CMP Implementation Status — September 2025

✅ Delivered

Core & SDKs

Headless consent engine (cmp-consent-core) with storage, tag deferral, observable updates.
React SDK (cmp-consent-react) with Banner/Dialog/Settings link, A11y (focus trap, roles, Escape), i18n strings via ConsentProvider {strings}.
- Banner variants emit cmp_accept / cmp_reject on window.dataLayer before invoking callbacks.
Vanilla drop-in (dw-cmp-dropin) with remote config, A11y, GPC detection + default-deny, and i18n (title/desc/buttons/policy link).
GTM Consent Mode v2 default-deny; adapters for GA4 + Meta Pixel.
B1 subdomains per language (e.g., en.*, ar.*), with shared consent across subdomains via cookieDomain=.yourdomain (SDK) / data-cookie-domain (drop‑in).
Arabic RTL: Banner/Dialog switch to RTL automatically when ui.strings.locale starts with ar.

Registry & Portal

cmp-registry (Nest): GET /v1/config (ETag/Cache-Control), POST /v1/consent, rate limiting, CORS-by-site (multi-domain) for consent/admin, OIDC guard (JWKS + optional HS256) for admin and append (APPEND_AUTH_REQUIRED=1, exp required). Global API base /api; Swagger at /api/docs (Try‑it‑out uses relative /api). Global ValidationPipe.
Classifier API with datasets (AdGuard exports of WhoTracks.me + overrides), site/global overrides, CSV export/import, pagination.
Consent analytics CSV/JSON/JSONL export, date‑range filters, and portal UI.
Metrics /metrics: 429s, config/consent decisions, dataset freshness (per‑source timestamps), GPC counter.
cmp-portal (React): IDP login via shared hooks (@digiwedge/hooks-auth-web); nested AppShell; debounced header Site Select; route progress + 403/404/500 UX. Sites (snippet+SRI, rotate key, verify cmds, manage overrides, manage allowed origins) with “Create Site” drawer + optimistic selection. Config list with upsert (create/edit/delete) drawer and optimistic updates; editor at /config/edit for advanced use. Analytics tabs (Overview/Cookies/Vendors/Artifacts/Audit) and a dashboard at /analytics (consent funnel + experiment bars with CSV export); Diagnostics adds consent mode checklist, latest events, receipts verify, service tiles, and IDP/Access-Control status including latency badges. Exports (CSV/JSON/JSONL streaming) and Artifacts list with URL-backed search/pagination.

Datasets & Scanner

Nightly dataset ingests (CronJob) + consent retention job; dataset freshness metrics/alerts.
Dataset defaults updated to AdGuard companiesdb exports (dist/whotracksme.json, dist/companies.json); WhoTracks.me raw endpoints deprecated; graceful fallback; constant progress logging for WTM/AdGuard/IAB phases.
Docs include Datasets & Sync guide, K8s Secret example, and troubleshooting.
Playwright scanner: pre/post‑consent diff, site‑aware, --gpc=1 mode; classification of new hosts via registry. Docs “Scanner Tool” with local scan API support (auto‑select port if busy). CI gate for baseline + GPC.

Ops & Observability

Helm charts for registry/portal/jobs with resources, HPA, PDB, NetworkPolicy, anti-affinity.
Argo CD Applications (+ image-updater), ServiceMonitor, PrometheusRule alerts, Grafana dashboard.
HTTP latency histogram and Grafana p95/p99 panels for /v1/config, with optional p95 alert.
In-cluster CDN for the drop‑in (e.g., cmp-cdn.uat.digiwedge.com/cmp/dw-cmp.min.js).

User-facing

Locale routing: store ui.strings.locale; future toggle or detect Accept-Language (non-blocking).

Compliance & UX

Policy details table generator: list categories + example cookies (no PII) if available.
Cookie-name registry (longer‑term): grow from scanner telemetry; show common cookie names and purposes.

Performance & Security

HPA tuning and request/limit calibration after prod traffic baselines.
NetworkPolicy egress tightening (restricted=true) once DB/DNS/IPs are pinned per env.
IDP hardening: log auth failures with structured logs + clock skew window; verify all error paths are scrubbed.

CI & QA

Strengthen a11y checks to render component tree under the same React runtime used in apps (currently DOM‑based axe test passes).

Interoperability (optional)

TCF 2.2 Core implemented behind a flag: __tcfapi returns Core TCData and a dev‑only Core string in diagnostics. Publisher segment and full TCString wiring optional next.

NetworkPolicy egress restrict (prod)
- Set networkPolicy.egress.restricted=true with allowed DB/DNS/egress CIDRs for registry.
- Acceptance: smoke tests pass; probe from default ns fails; from allowed nets succeed.
Dataset stability (mirror + pin)
- Mirror AdGuard sources to an internal CDN nightly; optionally pin IAB GVL versions for reproducibility.
- Acceptance: jobs succeed with internal URLs; metrics show fresh timestamps; classifier returns expected categories for known trackers.
Scanner hardening (optional service)
- Promote local scan API to a managed service or serverless for remote scans; tighten CORS to docs origin.
- Acceptance: docs “Scanner Tool” runs scans without a local process; CORS restricted to docs host.

Swagger: /api/docs loads; Try‑it‑out targets /api/* (no double /api).
Health: /api/health/ready shows env=db up with parsed DB host/port; /api/health/config reports no missing critical envs.
Datasets: after a run, Prometheus shows cmp_dataset_fetch_success_total{source="adguard|iab_gvl"} > 0 and timestamps updated; known tracker domains (e.g., www.googletagmanager.com) classify non‑uncategorized.
GPC default‑deny: scanner --gpc=1 pre‑consent has 0 non‑essential; event records gpc=true.
CORS‑by‑site: incorrect Origin to /v1/consent → 403; portal Origin to /admin/* → 200 (auth permitting).
429s: exceeding limit on /v1/config → 429 + metrics.
Export: CSV/JSON/JSONL download succeeds with selected date range & filters.
i18n strings: editing in portal, publish, refresh — strings persist; drop‑in and React app use localized copy.
Policy Block: copy/paste HTML renders on test page; policy link correct.