fix(agents): Impressum+Cookie delegieren MC-Laden ans Main Tool — Scope-Filter + Maßnahmen

Regression: Der v3-Agent-Pfad baute eine parallele MC-Pipeline
(_load_impressum_mcs / _load_cookie_mcs, Roh-SELECT) und lief damit an
allen Schutzmechanismen der Engine vorbei → GOV/Branchen-MCs als HIGH bei
OEM/Zulieferer, fremde MCs (Bestellbestätigung), und action=check_question
(Fragen statt Maßnahmen im Frontend).

- Agent delegiert MC-Laden an rag_document_checker._load_controls
  (P72-Scope, check_type='text', fits_doc_type/scope_requires).
- Subtraktives Sektor-Gate (SECTOR_PREFIXES) + Themen-Gate am Agent-Rand.
- action = konkrete Maßnahme (Imperativ) statt check_question.
- rag_document_checker: from __future__ import annotations (3.9-Import).
- mcs: Name-Pattern erkennt "Aktiengesellschaft" (OEM-Impressums).
- Tote GT-/Semantic-/Routes-Tests wiederbelebt (v3-Mismatch +
  agent.cascade-Patch-Target). Alle 72 Specialist-Tests grün.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

backend-compliance/tests/test_impressum_v3.py

@@ -15,10 +15,17 @@ from compliance.services.specialist_agents import (
     ImpressumAgent,
     Severity,
 )
+from compliance.services.specialist_agents.impressum.agent import (
+    _build_measure,
+)
 from compliance.services.specialist_agents.impressum.regex_boost import (
     BOOST_KEYWORDS,
     boost_matches_db_mc,
     compute_regex_boosts,
+    criteria_on_topic,
+)
+from compliance.services.specialist_agents.impressum.v3_engine import (
+    _filter_controls,
 )
 
