcheck nutzen und produktive Zugriffe erst nach echten Auth-/Storage-/NDA-/Delivery-/API-Gates aktivieren.", "url": "https://saferpage.de/trust/anrufer.info/gated-readiness-json", "source_ids": [ "vanta_trust_center_2026_06", "conveyor_trust_ai_2026_06" ], "source_details": [ { "id": "vanta_trust_center_2026_06", "vendor": "Vanta", "checked_at": "2026-06-09", "official_url": "https://help.vanta.com/en/articles/11345469-vanta-trust-center", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Trust-Center-Zugriffe mit Ablaufdatum, NDA-Anforderung, Revocation und Viewer-Datenlöschung." }, { "id": "conveyor_trust_ai_2026_06", "vendor": "Conveyor", "checked_at": "2026-06-09", "official_url": "https://docs.conveyor.com/docs/trust-center-agent", "matrix_url": "https://saferpage.de/vergleich/features-json", "signal": "Trust-Center-Agent für Kundenfragen und Fragebögen mit Quellenlinks, Source-Download und Audit-Fähigkeiten." } ], "source_labels": [ "Vanta (2026-06-09)", "Conveyor (2026-06-09)" ] } ], "readiness_smokes": { "competitive_evidence": { "id": "competitive_evidence_health_smoke", "available": true, "ok": true, "status": "ok", "generated_at": "2026-06-09T20:36:42+00:00", "url": "https://saferpage.de/evidence/competitive-evidence-health-smoke.json", "summary": "Sanitisierter Smoke-Lauf fuer die oeffentlichen SaferPage-Wettbewerbs-Evidence-Routen und Benchmark-Linkvertraege.", "claim_boundary": "", "metrics": { "target_count": 79, "source_count": 0, "reachable_count": 0, "manual_review_required_count": 0, "client_error_review_required_count": 0, "server_error_count": 0, "transport_failed_count": 0, "hard_failure_count": 0, "failed_check_count": 0, "blocked_expected_count": 0, "dry_run_sent_count": 0, "runner_sent_count": 0, "dry_run_executed_count": 0, "dry_run_stored_observation_count": 0, "dry_run_queued_count": 0, "crawler_available": 0, "timer_available": 0, "dach_check_count": 0, "queue_count": 0, "seed_file_host_count": 0, "recent_report_count": 0, "test_index_visible_count": 0, "test_index_total_public_checks": 0, "test_index_preview_coverage_percent": 0, "test_index_preview_missing_count": 0, "test_index_crawler_german_count": 0, "preview_coverage_percent": 0, "preview_missing_count": 0, "error_rate_percent": 0, "api_access_storage_ready": 0, "api_access_storage_table_count": 0, "trust_readiness_item_count": 0, "public_links_per_domain": 0, "public_trust_module_count": 0, "public_evidence_link_count": 0, "advanced_trust_module_target_count": 0, "advanced_trust_module_passed_count": 0, "gated_public_trust_coverage_percent": 0, "gated_blocked_gate_count": 0, "gated_pending_gate_count": 0, "questionnaire_review_readiness_score": 0, "passed_count": 79, "failed_count": 0, "http_failed_count": 0, "contract_check_count": 7, "contract_failed_count": 0, "open_benchmark_count": 2, "open_action_count": 2, "open_public_evidence_url_count": 4, "open_runbook_link_count": 13, "use_case_segment_count": 8, "use_case_segment_next_action_count": 8, "use_case_segment_public_evidence_url_count": 8, "use_case_decision_path_count": 8, "use_case_decision_path_evidence_count": 8, "use_case_gated_decision_path_count": 3 } }, "competitive_sources": { "id": "competitive_source_availability_smoke", "available": true, "ok": true, "status": "ok", "generated_at": "2026-06-09T20:04:41+00:00", "url": "https://saferpage.de/evidence/competitive-source-availability-smoke.json", "summary": "Sanitisierter Availability-Smoke fuer offizielle Wettbewerbs-Primärquellen aus dem SaferPage Quellen-Watch.", "claim_boundary": "Der Source-Availability-Smoke prueft nur oeffentliche offizielle Quellen-URLs. 401/403 bedeutet automatisierter Abruf blockiert und verlangt manuelle Review, nicht automatisch eine ungueltige Quelle.", "metrics": { "target_count": 0, "source_count": 14, "reachable_count": 12, "manual_review_required_count": 2, "client_error_review_required_count": 0, "server_error_count": 0, "transport_failed_count": 0, "hard_failure_count": 0, "failed_check_count": 0, "blocked_expected_count": 0, "dry_run_sent_count": 0, "runner_sent_count": 0, "dry_run_executed_count": 0, "dry_run_stored_observation_count": 0, "dry_run_queued_count": 0, "crawler_available": 0, "timer_available": 0, "dach_check_count": 0, "queue_count": 0, "seed_file_host_count": 0, "recent_report_count": 0, "test_index_visible_count": 0, "test_index_total_public_checks": 0, "test_index_preview_coverage_percent": 0, "test_index_preview_missing_count": 0, "test_index_crawler_german_count": 0, "preview_coverage_percent": 0, "preview_missing_count": 0, "error_rate_percent": 0, "api_access_storage_ready": 0, "api_access_storage_table_count": 0, "trust_readiness_item_count": 0, "public_links_per_domain": 0, "public_trust_module_count": 0, "public_evidence_link_count": 0, "advanced_trust_module_target_count": 0, "advanced_trust_module_passed_count": 0, "gated_public_trust_coverage_percent": 0, "gated_blocked_gate_count": 0, "gated_pending_gate_count": 0, "questionnaire_review_readiness_score": 0, "passed_count": 0, "failed_count": 0, "http_failed_count": 0, "contract_check_count": 0, "contract_failed_count": 0, "open_benchmark_count": 0, "open_action_count": 0, "open_public_evidence_url_count": 0, "open_runbook_link_count": 0, "use_case_segment_count": 0, "use_case_segment_next_action_count": 0, "use_case_segment_public_evidence_url_count": 0, "use_case_decision_path_count": 0, "use_case_decision_path_evidence_count": 0, "use_case_gated_decision_path_count": 0 } }, "crawler": { "id": "crawler_readiness_smoke", "available": true, "ok": true, "status": "ok", "generated_at": "2026-06-09T20:14:00+00:00", "url": "https://saferpage.de/evidence/crawler-readiness-smoke.json", "summary": "No-Secret-Smoke fuer DACH-Crawler-Operations, Timer-Runner, User-Agent, Seedquelle, Performance-Grenzen, Recent-Reportlinks und Screenshot-Preview-Coverage.", "claim_boundary": "Dieser Smoke startet keinen Crawl, erhöht keine Parallelität, ruft keine privaten Zielsysteme ab und veröffentlicht keine Besucherlogs. Er belegt nur öffentliche Betriebs- und Readiness-Signale.", "metrics": { "target_count": 10, "source_count": 0, "reachable_count": 0, "manual_review_required_count": 0, "client_error_review_required_count": 0, "server_error_count": 0, "transport_failed_count": 0, "hard_failure_count": 0, "failed_check_count": 0, "blocked_expected_count": 0, "dry_run_sent_count": 0, "runner_sent_count": 0, "dry_run_executed_count": 0, "dry_run_stored_observation_count": 0, "dry_run_queued_count": 0, "crawler_available": 1, "timer_available": 1, "dach_check_count": 692, "queue_count": 589, "seed_file_host_count": 86, "recent_report_count": 36, "test_index_visible_count": 200, "test_index_total_public_checks": 704, "test_index_preview_coverage_percent": 100, "test_index_preview_missing_count": 0, "test_index_crawler_german_count": 692, "preview_coverage_percent": 100, "preview_missing_count": 0, "error_rate_percent": 2.79, "api_access_storage_ready": 0, "api_access_storage_table_count": 0, "trust_readiness_item_count": 0, "public_links_per_domain": 0, "public_trust_module_count": 0, "public_evidence_link_count": 0, "advanced_trust_module_target_count": 0, "advanced_trust_module_passed_count": 0, "gated_public_trust_coverage_percent": 0, "gated_blocked_gate_count": 0, "gated_pending_gate_count": 0, "questionnaire_review_readiness_score": 0, "passed_count": 0, "failed_count": 0, "http_failed_count": 0, "contract_check_count": 0, "contract_failed_count": 0, "open_benchmark_count": 0, "open_action_count": 0, "open_public_evidence_url_count": 0, "open_runbook_link_count": 0, "use_case_segment_count": 0, "use_case_segment_next_action_count": 0, "use_case_segment_public_evidence_url_count": 0, "use_case_decision_path_count": 0, "use_case_decision_path_evidence_count": 0, "use_case_gated_decision_path_count": 0 } }, "trust": { "id": "trust_readiness_smoke", "available": true, "ok": true, "status": "ok", "generated_at": "2026-06-09T19:44:29+00:00", "url": "https://saferpage.de/evidence/trust-readiness-smoke.json", "summary": "No-Secret-Smoke fuer Trust-Readiness, Gated-Trust-Dossier, Viewer-Datenschutz, Questionnaire-Review, Export-Blueprints, Data-Room-Gates und Public-Evidence-Linkvertrag.", "claim_boundary": "Dieser Smoke aktiviert keine Besucher-Auth, keine NDA-Signatur, keine privaten