Skip to main content

CMP (Consent Management Platform) — Docs Index

Last updated: 2025-11-20

This folder collects everything needed to run, operate, and extend DigiWedge’s CMP.

Read This First

  • STATUS: docs/cmp/STATUS.md — executive snapshot of what’s delivered, what’s next, and acceptance checks.

What’s New

  • v1+ delivered: US GPP (US‑National v2, CA, state sections VA/CO/CT/UT), TCF Core tcString (Publisher flag‑gated), receipts (hash‑chained + HMAC), exports with gppString/sections/tcfString, scanner enqueue→poll with diff artifacts, service tiles with SLO hints, and a consent/experiments analytics dashboard in the Portal.
  • React Banner variants (MB1/CC1/SP1/HB1/FS1/TS1) now push cmp_accept/cmp_reject to window.dataLayer before invoking callbacks; Storybook includes focused variant stories.
  • GA4 Consent Mode + Floodlight GTM containers added under templates/gtm/ with a quick import guide (see templates/gtm/README.md).
  • Datasets & Sync guide with AdGuard‑maintained defaults (WTM trackers/entities) and constant progress logging. See docs/cmp/datasets.md
  • Scanner Tool at /scanner-tool now calls a local Scan API. It auto‑selects a free port and supports GPC mode. Results include finalUrl and redirectChain for transparency across consent redirects.
  • Swagger unified under /api with working Try‑it‑out (no double /api). JSON at /api/docs-json.
  • Full details in the changelog: docs/cmp/CHANGELOG.md

Core Guides

  • Gateway & Routing: docs/cmp/cilium-gateway-setup.md — HTTPRoute configuration, cross-namespace references, path-based routing, deployment and troubleshooting.
  • Registry API: docs/cmp/registry.md — public/admin endpoints, security (CORS + rate limit), metrics. Business endpoints under /v1/* and /admin/*; Swagger under /api/docs.
  • Scan API: docs/cmp/scan-api.md — local Playwright scanner service with /health, /health/ready, and /scan; PSL‑aware third‑party detection, header & cookie analysis, finalUrl + redirectChain. Emits storage cookies and DB‑backed cookie classifications (pre/post) and flags pre‑consent violations.
  • Public Scanner: docs/cmp/public-scanner.md — public page at /scanner with health check, scan UX, and public history via /api/v1/scans.
  • Cookie Registry & Analytics: See registry.md (classify‑cookies endpoint, admin definitions/overrides) and portal.md (Cookies tab with review queue).
  • Datasets & Sync: docs/cmp/datasets.md — dataset sources (AdGuard exports + IAB GVL), how to run jobs, expected progress logs.
  • Portal: docs/cmp/portal.md — environment, features, and how it talks to the registry.
  • Consent SDKs: docs/cmp/consent.md — React + drop‑in usage, defaults, GPC, i18n.
  • Scanner: docs/cmp/scanner.md — pre/post consent diff, site‑aware classification, CI gate.

Flags (prod posture)

  • GPP_USNAT_VERSION=2
  • TCF_ENABLE=1 (TCF_PUB_ENABLE=1 where needed)
  • APPEND_AUTH_REQUIRED=1
  • RECEIPTS_ENABLE=1 and RECEIPTS_SIGNING_KEYS=[{ keyId, secret, active:true }]
  • SCANS_WORKER_ENABLE=1 (DB queue workers)
  • SCANS_USE_BULL=1 (BullMQ) + REDIS_URL + SCANS_BULL_CONCURRENCY/ATTEMPTS/BACKOFF_MS
  • GPP_US_STATES_ENABLE=1 (state sections; IDs in USSTATE_SECTION_IDS)

Verify quickly

  • tools/ci/verify.sh (lint —max-warnings=0, tests, builds)
  • If DB schema changed locally:
    • pnpm -w nx run cmp-registry-data:prisma:generate && pnpm -w nx run cmp-registry:prisma:migrate
  • If enabling BullMQ in an env: pnpm -w add bullmq ioredis (only where SCANS_USE_BULL=1)

Quick Actions

  • Run datasets now (Infisical):
infisical run --env=dev -- pnpm -w nx run cmp-registry:jobs:datasets --tui=false --skip-nx-cache
  • Stream logs directly (bypass Nx cache):
infisical run --env=dev -- node dist/apps/cmp/registry/src/jobs/datasets.js

Ops & Observability

  • Helm charts live under charts/cmp-*. Enable resources, HPA, PDB, NetworkPolicy per values.
  • Kubernetes manifests and Argo CD Applications under kubernetes/cmp/.
  • Gateway & Routing: Cilium Gateway API with HTTPRoute resources. See docs/cmp/cilium-gateway-setup.md for routing architecture and cross-namespace references.
  • Prometheus scraping: kubernetes/cmp/registry/servicemonitor.yaml
  • Alerts: kubernetes/cmp/alerts/cmp-alerts.prometheusrule.yaml
  • Grafana dashboard: grafana/dashboards/cmp-overview.json

Manual Checks (hosted workflows disabled)

  • A11y: run the CMP React SDK a11y harness locally
  • Scanner gate: run cmp-scanner manually (see docs/cmp/scanner.md)

Operator Checklist

See docs/cmp/OPERATOR_CHECKLIST.md for a step‑by‑step to deploy and harden the stack (OIDC, secrets, Helm values, NetworkPolicy egress restrict, alerts, dashboards, CI secrets).