feat: add compliance modules 2-5 (dashboard, security templates, process manager, evidence collector)

Module 2: Extended Compliance Dashboard with roadmap, module-status, next-actions, snapshots, score-history
Module 3: 7 German security document templates (IT-Sicherheitskonzept, Datenschutz, Backup, Logging, Incident-Response, Zugriff, Risikomanagement)
Module 4: Compliance Process Manager with CRUD, complete/skip/seed, ~50 seed tasks, 3-tab UI
Module 5: Evidence Collector Extended with automated checks, control-mapping, coverage report, 4-tab UI

Also includes: canonical control library enhancements (verification method, categories, dedup), control generator improvements, RAG client extensions

52 tests pass, frontend builds clean.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend-compliance/compliance/api/canonical_control_routes.py

@@ -78,6 +78,7 @@ class ControlResponse(BaseModel):
     customer_visible: Optional[bool] = None
     verification_method: Optional[str] = None
     category: Optional[str] = None
+    target_audience: Optional[str] = None
     generation_metadata: Optional[dict] = None
     created_at: str
     updated_at: str
@@ -106,6 +107,7 @@ class ControlCreateRequest(BaseModel):
     customer_visible: Optional[bool] = True
     verification_method: Optional[str] = None
     category: Optional[str] = None
+    target_audience: Optional[str] = None
     generation_metadata: Optional[dict] = None
 
 
@@ -130,6 +132,7 @@ class ControlUpdateRequest(BaseModel):
     customer_visible: Optional[bool] = None
     verification_method: Optional[str] = None
     category: Optional[str] = None
+    target_audience: Optional[str] = None
     generation_metadata: Optional[dict] = None
 
 
@@ -158,7 +161,7 @@ _CONTROL_COLS = """id, framework_id, control_id, title, objective, rationale,
                    evidence_confidence, open_anchors, release_state, tags,
                    license_rule, source_original_text, source_citation,
                    customer_visible, verification_method, category,
-                   generation_metadata,
+                   target_audience, generation_metadata,
                    created_at, updated_at"""
 
 
@@ -241,6 +244,7 @@ async def list_framework_controls(
     release_state: Optional[str] = Query(None),
     verification_method: Optional[str] = Query(None),
     category: Optional[str] = Query(None),
+    target_audience: Optional[str] = Query(None),
 ):
     """List controls belonging to a framework."""
     with SessionLocal() as db:
@@ -271,6 +275,9 @@ async def list_framework_controls(
         if category:
             query += " AND category = :cat"
             params["cat"] = category
+        if target_audience:
+            query += " AND target_audience = :ta"
+            params["ta"] = target_audience
 
         query += " ORDER BY control_id"
         rows = db.execute(text(query), params).fetchall()
@@ -289,6 +296,7 @@ async def list_controls(
     release_state: Optional[str] = Query(None),
     verification_method: Optional[str] = Query(None),
     category: Optional[str] = Query(None),
+    target_audience: Optional[str] = Query(None),
 ):
     """List all canonical controls, with optional filters."""
     query = f"""
@@ -313,6 +321,9 @@ async def list_controls(
     if category:
         query += " AND category = :cat"
         params["cat"] = category
+    if target_audience:
+        query += " AND target_audience = :ta"
+        params["ta"] = target_audience
 
     query += " ORDER BY control_id"
 
@@ -384,7 +395,7 @@ async def create_control(body: ControlCreateRequest):
                     open_anchors, release_state, tags,
                     license_rule, source_original_text, source_citation,
                     customer_visible, verification_method, category,
-                    generation_metadata
+                    target_audience, generation_metadata
                 ) VALUES (
                     :fw_id, :cid, :title, :objective, :rationale,
                     CAST(:scope AS jsonb), CAST(:requirements AS jsonb),
@@ -394,7 +405,7 @@ async def create_control(body: ControlCreateRequest):
                     :license_rule, :source_original_text,
                     CAST(:source_citation AS jsonb),
                     :customer_visible, :verification_method, :category,
-                    CAST(:generation_metadata AS jsonb)
+                    :target_audience, CAST(:generation_metadata AS jsonb)
                 )
                 RETURNING {_CONTROL_COLS}
             """),
@@ -421,6 +432,7 @@ async def create_control(body: ControlCreateRequest):
                 "customer_visible": body.customer_visible,
                 "verification_method": body.verification_method,
                 "category": body.category,
+                "target_audience": body.target_audience,
                 "generation_metadata": _json.dumps(body.generation_metadata) if body.generation_metadata else None,
             },
         ).fetchone()
@@ -647,6 +659,7 @@ def _control_row(r) -> dict:
         "customer_visible": r.customer_visible,
         "verification_method": r.verification_method,
         "category": r.category,
+        "target_audience": r.target_audience,
         "generation_metadata": r.generation_metadata,
         "created_at": r.created_at.isoformat() if r.created_at else None,
         "updated_at": r.updated_at.isoformat() if r.updated_at else None,