Dokumente, keine Portal-Credentials, keine echten Fragebogen-Uploads, keine AI-Live-Antworten und keine Magic Links. Produktive Trust-Gates bleiben erwartete Betreiberfreigaben.", "metrics": { "target_count": 32, "source_count": 0, "reachable_count": 0, "manual_review_required_count": 0, "client_error_review_required_count": 0, "server_error_count": 0, "transport_failed_count": 0, "hard_failure_count": 0, "failed_check_count": 0, "blocked_expected_count": 1, "dry_run_sent_count": 0, "runner_sent_count": 0, "dry_run_executed_count": 0, "dry_run_stored_observation_count": 0, "dry_run_queued_count": 0, "crawler_available": 0, "timer_available": 0, "dach_check_count": 0, "queue_count": 0, "seed_file_host_count": 0, "recent_report_count": 0, "test_index_visible_count": 0, "test_index_total_public_checks": 0, "test_index_preview_coverage_percent": 0, "test_index_preview_missing_count": 0, "test_index_crawler_german_count": 0, "preview_coverage_percent": 0, "preview_missing_count": 0, "error_rate_percent": 0, "api_access_storage_ready": 0, "api_access_storage_table_count": 0, "trust_readiness_item_count": 120, "public_links_per_domain": 28, "public_trust_module_count": 28, "public_evidence_link_count": 3360, "advanced_trust_module_target_count": 13, "advanced_trust_module_passed_count": 13, "gated_public_trust_coverage_percent": 100, "gated_blocked_gate_count": 7, "gated_pending_gate_count": 2, "questionnaire_review_readiness_score": 100, "passed_count": 0, "failed_count": 0, "http_failed_count": 0, "contract_check_count": 0, "contract_failed_count": 0, "open_benchmark_count": 0, "open_action_count": 0, "open_public_evidence_url_count": 0, "open_runbook_link_count": 0, "use_case_segment_count": 0, "use_case_segment_next_action_count": 0, "use_case_segment_public_evidence_url_count": 0, "use_case_decision_path_count": 0, "use_case_decision_path_evidence_count": 0, "use_case_gated_decision_path_count": 0 } }, "alert_delivery": { "id": "alert_delivery_readiness_smoke", "available": true, "ok": true, "status": "ok", "generated_at": "2026-06-09T17:46:10+00:00", "url": "https://saferpage.de/evidence/alert-delivery-readiness-smoke.json", "summary": "No-Secret-Smoke fuer Alert-Delivery-Preflight, Dispatch-Runner, Runtime-Kontrollen, Delivery-Fixture, Operator-Go-live und isolierten Dry-run.", "claim_boundary": "Dieser Smoke setzt keine Delivery-Secrets, konfiguriert keine Zielsysteme, versendet keine Alerts, schreibt keinen produktiven Sink und veröffentlicht keine Webhook-URLs, Tokens, Empfänger oder Rohpayloads.", "metrics": { "target_count": 6, "source_count": 0, "reachable_count": 0, "manual_review_required_count": 0, "client_error_review_required_count": 0, "server_error_count": 0, "transport_failed_count": 0, "hard_failure_count": 0, "failed_check_count": 0, "blocked_expected_count": 1, "dry_run_sent_count": 0, "runner_sent_count": 0, "dry_run_executed_count": 0, "dry_run_stored_observation_count": 0, "dry_run_queued_count": 1, "crawler_available": 0, "timer_available": 0, "dach_check_count": 0, "queue_count": 0, "seed_file_host_count": 0, "recent_report_count": 0, "test_index_visible_count": 0, "test_index_total_public_checks": 0, "test_index_preview_coverage_percent": 0, "test_index_preview_missing_count": 0, "test_index_crawler_german_count": 0, "preview_coverage_percent": 0, "preview_missing_count": 0, "error_rate_percent": 0, "api_access_storage_ready": 0, "api_access_storage_table_count": 0, "trust_readiness_item_count": 0, "public_links_per_domain": 0, "public_trust_module_count": 0, "public_evidence_link_count": 0, "advanced_trust_module_target_count": 0, "advanced_trust_module_passed_count": 0, "gated_public_trust_coverage_percent": 0, "gated_blocked_gate_count": 0, "gated_pending_gate_count": 0, "questionnaire_review_readiness_score": 0, "passed_count": 0, "failed_count": 0, "http_failed_count": 0, "contract_check_count": 0, "contract_failed_count": 0, "open_benchmark_count": 0, "open_action_count": 0, "open_public_evidence_url_count": 0, "open_runbook_link_count": 0, "use_case_segment_count": 0, "use_case_segment_next_action_count": 0, "use_case_segment_public_evidence_url_count": 0, "use_case_decision_path_count": 0, "use_case_decision_path_evidence_count": 0, "use_case_gated_decision_path_count": 0 } }, "security_feed": { "id": "security_feed_readiness_smoke", "available": true, "ok": true, "status": "ok", "generated_at": "2026-06-09T19:39:37+00:00", "url": "https://saferpage.de/evidence/security-feed-readiness-smoke.json", "summary": "No-Secret-Smoke fuer Security-Feed-Launch-Board, Credential-Preflight, Storage-Readiness, Runner, Runtime-Kontrollen, Operator-Go-live und isolierten Dry-run.", "claim_boundary": "Dieser Smoke setzt keine Feed-Credentials, ruft keine externen Malware-/Safe-Browsing-Feeds auf, speichert keine echten Observations, versendet keine Alerts und wendet keine Migration an.", "metrics": { "target_count": 12, "source_count": 0, "reachable_count": 0, "manual_review_required_count": 0, "client_error_review_required_count": 0, "server_error_count": 0, "transport_failed_count": 0, "hard_failure_count": 0, "failed_check_count": 0, "blocked_expected_count": 2, "dry_run_sent_count": 0, "runner_sent_count": 0, "dry_run_executed_count": 0, "dry_run_stored_observation_count": 0, "dry_run_queued_count": 0, "crawler_available": 0, "timer_available": 0, "dach_check_count": 0, "queue_count": 0, "seed_file_host_count": 0, "recent_report_count": 0, "test_index_visible_count": 0, "test_index_total_public_checks": 0, "test_index_preview_coverage_percent": 0, "test_index_preview_missing_count": 0, "test_index_crawler_german_count": 0, "preview_coverage_percent": 0, "preview_missing_count": 0, "error_rate_percent": 0, "api_access_storage_ready": 0, "api_access_storage_table_count": 0, "trust_readiness_item_count": 0, "public_links_per_domain": 0, "public_trust_module_count": 0, "public_evidence_link_count": 0, "advanced_trust_module_target_count": 0, "advanced_trust_module_passed_count": 0, "gated_public_trust_coverage_percent": 0, "gated_blocked_gate_count": 0, "gated_pending_gate_count": 0, "questionnaire_review_readiness_score": 0, "passed_count": 0, "failed_count": 0, "http_failed_count": 0, "contract_check_count": 0, "contract_failed_count": 0, "open_benchmark_count": 0, "open_action_count": 0, "open_public_evidence_url_count": 0, "open_runbook_link_count": 0, "use_case_segment_count": 0, "use_case_segment_next_action_count": 0, "use_case_segment_public_evidence_url_count": 0, "use_case_decision_path_count": 0, "use_case_decision_path_evidence_count": 0, "use_case_gated_decision_path_count": 0 } }, "api_key": { "id": "api_key_readiness_smoke", "available": true, "ok": true, "status": "ok", "generated_at": "2026-06-09T19:20:35+00:00", "url": "https://saferpage.de/evidence/api-key-readiness-smoke.json", "summary": "No-Secret-Smoke fuer API-Key-Readiness, Migration-Preflight, Runtime-Gates und Operator-Go-live-Verknuepfung.", "claim_boundary": "Dieser Smoke erzeugt keine API-Keys, setzt keine Env-Gates, wendet keine Migration an und prüft keine privaten Zielsysteme.", "metrics": { "target_count": 6, "source_count": 0, "reachable_count": 0, "manual_review_required_count": 0, "client_error_review_required_count": 0, "server_error_count": 0, "transport_failed_count": 0, "hard_failure_count": 0, "failed_check_count": 0, "blocked_expected_count": 1, "dry_run_sent_count": 0, "runner_sent_count": 0, "dry_run_executed_count": 0, "dry_run_stored_observation_count": 0, "dry_run_queued_count": 0, "crawler_available": 0, "timer_available": 0, "dach_check_count": 0, "queue_count": 0, "seed_file_host_count": 0, "recent_report_count": 0, "test_index_visible_count": 0, "test_index_total_public_checks": 0, "test_index_preview_coverage_percent": 0, "test_index_preview_missing_count": 0, "test_index_crawler_german_count": 0, "preview_coverage_percent": 0, "preview_missing_count": 0, "error_rate_percent": 0, "api_access_storage_ready": 0, "api_access_storage_table_count": 0, "trust_readiness_item_count": 0, "public_links_per_domain": 0, "public_trust_module_count": 0, "public_evidence_link_count": 0, "advanced_trust_module_target_count": 0, "advanced_trust_module_passed_count": 0, "gated_public_trust_coverage_percent": 0, "gated_blocked_gate_count": 0, "gated_pending_gate_count": 