feat(ucca): Pflichtendatenbank v2 (325 Obligations), Trigger-Engine, TOM-Control-Mapping

- 9 Regulation-JSON-Dateien (DSGVO 80, AI Act 60, NIS2 40, BDSG 30, TTDSG 20, DSA 35, Data Act 25, EU-Maschinen 15, DORA 20)
- Condition-Tree-Engine fuer automatische Pflichtenselektion (all_of/any_of, 80+ Field-Paths)
- Generischer JSONRegulationModule-Loader mit YAML-Fallback
- Bidirektionales TOM-Control-Mapping (291 Obligation→Control, 92 Control→Obligation)
- Gap-Analyse-Engine (Compliance-%, Priority Actions, Domain Breakdown)
- ScopeDecision→UnifiedFacts Bridge fuer Auto-Profiling
- 4 neue API-Endpoints (assess-from-scope, tom-controls, gap-analysis, reverse-lookup)
- Frontend: Auto-Profiling Button, Regulation-Filter Chips, TOM-Panel, Gap-Analyse-View
- 18 Unit Tests (Condition Engine, v2 Loader, TOM Mapper)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

ai-compliance-sdk/internal/ucca/obligations_registry.go

@@ -22,43 +22,64 @@ type ObligationsRegistry struct {
 	modules map[string]RegulationModule
 }
 
-// NewObligationsRegistry creates a new registry and registers all default modules
+// NewObligationsRegistry creates a new registry and registers all default modules.
+// It loads v2 JSON modules first; for regulations without v2 JSON, falls back to YAML modules.
 func NewObligationsRegistry() *ObligationsRegistry {
 	r := &ObligationsRegistry{
 		modules: make(map[string]RegulationModule),
 	}
 
-	// Register default modules
-	// NIS2 module
-	nis2Module, err := NewNIS2Module()
-	if err != nil {
-		fmt.Printf("Warning: Could not load NIS2 module: %v\n", err)
-	} else {
-		r.Register(nis2Module)
+	// Try to load v2 JSON modules first
+	v2Loaded := r.loadV2Modules()
+
+	// Fall back to YAML modules for regulations not covered by v2
+	if !v2Loaded["nis2"] {
+		if nis2Module, err := NewNIS2Module(); err == nil {
+			r.Register(nis2Module)
+		} else {
+			fmt.Printf("Warning: Could not load NIS2 module: %v\n", err)
+		}
 	}
 
-	// DSGVO module
-	dsgvoModule, err := NewDSGVOModule()
-	if err != nil {
-		fmt.Printf("Warning: Could not load DSGVO module: %v\n", err)
-	} else {
-		r.Register(dsgvoModule)
+	if !v2Loaded["dsgvo"] {
+		if dsgvoModule, err := NewDSGVOModule(); err == nil {
+			r.Register(dsgvoModule)
+		} else {
+			fmt.Printf("Warning: Could not load DSGVO module: %v\n", err)
+		}
 	}
 
-	// AI Act module
-	aiActModule, err := NewAIActModule()
-	if err != nil {
-		fmt.Printf("Warning: Could not load AI Act module: %v\n", err)
-	} else {
-		r.Register(aiActModule)
+	if !v2Loaded["ai_act"] {
+		if aiActModule, err := NewAIActModule(); err == nil {
+			r.Register(aiActModule)
+		} else {
+			fmt.Printf("Warning: Could not load AI Act module: %v\n", err)
+		}
 	}
 
-	// Future modules will be registered here:
-	// r.Register(NewDORAModule())
-
 	return r
 }
 
+// loadV2Modules attempts to load all v2 JSON regulation modules
+func (r *ObligationsRegistry) loadV2Modules() map[string]bool {
+	loaded := make(map[string]bool)
+
+	regulations, err := LoadAllV2Regulations()
+	if err != nil {
+		fmt.Printf("Info: No v2 regulations found, using YAML modules: %v\n", err)
+		return loaded
+	}
+
+	for regID, regFile := range regulations {
+		module := NewJSONRegulationModule(regFile)
+		r.Register(module)
+		loaded[regID] = true
+		fmt.Printf("Loaded v2 regulation module: %s (%d obligations)\n", regID, len(regFile.Obligations))
+	}
+
+	return loaded
+}
+
 // NewObligationsRegistryWithModules creates a registry with specific modules
 func NewObligationsRegistryWithModules(modules ...RegulationModule) *ObligationsRegistry {
 	r := &ObligationsRegistry{