 
@@ -187,3 +194,152 @@ def test_short_text_skipped():
 def test_agent_version_is_three():
     agent = ImpressumAgent()
     assert agent.agent_version == "3.0"
+
+
+# ── Themen-Gate: criteria_on_topic ──────────────────────────────────
+
+
+def test_criteria_on_topic_keeps_genuine_telefon():
+    assert criteria_on_topic([
+        "Telefonnummer angeben",
+        "Erreichbar per Telefon",
+    ]) is True
+
+
+def test_criteria_on_topic_keeps_genuine_address():
+    assert criteria_on_topic([
+        "Vollständige Postadresse (Straße, Hausnummer, PLZ, Ort)",
+    ]) is True
+
+
+def test_criteria_on_topic_drops_bestellbestaetigung():
+    # Fremd-MC: kein Impressum-Themenüberlapp → raus.
+    assert criteria_on_topic([
+        "Bestellbestätigung wird nach Vertragsschluss versendet",
+        "Bestelleingang wird dokumentiert",
+    ]) is False
+
+
+def test_criteria_on_topic_single_incidental_hit_dropped():
+    # 'E-Mail' allein (1 Treffer) reicht nicht — braucht >=2.
+    assert criteria_on_topic([
+        "Bestellbestätigung wird per E-Mail versendet",
+    ]) is False
+
+
+def test_criteria_on_topic_drops_behoerdliche_anzeige():
+    assert criteria_on_topic([
+        "Behördliche Anzeige der Tätigkeit erfolgt",
+        "Gewerbeanmeldung liegt vor",
+    ]) is False
+
+
+def test_criteria_on_topic_empty_kept():
+    # Keine Kriterien = kein Signal → konservativ behalten.
+    assert criteria_on_topic([]) is True
+
+
+# ── Scope-Filter: _filter_controls ──────────────────────────────────
+
+
+def _mc(control_id, pass_criteria):
+    return {"control_id": control_id, "pass_criteria": pass_criteria,
+            "fail_criteria": []}
+
+
+def test_filter_controls_drops_gov_when_out_of_scope():
+    controls = [_mc("GOV-814-A03", ["Behörde meldet an Aufsichtsstelle"])]
+    kept, stats = _filter_controls(controls, business_scope=set())
+    assert kept == []
+    assert stats["sector_dropped"] == 1
+
+
+def test_filter_controls_keeps_gov_when_in_scope():
+    controls = [_mc("GOV-814-A03",
+                    ["Aufsichtsbehörde und Behörde benannt"])]
+    kept, stats = _filter_controls(controls,
+                                   business_scope={"government"})
+    assert len(kept) == 1
+    assert stats["sector_dropped"] == 0
+
+
+def test_filter_controls_keeps_genuine_impressum_mc():
+    controls = [_mc("AUTH-1954-A07",
+                    ["Vollständige Postadresse mit Straße und PLZ"])]
+    kept, stats = _filter_controls(controls, business_scope=set())
+    assert len(kept) == 1
+    assert stats["sector_dropped"] == 0
+    assert stats["offtopic_dropped"] == 0
+
+
+def test_filter_controls_drops_offtopic_non_sector_mc():
+    controls = [_mc("ECOM-1-A1",
+                    ["Bestellbestätigung nach Vertragsschluss versenden"])]
+    kept, stats = _filter_controls(controls, business_scope=set())
+    assert kept == []
+    assert stats["offtopic_dropped"] == 1
+
+
+# ── Maßnahme statt Frage: _build_measure ────────────────────────────
+
+
+def test_build_measure_is_imperative_not_question():
+    m = _build_measure("USt-IdNr", "§ 5 Abs. 1 Nr. 6 TMG")
+    assert "?" not in m
+    assert "ergänzen" in m.lower()
+    assert "Rechtsgrundlage" in m
+
+
+def test_build_measure_handles_empty_label():
+    m = _build_measure("", "")
+    assert "?" not in m
+    assert m.strip() != ""
+
+
+# ── Delegation an Main-Tool-Engine + Filter (Integration) ───────────
+
+
+def test_run_v3_pipeline_delegates_and_filters(monkeypatch):
+    """run_v3_pipeline lädt über die Main-Tool-Engine (_load_controls
+    gemockt), normalisiert JSONB-Strings und das Sektor-/Themen-Gate
+    entfernt GOV (out-of-scope) + fremde MCs. Genuine MC bleibt."""
+    from compliance.services.specialist_agents.impressum import v3_engine
+
+    async def _fake_load(doc_type, db_url, limit, business_scope=None):
+        # pass_criteria absichtlich als JSON-STRING (wie asyncpg JSONB)
+        return [
+            {"control_id": "AUTH-1954-A07", "title": "USt-IdNr",
+             "regulation": "TMG", "article": "§ 5", "severity": "HIGH",
+             "check_question": "Ist die USt-IdNr angegeben?",
+             "pass_criteria": '["USt-IdNr"]',
+             "fail_criteria": "[]"},
+            {"control_id": "GOV-814-A03", "title": "Behördliche Anzeige",
+             "regulation": "X", "article": "", "severity": "HIGH",
+             "check_question": "Behörde informiert?",
+             "pass_criteria": '["Aufsichtsbehörde und Behörde benannt"]',
+             "fail_criteria": "[]"},
+            {"control_id": "ECOM-1-A1", "title": "Bestellbestätigung",
+             "regulation": "X", "article": "", "severity": "HIGH",
+             "check_question": "Bestellbestätigung versandt?",
+             "pass_criteria":
+                 '["Bestellbestätigung nach Vertragsschluss versenden"]',
+             "fail_criteria": "[]"},
+        ]
+    monkeypatch.setattr(
+        "compliance.services.rag_document_checker._load_controls",
+        _fake_load,
+    )
+    # AUTH-MC matched per Keyword → kein Layer-2-Embedding nötig; kein
+    # mc_embedding_matcher-Mock erforderlich.
+
+    text = ("Beispiel GmbH\nMusterstr. 1\n12345 Berlin\n"
+            "USt-IdNr: DE123456789\n") * 5  # >100 Zeichen
+    results, telem = _run(
+        v3_engine.run_v3_pipeline(text, business_scope=set()),
+    )
+    cids = {r["control_id"] for r in results}
+    assert "GOV-814-A03" not in cids       # Sektor out-of-scope
+    assert "ECOM-1-A1" not in cids         # themenfremd
+    assert "AUTH-1954-A07" in cids         # genuine MC bleibt
+    assert telem["sector_dropped"] == 1
+    assert telem["offtopic_dropped"] == 1