0, "questionnaire_review_readiness_score": 0, "passed_count": 0, "failed_count": 0, "http_failed_count": 0, "contract_check_count": 0, "contract_failed_count": 0, "open_benchmark_count": 0, "open_action_count": 0, "open_public_evidence_url_count": 0, "open_runbook_link_count": 0, "use_case_segment_count": 0, "use_case_segment_next_action_count": 0, "use_case_segment_public_evidence_url_count": 0, "use_case_decision_path_count": 0, "use_case_decision_path_evidence_count": 0, "use_case_gated_decision_path_count": 0 } } }, "market_segments": [ { "id": "dach_all_in_one_scanner", "competitor_expectation": "Schneller deutscher Website-Check mit Datenschutz, Cookies, Rechtstexten, BFSG/WCAG, E-Commerce, NIS2, Security, Performance, SEO/KI-Sichtbarkeit, Score, Monitoring, Alerts und Fix-Anleitungen.", "saferpage_position": "Weitgehend abgedeckt; produktive Zielsystem- und Security-Feed-Secrets bleiben die harten Go-Live-Gates.", "status": "partial", "evidence_url": "https://saferpage.de/vergleich/features-json" }, { "id": "dach_security_scanner", "competitor_expectation": "SIWECOS-artige Pruefung mit taeglichen Checks, Malware-/Blacklist-Signalen, Benachrichtigung, Badge und Sicherheitsbericht.", "saferpage_position": "Security-Evidence-Index, passive Security, Alerts, Badge, Feed-Runner, Launch-Board und Preflights sind vorhanden; echte Feed-Credentials, Storage- und Versandfreigabe blockieren produktive Paritaet.", "status": "blocked", "evidence_url": "https://saferpage.de/security-evidence-json" }, { "id": "cookie_tracker_scanner", "competitor_expectation": "Cookie-/Tracker-Erkennung, Consent-Bedarf, Anbieter, Zweck, Kategorie und Policy-/CMP-Umsetzung.", "saferpage_position": "Abgedeckt mit Cookie-Katalog, Consent Journey, Anbieter-Offenlegung, Tracker Decision Workflow und CMP Queue.", "status": "passed", "evidence_url": "https://saferpage.de/cookies/anrufer.info/export" }, { "id": "trust_privacyops_platform", "competitor_expectation": "Trust Center, Datenraum, Questionnaire-Automation, Access Requests, Viewer Privacy, Rollen, API und Analytics.", "saferpage_position": "Blueprint- und Evidence-Paritaet stark; Trust-Readiness-Index und Gated Readiness zeigen öffentliche Trust-/Questionnaire-Coverage, Quellenbindung, Review-/Export-Gates und machen Auth-, Storage-, NDA-, API-, Delivery- und Questionnaire-Blocker sichtbar. Produktive Flows bleiben Betreiberintegration.", "status": "partial", "evidence_url": "https://saferpage.de/trust-readiness-json" } ], "readiness_gates": [ { "id": "public_nginx_ssl_shortlinks", "label": "Nginx/SSL und kanonische Kurzlinks", "segment": "DACH All-in-one Scanner", "status": "passed", "evidence": "saferpage.de ist als HTTPS-vHost produktiv, Reports werden als /{domain} ohne .php-Links gefuehrt.", "owner": "Platform", "next_action": "Weiter beobachten und Evidenz aktuell halten.", "evidence_url": "https://saferpage.de/" }, { "id": "crawl_timer_and_recent_reports", "label": "Scheduled Scans, A-Z und letzte Reports", "segment": "DACH All-in-one Scanner", "status": "passed", "evidence": "Crawler-State erreichbar: 698 DACH-/DE-Checks, Queue 641, Fehlerquote 2,98%, recent=36, Preview-Coverage=100%, ohne Vorschau=0.", "owner": "Platform", "next_action": "Weiter beobachten und Evidenz aktuell halten.", "evidence_url": "https://saferpage.de/tests-json" }, { "id": "end_user_privacy_report_guides", "label": "Endnutzerreport, Fix-Guides und Betreiber-Pfade", "segment": "DACH All-in-one Scanner", "status": "passed", "evidence": "Kurzreport, Datenschutz-Hub, Top-Fixes, Scorecard, Fix-Guides, Ticket-Delivery und Report-Pack sind verlinkt.", "owner": "Produkt/Datenschutz", "next_action": "Weiter beobachten und Evidenz aktuell halten.", "evidence_url": "https://saferpage.de/fix-guides/anrufer.info/export" }, { "id": "verified_competitor_benchmark", "label": "Verifizierter Wettbewerber-Benchmark", "segment": "DACH All-in-one Scanner", "status": "passed", "evidence": "14 Primärquellen am 2026-06-09 geprüft; 14 Benchmark-Anforderungen im Parity-Board verankert, davon 1 produktiv blockiert.", "owner": "Produkt", "next_action": "Weiter beobachten und Evidenz aktuell halten.", "evidence_url": "https://saferpage.de/vergleich/features-json" }, { "id": "competitive_source_freshness_availability", "label": "Konkurrenzquellen aktuell und erreichbar", "segment": "DACH All-in-one Scanner", "status": "passed", "evidence": "Source-Availability-Smoke gruen: reachable=12/14, manual_review=2, hard_failures=0. Quellen-Watch: 14 Primärquellen, nächster Review nach 30 Tagen, stale nach 45 Tagen.", "owner": "Produkt/Research", "next_action": "Weiter beobachten und Evidenz aktuell halten.", "evidence_url": "https://saferpage.de/vergleich/quellen-json" }, { "id": "competitive_evidence_contracts", "label": "Benchmark-Evidence- und Runbook-Verträge", "segment": "DACH All-in-one Scanner", "status": "passed", "evidence": "Competitive-Evidence-Smoke gruen: routes=79/79, contract_checks=7, contract_failed=0, offene Benchmarks=2, Evidence-URLs=4, Runbooks=13, Einsatzbereiche=8/8, Einsatzbereich-Evidence=8/8, Decisions=8/8, gated=3.", "owner": "Produkt/QA", "next_action": "Weiter beobachten und Evidenz aktuell halten.", "evidence_url": "https://saferpage.de/vergleich/evidence-health-json" }, { "id": "screenshots_pdf_share_cards", "label": "Screenshot, PDF und teilbare Reports", "segment": "DACH All-in-one Scanner", "status": "passed", "evidence": "160x150 Screenshot-Previews, OpenGraph-Share-Card und serverseitiges Playwright-PDF sind vorhanden.", "owner": "Produkt", "next_action": "Weiter beobachten und Evidenz aktuell halten.", "evidence_url": "https://saferpage.de/report-pack/anrufer.info/pdf" }, { "id": "alert_dispatch_outbox", "label": "Alert-Outbox und systemd-Runner", "segment": "DACH Security Scanner", "status": "passed", "evidence": "Alert-Runner-State lesbar: Outbox 64, sent 0, errors 0.", "owner": "Platform/PrivacyOps", "next_action": "Weiter beobachten und Evidenz aktuell halten.", "evidence_url": "https://saferpage.de/alarme/dispatch-runner-json" }, { "id": "delivery_targets_and_approval", "label": "Produktive Betreiber-Zielsysteme", "segment": "DACH Security Scanner", "status": "blocked", "evidence": "Alert-Delivery-Smoke gruen: failed_checks=0, erwartete Blocker=1, dry_run_sent=0, runner_sent=0. Interner lokaler File-Sink ist dry-run-faehig. 8 Delivery-Runtime-Kontrollen dokumentiert. Kein externes Webhook/Slack/Teams-Ziel konfiguriert. SAFERPAGE_ALERT_DISPATCH_APPROVED ist nicht aktiv.", "owner": "IT/Security", "next_action": "Fuer externe Produktivzustellung Webhook/Slack/Teams-Ziel plus Freigabe in /etc/saferpage/alert-dispatch.env setzen; internen File-Sink als Audit-Dry-run weiter nutzen.", "evidence_url": "https://saferpage.de/integrationen/delivery-credential-preflight-json" }, { "id": "security_feed_runner_guarded", "label": "Security-Feed-Runner-State", "segment": "DACH Security Scanner", "status": "passed", "evidence": "Feed-Runner-State lesbar: executed=0, stored=0, errors=0.", "owner": "IT/Security", "next_action": "Weiter beobachten und Evidenz aktuell halten.", "evidence_url": "https://saferpage.de/sicherheit/feed-runner-json" }, { "id": "security_feed_credentials_and_storage", "label": "Produktive Feed-Credentials und Storage-Freigabe", "segment": "DACH Security Scanner", "status": "blocked", "evidence": "Security-Feed-Smoke gruen: failed_checks=0, erwartete Blocker=2, dry_run_executed=0, dry_run_stored=0. URLhaus/Safe-Browsing-Credentials fehlen. Storage-Freigabe nicht aktiv.", "owner": "IT/Security + Datenschutz", "next_action": "SAFERPAGE_URLHAUS_AUTH_KEY, SAFERPAGE_GOOGLE_SAFE_BROWSING_API_KEY und SAFERPAGE_SECURITY_FEED_STORAGE_APPROVED erst nach Freigabe setzen.", "evidence_url": "https://saferpage.de/sicherheit/feed-credential-preflight-json" }, { "id": "cookie_tracker_cmp_workflows", "label": "Cookie-, Tracker- und CMP-Workflows", "segment": "Cookie-/Tracker-Scanner", "status": "passed", "evidence": "Cookie-Katalog, Anbieter-Offenlegung, Consent Journey, Tracker Decision Workflow und CMP Auto-Population Queue sind exportierbar.", "owner": "Datenschutz/Produkt", "next_action": "Weiter beobachten und Evidenz aktuell halten.", "evidence_url": "https://saferpage.de/portfolio/cmp-autopopulation-json" }, { "id": "trust_privacyops_workflows", "label": "Trust-/PrivacyOps-Workflows", "segment": "Trust Automation", "status": "passed", "evidence": "Trust Center, Datenraum, Questionnaire, Access Groups, Viewer Privacy, FAQ, AI Citations und API-Operations sind als Blueprints/Evidence abgedeckt.", "owner": "Trust Ops", "next_action": "Weiter beobachten und Evidenz aktuell halten.", "evidence_url": "https://saferpage.de/trust/anrufer.info/share-json" }, { "id": "operator_api_key_readiness", "label": "Operator-API-Key-Gates", "segment": "Enterprise API", "status": "blocked", "evidence": "API-Key-Smoke gruen: failed_checks=0, erwartete Blocker=1. Operator-Readiness-Index verlinkt Domain-Claim, Trust-API, Delivery, API-Key-Readiness und Runtime-Probes. 