feat: Package 4 Rechtliche Texte — DB-Persistenz fuer Legal Documents, Einwilligungen und Cookie Banner

- Migration 007: compliance_legal_documents, _versions, _approvals (Approval-Workflow)
- Migration 008: compliance_einwilligungen_catalog, _company, _cookies, _consents
- Backend: legal_document_routes.py (11 Endpoints + draft→review→approved→published Workflow)
- Backend: einwilligungen_routes.py (10 Endpoints inkl. Stats, Pagination, Revoke)
- Frontend: /api/admin/consent/[[...path]] Catch-All-Proxy fuer Legal Documents
- Frontend: catalog/consent/cookie-banner routes von In-Memory auf DB-Proxy umgestellt
- Frontend: einwilligungen/page.tsx + cookie-banner/page.tsx laden jetzt via API (kein Mock)
- Tests: 44/44 pass (test_legal_document_routes.py + test_einwilligungen_routes.py)
- Deploy-Scripts: apply_legal_docs_migration.sh + apply_einwilligungen_migration.sh

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend-compliance/migrations/007_legal_documents.sql

@@ -0,0 +1,51 @@
+-- =========================================================
+-- Migration 007: Legal Documents — Rechtliche Texte mit Versionierung
+-- Consent/Vorlagen, Dokumentengenerator, Workflow
+-- =========================================================
+
+-- compliance_legal_documents: Rechtsdokument-Typen (DSE, AGB, Cookie etc.)
+CREATE TABLE IF NOT EXISTS compliance_legal_documents (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id VARCHAR(100),
+    type VARCHAR(50) NOT NULL,       -- privacy_policy | terms | cookie_policy | imprint | dpa
+    name VARCHAR(300) NOT NULL,
+    description TEXT,
+    mandatory BOOLEAN DEFAULT FALSE,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- compliance_legal_document_versions: Versionierung mit Approval-Workflow
+CREATE TABLE IF NOT EXISTS compliance_legal_document_versions (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    document_id UUID NOT NULL REFERENCES compliance_legal_documents(id) ON DELETE CASCADE,
+    version VARCHAR(20) NOT NULL,
+    language VARCHAR(10) DEFAULT 'de',
+    title VARCHAR(300) NOT NULL,
+    content TEXT NOT NULL,
+    summary TEXT,
+    status VARCHAR(20) DEFAULT 'draft', -- draft|review|approved|published|archived|rejected
+    created_by VARCHAR(200),
+    approved_by VARCHAR(200),
+    approved_at TIMESTAMPTZ,
+    rejection_reason TEXT,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- compliance_legal_document_approvals: Audit-Trail fuer Freigaben
+CREATE TABLE IF NOT EXISTS compliance_legal_document_approvals (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    version_id UUID NOT NULL REFERENCES compliance_legal_document_versions(id) ON DELETE CASCADE,
+    action VARCHAR(50) NOT NULL,     -- submitted|approved|rejected|published|archived
+    approver VARCHAR(200),
+    comment TEXT,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+-- Indizes
+CREATE INDEX IF NOT EXISTS idx_legal_docs_tenant ON compliance_legal_documents(tenant_id);
+CREATE INDEX IF NOT EXISTS idx_legal_docs_type ON compliance_legal_documents(type);
+CREATE INDEX IF NOT EXISTS idx_legal_doc_versions_doc ON compliance_legal_document_versions(document_id);
+CREATE INDEX IF NOT EXISTS idx_legal_doc_versions_status ON compliance_legal_document_versions(status);
+CREATE INDEX IF NOT EXISTS idx_legal_doc_approvals_version ON compliance_legal_document_approvals(version_id);

backend-compliance/migrations/008_einwilligungen.sql

@@ -0,0 +1,51 @@
+-- =========================================================
+-- Migration 008: Einwilligungen — Consent-Tracking & Cookie-Banner
+-- =========================================================
+
+-- Tenant-Katalog: Welche Datenpunkte sind aktiv?
+CREATE TABLE IF NOT EXISTS compliance_einwilligungen_catalog (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id VARCHAR(100) NOT NULL UNIQUE,
+    selected_data_point_ids JSONB DEFAULT '[]',
+    custom_data_points JSONB DEFAULT '[]',
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- Firmeninformationen fuer DSI-Generierung
+CREATE TABLE IF NOT EXISTS compliance_einwilligungen_company (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id VARCHAR(100) NOT NULL UNIQUE,
+    data JSONB NOT NULL DEFAULT '{}',
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- Cookie-Banner-Konfiguration (persistiert)
+CREATE TABLE IF NOT EXISTS compliance_einwilligungen_cookies (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id VARCHAR(100) NOT NULL UNIQUE,
+    categories JSONB DEFAULT '[]',
+    config JSONB DEFAULT '{}',
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- Consent-Aufzeichnungen (Endnutzer-Einwilligungen)
+CREATE TABLE IF NOT EXISTS compliance_einwilligungen_consents (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id VARCHAR(100) NOT NULL,
+    user_id VARCHAR(200) NOT NULL,
+    data_point_id VARCHAR(100) NOT NULL,
+    granted BOOLEAN NOT NULL DEFAULT TRUE,
+    granted_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    revoked_at TIMESTAMPTZ,
+    ip_address VARCHAR(45),
+    user_agent TEXT,
+    consent_version VARCHAR(20) DEFAULT '1.0',
+    source VARCHAR(100),
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_einw_consents_tenant ON compliance_einwilligungen_consents(tenant_id);
+CREATE INDEX IF NOT EXISTS idx_einw_consents_user ON compliance_einwilligungen_consents(tenant_id, user_id);
+CREATE INDEX IF NOT EXISTS idx_einw_consents_dpid ON compliance_einwilligungen_consents(data_point_id);
+CREATE INDEX IF NOT EXISTS idx_einw_catalog_tenant ON compliance_einwilligungen_catalog(tenant_id);
+CREATE INDEX IF NOT EXISTS idx_einw_cookies_tenant ON compliance_einwilligungen_cookies(tenant_id);