feat(sdk): VVT master libraries, process templates, Loeschfristen profiling + document

VVT: Master library tables (7 catalogs), 500+ seed entries, process templates with instantiation, library API endpoints + 18 tests. Loeschfristen: Baseline catalog, compliance checks, profiling engine, HTML document generator, MkDocs documentation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-19 11:56:25 +01:00
parent f2819b99af
commit 2a70441eaa
20 changed files with 6621 additions and 9 deletions
--- a/backend-compliance/compliance/db/vvt_library_models.py
+++ b/backend-compliance/compliance/db/vvt_library_models.py
@@ -0,0 +1,164 @@
+"""
+SQLAlchemy models for VVT Master Libraries + Process Templates.
+
+Tables (global, no tenant_id):
+- vvt_lib_data_subjects
+- vvt_lib_data_categories (hierarchical, self-referencing)
+- vvt_lib_recipients
+- vvt_lib_legal_bases
+- vvt_lib_retention_rules
+- vvt_lib_transfer_mechanisms
+- vvt_lib_purposes
+- vvt_lib_toms
+
+Tenant-scoped:
+- vvt_process_templates (system + tenant-specific)
+"""
+
+from datetime import datetime
+
+from sqlalchemy import (
+    Column, String, Text, Boolean, Integer, DateTime, JSON, Index,
+    ForeignKey,
+)
+from sqlalchemy.dialects.postgresql import UUID
+
+from classroom_engine.database import Base
+
+
+class VVTLibDataSubjectDB(Base):
+    __tablename__ = 'vvt_lib_data_subjects'
+
+    id = Column(String(50), primary_key=True)
+    label_de = Column(String(200), nullable=False)
+    description_de = Column(Text)
+    art9_relevant = Column(Boolean, default=False)
+    typical_for = Column(JSON, default=list)
+    sort_order = Column(Integer, default=0)
+    created_at = Column(DateTime(timezone=True), default=datetime.utcnow)
+
+
+class VVTLibDataCategoryDB(Base):
+    __tablename__ = 'vvt_lib_data_categories'
+
+    id = Column(String(50), primary_key=True)
+    parent_id = Column(String(50), ForeignKey('vvt_lib_data_categories.id', ondelete='SET NULL'), nullable=True)
+    label_de = Column(String(200), nullable=False)
+    description_de = Column(Text)
+    is_art9 = Column(Boolean, default=False)
+    is_art10 = Column(Boolean, default=False)
+    risk_weight = Column(Integer, default=1)
+    default_retention_rule = Column(String(50))
+    default_legal_basis = Column(String(50))
+    sort_order = Column(Integer, default=0)
+    created_at = Column(DateTime(timezone=True), default=datetime.utcnow)
+
+
+class VVTLibRecipientDB(Base):
+    __tablename__ = 'vvt_lib_recipients'
+
+    id = Column(String(50), primary_key=True)
+    type = Column(String(20), nullable=False)
+    label_de = Column(String(200), nullable=False)
+    description_de = Column(Text)
+    is_third_country = Column(Boolean, default=False)
+    country = Column(String(5))
+    sort_order = Column(Integer, default=0)
+    created_at = Column(DateTime(timezone=True), default=datetime.utcnow)
+
+
+class VVTLibLegalBasisDB(Base):
+    __tablename__ = 'vvt_lib_legal_bases'
+
+    id = Column(String(50), primary_key=True)
+    article = Column(String(50), nullable=False)
+    type = Column(String(30), nullable=False)
+    label_de = Column(String(300), nullable=False)
+    description_de = Column(Text)
+    is_art9 = Column(Boolean, default=False)
+    typical_national_law = Column(String(100))
+    sort_order = Column(Integer, default=0)
+    created_at = Column(DateTime(timezone=True), default=datetime.utcnow)
+
+
+class VVTLibRetentionRuleDB(Base):
+    __tablename__ = 'vvt_lib_retention_rules'
+
+    id = Column(String(50), primary_key=True)
+    label_de = Column(String(300), nullable=False)
+    description_de = Column(Text)
+    legal_basis = Column(String(200))
+    duration = Column(Integer, nullable=False)
+    duration_unit = Column(String(10), nullable=False)
+    start_event = Column(String(200))
+    deletion_procedure = Column(String(500))
+    sort_order = Column(Integer, default=0)
+    created_at = Column(DateTime(timezone=True), default=datetime.utcnow)
+
+
+class VVTLibTransferMechanismDB(Base):
+    __tablename__ = 'vvt_lib_transfer_mechanisms'
+
+    id = Column(String(50), primary_key=True)
+    label_de = Column(String(300), nullable=False)
+    description_de = Column(Text)
+    article = Column(String(50))
+    requires_tia = Column(Boolean, default=False)
+    sort_order = Column(Integer, default=0)
+    created_at = Column(DateTime(timezone=True), default=datetime.utcnow)
+
+
+class VVTLibPurposeDB(Base):
+    __tablename__ = 'vvt_lib_purposes'
+
+    id = Column(String(50), primary_key=True)
+    label_de = Column(String(300), nullable=False)
+    description_de = Column(Text)
+    typical_legal_basis = Column(String(50))
+    typical_for = Column(JSON, default=list)
+    sort_order = Column(Integer, default=0)
+    created_at = Column(DateTime(timezone=True), default=datetime.utcnow)
+
+
+class VVTLibTomDB(Base):
+    __tablename__ = 'vvt_lib_toms'
+
+    id = Column(String(50), primary_key=True)
+    category = Column(String(30), nullable=False)
+    label_de = Column(String(300), nullable=False)
+    description_de = Column(Text)
+    art32_reference = Column(String(100))
+    sort_order = Column(Integer, default=0)
+    created_at = Column(DateTime(timezone=True), default=datetime.utcnow)
+
+
+class VVTProcessTemplateDB(Base):
+    __tablename__ = 'vvt_process_templates'
+
+    id = Column(String(80), primary_key=True)
+    name = Column(String(300), nullable=False)
+    description = Column(Text)
+    business_function = Column(String(50))
+    purpose_refs = Column(JSON, default=list)
+    legal_basis_refs = Column(JSON, default=list)
+    data_subject_refs = Column(JSON, default=list)
+    data_category_refs = Column(JSON, default=list)
+    recipient_refs = Column(JSON, default=list)
+    tom_refs = Column(JSON, default=list)
+    transfer_mechanism_refs = Column(JSON, default=list)
+    retention_rule_ref = Column(String(50))
+    typical_systems = Column(JSON, default=list)
+    protection_level = Column(String(10), default='MEDIUM')
+    dpia_required = Column(Boolean, default=False)
+    risk_score = Column(Integer)
+    tags = Column(JSON, default=list)
+    is_system = Column(Boolean, default=True)
+    tenant_id = Column(UUID(as_uuid=True), nullable=True)
+    sort_order = Column(Integer, default=0)
+    created_at = Column(DateTime(timezone=True), default=datetime.utcnow)
+    updated_at = Column(DateTime(timezone=True), default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    __table_args__ = (
+        Index('idx_vvt_process_templates_bf', 'business_function'),
+        Index('idx_vvt_process_templates_system', 'is_system'),
+    )