7/7 Runtime-Kontrollen implementiert; API-systemd-Service-Vertrag vorhanden; API-Access-Storage 0/2 Tabellen; 0/7 produktive API-Key-Freigaben aktiv. Public Reads, geschuetzte Vertraege und Deny-Fixtures bleiben ohne Key-Ausstellung dokumentiert.", "owner": "IT/Security", "next_action": "Operator-Readiness-Index beobachten; Postgres-Migration anwenden, API-Key-Pepper/Write-HMAC-Secret sicher setzen, vorhandenes Write-HMAC-Test-Fixture gegen Client/Receiver nutzen, Domain-Claim/Test-Key freigeben und danach 401/403/429/Revocation-Smokes ausfuehren.", "evidence_url": "https://saferpage.de/operator-readiness-json" }, { "id": "no_secret_public_exports", "label": "No-Secret- und No-Visitor-Log-Exports", "segment": "Security/Compliance", "status": "passed", "evidence": "Preflights und Runner-State zeigen Referenzen, Hashes, Idempotency-Keys und Status, aber keine Secret-Werte, Ziel-URLs, Empfaenger oder Besucherlogs.", "owner": "Security", "next_action": "Weiter beobachten und Evidenz aktuell halten.", "evidence_url": "https://saferpage.de/schemas" } ], "open_blockers": [ { "id": "delivery_targets_and_approval", "label": "Produktive Betreiber-Zielsysteme", "segment": "DACH Security Scanner", "status": "blocked", "owner": "IT/Security", "next_action": "Fuer externe Produktivzustellung Webhook/Slack/Teams-Ziel plus Freigabe in /etc/saferpage/alert-dispatch.env setzen; internen File-Sink als Audit-Dry-run weiter nutzen.", "evidence_url": "https://saferpage.de/integrationen/delivery-credential-preflight-json" }, { "id": "security_feed_credentials_and_storage", "label": "Produktive Feed-Credentials und Storage-Freigabe", "segment": "DACH Security Scanner", "status": "blocked", "owner": "IT/Security + Datenschutz", "next_action": "SAFERPAGE_URLHAUS_AUTH_KEY, SAFERPAGE_GOOGLE_SAFE_BROWSING_API_KEY und SAFERPAGE_SECURITY_FEED_STORAGE_APPROVED erst nach Freigabe setzen.", "evidence_url": "https://saferpage.de/sicherheit/feed-credential-preflight-json" }, { "id": "operator_api_key_readiness", "label": "Operator-API-Key-Gates", "segment": "Enterprise API", "status": "blocked", "owner": "IT/Security", "next_action": "Operator-Readiness-Index beobachten; Postgres-Migration anwenden, API-Key-Pepper/Write-HMAC-Secret sicher setzen, vorhandenes Write-HMAC-Test-Fixture gegen Client/Receiver nutzen, Domain-Claim/Test-Key freigeben und danach 401/403/429/Revocation-Smokes ausfuehren.", "evidence_url": "https://saferpage.de/operator-readiness-json" } ], "blocker_resolution_runbook": [ { "id": "delivery_targets_and_approval", "label": "Produktive Betreiber-Zielsysteme freigeben", "status": "blocked", "owner": "IT/Security", "why_blocked": "Externes Webhook/Slack/Teams-Ziel fehlt. SAFERPAGE_ALERT_DISPATCH_APPROVED ist nicht aktiv.", "required_env_refs": [ "SAFERPAGE_WEBHOOK_URL", "SAFERPAGE_WEBHOOK_SECRET", "SAFERPAGE_SLACK_WEBHOOK_URL", "SAFERPAGE_TEAMS_WEBHOOK_URL", "SAFERPAGE_ALERT_DISPATCH_APPROVED" ], "preflight_urls": [ "https://saferpage.de/integrationen/delivery-credential-preflight-json", "https://saferpage.de/alarme/dispatch-runner-json", "https://saferpage.de/evidence/delivery-runtime-controls.json", "https://saferpage.de/evidence/alert-delivery-readiness-smoke.json" ], "safe_commands": [ "scripts/run-alert-delivery-readiness-smoke.sh", "scripts/run-alert-dispatch-dry-run-smoke.sh" ], "acceptance_criteria": [ "Alert-Delivery-Readiness-Smoke zeigt failed_check_count=0, dry_run_sent_count=0 und runner_sent_count=0.", "Mindestens ein externes Ziel ist configured=true.", "SAFERPAGE_ALERT_DISPATCH_APPROVED ist erst nach Testempfänger-Dry-run aktiv.", "Dispatch-Runner zeigt keine Secret-Werte, Ziel-URLs oder Empfänger im Public-State.", "Ein Execute-ready-Test sendet nur an freigegebene Zielsysteme." ], "stop_conditions": [ "Unbekannte Ziel-URL oder Empfänger sichtbar im Public-State.", "HMAC-/Idempotency-Vertrag fehlt.", "Fehlerhafte Zustellung oder Retry-Schleife ohne Dead-Letter." ] }, { "id": "security_feed_credentials_and_storage", "label": "Security-Feeds produktiv aktivieren", "status": "blocked", "owner": "IT/Security + Datenschutz", "why_blocked": "URLhaus/Safe-Browsing-Credentials fehlen. SAFERPAGE_SECURITY_FEED_STORAGE_APPROVED ist nicht aktiv.", "required_env_refs": [ "SAFERPAGE_URLHAUS_AUTH_KEY", "SAFERPAGE_GOOGLE_SAFE_BROWSING_API_KEY", "SAFERPAGE_SECURITY_FEED_STORAGE_APPROVED", "SAFERPAGE_SECURITY_FEED_PREFLIGHT_APPROVED" ], "preflight_urls": [ "https://saferpage.de/sicherheit/feed-credential-preflight-json", "https://saferpage.de/sicherheit/feed-storage-readiness-json", "https://saferpage.de/evidence/security-feed-storage-preflight.json", "https://saferpage.de/evidence/security-feed-readiness-smoke.json", "https://saferpage.de/sicherheit/feed-launch-board-json", "https://saferpage.de/evidence/security-feed-runtime-controls.json" ], "safe_commands": [ "scripts/run-security-feed-readiness-smoke.sh", "scripts/run-security-feed-storage-preflight.sh", "scripts/run-storage-migrations.sh", "scripts/run-security-feed-dry-run-smoke.sh" ], "acceptance_criteria": [ "Security-Feed-Readiness-Smoke zeigt failed_check_count=0, dry_run_executed_count=0 und dry_run_stored_observation_count=0.", "Beide Feed-Credentials sind als present=true sichtbar, ohne Secret-Ausgabe.", "Storage-Readiness zeigt Tabellen, Migration und Retention-Gates bereit.", "Live-Probe erfolgt nur mit expliziter Preflight-Freigabe.", "Launch-Board zeigt keine externen Feed-Abfragen im Standardmodus." ], "stop_conditions": [ "Feed-Secret oder API-Key wird öffentlich ausgegeben.", "Storage-Freigabe fehlt oder Retention ist unklar.", "Externe Feed-Abfrage läuft ohne explizites Run-Gate." ] }, { "id": "operator_api_key_readiness", "label": "Operator-API-Key-Store und Gates freischalten", "status": "blocked", "owner": "IT/Security", "why_blocked": "API-Access-Storage 0/2 Tabellen; produktive API-Key-Freigaben 0/7.", "required_env_refs": [ "SAFERPAGE_MIGRATION_DATABASE_URL", "SAFERPAGE_API_KEY_STORE_READY", "SAFERPAGE_API_SCOPE_ENFORCEMENT_READY", "SAFERPAGE_API_ACCESS_AUDIT_READY", "SAFERPAGE_API_RATE_LIMIT_READY", "SAFERPAGE_API_REVOCATION_READY", "SAFERPAGE_API_DOMAIN_CLAIM_READY", "SAFERPAGE_API_WRITE_HMAC_READY" ], "preflight_urls": [ "https://saferpage.de/api-zugriff/key-readiness-json", "https://saferpage.de/api-zugriff/runtime-gate-probe-json", "https://saferpage.de/evidence/api-access-migration-preflight.json", "https://saferpage.de/evidence/api-key-readiness-smoke.json", "https://saferpage.de/evidence/api-runtime-controls.json" ], "safe_commands": [ "scripts/run-api-key-readiness-smoke.sh", "scripts/run-api-access-migration-preflight.sh", "scripts/run-storage-migrations.sh", "scripts/run-api-runtime-deny-smoke.sh", "scripts/run-api-service-smoke.sh" ], "acceptance_criteria": [ "API-Key-Readiness-Smoke zeigt failed_check_count=0 und den Storage-Blocker explizit.", "api_keys und api_access_audit_log sind vorhanden.", "Migration wurde mit kurzlebigem Admin-DSN angewendet, ohne DSN oder Passwort zu loggen.", "Deny-Smokes erzeugen 401/403/429/Revocation-Evidence ohne Roh-Key-Ausgabe.", "Write-HMAC-Test-Fixture ist mit erwarteter Signatur, Idempotency-Key und Negative Tests dokumentiert.", "Alle sieben API-Gates sind erst nach Domain-Claim und Test-Key-Abnahme aktiv." ], "stop_conditions": [ "DB-User hat kein CREATE-Recht und kein Admin-DSN ist sicher gesetzt.", "Key-Hash, Pepper, Roh-Key oder Authorization-Header erscheint in Exporten.", "Write-HMAC oder Domain-Claim fehlen vor produktiver Key-Ausstellung." ] } ], "operator_activation_packet": [ { "id": "delivery_targets_and_approval", "label": "Produktive Betreiber-Zielsysteme