feat: initial public release

ConsentOS — a privacy-first cookie consent management platform.

Self-hosted, source-available alternative to OneTrust, Cookiebot, and
CookieYes. Full standards coverage (IAB TCF v2.2, GPP v1, Google
Consent Mode v2, GPC, Shopify Customer Privacy API), multi-tenant
architecture with role-based access, configuration cascade
(system → org → group → site → region), dark-pattern detection in
the scanner, and a tamper-evident consent record audit trail.

This is the initial public release. Prior development history is
retained internally.

See README.md for the feature list, architecture overview, and
quick-start instructions. Licensed under the Elastic Licence 2.0 —
self-host freely; do not resell as a managed service.

apps/api/tests/test_health.py

@@ -0,0 +1,31 @@
+import pytest
+
+
+@pytest.mark.asyncio
+async def test_health_endpoint(client):
+    response = await client.get("/health")
+    assert response.status_code == 200
+    data = response.json()
+    assert data["status"] == "ok"
+    assert data["edition"] in ("ce", "ee")
+
+
+@pytest.mark.asyncio
+async def test_openapi_schema(client):
+    response = await client.get("/openapi.json")
+    assert response.status_code == 200
+    schema = response.json()
+    assert schema["info"]["title"] == "ConsentOS API"
+    assert schema["info"]["version"] == "0.1.0"
+
+
+@pytest.mark.asyncio
+async def test_api_routes_registered(client):
+    response = await client.get("/openapi.json")
+    paths = response.json()["paths"]
+    assert "/health" in paths
+    assert "/api/v1/auth/login" in paths
+    assert "/api/v1/config/sites/{site_id}" in paths
+    assert "/api/v1/consent/" in paths
+    assert "/api/v1/scanner/scans" in paths
+    assert "/api/v1/compliance/check/{site_id}" in paths