freigeben", "status": "waiting_for_secure_inputs", "owner": "IT/Security", "current_blocker": "Externes Webhook/Slack/Teams-Ziel fehlt. SAFERPAGE_ALERT_DISPATCH_APPROVED ist nicht aktiv.", "phase_count": 5, "phases": [ { "id": "preflight", "label": "No-Secret-Preflight prüfen", "required_evidence": [ "https://saferpage.de/integrationen/delivery-credential-preflight-json", "https://saferpage.de/alarme/dispatch-runner-json", "https://saferpage.de/evidence/delivery-runtime-controls.json", "https://saferpage.de/evidence/alert-delivery-readiness-smoke.json" ], "exit_criterion": "Alle öffentlichen Preflights zeigen Status, Hashes und Referenznamen ohne Secret-Werte." }, { "id": "secure_configuration", "label": "Sichere Server-Konfiguration setzen", "required_env_refs": [ "SAFERPAGE_WEBHOOK_URL", "SAFERPAGE_WEBHOOK_SECRET", "SAFERPAGE_SLACK_WEBHOOK_URL", "SAFERPAGE_TEAMS_WEBHOOK_URL", "SAFERPAGE_ALERT_DISPATCH_APPROVED" ], "exit_criterion": "Env-Referenzen sind ausschließlich im Server-Environment oder Secret Manager gesetzt, nicht in Projektdateien oder Public-State." }, { "id": "dry_run", "label": "Dry-run/Smoke ausführen", "safe_commands": [ "scripts/run-alert-delivery-readiness-smoke.sh", "scripts/run-alert-dispatch-dry-run-smoke.sh" ], "exit_criterion": "Smokes laufen ohne Secret-Ausgabe; externe Zustellung, Feed-Abfrage oder Key-Ausgabe bleibt ohne explizites Go-live-Gate deaktiviert." }, { "id": "approval", "label": "Betreiberfreigabe dokumentieren", "approval_record_template": [ "approver_role", "approved_at", "scope", "preflight_urls", "smoke_result_refs", "rollback_owner" ], "exit_criterion": "Freigabe ist scope-begrenzt, rückholbar und mit Evidence-URLs dokumentiert." }, { "id": "post_go_live_verification", "label": "Nach Go-live erneut prüfen", "required_evidence": [ "https://saferpage.de/integrationen/delivery-credential-preflight-json", "https://saferpage.de/alarme/dispatch-runner-json", "https://saferpage.de/evidence/delivery-runtime-controls.json", "https://saferpage.de/evidence/alert-delivery-readiness-smoke.json" ], "exit_criterion": "Parity-Board, Preflight und Runner-State zeigen produktive Aktivierung ohne Leak von Secrets, Ziel-URLs, Empfängern oder Rohpayloads." } ], "safe_env_template": [ { "env_ref": "SAFERPAGE_WEBHOOK_URL", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false }, { "env_ref": "SAFERPAGE_WEBHOOK_SECRET", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false }, { "env_ref": "SAFERPAGE_SLACK_WEBHOOK_URL", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false }, { "env_ref": "SAFERPAGE_TEAMS_WEBHOOK_URL", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false }, { "env_ref": "SAFERPAGE_ALERT_DISPATCH_APPROVED", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false } ], "safe_commands": [ "scripts/run-alert-delivery-readiness-smoke.sh", "scripts/run-alert-dispatch-dry-run-smoke.sh" ], "preflight_urls": [ "https://saferpage.de/integrationen/delivery-credential-preflight-json", "https://saferpage.de/alarme/dispatch-runner-json", "https://saferpage.de/evidence/delivery-runtime-controls.json", "https://saferpage.de/evidence/alert-delivery-readiness-smoke.json" ], "acceptance_criteria": [ "Alert-Delivery-Readiness-Smoke zeigt failed_check_count=0, dry_run_sent_count=0 und runner_sent_count=0.", "Mindestens ein externes Ziel ist configured=true.", "SAFERPAGE_ALERT_DISPATCH_APPROVED ist erst nach Testempfänger-Dry-run aktiv.", "Dispatch-Runner zeigt keine Secret-Werte, Ziel-URLs oder Empfänger im Public-State.", "Ein Execute-ready-Test sendet nur an freigegebene Zielsysteme." ], "stop_conditions": [ "Unbekannte Ziel-URL oder Empfänger sichtbar im Public-State.", "HMAC-/Idempotency-Vertrag fehlt.", "Fehlerhafte Zustellung oder Retry-Schleife ohne Dead-Letter." ], "no_secret_policy": "Dieses Aktivierungspaket gibt nur Env-Referenzen, sichere Placeholder, Evidence-URLs und Kommandonamen aus; keine DSN, Passwörter, API-Keys, Tokens, Ziel-URLs, Empfänger, Rohpayloads oder Besucherlogs." }, { "id": "security_feed_credentials_and_storage", "label": "Security-Feeds produktiv aktivieren", "status": "waiting_for_secure_inputs", "owner": "IT/Security + Datenschutz", "current_blocker": "URLhaus/Safe-Browsing-Credentials fehlen. SAFERPAGE_SECURITY_FEED_STORAGE_APPROVED ist nicht aktiv.", "phase_count": 5, "phases": [ { "id": "preflight", "label": "No-Secret-Preflight prüfen", "required_evidence": [ "https://saferpage.de/sicherheit/feed-credential-preflight-json", "https://saferpage.de/sicherheit/feed-storage-readiness-json", "https://saferpage.de/evidence/security-feed-storage-preflight.json", "https://saferpage.de/evidence/security-feed-readiness-smoke.json", "https://saferpage.de/sicherheit/feed-launch-board-json", "https://saferpage.de/evidence/security-feed-runtime-controls.json" ], "exit_criterion": "Alle öffentlichen Preflights zeigen Status, Hashes und Referenznamen ohne Secret-Werte." }, { "id": "secure_configuration", "label": "Sichere Server-Konfiguration setzen", "required_env_refs": [ "SAFERPAGE_URLHAUS_AUTH_KEY", "SAFERPAGE_GOOGLE_SAFE_BROWSING_API_KEY", "SAFERPAGE_SECURITY_FEED_STORAGE_APPROVED", "SAFERPAGE_SECURITY_FEED_PREFLIGHT_APPROVED" ], "exit_criterion": "Env-Referenzen sind ausschließlich im Server-Environment oder Secret Manager gesetzt, nicht in Projektdateien oder Public-State." }, { "id": "dry_run", "label": "Dry-run/Smoke ausführen", "safe_commands": [ "scripts/run-security-feed-readiness-smoke.sh", "scripts/run-security-feed-storage-preflight.sh", "scripts/run-storage-migrations.sh", "scripts/run-security-feed-dry-run-smoke.sh" ], "exit_criterion": "Smokes laufen ohne Secret-Ausgabe; externe Zustellung, Feed-Abfrage oder Key-Ausgabe bleibt ohne explizites Go-live-Gate deaktiviert." }, { "id": "approval", "label": "Betreiberfreigabe dokumentieren", "approval_record_template": [ "approver_role", "approved_at", "scope", "preflight_urls", "smoke_result_refs", "rollback_owner" ], "exit_criterion": "Freigabe ist scope-begrenzt, rückholbar und mit Evidence-URLs dokumentiert." }, { "id": "post_go_live_verification", "label": "Nach Go-live erneut prüfen", "required_evidence": [ "https://saferpage.de/sicherheit/feed-credential-preflight-json", "https://saferpage.de/sicherheit/feed-storage-readiness-json", "https://saferpage.de/evidence/security-feed-storage-preflight.json", "https://saferpage.de/evidence/security-feed-readiness-smoke.json", "https://saferpage.de/sicherheit/feed-launch-board-json", "https://saferpage.de/evidence/security-feed-runtime-controls.json" ], "exit_criterion": "Parity-Board, Preflight und Runner-State zeigen produktive Aktivierung ohne Leak von Secrets, Ziel-URLs, Empfängern oder Rohpayloads." } ], "safe_env_template": [ { "env_ref": "SAFERPAGE_URLHAUS_AUTH_KEY", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false }, { "env_ref": "SAFERPAGE_GOOGLE_SAFE_BROWSING_API_KEY", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false }, { "env_ref": "SAFERPAGE_SECURITY_FEED_STORAGE_APPROVED", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false }, { "env_ref": "SAFERPAGE_SECURITY_FEED_PREFLIGHT_APPROVED", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false } ], "safe_commands": [ "scripts/run-security-feed-readiness-smoke.sh", "scripts/run-security-feed-storage-preflight.sh", "scripts/run-storage-migrations.sh", "scripts/run-security-feed-dry-run-smoke.sh" ], "preflight_urls": [ "https://saferpage.de/sicherheit/feed-credential-preflight-json", "https://saferpage.de/sicherheit/feed-storage-readiness-json", "https://saferpage.de/evidence/security-feed-storage-preflight.json", "https://saferpage.de/evidence/security-feed-readiness-smoke.json", "https://saferpage.de/sicherheit/feed-launch-board-json", "https://saferpage.de/evidence/security-feed-runtime-controls.json" ], "acceptance_criteria": [ "Security-Feed-Readiness-Smoke zeigt failed_check_count=0, dry_run_executed_count=0 und dry_run_stored_observation_count=0.", "Beide Feed-Credentials sind als present=true sichtbar, ohne Secret-Ausgabe.", "Storage-Readiness zeigt Tabellen, Migration und Retention-Gates bereit.", "Live-Probe erfolgt nur mit expliziter Preflight-Freigabe.", "Launch-Board zeigt keine externen Feed-Abfragen im Standardmodus." ], "stop_conditions": [ "Feed-Secret oder API-Key wird öffentlich ausgegeben.", "Storage-Freigabe fehlt oder Retention ist unklar.", "Externe Feed-Abfrage läuft ohne explizites Run-Gate." ], "no_secret_policy": "Dieses Aktivierungspaket gibt nur Env-Referenzen, sichere Placeholder, Evidence-URLs und Kommandonamen aus; keine DSN, Passwörter, API-Keys, Tokens, Ziel-URLs, Empfänger, Rohpayloads oder Besucherlogs." }, { "id": "operator_api_key_readiness", "label": "Operator-API-Key-Store und Gates freischalten", "status": "waiting_for_secure_inputs", "owner": "IT/Security", "current_blocker": "API-Access-Storage 0/2 Tabellen; produktive API-Key-Freigaben 0/7.", "phase_count": 5, "phases": [ { "id": "preflight", "label": "No-Secret-Preflight prüfen", "required_evidence": [ "https://saferpage.de/api-zugriff/key-readiness-json", "https://saferpage.de/api-zugriff/runtime-gate-probe-json", "https://saferpage.de/evidence/api-access-migration-preflight.json", "https://saferpage.de/evidence/api-key-readiness-smoke.json", "https://saferpage.de/evidence/api-runtime-controls.json" ], "exit_criterion": "Alle öffentlichen Preflights zeigen Status, Hashes und Referenznamen ohne Secret-Werte." }, { "id": "secure_configuration", "label": "Sichere Server-Konfiguration setzen", "required_env_refs": [ "SAFERPAGE_MIGRATION_DATABASE_URL", "SAFERPAGE_API_KEY_STORE_READY", "SAFERPAGE_API_SCOPE_ENFORCEMENT_READY", "SAFERPAGE_API_ACCESS_AUDIT_READY", "SAFERPAGE_API_RATE_LIMIT_READY", "SAFERPAGE_API_REVOCATION_READY", "SAFERPAGE_API_DOMAIN_CLAIM_READY", "SAFERPAGE_API_WRITE_HMAC_READY" ], "exit_criterion": "Env-Referenzen sind ausschließlich im Server-Environment oder Secret Manager gesetzt, nicht in Projektdateien oder Public-State." }, { "id": "dry_run", "label": "Dry-run/Smoke ausführen", "safe_commands": [ "scripts/run-api-key-readiness-smoke.sh", "scripts/run-api-access-migration-preflight.sh", "scripts/run-storage-migrations.sh", "scripts/run-api-runtime-deny-smoke.sh", "scripts/run-api-service-smoke.sh" ], "exit_criterion": "Smokes laufen ohne Secret-Ausgabe; externe Zustellung, Feed-Abfrage oder Key-Ausgabe bleibt ohne explizites Go-live-Gate deaktiviert." }, { "id": "approval", "label": "Betreiberfreigabe dokumentieren", "approval_record_template": [ "approver_role", "approved_at", "scope", "preflight_urls", "smoke_result_refs", "rollback_owner" ], "exit_criterion": "Freigabe ist scope-begrenzt, rückholbar und mit Evidence-URLs dokumentiert." }, { "id": "post_go_live_verification", "label": "Nach Go-live erneut prüfen", "required_evidence": [ "https://saferpage.de/api-zugriff/key-readiness-json", "https://saferpage.de/api-zugriff/runtime-gate-probe-json", "https://saferpage.de/evidence/api-access-migration-preflight.json", "https://saferpage.de/evidence/api-key-readiness-smoke.json", "https://saferpage.de/evidence/api-runtime-controls.json" ], "exit_criterion": "Parity-Board, Preflight und Runner-State zeigen produktive Aktivierung ohne Leak von Secrets, Ziel-URLs, Empfängern oder Rohpayloads." } ], "safe_env_template": [ { "env_ref": "SAFERPAGE_MIGRATION_DATABASE_URL", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false }, { "env_ref": "SAFERPAGE_API_KEY_STORE_READY", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false }, { "env_ref": "SAFERPAGE_API_SCOPE_ENFORCEMENT_READY", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false }, { "env_ref": "SAFERPAGE_API_ACCESS_AUDIT_READY", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false }, { "env_ref": "SAFERPAGE_API_RATE_LIMIT_READY", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false }, { "env_ref": "SAFERPAGE_API_REVOCATION_READY", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false }, { "env_ref": "SAFERPAGE_API_DOMAIN_CLAIM_READY", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false }, { "env_ref": "SAFERPAGE_API_WRITE_HMAC_READY", "value": "__SET_IN_SECRET_MANAGER_OR_SECURE_SERVER_ENV__", "public_export_allowed": false } ], "safe_commands": [ "scripts/run-api-key-readiness-smoke.sh", "scripts/run-api-access-migration-preflight.sh", "scripts/run-storage-migrations.sh", "scripts/run-api-runtime-deny-smoke.sh", "scripts/run-api-service-smoke.sh" ], "preflight_urls": [ "https://saferpage.de/api-zugriff/key-readiness-json", "https://saferpage.de/api-zugriff/runtime-gate-probe-json", "https://saferpage.de/evidence/api-access-migration-preflight.json", "https://saferpage.de/evidence/api-key-readiness-smoke.json", "https://saferpage.de/evidence/api-runtime-controls.json" ], "acceptance_criteria": [ "API-Key-Readiness-Smoke zeigt failed_check_count=0 und den Storage-Blocker explizit.", "api_keys und api_access_audit_log sind vorhanden.", "Migration wurde mit kurzlebigem Admin-DSN angewendet, ohne DSN oder Passwort zu loggen.", "Deny-Smokes erzeugen 401/403/429/Revocation-Evidence ohne Roh-Key-Ausgabe.", "Write-HMAC-Test-Fixture ist mit erwarteter Signatur, Idempotency-Key und Negative Tests dokumentiert.", "Alle sieben API-Gates sind erst nach Domain-Claim und Test-Key-Abnahme aktiv." ], "stop_conditions": [ "DB-User hat kein CREATE-Recht und kein Admin-DSN ist sicher gesetzt.", "Key-Hash, Pepper, Roh-Key oder Authorization-Header erscheint in Exporten.", "Write-HMAC oder Domain-Claim fehlen vor produktiver Key-Ausstellung." ], "no_secret_policy": "Dieses Aktivierungspaket gibt nur Env-Referenzen, sichere Placeholder, Evidence-URLs und Kommandonamen aus; keine DSN, Passwörter, API-Keys, Tokens, Ziel-URLs, Empfänger, Rohpayloads oder Besucherlogs." } ], "operator_approval_queue": [ { "id": "approval_delivery_targets_and_approval", "blocker_id": "delivery_targets_and_approval", "label": "Produktive Betreiber-Zielsysteme freigeben", "status": "waiting_for_operator_inputs", "owner": "IT/Security", "decision_required": "Sichere Inputs, Betreiberfreigabe und Smoke-Evidence nachreichen.", "current_blocker": "Externes Webhook/Slack/Teams-Ziel fehlt. SAFERPAGE_ALERT_DISPATCH_APPROVED ist nicht aktiv.", "evidence_required": { "preflight_urls": [ "https://saferpage.de/integrationen/delivery-credential-preflight-json", "https://saferpage.de/alarme/dispatch-runner-json", "https://saferpage.de/evidence/delivery-runtime-controls.json", "https://saferpage.de/evidence/alert-delivery-readiness-smoke.json" ], "safe_commands": [ "scripts/run-alert-delivery-readiness-smoke.sh", "scripts/run-alert-dispatch-dry-run-smoke.sh" ], "acceptance_criteria": [ "Alert-Delivery-Readiness-Smoke zeigt failed_check_count=0, dry_run_sent_count=0 und runner_sent_count=0.", "Mindestens ein externes Ziel ist configured=true.", "SAFERPAGE_ALERT_DISPATCH_APPROVED ist erst nach Testempfänger-Dry-run aktiv.", "Dispatch-Runner zeigt keine Secret-Werte, Ziel-URLs oder Empfänger im Public-State.", "Ein Execute-ready-Test sendet nur an freigegebene Zielsysteme." ], "stop_conditions": [ "Unbekannte Ziel-URL oder Empfänger sichtbar im Public-State.", "HMAC-/Idempotency-Vertrag fehlt.", "Fehlerhafte Zustellung oder Retry-Schleife ohne Dead-Letter." ] }, "signoff_record_template": { "approver_role": "IT/Security", "approved_at": "ISO-8601 timestamp", "scope": "delivery_targets_and_approval", "evidence_urls": [ "https://saferpage.de/integrationen/delivery-credential-preflight-json", "https://saferpage.de/alarme/dispatch-runner-json", "https://saferpage.de/evidence/delivery-runtime-controls.json", "https://saferpage.de/evidence/alert-delivery-readiness-smoke.json" ], "smoke_result_refs": [ "scripts/run-alert-delivery-readiness-smoke.sh", "scripts/run-alert-dispatch-dry-run-smoke.sh" ], "rollback_owner": "IT/Security", "expires_or_review_at": "ISO-8601 timestamp" }, "env_refs_to_set": [ "SAFERPAGE_WEBHOOK_URL", "SAFERPAGE_WEBHOOK_SECRET", "SAFERPAGE_SLACK_WEBHOOK_URL", "SAFERPAGE_TEAMS_WEBHOOK_URL", "SAFERPAGE_ALERT_DISPATCH_APPROVED" ], "public_export_policy": "Nur Referenznamen, Status, Hashes, Evidence-URLs, Kommandonamen und Abnahmekriterien oeffentlich zeigen; keine Secret-Werte, DSN, Ziel-URLs, Empfaenger, Roh-Keys, Authorization-Header oder Rohpayloads.", "next_action": "Fehlende Env-Refs sicher setzen, Preflights erneut oeffnen, Smoke-Test ausfuehren und Stop-Bedingungen ausschliessen.", "primary_url": "https://saferpage.de/integrationen/delivery-credential-preflight-json" }, { "id": "approval_security_feed_credentials_and_storage", "blocker_id": "security_feed_credentials_and_storage", "label": "Security-Feeds produktiv aktivieren", "status": "waiting_for_operator_inputs", "owner": "IT/Security + Datenschutz", "decision_required": "Sichere Inputs, Betreiberfreigabe und Smoke-Evidence nachreichen.", "current_blocker": "URLhaus/Safe-Browsing-Credentials fehlen. SAFERPAGE_SECURITY_FEED_STORAGE_APPROVED ist nicht aktiv.", "evidence_required": { "preflight_urls": [ "https://saferpage.de/sicherheit/feed-credential-preflight-json", "https://saferpage.de/sicherheit/feed-storage-readiness-json", "https://saferpage.de/evidence/security-feed-storage-preflight.json", "https://saferpage.de/evidence/security-feed-readiness-smoke.json", "https://saferpage.de/sicherheit/feed-launch-board-json", "https://saferpage.de/evidence/security-feed-runtime-controls.json" ], "safe_commands": [ "scripts/run-security-feed-readiness-smoke.sh", "scripts/run-security-feed-storage-preflight.sh", "scripts/run-storage-migrations.sh", "scripts/run-security-feed-dry-run-smoke.sh" ], "acceptance_criteria": [ "Security-Feed-Readiness-Smoke zeigt failed_check_count=0, dry_run_executed_count=0 und dry_run_stored_observation_count=0.", "Beide Feed-Credentials sind als present=true sichtbar, ohne Secret-Ausgabe.", "Storage-Readiness zeigt Tabellen, Migration und Retention-Gates bereit.", "Live-Probe erfolgt nur mit expliziter Preflight-Freigabe.", "Launch-Board zeigt keine externen Feed-Abfragen im Standardmodus." ], "stop_conditions": [ "Feed-Secret oder API-Key wird öffentlich ausgegeben.", "Storage-Freigabe fehlt oder Retention ist unklar.", "Externe Feed-Abfrage läuft ohne explizites Run-Gate." ] }, "signoff_record_template": { "approver_role": "IT/Security + Datenschutz", "approved_at": "ISO-8601 timestamp", "scope": "security_feed_credentials_and_storage", "evidence_urls": [ "https://saferpage.de/sicherheit/feed-credential-preflight-json", "https://saferpage.de/sicherheit/feed-storage-readiness-json", "https://saferpage.de/evidence/security-feed-storage-preflight.json", "https://saferpage.de/evidence/security-feed-readiness-smoke.json", "https://saferpage.de/sicherheit/feed-launch-board-json", "https://saferpage.de/evidence/security-feed-runtime-controls.json" ], "smoke_result_refs": [ "scripts/run-security-feed-readiness-smoke.sh", "scripts/run-security-feed-storage-preflight.sh", "scripts/run-storage-migrations.sh", "scripts/run-security-feed-dry-run-smoke.sh" ], "rollback_owner": "IT/Security + Datenschutz", "expires_or_review_at": "ISO-8601 timestamp" }, "env_refs_to_set": [ "SAFERPAGE_URLHAUS_AUTH_KEY", "SAFERPAGE_GOOGLE_SAFE_BROWSING_API_KEY", "SAFERPAGE_SECURITY_FEED_STORAGE_APPROVED", "SAFERPAGE_SECURITY_FEED_PREFLIGHT_APPROVED" ], "public_export_policy": "Nur Referenznamen, Status, Hashes, Evidence-URLs, Kommandonamen und Abnahmekriterien oeffentlich zeigen; keine Secret-Werte, DSN, Ziel-URLs, Empfaenger, Roh-Keys, Authorization-Header oder Rohpayloads.", "next_action": "Fehlende Env-Refs sicher setzen, Preflights erneut oeffnen, Smoke-Test ausfuehren und Stop-Bedingungen ausschliessen.", "primary_url": "https://saferpage.de/sicherheit/feed-credential-preflight-json" }, { "id": "approval_operator_api_key_readiness", "blocker_id": "operator_api_key_readiness", "label": "Operator-API-Key-Store und Gates freischalten", "status": "waiting_for_operator_inputs", "owner": "IT/Security", "decision_required": "Sichere Inputs, Betreiberfreigabe und Smoke-Evidence nachreichen.", "current_blocker": "API-Access-Storage 0/2 Tabellen; produktive API-Key-Freigaben 0/7.", "evidence_required": { "preflight_urls": [ "https://saferpage.de/api-zugriff/key-readiness-json", "https://saferpage.de/api-zugriff/runtime-gate-probe-json", "https://saferpage.de/evidence/api-access-migration-preflight.json", "https://saferpage.de/evidence/api-key-readiness-smoke.json", "https://saferpage.de/evidence/api-runtime-controls.json" ], "safe_commands": [ "scripts/run-api-key-readiness-smoke.sh", "scripts/run-api-access-migration-preflight.sh", "scripts/run-storage-migrations.sh", "scripts/run-api-runtime-deny-smoke.sh", "scripts/run-api-service-smoke.sh" ], "acceptance_criteria": [ "API-Key-Readiness-Smoke zeigt failed_check_count=0 und den Storage-Blocker explizit.", "api_keys und api_access_audit_log sind vorhanden.", "Migration wurde mit kurzlebigem Admin-DSN angewendet, ohne DSN oder Passwort zu loggen.", "Deny-Smokes erzeugen 401/403/429/Revocation-Evidence ohne Roh-Key-Ausgabe.", "Write-HMAC-Test-Fixture ist mit erwarteter Signatur, Idempotency-Key und Negative Tests dokumentiert.", "Alle sieben API-Gates sind erst nach Domain-Claim und Test-Key-Abnahme aktiv." ], "stop_conditions": [ "DB-User hat kein CREATE-Recht und kein Admin-DSN ist sicher gesetzt.", "Key-Hash, Pepper, Roh-Key oder Authorization-Header erscheint in Exporten.", "Write-HMAC oder Domain-Claim fehlen vor produktiver Key-Ausstellung." ] }, "signoff_record_template": { "approver_role": "IT/Security", "approved_at": "ISO-8601 timestamp", "scope": "operator_api_key_readiness", "evidence_urls": [ "https://saferpage.de/api-zugriff/key-readiness-json", "https://saferpage.de/api-zugriff/runtime-gate-probe-json", "https://saferpage.de/evidence/api-access-migration-preflight.json", "https://saferpage.de/evidence/api-key-readiness-smoke.json", "https://saferpage.de/evidence/api-runtime-controls.json" ], "smoke_result_refs": [ "scripts/run-api-key-readiness-smoke.sh", "scripts/run-api-access-migration-preflight.sh", "scripts/run-storage-migrations.sh", "scripts/run-api-runtime-deny-smoke.sh", "scripts/run-api-service-smoke.sh" ], "rollback_owner": "IT/Security", "expires_or_review_at": "ISO-8601 timestamp" }, "env_refs_to_set": [ "SAFERPAGE_MIGRATION_DATABASE_URL", "SAFERPAGE_API_KEY_STORE_READY", "SAFERPAGE_API_SCOPE_ENFORCEMENT_READY", "SAFERPAGE_API_ACCESS_AUDIT_READY", "SAFERPAGE_API_RATE_LIMIT_READY", "SAFERPAGE_API_REVOCATION_READY", "SAFERPAGE_API_DOMAIN_CLAIM_READY", "SAFERPAGE_API_WRITE_HMAC_READY" ], "public_export_policy": "Nur Referenznamen, Status, Hashes, Evidence-URLs, Kommandonamen und Abnahmekriterien oeffentlich zeigen; keine Secret-Werte, DSN, Ziel-URLs, Empfaenger, Roh-Keys, Authorization-Header oder Rohpayloads.", "next_action": "Fehlende Env-Refs sicher setzen, Preflights erneut oeffnen, Smoke-Test ausfuehren und Stop-Bedingungen ausschliessen.", "primary_url": "https://saferpage.de/api-zugriff/key-readiness-json" } ], "evidence_manifest": [ { "id": "competitive_matrix", "label": "Feature-Matrix", "url": "https://saferpage.de/vergleich/features-json", "schema": "competitive-feature-matrix.v1" }, { "id": "competitive_source_watch", "label": "Wettbewerbsquellen und Refresh-Watch", "url": "https://saferpage.de/vergleich/quellen-json", "schema": "competitive-source-watch.v1" }, { "id": "competitive_source_availability_smoke", "label": "Competitive Source Availability Smoke", "url": "https://saferpage.de/evidence/competitive-source-availability-smoke.json", "schema": "competitive-source-availability-smoke.v1" }, { "id": "competitive_action_plan", "label": "Wettbewerbs-Aktionsplan", "url": "https://saferpage.de/vergleich/aktionsplan-json", "schema": "competitive-action-plan.v1" }, { "id": "competitive_evidence_health", "label": "Competitive Evidence Health", "url": "https://saferpage.de/vergleich/evidence-health-json", "schema": "competitive-evidence-health.v1" }, { "id": "competitive_evidence_health_smoke", "label": "Competitive Evidence Health Smoke", "url": "https://saferpage.de/evidence/competitive-evidence-health-smoke.json", "schema": "competitive-evidence-health-smoke.v1" }, { "id": "dach_scanner_coverage", "label": "DACH-Scanner-Abdeckung", "url": "https://saferpage.de/vergleich/dach-abdeckung-json", "schema": "dach-scanner-coverage.v1" }, { "id": "competitor_benchmark_requirements", "label": "Verifizierte Benchmark-Anforderungen", "url": "https://saferpage.de/vergleich/features-json", "schema": "competitive-feature-matrix.v1" }, { "id": "evidence_hub", "label": "Öffentlicher Evidence-Hub", "url": "https://saferpage.de/evidence-hub-json", "schema": "evidence-hub.v1" }, { "id": "public_test_index", "label": "Öffentlicher A-Z-Testindex", "url": "https://saferpage.de/tests-json", "schema": "public-test-index.v1" }, { "id": "public_badge_index", "label": "Öffentlicher Badge-Index", "url": "https://saferpage.de/badges-json", "schema": "public-badge-index.v1" }, { "id": "trust_readiness_index", "label": "Öffentlicher Trust-Readiness-Index", "url": "https://saferpage.de/trust-readiness-json", "schema": "trust-readiness-index.v1" }, { "id": "trust_readiness_smoke", "label": "Trust Readiness Smoke", "url": "https://saferpage.de/evidence/trust-readiness-smoke.json", "schema": "trust-readiness-smoke.v1" }, { "id": "crawler_operations", "label": "Crawler Operations mit Preview-Coverage", "url": "https://saferpage.de/crawler/ops-json", "schema": "dach-crawler-operations.v1" }, { "id": "crawler_timer_runner", "label": "Crawler Timer Runner", "url": "https://saferpage.de/crawler/timer-runner-json", "schema": "dach-crawler-timer-runner.v1" }, { "id": "crawler_readiness_smoke", "label": "DACH Crawler Readiness Smoke", "url": "https://saferpage.de/evidence/crawler-readiness-smoke.json", "schema": "dach-crawler-readiness-smoke.v1" }, { "id": "delivery_preflight", "label": "Delivery Credential Preflight", "url": "https://saferpage.de/integrationen/delivery-credential-preflight-json", "schema": "operator-delivery-credential-preflight.v1" }, { "id": "delivery_approval_template", "label": "Delivery Approval Env Template", "url": "https://saferpage.de/integrationen/delivery-approval-template.env", "schema": "operator-delivery-activation-package.v1" }, { "id": "alert_delivery_readiness_smoke", "label": "Alert Delivery Readiness Smoke", "url": "https://saferpage.de/evidence/alert-delivery-readiness-smoke.json", "schema": "alert-delivery-readiness-smoke.v1" }, { "id": "blocker_resolution_runbook", "label": "Blocker-Runbook", "url": "https://saferpage.de/vergleich/parity-readiness-json", "schema": "dach-2026-parity-readiness.v1" }, { "id": "operator_activation_packet", "label": "Operator-Aktivierungspaket", "url": "https://saferpage.de/vergleich/parity-readiness-json", "schema": "dach-2026-parity-readiness.v1" }, { "id": "operator_approval_queue", "label": "Operator-Freigabequeue", "url": "https://saferpage.de/vergleich/parity-readiness-json", "schema": "dach-2026-parity-readiness.v1" }, { "id": "operator_go_live_command_center", "label": "Operator Go-live Command Center", "url": "https://saferpage.de/betreiber/go-live-json", "schema": "operator-go-live-command-center.v1" }, { "id": "delivery_runtime_controls", "label": "Delivery Runtime Controls", "url": "https://saferpage.de/evidence/delivery-runtime-controls.json", "schema": "delivery-runtime-controls.v1" }, { "id": "feed_preflight", "label": "Security Feed Credential Preflight", "url": "https://saferpage.de/sicherheit/feed-credential-preflight-json", "schema": "security-feed-credential-preflight.v1" }, { "id": "security_feed_activation_template", "label": "Security Feed Activation Env Template", "url": "https://saferpage.de/sicherheit/feed-activation-template.env", "schema": "security-feed-activation-package.v1" }, { "id": "security_feed_storage_preflight", "label": "Security Feed Storage Artefakt-Preflight", "url": "https://saferpage.de/evidence/security-feed-storage-preflight.json", "schema": "security-feed-storage-preflight.v1" }, { "id": "security_feed_readiness_smoke", "label": "Security Feed Readiness Smoke", "url": "https://saferpage.de/evidence/security-feed-readiness-smoke.json", "schema": "security-feed-readiness-smoke.v1" }, { "id": "feed_launch_board", "label": "Security Feed Launch Board", "url": "https://saferpage.de/sicherheit/feed-launch-board-json", "schema": "security-feed-launch-board.v1" }, { "id": "security_evidence_index", "label": "Öffentlicher Security-Evidence-Index", "url": "https://saferpage.de/security-evidence-json", "schema": "security-evidence-index.v1" }, { "id": "operator_readiness_index", "label": "Öffentlicher Operator-Readiness-Index", "url": "https://saferpage.de/operator-readiness-json", "schema": "operator-readiness-index.v1" }, { "id": "api_key_readiness", "label": "API Key Readiness", "url": "https://saferpage.de/api-zugriff/key-readiness-json", "schema": "operator-api-key-readiness.v1" }, { "id": "api_key_readiness_smoke", "label": "API Key Readiness Smoke", "url": "https://saferpage.de/evidence/api-key-readiness-smoke.json", "schema": "operator-api-key-readiness-smoke.v1" }, { "id": "api_access_migration_preflight", "label": "API Access Migration Artefakt-Preflight", "url": "https://saferpage.de/evidence/api-access-migration-preflight.json", "schema": "operator-api-access-migration-preflight.v1" }, { "id": "api_access_migration_sql", "label": "API Access Migration SQL", "url": "https://saferpage.de/api-zugriff/access-migration.sql", "schema": "operator-api-access-migration-preflight.v1" }, { "id": "api_runtime_gate_probe", "label": "API Runtime Gate Probe", "url": "https://saferpage.de/api-zugriff/runtime-gate-probe-json", "schema": "operator-api-runtime-gate-probe.v1" }, { "id": "agency_developer_deepscan", "label": "Agentur-/Developer-DeepScan", "url": "https://saferpage.de/agentur/anrufer.info/deepscan-json", "schema": "agency-developer-deepscan.v1" }, { "id": "report_pack", "label": "White-Label Report Pack", "url": "https://saferpage.de/report-pack/anrufer.info/export", "schema": "white-label-report-pack.v1" }, { "id": "fix_guides", "label": "Betreiber-Fix-Guides", "url": "https://saferpage.de/fix-guides/anrufer.info/export", "schema": "operator-fix-guide-package.v1" } ], "go_live_sequence": [ "Zuerst alle oeffentlichen Evidence-Pakete unveraendert pruefen: Matrix, Parity Board, Feed-/Delivery-Preflight, API-Key-Readiness.", "Blocker-Runbook im Parity-Board je Gate durcharbeiten und Abnahmekriterien dokumentieren.", "Produktive Zielsysteme in /etc/saferpage/alert-dispatch.env setzen und ohne Versand im Dry-run pruefen.", "Feed-Credentials und Storage-Freigabe erst nach Betreiber-, Retention- und Security-Freigabe setzen.", "API-Key-Gates erst mit Domain-Claim, Hash-Store, Scope-Middleware, Auditlog, Rate-Limit, Revocation und HMAC aktivieren; Write-HMAC-Test-Fixture vorher in Client/Receiver-Implementierungen verifizieren.", "Nach jeder Freigabe Live-Exports erneut pruefen und sicherstellen, dass keine Secrets, Ziel-URLs oder Empfaenger veroeffentlicht werden." ], "links": { "html": "https://saferpage.de/vergleich/parity-readiness", "json": "https://saferpage.de/vergleich/parity-readiness-json", "csv": "https://saferpage.de/vergleich/parity-readiness-csv", "markdown": "https://saferpage.de/vergleich/parity-readiness-md", "operator_go_live_command_center": "https://saferpage.de/betreiber/go-live-json", "comparison": "https://saferpage.de/vergleich/features-json", "competitive_sources": "https://saferpage.de/vergleich/quellen-json", "competitive_source_availability_smoke": "https://saferpage.de/evidence/competitive-source-availability-smoke.json", "feed_preflight": "https://saferpage.de/sicherheit/feed-credential-preflight-json", "security_feed_activation_template": "https://saferpage.de/sicherheit/feed-activation-template.env", "security_feed_storage_preflight": "https://saferpage.de/evidence/security-feed-storage-preflight.json", "delivery_preflight": "https://saferpage.de/integrationen/delivery-credential-preflight-json", "delivery_approval_template": "https://saferpage.de/integrationen/delivery-approval-template.env", "alert_delivery_readiness_smoke": "https://saferpage.de/evidence/alert-delivery-readiness-smoke.json", "crawler_readiness_smoke": "https://saferpage.de/evidence/crawler-readiness-smoke.json", "competitive_evidence_health": "https://saferpage.de/vergleich/evidence-health-json", "competitive_evidence_health_smoke": "https://saferpage.de/evidence/competitive-evidence-health-smoke.json", "trust_readiness_smoke": "https://saferpage.de/evidence/trust-readiness-smoke.json", "api_key_readiness": "https://saferpage.de/api-zugriff/key-readiness-json", "api_key_readiness_smoke": "https://saferpage.de/evidence/api-key-readiness-smoke.json", "api_access_migration_preflight": "https://saferpage.de/evidence/api-access-migration-preflight.json", "api_access_migration_sql": "https://saferpage.de/api-zugriff/access-migration.sql", "api_runtime_gate_probe": "https://saferpage.de/api-zugriff/runtime-gate-probe-json", "security_feed_readiness_smoke": "https://saferpage.de/evidence/security-feed-readiness-smoke.json" }, "disclaimer": "Dieses Board aggregiert oeffentliche Betriebs- und Readiness-Nachweise. Es erzeugt keine Credentials, fuehrt keine externen Feed-Abfragen aus und veroeffentlicht keine Secret-Werte, Ziel-URLs, Empfaenger oder Besucherlogs." }